一、Keystone服务运维
1.keystone运维命令
(1)创建用户
创建一个名为“alice”的账户,密码为“mypassword123”,邮箱为“alice@example.com”
[root@controller ~]# source /etc/keystone/admin-openrc.sh[root@controller ~]# openstack user create --password mypassword123 --email alice@example.com --domain demo alice+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | 5cf2b1fbdc9e4f799187625e743a8be2 || email | alice@example.com || enabled | True || id | a49a222f8e194342a5a113193897d915 || name | alice |+-----------+----------------------------------+
创建用户的具体格式
$openstack user create[--domain <domain>][--password <password>][--email <email-address>][--enable | --disable]<name>
(2)创建项目
一个Project就是一个项目、团队或组织,当请求OpenStack服务时,必须定义一个项目。
创建一个名为“acme”项目。
[root@controller ~]# openstack project create --domain demo acme+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | || domain_id | 5cf2b1fbdc9e4f799187625e743a8be2 || enabled | True || id | c6ddd5dfbd4b42ee8b2591681898faa1 || is_domain | False || name | acme || parent_id | 5cf2b1fbdc9e4f799187625e743a8be2 |+-------------+----------------------------------+
创建项目的具体格式如下
$ openstack project create [--domain <domain>][--description <description>][--enable | --disable]<project-name>
(3)创建角色
角色限定了用户的操作权限
创建一个角色“compute-user”
[root@controller ~]# openstack role create compute-user+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | None || id | a1f46d3cbe0d49c1bf619839bdb432e9 || name | compute-user |+-----------+----------------------------------+
创建角色的具体格式如下
$ openstack user create <name>
(4)绑定用户和项目权限
添加的用户需要分配一定的权限,这就需要把用户关联绑定到对应的项目和角色
给用户“alice”分配“acme”项目下的“compute-user”角色
[root@controller ~]# openstack role add --user alice --project acme compute-user
具体格式如下
$ openstack role add--user <user>--project <project><role>
2.Keystone基础查询命令
(1)用户列表查询
[root@controller ~]# openstack user list+----------------------------------+---------+| ID | Name |+----------------------------------+---------+| 1ecbb92b750f4a1a99a917ee5cb802f4 | swift || 32cb9c3c47f445f79108fcdfde214a8d | glance || 501447f036f449f0885a0d85f457a6c1 | neutron || 6119916d7a6f4b77b214ec5b8c712f4a | admin || 68e98243b2a9431081957563a74dce74 | nova || 7d1cfc1d4a2948b0a9b0261ba41fbc14 | demo || 8d1508eed92e4cbebf09b13f343e24ce | cinder || a49a222f8e194342a5a113193897d915 | alice |+----------------------------------+---------+
(2)项目列表查询
[root@controller ~]# openstack project list+----------------------------------+---------+| ID | Name |+----------------------------------+---------+| 2d359a6bc6834d02946e6f1be3e4dd12 | service || ad251afdba114cd2aa6e9a8ffcdf0d4b | demo || c6ddd5dfbd4b42ee8b2591681898faa1 | acme || f61a5380d7c04bfcb0a30e7e69d93c00 | admin |+----------------------------------+---------+
(3)角色列表查询
[root@controller ~]# openstack role list+----------------------------------+--------------+| ID | Name |+----------------------------------+--------------+| 84a9ed8975a548e8ba62afab3a03abcf | user || a1f46d3cbe0d49c1bf619839bdb432e9 | compute-user || c44163d83f6c4b37a6f930bfbf36db55 | admin |+----------------------------------+--------------+
(4)端点地址查询
[root@controller ~]# openstack endpoint list+----------------+-----------+--------------+--------------+---------+-----------+----------------+| ID | Region | Service Name | Service Type | Enabled | Interface | URL |+----------------+-----------+--------------+--------------+---------+-----------+----------------+| 049c92a079ee41 | RegionOne | keystone | identity | True | admin | http://control || c68ab7e3c94d9b | | | | | | ler:35357/v3 || b77e | | | | | | || 0fea0c4b854b49 | RegionOne | keystone | identity | True | public | http://control || 1496fb415834e5 | | | | | | ler:5000/v3 || f571 | | | | | | || 1e7751ba225f44 | RegionOne | swift | object-store | True | internal | http://control || dcbe6098285bc1 | | | | | | ler:8080/v1/AU || e0f9 | | | | | | TH_%(tenant_id || | | | | | | )s || 20984c6216b74d | RegionOne | cinder | volume | True | admin | http://control || e8991ce3dd14e8 | | | | | | ler:8776/v1/%( || 734f | | | | | | tenant_id)s || 33f91a7199784e | RegionOne | cinderv2 | volumev2 | True | admin | http://control || 7595d699e0a7a0 | | | | | | ler:8776/v2/%( || a393 | | | | | | tenant_id)s || 3614bba3510148 | RegionOne | glance | image | True | public | http://control || 61a810408bde9c | | | | | | ler:9292 || bc90 | | | | | | || 3f16b05ebced4e | RegionOne | neutron | network | True | admin | http://control || af8c216c47d390 | | | | | | ler:9696 || a3a2 | | | | | | || 548175fde11346 | RegionOne | glance | image | True | admin | http://control || 92a9dab3f434b6 | | | | | | ler:9292 || 3fa3 | | | | | | || 5824767e3e0642 | RegionOne | swift | object-store | True | admin | http://control || 4bbe68a76df53d | | | | | | ler:8080/v1 || c17e | | | | | | || 61737a88e7ed43 | RegionOne | cinderv2 | volumev2 | True | internal | http://control || 7297441384fa27 | | | | | | ler:8776/v2/%( || ea5c | | | | | | tenant_id)s || 77da45a0ba3945 | RegionOne | cinder | volume | True | public | http://control || 27a1c1bbfd6d86 | | | | | | ler:8776/v1/%( || 0f5f | | | | | | tenant_id)s || 78db13de098249 | RegionOne | keystone | identity | True | internal | http://control || cabf1f83873d6e | | | | | | ler:5000/v3 || f53e | | | | | | || 80fd9b35795a42 | RegionOne | neutron | network | True | internal | http://control || 3187ddf5f13036 | | | | | | ler:9696 || bf84 | | | | | | || 96cd56e2ceb941 | RegionOne | glance | image | True | internal | http://control || 7a8437f81836ae | | | | | | ler:9292 || 16d9 | | | | | | || 9a3d69a68f2746 | RegionOne | nova | compute | True | admin | http://control || 1dad32aa6bad0e | | | | | | ler:8774/v2.1/ || 5c2b | | | | | | %(tenant_id)s || 9d69c6ba14904e | RegionOne | nova | compute | True | public | http://control || 9aa7b9a36ae59b | | | | | | ler:8774/v2.1/ || b330 | | | | | | %(tenant_id)s || 9e955b74718c47 | RegionOne | swift | object-store | True | public | http://control || 038ca6188095bb | | | | | | ler:8080/v1/AU || b138 | | | | | | TH_%(tenant_id || | | | | | | )s || bb4fa0bf376e49 | RegionOne | neutron | network | True | public | http://control || 18b64c7f848455 | | | | | | ler:9696 || b8c1 | | | | | | || bde192873e8e4e | RegionOne | cinderv2 | volumev2 | True | public | http://control || cd97449aa75f05 | | | | | | ler:8776/v2/%( || 90bf | | | | | | tenant_id)s || d9cd83c2ae9b47 | RegionOne | cinder | volume | True | internal | http://control || 24827eccb78639 | | | | | | ler:8776/v1/%( || 98b6 | | | | | | tenant_id)s || ecca7332787144 | RegionOne | nova | compute | True | internal | http://control || 5491b1c1d51528 | | | | | | ler:8774/v2.1/ || 5ddc | | | | | | %(tenant_id)s |+----------------+-----------+--------------+--------------+---------+-----------+----------------+
二、Glance服务运维
1.Glance管理镜像
(1)创建镜像
创建一个名称为“cirros”镜像,镜像文件使用提供的“cirros-0.3.4-x86_64-disk.img”。
[root@controller ~]# glance image-create --name "cirros" --disk-format qcow2 --container-format bare --progress < cirros-0.3.4-x86_64-disk.img[=============================>] 100%+------------------+--------------------------------------+| Property | Value |+------------------+--------------------------------------+| checksum | ee1eca47dc88f4879d8a229cc70a07c6 || container_format | bare || created_at | 2019-11-01T06:13:49Z || disk_format | qcow2 || id | bdd8d652-7d10-4a77-8a9b-b8563df42d5a || min_disk | 0 || min_ram | 0 || name | cirros || owner | f61a5380d7c04bfcb0a30e7e69d93c00 || protected | False || size | 13287936 || status | active || tags | [] || updated_at | 2019-11-01T06:14:00Z || virtual_size | None || visibility | private |+------------------+--------------------------------------+
(2)查看镜像列表
[root@controller ~]# glance image-list+--------------------------------------+-----------+| ID | Name |+--------------------------------------+-----------+| 81ec2073-4ae8-4bac-83ab-b84ca3d45f1d | centos7.2 || bdd8d652-7d10-4a77-8a9b-b8563df42d5a | cirros |+--------------------------------------+-----------+
2.Glance镜像运维
(1)查看镜像详情
通过glance image-show命令查看镜像的详细信息
# glance image-show bdd8d652-7d10-4a77-8a9b-b8563df42d5a
查询结果如下所示
+------------------+--------------------------------------+| Property | Value |+------------------+--------------------------------------+| checksum | ee1eca47dc88f4879d8a229cc70a07c6 || container_format | bare || created_at | 2019-11-01T06:13:49Z || disk_format | qcow2 || id | bdd8d652-7d10-4a77-8a9b-b8563df42d5a || min_disk | 0 || min_ram | 0 || name | cirros || owner | f61a5380d7c04bfcb0a30e7e69d93c00 || protected | False || size | 13287936 || status | active || tags | [] || updated_at | 2019-11-01T06:14:00Z || virtual_size | None || visibility | private |+------------------+--------------------------------------+
(2)更改镜像
可以使用glance image-update更新镜像信息,使用glance image-delete删除镜像信息。如果需要改变镜像启动硬盘最低要求值(min-disk)时,min-disk默认单位为G。使用glance image-update命令更新镜像信息
# glance image-update --min-disk=1 bdd8d652-7d10-4a77-8a9b-b8563df42d5a
查询结果如下
+------------------+--------------------------------------+| Property | Value |+------------------+--------------------------------------+| checksum | ee1eca47dc88f4879d8a229cc70a07c6 || container_format | bare || created_at | 2019-11-01T06:13:49Z || disk_format | qcow2 || id | bdd8d652-7d10-4a77-8a9b-b8563df42d5a || min_disk | 1 || min_ram | 0 || name | cirros || owner | f61a5380d7c04bfcb0a30e7e69d93c00 || protected | False || size | 13287936 || status | active || tags | [] || updated_at | 2019-11-01T06:16:55Z || virtual_size | None || visibility | private |+------------------+--------------------------------------+
(3)删除镜像
[root@controller ~]# glance image-delete bdd8d652-7d10-4a77-8a9b-b8563df42d5a[root@controller ~]# glance image-list+--------------------------------------+-----------+| ID | Name |+--------------------------------------+-----------+| 81ec2073-4ae8-4bac-83ab-b84ca3d45f1d | centos7.2 |+--------------------------------------+-----------+
三、Nova服务运维
1.Nova运维命令
(1)Nova安全组规则
安全组(security group)是一些规则的集合,用来对虚拟机的访问流量加以限制,这反映到底层,就是使用iptables,给虚拟机所在的宿主机添加iptables规则。可以定义n个安全组,每个安全组可以有n个规则,可以给每个实例绑定n个安全组。Nova中总是有一个default安全组,这个是不能被删除的。创建实例的时候,如果不指定安全组,会默认使用这个default安全组。现在Nova中安全组应该会移到Neutron中,并且会增加对虚拟机外出流量的控制。
注意:Nova中的安全组只是对进入虚拟机的流量加以控制,对虚拟机外出流量没有加以限制。
创建安全组
# nova secgroup-create##创建一个名为test的安全组,描述为'test the nova command about the rules'# nova secgroup-create test 'test the nova command about the rules'+--------------------------------------+------+---------------------------------------+| Id | Name | Description |+--------------------------------------+------+---------------------------------------+| d1ce4ef1-26c8-4b3d-958b-bc778bf283f3 | test | test the nova command about the rules |+--------------------------------------+------+---------------------------------------+
(2)Nova管理虚拟机类型
#创建一个虚拟机类型# nova flavor-create#使用命令创建一个名为test,ID为6,内存为2048 MB,磁盘为20 GB,vCPU数量为2的云主机类型# nova flavor-create test 6 2048 20 2+----+------+-----------+------+-----------+------+-------+-------------+-----------+| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |+----+------+-----------+------+-----------+------+-------+-------------+-----------+| 6 | test | 2048 | 20 | 0 | | 2 | 1.0 | True |+----+------+-----------+------+-----------+------+-------+-------------+-----------+
查看test云主机类型的详细信息
# nova flavor-show test+----------------------------+-------+| Property | Value |+----------------------------+-------+| OS-FLV-DISABLED:disabled | False || OS-FLV-EXT-DATA:ephemeral | 0 || disk | 20 || extra_specs | {} || id | 6 || name | test || os-flavor-access:is_public | True || ram | 2048 || rxtx_factor | 1.0 || swap | || vcpus | 2 |+----------------------------+-------+
2.Nova管理
(1)启动实例
# nova boot
(2)删除实例
# nova delete
四、Neutron服务运维
1.Neutron查询
使用Neutron相关命令查询网络服务的列表信息中的“binary”一列
[root@xiandian ~]# neutron agent-list -c binary+---------------------------+| binary |+---------------------------+| neutron-l3-agent || neutron-openvswitch-agent || neutron-dhcp-agent || neutron-metadata-agent |+---------------------------+
2.查询网路详情
[root@xiandian ~]# neutron net-list+--------------------------------------+------------+---------+| id | name | subnets |+--------------------------------------+------------+---------+| bd923693-d9b1-4094-bd5b-22a038c44827 | sharednet1 | |+--------------------------------------+------------+---------+# neutron net-show bd923693-d9b1-4094-bd5b-22a038c44827+---------------------------+--------------------------------------+| Field | Value |+---------------------------+--------------------------------------+| admin_state_up | True || availability_zone_hints | || availability_zones | || created_at | 2017-02-23T04:58:17 || description | || id | bd923693-d9b1-4094-bd5b-22a038c44827 || ipv4_address_scope | || ipv6_address_scope | || mtu | 1500 || name | sharednet1 || port_security_enabled | True || provider:network_type | flat || provider:physical_network | physnet1 || provider:segmentation_id | || router:external | False || shared | True || status | ACTIVE || subnets | || tags | || tenant_id | 20b1ab08ea644670addb52f6d2f2ed61 || updated_at | 2017-02-23T04:58:17 |+---------------------------+--------------------------------------+
3.查询Neutron相关组件服务
使用Neutron相关命令查询网络服务DHCP agent的详细信息(id为查询到DHCP agent服务对应id)
[root@xiandian ~]# neutron agent-list+--------------------------------------+--------------------+----------+-------------------+-------+----------------+---------------------------+| id | agent_type | host | availability_zone | alive | admin_state_up | binary |+--------------------------------------+--------------------+----------+-------------------+-------+----------------+---------------------------+| 7dd3ea38-c6fc-4a73-a530-8b007afeb778 | L3 agent | xiandian | nova | :-) | True | neutron-l3-agent || 8c0781e7-8b3e-4c9f-a8da-0d4cdc570afb | Open vSwitch agent | xiandian | | :-) | True | neutron-openvswitch-agent || a3504292-e108-4ad1-ae86-42ca9ccfde78 | DHCP agent | xiandian | nova | :-) | True | neutron-dhcp-agent || be17aa73-deba-411a-ac10-fd523079085d | Metadata agent | xiandian | | :-) | True | neutron-metadata-agent |+--------------------------------------+--------------------+----------+-------------------+-------+----------------+---------------------------+[root@xiandian ~]# neutron agent-show a3504292-e108-4ad1-ae86-42ca9ccfde78+---------------------+----------------------------------------------------------+| Field | Value |+---------------------+----------------------------------------------------------+| admin_state_up | True || agent_type | DHCP agent || alive | True || availability_zone | nova || binary | neutron-dhcp-agent || configurations | { || | "subnets": 1, || | "dhcp_lease_duration": 86400, || | "dhcp_driver": "neutron.agent.linux.dhcp.Dnsmasq", || | "networks": 1, || | "log_agent_heartbeats": false, || | "ports": 2 || | } || created_at | 2017-02-23 04:57:05 || description | || heartbeat_timestamp | 2019-09-28 21:33:06 || host | xiandian || id | a3504292-e108-4ad1-ae86-42ca9ccfde78 || started_at | 2017-02-23 04:57:05 || topic | dhcp_agent |+---------------------+----------------------------------------------------------+
五、Cinder服务运维
1.创建云硬盘
创建一个2 GB的云硬盘extend-demo
# cinder create --name cinder-volume-demo 2+--------------------------------+--------------------------------------+| Property | Value |+--------------------------------+--------------------------------------+| attachments | [] || availability_zone | nova || bootable | false || consistencygroup_id | None || created_at | 2019-09-28T18:59:13.000000 || description | None || encrypted | False || id | 5df3295d-3c92-41f5-95af-c371a3e8b47f || metadata | {} || migration_status | None || multiattach | False || name | cinder-volume-demo || os-vol-host-attr:host | xiandian@lvm#LVM || os-vol-mig-status-attr:migstat | None || os-vol-mig-status-attr:name_id | None || os-vol-tenant-attr:tenant_id | 0ab2dbde4f754b699e22461426cd0774 || replication_status | disabled || size | 2 || snapshot_id | None || source_volid | None || status | creating || updated_at | 2019-09-28T18:59:14.000000 || user_id | 53a1cf0ad2924532aa4b7b0750dec282 || volume_type | None |+--------------------------------+--------------------------------------+
通过cinder-list查看云硬盘信息
# cinder list+--------------------------------------+-----------+--------------------+------+-------------+----------+-------------+| ID | Status | Name | Size | Volume Type | Bootable | Attached to |+--------------------------------------+-----------+--------------------+------+-------------+----------+-------------+| 5df3295d-3c92-41f5-95af-c371a3e8b47f | available | cinder-volume-demo | 2 | - | false | |+--------------------------------------+-----------+--------------------+------+-------------+----------+-------------+
2.创建云硬盘卷类型
创建type标识的卷类型。
可以通过cinder type-create命令来创建卷类型,创建了一个名为“lvm”的卷类型
# cinder type-create lvm+--------------------------------------+------+-------------+-----------+| ID | Name | Description | Is_Public |+--------------------------------------+------+-------------+-----------+| b247520f-84dd-41cb-a706-4437e7320fa8 | lvm | - | True |+--------------------------------------+------+-------------+-----------+
可以通过cinder type-list命令来查看现有的卷类型。
# cinder type-list+--------------------------------------+------+-------------+-----------+| ID | Name | Description | Is_Public |+--------------------------------------+------+-------------+-----------+| b247520f-84dd-41cb-a706-4437e7320fa8 | lvm | - | True |+--------------------------------------+------+-------------+-----------+
3.创建带标识的云硬盘
以type标识为例,创建一块带“lvm”标识的云硬盘
# cinder create --name type_test_demo --volume-type lvm 1+--------------------------------+--------------------------------------+| Property | Value |+--------------------------------+--------------------------------------+| attachments | [] || availability_zone | nova || bootable | false || consistencygroup_id | None || created_at | 2019-09-28T19:15:14.000000 || description | None || encrypted | False || id | 12d09316-1c9f-43e1-93bd-24e54cbf7ef6 || metadata | {} || migration_status | None || multiattach | False || name | type_test_demo || os-vol-host-attr:host | None || os-vol-mig-status-attr:migstat | None || os-vol-mig-status-attr:name_id | None || os-vol-tenant-attr:tenant_id | 0ab2dbde4f754b699e22461426cd0774 || replication_status | disabled || size | 1 || snapshot_id | None || source_volid | None || status | creating || updated_at | None || user_id | 53a1cf0ad2924532aa4b7b0750dec282 || volume_type | lvm |+--------------------------------+--------------------------------------+
创建成功后可以通过命令查看结果,可以看到该卷的volume_type字段已修改为“lvm”
# cinder show type_test_demo+--------------------------------+--------------------------------------+| Property | Value |+--------------------------------+--------------------------------------+| attachments | [] || availability_zone | nova || bootable | false || consistencygroup_id | None || created_at | 2019-09-28T19:15:14.000000 || description | None || encrypted | False || id | 12d09316-1c9f-43e1-93bd-24e54cbf7ef6 || metadata | {} || migration_status | None || multiattach | False || name | type_test_demo || os-vol-host-attr:host | xiandian@lvm#LVM || os-vol-mig-status-attr:migstat | None || os-vol-mig-status-attr:name_id | None || os-vol-tenant-attr:tenant_id | 0ab2dbde4f754b699e22461426cd0774 || replication_status | disabled || size | 1 || snapshot_id | None || source_volid | None || status | available || updated_at | 2019-09-28T19:15:15.000000 || user_id | 53a1cf0ad2924532aa4b7b0750dec282 || volume_type | lvm |+--------------------------------+--------------------------------------+
删除指定的Cinder卷,可以通过命令“cinder delete
# cinder delete cinder-volume-demoRequest to delete volume cinder-volume-demo has been accepted.
六、Swift服务运维
1.Swift查询命令
(1)创建容器
通过命令行实现对Swift上数据的操作,首先需要创建一个名称为“test”的容器
# swift post test
(2)查询容器
# swift list test
通过显示结果可以看出目前“test”容器里面的内容是空的,这时用户希望将本地的file目录内容递归上传到“test”容器内。首先创建file目录,并同时新建3个文件one.txt、two.doc和three.png。
# mkdir file#touch one.txt# touch two.doc# touch three.png
2.Swift上传和下载
(1)上传文件至容器
上传时首先需要上传一个空白的“file”目录
# swift upload test file/
将one.txt文件上传到“test”容器内file目录内
# swift upload test/file one.txt
换一种方式将剩下的two.doc和three.png递归上传到“test”容器下的file目录内
# mv two.doc three.png file/# swift upload test file/file/three.pngfile/two.doc
(2)从容器中下载文件
数据在Swift集群内保存,随时供用户下载使用,现在下载three.png文件
# swift download test file/three.pngfile/three.png [auth 0.445s, headers 0.870s, total 0.871s, 0.000 MB/s]
(3)从容器中删除文件
目前磁盘容量有限,需要删除一些相对价值低的数据,空出更多的空间。这时已经将three.png下载到本地,所以暂时将three.png从对象存储服务器中删除
# swift delete test file/three.pngfile/three.png
(4)查看容器服务状态
用户还可以通过swift stat命令来查看整个Account账户下Swift状态
# swift statAccount: AUTH_0ab2dbde4f754b699e22461426cd0774Containers: 1Objects: 3Bytes: 0Containers in policy "policy-0": 1Objects in policy "policy-0": 3Bytes in policy "policy-0": 0X-Account-Project-Domain-Id: 3ac89594c8e944a9b5bb567fca4e75aaX-Timestamp: 1569699525.96576X-Trans-Id: txe80d8e2c7285497895340-005d8fc0fbContent-Type: text/plain; charset=utf-8Accept-Ranges: bytes
若有收获,就点个赞吧
0 人点赞
