一:Openstack 准备
1.1:创建 Openstack 实验网络(提供者网络)
1.1.1:导入 admin 凭证
]# source admin-ocata.sh
1.1.2:创建提供者网络
- 内部网络 test-net(内部局域网):
[root@node101 ~]# openstack network create --share --external --provider-physical-network internal --provider-network-type flat test-net
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-11-16T03:45:42Z |
| description | |
| dns_domain | None |
| id | f2e6619e-c7dd-445c-91a6-024f34e37719 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| mtu | 1500 |
| name | test-net |
| port_security_enabled | True |
| project_id | acac1eb6c81540429c3323084bed23d9 |
| provider:network_type | flat |
| provider:physical_network | internal |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 4 |
| router:external | External |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | |
| updated_at | 2020-11-16T03:45:42Z |
+---------------------------+--------------------------------------+
- 外部网络 external-net(可连接互联网):
[root@node101 ~]# openstack network create --share --external --provider-physical-network external --provider-network-type flat external-net
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-11-16T08:11:59Z |
| description | |
| dns_domain | None |
| id | 7356155c-9e74-463f-a93a-73f625640e8f |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| mtu | 1500 |
| name | external-net |
| port_security_enabled | True |
| project_id | acac1eb6c81540429c3323084bed23d9 |
| provider:network_type | flat |
| provider:physical_network | external |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 4 |
| router:external | External |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | |
| updated_at | 2020-11-16T08:11:59Z |
+---------------------------+--------------------------------------+
1.1.3:在网络上创建子网
- 内部子网 test-sub:
[root@node101 ~]# openstack subnet create --network test-net \
--allocation-pool start=172.16.1.221,end=172.16.1.230 \
--dns-nameserver 172.16.1.253 --gateway 172.16.1.1 \
--subnet-range 172.16.1.0/24 test-sub
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 172.16.1.221-172.16.1.230 |
| cidr | 172.16.1.0/24 |
| created_at | 2020-11-16T03:47:44Z |
| description | |
| dns_nameservers | 172.16.1.253 |
| enable_dhcp | True |
| gateway_ip | 172.16.1.1 |
| host_routes | |
| id | c62894a0-602b-44d6-b31b-1b919eeb9742 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | test-sub |
| network_id | f2e6619e-c7dd-445c-91a6-024f34e37719 |
| project_id | acac1eb6c81540429c3323084bed23d9 |
| revision_number | 2 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| updated_at | 2020-11-16T03:47:44Z |
+-------------------+--------------------------------------+
- 外部子网 external-sub:
[root@node101 ~]# openstack subnet create --network external-net \
--allocation-pool start=192.168.1.221,end=192.168.1.230 \
--dns-nameserver 192.168.1.254 --gateway 192.168.1.1 \
--subnet-range 192.168.1.0/24 external-sub
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 192.168.1.221-192.168.1.230 |
| cidr | 192.168.1.0/24 |
| created_at | 2020-11-16T08:36:48Z |
| description | |
| dns_nameservers | 192.168.1.254 |
| enable_dhcp | True |
| gateway_ip | 192.168.1.1 |
| host_routes | |
| id | 9c339f48-a067-4c3b-bc70-11cd33f162ec |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | external-sub |
| network_id | 7356155c-9e74-463f-a93a-73f625640e8f |
| project_id | acac1eb6c81540429c3323084bed23d9 |
| revision_number | 2 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| updated_at | 2020-11-16T08:36:48Z |
+-------------------+--------------------------------------+
1.2:创建 Openstack 实验网络(自服务网络)
1.2.1:导入 demo 凭证
- 后续用 demo 用户做实验,所以创建 demo 用户的自服务网络
]# source demo-ocata.sh
1.2.2:创建自服务网络
[root@node101 ~]# openstack network create self-net
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-11-16T15:32:47Z |
| description | |
| dns_domain | None |
| id | 5b845b84-5aa6-4b1b-b282-dc3694bdc82a |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| mtu | 1450 |
| name | self-net |
| port_security_enabled | True |
| project_id | 9a94f1a1e271459580613778bf7c3392 |
| provider:network_type | None |
| provider:physical_network | None |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 3 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| updated_at | 2020-11-16T15:32:47Z |
+---------------------------+--------------------------------------+
1.2.3:在网络上创建子网
[root@node101 ~]# openstack subnet create --network self-net \
--dns-nameserver 192.168.1.254 \
--gateway 10.10.10.1 \
--subnet-range 10.10.10.0/24 self-sub
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 10.10.10.2-10.10.10.254 |
| cidr | 10.10.10.0/24 |
| created_at | 2020-11-16T15:34:01Z |
| description | |
| dns_nameservers | 192.168.1.254 |
| enable_dhcp | True |
| gateway_ip | 10.10.10.1 |
| host_routes | |
| id | ced26a73-966c-40c6-8cab-71e683143f34 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | self-sub |
| network_id | 5b845b84-5aa6-4b1b-b282-dc3694bdc82a |
| project_id | 9a94f1a1e271459580613778bf7c3392 |
| revision_number | 2 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| updated_at | 2020-11-16T15:34:01Z |
+-------------------+--------------------------------------+
1.2.4:配置虚拟路由
创建虚拟路由器
- 创建名为 self-router 的虚拟路由器:
[root@node101 ~]# openstack router create self-router
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-11-16T15:34:24Z |
| description | |
| distributed | False |
| external_gateway_info | None |
| flavor_id | None |
| ha | False |
| id | 546d0023-3965-4a90-ae9f-a3aa58528eef |
| name | self-router |
| project_id | 9a94f1a1e271459580613778bf7c3392 |
| revision_number | None |
| routes | |
| status | ACTIVE |
| updated_at | 2020-11-16T15:34:24Z |
+-------------------------+--------------------------------------+
添加自服务子网到虚拟路由器
[root@node101 ~]# neutron router-interface-add self-router self-sub
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Added interface d42758b4-8a0a-44d4-9ff4-3e09f382ab95 to router self-router.
设置虚拟路由器网关
- 将虚拟路由器网关指向外部网络 external-net,以使自服务网络中的云主机可以连接互联网:
[root@node101 ~]# neutron router-gateway-set self-router external-net
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Set gateway for router self-router
1.2.5:更改内核参数
- 需要将 openstack 创建的各虚拟网卡的 disable_ipv6 内核参数改为0:
[root@node101 ~]# sysctl -a |grep disable_ipv6
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.brq7356155c-9e.disable_ipv6 = 1
net.ipv6.conf.brq8536ca90-8e.disable_ipv6 = 1
net.ipv6.conf.brqf2e6619e-c7.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.eth0.disable_ipv6 = 0
net.ipv6.conf.eth1.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.tap1596f376-bf.disable_ipv6 = 1
net.ipv6.conf.tap66dd4658-78.disable_ipv6 = 1
net.ipv6.conf.tap734b43fc-d9.disable_ipv6 = 1
net.ipv6.conf.tap8eeb366d-ff.disable_ipv6 = 1
net.ipv6.conf.tapb0184bb2-28.disable_ipv6 = 1
net.ipv6.conf.vxlan-71.disable_ipv6 = 1
[root@node101 ~]# vim /etc/sysctl.conf
# openstack
net.ipv6.conf.brq7356155c-9e.disable_ipv6 = 0
net.ipv6.conf.brq8536ca90-8e.disable_ipv6 = 0
net.ipv6.conf.brqf2e6619e-c7.disable_ipv6 = 0
net.ipv6.conf.tap1596f376-bf.disable_ipv6 = 0
net.ipv6.conf.tap66dd4658-78.disable_ipv6 = 0
net.ipv6.conf.tap734b43fc-d9.disable_ipv6 = 0
net.ipv6.conf.tap8eeb366d-ff.disable_ipv6 = 0
net.ipv6.conf.tapb0184bb2-28.disable_ipv6 = 0
net.ipv6.conf.vxlan-71.disable_ipv6 = 0
[root@node101 ~]# sysctl -p
1.2.6:验证网络
命令行验证
- 验证 openstack 网络:
[root@node101 ~]# openstack network list
+--------------------------------------+--------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+--------------+--------------------------------------+
| 5b845b84-5aa6-4b1b-b282-dc3694bdc82a | self-net | ced26a73-966c-40c6-8cab-71e683143f34 |
| 7356155c-9e74-463f-a93a-73f625640e8f | external-net | 9c339f48-a067-4c3b-bc70-11cd33f162ec |
| f2e6619e-c7dd-445c-91a6-024f34e37719 | test-net | c62894a0-602b-44d6-b31b-1b919eeb9742 |
+--------------------------------------+--------------+--------------------------------------+
- 验证网络名称空间:
[root@node101 ~]# ip netns
qdhcp-7356155c-9e74-463f-a93a-73f625640e8f (id: 3)
qrouter-159858cb-9217-4459-9c0b-ff3c438bf168 (id: 2)
qdhcp-8536ca90-8e13-46a6-9d2d-0d4c73496c1a (id: 1)
qdhcp-f2e6619e-c7dd-445c-91a6-024f34e37719 (id: 0)
- 查看虚拟路由器端口:
[root@node101 ~]# neutron router-port-list self-router
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------+
| d42758b4-8a0a-44d4-9ff4-3e09f382ab95 | | fa:16:3e:a3:d2:8b | {"subnet_id": "ced26a73-966c-40c6-8cab-71e683143f34", "ip_address": "10.10.10.1"} |
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------+
- 验证网络:
1.3:创建密钥对(demo项目)
1.3.1:导入 demo 项目凭证
[root@node101 ~]# source demo-ocata.sh
1.3.2:生成key
[root@node101 ~]# ssh-keygen -q -N ""
Enter file in which to save the key (/root/.ssh/id_rsa):
1.3.3:创建密钥对
- 上传刚刚创建的公钥,创建名为 demo-key 的密钥对:
[root@node101 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub demo-key
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 3e:39:7a:d1:43:ad:4c:4a:7b:19:5e:fe:bc:d3:27:86 |
| name | demo-key |
| user_id | 69e61c6f12594c768bb39efb4e865a9b |
+-------------+-------------------------------------------------+
1.3.4:验证密钥对
命令行验证
[root@node101 ~]# openstack keypair list
+----------+-------------------------------------------------+
| Name | Fingerprint |
+----------+-------------------------------------------------+
| demo-key | 3e:39:7a:d1:43:ad:4c:4a:7b:19:5e:fe:bc:d3:27:86 |
+----------+-------------------------------------------------+
web 端验证
1.4:添加安全组规则(demo项目)
1.4.1:允许 ICMP(ping)
[root@node101 ~]# openstack security group rule create --proto icmp default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2020-11-16T04:00:44Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 35b5de13-9f36-4939-b269-6f1a7dd689b2 |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 9a94f1a1e271459580613778bf7c3392 |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 1 |
| security_group_id | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 |
| updated_at | 2020-11-16T04:00:44Z |
+-------------------+--------------------------------------+
1.4.2:允许 SSH
[root@node101 ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2020-11-16T04:01:11Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 160f4b56-93ae-4b83-bb10-0af3a9bed33b |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 9a94f1a1e271459580613778bf7c3392 |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 1 |
| security_group_id | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 |
| updated_at | 2020-11-16T04:01:11Z |
+-------------------+--------------------------------------+
1.4.3:验证安全组规则
命令行验证
[root@node101 ~]# openstack security group rule list
+--------------------------------------+-------------+-----------+------------+--------------------------------------+--------------------------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group | Security Group |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+--------------------------------------+
| 160f4b56-93ae-4b83-bb10-0af3a9bed33b | tcp | 0.0.0.0/0 | 22:22 | None | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 |
| 1a7f1188-d0eb-475a-aae6-74e6d25ffd2b | None | None | | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 |
| 35b5de13-9f36-4939-b269-6f1a7dd689b2 | icmp | 0.0.0.0/0 | | None | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 |
| 4bdf0034-cd26-4c46-a8d9-bbcc7f5ef3aa | None | None | | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 |
| a7063305-ab18-47fc-9e92-6a961a7d1dd9 | None | None | | None | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 |
| dbe0ac96-8b0a-4792-babb-f06d84941b88 | None | None | | None | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+--------------------------------------+
web端验证
1.5:创建实例类型
1.5.1:导入 admin 凭证
- 创建虚拟机类型需要 admin 权限:
[root@node101 ~]# source admin-ocata.sh
1.5.2:创建 flavor
- 创建名为1c-1g-10G 的虚拟机类型,指定 id 为 0,单核 cpu,内存 1024M,磁盘 10G:
[root@node101 ~]# openstack flavor create --id 0 --vcpus 1 --ram 1024 --disk 10 1c-1g-10G
+----------------------------+-----------+
| Field | Value |
+----------------------------+-----------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 10 |
| id | 0 |
| name | 1c-1g-10G |
| os-flavor-access:is_public | True |
| properties | |
| ram | 1024 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+-----------+
- 创建名为 2c-2g-20G 的虚拟机类型,指定 id 为 1,双核 cpu,内存 2048M,磁盘 20G:
[root@node101 ~]# openstack flavor create --id 1 --vcpus 2 --ram 2048 --disk 20 2c-2g-20G
+----------------------------+-----------+
| Field | Value |
+----------------------------+-----------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 20 |
| id | 1 |
| name | 2c-2g-20G |
| os-flavor-access:is_public | True |
| properties | |
| ram | 2048 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 2 |
+----------------------------+-----------+
1.5.3:验证实例类型
命令行验证
[root@node101 ~]# openstack flavor list
+--------------------------------------+-----------+------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+--------------------------------------+-----------+------+------+-----------+-------+-----------+
| 0cc027fe-58e7-4548-ac4e-2c8e3b8bbd36 | 1c-1g-10G | 1024 | 10 | 0 | 1 | True |
| 1 | 2c-2g-20G | 2048 | 20 | 0 | 2 | True |
+--------------------------------------+-----------+------+------+-----------+-------+-----------+
Web 端验证
二:准备镜像制作主机
2.1:网络配置
2.1.1:外部网络配置
br0
[root@node252 ~]# vim /etc/sysconfig/network-scripts/ifcfg-br0
TYPE="Bridge"
BOOTPROTO="static"
NAME="br0"
DEVICE="br0"
ONBOOT="yes"
IPADDR="192.168.1.252"
NETMASK="255.255.255.0"
GATEWAY="192.168.1.1"
DNS1="192.168.1.254"
eth0
[root@node252 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO="none"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
BRIDGE="br0"
2.1.2:内部网络配置
br1
[root@node252 ~]# vim /etc/sysconfig/network-scripts/ifcfg-br1
TYPE="Bridge"
BOOTPROTO="static"
NAME="br1"
DEVICE="br1"
ONBOOT="yes"
IPADDR="172.16.1.252"
NETMASK="255.255.255.0"
DNS1="172.16.1.253"
eth1
[root@node252 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
BOOTPROTO="none"
NAME="eth1"
DEVICE="eth1"
ONBOOT="yes"
BRIDGE="br1"
2.1.3:重启网络服务并验证
- 重启 network:
[root@node252 ~]# systemctl restart network
- 验证外网通信:
[root@node252 ~]# ping www.baidu.com
PING www.a.shifen.com (180.101.49.12) 56(84) bytes of data.
64 bytes from 180.101.49.12: icmp_seq=1 ttl=52 time=38.5 ms
64 bytes from 180.101.49.12: icmp_seq=2 ttl=52 time=36.1 ms
- 验证内网通信:
[root@node252 ~]# ping 172.16.1.101
PING 172.16.1.101 (172.16.1.101) 56(84) bytes of data.
64 bytes from 172.16.1.101: icmp_seq=1 ttl=64 time=1.25 ms
64 bytes from 172.16.1.101: icmp_seq=2 ttl=64 time=0.873 ms
2.2:安装 KVM 环境
- 安装程序包:
[root@node252 ~]# yum install -y qemu-kvm qemu-kvm-tools libvirt virt-manager virt-install
- 启动 libvirtd:
[root@node252 ~]# systemctl enable libvirtd
[root@node252 ~]# systemctl start libvirtd
三:启动一个 CentOS 实例
3.1:制作 CentOS-7.2 镜像
在镜像制作主机上制作镜像。
3.1.1:创建磁盘
- 创建 qcow2 格式的磁盘:
[root@node252 ~]# qemu-img create -f qcow2 /var/lib/libvirt/images/CentOS-7.2.qcow2 10G
Formatting '/var/lib/libvirt/images/CentOS-7.2.qcow2', fmt=qcow2 size=10737418240 cluster_size=65536 lazy_refcounts=off refcount_bits=16
- 验证磁盘文件:
[root@node252 ~]# file /var/lib/libvirt/images/CentOS-7.2.qcow2
/var/lib/libvirt/images/CentOS-7.2.qcow2: QEMU QCOW Image (v3), 10737418240 bytes
3.1.2:创建 KVM 虚拟机
- 以 CentOS-7.2-x86_64-Minimal-1511.iso 为镜像,创建名为 CentOS-7.2 的 KVM 虚拟机:
[root@node252 ~]# virt-install --virt-type kvm --name CentOS7-7.2 \
--ram 1024 \
--cdrom=/usr/local/src/CentOS-7.2-x86_64-Minimal-1511.iso \
--disk path=/var/lib/libvirt/images/CentOS-7.2.qcow2 \
--network bridge=br0 \
--graphics vnc,listen=0.0.0.0 \
--noautoconsole
Starting install...
Domain installation still in progress. You can reconnect to
the console to complete the installation process.
3.1.3:打开虚拟机管理终端
- virt-manager 配合 Xmanager,打开虚拟机管理终端:
[root@node252 ~]# virt-manager
3.1.4:设置启动内核参数
- 安装界面按 Tab 键编辑启动内核参数后,启动安装:
net.ifnames=0 biosdevname=0
以使网卡名称标准化(eth*);
3.1.5:安装操作系统
按常规步骤安装操作系统,安装过程中将 IP 地址设为 192.168.1.201/24,安装完成后即可直接远程 SSH 连接,进行后续操作。
注意以下几点:
-
时区设置为 Asia/Shanghai;
-
添加简体中文语言支持;
-
启动 eth0 网卡,设置 IP 地址为外部网络地址;
- 安装完成点击 reboot 后,虚拟机会关机,重新开机,进行 CentOS 系统初始化相关操作:
[root@node252 ~]# virsh start CentOS7-7.2
Domain CentOS7-7.2 started
- 直接 ssh 连接 192.168.1.201
[root@node252 ~]# ssh 192.168.1.201
root@192.168.1.201's password:
Last login: Mon Nov 16 15:55:42 2020 from 192.168.1.252
3.1.6:系统初始化操作
参见《CentOS 系统初始化》
3.1.7:添加一块内网网卡
- 添加网卡,桥接至 br1(内网),设备类型为 virtio:
- 配置网卡:
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
BOOTPROTO="none"
NAME="eth1"
DEVICE="eth1"
ONBOOT="yes"
IPADDR="172.16.1.202"
PREFIX="24"
DNS1="172.16.1.253"
- 重启网络服务:
[root@localhost ~]# systemctl restart network
- 验证内网通信:
[root@localhost ~]# ping 172.16.1.101
PING 172.16.1.101 (172.16.1.101) 56(84) bytes of data.
64 bytes from 172.16.1.101: icmp_seq=1 ttl=64 time=0.588 ms
64 bytes from 172.16.1.101: icmp_seq=2 ttl=64 time=7.91 ms
3.1.8:配置 Openstack 控制端免密钥登录
- 将 Openstack 控制端公钥放入 authorized_keys:
[root@localhost .ssh]# vim authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDU8vkeSMrqDiT+M+7ztv6jitFYb12Z7epDHFHirJ+3JLUCAwhjcu+ztaUfDOcdjoNYZeESWZRdIPNlxnJz1acfnH3fNFHODZChWpJWRLAr1oluGO675Rm1lidyL/FqH3d
/rAqv1UnWrVYbuFNJpm+YStpXFEaMjXWDEPai24QRVdDhOgmIDEKFIWGqSG1A4Hs6iaSS14R6XbHObh9ZZuk2eh3lDpyTo5q4mzoVFbUHiCmQec5ymGTJFPS+MiqJq4MFB7xFetWWa/H2kRQ1CnC2vYCiow3W61kRMkWqVn
VhFHLXzqUavjF1Rtt1yVmw0mZKdKw0UnIO42aQzeWVgAnN root@node101.yqc.com
[root@localhost .ssh]# chmod 600 authorized_keys
- Openstack 控制端免密登录验证:
[root@node101 ~]# ssh 192.168.1.201
Last login: Mon Nov 16 18:01:10 2020 from 192.168.1.101
[root@localhost ~]#
3.1.9:关机并拷贝磁盘文件至 Openstack 控制端
[root@localhost ~]# shutdown -h now
[root@node252 ~]# scp /var/lib/libvirt/images/CentOS-7.2.qcow2 node101:/root/
3.2:创建镜像
- 导入 admin 凭证:
[root@node101 ~]# source admin-ocata.sh
- 创建名为 CentOS-7.2 的镜像:
[root@node101 ~]# openstack image create "CentOS-7.2" --file /root/CentOS-7.2.qcow2 --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | 82fbc8ccefe8ee13fdd94181c555b79a |
| container_format | bare |
| created_at | 2020-11-16T15:20:29Z |
| disk_format | qcow2 |
| file | /v2/images/f4316053-2df5-41b2-9ae4-61fbed684b96/file |
| id | f4316053-2df5-41b2-9ae4-61fbed684b96 |
| min_disk | 0 |
| min_ram | 0 |
| name | CentOS-7.2 |
| owner | acac1eb6c81540429c3323084bed23d9 |
| protected | False |
| schema | /v2/schemas/image |
| size | 1715273728 |
| status | active |
| tags | |
| updated_at | 2020-11-16T15:22:07Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
- 验证镜像:
[root@node101 ~]# openstack image list
+--------------------------------------+------------+--------+
| ID | Name | Status |
+--------------------------------------+------------+--------+
| f4316053-2df5-41b2-9ae4-61fbed684b96 | CentOS-7.2 | active |
| 960434ae-56e7-49a2-8388-db376ac2a406 | cirros1 | active |
| 3168eab6-7ccd-4379-addd-b92266bc6f51 | cirros2 | active |
| 54461727-4f32-4cb9-8510-3ce5d66d39cb | cirros3 | active |
+--------------------------------------+------------+--------+
3.3:确认实例可用资源
- 导入 demo 凭证:
[root@node101 ~]# source demo-ocata.sh
- 列出可用虚拟机类型:
[root@node101 ~]# openstack flavor list
+----+-----------+------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+------+------+-----------+-------+-----------+
| 0 | 1c-1g-20G | 1024 | 10 | 0 | 1 | True |
+----+-----------+------+------+-----------+-------+-----------+
- 列出可用镜像:
[root@node101 ~]# openstack image list
+--------------------------------------+------------+--------+
| ID | Name | Status |
+--------------------------------------+------------+--------+
| f4316053-2df5-41b2-9ae4-61fbed684b96 | CentOS-7.2 | active |
| 960434ae-56e7-49a2-8388-db376ac2a406 | cirros1 | active |
| 3168eab6-7ccd-4379-addd-b92266bc6f51 | cirros2 | active |
| 54461727-4f32-4cb9-8510-3ce5d66d39cb | cirros3 | active |
+--------------------------------------+------------+--------+
- 列出可用网络:
[root@node101 ~]# openstack network list
+--------------------------------------+--------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+--------------+--------------------------------------+
| 5b845b84-5aa6-4b1b-b282-dc3694bdc82a | self-net | ced26a73-966c-40c6-8cab-71e683143f34 |
| 7356155c-9e74-463f-a93a-73f625640e8f | external-net | 9c339f48-a067-4c3b-bc70-11cd33f162ec |
| f2e6619e-c7dd-445c-91a6-024f34e37719 | test-net | c62894a0-602b-44d6-b31b-1b919eeb9742 |
+--------------------------------------+--------------+--------------------------------------+
- 列出可用安全组:
[root@node101 ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 | default | Default security group | 9a94f1a1e271459580613778bf7c3392 |
+--------------------------------------+---------+------------------------+----------------------------------+
- 列出可用密钥对:
[root@node101 ~]# openstack keypair list
+----------+-------------------------------------------------+
| Name | Fingerprint |
+----------+-------------------------------------------------+
| demo-key | 3e:39:7a:d1:43:ad:4c:4a:7b:19:5e:fe:bc:d3:27:86 |
+----------+-------------------------------------------------+
3.4:启动实例(提供者网络)
3.4.1:创建实例
采用命令行方式创建。
- 创建一个名为 openstack-node222-centos-7.2 的云主机,2块网卡,分别使用 external-net 连接外网,test-net 连接内网:
[root@node101 ~]# openstack server create --flavor 1c-1g-20G --image CentOS-7.2 \
--nic net-id=7356155c-9e74-463f-a93a-73f625640e8f --nic net-id=f2e6619e-c7dd-445c-91a6-024f34e37719 \
--security-group default \
--key-name demo-key openstack-node222-centos-7.2
+-----------------------------+---------------------------------------------------+
| Field | Value |
+-----------------------------+---------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | bCKXpUMa3A2n |
| config_drive | |
| created | 2020-11-16T15:54:46Z |
| flavor | 1c-1g-20G (0) |
| hostId | |
| id | 51479834-187d-43f6-bd0c-82a9c34e5ba3 |
| image | CentOS-7.2 (f4316053-2df5-41b2-9ae4-61fbed684b96) |
| key_name | demo-key |
| name | openstack-node222-centos-7.2 |
| progress | 0 |
| project_id | 9a94f1a1e271459580613778bf7c3392 |
| properties | |
| security_groups | name='default' |
| status | BUILD |
| updated | 2020-11-16T15:54:46Z |
| user_id | 69e61c6f12594c768bb39efb4e865a9b |
| volumes_attached | |
+-----------------------------+---------------------------------------------------+
3.4.2:修改实例 IP 地址
将实例的 IP 地址修改为 Openstack 分配的 IP 地址(172.16.1.222 和 192.168.1.230)。
- eth0 外网网卡:
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO="none"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="192.168.1.230"
PREFIX="24"
GATEWAY="192.168.1.1"
DNS1="192.168.1.254"
- 验证外网通信:
[root@localhost ~]# ping www.baidu.com
PING www.a.shifen.com (180.101.49.11) 56(84) bytes of data.
64 bytes from 180.101.49.11: icmp_seq=1 ttl=52 time=46.1 ms
64 bytes from 180.101.49.11: icmp_seq=2 ttl=52 time=43.5 ms
64 bytes from 180.101.49.11: icmp_seq=3 ttl=52 time=43.6 ms
- eth1 内网网卡:
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
BOOTPROTO="none"
NAME="eth1"
DEVICE="eth1"
ONBOOT="yes"
IPADDR="172.16.1.222"
PREFIX="24"
DNS1="172.16.1.253"
- 验证内网通信:
[root@localhost ~]# ping 172.16.1.101
PING 172.16.1.101 (172.16.1.101) 56(84) bytes of data.
64 bytes from 172.16.1.101: icmp_seq=1 ttl=64 time=8.19 ms
64 bytes from 172.16.1.101: icmp_seq=2 ttl=64 time=2.80 ms
3.5:启动实例(自服务网络)
这次采用 Web 端创建。
3.5.1:创建实例
实例名称
选择镜像
选择实例类型
选择网络
选择安全组
选择密钥对
创建实例
3.5.2:修改实例 IP 地址
- 删除 eth1 的网络配置文件,因为这台云主机只有一块网卡:
- 修改 eth0 的 IP 地址为 openstack 分配的自服务网络 IP 地址(10.10.10.9),并重启网络服务:
3.5.3:分配浮动 IP 并关联
- 网络-浮动IP-分配浮动IP给项目:
- 分配到 external-net 中的 192.168.1.224:
- 点击“关联”,将浮动 IP 关联至实例端口:
- 关联成功:
3.5.4:验证云主机网络
- 云主机测试外网通信:
3.5.5:解决无法 ssh 连接实例
- ssh 连接云主机:
[root@node101 ~]# ssh 192.168.1.224 -v
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to 192.168.1.224 [192.168.1.224] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
使用自服务网络会遇到此类问题。
原因是创建的 CentOS-7.2 镜像默认 MTU 值(1500)与 Openstack 网络环境中的 MTU 值(1450)不匹配。
/etc/neutron/neutron.conf 的 global_physnet_mtu 默认值为 1500,但使用 vxlan 时,vxlan 头部为 50,所以 MTU 值就变为1450。所以需要修改 CentOS-7.2 的 MTU 值为1450,以匹配 openstack 的 vxlan 网络。
P.S.
另一种方式是直接修改 /etc/neutron/neutron.conf (global_physnet_mtu)和 /etc/neutron/plugins/ml2/ml2_conf.ini(path_mtu)为 1550,重启并删除原有 openstack 网络,重新创建网络并挂载到实例;
而且这种方式还涉及到巨帧,以及会不会影响提供者网络,所以未尝试。
- 修改云主机的 MTU 值:
- 控制端再次 ssh 连接:
[root@node101 ~]# ssh 192.168.1.224
Last login: Tue Nov 17 12:01:21 2020 from 192.168.1.101
[root@localhost ~]#
可以免密登录。
四:启动一个 Windows Server 实例
4.1:制作 Windows Server 2008 R2 镜像
4.1.1:创建磁盘
[root@node252 ~]# qemu-img create -f qcow2 /var/lib/libvirt/images/WinServer-2008-R2.qcow2 20G
Formatting '/var/lib/libvirt/images/WinServer-2008-R2.qcow2', fmt=qcow2 size=21474836480 encryption=off cluster_size=65536 lazy_refcounts=off
4.1.2:创建 KVM虚拟机
由于 Windows 镜像不含 virtio 驱动,无法加载虚拟磁盘和虚拟网卡,需要额外的 virtio 驱动支持,各版本下载地址:
https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/
[root@node252 ~]# virt-install --virt-type kvm --name WinServer-2008-R2 \
--ram 2048 --vcpus=2 \
--os-type=windows \
--cdrom=/usr/local/src/windows_server_2008_r2.iso \
--disk path=/var/lib/libvirt/images/WinServer-2008-R2.qcow2,format=qcow2,bus=virtio \
--disk path=/usr/local/src/virtio-win-0.1.149_amd64.vfd,device=floppy \
--network bridge=br0,model=virtio \
--graphics vnc,listen=0.0.0.0 \
--noautoconsole
4.1.3:打开虚拟机管理终端
- virt-manager 配合 Xmanager,打开虚拟机管理终端:
[root@node252 ~]# virt-manager
4.1.4:安装操作系统
按照常规步骤安装 Windows Server 2008 R2 系统,以下几点注意:
- 选择 “Windows Server 2008 R2 Enterprise (完全安装)” 进行安装;
- 安装过程中需要加载 virtio 驱动(将网卡驱动和磁盘驱动都进行一次安装);
设置密码为 “Aa123456”:
4.1.5:添加一块内网网卡
- 关机,添加网卡,桥接到 br1,类型为 virtio:
4.1.6:系统初始化操作
开机,进行系统初始化操作。
- 配置外网 IP 地址(本地连接):
- 配置内网 IP 地址(本地连接 2):
- 验证网络通信:
- 关闭防火墙:
- 开启远程连接:
- 验证远程连接:
- 设置 NTP 时间同步(与本地 NTP 服务器同步时间):
4.1.7:重新封装虚拟机
系统准备工具路径:C:\Windows\System32\syspre\sysprep.exe
- 勾选 “通用”,选择 “关机”:
4.1.8:拷贝磁盘文件至 Openstack 控制端
[root@node252 ~]# scp /var/lib/libvirt/images/WinServer-2008-R2.qcow2 node101:/root/
4.2:创建镜像
- 导入 admin 凭证:
[root@node101 ~]# source admin-ocata.sh
- 创建名为 WinServer-2008-R2 的镜像:
[root@node101 ~]# openstack image create "WinServer-2008-R2" --file /root/WinServer-2008-R2.qcow2 --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | 6769fd8953052a47511da6a3a51f118d |
| container_format | bare |
| created_at | 2020-11-17T07:52:05Z |
| disk_format | qcow2 |
| file | /v2/images/e2f766f6-5e57-474f-96cf-34fd4e9e5002/file |
| id | e2f766f6-5e57-474f-96cf-34fd4e9e5002 |
| min_disk | 0 |
| min_ram | 0 |
| name | WinServer-2008-R2 |
| owner | acac1eb6c81540429c3323084bed23d9 |
| protected | False |
| schema | /v2/schemas/image |
| size | 7218397184 |
| status | active |
| tags | |
| updated_at | 2020-11-17T08:01:14Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
- 验证镜像:
[root@node101 ~]# openstack image list
+--------------------------------------+-------------------+--------+
| ID | Name | Status |
+--------------------------------------+-------------------+--------+
| f4316053-2df5-41b2-9ae4-61fbed684b96 | CentOS-7.2 | active |
| e2f766f6-5e57-474f-96cf-34fd4e9e5002 | WinServer-2008-R2 | active |
| 960434ae-56e7-49a2-8388-db376ac2a406 | cirros1 | active |
| 3168eab6-7ccd-4379-addd-b92266bc6f51 | cirros2 | active |
| 54461727-4f32-4cb9-8510-3ce5d66d39cb | cirros3 | active |
+--------------------------------------+-------------------+--------+
4.3:确认实例可用资源
- 导入 demo 凭证:
[root@node101 ~]# source demo-ocata.sh
- 列出可用虚拟机类型:
[root@node101 ~]# openstack flavor list
+--------------------------------------+-----------+------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+--------------------------------------+-----------+------+------+-----------+-------+-----------+
| 0cc027fe-58e7-4548-ac4e-2c8e3b8bbd36 | 1c-1g-10G | 1024 | 10 | 0 | 1 | True |
| 1 | 2c-2g-20G | 2048 | 20 | 0 | 2 | True |
+--------------------------------------+-----------+------+------+-----------+-------+-----------+
- 列出可用镜像:
[root@node101 ~]# openstack image list
+--------------------------------------+-------------------+--------+
| ID | Name | Status |
+--------------------------------------+-------------------+--------+
| f4316053-2df5-41b2-9ae4-61fbed684b96 | CentOS-7.2 | active |
| e2f766f6-5e57-474f-96cf-34fd4e9e5002 | WinServer-2008-R2 | active |
| 960434ae-56e7-49a2-8388-db376ac2a406 | cirros1 | active |
| 3168eab6-7ccd-4379-addd-b92266bc6f51 | cirros2 | active |
| 54461727-4f32-4cb9-8510-3ce5d66d39cb | cirros3 | active |
+--------------------------------------+-------------------+--------+
- 列出可用网络:
[root@node101 ~]# openstack network list
+--------------------------------------+--------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+--------------+--------------------------------------+
| 5b845b84-5aa6-4b1b-b282-dc3694bdc82a | self-net | ced26a73-966c-40c6-8cab-71e683143f34 |
| 7356155c-9e74-463f-a93a-73f625640e8f | external-net | 9c339f48-a067-4c3b-bc70-11cd33f162ec |
| f2e6619e-c7dd-445c-91a6-024f34e37719 | test-net | c62894a0-602b-44d6-b31b-1b919eeb9742 |
+--------------------------------------+--------------+--------------------------------------+
- 列出可用安全组:
[root@node101 ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 | default | Default security group | 9a94f1a1e271459580613778bf7c3392 |
+--------------------------------------+---------+------------------------+----------------------------------+
- 列出可用密钥对:
[root@node101 ~]# openstack keypair list
+----------+-------------------------------------------------+
| Name | Fingerprint |
+----------+-------------------------------------------------+
| demo-key | 3e:39:7a:d1:43:ad:4c:4a:7b:19:5e:fe:bc:d3:27:86 |
+----------+-------------------------------------------------+
4.4:启动实例(提供者网络)
4.4.1:创建实例
采用命令行方式创建。
- 创建一个名为 winserver-2008-r2-test 的云主机,2块网卡,分别使用 external-net 连接外网,test-net 连接内网:
[root@node101 ~]# openstack server create --flavor 2c-2g-20G --image WinServer-2008-R2 \
--nic net-id=7356155c-9e74-463f-a93a-73f625640e8f --nic net-id=f2e6619e-c7dd-445c-91a6-024f34e37719 \
--security-group default \
--key-name demo-key winserver-2008-r2-test
+-----------------------------+----------------------------------------------------------+
| Field | Value |
+-----------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | pqVJ8QrrX9MQ |
| config_drive | |
| created | 2020-11-18T06:43:50Z |
| flavor | 2c-2g-20G (1) |
| hostId | |
| id | 7c4bdd9a-cd95-4305-a8df-0c2429039e89 |
| image | WinServer-2008-R2 (27784f4b-b987-4827-a402-7f1dcf99648b) |
| key_name | demo-key |
| name | winserver-2008-r2-test |
| progress | 0 |
| project_id | 9a94f1a1e271459580613778bf7c3392 |
| properties | |
| security_groups | name='default' |
| status | BUILD |
| updated | 2020-11-18T06:43:51Z |
| user_id | 69e61c6f12594c768bb39efb4e865a9b |
| volumes_attached | |
+-----------------------------+----------------------------------------------------------+
4.4.2:修改实例 IP 地址
- 将实例的 IP 地址修改为 Openstack 分配的 IP 地址(外网 192.168.1.222,内网 172.16.1.229):
- 验证内外网通信:
- 添加安全组规则,允许远程桌面连接:
- 验证远程登录:
五:启动一个 CentOS GenericCloud 实例
5.1:制作 GenericCloud-1511 镜像
5.1.1:下载官方磁盘文件并解压
[root@node252 src]# xz -d CentOS-7-x86_64-GenericCloud-1511.qcow2.xz
[root@node252 src]# mv CentOS-7-x86_64-GenericCloud-1511.qcow2 /var/lib/libvirt/images/
5.1.2:创建 KVM 虚拟机
[root@node252 ~]# virt-install --virt-type kvm --name CentOS-GenericCloud-7.2 \
--ram 1024 \
--cdrom=/usr/local/src/CentOS-7.2-x86_64-Minimal-1511.iso \
--disk path=/var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud-1511.qcow2 \
--network bridge=br0 \
--graphics vnc,listen=0.0.0.0 \
--noautoconsole
这里指定哪个镜像不重要,主要是从 CentOS-7-x86_64-GenericCloud-1511.qcow2 这个磁盘文件启动虚拟机。
5.1.3:打开虚拟机管理终端并强制关机
5.1.4:重设 root 密码
- 安装 libguestfs-tools:
[root@node252 ~]# yum install libguestfs-tools -y
- 修改 root 密码为 123456:
[root@node252 ~]# vsirt-customize -a /var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud-1511.qcow2 --root-password password:123456
[ 0.0] Examining the guest ...
virt-customize: symbol lookup error: /lib64/libguestfs.so.0: undefined symbol: json_string_length
[root@node252 ~]# yum update
[root@node252 src]# virt-customize -a /var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud-1511.qcow2 --root-password password:123456
[ 0.0] Examining the guest ...
[ 9.7] Setting a random seed
[ 9.8] Setting passwords
[ 12.7] Finishing off
开机状态下重设密码未成功,重新创建虚拟机强制关机后重设成功。
- 验证 root 登录:
- 验证 ssh 登录
[root@node252 src]# ssh 192.168.1.57
The authenticity of host '192.168.1.57 (192.168.1.57)' can't be established.
ECDSA key fingerprint is SHA256:+4aN0AyrkRRI3ZHYt6QAN0FH9A8CU4o+uLCtqtyjCGU.
ECDSA key fingerprint is MD5:b5:f5:bf:8e:3b:9a:c7:e4:04:05:a6:99:91:77:a3:88.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.57' (ECDSA) to the list of known hosts.
root@192.168.1.57's password:
Last login: Tue Nov 17 14:29:44 2020
[root@localhost ~]#
5.1.5:系统初始化操作
参见《CentOS 系统初始化》
5.1.6:添加一块内网网卡
5.1.7:配置免密登录
- 添加 KVM 制作主机和 Openstack 控制端的公钥到虚拟机中:
[root@localhost ~]# ssh-keygen
[root@localhost ~]# vim /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgOIvlUt2rH0ebKPl3/SNvxkUXZtSPig3svl5QOWCix4pTqJLUsNs1YaEhJGsycjO2+mNyUTFuvKOTRdV5ObE/Zb9BTHw/jyBwScdUTLQkoc89vGI9qNvFez+PMcMq0He
qT1xTR1T8CvOopiPuPkDqAZtDm94MzsdvPs+C+CqKwPIozcPxAams4S01HxXymtAraQXmeSK1pPzvgR68CcJaoz/L5goSTLVW52RwMlFDU1MpuBWzQvf4F4KG9IjZTadQOFd9Do1AepxX+ylIBfzJMJ+P0Bk0Yirz5zfeAc
N6u10/IuHOPfJbiItoUtSn3+Fs+CHJ4CLmmNpe0FBgbICb root@node252.yqc.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDU8vkeSMrqDiT+M+7ztv6jitFYb12Z7epDHFHirJ+3JLUCAwhjcu+ztaUfDOcdjoNYZeESWZRdIPNlxnJz1acfnH3fNFHODZChWpJWRLAr1oluGO675Rm1lidyL/FqH3d
/rAqv1UnWrVYbuFNJpm+YStpXFEaMjXWDEPai24QRVdDhOgmIDEKFIWGqSG1A4Hs6iaSS14R6XbHObh9ZZuk2eh3lDpyTo5q4mzoVFbUHiCmQec5ymGTJFPS+MiqJq4MFB7xFetWWa/H2kRQ1CnC2vYCiow3W61kRMkWqVn
VhFHLXzqUavjF1Rtt1yVmw0mZKdKw0UnIO42aQzeWVgAnN root@node101.yqc.com
- 更改文件权限:
[root@localhost ~]# chmod 600 /root/.ssh/authorized_keys
- 验证免密登录:
[root@node252 ~]# ssh 192.168.1.57
Last login: Tue Nov 17 14:32:18 2020 from 192.168.1.252
[root@localhost ~]#
[root@node101 ~]# ssh 192.168.1.57
The authenticity of host '192.168.1.57 (192.168.1.57)' can't be established.
ECDSA key fingerprint is b5:f5:bf:8e:3b:9a:c7:e4:04:05:a6:99:91:77:a3:88.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.57' (ECDSA) to the list of known hosts.
Last login: Tue Nov 17 14:46:57 2020 from 192.168.1.252
[root@localhost ~]#
5.1.8:关机并拷贝磁盘文件至 Openstack 控制端
[root@node252 ~]# scp /var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud-1511.qcow2 node101:/root/
5.2:创建镜像
- 导入 admin 凭证:
[root@node101 ~]# source admin-ocata.sh
- 创建名为 GenericCloud-1511 的镜像:
[root@node101 ~]# openstack image create "GenericCloud-1511" --file /root/CentOS-7-x86_64-GenericCloud-1511.qcow2 --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | 042e6aa4494e8b3bfd5ab662b27e57ec |
| container_format | bare |
| created_at | 2020-11-17T22:59:44Z |
| disk_format | qcow2 |
| file | /v2/images/00ca8a54-f2a3-435c-a9b1-b74c72b1b1f9/file |
| id | 00ca8a54-f2a3-435c-a9b1-b74c72b1b1f9 |
| min_disk | 0 |
| min_ram | 0 |
| name | GenericCloud-1511 |
| owner | acac1eb6c81540429c3323084bed23d9 |
| protected | False |
| schema | /v2/schemas/image |
| size | 1677197312 |
| status | active |
| tags | |
| updated_at | 2020-11-17T23:01:19Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
- 验证镜像:
[root@node101 ~]# openstack image list
+--------------------------------------+-------------------+--------+
| ID | Name | Status |
+--------------------------------------+-------------------+--------+
| f4316053-2df5-41b2-9ae4-61fbed684b96 | CentOS-7.2 | active |
| 00ca8a54-f2a3-435c-a9b1-b74c72b1b1f9 | GenericCloud-1511 | active |
| e2f766f6-5e57-474f-96cf-34fd4e9e5002 | WinServer-2008-R2 | active |
| 960434ae-56e7-49a2-8388-db376ac2a406 | cirros1 | active |
| 3168eab6-7ccd-4379-addd-b92266bc6f51 | cirros2 | active |
| 54461727-4f32-4cb9-8510-3ce5d66d39cb | cirros3 | active |
+--------------------------------------+-------------------+--------+
5.3:确认实例可用资源
- 导入 demo 凭证:
[root@node101 ~]# source demo-ocata.sh
- 列出可用虚拟机类型:
[root@node101 ~]# openstack flavor list
+--------------------------------------+-----------+------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+--------------------------------------+-----------+------+------+-----------+-------+-----------+
| 0cc027fe-58e7-4548-ac4e-2c8e3b8bbd36 | 1c-1g-10G | 1024 | 10 | 0 | 1 | True |
| 1 | 2c-2g-20G | 2048 | 20 | 0 | 2 | True |
| 2 | 2c-2g-50G | 2048 | 50 | 0 | 2 | True |
+--------------------------------------+-----------+------+------+-----------+-------+-----------+
- 列出可用镜像:
[root@node101 ~]# openstack image list
+--------------------------------------+-------------------+--------+
| ID | Name | Status |
+--------------------------------------+-------------------+--------+
| f4316053-2df5-41b2-9ae4-61fbed684b96 | CentOS-7.2 | active |
| 00ca8a54-f2a3-435c-a9b1-b74c72b1b1f9 | GenericCloud-1511 | active |
| e2f766f6-5e57-474f-96cf-34fd4e9e5002 | WinServer-2008-R2 | active |
| 960434ae-56e7-49a2-8388-db376ac2a406 | cirros1 | active |
| 3168eab6-7ccd-4379-addd-b92266bc6f51 | cirros2 | active |
| 54461727-4f32-4cb9-8510-3ce5d66d39cb | cirros3 | active |
+--------------------------------------+-------------------+--------+
- 列出可用网络:
[root@node101 ~]# openstack network list
+--------------------------------------+--------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+--------------+--------------------------------------+
| 5b845b84-5aa6-4b1b-b282-dc3694bdc82a | self-net | ced26a73-966c-40c6-8cab-71e683143f34 |
| 7356155c-9e74-463f-a93a-73f625640e8f | external-net | 9c339f48-a067-4c3b-bc70-11cd33f162ec |
| f2e6619e-c7dd-445c-91a6-024f34e37719 | test-net | c62894a0-602b-44d6-b31b-1b919eeb9742 |
+--------------------------------------+--------------+--------------------------------------+
- 列出可用安全组:
[root@node101 ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 | default | Default security group | 9a94f1a1e271459580613778bf7c3392 |
+--------------------------------------+---------+------------------------+----------------------------------+
- 列出可用密钥对:
[root@node101 ~]# openstack keypair list
+----------+-------------------------------------------------+
| Name | Fingerprint |
+----------+-------------------------------------------------+
| demo-key | 3e:39:7a:d1:43:ad:4c:4a:7b:19:5e:fe:bc:d3:27:86 |
+----------+-------------------------------------------------+
5.4:启动实例(提供者网络)
5.4.1:创建实例
采用命令行方式创建。
- 创建一个名为 GenericCloud-1511-test 的云主机,2块网卡,分别使用 external-net 连接外网,test-net 连接内网:
[root@node101 ~]# openstack server create --flavor 1c-1g-10G --image GenericCloud-1511 \
--nic net-id=7356155c-9e74-463f-a93a-73f625640e8f --nic net-id=f2e6619e-c7dd-445c-91a6-024f34e37719 \
--security-group default \
--key-name demo-key GenericCloud-1511-test
+-----------------------------+----------------------------------------------------------+
| Field | Value |
+-----------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | CJ9SYzniM3vD |
| config_drive | |
| created | 2020-11-17T23:13:52Z |
| flavor | 1c-1g-10G (0cc027fe-58e7-4548-ac4e-2c8e3b8bbd36) |
| hostId | |
| id | aade2cc7-c251-4871-a4a3-f30c8ab9043f |
| image | GenericCloud-1511 (00ca8a54-f2a3-435c-a9b1-b74c72b1b1f9) |
| key_name | demo-key |
| name | GenericCloud-1511-test |
| progress | 0 |
| project_id | 9a94f1a1e271459580613778bf7c3392 |
| properties | |
| security_groups | name='default' |
| status | BUILD |
| updated | 2020-11-17T23:13:52Z |
| user_id | 69e61c6f12594c768bb39efb4e865a9b |
| volumes_attached | |
+-----------------------------+----------------------------------------------------------+
5.4.2:修改实例 IP 地址
将实例的 IP 地址修改为 Openstack 分配的 IP 地址(172.16.1.222 和 192.168.1.230)。
- eth0 外网网卡:
[root@genericcloud-1511-test ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
BOOTPROTO="static"
ONBOOT="yes"
IPADDR="192.168.1.223"
PREFIX="24"
GATEWAY="192.168.1.1"
DNS1="192.168.1.254"
- 验证外网通信:
[root@genericcloud-1511-test ~]# ping www.baidu.com
PING www.a.shifen.com (180.101.49.11) 56(84) bytes of data.
64 bytes from 180.101.49.11: icmp_seq=1 ttl=52 time=42.5 ms
64 bytes from 180.101.49.11: icmp_seq=2 ttl=52 time=42.7 ms
64 bytes from 180.101.49.11: icmp_seq=3 ttl=52 time=45.6 ms
- eth1 内网网卡:
[root@genericcloud-1511-test ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE="eth1"
BOOTPROTO="static"
ONBOOT="yes"
IPADDR="172.16.1.227"
PREFIX="24"
DNS1="172.16.1.253"
- 验证内网通信:
[root@genericcloud-1511-test ~]# ping 172.16.1.101
PING 172.16.1.101 (172.16.1.101) 56(84) bytes of data.
64 bytes from 172.16.1.101: icmp_seq=1 ttl=64 time=0.566 ms
64 bytes from 172.16.1.101: icmp_seq=2 ttl=64 time=0.412 ms
64 bytes from 172.16.1.101: icmp_seq=3 ttl=64 time=0.768 ms
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
