@
前言
簡單建立雲主機例項只需要上傳一個測試映象、建立一張外網路卡、建立一個例項型別、修改安全組規則即可
注:這裡的兩條命令是為了解決 虛擬機器 環境下的 QEMU模擬器錯誤 導致雲主機無法使用的問題,舊版本先電v2.2不存在此問題,真實伺服器請忽略。
## 更改配置檔案並重啟 nova-compute 服務
[root@compute ~]# crudini --set /etc/nova/nova.conf libvirt virt_type qemu
[root@compute ~]# systemctl restart openstack-nova-compute
上傳centos映象
上傳一個centos映象,還可以設定最小啟動磁碟與記憶體等,可以參考文件
ages]# openstack image create --disk-format qcow2 --container-format bare --file ./CentOS_7.2_x86_64_XD.qcow2 centos
[root@controller images]# openstack image create --disk-format qcow2 --container-format bare --file ./CentOS_7.2_x86_64_XD.qcow2 centos
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ea197f4c679b8e1ce34c0aa70ae2a94a |
| container_format | bare |
| created_at | 2022-04-30T20:53:21Z |
| disk_format | qcow2 |
| file | /v2/images/2be3f0d5-2090-490c-8b91-84d96912e7c6/file |
| id | 2be3f0d5-2090-490c-8b91-84d96912e7c6 |
| min_disk | 0 |
| min_ram | 0 |
| name | centos |
| owner | 0635fff1ca6c42ab983e8a05d533eda3 |
| protected | False |
| schema | /v2/schemas/image |
| size | 400752640 |
| status | active |
| tags | |
| updated_at | 2022-04-30T20:53:23Z |
| virtual_size | None |
| visibility | shared |
+------------------+------------------------------------------------------+
建立例項
建立一個名為test0的例項
openstack flavor create --disk 10 --ram 1024 --vcpu 2 --id 99999 test0
[root@controller ~]# openstack flavor create --disk 10 --ram 1024 --vcpu 2 --id 99999 test0
+----------------------------+-------+
| Field | Value |
+----------------------------+-------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 10 |
| id | 99999 |
| name | test0 |
| os-flavor-access:is_public | True |
| properties | |
| ram | 1024 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 2 |
+----------------------------+-------+
建立外網路卡
注:若使用 虛擬機器 搭建,外部網路型別請選擇Flat;若使用 伺服器 搭建,外部網路型別請選擇VLAN;注意不要重複執行命令,二選一執行。
openstack network create --provider-network-type vlan --provider-physical-network provider network-vlan --provider-segment 200
[root@controller ~]# openstack network create --provider-network-type vlan --provider-physical-network provider ext-net --provider-segment 200
+---------------------------+-----------------------------------------------------------+
| Field | Value |
+---------------------------+-----------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-04-10T05:02:18Z |
| description | |
| dns_domain | None |
| id | cccedc78-027d-40e9-afbd-708154923ca6 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| location | cloud='', project.domain_id=, project.domain_name='000000',
project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',
zone= |
| mtu | 1500 |
| name | ext-net |
| port_security_enabled | True |
| project_id | 1776912d52a7444d8b2d09eb86e8d1d9 |
| provider:network_type | vlan |
| provider:physical_network | provider |
| provider:segmentation_id | 200 |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2022-04-10T05:02:18Z |
+---------------------------+-----------------------------------------------------------+
建立子網
openstack subnet create --network ext-net --allocation-pool start=10.60.3.10,end=10.60.3.200 --gateway 10.60.3.1 --subnet-range 10.60.3.0/24 ext-subnet
[root@controller ~]# openstack subnet list
[root@controller ~]# openstack subnet create --network ext-net --allocation-pool start=10.60.3.10,end=10.60.3.200 --gateway 10.60.3.1 --subnet-range 10.60.3.0/24 ext-subnet
+-------------------+------------------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------------------+
| allocation_pools | 10.60.3.10-10.60.3.200 |
| cidr | 10.60.3.0/24 |
| created_at | 2022-04-10T05:03:52Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.60.3.1 |
| host_routes | |
| id | 69c14fff-de95-440a-bc8e-fe9f43e4b424 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| location | cloud='', project.domain_id=, project.domain_name='000000',
project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',
zone= |
| name | ext-subnet |
| network_id | cccedc78-027d-40e9-afbd-708154923ca6 |
| prefix_length | None |
| project_id | 1776912d52a7444d8b2d09eb86e8d1d9 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-04-10T05:03:52Z |
+-------------------+------------------------------------------------------------------+
修改安全組規則
新增所有的udp、icmp、tcp的出入口
檢視安全組id
openstack security group list
[root@controller ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+ | |
| 712025d7-6aa6-40e4-9104-4df6706b6697 | default | Default security group | 0635fff1ca6c42ab983e8a05d533eda3 | |
+--------------------------------------+---------+------------------------+----------------------------------+
新增所有ifmp規則入口
openstack security group rule create --protocol icmp --ingress 712025d7-6aa6-40e4-9104-4df6706b6697
[root@controller ~]# openstack security group rule create --protocol icmp --ingress 712025d7-6aa6-40e4-9104-4df6706b6697
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2022-04-30T21:22:54Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 869e67e5-5571-4c03-a21c-715e3dd51a5c |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 0635fff1ca6c42ab983e8a05d533eda3 |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 712025d7-6aa6-40e4-9104-4df6706b6697 |
| updated_at | 2022-04-30T21:22:54Z |
+-------------------+--------------------------------------+
新增所有icmp規則出口
openstack security group rule create --protocol icmp --egress 712025d7-6aa6-40e4-9104-4df6706b6697
[root@controller ~]# openstack security group rule create --protocol icmp --egress 712025d7-6aa6-40e4-9104-4df6706b6697
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2022-04-30T21:27:42Z |
| description | |
| direction | egress |
| ether_type | IPv4 |
| id | ede63376-0eeb-4a6b-9dd9-f3a63418c85b |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 0635fff1ca6c42ab983e8a05d533eda3 |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 712025d7-6aa6-40e4-9104-4df6706b6697 |
| updated_at | 2022-04-30T21:27:42Z |
+-------------------+--------------------------------------+
新增所有udp規則入口
openstack security group rule create --protocol udp --ingress 712025d7-6aa6-40e4-9104-4df6706b6697
新增所有udp規則出口
openstack security group rule create --protocol udp --egress 712025d7-6aa6-40e4-9104-4df6706b6697
新增所有tcp規則入口
openstack security group rule create --protocol tcp --ingress 712025d7-6aa6-40e4-9104-4df6706b6697
新增所有tcp規則出口
openstack security group rule create --protocol tcp --egress 712025d7-6aa6-40e4-9104-4df6706b6697
檢視安全組規則
openstack security group rule list 712025d7-6aa6-40e4-9104-4df6706b6697
[root@controller ~]# openstack security group rule list 712025d7-6aa6-40e4-9104-4df6706b6697
+--------------------------------------+-------------+-----------+------------+-----------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group |
+--------------------------------------+-------------+-----------+------------+-----------------------+
| 869e67e5-5571-4c03-a21c-715e3dd51a5c | icmp | 0.0.0.0/0 | | None |
| 8a91bc8e-c9cd-4bf1-86ae-0c6d9eef67e7 | udp | 0.0.0.0/0 | | None |
| b525b93f-ffb6-4b84-be99-fdfd6f0fad75 | tcp | 0.0.0.0/0 | | None |
| dfea0691-0903-4cdf-b775-297eb6858f0d | udp | 0.0.0.0/0 | | None |
| ede63376-0eeb-4a6b-9dd9-f3a63418c85b | icmp | 0.0.0.0/0 | | None |
| f9371589-1b17-4e5b-9f8d-798055cdc662 | tcp | 0.0.0.0/0 | | None |
+--------------------------------------+-------------+-----------+------------+-----------------------+
建立雲主機例項
openstack server create --image centos --flavor test0 --network ext-net --security-group 712025d7-6aa6-40e4-9104-4df6706b6697 test
[root@controller ~]# openstack server create --image centos --flavor test0 --network ext-net --security-group 712025d7-6aa6-40e4-9104-4df6706b6697 test
+-------------------------------------+-----------------------------------------------+
| Field | Value |
+-------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | QPNdhd27eT9S |
| config_drive | |
| created | 2022-04-30T21:38:08Z |
| flavor | test0 (99999) |
| hostId | |
| id | 3a8870c8-411a-4674-b075-568dbf7f2bb1 |
| image | centos (cc01ec45-6683-4fe1-ab4b-d38ca295d3d0) |
| key_name | None |
| name | test |
| progress | 0 |
| project_id | 0635fff1ca6c42ab983e8a05d533eda3 |
| properties | |
| security_groups | name='712025d7-6aa6-40e4-9104-4df6706b6697' |
| status | BUILD |
| updated | 2022-04-30T21:38:08Z |
| user_id | 71b51689f3e94be4927ed7d96ef6925b |
| volumes_attached | |
+-------------------------------------+-----------------------------------------------+
檢視並測試
[root@controller ~]# openstack server list
+--------------------------------------+------------+--------+--------------------------------------------+--------+--------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+------------+--------+--------------------------------------------+--------+--------+
| 7ae48fd3-7ec7-4011-af07-1d75bc9578a4 | test | ACTIVE | ext-net=10.60.3.11 | centos | test10 |
+--------------------------------------+------------+--------+--------------------------------------------+--------+--------+
[root@controller ~]# ping 10.60.3.11
PING 10.60.3.11 (10.60.3.11) 56(84) bytes of data.
64 bytes from 10.60.3.11: icmp_seq=1 ttl=63 time=0.256 ms
64 bytes from 10.60.3.11: icmp_seq=2 ttl=63 time=0.279 ms
64 bytes from 10.60.3.11: icmp_seq=3 ttl=63 time=0.253 ms
64 bytes from 10.60.3.11: icmp_seq=4 ttl=63 time=0.242 ms
64 bytes from 10.60.3.11: icmp_seq=5 ttl=63 time=0.223 ms