实验环境:
OpenStack Queens社区版
1控制节点、1计算节点、1块存储节点
单网卡provider供应商网络模式
操作系统版本
[root@controller ~]# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core) [root@controller ~]# uname -sr Linux 4.16.3-1.el7.elrepo.x86_64
1.下载CentOS官方通用云镜像
执行环境变量(官网有说明)
[root@controller ~]# . admin-openrc
下载CentOS云镜像:
wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-1802.qcow2c
2.上传镜像到Glance
[root@controller ~]# openstack image create "CentOS7-image" \ --file CentOS-7-x86_64-GenericCloud-1802.qcow2c \ --disk-format qcow2 --container-format bare \ --public +------------------+------------------------------------------------------+| Field | Value |+------------------+------------------------------------------------------+| checksum | c5e362d0fb6e367ab16a5fbbed2ec1ce || container_format | bare || created_at | 2018-05-16T02:06:12Z || disk_format | qcow2 || file | /v2/images/de63a620-43da-4325-9ed5-cce8e74451f0/file || id | de63a620-43da-4325-9ed5-cce8e74451f0 || min_disk | 0 || min_ram | 0 || name | CentOS7-image || owner | 2059d5d40c6a4d4ea37e5a80aa46b891 || protected | False || schema | /v2/schemas/image || size | 394918400 || status | active || tags | || updated_at | 2018-05-16T02:06:26Z || virtual_size | None || visibility | public |+------------------+------------------------------------------------------+
查看上传的镜像
[root@controller ~]# openstack image list+--------------------------------------+---------------+--------+| ID | Name | Status | +--------------------------------------+---------------+--------+| de63a620-43da-4325-9ed5-cce8e74451f0 | CentOS7-image | active || d81e109c-acb0-4f65-b739-58b9595282e7 | cirros | active | +--------------------------------------+---------------+--------+
3.创建实例前的准备工作
要启动实例,必须至少指定flavor、镜像名称、网络、安全组、密钥和实例名称。
如果已经执行则跳过此项。
照搬官方文档:https://docs.openstack.org/install-guide/launch-instance.html#
创建供应商网络
在控制节点上,获取admin用户凭证以访问仅管理员的CLI命令:
[root@controller ~]# . admin-openrc1
[root@controller ~]# openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+| admin_state_up | UP || availability_zone_hints | || availability_zones | || created_at | 2018-04-22T09:49:19Z || description | || dns_domain | None || id | 1daecc49-121e-4bb2-b161-3fdb6f104434 || ipv4_address_scope | None || ipv6_address_scope | None || is_default | None || is_vlan_transparent | None || mtu | 1500 || name | provider || port_security_enabled | True || project_id | 2059d5d40c6a4d4ea37e5a80aa46b891 | | provider:network_type | flat || provider:physical_network | provider || provider:segmentation_id | None || qos_policy_id | None || revision_number | 4 | | router:external | External || segments | None || shared | True || status | ACTIVE || subnets | || tags | || updated_at | 2018-04-22T09:49:19Z | +---------------------------+--------------------------------------+
在网络上创建子网
[root@controller ~]# openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+| admin_state_up | UP || availability_zone_hints | || availability_zones | || created_at | 2018-04-22T09:49:19Z || description | || dns_domain | None || id | 1daecc49-121e-4bb2-b161-3fdb6f104434 || ipv4_address_scope | None || ipv6_address_scope | None || is_default | None || is_vlan_transparent | None || mtu | 1500 || name | provider || port_security_enabled | True || project_id | 2059d5d40c6a4d4ea37e5a80aa46b891 | | provider:network_type | flat || provider:physical_network | provider || provider:segmentation_id | None || qos_policy_id | None || revision_number | 4 | | router:external | External || segments | None || shared | True || status | ACTIVE || subnets | || tags | || updated_at | 2018-04-22T09:49:19Z | +---------------------------+--------------------------------------+
创建实例类型
[root@controller ~]# openstack flavor create --id 1 --vcpus 2 --ram 1024 --disk 10 m1.nano+----------------------------+---------+| Field | Value | +----------------------------+---------+| OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | disk | 10 | | id | 1 | | name | m1.nano | | os-flavor-access:is_public | True | | properties | | | ram | 1024 | | rxtx_factor | 1.0 | | swap | || vcpus | 2 | +----------------------------+---------+
生成秘钥对
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub testkey+-------------+-------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------+ | fingerprint | aa:e7:ee:6b:1d:c8:85:9f:11:d6:23:45:85:f2:aa:4a | | name | testkey | | user_id | 19ba7d00b87c4132b4fc0c6ee8555fef | +-------------+-------------------------------------------------+
添加安全组规则,允许对实例进行ping和ssh登录
[root@controller ~]# openstack security group rule create --proto icmp default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+| created_at | 2018-04-22T09:58:50Z || description | || direction | ingress || ether_type | IPv4 || id | 25873007-b5e0-48f8-9e5e-ae9251680bef || name | None || port_range_max | None || port_range_min | None || project_id | 07f75876b05945e0816b6e219ee6c9f7 || protocol | icmp || remote_group_id | None || remote_ip_prefix | 0.0.0.0/0 || revision_number | 0 || security_group_id | 5a0ff59e-01a4-4959-bf79-148d9ebff8d6 || updated_at | 2018-04-22T09:58:50Z | +-------------------+--------------------------------------+ [root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+| created_at | 2018-04-22T09:59:44Z || description | || direction | ingress || ether_type | IPv4 || id | 7c187ba7-0436-45e6-8fb6-4028ae23504d || name | None || port_range_max | 22 || port_range_min | 22 || project_id | 07f75876b05945e0816b6e219ee6c9f7 || protocol | tcp || remote_group_id | None || remote_ip_prefix | 0.0.0.0/0 || revision_number | 0 || security_group_id | 5a0ff59e-01a4-4959-bf79-148d9ebff8d6 || updated_at | 2018-04-22T09:59:44Z | +-------------------+--------------------------------------+
确认相关配置
[root@controller ~]# . demo-openrc
flavor实例类型
[root@controller ~]# openstack flavor list+----+---------+-----+------+-----------+-------+-----------+| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+---------+-----+------+-----------+-------+-----------+| 1 | m2.nano | 128 | 1 | 0 | 4 | True |
+----+---------+-----+------+-----------+-------+-----------+查看镜像
[root@controller ~]# openstack image list+--------------------------------------+-----------------+--------+| ID | Name | Status |
+--------------------------------------+-----------------+--------+| d81e109c-acb0-4f65-b739-58b9595282e7 | cirros | active |
+--------------------------------------+-----------------+--------+查看网络
[root@controller ~]# openstack network list+--------------------------------------+----------+----------------------------------| ID | Name | Subnets |
+--------------------------------------+----------+----------------------------------| 1daecc49-121e-4bb2-b161-3fdb6f104434 | provider | 0d276553-2cce-47a5-a57a-7f8997c7530c |
+--------------------------------------+----------+---------------------------------查看子网
[root@controller ~]# neutron subnet-listneutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+----------+----------------------------------+-----------------+------------------------------------------------------+| id | name | tenant_id | cidr | allocation_pools |
+--------------------------------------+----------+----------------------------------+-----------------+------------------------------------------------------+| 0d276553-2cce-47a5-a57a-7f8997c7530c | provider | 2059d5d40c6a4d4ea37e5a80aa46b891 | 192.168.92.0/24 | {"start": "192.168.92.100", "end": "192.168.92.110"} |
+--------------------------------------+----------+----------------------------------+-----------------+------------------------------------------------------+查看安全组
[root@controller ~]# openstack security group list+--------------------------------------+---------+------------------------+----------| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------| 0b8e6943-af2e-4b16-9f06-da3ceb17e105 | default | Default security group | 07f75876b05945e0816b6e219ee6c9f7 |
+--------------------------------------+---------+------------------------+----------查看安全组规则
[root@controller ~]# openstack security group rule list+--------------------------------------+-------------+-----------+------------+------| ID | IP Protocol | IP Range | Port Range | Remote Security Group | Security Group |
+--------------------------------------+-------------+-----------+------------+------| 001beda6-dc2f-4407-a76d-06bf8f883fd5 | None | None | | 0b8e6943-af2e-4b16-9f06-da3ceb17e105 | 0b8e6943-af2e-4b16-9f06-da3ceb17e105 |
| 216c5d37-651d-43db-b887-0f21907ce43b | None | None | | None | 0b8e6943-af2e-4b16-9f06-da3ceb17e105 |
| 3e4b2165-0cc9-40ab-9eb1-8a8cb6898e46 | None | None | | None | 0b8e6943-af2e-4b16-9f06-da3ceb17e105 |
| 9f42fee7-fe56-4700-8bc0-d25f19c9eca3 | None | None | | 0b8e6943-af2e-4b16-9f06-da3ceb17e105 | 0b8e6943-af2e-4b16-9f06-da3ceb17e105 |
| b5727d6d-f7ac-46ed-963b-32d42787cca9 | tcp | 0.0.0.0/0 | 22:22 | None | 0b8e6943-af2e-4b16-9f06-da3ceb17e105 |
| ce4f6edf-a59d-445c-ab8f-d396cb3178b6 | icmp | 0.0.0.0/0 | | None | 0b8e6943-af2e-4b16-9f06-da3ceb17e105 |+------------------------------+-------------+-----------+------------+------------+ 查看秘钥对
[root@controller ~]# openstack keypair list+---------+-------------------------------------------------+| Name | Fingerprint |
+---------+-------------------------------------------------+| testkey | aa:e7:ee:6b:1d:c8:85:9f:11:d6:23:45:85:f2:aa:4a |
+---------+-------------------------------------------------+4.使用上传的镜像创建实例
[root@controller ~]# . demo-openrc [root@controller ~]# openstack server create --flavor m1.nano --image CentOS7-image \ --nic net-id=1daecc49-121e-4bb2-b161-3fdb6f104434 --security-group default \ --key-name testkey centos7-cloudvm1 +-----------------------------+------------------------------------------------------+| Field | Value | +-----------------------------+------------------------------------------------------+| OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-STS:power_state | NOSTATE | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | None | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | | | adminPass | k9Bm4rZokooG | | config_drive | | | created | 2018-05-16T02:10:10Z | | flavor | m1.nano (1) | | hostId | | | id | 236d03f7-fa1b-4dde-818c-c37eb59a84cd | | image | CentOS7-image (de63a620-43da-4325-9ed5-cce8e74451f0) | | key_name | testkey | | name | centos7-cloudvm1 | | progress | 0 | | project_id | 07f75876b05945e0816b6e219ee6c9f7 | | properties | | | security_groups | name='0b8e6943-af2e-4b16-9f06-da3ceb17e105' | | status | BUILD | | updated | 2018-05-16T02:10:15Z | | user_id | 19ba7d00b87c4132b4fc0c6ee8555fef | | volumes_attached | |+-----------------------------+------------------------------------------------------ 查看实例状态,active说明正常: [root@controller ~]# openstack server list+--------------------------------------+-------------------+---------+---------------| ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+-------------------+---------+-------------------------+---------------+---------+| 236d03f7-fa1b-4dde-818c-c37eb59a84cd | centos7-cloudvm1 | ACTIVE | provider=192.168.92.103 | CentOS7-image | m1.nano || 2eed1b91-6f01-4808-acce-c1ec9cbe13e3 | provider-cirrosvm | SHUTOFF | provider=192.168.92.101 | cirros | m1.nano | +--------------------------------------+-------------------+---------+---------------
5. 使用SSH访问实例
在控制节点和远程主机ping实例IP地址,正常ping通:
[root@controller ~]# ping -c 4 192.168.92.103PING 192.168.92.103 (192.168.92.103) 56(84) bytes of data. 64 bytes from 192.168.92.103: icmp_seq=1 ttl=64 time=0.775 ms64 bytes from 192.168.92.103: icmp_seq=2 ttl=64 time=0.614 ms C:\Users\zwpos>ping 192.168.92.103正在 Ping 192.168.92.103 具有 32 字节的数据: 来自 192.168.92.103 的回复: 字节=32 时间<1ms TTL=64来自 192.168.92.103 的回复: 字节=32 时间<1ms TTL=64
从控制节点ssh登录访问实例,centos官方通用云镜像默认用户名为centos:
[root@controller ~]# ssh centos@192.168.92.103修改root密码: [centos@centos7-cloudvm1 ~]$ sudo su root [root@centos7-cloudvm1 centos]# passwd rootChanging password for user root. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: passwd: all authentication tokens updated successfully. 开启ssh远程密码登录: [root@centos7-cloudvm1 ~]# vi /etc/ssh/sshd_config63 PasswordAuthentication yes #去掉注释64 #PermitEmptyPasswords no65 #PasswordAuthentication no #增加注释
使用SSH远程登录虚拟机实例并测试网络连通性
Verify access to the provider physical network gateway: 验证对提供者物理网络网关的访问: [root@centos7-cloudvm1 ~]# ping -c 4 192.168.92.2PING 192.168.92.2 (192.168.92.2) 56(84) bytes of data.64 bytes from 192.168.92.2: icmp_seq=1 ttl=128 time=5.82 ms64 bytes from 192.168.92.2: icmp_seq=2 ttl=128 time=0.476 ms Verify access to the internet: 验证访问Internet: [root@centos7-cloudvm1 ~]# ping -c 4 openstack.orgPING openstack.org (162.242.140.107) 56(84) bytes of data.64 bytes from 162.242.140.107 (162.242.140.107): icmp_seq=1 ttl=128 time=292 ms64 bytes from 162.242.140.107 (162.242.140.107): icmp_seq=2 ttl=128 time=540 ms
建议看官方文档,大部分内容完全照搬官方文档。