OpenStack使用CentOS7官方通用雲映象建立虛擬機器例項
阿新 • • 發佈:2019-01-18
實驗環境:
- OpenStack Queens社群版
- 1控制節點、1計算節點、1塊儲存節點
- 單網絡卡provider供應商網路模式
作業系統版本
[root@controller ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[root@controller ~]# uname -sr
Linux 4.16.3-1.el7.elrepo.x86_64
1.下載qcow2格式的CentOS官方通用雲映象
執行環境變數(官網有說明)
[root@controller ~]# . admin-openrc
下載CentOS雲映象:
wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-1802.qcow2c
2.上傳映象到Glance
[[email protected] ~]# openstack image create "CentOS7-image" \
--file CentOS-7-x86_64-GenericCloud-1802.qcow2c \
--disk-format qcow2 --container-format bare \
--public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | c5e362d0fb6e367ab16a5fbbed2ec1ce |
| container_format | bare |
| created_at | 2018-05-16T02:06:12Z |
| disk_format | qcow2 |
| file | /v2/images/de63a620-43da-4325-9ed5-cce8e74451f0/file |
| id | de63a620-43da-4325-9ed5-cce8e74451f0 |
| min_disk | 0 |
| min_ram | 0 |
| name | CentOS7-image |
| owner | 2059d5d40c6a4d4ea37e5a80aa46b891 |
| protected | False |
| schema | /v2/schemas/image |
| size | 394918400 |
| status | active |
| tags | |
| updated_at | 2018-05-16T02:06:26Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
檢視上傳的映象
[[email protected] ~]# openstack image list
+--------------------------------------+---------------+--------+
| ID | Name | Status |
+--------------------------------------+---------------+--------+
| de63a620-43da-4325-9ed5-cce8e74451f0 | CentOS7-image | active |
| d81e109c-acb0-4f65-b739-58b9595282e7 | cirros | active |
+--------------------------------------+---------------+--------+
3.建立例項前的準備工作
要啟動例項,必須至少指定flavor、映象名稱、網路、安全組、金鑰和例項名稱。
如果已經執行則跳過此項。
照搬官方文件:https://docs.openstack.org/install-guide/launch-instance.html#
建立供應商網路
在控制節點上,獲取admin使用者憑證以訪問僅管理員的CLI命令:
[root@controller ~]# . admin-openrc
[[email protected] ~]# openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2018-04-22T09:49:19Z |
| description | |
| dns_domain | None |
| id | 1daecc49-121e-4bb2-b161-3fdb6f104434 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | provider |
| port_security_enabled | True |
| project_id | 2059d5d40c6a4d4ea37e5a80aa46b891 |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 4 |
| router:external | External |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2018-04-22T09:49:19Z |
+---------------------------+--------------------------------------+
在網路上建立子網
[[email protected] ~]# openstack subnet create --network provider \
> --allocation-pool start=192.168.92.100,end=192.168.92.110 \
> --dns-nameserver 114.114.114.114 --gateway 192.168.92.2 \
> --subnet-range 192.168.92.0/24 provider
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 192.168.92.100-192.168.92.110 |
| cidr | 192.168.92.0/24 |
| created_at | 2018-06-10T14:48:05Z |
| description | |
| dns_nameservers | 114.114.114.114 |
| enable_dhcp | True |
| gateway_ip | 192.168.92.2 |
| host_routes | |
| id | 639dcbb3-9bdf-4db8-9734-c4556f1e7972 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | provider |
| network_id | 891787bb-ce4a-4b41-b222-1493ec30035c |
| project_id | 9a8169bc534e4705816e97bff4d2866b |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2018-06-10T14:48:05Z |
+-------------------+--------------------------------------+
建立例項型別
[[email protected] ~]# openstack flavor create --id 1 --vcpus 2 --ram 1024 --disk 10 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 10 |
| id | 1 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| properties | |
| ram | 1024 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 2 |
+----------------------------+---------+
生成祕鑰對
生成金鑰(一個公鑰檔案和一個私鑰檔案),預設儲存在/root/.ssh/目錄下
[[email protected] ~]# ssh-keygen -q -N ""
Enter file in which to save the key (/root/.ssh/id_rsa):
[[email protected] ~]# ll /root/.ssh/
total 12
-rw------- 1 root root 1675 Jun 11 13:26 id_rsa #生成的私鑰檔案
-rw-r--r-- 1 root root 397 Jun 11 13:26 id_rsa.pub #生成的公鑰檔案
建立祕鑰對,並將生成的公鑰檔案新增到祕鑰對:
[[email protected] ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub testkey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | aa:e7:ee:6b:1d:c8:85:9f:11:d6:23:45:85:f2:aa:4a |
| name | testkey |
| user_id | 19ba7d00b87c4132b4fc0c6ee8555fef |
+-------------+-------------------------------------------------+
新增安全組規則,允許對例項進行ping和ssh訪問
[[email protected] ~]# openstack security group rule create --proto icmp default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2018-04-22T09:58:50Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 25873007-b5e0-48f8-9e5e-ae9251680bef |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 07f75876b05945e0816b6e219ee6c9f7 |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 5a0ff59e-01a4-4959-bf79-148d9ebff8d6 |
| updated_at | 2018-04-22T09:58:50Z |
+-------------------+--------------------------------------+
[[email protected] ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2018-04-22T09:59:44Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 7c187ba7-0436-45e6-8fb6-4028ae23504d |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 07f75876b05945e0816b6e219ee6c9f7 |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 5a0ff59e-01a4-4959-bf79-148d9ebff8d6 |
| updated_at | 2018-04-22T09:59:44Z |
+-------------------+--------------------------------------+
確認相關配置
[[email protected] ~]# . demo-openrc
檢視例項型別
[[email protected] ~]# openstack flavor list
+----+---------+-----+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+---------+-----+------+-----------+-------+-----------+
| 1 | m2.nano | 128 | 1 | 0 | 4 | True |
+----+---------+-----+------+-----------+-------+-----------+
檢視映象
[[email protected] ~]# openstack image list
+--------------------------------------+-----------------+--------+
| ID | Name | Status |
+--------------------------------------+-----------------+--------+
| d81e109c-acb0-4f65-b739-58b9595282e7 | cirros | active |
+--------------------------------------+-----------------+--------+
檢視網路
[[email protected] ~]# openstack network list
+--------------------------------------+----------+----------------------------------
| ID | Name | Subnets |
+--------------------------------------+----------+----------------------------------
| 1daecc49-121e-4bb2-b161-3fdb6f104434 | provider | 0d276553-2cce-47a5-a57a-7f8997c7530c |
+--------------------------------------+----------+---------------------------------
檢視子網
[[email protected] ~]# neutron subnet-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+----------+----------------------------------+-----------------+------------------------------------------------------+
| id | name | tenant_id | cidr | allocation_pools |
+--------------------------------------+----------+----------------------------------+-----------------+------------------------------------------------------+
| 0d276553-2cce-47a5-a57a-7f8997c7530c | provider | 2059d5d40c6a4d4ea37e5a80aa46b891 | 192.168.92.0/24 | {"start": "192.168.92.100", "end": "192.168.92.110"} |
+--------------------------------------+----------+----------------------------------+-----------------+------------------------------------------------------+
檢視安全組
[[email protected] ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------
| 0b8e6943-af2e-4b16-9f06-da3ceb17e105 | default | Default security group | 07f75876b05945e0816b6e219ee6c9f7 |
+--------------------------------------+---------+------------------------+----------
檢視安全組規則
[[email protected] ~]# openstack security group rule list
+--------------------------------------+-------------+-----------+------------+------
| ID | IP Protocol | IP Range | Port Range | Remote Security Group | Security Group |
+--------------------------------------+-------------+-----------+------------+------
| 001beda6-dc2f-4407-a76d-06bf8f883fd5 | None | None | | 0b8e6943-af2e-4b16-9f06-da3ceb17e105 | 0b8e6943-af2e-4b16-9f06-da3ceb17e105 |
| 216c5d37-651d-43db-b887-0f21907ce43b | None | None | | None | 0b8e6943-af2e-4b16-9f06-da3ceb17e105 |
| 3e4b2165-0cc9-40ab-9eb1-8a8cb6898e46 | None | None | | None | 0b8e6943-af2e-4b16-9f06-da3ceb17e105 |
| 9f42fee7-fe56-4700-8bc0-d25f19c9eca3 | None | None | | 0b8e6943-af2e-4b16-9f06-da3ceb17e105 | 0b8e6943-af2e-4b16-9f06-da3ceb17e105 |
| b5727d6d-f7ac-46ed-963b-32d42787cca9 | tcp | 0.0.0.0/0 | 22:22 | None | 0b8e6943-af2e-4b16-9f06-da3ceb17e105 |
| ce4f6edf-a59d-445c-ab8f-d396cb3178b6 | icmp | 0.0.0.0/0 | | None | 0b8e6943-af2e-4b16-9f06-da3ceb17e105 |
+------------------------------+-------------+-----------+------------+------------+
檢視祕鑰對
[[email protected] ~]# openstack keypair list
+---------+-------------------------------------------------+
| Name | Fingerprint |
+---------+-------------------------------------------------+
| testkey | aa:e7:ee:6b:1d:c8:85:9f:11:d6:23:45:85:f2:aa:4a |
+---------+-------------------------------------------------+
4.使用上傳的映象建立例項
[[email protected] ~]# . demo-openrc
[[email protected] ~]# openstack server create --flavor m1.nano --image CentOS7-image \
--nic net-id=1daecc49-121e-4bb2-b161-3fdb6f104434 --security-group default \
--key-name testkey centos7-cloudvm1
+-----------------------------+------------------------------------------------------+
| Field | Value |
+-----------------------------+------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | k9Bm4rZokooG |
| config_drive | |
| created | 2018-05-16T02:10:10Z |
| flavor | m1.nano (1) |
| hostId | |
| id | 236d03f7-fa1b-4dde-818c-c37eb59a84cd |
| image | CentOS7-image (de63a620-43da-4325-9ed5-cce8e74451f0) |
| key_name | testkey |
| name | centos7-cloudvm1 |
| progress | 0 |
| project_id | 07f75876b05945e0816b6e219ee6c9f7 |
| properties | |
| security_groups | name='0b8e6943-af2e-4b16-9f06-da3ceb17e105' |
| status | BUILD |
| updated | 2018-05-16T02:10:15Z |
| user_id | 19ba7d00b87c4132b4fc0c6ee8555fef |
| volumes_attached | |
+-----------------------------+------------------------------------------------------
檢視例項狀態,active說明正常:
[[email protected] ~]# openstack server list
+--------------------------------------+-------------------+---------+---------------
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-------------------+---------+-------------------------+---------------+---------+
| 236d03f7-fa1b-4dde-818c-c37eb59a84cd | centos7-cloudvm1 | ACTIVE | provider=192.168.92.103 | CentOS7-image | m1.nano |
| 2eed1b91-6f01-4808-acce-c1ec9cbe13e3 | provider-cirrosvm | SHUTOFF | provider=192.168.92.101 | cirros | m1.nano |
+--------------------------------------+-------------------+---------+---------------
5. 使用SSH訪問例項
在控制節點和外網ping例項IP地址,正常ping通:
[[email protected] ~]# ping -c 4 192.168.92.103
PING 192.168.92.103 (192.168.92.103) 56(84) bytes of data.
64 bytes from 192.168.92.103: icmp_seq=1 ttl=64 time=0.775 ms
64 bytes from 192.168.92.103: icmp_seq=2 ttl=64 time=0.614 ms
C:\Users\zwpos>ping 192.168.92.103
正在 Ping 192.168.92.103 具有 32 位元組的資料:
來自 192.168.92.103 的回覆: 位元組=32 時間<1ms TTL=64
來自 192.168.92.103 的回覆: 位元組=32 時間<1ms TTL=64
從控制節點ssh登入例項,centos官方通用雲映象預設使用者名稱為centos:
說明:建立例項時已將生成的包含公鑰的祕鑰對注入虛擬機器例項,私鑰儲存在控制節點的/root/.ssh/目錄中,因此在controller節點中可以直接以SSH金鑰登入,而不是使用密碼登入。
[root@controller ~]# ssh [email protected]
修改root密碼:
[centos@centos7-cloudvm1 ~]$ sudo su root
[root@centos7-cloudvm1 centos]# passwd root
Changing password for user root.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
開啟ssh遠端密碼登入:
[root@centos7-cloudvm1 ~]# vi /etc/ssh/sshd_config
63 PasswordAuthentication yes #去掉註釋
64 #PermitEmptyPasswords no
65 #PasswordAuthentication no #增加註釋
使用SSH遠端登入虛擬機器例項並測試網路連通性
Verify access to the provider physical network gateway:
驗證對提供者物理網路閘道器的訪問:
[[email protected] ~]# ping -c 4 192.168.92.2
PING 192.168.92.2 (192.168.92.2) 56(84) bytes of data.
64 bytes from 192.168.92.2: icmp_seq=1 ttl=128 time=5.82 ms
64 bytes from 192.168.92.2: icmp_seq=2 ttl=128 time=0.476 ms
Verify access to the internet:
驗證訪問Internet:
[[email protected] ~]# ping -c 4 openstack.org
PING openstack.org (162.242.140.107) 56(84) bytes of data.
64 bytes from 162.242.140.107 (162.242.140.107): icmp_seq=1 ttl=128 time=292 ms
64 bytes from 162.242.140.107 (162.242.140.107): icmp_seq=2 ttl=128 time=540 ms