centos7+openstack+kvm單節(jié)點(diǎn)搭建
簡述
本文是基于openstack官方文檔和某篇博客結(jié)合實(shí)踐而來的(主要是參考上述的博客)精居。如果想要更快捷地搭建openstack環(huán)境键闺,可以參考DevStack等自動(dòng)工具秉犹。關(guān)于openstack更多詳細(xì)的資料可以參考openstack官網(wǎng)晨缴。
本文將介紹在以盡量少的模塊在單節(jié)點(diǎn)上搭建openstack云平臺(tái)的具體過程讨越。
環(huán)境
- 節(jié)點(diǎn):centos7物理機(jī)上的kvm虛擬機(jī)CentOS 7.3.1611
- 網(wǎng)絡(luò):單網(wǎng)卡
eth0,IP192.168.150.145
openstack
采用Liberty版本(因?yàn)橛?a target="_blank" rel="nofollow">中文官方文檔)裤纹。
將安裝配置如下模塊:
 |
 |
 |
 |
 |
|---|
其中:
- Nova: To implement services and associated libraries to provide massively scalable, on demand, self service access to compute resources, including bare metal, virtual machines, and containers.
- Neutron: OpenStack Neutron is an SDN networking project focused on delivering networking-as-a-service (NaaS) in virtual compute environments.
- Keystone: Keystone is an OpenStack service that provides API client authentication, service discovery, and distributed multi-tenant authorization by implementing OpenStack’s Identity API. It supports LDAP, OAuth, OpenID Connect, SAML and SQL.
- Glance: Glance image services include discovering, registering, and retrieving virtual machine images. Glance has a RESTful API that allows querying of VM image metadata as well as retrieval of the actual image. VM images made available through Glance can be stored in a variety of locations from simple filesystems to object-storage systems like the OpenStack Swift project.
- Horizon: Horizon is the canonical implementation of OpenStack's dashboard, which is extensible and provides a web based user interface to OpenStack services.
這就是openstack:
其他
操作全部在root下進(jìn)行睛低。
環(huán)境準(zhǔn)備
為安裝配置openstack準(zhǔn)備基礎(chǔ)環(huán)境。
關(guān)閉防火墻
關(guān)閉 selinux
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
setenforce 0
關(guān)閉 iptables
systemctl start firewalld.service
systemctl stop firewalld.service
systemctl disable firewalld.service
安裝軟件包
base
yum install -y http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm #可能出錯(cuò),這個(gè)應(yīng)該是沒影響的
yum install -y centos-release-openstack-liberty
yum install -y python-openstackclient
MySQL
yum install -y mariadb mariadb-server MySQL-python
RabbitMQ
yum install -y rabbitmq-server
Keystone
yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached
Glance
yum install -y openstack-glance python-glance python-glanceclient
Nova Control
yum install -y openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient
Nova compute
yum install -y openstack-nova-compute sysfsutils
Neutron
yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
Dashboard
yum install -y openstack-dashboard
配置mySQL
對(duì)mySQL的一些操作可以參考此博客钱雷。
cp /usr/share/mariadb/my-medium.cnf /etc/my.cnf #或者是/usr/share/mysql/my-medium.cnf
對(duì)于/etc/my.cnf:
[mysqld]
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
systemctl enable mariadb.service #Centos7里面mysql叫maridb`
ln -s '/usr/lib/systemd/system/mariadb.service' '/etc/systemd/system/multi-user.target.wants/mariadb.service'
mysql_install_db --datadir="/var/lib/mysql" --user="mysql" #初始化數(shù)據(jù)庫
systemctl start mariadb.service
mysql_secure_installation #密碼 123456,一路 y 回車
到這里已經(jīng)配置好mysql的配置文件并創(chuàng)建了一個(gè)MySQL用戶user:mysql&&passwd:123456
創(chuàng)建數(shù)據(jù)庫
[root@localhost ~]# mysql -p123456 #登陸用戶準(zhǔn)備創(chuàng)建數(shù)據(jù)庫
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 5579
Server version: 5.5.50-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| glance |
| keystone |
| mysql |
| neutron |
| nova |
| performance_schema |
+--------------------+
7 rows in set (0.00 sec)
MariaDB [(none)]>\q
參考另一篇博客:這里
修改下mysql的連接數(shù)吹零,否則openstack后面的操作會(huì)報(bào)錯(cuò):“ERROR 1040 (08004): Too many connections ”
配置/etc/my.cnf
[mysqld]新添加一行如下參數(shù):
max_connections=1000
配置/usr/lib/systemd/system/mariadb.service
[Service]新添加兩行如下參數(shù):
LimitNOFILE=10000
LimitNPROC=10000
重新加載系統(tǒng)服務(wù)罩抗,并重啟mariadb服務(wù)
systemctl --system daemon-reload
systemctl restart mariadb.service
配置 rabbitmq
對(duì)RabbitMQ的了解可以參考這里。
MQ 全稱為 Message Queue, 消息隊(duì)列( MQ)是一種應(yīng)用程序?qū)?yīng)用程序的通信方法灿椅。應(yīng)用
程序通過讀寫出入隊(duì)列的消息(針對(duì)應(yīng)用程序的數(shù)據(jù))來通信套蒂,而無需專用連接來鏈接它們。
消 息傳遞指的是程序之間通過在消息中發(fā)送數(shù)據(jù)進(jìn)行通信茫蛹,而不是通過直接調(diào)用彼此來通
信操刀,直接調(diào)用通常是用于諸如遠(yuǎn)程過程調(diào)用的技術(shù)。排隊(duì)指的是應(yīng)用程序通過 隊(duì)列來通信婴洼。
隊(duì)列的使用除去了接收和發(fā)送應(yīng)用程序同時(shí)執(zhí)行的要求骨坑。
RabbitMQ 是一個(gè)在 AMQP 基礎(chǔ)上完整的,可復(fù)用的企業(yè)消息系統(tǒng)柬采。他遵循 Mozilla Public
License 開源協(xié)議欢唾。
啟動(dòng) rabbitmq, 端口 5672粉捻,添加 openstack 用戶
systemctl enable rabbitmq-server.service
ln -s '/usr/lib/systemd/system/rabbitmq-server.service' '/etc/systemd/system/multi-user.target.wants/rabbitmq-server.service'
systemctl start rabbitmq-server.service
rabbitmqctl add_user openstack openstack #添加用戶及密碼
rabbitmqctl set_permissions openstack ".*" ".*" ".*" #允許配置礁遣、寫、讀訪問 openstack
rabbitmq-plugins list #查看支持的插件
.........
[ ] rabbitmq_management 3.6.2 #使用此插件實(shí)現(xiàn) web 管理
.........
rabbitmq-plugins enable rabbitmq_management #啟動(dòng)插件
The following plugins have been enabled:
mochiweb
webmachine
rabbitmq_web_dispatch
amqp_client
rabbitmq_management_agent
rabbitmq_management
Plugin configuration has changed. Restart RabbitMQ for changes to take effect.
systemctl restart rabbitmq-server.service
lsof -i:15672
訪問RabbitMQ,訪問地址是http://localhost:15672肩刃。
默認(rèn)用戶名密碼都是guest祟霍,使用默認(rèn)用戶登錄并到admin標(biāo)簽?zāi)抢镌O(shè)置用戶openstack的的密碼(openstack)和tags(administrator)。
之后退出使用 openstack 登錄盈包。
安裝配置kvm
過程參考自這里沸呐。
檢查CPU虛擬化支持
grep -E 'svm|vmx' /proc/cpuinfo #有輸出就證明支持,否則要另外配置支持了
如果是宿主機(jī)是kvm续语,增加CPU虛擬化支持可以參考這里垂谢。
安裝軟件包
yum install qemu-kvm libvirt virt-install virt-manager #virt-manager是圖形界面可以不裝
激活并啟動(dòng)libvirtd服務(wù)
systemctl enable libvirtd
systemctl start libvirtd
驗(yàn)證內(nèi)核模塊
lsmod |grep kvm
kvm_intel 170181 6
kvm 554609 1 kvm_intel
irqbypass 13503 5 kvm
virsh list
以上完成基礎(chǔ)環(huán)境的配置,下面開始安裝 openstack 的組件
配置 Keystone 驗(yàn)證服務(wù)
配置 Keystone
修改/etc/keystone/keystone.conf
取一個(gè)隨機(jī)數(shù)
openssl rand -hex 10
bc0aa2b6eae6c007fcbf
cat /etc/keystone/keystone.conf|grep -v "^#"|grep -v "^$"
[DEFAULT]
admin_token = bc0aa2b6eae6c007fcbf #設(shè)置 token疮茄,和上面產(chǎn)生的隨機(jī)數(shù)值一致
verbose = true
log_dir = log_dir=/var/log/keystone
[assignment]
[auth]
[cache]
[catalog]
[cors]
[cors.subdomain]
[credential]
[database]
connection = mysql://keystone:keystone@192.168.150.145/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[eventlet_server_ssl]
[federation]
[fernet_tokens]
[identity]
[identity_mapping]
[kvs]
[ldap]
[matchmaker_redis]
[matchmaker_ring]
[memcache]
servers = localhost:11211 #或者192.168.150.145滥朱?
[oauth1]
[os_inherit]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[resource]
[revoke]
driver = sql
[role]
[saml]
[signing]
[ssl]
[token]
provider = uuid
driver = memcache
[tokenless_auth]
[trust]
創(chuàng)建數(shù)據(jù)庫表, 使用命令同步
su -s /bin/sh -c "keystone-manage db_sync" keystone
No handlers could be found for logger "oslo_config.cfg" #出現(xiàn)這個(gè)信息力试,不影響后續(xù)操作徙邻!忽略~
ll /var/log/keystone/keystone.log
-rw-r--r--. 1 keystone keystone 298370 Aug 26 11:36 /var/log/keystone/keystone.log #之所以上面 su 切換是因?yàn)檫@個(gè)日志文件屬主
mysql -h 192.168.1.17 -u keystone -p #數(shù)據(jù)庫檢查表,生產(chǎn)環(huán)境密碼不要用keystone,改成復(fù)雜點(diǎn)的密碼
啟動(dòng) memcached 和 apache
啟動(dòng) memcached
systemctl enable memcached
ln -s '/usr/lib/systemd/system/memcached.service' '/etc/systemd/system/multi-user.target.wants/memcached.service'
systemctl start memcached
配置 httpd
vim /etc/httpd/conf/httpd.conf
ServerName 192.168.1.17:80
cat /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
啟動(dòng) httpd
systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
systemctl start httpd
netstat -lntup|grep httpd
tcp6 0 0 :::80 :::* LISTEN 6191/httpd
tcp6 0 0 :::35357 :::* LISTEN 6191/httpd
tcp6 0 0 :::5000 :::* LISTEN 6191/httpd
如果 http 起不來關(guān)閉 selinux 或者安裝 yum install openstack-selinux
創(chuàng)建 keystone 用戶
臨時(shí)設(shè)置 admin_token 用戶的環(huán)境變量畸裳,用來創(chuàng)建用戶
export OS_TOKEN=bc0aa2b6eae6c007fcbf #上面產(chǎn)生的隨機(jī)數(shù)值
export OS_URL=http://192.168.150.145:35357/v3
export OS_IDENTITY_API_VERSION=3
創(chuàng)建 admin 項(xiàng)目---創(chuàng)建 admin 用戶(密碼 admin缰犁,生產(chǎn)不要這么玩) ---創(chuàng)建 admin 角色---把 admin 用戶加入到 admin 項(xiàng)目賦予 admin 的角色(三個(gè) admin 的位置:項(xiàng)目,用戶,角色)
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password-prompt admin
openstack role create admin
openstack role add --project admin --user admin admin
創(chuàng)建一個(gè)普通用戶 demo
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password=demo demo
openstack role create user
openstack role add --project demo --user demo user
創(chuàng)建 service 項(xiàng)目帅容,用來管理其他服務(wù)用
openstack project create --domain default --description "Service Project" service
以上的名字都是固定的颇象,不能改
查看創(chuàng)建的而用戶和項(xiàng)目
openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| b1f164577a2d43b9a6393527f38e3f75 | demo |
| b694d8f0b70b41d883665f9524c77766 | admin |
+----------------------------------+-------+
openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 604f9f78853847ac9ea3c31f2c7f677d | demo |
| 777f4f0108b1476eabc11e00dccaea9f | admin |
| aa087f62f1d44676834d43d0d902d473 | service |
+----------------------------------+---------+
注冊(cè) keystone 服務(wù),以下三種類型分別為公共的并徘、內(nèi)部的遣钳、管理的。
這里的步驟很容易出錯(cuò)麦乞,出錯(cuò)原因以及解決方法見這里蕴茴。
openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne identity public http://192.168.150.145:5000/v2.0
openstack endpoint create --region RegionOne identity internal http://192.168.150.145:5000/v2.0
openstack endpoint create --region RegionOne identity admin http://192.168.150.145:35357/v2.0
openstack endpoint list #查看
......
一個(gè)表格顯示有三個(gè)endpoint
......
驗(yàn)證,獲取 token姐直,只有獲取到才能說明 keystone 配置成功
unset OS_TOKEN
unset OS_URL
openstack --os-auth-url http://192.168.150.145:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue #回車
Password: admin
......
一個(gè)表格顯示有token信息
......
使用環(huán)境變量來獲取 token倦淀,環(huán)境變量在后面創(chuàng)建虛擬機(jī)時(shí)也需要用。
創(chuàng)建兩個(gè)環(huán)境變量文件声畏,使用時(shí)直接 source admin-openrc.sh/demo-openrc.sh(該文件目錄下)
cat admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://192.168.150.145:35357/v3
export OS_IDENTITY_API_VERSION=3
cat demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.150.145:5000/v3
export OS_IDENTITY_API_VERSION=3
source admin-openrc.sh #載入上述的環(huán)境變量
openstack token issue #查看token信息
......
一個(gè)表格顯示有token信息
......
配置 glance 鏡像服務(wù)
glance 配置
修改/etc/glance/glance-api.conf 和/etc/glance/glance-registry.conf
cat /etc/glance/glance-api.conf|grep -v "^#"|grep -v "^$"
[DEFAULT]
verbose=True
notification_driver = noop
[database]
connection=mysql://glance:glance@192.168.150.145/glance
[glance_store]
default_store=file
filesystem_store_datadir=/var/lib/glance/images/
[image_format]
[keystone_authtoken]
auth_uri = http://192.168.150.145:5000
auth_url = http://192.168.150.145:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = glance
[matchmaker_redis]
[matchmaker_ring]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
flavor=keystone
[store_type_location_strategy]
[task]
[taskflow_executor]
cat /etc/glance/glance-registry.conf|grep -v "^#"|grep -v "^$"
[DEFAULT]
verbose=True
notification_driver = noop
[database]
connection=mysql://glance:glance@192.168.150.145/glance
[glance_store]
[keystone_authtoken]
auth_uri = http://192.168.150.145:5000
auth_url = http://192.168.150.145:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = glance
[matchmaker_redis]
[matchmaker_ring]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
flavor=keystone
創(chuàng)建數(shù)據(jù)庫表撞叽,同步數(shù)據(jù)庫
su -s /bin/sh -c "glance-manage db_sync" glance
mysql -h 192.168.150.145 -uglance -p
創(chuàng)建關(guān)于 glance 的 keystone 用戶
source admin-openrc.sh
openstack user create --domain default --password=glance glance
openstack role add --project service --user glance admin
啟動(dòng) glance
systemctl enable openstack-glance-api
systemctl enable openstack-glance-registry
systemctl start openstack-glance-api
systemctl start openstack-glance-registry
netstat -lnutp |grep 9191 #registry
tcp 0 0 0.0.0.0:9191 0.0.0.0:* LISTEN 1333/python2
netstat -lnutp |grep 9292 #api
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 1329/python2
在 keystone 上注冊(cè)
source admin-openrc.sh
openstack service create --name glance --description "OpenStack Image service" image
openstack endpoint create --region RegionOne image public http://192.168.150.145:9292
openstack endpoint create --region RegionOne image internal http://192.168.150.145:9292
openstack endpoint create --region RegionOne image admin http://192.168.150.145:9292
添加 glance 環(huán)境變量并測(cè)試
echo "export OS_IMAGE_API_VERSION=2" | tee -a admin-openrc.sh demo-openrc.sh
glance image-list
+----+------+
| ID | Name |
+----+------+
+----+------+
下載鏡像并上傳到 glance(這里用的cirros鏡像是專門用來測(cè)試的,很信槭丁)
wget -q http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress
[=============================>] 100%
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
......
......
也可以上傳官方制作的鏡像能扒,但是這些鏡像一般不知道賬戶密碼,所以也可以自制鏡像:
參考使用ios鏡像進(jìn)行制作openstack鏡像http://www.cnblogs.com/kevingrace/p/5821823.html
查看鏡像:
glance image-list
+--------------------------------------+-----------------+
| ID | Name |
+--------------------------------------+-----------------+
| 2fa1b84f-51c0-49c6-af78-b121205eba08 | CentOS-7-x86_64 |
| 722e10fb-9a0b-4c56-9075-f6a3c5bbba66 | cirros |
+--------------------------------------+-----------------+
配置 nova 計(jì)算服務(wù)
Nova配置
修改/etc/nova/nova.conf
cat /etc/nova/nova.conf|grep -v "^#"|grep -v "^$"
[DEFAULT]
my_ip=192.168.150.145
enabled_apis=osapi_compute,metadata
auth_strategy=keystone
network_api_class=nova.network.neutronv2.api.API
linuxnet_interface_driver=nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
security_group_api=neutron
firewall_driver = nova.virt.firewall.NoopFirewallDriver
debug=true
verbose=true
rpc_backend=rabbit
allow_resize_to_same_host=True
scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter
vif_plugging_is_fatal=false
vif_plugging_timeout=0
log_dir=/var/log/nova
[api_database]
[barbican]
[cells]
[cinder]
[conductor]
[cors]
[cors.subdomain]
[database]
connection=mysql://nova:nova@192.168.150.145/nova
[ephemeral_storage_encryption]
[glance]
host=$my_ip
[guestfs]
[hyperv]
[image_file_url]
[ironic]
[keymgr]
[keystone_authtoken]
auth_uri = http://192.168.150.145:5000
auth_url = http://192.168.150.145:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = nova
[libvirt]
virt_type=kvm
[matchmaker_redis]
[matchmaker_ring]
[metrics]
[neutron]
url = http://192.168.150.145:9696
auth_url = http://192.168.150.145:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = neutron
lock_path=/var/lib/nova/tmp
[osapi_v21]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host=192.168.150.145
rabbit_port=5672
rabbit_userid=openstack
rabbit_password=openstack
[oslo_middleware]
[rdp]
[serial_console]
[spice]
[ssl]
[trusted_computing]
[upgrade_levels]
[vmware]
[vnc]
novncproxy_base_url=http://192.168.150.145:6080/vnc_auto.html
vncserver_listen= $my_ip
vncserver_proxyclient_address= $my_ip
keymap=en-us
[workarounds]
[xenserver]
[zookeeper]
網(wǎng)絡(luò)部分為啥這么寫:network_api_class=nova.network.neutronv2.api.API
ls /usr/lib/python2.7/site-packages/nova/network/neutronv2/api.py
/usr/lib/python2.7/site-packages/nova/network/neutronv2/api.py
這里面有一個(gè) API 方法辫狼,其他配置類似
同步數(shù)據(jù)庫
su -s /bin/sh -c "nova-manage db sync" nova
mysql -h 192.168.1.17 -unova -p #檢查
創(chuàng)建 nova 的 keystone 用戶
openstack user create --domain default --password=nova nova
openstack role add --project service --user nova admin
啟動(dòng) nova 相關(guān)服務(wù)
systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl enable libvirtd openstack-nova-compute
systemctl start libvirtd openstack-nova-compute
source admin-openrc.sh
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://192.168.150.145:8774/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute internal http://192.168.150.145:8774/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute admin http://192.168.150.145:8774/v2/%\(tenant_id\)s
檢查
openstack host list
+-----------------------+-------------+----------+
| Host Name | Service | Zone |
+-----------------------+-------------+----------+
| localhost.localdomain | cert | internal |
| localhost.localdomain | conductor | internal |
| localhost.localdomain | consoleauth | internal |
| localhost.localdomain | scheduler | internal |
| localhost.localdomain | compute | nova |
+-----------------------+-------------+----------+
nova image-list #測(cè)試 glance 是否正常
+--------------------------------------+-----------------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+-----------------+--------+--------+
| 2fa1b84f-51c0-49c6-af78-b121205eba08 | CentOS-7-x86_64 | ACTIVE | |
| 722e10fb-9a0b-4c56-9075-f6a3c5bbba66 | cirros | ACTIVE | |
+--------------------------------------+-----------------+--------+--------+
nova endpoints #測(cè)試 keystone
WARNING: keystone has no endpoint in ! Available endpoints for this service:
+-----------+----------------------------------+
| keystone | Value |
+-----------+----------------------------------+
| id | 33f1d5ddb5a14d9fa4bff2e4f047cc02 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| url | http://192.168.150.145:5000/v2.0 |
+-----------+----------------------------------+
......
......
Neutron 網(wǎng)絡(luò)服務(wù)
neutron是最難搞的部分初斑。
Neutron 介紹
來自官方文檔的介紹: (鏈接在這里)
網(wǎng)絡(luò)提供網(wǎng)絡(luò),子網(wǎng)和路由作為對(duì)象抽象的概念膨处。每個(gè)概念都有自己的功能见秤,可以模擬對(duì)應(yīng)的物理對(duì)應(yīng)設(shè)備:網(wǎng)絡(luò)包括子網(wǎng),路由在不同的子網(wǎng)和網(wǎng)絡(luò)間進(jìn)行路由轉(zhuǎn)發(fā)真椿。
每個(gè)路由都有一個(gè)連接到網(wǎng)絡(luò)的網(wǎng)關(guān)鹃答,并且很多接口都連接到子網(wǎng)中。子網(wǎng)可以訪問其他連接到相同路由其他子網(wǎng)的機(jī)器突硝。
任何給定的Networking設(shè)置至少有一個(gè)外部網(wǎng)絡(luò)测摔。不像其他的網(wǎng)絡(luò),外部網(wǎng)絡(luò)不僅僅是一個(gè)虛擬定義的網(wǎng)絡(luò)解恰。相反,它代表了一種OpenStack安裝之外的能從物理的锋八,外部的網(wǎng)絡(luò)訪問的視圖。外部網(wǎng)絡(luò)上的IP地址能被任何物理接入外面網(wǎng)絡(luò)的人所訪問护盈。因?yàn)橥獠烤W(wǎng)絡(luò)僅僅代表了進(jìn)入外面網(wǎng)絡(luò)的一個(gè)視圖挟纱,網(wǎng)絡(luò)上的DHCP是關(guān)閉的。
外部網(wǎng)絡(luò)之外腐宋,任何 Networking 設(shè)置擁有一個(gè)或多個(gè)內(nèi)部網(wǎng)絡(luò)紊服。這些軟件定義的網(wǎng)絡(luò)直接連接到虛擬機(jī)檀轨。僅僅在給定網(wǎng)絡(luò)上的虛擬機(jī),或那些在通過接口連接到相近路由的子網(wǎng)上的虛擬機(jī)欺嗤,能直接訪問連接到那個(gè)網(wǎng)絡(luò)上的虛擬機(jī)参萄。
如果外網(wǎng)需要訪問虛擬機(jī),或者相反煎饼,網(wǎng)絡(luò)中的路由器就是必須要使用的拧揽。每個(gè)路由器配有一個(gè)網(wǎng)關(guān),可以連接到網(wǎng)絡(luò)和接口腺占,這些接口又連接著子網(wǎng)。如同實(shí)體路由器一樣痒谴,子網(wǎng)中的機(jī)器可以訪問連接到同一個(gè)路由器的子網(wǎng)中的其它機(jī)器衰伯,機(jī)器可以通過該路由器的網(wǎng)關(guān)訪問外網(wǎng)。
另外积蔚,你可以將外部網(wǎng)絡(luò)的IP地址分配給內(nèi)部網(wǎng)絡(luò)的端口意鲸。不管什么時(shí)候一旦有什么連接到子網(wǎng),那個(gè)連接就叫做端口尽爆。你可以通過端口把外部網(wǎng)絡(luò)IP地址分給VMs怎顾。
網(wǎng)絡(luò)同樣支持security groups。安全組允許管理員在安全組中定義防火墻規(guī)則漱贱。一個(gè)VM可以屬于一個(gè)或多個(gè)安全組槐雾,網(wǎng)絡(luò)為這個(gè)VM應(yīng)用這些安全組中的規(guī)則,阻止或者開啟端口幅狮,端口范圍或者通信類型募强。
neutron的概念很多很復(fù)雜,細(xì)節(jié)可以到這里看看崇摄。
neutron可以提供兩種網(wǎng)絡(luò)選項(xiàng):
- 提供者網(wǎng)絡(luò)(Provider NetWorks)
- 自服務(wù)網(wǎng)絡(luò)(Self-Service NetWorks)
提供者網(wǎng)絡(luò)結(jié)構(gòu)比較簡單擎值,所以這里就采用這種方式了。
網(wǎng)卡配置
(我理解的)neutron搭建網(wǎng)絡(luò)應(yīng)該是通過在物理網(wǎng)卡上搭設(shè)Linux-bridge并將網(wǎng)絡(luò)的出入口端口設(shè)在這條橋上實(shí)現(xiàn)的逐抑。centos7的網(wǎng)卡的網(wǎng)橋是通過/etc/sysconfig/network-scripts目錄里的配置文件來配置的(細(xì)節(jié)可以看這里)鸠儿,但是neutron配置的網(wǎng)橋沒有相關(guān)的配置文件(也可能是有的?)厕氨,所以這里的配置很容易出問題进每,不是宿主機(jī)斷網(wǎng)就是虛擬機(jī)實(shí)例無法訪問外網(wǎng)。
我的宿主機(jī)網(wǎng)網(wǎng)絡(luò)配置是:只有一個(gè)網(wǎng)卡eth0,其IP是192.168.150.145腐巢。
經(jīng)過多次嘗試之后品追,找出這樣的一個(gè)方法是成功的:
1.將網(wǎng)卡的配置文件修改如下:
DEVICE=eth0
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none #主要是要將這里改成none,如果是DHCP就會(huì)沖突斷網(wǎng)
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
如上冯丙,實(shí)測(cè)如果是DHCP的話配置出來的網(wǎng)橋和網(wǎng)卡都是同一個(gè)IP肉瓦,如此就會(huì)沖突致使宿主機(jī)斷網(wǎng)遭京。所以將它改成none,這樣的結(jié)果是網(wǎng)卡沒有IP地址泞莉,網(wǎng)橋有IP地址哪雕,宿主機(jī)和虛擬機(jī)實(shí)例都能連網(wǎng)。(static未試過鲫趁,不清楚結(jié)果會(huì)怎樣)斯嚎。
2.按照下述的過程配置neutron,新建網(wǎng)絡(luò)和子網(wǎng)之后通過systemctl restart network來重啟網(wǎng)絡(luò)并查看結(jié)果挨厚。
上述方法是在只有一個(gè)網(wǎng)卡的情況下進(jìn)行的堡僻,還有一種應(yīng)該可行的方法是加多一個(gè)子網(wǎng)卡,然后配置將網(wǎng)橋搭建在子網(wǎng)卡上疫剃,這樣就不用擔(dān)心宿主機(jī)斷網(wǎng)了钉疫,這個(gè)有待測(cè)試。
Neutron 配置( 5 個(gè)配置文件)
結(jié)構(gòu)應(yīng)該是:
- neutron-->ml2(Module Layer2)-->linuxbridge_agent
- ----------------------------------------->dhcp_agent
- ----------------------------------------->metadata_agent
修改/etc/neutron/neutron.conf 文件
cat /etc/neutron/neutron.conf|grep -v "^#"|grep -v "^$"
[DEFAULT]
state_path = /var/lib/neutron
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://192.168.150.145:8774/v2
rpc_backend=rabbit
[matchmaker_redis]
[matchmaker_ring]
[quotas]
[agent]
[keystone_authtoken]
auth_uri = http://192.168.150.145:5000
auth_url = http://192.168.150.145:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
[database]
connection = mysql://neutron:neutron@192.168.150.145:3306/neutron
[nova]
auth_url = http://192.168.150.145:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = $state_path/lock
[oslo_policy]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host = 192.168.150.145
rabbit_port = 5672
rabbit_userid = openstack
rabbit_password = openstack
[qos]
配置/etc/neutron/plugins/ml2/ml2_conf.ini
cat /etc/neutron/plugins/ml2/ml2_conf.ini|grep -v "^#"|grep -v "^$"
[ml2]
type_drivers = flat,vlan,gre,vxlan,geneve
tenant_network_types = vlan,gre,vxlan,geneve
mechanism_drivers = openvswitch,linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = physnet1
[ml2_type_vlan]
[ml2_type_gre]
[ml2_type_vxlan]
[ml2_type_geneve]
[securitygroup]
enable_ipset = True
配置/etc/neutron/plugins/ml2/ linuxbridge_agent.ini,物理接口設(shè)置為:eth0
cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini|grep -v "^#"|grep -v "^$"
[linux_bridge]
physical_interface_mappings = physnet1:eth0
[vxlan]
enable_vxlan = false
[agent]
prevent_arp_spoofing = True
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = True
修改/etc/neutron/dhcp_agent.ini
cat /etc/neutron/dhcp_agent.ini|grep -v "^#"|grep -v "^$"
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
[AGENT]
修改/etc/neutron/metadata_agent.ini
cat /etc/neutron/metadata_agent.ini|grep -v "^#"|grep -v "^$"
[DEFAULT]
auth_uri = http://192.168.150.145:5000
auth_url = http://192.168.150.145:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
nova_metadata_ip = 192.168.150.145
metadata_proxy_shared_secret = neutron
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
[AGENT]
創(chuàng)建連接并創(chuàng)建 keystone 的用戶
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
openstack user create --domain default --password=neutron neutron
openstack role add --project service --user neutron admin
更新數(shù)據(jù)庫
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
注冊(cè) keystone
source admin-openrc.sh
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://192.168.150.145:9696
openstack endpoint create --region RegionOne network internal http://192.168.150.145:9696
openstack endpoint create --region RegionOne network admin http://192.168.150.145:9696
啟動(dòng)服務(wù)并檢查
因?yàn)閚eutron和nova有聯(lián)系巢价,做neutron時(shí)修改nova的配置文件牲阁,上面nova.conf已經(jīng)做了neutron的關(guān)聯(lián)配置,所以要重啟openstack-nova-api服務(wù)壤躲。
這里將nova的關(guān)聯(lián)服務(wù)都一并重啟了:
systemctl restart openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
啟動(dòng)neutron相關(guān)服務(wù)
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
檢查
neutron agent-list
+--------------------------------------+--------------------+-----------------------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+-----------------------+-------+----------------+---------------------------+
| 36f8e03d-eb99-4161-a5c5-fb96bc1b1bc6 | Metadata agent | localhost.localdomain | :-) | True | neutron-metadata-agent |
| 836ccf30-d057-41e6-8da1-d32c2a8bd0c5 | DHCP agent | localhost.localdomain | :-) | True | neutron-dhcp-agent |
| c58ccbab-1200-4f6c-af25-277b7b147dcb | Linux bridge agent | localhost.localdomain | :-) | True | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+-----------------------+-------+----------------+---------------------------+
openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------------------------+
| 272008321250483ea17950359cf20941 | RegionOne | glance | image | True | admin | http://192.168.150.145:9292 |
| 2b9d38fccb274ffc8e17146e316e7828 | RegionOne | glance | image | True | public | http://192.168.150.145:9292 |
| 33f1d5ddb5a14d9fa4bff2e4f047cc02 | RegionOne | keystone | identity | True | public | http://192.168.150.145:5000/v2.0 |
| 38118c8cdd0448d292b0fc23c2d51bf4 | RegionOne | nova | compute | True | public | http://192.168.150.145:8774/v2/%(tenant_id)s |
| 4cde31f433754b6b972fd53a92622ebe | RegionOne | glance | image | True | internal | http://192.168.150.145:9292 |
| 66b0311e804148acb0c66c091daaa250 | RegionOne | nova | compute | True | admin | http://192.168.150.145:8774/v2/%(tenant_id)s |
| 7a5e79cf7dbb44038925397634d3f2e2 | RegionOne | nova | compute | True | internal | http://192.168.150.145:8774/v2/%(tenant_id)s |
| 8cdd3675482e40228549d323ca856bfc | RegionOne | keystone | identity | True | internal | http://192.168.150.145:5000/v2.0 |
| 99da7b1de15543e7a423d1b58cb2ebc7 | RegionOne | keystone | identity | True | admin | http://192.168.150.145:35357/v2.0 |
| a6c8cb68cef24a10b1f1d3517c33e830 | RegionOne | neutron | network | True | public | http://192.168.150.145:9696 |
| a78485b8a5ac444a8497a571817d3a01 | RegionOne | neutron | network | True | internal | http://192.168.150.145:9696 |
| fb12238385d54ea1b04f47ddbbc8d3e9 | RegionOne | neutron | network | True | admin | http://192.168.150.145:9696 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------------------------+
到這里neutron配置完成城菊。
創(chuàng)建虛擬機(jī)實(shí)例
是時(shí)候檢驗(yàn)前面的配置了。
創(chuàng)建橋接網(wǎng)絡(luò)
創(chuàng)建網(wǎng)絡(luò)(名叫flat,物理接口是physnet1:eth0,網(wǎng)絡(luò)類型是flat)
source admin-openrc.sh #在哪個(gè)項(xiàng)目下創(chuàng)建虛擬機(jī)碉克,這里選擇在demo下創(chuàng)建凌唬;也可以在admin下
neutron net-create flat --shared --provider:physical_network physnet1 --provider:network_type flat
創(chuàng)建子網(wǎng),這一步很容易出問題(neutron的難點(diǎn)之一),因?yàn)檫@里就要將網(wǎng)橋搭在網(wǎng)卡上了棉胀。
這里的參數(shù)有:
- 子網(wǎng)的CIDR法瑟,應(yīng)該要與宿主機(jī)的相同,因?yàn)樗拗鳈C(jī)的IP是192.168.150.145唁奢,所以應(yīng)該是
192.168.150.0/24霎挟; - 子網(wǎng)的IP池,需要網(wǎng)絡(luò)中未分配的IP麻掸,因?yàn)椴恢佬?nèi)網(wǎng)有哪些IP是分配的了酥夭,所以這里選了一個(gè)比較小的區(qū)間
[192.168.150.190, 192.168.150.200]; - DNS服務(wù)器脊奋,查了手上的PC的DNS熬北,然后設(shè)為
192.168.247.6; - GATEWAY诚隙,網(wǎng)關(guān)入口讶隐,用
route -n看了一下是192.168.150.33。
綜上:
neutron subnet-create flat 192.168.150.0/24 --name flat-subnet --allocation-pool start=192.168.150.190,end=192.168.150.200 --dns-nameserver 192.168.247.6 --gateway 192.168.150.33
查看子網(wǎng)
neutron net-list
+--------------------------------------+------+-------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+------+-------------------------------------------------------+
| 9f42c0f9-56bb-47ab-839e-59bf71276dd5 | flat | c3c8e599-4d36-4997-b9d9-d194710e27ac 192.168.150.0/24 |
+--------------------------------------+------+-------------------------------------------------------+
neutron subnet-list
+--------------------------------------+-------------+------------------+--------------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+-------------+------------------+--------------------------------------------------------+
| c3c8e599-4d36-4997-b9d9-d194710e27ac | flat-subnet | 192.168.150.0/24 | {"start": "192.168.150.190", "end": "192.168.150.200"} |
+--------------------------------------+-------------+------------------+--------------------------------------------------------+
創(chuàng)建虛擬機(jī)
創(chuàng)建 key
source demo-openrc.sh #這是在demo賬號(hào)下創(chuàng)建虛擬機(jī)久又;要是在admin賬號(hào)下創(chuàng)建虛擬機(jī)巫延,就用source admin-openrc.sh
ssh-keygen -q -N "" #默認(rèn)保存在/root/.ssh里效五,有公鑰id_rsa.pub和私鑰id_rsa
將公鑰mykey添加到虛擬機(jī)
nova keypair-add --pub-key /root/.ssh/id_rsa.pub mykey
nova keypair-list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | cd:7a:1e:cd:c0:43:9b:b1:f4:3b:cf:cd:5e:95:f8:00 |
+-------+-------------------------------------------------+
創(chuàng)建安全組default
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
創(chuàng)建虛擬機(jī)需要的參數(shù)有:
- 虛擬機(jī)類型名;
- 鏡像名炉峰;
- 網(wǎng)絡(luò)ID畏妖;
- 安全組名;
- key名疼阔;
- 虛擬機(jī)實(shí)例名稱戒劫。
下面為此做準(zhǔn)備:
查看支持的虛擬機(jī)類型
nova flavor-list
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | | 1 | 1.0 | True |
| 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True |
| 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True |
| 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | 1.0 | True |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
查看鏡像
nova image-list
+--------------------------------------+-----------------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+-----------------+--------+--------+
| 2fa1b84f-51c0-49c6-af78-b121205eba08 | CentOS-7-x86_64 | ACTIVE | |
| 722e10fb-9a0b-4c56-9075-f6a3c5bbba66 | cirros | ACTIVE | |
+--------------------------------------+-----------------+--------+--------+
查看網(wǎng)絡(luò)
neutron net-list
+--------------------------------------+------+-------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+------+-------------------------------------------------------+
| 9f42c0f9-56bb-47ab-839e-59bf71276dd5 | flat | c3c8e599-4d36-4997-b9d9-d194710e27ac 192.168.150.0/24 |
+--------------------------------------+------+-------------------------------------------------------+
假設(shè)虛擬機(jī)實(shí)例名為hello-instance,要?jiǎng)?chuàng)建一個(gè)最小的實(shí)例用來測(cè)試婆廊,由上可得各參數(shù):
- 虛擬機(jī)類型名
m1.tiny迅细; - 鏡像名
cirros; - 網(wǎng)絡(luò)ID
9f42c0f9-56bb-47ab-839e-59bf71276dd5淘邻; - 安全組名
default疯攒; - key名
mykey;
綜上(這部也很容易出錯(cuò)列荔,詳情見下文):
nova boot --flavor m1.tiny --image cirros --nic net-id=9f42c0f9-56bb-47ab-839e-59bf71276dd5 --security-group default --key-name mykey hello-instance
查看虛擬機(jī)
nova list
+--------------------------------------+----------------+--------+------------+-------------+----------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+----------------+--------+------------+-------------+----------------------+
| 3ae1e9cd-5309-4f0e-bcad-f9211da2df12 | hello-instance | ACTIVE | - | Running | flat=192.168.150.191 |
+--------------------------------------+----------------+--------+------------+-------------+----------------------+
如上,可以看到實(shí)例狀態(tài)良好枚尼,到此應(yīng)該是創(chuàng)建成功了贴浙。
可能運(yùn)氣不好,實(shí)例的狀態(tài)是ERROR署恍,那么就要找原因了崎溃,可以去dashboard看看該實(shí)例的詳情,里面會(huì)有實(shí)例的出錯(cuò)詳情盯质,而更詳細(xì)的信息需要通過查看日志文件來獲得袁串,主要日志文件應(yīng)該在/var/log/nova和/var/log/neutron里,文件應(yīng)該是nova-compute.log呼巷,nova-conductor.log囱修,server.log,dhcp-agent.log王悍,linuxbridge-agent.log等破镰,當(dāng)然其他log文件也可以看看。
這里和那里(針對(duì)實(shí)例出錯(cuò))已經(jīng)分析了一些出錯(cuò)的情況,可以參考一下压储。
下面講一下自己遇到的情況:
創(chuàng)建虛擬機(jī)實(shí)例的時(shí)候開始好像是正常的鲜漩,實(shí)例進(jìn)入了孵化狀態(tài),但是孵化了一會(huì)之后就出錯(cuò)了:
Failed to allocate the network(s), not rescheduling.
從日志nova-compute.log還是nova-conductor.log集惋?里可以發(fā)現(xiàn)類似的錯(cuò)誤信息:
ERROR : Build of instance 5ea8c935-ee07-4788-823f-10e2b003ca89 aborted: Failed to allocate the network(s), not rescheduling.
