官方文档:
Launch an instance — Installation Guide documentation
如果neutron创建的时候使用的是provider network网络模型,只需要创建provider network,如果是使用的self-service network模型,两个都需要创建,
本例中的neutron是只使用了provider network
###注:虚拟机模板 flavor指的是同一类的虚拟机,比如,阿里云的ecs:
一,
创建虚拟机模板(在控制节点操作)
最小的默认风格每个实例消耗512 MB内存。对于计算节点包含少于4 GB内存的环境,我们建议创建m1.nano版本,每个实例只需要64 MB。(虚拟机创建的时候是使用宿主机的内存的)
[root@openstack1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano +----------------------------+---------+ | Field | Value | +----------------------------+---------+ | OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | disk | 1 | | id | 0 | | name | m1.nano | | os-flavor-access:is_public | True | | properties | | | ram | 64 | | rxtx_factor | 1.0 | | swap | | | vcpus | 1 | +----------------------------+---------+
创建其它类型的虚拟机模板:
openstack flavor create --id 1 --vcpus 1 --ram 1024 --disk 50 m1.tiny openstack flavor create --id 2 --vcpus 1 --ram 2048 --disk 500 m1.small openstack flavor create --id 3 --vcpus 2 --ram 4096 --disk 500 m1.medium openstack flavor create --id 4 --vcpus 4 --ram 8192 --disk 500 m1.large openstack flavor create --id 5 --vcpus 8 --ram 16384 --disk 500 m1.xlarge
查看创建的模板:
[root@openstack1 ~]# openstack flavor list +----+-----------+-------+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+-----------+-------+------+-----------+-------+-----------+ | 0 | m1.nano | 64 | 1 | 0 | 1 | True | | 1 | m1.tiny | 1024 | 50 | 0 | 1 | True | | 2 | m1.small | 2048 | 500 | 0 | 1 | True | | 3 | m1.medium | 4096 | 500 | 0 | 2 | True | | 4 | m1.large | 8192 | 500 | 0 | 4 | True | | 5 | m1.xlarge | 16384 | 500 | 0 | 8 | True | +----+-----------+-------+------+-----------+-------+-----------+
在dashboard里可以看到有这些实例模板了:
二,
创建秘钥对
###大部分云镜像支持功功秘钥认证而不是密码认证,也可以不创建,使用已有的公钥 ,本例中由于服务器都已经做过免密了,因此,是有公钥的,可以直接使用不需要创建,只是现在需要将密钥对上传到openstack内即可。
添加公钥到openstack秘钥系统
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
查看可用的公钥(验证公钥的添加)
openstack keypair list
以上命令输出如下:
[root@openstack1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey +-------------+-------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------+ | fingerprint | 2c:54:76:72:6f:e3:84:b9:ab:c1:35:04:1e:e3:83:a4 | | name | mykey | | user_id | 74bc206609e04092b698698d944e922a | +-------------+-------------------------------------------------+ [root@openstack1 ~]# openstack keypair list +-------+-------------------------------------------------+ | Name | Fingerprint | +-------+-------------------------------------------------+ | mykey | 2c:54:76:72:6f:e3:84:b9:ab:c1:35:04:1e:e3:83:a4 | +-------+-------------------------------------------------+
三,
创建安全组
# 默认情况下,每个项目都有其自己的default默认安全组,适用于所有项目中的实例并且包括拒绝远程访问实例的防火墙规则。
# 项目自身的管理员只可以管理自身项目中的安全组规则,admin管理员也无法管理其他项目的安全组规则
# 对诸如CirrOS这样的Linux镜像,建议至少允许ICMP (ping) 和安全shell(SSH)规则。
查看默认的安全组:
[root@openstack1 ~]# openstack security group list +--------------------------------------+---------+------------------------+----------------------------------+------+ | ID | Name | Description | Project | Tags | +--------------------------------------+---------+------------------------+----------------------------------+------+ | 2035d43a-0e81-4257-bd23-13af431b9f91 | default | Default security group | 205ce8addd9444c893bd62244bcdae78 | [] | +--------------------------------------+---------+------------------------+----------------------------------+------+ [root@openstack1 ~]# openstack security group rule list +--------------------------------------+-------------+----------+------------+--------------------------------------+--------------------------------------+ | ID | IP Protocol | IP Range | Port Range | Remote Security Group | Security Group | +--------------------------------------+-------------+----------+------------+--------------------------------------+--------------------------------------+ | 05d39ab4-839f-48f1-909f-61e8cddb4058 | None | None | | None | 2035d43a-0e81-4257-bd23-13af431b9f91 | | 202c2e77-6bc7-45ce-bea4-a6598170946c | None | None | | 2035d43a-0e81-4257-bd23-13af431b9f91 | 2035d43a-0e81-4257-bd23-13af431b9f91 | | 32b61bcc-44e3-4f9e-83ef-42835e76d182 | None | None | | None | 2035d43a-0e81-4257-bd23-13af431b9f91 | | 6937aca3-96a9-4e42-b44e-cb791886c096 | None | None | | 2035d43a-0e81-4257-bd23-13af431b9f91 | 2035d43a-0e81-4257-bd23-13af431b9f91 | +--------------------------------------+-------------+----------+------------+--------------------------------------+--------------------------------------+
由于默认安全组的名称是无法修改的,因此,给admin这个项目创建一个名称为admin的安全组,方便后面的使用:
openstack security group create --project admin admin
给刚才创建的安全组添加允许规则:
openstack security group rule create --proto tcp --dst-port 22 admin openstack security group rule create --proto icmp admin
输出如下:
#####注:可以看到名为admin的安全组已经有上面定义的规则了
[root@openstack1 ~]# openstack security group rule create --proto icmp default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2023-02-03T09:11:05Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 0efb90a0-7593-409a-896d-ce61132be4f6 | | name | None | | port_range_max | None | | port_range_min | None | | project_id | 205ce8addd9444c893bd62244bcdae78 | | protocol | icmp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | 2035d43a-0e81-4257-bd23-13af431b9f91 | | updated_at | 2023-02-03T09:11:05Z | +-------------------+--------------------------------------+ [root@openstack1 ~]# openstack security group rule create --proto tcp --dst-port 22 default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2023-02-03T09:11:17Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 18abe149-6bbb-498f-beaf-5cf74699e285 | | name | None | | port_range_max | 22 | | port_range_min | 22 | | project_id | 205ce8addd9444c893bd62244bcdae78 | | protocol | tcp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | 2035d43a-0e81-4257-bd23-13af431b9f91 | | updated_at | 2023-02-03T09:11:17Z | +-------------------+--------------------------------------+ [root@openstack1 ~]# openstack security group rule list admin +--------------------------------------+-------------+-----------+------------+-----------------------+ | ID | IP Protocol | IP Range | Port Range | Remote Security Group | +--------------------------------------+-------------+-----------+------------+-----------------------+ | 593c5221-9253-49e0-8c1d-e170d330791c | tcp | 0.0.0.0/0 | 22:22 | None | | 82405a6f-1f29-454c-8630-2e7663cb83a7 | None | None | | None | | 8f9a863a-1ba1-417c-a0e6-4b8aed44dee7 | None | None | | None | | aa9bc969-6feb-4673-b4c1-3dc0e79786b4 | icmp | 0.0.0.0/0 | | None | +--------------------------------------+-------------+-----------+------------+-----------------------+
在dashboard里也可以看到新增的安全组:
OK,第一阶段完成了,现在开始创建网络并通过新建的网络启动一个虚拟机实例了
四,
要启动实例,您必须至少指定虚拟机模板、镜像名称、网络、安全组、密钥和实例名称,而我们现在有虚拟机模板,镜像名称,安全组,秘钥了,只缺少一个完整可以用的网络
1,
创建一个可用的网络
官网文档:Provider network — Installation Guide documentation
openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
输出如下:
[root@openstack1 ~]# openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2023-02-03T09:26:01Z | | description | | | dns_domain | None | | id | 688a0356-4f2b-4029-b49e-a11bbdbedf0b | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | None | | is_vlan_transparent | None | | mtu | 1500 | | name | provider | | port_security_enabled | True | | project_id | 205ce8addd9444c893bd62244bcdae78 | | provider:network_type | flat | | provider:physical_network | provider | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 1 | | router:external | External | | segments | None | | shared | True | | status | ACTIVE | | subnets | | | tags | | | updated_at | 2023-02-03T09:26:01Z | +---------------------------+--------------------------------------+ [root@openstack1 ~]# openstack network list +--------------------------------------+----------+---------+ | ID | Name | Subnets | +--------------------------------------+----------+---------+ | 688a0356-4f2b-4029-b49e-a11bbdbedf0b | provider | | +--------------------------------------+----------+---------+
2,
创建子网
创建之前,先了解一下节点的网络,使用的是192.168.123.0网段,网关是192.168.123.2
因此,创建一个子网,网段是192.168.123.0/24 名称是net1
openstack subnet create --network provider --dhcp --subnet-range 192.168.123.0/24 --dns-nameserver 8.8.8.8 --gateway 192.168.123.2 net1
这样创建也是可以的(两个命令选一个使用不要同时使用引起混乱,通常使用net1这个命令即可),子网名称是net2:
openstack subnet create --network provider --no-dhcp --allocation-pool start=192.168.123.210,end=192.168.123.220 --dns-nameserver 8.8.8.8 --gateway 192.168.123.2 --subnet-range 192.168.123.0/24 net2
查看子网:
[root@openstack1 ~]# openstack subnet list +--------------------------------------+------+--------------------------------------+------------------+ | ID | Name | Network | Subnet | +--------------------------------------+------+--------------------------------------+------------------+ | 17020ff3-5fa3-4000-a2ac-cc29b2bba580 | net2 | 688a0356-4f2b-4029-b49e-a11bbdbedf0b | 192.168.123.0/24 | +--------------------------------------+------+--------------------------------------+------------------+
在dashboard里也可以看到网络拓扑了:
五,
启动虚拟机实例
688a0356-4f2b-4029-b49e-a11bbdbedf0b是网络的ID,子网两个是一致的,网络名称是provider
[root@openstack1 ~]# openstack network list +--------------------------------------+----------+----------------------------------------------------------------------------+ | ID | Name | Subnets | +--------------------------------------+----------+----------------------------------------------------------------------------+ | 688a0356-4f2b-4029-b49e-a11bbdbedf0b | provider | 14047a4d-befd-4a48-9078-1bfc14e77d75, d211a7a1-1622-4454-9ee9-b51fa13cd158 | +--------------------------------------+----------+----------------------------------------------------------------------------+ [root@openstack1 ~]# openstack subnet list +--------------------------------------+-------------------+--------------------------------------+------------------+ | ID | Name | Network | Subnet | +--------------------------------------+-------------------+--------------------------------------+------------------+ | 14047a4d-befd-4a48-9078-1bfc14e77d75 | provider-subnet01 | 688a0356-4f2b-4029-b49e-a11bbdbedf0b | 192.168.123.0/24 | | d211a7a1-1622-4454-9ee9-b51fa13cd158 | provider-subnet02 | 688a0356-4f2b-4029-b49e-a11bbdbedf0b | 192.168.1.0/24 | +--------------------------------------+-------------------+--------------------------------------+------------------+
查看image的名称:
[root@openstack1 ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 867784df-9090-4ae0-ad25-564b941cc350 | cirros | active | +--------------------------------------+--------+--------+
可以使用网络名称和 ID 创建虚拟机,如果只有一个网络也可以不使用 --nic 选项
openstack server create --flavor m1.nano --image cirros --nic net-id=688a0356-4f2b-4029-b49e-a11bbdbedf0b --security-group default --key-name mykey cirros-01 openstack server create --flavor m1.nano --image cirros --nic net-id=provider --security-group default --key-name mykey cirros-02 openstack server create --flavor m1.nano --image cirros --security-group admin --key-name mykey cirros-03
启动虚拟机实例后,查看实例状态:
[root@openstack1 ~]# openstack server list +--------------------------------------+-----------+--------+--------------------------+--------+---------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+-----------+--------+--------------------------+--------+---------+ | a783fcb5-8f65-40b7-9b50-6ad6f131d678 | cirros-02 | ACTIVE | provider=192.168.123.151 | cirros | m1.nano | | 4e3016e2-da29-47e7-b80f-24129daf6dab | cirros-01 | ACTIVE | provider=192.168.123.152 | cirros | m1.nano | +--------------------------------------+-----------+--------+--------------------------+--------+---------+
期间,由于是在虚拟机内部署的openstack,虚拟机并不能正常启动,截图如下:
解决方案为:直接修改image的属性,调整硬盘属性为ide,网卡为e1000,再次重新运行虚拟机成功进入系统。
openstack image set --property hw_disk_bus=ide --property hw_vif_model=e1000 867784df-9090-4ae0-ad25-564b941cc350 #再次创建虚拟机03 openstack server create --flavor m1.nano --image cirros --security-group admin --key-name mykey cirros-03
而dashboard的虚拟机vnc控制台不太好用,因此,使用另一个vnc:
openstack console url show cirros-03
输出如下;
[root@openstack1 ~]# openstack console url show cirros-03 +-------+-------------------------------------------------------------------------------------------+ | Field | Value | +-------+-------------------------------------------------------------------------------------------+ | type | novnc | | url | http://openstack1:6080/vnc_auto.html?path=%3Ftoken%3D00398712-e0da-4a77-9cd4-e8d8f7acbbb2 |
打开浏览器,直接输入查询到的网址即可进入控制台:
账号是:cirros,密码是cubswin:)
虚拟机的操作如下:
server add fixed ip server add floating ip server add network server add port server add security group server add volume server backup create server create server delete server dump create server event list server event show server group create server group delete server group list server group show server image create server list server lock server migrate server pause server reboot server rebuild server remove fixed ip server remove floating ip server remove network server remove port server remove security group server remove volume server rescue server resize server restore server resume server set server shelve server show server ssh server start server stop server suspend server unlock server unpause server unrescue server unset server unshelve service create service delete service list service provider create service provider delete service provider list service provider set service provider show service set service show
例如,重启cirros-02:
openstack server reboot cirros-02
在dashboard上,可以看到虚拟机实例的详细情况:
当然,命令行也可以查看虚拟机实例详情:
[root@openstack1 ~]# openstack server show cirros-02 +-------------------------------------+----------------------------------------------------------+ | Field | Value | +-------------------------------------+----------------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-SRV-ATTR:host | openstack2 | | OS-EXT-SRV-ATTR:hypervisor_hostname | openstack2 | | OS-EXT-SRV-ATTR:instance_name | instance-00000003 | | OS-EXT-STS:power_state | Running | | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | active | | OS-SRV-USG:launched_at | 2023-02-03T10:14:13.000000 | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | provider=192.168.123.151 | | config_drive | | | created | 2023-02-03T10:14:05Z | | flavor | m1.nano (0) | | hostId | c551409c33f8c7eb69e693e25b7f3bf12b97942737e26140d6326c26 | | id | a783fcb5-8f65-40b7-9b50-6ad6f131d678 | | image | cirros (867784df-9090-4ae0-ad25-564b941cc350) | | key_name | mykey | | name | cirros-02 | | progress | 0 | | project_id | 205ce8addd9444c893bd62244bcdae78 | | properties | | | status | ACTIVE | | updated | 2023-02-03T11:05:15Z | | user_id | 74bc206609e04092b698698d944e922a | | volumes_attached | | +-------------------------------------+----------------------------------------------------------+
六,
启动一个完整的Linux虚拟机实例
Linux版的云虚拟机镜像下载地址:CentOS Cloud images
我下载的是CentOS-7-x86_64-GenericCloud-1508.qcow2.xz
将此镜像上传到控制节点后,在上传到glance服务内:
xz -d CentOS-7-x86_64-GenericCloud-1508.qcow2.xz #解压镜像文件 openstack image create "Centos7" --file CentOS-7-x86_64-GenericCloud-1508.qcow2 --disk-format qcow2 --container-format bare --public #上传到glance服务内 openstack image set --property hw_disk_bus=ide Centos7 #修改镜像格式,消除上面提到的bug。200984db-d793-4a1b-808a-5c78fd0028f7是通过openstack image list 命令查询出来的ID号 openstack server create --flavor m1.tiny --image Centos7 --security-group admin --key-name mykey centos1 #创建云虚拟机,虚拟机名称是centos1 openstack console url show centos1 #获取web版vnc连接
但这有一个问题,此镜像的root密码是没有地方获取的,因此,该镜像还需要修改,设置root密码后在上传到openstack内。
那么,下一个章节就讲述如何定制镜像,并通过openstack发布各种版本的镜像,例如,Windows