检查
在进行实例的启动的时候,我们要先确认各个服务是否都启动了,可以通过下面的命令来看端口和服务是否启动
|
1
2
|
1、
ps
aux|
grep
python
2、
netstat
-lntup
|
检查镜像服务
|
1
2
3
4
5
6
|
[root@linux-node1 ~]
# openstack image list
^L+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 63d8947e-5224-40b6-92e5-8c939e75d45e | cirros | active |
+--------------------------------------+--------+--------+
|
创建网络
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
[root@linux-node1 ~]
# openstack network create --share --provider-physical-network public --provider-network-type flat public
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2017-01-02T21:19:16Z |
| description | |
| headers | |
|
id
| 7f7b08e7-ea61-433f-bb3d-6195d893558e |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| mtu | 1500 |
| name | public |
| port_security_enabled | True |
| project_id | 7ae0fb7deb5342d885a07c2c890a1ff4 |
| project_id | 7ae0fb7deb5342d885a07c2c890a1ff4 |
| provider:network_type | flat |
| provider:physical_network | public |
| provider:segmentation_id | None |
| revision_number | 3 |
| router:external | Internal |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | [] |
| updated_at | 2017-01-02T21:19:16Z |
+---------------------------+--------------------------------------+
|
查看网络
|
1
2
3
4
5
6
|
[root@linux-node1 ~]
# openstack network list
+--------------------------------------+--------+---------+
| ID | Name | Subnets |
+--------------------------------------+--------+---------+
| 7f7b08e7-ea61-433f-bb3d-6195d893558e | public | |
+--------------------------------------+--------+---------+
|
创建子网
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
[root@linux-node1 ~]
# openstack subnet create --network public --allocation-pool start=192.168.56.100,end=192.168.56.200 --dns-nameserver 192.168.56.2 --gateway 102.168.56.2 --subnet-range 192.168.56.0/24 public-subnet
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 192.168.56.100-192.168.56.200 |
| cidr | 192.168.56.0
/24
|
| created_at | 2017-01-02T21:26:06Z |
| description | |
| dns_nameservers | 192.168.56.2 |
| enable_dhcp | True |
| gateway_ip | 102.168.56.2 |
| headers | |
| host_routes | |
|
id
| 422abca4-ac78-400f-aa7c-2296c69a1643 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | public-subnet |
| network_id | 7f7b08e7-ea61-433f-bb3d-6195d893558e |
| project_id | 7ae0fb7deb5342d885a07c2c890a1ff4 |
| project_id | 7ae0fb7deb5342d885a07c2c890a1ff4 |
| revision_number | 2 |
| service_types | [] |
| subnetpool_id | None |
| updated_at | 2017-01-02T21:26:06Z |
+-------------------+--------------------------------------+
|
子网检查
|
1
2
3
4
5
6
7
8
9
10
11
12
|
[root@linux-node1 ~]
# neutron subnet-list
+--------------------------------------+---------------+-----------------+------------------------------------------------------+
|
id
| name | cidr | allocation_pools |
+--------------------------------------+---------------+-----------------+------------------------------------------------------+
| 422abca4-ac78-400f-aa7c-2296c69a1643 | public-subnet | 192.168.56.0
/24
| {
"start"
:
"192.168.56.100"
,
"end"
:
"192.168.56.200"
} |
+--------------------------------------+---------------+-----------------+------------------------------------------------------+
[root@linux-node1 ~]
# openstack subnet list
+--------------------------------------+---------------+--------------------------------------+-----------------+
| ID | Name | Network | Subnet |
+--------------------------------------+---------------+--------------------------------------+-----------------+
| 422abca4-ac78-400f-aa7c-2296c69a1643 | public-subnet | 7f7b08e7-ea61-433f-bb3d-6195d893558e | 192.168.56.0
/24
|
+--------------------------------------+---------------+--------------------------------------+-----------------+
|
创建虚拟类型、只能定义不能选
创建mi.nano类型
默认的最小规格的主机需要512 MB内存。对于环境中计算节点内存不足4 GB的,我们推荐创建只需要64 MB的``m1.nano``规格的主机。若单纯为了测试的目的,请使用``m1.nano``规格的主机来加载CirrOS镜像
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@linux-node1 ~]
# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
|
id
| 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| properties | |
|
ram
| 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
|
生成一个键值对
大部分云镜像支持 :term:`public key authentication`而不是传统的密码登陆。在启动实例前,你必须添加一个公共密钥到计算服务。
导入``demo``项目凭证
|
1
2
3
4
5
6
7
8
9
10
|
[root@linux-node1 ~]
# . demo-openstack
[root@linux-node1 ~]
# cat demo-openstack
export
OS_PROJECT_DOMAIN_NAME=default
export
OS_USER_DOMAIN_NAME=default
export
OS_PROJECT_NAME=demo
export
OS_USERNAME=demo
export
OS_PASSWORD=demo
export
OS_AUTH_URL=http:
//192
.168.56.11:5000
/v3
export
OS_IDENTITY_API_VERSION=3
export
OS_IMAGE_API_VERSION=2
|
2. 生成和添加秘钥对:
|
1
2
3
4
5
6
7
8
9
10
11
|
[root@linux-node1 ~]
# ssh-keygen -q -N ""
Enter
file
in
which
to save the key (
/root/
.
ssh
/id_rsa
):
[root@linux-node1 ~]
#
[root@linux-node1 ~]
# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | e9:a3:e6:4c:97:73:12:25:ea:8e:39:ea:a0:d5:d2:e6 |
| name | mykey |
| user_id | f0c69bad72b54e0daef92c2295425932 |
+-------------+-------------------------------------------------+
|
另外,你可以跳过执行 ssh-keygen 命令而使用已存在的公钥。
3. 验证公钥的添加
|
1
2
3
4
5
6
|
[root@linux-node1 ~]
# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | e9:a3:e6:4c:97:73:12:25:ea:8e:39:ea:a0:d5:d2:e6 |
+-------+-------------------------------------------------+
|
增加安全组规则
默认情况下, ``default``安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像,我们推荐至少允许ICMP (ping) 和安全shell(SSH)规则。
添加规则到
default安全组。Permit ICMP (ping):
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
[root@linux-node1 ~]
# openstack security group rule create --proto icmp default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2017-01-02T21:44:26Z |
| description | |
| direction | ingress |
| ethertype | IPv4 |
| headers | |
|
id
| b4f7536d-86f1-491e-b167-069a09507e2b |
| port_range_max | None |
| port_range_min | None |
| project_id | 9b913d25891849baa55b21d837e9b63d |
| project_id | 9b913d25891849baa55b21d837e9b63d |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0
/0
|
| revision_number | 1 |
| security_group_id | be5584d7-7e14-4bc9-a74c-109f216b09c4 |
| updated_at | 2017-01-02T21:44:26Z |
+-------------------+--------------------------------------+
|
允许安全 shell (SSH) 的访问:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
[root@linux-node1 ~]
# openstack security group rule create --proto tcp --dst-port 22 default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2017-01-02T21:46:29Z |
| description | |
| direction | ingress |
| ethertype | IPv4 |
| headers | |
|
id
| 4572dc39-6723-49f7-9556-c0f90ca7cc96 |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 9b913d25891849baa55b21d837e9b63d |
| project_id | 9b913d25891849baa55b21d837e9b63d |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0
/0
|
| revision_number | 1 |
| security_group_id | be5584d7-7e14-4bc9-a74c-109f216b09c4 |
| updated_at | 2017-01-02T21:46:29Z |
+-------------------+--------------------------------------+
[root@linux-node1 ~]
#
|
启动一个实例
如果选择网络选项1,你只能在公网创建实例。如果选择网络选项2,你可以在公网或私网创建实例。
确定实例选项
启动一台实例,您必须至少指定一个类型、镜像名称、网络、安全组、密钥和实例名称。
在控制节点上,获得
admin凭证来获取只有管理员能执行的命令的访问权限:
|
1
|
root@linux-node1 ~]
# . demo-openstack
|
2 .一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储。
列出可用类型:
|
1
2
3
4
5
6
|
[root@linux-node1 ~]
# openstack flavor list
+----+---------+-----+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+---------+-----+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
+----+---------+-----+------+-----------+-------+-----------+
|
您也可以以 ID 引用类型。
3. 列出可用镜像:(这个实例使用``cirros``镜像。)
|
1
2
3
4
5
6
|
[root@linux-node1 ~]
# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 63d8947e-5224-40b6-92e5-8c939e75d45e | cirros | active |
+--------------------------------------+--------+--------+
|
4.列出可用网络:
|
1
2
3
4
5
6
|
[root@linux-node1 ~]
# openstack network list
+--------------------------------------+--------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+--------+--------------------------------------+
| 7f7b08e7-ea61-433f-bb3d-6195d893558e | public | 422abca4-ac78-400f-aa7c-2296c69a1643 |
+--------------------------------------+--------+--------------------------------------+
|
这个实例使用 ``provider``公有网络。 你必须使用ID而不是名称才可以使用这个网络。如果你选择选项2,输出信息应该也包含私网``selfservice``的信息。
5. 列出可用的安全组:
|
1
2
3
4
5
|
[root@linux-node1 ~]
# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| be5584d7-7e14-4bc9-a74c-109f216b09c4 | default | Default security group | 9b913d25891849baa55b21d837e9
|
启动云主机
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
[root@linux-node1 ~]
# openstack server create --flavor m1.nano --image cirros \
> --nic net-
id
=7f7b08e7-ea61-433f-bb3d-6195d893558e --security-group default \
> --key-name mykey demo-instance
+--------------------------------------+-----------------------------------------------+
| Field | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | vLpymTa8sfzK |
| config_drive | |
| created | 2017-01-02T22:01:06Z |
| flavor | m1.nano (0) |
| hostId | |
|
id
| f0778b83-e6f9-41f4-a514-dffe86aff6aa |
| image | cirros (63d8947e-5224-40b6-92e5-8c939e75d45e) |
| key_name | mykey |
| name | demo-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 9b913d25891849baa55b21d837e9b63d |
| properties | |
| security_groups | [{u
'name'
: u
'default'
}] |
| status | BUILD |
| updated | 2017-01-02T22:01:07Z |
| user_id | f0c69bad72b54e0daef92c2295425932 |
+--------------------------------------+-----------------------------------------------+
|
检查实例状态
|
1
2
3
4
5
6
|
[root@linux-node1 ~]
# openstack server list
+--------------------------------------+---------------+--------+-----------------------+------------+
| ID | Name | Status | Networks | Image Name |
+--------------------------------------+---------------+--------+-----------------------+------------+
| f0778b83-e6f9-41f4-a514-dffe86aff6aa | demo-instance | ACTIVE | public=192.168.56.104 | cirros |
+--------------------------------------+---------------+--------+-----------------------+------------+
|
使用虚拟控制台访问实例
获取你势力的 Virtual Network Computing (VNC) 会话URL并从web浏览器访问它:
|
1
2
3
4
5
6
7
|
[root@linux-node1 ~]
# openstack console url show demo-instance
+-------+------------------------------------------------------------------------------------+
| Field | Value |
+-------+------------------------------------------------------------------------------------+
|
type
| novnc |
| url | http:
//192
.168.56.11:6080
/vnc_auto
.html?token=c88bb128-97de-4a48-bb96-3f97023b3e6e |
+-------+------------------------------------------------------------------------------------+
|
验证能否ping通公有网络的网关:
验证ping外网
这里出现一个小bug,ping不同外网,
添加一条默认路由就可以了
route add default gw 192.168.56.2
本文转自 kesungang 51CTO博客,原文链接:http://blog.51cto.com/sgk2011/1888696,如需转载请自行联系原作者
