OpenStack
| 主机名 | 配置 | 网络 |
|---|---|---|
| Controller | 6核10G | 网卡一192.168.100.10/24(本地) |
| 网卡二192.168.200.10/24(NAT) | ||
| Compute | 4核4G | 网卡一192.168.100.20/24(本地) |
| 网卡二192.168.200.20/24(NAT) |
一、基本环境配置
1.1给swift、cinGder创建分区
# 创建swift分区 # 检查磁盘lsblk [root@localhost ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 931.5G 0 disk ├─sda1 8:1 0 1G 0 part /boot └─sda2 8:2 0 515.7G 0 part ├─centos-root 253:0 0 200G 0 lvm / ├─centos-swap 253:1 0 15.7G 0 lvm [SWAP] └─centos-home 253:2 0 300G 0 lvm /home sr0 11:0 1 1024M 0 rom # 进入磁盘并分区 [root@localhost ~]# parted /dev/sda GNU Parted 3.1 Using /dev/sda Welcome to GNU Parted! Type 'help' to view a list of commands. (parted) mkpart # 分区命令 Partition type? primary/extended? primary # 选择主分区 File system type? [ext2]? ext2 # 默认 Start? 702G # 起始 End? 803G # 结束 # 检查是否分区成功 (parted) print Model: ATA ST1000DM003-1SB1 (scsi) Disk /dev/sda: 1000GB Sector size (logical/physical): 512B/4096B Partition Table: msdos Disk Flags: Number Start End Size Type File system Flags 1 1049kB 1075MB 1074MB primary xfs boot 2 1075MB 555GB 554GB primary lvm 3 702GB 803GB 101GB primary # 将分区格式化并查看 [root@localhost ~]# mkfs.xfs /dev/sda3 meta-data=/dev/sda3 isize=512 agcount=4, agsize=6164544 blks = sectsz=4096 attr=2, projid32bit=1 = crc=1 finobt=0, sparse=0 data = bsize=4096 blocks=24658176, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=1 log =internal log bsize=4096 blocks=12040, version=2 = sectsz=4096 sunit=1 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 [root@localhost ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 931.5G 0 disk ├─sda1 8:1 0 1G 0 part /boot ├─sda2 8:2 0 515.7G 0 part │ ├─centos-root 253:0 0 200G 0 lvm / │ ├─centos-swap 253:1 0 15.7G 0 lvm [SWAP] │ └─centos-home 253:2 0 300G 0 lvm /home └─sda3 8:3 0 94.1G 0 part sr0 11:0 1 1024M 0 rom # 创建cinder分区,同上操作
1.2配置网络、主机名
修改和添加/etc/sysconfig/network-scripts/ifcfg-enp*
# controller 节点 # 配置网络 eth0:172.31.125.100 [root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 BOOTPROTO="static" ONBOOT="yes" IPADDR=172.31.125.100 PREFIX=24 GATEWAY=172.31.125.1 DNS1=114.114.114.114 eth1:192.168.200.100 [root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1 BOOTPROTO=static ONBOOT=yes IPADDR=192.168.200.100 PREFIX=24 GATEWAY=192.168.200.254 DNS1=114.114.114.114 # 配置完成重启网卡 systemctl restart network # 检查配置是否正常 [root@controller ~]# ping qq.com PING qq.com (58.247.214.47) 56(84) bytes of data. 64 bytes from 58.247.214.47 (58.247.214.47): icmp_seq=1 ttl=52 time=31.5 ms 64 bytes from 58.247.214.47 (58.247.214.47): icmp_seq=2 ttl=52 time=31.3 ms 64 bytes from 58.247.214.47 (58.247.214.47): icmp_seq=3 ttl=52 time=31.4 ms 64 bytes from 58.247.214.47 (58.247.214.47): icmp_seq=4 ttl=52 time=31.2 ms # 配置主机名: hostnamectl set-hostname controller 按ctrl+d 退出 重新登陆 # compute节点 同上
1.3配置yum源
#Controller和Compute节点 # (1) yum 源备份 mv /etc/yum.repos.d/* /opt/ # 检查是否成功 [root@controller ~]# ls /opt CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo # controller节点 # (2)创建 repo 文件 在/etc/yum.repos.d创建centos.repo源文件 [root@controller ~]# vi /etc/yum.repos.d/centos.repo [root@controller ~]# cat vi /etc/yum.repos.d/centos.repo cat: vi: No such file or directory [centos] name=centos baseurl=file:///opt/centos gpgcheck=0 enabled=1 [iaas] name=iaas baseurl=file:///opt/iaas-repo gpgcheck=0 enabled=1 # compute节点 # 在/etc/yum.repos.d创建centos.repo源文件 [root@localhost ~]# vi /etc/yum.repos.d/centos.repo [root@localhost ~]# cat /etc/yum.repos.d/centos.repo [centos] name=centos baseurl=ftp://172.31.125.100/centos gpgcheck=0 enabled=1 [iaas] name=iaas baseurl=ftp://172.31.125.100/iaas-repo gpgcheck=0 enabled=1 # (3)挂载 iso 文件 #需要先上传镜像到root下!! # 【挂载CentOS-7-x86_64-DVD-1804.iso】 [root@controller ~]# mount -o loop CentOS-7-x86_64-DVD-1804.iso /mnt mount: /dev/loop0 is write-protected, mounting read-only [root@controller ~]# mkdir /opt/centos [root@controller ~]# cp -rvf /mnt/* /opt/centos/ [root@controller ~]# umount /mnt/ # 【挂载XianDian-IaaS-v2.4.iso】 [root@controller ~]# mount -o loop chinaskills_cloud_iaas.iso /mnt/ mount: /dev/loop0 is write-protected, mounting read-only [root@controller ~]# cp -rvf /mnt/* /opt/ # 拷贝 [root@controller ~]# umount /mnt/ # 卸载挂载 #(4)搭建ftp服务器,开启并设置自启 [root@controller ~]# yum install vsftpd -y [root@controller ~]# vi /etc/vsftpd/vsftpd.conf 添加anon_root=/opt/ 保存退出 [root@controller ~]# systemctl start vsftpd # 开启 [root@controller ~]# systemctl enable vsftpd # 设置开机自启 Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service. #(5)配置防火墙和Selinux 【controller/compute】 # systemctl stop firewalld.service # systemctl disable firewalld.service # yum remove -y NetworkManager firewalld # yum -y install iptables-services # systemctl enable iptables # systemctl restart iptables # iptables -F # iptables -X # iptables -Z # service iptables save [root@controller ~]# vi /etc/selinux/config SELINUX=permissive #(6)清除缓存,验证yum源【controller/compute】 # yum clean all # yum list # 完成以上操作reboot重启 # 重启完成查询getenforce #检查selinux 为permissive
1.4 配置域名解析
# 修改/eth/hosts 添加以下内容 # controller节点 172.31.125.100 controller 172.31.125.200 compute # compute节点 172.31.125.100 controller 172.31.125.200 compute
1.5编辑环境变量
controller 和 computer 节点
# yum install iaas-xiandian -y # 编辑文件/etc/xiandian/openrc.sh,此文件是安装过程中的各项参数,根据每项参数上一行的说明及服务器实际情况进行配置。 # 输入:%s/^#//g =表示 所有以#开头的删掉#号 #--------------------system Config--------------------## #Controller Server Manager IP. example:x.x.x.x HOST_IP=172.31.125.100 #Controller HOST Password. example:000000 HOST_PASS=000000 #Controller Server hostname. example:controller HOST_NAME=controller #Compute Node Manager IP. example:x.x.x.x HOST_IP_NODE=172.31.125.200 #Compute HOST Password. example:000000 HOST_PASS_NODE=000000 #Compute Node hostname. example:compute HOST_NAME_NODE=compute #--------------------Chrony Config-------------------## #Controller network segment IP. example:x.x.0.0/16(x.x.x.0/24) network_segment_IP=172.31.125.0/24 #--------------------Rabbit Config ------------------## #user for rabbit. example:openstack RABBIT_USER=openstack #Password for rabbit user .example:000000 RABBIT_PASS=000000 #--------------------MySQL Config---------------------## #Password for MySQL root user . exmaple:000000 DB_PASS=000000 #--------------------Keystone Config------------------## #Password for Keystore admin user. exmaple:000000 DOMAIN_NAME=demo ADMIN_PASS=000000 DEMO_PASS=000000 #Password for Mysql keystore user. exmaple:000000 KEYSTONE_DBPASS=000000 #--------------------Glance Config--------------------## #Password for Mysql glance user. exmaple:000000 GLANCE_DBPASS=000000 #Password for Keystore glance user. exmaple:000000 GLANCE_PASS=000000 #--------------------Nova Config----------------------## #Password for Mysql nova user. exmaple:000000 NOVA_DBPASS=000000 #Password for Keystore nova user. exmaple:000000 NOVA_PASS=000000 #--------------------Neturon Config-------------------## #Password for Mysql neutron user. exmaple:000000 NEUTRON_DBPASS=000000 #Password for Keystore neutron user. exmaple:000000 NEUTRON_PASS=000000 #metadata secret for neutron. exmaple:000000 METADATA_SECRET=000000 #Tunnel Network Interface. example:x.x.x.x INTERFACE_IP=172.31.125.100 #External Network Interface. example:eth1 INTERFACE_NAME=eth0 #External Network The Physical Adapter. example:provider Physical_NAME=provider #First Vlan ID in VLAN RANGE for VLAN Network. exmaple:101 minvlan=101 #Last Vlan ID in VLAN RANGE for VLAN Network. example:200 maxvlan=200 #--------------------Cinder Config--------------------## #Password for Mysql cinder user. exmaple:000000 CINDER_DBPASS=000000 #Password for Keystore cinder user. exmaple:000000 CINDER_PASS=000000 #Cinder Block Disk. example:md126p3 BLOCK_DISK=sda3 #--------------------Swift Config---------------------## #Password for Keystore swift user. exmaple:000000 SWIFT_PASS=000000 #The NODE Object Disk for Swift. example:md126p4. OBJECT_DISK=sda4 #The NODE IP for Swift Storage Network. example:x.x.x.x. STORAGE_LOCAL_NET_IP=172.31.125.200 #--------------------Heat Config----------------------## #Password for Mysql heat user. exmaple:000000 HEAT_DBPASS=000000 #Password for Keystore heat user. exmaple:000000 HEAT_PASS=000000 #--------------------Zun Config-----------------------## #Password for Mysql Zun user. exmaple:000000 ZUN_DBPASS=000000 #Password for Keystore Zun user. exmaple:000000 ZUN_PASS=000000 #Password for Mysql Kuryr user. exmaple:000000 KURYR_DBPASS=000000 #Password for Keystore Kuryr user. exmaple:000000 KURYR_PASS=000000 #--------------------Ceilometer Config----------------## #Password for Gnocchi ceilometer user. exmaple:000000 CEILOMETER_DBPASS=000000 #Password for Keystore ceilometer user. exmaple:000000 CEILOMETER_PASS=000000 #--------------------AODH Config----------------## #Password for Mysql AODH user. exmaple:000000 AODH_DBPASS=000000 #Password for Keystore AODH user. exmaple:000000 AODH_PASS=000000 #--------------------Barbican Config----------------## #Password for Mysql Barbican user. exmaple:000000 BARBICAN_DBPASS=000000 #Password for Keystore Barbican user. exmaple:000000 BARBICAN_PASS=000000 # 以上操作完成 输入:%s/^#//g 表示 所有以#开头的删掉#号 # 使用scp命令拷贝到compute节点: [root@controller ~]# scp /etc/xiandian/openrc.sh compute://etc/xiandian openrc.sh 100% 3818 1.6MB/s 00:00 # 配置完成后生效变量:source /etc/xiandian/openrc.sh # 计算节点需要改Tunnel ip
1.6通过脚本安装服务
服务包含 openstack包、chrony
# 执行脚本iaas-pre-host.sh进行安装 Controller节点和Compute节点 [root@controller ~]# iaas-pre-host.sh # 安装完成后同时重启 [root@controller ~]# reboot
二、OpenStack搭建
2.1安装数据库等服务
# Controller节点 # 执行脚本iaas-install-mysql.sh进行安装 # 执行时如果出现了以下问题: [root@controller ~]# iaas-install-mysql.sh Warning Please make sure the network configuration is correct! # 是因为脚本配置中#号没有去掉 使用: sed -i 's/#//' /etc/xiandian/openrc.sh # 去掉配置文件中的#号
2.2安装keystone服务
# Controller节点 [root@controller ~]# iaas-install-keystone.sh
2.3安装glance服务
# Controller节点 [root@controller ~]# iaas-install-glance.sh
2.4安装nova服务
#Controller节点 [root@controller ~]# iaas-install-nova-controller.sh #Compute节点 [root@compute ~]# iaas-install-nova-compute.sh
2.5安装Neutron网络服务
#Controller节点 执行脚本iaas-install-neutron-controller.sh进行安装 #Compute节点 执行脚本iaas-install-neutron-compute.sh进行安装
2.6安装Dashboard服务
#Controller 执行脚本iaas-install-dashboard.sh进行安装 # 检查 # 打开浏览器访问Dashboard,http://controller(或本机内网ip)/dashboard # 注:检查防火墙规则,确保允许http服务相关端口通行,或者关闭防火墙。 #创建云主机 #(1)管理员->资源管理->云主机类型->创建云主机类型 #(2)管理员->网络->网络->创建网络 #(3)项目->网络->安全组->管理规则->添加规则(ICMP、TCP、UDP) #(4)项目->资源管理->云主机->创建云主机
2.7安装Cinder块存储服务
#Controller 执行脚本iaas-install-cinder-controller.sh进行安装 #Compute节点 执行脚本iaas-install-cinder-compute.sh进行安装
2.8安装Swift对象存储服务
#Controller 执行脚本iaas-install-swift-controller.sh进行安装 #Compute节点 执行脚本iaas-install-swift-compute.sh进行安装
2.9安装Heat编配服务
#Controller节点 执行脚本iaas-install-heat.sh进行安装
3.0安装Zun服务
#Controller节点 执行脚本iaas-install-zun-controller.sh进行安装 #Compute节点 执行脚本iaas-install-zun-compute.sh进行安装
3.1安装Ceilometer监控服务
#Controller节点 执行脚本iaas-install-ceilometer-controller.sh进行安装 #Compute节点 执行脚本iaas-install-ceilometer-compute.sh进行安装
3.2安装Aodh监控服务
#Controller节点 执行脚本iaas-install-aodh.sh进行安装
3.3添加控制节点资源到云平台
# 修改compute节点 /etc/xiandian/openrc.sh # 把compute节点的IP和主机名改为controller节点的IP和主机名 # 修改完成运行 iaas-install-nova-compute.sh ,执行过程中需要确认登录controller节点和输入controller节点root用户密码。
三、Open Stack 运维
-
使用openstack环境变量命令前 输入启动命令
-
-
source /etc/xiandian/openrc.sh
-
4.1创建镜像(glance)
# 在openstack私有云平台上,基于cirrors.qcow2镜像,使用命令创建一共名为cirros的镜像 # 查看创建镜像帮助命令 [root@compute ~]# glance --help | grep create image-create Create a new image. image-create-via-import md-namespace-create md-object-create Create a new metadata definitions object inside a md-property-create Create a new metadata definitions property inside a md-tag-create Add a new metadata definitions tag inside a namespace. md-tag-create-multiple member-create Create member for a given image. task-create Create a new task. # 查看创建镜像说明书 [root@compute ~]# glance help image-create usage: glance image-create [--architecture <ARCHITECTURE>] [--protected [True|False]] [--name <NAME>] [--instance-uuid <INSTANCE_UUID>] [--min-disk <MIN_DISK>] [--visibility <VISIBILITY>] [--kernel-id <KERNEL_ID>] [--tags <TAGS> [<TAGS> ...]] [--os-version <OS_VERSION>] [--disk-format <DISK_FORMAT>] [--os-distro <OS_DISTRO>] [--id <ID>] [--owner <OWNER>] [--ramdisk-id <RAMDISK_ID>] [--min-ram <MIN_RAM>] [--container-format <CONTAINER_FORMAT>] [--property <key=value>] [--file <FILE>] [--progress] Create a new image. Optional arguments: --architecture <ARCHITECTURE> Operating system architecture as specified in http://docs.openstack.org/user-guide/common/cli- manage-images.html --protected [True|False] If true, image will not be deletable. --name <NAME> Descriptive name for the image --instance-uuid <INSTANCE_UUID> Metadata which can be used to record which instance this image is associated with. (Informational only, does not create an instance snapshot.) --min-disk <MIN_DISK> Amount of disk space (in GB) required to boot image. --visibility <VISIBILITY> Scope of image accessibility Valid values: public, private, community, shared --kernel-id <KERNEL_ID> ID of image stored in Glance that should be used as the kernel when booting an AMI-style image. --tags <TAGS> [<TAGS> ...] List of strings related to the image --os-version <OS_VERSION> Operating system version as specified by the distributor --disk-format <DISK_FORMAT> Format of the disk Valid values: None, ami, ari, aki, vhd, vhdx, vmdk, raw, qcow2, vdi, iso, ploop --os-distro <OS_DISTRO> Common name of operating system distribution as specified in http://docs.openstack.org/user- guide/common/cli-manage-images.html --id <ID> An identifier for the image --owner <OWNER> Owner of the image --ramdisk-id <RAMDISK_ID> ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image. --min-ram <MIN_RAM> Amount of ram (in MB) required to boot image. --container-format <CONTAINER_FORMAT> Format of the container Valid values: None, ami, ari, aki, bare, ovf, ova, docker --property <key=value> Arbitrary property to associate with image. May be used multiple times. --file <FILE> Local file that contains disk image to be uploaded during creation. Alternatively, the image data can be passed to the client via stdin. --progress Show upload progress bar. Run `glance --os-image-api-version 1 help image-create` for v1 help # 根据帮助命令创建镜像 [root@controller keystone]# glance image-create --name cirros --disk-format qcow2 --container-format bare --file /opt//images/CentOS_7.2_x86_64_XD.qcow2 --progress [=============================>] 100% +------------------+--------------------------------------+ | Property | Value | +------------------+--------------------------------------+ | checksum | ea197f4c679b8e1ce34c0aa70ae2a94a | | container_format | bare | | created_at | 2021-12-22T16:18:44Z | | disk_format | qcow2 | | id | 677d0408-68fa-48b4-84a6-9e4a71f6541b | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | 7b335087b5b44dbf8d74f04c68cd3d68 | | protected | False | | size | 400752640 | | status | active | | tags | [] | | updated_at | 2021-12-22T16:18:47Z | | virtual_size | None | | visibility | shared | +------------------+--------------------------------------+ # --name cirros //名称 # --disk-format qcow2 //磁盘格式 # --container-format bare //容器格式 # --file //本地文件 # --progress //进度条 # 创建完成输入显示命令: [root@controller keystone]# glance image-list +--------------------------------------+--------+ | ID | Name | +--------------------------------------+--------+ | 677d0408-68fa-48b4-84a6-9e4a71f6541b | cirros | +--------------------------------------+--------+ # 显示详细信息的命令: glance image-show 加ID [root@controller keystone]# glance image-show 677d0408-68fa-48b4-84a6-9e4a71f6541b +------------------+--------------------------------------+ | Property | Value | +------------------+--------------------------------------+ | checksum | ea197f4c679b8e1ce34c0aa70ae2a94a | | container_format | bare | | created_at | 2021-12-22T16:18:44Z | | disk_format | qcow2 | | id | 677d0408-68fa-48b4-84a6-9e4a71f6541b | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | 7b335087b5b44dbf8d74f04c68cd3d68 | | protected | False | | size | 400752640 | | status | active | | tags | [] | | updated_at | 2021-12-22T16:18:47Z | | virtual_size | None | | visibility | shared | +------------------+--------------------------------------+
创建镜像如果出现以下错误
[root@controller ~]# glance image-create --name CentOS7.5 --disk-format qcow2 --disk-format qcow2 --file /opt/images/CentOS_7.5_x86_64_XD.qcow2 --progress You must provide a username via either --os-username or env[OS_USERNAME]
假设我准备使用glance命令上传一个镜像,或者获取openstack的token啊等等,有关涉及到openstack 的敏感信息。所谓敏感信息,其实也就是牵涉到openstack的各种REST:API 等等
[root@controller ~]# source /etc/keystone/admin-openrc.sh
那么我们可以查看一下我们的admin-openrc这个文件
[root@controller images]# vi /etc/keystone/admin-openrc export OS_PROJECT_DOMAIN_NAME=demo export OS_USER_DOMAIN_NAME=demo export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=000000 export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
那么从这里我们可看出
这个admin-openrc文件中包含了我们发送请求所需的各种信息。
所以每次我们只需要source一下我们的该环境变量就可以啦。
4.2创建云主机类型(nova)
使用命令创建一共名为ml.flavor,ID为1234,内存为1024MB,磁盘为10GB,vcpu数量为1的云主机类型
# 查看创建flavor说明书 [root@controller ~]# nova help flavor-create usage: nova flavor-create [--ephemeral <ephemeral>] [--swap <swap>] [--rxtx-factor <factor>] [--is-public <is-public>] [--description <description>] <name> <id> <ram> <disk> <vcpus> Create a new flavor. Positional arguments: <name> Unique name of the new flavor. <id> Unique ID of the new flavor. Specifying 'auto' will generated a UUID for the ID. <ram> Memory size in MB. <disk> Disk size in GB. <vcpus> Number of vcpus Optional arguments: --ephemeral <ephemeral> Ephemeral space size in GB (default 0). --swap <swap> Additional swap space size in MB (default 0). --rxtx-factor <factor> RX/TX factor (default 1). --is-public <is-public> Make flavor accessible to the public (default true). --description <description> A free form description of the flavor. Limited to 65535 characters in length. Only printable characters are allowed. (Supported by API versions '2.55' - '2.latest') # 创建flavor类型 [root@controller ~]# nova flavor-create f1 1234 1024 10 1 +------+------+-----------+------+-----------+------+-------+-------------+-----------+-------------+ | ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public | Description | +------+------+-----------+------+-----------+------+-------+-------------+-----------+-------------+ | 1234 | f1 | 1024 | 10 | 0 | | 1 | 1.0 | True | - | +------+------+-----------+------+-----------+------+-------+-------------+-----------+-------------+ # f1 //名称 # 1234 //ID # 1024 //运行内存 # 10 //磁盘空间 # 1 //vcpus
4.3创建云主机外部网络与子网
使用命令创建云主机外部网络ext-net,子网ext-subnet,虚拟机浮动 IP 网段为1,网关为192.168.200.2
# 查询创建外网说明书 [root@controller ~]# openstack help network create # 创建外部网络 [root@controller ~]# openstack network create ext-net --external --provider-physical-network provider --provider-network-type vlan +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2021-12-23T04:16:32Z | | description | | | dns_domain | None | | id | 57eb9744-04fb-4bd5-a4f1-a307548eab3f | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | mtu | 1500 | | name | ext-net | | port_security_enabled | True | | project_id | 7b335087b5b44dbf8d74f04c68cd3d68 | | provider:network_type | vlan | | provider:physical_network | provider | | provider:segmentation_id | 109 | | qos_policy_id | None | | revision_number | 5 | | router:external | External | | segments | None | | shared | False | | status | ACTIVE | | subnets | | | tags | | | updated_at | 2021-12-23T04:16:32Z | +---------------------------+--------------------------------------+
-
创建外部网络参数解读:
| 网络参数 | 含义用法 |
|---|---|
| provider-network-type | <供应商网络类型> |
| provider-physical-network | <供应商物理设备名> 注:创建Flat VLAN网络类型时需要 |
| provider-segment | <段 ID> 注:创建VLAN GRE VXLAN Geneve网络类型时需要 |
| external | 外部网络 |
注:若使用 虚拟机 搭建,外部网络类型请选择
Flat;若使用 服务器 搭建,外部网络类型请选择VLAN;注意不要重复执行命令,二选一执行。
创建外网子网
# 查看创建子网说明书 [root@controller ~]# openstack help subnet create [root@controller ~]# openstack subnet create ext-subnet --gateway 172.31.125.1 --subnet-range 172.31.125.0/24 --network ext-net --dhcp +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 172.31.125.2-172.31.125.254 | | cidr | 172.31.125.0/24 | | created_at | 2021-12-23T04:24:07Z | | description | | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 172.31.125.1 | | host_routes | | | id | 46467042-3a6e-4674-95a1-5ffee5c0eee0 | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | ext-subnet | | network_id | 57eb9744-04fb-4bd5-a4f1-a307548eab3f | | project_id | 7b335087b5b44dbf8d74f04c68cd3d68 | | revision_number | 0 | | segment_id | None | | service_types | | | subnetpool_id | None | | tags | | | updated_at | 2021-12-23T04:24:07Z | +-------------------+--------------------------------------+
-
创建子网参数解读:
| 子网参数 | 含义用法 |
|---|---|
| network | <网络名> |
| gateway | <网关地址> |
| subnet-range | <网络地址> |
| allocation-pool | <start=始IP,end=尾IP> |
| dhcp | 开启 DHCP 服务 |
4.4创建内网与子网
使用命令创建云主机内网intnet,子网extsubnet,虚拟机浮动 IP 网段为10.10.1.0/24,网关为10.10.1.1
# 创建内网 [root@controller ~]# openstack network create int-net --provider-network-type vxlan --provider-segment 1 +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2021-12-23T04:37:39Z | | description | | | dns_domain | None | | id | 09c94b1e-24ef-40c1-89df-2c613d4d5ab2 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | mtu | 1450 | | name | int-net | | port_security_enabled | True | | project_id | 7b335087b5b44dbf8d74f04c68cd3d68 | | provider:network_type | vxlan | | provider:physical_network | None | | provider:segmentation_id | 1 | | qos_policy_id | None | | revision_number | 2 | | router:external | Internal | | segments | None | | shared | False | | status | ACTIVE | | subnets | | | tags | | | updated_at | 2021-12-23T04:37:40Z | +---------------------------+--------------------------------------+
创建内网子网
[root@controller ~]# openstack subnet create int-subnet --subnet-range 10.10.10.0/24 --network int-net --gateway 10.10.10.1 +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 10.10.10.2-10.10.10.254 | | cidr | 10.10.10.0/24 | | created_at | 2021-12-23T04:38:49Z | | description | | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 10.10.10.1 | | host_routes | | | id | 29d83636-40a4-4d36-8d08-5311205a4b2a | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | int-subnet | | network_id | 09c94b1e-24ef-40c1-89df-2c613d4d5ab2 | | project_id | 7b335087b5b44dbf8d74f04c68cd3d68 | | revision_number | 0 | | segment_id | None | | service_types | | | subnetpool_id | None | | tags | | | updated_at | 2021-12-23T04:38:49Z | +-------------------+--------------------------------------+
添加路由器
添加名为 ext-router 的路由器,配置路由接口地址,完成内网子网intsubnet 和外部网络 extnet 的连通
必须先设置路由网关外部网络,再添加内部网络子网接口
# 创建路由器 [root@controller ~]# openstack router create ext-router +-------------------------+--------------------------------------+ | Field | Value | +-------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2021-12-23T04:40:07Z | | description | | | distributed | False | | external_gateway_info | None | | flavor_id | None | | ha | False | | id | b4ee803a-0e6e-468d-85af-e0de7584f4b1 | | name | ext-router | | project_id | 7b335087b5b44dbf8d74f04c68cd3d68 | | revision_number | 0 | | routes | | | status | ACTIVE | | tags | | | updated_at | 2021-12-23T04:40:07Z | +-------------------------+--------------------------------------+ # ext-router绑定外部网络ext-net [root@controller ~]# openstack router set ext-router --external-gateway ext-net # ext-router绑定子网的intsubnet [root@controller ~]# openstack router add subnet ext-router int-subnet
完成如下图:
4.5创建云主机
基于 “cirros” 镜像、ml.flavor、 intsubnet 的网络,绑定浮动IP,通过命令创建一台云主机migration,启动 migration, 并使用PC机能远程登录到VM1
[root@controller ~]# nova boot VM1 --flavor f1 --image cirros --nic net-name=int-net --security-groups default
+--------------------------------------+-----------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | - |
| OS-EXT-SRV-ATTR:hostname | vm1 |
| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
| OS-EXT-SRV-ATTR:instance_name | |
| OS-EXT-SRV-ATTR:kernel_id | |
| OS-EXT-SRV-ATTR:launch_index | 0 |
| OS-EXT-SRV-ATTR:ramdisk_id | |
| OS-EXT-SRV-ATTR:reservation_id | r-4trj3nvr |
| OS-EXT-SRV-ATTR:root_device_name | - |
| OS-EXT-SRV-ATTR:user_data | - |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | a6vf3dXeUAF5 |
| config_drive | |
| created | 2021-12-23T04:44:42Z |
| description | - |
| flavor:disk | 10 |
| flavor:ephemeral | 0 |
| flavor:extra_specs | {} |
| flavor:original_name | f1 |
| flavor:ram | 1024 |
| flavor:swap | 0 |
| flavor:vcpus | 1 |
| hostId | |
| host_status | |
| id | 8ad3efd0-99ea-4992-9a38-6472f3515a88 |
| image | cirros (677d0408-68fa-48b4-84a6-9e4a71f6541b) |
| key_name | - |
| locked | False |
| metadata | {} |
| name | VM1 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tags | [] |
| tenant_id | 7b335087b5b44dbf8d74f04c68cd3d68 |
| updated | 2021-12-23T04:44:42Z |
| user_id | 9ee96e78660e42708b0e3c323a4b7386 |
+--------------------------------------+-----------------------------------------------+
# 创建浮动IP
[root@controller ~]# openstack floating ip create ext-net --floating-ip-address 172.31.125.104
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2021-12-23T04:45:48Z |
| description | |
| fixed_ip_address | None |
| floating_ip_address | 172.31.125.104 |
| floating_network_id | 57eb9744-04fb-4bd5-a4f1-a307548eab3f |
| id | 6f6d1601-5b8c-43a8-8938-4528585729cd |
| name | 172.31.125.104 |
| port_id | None |
| project_id | 7b335087b5b44dbf8d74f04c68cd3d68 |
| qos_policy_id | None |
| revision_number | 0 |
| router_id | None |
| status | DOWN |
| subnet_id | None |
| updated_at | 2021-12-23T04:45:48Z |
+---------------------+--------------------------------------+
# 绑定浮动IP
[root@controller ~]# openstack server add floating ip VM1 172.31.125.104
-
创建云主机参数讲解
| 参数 | 含义 |
|---|---|
| master | 名称 |
| --flavor | 指定云主机类型 |
| --image | 指定镜像 |
| --nic net-name | 以网络名称指定网络 |
| --security-groups | 指定安全组 |
完成如图:
4.6 安全组设置
创建default规则允许所有的TCP、UDP和ICMP
# 1.使用命令创建安全组: [root@controller ~]# openstack security group create all //创建安全组all +-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+ | created_at | 2021-12-23T04:49:25Z | | description | all | | id | f2869b94-801f-45c6-8cc9-aded1576aad4 | | name | all | | project_id | 7b335087b5b44dbf8d74f04c68cd3d68 | | revision_number | 2 | | rules | created_at='2021-12-23T04:49:25Z', direction='egress', ethertype='IPv6', id='e5687d81-2ed8-4a78-9bc3-1294ee115ccf', updated_at='2021-12-23T04:49:25Z' | | | created_at='2021-12-23T04:49:25Z', direction='egress', ethertype='IPv4', id='ff91d2d5-9ecf-4eba-aca2-067dab43355c', updated_at='2021-12-23T04:49:25Z' | | updated_at | 2021-12-23T04:49:25Z | +-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+ # 2.添加安全组规则:openstack security group rule create 使用该命令创建安全组规则 openstack security group rule create --ingress --protocol tcp all openstack security group rule create --ingress --protocol udp all openstack security group rule create --ingress --protocol icmp all openstack security group rule create --egress --protocol tcp all openstack security group rule create --egress --protocol udp all openstack security group rule create --egress --protocol icmp all
如果云主机打不开处理办法
一般是compute节点上/etc/nova/nova.conf配置文件的vnc配置不当
将这两个IP改为控制节点IP
修改完成后 systemctl restart openstack-nova-compute.service重启服务
即可
想安装上系统需要创建一个卷 将卷连接上云主机
不要想着照抄!!!!自己多打命令多练!!!不会的就help查看说明书!!!
6057
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
