📌 1. OPENSTACK web-user 접속하여 root 볼륨 확장하기
- 인스턴스 꺼져있을 때 확장 적용 가능
- 어제 web-restore로 주었던 유동IP(192.168.4.176) 다시 webserver로 가져와서 진행
✔️ 1. 볼륨 - 볼륨 - webserver 내 /dev/vda - 볼륨편집 드랍다운 - 볼륨확장 - 새로운 크기 : 15 - 볼륨확장
✔️ 2. 프로젝트 - compute - 인스턴스 - webserver power on(인스턴스 시작)
✔️ 2-1. 콘솔을 통해 부팅화면 확인 가능.
✔️ 3. 명령어 통해서 확장된 볼륨 확인.
1)lsblk[centos@webserver ~]$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 15G 0 disk
└─vda1 253:1 0 15G 0 part /
2) df -h[centos@webserver ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 472M 0 472M 0% /dev
tmpfs 496M 0 496M 0% /dev/shm
tmpfs 496M 13M 483M 3% /run
tmpfs 496M 0 496M 0% /sys/fs/cgroup
/dev/vda1 15G 1.1G 14G 8% /
tmpfs 100M 0 100M 0% /run/user/1000
📌 2. OPENSTACK CLI로 서버 구축하기
- web-user, admin GUI환경에서 설정한 모든 것 삭제하고 진행. (보안그룹 default, 생성한 프로젝트와 사용자만 남겨두기)
- CLI로 진행할 때 명령어 앞에 OPENSTACK을 꼭 붙여줘야 함.
🔒ADMIN
✔️ 0. mobaxterm으로 비밀번호 입력해서 openstack(192.168.0.127) 콘솔 접속.
✔️ 1. admin권한으로 진입하기.
[root@localhost ~]# source keystonerc_admin //admin 권한 획득하기
[root@localhost ~(keystone_admin)]#
✔️ 1-1. 유저 정보 보는 법
[root@localhost ~]# cat keystonerc_admin
✔️ 2. project 생성
[root@localhost ~(keystone_admin)]# openstack project create --domain Default --description "cli-project" cli-project
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | cli-project |
| domain_id | default |
| enabled | True |
| id | caaca2e969894eb78325ee69c4d44bd4 |
| is_domain | False |
| name | cli-project |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+✔️ 2-1. project 생성 확인
[root@localhost ~(keystone_admin)]# openstack project list
+----------------------------------+-------------+
| ID | Name |
+----------------------------------+-------------+
| 4b5d0f54e76e4f9aa02e563e99a8ef6a | services |
| 6c2727fdcd454368a355fcff0fb35482 | admin |
| 7ace01325d2e4657b4e3adee21276f9c | web-project |
| caaca2e969894eb78325ee69c4d44bd4 | cli-project |
+----------------------------------+-------------+
✔️ 3. USER 생성
[root@localhost ~(keystone_admin)]# openstack user create --domain Default --project cli-project --password-prompt cli-user
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | caaca2e969894eb78325ee69c4d44bd4 |
| domain_id | default |
| enabled | True |
| id | 31d66dd7ba2c4ca494f02e51d9cb4ea9 |
| name | cli-user |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
✔️ 3-1. USER 생성 확인
[root@localhost ~(keystone_admin)]# openstack user list
+----------------------------------+------------+
| ID | Name |
+----------------------------------+------------+
| 714fd4e7fc8342e7b4064d44cf1b3421 | admin |
| 552c761dd9e04c1f9a49c3416f2dbeb1 | heat_admin |
| b0ed7c0e779e4d5a89eaa7b3200897f9 | glance |
| 67b5ea99d5d5471c8d5fe89899ed9c44 | cinder |
| 02661b40b32b44369140a6d319193031 | nova |
| 058586339b8f436d80dbbca74b23bceb | placement |
| 4f7174f647af4f1c8dffdc03bbf83faa | neutron |
| 3d74120558704cde82a6e3e2381d5834 | swift |
| e551fed8910e48bcacc3060f09f51d49 | heat |
| 8e03cd585e6440fbb1650c50d38376e3 | heat-cfn |
| 750ffd6dabc84c2390a9c39872961703 | web-user |
| 31d66dd7ba2c4ca494f02e51d9cb4ea9 | cli-user |
+----------------------------------+------------+
✔️ 3-2. USER에 역할 추가
[root@localhost ~(keystone_admin)]# openstack role add --project cli-project --user cli-user _member_✔️ 4. Flavor 생성 및 삭제
[root@localhost ~(keystone_admin)]# openstack flavor create --id 6 --vcpus 1 --ram 1024 --disk 10 m1.micro
+----------------------------+----------+
| Field | Value |
+----------------------------+----------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| description | None |
| disk | 10 |
| id | 6 |
| name | m1.micro |
| os-flavor-access:is_public | True |
| properties | |
| ram | 1024 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+----------+
[root@localhost ~(keystone_admin)]# openstack flavor delete m1.micro
✔️ 4-1. Flavor 확인
[root@localhost ~(keystone_admin)]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
| 6 | m1.micro | 1024 | 10 | 0 | 1 | True |
+----+-----------+-------+------+-----------+-------+-----------+
✔️ 5. External Network 생성
[root@localhost ~(keystone_admin)]# openstack network create --project admin --provider-network-type flat --provider-physical-network extnet --external External-Network
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-05-24T02:10:38Z |
| description | |
| dns_domain | None |
| id | 1bd200f4-43d2-4988-84fb-539614a69879 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | External-Network |
| port_security_enabled | True |
| project_id | 6c2727fdcd454368a355fcff0fb35482 |
| provider:network_type | flat |
| provider:physical_network | extnet |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | External |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2022-05-24T02:10:38Z |
+---------------------------+--------------------------------------+
✔️ 5-1. subnet 생성
IP대역 : 192.168.4.129 ~ 192.168.4.254
[root@localhost ~(keystone_admin)]# openstack subnet create --network External-Network --project admin --subnet-range 192.168.0.0/20 --allocation-pool start=192.168.4.129,end=192.168.4.254 --gateway 192.168.0.1 --no-dhcp External-Subnet
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 192.168.4.129-192.168.4.254 |
| cidr | 192.168.0.0/20 |
| created_at | 2022-05-24T02:18:38Z |
| description | |
| dns_nameservers | |
| dns_publish_fixed_ip | None |
| enable_dhcp | False |
| gateway_ip | 192.168.0.1 |
| host_routes | |
| id | df4c40c0-6db3-4d78-929b-df1baa5a046b |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | External-Subnet |
| network_id | 1bd200f4-43d2-4988-84fb-539614a69879 |
| project_id | 6c2727fdcd454368a355fcff0fb35482 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-05-24T02:18:38Z |
+----------------------+--------------------------------------+
✔️ 5-2. 네트워크 환경 확인
[root@localhost ~(keystone_admin)]# openstack network list
+--------------------------------------+------------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+------------------+--------------------------------------+
| 1bd200f4-43d2-4988-84fb-539614a69879 | External-Network | df4c40c0-6db3-4d78-929b-df1baa5a046b |
+--------------------------------------+------------------+--------------------------------------+
[root@localhost ~(keystone_admin)]# openstack subnet list
+--------------------------------------+-----------------+--------------------------------------+----------------+
| ID | Name | Network | Subnet |
+--------------------------------------+-----------------+--------------------------------------+----------------+
| df4c40c0-6db3-4d78-929b-df1baa5a046b | External-Subnet | 1bd200f4-43d2-4988-84fb-539614a69879 | 192.168.0.0/20 |
+--------------------------------------+-----------------+--------------------------------------+----------------+
[root@localhost ~(keystone_admin)]# openstack subnet show External-Subnet //start IP, end IP확인
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 192.168.4.129-192.168.4.254 |
| cidr | 192.168.0.0/20 |
| created_at | 2022-05-24T02:18:38Z |
| description | |
| dns_nameservers | |
| dns_publish_fixed_ip | None |
| enable_dhcp | False |
| gateway_ip | 192.168.0.1 |
| host_routes | |
| id | df4c40c0-6db3-4d78-929b-df1baa5a046b |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | External-Subnet |
| network_id | 1bd200f4-43d2-4988-84fb-539614a69879 |
| project_id | 6c2727fdcd454368a355fcff0fb35482 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-05-24T02:18:38Z |
+----------------------+--------------------------------------+
📄 admin 권한으로 진행한 코드 정리
Project
# source keystonerc_admin //admin 권한 획득하기
# openstack project create --domain Default --description "cli-project" cli-project // create 시 이름을 마지막에 이름을 넣자.
User
# openstack user create --domain Default --project cli-project --password-prompt cli-user //--password-prompt 통해 비밀번호 생성하게 함.
# openstack role add --project cli-project --user cli-user _member_
Flavor
# openstack flavor create --vcpus 1 --id 6 --ram 1024 --disk 10 m1.micro
External Network
# openstack network create --project admin --provider-network-type flat --provider-physical-network extnet --external External-Network
# openstack subnet create --network External-Network \
--project cli-project --subnet-range 192.168.0.0/20 \
--allocation-pool start=192.168.4.129,end=192.168.4.254 \
--gateway 192.168.0.1 --no-dhcp External-Subnet
🔓CLI-USER
✔️ 6. cli-user로 접속하기 위한 TOKEN생성
[root@localhost ~(keystone_admin)]# vi keystonerc_cli-user
unset OS_SERVICE_TOKEN
export OS_USERNAME=cli-user
export OS_PASSWORD='kosa0401' //아까 생성한 패스워드 (admin-3)
export OS_REGION_NAME=RegionOne
export OS_AUTH_URL=http://192.168.0.127:5000/v3
export PS1='[\u@\h \W(keystone_cli-user)]\$ '
export OS_PROJECT_NAME=cli-project
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
[root@localhost ~(keystone_admin)]# exit //세션끊고 재진입
✔️ 6-1. cli-user로 접속하기
[root@localhost ~]# source keystonerc_cli-user
[root@localhost ~(keystone_cli-user)]#
✔️ 7. Internal Network 설정 위한 권한 넣어주기
[root@localhost ~(keystone_cli-user)]# vi /etc/neutron/policy.yaml
"create_network:provider:network_type": "role:admin or project_id:%(project_id)s"
"create_floatingip:floating_ip_address": "role:admin or project_id:%(project_id)s"
✔️ 7-1. 추후 사용할 긴 ID 변수로 설정해두기
[root@localhost ~(keystone_cli-user)]# projectID=$(openstack project list | grep cli-project | awk '{print $2}')
[root@localhost ~(keystone_cli-user)]# echo $projectID //변수설정 확인
caaca2e969894eb78325ee69c4d44bd4
✔️ 7-2. Internal Network 생성
[root@localhost ~(keystone_cli-user)]# openstack network create --project $projectID --provider-network-type vxlan Internal-Network
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-05-24T02:45:35Z |
| description | |
| dns_domain | None |
| id | ccacd32b-0b62-4f40-abe0-65a2532bdfd5 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1450 |
| name | Internal-Network |
| port_security_enabled | True |
| project_id | caaca2e969894eb78325ee69c4d44bd4 |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2022-05-24T02:45:35Z |
+---------------------------+--------------------------------------+
[root@localhost ~(keystone_cli-user)]# openstack network list
+--------------------------------------+------------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+------------------+--------------------------------------+
| 1bd200f4-43d2-4988-84fb-539614a69879 | External-Network | df4c40c0-6db3-4d78-929b-df1baa5a046b |
| ccacd32b-0b62-4f40-abe0-65a2532bdfd5 | Internal-Network | |
+--------------------------------------+------------------+--------------------------------------+
✔️ 7-3. Internal Subnet 생성
[root@localhost ~(keystone_cli-user)]# openstack subnet create --network Internal-Network --subnet-range 10.14.0.0/20 --gateway 10.14.0.1 --dhcp --dns-nameserver 192.168.0.66 --dns-nameserver 8.8.8.8 Internal-Subnet
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 10.14.0.2-10.14.15.254 |
| cidr | 10.14.0.0/20 |
| created_at | 2022-05-24T02:50:05Z |
| description | |
| dns_nameservers | 192.168.0.66, 8.8.8.8 |
| dns_publish_fixed_ip | None |
| enable_dhcp | True |
| gateway_ip | 10.14.0.1 |
| host_routes | |
| id | 95e51ac0-46b9-4659-869d-54be470449cf |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | Internal-Subnet |
| network_id | ccacd32b-0b62-4f40-abe0-65a2532bdfd5 |
| project_id | caaca2e969894eb78325ee69c4d44bd4 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-05-24T02:50:05Z |
+----------------------+--------------------------------------+
✔️ 8. Router 생성
[root@localhost ~(keystone_cli-user)]# openstack router create Router
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-05-24T03:10:40Z |
| description | |
| external_gateway_info | null |
| flavor_id | None |
| id | b26ccf80-e7c2-40b0-a353-a2d3308c20d8 |
| name | Router |
| project_id | caaca2e969894eb78325ee69c4d44bd4 |
| revision_number | 1 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2022-05-24T03:10:40Z |
+-------------------------+--------------------------------------+
✔️ 8-1. Router 연결 (라우터와 외부네트워크)
[root@localhost ~(keystone_cli-user)]# openstack router set --external-gateway External-Network Router✔️ 8-2. 인터페이스 추가
[root@localhost ~(keystone_cli-user)]# openstack router add subnet Router Internal-Subnet✔️ 9. 보안그룹 생성 (for WEBSERVER)
[root@localhost ~(keystone_cli-user)]# openstack security group create SG-WEB
+-----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2022-05-24T03:17:21Z |
| description | SG-WEB |
| id | 9b4a9255-e5c2-4ee6-b4f5-df55c3db5f81 |
| name | SG-WEB |
| project_id | caaca2e969894eb78325ee69c4d44bd4 |
| revision_number | 1 |
| rules | created_at='2022-05-24T03:17:21Z', direction='egress', ethertype='IPv4', id='c912e00f-81cc-49dc-8000-68d10c797cdd', standard_attr_id='64', tenant_id='caaca2e969894eb78325ee69c4d44bd4', updated_at='2022-05-24T03:17:21Z' |
| | created_at='2022-05-24T03:17:21Z', direction='egress', ethertype='IPv6', id='d464b0a0-49c7-4808-9f37-c2e8b43241cb', standard_attr_id='65', tenant_id='caaca2e969894eb78325ee69c4d44bd4', updated_at='2022-05-24T03:17:21Z' |
| stateful | True |
| tags | [] |
| updated_at | 2022-05-24T03:17:21Z |
+-----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@localhost ~(keystone_cli-user)]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------------------+---------+------------------------+----------------------------------+------+
| 9b4a9255-e5c2-4ee6-b4f5-df55c3db5f81 | SG-WEB | SG-WEB | caaca2e969894eb78325ee69c4d44bd4 | [] |
| efce35cc-8e57-4bca-bc75-47e8eae63613 | default | Default security group | caaca2e969894eb78325ee69c4d44bd4 | [] |
+--------------------------------------+---------+------------------------+----------------------------------+------+
✔️ 9-1. 보안그룹 규칙 추가 (ICMP)
[root@localhost ~(keystone_cli-user)]# openstack security group rule create --protocol icmp --ingress SG-WEB
^X+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2022-05-24T03:23:22Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | a6009d5c-de8a-433a-8631-6d9f6619582b |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | caaca2e969894eb78325ee69c4d44bd4 |
| protocol | icmp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 9b4a9255-e5c2-4ee6-b4f5-df55c3db5f81 |
| tags | [] |
| tenant_id | caaca2e969894eb78325ee69c4d44bd4 |
| updated_at | 2022-05-24T03:23:22Z |
+-------------------------+--------------------------------------+
✔️ 9-2. 보안그룹 규칙 추가 (ssh)
[root@localhost ~(keystone_cli-user)]# openstack security group rule create --protocol tcp --dst-port 22:22 SG-WEB
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2022-05-24T03:32:14Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | e77da2b9-0493-4ed6-9730-6f4ff9ce8f25 |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | caaca2e969894eb78325ee69c4d44bd4 |
| protocol | tcp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 9b4a9255-e5c2-4ee6-b4f5-df55c3db5f81 |
| tags | [] |
| tenant_id | caaca2e969894eb78325ee69c4d44bd4 |
| updated_at | 2022-05-24T03:32:14Z |
+-------------------------+--------------------------------------+
✔️ 9-3. 보안그룹 규칙 추가 (http)
[root@localhost ~(keystone_cli-user)]# openstack security group rule create --protocol tcp --dst-port 80 SG-WEB // 80:80대신 80으로 해도 무방.
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2022-05-24T03:33:02Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | eaa48e86-1bab-46cc-9318-388ca4ce61e5 |
| name | None |
| port_range_max | 80 |
| port_range_min | 80 |
| project_id | caaca2e969894eb78325ee69c4d44bd4 |
| protocol | tcp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 9b4a9255-e5c2-4ee6-b4f5-df55c3db5f81 |
| tags | [] |
| tenant_id | caaca2e969894eb78325ee69c4d44bd4 |
| updated_at | 2022-05-24T03:33:02Z |
+-------------------------+--------------------------------------+
✔️ 10. 보안그룹 생성 (for DBSERVER)
[root@localhost ~(keystone_cli-user)]# openstack security group create SG-DB
+-----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2022-05-24T03:34:31Z |
| description | SG-DB |
| id | ef9bbb86-e62b-408e-a4a0-62f0848621ab |
| name | SG-DB |
| project_id | caaca2e969894eb78325ee69c4d44bd4 |
| revision_number | 1 |
| rules | created_at='2022-05-24T03:34:31Z', direction='egress', ethertype='IPv4', id='66ac6146-5402-4ad1-9a93-0e5ae2a20d67', standard_attr_id='70', tenant_id='caaca2e969894eb78325ee69c4d44bd4', updated_at='2022-05-24T03:34:31Z' |
| | created_at='2022-05-24T03:34:31Z', direction='egress', ethertype='IPv6', id='d2790c91-f3e7-4b61-b091-0075f8d5d994', standard_attr_id='71', tenant_id='caaca2e969894eb78325ee69c4d44bd4', updated_at='2022-05-24T03:34:31Z' |
| stateful | True |
| tags | [] |
| updated_at | 2022-05-24T03:34:31Z |
+-----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
✔️ 10 -1 . 규칙추가 (icmp, ssh, mysql)
[root@localhost ~(keystone_cli-user)]# openstack security group rule create --protocol icmp --ingress SG-DB
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2022-05-24T03:35:54Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 5dab1718-ec36-49fb-9c3c-7e1950d61605 |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | caaca2e969894eb78325ee69c4d44bd4 |
| protocol | icmp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | ef9bbb86-e62b-408e-a4a0-62f0848621ab |
| tags | [] |
| tenant_id | caaca2e969894eb78325ee69c4d44bd4 |
| updated_at | 2022-05-24T03:35:54Z |
+-------------------------+--------------------------------------+
[root@localhost ~(keystone_cli-user)]# openstack security group rule create --protocol tcp --dst-port 22 SG-DB
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2022-05-24T03:36:20Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | c9032f37-9a88-40e1-9807-a4089db75113 |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | caaca2e969894eb78325ee69c4d44bd4 |
| protocol | tcp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | ef9bbb86-e62b-408e-a4a0-62f0848621ab |
| tags | [] |
| tenant_id | caaca2e969894eb78325ee69c4d44bd4 |
| updated_at | 2022-05-24T03:36:20Z |
+-------------------------+--------------------------------------+
[root@localhost ~(keystone_cli-user)]# openstack security group rule create --protocol tcp --dst-port 3306 SG-DB
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2022-05-24T03:36:34Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 8c566570-72ce-4ecb-8a46-4fe5bbf63686 |
| name | None |
| port_range_max | 3306 |
| port_range_min | 3306 |
| project_id | caaca2e969894eb78325ee69c4d44bd4 |
| protocol | tcp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | ef9bbb86-e62b-408e-a4a0-62f0848621ab |
| tags | [] |
| tenant_id | caaca2e969894eb78325ee69c4d44bd4 |
| updated_at | 2022-05-24T03:36:34Z |
+-------------------------+--------------------------------------+
✔️ 11. Keypair 생성
[root@localhost ~(keystone_cli-user)]# openstack keypair create --public-key ~/.ssh/id_rsa.pub cli-key
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| created_at | None |
| fingerprint | 8c:64:36:59:86:37:56:57:c6:b7:2b:a7:b8:02:0d:0f |
| id | cli-key |
| is_deleted | None |
| name | cli-key |
| type | ssh |
| user_id | 31d66dd7ba2c4ca494f02e51d9cb4ea9 |
+-------------+-------------------------------------------------+
[root@localhost ~(keystone_cli-user)]# openstack keypair list
+---------+-------------------------------------------------+------+
| Name | Fingerprint | Type |
+---------+-------------------------------------------------+------+
| cli-key | 8c:64:36:59:86:37:56:57:c6:b7:2b:a7:b8:02:0d:0f | ssh |
+---------+-------------------------------------------------+------+
✔️ 12. 이미지 가져오기
mobaxterm 이용하여 centos qcow2파일 openstack에 가져오기
✔️ 12-1. 이미지 생성 (centos)
[root@localhost ~(keystone_cli-user)]# openstack image create --file CentOS-7-x86_64-GenericCloud-2111.qcow2 --disk-format qcow2 --container-format bare CentOS7
+------------------+---------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+---------------------------------------------------------------------------------------------------------------------------------------------+
| container_format | bare |
| created_at | 2022-05-24T05:14:20Z |
| disk_format | qcow2 |
| file | /v2/images/1470afda-04b2-4393-9db7-74a5b69359b2/file |
| id | 1470afda-04b2-4393-9db7-74a5b69359b2 |
| min_disk | 0 |
| min_ram | 0 |
| name | CentOS7 |
| owner | caaca2e969894eb78325ee69c4d44bd4 |
| properties | os_hidden='False', owner_specified.openstack.md5='', owner_specified.openstack.object='images/CentOS7', owner_specified.openstack.sha256='' |
| protected | False |
| schema | /v2/schemas/image |
| status | queued |
| tags | |
| updated_at | 2022-05-24T05:14:20Z |
| visibility | shared |
+------------------+---------------------------------------------------------------------------------------------------------------------------------------------+
[root@localhost ~(keystone_cli-user)]# openstack image list
+--------------------------------------+---------+--------+
| ID | Name | Status |
+--------------------------------------+---------+--------+
| 1470afda-04b2-4393-9db7-74a5b69359b2 | CentOS7 | active |
+--------------------------------------+---------+--------+
✔️ 12-2.이미지 생성(Ubuntu18)
[root@localhost ~(keystone_cli-user)]# openstack image create --file bionic-server-cloudimg-amd64.img --disk-format qcow2 --container-format bare "Ubuntu18"
+------------------+----------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+----------------------------------------------------------------------------------------------------------------------------------------------+
| container_format | bare |
| created_at | 2022-05-24T05:20:13Z |
| disk_format | qcow2 |
| file | /v2/images/e0bee2fe-3fb7-4e73-b727-1fc024184fe0/file |
| id | e0bee2fe-3fb7-4e73-b727-1fc024184fe0 |
| min_disk | 0 |
| min_ram | 0 |
| name | Ubuntu18 |
| owner | caaca2e969894eb78325ee69c4d44bd4 |
| properties | os_hidden='False', owner_specified.openstack.md5='', owner_specified.openstack.object='images/Ubuntu18', owner_specified.openstack.sha256='' |
| protected | False |
| schema | /v2/schemas/image |
| status | queued |
| tags | |
| updated_at | 2022-05-24T05:20:13Z |
| visibility | shared |
+------------------+----------------------------------------------------------------------------------------------------------------------------------------------+
[root@localhost ~(keystone_cli-user)]# openstack image list
+--------------------------------------+----------+--------+
| ID | Name | Status |
+--------------------------------------+----------+--------+
| 1470afda-04b2-4393-9db7-74a5b69359b2 | CentOS7 | active |
| e0bee2fe-3fb7-4e73-b727-1fc024184fe0 | Ubuntu18 | active |
+--------------------------------------+----------+--------+
✔️ 13.Floating IP 생성
[root@localhost ~(keystone_cli-user)]# openstack floating ip create External-Network
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2022-05-24T05:23:10Z |
| description | |
| dns_domain | None |
| dns_name | None |
| fixed_ip_address | None |
| floating_ip_address | 192.168.4.246 |
| floating_network_id | 1bd200f4-43d2-4988-84fb-539614a69879 |
| id | 8d279088-29ea-4183-843d-21ed931edb36 |
| name | 192.168.4.246 |
| port_details | None |
| port_id | None |
| project_id | caaca2e969894eb78325ee69c4d44bd4 |
| qos_policy_id | None |
| revision_number | 0 |
| router_id | None |
| status | DOWN |
| subnet_id | None |
| tags | [] |
| updated_at | 2022-05-24T05:23:10Z |
+---------------------+--------------------------------------+
[root@localhost ~(keystone_cli-user)]# openstack floating ip list
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| 8d279088-29ea-4183-843d-21ed931edb36 | 192.168.4.246 | None | None | 1bd200f4-43d2-4988-84fb-539614a69879 | caaca2e969894eb78325ee69c4d44bd4 |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
✔️ 13-1. 특정 floating ip생성하기
[root@localhost ~(keystone_cli-user)]# openstack floating ip create --floating-ip-address 192.168.4.200 External-Network
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2022-05-24T05:27:21Z |
| description | |
| dns_domain | None |
| dns_name | None |
| fixed_ip_address | None |
| floating_ip_address | 192.168.4.200 |
| floating_network_id | 1bd200f4-43d2-4988-84fb-539614a69879 |
| id | 73125aa2-bf7a-4a82-8d13-b067d9e4b30c |
| name | 192.168.4.200 |
| port_details | None |
| port_id | None |
| project_id | caaca2e969894eb78325ee69c4d44bd4 |
| qos_policy_id | None |
| revision_number | 0 |
| router_id | None |
| status | DOWN |
| subnet_id | None |
| tags | [] |
| updated_at | 2022-05-24T05:27:21Z |
+---------------------+--------------------------------------+
[root@localhost ~(keystone_cli-user)]# openstack floating ip list
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| 73125aa2-bf7a-4a82-8d13-b067d9e4b30c | 192.168.4.200 | None | None | 1bd200f4-43d2-4988-84fb-539614a69879 | caaca2e969894eb78325ee69c4d44bd4 |
| 8d279088-29ea-4183-843d-21ed931edb36 | 192.168.4.246 | None | None | 1bd200f4-43d2-4988-84fb-539614a69879 | caaca2e969894eb78325ee69c4d44bd4 |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
✔️ 14.object container 생성(for wordpress준비)
[root@localhost ~(keystone_cli-user)]# openstack container create files
+---------------------------------------+-----------+------------------------------------+
| account | container | x-trans-id |
+---------------------------------------+-----------+------------------------------------+
| AUTH_caaca2e969894eb78325ee69c4d44bd4 | files | tx07f4c6cd2767478bb1a87-00628c6e48 |
+---------------------------------------+-----------+------------------------------------+
✔️ 14-1.파일 추가하는 법 몰라서 webui에서 file폴더 내부에 wordpress 4.8.2버전 업로드
->wget을 위한 link 생성 http://192.168.0.127:8080/v1/AUTH_caaca2e969894eb78325ee69c4d44bd4/files
✔️ 14-2. httpd.file 생성
[root@localhost ~(keystone_cli-user)]# vi httpd.file
#!/bin/bash
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config
yum install -y httpd php php-mysql php-gd php-mbstring wget unzip
cd /home/centos
wget http://192.168.0.127:8080/v1/AUTH_caaca2e969894eb78325ee69c4d44bd4/fileswordpress-4.8.2-ko_KR.zip
cd /var/www/html
unzip /home/centos/wordpress-4.8.2-ko_KR.zip
mv ./worepress/* .
chown -R apache:apache /var/www/*
systemctl enable --now httpd
✔️15. WEBSERVER생성
[root@localhost ~(keystone_cli-user)]# openstack server create --flavor m1.micro --image CentOS7 --security-group SG-WEB \
> --network Internal-Network --boot-from-volume 10 --key-name cli-key --user-data httpd.file WEBSERVER
+-----------------------------+---------------------------------------------+
| Field | Value |
+-----------------------------+---------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | LLVXLu9Xjg4J |
| config_drive | |
| created | 2022-05-24T05:51:15Z |
| flavor | m1.micro (6) |
| hostId | |
| id | 20e3ac04-3a2a-4c9d-8f4b-bfa22b6adb33 |
| image | N/A (booted from volume) |
| key_name | cli-key |
| name | WEBSERVER |
| progress | 0 |
| project_id | caaca2e969894eb78325ee69c4d44bd4 |
| properties | |
| security_groups | name='9b4a9255-e5c2-4ee6-b4f5-df55c3db5f81' |
| status | BUILD |
| updated | 2022-05-24T05:51:16Z |
| user_id | 31d66dd7ba2c4ca494f02e51d9cb4ea9 |
| volumes_attached | |
+-----------------------------+---------------------------------------------+
[root@localhost ~(keystone_cli-user)]# openstack server list
+--------------------------------------+-----------+--------+-----------------------------+--------------------------+----------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-----------+--------+-----------------------------+--------------------------+----------+
| 20e3ac04-3a2a-4c9d-8f4b-bfa22b6adb33 | WEBSERVER | ACTIVE | Internal-Network=10.14.3.56 | N/A (booted from volume) | m1.micro |
+--------------------------------------+-----------+--------+-----------------------------+--------------------------+----------+
✔️15-1. WEBSERVER에 floating ip 부여
[root@localhost ~(keystone_cli-user)]# openstack server add floating ip WEBSERVER 192.168.4.200
[root@localhost ~(keystone_cli-user)]# openstack server list
+--------------------------------------+-----------+--------+--------------------------------------------+--------------------------+----------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-----------+--------+--------------------------------------------+--------------------------+----------+
| 20e3ac04-3a2a-4c9d-8f4b-bfa22b6adb33 | WEBSERVER | ACTIVE | Internal-Network=10.14.3.56, 192.168.4.200 | N/A (booted from volume) | m1.micro |
+--------------------------------------+-----------+--------+--------------------------------------------+--------------------------+----------+
✔️16. WEBSERVER에 진입하기 위한 ssh
[root@localhost ~(keystone_cli-user)]# ssh -i /ssh/id_rsa centos@192.168.4.200
Warning: Identity file /ssh/id_rsa not accessible: No such file or directory.
The authenticity of host '192.168.4.200 (192.168.4.200)' can't be established.
ECDSA key fingerprint is SHA256:ODPLbNv40mlhN07EzT/uJ9Llc/qwZKnsMq1FtIiWN3Q.
Are you sure you want to continue connecting (yes/no/[fingerprint])? y
Please type 'yes', 'no' or the fingerprint: y
Please type 'yes', 'no' or the fingerprint: yes
Warning: Permanently added '192.168.4.200' (ECDSA) to the list of known hosts.
[centos@webserver ~]$
exit
✔️17. Volume 생성 (8GB, 이름 : web01-add)
[root@localhost ~(keystone_cli-user)]# openstack volume create --size 8 WEB01-ADD
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2022-05-24T06:31:02.320410 |
| description | None |
| encrypted | False |
| id | f41c4952-c633-4780-b01d-f46ee9319d25 |
| multiattach | False |
| name | WEB01-ADD |
| properties | |
| replication_status | None |
| size | 8 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| type | iscsi |
| updated_at | None |
| user_id | 31d66dd7ba2c4ca494f02e51d9cb4ea9 |
+---------------------+--------------------------------------+
[root@localhost ~(keystone_cli-user)]# openstack volume list
+--------------------------------------+-----------+-----------+------+------------------------------------+
| ID | Name | Status | Size | Attached to |
+--------------------------------------+-----------+-----------+------+------------------------------------+
| f41c4952-c633-4780-b01d-f46ee9319d25 | WEB01-ADD | available | 8 | |
| ba3edf37-8b79-44c8-a192-49073378d45e | | in-use | 10 | Attached to WEBSERVER on /dev/vda |
+--------------------------------------+-----------+-----------+------+------------------------------------+
✔️17-1. 생성한 volume과 webserver 연결 및 확인
[root@localhost ~(keystone_cli-user)]# openstack server add volume WEBSERVER WEB01-ADD
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| ID | f41c4952-c633-4780-b01d-f46ee9319d25 |
| Server ID | 20e3ac04-3a2a-4c9d-8f4b-bfa22b6adb33 |
| Volume ID | f41c4952-c633-4780-b01d-f46ee9319d25 |
| Device | /dev/vdb |
| Tag | None |
| Delete On Termination | False |
+-----------------------+--------------------------------------+
[root@localhost ~(keystone_cli-user)]# ssh -i .ssh/id_rsa centos@192.168.4.200
[centos@webserver ~]$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 10G 0 disk
└─vda1 253:1 0 10G 0 part /
vdb 253:16 0 8G 0 disk
[centos@webserver ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 472M 0 472M 0% /dev
tmpfs 496M 0 496M 0% /dev/shm
tmpfs 496M 13M 483M 3% /run
tmpfs 496M 0 496M 0% /sys/fs/cgroup
/dev/vda1 10G 1.1G 9.0G 11% /
tmpfs 100M 0 100M 0% /run/user/0
tmpfs 100M 0 100M 0% /run/user/1000
[centos@webserver ~]$ sudo mkfs -t ext4 /dev/vdb
//ext4로 포맷팅
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
524288 inodes, 2097152 blocks
104857 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2147483648
64 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632
Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
[centos@webserver ~]$ sudo mount /dev/vdb /mnt
[centos@webserver ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 472M 0 472M 0% /dev
tmpfs 496M 0 496M 0% /dev/shm
tmpfs 496M 13M 483M 3% /run
tmpfs 496M 0 496M 0% /sys/fs/cgroup
/dev/vda1 10G 1.1G 9.0G 11% /
tmpfs 100M 0 100M 0% /run/user/0
tmpfs 100M 0 100M 0% /run/user/1000
/dev/vdb 7.8G 36M 7.3G 1% /mnt
[centos@webserver ~]$ cd /mnt
[centos@webserver mnt]$ sudo touch hello.txt
✔️18. DBSERVER 구축
[root@localhost ~(keystone_cli-user)]# openstack server create --flavor m1.micro --image Ubuntu18 --security-group SG-DB --network Internal-Network --boot-from-volume 10 --key-name cli-key DBSERVER
+-----------------------------+---------------------------------------------+
| Field | Value |
+-----------------------------+---------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | MwJjsxpPuF3f |
| config_drive | |
| created | 2022-05-24T06:50:07Z |
| flavor | m1.micro (6) |
| hostId | |
| id | 2600acfc-bbee-48c0-8224-fe202f85c5c5 |
| image | N/A (booted from volume) |
| key_name | cli-key |
| name | DBSERVER |
| progress | 0 |
| project_id | caaca2e969894eb78325ee69c4d44bd4 |
| properties | |
| security_groups | name='ef9bbb86-e62b-408e-a4a0-62f0848621ab' |
| status | BUILD |
| updated | 2022-05-24T06:50:08Z |
| user_id | 31d66dd7ba2c4ca494f02e51d9cb4ea9 |
| volumes_attached | |
+-----------------------------+---------------------------------------------+
[root@localhost ~(keystone_cli-user)]# openstack server list
+--------------------------------------+-----------+--------+--------------------------------------------+--------------------------+----------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-----------+--------+--------------------------------------------+--------------------------+----------+
| 2600acfc-bbee-48c0-8224-fe202f85c5c5 | DBSERVER | BUILD | | N/A (booted from volume) | m1.micro |
| 20e3ac04-3a2a-4c9d-8f4b-bfa22b6adb33 | WEBSERVER | ACTIVE | Internal-Network=10.14.3.56, 192.168.4.200 | N/A (booted from volume) | m1.micro |
+--------------------------------------+-----------+--------+--------------------------------------------+--------------------------+----------+
✔️18-1. webserver 경유해서 db서버 접속 위해 key 전송하기
[root@localhost ~(keystone_cli-user)]# scp -i .ssh/id_rsa .ssh/id_rsa centos@192.168.4.200:/home/centos
id_rsa 100% 2610 218.7KB/s 00:00
[root@localhost ~(keystone_cli-user)]# ssh -i .ssh/id_rsa centos@192.168.4.200
Last login: Tue May 24 06:35:27 2022 from 192.168.0.127
[centos@webserver ~]$ ls -al
[centos@webserver ~]$ ssh -i id_rsa ubuntu@10.14.0.22
The authenticity of host '10.14.0.22 (10.14.0.22)' can't be established.
ECDSA key fingerprint is SHA256:eoJO5marMxg10tIg1adsCLNSu1udOhDq8hhegNdkj5U.
ECDSA key fingerprint is MD5:9f:9f:ab:30:c3:e1:56:f0:cb:94:e3:c3:ac:e2:47:f9.
Are you sure you want to continue connecting (yes/no)? yes
✔️19. DB서버에 MariaDB 설치하기
ubuntu@dbserver:~$ sudo apt-get update -y
ubuntu@dbserver:~$ sudo apt-get install -y mariadb-server
ubuntu@dbserver:~$ sudo mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
ubuntu@dbserver:~$ sudo vi /etc/mysql/mariadb.conf.d/50-server.cnf
#bind-address = 127.0.0.1
//bind-address 사용하면 기능 제한. 내부에서만 접근 가능함.
ubuntu@dbserver:~$ sudo systemctl restart mysql
ubuntu@dbserver:~$ sudo mysql -u root -p
MariaDB [(none)]> CREATE USER 'wpuser'@'%' IDENTIFIED BY 'wppass';
Query OK, 0 rows affected (0.03 sec)
MariaDB [(none)]> CREATE DATABASE IF NOT EXISTS wordpress;
Query OK, 1 row affected (0.02 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'%';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> quit
Bye
ubuntu@dbserver:~$ exit
✔️20. 웹서버 wordpress 설치
웹서버 브라우저로 진입 (192.168.4.200)
이름 wpuser
wppass
호스트 10.14.0.22 (내부 IP)
=> 설치 진행
📄 cli-user 권한으로 진행한 코드 정리
[root@localhost ~(keystone_admin)]# vi keystonerc_cli-user
unset OS_SERVICE_TOKEN
export OS_USERNAME=cli-user
export OS_PASSWORD='kosa0401' //아까 생성한 패스워드 (admin-3)
export OS_REGION_NAME=RegionOne
export OS_AUTH_URL=http://192.168.0.127:5000/v3
export PS1='[\u@\h \W(keystone_cli-user)]\$ '
export OS_PROJECT_NAME=cli-project
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
# exit //세션끊고 재진입
# vi /etc/neutron/policy.yaml //cli-user에 network,floating IP create 위한 권한 넣어주기
"create_network:provider:network_type": "role:admin or project_id:%(project_id)s"
"create_floatingip:floating_ip_address": "role:admin or project_id:%(project_id)s"
# projectID=$(openstack project list | grep cli-project | awk '{print $2}') //나중에사용할 긴 ID변수로 설정해두기
// cli-progect 찾아서 두번째 줄에 있는거 .
# openstack network create --project $projectID --provider-network-type vxlan Internal-Network
# openstack subnet create --network Internal-Network --subnet-range 10.14.0.0/20 --gateway 10.14.0.1 --dhcp --dns-nameserver 192.168.0.66 --dns-nameserver 8.8.8.8 Internal-Subnet
Router
# openstack router create Router
# openstack router set --external-gateway External-Network Router
# openstack router add subnet Router Internal-Subnet //라우터와 서브넷 연결하므로 라우터 이름, 서브넷 이름 (인터페이스 추가를 통한 연결)
Security Group
# openstack security group create SG-WEB //3개의 커맨드가 뭉쳐다님. securirt group/create/SG-WEB
# openstack security group rule create --protocol icmp --ingress SG-WEB
# openstack security group rule create --protocol tcp --dst-port 22:22 SG-WEB
# openstack security group rule create --protocol tcp --dst-port 80:80 SG-WEB
# openstack security group create SG-DB
# openstack security group rule create --protocol icmp --ingress SG-DB
# openstack security group rule create --protocol tcp --dst-port 22:22 SG-DB
# openstack security group rule create --protocol tcp --dst-port 3306 SG-DB
KeyPair
# openstack keypair create --public-key ~/.ssh/id_rsa.pub cli-key
Image
# openstack image create --file CentOS-7-x86_64-GenericCloud-2111.qcow2 --disk-format qcow2 --container-format bare "CentOS7" --public //--public은 admin일 때 사용 가능.
# openstack image create --file bionic-server-cloudimg-amd64.img --disk-format qcow2 --container-format bare "Ubuntu18"
Floating IP
# openstack floating ip create External-Network
# openstack floating ip create --floating-ip-address 192.168.4.200 External-Network
# openstack container create files
# vi httpd.file
#!/bin/bash
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config
yum install -y httpd php php-mysql php-gd php-mbstring wget unzip
cd /home/centos
wget http://192.168.0.127:8080/v1/AUTH_caaca2e969894eb78325ee69c4d44bd4/files/wordpress-4.8.2-ko_KR.zip
cd /var/www/html
unzip /home/centos/wordpress-4.8.2-ko_KR.zip
mv ./wordpress/* .
chown -R apache:apache /var/www/*
systemctl enable --now httpd
WEBSERVER생성
# openstack server create --flavor m1.micro --image CentOS7 --security-group SG-WEB --network Internal-Network --boot-from-volume 10 --key-name cli-key --user-data httpd.file WEBSERVER
# openstack server list
# openstack floating ip list
# openstack server add floating ip WEBSERVER 192.168.4.200
# ssh -i .ssh/id_rsa centos@192.168.4.200
$ exit
Volume
# openstack volume create --size 8 WEB01-ADD
# openstack volume list
# openstack server list
# openstack server add volume WEB01 WEB01-ADD
# ssh -i .ssh/id_rsa centos@192.168.4.200
$ lsblk
$ sudo mkfs -t ext4 /dev/vdb//ext4로 포맷팅
$ sudo mount /dev/vdb /mnt
$ df -h
$ sudo touch hello.txt /mnt/hello.txt
DBSERVER 구축
# openstack server create --flavor m1.micro --image Ubuntu18 --security-group SG-DB --network Internal-Network --boot-from-volume 10 --key-name cli-key DBSERVER
# openstack server list
webserver경유해서 DB서버 접속
# scp -i .ssh/id_rsa .ssh/id_rsa centos@192.168.4.200:/home/centos
id_rsa
# ssh -i .ssh/id_rsa centos@192.168.4.200
webserver$ ssh -i id_rsa ubuntu@10.14.0.22
db서버에 maria db 설치
$ sudo apt-get update -y
📌 AWS management console
⚙️이름 드랍다운 - 계정 - 결제 - 결제 [비용나가는 거 확인]
⚙️이름 드랍다운 - 설정 - 기본리전 - 아시아 태평양 서울 - 저장
📌 기타
⭐️ web-server keypair 잃어버린 경우 (2)
-어제'https://velog.io/@mng_jn/0523-openstack' 와 다른 case.
-서버점검 공지를 했다고 가정.
-
open stak, web-user로 접속, 프로젝트 - compute - 인스턴스
-
webserver 유동 IP(192.168.4.176)해제
-
인스턴스 삭제
-
볼륨 - 볼륨 진입하여 남아있는 webserver rootvolume 확인.
3-1. 드랍다운 내려서 인스턴스 시작 - 인스턴스 이름 : webserver - next
3-2. 부팅소스선택 : volume - 볼륨 할당 - next -
3-3.
3-4. 네트워크, 네트워크 포트 그대로, - 보안그룹
3-5. 새로 생성한 keypair 선택.
-
인스턴스로 가서, 유동 IP(192.168.4.176) 다시 할당
⭐️ openstack 생성 확인
openstack ~ list
openstack ~ show ~ //디테일한 정보 확인
ex) openstack subnet show External-Subnet
⭐️ openstack project list | grep cli-project | awk '{print $2}' 설명
[root@localhost ~(keystone_cli-user)]# openstack project list
+----------------------------------+-------------+
| ID | Name |
+----------------------------------+-------------+
| caaca2e969894eb78325ee69c4d44bd4 | cli-project |
+----------------------------------+-------------+
[root@localhost ~(keystone_cli-user)]# openstack project list | grep cli-project
| caaca2e969894eb78325ee69c4d44bd4 | cli-project |
[root@localhost ~(keystone_cli-user)]# openstack project list | grep cli-project | awk '{print $2}'
caaca2e969894eb78325ee69c4d44bd4
⭐️ CLI환경에서 삭제할 때 ID로도 삭제 가능.
👀 이름 같을 때 ID 이용ㅎㅏ자!
openstack delete 95e51ac0-46b9-4659-869d-54be470449cf ⭐️ 보안그룹에서 egress와 ingress
내보냄 = outbound = egress (VM에서 밖으로) all allow
들어옴 = inbound = ingress (밖에서 VM으로) all deny(block)
⭐️ src와 dst의 의미
출발지 = source(src); src ip, src port
목적지 = destination(dst); dst ip, dst port(dest)
⭐️ ':'의 의미 (OPENSTACK vs DOCKER)
openstack ; 범위(100:200=100~200)
도커 ; 포트포워드(8080:80).
⭐️webserver경유지로 삼아 dbserver접속. => Bastion호스트 (webserver)
bastion (요새)
꾸준히, 차근차근