创建过程
- 创建虚拟网络
- 创建m1.nano规格的主机(相等于定义虚拟机的硬件配置)
- 生成一个密钥对(openstack的原理是不使用密码连接,而是使用密钥对进行连接)
- 增加安全组规则(用iptables做的安全组)
- 启动一个实例(启动虚拟机有三种类型:1.命令CLI 2.api 3.Dashboard)实际上Dashboard也是通过api进行操作
- 虚拟网络分为提供者网络和私有网络,提供者网络就是跟主机在同一个网络里,私有网络自定义路由器等,跟主机不在一个网络
一.)创建网络
1.1.节点操作,创建网络
[root@controller ~]# source admin-openrc [root@controller ~]# neutron net-create --shared --provider:physical_network provider --provider:network_type flat public-net Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2018-04-13T12:03:41Z | | description | | | id | c7e2a252-775d-48e1-a748-11089994f455 | | ipv4_address_scope | | | ipv6_address_scope | | | mtu | 1500 | | name | public-net | | port_security_enabled | True | | project_id | 24a37179b1844e8897e77a0c44cc8d25 | | provider:network_type | flat | | provider:physical_network | provider | | provider:segmentation_id | | | revision_number | 3 | | router:external | False | | shared | True | | status | ACTIVE | | subnets | | | tags | | | tenant_id | 24a37179b1844e8897e77a0c44cc8d25 | | updated_at | 2018-04-13T12:03:41Z | +---------------------------+--------------------------------------+
上图中tenant_id 等于 project_id,查看项目列表如下图
[root@controller ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 24a37179b1844e8897e77a0c44cc8d25 | admin | | a1c365af1dcb4811a96d10381d3b5606 | service | | dece6a569ea74a43a50119d04edec8c8 | demo | +----------------------------------+---------
1.2 检查是否创建成功
[root@controller ~]# neutron net-list +--------------------------------------+------------+---------+ | id | name | subnets | +--------------------------------------+------------+---------+ | c7e2a252-775d-48e1-a748-11089994f455 | public-net | | +--------------------------------------+------------+---------+
1.3 创建子网
[root@controller ~]# neutron subnet-create --name public-subnet
> --allocation-pool start=10.0.0.100,end=10.0.0.200
> --dns-nameserver 233.5.5.5 --gateway 10.0.0.2
> public-net 10.0.0.0/24
Created a new subnet:
+-------------------+----------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------+
| allocation_pools | {"start": "10.0.0.100", "end": "10.0.0.200"} |
| cidr | 10.0.0.0/24 |
| created_at | 2018-04-13T12:08:37Z |
| description | |
| dns_nameservers | 233.5.5.5 |
| enable_dhcp | True |
| gateway_ip | 10.0.0.2 |
| host_routes | |
| id | 4c5d0667-f711-4eb1-a750-0ae4143976b9 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | public-subnet |
| network_id | c7e2a252-775d-48e1-a748-11089994f455 |
| project_id | 24a37179b1844e8897e77a0c44cc8d25 |
| revision_number | 2 |
| service_types | |
| subnetpool_id | |
| tenant_id | 24a37179b1844e8897e77a0c44cc8d25 |
| updated_at | 2018-04-13T12:08:37Z |
+-------------------+----------------------------------------------+
参数说明
neutron subnet-create 子网创建 --name (名称) --allocation—pool 分配地址池 start=开始IP地址 end=结束IP地址 dns-nameserver DNS地址,233.5.5.5是阿里公共DNS地址 --gateway 网关 public-net 提供者的网络名称(要跟上面创建网络的名称对应起来)
1.4 检查是否关联成功
[root@controller ~]# neutron net-list
+--------------------------------------+------------+--------------------------------------------------+
| id | name | subnets |
+--------------------------------------+------------+--------------------------------------------------+
| c7e2a252-775d-48e1-a748-11089994f455 | public-net | 4c5d0667-f711-4eb1-a750-0ae4143976b9 10.0.0.0/24 |
+--------------------------------------+------------+--------------------------------------------------+
[root@controller ~]#
[root@controller ~]# neutron subnet-list
+--------------------------------------+---------------+-------------+----------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+---------------+-------------+----------------------------------------------+
| 4c5d0667-f711-4eb1-a750-0ae4143976b9 | public-subnet | 10.0.0.0/24 | {"start": "10.0.0.100", "end": "10.0.0.200"} |
+--------------------------------------+---------------+-------------+----------------------------------------------+
1.5 创建m1.nano规格的主机(自定义云主机规格)
默认的最小规格的主机需要512 MB内存。我们推荐创建只需要64 MB的m1.nano规格的主机。若单纯为了测试的目的,请使用m1.nano规格的主机来加载CirrOS镜像。
[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano +----------------------------+---------+ | Field | Value | +----------------------------+---------+ | OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | disk | 1 | | id | 0 | | name | m1.nano | | os-flavor-access:is_public | True | | properties | | | ram | 64 | | rxtx_factor | 1.0 | | swap | | | vcpus | 1 | +----------------------------+---------+
参数说明: openstack flavor create 创建主机 --id 主机ID --vcpus cpu数量 --ram 64(默认是MB,可以写成G) --disk 磁盘(默认单位是G)
1.6 查看创建结果
[root@controller ~]# openstack flavor list +----+---------+-----+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+---------+-----+------+-----------+-------+-----------+ | 0 | m1.nano | 64 | 1 | 0 | 1 | True | +----+---------+-----+------+-----------+-------+-----------+
1.7 生成秘钥
大部分云镜像支持公共密钥认证而不是传统的密码认证。在启动实例前,必须添加一个公共密钥到计算服务。
[root@controller ~]# source admin-openrc [root@controller ~]# ssh-keygen -q -N "" Enter file in which to save the key (/root/.ssh/id_rsa):
1.8 将密钥放在openstack上
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey +-------------+-------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------+ | fingerprint | e7:bb:a1:e5:a1:ef:1a:e7:ea:59:b2:67:cb:4c:5f:85 | | name | mykey | | user_id | ff64ec1a3fa7461d890b9757401d475d | +-------------+-------------------------------------------------+
1.9 验证公钥的添加
[root@controller ~]# openstack keypair list +-------+-------------------------------------------------+ | Name | Fingerprint | +-------+-------------------------------------------------+ | mykey | e7:bb:a1:e5:a1:ef:1a:e7:ea:59:b2:67:cb:4c:5f:85 | +-------+-------------------------------------------------+
1.10 增加安全组规则
允许 ICMP (ping)
默认情况下, default安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像,我们推荐至少允许ICMP (ping) 和安全shell(SSH)规则。
[root@controller ~]# openstack security group rule create --proto icmp default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2018-04-13T12:16:28Z | | description | | | direction | ingress | | ethertype | IPv4 | | headers | | | id | f45624e2-bd78-4131-82c6-c09ccdfbe317 | | port_range_max | None | | port_range_min | None | | project_id | 24a37179b1844e8897e77a0c44cc8d25 | | project_id | 24a37179b1844e8897e77a0c44cc8d25 | | protocol | icmp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 1 | | security_group_id | b40c315f-9625-4877-a9f4-3b52b1f750d1 | | updated_at | 2018-04-13T12:16:28Z | +-------------------+--------------------------------------+
允许安全 shell (SSH) 的访问
openstack security group rule create --proto tcp --dst-port 22 default
1.11 查看网络的ID
[root@controller ~]# openstack network list +--------------------------------------+------------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+------------+--------------------------------------+ | c7e2a252-775d-48e1-a748-11089994f455 | public-net | 4c5d0667-f711-4eb1-a750-0ae4143976b9 | +--------------------------------------+------------+--------------------------------------+
1.12 创建一个实例
[root@controller ~]# openstack server create --flavor m1.nano --image cirros
> --nic net-id=c7e2a252-775d-48e1-a748-11089994f455 --security-group default
> --key-name mykey xuli-instance
+--------------------------------------+-----------------------------------------------+
| Field | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | rYP39r4N8th6 |
| config_drive | |
| created | 2018-04-13T12:19:11Z |
| flavor | m1.nano (0) |
| hostId | |
| id | d403e69a-adfc-41b6-937d-75156c080ce0 |
| image | cirros (c952e002-680e-45e1-9337-08d2c3a9abe6) |
| key_name | mykey |
| name | xuli-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 24a37179b1844e8897e77a0c44cc8d25 |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2018-04-13T12:19:12Z |
| user_id | ff64ec1a3fa7461d890b9757401d475d |
+--------------------------------------+-----------------------------------------------+
1.14 查看虚拟机
[root@controller ~]# openstack server list +--------------------------------------+------+---------+-----------------------+------------+ | ID | Name | Status | Networks | Image Name | +--------------------------------------+------+---------+-----------------------+------------+ | b47c5250-20d7-4a05-a555-e59714a08959 | GGG | SHUTOFF | public-net=10.0.0.111 | | | 1df453d3-c393-4277-8221-f73a1dc69709 | RRR | SHUTOFF | public-net=10.0.0.107 | | | 3da5bba5-beae-435c-a9b6-cc774951e678 | QQQ | SHUTOFF | public-net=10.0.0.110 | | +--------------------------------------+------+---------+-----------------------+------------+
1.15 查看虚拟机的URL地址
[root@controller ~]# openstack console url show GGG +-------+---------------------------------------------------------------------------------+ | Field | Value | +-------+---------------------------------------------------------------------------------+ | type | novnc | | url | http://10.0.0.101:6080/vnc_auto.html?token=433f2e28-b480-4d35-96b2-5ac068f699e3 | +-------+---------------------------------------------------------------------------------+
可以复制上面URL地址,在浏览器访问
1.16 异常排查
如果无法创建虚拟机,我们需要查看控制节点和计算节点所有服务的日志,同时也要查看iptables、selinux、时间同步等
grep 'ERROR' /var/log/nova/* grep 'ERROR' /var/log/neutron/* grep 'ERROR' /var/log/glance/* grep 'ERROR' /var/log/keystone/*
检查
source admin-openstack.sh nova service-list neutron agent-list nova image-list