OpenStack部署
- 11. 启动一个实例
- 11.1 获取凭证
- 11.2 创建虚拟网络
- 11.3 创建主机规格
- 11.4 生产环境的规格推荐
- 11.5 生成一个键值对
- 11.6 增加安全组规则
- 11.7 创建块设备存储
- 11.8 创建实例
- 12. 资源整理
- 12.1 用到的端口
- 12.2 openstack各组件常用命令
- 1. openstack命令
- 2. nova的常用命令
- 3. neutron常用命令
- 4. cinder命令
- 5. ceph命令
- 6. rabbitmq命令
- 7. 镜像相关
- 8. openstack各服务日志路径
- 9. 修改时间和时区
- 10. 查看各服务状态
11. 启动一个实例
11.1 获取凭证
[root@openstack ~]# source admin-openrc
11.2 创建虚拟网络
[root@node-251 openstack]# neutron net-create --shared --provider:physical_network provider --provider:network_type flat provider
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2023-06-09T01:52:19Z |
| description | |
| id | 98aa5cfc-f6e2-44f7-8186-fbb954b48385 |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1500 |
| name | provider |
| port_security_enabled | True |
| project_id | 2aaf4155b00749b0a333a039c17c131c |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | |
| revision_number | 2 |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | 2aaf4155b00749b0a333a039c17c131c |
| updated_at | 2023-06-09T01:52:19Z |
+---------------------------+--------------------------------------+
[root@node-251 openstack]# neutron subnet-create --name provider --allocation-pool start=192.168.71.100,end=192.168.71.110 --dns-nameserver 8.8.8.8 --gateway 192.168.71.1 provider 192.168.71.0/24
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Created a new subnet:
+-------------------+------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------+
| allocation_pools | {"start": "192.168.71.100", "end": "192.168.71.110"} |
| cidr | 192.168.71.0/24 |
| created_at | 2023-06-09T01:53:51Z |
| description | |
| dns_nameservers | 8.8.8.8 |
| enable_dhcp | True |
| gateway_ip | 192.168.71.1 |
| host_routes | |
| id | 01977b02-1650-41ae-9537-47a67bf33e46 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | provider |
| network_id | 98aa5cfc-f6e2-44f7-8186-fbb954b48385 |
| project_id | 2aaf4155b00749b0a333a039c17c131c |
| revision_number | 0 |
| service_types | |
| subnetpool_id | |
| tags | |
| tenant_id | 2aaf4155b00749b0a333a039c17c131c |
| updated_at | 2023-06-09T01:53:51Z |
+-------------------+------------------------------------------------------+
11.3 创建主机规格
[root@node-251 openstack]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| properties | |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
11.4 生产环境的规格推荐
openstack flavor create --vcpus 1 --ram 512 ecs.c1.nano
openstack flavor create --vcpus 1 --ram 1024 ecs.c1.tiny
openstack flavor create --vcpus 1 --ram 2048 ecs.c1.small
openstack flavor create --vcpus 1 --ram 4096 ecs.c1.medium
openstack flavor create --vcpus 1 --ram 8192 ecs.c1.large
openstack flavor create --vcpus 1 --ram 16384 ecs.c1.xlarge
openstack flavor create --vcpus 2 --ram 512 ecs.c2.nano
openstack flavor create --vcpus 2 --ram 1024 ecs.c2.tiny
openstack flavor create --vcpus 2 --ram 2048 ecs.c2.small
openstack flavor create --vcpus 2 --ram 4096 ecs.c2.medium
openstack flavor create --vcpus 2 --ram 8192 ecs.c2.large
openstack flavor create --vcpus 2 --ram 16384 ecs.c2.xlarge
openstack flavor create --vcpus 4 --ram 512 ecs.c4.nano
openstack flavor create --vcpus 4 --ram 1024 ecs.c4.tiny
openstack flavor create --vcpus 4 --ram 2048 ecs.c4.small
openstack flavor create --vcpus 4 --ram 4096 ecs.c4.medium
openstack flavor create --vcpus 4 --ram 8192 ecs.c4.large
openstack flavor create --vcpus 4 --ram 16384 ecs.c4.xlarge
openstack flavor create --vcpus 8 --ram 512 ecs.c8.nano
openstack flavor create --vcpus 8 --ram 1024 ecs.c8.tiny
openstack flavor create --vcpus 8 --ram 2048 ecs.c8.small
openstack flavor create --vcpus 8 --ram 4096 ecs.c8.medium
openstack flavor create --vcpus 8 --ram 8192 ecs.c8.large
openstack flavor create --vcpus 8 --ram 16384 ecs.c8.xlarge
11.5 生成一个键值对
[root@node-251 openstack]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 7c:b8:ca:bf:1f:fa:e1:6c:53:14:03:8d:3e:5e:26:b2 |
| name | mykey |
| user_id | 063ef7b979334fa5a86420952a141d32 |
+-------------+-------------------------------------------------+
验证公钥的添加
[root@node-251 openstack]# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 7c:b8:ca:bf:1f:fa:e1:6c:53:14:03:8d:3e:5e:26:b2 |
+-------+-------------------------------------------------+
如果没有密钥,可自行添加
ssh-keygen -q -N ""
11.6 增加安全组规则
默认情况下,default安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像,我们推荐至少允许ICMP (ping) 和安全shell(SSH)规则。
允许 ICMP (ping):
[root@node-251 openstack]# openstack security group rule create --proto icmp default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2023-06-09T01:58:43Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 1b664b63-aeef-4cc1-8897-b394905d90b2 |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 2aaf4155b00749b0a333a039c17c131c |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 9f721ed0-4351-4930-b89e-472b4207d8da |
| updated_at | 2023-06-09T01:58:43Z |
+-------------------+--------------------------------------+
允许安全 shell (SSH) 的访问:
[root@node-251 openstack]# openstack security group rule create --proto tcp --dst-port 22 default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2023-06-09T01:59:18Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 321d4f87-43cb-4d25-b7bc-c3547cb55c24 |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 2aaf4155b00749b0a333a039c17c131c |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 9f721ed0-4351-4930-b89e-472b4207d8da |
| updated_at | 2023-06-09T01:59:18Z |
+-------------------+--------------------------------------+
11.7 创建块设备存储
[root@node-251 openstack]# openstack volume create --size 1 volume1
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2023-06-09T01:59:58.000000 |
| description | None |
| encrypted | False |
| id | ee5dc1fd-1d1e-43d9-ac7d-548914e8ff22 |
| migration_status | None |
| multiattach | False |
| name | volume1 |
| properties | |
| replication_status | None |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| type | None |
| updated_at | None |
| user_id | 063ef7b979334fa5a86420952a141d32 |
+---------------------+--------------------------------------+
等待Status状态从creating变成available
[root@node-251 openstack]# openstack volume list
+--------------------------------------+---------+-----------+------+-------------+
| ID | Name | Status | Size | Attached to |
+--------------------------------------+---------+-----------+------+-------------+
| ee5dc1fd-1d1e-43d9-ac7d-548914e8ff22 | volume1 | available | 1 | |
+--------------------------------------+---------+-----------+------+-------------+
11.8 创建实例
列出可用类型
[root@node-251 openstack]# openstack flavor list
+----+---------+-----+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+---------+-----+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
+----+---------+-----+------+-----------+-------+-----------+
列出可用镜像
[root@node-251 openstack]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 45d98b6f-3f42-48dc-a0b3-cab7a27fb8d5 | cirros | active |
+--------------------------------------+--------+--------+
列出可用网络
[root@node-251 openstack]# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| 98aa5cfc-f6e2-44f7-8186-fbb954b48385 | provider | 01977b02-1650-41ae-9537-47a67bf33e46 |
+--------------------------------------+----------+--------------------------------------+
列出可用的安全组
[root@node-251 openstack]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| 9f721ed0-4351-4930-b89e-472b4207d8da | default | Default security group | 2aaf4155b00749b0a333a039c17c131c |
+--------------------------------------+---------+------------------------+----------------------------------+
根据上面查询出来的结果进行创建实例
[root@node-251 openstack]# openstack server create --flavor m1.nano --image cirros --nic net-id=98aa5cfc-f6e2-44f7-8186-fbb954b48385 --security-group default --key-name mykey provider-instance
+-------------------------------------+-----------------------------------------------+
| Field | Value |
+-------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | nPH2MrvZXX3w |
| config_drive | |
| created | 2023-06-09T02:24:31Z |
| flavor | m1.nano (0) |
| hostId | |
| id | 044043bb-1e8d-4fa2-855e-20b93c128c8c |
| image | cirros (45d98b6f-3f42-48dc-a0b3-cab7a27fb8d5) |
| key_name | mykey |
| name | provider-instance |
| progress | 0 |
| project_id | 2aaf4155b00749b0a333a039c17c131c |
| properties | |
| security_groups | name='9f721ed0-4351-4930-b89e-472b4207d8da' |
| status | BUILD |
| updated | 2023-06-09T02:24:31Z |
| user_id | 063ef7b979334fa5a86420952a141d32 |
| volumes_attached | |
+-------------------------------------+-----------------------------------------------+
检查实例的状态
[root@node-251 openstack]# openstack server list
+--------------------------------------+-------------------+--------+----------+--------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-------------------+--------+----------+--------+---------+
| 044043bb-1e8d-4fa2-855e-20b93c128c8c | provider-instance | ERROR | | cirros | m1.nano |
+--------------------------------------+-------------------+--------+----------+--------+---------+
附加卷到一个实例上
openstack server add volume provider-instance volume1
列出卷
[root@openstack ~]# openstack volume list
+--------------------------------------+--------------+--------+------+--------------------------------------------+
| ID | Display Name | Status | Size | Attached to |
+--------------------------------------+--------------+--------+------+--------------------------------------------+
| a1e8be72-a395-4a6f-8e07-856a57c39524 | volume1 | in-use | 1 | Attached to provider-instance on /dev/vdb |
+--------------------------------------+--------------+--------+------+--------------------------------------------+
获取你实例的VNC会话URL并从web浏览器访问它
[root@openstack ~]# openstack console url show provider-instance
+-------+------------------------------------------------------------------------------------------+
| Field | Value |
+-------+------------------------------------------------------------------------------------------+
| type | novnc |
| url | http://openstack.if010.com:6080/vnc_auto.html?token=5eeccb47-525c-4918-ac2a-3ad1e9f1f493 |
+-------+------------------------------------------------------------------------------------------+
由于笔者虚拟机比较卡,没有办法运行实例,后面有部分内容的贴图来自网络
12. 资源整理
12.1 用到的端口
# 远程访问服务
# sshd.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1220/sshd
tcp6 0 0 :::22 :::* LISTEN 1220/sshd
# 时间同步服务
# chronyd.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:123 0.0.0.0:* 1954/chronyd
udp 0 0 127.0.0.1:323 0.0.0.0:* 1954/chronyd
udp6 0 0 ::1:323 :::* 1954/chronyd
# 数据库服务
# mariadb.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 :::3306 :::* LISTEN 2368/mysqld
# 消息队列服务
# rabbitmq-server.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 3775/beam.smp(web)
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 3775/beam.smp
tcp6 0 0 :::5672 :::* LISTEN 3775/beam.smp
# 分布式内存服务
# memcached.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 6032/memcached
tcp6 0 0 ::1:11211 :::* LISTEN 6032/memcached
# 站点服务
# httpd.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 :::80 :::* LISTEN 7138/httpd(default)
tcp6 0 0 :::35357 :::* LISTEN 7138/httpd
tcp6 0 0 :::5000 :::* LISTEN 7138/httpd
# 镜像服务
# openstack-glance-api.service、openstack-glance-registry.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:9191 0.0.0.0:* LISTEN 10683/python2
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 10649/python2
# 计算服务
# openstack-nova-api.service、openstack-nova-consoleauth.service、openstack-nova-scheduler.service、openstack-nova-conductor.service、openstack-nova-novncproxy.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:6080 0.0.0.0:* LISTEN 28341/python2(vnc)
tcp 0 0 0.0.0.0:8774 0.0.0.0:* LISTEN 28337/python2
tcp 0 0 0.0.0.0:8775 0.0.0.0:* LISTEN 28337/python2
tcp6 0 0 :::8778 :::* LISTEN 14667/httpd
# 网络服务
# neutron-server.service、neutron-linuxbridge-agent.service、neutron-dhcp-agent.service、neutron-metadata-agent.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:9696 0.0.0.0:* LISTEN 10916/python2
# 存储服务
# openstack-cinder-api.service、openstack-cinder-scheduler.service、lvm2-lvmetad.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8776 0.0.0.0:* LISTEN 25496/python2
# 编排服务
# openstack-heat-api.service、openstack-heat-api-cfn.service、openstack-heat-engine.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 29142/python
tcp 0 0 0.0.0.0:8004 0.0.0.0:* LISTEN 29141/python
12.2 openstack各组件常用命令
1. openstack命令
- openstack-service restart #重启openstack服务
- openstack endpoint-list #查看openstack的端口
2. nova的常用命令
-
nova list #列举当前用户所有虚拟机
-
nova show ID #列举某个虚机的详细信息
-
nova delete ID #直接删除某个虚机
-
nova service-list #获取所有服务列表
-
nova image-list #获取镜像列表
-
nova flavor-list #列举所有可用的类型
-
nova volume-list #列举所有云硬盘
-
nova volume-show #显示指定云硬盘的详细信息
-
nova volume-create #创建云硬盘
-
nova volume-delete #删除云硬盘
-
nova volume-snapshot-create #创建云硬盘快照
-
nova volume-snapshot-delete #删除云硬盘快照
-
nova live-migration ID node #热迁移
-
nova migrate ID node #冷迁移
-
nova migration-list #列出迁移列表
-
nova get-vnc-console ID novnc #获取虚机的vnc地址
-
nova reset-state --active ID #标识主机状态
3. neutron常用命令
-
neutron agent-list #列举所有的agent
-
neutron agent-show ID #显示指定agent信息
-
neutron port-list #查看端口列表
-
neutron net-list #列出当前租户所有网络
-
neutron net-list --all-tenants #列出所有租户所有网络
-
neutron net-show ID #查看一个网络的详细信息
-
neutron net-delete ID #删除一个网络
-
ip netns #查看命名空间
-
ip netsn exec haproxy ip a #查看haproxy的ip
4. cinder命令
-
cinder list #列出所有的volumes
-
cinder service-list #列出所有的服务
-
cinder snapshot-list #列出所有的快照
-
cinder backup-list #列出所有备份
-
cinder type-list #列出所有volume类型
-
cinder show
-
cinder delete
5. ceph命令
-
ceph -s #查看osd状态
-
ceph osd tree #查看osd
-
ceph osd down osd.0 #终止osd.0
-
ceph osd rm 0 #删除osd.0
-
ceph health detail #查看集群健康状况
-
ceph auth list #获取权限列表
-
ceph auth caps client.lucy mon ‘allow r’ mds ‘allwo r, allow rw path=/lucy, allow rw path=/jerry_share’ osd ‘allow rw’ #修改clent.lucy用户权限
-
ceph auth get-key client.lucy #获取某个用户的key
-
systemctl status ceph-osd.target #重启osd服务
-
systemctl status ceph-osd@5.service #查看osd.5的状态
6. rabbitmq命令
-
rabbitmqctl cluster_status #查看消息队列集群状态
-
rabbitmqctl start_app #启动
-
rabbitmqctl stop_app #停止
-
rabbitmqctl reset #重置
-
rabbitmqctl list_queues #查看rabbitmq队列
-
systemctl status rabbitmq-service.service #查看rabbitmq的状态
7. 镜像相关
-
qemu-img convert -f qcow2 -0 raw Win10_1803_chinese_x64_glance.qcow2 Win10_1803_chinese_x64_glance.raw 镜像格式转换
-
openstack image create “name” --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public 上传镜像
-
/var/lib/glance/images 镜像上传后存放路径
8. openstack各服务日志路径
-
/var/log/keystone/keystone.log
-
/var/log/glance/…
-
/var/log/neutron/…
-
/var/log/nova/…
-
/var/log/cinder/…
-
/var/log/apache2/ #dashboard日志
-
/var/log/syslog
-
/var/log/messages
9. 修改时间和时区
-
timedatectl #显示各项当前时间
-
timedatectl list-timezones #显示系统所支持的时间区域
-
timedatectl set-timezone Asia/Shanghai #设置当前系统的时间区域
-
date -s “20190328 14:56:30” #修改时间
-
/etc/ntp.conf #ntp文件路径
-
hwclock -w #同步硬件时间
-
hwclock –r #查看时间
10. 查看各服务状态
-
crm status #查看高可用集群状态
-
systemctl | grep neutron #找出neutron的各个服务
-
systemctl | grep nova #找出nova的各个服务
-
systemctl | grep cinder #找出cinder 的各个服务
-
systemctl status …
-
rbd info volume/volume-ID #检索映射信息
-
rbd rm volume/volume-ID #删除
-
/etc/init.d/ceph status #查看ceph状态
-
/etc/init.d/network restart #重启网络服务
-
ethtool eth0 #查看网口设置
