# source keystonerc_admin
# openstack project create --domain Default --description "cli-project" cli-project
#openstack project list
# openstack user create --domain Default --project cli-project --password-prompt cli-user
# openstack role add --project cli-project --user cli-user _member_
Image 만들기
# openstack image create --file CentOS-7-x86_64-GenericCloud.qcow2 --disk-format qcow2 --container-format bare --public centos7
\
의 의미 개행 문자ubuntu 이미지 생성
# openstack image create --file bionic-server-cloudimg-amd64.img --disk-format qcow2 --container-format bare --public ubuntu18
qemu-img info bionic-server-cloudimg-amd64.img
# openstack flavor create --vcpus 1 --ram 1024 --disk 10 --id 6 m1.micro
# openstack network create --project cli-project --provider-network-type flat --provider-physical-network extnet --external external-network
# openstack subnet create --network external-network \ --project cli-project --subnet-range 192.168.0.0/21 \ --allocation-pool start=192.168.5.151,end=192.168.5.200 \ --gateway 192.168.0.1 --no-dhcp external-subnet
# vi keystonerc_cli-user
----------------------------------------------------
OS_USER_DOMAIN_NAME, OS_PROJECT_DOMAIN_NAME
Domain -> 회사를 의미; 프로젝트의 윗단을 보면 된다. (프로젝트의 상위 개념)
OS_REGION_NAME -> RegionOne 하나 있다.
OS_AUTH_URL -> Keystone API 주소 (http://192.168.1.82:5000/v3)
----------------------------------------------------
unset OS_SERVICE_TOKEN
export OS_USERNAME=cli-user
export OS_PASSWORD='12341234'
export OS_REGION_NAME=RegionOne
export OS_AUTH_URL=http://192.168.1.82:5000/v3
export PS1='[\u@\h \W(keystone_cli-user)]\$ '
export OS_PROJECT_NAME=cli-project
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
자격증명적용
# source keystonerc_cli-user
Internal Network 구성
project_id 값을 projectID 라는 변수에 값을 저장
# projectID=$(openstack project list | grep cli-project | awk '{print $2}')
$( Command )
: Command 수행 결과를 가지게됨.
print
화면에 출력시키는 명령어
내부 네트워크 시도
# openstack network create --project $projectID --provider-network-type vxlan internal-network
권한이 없어서 실행이 안된다.
권한 지정
\# vi /etc/neutron/policy.yaml
"create_network:provider:network_type": "role:admin or project_id:%(project_id)s"
"create_floatingip:floating_ip_address": "role:admin or project_id:%(project_id)s"
네트워크 설정 관련 권한 "create_network:provider:network_type": "role:admin or project_id:%(project_id)s"
유동 IP 할당 관련 권한
"create_floatingip:floating_ip_address": "role:admin or project_id:%(project_id)s"
:
내부 네트워크 설정 재시도
생성 됐는지 재확인
상세 정보 조회하려는데 다 보여지지 않음.
admin으로 확인하니 보임. (필요하다면 나중에 권한을 찾아서 줘야할듯)
내부 네트워크 서브넷 설정
# openstack subnet create --network internal-network --subnet-range 10.19.1.0/24 --gateway 10.19.1.1 \ --dhcp --dns-nameserver 8.8.8.8 internal-subnet
--network internal-network; 내부 네트워크를 만들겠다.
--subnet-range; 서브넷 지정 10.19.1.0/24
--gateway; 게이트 웨이 주소 명시
--dhcp; dhcp 서버 설정
--dns-nameserver; 네임 서버 지정
internal-subnet; 사용할 내부 네트워크의 서브넷 이름
\# vi /etc/neutron/policy.yaml
---------------------------------------
---------------------------------------
"create_network:provider:network_type": "role:admin or project_id:%(project_id)s"
"create_floatingip:floating_ip_address": "role:admin or project_id:%(project_id)s"
\# projectID=$(openstack project list | grep cli-project | awk '{print $2}')
\# openstack network create --project $projectID --provider-network-type vxlan internal-network
## 생성 확인
\# openstack network list
## 상세 정보 확인
\# openstack network show internal-network
/*
진짜 정보를 보려면 \# source keystonerc_admin 로 접속해야한다.
*/
\# openstack subnet create --network internal-network --subnet-range 10.0.0.0/24 --gateway 10.0.0.1 \
--dhcp --dns-nameserver 8.8.8.8 internal-subnet
# openstack router create router
# openstack router set --external-gateway external-network router
--external-gateway
외부 연결 가능한 게이트웨이# openstack router add subnet router internal-subnet
+-------------------------+---------------------------------------------------------------------------------
| Field | Value
+-------------------------+---------------------------------------------------------------------------------
| admin_state_up | UP
| availability_zone_hints |
| availability_zones | nova
| created_at | 2023-04-07T05:49:20Z
| description |
| external_gateway_info | {"network_id": "c5e3d410-8e66-4b15-8374-b62b302844aa", "external_fixed_ips": [{"
| flavor_id | None
| id | 59bf9847-6d57-4625-88a8-e6cb428e837e
| interfaces_info | [{"port_id": "f2454ca8-4a6a-48ec-bba1-6b6e023b81fc", "ip_address": "10.19.1.1",
| name | router
| project_id | 9eac26071f1347a199c66b7d99ceaffa
| revision_number | 4
| routes |
| status | ACTIVE
| tags |
| updated_at | 2023-04-07T06:17:42Z
+-------------------------+---------------------------------------------------------------------------------
# openstack security group create open-sg-web
# openstack security group rule create --protocol icmp --ingress open-sg-web
:
의미 범위, 22:22 -> 22번~22까지# openstack security group rule create --protocol tcp --dst-port 22:22 open-sg-web
\# openstack security group rule create --protocol tcp --dst-port 80:80 open-sg-web
# openstack keypair create --public-key ~/.ssh/id_rsa.pub open-key
# openstack floating ip create external-network
# openstack router show router
: 이미 사용중인 IP 확인해보기# openstack floating ip create --floating-ip-address 192.168.5.170 external-network
\# openstack floating ip create external-network
\# openstack floating ip create --floating-ip-address 172.16.0.222 external-network
인스턴스 생성 및 접속
# openstack server create --flavor m1.micro --image centos7 --security-group open-sg-web \ --network internal-network --boot-from-volume 10 --key-name open-key webserver
openstack server list
user-data httpd.file
# vi httpd.file
-----------------------------
#!/bin/bash
yum install -y httpd
systemctl enable --now httpd
-----------------------------
유동 IP 할당
# openstack floating ip list
# openstack server add floating ip webserver 192.168.5.170
할당한 유동 IP 로 접속
# ssh -i .ssh/id_rsa centos@192.168.5.170
전체 소스
\# openstack server create --flavor m1.micro --image centos7 --security-group open-sg-web \
--network internal-network --boot-from-volume 10 --key-name open-key --user-data httpd.file webserver
\# openstack server list
\# openstack floating ip list
\# openstack server add floating ip webserver 192.168.5.170
\# ssh -i .ssh/id_rsa centos@192.168.5.170
Volume 추가
볼륨추가
# openstack volume list
; a로 끝나는 루트 볼륨만 존재
# openstack volume create --size 1 web-add
생성된 볼륨 조회
# openstack volume list
볼륨을 붙일 서버를 조회
# openstack server list
서버에 볼륨 추가
# openstack server add volume webserver web-add
서버로 접속 후 ssh -i .ssh/id_rsa centos@192.168.5.170
lsblk
블록 볼륨 리스트 조회
볼륨 포멧 sudo mkfs -t xfs /dev/vdb
볼륨 마운트 sudo mount /dev/vdb /mnt/
와 df -h
전체 소스
\# openstack volume create --size 1 web-add
\# openstack volume list
\# openstack server list
\# openstack server add volume webserver web-add
## 서버로 접속
\# ssh -i .ssh/id_rsa centos@192.168.5.170
$ lsblk
$ sudo mkfs -t xfs /dev/vdb
$ sudo mount /dev/vdb /mnt/
$ df -h
Ubuntu18
\# openstack security group create open-sg-db
\# openstack security group rule create --protocol icmp open-sg-db
\# openstack security group rule create --protocol tcp --dst-port 22 open-sg-db
\# openstack security group rule create --protocol tcp --dst-port 3306 open-sg-db
\# openstack server create --flavor m1.micro --image ubuntu18 --security-group open-sg-db \
--network internal-network --boot-from-volume 10 --key-name open-key --user-data mysqld.file dbserver
--- user-data mysqld.file# vi mysqld.file
-----------------------------
#!/bin/bash
apt update -y
yum install -y mariadb-server
-----------------------------
# openstack server add floating ip dbserver 192.168.5.180
# openstack server list
ssh -i .ssh/id_rsa ubuntu@192.168.5.180
DB 설치 Ubuntu
// MariaDB 설치
// DB가 없다면 수행
$ sudo cp /etc/apt/sources.list ~/sources.list.old
$ sudo sed -i 's/nova.clouds.archive.ubuntu.com/mirror.kakao.com/g' /etc/apt/sources.list
$ sudo apt-get update -y
$ sudo apt-get install -y mariadb-server
// 여기서 부터
$ sudo mysql_secure_installation
$ sudo vi /etc/mysql/mariadb.conf.d/50-server.cnf
#bind-address = 127.0.0.1
$ sudo systemctl restart mysql
$ sudo mysql -u root -p
CREATE USER 'wpuser'@'%' IDENTIFIED BY 'wppass';
CREATE DATABASE IF NOT EXISTS wordpress;
GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'%';
quit
// 웹서버 설치
# wget https://ko.wordpress.org/wordpress-4.8.2-ko_KR.zip
# sudo yum install -y httpd php php-mysql php-gd php-mbstring wget unzip
# cd /var/www/html
# sudo unzip /home/centos/wordpress-4.8.2-ko_KR.zip
# sudo mv ./wordpress/* .
# sudo chown -R apache:apache /var/www/*
# sudo systemctl restart httpd
# sudo systemctl enable httpd
# sudo vi /etc/selinux/config
SELINUX=enforcing -> diabled