|
OpenStack三个节点icehouse-gre模式部署一文部署了一套OpenStack环境,接下来使用命令测试一遍。首先要明确几个概念:外网:可分配floating ip绑定到虚拟机,外部就可以访问虚拟机。虚拟网络(内部网络,私有网络):虚拟机的虚拟网卡所在的私有网络。子网:用户创建的每个网络至少要有一个子网(也可以有多个子网)路由:用户创建的每个网络至少有一个路由,该路由的接口要关联这个网络fixed ip:虚拟机网卡在虚拟网络上的ipfloating ip:虚拟网络对应的外部网络上的ipinterface:一个网络接口端口:子网有多个端口(一般会有MAC地址和IP地址),在GRE模式中子网中一般会有qdhcp端口,qrouter端口和为虚拟机实例分配的端口,它们的ip地址属于这个子网一、查看nova和neutron服务,确保都是笑脸#Nova-manage service listroot@controller:~# nova-manage service listBinary Host Zone Status State Updated_Atnova-cert controller internal enabled :-) 2015-01-12 00:39:05nova-consoleauth controller internal enabled :-) 2015-01-12 00:38:59nova-scheduler controller internal enabled :-) 2015-01-12 00:39:00nova-conductor controller internal enabled :-) 2015-01-12 00:39:03nova-compute compute1 nova enabled :-) 2015-01-12 00:39:03#neutron agent-listroot@controller:~# neutron agent-list+--------------------------------------+--------------------+----------+-------+----------------+| id | agent_type | host | alive | admin_state_up |+--------------------------------------+--------------------+----------+-------+----------------+| 7a1f9910-62d8-4461-b31d-1a562bd0b76e | DHCP agent | network | :-) | True || 86d1c916-8b05-4840-965c-e9152388e0c2 | Open vSwitch agent | compute1 | :-) | True || 8809b0e3-010d-4d2f-b552-10be24002684 | Open vSwitch agent | network | :-) | True || aca01734-7522-427a-b3f2-45400d22121c | Metadata agent | network | :-) | True || e964a21a-4b8d-403b-9c81-2a95f387285e | L3 agent | network | :-) | True |+--------------------------------------+--------------------+----------+-------+----------------+二、创建租户和用户创建租户# keystone tenant-create --name TenantAroot@controller:~# keystone tenant-create --name TenantAWARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).+-------------+----------------------------------+| Property | Value |+-------------+----------------------------------+| description | || enabled | True || id | 60a10cd7a61b493d910eabd353c07567 || name | TenantA |+-------------+----------------------------------+创建用户# keystone user-create --name=UserA --pass=password --tenant-id TenantA [email protected]@controller:~# keystone user-create --name=UserA --pass=password --tenant-id TenantA [email protected]: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).+----------+----------------------------------+| Property | Value |+----------+----------------------------------+| email | [email protected] || enabled | True || id | be1db0d2fd134025accd2654cfc66056 || name | UserA || tenantId | 60a10cd7a61b493d910eabd353c07567 || username | UserA |+----------+----------------------------------+为租户添加用户#keystone user-role-add --tenant TenantA--user UserA --role Memberroot@controller:~# keystone user-role-add --tenant TenantA --user UserA --role MemberWARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).三、准备neutron网络创建外网# neutron net-create Ext-Net --provider:network_type gre --provider:segmentation_id 1 --router:external trueroot@controller:~# neutron net-create Ext-Net --provider:network_type gre --provider:segmentation_id 1 --router:external trueCreated a new network:+---------------------------+--------------------------------------+| Field | Value |+---------------------------+--------------------------------------+| admin_state_up | True || id | c8699820-7c6d-4441-9602-3425f2c630ec || name | Ext-Net || provider:network_type | gre || provider:physical_network | || provider:segmentation_id | 1 || router:external | True || shared | False || status | ACTIVE || subnets | || tenant_id | c91d0723aaea4985a77801a15ef66438 |+---------------------------+--------------------------------------+创建外网的子网# neutron subnet-create --allocation-pool start=10.1.101.80,end=10.1.101.100 --gateway 10.1.101.254 Ext-Net 10.1.101.0/24 --enable_dhcp=Falseroot@controller:~# neutron subnet-create --allocation-pool start=10.1.101.80,end=10.1.101.100 --gateway 10.1.101.254 Ext-Net 10.1.101.0/24 --enable_dhcp=FalseCreated a new subnet:+------------------+-------------------------------------------------+| Field | Value |+------------------+-------------------------------------------------+| allocation_pools | {'start': '10.1.101.80', 'end': '10.1.101.100'} || cidr | 10.1.101.0/24 || dns_nameservers | || enable_dhcp | False || gateway_ip | 10.1.101.254 || host_routes | || id | 2c4155c9-5a2e-471c-a4d8-40a86b45ab0a || ip_version | 4 || name | || network_id | c8699820-7c6d-4441-9602-3425f2c630ec || tenant_id | c91d0723aaea4985a77801a15ef66438 |+------------------+-------------------------------------------------+接下来创建租户的子网和虚拟路由创建租户网络# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 net-create tenantA-Netroot@controller:~# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 net-create tenantA-NetCreated a new network:+----------------+--------------------------------------+| Field | Value |+----------------+--------------------------------------+| admin_state_up | True || id | 7c22bbd9-166c-4610-9a3d-3b8b92c77518 || name | tenantA-Net || shared | False || status | ACTIVE || subnets | || tenant_id | 60a10cd7a61b493d910eabd353c07567 |+----------------+--------------------------------------+创建租户子网# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 subnet-create tenantA-Net 10.0.0.0/24root@controller:~# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 subnet-create tenantA-Net 10.0.0.0/24Created a new subnet:+------------------+--------------------------------------------+| Field | Value |+------------------+--------------------------------------------+| allocation_pools | {'start': '10.0.0.2', 'end': '10.0.0.254'} || cidr | 10.0.0.0/24 || dns_nameservers | || enable_dhcp | True || gateway_ip | 10.0.0.1 || host_routes | || id | c37d8ed0-372e-4b24-9ba2-897c38c6ddbf || ip_version | 4 || name | || network_id | 7c22bbd9-166c-4610-9a3d-3b8b92c77518 || tenant_id | 60a10cd7a61b493d910eabd353c07567 |+------------------+--------------------------------------------+创建租户虚拟路由neutron --os-tenant-name TenantA --os-username UserA --os-password password--os-auth-url=http://localhost:5000/v2.0 router-create tenant-R1root@controller:~# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 router-create tenant-R1Created a new router:+-----------------------+--------------------------------------+| Field | Value |+-----------------------+--------------------------------------+| admin_state_up | True || external_gateway_info | || id | 680944ad-679c-4fe8-ae4b-258cd8ac337f || name | tenant-R1 || status | ACTIVE || tenant_id | 60a10cd7a61b493d910eabd353c07567 |+-----------------------+--------------------------------------+增加路由接口(替换${subnet_id}为子网ID)neutron --os-tenant-name TenantA --os-username UserA --os-password password--os-auth-url=http://localhost:5000/v2.0 router-interface-add tenant-R1${subnet_id}root@controller:~# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 router-interface-add tenant-R1 c37d8ed0-372e-4b24-9ba2-897c38c6ddbfAdded interface 81388454-30e0-45e4-b3dd-b7b2e8dbf067 to router tenant-R1.给路由增加网关# neutron router-gateway-set tenant-R1 Ext-Net root@controller:~# neutron router-gateway-set tenant-R1 Ext-Net Set gateway for router tenant-R1到此为止UserA看到的网络拓扑如下:四、安全组规则安全组规则会影响到外面ping虚拟机和ssh登录虚拟机,所以在controller节点中为openstack设置好ICMP和TCP规则。获得TenantA的default安全组规则# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 security-group-listroot@controller:~# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 security-group-list+--------------------------------------+---------+-------------+| id | name | description |+--------------------------------------+---------+-------------+| 8bd8fb6b-7141-4900-8321-390cc1a5d999 | default | default |+--------------------------------------+---------+-------------+默认default规则:设置nova中default的 ICMP/TCP/UDP安全组规则# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 secgroup-add-rule default tcp 1 65535 0.0.0.0/0root@controller:~# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 secgroup-add-rule default tcp 1 65535 0.0.0.0/0+-------------+-----------+---------+-----------+--------------+| IP Protocol | From Port | To Port | IP Range | Source Group |+-------------+-----------+---------+-----------+--------------+| tcp | 1 | 65535 | 0.0.0.0/0 | |+-------------+-----------+---------+-----------+--------------+# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 secgroup-add-rule default udp 1 65535 0.0.0.0/0root@controller:~# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 secgroup-add-rule default udp 1 65535 0.0.0.0/0+-------------+-----------+---------+-----------+--------------+| IP Protocol | From Port | To Port | IP Range | Source Group |+-------------+-----------+---------+-----------+--------------+| udp | 1 | 65535 | 0.0.0.0/0 | |+-------------+-----------+---------+-----------+--------------+# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 secgroup-add-rule default icmp -1 -1 0.0.0.0/0root@controller:~# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 secgroup-add-rule default icmp -1 -1 0.0.0.0/0+-------------+-----------+---------+-----------+--------------+| IP Protocol | From Port | To Port | IP Range | Source Group |+-------------+-----------+---------+-----------+--------------+| icmp | -1 | -1 | 0.0.0.0/0 | |+-------------+-----------+---------+-----------+--------------+五、起虚拟机查看镜像:# glance indexroot@controller:~# glance indexID Name Disk Format Container Format Size ------------------------------------ ------------------------------ -------------------- -------------------- --------------a1de861a-be9c-4223-9a7a-cf5917489ce9 cirros-0.3.2-x86_64 qcow2 bare 13167616起虚拟机,替换{the cirros ID from Glance}为镜像ID#root@controller:~# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 boot --flavor 1 --image{the cirros ID from Glance} vm001root@controller:~# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 boot --flavor 1 --image a1de861a-be9c-4223-9a7a-cf5917489ce9 vm001+--------------------------------------+------------------------------------------------------------+| Property | Value |+--------------------------------------+------------------------------------------------------------+| OS-DCF:diskConfig | MANUAL || OS-EXT-AZ:availability_zone | nova || OS-EXT-STS:power_state | 0 || OS-EXT-STS:task_state | scheduling || OS-EXT-STS:vm_state | building || OS-SRV-USG:launched_at | - || OS-SRV-USG:terminated_at | - || accessIPv4 | || accessIPv6 | || adminPass | sCekd6U9PcvU || config_drive | || created | 2015-01-12T01:18:27Z || flavor | m1.tiny (1) || hostId | || id | d4a05267-b610-4c61-86e0-542ae9a7d93f || image | cirros-0.3.2-x86_64 (a1de861a-be9c-4223-9a7a-cf5917489ce9) || key_name | - || metadata | {} || name | vm001 || os-extended-volumes:volumes_attached | [] || progress | 0 || security_groups | default || status | BUILD || tenant_id | 60a10cd7a61b493d910eabd353c07567 || updated | 2015-01-12T01:18:28Z || user_id | be1db0d2fd134025accd2654cfc66056 |+--------------------------------------+------------------------------------------------------------+检查虚拟机状态为ACTIVE# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 listroot@controller:~# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 list+--------------------------------------+-------+--------+------------+-------------+----------------------+| ID | Name | Status | Task State | Power State | Networks |+--------------------------------------+-------+--------+------------+-------------+----------------------+| d4a05267-b610-4c61-86e0-542ae9a7d93f | vm001 | ACTIVE | - | Running | tenantA-Net=10.0.0.2 |+--------------------------------------+-------+--------+------------+-------------+----------------------+六、为虚拟机分配浮动IP创建一个浮动IP# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 floatingip-create Ext-Netroot@controller:~# neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 floatingip-create Ext-NetCreated a new floatingip:+---------------------+--------------------------------------+| Field | Value |+---------------------+--------------------------------------+| fixed_ip_address | || floating_ip_address | 10.1.101.81 || floating_network_id | c8699820-7c6d-4441-9602-3425f2c630ec || id | 0482a808-e92b-4ae0-a830-6f149d310c30 || port_id | || router_id | || status | DOWN || tenant_id | 60a10cd7a61b493d910eabd353c07567 |+---------------------+--------------------------------------+查看floating-ip# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 floating-ip-listroot@controller:~# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 floating-ip-list+-------------+-----------+----------+---------+| Ip | Server Id | Fixed Ip | Pool |+-------------+-----------+----------+---------+| 10.1.101.81 | | - | Ext-Net |+-------------+-----------+----------+---------+我创建了一个新的浮动IP10.1.101.82,分配的是10.1.101.82分配浮动IP给虚拟机,替换{the vm id}为虚拟机ID# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 floating-ip-associate {the vm id} 10.1.101.82root@controller:~# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 floating-ip-associate d4a05267-b610-4c61-86e0-542ae9a7d93f 10.1.101.82 检查虚拟机状态,现在就可以看到浮动ip了。# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 listroot@controller:~# nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 list+--------------------------------------+-------+--------+------------+-------------+-----------------------------------+| ID | Name | Status | Task State | Power State | Networks |+--------------------------------------+-------+--------+------------+-------------+-----------------------------------+| d4a05267-b610-4c61-86e0-542ae9a7d93f | vm001 | ACTIVE | - | Running | tenantA-Net=10.0.0.2, 10.1.101.82 |+--------------------------------------+-------+--------+------------+-------------+-----------------------------------+七、SSH到虚拟机(虚拟机状态为ACTIVE,密码是cubswin:))替换{put_floating_ip_here}为虚拟机的浮动IPssh cirros@{put_floating_ip_here}root@controller:~# ssh [email protected] authenticity of host '10.1.101.82 (10.1.101.82)' can't be established.RSA key fingerprint is da:a3:1a:60:f1:e9:3a:e2:a7:6c:35:cb:f8:9b:b7:65.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '10.1.101.82' (RSA) to the list of known [email protected]'s password: $ $ $ $ ping 8.8.8.8PING 8.8.8.8 (8.8.8.8): 56 data bytes64 bytes from 8.8.8.8: seq=3 ttl=35 time=295.980 ms64 bytes from 8.8.8.8: seq=7 ttl=35 time=299.047 ms
(以上内容不代表本站观点。) --------------------------------- |
本網站是"非商業"(non-commercial)。
