三:启动一个 CentOS 实例
3.1:制作 CentOS-7.2 镜像
在镜像制作主机上制作镜像。
3.1.1:创建磁盘
- 创建 qcow2 格式的磁盘:
[root@node252 ~]# qemu-img create -f qcow2 /var/lib/libvirt/images/CentOS-7.2.qcow2 10G
Formatting '/var/lib/libvirt/images/CentOS-7.2.qcow2', fmt=qcow2 size=10737418240 cluster_size=65536 lazy_refcounts=off refcount_bits=16
- 验证磁盘文件:
[root@node252 ~]# file /var/lib/libvirt/images/CentOS-7.2.qcow2
/var/lib/libvirt/images/CentOS-7.2.qcow2: QEMU QCOW Image (v3), 10737418240 bytes
3.1.2:创建 KVM 虚拟机
- 以 CentOS-7.2-x86_64-Minimal-1511.iso 为镜像,创建名为 CentOS-7.2 的 KVM 虚拟机:
[root@node252 ~]# virt-install --virt-type kvm --name CentOS7-7.2 \
--ram 1024 \
--cdrom=/usr/local/src/CentOS-7.2-x86_64-Minimal-1511.iso \
--disk path=/var/lib/libvirt/images/CentOS-7.2.qcow2 \
--network bridge=br0 \
--graphics vnc,listen=0.0.0.0 \
--noautoconsole
Starting install...
Domain installation still in progress. You can reconnect to
the console to complete the installation process.
3.1.3:打开虚拟机管理终端
- virt-manager 配合 Xmanager,打开虚拟机管理终端:
[root@node252 ~]# virt-manager
3.1.4:设置启动内核参数
- 安装界面按 Tab 键编辑启动内核参数后,启动安装:
net.ifnames=0 biosdevname=0
以使网卡名称标准化(eth*);
3.1.5:安装操作系统
按常规步骤安装操作系统,安装过程中将 IP 地址设为 192.168.1.201/24,安装完成后即可直接远程 SSH 连接,进行后续操作。
注意以下几点:
-
时区设置为 Asia/Shanghai;
-
添加简体中文语言支持;
-
启动 eth0 网卡,设置 IP 地址为外部网络地址;
- 安装完成点击 reboot 后,虚拟机会关机,重新开机,进行 CentOS 系统初始化相关操作:
[root@node252 ~]# virsh start CentOS7-7.2
Domain CentOS7-7.2 started
- 直接 ssh 连接 192.168.1.201
[root@node252 ~]# ssh 192.168.1.201
root@192.168.1.201's password:
Last login: Mon Nov 16 15:55:42 2020 from 192.168.1.252
3.1.6:系统初始化操作
参见《CentOS 系统初始化》
3.1.7:添加一块内网网卡
- 添加网卡,桥接至 br1(内网),设备类型为 virtio:
- 配置网卡:
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
BOOTPROTO="none"
NAME="eth1"
DEVICE="eth1"
ONBOOT="yes"
IPADDR="172.16.1.202"
PREFIX="24"
DNS1="172.16.1.253"
- 重启网络服务:
[root@localhost ~]# systemctl restart network
- 验证内网通信:
[root@localhost ~]# ping 172.16.1.101
PING 172.16.1.101 (172.16.1.101) 56(84) bytes of data.
64 bytes from 172.16.1.101: icmp_seq=1 ttl=64 time=0.588 ms
64 bytes from 172.16.1.101: icmp_seq=2 ttl=64 time=7.91 ms
3.1.8:配置 Openstack 控制端免密钥登录
- 将 Openstack 控制端公钥放入 authorized_keys:
[root@localhost .ssh]# vim authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDU8vkeSMrqDiT+M+7ztv6jitFYb12Z7epDHFHirJ+3JLUCAwhjcu+ztaUfDOcdjoNYZeESWZRdIPNlxnJz1acfnH3fNFHODZChWpJWRLAr1oluGO675Rm1lidyL/FqH3d
/rAqv1UnWrVYbuFNJpm+YStpXFEaMjXWDEPai24QRVdDhOgmIDEKFIWGqSG1A4Hs6iaSS14R6XbHObh9ZZuk2eh3lDpyTo5q4mzoVFbUHiCmQec5ymGTJFPS+MiqJq4MFB7xFetWWa/H2kRQ1CnC2vYCiow3W61kRMkWqVn
VhFHLXzqUavjF1Rtt1yVmw0mZKdKw0UnIO42aQzeWVgAnN root@node101.yqc.com
[root@localhost .ssh]# chmod 600 authorized_keys
- Openstack 控制端免密登录验证:
[root@node101 ~]# ssh 192.168.1.201
Last login: Mon Nov 16 18:01:10 2020 from 192.168.1.101
[root@localhost ~]#
3.1.9:关机并拷贝磁盘文件至 Openstack 控制端
[root@localhost ~]# shutdown -h now
[root@node252 ~]# scp /var/lib/libvirt/images/CentOS-7.2.qcow2 node101:/root/
3.2:创建镜像
- 导入 admin 凭证:
[root@node101 ~]# source admin-ocata.sh
- 创建名为 CentOS-7.2 的镜像:
[root@node101 ~]# openstack image create "CentOS-7.2" --file /root/CentOS-7.2.qcow2 --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | 82fbc8ccefe8ee13fdd94181c555b79a |
| container_format | bare |
| created_at | 2020-11-16T15:20:29Z |
| disk_format | qcow2 |
| file | /v2/images/f4316053-2df5-41b2-9ae4-61fbed684b96/file |
| id | f4316053-2df5-41b2-9ae4-61fbed684b96 |
| min_disk | 0 |
| min_ram | 0 |
| name | CentOS-7.2 |
| owner | acac1eb6c81540429c3323084bed23d9 |
| protected | False |
| schema | /v2/schemas/image |
| size | 1715273728 |
| status | active |
| tags | |
| updated_at | 2020-11-16T15:22:07Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
- 验证镜像:
[root@node101 ~]# openstack image list
+--------------------------------------+------------+--------+
| ID | Name | Status |
+--------------------------------------+------------+--------+
| f4316053-2df5-41b2-9ae4-61fbed684b96 | CentOS-7.2 | active |
| 960434ae-56e7-49a2-8388-db376ac2a406 | cirros1 | active |
| 3168eab6-7ccd-4379-addd-b92266bc6f51 | cirros2 | active |
| 54461727-4f32-4cb9-8510-3ce5d66d39cb | cirros3 | active |
+--------------------------------------+------------+--------+
3.3:确认实例可用资源
- 导入 demo 凭证:
[root@node101 ~]# source demo-ocata.sh
- 列出可用虚拟机类型:
[root@node101 ~]# openstack flavor list
+----+-----------+------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+------+------+-----------+-------+-----------+
| 0 | 1c-1g-20G | 1024 | 10 | 0 | 1 | True |
+----+-----------+------+------+-----------+-------+-----------+
- 列出可用镜像:
[root@node101 ~]# openstack image list
+--------------------------------------+------------+--------+
| ID | Name | Status |
+--------------------------------------+------------+--------+
| f4316053-2df5-41b2-9ae4-61fbed684b96 | CentOS-7.2 | active |
| 960434ae-56e7-49a2-8388-db376ac2a406 | cirros1 | active |
| 3168eab6-7ccd-4379-addd-b92266bc6f51 | cirros2 | active |
| 54461727-4f32-4cb9-8510-3ce5d66d39cb | cirros3 | active |
+--------------------------------------+------------+--------+
- 列出可用网络:
[root@node101 ~]# openstack network list
+--------------------------------------+--------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+--------------+--------------------------------------+
| 5b845b84-5aa6-4b1b-b282-dc3694bdc82a | self-net | ced26a73-966c-40c6-8cab-71e683143f34 |
| 7356155c-9e74-463f-a93a-73f625640e8f | external-net | 9c339f48-a067-4c3b-bc70-11cd33f162ec |
| f2e6619e-c7dd-445c-91a6-024f34e37719 | test-net | c62894a0-602b-44d6-b31b-1b919eeb9742 |
+--------------------------------------+--------------+--------------------------------------+
- 列出可用安全组:
[root@node101 ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 | default | Default security group | 9a94f1a1e271459580613778bf7c3392 |
+--------------------------------------+---------+------------------------+----------------------------------+
- 列出可用密钥对:
[root@node101 ~]# openstack keypair list
+----------+-------------------------------------------------+
| Name | Fingerprint |
+----------+-------------------------------------------------+
| demo-key | 3e:39:7a:d1:43:ad:4c:4a:7b:19:5e:fe:bc:d3:27:86 |
+----------+-------------------------------------------------+
3.4:启动实例(提供者网络)
3.4.1:创建实例
采用命令行方式创建。
- 创建一个名为 openstack-node222-centos-7.2 的云主机,2块网卡,分别使用 external-net 连接外网,test-net 连接内网:
[root@node101 ~]# openstack server create --flavor 1c-1g-20G --image CentOS-7.2 \
--nic net-id=7356155c-9e74-463f-a93a-73f625640e8f --nic net-id=f2e6619e-c7dd-445c-91a6-024f34e37719 \
--security-group default \
--key-name demo-key openstack-node222-centos-7.2
+-----------------------------+---------------------------------------------------+
| Field | Value |
+-----------------------------+---------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | bCKXpUMa3A2n |
| config_drive | |
| created | 2020-11-16T15:54:46Z |
| flavor | 1c-1g-20G (0) |
| hostId | |
| id | 51479834-187d-43f6-bd0c-82a9c34e5ba3 |
| image | CentOS-7.2 (f4316053-2df5-41b2-9ae4-61fbed684b96) |
| key_name | demo-key |
| name | openstack-node222-centos-7.2 |
| progress | 0 |
| project_id | 9a94f1a1e271459580613778bf7c3392 |
| properties | |
| security_groups | name='default' |
| status | BUILD |
| updated | 2020-11-16T15:54:46Z |
| user_id | 69e61c6f12594c768bb39efb4e865a9b |
| volumes_attached | |
+-----------------------------+---------------------------------------------------+
3.4.2:修改实例 IP 地址
将实例的 IP 地址修改为 Openstack 分配的 IP 地址(172.16.1.222 和 192.168.1.230)。
- eth0 外网网卡:
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO="none"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="192.168.1.230"
PREFIX="24"
GATEWAY="192.168.1.1"
DNS1="192.168.1.254"
- 验证外网通信:
[root@localhost ~]# ping www.baidu.com
PING www.a.shifen.com (180.101.49.11) 56(84) bytes of data.
64 bytes from 180.101.49.11: icmp_seq=1 ttl=52 time=46.1 ms
64 bytes from 180.101.49.11: icmp_seq=2 ttl=52 time=43.5 ms
64 bytes from 180.101.49.11: icmp_seq=3 ttl=52 time=43.6 ms
- eth1 内网网卡:
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
BOOTPROTO="none"
NAME="eth1"
DEVICE="eth1"
ONBOOT="yes"
IPADDR="172.16.1.222"
PREFIX="24"
DNS1="172.16.1.253"
- 验证内网通信:
[root@localhost ~]# ping 172.16.1.101
PING 172.16.1.101 (172.16.1.101) 56(84) bytes of data.
64 bytes from 172.16.1.101: icmp_seq=1 ttl=64 time=8.19 ms
64 bytes from 172.16.1.101: icmp_seq=2 ttl=64 time=2.80 ms
3.5:启动实例(自服务网络)
这次采用 Web 端创建。
3.5.1:创建实例
实例名称
选择镜像
选择实例类型
选择网络
选择安全组
选择密钥对
创建实例
3.5.2:修改实例 IP 地址
- 删除 eth1 的网络配置文件,因为这台云主机只有一块网卡:
- 修改 eth0 的 IP 地址为 openstack 分配的自服务网络 IP 地址(10.10.10.9),并重启网络服务:
3.5.3:分配浮动 IP 并关联
- 网络-浮动IP-分配浮动IP给项目:
- 分配到 external-net 中的 192.168.1.224:
- 点击“关联”,将浮动 IP 关联至实例端口:
- 关联成功:
3.5.4:验证云主机网络
- 云主机测试外网通信:
3.5.5:解决无法 ssh 连接实例
- ssh 连接云主机:
[root@node101 ~]# ssh 192.168.1.224 -v
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to 192.168.1.224 [192.168.1.224] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
使用自服务网络会遇到此类问题。
原因是创建的 CentOS-7.2 镜像默认 MTU 值(1500)与 Openstack 网络环境中的 MTU 值(1450)不匹配。
/etc/neutron/neutron.conf 的 global_physnet_mtu 默认值为 1500,但使用 vxlan 时,vxlan 头部为 50,所以 MTU 值就变为1450。所以需要修改 CentOS-7.2 的 MTU 值为1450,以匹配 openstack 的 vxlan 网络。
P.S.
另一种方式是直接修改 /etc/neutron/neutron.conf (global_physnet_mtu)和 /etc/neutron/plugins/ml2/ml2_conf.ini(path_mtu)为 1550,重启并删除原有 openstack 网络,重新创建网络并挂载到实例;
而且这种方式还涉及到巨帧,以及会不会影响提供者网络,所以未尝试。
- 修改云主机的 MTU 值:
- 控制端再次 ssh 连接:
[root@node101 ~]# ssh 192.168.1.224
Last login: Tue Nov 17 12:01:21 2020 from 192.168.1.101
[root@localhost ~]#
可以免密登录。
582
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
