为了验证之前的配置可以用命令创建虚拟机来测试
- Mysql:为个个服务提供数据存储
- RabbitMQ:为各个服务之间通信提供服务 #15672 5672
- KeyStone:为各个服务器之间通信提供认证和注册 #5000 35357(key admin)
- Glance:为虚拟机提供镜像管理 #9292 9191
- Nova:为虚拟机提供计算资源 #8774 8775
- Neutron:为虚拟机提供网络资源 #9696
创建提供者网络
在控制节点上,加载 admin 凭证来获取管理员能执行的命令访问权限:
[root@openstack-1 ~]# source admin-openstack
创建网络:
[root@openstack-1 ~]# neutron net-create --shared --provider:physical_network public --provider:network_type flat public neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2018-09-14T05:41:59Z | | description | | | id | f2b704c9-9dce-4f93-8ee5-19b591174c87 | | ipv4_address_scope | | | ipv6_address_scope | | | mtu | 1500 | | name | public | | port_security_enabled | True | | project_id | 7cdfaafe2cc1430e952da1fbabbe5d44 | | provider:network_type | flat | | provider:physical_network | public | | provider:segmentation_id | | | revision_number | 2 | | router:external | False | | shared | True | | status | ACTIVE | | subnets | | | tags | | | tenant_id | 7cdfaafe2cc1430e952da1fbabbe5d44 | | updated_at | 2018-09-14T05:41:59Z | +---------------------------+--------------------------------------+
检查:
[root@openstack-1 ~]# neutron net-list neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. +--------------------------------------+--------+----------------------------------+---------+ | id | name | tenant_id | subnets | +--------------------------------------+--------+----------------------------------+---------+ | f2b704c9-9dce-4f93-8ee5-19b591174c87 | public | 7cdfaafe2cc1430e952da1fbabbe5d44 | | +--------------------------------------+--------+----------------------------------+---------+
创建子网
[root@openstack-1 ~]# neutron subnet-create --name public \ > --allocation-pool start=192.168.10.100,end=192.168.10.200 \ > --dns-nameserver 114.114.114.114 --gateway 192.168.10.1 \ > public 192.168.10.0/24 neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Created a new subnet: +-------------------+------------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------------+ | allocation_pools | {"start": "192.168.10.100", "end": "192.168.10.200"} | | cidr | 192.168.10.0/24 | | created_at | 2018-09-14T05:49:57Z | | description | | | dns_nameservers | 114.114.114.114 | | enable_dhcp | True | | gateway_ip | 192.168.10.1 | | host_routes | | | id | 73c6980f-efde-4a15-b7f0-5b2bf4d021fc | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | public | | network_id | f2b704c9-9dce-4f93-8ee5-19b591174c87 | | project_id | 7cdfaafe2cc1430e952da1fbabbe5d44 | | revision_number | 0 | | service_types | | | subnetpool_id | | | tags | | | tenant_id | 7cdfaafe2cc1430e952da1fbabbe5d44 | | updated_at | 2018-09-14T05:49:57Z | +-------------------+------------------------------------------------------+ [root@openstack-1 ~]# neutron net-list neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. +--------------------------------------+--------+----------------------------------+------------------------------------------------------+ | id | name | tenant_id | subnets | +--------------------------------------+--------+----------------------------------+------------------------------------------------------+ | f2b704c9-9dce-4f93-8ee5-19b591174c87 | public | 7cdfaafe2cc1430e952da1fbabbe5d44 | 73c6980f-efde-4a15-b7f0-5b2bf4d021fc 192.168.10.0/24 | +--------------------------------------+--------+----------------------------------+------------------------------------------------------+
创建m1.nano规格的主机
默认的最小规格的主机需要512 MB内存。对于环境中计算节点内存不足4 GB的,我们推荐创建只需要64 MB的``m1.nano``规格的主机。若单纯为了测试的目的,请使用``m1.nano``规格的主机来加载CirrOS镜像
[root@openstack-1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano +----------------------------+---------+ | Field | Value | +----------------------------+---------+ | OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | disk | 1 | | id | 0 | | name | m1.nano | | os-flavor-access:is_public | True | | properties | | | ram | 64 | | rxtx_factor | 1.0 | | swap | | | vcpus | 1 | +----------------------------+---------+
生成一个键值对
导入租户``demo``的凭证
[root@openstack-1 ~]# source demo-openstack
生成和添加秘钥对:
[root@openstack-1 ~]# ssh-keygen -q -N "" Enter file in which to save the key (/root/.ssh/id_rsa): [root@openstack-1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey +-------------+-------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------+ | fingerprint | 6b:aa:74:e1:3c:55:f6:2b:15:ba:80:53:16:bf:57:cb | | name | mykey | | user_id | 48ecd31297544488bec6fd22ee4395ff | +-------------+-------------------------------------------------+
验证公钥的添加:
[root@openstack-1 ~]# openstack keypair list +-------+-------------------------------------------------+ | Name | Fingerprint | +-------+-------------------------------------------------+ | mykey | 6b:aa:74:e1:3c:55:f6:2b:15:ba:80:53:16:bf:57:cb | +-------+-------------------------------------------------+
增加安全组规则
默认情况下, ``default``安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像,我们推荐至少允许ICMP (ping) 和安全shell(SSH)规则。
-
添加规则到 default 安全组。
-
允许 ICMP (ping):
-
[root@openstack-1 ~]# openstack security group rule create --proto icmp default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2018-09-14T06:13:31Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | c1c04e77-c7b8-45ff-a40d-2c7fee450ae4 | | name | None | | port_range_max | None | | port_range_min | None | | project_id | 7742f4ce532a47a595156c0523e13467 | | protocol | icmp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | 35f544e5-ffce-420d-9de2-e430edb79745 | | updated_at | 2018-09-14T06:13:31Z | +-------------------+--------------------------------------+
-
允许安全 shell (SSH) 的访问:
-
[root@openstack-1 ~]# openstack security group rule create --proto tcp --dst-port 22 default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2018-09-14T06:14:18Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 9b907315-b952-48c1-a621-0b437d3a6cc8 | | name | None | | port_range_max | 22 | | port_range_min | 22 | | project_id | 7742f4ce532a47a595156c0523e13467 | | protocol | tcp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | 35f544e5-ffce-420d-9de2-e430edb79745 | | updated_at | 2018-09-14T06:14:18Z | +-------------------+--------------------------------------+
-
确定实例选项
列出可用类型:
[root@openstack-1 ~]# openstack flavor list +----+---------+-----+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+---------+-----+------+-----------+-------+-----------+ | 0 | m1.nano | 64 | 1 | 0 | 1 | True | +----+---------+-----+------+-----------+-------+-----------+
列出可用镜像:
[root@openstack-1 ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 15885367-e9a0-470d-a94c-881244594a80 | cirros | active | +--------------------------------------+--------+--------+
列出可用网络:(创建云主机ID会用到)
[root@openstack-1 ~]# openstack network list +--------------------------------------+--------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+--------+--------------------------------------+ | f2b704c9-9dce-4f93-8ee5-19b591174c87 | public | 73c6980f-efde-4a15-b7f0-5b2bf4d021fc | +--------------------------------------+--------+--------------------------------------+
列出可用的安全组:
[root@openstack-1 ~]# openstack security group list +--------------------------------------+---------+-------------+----------------------------------+ | ID | Name | Description | Project | +--------------------------------------+---------+-------------+----------------------------------+ | 35f544e5-ffce-420d-9de2-e430edb79745 | default | 缺省安全组 | 7742f4ce532a47a595156c0523e13467 | +--------------------------------------+---------+-------------+----------------------------------+
启动实例:
使用``provider``公有网络的ID替换``PUBLIC_NET_ID``。
[root@openstack-1 ~]# openstack server create --flavor m1.nano --image cirros \ > --nic net-id=f2b704c9-9dce-4f93-8ee5-19b591174c87 --security-group default \ > --key-name mykey provider-instance +-----------------------------+-----------------------------------------------+ | Field | Value | +-----------------------------+-----------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-STS:power_state | NOSTATE | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | None | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | | | adminPass | q8NEnytRQuk6 | | config_drive | | | created | 2018-09-14T06:21:04Z | | flavor | m1.nano (0) | | hostId | | | id | 29214fe1-661c-40a5-9dcb-f3e7dc9dfc68 | | image | cirros (15885367-e9a0-470d-a94c-881244594a80) | | key_name | mykey | | name | provider-instance | | progress | 0 | | project_id | 7742f4ce532a47a595156c0523e13467 | | properties | | | security_groups | name=\'35f544e5-ffce-420d-9de2-e430edb79745\' | | status | BUILD | | updated | 2018-09-14T06:21:05Z | | user_id | 48ecd31297544488bec6fd22ee4395ff | | volumes_attached | | +-----------------------------+-----------------------------------------------+