回顾下前几节用到的东西
MySQL:为各个服务提供数据存储
RabbitmQ:为各个服务之间提供通信提供交通枢纽
Keystone:为各个服务之间通信提供认证和服务注册
Glance:为虚拟机提供镜像管理
Nova:为虚拟机提供计算资源
Neutron:为虚拟机提供网络
创建一个单一扁平网络和子网
1、创建单一扁平网络
在控制节点上,加载 admin 凭证来获取管理员能执行的命令访问权限:
source admin-openstack.sh ,提供者网络必须使用admin创建,如果source demo-openstack.sh ,不会创建成功
执行命令语法如下
下面命令把provider改成public,表示物理网卡是public这个,这个是映射的那个public,它对应eth0
neutron net-create --shared --provider:physical_network provider --provider:network_type flat provider
执行过程如下
[root@linux-node1 ~]# source admin-openstack.sh [root@linux-node1 ~]# neutron net-create --shared --provider:physical_network public --provider:network_type flat public-net Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2017-02-18T11:33:28 | | description | | | id | ac1b0655-931d-4d6e-ba52-33fd0631e034 | | ipv4_address_scope | | | ipv6_address_scope | | | mtu | 1500 | | name | public-net | | port_security_enabled | True | | provider:network_type | flat | | provider:physical_network | public | | provider:segmentation_id | | | router:external | False | | shared | True | | status | ACTIVE | | subnets | | | tags | | | tenant_id | e88437b3330145e1a713469130b4c3cd | | updated_at | 2017-02-18T11:33:28 | +---------------------------+--------------------------------------+ [root@linux-node1 ~]#
上面的tenant_id 和下面的project的id一致。因为我们是admin创建的,属于admin的
[root@linux-node1 ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | e88437b3330145e1a713469130b4c3cd | admin | | ef1575c568a4416c81f4855ae5cfd8eb | demo | | fc29ee0a1c7145de99885bb4a3bef9c1 | service | +----------------------------------+---------+ [root@linux-node1 ~]#
查看创建的网络
[root@linux-node1 ~]# neutron net-list +--------------------------------------+------------+---------+ | id | name | subnets | +--------------------------------------+------------+---------+ | ac1b0655-931d-4d6e-ba52-33fd0631e034 | public-net | | +--------------------------------------+------------+---------+ [root@linux-node1 ~]#
2、创建一个子网
语法如下
neutron subnet-create --name provider --allocation-pool start=START_IP_ADDRESS,end=END_IP_ADDRESS --dns-nameserver DNS_RESOLVER --gateway PROVIDER_NETWORK_GATEWAY provider PROVIDER_NETWORK_CIDR
命令如下
neutron subnet-create --name public-subnet --allocation-pool start=192.168.56.100,end=192.168.56.200 --dns-nameserver 223.5.5.5 --gateway 192.168.56.2 public-net 192.168.56.0/24
执行过程如下
[root@linux-node1 ~]# neutron subnet-create --name public-subnet
> --allocation-pool start=192.168.56.100,end=192.168.56.200
> --dns-nameserver 223.5.5.5 --gateway 192.168.56.2
> public-net 192.168.56.0/24
Created a new subnet:
+-------------------+------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------+
| allocation_pools | {"start": "192.168.56.100", "end": "192.168.56.200"} |
| cidr | 192.168.56.0/24 |
| created_at | 2017-02-18T11:45:17 |
| description | |
| dns_nameservers | 223.5.5.5 |
| enable_dhcp | True |
| gateway_ip | 192.168.56.2 |
| host_routes | |
| id | fe4dfb57-8032-4614-b1d6-b2133890539b |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | public-subnet |
| network_id | ac1b0655-931d-4d6e-ba52-33fd0631e034 |
| subnetpool_id | |
| tenant_id | e88437b3330145e1a713469130b4c3cd |
| updated_at | 2017-02-18T11:45:17 |
+-------------------+------------------------------------------------------+
[root@linux-node1 ~]#
再次执行下面命令,可以看到subnets这里列有值了
[root@linux-node1 ~]# neutron net-list
+--------------------------------------+------------+------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+------------+------------------------------------------------------+
| ac1b0655-931d-4d6e-ba52-33fd0631e034 | public-net | fe4dfb57-8032-4614-b1d6-b2133890539b 192.168.56.0/24 |
+--------------------------------------+------------+------------------------------------------------------+
[root@linux-node1 ~]#
[root@linux-node1 ~]# neutron subnet-list
+--------------------------------------+---------------+-----------------+------------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+---------------+-----------------+------------------------------------------------------+
| fe4dfb57-8032-4614-b1d6-b2133890539b | public-subnet | 192.168.56.0/24 | {"start": "192.168.56.100", "end": "192.168.56.200"} |
+--------------------------------------+---------------+-----------------+------------------------------------------------------+
[root@linux-node1 ~]#
创建一个nano规格的实例
1、创建nano套餐类型
网络创建完毕后,创建一个nano规格的主机
默认的最小规格的主机需要512 MB内存。对于环境中计算节点内存不足4 GB的,我们推荐创建只需要64 MB的m1.nano规格的主机。
若单纯为了测试的目的,请使用m1.nano规格的主机来加载CirrOS镜像
硬盘是1GB,内存64MB,cpu是1个
[root@linux-node1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano +----------------------------+---------+ | Field | Value | +----------------------------+---------+ | OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | disk | 1 | | id | 0 | | name | m1.nano | | os-flavor-access:is_public | True | | ram | 64 | | rxtx_factor | 1.0 | | swap | | | vcpus | 1 | +----------------------------+---------+ [root@linux-node1 ~]#
查看主机类型列表
1-5是默认的,0是我创建的
[root@linux-node1 ~]# openstack flavor list +----+-----------+-------+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+-----------+-------+------+-----------+-------+-----------+ | 0 | m1.nano | 64 | 1 | 0 | 1 | True | | 1 | m1.tiny | 512 | 1 | 0 | 1 | True | | 2 | m1.small | 2048 | 20 | 0 | 1 | True | | 3 | m1.medium | 4096 | 40 | 0 | 2 | True | | 4 | m1.large | 8192 | 80 | 0 | 4 | True | | 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True | +----+-----------+-------+------+-----------+-------+-----------+ [root@linux-node1 ~]#
大部分云镜像支持公共密钥认证而不是传统的密码认证。在启动实例前,你必须添加一个公共密钥到计算服务。
创建一个密钥,并把这个密钥加到openstack上
[root@linux-node1 ~]# source demo-openstack.sh [root@linux-node1 ~]# ssh-keygen -q -N "" Enter file in which to save the key (/root/.ssh/id_rsa): [root@linux-node1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey +-------------+-------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------+ | fingerprint | 5e:eb:97:85:36:77:c3:75:6b:e4:51:d2:58:d1:64:fd | | name | mykey | | user_id | 7a01e2bd239844f183abbb4b0b960647 | +-------------+-------------------------------------------------+ [root@linux-node1 ~]#
验证公钥的添加:
[root@linux-node1 ~]# openstack keypair list +-------+-------------------------------------------------+ | Name | Fingerprint | +-------+-------------------------------------------------+ | mykey | 5e:eb:97:85:36:77:c3:75:6b:e4:51:d2:58:d1:64:fd | +-------+-------------------------------------------------+ [root@linux-node1 ~]#
2、增加安全组规则
默认情况下,它有一个default安全组,这个安全组阻止了所有访问,这里添加icmp和ssh
[root@linux-node1 ~]# openstack security group rule create --proto icmp default +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | id | 4063731b-25e6-448b-afd5-85b2ba1c7d30 | | ip_protocol | icmp | | ip_range | 0.0.0.0/0 | | parent_group_id | 650dcdc5-75e0-46ca-b0a0-9a683de9398c | | port_range | | | remote_security_group | | +-----------------------+--------------------------------------+ [root@linux-node1 ~]# openstack security group rule create --proto tcp --dst-port 22 default +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | id | c6299dc5-26cd-43f8-b7f7-1f5e26fbd7cb | | ip_protocol | tcp | | ip_range | 0.0.0.0/0 | | parent_group_id | 650dcdc5-75e0-46ca-b0a0-9a683de9398c | | port_range | 22:22 | | remote_security_group | | +-----------------------+--------------------------------------+ [root@linux-node1 ~]#
3、列出可用镜像、网络、安全组等
创建之前先列出可用类型和列出可用镜像:
[root@linux-node1 ~]# source demo-openstack.sh [root@linux-node1 ~]# openstack flavor list +----+-----------+-------+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+-----------+-------+------+-----------+-------+-----------+ | 0 | m1.nano | 64 | 1 | 0 | 1 | True | | 1 | m1.tiny | 512 | 1 | 0 | 1 | True | | 2 | m1.small | 2048 | 20 | 0 | 1 | True | | 3 | m1.medium | 4096 | 40 | 0 | 2 | True | | 4 | m1.large | 8192 | 80 | 0 | 4 | True | | 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True | +----+-----------+-------+------+-----------+-------+-----------+ [root@linux-node1 ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 9969eaa3-0296-48cc-a42e-a02251b778a6 | cirros | active | +--------------------------------------+--------+--------+ [root@linux-node1 ~]#
列出可用网络
[root@linux-node1 ~]# openstack network list +--------------------------------------+------------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+------------+--------------------------------------+ | ac1b0655-931d-4d6e-ba52-33fd0631e034 | public-net | fe4dfb57-8032-4614-b1d6-b2133890539b | +--------------------------------------+------------+--------------------------------------+ [root@linux-node1 ~]#
列出可用的安全组
[root@linux-node1 ~]# openstack security group list +--------------------------------------+---------+------------------------+----------------------------------+ | ID | Name | Description | Project | +--------------------------------------+---------+------------------------+----------------------------------+ | 650dcdc5-75e0-46ca-b0a0-9a683de9398c | default | Default security group | ef1575c568a4416c81f4855ae5cfd8eb | +--------------------------------------+---------+------------------------+----------------------------------+ [root@linux-node1 ~]#
4、创建实例
创建实例的语法如下
openstack server create --flavor m1.tiny --image cirros --nic net-id=PROVIDER_NET_ID --security-group default --key-name mykey provider-instance
如果你选择选项1并且你的环境只有一个网络,你可以省去–nic 选项因为OpenStack会自动选择这个唯一可用的网络。
net-id就是openstack network list 显示的id, 不是subnet的id
修改后的创建命令如下
openstack server create --flavor m1.nano --image cirros --nic net-id=ac1b0655-931d-4d6e-ba52-33fd0631e034 --security-group default --key-name mykey provider-instance
执行过程如下
[root@linux-node1 ~]# openstack server create --flavor m1.nano --image cirros
> --nic net-id=ac1b0655-931d-4d6e-ba52-33fd0631e034 --security-group default
> --key-name mykey provider-instance
+--------------------------------------+-----------------------------------------------+
| Field | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | nd8EcgwxiAph |
| config_drive | |
| created | 2017-02-18T12:16:08Z |
| flavor | m1.nano (0) |
| hostId | |
| id | ad696d58-9998-46da-85a4-64479b171421 |
| image | cirros (9969eaa3-0296-48cc-a42e-a02251b778a6) |
| key_name | mykey |
| name | provider-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | ef1575c568a4416c81f4855ae5cfd8eb |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2017-02-18T12:16:08Z |
| user_id | 7a01e2bd239844f183abbb4b0b960647 |
+--------------------------------------+-----------------------------------------------+
[root@linux-node1 ~]#
5、检查实例的状态和登录实例
[root@linux-node1 ~]# openstack server list +--------------------------------------+-------------------+--------+---------------------------+ | ID | Name | Status | Networks | +--------------------------------------+-------------------+--------+---------------------------+ | ad696d58-9998-46da-85a4-64479b171421 | provider-instance | ACTIVE | public-net=192.168.56.101 | +--------------------------------------+-------------------+--------+---------------------------+ [root@linux-node1 ~]#
计算节点可以看到kvm起来了
[root@linux-node2 ~]# virsh list Id Name State ---------------------------------------------------- 1 instance-00000001 running [root@linux-node2 ~]#
登录机器成功。因为密钥传进去了。不用密码
[root@linux-node1 ~]# ssh cirros@192.168.56.101
$
$
$ ip ad li
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether fa:16:3e:4b:42:f1 brd ff:ff:ff:ff:ff:ff
inet 192.168.56.101/24 brd 192.168.56.255 scope global eth0
inet6 fe80::f816:3eff:fe4b:42f1/64 scope link
valid_lft forever preferred_lft forever
$
创建过程中可以查看计算节点的日志,因为是计算节点创建的虚拟机
[root@linux-node2 ~]# tail -f /var/log/nova/nova-compute.log 2017-02-18 20:16:22.979 6502 INFO nova.compute.resource_tracker [req-62816801-8204-49f8-8a6a-9f0b92c56fef - - - - -] Final resource view: name=linux-node2.nmap.com phys_ram=4095MB used_ram=576MB
phys_disk=35GB used_disk=1GB total_vcpus=4 used_vcpus=1 pci_stats=[] 2017-02-18 20:16:23.030 6502 INFO nova.compute.resource_tracker [req-62816801-8204-49f8-8a6a-9f0b92c56fef - - - - -] Compute_service record updated for linux-node2.nmap.com:linux-node2.nmap.com 2017-02-18 20:17:22.135 6502 INFO nova.compute.resource_tracker [req-62816801-8204-49f8-8a6a-9f0b92c56fef - - - - -] Auditing locally available compute resources for node linux-node2.nmap.com 2017-02-18 20:17:22.769 6502 INFO nova.compute.resour
虚拟机创建失败,需要看所有服务的所有日志,根据时间查看可疑的原因
[root@linux-node1 ~]# grep 'ERROR' /var/log/glance/* [root@linux-node1 ~]# grep 'ERROR' /var/log/keystone/* [root@linux-node1 ~]# [root@linux-node1 ~]# grep 'ERROR' /var/log/nova/* [root@linux-node1 ~]# [root@linux-node1 ~]# grep 'ERROR' /var/log/neutron/*
我的下面两个目录都有点报错,但是虚拟机创建成功了
[root@linux-node1 ~]# grep 'ERROR' /var/log/neutron/* [root@linux-node1 ~]# grep 'ERROR' /var/log/glance/*
要使用demo用户才能查看创建的主机,因为本来就是demo用户创建的
[root@linux-node1 ~]# source admin-openstack.sh [root@linux-node1 ~]# openstack server list [root@linux-node1 ~]# source demo-openstack.sh [root@linux-node1 ~]# openstack server list +--------------------------------------+-------------------+--------+---------------------------+ | ID | Name | Status | Networks | +--------------------------------------+-------------------+--------+---------------------------+ | ad696d58-9998-46da-85a4-64479b171421 | provider-instance | ACTIVE | public-net=192.168.56.101 | +--------------------------------------+-------------------+--------+---------------------------+ [root@linux-node1 ~]#
获取它控制台的地址
[root@linux-node1 ~]# openstack console url show provider-instance +-------+------------------------------------------------------------------------------------+ | Field | Value | +-------+------------------------------------------------------------------------------------+ | type | novnc | | url | http://192.168.56.11:6080/vnc_auto.html?token=e4e15645-5cfe-4a99-908f-9865b3552132 | +-------+------------------------------------------------------------------------------------+ [root@linux-node1 ~]#
把上面这一串复制到浏览器。可以以网页方式打开一个vnc窗口,上面链接的token是有时间有效期的,会变的
上面的6080端口映射到了192.168.56.12的5900端口
浏览器页面可以登录
查看计算节点端口启动情况,有个5900端口,就是vnc的
[root@linux-node2 ~]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 7936/qemu-kvm tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 3916/dnsmasq tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1155/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1250/master tcp6 0 0 :::111 :::* LISTEN 1/systemd tcp6 0 0 :::22 :::* LISTEN 1155/sshd tcp6 0 0 ::1:25 :::* LISTEN 1250/master [root@linux-node2 ~]#
查看下连接情况
计算节点的5900端口和控制节点的6080端口
[root@linux-node2 ~]# lsof -i:5900 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME qemu-kvm 7936 qemu 18u IPv4 40843 0t0 TCP *:rfb (LISTEN) qemu-kvm 7936 qemu 25u IPv4 46305 0t0 TCP linux-node2:rfb->linux-node1:47511 (ESTABLISHED) [root@linux-node2 ~]# [root@linux-node1 ~]# lsof -i:6080 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME nova-novn 13967 nova 4u IPv4 40352 0t0 TCP *:6080 (LISTEN) nova-novn 27347 nova 4u IPv4 40352 0t0 TCP *:6080 (LISTEN) nova-novn 27347 nova 6u IPv4 77765 0t0 TCP linux-node1:6080->192.168.56.1:57139 (ESTABLISHED) [root@linux-node1 ~]#