Openstack之路(六)創建雲主機實例
阿新 • • 發佈:2018-01-22
root created nat 加密 ica 加載 red pub acc 創建雲主機網絡
- 在控制節點上,加載admin憑證來獲取管理員能執行的命令訪問權限
[root@linux-node1 ~]# source admin-openrc- 創建網絡
[root@linux-node1 ~]# openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2018-01-22T06:05:17Z | | description | | | headers | | | id | d8acc6f1-8aed-4f7c-a630-83225f592039 | | ipv4_address_scope | None | | ipv6_address_scope | None | | mtu | 1500 | | name | provider | | port_security_enabled | True | | project_id | 14055178975d417987c5a94f030c7acf | | project_id | 14055178975d417987c5a94f030c7acf | | provider:network_type | flat | | provider:physical_network | provider | | provider:segmentation_id | None | | revision_number | 4 | | router:external | External | | shared | True | | status | ACTIVE | | subnets | | | tags | [] | | updated_at | 2018-01-22T06:05:18Z | +---------------------------+--------------------------------------+ [root@linux-node1 ~]# neutron net-list +--------------------------------------+----------+---------+ | id | name | subnets | +--------------------------------------+----------+---------+ | d8acc6f1-8aed-4f7c-a630-83225f592039 | provider | | +--------------------------------------+----------+---------+
- 在網絡上創建一個子網
[root@linux-node1 ~]# openstack subnet create --network provider --allocation-pool start=192.168.56.100,end=192.168.56.200 --dns-nameserver 192.168.56.2 --gateway 192.168.56.2 --subnet-range 192.168.56.0/24 provider-subnet +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 192.168.56.100-192.168.56.200 | | cidr | 192.168.56.0/24 | | created_at | 2018-01-22T06:13:27Z | | description | | | dns_nameservers | 192.168.56.2 | | enable_dhcp | True | | gateway_ip | 192.168.56.2 | | headers | | | host_routes | | | id | 5ae96c6c-2295-4cef-8ce5-cc19f4596c90 | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | provider-subnet | | network_id | d8acc6f1-8aed-4f7c-a630-83225f592039 | | project_id | 14055178975d417987c5a94f030c7acf | | project_id | 14055178975d417987c5a94f030c7acf | | revision_number | 2 | | service_types | [] | | subnetpool_id | None | | updated_at | 2018-01-22T06:13:27Z | +-------------------+--------------------------------------+ [root@linux-node1 ~]# neutron subnet-list +--------------------------------------+-----------------+-----------------+-------------------------------------------+ | id | name | cidr | allocation_pools | +--------------------------------------+-----------------+-----------------+-------------------------------------------+ | 5ae96c6c-2295-4cef-8ce5-cc19f4596c90 | provider-subnet | 192.168.56.0/24 | {"start": "192.168.56.100", "end": | | | | | "192.168.56.200"} | +--------------------------------------+-----------------+-----------------+-------------------------------------------+ [root@linux-node1 ~]# neutron net-list +--------------------------------------+----------+------------------------------------------------------+ | id | name | subnets | +--------------------------------------+----------+------------------------------------------------------+ | d8acc6f1-8aed-4f7c-a630-83225f592039 | provider | 5ae96c6c-2295-4cef-8ce5-cc19f4596c90 192.168.56.0/24 | +--------------------------------------+----------+------------------------------------------------------+
創建雲主機類型
默認的最小規格的主機需要512MB內存,對於環境中計算節點內存不足4 GB的,我們推薦創建只需要64MB的keywa.com規格的主機。若單純為了測試的目的,請使用keywa.com規格的主機來加載CirrOS鏡像。
[root@linux-node1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 keywa.com +----------------------------+-----------+ | Field | Value | +----------------------------+-----------+ | OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | disk | 1 | | id | 0 | | name | keywa.com | | os-flavor-access:is_public | True | | properties | | | ram | 64 | | rxtx_factor | 1.0 | | swap | | | vcpus | 1 | +----------------------------+-----------+
創建密鑰
- 導入demo項目憑證
[root@linux-node1 ~]# source demo-openrc- 生成和添加秘鑰對
[root@linux-node1 ~]# ssh-keygen -q -N ""
Enter file in which to save the key (/root/.ssh/id_rsa):
[root@linux-node1 ~]# ls -l .ssh/
total 8
-rw------- 1 root root 1679 Jan 22 14:28 id_rsa
-rw-r--r-- 1 root root 398 Jan 22 14:28 id_rsa.pub
[root@linux-node1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 6d:5f:c6:92:ac:5e:49:40:5c:3e:b4:14:9c:f9:59:8c |
| name | mykey |
| user_id | 48cd83bd3ce54b8ebece24680e8c8b0a |
+-------------+-------------------------------------------------+- 驗證公鑰的添加
[root@linux-node1 ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 6d:5f:c6:92:ac:5e:49:40:5c:3e:b4:14:9c:f9:59:8c |
+-------+-------------------------------------------------+創建安全組規則
默認情況下,default安全組適用於所有實例並且包括拒絕遠程訪問實例的防火墻規則。對諸如CirrOS這樣的Linux鏡像,我們推薦至少允許ICMP (ping))和安全Shell(SSH)規則。
- 允許ICMP請求
[root@linux-node1 ~]# openstack security group rule create --proto icmp default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2018-01-22T06:46:59Z |
| description | |
| direction | ingress |
| ethertype | IPv4 |
| headers | |
| id | 51ed729f-b268-4a99-b8a6-3a2ba0d31c77 |
| port_range_max | None |
| port_range_min | None |
| project_id | 8a788702c6ea46419bb85b4e4600e3c4 |
| project_id | 8a788702c6ea46419bb85b4e4600e3c4 |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 1 |
| security_group_id | 20346c59-a0c4-4cc3-90be-f94c3581edab |
| updated_at | 2018-01-22T06:46:59Z |
+-------------------+--------------------------------------+- 允許安全Shell(SSH)的訪問
[root@linux-node1 ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2018-01-22T06:49:46Z |
| description | |
| direction | ingress |
| ethertype | IPv4 |
| headers | |
| id | 950a1be7-6fd3-4c80-ba60-7f4f0b573771 |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 8a788702c6ea46419bb85b4e4600e3c4 |
| project_id | 8a788702c6ea46419bb85b4e4600e3c4 |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 1 |
| security_group_id | 20346c59-a0c4-4cc3-90be-f94c3581edab |
| updated_at | 2018-01-22T06:49:46Z |
+-------------------+--------------------------------------+啟動雲主機實例
啟動一臺實例,您必須至少指定一個類型、鏡像名稱、網絡、安全組、密鑰和實例名稱。
- 在控制節點上,獲得admin憑證來獲取只有管理員能執行的命令的訪問權限
[root@linux-node1 ~]# source demo-openrc- 一個實例指定了虛擬機資源的大致分配,包括處理器、內存和存儲
列出可用類型
[root@linux-node1 ~]# openstack flavor list
+----+-----------+-----+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-----+------+-----------+-------+-----------+
| 0 | keywa.com | 64 | 1 | 0 | 1 | True |
+----+-----------+-----+------+-----------+-------+-----------+列出可用鏡像
[root@linux-node1 ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| cd96090c-87ca-4eb3-b964-a7457639bc1e | cirros | active |
+--------------------------------------+--------+--------+列出可用網絡
[root@linux-node1 ~]# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| d8acc6f1-8aed-4f7c-a630-83225f592039 | provider | 5ae96c6c-2295-4cef-8ce5-cc19f4596c90 |
+--------------------------------------+----------+--------------------------------------+列出可用的安全組
[root@linux-node1 ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| 20346c59-a0c4-4cc3-90be-f94c3581edab | default | Default security group | 8a788702c6ea46419bb85b4e4600e3c4 |
+--------------------------------------+---------+------------------------+----------------------------------+- 啟動實例
[root@linux-node1 ~]# openstack server create --flavor keywa.com --image cirros --nic net-id=d8acc6f1-8aed-4f7c-a630-83225f592039 --security-group default --key-name mykey demo-instance
+--------------------------------------+-----------------------------------------------+
| Field | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | MowXppdE5ayJ |
| config_drive | |
| created | 2018-01-22T07:13:02Z |
| flavor | keywa.com (0) |
| hostId | |
| id | 3b5f20c8-8b17-48a2-9b72-70cc74f6fc8f |
| image | cirros (cd96090c-87ca-4eb3-b964-a7457639bc1e) |
| key_name | mykey |
| name | demo-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 8a788702c6ea46419bb85b4e4600e3c4 |
| properties | |
| security_groups | [{u‘name‘: u‘default‘}] |
| status | BUILD |
| updated | 2018-01-22T07:13:02Z |
| user_id | 48cd83bd3ce54b8ebece24680e8c8b0a |
+--------------------------------------+-----------------------------------------------+- 檢查實例的狀態,狀態為ACTIVE那臺虛擬機已經成功創建
[root@linux-node1 ~]# openstack server list
+--------------------------------------+---------------+--------+-------------------------+------------+
| ID | Name | Status | Networks | Image Name |
+--------------------------------------+---------------+--------+-------------------------+------------+
| 3b5f20c8-8b17-48a2-9b72-70cc74f6fc8f | demo-instance | ACTIVE | provider=192.168.56.110 | cirros |
+--------------------------------------+---------------+--------+-------------------------+------------+驗證操作
- 使用SSH加密連接實例
[root@linux-node1 ~]# ssh [email protected]
The authenticity of host ‘192.168.56.110 (192.168.56.110)‘ can‘t be established.
RSA key fingerprint is 2f:58:9f:5e:da:c5:1f:46:43:e1:c4:64:da:ee:2e:e6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.56.110‘ (RSA) to the list of known hosts.
$ - 驗證能否ping通公有網絡的網關
$ ping -c 4 114.114.114.114
PING 114.114.114.114 (114.114.114.114): 56 data bytes
64 bytes from 114.114.114.114: seq=0 ttl=128 time=29.289 ms
64 bytes from 114.114.114.114: seq=1 ttl=128 time=29.160 ms
64 bytes from 114.114.114.114: seq=2 ttl=128 time=34.413 ms
64 bytes from 114.114.114.114: seq=3 ttl=128 time=29.153 ms
--- 114.114.114.114 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 29.153/30.503/34.413 ms- 驗證能否連接到互聯網
$ ping -c 4 www.baidu.com
PING www.baidu.com (14.215.177.39): 56 data bytes
64 bytes from 14.215.177.39: seq=0 ttl=128 time=12.611 ms
64 bytes from 14.215.177.39: seq=1 ttl=128 time=8.424 ms
64 bytes from 14.215.177.39: seq=2 ttl=128 time=10.575 ms
64 bytes from 14.215.177.39: seq=3 ttl=128 time=11.595 ms
--- www.baidu.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 8.424/10.801/12.611 ms- 使用虛擬控制臺訪問實例
[root@linux-node1 ~]# openstack console url show demo-instance
+-------+------------------------------------------------------------------------------------+
| Field | Value |
+-------+------------------------------------------------------------------------------------+
| type | novnc |
| url | http://192.168.56.11:6080/vnc_auto.html?token=aff15e93-1ebe-49f3-877b-3213e6faa027 |
+-------+------------------------------------------------------------------------------------+- 瀏覽器訪問192.168.56.11:6080/vnc_auto.html?token=aff15e93-1ebe-49f3-877b-3213e6faa027
Openstack之路(六)創建雲主機實例