前言:
前面我们使用虚拟机搭建了一个openstack集群,也就是在VM虚拟机的基础上模拟了一个简单的基于openstack社区版Rocky的私有云,但,不管任何部署安装工作,最后其实都是需要有实际的应用的,也就是常说的实务(实际业务)
那么,在前面搭建的这个私有云里,我们能做些什么?如何做?
OK,以上问题解答之前,需要先明确私有云是一个基础设施平台,通过我们安装的keystone,nova,glacier,cinder,neutron,这些关键组件虚拟化计算节点的资源(资源指的是内存,CPU这些关键资源),基于kvm等虚拟技术,按照flavor(虚拟机模板)生产虚拟机,并管理这些虚拟机,以提供给私有云内的用户各种各样的操作系统(例如,生产Windows类型的虚拟机,Debian类型的虚拟机),以及云盘(cinder这个组件生产的卷)动态的扩展虚拟机,
简单来说,计算节点的资源我们可以看做是一个资源池,然后从这个资源池内生产符合我们期望的云主机(ECS)并有云盘的挂载这些动态扩展。
这里有两个概念,第一个是镜像,第二个是实例。
一,
镜像
也就是image,这里和docker里是非常类似的,但,该镜像是具有特定的虚拟机格式的,例如,qcow2类型镜像,raw类型镜像,qcow类型镜像,vmdk类型镜像等等很多类型,而docker内的镜像体现在文件上,只是一个压缩包而已,这个压缩包内是有许多layer(层)这样的概念而已,是没有格式的说法的。
云计算的镜像是有格式的概念的,例如,我们现在查看一个可以在openstack平台内使用的虚拟机镜像(简单理解,也就是一个虚拟化的硬盘,此硬盘有很多类型,但,这个硬盘内我们安装了可引导的操作系统):
这个newwin7.img 格式是qcow2,压缩比例是1.1,实际大小是3.4G,总大小是15G
[root@k8s-node2 opt]# qemu-img info newwin7.img
image: newwin7.img
file format: qcow2
virtual size: 15G (16106127360 bytes)
disk size: 3.4G
cluster_size: 65536
Format specific information:
compat: 1.1
lazy refcounts: false
而docker的镜像是虚拟化的,当然,我们可以通过docker save 命令将镜像实体化:
[root@k8s-node2 opt]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.aliyuncs.com/google_containers/kube-proxy v1.23.15 9dbdbaf158f6 2 months ago 112MB
registry.aliyuncs.com/google_containers/pause 3.6 6270bb605e12 17 months ago 683kB
quay.io/coreos/flannel v0.13.0 e708f4bb69e3 2 years ago 57.2MB
二,
实例
镜像启动后,在openstack中,我们就叫实例,也就是server,在docker中,我们叫容器,不过通常这个是省略的叫法,其实全称是实例化容器也就是container(注意,不是containerd,containerd是容器服务,docker也是容器服务,这里不要搞混了)
例如,在docker中:
k8s_POD_kube-proxy-z4zdp_kube-system_9e12a38d-2a49-4dd7-9897-478d89ab943c_3这个就是一个容器,虽然此容器是退出状态。
[root@k8s-node2 opt]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8caa6c8e1ad3 e708f4bb69e3 "/opt/bin/flanneld -…" 5 weeks ago Exited (255) 4 weeks ago k8s_kube-flannel_kube-flannel-ds-vlrtj_kube-system_46590cd0-ae59-414c-8b34-fa7caf727fce_2
c1d0d5d5c773 e708f4bb69e3 "cp -f /etc/kube-fla…" 5 weeks ago Exited (0) 5 weeks ago k8s_install-cni_kube-flannel-ds-vlrtj_kube-system_46590cd0-ae59-414c-8b34-fa7caf727fce_2
ce07c5e4a552 9dbdbaf158f6 "/usr/local/bin/kube…" 5 weeks ago Exited (255) 4 weeks ago k8s_kube-proxy_kube-proxy-z4zdp_kube-system_9e12a38d-2a49-4dd7-9897-478d89ab943c_3
046f138b0761 registry.aliyuncs.com/google_containers/pause:3.6 "/pause" 5 weeks ago Exited (255) 4 weeks ago k8s_POD_kube-flannel-ds-vlrtj_kube-system_46590cd0-ae59-414c-8b34-fa7caf727fce_2
e8be7c942476 registry.aliyuncs.com/google_containers/pause:3.6 "/pause" 5 weeks ago Exited (255) 4 weeks ago k8s_POD_kube-proxy-z4zdp_kube-system_9e12a38d-2a49-4dd7-9897-478d89ab943c_3
在openstack中的实例:
[root@openstack1 ~]# openstack server list
+--------------------------------------+------+---------+------------------------+-------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+------+---------+------------------------+-------+---------+
| 315108a3-a375-4615-bbdd-7745d530886e | new1 | SHUTOFF | provider=192.168.123.4 | new1 | m1.tiny |
+--------------------------------------+------+---------+------------------------+-------+---------+
而这个实例,我们观察它的三维,发现有一个flavor是比较陌生的,这个是实例的规格,也就是实例的模板,可以通过一下命令查询到:
经对比可知,上面的实例new1使用的是new1这个镜像,使用的规格是第二个规格
[root@openstack1 ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 1024 | 50 | 0 | 1 | True |
| 2 | m1.small | 2048 | 500 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 500 | 0 | 2 | True |
| 4 | m1.large | 8192 | 500 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 500 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
OK,以上是一些基础性的知识科普,下面,将回答文章开始的问题,如何获取openstack可以使用的镜像
正文:
一,
镜像的来源问题
和docker,containerd这些虚拟技术类似,openstack的官方也会提供各种各样的镜像,这些镜像通常都是标准的镜像,通常,这些镜像已经安装好了操作系统,可以直接上传到glance服务内,然后交由openstack调度生成实例,也就是开箱即用,但由于基于标准化的生产,可能很多地方是我们不可接受的,例如,root密码没有,可能需要一些加工定制,在上传到glance服务内。
官方文档内的镜像下载地址:Get images — Virtual Machine Image Guide documentation
还有一种方式,那就是自制镜像,自己创建镜像文件并把操作系统安装到镜像文件内,然后上传到glance服务内,以供openstack使用
由于镜像的内容比较多,因此,本文将官方镜像和自制镜像分开来写,这篇文章将主要就官方镜像的获取以及如何定制化来做一个简单的描述。
下一篇文章在讲述如何自制镜像并上传到openstack实例化的整个流程。
二,
官方云镜像的定制化
从官方下载下来的官方镜像需要一些定制,以centos7为例,该官方镜像并没有root密码(没有任何人告诉你密码是多少,包括普通用户),并且由于是国外制作的镜像,时区一般也不是国内时区,这些我们都需要调整,还有我们可能希望这个镜像有安装一些软件,比如wget或者开发环境,这样镜像启动为实例的时候可以做到开箱即用,以及一些自己写的脚本,能实例化的时候就直接使用,这些都是我们的定制方向。
OK,本例下载的镜像为:CentOS-7-x86_64-GenericCloud-1508.qcow2.xz和debian-10-openstack-amd64.qcow2
上传到一个只安装有纯净的kvm环境的服务器上(kvm环境部署见我的文章:https://zskjohn.blog.csdn.net/article/details/124658437)
#####镜像定制化工具一般为libguestfs-tools 套件内的virt-custome命令,以上镜像是上传到服务器的/opt路径下:
#####注:重设密码和时区,此时这个镜像不能启动,如果有错误,可在命令最后加-v 参数查看详细报错
[root@k8s-node2 opt]# export LIBGUESTFS_BACKEND=direct
[root@k8s-node2 opt]# virt-customize -a /opt/CentOS-7-x86_64-GenericCloud-1508.qcow2 --root-password password:123456
[ 0.0] Examining the guest ...
[ 6.7] Setting a random seed
[ 6.7] Setting passwords
[ 9.1] Finishing off
[root@k8s-node2 opt]# virt-customize -a /opt/CentOS-7-x86_64-GenericCloud-1508.qcow2 --timezone "Asia/Shanghai"
[ 0.0] Examining the guest ...
[ 6.0] Setting a random seed
[ 6.0] Setting the timezone: Asia/Shanghai
[ 6.1] Finishing off
假设是一个RDS类型的数据库服务器,数据库安装脚本为a.sh:
[root@k8s-node2 opt]# virt-customize -a /opt/CentOS-7-x86_64-GenericCloud-1508.qcow2 --upload ./a.sh:/opt/a.sh
[ 0.0] Examining the guest ...
[ 4.9] Setting a random seed
[ 4.9] Uploading: ./a.sh to /opt/a.sh
[ 4.9] Finishing off
[root@k8s-node2 opt]# virt-customize -a /opt/CentOS-7-x86_64-GenericCloud-1508.qcow2 --chmod 755:/opt/a.sh
[ 0.0] Examining the guest ...
[ 4.8] Setting a random seed
[ 4.8] Changing permissions of /opt/a.sh to 755
[ 4.9] Finishing off
[root@k8s-node2 opt]# virt-customize -a /opt/CentOS-7-x86_64-GenericCloud-1508.qcow2 --run '/opt/a.sh'
[ 0.0] Examining the guest ...
[ 5.0] Setting a random seed
[ 5.0] Running: /opt/a.sh
。。。。。。。。后面的略略略当然,像Debian的镜像以及centos8的镜像都可以这样处理,以此类推,处理完毕后,上传到openstack的服务器后,再上传到glance服务:
[root@openstack1 opt]# openstack image create "debian" --file debian-10-openstack-amd64.qcow2 --disk-format qcow2 --container-format bare --public
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum | 15e64bfabf21c8bffafcc57d1c294c32 |
| container_format | bare |
| created_at | 2023-02-08T08:32:46Z |
| disk_format | qcow2 |
| file | /v2/images/85029b50-225b-4fd4-a5a2-70c8cdc293f2/file |
| id | 85029b50-225b-4fd4-a5a2-70c8cdc293f2 |
| min_disk | 0 |
| min_ram | 0 |
| name | debian |
| owner | 205ce8addd9444c893bd62244bcdae78 |
| properties | os_hash_algo='sha512', os_hash_value='1a5ecf75d2d0ecc77708d18001378ebd81d61775eff22431aec13776e813a931012777059ac23ade34c89bd96e5be2ba5024d11a8b8b44ca86f23b28b2ed30a8', os_hidden='False' |
| protected | False |
| schema | /v2/schemas/image |
| size | 690814976 |
| status | active |
| tags | |
| updated_at | 2023-02-08T08:33:08Z |
| virtual_size | None |
| visibility | public |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
由于openstack是搭建在虚拟机之上的,有bug问题,因此,修改镜像的属性后,在启动镜像为实例:
openstack image set --property hw_disk_bus=ide --property hw_vif_model=e1000 centos7
openstack server create --flavor m1.tiny --image centos7 --security-group default --key-name mykey centos7启动完毕后,登陆控制台,可以看到root密码已经设置了:
同样的,Debian的镜像也可以使用设置的密码登陆了:
但此时的实例只可以通过控制台登陆,
以上是Linux的镜像问题,但Windows比较复杂,需要利用cloudinit工具自制镜像(估计是版权问题,毕竟Windows不是开源的操作系统)
三,
虚拟机的网络问题
云计算的网络是非常复杂的,主要是涉及到的地方非常多,那么,一个虚拟机能够连接互联网,至少需要明确网关和DNS(分配IP地址是肯定要分配的),如果需要网络的拓展,那么,还需要路由,这些就涉及到了ARP静态表等等知识。
OK。cirros这种袖珍镜像是专门用来在openstack这样的云计算环境做测试用的镜像,下面以在selfservice网络模型下,运行一个cirros镜像为实例:
控制节点的ip(192.168.123.130,网关是192.168.123.2):
[root@openstack1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master brq688a0356-4f state UNKNOWN qlen 1000
link/ether 00:0c:29:de:be:e1 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fede:bee1/64 scope link
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 52:54:00:e8:93:4e brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
link/ether 52:54:00:e8:93:4e brd ff:ff:ff:ff:ff:ff
6: tap35bde514-d6@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master brq6ef09648-5c state UP qlen 1000
link/ether 5e:80:7d:9f:6f:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0
7: vxlan-17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master brq6ef09648-5c state UNKNOWN qlen 1000
link/ether 6e:6d:45:48:8e:cd brd ff:ff:ff:ff:ff:ff
8: brq6ef09648-5c: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP qlen 1000
link/ether 5e:80:7d:9f:6f:04 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a800:beff:fe4e:74c5/64 scope link
valid_lft forever preferred_lft forever
11: brq688a0356-4f: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 00:0c:29:de:be:e1 brd ff:ff:ff:ff:ff:ff
inet 192.168.123.130/24 brd 192.168.123.255 scope global brq688a0356-4f
valid_lft forever preferred_lft forever
inet6 fe80::5869:75ff:fe71:baf2/64 scope link
valid_lft forever preferred_lft forever
14: tapdc2df59d-2b@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master brq688a0356-4f state UP qlen 1000
link/ether 16:b4:10:95:8f:99 brd ff:ff:ff:ff:ff:ff link-netnsid 3
15: tap29f235e4-7b@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master brq6ef09648-5c state UP qlen 1000
link/ether e6:b6:45:46:1d:c4 brd ff:ff:ff:ff:ff:ff link-netnsid 1
16: tapf4264f35-18@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master brq688a0356-4f state UP qlen 1000
link/ether 76:a8:70:eb:83:8d brd ff:ff:ff:ff:ff:ff link-netnsid 1
网络概况,两张网,一个是provider,一个是selfservice,各有一个子网,分别是172.168.10/24和192.168.123.0/24
[root@openstack1 ~]# openstack network list
+--------------------------------------+-------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+-------------+--------------------------------------+
| 688a0356-4f2b-4029-b49e-a11bbdbedf0b | provider | 687b56a4-0672-451e-810c-ea3b895e3030 |
| 6ef09648-5ce7-4eb6-9aa2-735cb81567d3 | selfservice | 1bdfae33-5bcb-47ff-b3f0-aee2fc5e7f68 |
+--------------------------------------+-------------+--------------------------------------+
[root@openstack1 ~]# openstack subnet list
+--------------------------------------+-------------+--------------------------------------+------------------+
| ID | Name | Network | Subnet |
+--------------------------------------+-------------+--------------------------------------+------------------+
| 1bdfae33-5bcb-47ff-b3f0-aee2fc5e7f68 | selfservice | 6ef09648-5ce7-4eb6-9aa2-735cb81567d3 | 172.16.1.0/24 |
| 687b56a4-0672-451e-810c-ea3b895e3030 | provider1 | 688a0356-4f2b-4029-b49e-a11bbdbedf0b | 192.168.123.0/24 |
+--------------------------------------+-------------+--------------------------------------+------------------+
[root@openstack1 ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 2c:54:76:72:6f:e3:84:b9:ab:c1:35:04:1e:e3:83:a4 |
+-------+-------------------------------------------------+
[root@openstack1 ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------------------+---------+------------------------+----------------------------------+------+
| 2035d43a-0e81-4257-bd23-13af431b9f91 | default | Default security group | 205ce8addd9444c893bd62244bcdae78 | [] |
| 5b1b71d7-5e24-4011-82ca-0ddabfd32e8a | default | Default security group | | [] |
| e5f115d2-3c65-4bc5-89db-b9f725ee81db | default | Default security group | ae2263d201c0437788c85f1178b91dbe | [] |
+--------------------------------------+---------+------------------------+----------------------------------+------+
[root@openstack1 ~]# openstack security group rule list
+--------------------------------------+-------------+-----------+------------+--------------------------------------+--------------------------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group | Security Group |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+--------------------------------------+
| 05d39ab4-839f-48f1-909f-61e8cddb4058 | None | None | | None | 2035d43a-0e81-4257-bd23-13af431b9f91 |
| 0efb90a0-7593-409a-896d-ce61132be4f6 | icmp | 0.0.0.0/0 | | None | 2035d43a-0e81-4257-bd23-13af431b9f91 |
| 16d96ee8-5851-46c1-9a1d-c640d2a419bb | None | None | | e5f115d2-3c65-4bc5-89db-b9f725ee81db | e5f115d2-3c65-4bc5-89db-b9f725ee81db |
| 18abe149-6bbb-498f-beaf-5cf74699e285 | tcp | 0.0.0.0/0 | 22:22 | None | 2035d43a-0e81-4257-bd23-13af431b9f91 |
| 202c2e77-6bc7-45ce-bea4-a6598170946c | None | None | | 2035d43a-0e81-4257-bd23-13af431b9f91 | 2035d43a-0e81-4257-bd23-13af431b9f91 |
| 32b61bcc-44e3-4f9e-83ef-42835e76d182 | None | None | | None | 2035d43a-0e81-4257-bd23-13af431b9f91 |
| 4222bf5d-c763-491c-bc0c-9ae477344d61 | None | None | | None | 5b1b71d7-5e24-4011-82ca-0ddabfd32e8a |
| 53639084-0628-46cb-a1db-585fc794fe26 | None | None | | e5f115d2-3c65-4bc5-89db-b9f725ee81db | e5f115d2-3c65-4bc5-89db-b9f725ee81db |
| 6937aca3-96a9-4e42-b44e-cb791886c096 | None | None | | 2035d43a-0e81-4257-bd23-13af431b9f91 | 2035d43a-0e81-4257-bd23-13af431b9f91 |
| 722a4bc9-d361-4879-bc6d-84ea7fb158c2 | None | None | | None | 5b1b71d7-5e24-4011-82ca-0ddabfd32e8a |
| a4fff3b1-3839-4998-9637-dc3bc76544e9 | None | None | | None | e5f115d2-3c65-4bc5-89db-b9f725ee81db |
| bbab3d30-e181-4897-9d00-0f9bf2a94eda | None | None | | 5b1b71d7-5e24-4011-82ca-0ddabfd32e8a | 5b1b71d7-5e24-4011-82ca-0ddabfd32e8a |
| d54fab49-428f-4008-9d24-0fd27b77a6af | None | None | | None | e5f115d2-3c65-4bc5-89db-b9f725ee81db |
| ec14bdd5-93bd-42cf-a123-ac060e1144c1 | None | None | | 5b1b71d7-5e24-4011-82ca-0ddabfd32e8a | 5b1b71d7-5e24-4011-82ca-0ddabfd32e8a |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+--------------------------------------+
cirros镜像是这个:
[root@openstack1 ~]# openstack image list
+--------------------------------------+---------+--------+
| ID | Name | Status |
+--------------------------------------+---------+--------+
| 1452b721-66da-4780-8bc1-84a7077950f3 | Centos7 | active |
| 4737972b-31e8-4bef-9ad0-e542b271dbf7 | back | active |
| 867784df-9090-4ae0-ad25-564b941cc350 | cirros | active |
| 2b527304-8fe6-4582-8451-8feba9a86cfb | new1 | active |
+--------------------------------------+---------+--------+
根据以上信息,创建一个以cirros镜像为底层的实例:
openstack server create --flavor m1.nano --image cirros --nic net-id=6ef09648-5ce7-4eb6-9aa2-735cb81567d3 --security-group 2035d43a-0e81-4257-bd23-13af431b9f91 --key-name mykey cirros1创建一个浮动IP:
openstack floating ip create provider
####输出如下:
[root@openstack1 ~]# openstack floating ip create provider
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2023-02-10T05:57:56Z |
| description | |
| dns_domain | None |
| dns_name | None |
| fixed_ip_address | None |
| floating_ip_address | 192.168.123.179 |
| floating_network_id | 688a0356-4f2b-4029-b49e-a11bbdbedf0b |
| id | b41dc5e5-991d-4458-8686-a2a2fbc55a71 |
| name | 192.168.123.179 |
| port_details | None |
| port_id | None |
| project_id | 205ce8addd9444c893bd62244bcdae78 |
| qos_policy_id | None |
| revision_number | 0 |
| router_id | None |
| status | DOWN |
| subnet_id | None |
| tags | [] |
| updated_at | 2023-02-10T05:57:56Z |
+---------------------+--------------------------------------+
绑定浮动IP到实例:
openstack server add floating ip cirros1 192.168.123.164
此时,ssh可以利用这个浮动IP登陆(使用了公钥证书登陆):
[root@openstack1 ~]# ssh cirros@192.168.123.164
$
目前为止,其它的官网镜像并没有实例化组网成功,只有cirros可以,具体原因也不太清楚,主要是绑定的浮动IP找不到路由、
OK,openstack的网络感觉还是单独开一篇详细说说。
