一:OpenStack 基础应用和配置
1.1:创建 Openstack 实验网络(提供者网络)
1.1.1:导入 admin 凭证
]# source admin-ocata.sh1.1.2:创建提供者网络
- 内部网络 test-net(内部局域网):
[root@node101 ~]# openstack network create --share --external --provider-physical-network internal --provider-network-type flat test-net
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-11-16T03:45:42Z |
| description | |
| dns_domain | None |
| id | f2e6619e-c7dd-445c-91a6-024f34e37719 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| mtu | 1500 |
| name | test-net |
| port_security_enabled | True |
| project_id | acac1eb6c81540429c3323084bed23d9 |
| provider:network_type | flat |
| provider:physical_network | internal |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 4 |
| router:external | External |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | |
| updated_at | 2020-11-16T03:45:42Z |
+---------------------------+--------------------------------------+- 外部网络 external-net(可连接互联网):
[root@node101 ~]# openstack network create --share --external --provider-physical-network external --provider-network-type flat external-net
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-11-16T08:11:59Z |
| description | |
| dns_domain | None |
| id | 7356155c-9e74-463f-a93a-73f625640e8f |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| mtu | 1500 |
| name | external-net |
| port_security_enabled | True |
| project_id | acac1eb6c81540429c3323084bed23d9 |
| provider:network_type | flat |
| provider:physical_network | external |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 4 |
| router:external | External |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | |
| updated_at | 2020-11-16T08:11:59Z |
+---------------------------+--------------------------------------+1.1.3:在网络上创建子网
- 内部子网 test-sub:
[root@node101 ~]# openstack subnet create --network test-net \
--allocation-pool start=172.16.1.221,end=172.16.1.230 \
--dns-nameserver 172.16.1.253 --gateway 172.16.1.1 \
--subnet-range 172.16.1.0/24 test-sub
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 172.16.1.221-172.16.1.230 |
| cidr | 172.16.1.0/24 |
| created_at | 2020-11-16T03:47:44Z |
| description | |
| dns_nameservers | 172.16.1.253 |
| enable_dhcp | True |
| gateway_ip | 172.16.1.1 |
| host_routes | |
| id | c62894a0-602b-44d6-b31b-1b919eeb9742 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | test-sub |
| network_id | f2e6619e-c7dd-445c-91a6-024f34e37719 |
| project_id | acac1eb6c81540429c3323084bed23d9 |
| revision_number | 2 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| updated_at | 2020-11-16T03:47:44Z |
+-------------------+--------------------------------------+- 外部子网 external-sub:
[root@node101 ~]# openstack subnet create --network external-net \
--allocation-pool start=192.168.1.221,end=192.168.1.230 \
--dns-nameserver 192.168.1.254 --gateway 192.168.1.1 \
--subnet-range 192.168.1.0/24 external-sub
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 192.168.1.221-192.168.1.230 |
| cidr | 192.168.1.0/24 |
| created_at | 2020-11-16T08:36:48Z |
| description | |
| dns_nameservers | 192.168.1.254 |
| enable_dhcp | True |
| gateway_ip | 192.168.1.1 |
| host_routes | |
| id | 9c339f48-a067-4c3b-bc70-11cd33f162ec |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | external-sub |
| network_id | 7356155c-9e74-463f-a93a-73f625640e8f |
| project_id | acac1eb6c81540429c3323084bed23d9 |
| revision_number | 2 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| updated_at | 2020-11-16T08:36:48Z |
+-------------------+--------------------------------------+1.2:创建 Openstack 实验网络(自服务网络)
1.2.1:导入 demo 凭证
- 后续用 demo 用户做实验,所以创建 demo 用户的自服务网络
]# source demo-ocata.sh1.2.2:创建自服务网络
[root@node101 ~]# openstack network create self-net
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-11-16T15:32:47Z |
| description | |
| dns_domain | None |
| id | 5b845b84-5aa6-4b1b-b282-dc3694bdc82a |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| mtu | 1450 |
| name | self-net |
| port_security_enabled | True |
| project_id | 9a94f1a1e271459580613778bf7c3392 |
| provider:network_type | None |
| provider:physical_network | None |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 3 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| updated_at | 2020-11-16T15:32:47Z |
+---------------------------+--------------------------------------+1.2.3:在网络上创建子网
[root@node101 ~]# openstack subnet create --network self-net \
--dns-nameserver 192.168.1.254 \
--gateway 10.10.10.1 \
--subnet-range 10.10.10.0/24 self-sub
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 10.10.10.2-10.10.10.254 |
| cidr | 10.10.10.0/24 |
| created_at | 2020-11-16T15:34:01Z |
| description | |
| dns_nameservers | 192.168.1.254 |
| enable_dhcp | True |
| gateway_ip | 10.10.10.1 |
| host_routes | |
| id | ced26a73-966c-40c6-8cab-71e683143f34 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | self-sub |
| network_id | 5b845b84-5aa6-4b1b-b282-dc3694bdc82a |
| project_id | 9a94f1a1e271459580613778bf7c3392 |
| revision_number | 2 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| updated_at | 2020-11-16T15:34:01Z |
+-------------------+--------------------------------------+1.2.4:配置虚拟路由
创建虚拟路由器
- 创建名为 self-router 的虚拟路由器:
[root@node101 ~]# openstack router create self-router
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-11-16T15:34:24Z |
| description | |
| distributed | False |
| external_gateway_info | None |
| flavor_id | None |
| ha | False |
| id | 546d0023-3965-4a90-ae9f-a3aa58528eef |
| name | self-router |
| project_id | 9a94f1a1e271459580613778bf7c3392 |
| revision_number | None |
| routes | |
| status | ACTIVE |
| updated_at | 2020-11-16T15:34:24Z |
+-------------------------+--------------------------------------+添加自服务子网到虚拟路由器
[root@node101 ~]# neutron router-interface-add self-router self-sub
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Added interface d42758b4-8a0a-44d4-9ff4-3e09f382ab95 to router self-router.设置虚拟路由器网关
- 将虚拟路由器网关指向外部网络 external-net,以使自服务网络中的云主机可以连接互联网:
[root@node101 ~]# neutron router-gateway-set self-router external-net
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Set gateway for router self-router1.2.5:更改内核参数
- 需要将 openstack 创建的各虚拟网卡的 disable_ipv6 内核参数改为0:
[root@node101 ~]# sysctl -a |grep disable_ipv6
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.brq7356155c-9e.disable_ipv6 = 1
net.ipv6.conf.brq8536ca90-8e.disable_ipv6 = 1
net.ipv6.conf.brqf2e6619e-c7.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.eth0.disable_ipv6 = 0
net.ipv6.conf.eth1.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.tap1596f376-bf.disable_ipv6 = 1
net.ipv6.conf.tap66dd4658-78.disable_ipv6 = 1
net.ipv6.conf.tap734b43fc-d9.disable_ipv6 = 1
net.ipv6.conf.tap8eeb366d-ff.disable_ipv6 = 1
net.ipv6.conf.tapb0184bb2-28.disable_ipv6 = 1
net.ipv6.conf.vxlan-71.disable_ipv6 = 1
[root@node101 ~]# vim /etc/sysctl.conf
# openstack
net.ipv6.conf.brq7356155c-9e.disable_ipv6 = 0
net.ipv6.conf.brq8536ca90-8e.disable_ipv6 = 0
net.ipv6.conf.brqf2e6619e-c7.disable_ipv6 = 0
net.ipv6.conf.tap1596f376-bf.disable_ipv6 = 0
net.ipv6.conf.tap66dd4658-78.disable_ipv6 = 0
net.ipv6.conf.tap734b43fc-d9.disable_ipv6 = 0
net.ipv6.conf.tap8eeb366d-ff.disable_ipv6 = 0
net.ipv6.conf.tapb0184bb2-28.disable_ipv6 = 0
net.ipv6.conf.vxlan-71.disable_ipv6 = 0
[root@node101 ~]# sysctl -p1.2.6:验证网络
命令行验证
- 验证 openstack 网络:
[root@node101 ~]# openstack network list
+--------------------------------------+--------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+--------------+--------------------------------------+
| 5b845b84-5aa6-4b1b-b282-dc3694bdc82a | self-net | ced26a73-966c-40c6-8cab-71e683143f34 |
| 7356155c-9e74-463f-a93a-73f625640e8f | external-net | 9c339f48-a067-4c3b-bc70-11cd33f162ec |
| f2e6619e-c7dd-445c-91a6-024f34e37719 | test-net | c62894a0-602b-44d6-b31b-1b919eeb9742 |
+--------------------------------------+--------------+--------------------------------------+- 验证网络名称空间:
[root@node101 ~]# ip netns
qdhcp-7356155c-9e74-463f-a93a-73f625640e8f (id: 3)
qrouter-159858cb-9217-4459-9c0b-ff3c438bf168 (id: 2)
qdhcp-8536ca90-8e13-46a6-9d2d-0d4c73496c1a (id: 1)
qdhcp-f2e6619e-c7dd-445c-91a6-024f34e37719 (id: 0)- 查看虚拟路由器端口:
[root@node101 ~]# neutron router-port-list self-router
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------+
| d42758b4-8a0a-44d4-9ff4-3e09f382ab95 | | fa:16:3e:a3:d2:8b | {"subnet_id": "ced26a73-966c-40c6-8cab-71e683143f34", "ip_address": "10.10.10.1"} |
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------+- 验证网络:
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-RJiFcnHP-1613724670835)(…/…/…/999%20Reserve/Typora%20Images/2020111815341298.png)]
1.3:创建密钥对(demo项目)
1.3.1:导入 demo 项目凭证
[root@node101 ~]# source demo-ocata.sh1.3.2:生成key
[root@node101 ~]# ssh-keygen -q -N ""
Enter file in which to save the key (/root/.ssh/id_rsa):1.3.3:创建密钥对
- 上传刚刚创建的公钥,创建名为 demo-key 的密钥对:
[root@node101 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub demo-key
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 3e:39:7a:d1:43:ad:4c:4a:7b:19:5e:fe:bc:d3:27:86 |
| name | demo-key |
| user_id | 69e61c6f12594c768bb39efb4e865a9b |
+-------------+-------------------------------------------------+1.3.4:验证密钥对
命令行验证
[root@node101 ~]# openstack keypair list
+----------+-------------------------------------------------+
| Name | Fingerprint |
+----------+-------------------------------------------------+
| demo-key | 3e:39:7a:d1:43:ad:4c:4a:7b:19:5e:fe:bc:d3:27:86 |
+----------+-------------------------------------------------+web 端验证
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-8l6ga9A9-1613724670840)(…/…/…/999%20Reserve/Typora%20Images/2020111815345671.jpg)]
1.4:添加安全组规则(demo项目)
1.4.1:允许 ICMP(ping)
[root@node101 ~]# openstack security group rule create --proto icmp default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2020-11-16T04:00:44Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 35b5de13-9f36-4939-b269-6f1a7dd689b2 |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 9a94f1a1e271459580613778bf7c3392 |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 1 |
| security_group_id | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 |
| updated_at | 2020-11-16T04:00:44Z |
+-------------------+--------------------------------------+1.4.2:允许 SSH
[root@node101 ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2020-11-16T04:01:11Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 160f4b56-93ae-4b83-bb10-0af3a9bed33b |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 9a94f1a1e271459580613778bf7c3392 |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 1 |
| security_group_id | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 |
| updated_at | 2020-11-16T04:01:11Z |
+-------------------+--------------------------------------+1.4.3:验证安全组规则
命令行验证
[root@node101 ~]# openstack security group rule list
+--------------------------------------+-------------+-----------+------------+--------------------------------------+--------------------------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group | Security Group |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+--------------------------------------+
| 160f4b56-93ae-4b83-bb10-0af3a9bed33b | tcp | 0.0.0.0/0 | 22:22 | None | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 |
| 1a7f1188-d0eb-475a-aae6-74e6d25ffd2b | None | None | | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 |
| 35b5de13-9f36-4939-b269-6f1a7dd689b2 | icmp | 0.0.0.0/0 | | None | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 |
| 4bdf0034-cd26-4c46-a8d9-bbcc7f5ef3aa | None | None | | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 |
| a7063305-ab18-47fc-9e92-6a961a7d1dd9 | None | None | | None | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 |
| dbe0ac96-8b0a-4792-babb-f06d84941b88 | None | None | | None | 62d98b23-3efe-4b4f-8de1-2f62f1df9d55 |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+--------------------------------------+web端验证
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-J8WEdCKY-1613724670842)(…/…/…/999%20Reserve/Typora%20Images/20201118153530833.jpg)]
1.5:创建实例类型
1.5.1:导入 admin 凭证
- 创建虚拟机类型需要 admin 权限:
[root@node101 ~]# source admin-ocata.sh1.5.2:创建 flavor
- 创建名为1c-1g-10G 的虚拟机类型,指定 id 为 0,单核 cpu,内存 1024M,磁盘 10G:
[root@node101 ~]# openstack flavor create --id 0 --vcpus 1 --ram 1024 --disk 10 1c-1g-10G
+----------------------------+-----------+
| Field | Value |
+----------------------------+-----------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 10 |
| id | 0 |
| name | 1c-1g-10G |
| os-flavor-access:is_public | True |
| properties | |
| ram | 1024 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+-----------+- 创建名为 2c-2g-20G 的虚拟机类型,指定 id 为 1,双核 cpu,内存 2048M,磁盘 20G:
[root@node101 ~]# openstack flavor create --id 1 --vcpus 2 --ram 2048 --disk 20 2c-2g-20G
+----------------------------+-----------+
| Field | Value |
+----------------------------+-----------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 20 |
| id | 1 |
| name | 2c-2g-20G |
| os-flavor-access:is_public | True |
| properties | |
| ram | 2048 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 2 |
+----------------------------+-----------+1.5.3:验证实例类型
命令行验证
[root@node101 ~]# openstack flavor list
+--------------------------------------+-----------+------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+--------------------------------------+-----------+------+------+-----------+-------+-----------+
| 0cc027fe-58e7-4548-ac4e-2c8e3b8bbd36 | 1c-1g-10G | 1024 | 10 | 0 | 1 | True |
| 1 | 2c-2g-20G | 2048 | 20 | 0 | 2 | True |
+--------------------------------------+-----------+------+------+-----------+-------+-----------+
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
