OpenStack三个节点icehouse-gre模式部署一文部署了一套OpenStack环境,接下来使用命令测试一遍。
首先要明确几个概念:
外网:可分配floating ip绑定到虚拟机,外部就可以访问虚拟机。
虚拟网络(内部网络,私有网络):虚拟机的虚拟网卡所在的私有网络。
子网:用户创建的每个网络至少要有一个子网(也可以有多个子网)
路由:用户创建的每个网络至少有一个路由,该路由的接口要关联这个网络
fixed ip:虚拟机网卡在虚拟网络上的ip
floating ip:虚拟网络对应的外部网络上的ip
interface:一个网络接口
端口:子网有多个端口(一般会有MAC地址和IP地址),在GRE模式中子网中一般会有qdhcp端口,qrouter端口和为虚拟机实例分配的端口,它们的ip地址属于这个子网
一、查看nova和neutron服务,确保都是笑脸
#nova-manage service list
root@controller:~# nova-manage service list
Binary Host Zone Status State Updated_At
nova-cert controller internal enabled :-) 2015-01-12 00:39:05
nova-consoleauth controller internal enabled :-) 2015-01-12 00:38:59
nova-scheduler controller internal enabled :-) 2015-01-12 00:39:00
nova-conductor controller internal enabled :-) 2015-01-12 00:39:03
nova-compute compute1 nova enabled :-) 2015-01-12 00:39:03
#neutron agent-list
root@controller:~# neutron agent-list
+--------------------------------------+--------------------+----------+-------+----------------+
| id | agent_type | host | alive | admin_state_up |
+--------------------------------------+--------------------+----------+-------+----------------+
| 7a1f9910-62d8-4461-b31d-1a562bd0b76e | DHCP agent | network | :-) | True |
| 86d1c916-8b05-4840-965c-e9152388e0c2 | Open vSwitch agent | compute1 | :-) | True |
| 8809b0e3-010d-4d2f-b552-10be24002684 | Open vSwitch agent | network | :-) | True |
| aca01734-7522-427a-b3f2-45400d22121c | Metadata agent | network | :-) | True |
| e964a21a-4b8d-403b-9c81-2a95f387285e | L3 agent | network | :-) | True |
+--------------------------------------+--------------------+----------+-------+----------------+
二、创建租户和用户
创建租户
# keystone tenant-create --name TenantA
root@controller:~# keystone tenant-create --name TenantA
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 60a10cd7a61b493d910eabd353c07567 |
| name | TenantA |
+-------------+----------------------------------+
创建用户
# keystone user-create --name=UserA --pass=password --tenant-id TenantA --email=usera@test.com
root@controller:~# keystone user-create --name=UserA --pass=password --tenant-id TenantA --email=usera@test.com
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | usera@test.com |
| enabled | True |
| id | be1db0d2fd134025accd2654cfc66056 |
| name | UserA |
| tenantId | 60a10cd7a61b493d910eabd353c07567 |
| username | UserA |
+----------+----------------------------------+
为租户添加用户
#keystone user-role-add --tenant TenantA --user UserA --role Member
root@controller:~# keystone user-role-add --tenant TenantA --user UserA --role Member
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
三、准备neutron网络
创建外网
# neutron net-create Ext-Net --provider:network_type gre --provider:segmentation_id 1 --router:external true
root@controller:~# neutron net-create Ext-Net --provider:network_type gre --provider:segmentation_id 1 --router:external true
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | c8699820-7c6d-4441-9602-3425f2c630ec |
| name | Ext-Net |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 1 |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | c91d0723aaea4985a77801a15ef66438 |
+---------------------------+--------------------------------------+
创建外网的子网
# neutron subnet-create --allocation-pool start=10.1.101.80,end=10.1.101.100 --gateway 10.1.101.254 Ext-Net 10.1.101.0/24 --enable_dhcp=False
root@controller:~# neutron subnet-create --allocation-pool start=10.1.101.80,end=10.1.101.100 --gateway 10.1.101.254 Ext-Net 10.1.101.0/24 --enable_dhcp=False
Created a new subnet:
+------------------+-------------------------------------------------+
| Field | Value |
+------------------+-------------------------------------------------+
| allocation_pools | {"start": "10.1.101.80", "end": "10.1.101.100"} |
| cidr | 10.1.101.0/24 |
| dns_nameservers | |
| enable_dhcp | False |
| gateway_ip | 10.1.101.254 |
| host_routes | |
| id | 2c4155c9-5a2e-471c-a4d8-40a86b45ab0a |
| ip_version | 4 |
| name | |
| network_id | c8699820-7c6d-4441-9602-3425f2c630ec |
| tenant_id | c91d0723aaea4985a77801a15ef66438 |
+------------------+-------------------------------------------------+
接下来创建租户的子网和虚拟路由
创建租户网络
# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 net-create tenantA-Net
root@controller:~# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 net-create tenantA-Net
Created a new network:
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| admin_state_up | True |
| id | 7c22bbd9-166c-4610-9a3d-3b8b92c77518 |
| name | tenantA-Net |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 60a10cd7a61b493d910eabd353c07567 |
+----------------+--------------------------------------+
创建租户子网
# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 subnet-create tenantA-Net 10.0.0.0/24
root@controller:~# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 subnet-create tenantA-Net 10.0.0.0/24
Created a new subnet:
+------------------+--------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------+
| allocation_pools | {"start": "10.0.0.2", "end": "10.0.0.254"} |
| cidr | 10.0.0.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.0.0.1 |
| host_routes | |
| id | c37d8ed0-372e-4b24-9ba2-897c38c6ddbf |
| ip_version | 4 |
| name | |
| network_id | 7c22bbd9-166c-4610-9a3d-3b8b92c77518 |
| tenant_id | 60a10cd7a61b493d910eabd353c07567 |
+------------------+--------------------------------------------+
创建租户虚拟路由
neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 router-create tenant-R1
root@controller:~# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 router-create tenant-R1
Created a new router:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin_state_up | True |
| external_gateway_info | |
| id | 680944ad-679c-4fe8-ae4b-258cd8ac337f |
| name | tenant-R1 |
| status | ACTIVE |
| tenant_id | 60a10cd7a61b493d910eabd353c07567 |
+-----------------------+--------------------------------------+
增加路由接口
(替换${subnet_id}为子网ID)
neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 router-interface-add tenant-R1 ${subnet_id}
root@controller:~# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 router-interface-add tenant-R1 c37d8ed0-372e-4b24-9ba2-897c38c6ddbf
Added interface 81388454-30e0-45e4-b3dd-b7b2e8dbf067 to router tenant-R1.
给路由增加网关
# neutron router-gateway-set tenant-R1 Ext-Net
root@controller:~# neutron router-gateway-set tenant-R1 Ext-Net
Set gateway for router tenant-R1
到此为止UserA看到的网络拓扑如下:
四、安全组规则
安全组规则会影响到外面ping虚拟机和ssh登录虚拟机,所以在controller节点中为openstack设置好ICMP和TCP规则。
这里设置安全组规则相当于打开防火墙端口,允许ssh和ping虚拟机,这是个重点,不设置这个将无法访问虚拟机。
获得TenantA的default安全组规则
# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 security-group-list
root@controller:~# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 security-group-list
+--------------------------------------+---------+-------------+
| id | name | description |
+--------------------------------------+---------+-------------+
| 8bd8fb6b-7141-4900-8321-390cc1a5d999 | default | default |
+--------------------------------------+---------+-------------+
默认default规则:
设置nova中default的 ICMP/TCP/UDP安全组规则
# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 secgroup-add-rule default tcp 1 65535 0.0.0.0/0
root@controller:~# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 secgroup-add-rule default tcp 1 65535 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 1 | 65535 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 secgroup-add-rule default udp 1 65535 0.0.0.0/0
root@controller:~# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 secgroup-add-rule default udp 1 65535 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| udp | 1 | 65535 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 secgroup-add-rule default icmp -1 -1 0.0.0.0/0
root@controller:~# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
五、起虚拟机
查看镜像:
# glance index
root@controller:~# glance index
ID Name Disk Format Container Format Size
------------------------------------ ------------------------------ -------------------- -------------------- --------------
a1de861a-be9c-4223-9a7a-cf5917489ce9 cirros-0.3.2-x86_64 qcow2 bare 13167616
起虚拟机,替换{the cirros ID from Glance}为镜像ID
#root@controller:~# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 boot --flavor 1 --image{the cirros ID from Glance} vm001
root@controller:~# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 boot --flavor 1 --image a1de861a-be9c-4223-9a7a-cf5917489ce9 vm001
+--------------------------------------+------------------------------------------------------------+
| Property | Value |
+--------------------------------------+------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | sCekd6U9PcvU |
| config_drive | |
| created | 2015-01-12T01:18:27Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | d4a05267-b610-4c61-86e0-542ae9a7d93f |
| image | cirros-0.3.2-x86_64 (a1de861a-be9c-4223-9a7a-cf5917489ce9) |
| key_name | - |
| metadata | {} |
| name | vm001 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | 60a10cd7a61b493d910eabd353c07567 |
| updated | 2015-01-12T01:18:28Z |
| user_id | be1db0d2fd134025accd2654cfc66056 |
+--------------------------------------+------------------------------------------------------------+
检查虚拟机状态为ACTIVE
# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 list
root@controller:~# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 list
+--------------------------------------+-------+--------+------------+-------------+----------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+-------+--------+------------+-------------+----------------------+
| d4a05267-b610-4c61-86e0-542ae9a7d93f | vm001 | ACTIVE | - | Running | tenantA-Net=10.0.0.2 |
+--------------------------------------+-------+--------+------------+-------------+----------------------+
六、为虚拟机分配浮动IP
创建一个浮动IP
# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 floatingip-create Ext-Net
root@controller:~# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 floatingip-create Ext-Net
Created a new floatingip:
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| fixed_ip_address | |
| floating_ip_address | 10.1.101.81 |
| floating_network_id | c8699820-7c6d-4441-9602-3425f2c630ec |
| id | 0482a808-e92b-4ae0-a830-6f149d310c30 |
| port_id | |
| router_id | |
| status | DOWN |
| tenant_id | 60a10cd7a61b493d910eabd353c07567 |
+---------------------+--------------------------------------+
查看floating-ip
# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 floating-ip-list
root@controller:~# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 floating-ip-list
+-------------+-----------+----------+---------+
| Ip | Server Id | Fixed Ip | Pool |
+-------------+-----------+----------+---------+
| 10.1.101.81 | | - | Ext-Net |
+-------------+-----------+----------+---------+
我创建了一个新的浮动IP10.1.101.82,分配的是10.1.101.82
分配浮动IP给虚拟机,替换{the vm id}为虚拟机ID
# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 floating-ip-associate {the vm id} 10.1.101.82
root@controller:~# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 floating-ip-associate d4a05267-b610-4c61-86e0-542ae9a7d93f 10.1.101.82
检查虚拟机状态,现在就可以看到浮动ip了。
# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 list
root@controller:~# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 list
+--------------------------------------+-------+--------+------------+-------------+-----------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+-------+--------+------------+-------------+-----------------------------------+
| d4a05267-b610-4c61-86e0-542ae9a7d93f | vm001 | ACTIVE | - | Running | tenantA-Net=10.0.0.2, 10.1.101.82 |
+--------------------------------------+-------+--------+------------+-------------+-----------------------------------+
七、SSH到虚拟机(虚拟机状态为ACTIVE,密码是cubswin:))
替换{put_floating_ip_here}为虚拟机的浮动IP
ssh cirros@{put_floating_ip_here}
root@controller:~# ssh cirros@10.1.101.82
The authenticity of host '10.1.101.82 (10.1.101.82)' can't be established.
RSA key fingerprint is da:a3:1a:60:f1:e9:3a:e2:a7:6c:35:cb:f8:9b:b7:65.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.1.101.82' (RSA) to the list of known hosts.
cirros@10.1.101.82's password:
$
$
$
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=3 ttl=35 time=295.980 ms
64 bytes from 8.8.8.8: seq=7 ttl=35 time=299.047 ms
八、上传镜像
查看镜像
root@sc-disk01:~/image# glance --os-username admin --os-password windawnKey --os-tenant-name admin --os-auth-url=http://10.0.101.11:35357/v2.0 image-list
+--------------------------------------+---------------------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+---------------------+-------------+------------------+----------+--------+
| ae63b964-230f-4ff8-bcf9-524d44b6980b | cirros-0.3.2-x86_64 | qcow2 | bare | 13167616 | active |
+--------------------------------------+---------------------+-------------+------------------+----------+--------+
上传镜像
root@sc-disk01:~# cd image/
root@sc-disk01:~/image# ls
app_2013_1127 devstack_201407171353
root@sc-disk01:~/image# glance image-create --name="app_2013_1127" --is-public=True --disk-format=qcow2 --container-format=bare < ./app_2013_1127
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | f741693bf9297714917e27ce18394dbb |
| container_format | bare |
| created_at | 2015-03-16T01:53:23 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | 0391cd63-59da-48e2-929d-6a35a43c9bfc |
| is_public | True |
| min_disk | 0 |
| min_ram | 0 |
| name | app_2013_1127 |
| owner | 49b72345ae0046e284f61503f047b587 |
| protected | False |
| size | 5299503104 |
| status | active |
| updated_at | 2015-03-16T01:57:13 |
| virtual_size | None |
+------------------+--------------------------------------+
root@sc-disk01:~/image#
上传镜像截图
或者用以下命令上传
root@sc-disk01:~/image# glance image-create --name="app_2014_0124_1604" --is-public=True --disk-format=qcow2 --container-format=bare --file ./app_2014_0124_1604 --progress
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | bb39bb3b5fa5996aecfa512dc178b5d6 |
| container_format | bare |
| created_at | 2015-03-16T02:04:12 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | 02111d11-42db-432d-a840-6945794587c0 |
| is_public | True |
| min_disk | 0 |
| min_ram | 0 |
| name | app_2014_0124_1604 |
| owner | 49b72345ae0046e284f61503f047b587 |
| protected | False |
| size | 5308547072 |
| status | active |
| updated_at | 2015-03-16T02:10:09 |
| virtual_size | None |
+------------------+--------------------------------------+
资源链接: