创建云主机流程
- 当访问Dashboard的时候,会显示一个登录页面,Dashboard会告诉你,想使用Openstack创建云主机?那你得先把你的账号密码交给我,我去Keystone上验证你的身份之后才能让你登录。
- Keystone接收到前端表单传过来的域,用户名,密码信息以后,到数据库查询,确认身份后将一个Token返回给该用户,让这个用户以后再进行操作的时候就不需要再提供账号密码,而是拿着Token来。
- Horizon拿到Token之后,找到创建云主机的按钮并点击,填写云主机相关配置信息。点击启动实例后,Horizon就带着三样东西(创建云主机请求、云主机配置相关信息、Keystone返回的Token)找到Nova-API。
- Horizon要创建云主机?你先得把你的Token交给我,我去Keystone上验证你的身份之后才给你创建云主机。
- Keystone一看Token发现这不就是我刚发的那个吗?但程序可没这么聪明,它还得乖乖查一次数据库,然后告诉Nova-API,这兄弟信得过,你就照它说的做吧。
- Nova-API把Horizon给的提供的云主机配置相关写到数据库(Nova-DB)。
- 数据库(Nova-DB)写完之后,会告诉Nova-API,哥,我已经把云主机配置相关信息写到我的数据库里啦。
- 把云主机配置相关信息写到数据库之后,Nova-API会往消息队列(RabbitMQ)里发送一条创建云主机的消息。告诉手下的小弟们,云主机配置相关信息已经放在数据库里了,你们给安排安排咯。
- Nova-Schedular时时观察着消息队列里的消息,当看到这条创建云主机的消息之后,就要干活咯。
- 要创建云主机,但它要看一看云主机都要什么配置,才好决定该把这事交给谁(Nova-Compute)去做,所以就去数据库去查看了
- 数据库收到请求之后,把要创建云主机的配置发给Nova-Schedular
- Nova-Schedular拿到云主机配置之后,使用调度算法决定了要让Nova-Compute去干这个事,然后往消息队列里面发一条消息,某某某Nova-Compute,就你了,给创建一台云主机,配置都在数据库里。
- Nova-Compute时时观察着消息队列里的消息,当看到这条让自己创建云主机的消息之后,就要去干活咯。
注意:本应该直接去数据库拿取配置信息,但因为Nova-Compute的特殊身份,Nova-Compute所在计算节点上全是云主机,万一有一台云主机被******从而控制计算节点,直接***是很危险的。所以不能让Nova-Compute知道数据库在什么地方 - Nova-Compute没办法去数据库取东西难道就不工作了吗?那可不行啊,他不知道去哪取,但Nova-Conductor知道啊,于是Nova-Compute往消息队列里发送一条消息,我要云主机的配置相关信息,Nova-Conductor您老人家帮我去取一下吧。
- Nova-Conductor时时观察着消息队列里的消息,当看到Nova-Conductor发的消息之后,就要去干活咯。
- Nova-Conductor告诉数据库我要查看某某云主机的配置信息。
- 数据库把云主机配置信息发送给Nova-Conductor。
- Nova-Conductor把云主机配置信息发到消息队列。
- Nova-Compute收到云主机配置信息。
- Nova-Compute读取云主机配置信息一看,立马就去执行创建云主机了。首先去请求Glance-API,告诉Glance-API我要某某某镜像,你给我吧。
- Glance-API可不鸟你,你是谁啊?你先得把你的Token交给我,我去Keystone上验证你的身份之后才给你镜像。Keystone一看Token,兄弟,没毛病,给他吧。
- Glance-API把镜像资源信息返回给Nova-Compute。
- Nova-Compute拿到镜像后,继续请求网络资源,首先去请求Neutron-Server,告诉Neutron-Server我要某某某网络资源,你给我吧。
- Neutron-Server可不鸟你,你是谁啊?你先得把你的Token交给我,我去Keystone上验证你的身份之后才给你网络。Keystone一看Token,兄弟,没毛病,给他吧。
- Neutron-Server把网络资源信息返回给Nova-Compute。
- Nova-Compute拿到网络后,继续请求存储资源,首先去请求Cinder-API,告诉Cinder-API我要多少多少云硬盘,你给我吧。
- Cinder-API可不鸟你,你是谁啊?你先得把你的Token交给我,我去Keystone上验证你的身份之后才给你网络。Keystone一看Token,兄弟,没毛病,给他吧。
- Cinder-API把存储资源信息返回给Nova-Compute。
- Nova-Compute拿到所有的资源后(镜像、网络、存储),其实Nova-Compute也没有创建云主机的能力,他把创建云主机的任务交给了Libvird,然后创建云主机(KVM/ZEN)
创建云主机网络
- 在控制节点上,加载admin凭证来获取管理员能执行的命令访问权限
[root@linux-node1 ~]# source admin-openrc- 创建网络
-
[root@linux-node1 ~]# openstack network create --share --external \
-
--provider-physical-network provider \
-
--provider-network-type flat provider
-
+---------------------------+--------------------------------------+
-
| Field | Value |
-
+---------------------------+--------------------------------------+
-
| admin_state_up | UP |
-
| availability_zone_hints | |
-
| availability_zones | |
-
| created_at | 2018-01-22T06:05:17Z |
-
| description | |
-
| headers | |
-
| id | d8acc6f1-8aed-4f7c-a630-83225f592039 |
-
| ipv4_address_scope | None |
-
| ipv6_address_scope | None |
-
| mtu | 1500 |
-
| name | provider |
-
| port_security_enabled | True |
-
| project_id | 14055178975d417987c5a94f030c7acf |
-
| project_id | 14055178975d417987c5a94f030c7acf |
-
| provider:network_type | flat |
-
| provider:physical_network | provider |
-
| provider:segmentation_id | None |
-
| revision_number | 4 |
-
| router:external | External |
-
| shared | True |
-
| status | ACTIVE |
-
| subnets | |
-
| tags | [] |
-
| updated_at | 2018-01-22T06:05:18Z |
-
+---------------------------+--------------------------------------+
-
-
[root@linux-node1 ~]# neutron net-list
-
+--------------------------------------+----------+---------+
-
| id | name | subnets |
-
+--------------------------------------+----------+---------+
-
| d8acc6f1-8aed-4f7c-a630-83225f592039 | provider | |
-
+--------------------------------------+----------+---------+
- 在网络上创建一个子网
-
[root@linux-node1 ~]# openstack subnet create --network provider \
-
--allocation-pool start=192.168.56.100,end=192.168.56.200 \
-
--dns-nameserver 192.168.56.2 --gateway 192.168.56.2 \
-
--subnet-range 192.168.56.0/24 provider-subnet
-
+-------------------+--------------------------------------+
-
| Field | Value |
-
+-------------------+--------------------------------------+
-
| allocation_pools | 192.168.56.100-192.168.56.200 |
-
| cidr | 192.168.56.0/24 |
-
| created_at | 2018-01-22T06:13:27Z |
-
| description | |
-
| dns_nameservers | 192.168.56.2 |
-
| enable_dhcp | True |
-
| gateway_ip | 192.168.56.2 |
-
| headers | |
-
| host_routes | |
-
| id | 5ae96c6c-2295-4cef-8ce5-cc19f4596c90 |
-
| ip_version | 4 |
-
| ipv6_address_mode | None |
-
| ipv6_ra_mode | None |
-
| name | provider-subnet |
-
| network_id | d8acc6f1-8aed-4f7c-a630-83225f592039 |
-
| project_id | 14055178975d417987c5a94f030c7acf |
-
| project_id | 14055178975d417987c5a94f030c7acf |
-
| revision_number | 2 |
-
| service_types | [] |
-
| subnetpool_id | None |
-
| updated_at | 2018-01-22T06:13:27Z |
-
+-------------------+--------------------------------------+
-
-
[root@linux-node1 ~]# neutron subnet-list
-
+--------------------------------------+-----------------+-----------------+-------------------------------------------+
-
| id | name | cidr | allocation_pools |
-
+--------------------------------------+-----------------+-----------------+-------------------------------------------+
-
| 5ae96c6c-2295-4cef-8ce5-cc19f4596c90 | provider-subnet | 192.168.56.0/24 | {"start": "192.168.56.100", "end": |
-
| | | | "192.168.56.200"} |
-
+--------------------------------------+-----------------+-----------------+-------------------------------------------+
-
-
[root@linux-node1 ~]# neutron net-list
-
+--------------------------------------+----------+------------------------------------------------------+
-
| id | name | subnets |
-
+--------------------------------------+----------+------------------------------------------------------+
-
| d8acc6f1-8aed-4f7c-a630-83225f592039 | provider | 5ae96c6c-2295-4cef-8ce5-cc19f4596c90 192.168.56.0/24 |
-
+--------------------------------------+----------+------------------------------------------------------+
创建云主机类型
默认的最小规格的主机需要512MB内存,对于环境中计算节点内存不足4 GB的,我们推荐创建只需要64MB的规格的主机。若单纯为了测试的目的,请使用规格的主机来加载CirrOS镜像。
-
[root@linux-node1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1
-
+----------------------------+-----------+
-
| Field | Value |
-
+----------------------------+-----------+
-
| OS-FLV-DISABLED:disabled | False |
-
| OS-FLV-EXT-DATA:ephemeral | 0 |
-
| disk | 1 |
-
| id | 0 |
-
| name | |
-
| os-flavor-access:is_public | True |
-
| properties | |
-
| ram | 64 |
-
| rxtx_factor | 1.0 |
-
| swap | |
-
| vcpus | 1 |
-
+----------------------------+-----------+
创建密钥
- 导入demo项目凭证
[root@linux-node1 ~]# source demo-openrc- 生成和添加秘钥对
-
[root@linux-node1 ~]# ssh-keygen -q -N ""
-
Enter file in which to save the key (/root/.ssh/id_rsa):
-
[root@linux-node1 ~]# ls -l .ssh/
-
total 8
-
-rw------- 1 root root 1679 Jan 22 14:28 id_rsa
-
-rw-r--r-- 1 root root 398 Jan 22 14:28 id_rsa.pub
-
[root@linux-node1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
-
+-------------+-------------------------------------------------+
-
| Field | Value |
-
+-------------+-------------------------------------------------+
-
| fingerprint | 6d:5f:c6:92:ac:5e:49:40:5c:3e:b4:14:9c:f9:59:8c |
-
| name | mykey |
-
| user_id | 48cd83bd3ce54b8ebece24680e8c8b0a |
-
+-------------+-------------------------------------------------+
- 验证公钥的添加
-
[root@linux-node1 ~]# openstack keypair list
-
+-------+-------------------------------------------------+
-
| Name | Fingerprint |
-
+-------+-------------------------------------------------+
-
| mykey | 6d:5f:c6:92:ac:5e:49:40:5c:3e:b4:14:9c:f9:59:8c |
-
+-------+-------------------------------------------------+
创建安全组规则
默认情况下,default安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像,我们推荐至少允许ICMP (ping))和安全Shell(SSH)规则。
- 允许ICMP请求
-
[root@linux-node1 ~]# openstack security group rule create --proto icmp default
-
+-------------------+--------------------------------------+
-
| Field | Value |
-
+-------------------+--------------------------------------+
-
| created_at | 2018-01-22T06:46:59Z |
-
| description | |
-
| direction | ingress |
-
| ethertype | IPv4 |
-
| headers | |
-
| id | 51ed729f-b268-4a99-b8a6-3a2ba0d31c77 |
-
| port_range_max | None |
-
| port_range_min | None |
-
| project_id | 8a788702c6ea46419bb85b4e4600e3c4 |
-
| project_id | 8a788702c6ea46419bb85b4e4600e3c4 |
-
| protocol | icmp |
-
| remote_group_id | None |
-
| remote_ip_prefix | 0.0.0.0/0 |
-
| revision_number | 1 |
-
| security_group_id | 20346c59-a0c4-4cc3-90be-f94c3581edab |
-
| updated_at | 2018-01-22T06:46:59Z |
-
+-------------------+--------------------------------------+
- 允许安全Shell(SSH)的访问
-
[root@linux-node1 ~]# openstack security group rule create --proto tcp --dst-port 22 default
-
+-------------------+--------------------------------------+
-
| Field | Value |
-
+-------------------+--------------------------------------+
-
| created_at | 2018-01-22T06:49:46Z |
-
| description | |
-
| direction | ingress |
-
| ethertype | IPv4 |
-
| headers | |
-
| id | 950a1be7-6fd3-4c80-ba60-7f4f0b573771 |
-
| port_range_max | 22 |
-
| port_range_min | 22 |
-
| project_id | 8a788702c6ea46419bb85b4e4600e3c4 |
-
| project_id | 8a788702c6ea46419bb85b4e4600e3c4 |
-
| protocol | tcp |
-
| remote_group_id | None |
-
| remote_ip_prefix | 0.0.0.0/0 |
-
| revision_number | 1 |
-
| security_group_id | 20346c59-a0c4-4cc3-90be-f94c3581edab |
-
| updated_at | 2018-01-22T06:49:46Z |
-
+-------------------+--------------------------------------+
启动云主机实例
启动一台实例,您必须至少指定一个类型、镜像名称、网络、安全组、密钥和实例名称。
- 在控制节点上,获得admin凭证来获取只有管理员能执行的命令的访问权限
[root@linux-node1 ~]# source demo-openrc- 一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储
列出可用类型
-
[root@linux-node1 ~]# openstack flavor list
-
+----+-----------+-----+------+-----------+-------+-----------+
-
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
-
+----+-----------+-----+------+-----------+-------+-----------+
-
| 0 | | 64 | 1 | 0 | 1 | True |
-
+----+-----------+-----+------+-----------+-------+-----------+
列出可用镜像
-
[root@linux-node1 ~]# openstack image list
-
+--------------------------------------+--------+--------+
-
| ID | Name | Status |
-
+--------------------------------------+--------+--------+
-
| cd96090c-87ca-4eb3-b964-a7457639bc1e | cirros | active |
-
+--------------------------------------+--------+--------+
列出可用网络
-
[root@linux-node1 ~]# openstack network list
-
+--------------------------------------+----------+--------------------------------------+
-
| ID | Name | Subnets |
-
+--------------------------------------+----------+--------------------------------------+
-
| d8acc6f1-8aed-4f7c-a630-83225f592039 | provider | 5ae96c6c-2295-4cef-8ce5-cc19f4596c90 |
-
+--------------------------------------+----------+--------------------------------------+
列出可用的安全组
-
[root@linux-node1 ~]# openstack security group list
-
+--------------------------------------+---------+------------------------+----------------------------------+
-
| ID | Name | Description | Project |
-
+--------------------------------------+---------+------------------------+----------------------------------+
-
| 20346c59-a0c4-4cc3-90be-f94c3581edab | default | Default security group | 8a788702c6ea46419bb85b4e4600e3c4 |
-
+--------------------------------------+---------+------------------------+----------------------------------+
- 启动实例
-
[root@linux-node1 ~]# openstack server create --flavor --image cirros \
-
--nic net-id=d8acc6f1-8aed-4f7c-a630-83225f592039 --security-group default \
-
--key-name mykey demo-instance
-
+--------------------------------------+-----------------------------------------------+
-
| Field | Value |
-
+--------------------------------------+-----------------------------------------------+
-
| OS-DCF:diskConfig | MANUAL |
-
| OS-EXT-AZ:availability_zone | |
-
| OS-EXT-STS:power_state | NOSTATE |
-
| OS-EXT-STS:task_state | scheduling |
-
| OS-EXT-STS:vm_state | building |
-
| OS-SRV-USG:launched_at | None |
-
| OS-SRV-USG:terminated_at | None |
-
| accessIPv4 | |
-
| accessIPv6 | |
-
| addresses | |
-
| adminPass | MowXppdE5ayJ |
-
| config_drive | |
-
| created | 2018-01-22T07:13:02Z |
-
| flavor | (0) |
-
| hostId | |
-
| id | 3b5f20c8-8b17-48a2-9b72-70cc74f6fc8f |
-
| image | cirros (cd96090c-87ca-4eb3-b964-a7457639bc1e) |
-
| key_name | mykey |
-
| name | demo-instance |
-
| os-extended-volumes:volumes_attached | [] |
-
| progress | 0 |
-
| project_id | 8a788702c6ea46419bb85b4e4600e3c4 |
-
| properties | |
-
| security_groups | [{u'name': u'default'}] |
-
| status | BUILD |
-
| updated | 2018-01-22T07:13:02Z |
-
| user_id | 48cd83bd3ce54b8ebece24680e8c8b0a |
-
+--------------------------------------+-----------------------------------------------+
- 检查实例的状态,状态为ACTIVE那台虚拟机已经成功创建
-
[root@linux-node1 ~]# openstack server list
-
+--------------------------------------+---------------+--------+-------------------------+------------+
-
| ID | Name | Status | Networks | Image Name |
-
+--------------------------------------+---------------+--------+-------------------------+------------+
-
| 3b5f20c8-8b17-48a2-9b72-70cc74f6fc8f | demo-instance | ACTIVE | provider=192.168.56.110 | cirros |
-
+--------------------------------------+---------------+--------+-------------------------+------------+
验证操作
- 使用SSH加密连接实例
-
[root@linux-node1 ~]# ssh cirros@192.168.56.110
-
The authenticity of host '192.168.56.110 (192.168.56.110)' can't be established.
-
RSA key fingerprint is 2f:58:9f:5e:da:c5:1f:46:43:e1:c4:64:da:ee:2e:e6.
-
Are you sure you want to continue connecting (yes/no)? yes
-
Warning: Permanently added '192.168.56.110' (RSA) to the list of known hosts.
-
$
- 验证能否ping通公有网络的网关
-
$ ping -c 4 114.114.114.114
-
PING 114.114.114.114 (114.114.114.114): 56 data bytes
-
64 bytes from 114.114.114.114: seq=0 ttl=128 time=29.289 ms
-
64 bytes from 114.114.114.114: seq=1 ttl=128 time=29.160 ms
-
64 bytes from 114.114.114.114: seq=2 ttl=128 time=34.413 ms
-
64 bytes from 114.114.114.114: seq=3 ttl=128 time=29.153 ms
-
-
--- 114.114.114.114 ping statistics ---
-
4 packets transmitted, 4 packets received, 0% packet loss
-
round-trip min/avg/max = 29.153/30.503/34.413 ms
- 验证能否连接到互联网
-
$ ping -c 4
-
PING (14.215.177.39): 56 data bytes
-
64 bytes from 14.215.177.39: seq=0 ttl=128 time=12.611 ms
-
64 bytes from 14.215.177.39: seq=1 ttl=128 time=8.424 ms
-
64 bytes from 14.215.177.39: seq=2 ttl=128 time=10.575 ms
-
64 bytes from 14.215.177.39: seq=3 ttl=128 time=11.595 ms
-
-
--- ping statistics ---
-
4 packets transmitted, 4 packets received, 0% packet loss
-
round-trip min/avg/max = 8.424/10.801/12.611 ms
- 使用虚拟控制台访问实例
-
[root@linux-node1 ~]# openstack console url show demo-instance
-
+-------+------------------------------------------------------------------------------------+
-
| Field | Value |
-
+-------+------------------------------------------------------------------------------------+
-
| type | novnc |
-
| url | http://192.168.56.11:6080/vnc_auto.html?token=aff15e93-1ebe-49f3-877b-3213e6faa027 |
-
+-------+------------------------------------------------------------------------------------+
- 浏览器访问192.168.56.11:6080/vnc_auto.html?token=aff15e93-1ebe-49f3-877b-3213e6faa027
