OpenStack部署(五)

OpenStack部署

    • 11. 启动一个实例
      • 11.1 获取凭证
      • 11.2 创建虚拟网络
      • 11.3 创建主机规格
      • 11.4 生产环境的规格推荐
      • 11.5 生成一个键值对
      • 11.6 增加安全组规则
      • 11.7 创建块设备存储
      • 11.8 创建实例
    • 12. 资源整理
      • 12.1 用到的端口
      • 12.2 openstack各组件常用命令
        • 1. openstack命令
        • 2. nova的常用命令
        • 3. neutron常用命令
        • 4. cinder命令
        • 5. ceph命令
        • 6. rabbitmq命令
        • 7. 镜像相关
        • 8. openstack各服务日志路径
        • 9. 修改时间和时区
        • 10. 查看各服务状态

OpenStack部署(五)_第1张图片

11. 启动一个实例

11.1 获取凭证

[root@openstack ~]# source admin-openrc

11.2 创建虚拟网络

[root@node-251 openstack]# neutron net-create --shared --provider:physical_network provider --provider:network_type flat provider
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| availability_zone_hints   |                                      |
| availability_zones        |                                      |
| created_at                | 2023-06-09T01:52:19Z                 |
| description               |                                      |
| id                        | 98aa5cfc-f6e2-44f7-8186-fbb954b48385 |
| ipv4_address_scope        |                                      |
| ipv6_address_scope        |                                      |
| mtu                       | 1500                                 |
| name                      | provider                             |
| port_security_enabled     | True                                 |
| project_id                | 2aaf4155b00749b0a333a039c17c131c     |
| provider:network_type     | flat                                 |
| provider:physical_network | provider                             |
| provider:segmentation_id  |                                      |
| revision_number           | 2                                    |
| router:external           | False                                |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tags                      |                                      |
| tenant_id                 | 2aaf4155b00749b0a333a039c17c131c     |
| updated_at                | 2023-06-09T01:52:19Z                 |
+---------------------------+--------------------------------------+
[root@node-251 openstack]# neutron subnet-create --name provider   --allocation-pool start=192.168.71.100,end=192.168.71.110  --dns-nameserver 8.8.8.8 --gateway 192.168.71.1   provider 192.168.71.0/24
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Created a new subnet:
+-------------------+------------------------------------------------------+
| Field             | Value                                                |
+-------------------+------------------------------------------------------+
| allocation_pools  | {"start": "192.168.71.100", "end": "192.168.71.110"} |
| cidr              | 192.168.71.0/24                                      |
| created_at        | 2023-06-09T01:53:51Z                                 |
| description       |                                                      |
| dns_nameservers   | 8.8.8.8                                              |
| enable_dhcp       | True                                                 |
| gateway_ip        | 192.168.71.1                                         |
| host_routes       |                                                      |
| id                | 01977b02-1650-41ae-9537-47a67bf33e46                 |
| ip_version        | 4                                                    |
| ipv6_address_mode |                                                      |
| ipv6_ra_mode      |                                                      |
| name              | provider                                             |
| network_id        | 98aa5cfc-f6e2-44f7-8186-fbb954b48385                 |
| project_id        | 2aaf4155b00749b0a333a039c17c131c                     |
| revision_number   | 0                                                    |
| service_types     |                                                      |
| subnetpool_id     |                                                      |
| tags              |                                                      |
| tenant_id         | 2aaf4155b00749b0a333a039c17c131c                     |
| updated_at        | 2023-06-09T01:53:51Z                                 |
+-------------------+------------------------------------------------------+

11.3 创建主机规格

[root@node-251 openstack]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field                      | Value   |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled   | False   |
| OS-FLV-EXT-DATA:ephemeral  | 0       |
| disk                       | 1       |
| id                         | 0       |
| name                       | m1.nano |
| os-flavor-access:is_public | True    |
| properties                 |         |
| ram                        | 64      |
| rxtx_factor                | 1.0     |
| swap                       |         |
| vcpus                      | 1       |
+----------------------------+---------+

11.4 生产环境的规格推荐

openstack flavor create --vcpus 1 --ram 512 ecs.c1.nano
openstack flavor create --vcpus 1 --ram 1024 ecs.c1.tiny
openstack flavor create --vcpus 1 --ram 2048 ecs.c1.small
openstack flavor create --vcpus 1 --ram 4096 ecs.c1.medium
openstack flavor create --vcpus 1 --ram 8192 ecs.c1.large
openstack flavor create --vcpus 1 --ram 16384 ecs.c1.xlarge

openstack flavor create --vcpus 2 --ram 512 ecs.c2.nano
openstack flavor create --vcpus 2 --ram 1024 ecs.c2.tiny
openstack flavor create --vcpus 2 --ram 2048 ecs.c2.small
openstack flavor create --vcpus 2 --ram 4096 ecs.c2.medium
openstack flavor create --vcpus 2 --ram 8192 ecs.c2.large
openstack flavor create --vcpus 2 --ram 16384 ecs.c2.xlarge

openstack flavor create --vcpus 4 --ram 512 ecs.c4.nano
openstack flavor create --vcpus 4 --ram 1024 ecs.c4.tiny
openstack flavor create --vcpus 4 --ram 2048 ecs.c4.small
openstack flavor create --vcpus 4 --ram 4096 ecs.c4.medium
openstack flavor create --vcpus 4 --ram 8192 ecs.c4.large
openstack flavor create --vcpus 4 --ram 16384 ecs.c4.xlarge

openstack flavor create --vcpus 8 --ram 512 ecs.c8.nano
openstack flavor create --vcpus 8 --ram 1024 ecs.c8.tiny
openstack flavor create --vcpus 8 --ram 2048 ecs.c8.small
openstack flavor create --vcpus 8 --ram 4096 ecs.c8.medium
openstack flavor create --vcpus 8 --ram 8192 ecs.c8.large
openstack flavor create --vcpus 8 --ram 16384 ecs.c8.xlarge

11.5 生成一个键值对

[root@node-251 openstack]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field       | Value                                           |
+-------------+-------------------------------------------------+
| fingerprint | 7c:b8:ca:bf:1f:fa:e1:6c:53:14:03:8d:3e:5e:26:b2 |
| name        | mykey                                           |
| user_id     | 063ef7b979334fa5a86420952a141d32                |
+-------------+-------------------------------------------------+

验证公钥的添加

[root@node-251 openstack]# openstack keypair list
+-------+-------------------------------------------------+
| Name  | Fingerprint                                     |
+-------+-------------------------------------------------+
| mykey | 7c:b8:ca:bf:1f:fa:e1:6c:53:14:03:8d:3e:5e:26:b2 |
+-------+-------------------------------------------------+

如果没有密钥,可自行添加

ssh-keygen -q -N ""

11.6 增加安全组规则

默认情况下,default安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像,我们推荐至少允许ICMP (ping) 和安全shell(SSH)规则。
允许 ICMP (ping)

[root@node-251 openstack]# openstack security group rule create --proto icmp default
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| created_at        | 2023-06-09T01:58:43Z                 |
| description       |                                      |
| direction         | ingress                              |
| ether_type        | IPv4                                 |
| id                | 1b664b63-aeef-4cc1-8897-b394905d90b2 |
| name              | None                                 |
| port_range_max    | None                                 |
| port_range_min    | None                                 |
| project_id        | 2aaf4155b00749b0a333a039c17c131c     |
| protocol          | icmp                                 |
| remote_group_id   | None                                 |
| remote_ip_prefix  | 0.0.0.0/0                            |
| revision_number   | 0                                    |
| security_group_id | 9f721ed0-4351-4930-b89e-472b4207d8da |
| updated_at        | 2023-06-09T01:58:43Z                 |
+-------------------+--------------------------------------+

允许安全 shell (SSH) 的访问

[root@node-251 openstack]# openstack security group rule create --proto tcp --dst-port 22 default
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| created_at        | 2023-06-09T01:59:18Z                 |
| description       |                                      |
| direction         | ingress                              |
| ether_type        | IPv4                                 |
| id                | 321d4f87-43cb-4d25-b7bc-c3547cb55c24 |
| name              | None                                 |
| port_range_max    | 22                                   |
| port_range_min    | 22                                   |
| project_id        | 2aaf4155b00749b0a333a039c17c131c     |
| protocol          | tcp                                  |
| remote_group_id   | None                                 |
| remote_ip_prefix  | 0.0.0.0/0                            |
| revision_number   | 0                                    |
| security_group_id | 9f721ed0-4351-4930-b89e-472b4207d8da |
| updated_at        | 2023-06-09T01:59:18Z                 |
+-------------------+--------------------------------------+

11.7 创建块设备存储

[root@node-251 openstack]# openstack volume create --size 1 volume1
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| attachments         | []                                   |
| availability_zone   | nova                                 |
| bootable            | false                                |
| consistencygroup_id | None                                 |
| created_at          | 2023-06-09T01:59:58.000000           |
| description         | None                                 |
| encrypted           | False                                |
| id                  | ee5dc1fd-1d1e-43d9-ac7d-548914e8ff22 |
| migration_status    | None                                 |
| multiattach         | False                                |
| name                | volume1                              |
| properties          |                                      |
| replication_status  | None                                 |
| size                | 1                                    |
| snapshot_id         | None                                 |
| source_volid        | None                                 |
| status              | creating                             |
| type                | None                                 |
| updated_at          | None                                 |
| user_id             | 063ef7b979334fa5a86420952a141d32     |
+---------------------+--------------------------------------+

等待Status状态从creating变成available

[root@node-251 openstack]# openstack volume list
+--------------------------------------+---------+-----------+------+-------------+
| ID                                   | Name    | Status    | Size | Attached to |
+--------------------------------------+---------+-----------+------+-------------+
| ee5dc1fd-1d1e-43d9-ac7d-548914e8ff22 | volume1 | available |    1 |             |
+--------------------------------------+---------+-----------+------+-------------+

11.8 创建实例

列出可用类型

[root@node-251 openstack]# openstack flavor list
+----+---------+-----+------+-----------+-------+-----------+
| ID | Name    | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+---------+-----+------+-----------+-------+-----------+
| 0  | m1.nano |  64 |    1 |         0 |     1 | True      |
+----+---------+-----+------+-----------+-------+-----------+

列出可用镜像

[root@node-251 openstack]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| 45d98b6f-3f42-48dc-a0b3-cab7a27fb8d5 | cirros | active |
+--------------------------------------+--------+--------+

列出可用网络

[root@node-251 openstack]# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID                                   | Name     | Subnets                              |
+--------------------------------------+----------+--------------------------------------+
| 98aa5cfc-f6e2-44f7-8186-fbb954b48385 | provider | 01977b02-1650-41ae-9537-47a67bf33e46 |
+--------------------------------------+----------+--------------------------------------+

列出可用的安全组

[root@node-251 openstack]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID                                   | Name    | Description            | Project                          |
+--------------------------------------+---------+------------------------+----------------------------------+
| 9f721ed0-4351-4930-b89e-472b4207d8da | default | Default security group | 2aaf4155b00749b0a333a039c17c131c |
+--------------------------------------+---------+------------------------+----------------------------------+

根据上面查询出来的结果进行创建实例

[root@node-251 openstack]# openstack server create --flavor m1.nano --image cirros   --nic net-id=98aa5cfc-f6e2-44f7-8186-fbb954b48385 --security-group default  --key-name mykey provider-instance
+-------------------------------------+-----------------------------------------------+
| Field                               | Value                                         |
+-------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig                   | MANUAL                                        |
| OS-EXT-AZ:availability_zone         |                                               |
| OS-EXT-SRV-ATTR:host                | None                                          |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None                                          |
| OS-EXT-SRV-ATTR:instance_name       |                                               |
| OS-EXT-STS:power_state              | NOSTATE                                       |
| OS-EXT-STS:task_state               | scheduling                                    |
| OS-EXT-STS:vm_state                 | building                                      |
| OS-SRV-USG:launched_at              | None                                          |
| OS-SRV-USG:terminated_at            | None                                          |
| accessIPv4                          |                                               |
| accessIPv6                          |                                               |
| addresses                           |                                               |
| adminPass                           | nPH2MrvZXX3w                                  |
| config_drive                        |                                               |
| created                             | 2023-06-09T02:24:31Z                          |
| flavor                              | m1.nano (0)                                   |
| hostId                              |                                               |
| id                                  | 044043bb-1e8d-4fa2-855e-20b93c128c8c          |
| image                               | cirros (45d98b6f-3f42-48dc-a0b3-cab7a27fb8d5) |
| key_name                            | mykey                                         |
| name                                | provider-instance                             |
| progress                            | 0                                             |
| project_id                          | 2aaf4155b00749b0a333a039c17c131c              |
| properties                          |                                               |
| security_groups                     | name='9f721ed0-4351-4930-b89e-472b4207d8da'   |
| status                              | BUILD                                         |
| updated                             | 2023-06-09T02:24:31Z                          |
| user_id                             | 063ef7b979334fa5a86420952a141d32              |
| volumes_attached                    |                                               |
+-------------------------------------+-----------------------------------------------+

检查实例的状态

[root@node-251 openstack]# openstack server list
+--------------------------------------+-------------------+--------+----------+--------+---------+
| ID                                   | Name              | Status | Networks | Image  | Flavor  |
+--------------------------------------+-------------------+--------+----------+--------+---------+
| 044043bb-1e8d-4fa2-855e-20b93c128c8c | provider-instance | ERROR  |          | cirros | m1.nano |
+--------------------------------------+-------------------+--------+----------+--------+---------+

附加卷到一个实例上

openstack server add volume provider-instance volume1

列出卷

[root@openstack ~]# openstack volume list
+--------------------------------------+--------------+--------+------+--------------------------------------------+
| ID                                   | Display Name | Status | Size | Attached to                                |
+--------------------------------------+--------------+--------+------+--------------------------------------------+
| a1e8be72-a395-4a6f-8e07-856a57c39524 | volume1      | in-use |    1 | Attached to provider-instance on /dev/vdb  |
+--------------------------------------+--------------+--------+------+--------------------------------------------+

获取你实例的VNC会话URL并从web浏览器访问它

[root@openstack ~]# openstack console url show provider-instance
+-------+------------------------------------------------------------------------------------------+
| Field | Value                                                                                    |
+-------+------------------------------------------------------------------------------------------+
| type  | novnc                                                                                    |
| url   | http://openstack.if010.com:6080/vnc_auto.html?token=5eeccb47-525c-4918-ac2a-3ad1e9f1f493 |
+-------+------------------------------------------------------------------------------------------+

OpenStack部署(五)_第2张图片
由于笔者虚拟机比较卡,没有办法运行实例,后面有部分内容的贴图来自网络

12. 资源整理

12.1 用到的端口

# 远程访问服务
# sshd.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1220/sshd           
tcp6       0      0 :::22                   :::*                    LISTEN      1220/sshd 

# 时间同步服务
# chronyd.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
udp        0      0 0.0.0.0:123             0.0.0.0:*                           1954/chronyd        
udp        0      0 127.0.0.1:323           0.0.0.0:*                           1954/chronyd        
udp6       0      0 ::1:323                 :::*                                1954/chronyd

# 数据库服务
# mariadb.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp6       0      0 :::3306                 :::*                    LISTEN      2368/mysqld

# 消息队列服务
# rabbitmq-server.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:4369            0.0.0.0:*               LISTEN      1/systemd           
tcp        0      0 0.0.0.0:15672           0.0.0.0:*               LISTEN      3775/beam.smp(web)
tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN      3775/beam.smp       
tcp6       0      0 :::5672                 :::*                    LISTEN      3775/beam.smp

# 分布式内存服务
# memcached.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name  
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      6032/memcached           
tcp6       0      0 ::1:11211               :::*                    LISTEN      6032/memcached


# 站点服务
# httpd.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name        
tcp6       0      0 :::80                   :::*                    LISTEN      7138/httpd(default)
tcp6       0      0 :::35357                :::*                    LISTEN      7138/httpd          
tcp6       0      0 :::5000                 :::*                    LISTEN      7138/httpd

# 镜像服务
# openstack-glance-api.service、openstack-glance-registry.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:9191            0.0.0.0:*               LISTEN      10683/python2       
tcp        0      0 0.0.0.0:9292            0.0.0.0:*               LISTEN      10649/python2       
      
# 计算服务
# openstack-nova-api.service、openstack-nova-consoleauth.service、openstack-nova-scheduler.service、openstack-nova-conductor.service、openstack-nova-novncproxy.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name                  
tcp        0      0 0.0.0.0:6080            0.0.0.0:*               LISTEN      28341/python2(vnc)
tcp        0      0 0.0.0.0:8774            0.0.0.0:*               LISTEN      28337/python2       
tcp        0      0 0.0.0.0:8775            0.0.0.0:*               LISTEN      28337/python2       
tcp6       0      0 :::8778                 :::*                    LISTEN      14667/httpd     


# 网络服务
# neutron-server.service、neutron-linuxbridge-agent.service、neutron-dhcp-agent.service、neutron-metadata-agent.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:9696            0.0.0.0:*               LISTEN      10916/python2       


# 存储服务
# openstack-cinder-api.service、openstack-cinder-scheduler.service、lvm2-lvmetad.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:8776            0.0.0.0:*               LISTEN      25496/python2       


# 编排服务
# openstack-heat-api.service、openstack-heat-api-cfn.service、openstack-heat-engine.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      29142/python        
tcp        0      0 0.0.0.0:8004            0.0.0.0:*               LISTEN      29141/python   

12.2 openstack各组件常用命令

1. openstack命令

  • openstack-service restart #重启openstack服务
  • openstack endpoint-list #查看openstack的端口

2. nova的常用命令

  • nova list #列举当前用户所有虚拟机

  • nova show ID #列举某个虚机的详细信息

  • nova delete ID #直接删除某个虚机

  • nova service-list #获取所有服务列表

  • nova image-list #获取镜像列表

  • nova flavor-list #列举所有可用的类型

  • nova volume-list #列举所有云硬盘

  • nova volume-show #显示指定云硬盘的详细信息

  • nova volume-create #创建云硬盘

  • nova volume-delete #删除云硬盘

  • nova volume-snapshot-create #创建云硬盘快照

  • nova volume-snapshot-delete #删除云硬盘快照

  • nova live-migration ID node #热迁移

  • nova migrate ID node #冷迁移

  • nova migration-list #列出迁移列表

  • nova get-vnc-console ID novnc #获取虚机的vnc地址

  • nova reset-state --active ID #标识主机状态

3. neutron常用命令

  • neutron agent-list #列举所有的agent

  • neutron agent-show ID #显示指定agent信息

  • neutron port-list #查看端口列表

  • neutron net-list #列出当前租户所有网络

  • neutron net-list --all-tenants #列出所有租户所有网络

  • neutron net-show ID #查看一个网络的详细信息

  • neutron net-delete ID #删除一个网络

  • ip netns #查看命名空间

  • ip netsn exec haproxy ip a #查看haproxy的ip

4. cinder命令

  • cinder list #列出所有的volumes

  • cinder service-list #列出所有的服务

  • cinder snapshot-list #列出所有的快照

  • cinder backup-list #列出所有备份

  • cinder type-list #列出所有volume类型

  • cinder show

  • cinder delete

5. ceph命令

  • ceph -s #查看osd状态

  • ceph osd tree #查看osd

  • ceph osd down osd.0 #终止osd.0

  • ceph osd rm 0 #删除osd.0

  • ceph health detail #查看集群健康状况

  • ceph auth list #获取权限列表

  • ceph auth caps client.lucy mon ‘allow r’ mds ‘allwo r, allow rw path=/lucy, allow rw path=/jerry_share’ osd ‘allow rw’ #修改clent.lucy用户权限

  • ceph auth get-key client.lucy #获取某个用户的key

  • systemctl status ceph-osd.target #重启osd服务

  • systemctl status [email protected] #查看osd.5的状态

6. rabbitmq命令

  • rabbitmqctl cluster_status #查看消息队列集群状态

  • rabbitmqctl start_app #启动

  • rabbitmqctl stop_app #停止

  • rabbitmqctl reset #重置

  • rabbitmqctl list_queues #查看rabbitmq队列

  • systemctl status rabbitmq-service.service #查看rabbitmq的状态

7. 镜像相关

  • qemu-img convert -f qcow2 -0 raw Win10_1803_chinese_x64_glance.qcow2 Win10_1803_chinese_x64_glance.raw 镜像格式转换

  • openstack image create “name” --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public 上传镜像

  • /var/lib/glance/images 镜像上传后存放路径

8. openstack各服务日志路径

  • /var/log/keystone/keystone.log

  • /var/log/glance/…

  • /var/log/neutron/…

  • /var/log/nova/…

  • /var/log/cinder/…

  • /var/log/apache2/ #dashboard日志

  • /var/log/syslog

  • /var/log/messages

9. 修改时间和时区

  • timedatectl #显示各项当前时间

  • timedatectl list-timezones #显示系统所支持的时间区域

  • timedatectl set-timezone Asia/Shanghai #设置当前系统的时间区域

  • date -s “20190328 14:56:30” #修改时间

  • /etc/ntp.conf #ntp文件路径

  • hwclock -w #同步硬件时间

  • hwclock –r #查看时间

10. 查看各服务状态

  • crm status #查看高可用集群状态

  • systemctl | grep neutron #找出neutron的各个服务

  • systemctl | grep nova #找出nova的各个服务

  • systemctl | grep cinder #找出cinder 的各个服务

  • systemctl status …

  • rbd info volume/volume-ID #检索映射信息

  • rbd rm volume/volume-ID #删除

  • /etc/init.d/ceph status #查看ceph状态

  • /etc/init.d/network restart #重启网络服务

  • ethtool eth0 #查看网口设置

你可能感兴趣的:(#,openstack,openstack,bash,linux)