<一,openStack img 制作>
tips:制作大部分cloud platforms img准备工作.
<1,> http://www.pubyun.com/blog/openstack/%E4%BB%80%E4%B9%88%E6%98%AFopenstack%E7%9A%84-metadata/
www.weiyan.me/2012/10/494
http://www.ibm.com/developerworks/cn/cloud/library/cl-openstack-images/
一台linux系统(最好centOS6 根据当前cloud platform and linux OS compatibility)的机器,作为制作镜像的机器.
1,安装底层支持软件包
yum groupinstall Virtualization libvirt virt-install qemu-kvm;
2,某种类型 的iso文件准备
3,启动libvirtd
<2,>开始制作镜像
qemu-img create -f qcow2 ruiyCentOS-openStack.qcow2 30G
chown qemu:qemu *.qcow2 -R
virt-install -n RuiyCnetOSimg -r 4096 --cpu host -c /images/Centos-*iso --disk path=*.qcow2,device=disk,bus=virtio,size=30,format=qcow2 --vnc --vncport=5978 --vnclisten=0.0.0.0 -v
为openStack的镜像而打磨一下我们刚装好的系统
virsh start/destroy/undefine VMInames;
1,delete /etc/udev/rules.d/70-persistent-net.rules (删除以生成的网络设备规则!)
2,删除ifcfg-eth0的HWADDR一行
/etc/sysconfig/network-scripts/ifcfg-eth0内容如下:
DEVICE="eth0"
BOOTPROTO="dhcp"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
3,关闭firewall和selinux/config
sed -i s/^SELINUX=.*/SELINUX=disabled/g /etc/selinux/config
service iptables stop && chkconfig iptables off;
4,设置系统能自动获取openstack指定的hostname和ssh-key
使用vim编辑/etc/rc.local文件
然后将以下内容输入进去,放在”touch /var/lock/subsys/local”之前
| if [ ! -d /root/.ssh ]; then mkdir -p /root/.ssh chmod 700 /root/.ssh fi # Fetch public key using HTTP ATTEMPTS=30 FAILED=0 while [ ! -f /root/.ssh/authorized_keys ]; do curl -f http://169.254.169.254/latest/meta-data/hostname > /tmp/metadata-hostname 2>/dev/null else |
上传镜像,开启实例
如果以上的内容都做完了,那么就可以直接把这个生成的镜像关机了
init 0
之后,我们可以看看之前生成的那个qcow2格式的img,发现不超过2G应该。我们只需要将这个镜像传到Openstack的环境里,然后使用glance add添加即可
glance add name=XXXX is_public=true container_format=ovf disk_format=qcow2 < /tmp/CentOS6.3-openstack.img
再之后,用这个镜像创建一个实例~~启动起来看看吧~~你会发现直接获取的就是Openstack分配的ip ~而且直接可以ssh到哦~!
<二,>
openStack metadata(public keys)
what openStack metadata ?
metadata 字面理解元数据,在除了openStack的其他场合也经常遇到,在openStack环境中metadata是提供一个机制给用户(可以设定每一个VMI instance参数)
eg,你想给instance设置某个属性,(主机名,ip,public keys pairs)
metadata的一个一个重要应用是设置每个instance 的ssh public keys
公钥的设置有两种方式
1,创建instance 时注入文件镜像
2,启动instance后,通过metadata获取,用脚本写入
# Fetch public key using HTTP
ATTEMPTS=10
while [ ! -f /root/.ssh/authorized_keys ]; do
curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/aws-key 2>/dev/null
if [ $? -eq 0 ]; then
cat /tmp/aws-key >> /root/.ssh/authorized_keys
chmod 0600 /root/.ssh/authorized_keys
restorecon /root/.ssh/authorized_keys
rm -f /tmp/aws-key
echo "Successfully retrieved AWS public key from instance metadata"
else
FAILED=$(($FAILED + 1))
if [ $FAILED -ge $ATTEMPTS ]; then
echo "Failed to retrieve AWS public key after $FAILED attempts, quitting"
break
fi
echo "Could not retrieve AWS public key (attempt #$FAILED/$ATTEMPTS), retrying in 5 seconds..."
sleep 5
fi
done
可以看到,获取metadata及主机名的api接口分别是
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
http://169.254.169.254/latest/meta-data/hostname
注意,169.254.169.254这个ip地址在openStack中是不存在的,为什么可以获取metadata?
这个是Amazon原因,最早metadata是亚马逊提出的,很多人给亚马逊定制了操作系统的一些镜像,而且将里面获取metadata的api地址写死了,openStack为了兼容性,保留了这个ip,然后通过iptables nat 映射到真实的api上!这个很重要了!相信搞过manual deploy openStack production ENV 的大牛都知道,openStack的网络节点iptables 是不关闭的哦,下面的计算节点的iptables是需要关闭的!
iptables -A nova-network-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination ip(10.114.100.118):8775
8775端口也很重要,有时会死掉,你需要使用lsof -p:8775 找到首进程pid 将其kill -all pid 重启nova-api即可;
使用metadata会带来便利,但是经常会碰到的问题是metadata获取不成功,导致instance启动很慢,并且获取失效会导致ssh key等功能设置失效
1,在network上,正确设置相关参数/etc/nova/nova.conf
metadata_host = ip
2,由于api判断instance是通过fixed ip(就是我们在配置openStack时创建的tenant 网络)来判断的
<三,>
1,quick guide to creating a OpenStack bootable image;
1.1 wget os iso
wget http://releases.ubuntu.com/14.04/ubuntu-14.04-server-adm64.iso
1.2 create disk image:
qemu-img create -f qcow2 ubuntu-14.04-server.qcow2 30G
1.3 using KVM,launch an instance using iso and disk image (4096Mb ram and 2 processors)
kvm -hda ubuntu-14.04-server.qcow2 -cdrom ubuntu-14.04-server-adm64.iso -m 4096 -smp 2
1.4 upload the image to glance:
glance image-create --name ubuntu-14.04-server --disk-format=qcow2 --container-format=bare --is-public=True < ubuntu-14.04-server.qcow2
1.5 boot
nova boot --image ubuntu-14.04-server --flavor 3 VMI001
(Tips:delete /etc/udev/rules.d/70-persistent-net.rules (beforce uploading the image to glance))
in order for the nic interface ordering to start at eth0,otherwise it will start eth1.... which might not automatically start a dhcp-client on the interface.
# Fetch public key using HTTP
ATTEMPTS=10
while [ ! -f /root/.ssh/authorized_keys ]; do
curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/aws-key 2>/dev/null
if [ $? -eq 0 ]; then
cat /tmp/aws-key >> /root/.ssh/authorized_keys
chmod 0600 /root/.ssh/authorized_keys
restorecon /root/.ssh/authorized_keys
rm -f /tmp/aws-key
echo "Successfully retrieved AWS public key from instance metadata"
else
FAILED=$(($FAILED + 1))
if [ $FAILED -ge $ATTEMPTS ]; then
echo "Failed to retrieve AWS public key after $FAILED attempts, quitting"
break
fi
echo "Could not retrieve AWS public key (attempt #$FAILED/$ATTEMPTS), retrying in 5 seconds..."
sleep 5
fi
done