Shulou(Shulou.com)06/01 Report--

This article introduces how to operate user-oriented in OpenStack. The content is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

Mirror image

OpenStack images can often be understood as "virtual machine templates". Images can also be thought of as standard installation media such as ISO images. Basically, they all contain startup system files that can start the instance.

Add mirrors

There are several prefabricated images that can be easily imported into the image service. One of the most commonly added images is the CirrOS image, which is very small and is used as a test. To increase this mirror image, just:

# wget https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img # glance image-create-name='cirros image'-is-public=true-container-format=bare-disk-format=qcow2

< cirros-0.3.0-x86_64-disk.img glance image-create 命令有很多选项，例如 min-disk选项对启动分区有大小要求的镜像(象windows需要比较大的分区)非常有用。为查看这些选项： $ glance help image-create location 选项需要特别注意。它并不复制整个镜像到Glance，而是提供镜像的原始路径。当启动一个实例的时候，Glance会到该路径加载镜像。 copy-from 选项从指定路径复制镜像到 /var/lib/glance/images 。在例子中使用STDIN 重定向也完成相同任务。 运行下述命令来查看已有镜像的详细信息： $ glance details 删除镜像 为了删除一个镜像，用以下命令： $ glance image-delete 注意：删除镜像不影响基于此镜像的虚机实例或快照。 其他命令行选项： 全部选项可以用以下命令查看： $ glance help 或： OpenStack Image Service 命令行指南。 (http://docs.openstack.org/cli/quick-start/content/glance-cli-reference.html) 镜像服务和数据库 唯一不被Glance 数据库存储的是镜像本身。Glance数据库有两个主要的表： images image_properties 通过直接对数据库的操作，SQL查询等可以得到定制化的Glance镜像的列表和报告。 技术上，可以通过操作数据库来更新镜像的属性，虽然这不是推荐的做法。 镜像数据库查询示例 一个有趣的例子是修改镜像列表和镜像拥有者。这可以简单地通过查找拥有者的ID来实现。以下的例子做得更多的事-会显示拥有者的名字： $ mysql>

Select glance.images.id, glance.images.name, keystone.tenant.name, is_public from glance. Images inner join keystone.tenant on glance. Images.owner=keystone.tenant.id

Another example shows the details of a mirror:

$mysql > select name, value from image_properties where id =

Type template (flavor) in Openstack, virtual machine hardware templates are called type templates (flavor), including RAM and hard disk size, CPU cores, and so on. There are 5 default types after standard installation. Type templates can be modified by users with administrator privileges (the modified permissions can also be edited by modifying the access control: compute_extension:flavormanage in the / etc/nova/policy.json file on the nova-api server). View the available type templates on the system: $nova flavor-list +-+-- + | | 0 | / | 1 | / | {} | 2 | m1.small | 2048 | 10 | 20 |\ | 1 |\ | {} | 3 | m1.medium | 4096 | 10 | 40 | / | 2 | / | {} | 4 | m1.large | 8192 | 10 | 80 |\ | 4 | {} | 5 | m1.xlarge | 16384 | 16384 | 8 | / | {} | + The-+-+ nova flavor-create command allows authorized users to create new type templates. Other control functions can be viewed with the following command:

$nova help | grep flavor.

The type template defines the following elements: the column description ID, a unique numeric ID Name descriptive name. Xx.size_name is usually not needed, although some third-party tools may need to set the Memory_MB virtual machine memory (MB) Disk virtual boot hard disk size (GB). This is a non-persistent hard disk loaded with startup software. Not needed when booting from a persistent hard drive. The size of "0" is a special size, which means that the size is the same as that of starting the software image. Ephemeral specifies the size of the second non-persistent hard disk. This is an empty, unformatted hard disk that exists only when the virtual machine exists. The optional swap partition space of the Swap virtual machine the number of cores of the virtual CPU in the VCPUs virtual machine this optional attribute allows the created server to have a different bandwidth from the network hardware it comes with. This variable defines the ratio of RXTX (input and output) to network hardware bandwidth. The default value is 1.0, that is, the same bandwidth as the hardware. Is_Public Boolean value, whether the type template is only for users within the tenant or can be used by other tenants (exposed). The default is true, that is, public. Additional options for extra_specs to restrict which host can run a certain type of template. Using the key/value worth method, only the host with the same key/value worth can run the relevant type template. It can be used to handle deployment in special cases, for example, some type templates can only be run on hosts with GPU. How do I modify an existing type template? Unfortunately, OpenStack does not provide an interface to modify templates, only adding and deleting. The working mode of template modification in Dashboard is to delete the old template and add a template with the same name.

Security group

For new users, the most common problem with Openstack is that when you start an instance, you fail to set the appropriate security group, and then you cannot access the instance on the network. A security group is a set of IP filtering rules applied to the network of an instance, based on a specific project, and project members can edit the default rules or add new rules to their group. All projects have a "default" security group if there is no other security group definition, and apply it to the instance. (unless the security group is changed to block all incoming traffic? ). The option allow_same_net_traffic (default is true) in the nova.conf file controls whether the rules apply to groups of hosts that share a network globally. When set to true, hosts in the same subnet can transmit all types of data to each other without filtering. In the Flat mode network, this allows all instances in all projects to communicate with each other unfiltered. In the VLAN mode network, instances are allowed to access each other on the same project. If allow_same_net_traffic is set to false and the security group is deployed to all connections, in this case, you can still simulate the effect of true, which is to configure the default security group to pass all. The security group for the current project is found in the access and Security section of dashboard. To view the details of a security group, select Edit under the security group. Obviously, the security group can be modified from this interface. In addition, there is a "create Security Group" button on the main access & Security page to create a new group. -the terms used in our discussion here are the same as those on the command line. The following command displays a list of security groups in the current project:

$nova secgroup-list +-- +-+ | Name | Description | +-- +-+ | default | default | | open | all ports | +

Check out a security group called 'open':

$nova secgroup-list-rules open +-+-+

IP Protocol | From Port | To Port | IP Range | Source Group |

Icmp tcp udp-1 1 1255 65535 655350.0.0.0/0 0.0.0.0/0 0.0.0.0/0

Explanation: all rules are "allow" because the default is "deny". The first column is the IP protocol (icmp, tcp, or udp), the second column and the third column describe the range of port numbers. The fourth column describes the IP address range in CIDR format. All ports that allow all IP are described in this example. As described in the previous section, the number of rules is controlled by quota_security_group_rules and the number of security groups per project is controlled by quota_security_groups quota. When adding a security group, you should use a simple and explanatory name. Because the name is displayed in the instance being used, but not with a description. For example, a security group with the name 'http'' would be better, but 'Zhang San's group' or 'group 1' would be difficult to understand. As an example, we create a security group that allows all web traffic from anywhere to connect to the internet. It is called "global_http", which means the web traffic of internet anywhere, which is easy to understand. +-+-+ | Name | Description | +-+-- + | global_http | allow web traffic from the internet | +-+-- +-- add rules with the following command:

$nova secgroup-add-rule $nova secgroup-add-rule global_http tcp 80 0.0.0.0 tcp 0 +-IP Protocol | From Port | To Port | IP Range | Source Group | + -+-+-+

Note: the 'from-port' and' to-port' here are not the source and destination ports, but the range of ports. Complex rules can be implemented by multiple rules. For example, if you want to allow http and https traffic:

$nova secgroup-add-rule global_http tcp 443 0.0.0.0 +-IP Protocol | From Port | To Port | IP Range | Source Group | + -+-+-+

After adding the previous rule, the rule becomes:

$nova secgroup-list-rules global_http +-IP Protocol | From Port | To Port | IP Range | Source Group | + -+-+

The reverse operation is secgroup-delete-rule, the same format. If you want to delete the entire security group, you can use: secgroup-delete. Create a security group for the cluster of an instance: SourceGroups defines CIDR accessible resources in a dynamic pattern. A user sets a SourceGroup (with a security group name), and all this user can dynamically choose to use this SourceGroup on other instances. This approach relieves each new user of the need for a new rule. How to use it: the usage: nova secgroup-add-group-rule $nova secgroup-add-group-rule cluster global-http tcp 22 22 "cluster" rule allows all instances using 'global-http' to be accessed through ssh.

Block storage

Connection: block storage failed OpenStack volume is a persistent block storage device that can be attached to an instance or detached, but can only be connected to one instance at the same time, similar to an external hard disk, and does not provide shared storage like a network file system or object storage. Block storage allows the operating system in the instance to load and mount the file system to the block device. Similar to other removable disk technologies, the important thing is that the operating system can not use the disk, and then remove it immediately, the data is prone to problems. Any file system in the Linux instance needs to be unmounted from the volume before the hardware is removed. The OpenStack volume service does not know whether it is safe to remove a volume from an instance, so it can only do as instructed. If the user tells the volume service to unmount the volume from an instance and the volume is being written, it is conceivable that the file system must be corrupted to some extent, no matter what process is using the volume. OpenStack does not cover the relevant rules such as the steps required by the instance operating system to access the block device. All that is involved is how to create a volume and mount it to an instance or unmount it. These operations can be found on the 'volume' page of dashboard or with the cinder command line client. To add a volume only by name and volume size (GB), type it into the create Volume menu, or use the command line: $cinder create-display-name test-volume 10 to create a volume named 'test-volume', 10GB. List the existing volumes and connected instances, if any:

$cinder list +-ID | Status | Display Name | Size | Volume Type | Attached to | +-+-- +-- + +-+-+

The block storage service also allows snapshots to be created. Keep in mind that this is a block-level snapshot, which is best done when the volume is not attached to the instance, or when the volume is not loaded or used. If you do this when the volume is frequently used, you may get an inconsistent file system. In fact, by default, the volume volume service does not take snapshots when the volume is loaded-you can force it to do so. To create a snapshot, one way is to select create Snapshot on the volume page of dashboard, or use the command line:

Usage: cinder snapshot-create [- force] [- display-name] [- display-description]

Positional arguments: ID of the volume to snapshot Optional arguments:-force Optional flag to indicate whether to snapshot a volume even if its attached to an instance. (Default=False)-display-name Optional snapshot name. (Default=None)-display-description Optional snapshot description. (Default=None) Block storage creation failed if the user immediately enters an error state when trying to create a volume, the best way to check the error is to grep the log file of cinder based on the UUID of the volume. First try the log file on the cloud controller, and then try the storage node of the volume you want to create: # grep 903b85d0-bacc-4855-a261-10843fc2d65b / var/log/cinder/*.log

Instance startup instance startup failed instance property data

The instance is a virtual machine running on an OpenStack cloud. This section discusses how to manipulate instances, related mirrors, network features, and how to display them in the database. Start an instance: to initiate an instance, you need to select a mirror, a type model, and a name. Names don't have to be unique, but if they are, your life will be much easier, because many tools use names instead of UUID. To initiate an instance, you can use the launch instance button on the instance page of dashboard, and then go to the Select Mirror and Snapshot page. Command line mode: $nova boot-flavor-image here are some options. It is best to read this section before starting the instance, which is the most basic command. Nova delete note that powering down (shutting down) an instance does not mean that the instance is removed from the openstack. Instance startup failure if an instance cannot be started and immediately enters the "Error" state, there are several ways to troubleshoot. Some only need normal user privileges, others need to be able to login to log servers or compute nodes. The most common reason for not starting is that there are no suitable compute nodes in the system to meet the instance requirements due to the allocation of quotas. In this case, you can use the nova show command to view the error message as follows:

$nova show test-instance +-+-| Property | Value / +-+-| OS-DCF:diskConfig | MANUAL / | OS-EXT-STS:power_state | 0 | OS-EXT-STS:task_state | None / | OS-EXT-STS:vm_state | error | AccessIPv4 | / | accessIPv6 | | config_drive | / | created | 2013-03-01T19:28:24Z | fault | {upright messagekeeper: upright NoValidHost` Upright codewords: 500 Uplifted createdbones: upright 2013 / | flavor | xxl.super (11) | hostId | / | id | 940f3b2f-bd74-45ad-bee7-eb0a7318aa84 | image | quantal-test (65b4f432-7375-42b6-a9b8-7f654a1e676e) / | key_name | None | metadata | {} / | name | test-instance | security_groups | [{upright nameplates: upright default'}] / | status | ERROR | tenant_id | 98333a1a28e746fa8c629c83a818ad57 / | updated | 2013-03-01T19:28:26Z | user_id | A1ef823458d24a68955fec6f3d390019 / +-+-

In this example, the error message displayed as NoValidHost indicates that the scheduler cannot meet the needs of the instance. If the information displayed by nova show is not enough, you can search the contents in the nova-compute.log file of the relevant compute node and retrieve it with the UUID of the instance. Or dispatch the nova-scheduler.log on the server, which can provide the underlying error message. Using the nova show command as an administrator displays the HostID of the compute node where the instance is located. However, if the instance is not scheduled successfully, there is no such ID. Instance feature data has a variety of ways to inject customized data, including user data, metadata services, authorization key (authorized_keys) injection, and file injection. Clarify the difference between user data and metadata: user data is part of the data that is set when the instance is not running. This user data can be accessed and used during the run of the instance. People use this user data to store configuration, script, or other data if the tenant wants it. Metadata, on the other hand, is a set of keys / values (key/value) associated with an instance. During the existence of the instance, when the user issues instructions through Compute API, nova-compute reads and writes these keys / values from inside or outside the instance. However, you cannot query metadata directly in a way that is compatible with the EC2 metadata service. Users can generate and register ssh keys through the nova command:

$nova keypair-add mykey > mykey.pem

This generates a key named mykey that can be associated with the instance. The mykey.pem file is the private key and needs to be saved in a secure place because it allows users with root to access the instance associated with it. You can register a public key with the following command: $nova keypair-add-pub-key mykey.pub mykey you must have a corresponding private key to access the instance associated with this public key. Associate a key when an instance is started: add-key_name mykey on the command line:

$nova boot-image ubuntu-cloudimage-flavor 1-key_name mykey

When you start a server, you can add metadata to make it easier to tell which instance is running. Use the-meta option, take a key=value pair, and determine the definition of the key-value pair. For example, you can add a description:

$nova boot-image=test-image-flavor=1 smallimage-meta description='Small test image'

You can see the information of metadata in the instance information:

$nova show smallimage +-+-+ | Property | Value | +-+-+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-STS:power_state | 1 | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | active | | accessIPv4 | accessIPv6 | config_drive | | | created | 2012-05-16T20:48:23Z | | flavor | m1.small | | hostId | de0...487 | | id | | image | natty-image | | key_name | metadata | {utilitarianism: u'Small test image'} | name | smallimage2 | | private network | 172.16.101.11 | progress | 0 | public network | 10.4.113.11 | status | ACTIVE | tenant_id | e83.482 | | | Updated | 2012-05-16T20:48:35Z | | user_id | de3...0a9 | +-+-+

User data is a special key in the metadata service that holds a file that can be accessed by the cloud application on this example. For example, cloudinit (https://help.ubuntu.com/community/CloudInit) is an open source software package that can use this user data when the instance is started. Generation of user data: you can create a file locally and transfer it to the instance, adding the option-user-data when the instance is created. For example:

$nova boot-image ubuntu-cloudimage-flavor 1-user-data mydata.file

Any file can be placed on the instance's file system, using the-file option. You can store up to 5 files. For example, there is a special authorization key file named special_authorized_keysfile. To replace the usual ssh key injection in the instance, you can use the following fame and fortune:

$nova boot-image ubuntu-cloudimage-flavor 1-file / root/.ssh/authorized_keys=special_authorized_keysfile

Associate security group

As mentioned earlier, if network traffic is allowed to the instance, the configuration of the security group is required unless the default security group is configured to allow traffic to pass through. Adding a security group is usually done when the instance is started. On dashboard, this section is in the start instance dialog box on the access and Security tab. In command line startup mode, add the-security-groups option for security groups and separate a set of security groups with commas. You can also add security groups while the instance is running. Currently, this function can only be done on the command line.

$nova add-secgroup $nova remove-secgroup

As Floating IPs mentioned earlier, the project has a quota to control the number of floating ip, but these need to be allocated by a user before they can be used. Assign a floating IP to a project through the "assign IP Project" button on the dashboard "access and Security" page, or on the command line: once $nova floating-ip-create is assigned, floating ip can be set to the running instance, through dashboard, one way is to "set the IP Project" button for the IP operation on the "access and Security" page, or the relevant button for the corresponding instance on the "instance" page. Instead, the operation "floating ip disassociate" can only be done on the "access and Security" page. On the command line, the following commands accomplish the above tasks:

$nova add-floating-ip $nova remove-floating-ip

Load block storage

You can load block storage for an instance on the volumes page of dashboard. Click Edit load to select which volume to load. On the command line, you can:

$nova volume-attach

You can also use the command line to specify the block device when the instance is started, as follows:

-block-device-mapping

The format of the block device mapping is:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.