OpenStack中各大组件的作用
Glance:负责管理镜像(镜像的上传、删除、下载)
Swift:提供镜像存储的空间
Nova:负责配额的修改、启动云主机(实例)、创建密钥对、绑定弹性IP等
Keystone:提供租户以及用户的管理
Neutron:负责网络、子网、安全组、安全组规则、浮动IP等
Cinderr:提供云硬盘
将small.img镜像上传到控制节点
通过Mobaxterm或者WinSCP将镜像文件上传到控制节点
[root@Controller ~]# ll
total 348452
......
drwxr-xr-x. 2 root root 6 Jan 12 09:21 Public
-rw-r--r-- 1 root root 356777984 Jan 16 15:03 small.img
drwxr-xr-x. 2 root root 6 Jan 12 09:21 Templates
......
[root@Controller ~]#
将变量读取到Bash中
先查看是否安装了Glance的客户端软件,如果还需要用到其他的组件,则都需要安装这些组件的客户端,使得任意一台Linux主机都可以对OpenStack进行管理。此外,还需要将keystonerc_admin文件通过SCP命令上传到管理端的Linux主机上
如果使用纯命令安装的话,需要跟很多的参数,所以先将变量名读取到Bash中
[root@Controller ~]# rpm -qa | grep glance
openstack-glance-2014.2.2-1.el7ost.noarch
python-glance-store-0.1.10-2.el7ost.noarch
python-glanceclient-0.14.2-2.el7ost.noarch
python-glance-2014.2.2-1.el7ost.noarch
[root@Controller ~]# ls
anaconda-ks.cfg Documents ist Pictures Templates
ans.txt Downloads keystonerc_admin Public Videos
Desktop initial-setup-ks.cfg Music small.img
[root@Controller ~]# cat keystonerc_admin
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PASSWORD=badboy
export OS_AUTH_URL=http://192.168.43.129:5000/v2.0/
export OS_REGION_NAME=RegionOne
export PS1='[\u@\h \W(keystone_admin)]\$ '
[root@Controller ~]# source keystonerc_admin
[root@Controller ~(keystone_admin)]#
创建镜像
可以通过【组件名 --help】命令查看命令帮助手册
跟上参数后,可以通过【组件名 help 参数】来查看参数的具体用法
使用命令创建镜像
glance image-create --name BadBoy --disk-format qcow2 --container-format bare --file /root/small.img --is-public yes --is-protected yes --progress
使用glance组件,创建名为BadBoyd的项目,磁盘格式为qcow2,容器格式为裸金属服务器(bare),镜像文件为/root/small.img,并且是受保护的公用镜像,显示创建的进度
可以在Web界面查看创建的情况
也可以使用命令【glance image-list】列出所有的镜像
[root@Controller ~(keystone_admin)]# glance image-list
+--------------------------------------+--------+-------------+------------------+-----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+--------+-------------+------------------+-----------+--------+
| 4ba9b38c-7edf-46bb-9365-dd959c65d19b | BadBoy | qcow2 | bare | 356777984 | active |
| 5cfc79e8-e310-4095-a27b-0ce0d4ad02df | Image | qcow2 | bare | 356777984 | active |
+--------------------------------------+--------+-------------+------------------+-----------+--------+
[root@Controller ~(keystone_admin)]#
创建租户(项目)
使用命令创建租户
keystone tenant-create --description MyProject --name Huawei
使用keystone组件,创建一个租户,描述为MyProject,租户名为Hauwei
[root@Controller ~(keystone_admin)]# keystone help tenant-create
usage: keystone tenant-create --name <tenant-name>
[--description <tenant-description>]
[--enabled <true|false>]
Create new tenant.
Arguments:
--name <tenant-name> New tenant name (must be unique).
--description <tenant-description>
Description of new tenant. Default is none.
--enabled <true|false>
Initial tenant enabled status. Default is true.
[root@Controller ~(keystone_admin)]# keystone tenant-create --description MyProject --name Huawei
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | MyProject |
| enabled | True |
| id | 25244f4dc25146918972b2b8a63c5977 |
| name | Huawei |
+-------------+----------------------------------+
[root@Controller ~(keystone_admin)]#
创建成功后,可以使用命令查看创建的租户列表,也可以在Web界面查看租户列表
[root@Controller ~(keystone_admin)]# keystone tenant-list
+----------------------------------+----------------+---------+
| id | name | enabled |
+----------------------------------+----------------+---------+
| 25244f4dc25146918972b2b8a63c5977 | Huawei | True |
| 9f0d3c83b49e4c23b508880c888b19db | admin | True |
| 051d549cfdd146ab863f876fccf2a7db | badboy_project | True |
| f45936dc0cb34727b47dde53c83beb98 | services | True |
+----------------------------------+----------------+---------+
[root@Controller ~(keystone_admin)]#
在Web界面查看项目的缺省配置
修改项目配额
项目的各项配置都是缺省配置,如果需要修改,可以在Web界面进行修改,也可以使用命令修改
nova quota-update --metadata-items 100 --cores 10 --ram 40960 --instance 5 25244f4dc25146918972b2b8a63c5977
使用nova组件,更新配额信息,元数据条目为100,虚拟内核为10,内存为40G,实例为5
[root@Controller ~(keystone_admin)]# keystone tenant-list
+----------------------------------+----------------+---------+
| id | name | enabled |
+----------------------------------+----------------+---------+
| 25244f4dc25146918972b2b8a63c5977 | Huawei | True |
| 9f0d3c83b49e4c23b508880c888b19db | admin | True |
| 051d549cfdd146ab863f876fccf2a7db | badboy_project | True |
| f45936dc0cb34727b47dde53c83beb98 | services | True |
+----------------------------------+----------------+---------+
[root@Controller ~(keystone_admin)]# nova quota-update --metadata-items 100 --cores 10 --ram 40960 --instance 5 25244f4dc25146918972b2b8a63c5977
[root@Controller ~(keystone_admin)]#
更新后,可以在Web界面查看
创建用户,与租户进行绑定
使用命令创建用户,与租户进行绑定
列出所有的项目列表
创建用户,通过租户的id将用户与租户绑定
使用keystone组件,创建名为user01的用户,密码为redhat,绑定的租户为Huawei
[root@Controller ~(keystone_admin)]# keystone tenant-list
+----------------------------------+----------------+---------+
| id | name | enabled |
+----------------------------------+----------------+---------+
| 25244f4dc25146918972b2b8a63c5977 | Huawei | True |
| 9f0d3c83b49e4c23b508880c888b19db | admin | True |
| 051d549cfdd146ab863f876fccf2a7db | badboy_project | True |
| f45936dc0cb34727b47dde53c83beb98 | services | True |
+----------------------------------+----------------+---------+
[root@Controller ~(keystone_admin)]# keystone user-create --name user01 --pass redhat --tenant 25244f4dc25146918972b2b8a63c5977
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 1a7f46f5a2e84fcca4c8605ab1c8c5e8 |
| name | user01 |
| tenantId | 25244f4dc25146918972b2b8a63c5977 |
| username | user01 |
+----------+----------------------------------+
[root@Controller ~(keystone_admin)]#
生成用户的环境变量
直接拷贝admin的环境变量,然后修改文件中的内容
[root@Controller ~(keystone_admin)]# ls
anaconda-ks.cfg Documents ist Pictures Templates
ans.txt Downloads keystonerc_admin Public Videos
Desktop initial-setup-ks.cfg Music small.img
[root@Controller ~(keystone_admin)]# cp keystonerc_admin keystonerc_user01
[root@Controller ~(keystone_admin)]# ls
anaconda-ks.cfg Documents ist Music small.img
ans.txt Downloads keystonerc_admin Pictures Templates
Desktop initial-setup-ks.cfg keystonerc_user01 Public Videos
[root@Controller ~(keystone_admin)]# vim keystonerc_user01
[root@Controller ~(keystone_admin)]# cat keystonerc_user01
export OS_USERNAME=user01
export OS_TENANT_NAME=Huawei
export OS_PASSWORD=redhat
export OS_AUTH_URL=http://192.168.43.129:5000/v2.0/
export OS_REGION_NAME=RegionOne
export PS1='[\u@\h \W(keystone_user01)]\$ '
[root@Controller ~(keystone_admin)]#
使用创建的用户登录,创建私有网络
重新读取创建用户的环境变量,使用该用户创建网络,此网络为私有网络
[root@Controller ~(keystone_admin)]# source keystonerc_user01
[root@Controller ~(keystone_user01)]# neutron net-create Private01
Created a new network:
+-----------------+--------------------------------------+
| Field | Value |
+-----------------+--------------------------------------+
| admin_state_up | True |
| id | 422263d5-b926-4081-99e5-22bf55acee27 |
| name | Private01 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 25244f4dc25146918972b2b8a63c5977 |
+-----------------+--------------------------------------+
[root@Controller ~(keystone_user01)]#
重读用户的环境变量后,相当于使用user01登录到了OpenStack,之后的所有操作都是使用user01的身份去操作的
创建网络Private01
为网络创建子网
使用neutron组件,创建子网,命名为Private01_Subnet1,启用DHCP,是为Private01配置的子网,子网的地址段为192.168.2.0/24
[root@Controller ~(keystone_user01)]# neutron --help | grep subnet
subnet-create Create a subnet for a given tenant.
subnet-delete Delete a given subnet.
subnet-list List subnets that belong to a given tenant.
subnet-show Show information of a given subnet.
subnet-update Update subnet's information.
[root@Controller ~(keystone_user01)]# neutron help subnet-create
......
[root@Controller ~(keystone_user01)]# neutron subnet-create --name Private01_Subnet1 --enable-dhcp Private01 192.168.2.0/24
Created a new subnet:
+-------------------+--------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------+
| allocation_pools | {"start": "192.168.2.2", "end": "192.168.2.254"} |
| cidr | 192.168.2.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 192.168.2.1 |
| host_routes | |
| id | 30c835f8-e396-4cd7-8724-d875744c4e46 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | Private01_Subnet1 |
| network_id | 422263d5-b926-4081-99e5-22bf55acee27 |
| tenant_id | 25244f4dc25146918972b2b8a63c5977 |
+-------------------+--------------------------------------------------+
[root@Controller ~(keystone_user01)]#
使用 neutron --help | grep subnet 命令,可以过滤出子网配置的命令
使用 neutron help subnet-create 命令,可以查看子命令 subnet-create 的用法以及参数说明
使用命令查看私有网络和私有网络下的子网
[root@Controller ~(keystone_user01)]# neutron net-list
+--------------------------------------+---------------+------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+---------------+------------------------------------------------------+
| 422263d5-b926-4081-99e5-22bf55acee27 | Private01 | 30c835f8-e396-4cd7-8724-d875744c4e46 192.168.2.0/24 |
| 43ef70e3-54a5-44d2-b3b0-9e46070a1e82 | public_badboy | b737926d-3319-4705-a0d3-f8534ed7a364 192.168.43.0/24 |
+--------------------------------------+---------------+------------------------------------------------------+
[root@Controller ~(keystone_user01)]# neutron subnet-list
+--------------------------------------+-------------------+-----------------+------------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+-------------------+-----------------+------------------------------------------------------+
| 30c835f8-e396-4cd7-8724-d875744c4e46 | Private01_Subnet1 | 192.168.2.0/24 | {"start": "192.168.2.2", "end": "192.168.2.254"} |
| b737926d-3319-4705-a0d3-f8534ed7a364 | publlic_subnet | 192.168.43.0/24 | {"start": "192.168.43.150", "end": "192.168.43.200"} |
+--------------------------------------+-------------------+-----------------+------------------------------------------------------+
[root@Controller ~(keystone_user01)]#
使用admin用户登录,创建公有网络
重新读取admin的环境变量,使用admin创建网络,此网络为公有网络
[root@Controller ~(keystone_user01)]# source keystonerc_admin
[root@Controller ~(keystone_admin)]# neutron net-create public_badboy
[root@Controller ~(keystone_admin)]# neutron subnet-create --name public_badboy --enabled-dhcp public_badboy 192.1688.43.192/26
这里因为之前在Web界面发放云主机时创建了公网,所以在这里无法再使用命令创建相同地址段的公网,所以部分步骤省略
需要注意一下,在分配IP地址时,为了避免IP地址冲突,所以需要将控制节点和计算节点以及NTP服务器的IP地址排除
创建路由
使用user01登录,创建路由
[root@Controller ~(keystone_admin)]# source keystonerc_user01
[root@Controller ~(keystone_user01)]# neutron router-create Router01
Created a new router:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin_state_up | True |
| external_gateway_info | |
| id | c78e2c08-d2ec-450c-a85e-666618d8b48f |
| name | Router01 |
| routes | |
| status | ACTIVE |
| tenant_id | 25244f4dc25146918972b2b8a63c5977 |
+-----------------------+--------------------------------------+
[root@Controller ~(keystone_user01)]# neutron router-list
+--------------------------------------+----------+-----------------------+
| id | name | external_gateway_info |
+--------------------------------------+----------+-----------------------+
| c78e2c08-d2ec-450c-a85e-666618d8b48f | Router01 | null |
+--------------------------------------+----------+-----------------------+
[root@Controller ~(keystone_user01)]#
在Web界面中也可以看到拓扑结构
为路由器配置网关和接口
配置接口
[root@Controller ~(keystone_user01)]# neutron router-list
+--------------------------------------+----------+-----------------------+
| id | name | external_gateway_info |
+--------------------------------------+----------+-----------------------+
| c78e2c08-d2ec-450c-a85e-666618d8b48f | Router01 | null |
+--------------------------------------+----------+-----------------------+
[root@Controller ~(keystone_user01)]# neutron subnet-list
+--------------------------------------+-------------------+-----------------+------------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+-------------------+-----------------+------------------------------------------------------+
| 30c835f8-e396-4cd7-8724-d875744c4e46 | Private01_Subnet1 | 192.168.2.0/24 | {"start": "192.168.2.2", "end": "192.168.2.254"} |
| b737926d-3319-4705-a0d3-f8534ed7a364 | publlic_subnet | 192.168.43.0/24 | {"start": "192.168.43.150", "end": "192.168.43.200"} |
+--------------------------------------+-------------------+-----------------+------------------------------------------------------+
[root@Controller ~(keystone_user01)]# neutron router-interface-add c78e2c08-d2ec-450c-a85e-666618d8b48f 30c835f8-e396-4cd7-8724-d875744c4e46
Added interface a96cd227-61a8-4a1d-a853-ab455b9e1dbd to router c78e2c08-d2ec-450c-a85e-666618d8b48f.
[root@Controller ~(keystone_user01)]#
给路由器添加接口,即相当于把路由器与内网连接
需要将路由器绑定虚拟私网的子网
配置网关
[root@Controller ~(keystone_user01)]# neutron router-list
+--------------------------------------+----------+-----------------------+
| id | name | external_gateway_info |
+--------------------------------------+----------+-----------------------+
| c78e2c08-d2ec-450c-a85e-666618d8b48f | Router01 | null |
+--------------------------------------+----------+-----------------------+
[root@Controller ~(keystone_user01)]# neutron net-list
+--------------------------------------+---------------+----------------------------
| id | name | subnets
+--------------------------------------+---------------+----------------------------
| 422263d5-b926-4081-99e5-22bf55acee27 | Private01 | 30c835f8-e396-4cd7-8724-d87
| 43ef70e3-54a5-44d2-b3b0-9e46070a1e82 | public_badboy | b737926d-3319-4705-a0d3-f85
+--------------------------------------+---------------+----------------------------
[root@Controller ~(keystone_user01)]# neutron router-gateway-set c78e2c08-d2ec-450c-a85e-666618d8b48f 43ef70e3-54a5-44d2-b3b0-9e46070a1e82
Set gateway for router c78e2c08-d2ec-450c-a85e-666618d8b48f
[root@Controller ~(keystone_user01)]#
给路由器设置网关,即相当于给将路由器与物理网络(公网)连接
只需要将路由器绑定到公网即可
创建安全组并添加安全规则
创建安全组
[root@Controller ~(keystone_user01)]# neutron security-group-create Security01
Created a new security_group:
+----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| description | |
| id | ffeee838-028e-4fef-a9f4-8ad30c4154b0 |
| name | Security01 |
| security_group_rules | {"remote_group_id": null, "direction": "egress", "remote_ip_prefix": null, "protocol": null, "tenant_id": "25244f4dc25146918972b2b8a63c5977", "port_range_max": null, "security_group_id": "ffeee838-028e-4fef-a9f4-8ad30c4154b0", "port_range_min": null, "ethertype": "IPv4", "id": "afbe1320-a4ee-46f6-9412-4546d03881da"} |
| | {"remote_group_id": null, "direction": "egress", "remote_ip_prefix": null, "protocol": null, "tenant_id": "25244f4dc25146918972b2b8a63c5977", "port_range_max": null, "security_group_id": "ffeee838-028e-4fef-a9f4-8ad30c4154b0", "port_range_min": null, "ethertype": "IPv6", "id": "8451f553-dc1d-4442-897f-11c222752f56"} |
| tenant_id | 25244f4dc25146918972b2b8a63c5977 |
+----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@Controller ~(keystone_user01)]#
创建安全组规则
[root@Controller ~(keystone_user01)]# neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 --ethertype ipv4 --remote-ip-prefix 0.0.0.0/0 Security01
Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| direction | ingress |
| ethertype | IPv4 |
| id | 8d761f99-9b57-4b64-9916-32e47931be5e |
| port_range_max | 22 |
| port_range_min | 22 |
| protocol | tcp |
| remote_group_id | |
| remote_ip_prefix | 0.0.0.0/0 |
| security_group_id | ffeee838-028e-4fef-a9f4-8ad30c4154b0 |
| tenant_id | 25244f4dc25146918972b2b8a63c5977 |
+-------------------+--------------------------------------+
[root@Controller ~(keystone_user01)]# neutron security-group-rule-create --protocol tcp --port-range-min 80 --port-range-max 80 --ethertype ipv4 --remote-ip-prefix 0.0.0.0/0 Security01
[root@Controller ~(keystone_user01)]# neutron security-group-rule-create --protocol icmp --ethertype ipv4 --remote-ip-prefix 0.0.0.0/0 Security01
创建安全组规则,放行SSH、HTTP和ICMP流量
创建密钥对
创建密钥对,并将私钥保存成文件
[root@Controller ~(keystone_user01)]# nova keypair-add key_01 > key_01.pem
[root@Controller ~(keystone_user01)]# ls
anaconda-ks.cfg Downloads keystonerc_admin Public
ans.txt initial-setup-ks.cfg keystonerc_user01 small.img
Desktop ist Music Templates
Documents key_01.pem Pictures Videos
[root@Controller ~(keystone_user01)]# cat key_01.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAxyZOEiA16Cg27IoJZwLmkYhg6eogyVOiSQmEWe0H46m7kO7j
......
Ousbq0K6aB6G4SnxXp0PRG7uEkuRKk3gT2SJrqFTid0TWJfBUrugiQ==
-----END RSA PRIVATE KEY-----
[root@Controller ~(keystone_user01)]# nova keypair-list
+--------+-------------------------------------------------+
| Name | Fingerprint |
+--------+-------------------------------------------------+
| key_01 | 70:2e:81:d3:1e:2a:a3:b2:ff:a8:da:04:4e:5f:7a:73 |
+--------+-------------------------------------------------+
[root@Controller ~(keystone_user01)]#
创建浮动IP
创建浮动IP
[root@Controller ~(keystone_user01)]# neutron net-list
+--------------------------------------+---------------+------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+---------------+------------------------------------------------------+
| 422263d5-b926-4081-99e5-22bf55acee27 | Private01 | 30c835f8-e396-4cd7-8724-d875744c4e46 192.168.2.0/24 |
| 43ef70e3-54a5-44d2-b3b0-9e46070a1e82 | public_badboy | b737926d-3319-4705-a0d3-f8534ed7a364 192.168.43.0/24 |
+--------------------------------------+---------------+------------------------------------------------------+
[root@Controller ~(keystone_user01)]# neutron floatingip-create 43ef70e3-54a5-44d2-b3b0-9e46070a1e82
Created a new floatingip:
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| fixed_ip_address | |
| floating_ip_address | 192.168.43.154 |
| floating_network_id | 43ef70e3-54a5-44d2-b3b0-9e46070a1e82 |
| id | 4bcafee0-1e75-478a-a8ab-f3a276a51b47 |
| port_id | |
| router_id | |
| status | DOWN |
| tenant_id | 25244f4dc25146918972b2b8a63c5977 |
+---------------------+--------------------------------------+
[root@Controller ~(keystone_user01)]# neutron floatingip-list
+--------------------------------------+------------------+---------------------+---------+
| id | fixed_ip_address | floating_ip_address | port_id |
+--------------------------------------+------------------+---------------------+---------+
| 4bcafee0-1e75-478a-a8ab-f3a276a51b47 | | 192.168.43.154 | |
+--------------------------------------+------------------+---------------------+---------+
[root@Controller ~(keystone_user01)]#
启动云实例
查看各个需要使用到的组件的id
[root@Controller ~(keystone_user01)]# nova flavor-list
+--------------------------------------+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+--------------------------------------+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | | 1 | 1.0 | True |
| 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True |
| 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True |
| 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | 1.0 | True |
| 5fb33f6e-848a-4ecf-bae9-f87168e37bc0 | m1.badboy | 1024 | 40 | 0 | | 2 | 1.0 | True |
+--------------------------------------+-----------+-----------+------+-----------+------+-------+-------------+-----------+
[root@Controller ~(keystone_user01)]# glance image-list
+--------------------------------------+--------+-------------+------------------+-----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+--------+-------------+------------------+-----------+--------+
| 4ba9b38c-7edf-46bb-9365-dd959c65d19b | BadBoy | qcow2 | bare | 356777984 | active |
| 5cfc79e8-e310-4095-a27b-0ce0d4ad02df | Image | qcow2 | bare | 356777984 | active |
+--------------------------------------+--------+-------------+------------------+-----------+--------+
[root@Controller ~(keystone_user01)]# nova keypair-list
+--------+-------------------------------------------------+
| Name | Fingerprint |
+--------+-------------------------------------------------+
| key_01 | 70:2e:81:d3:1e:2a:a3:b2:ff:a8:da:04:4e:5f:7a:73 |
+--------+-------------------------------------------------+
[root@Controller ~(keystone_user01)]# neutron security-group-list
+--------------------------------------+------------+-------------+
| id | name | description |
+--------------------------------------+------------+-------------+
| 359d9dc6-96a8-4c88-a07d-3a30e494128b | default | default |
| ffeee838-028e-4fef-a9f4-8ad30c4154b0 | Security01 | |
+--------------------------------------+------------+-------------+
[root@Controller ~(keystone_user01)]# neutron net-list
+--------------------------------------+---------------+------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+---------------+------------------------------------------------------+
| 422263d5-b926-4081-99e5-22bf55acee27 | Private01 | 30c835f8-e396-4cd7-8724-d875744c4e46 192.168.2.0/24 |
| 43ef70e3-54a5-44d2-b3b0-9e46070a1e82 | public_badboy | b737926d-3319-4705-a0d3-f8534ed7a364 192.168.43.0/24 |
+--------------------------------------+---------------+------------------------------------------------------+
[root@Controller ~(keystone_user01)]#
启动云主机实例
选择规格为m1.badboy,使用的镜像为BadBoy,使用的密钥对为key_01,使用的安全组规则为Security01,使用的网卡为Private01
[root@Controller ~(keystone_user01)]# nova boot --flavor m1.badboy --image BadBoy --key-name key_01 --security-groups Security01 --nic net-id=422263d5-b926-4081-99e5-22bf55acee27 server_02
+--------------------------------------+--------------------------------------------------+
| Property | Value |
+--------------------------------------+--------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | WrYBZ8iicbrC |
| config_drive | |
| created | 2023-01-16T13:31:16Z |
| flavor | m1.badboy (5fb33f6e-848a-4ecf-bae9-f87168e37bc0) |
| hostId | |
| id | 2829e33b-ccda-4c90-b81c-d1290da6b34e |
| image | BadBoy (4ba9b38c-7edf-46bb-9365-dd959c65d19b) |
| key_name | key_01 |
| metadata | {} |
| name | server_02 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | Security01 |
| status | BUILD |
| tenant_id | 25244f4dc25146918972b2b8a63c5977 |
| updated | 2023-01-16T13:31:16Z |
| user_id | 1a7f46f5a2e84fcca4c8605ab1c8c5e8 |
+--------------------------------------+--------------------------------------------------+
[root@Controller ~(keystone_user01)]#
规则、镜像都可以使用id或名字,安全组必须使用名字
绑定浮动IP
[root@Controller ~(keystone_user01)]# neutron floatingip-list
+--------------------------------------+------------------+---------------------+---------+
| id | fixed_ip_address | floating_ip_address | port_id |
+--------------------------------------+------------------+---------------------+---------+
| 4bcafee0-1e75-478a-a8ab-f3a276a51b47 | | 192.168.43.154 | |
+--------------------------------------+------------------+---------------------+---------+
[root@Controller ~(keystone_user01)]# nova --help | grep floating
add-floating-ip DEPRECATED, use floating-ip-associate instead.
floating-ip-associate Associate a floating IP address to a server.
floating-ip-bulk-create Bulk create floating ips by range.
floating-ip-bulk-delete Bulk delete floating ips by range.
floating-ip-bulk-list List all floating ips.
floating-ip-create Allocate a floating IP for the current tenant.
floating-ip-delete De-allocate a floating IP.
floating-ip-disassociate Disassociate a floating IP address from a
floating-ip-list List floating ips.
floating-ip-pool-list List all floating ip pools.
remove-floating-ip DEPRECATED, use floating-ip-disassociate
[root@Controller ~(keystone_user01)]# nova help add-floating-ip
usage: nova add-floating-ip [--fixed-address <fixed_address>]
<server> <address>
DEPRECATED, use floating-ip-associate instead.
Positional arguments:
<server> Name or ID of server.
<address> IP Address.
Optional arguments:
--fixed-address <fixed_address>
Fixed IP Address to associate with.
[root@Controller ~(keystone_user01)]# nova add-floating-ip server_02 192.168.43.154
[root@Controller ~(keystone_user01)]#
绑定浮动IP后,可以使用密钥对+浮动公网IP访问发放的云主机
密钥对文件的默认权限是644,在使用私钥进行登陆时,会提示文件权限过大,所以需要修改权限
修改权限后,使用cloud-user登录弹性IP来访问云主机,登录云主机后,可以再切换到root用户
[root@Controller ~(keystone_user01)]# ssh -i key_02.pem cloud-user@192.168.43.154
The authenticity of host '192.168.43.154 (192.168.43.154)' can't be established.
ECDSA key fingerprint is 44:bb:59:5b:53:3e:f3:e5:aa:e1:ce:58:9e:f9:b3:ca.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.43.154' (ECDSA) to the list of known hosts.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for 'key_02.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: key_02.pem
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
[root@Controller ~(keystone_user01)]# ll
total 348460
......
-rw-r--r--. 1 root root 1602 Jan 12 09:21 initial-setup-ks.cfg
-rw-r--r-- 1 root root 0 Jan 14 16:01 ist
-rw-r--r-- 1 root root 1680 Jan 16 21:11 key_02.pem
-rw------- 1 root root 206 Jan 12 19:02 keystonerc_admin
-rw------- 1 root root 209 Jan 16 19:53 keystonerc_user01
......
[root@Controller ~(keystone_user01)]# chmod 400 key_02.pem
[root@Controller ~(keystone_user01)]# ll
total 348460
......
-rw-r--r--. 1 root root 1602 Jan 12 09:21 initial-setup-ks.cfg
-rw-r--r-- 1 root root 0 Jan 14 16:01 ist
-r-------- 1 root root 1680 Jan 16 21:11 key_02.pem
-rw------- 1 root root 206 Jan 12 19:02 keystonerc_admin
-rw------- 1 root root 209 Jan 16 19:53 keystonerc_user01
......
[root@Controller ~(keystone_user01)]# ssh -i key_02.pem cloud-user@192.168.43.154
[cloud-user@server-02 ~]$ su - root
Password:
[root@server-02 ~]# exit
logout
[cloud-user@server-02 ~]$ exit
logout
Connection to 192.168.43.154 closed.
[root@Controller ~(keystone_user01)]#
创建云硬盘,并挂载到云主机
创建云硬盘
使用cinder组件,创建Vol_02大小为5GB的云硬盘
[root@Controller ~(keystone_user01)]# cinder create --display-name Vol_02 5
+---------------------+--------------------------------------+
| Property | Value |
+---------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| created_at | 2023-01-17T05:29:46.573345 |
| display_description | None |
| display_name | Vol_02 |
| encrypted | False |
| id | 62bfccbd-3c28-461a-9922-e9ad83483566 |
| metadata | {} |
| size | 5 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| volume_type | None |
+---------------------+--------------------------------------+
[root@Controller ~(keystone_user01)]#
将云硬盘与云主机进行绑定
使用nova组件,将云硬盘与云主机进行绑定
[root@Controller ~(keystone_user01)]# cinder list
+--------------------------------------+-----------+--------------+------+-------------+----------+-------------+
| ID | Status | Display Name | Size | Volume Type | Bootable | Attached to |
+--------------------------------------+-----------+--------------+------+-------------+----------+-------------+
| 62bfccbd-3c28-461a-9922-e9ad83483566 | available | Vol_02 | 5 | None | false | |
+--------------------------------------+-----------+--------------+------+-------------+----------+-------------+
[root@Controller ~(keystone_user01)]# nova volume-attach server_02 62bfccbd-3c28-461a-9922-e9ad83483566
+----------+--------------------------------------+
| Property | Value |
+----------+--------------------------------------+
| device | /dev/vdb |
| id | 62bfccbd-3c28-461a-9922-e9ad83483566 |
| serverId | 2829e33b-ccda-4c90-b81c-d1290da6b34e |
| volumeId | 62bfccbd-3c28-461a-9922-e9ad83483566 |
+----------+--------------------------------------+
[root@Controller ~(keystone_user01)]#
远程登录到云主机
查看主机的硬盘
将云硬盘进行分区,然后格式化
创建挂载点,将云硬盘进行挂载
[root@Controller ~(keystone_user01)]# !ssh
ssh -i key_02.pem cloud-user@192.168.43.154
Last login: Tue Jan 17 00:22:32 2023 from 192.168.43.129
[cloud-user@server-02 ~]$ su - root
Password:
Last login: Tue Jan 17 00:22:44 EST 2023 on pts/0
[root@server-02 ~]# fdisk -l
Disk /dev/vda: 42.9 GB, 42949672960 bytes, 83886080 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000833ce
Device Boot Start End Blocks Id System
/dev/vda1 * 2048 83884629 41941291 83 Linux
Disk /dev/vdb: 5368 MB, 5368709120 bytes, 10485760 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
[root@server-02 ~]# fdisk /dev/vdb
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0xa067d867.
Command (m for help): n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p
Partition number (1-4, default 1): 1
First sector (2048-10485759, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-10485759, default 10485759):
Using default value 10485759
Partition 1 of type Linux and of size 5 GiB is set
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@server-02 ~]# mkfs.ext4 /dev/vdb1
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
327680 inodes, 1310464 blocks
65523 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=1342177280
40 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736
Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
[root@server-02 ~]# mkdir /BadBoy
[root@server-02 ~]# mount /dev/vdb1 /BadBoy/
[root@server-02 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 40G 800M 40G 2% /
devtmpfs 480M 0 480M 0% /dev
tmpfs 497M 0 497M 0% /dev/shm
tmpfs 497M 13M 485M 3% /run
tmpfs 497M 0 497M 0% /sys/fs/cgroup
/dev/vdb1 4.8G 20M 4.6G 1% /BadBoy
[root@server-02 ~]# cd /BadBoy/
[root@server-02 BadBoy]# ls
lost+found
[root@server-02 BadBoy]#
云主机发放完成
以上内容均属原创,如有不详或错误,敬请指出。
本文作者: 坏坏
本文链接:http://t.csdn.cn/JfFwY
版权声明: 本博客所有文章转载请联系作者注明出处并附带本文链接!