1. 创建虚拟网络
1.1 创建提供者网络(都在一个网段内)
1.在控制节点上,加载 admin 凭证(需使用admin权限来创建)
[root@linux-node1 ~]# source admin-openstack.sh
2.创建网络
#创建一个物理网卡为public(映射到eth0)的单一扁平网络flat,命名为public-net的 [root@linux-node1 ~]# neutron net-create --shared --provider:physical_network public --provider:network_type flat public-net Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2017-04-08T01:56:49 | | description | | | id | f3006de4-de03-4bec-af7f-40d3791b645e | | ipv4_address_scope | | | ipv6_address_scope | | | mtu | 1500 | | name | public-net #网络名称 | | port_security_enabled | True #端口安全打开 | | provider:network_type | flat #单一扁平网络 | | provider:physical_network | public #物理网卡 | | provider:segmentation_id | | | router:external | False | | shared | True | | status | ACTIVE #状态 | | subnets | | | tags | | | tenant_id | eac1d8e85417450bafe92987e5d56778 | | updated_at | 2017-04-08T01:56:49 | +---------------------------+--------------------------------------+ [root@linux-node1 ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | ab47f14a4ccf4f748f84d5100eb30300 | demo | | e5fbb037a631442db95f0f47acc5c576 | service | | eac1d8e85417450bafe92987e5d56778 | admin | +----------------------------------+---------+
3.查看网络
[root@linux-node1 ~]# neutron net-list +--------------------------------------+------------+---------+ | id | name | subnets | +--------------------------------------+------------+---------+ | f3006de4-de03-4bec-af7f-40d3791b645e | public-net | | +--------------------------------------+------------+---------+
4.在网络上创建一个子网
[root@linux-node1 ~]# neutron subnet-create --name public-subnet --allocation-pool start=192.168.56.100,end=192.168.56.200 --dns-nameserver 223.5.5.5 --gateway 192.168.56.2 public-net 192.168.56.0/24 #--name public-subnet:设定子网名称 #--allocation-pool start=192.168.56.100,end=192.168.56.200 #分配的地址池 #public-net 192.168.56.0/24 #提供者网络 Created a new subnet: +-------------------+------------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------------+ | allocation_pools | {"start": "192.168.56.100", "end": "192.168.56.200"} | | cidr | 192.168.56.0/24 | | created_at | 2017-04-08T02:07:09 | | description | | | dns_nameservers | 223.5.5.5 | | enable_dhcp | True | | gateway_ip | 192.168.56.2 | | host_routes | | | id | 0cf4b0dd-79de-44c4-be7c-ca6d8ee88f09 | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | public-subnet | | network_id | f3006de4-de03-4bec-af7f-40d3791b645e | | subnetpool_id | | | tenant_id | eac1d8e85417450bafe92987e5d56778 | | updated_at | 2017-04-08T02:07:09 | +-------------------+------------------------------------------------------+ [root@linux-node1 ~]# neutron net-list +--------------------------------------+------------+------------------------------------------------------+ | id | name | subnets | +--------------------------------------+------------+------------------------------------------------------+ | f3006de4-de03-4bec-af7f-40d3791b645e | public-net | 0cf4b0dd-79de-44c4-be7c-ca6d8ee88f09 192.168.56.0/24 | +--------------------------------------+------------+------------------------------------------------------+
2. 创建m1.nano规格的主机
2.1 默认的最小规格的主机需要512 MB内存。对于环境中计算节点内存不足4 GB的,我们推荐创建只需要64 MB的m1.nano规格的主机。若单纯为了测试的目的,请使用m1.nano规格的主机来加载CirrOS镜像。
[root@linux-node1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano #内存默认为M(可以改为G),磁盘空间默认为G, +----------------------------+---------+ | Field | Value | +----------------------------+---------+ | OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | disk | 1 | | id | 0 | | name | m1.nano | | os-flavor-access:is_public | True | | ram | 64 | | rxtx_factor | 1.0 | | swap | | | vcpus | 1 | +----------------------------+---------+
2.2 查看云主机类型规格
[root@linux-node1 ~]# openstack flavor list +----+-----------+-------+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+-----------+-------+------+-----------+-------+-----------+ | 0 | m1.nano | 64 | 1 | 0 | 1 | True | | 1 | m1.tiny | 512 | 1 | 0 | 1 | True | | 2 | m1.small | 2048 | 20 | 0 | 1 | True | | 3 | m1.medium | 4096 | 40 | 0 | 2 | True | | 4 | m1.large | 8192 | 80 | 0 | 4 | True | | 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True | +----+-----------+-------+------+-----------+-------+-----------+
3. 生成一个密钥对
3.1 大部分云镜像支持公共密钥认证而不是传统的密码认证。在启动实例前,你必须添加一个公共密钥到计算服务。
1.导入租户
demo的凭证[root@linux-node1 ~]# source demo-openstack.sh
2.生成和添加秘钥对
[root@linux-node1 ~]# ssh-keygen -q -N "" Enter file in which to save the key (/root/.ssh/id_rsa): #创建名称为mykey的openstack密钥对 [root@linux-node1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey +-------------+-------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------+ | fingerprint | 34:d5:71:98:78:5e:8c:be:fe:d8:e7:ee:4a:32:06:8d | | name | mykey | | user_id | d8a1029948b14dd2b5e7c1b6f43766de | +-------------+-------------------------------------------------+
3.验证公钥的添加
[root@linux-node1 ~]# openstack keypair list +-------+-------------------------------------------------+ | Name | Fingerprint | +-------+-------------------------------------------------+ | mykey | 34:d5:71:98:78:5e:8c:be:fe:d8:e7:ee:4a:32:06:8d | +-------+-------------------------------------------------+
4. 增加安全组规则
4.1 默认情况下, default安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像,我们推荐至少允许ICMP (ping) 和安全shell(SSH)规则。
添加规则到 default 安全组
允许 ICMP (ping)
[root@linux-node1 ~]# openstack security group rule create --proto icmp default +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | id | 491b09f4-d6dd-4a02-a64a-6b245e220a96 | | ip_protocol | icmp | | ip_range | 0.0.0.0/0 | | parent_group_id | f0e5a345-66a0-4b6d-a01d-cbe11888decd | | port_range | | | remote_security_group | | +-----------------------+--------------------------------------+
允许安全 shell (SSH) 的访问
[root@linux-node1 ~]# openstack security group rule create --proto tcp --dst-port 22 default +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | id | a8824dd3-e2f0-46e9-a602-dcdf4c4e3411 | | ip_protocol | tcp | | ip_range | 0.0.0.0/0 | | parent_group_id | f0e5a345-66a0-4b6d-a01d-cbe11888decd | | port_range | 22:22 | | remote_security_group | | +-----------------------+--------------------------------------+
5. 启动一个实例
5.1 启动一台实例,您必须至少指定一个类型、镜像名称、网络、安全组、密钥和实例名称。
一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储。
列出可用类型:
[root@linux-node1 ~]# openstack flavor list +----+-----------+-------+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+-----------+-------+------+-----------+-------+-----------+ | 0 | m1.nano | 64 | 1 | 0 | 1 | True | | 1 | m1.tiny | 512 | 1 | 0 | 1 | True | | 2 | m1.small | 2048 | 20 | 0 | 1 | True | | 3 | m1.medium | 4096 | 40 | 0 | 2 | True | | 4 | m1.large | 8192 | 80 | 0 | 4 | True | | 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True | +----+-----------+-------+------+-----------+-------+-----------+
列出可用镜像
[root@linux-node1 ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 258e0bf5-af6c-466d-9ef1-5f60bfadb39b | cirros | active | +--------------------------------------+--------+--------+
这个实例使用
cirros镜像。列出可用网络
[root@linux-node1 ~]# openstack network list +--------------------------------------+------------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+------------+--------------------------------------+ | f3006de4-de03-4bec-af7f-40d3791b645e | public-net | 0cf4b0dd-79de-44c4-be7c-ca6d8ee88f09 | +--------------------------------------+------------+--------------------------------------+
这个实例使用
public-net公有网络。 你必须使用ID而不是名称才可以使用这个网络。列出可用的安全组
[root@linux-node1 ~]# openstack security group list +--------------------------------------+---------+------------------------+----------------------------------+ | ID | Name | Description | Project | +--------------------------------------+---------+------------------------+----------------------------------+ | f0e5a345-66a0-4b6d-a01d-cbe11888decd | default | Default security group | ab47f14a4ccf4f748f84d5100eb30300 | +--------------------------------------+---------+------------------------+----------------------------------+
这个实例使用
default安全组。
5.2 创建实例
创建第一台虚拟机实例
[root@linux-node1 ~]# openstack server create --flavor m1.nano --image cirros --nic net-id=f3006de4-de03-4bec-af7f-40d3791b645e --security-group default --key-name mykey provider-instance +--------------------------------------+-----------------------------------------------+ | Field | Value | +--------------------------------------+-----------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-STS:power_state | 0 | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | None | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | | | adminPass | C6fhKuEPrR5V | | config_drive | | | created | 2017-04-09T08:19:10Z | | flavor | m1.nano (0) | | hostId | | | id | 937e0a08-23eb-4741-877b-077c941033fe | | image | cirros (258e0bf5-af6c-466d-9ef1-5f60bfadb39b) | | key_name | mykey | | name | provider-instance | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | project_id | ab47f14a4ccf4f748f84d5100eb30300 | | properties | | | security_groups | [{u'name': u'default'}] | | status | BUILD | | updated | 2017-04-09T08:19:12Z | | user_id | d8a1029948b14dd2b5e7c1b6f43766de | +--------------------------------------+-----------------------------------------------+
5.3 查看实例的状态
1.查看实例创建状态
[root@linux-node1 ~]# openstack server list +--------------------------------------+-------------------+--------+---------------------------+ | ID | Name | Status | Networks | +--------------------------------------+-------------------+--------+---------------------------+ | 937e0a08-23eb-4741-877b-077c941033fe | provider-instance | ACTIVE | public-net=192.168.56.101 | +--------------------------------------+-------------------+--------+---------------------------+
2.ssh免密钥登录
[root@linux-node1 ~]# ssh cirros@192.168.56.101 $ whoami cirros $ pwd /home/cirros
3.验证能否连接到互联网
$ ping -c 4 openstack.org PING openstack.org (162.242.140.107): 56 data bytes 64 bytes from 162.242.140.107: seq=0 ttl=128 time=196.063 ms 64 bytes from 162.242.140.107: seq=1 ttl=128 time=193.008 ms 64 bytes from 162.242.140.107: seq=2 ttl=128 time=194.733 ms 64 bytes from 162.242.140.107: seq=3 ttl=128 time=193.844 ms
5.4 使用虚拟控制台访问实例
1.获取你实例的
Virtual Network Computing (VNC)会话URL并从web浏览器访问它[root@linux-node1 ~]# openstack console url show provider-instance +-------+------------------------------------------------------------------------------------+ | Field | Value | +-------+------------------------------------------------------------------------------------+ | type | novnc | | url | http://192.168.56.11:6080/vnc_auto.html?token=d7c8a19c-8c52-48ae-849c-cc9e49b35aa2 | +-------+------------------------------------------------------------------------------------+ [root@linux-node1 ~]# lsof -i:6080 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME nova-novn 1073 nova 4u IPv4 21051 0t0 TCP *:6080 (LISTEN) nova-novn 8662 nova 4u IPv4 21051 0t0 TCP *:6080 (LISTEN) nova-novn 8662 nova 5u IPv4 42909 0t0 TCP linux-node1.example.com:6080->192.168.56.1:12477 (ESTABLISHED) nova-novn 8663 nova 4u IPv4 21051 0t0 TCP *:6080 (LISTEN) nova-novn 8663 nova 5u IPv4 42910 0t0 TCP linux-node1.example.com:6080->192.168.56.1:12478 (ESTABLISHED) nova-novn 8664 nova 4u IPv4 21051 0t0 TCP *:6080 (LISTEN) nova-novn 8664 nova 5u IPv4 42911 0t0 TCP linux-node1.example.com:6080->192.168.56.1:12483 (ESTABLISHED) nova-novn 8665 nova 4u IPv4 21051 0t0 TCP *:6080 (LISTEN) nova-novn 8665 nova 5u IPv4 42912 0t0 TCP linux-node1.example.com:6080->192.168.56.1:12484 (ESTABLISHED) nova-novn 8666 nova 4u IPv4 21051 0t0 TCP *:6080 (LISTEN) nova-novn 8666 nova 5u IPv4 42913 0t0 TCP linux-node1.example.com:6080->192.168.56.1:12485 (ESTABLISHED)
2.用浏览打开url操作虚机(需浏览器支持html5)
