1.启动一个虚拟机实例
这部分操作在控制节点上使用命令行(CLI)工具
网络选项1:提供者网络-概述
网络选项1: 提供者网络-连接性
1.1创建虚拟网络
1.在控制节点上,加载 admin 凭证来获取管理员能执行的命令访问权限
[root@controller ~]# source admin-openrc
2.创建共享网络
[root@controller ~]# neutron net-create --shared --provider:physical_network provider \ --provider:network_type flat provider Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2018-07-17T21:34:40 | | description | | | id | ccdabe25-777b-4ca1-bc03-98789950cd7d | | ipv4_address_scope | | | ipv6_address_scope | | | mtu | 1500 | | name | provider | | port_security_enabled | True | | provider:network_type | flat | | provider:physical_network | provider | | provider:segmentation_id | | | router:external | False | | shared | True | | status | ACTIVE | | subnets | | | tags | | | tenant_id | 61cd0cf561bb47fdbfc903f6fb53e623 | | updated_at | 2018-07-17T21:34:40 | +---------------------------+--------------------------------------+
--shared
表示允许所有的项目使用该网络
3.创建子网
对创建的网络建立子网,名称为:subnet-create provider
,并设置dhcp分配地址段、网关以及DNS
[root@controller ~]# neutron subnet-create --name provider \ --allocation-pool start=118.190.201.100,end=118.190.201.250 \ --dns-nameserver 223.5.5.5 --gateway 118.190.201.2 \ provider 118.190.201.0/24 Created a new subnet: +-------------------+--------------------------------------------------------+ | Field | Value | +-------------------+--------------------------------------------------------+ | allocation_pools | {"start": "118.190.201.100", "end": "118.190.201.250"} | | cidr | 118.190.201.0/24 | | created_at | 2018-07-17T21:48:33 | | description | | | dns_nameservers | 223.5.5.5 | | enable_dhcp | True | | gateway_ip | 118.190.201.2 | | host_routes | | | id | 40ccd332-3f7d-4264-a329-fc0ea72d8db3 | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | provider | | network_id | ccdabe25-777b-4ca1-bc03-98789950cd7d | | subnetpool_id | | | tenant_id | 61cd0cf561bb47fdbfc903f6fb53e623 | | updated_at | 2018-07-17T21:48:33 | +-------------------+--------------------------------------------------------+
4.验证创建网络
[root@controller ~]# neutron net-list +--------------------------------------+----------+-------------------------------------------------------+ | id | name | subnets | +--------------------------------------+----------+-------------------------------------------------------+ | ccdabe25-777b-4ca1-bc03-98789950cd7d | provider | 40ccd332-3f7d-4264-a329-fc0ea72d8db3 118.190.201.0/24 | +--------------------------------------+----------+-------------------------------------------------------+
1.2创建m1.nano
规格的主机
默认的最小规格的主机需要512 MB内存。对于环境中计算节点内存不足4 GB的,我们推荐创建只需要64 MB的“m1.nano“规格的主机。若单纯为了测试的目的,请使用“m1.nano“规格的主机来加载CirrOS镜像
[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
1.3生成密钥对
大部分云镜像支持公共密钥认证而不是传统的密码认证。在启动实例前,你必须添加一个公共密钥到计算服务
1.使用 demo
权限
[root@controller ~]# source demo-openrc
2.生成和添加秘钥对
[root@controller ~]# ssh-keygen -q -N "" -f /root/.ssh/id_rsa
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | be:77:84:9d:61:38:15:58:3d:3d:63:cb:0a:79:ef:84 |
| name | mykey |
| user_id | 1273330670a44844b1726a0d49d16ebf |
+-------------+-------------------------------------------------+
##如果已有密钥,则可以不使用 ssh-keygen
重新生成 nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey
3.验证公钥的添加
[root@controller ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | be:77:84:9d:61:38:15:58:3d:3d:63:cb:0a:79:ef:84 |
+-------+-------------------------------------------------+
1.4增加安全组规则
默认情况下, “default“安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像,我们推荐至少允许ICMP (ping) 和安全shell(SSH)规则。
1.添加规则到 default 安全组
- 允许 ICMP (ping):
[root@controller ~]# openstack security group rule create --proto icmp default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 1538459a-9336-4d45-b56b-e140ee96efef |
| ip_protocol | icmp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | c7c080db-ac7e-4437-923e-c94cd3bdabee |
| port_range | |
| remote_security_group | |
+-----------------------+--------------------------------------+
- 允许安全 shell (SSH) 的访问:
[root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | id | e36ad58d-7530-4814-b9d7-153351533742 | | ip_protocol | tcp | | ip_range | 0.0.0.0/0 | | parent_group_id | c7c080db-ac7e-4437-923e-c94cd3bdabee | | port_range | 22:22 | | remote_security_group | | +-----------------------+--------------------------------------+
1.5启动虚拟机实例
启动一台实例,您必须至少指定一个类型、镜像名称、网络、安全组、密钥和实例名称。
1.在控制器节点获取demo用户凭据来访问命令
[root@controller ~]# source demo-openrc
2.一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储
列出可选类型:
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
这个实例使用“m1.tiny“规格的主机。如果你创建了“m1.nano“这种主机规格,使用“m1.nano“来代替“m1.tiny“。
#注释说明:
您也可以以 ID 引用类型
3.列出可用镜像
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 3c354a84-68ef-4123-aa78-a7cde30279e5 | cirros | active |
+--------------------------------------+--------+--------+
这个实例使用“cirros“镜像。
4.列出可用网络
[root@controller ~]# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| ccdabe25-777b-4ca1-bc03-98789950cd7d | provider | 40ccd332-3f7d-4264-a329-fc0ea72d8db3 |
+--------------------------------------+----------+--------------------------------------+
这个实例使用 “provider“公有网络。 你必须使用ID而不是名称才可以使用这个网络。
5.列出可用的安全组
[root@controller ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| c7c080db-ac7e-4437-923e-c94cd3bdabee | default | Default security group | 52f15bb8a62f4d31b39e834dd7906f05 |
+--------------------------------------+---------+------------------------+----------------------------------+
这个实例使用 default 安全组。
6.创建实例及启动
其中net-id请填写自己的实际ID,使用命令openstack network list
列出provider的ID写入即可
[root@controller ~]# openstack server create --flavor m1.nano --image cirros \ --nic net-id=ccdabe25-777b-4ca1-bc03-98789950cd7d --security-group default \ --key-name mykey provider-instance +--------------------------------------+-----------------------------------------------+ | Field | Value | +--------------------------------------+-----------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-STS:power_state | 0 | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | None | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | | | adminPass | LMULm7G5gDu8 | | config_drive | | | created | 2018-07-20T17:11:09Z | | flavor | m1.nano (0) | | hostId | | | id | 15d23df4-2da6-415d-8563-9cc7a2e8963c | | image | cirros (3c354a84-68ef-4123-aa78-a7cde30279e5) | | key_name | mykey | | name | provider-instance | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | project_id | 52f15bb8a62f4d31b39e834dd7906f05 | | properties | | | security_groups | [{u'name': u'default'}] | | status | BUILD | | updated | 2018-07-20T17:11:10Z | | user_id | 1273330670a44844b1726a0d49d16ebf | +--------------------------------------+-----------------------------------------------+
1.检查实例的状态
[root@controller ~]# openstack server list
+--------------------------------------+-------------------+--------+--------------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------------------+--------+--------------------------+
| 15d23df4-2da6-415d-8563-9cc7a2e8963c | provider-instance | ACTIVE | provider=118.190.201.101 |
+--------------------------------------+-------------------+--------+--------------------------+
当构建过程完全成功后,状态会从 BUILD``变为``ACTIVE。
7.使用虚拟控制台访问实例
[root@controller ~]# openstack console url show provider-instance
+-------+---------------------------------------------------------------------------------+
| Field | Value |
+-------+---------------------------------------------------------------------------------+
| type | novnc |
| url | http://controller:6080/vnc_auto.html?token=18e1b9c8-cfcf-4690-bf9a-2bfbaf1a1c67 |
+-------+---------------------------------------------------------------------------------+
如果你运行浏览器的主机无法解析“controller“ 主机名,你可以将 “controller“替换为你控制节点管理网络的IP地址
1.浏览器登录之后进行验证
验证能否ping通公有网络的网关
[root@controller ~]# ssh cirros@118.190.201.102
The authenticity of host '118.190.201.102 (118.190.201.102)' can't be established.
RSA key fingerprint is 14:37:d6:3b:56:6c:52:a7:e3:a7:20:e3:e8:0a:92:cc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '118.190.201.102' (RSA) to the list of known hosts.
$ ifconfig
eth0 Link encap:Ethernet HWaddr FA:16:3E:FC:31:A4
inet addr:118.190.201.102 Bcast:118.190.201.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fefc:31a4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:107 errors:0 dropped:0 overruns:0 frame:0
TX packets:135 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:14710 (14.3 KiB) TX bytes:14446 (14.1 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
2.验证能否ping通公有网络的网关
##ping网关
$ ping 118.190.201.2
PING 118.190.201.2 (118.190.201.2): 56 data bytes
64 bytes from 118.190.201.2: seq=0 ttl=128 time=2.265 ms
64 bytes from 118.190.201.2: seq=1 ttl=128 time=0.854 ms
64 bytes from 118.190.201.2: seq=2 ttl=128 time=1.028 ms
^C
--- 118.190.201.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.854/1.382/2.265 ms
3.验证控制节点或者其他公有网络上的主机能否ping通实例
$ ping 118.190.201.11 PING 118.190.201.11 (118.190.201.11): 56 data bytes 64 bytes from 118.190.201.11: seq=0 ttl=64 time=2.185 ms 64 bytes from 118.190.201.11: seq=1 ttl=64 time=0.949 ms ^C --- 118.190.201.11 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.949/1.567/2.185 ms $ ping 118.190.201.31 PING 118.190.201.31 (118.190.201.31): 56 data bytes 64 bytes from 118.190.201.31: seq=0 ttl=64 time=2.120 ms 64 bytes from 118.190.201.31: seq=1 ttl=64 time=0.643 ms ^C --- 118.190.201.31 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.643/1.381/2.120 ms
4.验证能否连接到互联网
$ ping www.baidu.com PING www.baidu.com (14.215.177.38): 56 data bytes 64 bytes from 14.215.177.38: seq=0 ttl=128 time=17.020 ms 64 bytes from 14.215.177.38: seq=1 ttl=128 time=18.491 ms ^C --- www.baidu.com ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 17.020/17.755/18.491 ms
Get busy living or get busy dying. 努力活出精彩的人生,否则便如行尸走肉
- 转载请注明来源:OpenSTack系列七之新建实例
- 本文永久链接地址:https://www.xionghaier.cn/archives/554.html