5. Administration OpenStack I
- 1. Étapes de déploiement d'une instance
- 2. Chargement des variables d'environnement
- 3. Configuration du réseau
- 4. Générer une paire de clé
- 5. Groupe de sécurité
- 6. Création de volumes
- 7. Examen sur le noeud de calcul
- 8. Lancement d'une instance
- 9. Attachement d'un volume
- 10. Vérification de l'instance
- 11. Connexion VNC à l'instance
- 12. Connexion ssh depuis l'hôte
- 13. Hyperviseur KVM sur le noeud de calcul Compute1
- 14. Configuration du nouveau volume dans l'instance
- 15. Mise en script de l'exercice
Déploiement d'une instance OpenStack
1. Étapes de déploiement d'une instance
Pour déployer une instance, les étapes suivantes seront suivies :
- Configuration du réseau
- Attribution des adresses IP flottantes
- Définition d'un groupe de sécurité
- Création d'une paire de clés SSH
- Création d'une image
- Choix d'un gabarit
- Démarrage de l'instance
2. Chargement des variables d'environnement
On charge le profil de l'utilisateur demo :
osbash@controller:~$ cat demo-openrc.sh
export OS_USERNAME=demo
export OS_PASSWORD=demo_user_pass
export OS_PROJECT_NAME=demo
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://10.0.0.11:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
osbash@controller:~$ . demo-openrc.sh
3. Configuration du réseau
4. Générer une paire de clé
... Explication ...
osbash@controller:~$ openstack keypair create mykey > mykey.pem
osbash@controller:~$ openstack keypair show mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| created_at | 2019-03-02T21:15:28.000000 |
| deleted | False |
| deleted_at | None |
| fingerprint | 58:8b:d1:1e:5d:64:c4:d9:62:64:e3:bb:f3:33:c4:4d |
| id | 1 |
| name | mykey |
| updated_at | None |
| user_id | 91e1392791a145f985ea1153e2b2525b |
+-------------+-------------------------------------------------+
osbash@controller:~$ cat mykey.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAwGrab9Yxc2ZEJcoqVV8RrMXrFv3exBgfAzx03wpNhHbzJdiY
KcIYtnWpEFbOu4ZJHPqXqsckKlbvbJzhkyQMNt3AaJ1rt29m38XpDIUp/hpkHipu
796uu9B5jmL+0Fn3xJbdFIsbxtomHua5b8N0+clF5h0wfGn04yw1WM4QziEvdq0I
8devP/h6lCnJUp1ApVRIBIGU56QZhoAcxQ+AM2q9zkjHV6C+Jfqe8owpCCntL9ed
sWKYk4a8vbLpuFQ2WXbVQ31xEqNcGylckC36ZPrcsWW9G/UNyY+ITDkhnMkWRA7m
kOWWjBBpx1FVX6Qclb0oIO9+M8rilfnCILHy0wIDAQABAoIBABWcqtY+56T/io34
DBM0r2aJgGM/toKt9uXFJ5dZr+U9+wd4MXcXPvFXe9rC9UtoxNOFbf2Xin9a7l9z
q358YQbUl2TosY2T7KkbsJZgapwI2M/ukjFNALFFtDGC+v3p7QNesow5J7CJFhkI
bzGXcY8QxVIYWzbOK9xMPd2wn4CXVbhQwUU//BjWlsbpsZTfcm9SJ21UxybsyU77
R4WAY01jjAusrH9Is84xn8gX4aGUOsXe7E7qKAW/TPg/kUyvPg/nOopOsWUhGn52
SuyUgugHNzhN03nDGr6Vx6Fnc2Av5LKvc1zAZ1HOsPESYvTR82ayVAwII85UwKd+
ecRGDxECgYEA5zDgenEbiMTO9VLNnOQzU8LT4Ygg/6PWgQafl/4t5fFW8U/AjnEQ
4OM6z5XwrufF8KP0YxMnsW/nBDOi0jgek0ku8WK5Jot9KrBuMIyFqpvJHRO5QeIz
DWHJcOmzmhRyEvoHMkep9HNSPwYZ/I5AUISPrbRTDziu5f/R97is9akCgYEA1RDQ
2UZwN9dncERMv/B7aGyDtocU7KMhpU5MUAbFeV2yO1LcYPdaTaG2dKLV6doTFLas
y5zbi0tLUySHDEJAUpUfSfebk5o5k9GTppxaHTM6VHthk9PxWfgeWaFcxwPKwfTI
yhWzREIynLIBwNTWCOfn3J/d/tcy+bD/20hF+hsCgYA/L+Sqkm9sGh5WfqMj1lsQ
8ZbndUVPmX/vE9haumXhCu0wVxPR2qU6UeCpC9oUc9RtyOHqkjmvDV6ej15ZBm2U
49OotcrU9hrnqAD10/JUhu+YuuNPVnuNlMRxz+3+lsf2189PtraE0WARSaGgnWCG
oTSDzV1GM7/ZrOm+QwNCwQKBgQDT7y8fAM687PmKFZYWUjoe69m0JPeuTrI4AQMt
kx64k3enRMvLdB+SGuonaJXJUE8simyk+Dj1fIbHhA0FJ51dx9FgvPg2wPDG1W++
CcYlR4Cc6kFsTyTCrmhaFYT4vQ/hEADt6tnvar13WiUeT1c7cpoSvb6PMDYXYnWO
BHz+wwKBgQDkpvWanGoX8RYi6SQo8t1lMg/2cyqq8+YQKaOkZGdzb8RKE4XDisg7
5um4kw0TiYi87w8xPRxNAiMEzs9yxA/dz0OhhJT5RvdE1diwByyCElM/A1MwP0xs
PRTlmwq6QqBxWhRhELp8VjGbIywm+MFHrPWWVgtbWw3sxkPJRYsuaw==
-----END RSA PRIVATE KEY-----
osbash@controller:~$ chmod 600 mykey.pem
5. Groupe de sécurité
osbash@controller:~$ openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| 0ca0c742-fc1e-4a75-9287-6104390dd74c | default | Default security group | e7bb777bdfae4003939e5bffe920f0c9 |
+--------------------------------------+---------+------------------------+----------------------------------+
osbash@controller:~$ openstack security group rule list default
+--------------------------------------+-------------+----------+------------+--------------------------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group |
+--------------------------------------+-------------+----------+------------+--------------------------------------+
| 2f00e670-4083-487e-8e12-08afeb363405 | None | None | | None |
| bcec6e77-88ba-4624-9353-101a3050dfb6 | None | None | | 0ca0c742-fc1e-4a75-9287-6104390dd74c |
| c50a0639-c2dc-4fec-b11c-c79eea6b3fa7 | None | None | | None |
| f7ccf441-3234-46ab-8d8a-0be8f602755e | None | None | | 0ca0c742-fc1e-4a75-9287-6104390dd74c |
+--------------------------------------+-------------+----------+------------+--------------------------------------+
osbash@controller:~$ openstack security group rule create --proto icmp default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2019-03-02T21:20:55Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 2de383f4-dccb-4d5a-adef-5b1554ec3dbb |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | e7bb777bdfae4003939e5bffe920f0c9 |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 0ca0c742-fc1e-4a75-9287-6104390dd74c |
| updated_at | 2019-03-02T21:20:55Z |
+-------------------+--------------------------------------+
osbash@controller:~$ openstack security group rule create --proto tcp --dst-port 22 default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2019-03-02T21:21:09Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 180d7fc8-ca88-4362-9bea-5bee47d1e09c |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | e7bb777bdfae4003939e5bffe920f0c9 |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 0ca0c742-fc1e-4a75-9287-6104390dd74c |
| updated_at | 2019-03-02T21:21:09Z |
+-------------------+--------------------------------------+
osbash@controller:~$ openstack security group rule list default
+--------------------------------------+-------------+-----------+------------+--------------------------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+
| 180d7fc8-ca88-4362-9bea-5bee47d1e09c | tcp | 0.0.0.0/0 | 22:22 | None |
| 2de383f4-dccb-4d5a-adef-5b1554ec3dbb | icmp | 0.0.0.0/0 | | None |
| 2f00e670-4083-487e-8e12-08afeb363405 | None | None | | None |
| bcec6e77-88ba-4624-9353-101a3050dfb6 | None | None | | 0ca0c742-fc1e-4a75-9287-6104390dd74c |
| c50a0639-c2dc-4fec-b11c-c79eea6b3fa7 | None | None | | None |
| f7ccf441-3234-46ab-8d8a-0be8f602755e | None | None | | 0ca0c742-fc1e-4a75-9287-6104390dd74c |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+
6. Création de volumes
Création d'un volume logique de 1 Go qui pourra être attaché à une instance virtulelle ultérieurement. Cinder utilise LVM dans GNU/Linux. LVM gère les lecteurs de disques et autres périphériques de stockage de masse similaires. Le volume se rapporte à un lecteur de disque ou à une partition d'un lecteur de disque. Il a été écrit en 1998 par Heinz Mauelshagen, qui a basé sa conception sur celle du LVM en HP-UX. LVM peut être considéré comme une fine couche logicielle superposée entre les disques durs et les partitions, ce qui crée une abstraction de continuité et de facilité d'utilisation pour gérer le remplacement, le re-partitionnement et la sauvegarde du disque dur. Cinder crée le volume sur le nœud de calcul.
osbash@controller:~$ openstack volume create --size 1 1GB-vol
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2019-03-02T21:22:44.116726 |
| description | None |
| encrypted | False |
| id | 636110b5-9cf5-49cd-818a-92660148c247 |
| multiattach | False |
| name | 1GB-vol |
| properties | |
| replication_status | None |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| type | None |
| updated_at | None |
| user_id | 91e1392791a145f985ea1153e2b2525b |
+---------------------+--------------------------------------+
osbash@controller:~$ openstack volume list
+--------------------------------------+---------+-----------+------+-------------+
| ID | Name | Status | Size | Attached to |
+--------------------------------------+---------+-----------+------+-------------+
| 636110b5-9cf5-49cd-818a-92660148c247 | 1GB-vol | available | 1 | |
+--------------------------------------+---------+-----------+------+-------------+
7. Examen sur le noeud de calcul
osbash@compute1:~$ . demo-openrc.sh
osbash@compute1:~$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 9.8G 0 disk
|-sda1 8:1 0 8.8G 0 part /
|-sda2 8:2 0 1K 0 part
`-sda5 8:5 0 975M 0 part [SWAP]
sdb 8:16 0 125G 0 disk
|-cinder--volumes-cinder--volumes--pool_tmeta 252:0 0 120M 0 lvm
| `-cinder--volumes-cinder--volumes--pool-tpool 252:2 0 118.8G 0 lvm
| |-cinder--volumes-cinder--volumes--pool 252:3 0 118.8G 0 lvm
| `-cinder--volumes-volume--636110b5--9cf5--49cd--818a--92660148c247 252:4 0 1G 0 lvm
`-cinder--volumes-cinder--volumes--pool_tdata 252:1 0 118.8G 0 lvm
`-cinder--volumes-cinder--volumes--pool-tpool 252:2 0 118.8G 0 lvm
|-cinder--volumes-cinder--volumes--pool 252:3 0 118.8G 0 lvm
`-cinder--volumes-volume--636110b5--9cf5--49cd--818a--92660148c247 252:4 0 1G 0 lvm
osbash@compute1:~$ sudo pvs
PV VG Fmt Attr PSize PFree
/dev/sdb cinder-volumes lvm2 a-- 125.00g 6.01g
osbash@compute1:~$ sudo vgs
VG #PV #LV #SN Attr VSize VFree
cinder-volumes 1 2 0 wz--n- 125.00g 6.01g
osbash@compute1:~$ sudo lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
cinder-volumes-pool cinder-volumes twi-aotz-- 118.75g 0.00 10.42
volume-636110b5-9cf5-49cd-818a-92660148c247 cinder-volumes Vwi-a-tz-- 1.00g cinder-volumes-pool 0.00
8. Lancement d'une instance
Paramètres de création d'une instance
openstack server create --help
usage: openstack server create [-h] [-f {json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--fit-width] [--print-empty] [--noindent]
[--prefix PREFIX]
(--image <image> | --volume <volume>) --flavor
<flavor> [--security-group <security-group>]
[--key-name <key-name>]
[--property <key=value>]
[--file <dest-filename=source-filename>]
[--user-data <user-data>]
[--availability-zone <zone-name>]
[--block-device-mapping <dev-name=mapping>]
[--nic <net-id=net-uuid,v4-fixed-ip=ip-addr,v6-fixed-ip=ip-addr,port-id=port-uuid,auto,none>]
[--network <network>] [--port <port>]
[--hint <key=value>]
[--config-drive <config-drive-volume>|True]
[--min <count>] [--max <count>] [--wait]
<server-name>
Installation d'un parser JSON
Installation de jq qui est parser JSON.
osbash@controller:~$ sudo apt -y install jq
Choix de l'image
osbash@controller:~$ openstack image list -f json | jq .
[
{
"Status": "active",
"ID": "9173ec36-6beb-4361-9446-021cf5dc8b9c",
"Name": "cirros"
}
]
On obtient une liste d'un seul élément avec une clé "Name".
osbash@controller:~$ openstack image list -f json | jq .[0].Name
"cirros"
Mise en variable :
L'option -r
rend un affichage brut sans les guillemets des résultats.
image=$(openstack image list -f json | jq -r '.[].Name')
Choix d'un gabarit
osbash@controller:~$ openstack flavor list
+----+----------+------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+----------+------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.small | 2048 | 1 | 0 | 1 | True |
+----+----------+------+------+-----------+-------+-----------+
osbash@controller:~$ openstack flavor list -f json
[
{
"Name": "m1.nano",
"RAM": 64,
"Ephemeral": 0,
"VCPUs": 1,
"Is Public": true,
"Disk": 1,
"ID": "0"
},
{
"Name": "m1.small",
"RAM": 2048,
"Ephemeral": 0,
"VCPUs": 1,
"Is Public": true,
"Disk": 1,
"ID": "1"
}
]
osbash@controller:~$ openstack flavor list -f json | jq .[].Name
"m1.nano"
"m1.small"
osbash@controller:~$ openstack flavor list -f json | jq .[0].Name
"m1.nano"
Mise en variable :
flavor=$(openstack flavor list -f json | jq -r '.[0].Name')
Choix d'un groupe de sécurité
osbash@controller:~$ openstack security group list -f json
[
{
"Project": "e7bb777bdfae4003939e5bffe920f0c9",
"Description": "Default security group",
"ID": "0ca0c742-fc1e-4a75-9287-6104390dd74c",
"Name": "default"
}
]
osbash@controller:~$ openstack security group list -f json | jq .[].Name
"default"
Mise en variable :
security_group=$(openstack security group list -f json | jq -r '.[0].Name')
Choix de la clé
osbash@controller:~$ openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 58:8b:d1:1e:5d:64:c4:d9:62:64:e3:bb:f3:33:c4:4d |
+-------+-------------------------------------------------+
osbash@controller:~$ openstack keypair list -f json
[
{
"Name": "mykey",
"Fingerprint": "58:8b:d1:1e:5d:64:c4:d9:62:64:e3:bb:f3:33:c4:4d"
}
]
osbash@controller:~$ openstack keypair list -f json | jq .[0].Name
"mykey"
keypair=$(openstack keypair list -f json | jq -r '.[0].Name')
Choix de la carte réseau
osbash@controller:~$ openstack network list -f json
[
{
"Subnets": "2c38669a-1af1-498c-a049-ad58bc64ac21",
"ID": "94eab2ca-a929-40c3-ba5b-3440ee0bfff0",
"Name": "selfservice"
},
{
"Subnets": "0d737ddd-1128-49cd-acae-78a73ac91503",
"ID": "f3e4c1f9-0df6-4eb4-ac8b-6cc41ec21dbf",
"Name": "provider"
}
]
osbash@controller:~$ openstack network list -f json | jq .[1].ID
"f3e4c1f9-0df6-4eb4-ac8b-6cc41ec21dbf"
nic=$(openstack network list -f json | jq -r '.[1].ID')
Lancement de l'instance
osbash@controller:~$ openstack server create \
--image ${image} \
--flavor ${flavor} \
--security-group ${security_group} \
--key-name ${keypair} \
--nic net-id=${nic} \
cirrOS-test
+-----------------------------+-----------------------------------------------+
| Field | Value |
+-----------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | wYwPSY6AHZb3 |
| config_drive | |
| created | 2019-03-02T22:13:15Z |
| flavor | m1.nano (0) |
| hostId | |
| id | 9ccf55ec-f8cc-4bb1-834c-3b957e168f06 |
| image | cirros (9173ec36-6beb-4361-9446-021cf5dc8b9c) |
| key_name | mykey |
| name | cirrOS-test |
| progress | 0 |
| project_id | e7bb777bdfae4003939e5bffe920f0c9 |
| properties | |
| security_groups | name='0ca0c742-fc1e-4a75-9287-6104390dd74c' |
| status | BUILD |
| updated | 2019-03-02T22:13:15Z |
| user_id | 91e1392791a145f985ea1153e2b2525b |
| volumes_attached | |
+-----------------------------+-----------------------------------------------+
Vérification
osbash@controller:~$ openstack server list -f json
[
{
"Status": "ACTIVE",
"Name": "cirrOS-test",
"Image": "cirros",
"ID": "9ccf55ec-f8cc-4bb1-834c-3b957e168f06",
"Flavor": "m1.nano",
"Networks": "provider=203.0.113.121"
}
]
9. Attachement d'un volume
osbash@controller:~$ openstack server add volume cirrOS-test 1GB-vol
osbash@controller:~$ openstack volume list -f json
[
{
"Status": "in-use",
"Size": 1,
"Attached to": "Attached to cirrOS-test on /dev/vdb ",
"ID": "636110b5-9cf5-49cd-818a-92660148c247",
"Name": "1GB-vol"
}
]
10. Vérification de l'instance
osbash@controller:~$ openstack server show cirrOS-test -f json
{
"OS-EXT-STS:task_state": null,
"addresses": "provider=203.0.113.121",
"image": "cirros (9173ec36-6beb-4361-9446-021cf5dc8b9c)",
"OS-EXT-STS:vm_state": "active",
"OS-SRV-USG:launched_at": "2019-03-02T22:13:47.000000",
"flavor": "m1.nano (0)",
"id": "9ccf55ec-f8cc-4bb1-834c-3b957e168f06",
"security_groups": "name='default'",
"volumes_attached": "id='636110b5-9cf5-49cd-818a-92660148c247'",
"user_id": "91e1392791a145f985ea1153e2b2525b",
"OS-DCF:diskConfig": "MANUAL",
"accessIPv4": "",
"accessIPv6": "",
"progress": 0,
"OS-EXT-STS:power_state": "Running",
"project_id": "e7bb777bdfae4003939e5bffe920f0c9",
"config_drive": "",
"status": "ACTIVE",
"updated": "2019-03-02T22:16:52Z",
"hostId": "0b228ea4458089276726331a8ac84dcd5a46d92f04466bd572f60e6b",
"OS-SRV-USG:terminated_at": null,
"key_name": "mykey",
"properties": "",
"OS-EXT-AZ:availability_zone": "nova",
"name": "cirrOS-test",
"created": "2019-03-02T22:13:15Z"
}
11. Connexion VNC à l'instance
osbash@controller:~$ openstack console url show cirrOS-test
+-------+--------------------------------------------------------------------------------+
| Field | Value |
+-------+--------------------------------------------------------------------------------+
| type | novnc |
| url | http://10.0.0.11:6080/vnc_auto.html?token=4c87923d-64ae-4e96-b1e6-a3386b34c244 |
+-------+--------------------------------------------------------------------------------+
Du terminal local vers le controlleur :
ssh -L 6080:127.0.0.1:6080 -p 2230 osbash@127.0.0.1
12. Connexion ssh depuis l'hôte
stack@stacktrain1:~$ scp -P 2230 osbash@127.0.0.1:/home/osbash/mykey.pem ./
stack@stacktrain1:~$ ssh -i ./mykey.pem cirros@203.0.113.121
The authenticity of host 203.0.113.121 (203.0.113.121) can t be established.
RSA key fingerprint is SHA256:I4NN5hFSDu5QtkrxlzINl64YT7TKT1fzmsJthO+8BwQ.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '203.0.113.121' (RSA) to the list of known hosts.
$ cat /etc/os-release
NAME=Buildroot
VERSION=2012.05-dirty
ID=buildroot
VERSION_ID=2012.05
PRETTY_NAME="Buildroot 2012.05"
$ ping www.google.com
PING www.google.com (216.58.215.36): 56 data bytes
64 bytes from 216.58.215.36: seq=0 ttl=54 time=15.036 ms
64 bytes from 216.58.215.36: seq=1 ttl=54 time=4.487 ms
^C
--- www.google.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 4.487/9.761/15.036 ms
$ curl ipinfo.io
{
"ip": "51.15.xxx.yyy",
"hostname": "yyy-xxx-15-51.rev.cloud.scaleway.com",
"city": "",
"region": "",
"country": "FR",
"loc": "48.8582,2.3387",
"org": "AS12876 ONLINE S.A.S."
}
13. Hyperviseur KVM sur le noeud de calcul Compute1
osbash@compute1:~$ virsh list
Id Name State
----------------------------------------------------
1 instance-00000001 running
osbash@compute1:~$ virsh dumpxml instance-00000001 | head
<domain type='qemu' id='1'>
<name>instance-00000001</name>
<uuid>9ccf55ec-f8cc-4bb1-834c-3b957e168f06</uuid>
<metadata>
<nova:instance xmlns:nova="http://openstack.org/xmlns/libvirt/nova/1.0">
<nova:package version="16.1.6"/>
<nova:name>cirrOS-test</nova:name>
<nova:creationTime>2019-03-02 22:13:30</nova:creationTime>
<nova:flavor name="m1.nano">
<nova:memory>64</nova:memory>
osbash@compute1:~$ virsh dominfo instance-00000001
Id: 1
Name: instance-00000001
UUID: 9ccf55ec-f8cc-4bb1-834c-3b957e168f06
OS Type: hvm
State: running
CPU(s): 1
CPU time: 202.4s
Max memory: 65536 KiB
Used memory: 65536 KiB
Persistent: yes
Autostart: disable
Managed save: no
Security model: apparmor
Security DOI: 0
Security label: libvirt-9ccf55ec-f8cc-4bb1-834c-3b957e168f06 (enforcing)
osbash@compute1:~$ virsh domstats instance-00000001
Domain: 'instance-00000001'
state.state=1
state.reason=5
cpu.time=203111576034
cpu.user=77630000000
cpu.system=14160000000
balloon.current=65536
balloon.maximum=65536
balloon.last-update=0
balloon.rss=139272
vcpu.current=1
vcpu.maximum=1
net.count=1
net.0.name=tap5074417b-49
net.0.rx.bytes=39158
net.0.rx.pkts=375
net.0.rx.errs=0
net.0.rx.drop=0
net.0.tx.bytes=32929
net.0.tx.pkts=299
net.0.tx.errs=0
net.0.tx.drop=0
block.count=2
block.0.name=vda
block.0.path=/var/lib/nova/instances/9ccf55ec-f8cc-4bb1-834c-3b957e168f06/disk
block.0.rd.reqs=920
block.0.rd.bytes=20618240
block.0.rd.times=594494203
block.0.wr.reqs=233
block.0.wr.bytes=608256
block.0.wr.times=765119440
block.0.fl.reqs=68
block.0.fl.times=248018561
block.0.allocation=2621440
block.0.capacity=1073741824
block.0.physical=2564096
block.1.name=vdb
block.1.path=/dev/sdc
block.1.rd.reqs=3
block.1.rd.bytes=12288
block.1.rd.times=2494614
block.1.wr.reqs=0
block.1.wr.bytes=0
block.1.wr.times=0
block.1.fl.reqs=0
block.1.fl.times=0
block.1.allocation=0
block.1.capacity=1073741824
block.1.physical=1073741824
14. Configuration du nouveau volume dans l'instance
Attachement du volume à l'instance :
osbash@controller:~$ openstack server add volume test1 1GB-vol
Vérification des volumes :
osbash@controller:~$ openstack volume list -f json
[
{
"Status": "in-use",
"Size": 1,
"Attached to": "Attached to test1 on /dev/vdb ",
"ID": "bfb4efb7-eeea-452c-9640-7da0b13016cb",
"Name": "1GB-vol"
}
]
15. Mise en script de l'exercice
Première proposition
#!/bin/bash
. admin-openrc.sh
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
openstack flavor create --id 1 --vcpus 1 --ram 2048 --disk 1 m1.small
. demo-openrc.sh
#!/bin/bash
openstack keypair create mykey > mykey.pem
chmod 600 mykey.pem
openstack security group rule create --proto icmp default
openstack security group rule create --proto tcp --dst-port 22 default
openstack volume create --size 1 1GB-vol
image=$(openstack image list -f json | jq -r '.[].Name')
flavor=$(openstack flavor list -f json | jq -r '.[0].Name')
security_group=$(openstack security group list -f json | jq -r '.[0].Name')
keypair=$(openstack keypair list -f json | jq -r '.[0].Name')
nic=$(openstack network list -f json | jq -r '.[1].ID')
openstack server create \
--image ${image} \
--flavor ${flavor} \
--security-group ${security_group} \
--key-name ${keypair} \
--nic net-id=${nic} \
test1
Seconde proposition
cat <<'EOM' > ~/instance_launch.sh
#!/bin/bash
KEYNAME='mykey-test'
VOLNAME='1GB-vol-test'
FLAVOUR='m1.nano'
IMAGE='cirros'
SSH_HOSTS_FILE='/home/osbash/.ssh/id_rsa'
INSTANCE="$IMAGE-test"
set_admin_vars () {
echo; echo "Setting admin-openrc variables"
export OS_USERNAME=admin
export OS_PASSWORD=admin_user_secret
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://10.0.0.11:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
}
create_flavor () {
echo; echo "Creating flavour $FLAVOUR"
if grep -qvw "$FLAVOUR" <<< $(openstack flavor list -f value | awk '{print $2}') ; then
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 $FLAVOUR
else echo "The flavor exists already" ; fi
}
set_demo_vars () {
echo; echo "Setting demo-openrc variables"
export OS_USERNAME=demo
export OS_PASSWORD=demo_user_pass
export OS_PROJECT_NAME=demo
export OS_AUTH_URL=http://10.0.0.11:5000/v3
}
create_keypair () {
echo; echo "Creating keypair $KEYNAME and ~/$KEYNAME.pem file"
if [ ! -e "$SSH_HOSTS_FILE" ]; then
touch $SSH_HOSTS_FILE
openstack keypair create --public-key $SSH_HOSTS_FILE $KEYNAME > ~/$KEYNAME.pem
echo; echo "Restricting ~/$KEYNAME.pem access rights"
chmod 600 ~/$KEYNAME.pem
else echo "The key pair exists already" ; fi
}
set_security_group () {
echo; echo "Adding port 22 (SSH) and ICMP to default security group"
if grep -qvw 'tcp 0.0.0.0/0 22:22' <<< $(openstack security group rule list default -f value) ; then
openstack security group rule create --proto tcp --dst-port 22 default
else echo "The SSH rule exists already" ; fi
if grep -qvw 'icmp 0.0.0.0/0' <<< $(openstack security group rule list default -f value) ; then
openstack security group rule create --proto icmp default
else echo "The ICMP rule exists already" ; fi
}
get_nic_uuid () {
NIC=$(openstack network list | grep provider | awk '{print $2}')
echo; echo "Extracting provider network UUID: $NIC"
}
launch_instance () {
echo; echo "Creating and launching instance $INSTANCE with:"
echo -e "\n\tFlavour: $FLAVOUR"
echo -e "\tImage: $IMAGE"
echo -e "\tNetwork UUID=$NIC"
echo -e "\tSecurity group: default"
echo -e "\tKey name: $KEYNAME\n"
openstack server create \
--flavor $FLAVOUR \
--image $IMAGE \
--nic net-id=$NIC \
--security-group default \
--key-name $KEYNAME \
$INSTANCE
}
waiting_active () {
echo -e "\nWaiting for instance $INSTANCE to become ACTIVE\n"
while [ "$(openstack server list | grep $INSTANCE | awk '{print $6}')" != 'ACTIVE' ]; do
printf ". "
sleep 2
done
}
final_message () {
echo; echo "Creating volume $VOLNAME"
openstack volume create --size 1 $VOLNAME
echo; echo "Adding volume $VOLNAME to VM instance $INSTANCE"
openstack server add volume $INSTANCE $VOLNAME
openstack volume list
echo; echo
}
set_admin_vars
create_flavor
set_demo_vars
create_keypair
set_security_group
get_nic_uuid
launch_instance
waiting_active
final_message
#END
EOM
Livre de jeux Ansibe
- name: "OpenStack Instances auto-deploy"
hosts: localhost
gather_facts: True
tasks:
- name: "get network provider id"
shell: "openstack network list -f json | jq -r '.[1].ID'"
register: netid
tags: test
- name: "debug"
debug:
msg: "{{netid.stdout}}"
tags: test
- name: "create a keypair"
os_keypair:
name: mykey
state: present
- name: "Create a server"
os_server:
# auth:
# auth_url: http://10.0.0.11:5000/v3
# username: demo
# password: demo_user_pass
# project_name: demo
state: present
name: test3
image: cirros
key_name: mykey
timeout: 200
flavor: m1.nano
security_groups: default
nics:
- net-name: provider
# - net_id: "{{netid.stdout}}"
# - net_id: "da3a10cf-144b-4ea3-b2e3-4085eca4bfff"