回顾下前几节用到的东西
MySQL:为各个服务提供数据存储
RabbitmQ:为各个服务之间提供通信提供交通枢纽
Keystone:为各个服务之间通信提供认证和服务注册
Glance:为虚拟机提供镜像管理
Nova:为虚拟机提供计算资源
Neutron:为虚拟机提供网络
创建一个单一扁平网络和子网
1、创建单一扁平网络
在控制节点上,加载 admin 凭证来获取管理员能执行的命令访问权限:
source admin-openstack.sh ,提供者网络必须使用admin创建,如果source demo-openstack.sh ,不会创建成功
执行命令语法如下
下面命令把provider改成public,表示物理网卡是public这个,这个是映射的那个public,它对应eth0
neutron net-create --shared --provider:physical_network provider
--provider:network_type flat provider
[root@linux-node1 ~]# source admin-openstack.sh
[root@linux-node1 ~]# neutron net-create --shared --provider:physical_network public --provider:network_type flat public-net
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2017-08-06T05:10:04 |
| description | |
| id | dc3a90b3-b3ca-4c3d-8d7a-24587907659e |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1500 |
| name | public-net |
| port_security_enabled | True |
| provider:network_type | flat |
| provider:physical_network | public |
| provider:segmentation_id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | fa594a6ca4b84c5b985628641dd751fe |
| updated_at | 2017-08-06T05:10:05 |
+---------------------------+--------------------------------------+
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 414fd4b622ac4e729d1b618b5313b53c | service |
| 6c91006efd3e4424b5dc3cf302110a79 | demo |
| fa594a6ca4b84c5b985628641dd751fe | admin |
+----------------------------------+---------+
查看创建的网络
[root@linux-node1 ~]# neutron net-list
+--------------------------------------+------------+---------+
| id | name | subnets |
+--------------------------------------+------------+---------+
| dc3a90b3-b3ca-4c3d-8d7a-24587907659e | public-net | |
+--------------------------------------+------------+---------+
执行过如下:
Created a new subnet:
+-------------------+----------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------+
| allocation_pools | {"start": "192.168.1.100", "end": "192.168.1.200"} |
| cidr | 192.168.1.0/24 |
| created_at | 2017-08-06T05:15:11 |
| description | |
| dns_nameservers | 8.8.8.8 |
| enable_dhcp | True |
| gateway_ip | 192.168.1.1 |
| host_routes | |
| id | a7bf2ec3-9b29-47c0-afa8-2497beb996d2 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | public-subnet |
| network_id | dc3a90b3-b3ca-4c3d-8d7a-24587907659e |
| subnetpool_id | |
| tenant_id | fa594a6ca4b84c5b985628641dd751fe |
| updated_at | 2017-08-06T05:15:11 |
+-------------------+----------------------------------------------------+
+--------------------------------------+------------+-----------------------------------------------------+
| id | name | subnets |
+--------------------------------------+------------+-----------------------------------------------------+
| dc3a90b3-b3ca-4c3d-8d7a-24587907659e | public-net | a7bf2ec3-9b29-47c0-afa8-2497beb996d2 192.168.1.0/24 |
+--------------------------------------+------------+-----------------------------------------------------+
[root@linux-node1 ~]# neutron subnet-list
+--------------------------------------+---------------+----------------+----------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+---------------+----------------+----------------------------------------------------+
| a7bf2ec3-9b29-47c0-afa8-2497beb996d2 | public-subnet | 192.168.1.0/24 | {"start": "192.168.1.100", "end": "192.168.1.200"} |
+--------------------------------------+---------------+----------------+----------------------------------------------------+
创建一个nano规格的实例
1、创建nano套餐类型
默认的最小规格的主机需要512 MB内存。对于环境中计算节点内存不足4 GB的,我们推荐创建只需要64 MB的m1.nano规格的主机。
若单纯为了测试的目的,请使用m1.nano规格的主机来加载CirrOS镜像
硬盘是1GB,内存64MB,cpu是1个
[root@linux-node1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
[root@linux-node1 ~]# ssh-keygen -q -N ""
Enter file in which to save the key (/root/.ssh/id_rsa):
[root@linux-node1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 70:da:5c:31:9d:d8:2b:11:eb:ff:20:fa:c3:46:b6:ce |
| name | mykey |
| user_id | 4770f06c75bc40b8a4d2ce6fc0f24286 |
+-------------+-------------------------------------------------+
验证公钥的添加
[root@linux-node1 ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 70:da:5c:31:9d:d8:2b:11:eb:ff:20:fa:c3:46:b6:ce |
+-------+-------------------------------------------------+
2、增加安全组规则
默认情况下,它有一个default安全组,这个安全组阻止了所有访问,这里添加icmp和ssh
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | bd71ecb1-e532-4b95-83cc-4f657cf90abe |
| ip_protocol | icmp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | 8d7a8277-185b-4949-a8f8-ef6e87483138 |
| port_range | |
| remote_security_group | |
+-----------------------+--------------------------------------+
[root@linux-node1 ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 46103014-c729-47fb-a3ae-0c7c4a753403 |
| ip_protocol | tcp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | 8d7a8277-185b-4949-a8f8-ef6e87483138 |
| port_range | 22:22 |
| remote_security_group | |
+-----------------------+--------------------------------------+
3、列出可用镜像、网络、安全组等
创建之前先列出可用类型和列出可用镜像:
[root@linux-node1 ~]# source demo-openstack.sh[root@linux-node1 ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
[root@linux-node1 ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 11a785ae-509e-40cd-85c3-18af791ef66a | cirros | active |
+--------------------------------------+--------+--------+
列出可用网络
[root@linux-node1 ~]# openstack network list
+--------------------------------------+------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+------------+--------------------------------------+
| dc3a90b3-b3ca-4c3d-8d7a-24587907659e | public-net | a7bf2ec3-9b29-47c0-afa8-2497beb996d2 |
+--------------------------------------+------------+--------------------------------------+
列出可用的安全组
[root@linux-node1 ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| 8d7a8277-185b-4949-a8f8-ef6e87483138 | default | Default security group | 6c91006efd3e4424b5dc3cf302110a79 |
+--------------------------------------+---------+------------------------+----------------------------------+
4、创建实例
创建实例的语法如下
openstack server create --flavor m1.tiny --image cirros \
--nic net-
id
=PROVIDER_NET_ID --security-group default \
--key-name mykey provider-instance
如果你选择选项1并且你的环境只有一个网络,你可以省去–nic 选项因为OpenStack会自动选择这个唯一可用的网络。
net-id就是openstack network list 显示的id, 不是subnet的id
执行过程如下:
[root@linux-node1 ~]# openstack server create --flavor m1.nano --image cirros --nic net-id=dc3a90b3-b3ca-4c3d-8d7a-24587907659e --security-group default --key-name mykey provider-instance
+--------------------------------------+-----------------------------------------------+
| Field | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | aoJ9NBmihaz7 |
| config_drive | |
| created | 2017-08-06T06:10:59Z |
| flavor | m1.nano (0) |
| hostId | |
| id | 3365c4b4-d487-4778-ad28-e2c675f085eb |
| image | cirros (11a785ae-509e-40cd-85c3-18af791ef66a) |
| key_name | mykey |
| name | provider-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 6c91006efd3e4424b5dc3cf302110a79 |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2017-08-06T06:11:52Z |
| user_id | 4770f06c75bc40b8a4d2ce6fc0f24286 |
+--------------------------------------+-----------------------------------------------+
+--------------------------------------+-------------------+--------+--------------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------------------+--------+--------------------------+
| 3365c4b4-d487-4778-ad28-e2c675f085eb | provider-instance | ACTIVE | public-net=192.168.1.101 |
+--------------------------------------+-------------------+--------+--------------------------+
计算节点可以看到kvm起来了
[root@linux-node2 ~]# virsh list
Id Name State
----------------------------------------------------
1 instance-00000001 running
创建过程中可以查看计算节点的日志,因为是计算节点创建的虚拟
[root@linux-node2 ~]# tail -f /var/log/nova/nova-compute.log
2017-08-06 14:13:19.589 3221 INFO nova.compute.resource_tracker [req-740c7604-1350-4295-a10f-d75652b4642d - - - - -] Final resource view: name=linux-node2.shi.com phys_ram=1023MB used_ram=576MB phys_disk=46GB used_disk=1GB total_vcpus=1 used_vcpus=1 pci_stats=[]
2017-08-06 14:13:19.841 3221 INFO nova.compute.resource_tracker [req-740c7604-1350-4295-a10f-d75652b4642d - - - - -] Compute_service record updated for linux-node2.shi.com:linux-node2.shi.com
2017-08-06 14:14:14.270 3221 INFO nova.compute.resource_tracker [req-740c7604-1350-4295-a10f-d75652b4642d - - - - -] Auditing locally available compute resources for node linux-node2.shi.com
2017-08-06 14:14:17.336 3221 INFO nova.compute.resource_tracker [req-740c7604-1350-4295-a10f-d75652b4642d - - - - -] Total usable vcpus: 1, total allocated vcpus: 1
2017-08-06 14:14:17.338 3221 INFO nova.compute.resource_tracker [req-740c7604-1350-4295-a10f-d75652b4642d - - - - -] Final resource view: name=linux-node2.shi.com phys_ram=1023MB used_ram=576MB phys_disk=46GB used_disk=1GB total_vcpus=1 used_vcpus=1 pci_stats=[]
2017-08-06 14:14:17.539 3221 INFO nova.compute.resource_tracker [req-740c7604-1350-4295-a10f-d75652b4642d - - - - -] Compute_service record updated for linux-node2.shi.com:linux-node2.shi.com
2017-08-06 14:15:18.450 3221 INFO nova.compute.resource_tracker [req-740c7604-1350-4295-a10f-d75652b4642d - - - - -] Auditing locally available compute resources for node linux-node2.shi.com
2017-08-06 14:15:19.397 3221 INFO nova.compute.resource_tracker [req-740c7604-1350-4295-a10f-d75652b4642d - - - - -] Total usable vcpus: 1, total allocated vcpus: 1
2017-08-06 14:15:19.397 3221 INFO nova.compute.resource_tracker [req-740c7604-1350-4295-a10f-d75652b4642d - - - - -] Final resource view: name=linux-node2.shi.com phys_ram=1023MB used_ram=576MB phys_disk=46GB used_disk=1GB total_vcpus=1 used_vcpus=1 pci_stats=[]
2017-08-06 14:15:19.445 3221 INFO nova.compute.resource_tracker [req-740c7604-1350-4295-a10f-d75652b4642d - - - - -] Compute_service record updated for linux-node2.shi.com:linux-node2.shi.com
grep 'ERROR' /var/log/glance/*
[root@linux-node1 ~]#
grep 'ERROR' /var/log/keystone/*
[root@linux-node1 ~]#
grep 'ERROR' /var/log/nova/*
[root@linux-node1 ~]#
grep 'ERROR' /var/log/neutron/*
[root@linux-node1 ~]# source demo-openstack.sh
[root@linux-node1 ~]# openstack server list
+--------------------------------------+-------------------+--------+--------------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------------------+--------+--------------------------+
| 3365c4b4-d487-4778-ad28-e2c675f085eb | provider-instance | ACTIVE | public-net=192.168.1.101 |
+--------------------------------------+-------------------+--------+--------------------------+
[root@linux-node1 ~]# openstack console url show provider-instance
+-------+----------------------------------------------------------------------------------+
| Field | Value |
+-------+----------------------------------------------------------------------------------+
| type | novnc |
| url | http://192.168.1.2:6080/vnc_auto.html?token=7f9daf00-54b3-4b9f-99eb-a3c30981de38 |
+-------+----------------------------------------------------------------------------------+
查看计算节点端口启动情况,有个5900端口,就是vnc的
[root@linux-node2 ~]# netstat -lntpActive Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 3456/qemu-kvm
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1041/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1728/master
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 1041/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1728/master
查看下连接情况
计算节点的5900端口和控制节点的6080端口
[root@linux-node2 ~]# lsof -i:5900COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
qemu-kvm 3456 qemu 21u IPv4 54787 0t0 TCP *:rfb (LISTEN)
qemu-kvm 3456 qemu 24u IPv4 56301 0t0 TCP linux-node2:rfb->linux-node1:53158 (ESTABLISHED)
[root@linux-node1 ~]# lsof -i:6080
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nova-novn 3509 nova 4u IPv4 26745 0t0 TCP *:6080 (LISTEN)
nova-novn 9627 nova 4u IPv4 26745 0t0 TCP *:6080 (LISTEN)
nova-novn 9627 nova 5u IPv4 74962 0t0 TCP linux-node1:6080->promote.cache-dns.local:52711 (ESTABLISHED)
nova-novn 9629 nova 4u IPv4 26745 0t0 TCP *:6080 (LISTEN)
nova-novn 9629 nova 5u IPv4 74964 0t0 TCP linux-node1:6080->promote.cache-dns.local:52715 (ESTABLISHED)
nova-novn 9630 nova 4u IPv4 26745 0t0 TCP *:6080 (LISTEN)
nova-novn 9630 nova 5u IPv4 74965 0t0 TCP linux-node1:6080->promote.cache-dns.local:52716 (ESTABLISHED)
nova-novn 9631 nova 4u IPv4 26745 0t0 TCP *:6080 (LISTEN)
nova-novn 9631 nova 5u IPv4 74966 0t0 TCP linux-node1:6080->promote.cache-dns.local:52717 (ESTABLISHED)
nova-novn 9633 nova 4u IPv4 26745 0t0 TCP *:6080 (LISTEN)
nova-novn 9633 nova 5u IPv4 74969 0t0 TCP linux-node1:6080->promote.cache-dns.local:52721 (ESTABLISHED)