Openstack网络服务与实例启动指南
本文详细介绍了Openstack的neutron网络服务,包括网络概念、控制节点和计算节点的安装配置,以及如何启动一个实例,涉及创建虚拟网络、安全组规则、公有网络的配置等关键步骤。
搭建Openstack环境以及Openstack认证服务
Openstack之glance镜像服务、nova计算服务
Openstack之neutron网络服务、 启动一个实例
Openstack之dashboard服务、云主机管理、cinder块存储服务
Networking 服务
OpenStack Networking(neutron),允许创建、插入接口设备,这些设备由其他的OpenStack服务管理。插件式的实现可以容纳不同的网络设备和软件,为OpenStack架构与部署提供了灵活性。
OpenStack网络主要和OpenStack计算交互,以提供网络连接到它的实例。
网络(neutron)概念
OpenStack网络(neutron)管理OpenStack环境中所有虚拟网络基础设施(VNI),物理网络基础设施(PNI)的接入层。OpenStack网络允许租户创建包括像 firewall, :term:
load balancer和 :term:virtual private network (VPN)等这样的高级虚拟网络拓扑。
对于任意一个给定的网络都必须包含至少一个外部网络。不像其他的网络那样,外部网络不仅仅是一个定义的虚拟网络。相反,它代表了一种OpenStack安装之外的能从物理的,外部的网络访问的视图。外部网络上的IP地址可供外部网络上的任意的物理设备所访问
外部网络之外,任何 Networking 设置拥有一个或多个内部网络。这些软件定义的网络直接连接到虚拟机。仅仅在给定网络上的虚拟机,或那些在通过接口连接到相近路由的子网上的虚拟机,能直接访问连接到那个网络上的虚拟机。
如果外部网络想要访问实例或者相反实例想要访问外部网络,那么网络之间的路由就是必要的了。每一个路由都配有一个网关用于连接到外部网络,以及一个或多个连接到内部网络的接口。就像一个物理路由一样,子网可以访问同一个路由上其他子网中的机器,并且机器也可以访问路由的网关访问外部网络。
另外,你可以将外部网络的IP地址分配给内部网络的端口。不管什么时候一旦有连接连接到子网,那个连接被称作端口。你可以给实例的端口分配外部网络的IP地址。通过这种方式,外部网络上的实体可以访问实例.
网络服务同样支持安全组。安全组允许管理员在安全组中定义防火墙规则。一个实例可以属于一个或多个安全组,网络为这个实例配置这些安全组中的规则,阻止或者开启端口,端口范围或者通信类型。
安装并配置控制节点
在配置OpenStack网络(neutron)服务之前,需要为其创建一个数据库,服务凭证和API端点
1. 创建数据库
用数据库连接客户端以 root 用户连接到数据库服务器
[root@controller ~]# mysql -p
创建neutron 数据库
MariaDB [(none)]> CREATE DATABASE neutron;
授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
-> IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
2. 获得 admin 凭证来获取只有管理员能执行的命令的访问权限
[root@controller ~]# . admin-openrc
3. 创建服务证书
创建neutron用户
[root@controller ~]# openstack user create --domain default --password neutron neutron
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 2cc353d733a74c629c0c7db9327e540a |
| enabled | True |
| id | 27e1a1b2752c47d3b4b72df5a22500b6 |
| name | neutron |
+-----------+----------------------------------+
添加admin 角色到neutron 用户
[root@controller ~]# openstack role add --project service --user neutron admin
创建neutron服务实体
[root@controller ~]# openstack service create --name neutron \
> --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 2a32972d7d8446ecb0ae2a2a3cf6e118 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
4. 创建网络服务API端点
[root@controller ~]# openstack endpoint create --region RegionOne \
> network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | dcdfb8f4ffa746ad8e251eb3cbef07ad |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2a32972d7d8446ecb0ae2a2a3cf6e118 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 5c95794bbd8541038b6f095c225c61dd |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2a32972d7d8446ecb0ae2a2a3cf6e118 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 91373d34d40046bead6bbde5366d519d |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2a32972d7d8446ecb0ae2a2a3cf6e118 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
5.配置公有网络
在controller节点上安装并配置网络组件
- 安装组件
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 \
> openstack-neutron-linuxbridge ebtables -y
- 配置服务组件
Networking 服务器组件的配置包括数据库、认证机制、消息队列、拓扑变化通知和插件。
[root@controller ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2 # 启用ML2插件并禁用其他插件
service_plugins =
backend = rabbit # 配置 RabbitMQ 消息队列的连接
auth_strategy = keystone # 配置认证服务访问
notify_nova_on_port_status_changes = True # 配置网络服务来通知计算节点的网络拓扑变化
notify_nova_on_port_data_changes = True
[database] # 配置数据库访问
connection = mysql+pymysql://neutron:neutron@controller/neutron
[oslo_messaging_rabbit] # 配置 RabbitMQ 消息队列的连接
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken] # 配置认证服务访问
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[nova] # 配置网络服务来通知计算节点的网络拓扑变化
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency] # 配置锁路径
lock_path = /var/lib/neutron/tmp
- 配置 Modular Layer 2 (ML2) 插件
ML2插件使用Linuxbridge机制来为实例创建layer-2虚拟网络基础设施
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan # 启用flat和VLAN网络
tenant_network_types = # 禁用私有网络
mechanism_drivers = linuxbridge # 启用Linuxbridge机制
extension_drivers = port_security # 启用端口安全扩展驱动
[ml2_type_flat] # 配置公共虚拟网络为flat网络
flat_networks = provider
[securitygroup] # 启用 ipset 增加安全组规则的高效性
enable_ipset = True
- 配置Linuxbridge代理
Linuxbridge代理为实例建立layer-2虚拟网络并且处理安全组规则。
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge] #将公共虚拟网络和公共物理网络接口对应起来
physical_interface_mappings = provider:eth1 # 底层的物理公共网络接口
[vxlan] # 禁止VXLAN覆盖网络
enable_vxlan = False
[securitygroup] # 启用安全组并配置 Linuxbridge iptables firewall driver
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
- 配置DHCP代理
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
6. 配置元数据代理
[root@controller ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = westos
## 配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据,这样在公共网络上的实例就可以通过网络来访问元数据
7.为计算节点配置网络服务
[root@controller ~]# vim /etc/nova/nova.conf
[neutron] # 配置访问参数,启用元数据代理并设置密码
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = westos
8. 完成安装
- 网络服务初始化脚本需要一个超链接 /etc/neutron/plugin.ini
指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini。
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
- 同步数据库
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
> --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
控制节点->公有网络->dhcp
- 重启计算API 服务
[root@controller ~]# systemctl restart openstack-nova-api.service
- 当系统启动时,启动 Networking 服务并配置它启动
[root@controller ~]# systemctl enable neutron-server.service \
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
> neutron-metadata-agent.service
[root@controller ~]# systemctl start neutron-server.service \
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
> neutron-metadata-agent.service
安装和配置计算节点
1. 安装组件
[root@compute1 ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y
2. 配置通用组件
[root@compute1 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit # 配置 RabbitMQ 消息队列的连接
auth_strategy = keystone # 配置认证服务访问
[oslo_messaging_rabbit] # 配置 RabbitMQ 消息队列的连接
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken] # 配置认证服务访问
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency] # 配置锁路径
lock_path = /var/lib/neutron/tmp
3. 配置公共网络
- 配置Linuxbridge代理
[root@compute1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge] # 将公共虚拟网络和公共物理网络接口对应起来
physical_interface_mappings = provider:eth1
[vxlan] # 禁止VXLAN覆盖网络
enable_vxlan = False
[securitygroup] # 启用安全组并配置 Linuxbridge iptables firewall driver
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
4. 为计算节点配置网络服务
- 编辑
/etc/nova/nova.conf文件
[root@compute1 ~]# vim /etc/nova/nova.conf
[neutron] # 配置访问参数
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
5. 完成安装
- 重启计算服务
[root@compute1 ~]# systemctl restart openstack-nova-compute.service
- 启动Linuxbridge代理并配置它开机自启动
[root@compute1 ~]# systemctl enable --now neutron-linuxbridge-agent.service
验证操作
列出加载的扩展来验证neutron-server进程是否正常启动
[root@controller ~]# neutron agent-list
+---------------+---------------+------------+-------------------+-------+----------------+-----------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+---------------+---------------+------------+-------------------+-------+----------------+-----------------+
| 2e788a9d- | Linux bridge | controller | | :-) | True | neutron- |
| 1c23-43c1 | agent | | | | | linuxbridge- |
| -876f- | | | | | | agent |
| 91f6d3e81075 | | | | | | |
| 44757567-6f81 | Metadata | controller | | :-) | True | neutron- |
| -4168-9248-79 | agent | | | | | metadata-agent |
| 294fe628ff | | | | | | |
| 7e44b6b0-f4f8 | DHCP agent | controller | nova | :-) | True | neutron-dhcp- |
| -4334-ab0e- | | | | | | agent |
| fc8d423000bc | | | | | | |
| fe0345c5-3cf4 | Linux bridge | compute1 | | :-) | True | neutron- |
| -42a0-86d4-ca | agent | | | | | linuxbridge- |
| 2b454b73e4 | | | | | | agent |
+---------------+---------------+------------+-------------------+-------+----------------+-----------------+
启动一个实例
创建虚拟网络
创建提供者网络
- 在控制节点上,加载 admin 凭证来获取管理员能执行的命令访问权限
[root@controller ~]# . admin-openrc
- 创建网络
[root@controller ~]# neutron net-create --shared --provider:physical_network provider \
> --provider:network_type flat provider
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-09-30T03:05:28 |
| description | |
| id | 337ebc38-5eb8-4b3f-a2da-0f74781a1bb3 |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1500 |
| name | provider |
| port_security_enabled | True |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | d5a6b16ab0ef4e52a302f4cb895260ad |
| updated_at | 2020-09-30T03:05:28 |
+---------------------------+--------------------------------------+
- 在网络上创建一个子网
公共网络172.25.4.0/24的网关为172.25.4.250。DHCP服务为每个实例分配IP,IP从172.25.4.100 到 172.25.4.200。所有实例的DNS使用114.114.114.114
[root@controller ~]# neutron subnet-create --name provider \ # 创建一个名为provide的子网
> --allocation-pool start=172.25.4.100,end=172.25.4.200 \ # 分配给实例的子网网段
> --dns-nameserver 114.114.114.114 --gateway 172.25.4.250 \ # DNS解析服务的IP地址,公共网络的网关
> provider 172.25.4.0/24
Created a new subnet:
+-------------------+--------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------+
| allocation_pools | {"start": "172.25.4.100", "end": "172.25.4.200"} |
| cidr | 172.25.4.0/24 |
| created_at | 2020-09-30T03:07:54 |
| description | |
| dns_nameservers | 114.114.114.114 |
| enable_dhcp | True |
| gateway_ip | 172.25.4.250 |
| host_routes | |
| id | c9be1758-1d22-4747-aa16-6c4edc2e83e4 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | provider |
| network_id | 337ebc38-5eb8-4b3f-a2da-0f74781a1bb3 |
| subnetpool_id | |
| tenant_id | d5a6b16ab0ef4e52a302f4cb895260ad |
| updated_at | 2020-09-30T03:07:54 |
+-------------------+--------------------------------------------------+
创建m1.nano规格的主机
默认的最小规格的主机需要512 MB内存。如果计算节点内存不足4 GB的,创建只需要64 MB的
m1.nano规格的主机。若单纯为了测试的目的,请使用m1.nano规格的主机来加载CirrOS镜像
[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano # flavor:云主机类型;创建; --id,--vcpus:cpu,定义资源的量
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
生成一个键值对
1. 导入租户demo的凭证
[root@controller ~]# . demo-openrc
2. 生成和添加秘钥对
[root@controller ~]# ssh-keygen -q -N ""
Enter file in which to save the key (/root/.ssh/id_rsa):
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey # 把公钥上传到openstack上面,实现免密连接
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 10:ff:26:e9:12:d6:21:82:68:91:65:8c:54:8c:45:97 |
| name | mykey |
| user_id | f8287a3c47ce47f8aa69e0b0c898f3ac |
+-------------+-------------------------------------------------+
3. 验证公钥的添加
[root@controller ~]# openstack keypair list # 可以看到mykey
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 10:ff:26:e9:12:d6:21:82:68:91:65:8c:54:8c:45:97 |
+-------+-------------------------------------------------+
增加安全组规则
默认情况下,
default安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像,至少允许ICMP (ping) 和安全shell(SSH)规则。
添加规则到 default 安全组
- 允许 ICMP (ping)
[root@controller ~]# openstack security group rule create --proto icmp default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 33206175-063f-405a-bcd7-6aec5d42cadb |
| ip_protocol | icmp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | 6fd0bcf4-c6f3-4769-959f-525587e8b2bd |
| port_range | |
| remote_security_group | |
+-----------------------+--------------------------------------+
- 允许安全 shell (SSH) 的访问
[root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 17348229-553a-4bdc-8611-2e056232bf59 |
| ip_protocol | tcp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | 6fd0bcf4-c6f3-4769-959f-525587e8b2bd |
| port_range | 22:22 |
| remote_security_group | |
+-----------------------+--------------------------------------+
启动一个实例–在公有网络上创建实例
1. 确定实例选项
- 在控制节点上,获得 admin 凭证来获取只有管理员能执行的命令的访问权限
[root@controller ~]# . demo-openrc
- 一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储。
列出可用类型:
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
- 列出可用镜像
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| cc08e3a1-cd2e-479b-9415-41db294ed678 | cirros | active |
+--------------------------------------+--------+--------+
- 列出可用网络
[root@controller ~]# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| 337ebc38-5eb8-4b3f-a2da-0f74781a1bb3 | provider | c9be1758-1d22-4747-aa16-6c4edc2e83e4 |
+--------------------------------------+----------+--------------------------------------+
- 列出可用的安全组
[root@controller ~]# openstack security group list
+-----------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+-----------------------------------+---------+------------------------+----------------------------------+
| 6fd0bcf4-c6f3-4769-959f- | default | Default security group | 8bf0b3c5f6d440248b37a35d77e551b2 |
| 525587e8b2bd | | | |
+-----------------------------------+---------+------------------------+----------------------------------+
2.创建实例
- 启动实例
[root@controller ~]# openstack server create --flavor m1.nano --image cirros --nic net-id=337ebc38-5eb8-4b3f-a2da-0f74781a1bb3 --security-group default --key-name mykey provider-instance
## --nic 使用``provider``公有网络的ID
## --image cirros # 镜像名称
## --security-group default # 安全组
## --key-name mykey # 密钥名称
## provider-instance # 云主机名称
+--------------------------------------+-----------------------------------------------+
| Field | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | 4BtYdz5hRpwY |
| config_drive | |
| created | 2020-09-30T03:18:07Z |
| flavor | m1.nano (0) |
| hostId | |
| id | d9f262a9-6454-4e82-88a4-4cbbd6e2558f |
| image | cirros (cc08e3a1-cd2e-479b-9415-41db294ed678) |
| key_name | mykey |
| name | provider-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 8bf0b3c5f6d440248b37a35d77e551b2 |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2020-09-30T03:18:08Z |
| user_id | f8287a3c47ce47f8aa69e0b0c898f3ac |
+--------------------------------------+-----------------------------------------------+
- 检查实例的状态
[root@compute1 ~]# ps ax
17899 ? Rl 0:37 /usr/libexec/qemu-kvm -name instance-00000001 -S -machine pc-i440fx-rhel7.0.0,acc
17902 ? Ss 0:00 /usr/lib/systemd/systemd-machined
17904 ? S 0:00 [vhost-17899]
17908 ? S 0:00 [kvm-pit/17899]
18124 pts/0 R+ 0:00 ps ax
## -name instance-00000001 #虚拟机名称
[root@foundation4 ~]# which virsh
/usr/bin/virsh
[root@foundation4 ~]# rpm -qf /usr/bin/virsh
libvirt-client-4.5.0-23.module+el8+2800+2d311f65.x86_64
[root@compute1 ~]# yum install -y libvirt-client #
[root@controller ~]# openstack server list #可以看一下分到的ip地址
+--------------------------------------+-------------------+--------+-----------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------------------+--------+-----------------------+
| d9f262a9-6454-4e82-88a4-4cbbd6e2558f | provider-instance | ACTIVE | provider=172.25.4.100 |
+--------------------------------------+-------------------+--------+-----------------------+
[root@compute1 ~]# virsh list
Id Name State
----------------------------------------------------
1 instance-00000001 running
[root@compute1 ~]# brctl show
bridge name bridge id STP enabled interfaces
brq337ebc38-5e 8000.525400d51276 no eth1
tap5e6eeea5-64 # 云主机的网络就桥接在这个网卡上
3. 使用虚拟控制台访问实例
[root@controller ~]# openstack console url show provider-instance
网页测试:
http://controller:6080/vnc_auto.html?token=1353cea7-536a-460c-a612-85a48ca624f3
4. 验证能否远程访问实例
在控制节点或其他公有网络上的主机使用 SSH远程访问实例
[root@controller ~]# ssh cirros@172.25.4.100 # 免密登陆
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether fa:16:3e:91:b7:f0 brd ff:ff:ff:ff:ff:ff
inet 172.25.4.100/24 brd 172.25.4.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe91:b7f0/64 scope link
valid_lft forever preferred_lft forever
扫一扫
1114
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
