07.OpenStack构建虚拟机实例
徐亮伟, 江湖人称标杆徐。多年互联网运维工作经验,曾负责过大规模集群架构自动化运维管理工作。擅长Web集群架构与自动化运维,曾负责国内某大型电商运维工作。
个人博客"徐亮伟架构师之路"累计受益数万人。
笔者Q:552408925、572891887
架构师群:471443208
1.创建虚拟机类型
OpenStack创建虚拟机最小默认的类型消耗每个实例512MB内存。
对于少于4GB内存的计算节点,我们建议创建xuliangwei.com类型,每个实例64MB的环境
仅测试CirrOS虚拟机镜像
创建xuliangwei.com名称的虚拟机类型
[root@linux-node1 ~]# openstack flavor create --id 5 --vcpus 1 \
--ram 64 --disk 1 xuliangwei.com
+----------------------------+----------------+
| Field | Value |
+----------------------------+----------------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 5 |
| name | xuliangwei.com |
| os-flavor-access:is_public | True |
| properties | |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+----------------+
2.创建虚拟网络
创建单一扁平网络(名称:flat),网络类型为flat,共享网络(share),网络提供者:provider,和本地物理网络eth0互连
1.控制节点创建单一扁平网络
[root@linux-node1 ~]# neutron net-create flat --shared \
--provider:physical_network provider --provider:network_type flat
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2016-10-09T07:34:38Z |
| description | |
| id | 40e7f254-8b5e-40f2-b1b6-2d744b2b0be7 |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1500 |
| name | flat |
| port_security_enabled | True |
| project_id | 0ec016bd5701495ab9cf2b7ffbea28b9 |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | |
| revision_number | 3 |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | 0ec016bd5701495ab9cf2b7ffbea28b9 |
| updated_at | 2016-10-09T07:34:38Z |
+---------------------------+--------------------------------------+
2.控制节点创建子网
对创建的网络建立子网,名称为:subnet-create flat,并设置dhcp分配地址段、网关以及DNS
[root@linux-node1 ~]# neutron subnet-create flat 192.168.56.0/24 \
--name flat-subnet --allocation-pool start=192.168.56.100,end=192.168.56.200 \
--dns-nameserver 192.168.56.1 --gateway 192.168.56.1
Created a new subnet:
+-------------------+------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------+
| allocation_pools | {"start": "192.168.56.100", "end": "192.168.56.200"} |
| cidr | 192.168.56.0/24 |
| created_at | 2016-10-09T07:35:17Z |
| description | |
| dns_nameservers | 192.168.56.1 |
| enable_dhcp | True |
| gateway_ip | 192.168.56.1 |
| host_routes | |
| id | 1ca80595-eac8-4af1-8c03-83afd603e7ff |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | flat-subnet |
| network_id | 40e7f254-8b5e-40f2-b1b6-2d744b2b0be7 |
| project_id | 0ec016bd5701495ab9cf2b7ffbea28b9 |
| revision_number | 2 |
| service_types | |
| subnetpool_id | |
| tenant_id | 0ec016bd5701495ab9cf2b7ffbea28b9 |
| updated_at | 2016-10-09T07:35:17Z |
+-------------------+------------------------------------------------------+
3.验证创建网络
[root@linux-node1 ~]# neutron net-list
+--------------------------------------+------+------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+------+------------------------------------------------------+
| 40e7f254-8b5e-40f2-b1b6-2d744b2b0be7 | flat | 1ca80595-eac8-4af1-8c03-83afd603e7ff 192.168.56.0/24 |
+--------------------------------------+------+------------------------------------------------------+
3.创建密钥
1.使用demo用户创建key
[root@linux-node1 ~]# source demo-openrc
2.生成并添加一对密钥
[root@linux-node1 ~]# ssh-keygen -q -N ""
[root@linux-node1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | e2:6c:3d:6b:a4:f1:12:d5:f5:18:2a:7d:e0:75:8d:e8 |
| name | mykey |
| user_id | c5923120d10c43eb875da6f9491d64b2 |
+-------------+-------------------------------------------------+
3.验证密钥key
[root@linux-node1 ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | e2:6c:3d:6b:a4:f1:12:d5:f5:18:2a:7d:e0:75:8d:e8 |
+-------+-------------------------------------------------+
4.创建安全组规则
默认情况下,默认的安全组适用于所有实例,包括拒绝对实例进行远程访问的防火墙规则。
对于Linux图像,如CirrOS,建议至少允许ICMP和安全SSH。
1.规则添加到默认的安全组:
允许ICMP请求
[root@linux-node1 ~]# openstack security group rule create --proto icmp default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2016-10-09T07:30:15Z |
| description | |
| direction | ingress |
| ethertype | IPv4 |
| headers | |
| id | 31e479bd-fefb-4942-8969-672fffcf5a15 |
| port_range_max | None |
| port_range_min | None |
| project_id | 7f005d2fc6fa46cab5a700d3b2ff94bf |
| project_id | 7f005d2fc6fa46cab5a700d3b2ff94bf |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 1 |
| security_group_id | e8eca459-f858-4c9d-97ab-ac6c7bcd6ff0 |
| updated_at | 2016-10-09T07:30:15Z |
+-------------------+--------------------------------------+
允许安全SSH访问
[root@linux-node1 ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2016-10-09T07:30:33Z |
| description | |
| direction | ingress |
| ethertype | IPv4 |
| headers | |
| id | 9e1255dd-7d7f-4b53-b6a3-172559a0cdbf |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 7f005d2fc6fa46cab5a700d3b2ff94bf |
| project_id | 7f005d2fc6fa46cab5a700d3b2ff94bf |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 1 |
| security_group_id | e8eca459-f858-4c9d-97ab-ac6c7bcd6ff0 |
| updated_at | 2016-10-09T07:30:33Z |
+-------------------+--------------------------------------+
5.启动虚拟机实例
要启动一个实例,则必须至少指定虚拟机类型,映像名称,网络,安全组,重点和实例名称。
1.在控制器节点,source demo用户凭据来访问命令
[root@linux-node1 ~]# source demo-openrc
2.指定一个虚拟资源分配信息,其包括处理器,内存,和存储。
列出虚拟机可选类型
[root@linux-node1 ~]# openstack flavor list
+----+----------------+-----+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+----------------+-----+------+-----------+-------+-----------+
| 5 | xuliangwei.com | 64 | 1 | 0 | 1 | True |
+----+----------------+-----+------+-----------+-------+-----------+
列出可用镜像
[root@linux-node1 ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 54daa962-097b-4968-aa71-8fa3123e4c41 | cirros | active |
+--------------------------------------+--------+--------+
列出可用网络
[root@linux-node1 ~]# neutron net-list
+--------------------------------------+------+-------------------------------------------------+
| id | name | subnets |
+---------------------------------+------+------------------------------------------------------+
|b8f74b1d-6deb-4638-b0f0-1f55d375cc75|flat|0b6829a1-580b-46dc-9523-41687a0bc106 192.168.56.0/24 |
+--------------------------------------+------+-------------------------------------------------+
列出可用安全组
[root@linux-node1 ~]# openstack security group list
+--------------------------------------+---------+-------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+-------------+----------------------------------+
| e8eca459-f858-4c9d-97ab-ac6c7bcd6ff0 | default | 缺省安全组 | 7f005d2fc6fa46cab5a700d3b2ff94bf |
+--------------------------------------+---------+-------------+----------------------------------+
3.创建虚拟机,其中net-id请填写自己的实际ID,执行本条过后会有相关输出
[root@linux-node1 ~]# source demo-openrc
[root@linux-node1 ~]# openstack server create --flavor xuliangwei.com --image cirros \
--nic net-id=40e7f254-8b5e-40f2-b1b6-2d744b2b0be7 --security-group default \
--key-name mykey openstack-xuliangwei.com
+--------------------------------------+-----------------------------------------------+
| Field | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | 2KqeXLXHjcCz |
| config_drive | |
| created | 2016-10-09T09:33:24Z |
| flavor | xuliangwei.com (5) |
| hostId | |
| id | f3a48a5c-3907-438e-be5c-bbec625736f9 |
| image | cirros (54daa962-097b-4968-aa71-8fa3123e4c41) |
| key_name | mykey |
| name | openstack-xuliangwei.com |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 7f005d2fc6fa46cab5a700d3b2ff94bf |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2016-10-09T09:33:24Z |
| user_id | c5923120d10c43eb875da6f9491d64b2 |
+--------------------------------------+-----------------------------------------------+
4.查看虚拟机创建状态,状态为ACTIVE那台虚拟机已经成功创建
[root@linux-node1 ~]# openstack server list
+--------------------------------------+--------------------------+--------+---------------------+------------+
| ID | Name | Status | Networks | Image Name |
+--------------------------------------+--------------------------+--------+---------------------+------------+
| 7d533123-7b00-4710-a726-e5b83864cbbe | openstack-xuliangwei.com | ACTIVE | flat=192.168.56.108 | cirros |
+--------------------------------------+--------------------------+--------+---------------------+------------+
5.使用SSH加密连接实例
[root@linux-node1 ~]# ssh cirros@192.168.56.108
The authenticity of host '192.168.56.108 (192.168.56.108)' can't be established.
RSA key fingerprint is fd:7d:73:4e:62:c9:c3:3a:c3:41:48:97:dd:2c:3f:56.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.56.108' (RSA) to the list of known hosts.
$
6.使用虚拟控制台访问实例(浏览器方式)
[root@linux-node1 ~]# openstack console url show openstack-xuliangwei.com
+-------+------------------------------------------------------------------------------------+
| Field | Value |
+-------+------------------------------------------------------------------------------------+
| type | novnc |
| url | http://192.168.56.11:6080/vnc_auto.html?token=4f0e25f3-249a-4efd-af08-3c3c9eb48850 |
+-------+------------------------------------------------------------------------------------+