Openstack wiki
Table of Contents
- 1. metadata service
- 2. links
- 3. Networking website neutron
- 4. Compute nova
- 5. Orchestration heat
- 6. Object storage swift
- 7. Image service glance
- 8. launch instance
- 9. 如何查看一对veth中某interface对应的peer
- 10.
eth0:0,tap,veth,vlan,bridge
等 - 11. openstack float ip float_ip
- 12. openstack sdk document api实现先按照这个来
- 13. cloud-init
- 14. curl restfull api example
- 15. cinder
- 16. openstack python sdk区别
- 17. 给openstack上的机器根目录扩容
- 18. 直接使用python来给虚拟机attach其它硬盘
- 19. userdata和metadata
- 20. openstack region availabilityzone
- 21. domains, user, project, role
- 22. block查询剩余多少空间
- 23. ephemeral disk
- 24. image的size可能小于flavor的disk
- 25. compute的安装步骤
- 26. TODO Question
1 metadata service
====================================================================
一句话总结:为instance提供配置文件的服务。
====================================================================
here :
The metadata agent provides configuration information such as credentials to instances.
使用cloudinit 13 的时候,实例中需要到一个统一的地方去取配 置文件和脚本等。
这里 介绍:
The metadata service is implemented by either the nova-api service or the nova-api-metadata service. Note that the nova-api-metadata service is generally only used when running in multi-host mode, as it retrieves instance-specific metadata. If you are running the nova-api service, you must have metadata as one of the elements listed in the enabled_apis configuration option in /etc/nova/nova.conf. The default enabled_apis configuration setting includes the metadata service, so you do not need to modify it. Hosts access the service at 169.254.169.254:80, and this is translated to metadata_host:metadata_port by an iptables rule established by the nova-network service. In multi-host mode, you can set metadata_host to 127.0.0.1. For instances to reach the metadata service, the nova-network service must configure iptables to NAT port 80 of the 169.254.169.254 address to the IP address specified in metadata_host (this defaults to $my_ip, which is the IP address of the nova-network service) and port specified in metadata_port (which defaults to 8775) in /etc/nova/nova.conf.
在实例中是固定访问 169.254.169.254
这个ip地址。然后通过iptable配置
路由来访问真正的server。
这里的server我理解就是 metadata service。
metadata service可以是nova-api或者nova-api-metadata来实现。只不过后 者一般只在multi-host mode这种模式下使用。
该服务需要配置nova和neutron。nova要在 nova.conf
里这样enable:
enabled_apis=osapi_compute,metadata
/etc/neutron/metadata_agent.ini
文件配置newtron:
nova_metadata_ip = controller metadata_proxy_shared_secret = metadata1703
这里面还可以配置端口号。不配默认是8775。
需要注意的是,nova和neutron中配置文件里
metadata_proxy_shared_secret
这个配置项的值必须相同。这个值是自定
义的。应该是instance在访问metadata时候加入的这个头,openstack会对它
做校验。匹配才能访问。
配置好meta-data后,可以直接在拉起的虚拟机中使用 curl
来测试:
river@ubuntu-test-cloud-init:~$ curl 169.254.169.254 1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01 2009-04-04 latestriver@ubuntu-test-cloud-init:~$ curl 169.254.169.254/2009-04-04 meta-data/ user-datariver@ubuntu-test-cloud-init:~$ curl 169.254.169.254/2009-04-04/meta-data/ ami-id ami-launch-index ami-manifest-path block-device-mapping/ hostname instance-action instance-id instance-type local-hostname local-ipv4 placement/ public-hostname public-ipv4 public-keys/ reservation-id security-groupsriver@ubuntu-test-cloud-init:~$ curl 169.254.169.254/2009-04-04/meta-data/hostname ubuntu-test-cloud-init.novalocalriver@ubuntu-test-cloud-init:~$ curl 169.254.169.254/2009-04-04/meta-data/ami-launch-index 0river@ubuntu-test-cloud-init:~$ curl 169.254.169.254/2009-04-04/meta-data/reservation-id r-h8qwawfhriver@ubuntu-test-cloud-init:~$ curl 169.254.169.254/2009-04-04/meta-data/public-ipv4 river@ubuntu-test-cloud-init:~$ curl 169.254.169.254/2009-04-04/meta-data/ami-manifest-path FIXMEriver@ubuntu-test-cloud-init:~$
3 Networking website neutron
3.1 arp
ARP assumes that all machines that are in the same subnet are on the same local network(Ethernet network).
3.2 nat
- DNAT: OpenStack uses DNAT to route packets from instances to the OpenStack metadata service.
- SNAT: OpenStack uses SNAT to enable applications running inside of instances to connect out to the public Internet.
3.3 nova-network:
The Network Controller manages the networking resources on host machines.
- Allocating fixed IP addresses
- Configuring VLANs for projects
- Configuring networks for compute nodes
Currently, Compute with nova-network only supports Linux bridge networking that allows virtual interfaces to connect to the outside network through the physical interface.
3.4 neutron-network:
The OpenStack Networking service provides an API that allows users to set up and define network connectivity and addressing in the cloud.
3.5 difference betweent nova-networking and neutron
First there was nova-network OpenStack was created by bringing together NASA's Nebula cloud computing project and Rackspace's Swift Object storage project. Nebula was did all the basics - managing networking, compute and (block) storage because for the NASA, it had to. Very quickly, Nebula's core became split into the Nova (compute and networking), Cinder (block storage functions) and Glance (image management functions) projects, all tied together through the API calls that still bind the many projects that comprise OpenStack. Nova-network remained embedded as a sub-process in the compute-focused Nova project. The overall OpenStack development approach is build projects that focus on a single task reduced the complexity involved any one project. It also simplified internal interactions that an integrated project would have required and allowed people with the interest and expertise in a particular aspect of the OpenStack system to focus on that particular functionality. Simpler projects, easier/faster development. Then there were two. Neutron (originally named Quantum) was the project intended to finally peel networking functionality out of Nova for the development reasons just mentioned. Neutron has been the focus of extending OpenStack's networking capabilities. Today it provides enhanced networking functionality above and beyond what nova-network was ever intended for; functions like LBaaS, FWaaS, VPNaaS and tunneling protocols. It also enables a range of plugin functions to allow management of third-party networking hardware and software (e.g. switches and routers) as well as a number of advanced SDN systems. Again, something beyond what the creators of Nova's networking function ever planned for. Note that there are OpenStack systems still running on older OpenStack releases where the simple networking functionality of nova-network are sufficient and migrating to a more advanced release is considered too much of a bother. This is likely the only reason to consider getting to know nova-network functionality. For a new system Neutron is the way to do OpenStack networking.
3.7 newtron preinstall
apt-get install software-properties-common add-apt-repository cloud-archive:newton add-apt-repository cloud-archive:newton-proposed apt-get update && apt-get dist-upgrade apt-get install python-openstackclient -y
4 Compute nova
# 查看所有compute节点 nova hypervisor-list nova boot --image <uuid> --flavor m1.tiny --key_name test --availability-zone nova:server2 nova boot --image cirros --flavor m1.nano --nic net-id=8c600f73-375c-40e9-8f58-40d1ac4bcd65 nova-test
5 Orchestration heat
Heat Orchestration Template (HOT) Guide
====================================================================
The mission of the OpenStack Orchestration program is to create a
human- and machine-accessible service for managing the entire
lifecycle of infrastructure and applications within OpenStack
clouds.
====================================================================
Stack domain users allow the Orchestration service to authorize and start the following operations within booted virtual machines:
- Provide metadata to agents inside instances. Agents poll for changes and apply the configuration that is expressed in the metadata to the instance.
- Detect when an action is complete. Typically, software configuration on a virtual machine after it is booted. Compute moves the VM state to “Active” as soon as it creates it, not when the Orchestration service has fully configured it.
- Provide application level status or meters from inside the instance. For example, allow auto-scaling actions to be performed in response to some measure of performance or quality of service.
- 给实例中的agent提供metadata。agent从metadata中携带的信息中读取并应 用配置。
- 检测操作什么时候结束。一般来说,软件会在一个虚拟机启动后来配置它。 Compute节点只要一创建VM,就立即把它的状态置为“Active”,而不是等 Orchestration服务完全配置好它。
- 从实例内部提供应用层面的数据。比如:某种程序上,执行自动伸缩操作来 做为对性能和QoS的响应。
2016-10-14 | newton
下面是一个最简单的模版的例子:
heat_template_version: 2015-04-30 description: > This is my test stack resources: my_heat_instance1: type: OS::Nova::Server properties: key_name: mykey image: cirros flavor: m1.nano networks: - network: provider my_heat_instance2: type: OS::Nova::Server properties: key_name: mykey image: cirros flavor: m1.nano networks: - network: private-net1 my_heat_instance3: type: OS::Nova::Server properties: key_name: mykey image: cirros flavor: m1.nano networks: - network: provider
有了这个例子,可以直接通过这个模版来拉起实例:
# 以`head'开头的命令都是过时的了,应该使用以`openstack'开头的命令 heat stack-list # 这里的这个hello.yaml就是前文提到的模版文件 openstack stack create -f yaml -t /tmp/hello.yaml teststack openstack stack delete teststack openstack stack list
6 Object storage swift
6.1 swift install on object node
These operation has been done in the object-newton.img
:
apt-get install software-properties-common add-apt-repository cloud-archive:newton add-apt-repository cloud-archive:newton-proposed apt-get update && apt-get dist-upgrade apt-get install python-openstackclient -y apt-get install xfsprogs rsync -y apt-get install swift swift-account swift-container swift-object -y mkdir -p /srv/node/sdb;mkdir -p /srv/node/sdc # curl -o /etc/swift/account-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/mitaka # curl -o /etc/swift/container-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/mitaka # curl -o /etc/swift/object-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/mitaka sudo curl -o /etc/swift/account-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/newton sudo curl -o /etc/swift/container-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/newton sudo curl -o /etc/swift/object-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/newton chown -R swift:swift /srv/node mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift
things need to do after installing the template:
- /etc/hostname
- /etc/network/interfaces
- /etc/rsync.conf
- /etc/swift/account-server.conf
- /etc/swift/container-server.conf
- /etc/swift/object-server.conf
then, create
/dev/sda6
and add it to/dev/object-vg
fdisk /dev/sda ... cd /dev vgextend object-vg /dev/sda6 vgdisplay lvresize -l +100%FREE object-vg/root resize2fs object-vg/root df -lh
create
/dev/sda7
and/dev/sda8
and make file system# after config lvm and fdisk /dev/sda mkfs.xfs /dev/sda7 mkfs.xfs /dev/sda8 # after edit /etc/fstab mount /dev/sda7 /srv/node/sdb mount /dev/sda8 /srv/node/sdc # start the servers service rsync start
edit /etc/fstab for auto-mount:
/dev/sda7 /srv/node/sdb xfs noatime,nodiratime,nobarrier,logbufs=8 0 2 /dev/sda8 /srv/node/sdc xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
6.2 swift install on controller node
proxyconf:
sudo curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/newton
# recreate rings cd /etc/swift sudo rm account.* object.* container.* sudo swift-ring-builder account.builder create 10 3 1 sudo swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.222.40 --port 6002 --device sdb --weight 100 sudo swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.222.40 --port 6002 --device sdc --weight 100 sudo swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.222.41 --port 6002 --device sdb --weight 100 sudo swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.222.41 --port 6002 --device sdc --weight 100 sudo swift-ring-builder account.builder rebalance sudo swift-ring-builder account.builder sudo swift-ring-builder container.builder create 10 3 1 sudo swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.222.40 --port 6001 --device sdb --weight 100 sudo swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.222.40 --port 6001 --device sdc --weight 100 sudo swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.222.41 --port 6001 --device sdb --weight 100 sudo swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.222.41 --port 6001 --device sdc --weight 100 sudo swift-ring-builder container.builder rebalance sudo swift-ring-builder container.builder sudo swift-ring-builder object.builder create 10 3 1 sudo swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.222.40 --port 6000 --device sdb --weight 100 sudo swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.222.40 --port 6000 --device sdc --weight 100 sudo swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.222.41 --port 6000 --device sdb --weight 100 sudo swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.222.41 --port 6000 --device sdc --weight 100 sudo swift-ring-builder object.builder rebalance sudo swift-ring-builder object.builder scp *.gz object@object1:/tmp scp *.gz object@object2:/tmp
swiftconfig file and start:
sudo curl -o /etc/swift/swift.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/swift.conf-sample?h=stable/newton # modified it sudo chown -R root:swift /etc/swift;
6.3 start service
on controller:
sudo service memcached restart; sudo service swift-proxy restart
on each object node:
sudo swift-init all start
6.4 recreate rings on controller
# recreate rings cd /etc/swift sudo rm account.* object.* container.* sudo swift-ring-builder account.builder create 10 3 1 sudo swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.222.40 --port 6002 --device sdb --weight 100 sudo swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.222.40 --port 6002 --device sdc --weight 100 sudo swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.222.41 --port 6002 --device sdb --weight 100 sudo swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.222.41 --port 6002 --device sdc --weight 100 sudo swift-ring-builder account.builder rebalance sudo swift-ring-builder account.builder sudo swift-ring-builder container.builder create 10 3 1 sudo swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.222.40 --port 6001 --device sdb --weight 100 sudo swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.222.40 --port 6001 --device sdc --weight 100 sudo swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.222.41 --port 6001 --device sdb --weight 100 sudo swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.222.41 --port 6001 --device sdc --weight 100 sudo swift-ring-builder container.builder rebalance sudo swift-ring-builder container.builder sudo swift-ring-builder object.builder create 10 3 1 sudo swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.222.40 --port 6000 --device sdb --weight 100 sudo swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.222.40 --port 6000 --device sdc --weight 100 sudo swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.222.41 --port 6000 --device sdb --weight 100 sudo swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.222.41 --port 6000 --device sdc --weight 100 sudo swift-ring-builder object.builder rebalance sudo swift-ring-builder object.builder scp *.gz object@object1:/tmp scp *.gz object@object2:/tmp
6.5 recreate endpoint on controller
# recreate endpoint for i in `openstack endpoint list|grep swift|awk '{print $2}'`;do echo $i;openstack endpoint delete $i;done openstack endpoint list|grep swift openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\(tenant_id\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\(tenant_id\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 openstack endpoint list|grep swift
7 Image service glance
glance是不存image的。Object Storage或者filesystem这些存的。
Though images are not stored in glance—rather in a back end, which could be Object Storage, a filesystem or any other supported method—the connection is made from the compute node to the Image service and the image is transferred over this connection. The Image service streams the image from the back end to the compute node.
分disk-format和container-format:
Disk Format The disk format of a virtual machine image is the format of the underlying disk image. Virtual appliance vendors have different formats for laying out the information contained in a virtual machine disk image. Container Format The container format refers to whether the virtual machine image is in a file format that also contains metadata about the actual virtual machine. Note that the container format string is not currently used by Glance or other OpenStack components, so it is safe to simply specify bare as the container format if you are unsure. You can set your image’s container format to one of the following:
disk-format是指镜像包实际的格式。container-format现在并没有什么用。
指定container-format来上传ova格式才可以:
openstack image create "peng_test" --file peng_test.ova --disk-format raw --container-format ova --public
但是拉不起来。结果像这样了:
转换image:
qemu-img convert -f ova -O qcow2 image.vmdk image.img
实际使用我参考了 这篇博客 。其实就是解开ova,然后转换其中的 vmdk
就可以了。例子:
~ $ tar -xvf Evergreen_trunk_Squeeze.ova Evergreen_trunk_Squeeze.ovf Evergreen_trunk_Squeeze-disk1.vmdk ~ $ qemu-img convert -O qcow2 Evergreen_trunk_Squeeze-disk1.vmdk Evergreen_trunk_Squeeze.qcow2
如果是把ova导入到了vmware中,需要使用下面的命令来完成转换:
qemu-img convert -f vmdk -O qcow2 55fd458-disk1.vmdk guoyuting.qcow2
上传image:
# 命令行上传image # openstack image create --disk-format qcow2 --container-format bare --public --file ./centos63.qcow2 centos63-image openstack image create --disk-format raw --public --file /tmp/win7.img win7-raw
8 launch instance
# 新建一个cirros实例 openstack server create --flavor m1.nano --image cirros --nic net-id=8c600f73-375c-40e9-8f58-40d1ac4bcd65 --security-group default --key-name mykey cirros-ptest1 # To view the list of valid zones openstack availability zone list # To view the list of valid compute hosts openstack host list # To view the list of valid compute nodes openstack hypervisor list # template openstack server create --image IMAGE --flavor m1.tiny --key-name KEY --availability-zone ZONE:HOST:NODE --nic net-id=UUID SERVER # 在compute3上拉一个实例,这个只能admin用户才可以使用,这里把HOST省略了 openstack server create --flavor m1.nano --image cirros --nic net-id=8c600f73-375c-40e9-8f58-40d1ac4bcd65 --security-group default --key-name mykey --availability-zone nova::compute3 cirros-ptest-to-cp3 openstack server delete cirros-test-instance1 openstack server delete cirros-test-instance2 openstack server delete cirros-test-instance3 # 新建一个ubuntu实例 openstack server create --flavor m1.medium --image ubuntu-16.04-server --nic net-id=8c600f73-375c-40e9-8f58-40d1ac4bcd65 --security-group default --key-name mykey ubuntu-test-instance openstack server create --flavor m1.medium --image ubuntu-16.04-server --nic net-id=8c600f73-375c-40e9-8f58-40d1ac4bcd65 --security-group default --key-name mykey ubuntu-test-instance2 # 新建一个10.10.222.0/24网段的instance openstack server create --flavor m1.medium --image ubuntu-16.04-server --nic net-id=cd874f3e-6f51-455e-b063-b9d45fcfbce8 --security-group default --key-name mykey ubuntu-ptest-1010 # 使用iso安装光盘拉实例 openstack server create --flavor m1.medium --image demo-image --nic net-id=8c600f73-375c-40e9-8f58-40d1ac4bcd65 --security-group default --key-name mykey demo-image-ptest # 拉起rs的OVA,这个没有成功 openstack server create --flavor m1.medium --image peng_test --nic net-id=8c600f73-375c-40e9-8f58-40d1ac4bcd65 --security-group default --key-name mykey peng_rs_test # launch windows openstack server create --flavor m1.medium --image Windows_Server_2012 --nic net-id=8c600f73-375c-40e9-8f58-40d1ac4bcd65 --security-group default --key-name mykey ws2012 openstack server create --flavor m1.medium --image Windows_Server_2012 --nic net-id=8c600f73-375c-40e9-8f58-40d1ac4bcd65 --security-group default --key-name mykey ws2012-2 # 上传一个image,把它弄成公有的 openstack image create --disk-format qcow2 --public --file ws2012.qcow2 ws2012 # show出来实例的url openstack console url show ubuntu-test-instance openstack console url show ubuntu-test-instance2 openstack console url show cirros-ptest-instance1 openstack console url show cirros-ptest-instance2 openstack console url show demo-image-ptest openstack console url show cirros-test2 openstack console url show ubuntun-instance openstack console url show cirros-ptest-instance2 openstack console url show
9 如何查看一对veth中某interface对应的peer
ethtool -S veth0
输出结果:
NIC statistics: peer_ifindex: 9
说明在veth0的peer对应的namespace中使用`ip link'查出来的索引号是9。
10 eth0:0,tap,veth,vlan,bridge
等
ifconfig eth0:1 192.168.56.2 netmask 255.255.255.0
这样添加的不是虚拟网卡。而是在eth0网卡上多设置了一个ip。现在已经不推
荐这样使用啦。使用ifconfig是查不出来的。需要使用 ip address
才可以
查询出来:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:80:4f:6d brd ff:ff:ff:ff:ff:ff inet 192.168.56.2/24 brd 192.168.56.255 scope global eth0 valid_lft forever preferred_lft forever inet 192.168.56.119/24 brd 192.168.56.255 scope global secondary eth0:1 valid_lft forever preferred_lft forever inet6 fe80::a00:27ff:fe80:4f6d/64 scope link valid_lft forever preferred_lft forever
你看,这是在eth0上整了两个ip。理解了这种方式的原理后就知道了,名字还
不能白取,必须以 ifconfig <interface>:<number>
这样的形式。如果
interface是 eth0
,取 hello:0
这样的名字肯定就是不可以的。
tap就可以理解为一个网卡了,可以使用 ip tuntap
来查询所有的tap。
tuntap分为tun和tap。tap是二层概念。tun是三层概念。一个使用tap的例子:
使用kvm拉起的虚拟机,在发送报文前其实已经在协议栈中处理过了。如果再 给host中的网卡,下去的时候还得走一次协议栈。这是没必要的。可以新建一 个tap,然后在kvm拉起虚拟机的时候传入这个tap。这样虚拟机发送时,直接 把做好的报文写入这个tap就可以了。它直接就下送了,不再过协议栈。
veth是另一种类型的“网络设备”。它总是成对出现的。有点类似于管道。数据 从一个口进来,一定从另一个口出去。可以看下英文解释:
Virtual Ethernet interfaces are an interesting construct; they always come in pairs, and they are connected like a tube—whatever comes in one veth interface will come out the other peer veth interface・.
就像管道可以用来连接两个进程一样,veth可以用来连接两个 namespace1。对应 的两个veth,一个放在namespace1一个放在namespace2。然后就可以搞事情啦。
有时候需要查询与一个veth相对应的那个veth,可以这样先查对应的peer在 namespace中的index:
# 打印veth0对应的peer在其namespace中的`ip link'命令的索引 ethtool -S veth0
然后再到对应的namespace中去 ip link
一下。对应索引号的就是它的peer
啦 。
vlan也是一种网络设备,可以这样来增加一个:
ip link add name eth0.110 link eth0 type vlan id 110
然后要以查询它的id等内容:
ip -d link show veth.110
bridge就是一个傻瓜交换机。
[X]
vlan使用iproute2配好以后怎么使用?
使用上面的方法配置好vlan后,需要把设置 up
起来,然后再配一个ip:
ip link set eth0.110 up ip address add 192.168.56.23/24 dev eth0.110
这样,另一台机器如果也是配置了一个id为110的vlan设备,那么这两个网卡
之前通信就会走vlan啦。具体的说,A机器的vlan给B机器的vlan发消息时,会
在数据链路帧的源Mac后加入32位的数据。前16位为 0x8100
。后面12位为
设置的id。接改方收到后,由内核802.1q模块判断该id。如果是本机的vlan。
再上送。
11 openstack float ip float_ip
- float ip:公网上可以使用float ip来访问openstack拉起的instance。这 中间需要使用到NAT。
- private ip:instance中可以使用
ip a
来查到的ip。
13 cloud-init
====================================================================
一句话总结:cloud-init主要可以在启动的时候执行用户自定义脚本。
====================================================================
执行脚本是较方便的方式。其它还有使用它规定云配置的语法等。具体在 这 里介绍 。
ubuntu中使用cloud-init来执行脚本:
镜像中需要先安装 cloud-init。
sudo apt-get install cloud-init
拉起机器时使用
--user-data=xxx.sh
来指定需要执行的脚本。 cloud-init默认就会在launch的时候执行该脚本。openstack server create --flavor m1.peng --image cloud-init --nic net-id=8c600f73-375c-40e9-8f58-40d1ac4bcd65 \ --security-group default --key-name mykey --user-data /tmp/main.sh ubuntu-test-cloud-init
脚本里面的内容随意。
#!/bin/bash OUTFILE='/etc/ras/testfile.txt' mkdir /etc/ras echo "userdata running on hostname: $(uname -n)" > $OUTFILE echo "hostname: xiepeng" >> $OUTFILE echo "ip : 172.168.222.12" >> $OUTFILE echo "id : 1703" >> $OUTFILE
cloud-init 执行脚本都是在root权限下执行的。
14 curl restfull api example
curl -i \ -H "Content-Type: application/json" \ -d ' { "auth": { "identity": { "methods": ["password"], "password": { "user": { "name": "admin", "domain": { "id": "default" }, "password": "admin1703" } } } } }' \ http://controller:35357/v3/auth/tokens
15 cinder
查询block总量:
cinder get-pools --detail openstack volume service list
openstack volume create --size 500 big-volume openstack server add volume ubuntu-test-cloud-init big-volume openstack server remove volume ubuntu-test-cloud-init big-volume openstack volume delete big-volume
16 openstack python sdk区别
The OpenStackClients are the native Python bindings for the OpenStack APIs. They are used to implement the command-line interfaces (which ship with the library).
The SDK-Development/PythonOpenStackSDK project is a proposed solution to offering an SDK that provides a single point of entry for consumers, and a base from which other tools can be built upon, such as command-line interfaces.
pyrax should work with most OpenStack-based cloud deployments, though it specifically targets the Rackspace public cloud.
Apache libcloud is a standard Python library that abstracts away differences among multiple cloud provider APIs.
OpenStack Shade shade is a simple client library for operating OpenStack clouds.
17 给openstack上的机器根目录扩容
很多主机在刚拉起的时候,磁盘的空间都很少,好在一般我们的磁盘一般都是使 用lvm。可以动态地扩容。
17.1 新建volume并attach到对应的机器上
openstack volume create --size 30 volume_haiyan openstack server add volume Ubuntu_Hailin_2 volume_haiyan
17.2 扩大lvm
磁盘attach到机器上后,在对应的虚拟机中会增加一个磁盘。这里我们假定是
/dev/vdd
.
cd /dev/ # 把/dev/vdd添加到ubuntu-vg中 vgextend ubuntu-vg /dev/vdd # 查看 vgdisplay # 把剩余空间都分配给ubuntu-vg/root,一般这个都是挂载的根目录 lvresize -l +100%FREE ubuntu-vg/root vgdisplay # 这一步需要执行df才会真正生效 resize2fs ubuntu-vg/root df -lh
18 直接使用python来给虚拟机attach其它硬盘
需要使用 python-novaclient
这个单独的库,而不是cinder:
#!/usr/local/bin/pytho from novaclient import client import logging import time import pdb nova = client.Client('2.1', 'demo', 'demo1703', 'demo', 'http://172.16.222.10:5000/v2.0', region_name = 'RegionOne', service_type='compute') attachment = nova.volumes.create_server_volume('ae1ee3aa-8db0-4682-82a8-0cf23689311f', 'f1a1caae-eb46-47c2-8b3a-b405d093f969') nova.volumes.delete_server_volume('ae1ee3aa-8db0-4682-82a8-0cf23689311f', 'f1a1caae-eb46-47c2-8b3a-b405d093f969') # create_server_volume(server_id, volume_id, device) # Attach a volume identified by the volume ID to the given server ID # Parameters: # server_id – The ID of the server # volume_id – The ID of the volume to attach. # device – The device name # Return type: # Volume # delete(volume) # Delete a volume. # Parameters: volume – The Volume to delete. # delete_server_volume(server_id, attachment_id) # Detach a volume identified by the attachment ID from the given server # Parameters: # server_id – The ID of the server # attachment_id – The ID of the attachment
19 userdata和metadata
metadata是拉起机器后openstack默认保存的一些值。比如hostname等。在拉
起的虚拟机中可以这样查看 meta-data
:
curl http://169.254.169.254/latest/meta-data
userdata是用户传入的,在 sdk
的 create_server
或者cli的
--user-data
中传入的。如果传入的是脚本,且镜像中安装了
cloud-init
。则还会在启动时执行这些脚本。在拉起的虚拟机中可以这样
查看 user-data
:
curl http://169.254.169.254/latest/user-data/
20 openstack region availabilityzone
openstack multi-region管理 :这篇中文博客不错。是一个比较具体的说明。
Architecture : openstack 官方对multi-site的架构的解释。
- regions: openstack中的每个region都包含一个完整的openstack布署。多 个region之间共享一套dashboard和keystone。
avalability zone: 多个compute节点可以在逻辑上形成一个AZ。实际拉 起vm时,可以选择把vm拉起在哪个AZ里面。甚至可以指定拉起在哪台 compute节点上。比如我们可以在命令行这样指定拉起机器到compute2节点 上:
openstack server create --flavor m1.xie --image webdriver_ubuntu --nic net-id=8c600f73-375c-40e9-8f58-40d1ac4bcd65 --availability-zone nova::compute xiepeng_temp
- Host Aggregates:…
- Cells: …
默认环境中我们使用的是一个名为 RegionOne
的region。这是在安装
openstack平台的时候初始化keystone时写入的。 教程在这里。
21 domains, user, project, role
这四个概念的解释可以在 这里 查看:
- domain: An Identity API v3 entity. Represents a collection of projects, groups and users that defines administrative boundaries for managing OpenStack Identity entities. On the Internet, separates a website from other sites. Often, the domain name has two or more parts that are separated by dots. For example, yahoo.com, usa.gov, harvard.edu, or mail.yahoo.com. Also, a domain is an entity or container of all DNS-related information containing one or more records.
- project(tenants): Projects represent the base unit of “ownership” in OpenStack, in that all resources in OpenStack should be owned by a specific project. In OpenStack Identity, a project must be owned by a specific domain.
- user: In OpenStack Identity, entities represent individual API consumers and are owned by a specific domain. In OpenStack Compute, a user can be associated with roles, projects, or both.
- role: A personality that a user assumes to perform a specific set of operations. A role includes a set of rights and privileges. A user assuming that role inherits those rights and privileges.
domain应该还是和域名相关,是多个project的集合。
project也叫tenant(租户)。它是表示“所有”的基本单位。在 openstack中,所有资源一定都被某个特定的project拥有。每个project一 定是在某个domain中。
user:api的消费者,一定是在某个domain下。一个用户可以和role以及 project中的一个或者两个相关联。
role:权限。一个用户和role关联后,只有该role中的权限。
参考 这篇文章 ,我自己写了一个在默认 default
域中新建 project,
user, role
的测试:
# 新建两个project openstack project create --domain default \ --description "peng test project" ptproject openstack project create --domain default \ --description "peng test project2" ptproject2 # 新建一个user openstack user create --domain default \ --password-prompt ptuser # 新建一个role openstack role create ptrole openstack role create ptrole2 # 把user和这两个project同role相关联,这样这个user登陆进来就可以在两个 # project中切换 openstack role add --project ptproject --user ptuser ptrole openstack role add --project ptproject2 --user ptuser ptrole2 # # # delete all # openstack role delete ptrole # openstack user delete ptuser # openstack project delete ptproject # openstack project delete ptproject2
22 block查询剩余多少空间
当前没法通过api直接查询,可以到block节点上查询。
block上是使用lvm来搞的。使用vgs查询就知道了。
block@block1:~$ sudo vgs [sudo] password for block: VG #PV #LV #SN Attr VSize VFree block-vg 2 2 0 wz--n- 59.27g 0 cinder-volumes 1 5 0 wz--n- 163.81g 3.81g ubuntu-vg 2 2 0 wz-pn- 14.52g 0 block@block1:~$
23 ephemeral disk
openstack flavor create --vcpus 2 --ephemeral 1 --ram 4096 --disk 0 peng-test-flavor
这个 ephemeral
创建后,它就是 /dev/vdb
。这个是临时的,关机了就
没有了。
24 image的size可能小于flavor的disk
原来使用的时候,一定要flavor的磁盘大小大于image中的disk。这样大于的 空间就浪费了。
可以指定flavor的disk大小为0。这样拉起机器后,就是真实image中的大小。 这样就可以不浪费了。
25 compute的安装步骤
1、用live盘启动新装compute节点。 2、执行如下命令将compute-install镜像写入硬盘 sudo su ssh openstack@172.16.222.13 "dd if=openstack/newton/compute-install.img" | dd of=/dev/sda reboot 3、再用live盘启动,进入界面后运行gparted,将剩余空间开辟一个200000M(200G)的空间,用于扩张compute的根文件系统, 并将剩余的空间分成另一个盘,将两个文件格式指定为lvm格式。 4、拔掉compute的两根网线,并重启系统(这一步很重要) 5、进入系统后修改/etc/hostname,将compute修改为对应的compute14,参见excel表分配, 同时,修改/etc/network/interface,将172.16.222.7及192.168.222.7修改为: 172.16.222.63及192.168.222.63。 执行如下命令,扩展根文件系统,注意,通过fdisk -l /dev/sda看53000M分区对应的是sdaX,下面以sda3为例: pvcreate /dev/sda3 vgextend compute-vg /dev/sda3 lvextend -l +100%FREE /dev/compute-vg/root resize2fs /dev/compute-vg/root 6、修改my_ip为本机分配的IP地址 7、重启系统,插上网线
26 TODO Question
[X]
openstack VM中的tap是不是虚拟网卡?eth0:0
这种的。如果不是, 那是什么?eth0:0
这种东西叫multi-host,使用ifconfig
命令查出 来可能会让人有困惑,使用ip address
和ip link
查出来就明了了, 其实它是一个网卡上有多个ip地址。所以这种不是虚拟网卡。[X]
openstack安全规则,只放对应端口的流进来这些应该在哪里配置,这 个就是网络安全组,每个拉起的vm可以关联多个安全组。[ ]
openstack如何把一个已配置好的vm保存为image,然后从该image拉起 镜像?
26.1 TODO openstack curl restfull api example 这个链接可以参考
- State "TODO" from "待办"
- State "待办" from "TODO"
26.2 TODO openstack多个region需不需要多次认证? 同一个用户在不同的region中是不能使用?
- State "TODO" from "待办"
相关的笔记在 这里 我个人认为同一个用户在不同的region中是不同的。 region做了用户隔离的。