创建虚拟机
当前面的配置步骤都完成后,我们就可以利用现有的配置创建虚拟机了,在创建虚拟机之前我们还有先创建一个网络,这里以最简单的提供者网络为例。
在对openstack操作前,我们需要先确保各个节点的时间保持一致:
|
1
|
ntpdate time1.aliyun.com |
创建网络
http://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/launch-instance-networks-provider.html
在控制节点进行以下操作,加载环境变量(创建网络必须要使用admin权限):
|
1
2
3
|
# source admin-openstack.sh# neutron net-create --shared --provider:physical_network public \ --provider:network_type flat public-net
|
创建了一个网络,网络名称为public-net,网络类型为flat,采用共享模式,物理网络的桥接名称为public (这里的public对应文件/etc/neutron/plugins/ml2/linuxbridge_agent.ini 中 [linux_bridge]模块中“physical_interface_mappings =” 参数的设置。)
查看创建的网络信息:
|
1
2
3
4
5
6
|
# neutron net-list+--------------------------------------+------------+-------------------------------------------------+| id | name | subnets |
+--------------------------------------+------------+-------------------------------------------------+| ff609289-4b36-4294-80b8-5591d8196c42 | public-net | 1bad82b3-bc26-4971-b77f-cfa5bdc29ca8 172.16.0.0/16 |
+--------------------------------------+------------+-------------------------------------------------+ |
创建一个子网,指定IP信息:
|
1
2
3
|
neutron subnet-create --name public-subnet \ --allocation-pool start=172.16.10.100,end=172.16.10.150 \
--dns-nameserver 223.5.5.5 --gateway 172.16.0.1 public-net 172.16.0.0/16
|
查看创建网络的信息,两个网络的ID会对应上:
|
1
2
3
4
5
6
|
# neutron subnet-list+--------------------------------------+---------------+---------------+----------------------------------------------------+| id | name | cidr | allocation_pools |
+--------------------------------------+---------------+---------------+----------------------------------------------------+| 1bad82b3-bc26-4971-b77f-cfa5bdc29ca8 | public-subnet | 172.16.0.0/16 | {"start": "172.16.10.100", "end": "172.16.10.150"} |
+--------------------------------------+---------------+---------------+----------------------------------------------------+ |
创建一个小规格nano主机模板
默认的最小规格的主机需要512 MB内存。对于环境中计算节点内存不足4 GB的,我们推荐创建只需要64 MB的``m1.nano``规格的主机。若单纯为了测试的目的,请使用``m1.nano``规格的主机来加载CirrOS镜像
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+| Field | Value |+----------------------------+---------+| OS-FLV-DISABLED:disabled | False || OS-FLV-EXT-DATA:ephemeral | 0 || disk | 1 || id | 0 |
| name | m1.nano || os-flavor-access:is_public | True || ram | 64 |
| rxtx_factor | 1.0 || swap | || vcpus | 1 |+----------------------------+---------+ |
校验设置
在创建了虚拟机之后,我们通过生成的**来进行校验,连接虚拟机。
生成一个键值对:
|
1
2
|
# source demo-openstack.sh # ssh-****** -q -N "" |
此时,在.ssh/文件下生成了一个公钥和一个私钥:
|
1
2
|
# ls .ssh/id_rsa id_rsa.pub known_hosts |
使用钥匙对,添加公钥:
|
1
2
3
4
5
6
7
8
|
# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey+-------------+-------------------------------------------------+| Field | Value |+-------------+-------------------------------------------------+| fingerprint | 7e:d7:a7:d7:ce:16:84:ff:2d:8f:aa:98:39:ba:22:00 || name | mykey || user_id | 8985f9af453240f5b376b9a4fcd940eb |+-------------+-------------------------------------------------+ |
验证公钥的添加:
|
1
2
3
4
5
6
|
# openstack keypair list+-------+-------------------------------------------------+| Name | Fingerprint |+-------+-------------------------------------------------+| mykey | 7e:d7:a7:d7:ce:16:84:ff:2d:8f:aa:98:39:ba:22:00 |+-------+-------------------------------------------------+ |
添加安全组规则
默认情况下, ``default``安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像,我们推荐至少允许ICMP (ping) 和安全shell(SSH)规则。
添加规则到 default 安全组。
允许 ICMP (ping):
|
1
|
# openstack security group rule create --proto icmp default |
允许安全 shell (SSH) 的访问:
|
1
|
# openstack security group rule create --proto tcp --dst-port 22 default |
确定虚拟机选项
列出可用的虚拟机类型
|
1
2
3
4
5
6
7
8
9
10
11
12
|
# source demo-openstack.sh# openstack flavor list+----+-----------+-------+------+-----------+-------+-----------+| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |+----+-----------+-------+------+-----------+-------+-----------+| 0 | m1.nano | 64 | 1 | 0 | 1 | True || 1 | m1.tiny | 512 | 1 | 0 | 1 | True || 2 | m1.small | 2048 | 20 | 0 | 1 | True || 3 | m1.medium | 4096 | 40 | 0 | 2 | True || 4 | m1.large | 8192 | 80 | 0 | 4 | True || 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |+----+-----------+-------+------+-----------+-------+-----------+ |
列出可用镜像:
|
1
2
3
4
5
6
|
# openstack image list+--------------------------------------+--------+--------+| ID | Name | Status |+--------------------------------------+--------+--------+| 82c3ba8f-4930-4e32-bd1b-34881f5eb4cd | cirros | active |+--------------------------------------+--------+--------+ |
列出可用网络:
|
1
2
3
4
5
6
|
# openstack network list+--------------------------------------+------+--------------------------------------+| ID | Name | Subnets |+--------------------------------------+------+--------------------------------------+| 216ef040-e083-42bc-8f04-0f33b768e139 | flat | d6137f5a-f833-4590-a91c-9672aac2318f |+--------------------------------------+------+--------------------------------------+列出可用的安全组: |
列出可用的安全组:
|
1
2
3
4
5
6
7
|
# openstack security group list+---------------------------+---------+------------------------+-----------------------------+| ID | Name | Description | Project |+---------------------------+---------+------------------------+-----------------------------+| 9b59f146-800c-4946-9f7a- | default | Default security group | cce66ccc0c44433181c23024810 || c73d3e2b8ea8 | | | db7c6 |+---------------------------+---------+------------------------+-----------------------------+ |
创建虚拟机
创建虚拟机时,需要指定配置,镜像,网络ID和安全组等信息。
先列出网络信息:
|
1
2
3
4
5
6
7
|
# openstack subnet list+-------------------------------+---------------+-------------------------------+---------------+| ID | Name | Network | Subnet |+-------------------------------+---------------+-------------------------------+---------------+| 1bad82b3-bc26-4971-b77f- | public-subnet | ff609289-4b36-4294-80b8-5591d | 172.16.0.0/16 |
| cfa5bdc29ca8 | | 8196c42 | |+-------------------------------+---------------+-------------------------------+---------------+ |
创建虚拟机实例,--flavor指定虚拟机配置类型,cirros为指定的镜像,指定网络ID(network ID而不是subnet ID),默认安全组,实例名称:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
openstack server create --flavor m1.nano --image cirros \ --nic net-id=ff609289-4b36-4294-80b8-5591d8196c42 --security-group default \
--key-name mykey provider-instance
+--------------------------------------+-----------------------------------------------+
| Field | Value |+--------------------------------------+-----------------------------------------------+| OS-DCF:diskConfig | MANUAL || OS-EXT-AZ:availability_zone | || OS-EXT-STS:power_state | 0 || OS-EXT-STS:task_state | scheduling || OS-EXT-STS:vm_state | building || OS-SRV-USG:launched_at | None || OS-SRV-USG:terminated_at | None || accessIPv4 | || accessIPv6 | || addresses | || adminPass | EnFw5nUGQqNR || config_drive | || created | 2016-10-30T08:50:44Z || flavor | m1.nano (0) || hostId | || id | 26f724b8-ba5a-4886-94cb-bff046c28068 |
| image | cirros (82c3ba8f-4930-4e32-bd1b-34881f5eb4cd) || key_name | mykey || name | provider-instance || os-extended-volumes:volumes_attached | [] || progress | 0 || project_id | cce66ccc0c44433181c23024810db7c6 || properties | || security_groups | [{u'name': u'default'}] |
| status | BUILD || updated | 2016-10-30T08:50:45Z || user_id | 8985f9af453240f5b376b9a4fcd940eb |+--------------------------------------+-----------------------------------------------+ |
提示:如果出现下面的报错,说明sourse的环境变量不对,执行 source demo-openstack.sh即可。
|
1
|
Invalid key_name provided. (HTTP 400) (Request-ID: req-54fbd92a-324a-427b-b3ba-9768f3ac9dd7) |
检查实例的状态,Active说明状态正常:
|
1
2
3
4
5
6
|
# openstack server list+--------------------------------------+-------------------+--------+----------------------+| ID | Name | Status | Networks |+--------------------------------------+-------------------+--------+----------------------+| 26f724b8-ba5a-4886-94cb-bff046c28068 | provider-instance | ACTIVE | public=172.16.10.101 |+--------------------------------------+-------------------+--------+----------------------+ |
|
1
2
3
4
5
|
# ping 172.16.10.101PING 172.16.10.101 (172.16.10.101) 56(84) bytes of data.64 bytes from 172.16.10.101: icmp_seq=1 ttl=64 time=2.10 ms
64 bytes from 172.16.10.101: icmp_seq=2 ttl=64 time=0.824 ms
64 bytes from 172.16.10.101: icmp_seq=3 ttl=64 time=0.982 ms
|
使用虚拟控制台访问实例
执行下面命令,获取实例的 Virtual Network Computing (VNC) 会话URL并从web浏览器访问它:
|
1
2
3
4
5
6
7
|
# openstack console url show provider-instance+-------+-----------------------------------------------------------------------------------+| Field | Value |+-------+-----------------------------------------------------------------------------------+| type | novnc |
| url | http://172.16.10.50:6080/vnc_auto.html?token=bdff5f0d-e768-4002-b623-e1969f6a2693 |
+-------+-----------------------------------------------------------------------------------+ |
提示:最好使用谷歌或者火狐浏览器,其他浏览器有可能无法加载。
根据提示输入账号密码就可以进入系统了:
在控制节点或其他公有网络上的主机使用 SSH远程访问实例,如果需要直接切换到root用户,直接sudo su - 即可。由于之前在控制节点做了**分发,所以不需要密码就可以直接登录。
|
1
2
3
4
5
6
7
|
# ssh [email protected]The authenticity of host '172.16.10.101 (172.16.10.101)' can't be established.
RSA key fingerprint is b9:7d:c6:69:11:a2:3c:d4:ec:d6:15:25:4c:f6:88:d4.Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.10.101' (RSA) to the list of known hosts.
$ $ |
如果提示需要输入密码,则配置过程可能有问题,需要删除虚拟机和**重建。删除命令:
|
1
2
3
4
5
6
7
|
# source demo-openstack.sh # openstack server list +--------------------------------------+-------------------+--------+----------------------+| ID | Name | Status | Networks |+--------------------------------------+-------------------+--------+----------------------+| 26f724b8-ba5a-4886-94cb-bff046c28068 | provider-instance | ACTIVE | public=172.16.10.101 |+--------------------------------------+-------------------+--------+----------------------+ |
|
1
|
# openstack server delete provider-instance |
OpenStack控制台管理界面-Horizon
OpenStack的管理界面是由Horizon提供的,使用django编写。这个组件可以安装在任何节点上,无论是控制节点还是计算节点都可以对openstack进行管理,只要修改对应的配置即可。Horizon是不需要与数据库直接交流的。
安装软件包,并修改配置文件
# yum install -y openstack-dashboard
编辑文件 /etc/openstack-dashboard/local_settings 并完成如下动作:
允许所有主机访问仪表板
ALLOWED_HOSTS = ['*', ]
配置API版本:
|
1
2
3
4
5
6
|
OPENSTACK_API_VERSIONS = { # "data-processing": 1.1,
"identity": 3,
"volume": 2,
"compute": 2,
}
|
启用对域的支持:
|
1
|
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True |
通过仪表盘创建用户时的默认域配置为 default :
|
1
|
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'
|
在 controller 节点上配置仪表盘以使用 OpenStack 服务:
|
1
|
OPENSTACK_HOST = "172.16.10.50"
|
通过仪表盘创建的用户默认角色配置为 user :
|
1
|
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
|
启用第3版认证API:
|
1
|
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3.0" % OPENSTACK_HOST
|
如果您选择网络参数1,禁用支持3层网络服务,将下列配置选项全部改为False:
|
1
2
3
4
5
6
7
8
9
10
|
OPENSTACK_NEUTRON_NETWORK = { 'enable_router': False,
'enable_quotas': False,
'enable_ipv6': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_v*n': False,
'enable_fip_topology_check': False,
|
设置时区:
|
1
|
TIME_ZONE = "Asia/Shanghai"
|
重启web服务器以及会话存储服务:
|
1
|
systemctl restart httpd.service |
使用浏览器登录openstack,输入网址:http://172.16.10.50/dashboard/
域名为default, 可以使用admin 和demo登录。
提示:如果web界面无法登录,可以查看计算节点上的neutron.conf文件中是否删除了[nova]部分的配置。如果安装Horizon之后,httpd无法启动,执行yum remove openstack-dashboard,启动httpd.换其他节点重新安装Horizon,配置启动。
在dashboard上可以进行对虚拟机的管理操作。
OpenStack搭建过程故障排查
在基础环境的搭建过程中,由于步骤比较多,会出现各种问题,所以,当出现问题时我们可以通过以下方式来排查故障。
1、netstat -ntlp 确认服务与端口是否开启。
2、确保服务正常:
|
1
2
3
4
|
# source admin-openstack.sh # openstack service list# openstack endpoint list# openstack image list |
3、修改配置文件日志输出为debug模式,重启服务查看日志。
|
1
2
3
4
|
grep 'ERROR' /var/log/nova/*
grep 'ERROR' /var/log/neutron/*
grep 'ERROR' /var/log/glance/*
grep 'ERROR' /var/log/keystone/*
|
4、查看所有与openstack相关的配置文件,确保配置正确。检查防火墙,selinux,hosts文件主机名,同步时间。
本文转自 酥心糖 51CTO博客,原文链接:http://blog.51cto.com/tryingstuff/1867410