A10. openstack架构实战-启动一个实例
启动一个实例的流程:
1:创建一个虚拟网络
2:创建m1.nano规格的主机(内存,disk,cpu)
3:生成一个密钥对
4:增加安全组规则
5:启动一个实例
一:创建一个虚拟网络
--shared Set the network as shared.(设置网络的共享)
--external 指定外网
该--share
选项允许所有项目使用虚拟网络。
该--external
选项将虚拟网络定义为外部。如果要创建内部网络,则可以使用--internal
。默认值为internal
。
--provider-physical-network provider
and --provider-network-type flat请查看文件:
/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2_type_flat]
flat_networks = provide
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens192
使用提供者物理网络的子网CIDR标记替换``PROVIDER_NETWORK_CIDR``。
将``START_IP_ADDRESS``和``END_IP_ADDRESS``使用你想分配给实例的子网网段的第一个和最后一个IP地址。这个范围不能包括任何已经使用的IP地址。
将 DNS_RESOLVER 替换为DNS解析服务的IP地址。在大多数情况下,你可以从主机``/etc/resolv.conf`` 文件选择一个使用。
将``PUBLIC_NETWORK_GATEWAY`` 替换为公共网络的网关,一般的网关IP地址以 ”.1” 结尾。
方法一:(推荐使用)
创建网络:
[root@controller01 ~]# openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
[root@controller01 ~]# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| bf86138c-e6c3-4c2f-a700-3c0ad9470f6a | provider | b587568c-c9f9-41d4-a588-2fe6987f0b2c |
+--------------------------------------+----------+--------------------------------------+
在网络上创建一个子网:
[root@controller01 ~]# openstack subnet create --network provider \
> --allocation-pool start=10.100.201.170,end=10.100.201.180 \
> --dns-nameserver 8.8.8.8 --gateway 10.100.201.254 \
> --subnet-range 10.100.201.0/24 provider
[root@controller01 ~]# openstack subnet list
+--------------------------------------+----------+--------------------------------------+-----------------+
| ID | Name | Network | Subnet |
+--------------------------------------+----------+--------------------------------------+-----------------+
| b587568c-c9f9-41d4-a588-2fe6987f0b2c | provider | bf86138c-e6c3-4c2f-a700-3c0ad9470f6a | 10.100.201.0/24 |
+--------------------------------------+----------+--------------------------------------+-----------------+
方法二:
neutron net-create --shared --provider:physical_network provider --provider:network_type flat provider
[root@controller01 ~]# neutron net-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+----------+----------------------------------+------------------------------------------------------+
| id | name | tenant_id | subnets |
+--------------------------------------+----------+----------------------------------+------------------------------------------------------+
| bf86138c-e6c3-4c2f-a700-3c0ad9470f6a | provider | f4228d6dfa07453c84996e5f2be19ca2 | b587568c-c9f9-41d4-a588-2fe6987f0b2c 10.100.201.0/24 |
+--------------------------------------+----------+----------------------------------+------------------------------------------------------+
neutron subnet-create --name provider \
--allocation-pool start=START_IP_ADDRESS,end=END_IP_ADDRESS \
--dns-nameserver DNS_RESOLVER --gateway PROVIDER_NETWORK_GATEWAY \
provider PROVIDER_NETWORK_CIDR
[root@controller01 ~]# neutron subnet-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+----------+----------------------------------+-----------------+------------------------------------------------------+
| id | name | tenant_id | cidr | allocation_pools |
+--------------------------------------+----------+----------------------------------+-----------------+------------------------------------------------------+
| b587568c-c9f9-41d4-a588-2fe6987f0b2c | provider | f4228d6dfa07453c84996e5f2be19ca2 | 10.100.201.0/24 | {"start": "10.100.201.170", "end": "10.100.201.180"} |
+--------------------------------------+----------+----------------------------------+-----------------+------------------------------------------------------+
二:创建m1.nano规格的主机
默认的最小规格的主机需要512 MB内存。对于环境中计算节点内存不足4 GB的,我们推荐创建只需要64 MB的``m1.nano``规格的主机。若单纯为了测试的目的,请使用``m1.nano``规格的主机来加载CirrOS镜像
[root@controller01 ~]# openstack flavor create --id 0 --ram 64 --vcpu 1 --disk 1 m1.nano
[root@controller01 ~]# openstack flavor list
+----+---------+-----+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+---------+-----+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
+----+---------+-----+------+-----------+-------+-----------+
三:创建密钥对
[root@controller01 ~]# ssh-keygen -q -N "" -f .ssh/id_rsa
[root@controller01 ~]# openstack keypair create --public-key .ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 4c:0c:40:2c:b9:ea:8a:7b:b4:5c:bb:13:f6:8e:a8:d4 |
| name | mykey |
| user_id | 34520ff331cf418a9ad3b70d0c0c76a6 |
+-------------+-------------------------------------------------+
[root@controller01 ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 4c:0c:40:2c:b9:ea:8a:7b:b4:5c:bb:13:f6:8e:a8:d4 |
+-------+-------------------------------------------------+
四:创建安全组规则:
默认情况下,default
安全组适用于所有实例,并包括拒绝对实例进行远程访问的防火墙规则。对于CirrOS之类的Linux映像,建议至少允许ICMP(ping)和安全Shell(SSH)。
添加规则到 default 安全组。
刚开始系统会自动生成一个default的默认安全组
[root@controller01 ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| 6cb283c3-496f-4fdd-b70d-1bc1b515f7ab | default | Default security group | f4228d6dfa07453c84996e5f2be19ca2 |
+--------------------------------------+---------+------------------------+----------------------------------+
允许 ICMP (ping):
[root@controller01 ~]# openstack security group rule create --proto icmp default
允许安全外壳(SSH)访问:
[root@controller01 ~]# openstack security group rule create --proto tcp --dst-port 22 default
查看是否添加成功:
[root@controller01 ~]# openstack security group show 6cb283c3-496f-4fdd-b70d-1bc1b515f7ab
五:启动一个实例:
[root@controller01 ~]# openstack server create --flavor m1.nano \
> --image cirros \
> --nic net-id=bf86138c-e6c3-4c2f-a700-3c0ad9470f6a --security-group default \
> --key-name mykey zhaopei02
[root@controller01 ~]# nova list
+--------------------------------------+-----------+--------+------------+-------------+-------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+-----------+--------+------------+-------------+-------------------------+
| f5630600-6dd2-47f0-85db-19601266175e | zhaopei02 | ACTIVE | - | Running | provider=10.100.201.173 |
+--------------------------------------+-----------+--------+------------+-------------+-------------------------
命令行创建的实例也会在此显示:
作者:zhaopei123
出处:https://www.cnblogs.com/zhaopei123/p/12971952.html
版权:本作品采用「署名-非商业性使用-相同方式共享 4.0 国际」许可协议进行许可。
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步