目录
- 检查服务
- 创建网络(网络名+子网)
- 创建云主机的硬件配置方案
- 创建密钥对
- 创建安全组规则
- 启动一个实例
- 故障解决
1、检查各服务:
创建虚拟机之前我们可以先验证如下内容:
1)检查nova服务是否正常
[root@controller ~]# nova service-list
+--------------------------------------+------------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | Forced down |
+--------------------------------------+------------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+
| aab81bd2-6b01-4825-83e2-e0a2571df5f0 | nova-consoleauth | controller | internal | enabled | up | 2020-03-23T04:48:15.000000 | - | False |
| 0056aea6-b275-4284-8db2-b98015867876 | nova-scheduler | controller | internal | enabled | up | 2020-03-23T04:48:16.000000 | - | False |
| ccd742e2-e33c-4501-a37d-01aa5084aed6 | nova-conductor | controller | internal | enabled | up | 2020-03-23T04:48:14.000000 | - | False |
| 54f4f2f5-7c67-4ce6-9786-fe6e6f2de23e | nova-compute | compute1 | nova | enabled | up | 2020-03-23T04:48:19.000000 | - | False |
| 9d06deea-f7a7-4b2a-914a-93ad009111bd | nova-compute | compute2 | nova | enabled | up | 2020-03-23T04:48:12.000000 | - | False |
+--------------------------------------+------------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+
2)检查neutron 服务是否正常
[root@controller ~]# neutron agent-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 274aab6a-66bd-4da8-9353-81f62c75bb47 | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent |
| 6cca7537-071d-4e6a-9bc8-671890d4985f | Metadata agent | controller | | :-) | True | neutron-metadata-agent |
| b35540cd-5992-429e-a17d-9bd2a5c2766d | Linux bridge agent | compute2 | | :-) | True | neutron-linuxbridge-agent |
| cb95211d-3102-4daf-b776-5bbef7074e35 | Linux bridge agent | controller | | :-) | True | neutron-linuxbridge-agent |
| f740b804-cbd0-4669-83ff-7b4619b9a85e | Linux bridge agent | compute1 | | :-) | True | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
3)检查镜像
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| bd4a8b1e-93e6-4cac-bd07-1926e0c015b0 | cirros | active |
+--------------------------------------+--------+--------+
2、创建网络(网络名+子网,创建提供者网络)
根据实际情况修改上图:
1、在控制节点上,加载 admin 凭证来获取管理员能执行的命令访问权限:
[root@controller ~]# . admin-openrc
2、创建网络(--shared 共享网络,网络提供者,网络类型,网络名称)
[root@controller ~]# openstack network create --share --external \
--provider-physical-network provider \
--provider-network-type flat provider
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-03-23T08:59:40Z |
| description | |
| dns_domain | None |
| id | ff752959-f9f8-45c6-b0c0-ae23e45e681b |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | provider |
| port_security_enabled | True |
| project_id | 9d7612b9a91c4070ac22ccbec979f71e |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | External |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2020-03-23T08:59:40Z |
+---------------------------+--------------------------------------+
[root@controller ~]# neutron net-list
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
...
[linux_bridge]
physical_interface_mappings = provider:eth0,net172_16_0:eth1
....
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
.....
[ml2_type_flat]
flat_networks = provider,net172_16_0
......
3、在网络上创建一个子网:(名称,地址池,dns服务器,网关,子网名称对应)
[root@controller ~]# openstack subnet create --network provider \
--allocation-pool start=192.168.223.101,end=192.168.223.250 \
--dns-nameserver 223.5.5.5 --gateway 192.168.223.2 \
--subnet-range 192.168.223.0/24 provider
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 192.168.223.101-192.168.223.250 |
| cidr | 192.168.223.0/24 |
| created_at | 2020-03-23T09:08:16Z |
| description | |
| dns_nameservers | 223.5.5.5 |
| enable_dhcp | True |
| gateway_ip | 192.168.223.2 |
| host_routes | |
| id | 2b697105-360f-4f6a-84c9-7d272e711d21 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | provider |
| network_id | ff752959-f9f8-45c6-b0c0-ae23e45e681b |
| project_id | 9d7612b9a91c4070ac22ccbec979f71e |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2020-03-23T09:08:16Z |
+-------------------+--------------------------------------+
[root@controller ~]# neutron subnet-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+----------+----------------------------------+------------------+--------------------------------------------------------+
| id | name | tenant_id | cidr | allocation_pools |
+--------------------------------------+----------+----------------------------------+------------------+--------------------------------------------------------+
| 2b697105-360f-4f6a-84c9-7d272e711d21 | provider | 9d7612b9a91c4070ac22ccbec979f71e | 192.168.223.0/24 | {"start": "192.168.223.101", "end": "192.168.223.250"} |
+--------------------------------------+----------+----------------------------------+------------------+--------------------------------------------------------+
例子
公共网络203.0.113.0/24的网关为203.0.113.1。DHCP服务为每个实例分配IP,IP从203.0.113.101 到 203.0.113.200。
所有实例的DNS使用:
DNS223.5.5.5是由阿里巴巴提供的免费DNS服务器的IP地址;
DNS8.8.8.8是由Google提供的免费DNS服务器的IP地址。
考虑到国内对于谷歌网络服务的封锁,建议选择DNS223.5.5.5
4、查看创建的网络:
[root@controller ~]# neutron net-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+----------+----------------------------------+-------------------------------------------------------+
| id | name | tenant_id | subnets |
+--------------------------------------+----------+----------------------------------+-------------------------------------------------------+
| ff752959-f9f8-45c6-b0c0-ae23e45e681b | provider | 9d7612b9a91c4070ac22ccbec979f71e | 2b697105-360f-4f6a-84c9-7d272e711d21 192.168.223.0/24 |
+--------------------------------------+----------+----------------------------------+-------------------------------------------------------+
[root@controller ~]# neutron subnet-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+----------+----------------------------------+------------------+--------------------------------------------------------+
| id | name | tenant_id | cidr | allocation_pools |
+--------------------------------------+----------+----------------------------------+------------------+--------------------------------------------------------+
| 2b697105-360f-4f6a-84c9-7d272e711d21 | provider | 9d7612b9a91c4070ac22ccbec979f71e | 192.168.223.0/24 | {"start": "192.168.223.101", "end": "192.168.223.250"} |
+--------------------------------------+----------+----------------------------------+------------------+--------------------------------------------------------+
3、创建云主机的硬件配置方案
创建m1.nano规格的主机
默认的最小规格的主机需要512 MB内存。对于环境中计算节点内存不足4 GB的,我们推荐创建只需要64 MB的m1.nano规格的主机。若单纯为了测试的目的,请使用m1.nano规格的主机来加载CirrOS镜像
#硬件配置方案,创建m1.nano类型,OpenStack提前创建类型,到时候选择:
[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
注释:
flavor : 硬件方案
Id编号: 0
设计cpu个数:1
内存ram : 64M
硬盘disk: 1G
方案名称: m1.nano
4、创建密钥对
大部分云镜像支持公共密钥认证而不是传统的密码认证。在启动实例前,你必须添加一个公共密钥到计算服务。
1、导入租户demo的凭证
[root@controller ~]# . demo-openrc
2、生成和添加秘钥对:
[root@controller ~]# ssh-keygen -q -N ""
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 58:b4:98:ce:2d:ff:a9:2e:5f:19:5e:15:c6:d7:5f:a4 |
| name | mykey |
| user_id | 6db0c82dd4634dbbbc3262604f31994f |
+-------------+-------------------------------------------------+
3、验证公钥的添加:
[root@controller ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 58:b4:98:ce:2d:ff:a9:2e:5f:19:5e:15:c6:d7:5f:a4 |
+-------+-------------------------------------------------+
一键非交互式生成密钥对:
# ssh-keygen -q -N "" -f ~/.ssh/id_ras
-f 指定密钥对生成路径
5、创建安全组规则
默认情况下,default
安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像,我们推荐至少允许ICMP (ping) 和安全shell(SSH)规则。
添加规则到 default
安全组。
[root@controller ~]# openstack security group rule create --proto icmp default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2020-02-23T04:32:53Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 60a8b88d-1e5a-496f-b9f8-c3e015135052 |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 624aea77ea404c2682e99b043e4a3783 |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 7aeab068-38b5-4aa8-8007-ece491701c5a |
| updated_at | 2020-02-23T04:32:53Z |
+-------------------+--------------------------------------+
补充安全组规则删除:
[root@controller ~]# openstack security group list
+--------------------------------------+---------+-------------+----------------------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------------------+---------+-------------+----------------------------------+------+
| 4f6bba1f-a812-4b36-b2d8-c7893c847bc4 | default | 缺省安全组 | 9d7612b9a91c4070ac22ccbec979f71e | [] |
| d1f19dc4-54bc-44a4-8965-a51ed8659a94 | default | 缺省安全组 | 05388607365645af8b92dac778204556 | [] |
+--------------------------------------+---------+-------------+----------------------------------+------+
[root@controller ~]# openstack security group --help
Command "security" matches:
security group create
security group delete
security group list
security group rule create
security group rule delete
security group rule list
security group rule show
security group set
security group show
security group unset
[root@controller ~]# openstack security group delete 选择需要删除规则的ID
- 允许安全 shell (SSH) 的访问:
[root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2020-02-23T04:33:16Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 9100cb31-4ae2-4fd0-9ed0-675428b2e30c |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 624aea77ea404c2682e99b043e4a3783 |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 7aeab068-38b5-4aa8-8007-ece491701c5a |
| updated_at | 2020-02-23T04:33:16Z |
+-------------------+--------------------------------------+
6、启动一个实例
启用实例条件检查(选择公有网络)
启动一台实例,您必须至少指定一个类型、镜像名称、网络、安全组、密钥和实例名称。
1、在控制节点上,获得 admin 凭证来获取只有管理员能执行的命令的访问权限:
[root@controller ~]# . demo-openrc
2、一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储。
列出可用类型:
[root@controller ~]# openstack flavor list
+----+---------+-----+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+---------+-----+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
+----+---------+-----+------+-----------+-------+-----------+
3、列出可用镜像:
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| bd4a8b1e-93e6-4cac-bd07-1926e0c015b0 | cirros | active |
+--------------------------------------+--------+--------+
4、列出可用网络,后边创建实例时候需要用到此id:
[root@controller ~]# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| ff752959-f9f8-45c6-b0c0-ae23e45e681b | provider | 2b697105-360f-4f6a-84c9-7d272e711d21 |
+--------------------------------------+----------+--------------------------------------+
这个实例使用 provider公有网络。 你必须使用ID而不是名称才可以使用这个网络。
5、列出可用的安全组:
[root@controller ~]# openstack security group list
+--------------------------------------+---------+-------------+----------------------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------------------+---------+-------------+----------------------------------+------+
| 4f6bba1f-a812-4b36-b2d8-c7893c847bc4 | default | 缺省安全组 | 9d7612b9a91c4070ac22ccbec979f71e | [] |
[root@controller ~]#
创建实例
$ openstack server create --flavor m1.nano --image cirros \
--nic net-id=PROVIDER_NET_ID --security-group default \
--key-name mykey provider-instance
注意:其中net-id=PROVIDER_NET_ID需要更换为可用ID
# openstack network list
#provider-instance 云主机实例名称
操作如下:
[root@controller ~]# openstack server create --flavor m1.nano --image cirros \
--nic net-id=ff752959-f9f8-45c6-b0c0-ae23e45e681b --security-group default \
--key-name mykey provider-instance
+-------------------------------------+-----------------------------------------------+
| Field | Value |
+-------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | LP4Z7RZqn62z |
| config_drive | |
| created | 2020-03-23T09:33:54Z |
| flavor | m1.nano (0) |
| hostId | |
| id | 6ea707d3-f73e-4a51-af49-35535e422f2d |
| image | cirros (bd4a8b1e-93e6-4cac-bd07-1926e0c015b0) |
| key_name | mykey |
| name | provider-instance |
| progress | 0 |
| project_id | 9d7612b9a91c4070ac22ccbec979f71e |
| properties | |
| security_groups | name='4f6bba1f-a812-4b36-b2d8-c7893c847bc4' |
| status | BUILD |
| updated | 2020-03-23T09:33:54Z |
| user_id | 6db0c82dd4634dbbbc3262604f31994f |
| volumes_attached | |
+-------------------------------------+-----------------------------------------------+
查看实例:
[root@controller ~]# openstack server list
+--------------------------------------+-------------------+--------+--------------------------+--------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-------------------+--------+--------------------------+--------+---------+
| 6ea707d3-f73e-4a51-af49-35535e422f2d | provider-instance | ACTIVE | provider=192.168.223.116 | cirros | m1.nano |
+--------------------------------------+-------------------+--------+--------------------------+--------+---------+
[root@controller ~]# nova list
+--------------------------------------+-------------------+--------+------------+-------------+--------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+-------------------+--------+------------+-------------+--------------------------+
| 6ea707d3-f73e-4a51-af49-35535e422f2d | provider-instance | ACTIVE | - | Running | provider=192.168.223.116 |
+--------------------------------------+-------------------+--------+------------+-------------+--------------------------+
实例存放位置,计算节点上,可以通过概况查看:
[root@compute1 ~]# cd /var/lib/nova/instances/
[root@compute1 instances]# ll
总用量 4
drwxr-xr-x 2 nova nova 54 2月 23 12:44 3fe59e27-3280-4fc3-93cb-f9a37a866e03
drwxr-xr-x 2 nova nova 54 2月 23 12:44 _base
-rw-r--r-- 1 nova nova 31 2月 23 12:29 compute_nodes
drwxr-xr-x 2 nova nova 93 2月 23 12:44 locks
7、故障解决
解决实例进不来系统的bug,在计算节点上
[root@compute1 ~]# vim /etc/nova/nova.conf
[libvirt]
cpu_mpde = none
virt_type = qemu
[root@compute1 ~]# systemctl restart openstack-nova-compute.service
在web界面选择硬重启: