這部分創建必須的虛擬網絡來支持創建多個實例。網絡選項1包含一個使用公共虛擬網絡(外部網絡)的實例。網絡選項2包含一個使用公共虛擬網絡的實例、一個使用私有虛擬網絡(私有網絡)的實例。
1、創建虛擬網絡
根據你在網絡選項中的選擇來創建虛擬網絡。如果你選擇選項1,只需創建一個公有網絡。如果你選擇選項2,同時創建一個公有網絡和一個私有網絡
在你完成自己環境中合適網絡的創建后,你可以繼續后面的步驟來准備創建實例。
[root@linux-node1 ~]# source admin-openstack [root@linux-node1 ~]# openstack network create --share --provider-physical-network public --provider-network-type flat public +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2017-01-13T14:47:08Z | | description | | | headers | | | id | c41444e8-76af-44de-ac11-7ffa76bf42cc | | ipv4_address_scope | None | | ipv6_address_scope | None | | mtu | 1500 | | name | public | | port_security_enabled | True | | project_id | 4378796a61c0468fb8cceda3fd5258dc | | project_id | 4378796a61c0468fb8cceda3fd5258dc | | provider:network_type | flat | | provider:physical_network | public | | provider:segmentation_id | None | | revision_number | 3 | | router:external | Internal | | shared | True | | status | ACTIVE | | subnets | | | tags | [] | | updated_at | 2017-01-13T14:47:08Z | +---------------------------+--------------------------------------+ [root@linux-node1 ~]# neutron net-list +--------------------------------------+--------+---------+ | id | name | subnets | +--------------------------------------+--------+---------+ | c41444e8-76af-44de-ac11-7ffa76bf42cc | public | | +--------------------------------------+--------+---------+
[root@linux-node1 ~]# openstack subnet create --network public \ > --allocation-pool start=192.168.56.100,end=192.168.56.200 \ > --dns-nameserver 192.168.56.2 --gateway 192.168.56.2 \ > --subnet-range 192.168.56.0/24 public-subnet
+-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 192.168.56.100-192.168.56.200 | | cidr | 192.168.56.0/24 | | created_at | 2017-01-13T14:48:43Z | | description | | | dns_nameservers | 192.168.56.2 | | enable_dhcp | True | | gateway_ip | 192.168.56.2 | | headers | | | host_routes | | | id | 18a64f64-dc20-4b0f-98b5-e954ddd7a805 | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | public-subnet | | network_id | c41444e8-76af-44de-ac11-7ffa76bf42cc | | project_id | 4378796a61c0468fb8cceda3fd5258dc | | project_id | 4378796a61c0468fb8cceda3fd5258dc | | revision_number | 2 | | service_types | [] | | subnetpool_id | None | | updated_at | 2017-01-13T14:48:43Z | +-------------------+--------------------------------------+ [root@linux-node1 ~]# neutron subnet-list +--------------------------------------+---------------+-----------------+------------------------------------------------------+ | id | name | cidr | allocation_pools | +--------------------------------------+---------------+-----------------+------------------------------------------------------+ | 18a64f64-dc20-4b0f-98b5-e954ddd7a805 | public-subnet | 192.168.56.0/24 | {"start": "192.168.56.100", "end": "192.168.56.200"} | +--------------------------------------+---------------+-----------------+------------------------------------------------------+
2、創建m1.nano類型
默認的最小規格的主機需要512 MB內存。對於環境中計算節點內存不足4 GB的,我們推薦創建只需要64 MB的``m1.nano``規格的主機。若單純為了測試的目的,請使用``m1.nano``規格的主機來加載CirrOS鏡像
[root@linux-node1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano +----------------------------+---------+ | Field | Value | +----------------------------+---------+ | OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | disk | 1 | | id | 0 | | name | m1.nano | | os-flavor-access:is_public | True | | properties | | | ram | 64 | | rxtx_factor | 1.0 | | swap | | | vcpus | 1 | +----------------------------+---------+
3、生成一個鍵值對
大部分雲鏡像支持 :term:`public key authentication`而不是傳統的密碼登陸。在啟動實例前,你必須添加一個公共密鑰到計算服務。
1)導入``demo``項目憑證
[root@linux-node1 ~]# source demo-openstack
2)生成和添加秘鑰對
[root@linux-node1 ~]# ssh-keygen -q -N "" Enter file in which to save the key (/root/.ssh/id_rsa): [root@linux-node1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey +-------------+-------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------+ | fingerprint | 59:6b:ef:87:46:60:7a:e9:1d:e2:30:45:cd:f3:8b:c6 | | name | mykey | | user_id | f83238e0bc2444a197cdf36e8db6a67d | +-------------+-------------------------------------------------+
注釋:你可以跳過執行 ssh-keygen 命令而使用已存在的公鑰
3)驗證公鑰的添加
[root@linux-node1 ~]# openstack keypair list +-------+-------------------------------------------------+ | Name | Fingerprint | +-------+-------------------------------------------------+ | mykey | 59:6b:ef:87:46:60:7a:e9:1d:e2:30:45:cd:f3:8b:c6 | +-------+-------------------------------------------------+
4、新增安全組規則
默認情況下, ``default``安全組適用於所有實例並且包括拒絕遠程訪問實例的防火牆規則。對諸如CirrOS這樣的Linux鏡像,我們推薦至少允許ICMP (ping) 和安全shell(SSH)規則。
添加規則到 default 安全組
# Permit ICMP (ping) [root@linux-node1 ~]# openstack security group rule create --proto icmp default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2017-01-14T12:28:56Z | | description | | | direction | ingress | | ethertype | IPv4 | | headers | | | id | 28b62d70-2929-46ff-a016-e8ba8d024b74 | | port_range_max | None | | port_range_min | None | | project_id | 4378796a61c0468fb8cceda3fd5258dc | | project_id | 4378796a61c0468fb8cceda3fd5258dc | | protocol | icmp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 1 | | security_group_id | 2abc11a2-0704-4f8a-a17b-c620e2aa5e22 | | updated_at | 2017-01-14T12:28:56Z | +-------------------+--------------------------------------+ # 允許安全 shell (SSH) 的訪問 [root@linux-node1 ~]# openstack security group rule create --proto tcp --dst-port 22 default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2017-01-14T12:29:08Z | | description | | | direction | ingress | | ethertype | IPv4 | | headers | | | id | bcaf15fe-3f9d-45a5-845e-db893e65b07e | | port_range_max | 22 | | port_range_min | 22 | | project_id | 4378796a61c0468fb8cceda3fd5258dc | | project_id | 4378796a61c0468fb8cceda3fd5258dc | | protocol | tcp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 1 | | security_group_id | 2abc11a2-0704-4f8a-a17b-c620e2aa5e22 | | updated_at | 2017-01-14T12:29:08Z | +-------------------+--------------------------------------+
5、啟動一個實例
5.1 在公有網絡上創建實例
啟動一台實例,您必須至少指定一個類型、鏡像名稱、網絡、安全組、密鑰和實例名稱
1、 控制節點上,獲得 admin 憑證來獲取只有管理員能執行的命令的訪問權限 [root@linux-node1 ~]# source admin-openstack 2、 一個實例指定了虛擬機資源的大致分配,包括處理器、內存和存儲 [root@linux-node1 ~]# openstack flavor list # 列出可用類型 +----+---------+-----+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+---------+-----+------+-----------+-------+-----------+ | 0 | m1.nano | 64 | 1 | 0 | 1 | True | +----+---------+-----+------+-----------+-------+-----------+ 3、列出可用鏡像 [root@linux-node1 ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 1c6e8080-b3a3-4b7f-979c-0f2c5d0b408a | cirros | active | +--------------------------------------+--------+--------+ 4、列出可用網絡 [root@linux-node1 ~]# openstack network list +--------------------------------------+--------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+--------+--------------------------------------+ | c41444e8-76af-44de-ac11-7ffa76bf42cc | public | 18a64f64-dc20-4b0f-98b5-e954ddd7a805 | +--------------------------------------+--------+--------------------------------------+ 5、列出可以的安全組 [root@linux-node1 ~]# openstack security group list +--------------------------------------+---------+-------------+----------------------------------+ | ID | Name | Description | Project | +--------------------------------------+---------+-------------+----------------------------------+ | 2abc11a2-0704-4f8a-a17b-c620e2aa5e22 | default | 缺省安全組 | 4378796a61c0468fb8cceda3fd5258dc | +--------------------------------------+---------+-------------+----------------------------------+
啟動雲主機
注:使用``provider``公有網絡的ID替換``PUBLIC_NET_ID`` 即:openstack network list
本案例:如果你選擇選項1並且你的環境只有一個網絡,你可以省去``–nic`` 選項因為OpenStack會自動選擇這個唯一可用的網絡
[root@linux-node1 ~]# openstack server create --flavor m1.nano --image cirros --security-group default --key-name mykey demo-instance +--------------------------------------+-----------------------------------------------+ | Field | Value | +--------------------------------------+-----------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-STS:power_state | NOSTATE | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | None | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | | | adminPass | sF4VCrbpttsQ | | config_drive | | | created | 2017-01-14T12:44:57Z | | flavor | m1.nano (0) | | hostId | | | id | 755fa8ad-36c7-42be-a0dd-f0196522776d | | image | cirros (1c6e8080-b3a3-4b7f-979c-0f2c5d0b408a) | | key_name | mykey | | name | demo-instance | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | project_id | 1422ce46981848578060cf73fba40b3b | | properties | | | security_groups | [{u'name': u'default'}] | | status | BUILD | | updated | 2017-01-14T12:44:58Z | | user_id | f83238e0bc2444a197cdf36e8db6a67d | +--------------------------------------+-----------------------------------------------+
# 檢查實例狀態 [root@linux-node1 ~]# openstack server list +--------------------------------------+---------------+--------+-----------------------+------------+ | ID | Name | Status | Networks | Image Name | +--------------------------------------+---------------+--------+-----------------------+------------+ | 755fa8ad-36c7-42be-a0dd-f0196522776d | demo-instance | ACTIVE | public=192.168.56.102 | cirros | +--------------------------------------+---------------+--------+-----------------------+------------+ 注:當構建過程完全成功后,狀態會從 BUILD``變為``ACTIVE # 使用虛擬控制台訪問實例 獲取你勢力的 Virtual Network Computing (VNC) 會話URL並從web瀏覽器訪問它 [root@linux-node1 ~]# openstack console url show demo-instance +-------+------------------------------------------------------------------------------------+ | Field | Value | +-------+------------------------------------------------------------------------------------+ | type | novnc | | url | http://192.168.56.11:6080/vnc_auto.html?token=0e41d4c0-c5d9-45ed-bf1d-b8b11b887502 | +-------+------------------------------------------------------------------------------------+ CirrOS 鏡像包含傳統的用戶名/密碼認證方式並需在登錄提示中提供這些這些認證。登錄到 CirrOS 后,我們建議您驗證使用``ping``驗證網絡的連通性。
驗證:
1)能否ping通公有網絡的網關
2)驗證能否連接到互聯網
3)驗證控制節點或者其他公有網絡上的主機能否ping通實例(問題排查)
4)在控制節點或其他公有網絡上的主機使用 SSH遠程訪問實例(問題排查)
6、塊設備存儲
7、編排
8、共享文件系統