检查
在进行实例的启动的时候,我们要先确认各个服务是否都启动了,可以通过下面的命令来看端口和服务是否启动
1、ps aux|grep python 2、netstat -lntup
检查镜像服务
[root@linux-node1 ~]# openstack image list ^L+--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 63d8947e-5224-40b6-92e5-8c939e75d45e | cirros | active | +--------------------------------------+--------+--------+
创建网络
[root@linux-node1 ~]# openstack network create --share --provider-physical-network public --provider-network-type flat public +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2017-01-02T21:19:16Z | | description | | | headers | | | id | 7f7b08e7-ea61-433f-bb3d-6195d893558e | | ipv4_address_scope | None | | ipv6_address_scope | None | | mtu | 1500 | | name | public | | port_security_enabled | True | | project_id | 7ae0fb7deb5342d885a07c2c890a1ff4 | | project_id | 7ae0fb7deb5342d885a07c2c890a1ff4 | | provider:network_type | flat | | provider:physical_network | public | | provider:segmentation_id | None | | revision_number | 3 | | router:external | Internal | | shared | True | | status | ACTIVE | | subnets | | | tags | [] | | updated_at | 2017-01-02T21:19:16Z | +---------------------------+--------------------------------------+
查看网络
[root@linux-node1 ~]# openstack network list +--------------------------------------+--------+---------+ | ID | Name | Subnets | +--------------------------------------+--------+---------+ | 7f7b08e7-ea61-433f-bb3d-6195d893558e | public | | +--------------------------------------+--------+---------+
创建子网
[root@linux-node1 ~]# openstack subnet create --network public --allocation-pool start=192.168.56.100,end=192.168.56.200 --dns-nameserver 192.168.56.2 --gateway 102.168.56.2 --subnet-range 192.168.56.0/24 public-subnet +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 192.168.56.100-192.168.56.200 | | cidr | 192.168.56.0/24 | | created_at | 2017-01-02T21:26:06Z | | description | | | dns_nameservers | 192.168.56.2 | | enable_dhcp | True | | gateway_ip | 102.168.56.2 | | headers | | | host_routes | | | id | 422abca4-ac78-400f-aa7c-2296c69a1643 | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | public-subnet | | network_id | 7f7b08e7-ea61-433f-bb3d-6195d893558e | | project_id | 7ae0fb7deb5342d885a07c2c890a1ff4 | | project_id | 7ae0fb7deb5342d885a07c2c890a1ff4 | | revision_number | 2 | | service_types | [] | | subnetpool_id | None | | updated_at | 2017-01-02T21:26:06Z | +-------------------+--------------------------------------+
子网检查
[root@linux-node1 ~]# neutron subnet-list +--------------------------------------+---------------+-----------------+------------------------------------------------------+ | id | name | cidr | allocation_pools | +--------------------------------------+---------------+-----------------+------------------------------------------------------+ | 422abca4-ac78-400f-aa7c-2296c69a1643 | public-subnet | 192.168.56.0/24 | {"start": "192.168.56.100", "end": "192.168.56.200"} | +--------------------------------------+---------------+-----------------+------------------------------------------------------+ [root@linux-node1 ~]# openstack subnet list +--------------------------------------+---------------+--------------------------------------+-----------------+ | ID | Name | Network | Subnet | +--------------------------------------+---------------+--------------------------------------+-----------------+ | 422abca4-ac78-400f-aa7c-2296c69a1643 | public-subnet | 7f7b08e7-ea61-433f-bb3d-6195d893558e | 192.168.56.0/24 | +--------------------------------------+---------------+--------------------------------------+-----------------+
创建虚拟类型、只能定义不能选
创建mi.nano类型
默认的最小规格的主机需要512 MB内存。对于环境中计算节点内存不足4 GB的,我们推荐创建只需要64 MB的``m1.nano``规格的主机。若单纯为了测试的目的,请使用``m1.nano``规格的主机来加载CirrOS镜像
[root@linux-node1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano +----------------------------+---------+ | Field | Value | +----------------------------+---------+ | OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | disk | 1 | | id | 0 | | name | m1.nano | | os-flavor-access:is_public | True | | properties | | | ram | 64 | | rxtx_factor | 1.0 | | swap | | | vcpus | 1 | +----------------------------+---------+
生成一个键值对
大部分云镜像支持 :term:`public key authentication`而不是传统的密码登陆。在启动实例前,你必须添加一个公共密钥到计算服务。
导入``demo``项目凭证
[root@linux-node1 ~]# . demo-openstack [root@linux-node1 ~]# cat demo-openstack export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=demo export OS_AUTH_URL=http://192.168.56.11:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
2. 生成和添加秘钥对:
[root@linux-node1 ~]# ssh-keygen -q -N "" Enter file in which to save the key (/root/.ssh/id_rsa): [root@linux-node1 ~]# [root@linux-node1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey +-------------+-------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------+ | fingerprint | e9:a3:e6:4c:97:73:12:25:ea:8e:39:ea:a0:d5:d2:e6 | | name | mykey | | user_id | f0c69bad72b54e0daef92c2295425932 | +-------------+-------------------------------------------------+
另外,你可以跳过执行 ssh-keygen
命令而使用已存在的公钥。
3. 验证公钥的添加
[root@linux-node1 ~]# openstack keypair list +-------+-------------------------------------------------+ | Name | Fingerprint | +-------+-------------------------------------------------+ | mykey | e9:a3:e6:4c:97:73:12:25:ea:8e:39:ea:a0:d5:d2:e6 | +-------+-------------------------------------------------+
增加安全组规则
默认情况下, ``default``安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像,我们推荐至少允许ICMP (ping) 和安全shell(SSH)规则。
添加规则到 default
安全组。
Permit ICMP (ping):
[root@linux-node1 ~]# openstack security group rule create --proto icmp default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2017-01-02T21:44:26Z | | description | | | direction | ingress | | ethertype | IPv4 | | headers | | | id | b4f7536d-86f1-491e-b167-069a09507e2b | | port_range_max | None | | port_range_min | None | | project_id | 9b913d25891849baa55b21d837e9b63d | | project_id | 9b913d25891849baa55b21d837e9b63d | | protocol | icmp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 1 | | security_group_id | be5584d7-7e14-4bc9-a74c-109f216b09c4 | | updated_at | 2017-01-02T21:44:26Z | +-------------------+--------------------------------------+
允许安全 shell (SSH) 的访问:
[root@linux-node1 ~]# openstack security group rule create --proto tcp --dst-port 22 default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2017-01-02T21:46:29Z | | description | | | direction | ingress | | ethertype | IPv4 | | headers | | | id | 4572dc39-6723-49f7-9556-c0f90ca7cc96 | | port_range_max | 22 | | port_range_min | 22 | | project_id | 9b913d25891849baa55b21d837e9b63d | | project_id | 9b913d25891849baa55b21d837e9b63d | | protocol | tcp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 1 | | security_group_id | be5584d7-7e14-4bc9-a74c-109f216b09c4 | | updated_at | 2017-01-02T21:46:29Z | +-------------------+--------------------------------------+ [root@linux-node1 ~]#
启动一个实例
如果选择网络选项1,你只能在公网创建实例。如果选择网络选项2,你可以在公网或私网创建实例。
确定实例选项
启动一台实例,您必须至少指定一个类型、镜像名称、网络、安全组、密钥和实例名称。
在控制节点上,获得 admin
凭证来获取只有管理员能执行的命令的访问权限:
root@linux-node1 ~]# . demo-openstack
2 .一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储。
列出可用类型:
[root@linux-node1 ~]# openstack flavor list +----+---------+-----+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+---------+-----+------+-----------+-------+-----------+ | 0 | m1.nano | 64 | 1 | 0 | 1 | True | +----+---------+-----+------+-----------+-------+-----------+
您也可以以 ID 引用类型。
3. 列出可用镜像:(这个实例使用``cirros``镜像。)
[root@linux-node1 ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 63d8947e-5224-40b6-92e5-8c939e75d45e | cirros | active | +--------------------------------------+--------+--------+
4.列出可用网络:
[root@linux-node1 ~]# openstack network list +--------------------------------------+--------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+--------+--------------------------------------+ | 7f7b08e7-ea61-433f-bb3d-6195d893558e | public | 422abca4-ac78-400f-aa7c-2296c69a1643 | +--------------------------------------+--------+--------------------------------------+
这个实例使用 ``provider``公有网络。 你必须使用ID而不是名称才可以使用这个网络。如果你选择选项2,输出信息应该也包含私网``selfservice``的信息。
5. 列出可用的安全组:
[root@linux-node1 ~]# openstack security group list +--------------------------------------+---------+------------------------+----------------------------------+ | ID | Name | Description | Project | +--------------------------------------+---------+------------------------+----------------------------------+ | be5584d7-7e14-4bc9-a74c-109f216b09c4 | default | Default security group | 9b913d25891849baa55b21d837e9
启动云主机
[root@linux-node1 ~]# openstack server create --flavor m1.nano --image cirros > --nic net-id=7f7b08e7-ea61-433f-bb3d-6195d893558e --security-group default > --key-name mykey demo-instance +--------------------------------------+-----------------------------------------------+ | Field | Value | +--------------------------------------+-----------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-STS:power_state | NOSTATE | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | None | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | | | adminPass | vLpymTa8sfzK | | config_drive | | | created | 2017-01-02T22:01:06Z | | flavor | m1.nano (0) | | hostId | | | id | f0778b83-e6f9-41f4-a514-dffe86aff6aa | | image | cirros (63d8947e-5224-40b6-92e5-8c939e75d45e) | | key_name | mykey | | name | demo-instance | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | project_id | 9b913d25891849baa55b21d837e9b63d | | properties | | | security_groups | [{u‘name‘: u‘default‘}] | | status | BUILD | | updated | 2017-01-02T22:01:07Z | | user_id | f0c69bad72b54e0daef92c2295425932 | +--------------------------------------+-----------------------------------------------+
检查实例状态
[root@linux-node1 ~]# openstack server list +--------------------------------------+---------------+--------+-----------------------+------------+ | ID | Name | Status | Networks | Image Name | +--------------------------------------+---------------+--------+-----------------------+------------+ | f0778b83-e6f9-41f4-a514-dffe86aff6aa | demo-instance | ACTIVE | public=192.168.56.104 | cirros | +--------------------------------------+---------------+--------+-----------------------+------------+
使用虚拟控制台访问实例
获取你势力的 Virtual Network Computing (VNC) 会话URL并从web浏览器访问它:
[root@linux-node1 ~]# openstack console url show demo-instance +-------+------------------------------------------------------------------------------------+ | Field | Value | +-------+------------------------------------------------------------------------------------+ | type | novnc | | url | http://192.168.56.11:6080/vnc_auto.html?token=c88bb128-97de-4a48-bb96-3f97023b3e6e | +-------+------------------------------------------------------------------------------------+
验证ping外网
这里出现一个小bug,ping不同外网,
本文出自 “圈中一鸟” 博客,谢绝转载!
原文地址:http://sgk2011.blog.51cto.com/1551358/1888696