Openstack之路(六)创建云主机实例
本文共 19908 字,大约阅读时间需要 66 分钟。
创建云主机流程
- 当访问Dashboard的时候,会显示一个登录页面,Dashboard会告诉你,想使用Openstack创建云主机?那你得先把你的账号密码交给我,我去Keystone上验证你的身份之后才能让你登录。
- Keystone接收到前端表单传过来的域,用户名,密码信息以后,到数据库查询,确认身份后将一个Token返回给该用户,让这个用户以后再进行操作的时候就不需要再提供账号密码,而是拿着Token来。
- Horizon拿到Token之后,找到创建云主机的按钮并点击,填写云主机相关配置信息。点击启动实例后,Horizon就带着三样东西(创建云主机请求、云主机配置相关信息、Keystone返回的Token)找到Nova-API。
- Horizon要创建云主机?你先得把你的Token交给我,我去Keystone上验证你的身份之后才给你创建云主机。
- Keystone一看Token发现这不就是我刚发的那个吗?但程序可没这么聪明,它还得乖乖查一次数据库,然后告诉Nova-API,这兄弟信得过,你就照它说的做吧。
- Nova-API把Horizon给的提供的云主机配置相关写到数据库(Nova-DB)。
- 数据库(Nova-DB)写完之后,会告诉Nova-API,哥,我已经把云主机配置相关信息写到我的数据库里啦。
- 把云主机配置相关信息写到数据库之后,Nova-API会往消息队列(RabbitMQ)里发送一条创建云主机的消息。告诉手下的小弟们,云主机配置相关信息已经放在数据库里了,你们给安排安排咯。
- Nova-Schedular时时观察着消息队列里的消息,当看到这条创建云主机的消息之后,就要干活咯。
- 要创建云主机,但它要看一看云主机都要什么配置,才好决定该把这事交给谁(Nova-Compute)去做,所以就去数据库去查看了
- 数据库收到请求之后,把要创建云主机的配置发给Nova-Schedular
- Nova-Schedular拿到云主机配置之后,使用调度算法决定了要让Nova-Compute去干这个事,然后往消息队列里面发一条消息,某某某Nova-Compute,就你了,给创建一台云主机,配置都在数据库里。
- Nova-Compute时时观察着消息队列里的消息,当看到这条让自己创建云主机的消息之后,就要去干活咯。
注意:本应该直接去数据库拿取配置信息,但因为Nova-Compute的特殊身份,Nova-Compute所在计算节点上全是云主机,万一有一台云主机被******从而控制计算节点,直接***是很危险的。所以不能让Nova-Compute知道数据库在什么地方 - Nova-Compute没办法去数据库取东西难道就不工作了吗?那可不行啊,他不知道去哪取,但Nova-Conductor知道啊,于是Nova-Compute往消息队列里发送一条消息,我要云主机的配置相关信息,Nova-Conductor您老人家帮我去取一下吧。
- Nova-Conductor时时观察着消息队列里的消息,当看到Nova-Conductor发的消息之后,就要去干活咯。
- Nova-Conductor告诉数据库我要查看某某云主机的配置信息。
- 数据库把云主机配置信息发送给Nova-Conductor。
- Nova-Conductor把云主机配置信息发到消息队列。
- Nova-Compute收到云主机配置信息。
- Nova-Compute读取云主机配置信息一看,立马就去执行创建云主机了。首先去请求Glance-API,告诉Glance-API我要某某某镜像,你给我吧。
- Glance-API可不鸟你,你是谁啊?你先得把你的Token交给我,我去Keystone上验证你的身份之后才给你镜像。Keystone一看Token,兄弟,没毛病,给他吧。
- Glance-API把镜像资源信息返回给Nova-Compute。
- Nova-Compute拿到镜像后,继续请求网络资源,首先去请求Neutron-Server,告诉Neutron-Server我要某某某网络资源,你给我吧。
- Neutron-Server可不鸟你,你是谁啊?你先得把你的Token交给我,我去Keystone上验证你的身份之后才给你网络。Keystone一看Token,兄弟,没毛病,给他吧。
- Neutron-Server把网络资源信息返回给Nova-Compute。
- Nova-Compute拿到网络后,继续请求存储资源,首先去请求Cinder-API,告诉Cinder-API我要多少多少云硬盘,你给我吧。
- Cinder-API可不鸟你,你是谁啊?你先得把你的Token交给我,我去Keystone上验证你的身份之后才给你网络。Keystone一看Token,兄弟,没毛病,给他吧。
- Cinder-API把存储资源信息返回给Nova-Compute。
- Nova-Compute拿到所有的资源后(镜像、网络、存储),其实Nova-Compute也没有创建云主机的能力,他把创建云主机的任务交给了Libvird,然后创建云主机(KVM/ZEN)
创建云主机网络
- 在控制节点上,加载admin凭证来获取管理员能执行的命令访问权限
[root@linux-node1 ~]# source admin-openrc
- 创建网络
[root@linux-node1 ~]# openstack network create --share --external \--provider-physical-network provider \--provider-network-type flat provider+---------------------------+--------------------------------------+| Field | Value |+---------------------------+--------------------------------------+| admin_state_up | UP || availability_zone_hints | || availability_zones | || created_at | 2018-01-22T06:05:17Z || description | || headers | || id | d8acc6f1-8aed-4f7c-a630-83225f592039 || ipv4_address_scope | None || ipv6_address_scope | None || mtu | 1500 || name | provider || port_security_enabled | True || project_id | 14055178975d417987c5a94f030c7acf || project_id | 14055178975d417987c5a94f030c7acf || provider:network_type | flat || provider:physical_network | provider || provider:segmentation_id | None || revision_number | 4 || router:external | External || shared | True || status | ACTIVE || subnets | || tags | [] || updated_at | 2018-01-22T06:05:18Z |+---------------------------+--------------------------------------+[root@linux-node1 ~]# neutron net-list+--------------------------------------+----------+---------+| id | name | subnets |+--------------------------------------+----------+---------+| d8acc6f1-8aed-4f7c-a630-83225f592039 | provider | |+--------------------------------------+----------+---------+
- 在网络上创建一个子网
[root@linux-node1 ~]# openstack subnet create --network provider \--allocation-pool start=192.168.56.100,end=192.168.56.200 \--dns-nameserver 192.168.56.2 --gateway 192.168.56.2 \--subnet-range 192.168.56.0/24 provider-subnet+-------------------+--------------------------------------+| Field | Value |+-------------------+--------------------------------------+| allocation_pools | 192.168.56.100-192.168.56.200 || cidr | 192.168.56.0/24 || created_at | 2018-01-22T06:13:27Z || description | || dns_nameservers | 192.168.56.2 || enable_dhcp | True || gateway_ip | 192.168.56.2 || headers | || host_routes | || id | 5ae96c6c-2295-4cef-8ce5-cc19f4596c90 || ip_version | 4 || ipv6_address_mode | None || ipv6_ra_mode | None || name | provider-subnet || network_id | d8acc6f1-8aed-4f7c-a630-83225f592039 || project_id | 14055178975d417987c5a94f030c7acf || project_id | 14055178975d417987c5a94f030c7acf || revision_number | 2 || service_types | [] || subnetpool_id | None || updated_at | 2018-01-22T06:13:27Z |+-------------------+--------------------------------------+[root@linux-node1 ~]# neutron subnet-list+--------------------------------------+-----------------+-----------------+-------------------------------------------+| id | name | cidr | allocation_pools |+--------------------------------------+-----------------+-----------------+-------------------------------------------+| 5ae96c6c-2295-4cef-8ce5-cc19f4596c90 | provider-subnet | 192.168.56.0/24 | {"start": "192.168.56.100", "end": || | | | "192.168.56.200"} |+--------------------------------------+-----------------+-----------------+-------------------------------------------+[root@linux-node1 ~]# neutron net-list+--------------------------------------+----------+------------------------------------------------------+| id | name | subnets |+--------------------------------------+----------+------------------------------------------------------+| d8acc6f1-8aed-4f7c-a630-83225f592039 | provider | 5ae96c6c-2295-4cef-8ce5-cc19f4596c90 192.168.56.0/24 |+--------------------------------------+----------+------------------------------------------------------+ 创建云主机类型
默认的最小规格的主机需要512MB内存,对于环境中计算节点内存不足4 GB的,我们推荐创建只需要64MB的keywa.com规格的主机。若单纯为了测试的目的,请使用keywa.com规格的主机来加载CirrOS镜像。
[root@linux-node1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 keywa.com+----------------------------+-----------+| Field | Value |+----------------------------+-----------+| OS-FLV-DISABLED:disabled | False || OS-FLV-EXT-DATA:ephemeral | 0 || disk | 1 || id | 0 || name | keywa.com || os-flavor-access:is_public | True || properties | || ram | 64 || rxtx_factor | 1.0 || swap | || vcpus | 1 |+----------------------------+-----------+
创建密钥
- 导入demo项目凭证
[root@linux-node1 ~]# source demo-openrc
- 生成和添加秘钥对
[root@linux-node1 ~]# ssh-keygen -q -N ""Enter file in which to save the key (/root/.ssh/id_rsa):[root@linux-node1 ~]# ls -l .ssh/total 8-rw------- 1 root root 1679 Jan 22 14:28 id_rsa-rw-r--r-- 1 root root 398 Jan 22 14:28 id_rsa.pub[root@linux-node1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey+-------------+-------------------------------------------------+| Field | Value |+-------------+-------------------------------------------------+| fingerprint | 6d:5f:c6:92:ac:5e:49:40:5c:3e:b4:14:9c:f9:59:8c || name | mykey || user_id | 48cd83bd3ce54b8ebece24680e8c8b0a |+-------------+-------------------------------------------------+
- 验证公钥的添加
[root@linux-node1 ~]# openstack keypair list+-------+-------------------------------------------------+| Name | Fingerprint |+-------+-------------------------------------------------+| mykey | 6d:5f:c6:92:ac:5e:49:40:5c:3e:b4:14:9c:f9:59:8c |+-------+-------------------------------------------------+
创建安全组规则
默认情况下,default安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像,我们推荐至少允许ICMP (ping))和安全Shell(SSH)规则。
- 允许ICMP请求
[root@linux-node1 ~]# openstack security group rule create --proto icmp default+-------------------+--------------------------------------+| Field | Value |+-------------------+--------------------------------------+| created_at | 2018-01-22T06:46:59Z || description | || direction | ingress || ethertype | IPv4 || headers | || id | 51ed729f-b268-4a99-b8a6-3a2ba0d31c77 || port_range_max | None || port_range_min | None || project_id | 8a788702c6ea46419bb85b4e4600e3c4 || project_id | 8a788702c6ea46419bb85b4e4600e3c4 || protocol | icmp || remote_group_id | None || remote_ip_prefix | 0.0.0.0/0 || revision_number | 1 || security_group_id | 20346c59-a0c4-4cc3-90be-f94c3581edab || updated_at | 2018-01-22T06:46:59Z |+-------------------+--------------------------------------+
- 允许安全Shell(SSH)的访问
[root@linux-node1 ~]# openstack security group rule create --proto tcp --dst-port 22 default+-------------------+--------------------------------------+| Field | Value |+-------------------+--------------------------------------+| created_at | 2018-01-22T06:49:46Z || description | || direction | ingress || ethertype | IPv4 || headers | || id | 950a1be7-6fd3-4c80-ba60-7f4f0b573771 || port_range_max | 22 || port_range_min | 22 || project_id | 8a788702c6ea46419bb85b4e4600e3c4 || project_id | 8a788702c6ea46419bb85b4e4600e3c4 || protocol | tcp || remote_group_id | None || remote_ip_prefix | 0.0.0.0/0 || revision_number | 1 || security_group_id | 20346c59-a0c4-4cc3-90be-f94c3581edab || updated_at | 2018-01-22T06:49:46Z |+-------------------+--------------------------------------+
启动云主机实例
启动一台实例,您必须至少指定一个类型、镜像名称、网络、安全组、密钥和实例名称。
- 在控制节点上,获得admin凭证来获取只有管理员能执行的命令的访问权限
[root@linux-node1 ~]# source demo-openrc
- 一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储
列出可用类型
[root@linux-node1 ~]# openstack flavor list+----+-----------+-----+------+-----------+-------+-----------+| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |+----+-----------+-----+------+-----------+-------+-----------+| 0 | keywa.com | 64 | 1 | 0 | 1 | True |+----+-----------+-----+------+-----------+-------+-----------+
列出可用镜像
[root@linux-node1 ~]# openstack image list+--------------------------------------+--------+--------+| ID | Name | Status |+--------------------------------------+--------+--------+| cd96090c-87ca-4eb3-b964-a7457639bc1e | cirros | active |+--------------------------------------+--------+--------+
列出可用网络
[root@linux-node1 ~]# openstack network list+--------------------------------------+----------+--------------------------------------+| ID | Name | Subnets |+--------------------------------------+----------+--------------------------------------+| d8acc6f1-8aed-4f7c-a630-83225f592039 | provider | 5ae96c6c-2295-4cef-8ce5-cc19f4596c90 |+--------------------------------------+----------+--------------------------------------+
列出可用的安全组
[root@linux-node1 ~]# openstack security group list+--------------------------------------+---------+------------------------+----------------------------------+| ID | Name | Description | Project |+--------------------------------------+---------+------------------------+----------------------------------+| 20346c59-a0c4-4cc3-90be-f94c3581edab | default | Default security group | 8a788702c6ea46419bb85b4e4600e3c4 |+--------------------------------------+---------+------------------------+----------------------------------+
- 启动实例
[root@linux-node1 ~]# openstack server create --flavor keywa.com --image cirros \--nic net-id=d8acc6f1-8aed-4f7c-a630-83225f592039 --security-group default \--key-name mykey demo-instance+--------------------------------------+-----------------------------------------------+| Field | Value |+--------------------------------------+-----------------------------------------------+| OS-DCF:diskConfig | MANUAL || OS-EXT-AZ:availability_zone | || OS-EXT-STS:power_state | NOSTATE || OS-EXT-STS:task_state | scheduling || OS-EXT-STS:vm_state | building || OS-SRV-USG:launched_at | None || OS-SRV-USG:terminated_at | None || accessIPv4 | || accessIPv6 | || addresses | || adminPass | MowXppdE5ayJ || config_drive | || created | 2018-01-22T07:13:02Z || flavor | keywa.com (0) || hostId | || id | 3b5f20c8-8b17-48a2-9b72-70cc74f6fc8f || image | cirros (cd96090c-87ca-4eb3-b964-a7457639bc1e) || key_name | mykey || name | demo-instance || os-extended-volumes:volumes_attached | [] || progress | 0 || project_id | 8a788702c6ea46419bb85b4e4600e3c4 || properties | || security_groups | [{u'name': u'default'}] || status | BUILD || updated | 2018-01-22T07:13:02Z || user_id | 48cd83bd3ce54b8ebece24680e8c8b0a |+--------------------------------------+-----------------------------------------------+ - 检查实例的状态,状态为ACTIVE那台虚拟机已经成功创建
[root@linux-node1 ~]# openstack server list+--------------------------------------+---------------+--------+-------------------------+------------+| ID | Name | Status | Networks | Image Name |+--------------------------------------+---------------+--------+-------------------------+------------+| 3b5f20c8-8b17-48a2-9b72-70cc74f6fc8f | demo-instance | ACTIVE | provider=192.168.56.110 | cirros |+--------------------------------------+---------------+--------+-------------------------+------------+
验证操作
- 使用SSH加密连接实例
[root@linux-node1 ~]# ssh cirros@192.168.56.110The authenticity of host '192.168.56.110 (192.168.56.110)' can't be established.RSA key fingerprint is 2f:58:9f:5e:da:c5:1f:46:43:e1:c4:64:da:ee:2e:e6.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '192.168.56.110' (RSA) to the list of known hosts.$
- 验证能否ping通公有网络的网关
$ ping -c 4 114.114.114.114PING 114.114.114.114 (114.114.114.114): 56 data bytes64 bytes from 114.114.114.114: seq=0 ttl=128 time=29.289 ms64 bytes from 114.114.114.114: seq=1 ttl=128 time=29.160 ms64 bytes from 114.114.114.114: seq=2 ttl=128 time=34.413 ms64 bytes from 114.114.114.114: seq=3 ttl=128 time=29.153 ms--- 114.114.114.114 ping statistics ---4 packets transmitted, 4 packets received, 0% packet lossround-trip min/avg/max = 29.153/30.503/34.413 ms
- 验证能否连接到互联网
$ ping -c 4 www.baidu.comPING www.baidu.com (14.215.177.39): 56 data bytes64 bytes from 14.215.177.39: seq=0 ttl=128 time=12.611 ms64 bytes from 14.215.177.39: seq=1 ttl=128 time=8.424 ms64 bytes from 14.215.177.39: seq=2 ttl=128 time=10.575 ms64 bytes from 14.215.177.39: seq=3 ttl=128 time=11.595 ms--- www.baidu.com ping statistics ---4 packets transmitted, 4 packets received, 0% packet lossround-trip min/avg/max = 8.424/10.801/12.611 ms
- 使用虚拟控制台访问实例
[root@linux-node1 ~]# openstack console url show demo-instance+-------+------------------------------------------------------------------------------------+| Field | Value |+-------+------------------------------------------------------------------------------------+| type | novnc || url | http://192.168.56.11:6080/vnc_auto.html?token=aff15e93-1ebe-49f3-877b-3213e6faa027 |+-------+------------------------------------------------------------------------------------+
- 浏览器访问192.168.56.11:6080/vnc_auto.html?token=aff15e93-1ebe-49f3-877b-3213e6faa027
转载于:https://blog.51cto.com/11097612/2063687
你可能感兴趣的文章
linux下载相关
查看>>
OC-socket使用介绍
查看>>
CCF NOI1154 大整数开方
查看>>
51Nod-1018 排序【排序】
查看>>
CCF NOI1024 因子个数
查看>>
POJ1700 Crossing River
查看>>
那些年薪百万的程序员“咸鱼翻身”没有透露的秘密
查看>>
python2.#与python3.#下tkinter 的simpledialog,messagebox
查看>>
何为.Net Remoting
查看>>
已经搞ACM半年多了没有当时的热情了,最近看了一点退役贴觉得是应该为自己写点什么了...
查看>>
利用图片对文件进行加密与解密
查看>>
《剑指Offer》题十一~题二十
查看>>
二分K-均值算法
查看>>
关于spring配置文件properties的问题
查看>>
linux-gfs2删除节点
查看>>
简单易懂的 Vue.js 基础知识 !
查看>>
10.7的作业
查看>>
Dom+2016/4/20
查看>>
android实现前置后置摄像头相互切换
查看>>
父子结构数据(id,pid)递归查询所有子id合集和父id合集
查看>>