第七章 创建第一台Openstack云主机
启动一个实例
在启动实例之前,您必须创建必须的虚拟机网络设施。对于公有网络,实例使用提供者(外部)网络,提供者网络通过L2(桥/交换机)设备连接到物理网络。这个网络包括为实例提供IP地址的DHCP服务器。
创建提供者网络
1.创建网络:
[root@linux-node1 ~]# source admin-openstack.sh [root@linux-node1 ~]# neutron net-create --shared --provider:physical_network public \ > --provider:network_type flat public Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2017-06-24T06:50:31 | | description | | | id | 8a60d9cf-7e18-43b6-9687-f7a166f35186 | | ipv4_address_scope | | | ipv6_address_scope | | | mtu | 1500 | | name | public | | port_security_enabled | True | | provider:network_type | flat | | provider:physical_network | public | | provider:segmentation_id | | | router:external | False | | shared | True | | status | ACTIVE | | subnets | | | tags | | | tenant_id | 5a17da2eed3e4da9ae3e2f1c8d9fe6ac | | updated_at | 2017-06-24T06:50:31 | +---------------------------+--------------------------------------+
根据文件/etc/neutron/plugins/ml2/linuxbridge_agent.ini中的physical_interface_mapping值进行对应。
检查网络是否创建成功:
[root@linux-node1 ~]# neutron net-list +--------------------------------------+--------+---------+ | id | name | subnets | +--------------------------------------+--------+---------+ | 8a60d9cf-7e18-43b6-9687-f7a166f35186 | public | | +--------------------------------------+--------+---------+
2.在网络上创建子网:
[root@linux-node1 ~]# neutron subnet-create --name public-subnet \ > --allocation-pool start=192.168.1.100,end=192.168.1.200 \ > --dns-nameserver 223.5.5.5 --gateway 192.168.1.1 \ > public 192.168.1.0/24 Created a new subnet: +-------------------+----------------------------------------------------+ | Field | Value | +-------------------+----------------------------------------------------+ | allocation_pools | {"start": "192.168.1.100", "end": "192.168.1.200"} | | cidr | 192.168.1.0/24 | | created_at | 2017-06-24T06:58:45 | | description | | | dns_nameservers | 223.5.5.5 | | enable_dhcp | True | | gateway_ip | 192.168.1.1 | | host_routes | | | id | 8871561c-bfb3-4f24-acc2-40499cbea522 | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | public-subnet | | network_id | 8a60d9cf-7e18-43b6-9687-f7a166f35186 | | subnetpool_id | | | tenant_id | 5a17da2eed3e4da9ae3e2f1c8d9fe6ac | | updated_at | 2017-06-24T06:58:45 | +-------------------+----------------------------------------------------+
检查子网是否创建成功:
[root@linux-node1 ~]# neutron subnet-list +--------------------------------------+---------------+----------------+----------------------------------------------------+ | id | name | cidr | allocation_pools | +--------------------------------------+---------------+----------------+----------------------------------------------------+ | 8871561c-bfb3-4f24-acc2-40499cbea522 | public-subnet | 192.168.1.0/24 | {"start": "192.168.1.100", "end": "192.168.1.200"} | +--------------------------------------+---------------+----------------+----------------------------------------------------+
那么这个分配的地址池就会由dhcp-agent来负责:
[root@linux-node1 ~]# ps aux | grep dhcp neutron 870 0.7 2.3 314984 43564 ? Ss 02:34 0:11 /usr/bin/python2 /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-dhcp-agent --log-file /var/log/neutron/dhcp-agent.log nobody 3039 0.0 0.0 15548 612 ? S 02:58 0:00 dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/8a60d9cf-7e18-43b6-9687-f7a166f35186/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/8a60d9cf-7e18-43b6-9687-f7a166f35186/host --addn-hosts=/var/lib/neutron/dhcp/8a60d9cf-7e18-43b6-9687-f7a166f35186/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/8a60d9cf-7e18-43b6-9687-f7a166f35186/opts --dhcp-leasefile=/var/lib/neutron/dhcp/8a60d9cf-7e18-43b6-9687-f7a166f35186/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=ns-e81f6e2a-1e --dhcp-range=set:tag0,192.168.1.0,static,86400s --dhcp-option-force=option:mtu,1500 --dhcp-lease-max=256 --conf-file= --domain=openstacklocal root 3134 0.0 0.0 112664 972 pts/0 R+ 03:01 0:00 grep --color=auto dhcp
接下来我们就可以来创建云主机,不过在我们创建云主机之前,需要做一些准备工作
1.先创建一个规格的主机用来在后面创建云主机的时候进行云主机的配置选择:
- 默认的最小规格的主机需要512MB内存。对于环境中计算节点内存不足4GB的,我们推荐创建只需要64MB的m1.nano规格的主机。若单纯为了测试的目的,请使用m1.nano规格的主机来加载CirrOS镜像。
[root@linux-node1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano +----------------------------+---------+ | Field | Value | +----------------------------+---------+ | OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | disk | 1 | | id | 0 | | name | m1.nano | | os-flavor-access:is_public | True | | ram | 64 | | rxtx_factor | 1.0 | | swap | | | vcpus | 1 | +----------------------------+---------+
2.大部分云镜像支持公共密钥认证而不是传统的密码认证。在启动实例前,你必须添加一个公共密钥到计算服务。
- 生成私钥对:
[root@linux-node1 ~]# source demo-openstack.sh [root@linux-node1 ~]# ssh-keygen -q -N "" Enter file in which to save the key (/root/.ssh/id_rsa):
检查生成的私钥对:
[root@linux-node1 ~]# cd /root/.ssh [root@linux-node1 .ssh]# ll 总用量 12 -rw------- 1 root root 1675 6月 24 03:20 id_rsa -rw-r--r-- 1 root root 410 6月 24 03:20 id_rsa.pub -rw-r--r-- 1 root root 174 6月 23 06:27 known_hosts
- 添加私钥对:
[root@linux-node1 .ssh]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey +-------------+-------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------+ | fingerprint | 29:ee:a7:d5:7f:a7:86:31:d9:ce:5b:4f:45:df:61:1a | | name | mykey | | user_id | b93e72796e024858baa4b00542407df7 | +-------------+-------------------------------------------------+
- 验证公钥的添加:
[root@linux-node1 .ssh]# openstack keypair list +-------+-------------------------------------------------+ | Name | Fingerprint | +-------+-------------------------------------------------+ | mykey | 29:ee:a7:d5:7f:a7:86:31:d9:ce:5b:4f:45:df:61:1a | +-------+-------------------------------------------------+
3.默认情况下,"default"安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像。我们推荐至少允许ICMP(ping)和安全shell(SSH)规则。
添加规则到default安全组:
- 允许ICMP(ping):
[root@linux-node1 .ssh]# openstack security group rule create --proto icmp default +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | id | d0f118cf-a43e-4017-8fc0-ef9d129fc23f | | ip_protocol | icmp | | ip_range | 0.0.0.0/0 | | parent_group_id | 89894290-35f4-422e-bed6-65d4c5b1c2ba | | port_range | | | remote_security_group | | +-----------------------+--------------------------------------+
- 允许安全shell(SSH)的访问:
[root@linux-node1 .ssh]# openstack security group rule create --proto tcp --dst-port 22 default +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | id | 0b3f3d34-a398-407d-8d3c-982b6697d656 | | ip_protocol | tcp | | ip_range | 0.0.0.0/0 | | parent_group_id | 89894290-35f4-422e-bed6-65d4c5b1c2ba | | port_range | 22:22 | | remote_security_group | | +-----------------------+--------------------------------------+
最后,我们就可以创建云主机了:
启动一台实例,我们必须至少指定一个类型、镜像名称、网络、安全组、密钥和实例名称。
1.在控制节点上,使用demo凭证来获取只有demo能执行的命令的访问权限:
[root@linux-node1 ~]# source demo-openstack.sh
2.一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储。列出可用类型:
[root@linux-node1 ~]# openstack flavor list +----+-----------+-------+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+-----------+-------+------+-----------+-------+-----------+ | 0 | m1.nano | 64 | 1 | 0 | 1 | True | | 1 | m1.tiny | 512 | 1 | 0 | 1 | True | | 2 | m1.small | 2048 | 20 | 0 | 1 | True | | 3 | m1.medium | 4096 | 40 | 0 | 2 | True | | 4 | m1.large | 8192 | 80 | 0 | 4 | True | | 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True | +----+-----------+-------+------+-----------+-------+-----------+
我们创建的实例使用m1.nano
3.列出可用镜像:
[root@linux-node1 ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | e44ea6d8-5a32-4bd3-8768-e606018db5ce | cirros | active | +--------------------------------------+--------+--------+
这个实例使用cirros镜像
4.列出可用网络:
[root@linux-node1 ~]# openstack network list +--------------------------------------+--------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+--------+--------------------------------------+ | 8a60d9cf-7e18-43b6-9687-f7a166f35186 | public | 8871561c-bfb3-4f24-acc2-40499cbea522 | +--------------------------------------+--------+--------------------------------------+
这个实例使用public公有网络。你必须使用ID而不是名称才可用使用这个网络
5.列出可用的安全组:
[root@linux-node1 ~]# openstack security group list +--------------------------------------+---------+------------------------+----------------------------------+ | ID | Name | Description | Project | +--------------------------------------+---------+------------------------+----------------------------------+ | 89894290-35f4-422e-bed6-65d4c5b1c2ba | default | Default security group | 8ef2477353e444e588a068732e82b447 | +--------------------------------------+---------+------------------------+----------------------------------+
这个实例使用default安全组
创建实例
1.启动实例:
使用"public"公有网络的ID替换"PROVIDER_NET_ID"
openstack server create --flavor m1.tiny --image cirros \ --nic net-id=PROVIDER_NET_ID --security-group default \ --key-name mykey provider-instance
[root@linux-node1 ~]# openstack server create --flavor m1.tiny --image cirros \ > --nic net-id=8a60d9cf-7e18-43b6-9687-f7a166f35186 --security-group default \ > --key-name mykey demo-instance +--------------------------------------+-----------------------------------------------+ | Field | Value | +--------------------------------------+-----------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-STS:power_state | 0 | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | None | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | | | adminPass | wiZET7MkxsBV | | config_drive | | | created | 2017-06-24T07:56:04Z | | flavor | m1.tiny (1) | | hostId | | | id | 468d0741-ed62-44e9-8662-9ee61e4808e4 | | image | cirros (e44ea6d8-5a32-4bd3-8768-e606018db5ce) | | key_name | mykey | | name | demo-instance | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | project_id | 8ef2477353e444e588a068732e82b447 | | properties | | | security_groups | [{u'name': u'default'}] | | status | BUILD | | updated | 2017-06-24T07:56:05Z | | user_id | b93e72796e024858baa4b00542407df7 | +--------------------------------------+-----------------------------------------------+
检查实例(虚拟机)是否创建成功:
[root@linux-node1 ~]# openstack server list +--------------------------------------+---------------+--------+----------------------+ | ID | Name | Status | Networks | +--------------------------------------+---------------+--------+----------------------+ | 468d0741-ed62-44e9-8662-9ee61e4808e4 | demo-instance | ACTIVE | public=192.168.1.101 | +--------------------------------------+---------------+--------+----------------------+
测试:
Ping 192.168.1.101. 失败
Ssh cirros@192.168.1.101失败
使用虚拟控制台访问实例
1.获取实例的Virtual Network Computing(VNC)会话URL并从web浏览器访问它:
[root@linux-node1 ~]# openstack console url show demo-instance +-------+-----------------------------------------------------------------------------------+ | Field | Value | +-------+-----------------------------------------------------------------------------------+ | type | novnc | | url | http://192.168.1.11:6080/vnc_auto.html?token=91c8fb44-04f0-4eea-892f-77cd8732d650 | +-------+-----------------------------------------------------------------------------------+
通过该地址进入后,创建实例无问题,但是vm实例pxe无法启动:
[root@linux-node2 libexec]# virsh version 根据库编译:libvirt 2.0.0 使用库:libvirt 2.0.0 使用的 API: QEMU 2.0.0 运行管理程序: QEMU 2.6.
将QEMU版本升级到2.6,问题解决。
验证和检查
在node2上:
- 查看服务是否正在工作:
[root@linux-node2 ~]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 606 0.0 0.0 55416 1732 ? S<sl 02:34 0:00 /sbin/auditd -n root 630 0.0 0.0 24192 1688 ? Ss 02:34 0:00 /usr/lib/systemd/systemd-logind dbus 633 0.0 0.0 24408 1708 ? Ss 02:34 0:00 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --syst chrony 635 0.0 0.1 115848 1884 ? S 02:34 0:00 /usr/sbin/chronyd polkitd 642 0.0 0.6 528340 13040 ? Ssl 02:34 0:00 /usr/lib/polkit-1/polkitd --no-debug root 644 0.0 0.3 228664 6052 ? Ss 02:34 0:02 /usr/bin/vmtoolsd root 655 0.0 0.0 201212 1208 ? Ssl 02:34 0:00 /usr/sbin/gssproxy -D root 672 0.0 0.0 115248 940 ? S 02:34 0:00 /bin/bash /usr/sbin/ksmtuned root 856 0.0 0.8 553160 16424 ? Ssl 02:34 0:00 /usr/bin/python -Es /usr/sbin/tuned -l -P root 861 0.0 0.2 219776 3752 ? Ssl 02:34 0:00 /usr/sbin/rsyslogd -n root 862 0.0 0.2 105480 3984 ? Ss 02:34 0:00 /usr/sbin/sshd -D root 868 0.0 0.8 1074032 15924 ? Ssl 02:34 0:01 /usr/sbin/libvirtd root 872 0.0 0.0 126224 1584 ? Ss 02:34 0:00 /usr/sbin/crond -n root 878 0.0 0.0 110036 840 tty1 Ss+ 02:34 0:00 /sbin/agetty --noclear tty1 linux neutron 897 0.9 3.1 319632 58444 ? Ss 02:34 0:48 /usr/bin/python2 /usr/bin/neutron-linuxbridge-agent --config-file /usr/s nova 985 1.1 7.3 1255632 137880 ? Ssl 02:34 0:59 /usr/bin/python2 /usr/bin/nova-compute root 1234 0.0 0.1 89036 2076 ? Ss 02:34 0:00 /usr/libexec/postfix/master -w postfix 1239 0.0 0.2 89140 3972 ? S 02:34 0:00 pickup -l -t unix -u postfix 1240 0.0 0.2 89208 4000 ? S 02:34 0:00 qmgr -l -t unix -u root 1596 0.0 0.1 193384 2804 ? S 02:34 0:00 sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf root 1621 0.0 0.7 289696 13860 ? Sl 02:34 0:00 /usr/bin/python2 /usr/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap. root 2167 0.0 0.0 0 0 ? S< 02:35 0:00 [kworker/0:2H] root 2192 0.0 0.3 150516 5676 ? Ss 02:35 0:00 sshd: root@pts/0 root 2195 0.0 0.1 115384 2040 pts/0 Ss 02:35 0:00 -bash root 2242 0.0 0.0 0 0 ? S 02:39 0:00 [kworker/0:1] root 6206 0.0 0.0 0 0 ? S< 03:56 0:00 [dio/dm-0] root 6224 0.0 0.2 294468 4720 ? Ssl 03:56 0:00 /usr/sbin/virtlogd qemu 6232 97.6 2.0 988156 38128 ? Sl 03:56 5:50 /usr/libexec/qemu-kvm -name guest=instance-00000001,debug-threads=on -S root 6233 0.0 0.0 17776 1320 ? Ss 03:56 0:00 /usr/lib/systemd/systemd-machined root 6236 0.0 0.0 0 0 ? S 03:56 0:00 [vhost-6232] root 6240 0.0 0.0 0 0 ? S 03:56 0:00 [kvm-pit/6232] root 6385 0.0 0.0 107896 604 ? S 04:01 0:00 sleep 60 root 6390 0.0 0.0 151056 1836 pts/0 R+ 04:02 0:00 ps aux
- 查看nova日志:
[root@linux-node2 ~]# cd /var/log/nova/ [root@linux-node2 nova]# ll 总用量 14272 -rw-r--r-- 1 nova nova 6323092 6月 24 04:03 nova-compute.log
- 查看实例创建完毕后生成的instance文件夹:
[root@linux-node2 nova]# cd /var/lib/nova/ [root@linux-node2 nova]# ll 总用量 0 drwxr-xr-x 2 nova nova 6 5月 23 18:43 buckets drwxr-xr-x 5 nova nova 97 6月 24 03:56 instances drwxr-xr-x 2 nova nova 6 5月 23 18:43 keys drwxr-xr-x 2 nova nova 6 5月 23 18:43 networks drwxr-xr-x 2 nova nova 30 6月 24 03:56 tmp
[root@linux-node2 nova]# cd instances/ [root@linux-node2 instances]# ll 总用量 4 drwxr-xr-x 2 nova nova 73 6月 24 03:56 468d0741-ed62-44e9-8662-9ee61e4808e4 drwxr-xr-x 2 nova nova 54 6月 24 03:56 _base -rw-r--r-- 1 nova nova 46 6月 24 03:56 compute_nodes drwxr-xr-x 2 nova nova 93 6月 24 03:56 locks
[root@linux-node2 instances]# pwd /var/lib/nova/instances [root@linux-node2 instances]# tree . ├── 468d0741-ed62-44e9-8662-9ee61e4808e4 │ ├── console.log │ ├── disk │ ├── disk.info │ └── libvirt.xml ├── _base │ └── 8122c17c59ea5b1490c5716a60feccac193388cb ├── compute_nodes └── locks ├── nova-8122c17c59ea5b1490c5716a60feccac193388cb └── nova-storage-registry-lock 3 directories, 8 files
Troubleshooting:
- 查看nova日志:
[root@linux-node2 instances]# grep "ERROR" /var/log/nova/*
- 查看neutron日志:
[root@linux-node2 instances]# grep "ERROR" /var/log/neutron/*
看之前清空nova和neutron日志:
[root@linux-node2 instances]# cd /var/log/nova/ [root@linux-node2 nova]# ll 总用量 14400 -rw-r--r-- 1 nova nova 6365877 6月 24 04:55 nova-compute.log
[root@linux-node2 nova]# > nova-compute.log
[root@linux-node2 nova]# cd /var/log/neutron/ [root@linux-node2 neutron]# ll 总用量 12 -rw-r--r-- 1 neutron neutron 11390 6月 24 03:56 linuxbridge-agent.log
[root@linux-node2 neutron]# > linuxbridge-agent.log
根据服务端口排查及查看:
[root@linux-node2 ~]# openstack endpoint list +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------+ | 0306699fe1d240848babc3b41d0be4e3 | RegionOne | nova | compute | True | internal | http://192.168.1.11:8774/v2.1/%(t | | | | | | | | enant_id)s | | 1d87e06bff044ae88c50e5487485c3f9 | RegionOne | nova | compute | True | admin | http://192.168.1.11:8774/v2.1/%(t | | | | | | | | enant_id)s | | 353d9c2b13ec4f5d8e3d51abe7ca6ee2 | RegionOne | keystone | identity | True | internal | http://192.168.1.11:5000/v3 | | 801239f0722f4be8a7cf58b268e9519d | RegionOne | neutron | network | True | internal | http://192.168.1.11:9696 | | 84952464ca3644da82907fae74453c99 | RegionOne | keystone | identity | True | public | http://192.168.1.11:5000/v3 | | 88be851c11904faebc24c57ddf5acf6f | RegionOne | neutron | network | True | admin | http://192.168.1.11:9696 | | 9529f8eba1ce4b27bff51a13b7371d51 | RegionOne | glance | image | True | public | http://192.168.1.11:9292 | | b1c181db93dd461bb11f39888b3c653b | RegionOne | nova | compute | True | public | http://192.168.1.11:8774/v2.1/%(t | | | | | | | | enant_id)s | | b2a24c0e2d7f45fdacfb422032416b84 | RegionOne | neutron | network | True | public | http://192.168.1.11:9696 | | bcafb0d3927f4307bfcc96f9f8882211 | RegionOne | glance | image | True | admin | http://192.168.1.11:9292 | | f3b9aae336cb4f478b95ad7c77431580 | RegionOne | glance | image | True | internal | http://192.168.1.11:9292 | | f56fc2678a13414cbe94b6fea506d13c | RegionOne | keystone | identity | True | admin | http://192.168.1.11:35357/v3 | +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------+
