OpenStack-M版(Mitaka)搭建基于(Centos7.2)+++八、Openstack启动实例
八、Openstack启动实例
没有先安装Dashboard就创建实例是怕控制台访问实例是失败状态你们心态崩,这个错了就慢慢排错吧重点检查Nova
1.创建一个小规模的主机
原因:
默认的最小规格的主机需要512 MB内存,电脑太low我需要64 MB的规格的主机,后面这两个节点还要搭建swift,cinder怕来不起
1.在控制节点上,加载 admin 凭证来获取管理员能执行的命令访问权限:
. admin-openrc
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+2.生成一个键值对
介绍:
大部分云镜像支持公共密钥认证而不是传统的密码认证。在启动实例前,你必须添加一个公共密钥到计算服务。
1.在控制节点上,加载 demo 凭证来获取用户命令访问权限:
. demo-openrc
2.生成和添加秘钥对
ssh-keygen -q -N ""--------直接敲回车
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
[root@controller ~]# ssh-keygen -q -N ""
Enter file in which to save the key (/root/.ssh/id_rsa):
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | b8:80:d6:b1:e5:a0:14:7c:80:27:02:85:fe:2f:a0:52 |
| name | mykey |
| user_id | f16e48a0a33748f68d99c7e6cdd932a5 |
+-------------+-------------------------------------------------+3.验证公钥的添加
openstack keypair list[root@controller ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | b8:80:d6:b1:e5:a0:14:7c:80:27:02:85:fe:2f:a0:52 |
+-------+-------------------------------------------------+
3.增加安全组规则
介绍:
默认情况下,default安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。
对诸如CirrOS这样的Linux镜像,我们推荐至少允许ICMP (ping) 和安全shell(SSH)规则。
1.添加规则到 default 安全组
openstack security group rule create --proto icmp default
[root@controller ~]# openstack security group rule create --proto icmp default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | e892efe2-9899-4d70-956b-1a270a5ec554 |
| ip_protocol | icmp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | abcb4395-0abd-473f-b1b9-37f77b4772cf |
| port_range | |
| remote_security_group | |
+-----------------------+--------------------------------------+
2.允许安全 shell (SSH) 的访问
openstack security group rule create --proto tcp --dst-port 22 default
[root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 23259718-957f-4743-8069-c5f02d89fb40 |
| ip_protocol | tcp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | abcb4395-0abd-473f-b1b9-37f77b4772cf |
| port_range | 22:22 |
| remote_security_group | |
+-----------------------+--------------------------------------+
4.启动一个实例(私有网络)
1.在控制节点上,加载 demo 凭证来获取用户命令访问权限
. demo-openrc
2.查看虚拟机资源分配可用类型
openstack flavor list
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+openstack image list
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 817197c2-f18c-4c60-9fe6-cbd19cfabded | cirros | active |
+--------------------------------------+--------+--------+
4.列出可用网络
openstack network list
[root@controller ~]# openstack network list
+--------------------------------------+-------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+-------------+--------------------------------------+
| 1e09654a-22c1-475b-ace6-d91b6852da3e | provider | 42af45a3-eabf-4ac6-96f4-3755eca2c4ee |
| 57961b46-8023-4e74-a16d-c806deebbfd6 | selfservice | 105b6f53-b7c5-47c9-926c-e973bd8ad514 |
+--------------------------------------+-------------+--------------------------------------+
5.列出可用的安全组
openstack security group list
[root@controller ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| abcb4395-0abd-473f-b1b9-37f77b4772cf | default | Default security group | 8cc1c04a21ae4165a1667e0bd5029831 |
+--------------------------------------+---------+------------------------+----------------------------------+
6.启动实例
上面之所以查询是因为下面命令要用的
使用``selfservice ``
网络的ID替换57961b46-8023-4e74-a16d-c806deebbfd6
openstack server create --flavor m1.tiny --image cirros \
--nic net-id=57961b46-8023-4e74-a16d-c806deebbfd6 --security-group default \
--key-name mykey selfservice-instance
--key-name mykey selfservice-instance
[root@controller ~]# openstack server create --flavor m1.tiny --image cirros \
> --nic net-id=57961b46-8023-4e74-a16d-c806deebbfd6 --security-group default \
> --key-name mykey selfservice-instance
+--------------------------------------+-----------------------------------------------+
| Field | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | L5pqf6BkYvDU |
| config_drive | |
| created | 2017-11-17T01:25:53Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | ea932da6-c51e-4622-bc3e-fffe92252960 |
| image | cirros (817197c2-f18c-4c60-9fe6-cbd19cfabded) |
| key_name | mykey |
| name | selfservice-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 8cc1c04a21ae4165a1667e0bd5029831 |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2017-11-17T01:25:57Z |
| user_id | f16e48a0a33748f68d99c7e6cdd932a5 |
+--------------------------------------+-----------------------------------------------+
7.查看云主机
openstack server list
[root@controller ~]# openstack server list
+--------------------------------------+----------------------+--------+----------------------+
| ID | Name | Status | Networks |
+--------------------------------------+----------------------+--------+----------------------+
| ea932da6-c51e-4622-bc3e-fffe92252960 | selfservice-instance | ACTIVE | selfservice=10.0.0.3 |
+--------------------------------------+----------------------+--------+----------------------+5.远程访问云主机
1.在公有网络上创建浮动IP地址池
openstack ip floating create provider
[root@controller ~]# openstack ip floating create provider
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| fixed_ip | None |
| id | 6177d04c-3c95-4597-944d-74737f7f542a |
| instance_id | None |
| ip | 192.168.200.102 |
| pool | provider |
+-------------+--------------------------------------+
openstack ip floating add 192.168.200.102 selfservice-instance
[root@controller ~]# openstack ip floating add 192.168.200.102 selfservice-instance
[root@controller ~]#
3.检查这个浮动 IP 地址的状态
openstack server list
[root@controller ~]# openstack server list
+--------------------------------------+----------------------+--------+---------------------------------------+
| ID | Name | Status | Networks |
+--------------------------------------+----------------------+--------+---------------------------------------+
| ea932da6-c51e-4622-bc3e-fffe92252960 | selfservice-instance | ACTIVE | selfservice=10.0.0.3, 192.168.200.102 |
+--------------------------------------+----------------------+--------+---------------------------------------+
4.通过浮动IP地址ping通实例
ping -c 4 192.168.200.102
[root@controller ~]# openstack server list
+--------------------------------------+----------------------+--------+---------------------------------------+
| ID | Name | Status | Networks |
+--------------------------------------+----------------------+--------+---------------------------------------+
| ea932da6-c51e-4622-bc3e-fffe92252960 | selfservice-instance | ACTIVE | selfservice=10.0.0.3, 192.168.200.102 |
+--------------------------------------+----------------------+--------+---------------------------------------+
[root@controller ~]# ping -c 4 192.168.200.102
PING 192.168.200.102 (192.168.200.102) 56(84) bytes of data.
64 bytes from 192.168.200.102: icmp_seq=1 ttl=63 time=24.0 ms
64 bytes from 192.168.200.102: icmp_seq=2 ttl=63 time=2.17 ms
64 bytes from 192.168.200.102: icmp_seq=3 ttl=63 time=0.830 ms
64 bytes from 192.168.200.102: icmp_seq=4 ttl=63 time=0.853 ms
--- 192.168.200.102 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 0.830/6.974/24.039/9.867 ms5.使用 SSH远程访问实例
[root@controller ~]# ssh [email protected]
The authenticity of host '192.168.200.102 (192.168.200.102)' can't be established.
RSA key fingerprint is 0d:2b:c3:d8:10:82:27:c5:71:24:55:4f:0d:66:3e:03.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.200.102' (RSA) to the list of known hosts.
$
$
$
$ 6.在测试实例是否能连通外网
sudo ping -c 4 www.baidu.com
$
$ sudo ping -c 4 www.baidu.com
PING www.baidu.com (58.217.200.37): 56 data bytes
64 bytes from 58.217.200.37: seq=0 ttl=127 time=34.494 ms
64 bytes from 58.217.200.37: seq=1 ttl=127 time=34.757 ms
64 bytes from 58.217.200.37: seq=2 ttl=127 time=35.531 ms
64 bytes from 58.217.200.37: seq=3 ttl=127 time=34.806 ms
--- www.baidu.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 34.494/34.897/35.531 ms
$
到此你完成了一个最基本,下面一步将搭建Dashboard用图形化界面访问