目录
1 创建项目project
haha:项目名称
[root@controller ~]# source keystonerc_admin
[root@controller ~(admin)]# openstack project create haha
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | default |
| enabled | True |
| id | f3344b52a58648a59aee080187f02a14 |
| is_domain | False |
| name | haha |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
2 创建用户user
--password:设置密码
--project:关联项目
haha:用户名
[root@controller ~(admin)]# openstack user create --password 123456 --project haha haha
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | f3344b52a58648a59aee080187f02a14 |
| domain_id | default |
| enabled | True |
| id | 78ad2ef4ac4d4c939ffff8b0cb191b07 |
| name | haha |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
创建用户,绑定了 project,设置了密码。还少一步,分配角色,可是角色的分配不能直接在 user 里面进行分配,必须通过第二条命令来分配角色
3 分配角色
[root@controller ~(admin)]# openstack role add --user haha --project haha _member_
4 创建规格flavor
--vcpus:cpu数
--ram:内存
-disk:跟磁盘
m3.haha:创建规格名称
[root@controller ~(admin)]# openstack flavor create --vcpus 1 --ram 1024 --disk 2 m3.haha
+----------------------------+--------------------------------------+
| Field | Value |
+----------------------------+--------------------------------------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 2 |
| id | dabdab5e-2fa3-4e62-993b-484ebe27cf36 |
| name | m3.haha |
| os-flavor-access:is_public | True |
| properties | |
| ram | 1024 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+--------------------------------------+
5 创建镜像image
--disk-format:镜像格式
--min-disk:最小磁盘
--public:公有
--file:镜像位置
rhe17:创建镜像名称
[root@controller tmp(admin)]# openstack image create --disk-format qcow2 --min-disk 2 --public --file /tmp/cirros-0.6.2-x86_64-disk.img rhe17
+------------------+-------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+-------------------------------------------------------------------------------------------------------------------------------------------+
| container_format | bare |
| created_at | 2024-09-12T07:18:11Z |
| disk_format | qcow2 |
| file | /v2/images/4024f29d-85ad-43fe-8f5b-1489861dbb94/file |
| id | 4024f29d-85ad-43fe-8f5b-1489861dbb94 |
| min_disk | 2 |
| min_ram | 0 |
| name | rhe17 |
| owner | dc356bd62eb3411c948b3c11bcddcb12 |
| properties | os_hidden='False', owner_specified.openstack.md5='', owner_specified.openstack.object='images/rhe17', owner_specified.openstack.sha256='' |
| protected | False |
| schema | /v2/schemas/image |
| status | queued |
| tags | |
| updated_at | 2024-09-12T07:18:11Z |
| visibility | public |
+------------------+-------------------------------------------------------------------------------------------------------------------------------------------+
6 创建公网network
6.1 创建网络
--project:项目名称
--provider-network-type:供应商网络类型
--share:共享
--external:外部网络
public:
[root@controller ~(admin)]# openstack network create --project haha --provider-network-type flat --provider-physical-network extnet --share --external public
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2024-09-12T07:29:28Z |
| description | |
| dns_domain | None |
| id | f7708011-070c-42cc-87c0-34948ed692d1 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | public |
| port_security_enabled | True |
| project_id | f3344b52a58648a59aee080187f02a14 |
| provider:network_type | flat |
| provider:physical_network | extnet |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | External |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2024-09-12T07:29:28Z |
+---------------------------+--------------------------------------+
6.2 创建子网
--subnet-range:子网网段
--gateway:网关
--dhcp:开启dncp服务
--allocation-pool start=192.168.235.20,end=192.168.235.30:地址池
--network:公网名称
[root@controller ~(admin)]# openstack subnet create --subnet-range 192.168.235.0/24 --gateway 192.168.235.2 --dhcp --allocation-pool start=192.168.235.20,end=192.168.235.30 --network public public_sub
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 192.168.235.20-192.168.235.30 |
| cidr | 192.168.235.0/24 |
| created_at | 2024-09-12T07:39:18Z |
| description | |
| dns_nameservers | |
| dns_publish_fixed_ip | None |
| enable_dhcp | True |
| gateway_ip | 192.168.235.2 |
| host_routes | |
| id | 011e78fa-5721-4ab8-896d-724531a1cbe4 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | public_sub |
| network_id | f7708011-070c-42cc-87c0-34948ed692d1 |
| prefix_length | None |
| project_id | dc356bd62eb3411c948b3c11bcddcb12 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2024-09-12T07:39:18Z |
+----------------------+--------------------------------------+
对于普通而言,默认没有环境变量,复制一份,再改
[root@controller ~(admin)]# source keystonerc_haha
[root@controller ~(haha)]# cat keystonerc_haha
unset OS_SERVICE_TOKEN
export OS_USERNAME=haha
export OS_PASSWORD='123456'
export OS_REGION_NAME=RegionOne
export OS_AUTH_URL=http://192.168.235.101:5000/v3
export PS1='[\u@\h \W(haha)]\$ '
export OS_PROJECT_NAME=haha
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
7 创建私网network
7.1 创建网络
[root@controller ~(haha)]# openstack network create private
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2024-09-12T08:26:30Z |
| description | |
| dns_domain | None |
| id | 5d1d896e-76f7-4fe1-8ab9-8db001f4ae6f |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1442 |
| name | private |
| port_security_enabled | True |
| project_id | f3344b52a58648a59aee080187f02a14 |
| provider:network_type | None |
| provider:physical_network | None |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2024-09-12T08:26:30Z |
+---------------------------+--------------------------------------+
7.2 创建子网
[root@controller ~(haha)]# openstack subnet create --subnet-range 192.168.99.0/24 --gateway 192.168.99.254 --dhcp --allocation-pool start=192.168.99.120,end=192.168.99.130 --network private private_sub
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 192.168.99.120-192.168.99.130 |
| cidr | 192.168.99.0/24 |
| created_at | 2024-09-12T08:31:39Z |
| description | |
| dns_nameservers | |
| dns_publish_fixed_ip | None |
| enable_dhcp | True |
| gateway_ip | 192.168.99.254 |
| host_routes | |
| id | df5b2fd2-c3f1-4523-b2ef-a52ac22e166e |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | private_sub |
| network_id | 5d1d896e-76f7-4fe1-8ab9-8db001f4ae6f |
| prefix_length | None |
| project_id | f3344b52a58648a59aee080187f02a14 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2024-09-12T08:31:39Z |
+----------------------+--------------------------------------+
8 创建路由router
[root@controller ~(haha)]# openstack router create router01
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2024-09-12T08:35:38Z |
| description | |
| external_gateway_info | null |
| flavor_id | None |
| id | 01f66819-18ee-42e4-a12e-41e240295393 |
| name | router01 |
| project_id | f3344b52a58648a59aee080187f02a14 |
| revision_number | 1 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2024-09-12T08:35:38Z |
+-------------------------+--------------------------------------+
8.1 创建路由网关router
[root@controller ~(haha)]# openstack router set --external-gateway public router01
8.2 创建接口router
[root@controller ~(haha)]# openstack router add subnet router01 private_sub
9 创建安全组security
[root@controller ~(haha)]# openstack security group create security01
9.1 添加入方向ssh安全策略
[root@controller ~(haha)]# openstack security group rule create --protocol tcp --dst-port 22:22 --ingress security01
9.2 添加入方向ICMP安全策略
[root@controller ~(haha)]# openstack security group rule create --protocol icmp --ingress security01
10 创建密钥对keypair
[root@controller ~(haha)]# openstack keypair create keypair01 > keypair01.pem
11 发放云主机
[root@controller ~(haha)]# openstack server create --flavor m3.haha --image rhe17 --security-group security01 --key-name keypair01 --nic net-id=5d1d896e-76f7-4fe1-8ab9-8db001f4ae6f --min 1 ecs01
12 创建分配EIP
[root@controller ~(haha)]# openstack floating ip create public
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2024-09-13T06:29:23Z |
| description | |
| dns_domain | None |
| dns_name | None |
| fixed_ip_address | None |
| floating_ip_address | 192.168.235.29 |
| floating_network_id | f7708011-070c-42cc-87c0-34948ed692d1 |
| id | 97175e70-8d6d-40c7-9770-97cbc1598303 |
| name | 192.168.235.29 |
| port_details | None |
| port_id | None |
| project_id | f3344b52a58648a59aee080187f02a14 |
| qos_policy_id | None |
| revision_number | 0 |
| router_id | None |
| status | DOWN |
| subnet_id | None |
| tags | [] |
| updated_at | 2024-09-13T06:29:23Z |
+---------------------+--------------------------------------+
[root@controller ~(haha)]# openstack floating ip list
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| 97175e70-8d6d-40c7-9770-97cbc1598303 | 192.168.235.29 | None | None | f7708011-070c-42cc-87c0-34948ed692d1 | f3344b52a58648a59aee080187f02a14 |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
12.1 绑定EIP
[root@controller ~(haha)]# openstack server add floating ip ecs01 192.168.235.29
13 测试
云主机能正常访问外网
外网也能够访问云主机
14 通过密钥对登入
15 创建云硬盘volume
[root@controller ~(haha)]# openstack volume create --size 2 --type iscsi evs01
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2024-09-13T06:45:06.250898 |
| description | None |
| encrypted | False |
| id | cdf0bffe-13bd-4152-8db7-535528ce108b |
| multiattach | False |
| name | evs01 |
| properties | |
| replication_status | None |
| size | 2 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| type | iscsi |
| updated_at | None |
| user_id | 78ad2ef4ac4d4c939ffff8b0cb191b07 |
+---------------------+--------------------------------------+
15.1 挂载硬盘
[root@controller ~(haha)]# openstack server add volume ecs01 evs01
[root@controller ~(haha)]# openstack server add volume --help
usage: openstack server add volume [-h] [--device <device>]
[--enable-delete-on-termination | --disable-delete-on-termination]
<server> <volume>
Add volume to server. Specify ``--os-compute-api-version 2.20`` or higher to
add a volume to a server with status ``SHELVED`` or ``SHELVED_OFFLOADED``.
positional arguments:
<server> Server (name or ID)
<volume> Volume to add (name or ID)
optional arguments:
-h, --help show this help message and exit
--device <device> Server internal device name for volume
--enable-delete-on-termination
Specify if the attached volume should be deleted when
the server is destroyed. (Supported with ``--os-
compute-api-version`` 2.79 or greater.)
--disable-delete-on-termination
Specify if the attached volume should not be deleted
when the server is destroyed. (Supported with ``--os-
compute-api-version`` 2.79 or greater.)
扫一扫
981
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
