Nova组件的使用
Nova介绍
Nova 是 OpenStack 管理虚拟机的组件,包括不限于以下操作:
- 创建虚拟机
- 删除虚拟机
- 修改虚拟机
基础指令
Nova 的主要指令为:
openstack flavor
使用 OpenStack 指令前需要先执行:
source /etc/keystone/admin-openrc.sh
- 注入用户账户密码登信息
创建实例类型
使用命令创建一个flavor,10G的硬盘大小,512M内存,1颗vCPU,ID为10,名称为centos。命令如下:
openstack flavor create --disk 10 --ram 512 --vcpus 1 --id 10 centos
result:
+----------------------------+--------+
| Field | Value |
+----------------------------+--------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 10 |
| id | 10 |
| name | centos |
| os-flavor-access:is_public | True |
| properties | |
| ram | 512 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+--------+
查看实例类型
查看flavor类型列表,命令如下:
openstack flavor list
result:
+--------------------------------------+-----------+------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+--------------------------------------+-----------+------+------+-----------+-------+-----------+
| 1 | m1.tiny | 512 | 10 | 0 | 1 | True |
| 10 | centos | 512 | 10 | 0 | 1 | True |
| 2 | m1.small | 1024 | 20 | 0 | 1 | True |
| 3 | m1.medium | 2048 | 40 | 0 | 2 | True |
| c9ae7ffb-26e6-4cd3-b08b-ee3bc2876548 | help | 256 | 0 | 0 | 1 | True |
+--------------------------------------+-----------+------+------+-----------+-------+-----------+
查看具体的flavor类型的详细信息:
# openstack flavor show id
openstack flavor show 10
result:
+----------------------------+--------+
| Field | Value |
+----------------------------+--------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| access_project_ids | None |
| disk | 10 |
| id | 10 |
| name | centos |
| os-flavor-access:is_public | True |
| properties | |
| ram | 512 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+--------+
查看具体的flavor类型的详细信息(使用名称):
# openstack flavor show name
openstack flavor show centos
result:
+----------------------------+--------+
| Field | Value |
+----------------------------+--------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| access_project_ids | None |
| disk | 10 |
| id | 10 |
| name | centos |
| os-flavor-access:is_public | True |
| properties | |
| ram | 512 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+--------+
安全组命令
访问安全组为是OpenStack提供给云主机的一个访问策略控制组,通过安全组中的策略可以控制云主机的出入访问规则。
查看当前所创建的访问安全组列表:
openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------------------+---------+------------------------+----------------------------------+------+
| 2e462a29-3aea-4765-88a1-06f4f5e4c9b5 | default | Default security group | b47ea8448d9344b995deed86f68a8560 | [] |
| c9534963-2c1e-4e57-997a-8b483e82fcc3 | default | Default security group | b192a5bfcdba46138eedcea1e06df88e | [] |
+--------------------------------------+---------+------------------------+----------------------------------+------+
查看安全组中的安全规则:
openstack security group rule list default # 这边同样也可以使用id查询而不是name
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+
| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+
| 1e6c27ff-b456-4d2a-a64d-51197fea048e | None | IPv4 | 0.0.0.0/0 | | 896ce430-21f8-4673-8110-afce97e43715 |
| 699e2744-e926-4bb4-9e4f-54885f669bc5 | None | IPv6 | ::/0 | | None |
| 7aa363c8-5df3-4ce3-a775-9e453f086c87 | None | IPv6 | ::/0 | | 896ce430-21f8-4673-8110-afce97e43715 |
| bb08b786-09f4-44f3-a030-71b189a0f84f | None | IPv4 | 0.0.0.0/0 | | None |
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+
查看任意规则的详细信息:
openstack security group rule show 03faf2d5-59a7-4c94-8529-a410780c23f1
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2024-10-13T06:05:36Z |
| description | None |
| direction | egress |
| ether_type | IPv4 |
| id | 03faf2d5-59a7-4c94-8529-a410780c23f1 |
| location | cloud='', project.domain_id=, project.domain_name='demo', project.id='b47ea8448d9344b995deed86f68a8560', project.name='admin', region_name='', zone= |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | b47ea8448d9344b995deed86f68a8560 |
| protocol | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 2e462a29-3aea-4765-88a1-06f4f5e4c9b5 |
| tags | [] |
| updated_at | 2024-10-13T06:05:36Z |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
建一个新的安全组,命令格式如下:
[root@controller ~]# openstack help security group create
usage: openstack security group create [-h] [-f {json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--fit-width] [--print-empty]
[--noindent] [--prefix PREFIX]
[--description <description>]
[--project <project>]
[--project-domain <project-domain>]
<name>
使用命令创建新的安全组规则,命令如下:
[root@controller ~]# openstack security group create test
+-----------------+---------------------------------------------------------------------+
| Field | Value |
+-----------------+---------------------------------------------------------------------+
| created_at | 2022-02-10T03:25:18Z |
| description | test |
| id | 96373f68-be50-4819-b9a6-8fc8d3e9dc0a |
| location | cloud='', project.domain_id=, project.domain_name='000000', project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='', zone= |
| name | test |
| project_id | 1776912d52a7444d8b2d09eb86e8d1d9 |
| revision_number | 1 |
| rules | created_at='2022-02-10T03:25:18Z', direction='egress', ethertype='IPv4', id='2bbc98ad-4784-419d-b815-4ee2c6c75b54', updated_at='2022-02-10T03:25:18Z' |
| | created_at='2022-02-10T03:25:19Z', direction='egress', ethertype='IPv6', id='70fcb5e0-fd86-461e-84a4-2a83b4b90730', updated_at='2022-02-10T03:25:19Z' |
| tags | [] |
| updated_at | 2022-02-10T03:25:18Z |
+-----------------+---------------------------------------------------------------------+
(3)删除访问安全组
可以使用命令删除不需要使用的访问安全组,命令如下:
[root@controller ~]# openstack security group delete test
[root@controller ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------------------+---------+------------------------+----------------------------------+------+
| 896ce430-21f8-4673-8110-afce97e43715 | default | Default security group | 1776912d52a7444d8b2d09eb86e8d1d9 | [] |
+--------------------------------------+---------+------------------------+----------------------------------+------+
(4)添加安全规则
在默认安全组中添加三条需要使用的访问规则,使用“openstack security group rule create”命令,命令格式如下:
[root@controller ~]# openstack help security group rule create
usage: openstack security group rule create [-h]
[-f {json,shell,table,value,yaml}]
[-c COLUMN]
[--max-width <integer>]
[--fit-width] [--print-empty]
[--noindent] [--prefix PREFIX]
[--remote-ip <ip-address> | --remote-group <group>]
[--description <description>]
[--dst-port <port-range>]
[--icmp-type <icmp-type>]
[--icmp-code <icmp-code>]
[--protocol <protocol>]
[--ingress | --egress]
[--ethertype <ethertype>]
[--project <project>]
[--project-domain <project-domain>]
<group>
在“defualt”安全组中添加一条策略,从入口方向放行所有ICMP规则,命令如下:
[root@controller ~]# openstack security group rule create --protocol icmp --ingress default
+-------------------+-------------------------------------------------------------------+
| Field | Value |
+-------------------+-------------------------------------------------------------------+
| created_at | 2022-02-10T04:47:42Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 61014f36-5c20-46ce-b779-7d0c7458e691 |
| location | cloud='', project.domain_id=, project.domain_name='000000', project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='', zone= |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 1776912d52a7444d8b2d09eb86e8d1d9 |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 896ce430-21f8-4673-8110-afce97e43715 |
| tags | [] |
| updated_at | 2022-02-10T04:47:42Z |
+-------------------+-------------------------------------------------------------------+
在“defualt”安全组中添加一条策略,从入口方向放行所有TCP规则,命令如下:
[root@controller ~]# openstack security group rule create --protocol tcp --ingress default
+-------------------+-------------------------------------------------------------------+
| Field | Value |
+-------------------+-------------------------------------------------------------------+
| created_at | 2022-02-10T04:47:59Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 03ace6cf-ec1a-42a9-a754-c21fe887d1c0 |
| location | cloud='', project.domain_id=, project.domain_name='000000', project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='', zone= |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 1776912d52a7444d8b2d09eb86e8d1d9 |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 896ce430-21f8-4673-8110-afce97e43715 |
| tags | [] |
| updated_at | 2022-02-10T04:47:59Z |
+-------------------+-------------------------------------------------------------------+
在“defualt”安全组中添加一条策略,从入口方向放行所有UDP规则,命令如下:
[root@controller ~]# openstack security group rule create --protocol udp --ingress default
+-------------------+-------------------------------------------------------------------+
| Field | Value |
+-------------------+-------------------------------------------------------------------+
| created_at | 2022-02-10T04:48:22Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 9ec501e5-2c16-4d89-8a15-57a16a8fe3cd |
| location | cloud='', project.domain_id=, project.domain_name='000000', project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='', zone= |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 1776912d52a7444d8b2d09eb86e8d1d9 |
| protocol | udp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 896ce430-21f8-4673-8110-afce97e43715 |
| tags | [] |
| updated_at | 2022-02-10T04:48:22Z |
+-------------------+-------------------------------------------------------------------+
查看“default”安全组中所有的规则列表信息,命令如下:
[root@controller ~]# openstack security group rule list default
+--------------------------------------+--------------+-----------+-----------+------------+--------------------------------------+
| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |
+--------------------------------------+--------------+-----------+-----------+------------+--------------------------------------+
| 03ace6cf-ec1a-42a9-a754-c21fe887d1c0 | tcp | IPv4 | 0.0.0.0/0 | | None |
| 1e6c27ff-b456-4d2a-a64d-51197fea048e | None | IPv4 | 0.0.0.0/0 | | 896ce430-21f8-4673-8110-afce97e43715 |
| 61014f36-5c20-46ce-b779-7d0c7458e691 | icmp | IPv4 | 0.0.0.0/0 | | None |
| 699e2744-e926-4bb4-9e4f-54885f669bc5 | None | IPv6 | ::/0 | | None |
| 7aa363c8-5df3-4ce3-a775-9e453f086c87 | None | IPv6 | ::/0 | | 896ce430-21f8-4673-8110-afce97e43715 |
| 9ec501e5-2c16-4d89-8a15-57a16a8fe3cd | udp | IPv4 | 0.0.0.0/0 | | None |
| bb08b786-09f4-44f3-a030-71b189a0f84f | None | IPv4 | 0.0.0.0/0 | | None |
+--------------------------------------+--------------+-----------+-----------+------------+--------------------------------------+
启动虚拟机
- 查询可用镜像
openstack image list
+--------------------------------------+--------------+--------+
| ID | Name | Status |
+--------------------------------------+--------------+--------+
| 7ff6f9fa-44e3-4d76-9adf-c02fb3e2a5d4 | cirros | active |
| 96d10cf1-8ae5-4950-ac91-e1d30caac147 | cirros_0.3.5 | active |
+--------------------------------------+--------------+--------+
- 查看实例类型
openstack flavor list
+--------------------------------------+-----------+------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+--------------------------------------+-----------+------+------+-----------+-------+-----------+
| 1 | m1.tiny | 512 | 10 | 0 | 1 | True |
| 10 | centos | 512 | 10 | 0 | 1 | True |
| 2 | m1.small | 1024 | 20 | 0 | 1 | True |
| 3 | m1.medium | 2048 | 40 | 0 | 2 | True |
| c9ae7ffb-26e6-4cd3-b08b-ee3bc2876548 | help | 256 | 0 | 0 | 1 | True |
+--------------------------------------+-----------+------+------+-----------+-------+-----------+
- 创建网络和子网
创建网络和子网
使用“openstack network create ”命令创建网络息。命令如下:
[root@controller ~]# openstack network create --provider-network-type vlan --provider-physical-network provider network-vlan --provider-segment 200
+---------------------------+-----------------------------------------------------------+
| Field | Value |
+---------------------------+-----------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-02-10T05:02:18Z |
| description | |
| dns_domain | None |
| id | cccedc78-027d-40e9-afbd-708154923ca6 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| location | cloud='', project.domain_id=, project.domain_name='000000', project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='', zone= |
| mtu | 1500 |
| name | network-vlan |
| port_security_enabled | True |
| project_id | 1776912d52a7444d8b2d09eb86e8d1d9 |
| provider:network_type | vlan |
| provider:physical_network | provider |
| provider:segmentation_id | 200 |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2022-02-10T05:02:18Z |
+---------------------------+-----------------------------------------------------------+
使用“openstack subnet create”创建子网。命令如下:
[root@controller ~]# openstack subnet list
[root@controller ~]# openstack subnet create --network network-vlan --allocation-pool start=192.168.200.100,end=192.168.200.200 --gateway 192.168.200.1 --subnet-range 192.168.200.0/24 subnet-vlan
+-------------------+-------------------------------------------------------------------+
| Field | Value |
+-------------------+-------------------------------------------------------------------+
| allocation_pools | 192.168.200.100-192.168.200.200 |
| cidr | 192.168.200.0/24 |
| created_at | 2022-02-10T05:03:52Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 192.168.200.1 |
| host_routes | |
| id | 69c14fff-de95-440a-bc8e-fe9f43e4b424 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| location | cloud='', project.domain_id=, project.domain_name='000000', project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='', zone= |
| name | subnet-vlan |
| network_id | cccedc78-027d-40e9-afbd-708154923ca6 |
| prefix_length | None |
| project_id | 1776912d52a7444d8b2d09eb86e8d1d9 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-02-10T05:03:52Z |
+-------------------+-------------------------------------------------------------------+
- 修改Nova服务配置文件,设置参数“virt_type=qemu”。命令参数如下:
[root@controller ~]# crudini --set /etc/nova/nova.conf libvirt virt_type qemu
[root@controller ~]# systemctl restart openstack-nova-compute
- 启动云主机
openstack server create --image cirros_0.3.5 --flavor 10 --network network-vlan cirros-test
+-------------------------------------+-----------------------------------------------------+
| Field | Value |
+-------------------------------------+-----------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | YvYA7Dbye64u |
| config_drive | |
| created | 2024-10-13T08:31:57Z |
| flavor | centos (10) |
| hostId | |
| id | 3cc41cb9-70c6-4000-9182-a039c2354d88 |
| image | cirros_0.3.5 (96d10cf1-8ae5-4950-ac91-e1d30caac147) |
| key_name | None |
| name | cirros-test |
| progress | 0 |
| project_id | b47ea8448d9344b995deed86f68a8560 |
| properties | |
| security_groups | name='default' |
| status | BUILD |
| updated | 2024-10-13T08:31:57Z |
| user_id | 91daa0d5400447fa864706261aed9938 |
| volumes_attached | |
+-------------------------------------+-----------------------------------------------------+
管理虚拟机
查看虚拟机
查看虚拟机:
openstack server list
+--------------------------------------+-------------+---------+------------------------------+--------------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-------------+---------+------------------------------+--------------+---------+
| 3cc41cb9-70c6-4000-9182-a039c2354d88 | cirros-test | ACTIVE | network-vlan=192.168.200.148 | cirros_0.3.5 | centos |
| 3530bf0e-00f9-42ac-94f5-fefd46c28219 | cirros | SHUTOFF | net=10.0.0.192 | | m1.tiny |
+--------------------------------------+-------------+---------+------------------------------+--------------+---------
查看虚拟机详情:
openstack server show cirros-test
+-------------------------------------+----------------------------------------------------------+
| Field | Value |
+-------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-SRV-ATTR:host | compute |
| OS-EXT-SRV-ATTR:hypervisor_hostname | compute |
| OS-EXT-SRV-ATTR:instance_name | instance-00000003 |
| OS-EXT-STS:power_state | Running |
| OS-EXT-STS:task_state | None |
| OS-EXT-STS:vm_state | active |
| OS-SRV-USG:launched_at | 2024-10-13T08:32:04.000000 |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | network-vlan=192.168.200.148 |
| config_drive | |
| created | 2024-10-13T08:31:57Z |
| flavor | centos (10) |
| hostId | abab4462515184bc14710da4032ebf35596eee34d962837351c00cb8 |
| id | 3cc41cb9-70c6-4000-9182-a039c2354d88 |
| image | cirros_0.3.5 (96d10cf1-8ae5-4950-ac91-e1d30caac147) |
| key_name | None |
| name | cirros-test |
| progress | 0 |
| project_id | b47ea8448d9344b995deed86f68a8560 |
| properties | |
| security_groups | name='default' |
| status | ACTIVE |
| updated | 2024-10-13T08:32:04Z |
| user_id | 91daa0d5400447fa864706261aed9938 |
| volumes_attached | |
+-------------------------------------+----------------------------------------------------------+
虚拟机开关机
关闭虚拟机操作,命令如下:
openstack server stop cirros-test
开启虚拟机:
openstack server start cirros-test
重启虚拟机:
openstack server reboot cirros-test
阅读建议
评论
隐私政策
你无需删除空行,直接评论以获取最佳展示效果