PackStack 으로 오픈스택 설치하기
오픈스택(팩스택) 설치하는 과정 -> /etc/yum.respod.d/ 저장소목록 오픈스택의 다양한 서비스를 설치하기 위한 패키지를 새로 추가된 저장소에 요청한다
0. CentOS 인터페이스 구성
# 인터페이스 구성 (자세한 과정 생략)
1 ifconfig
2 vi /etc/default/grub
3 cd /etc/sysconfig/network-scripts/
5 mv ifcfg-ens33 ifcfg-eth0
6 vi ifcfg-eth0
7 grub2-mkconfig -o /boot/grub2/grub.cfg
8 systemctl set-default graphical.target
9 yum -y update && reboot1. CentOS 를 ServerwithGUI 버전으로 설치 (NIC 은 NAT로 구성)
단, 부팅은 run-level -> 3 (systemctl set-default multi-user.target)
# run-level 3으로 변경
14 systemctl set-default multi-user.target
15 reboot2. CentOS 환경 구성
- 방화벽, NetworkManager, SELinux 를 비활성화
# 통신 확인 및 방화벽 끄기
18 ping www.google.com
19 ip a
20 init 0
21 systemctl disable firewalld
22 systemctl stop firewalld
23 systemctl disable NetworkManager
24 systemctl stop firewalld
25 setenforce 0
26 vi /etc/selinux/config
27 getenforce
28 clear- 업데이트
# 업데이트
29 rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
30 rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
31 yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
32 yum --enablerepo=elrepo-kernel install kernel-ml
33 cat /boot/grub2/grub.cfg | grep menuentry | cut -d "'" -f2
34 grub2-set-default "CentOS Linux (5.19.8-1.el7.elrepo.x86_64) 7 (Core)"
35 grub2-editenv list
36 init 0
37 ifconfig- packstack 패키지 설치
yum -y install centos-realease-openstack-rocky오픈스택을 팩스택으로 설치하기 위하여 오프스택 패키지 저장소를 등록시킨다.
yum -y install -y openstack-packstack3. answer-file 생성 및 OpenStack 설치
- packstack을 이용하여 설치를 위한 answer 파일을 생성한다.
[root@localhost ~]# packstack --gen-answer-file=answer.txt
[root@localhost ~]# vi answer.txt 
- 설치할 패키지들 확인하기
18 # Specify 'y' to install MariaDB. ['y', 'n']
19 CONFIG_MARIADB_INSTALL=y
20
21 # Specify 'y' to install OpenStack Image Service (glance). ['y', 'n']
22 CONFIG_GLANCE_INSTALL=y
23
24 # Specify 'y' to install OpenStack Block Storage (cinder). ['y', 'n']
25 CONFIG_CINDER_INSTALL=y
26
27 # Specify 'y' to install OpenStack Shared File System (manila). ['y',
28 # 'n']
29 CONFIG_MANILA_INSTALL=n
30
31 # Specify 'y' to install OpenStack Compute (nova). ['y', 'n']
32 CONFIG_NOVA_INSTALL=y
33
34 # Specify 'y' to install OpenStack Networking (neutron) ['y']
35 CONFIG_NEUTRON_INSTALL=y
36
37 # Specify 'y' to install OpenStack Dashboard (horizon). ['y', 'n']
38 CONFIG_HORIZON_INSTALL=y
39
40 # Specify 'y' to install OpenStack Object Storage (swift). ['y', 'n']
41 CONFIG_SWIFT_INSTALL=y
42
43 # Specify 'y' to install OpenStack Metering (ceilometer). Note this
44 # will also automatically install gnocchi service and configures it as
45 # the metrics backend. ['y', 'n']
46 CONFIG_CEILOMETER_INSTALL=y
47
59 # Specify 'y' to install OpenStack Orchestration (heat). ['y', 'n']
60 CONFIG_HEAT_INSTALL=n- 오케스트레이션 서비스 -> Heat(= CloudFormation = Docker Stack = Docker Compose = Terraform) => IaC
- Heat는 aws와 연계가 가능하다.
92 # Server on which to install OpenStack services specific to the
93 # controller role (for example, API servers or dashboard).
94 CONFIG_CONTROLLER_HOST=211.183.3.111
95
96 # List the servers on which to install the Compute service.
97 CONFIG_COMPUTE_HOSTS=211.183.3.111
98
99 # List of servers on which to install the network service such as
100 # Compute networking (nova network) or OpenStack Networking (neutron).
101 CONFIG_NETWORK_HOSTS=211.183.3.111
102 controller, compute, network 노드를 211.183.3.111에 one node로 설치
- mariadb 구성
301 # Password for the MariaDB administrative user.
302 CONFIG_MARIADB_PW=test123
303 - keystone에 등록할 사용자 구성
321 # User name for the Identity service 'admin' user. Defaults to
322 # 'admin'.
323 CONFIG_KEYSTONE_ADMIN_USERNAME=admin
324
325 # Password to use for the Identity service 'admin' user.
326 CONFIG_KEYSTONE_ADMIN_PW=test123
327
328 # Password to use for the Identity service 'demo' user.
329 CONFIG_KEYSTONE_DEMO_PW=demo
330 - 설치 시작
[root@localhost ~]# packstack --answer-file=answer.txt
Welcome to the Packstack setup utility
The installation log file is available at: /var/tmp/packstack/20220915-103810-fLZpOf/openstack-setup.log
Installing:
Clean Up [ DONE ]
Discovering ip protocol version [ DONE ]
Setting up ssh keys [ DONE ]
Preparing servers [ DONE ]
Pre installing Puppet and discovering hosts' details [ DONE ]
Preparing pre-install entries [ DONE ]
Setting up CACERT [ DONE ]
..20~30분 뒤에 설치 완료
- admin의 keystone 확인
[root@localhost ~]# cat keystonerc_admin
unset OS_SERVICE_TOKEN
export OS_USERNAME=admin
export OS_PASSWORD='test123'
export OS_REGION_NAME=RegionOne
export OS_AUTH_URL=http://211.183.3.111:5000/v3
export PS1='[\u@\h \W(logged)]\$ '
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3unset: 기존의 토큰 정보가 있다면 삭제함
- admin으로 작업에 참여
[root@localhost ~]# source keystonerc_admin
[root@localhost ~(logged)]# - openstack user 목록 확인
[root@localhost ~(logged)]# openstack user list
+----------------------------------+------------+
| ID | Name |
+----------------------------------+------------+
| 0af3f6db47a249fd92c9b4ee94648fc9 | heat_admin |
| 1b33418d637d407eb15c866ec3337977 | neutron |
| 26e2077d06454ec68b08722a8fc324f3 | heat-cfn |
| 27e9c8357bbe47ea89eb3a98a675b02e | demo |
| 327feb443acc4995b4dfd7081a67d4da | admin |
| 3dcac9f5697045f1abac33fd468a4b0a | glance |
| 463316affb0e432b9d82414e43180f05 | swift |
| 550fc5b578204594a84b0d91a1123943 | gnocchi |
| 5ec57fac6ba941c29abcb6b312bf9169 | placement |
| 9e3d487ef2d84bc78e875424c85b5013 | cinder |
| c0484b2bcc084174a19762161d5cdf1d | ceilometer |
| c0e0042432e4432bbb4def3ad72c6037 | aodh |
| dc38b779594f47aebf3a1b92263f0f38 | heat |
| fe9afbba44d24387b3d5bb278a309626 | nova |
+----------------------------------+------------+admin, demo 등 확인 가능
- openstack 네트워크 목록 확인
[root@localhost ~(logged)]# openstack network list
+--------------------------------------+---------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+---------+--------------------------------------+
| 41a701f6-6292-4259-9742-2194edddf1f5 | public | 65176501-0f3f-4ad4-a850-d0a76bcab59f |
| bf48a80f-76e3-4f5d-94a4-5e3ea47f8166 | private | 1498916c-5995-4ee5-bad0-84607e1073f8 |
+--------------------------------------+---------+--------------------------------------+- private 네트워크의 상세 정보 확인
[root@localhost ~(logged)]# openstack network show private
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2022-09-13T14:57:47Z |
| description | |
| dns_domain | None |
| id | bf48a80f-76e3-4f5d-94a4-5e3ea47f8166 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| is_vlan_transparent | None |
| mtu | 1450 |
| name | private |
| port_security_enabled | True |
| project_id | e4225d77f4fd4ad9a766e8d8f7e35a6e |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | 17 |
| qos_policy_id | None |
| revision_number | 3 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | 1498916c-5995-4ee5-bad0-84607e1073f8 |
| tags | |
| updated_at | 2022-09-13T14:57:51Z |
+---------------------------+--------------------------------------+VXLAN 타입으로 구성되어있음
router는 internal으로, 외부와 연결되지 않고 내부적으로만 통신함.
4. 만료 Timeout 늘리기
- keystone에서 인증을 거치게 되면 토큰의 만료 시간이 정해진다. 이를 늘리면 편하다.
[root@localhost ~(logged)]# vi /etc/keystone/keystone.conf 2835 #expiration = 3600
2836 # 8 hours
2837 expiration=28800- 웹서비스도 TIMEOUT도 8시간으로 늘리기
[root@localhost ~(logged)]# vi /etc/openstack-dashboard/local_settings 794 # 8 hours
795 SESSION_TIMEOUT = 28800- 설정 변경 후 재부팅
[root@localhost ~(logged)]# reboot네트워크 구성
step 1) 네트워크 생성
- admin으로 접속
[root@localhost ~]# source keystonerc_admin
[root@localhost ~(logged)]# - 네트워크 생성
[root@localhost ~(logged)]# openstack network create mynet1
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-09-15T02:43:10Z |
| description | |
| dns_domain | None |
| id | 6eb1671b-bc5a-40ab-9a60-3351021cf149 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1450 |
| name | mynet1 |
| port_security_enabled | True |
| project_id | c40873732ac9467aba534da6e8f7a4ec |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | 90 |
| qos_policy_id | None |
| revision_number | 2 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2022-09-15T02:43:10Z |
+---------------------------+--------------------------------------+
[root@localhost ~(logged)]# step 2) 서브넷 생성
방법 1) CLI에서 생성
[root@localhost ~(logged)]# openstack subnet create \
> --subnet-range 172.16.123.0/24 \
> --gateway 172.16.123.1 \
> --network mynet1 \
> --dhcp \
> --dns-nameserver 8.8.8.8 \
> mysubnet1
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 172.16.123.2-172.16.123.254 |
| cidr | 172.16.123.0/24 |
| created_at | 2022-09-15T02:46:28Z |
| description | |
| dns_nameservers | 8.8.8.8 |
| enable_dhcp | True |
| gateway_ip | 172.16.123.1 |
| host_routes | |
| id | bf8b842c-44d9-437a-95b8-d4b6c4a82175 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | mysubnet1 |
| network_id | 6eb1671b-bc5a-40ab-9a60-3351021cf149 |
| project_id | c40873732ac9467aba534da6e8f7a4ec |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-09-15T02:46:28Z |
+-------------------+--------------------------------------+- 서브넷 확인
[root@localhost ~(logged)]# openstack subnet list
+--------------------------------------+-----------+--------------------------------------+-----------------+
| ID | Name | Network | Subnet |
+--------------------------------------+-----------+--------------------------------------+-----------------+
| bf8b842c-44d9-437a-95b8-d4b6c4a82175 | mysubnet1 | 6eb1671b-bc5a-40ab-9a60-3351021cf149 | 172.16.123.0/24 |
+--------------------------------------+-----------+--------------------------------------+-----------------+- 서브넷 상세 정보 확인
[root@localhost ~(logged)]# openstack subnet show mysubnet1
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 172.16.123.2-172.16.123.254 |
| cidr | 172.16.123.0/24 |
| created_at | 2022-09-15T02:46:28Z |
| description | |
| dns_nameservers | 8.8.8.8 |
| enable_dhcp | True |
| gateway_ip | 172.16.123.1 |
| host_routes | |
| id | bf8b842c-44d9-437a-95b8-d4b6c4a82175 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | mysubnet1 |
| network_id | 6eb1671b-bc5a-40ab-9a60-3351021cf149 |
| project_id | c40873732ac9467aba534da6e8f7a4ec |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-09-15T02:46:28Z |
+-------------------+--------------------------------------+
방법 2) 대시보드에서 생성
step 3) 라우터 생성 후 서브넷 추가
방법 1) CLI에서 생성
[root@localhost ~(logged)]# openstack router create myrouter1
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-09-15T02:56:32Z |
| description | |
| distributed | False |
| external_gateway_info | None |
| flavor_id | None |
| ha | False |
| id | e44cb375-50ed-4df0-957b-cb4775161277 |
| name | myrouter1 |
| project_id | c40873732ac9467aba534da6e8f7a4ec |
| revision_number | 1 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2022-09-15T02:56:32Z |
+-------------------------+--------------------------------------+[root@localhost ~(logged)]# openstack router add subnet myrouter1 mysubnet1- 라우터 확인
방법 2) 대시보드에서 생성
- 라우터 생성
- 인터페이스 추가
- 라우터 확인
SSH 키페어 생성
방법 1) CLI에서 생성
- 키페어 생성
[root@localhost ~(logged)]# ssh-keygen -q -f ~/.ssh/gildong.pem -N ""
[root@localhost ~(logged)]# ssh-keygen -q -f ~/.ssh/chulsoo.pem -N ""
[root@localhost ~(logged)]# ls ~/.ssh
chulsoo.pem chulsoo.pem.pub gildong.pem gildong.pem.pub [root@localhost ~(logged)]# openstack keypair create \
> --public-key ~/.ssh/gildong.pem.pub \
> gildongkey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | c5:9e:1f:74:f8:3f:c9:f1:80:4d:65:db:92:b0:0f:2f |
| name | gildongkey |
| user_id | 327feb443acc4995b4dfd7081a67d4da |
+-------------+-------------------------------------------------+[root@localhost ~(logged)]# openstack keypair create \
> --public-key ~/.ssh/chulsoo.pem.pub \
> chulsookey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | ca:8d:34:d5:6d:27:73:ff:7d:96:e3:01:7f:83:2c:b5 |
| name | chulsookey |
| user_id | 327feb443acc4995b4dfd7081a67d4da |
+-------------+-------------------------------------------------+방법 2) 대시보드에서 생성
Flavor 생성
[root@localhost ~(logged)]# openstack flavor create \
> --id 6 \
> --vcpus 1 \
> --ram 1024 \
> --disk 20 \
> m1.xsmall
+----------------------------+-----------+
| Field | Value |
+----------------------------+-----------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 20 |
| id | 6 |
| name | m1.xsmall |
| os-flavor-access:is_public | True |
| properties | |
| ram | 1024 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+-----------+
이미지 생성
- CentOS-7-x86_64-GenericCloud-2003.qcow2 이미지 다운로드
[root@localhost ~(logged)]# wget https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-2003.qcow2- xz 압축 해제
[root@localhost ~(logged)]# xz -d CentOS-7-x86_64-GenericCloud-2003.qcow2.xz - 이미지 생성
[root@localhost ~(logged)]# openstack image create \
> "CentOS7" \
> --file CentOS-7-x86_64-GenericCloud-2003.qcow2 \
> --disk-format qcow2 \
> --container-format bare \
> --public
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum | ef7f109590094e37c54aead73f3cdedc |
| container_format | bare |
| created_at | 2022-09-15T04:44:11Z |
| disk_format | qcow2 |
| file | /v2/images/e0c0a34f-9d31-47cc-b9a5-060bf8d55446/file |
| id | e0c0a34f-9d31-47cc-b9a5-060bf8d55446 |
| min_disk | 0 |
| min_ram | 0 |
| name | CentOS7 |
| owner | c40873732ac9467aba534da6e8f7a4ec |
| properties | os_hash_algo='sha512', os_hash_value='72a90b056215b7a4f216bd962082cceecfc7ea8e9a93b80f141d2a07f8d7890c735a19a30be0a7580f24897bc451c95750f39569c83205b642c1e60d43f92c93', os_hidden='False' |
| protected | False |
| schema | /v2/schemas/image |
| size | 858783744 |
| status | active |
| tags | |
| updated_at | 2022-09-15T04:44:23Z |
| virtual_size | None |
| visibility | public |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+- 이미지 생성 확인
보안 그룹 구성
- 허용 규칙만 있음
- 인스턴스 단위로 적용
방법 1) 대시보드로 생성하기
- 보안 그룹 생성
- ICMP 규칙 추가
- MYSQL 규칙 추가
- 8080 포트 규칙 추가
방법 2) CLI로 생성하기
외부에서 유입되는 트래픽 중 웹접속(80/tcp, 443/tcp), SSH 접속(22/tcp), ICMP는 허용한다.
단, 인스턴스에서 외부로 나가는 것은 모두 허용된다(default)
[root@localhost ~(logged)]# openstack security group create permitweb
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2022-09-15T05:06:49Z |
| description | permitweb |
| id | 7ed5ded2-a663-45a5-99b7-dfb96a915d08 |
| name | permitweb |
| project_id | c40873732ac9467aba534da6e8f7a4ec |
| revision_number | 1 |
| rules | created_at='2022-09-15T05:06:49Z', direction='egress', ethertype='IPv6', id='b7585475-c67b-4eb0-b1b0-30083bee41fa', updated_at='2022-09-15T05:06:49Z' |
| | created_at='2022-09-15T05:06:49Z', direction='egress', ethertype='IPv4', id='ea4f9352-d1ac-4b1e-bf82-509336279670', updated_at='2022-09-15T05:06:49Z' |
| tags | [] |
| updated_at | 2022-09-15T05:06:49Z |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+- 80번 포트 규칙 추가
[root@localhost ~(logged)]# openstack security group rule create \
> --proto tcp \
> --dst-port 80 \
> permitweb
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2022-09-15T05:07:53Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 18b08f93-1b95-4a49-b7db-06206f03f6c8 |
| name | None |
| port_range_max | 80 |
| port_range_min | 80 |
| project_id | c40873732ac9467aba534da6e8f7a4ec |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 7ed5ded2-a663-45a5-99b7-dfb96a915d08 |
| updated_at | 2022-09-15T05:07:53Z |
+-------------------+--------------------------------------+- 443번 포트도 마찬가지 방식으로 추가
[root@localhost ~(logged)]# openstack security group rule create \
> --proto tcp \
> --dst-port 443 \
> permitweb- icmp 규칙 추가
[root@localhost ~(logged)]# openstack security group rule create --proto icmp permitweb
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2022-09-15T05:10:11Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 625e74c6-d475-4f07-b960-2abcc4afc76f |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | c40873732ac9467aba534da6e8f7a4ec |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 7ed5ded2-a663-45a5-99b7-dfb96a915d08 |
| updated_at | 2022-09-15T05:10:11Z |
+-------------------+--------------------------------------+- 특정 ip만 ssh 허용 규칙 추가
- 보안 그룹 규칙 확인
인스턴스 생성
방법 1) CLI에서 생성하기
- 네트워크 목록 확인
[root@localhost ~(logged)]#
[root@localhost ~(logged)]# openstack network list
+--------------------------------------+--------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+--------+--------------------------------------+
| 6eb1671b-bc5a-40ab-9a60-3351021cf149 | mynet1 | bf8b842c-44d9-437a-95b8-d4b6c4a82175 |
| bf8a8a47-8bd6-438c-82c9-0c87cb0c3a04 | mynet2 | bc57a0c2-ba29-42ba-9c5b-5c2f2802663d |
+--------------------------------------+--------+--------------------------------------+- 특정 네트워크(mynet1)의 id 확인
[root@localhost ~(logged)]# openstack network list | grep mynet1 | gawk '{print $2}'
6eb1671b-bc5a-40ab-9a60-3351021cf149openstack network list | grep mynet1 | gawk '{print $2}'
- 인스턴스 생성하기
[root@localhost ~(logged)]# openstack server create \
> --flavor m1.xsmall \
> --image CentOS7 \
> --security-group permitweb \
> --key-name gildongkey \
> --nic net-id=$(openstack network list | grep mynet1 | gawk '{print $2}') \
> CentOS1
+-------------------------------------+------------------------------------------------+
| Field | Value |
+-------------------------------------+------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | E4vc5d5y7AuG |
| config_drive | |
| created | 2022-09-15T05:38:40Z |
| flavor | m1.xsmall (6) |
| hostId | |
| id | 1af18820-4de0-432d-bbe3-3da1ba904554 |
| image | CentOS7 (e0c0a34f-9d31-47cc-b9a5-060bf8d55446) |
| key_name | gildongkey |
| name | CentOS1 |
| progress | 0 |
| project_id | c40873732ac9467aba534da6e8f7a4ec |
| properties | |
| security_groups | name='7ed5ded2-a663-45a5-99b7-dfb96a915d08' |
| status | BUILD |
| updated | 2022-09-15T05:38:40Z |
| user_id | 327feb443acc4995b4dfd7081a67d4da |
| volumes_attached | |
+-------------------------------------+------------------------------------------------+
방법 2) 대시보드에서 생성하기
- 인스턴스 이름, 개수
- 이미지
- Flavor
- 네트워크
- 보안 그룹
- 키페어
- 인스턴스 생성 확인
외부 네트워크 구성
[root@localhost ~(logged)]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts(logged)]# cp ifcfg-eth0 ifcfg-br-ex
[root@localhost network-scripts(logged)]# vi ifcfg-br-ex
참고: https://velog.io/@ptah0414/KVM-22-08-10-TIL#2-기존-linux-bridge-기반의-br0-를-ovs-기반의-vswitch01-로-변경하기
외부 브릿지(OVS) 구성
TYPE=OVSBridge
BOOTPROTO=none
NAME=br-ex
DEVICE=br-ex
DEVICETYPE=ovs
ONBOOT=yes
IPADDR=211.183.3.111
PREFIX=24
GATEWAY=211.183.3.2
DNS1=8.8.8.8
NM_CONTROLLED=noeth0 구성
[root@localhost network-scripts(logged)]# vi ifcfg-eth0TYPE=OVSPort #
BOOTPROTO=none
NAME=eth0
DEVICE=eth0
DEVICETYPE=ovs #
OVS_BRIDGE=br-ex #
ONBOOT=yes
NM_CONTROLLED=no네트워크 생성
[root@localhost ~(logged)]# openstack network create \
> --provider-physical-network extnet \
> --provider-network-type flat \
> --external extnet
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-09-15T06:48:01Z |
| description | |
| dns_domain | None |
| id | 8fa04edd-74d8-4909-ac39-8e121b7c21f7 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | extnet |
| port_security_enabled | True |
| project_id | c40873732ac9467aba534da6e8f7a4ec |
| provider:network_type | flat |
| provider:physical_network | extnet |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 2 |
| router:external | External |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2022-09-15T06:48:01Z |
+---------------------------+--------------------------------------+서브넷 생성
[root@localhost ~(logged)]# openstack subnet create extsubnet \
> --network extnet \
> --subnet-range 211.183.3.0/24 \
> --allocation-pool start=211.183.3.201,end=211.183.3.239 \
> --no-dhcp --dns-nameserver 8.8.8.8 \
> --gateway 211.183.3.2
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 211.183.3.201-211.183.3.239 |
| cidr | 211.183.3.0/24 |
| created_at | 2022-09-15T06:48:10Z |
| description | |
| dns_nameservers | 8.8.8.8 |
| enable_dhcp | False |
| gateway_ip | 211.183.3.2 |
| host_routes | |
| id | a136d9a3-d564-4f19-b272-86c3b46a792b |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | extsubnet |
| network_id | 8fa04edd-74d8-4909-ac39-8e121b7c21f7 |
| project_id | c40873732ac9467aba534da6e8f7a4ec |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-09-15T06:48:10Z |
+-------------------+--------------------------------------+
- 라우터 1, 2의 gateway 설정
- 네트워크 확인
- Floating IP 발행
- 연결
SSH로 접속
- 개인키 복사
[root@localhost ~]# cat ~/.ssh/gildong.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAzL3iqDspJUy6zEXC6SebFpXM4BtpBMuLTxiFENjQiRzD+bzp
GK+aOUV81SyoagC0lCDeL52fA7gxljIcZfOVDXA8CNpv1qy3MBcdq8s+wF5J+bhq
FAr2lFmbzeqSQv9ISB7vp240Z6Qj+xv95oxL7fJLDRQ+tcpSaswD5+DjWqoC66Yl
PBN/MQZCVHj3QyG5kbd8MEw4xjfX8lfllOKNDfkG1qyt8P/9U2mLWxk8N38VyD6p
q9zg9n1yw5/r8wMr9Dyv0fEqEqdKzAQQZMkAfgHkDWQ53vtQKZTav/jlRjdaalNG
gnlnxOXBq7Fo2pHrv73kqpFGZqA7JAyWox9GWQIDAQABAoIBAE+XfbZSkVM7ud5R
PE0xJVwpTeTNIw1HJ1fPO2NqNd8nfJPoOWFsWnLrLXUdkDbtIUX4ZQdzqe5jO3uc
7WdAwu/fcqcqa5GzwN8EDXfMYg+cV/upEivKe0L+dtAc4VEENpA63oVjFSI5L/ed
UR2/6oCM0Vo7RYmcJl/4AYix5xBGFw1uL9gsQmKAVMEUJ3am7v1azSyqHZ+vGga+
FUoY+4BAFc5eda+DaGKw4S5Ov2kHETjm5a1SsobwVjjXir030kIbJ7KebT59AxtY
NA+ukS57HGSpwIbdRh0japkP2gpvO63fLe2k1M6hSquHoYd6H6yu3OJAOYfe5uGO
p3UJpDUCgYEA7dEGMscAAoAzIIDdYdwPwSDcE9C4+j6xBtQrsmD1Xc8CwnC5B0EP
HOvAYIiPzamTXkVZsGcVwrJdO8ezKxqdd3DroE4RHbvMbrTPY3wRKCPMPIobwIVt
GXJzzgdTgCXhWpH2BeSF8kwjaS0ZbBuLicYNFGC6fOZw+8OB3vCv2vsCgYEA3GV2
Q5qGZ1Sav6ksvuJEpcVQoCgdpXdKlyQPUijmm2IYTNWQvD24oJjsw2nnoyY6T90W
Kg0EIgSNPz3xwvU1ykc73FduLrcdZ0vBUS3xyO2DsMeUbVNtllIRd6ub42kDK5gl
qtbRDyAXl56dUoRoIX9bhzdZXd9lz+1SqwoOI7sCgYEAsv6jiq5rXHZ/hNRZTGGk
3fjMjIGJ6JgtB/XD2ePOakf4TL8pFMOsC1mKF15R1jrvN4I9Kl+8ailzsR3yxdun
b5HnV2XKzjVefmjKu5dTFoIzI9HTZ4lFf2S8svKir45TWqcHpJHHG4KhGHWgb9Uf
ppgRmiff1Uhg+63AXzuLMOcCgYEA0rwRQMLYEKVM8kYIitw/V2I7nWe+MSDHKY1J
OP3ywlAhfBYYtmUtzCFtAcyZt94tk3+KWdroQL6pb/cC268rJ6bFDgJrUC+25bYB
umV78utoJ/gta/uBpWIDYbGs9NzMMzrfiWKtsxC0fj0joGsKRj1IfxnlUWTyLMZ3
bSPIMVECgYAflRUcraQ8ULfECyvb+q12oNzjkhS3li/KpK3ZlvAG/aUJGvlUAHbq
3PDb3LZIKAjJ4EXM5sKCgSex8qgCgD46ByBL+bOXleZg4IHIMDF4Nea4gMfR1+nr
xYw9n5a8PziJmMbzqCNHZybXhmED30fDJnztte1S12xYP/Krop7tDQ==
-----END RSA PRIVATE KEY------ gildong.pem 생성
- putty gen에서 key 불러오기
-
save private key -> ppk 생성
-
인스턴스에 ping
C:\Users\user>ping 211.183.3.216
Ping 211.183.3.216 32바이트 데이터 사용:
211.183.3.216의 응답: 바이트=32 시간=3ms TTL=63
211.183.3.216의 응답: 바이트=32 시간=1ms TTL=63
211.183.3.216의 응답: 바이트=32 시간=1ms TTL=63
211.183.3.216에 대한 Ping 통계:
패킷: 보냄 = 3, 받음 = 3, 손실 = 0 (0% 손실),
왕복 시간(밀리초):
최소 = 1ms, 최대 = 3ms, 평균 = 1ms- 인스턴스에 접속
SSH Connecting to 211.183.3.216
SSH ! Agent auth selected, but no running agent is detected
SSH Host key fingerprint:
SSH ecdsa-sha2-nistp256 K5zFOgMSLsLoMkwp6yCLnpw2lP7KFhFDmDOVpzpYAOc=
SSH Loading private key: file://C:\Users\user\Desktop\gildong_tabby
Last failed login: Thu Sep 15 07:15:31 UTC 2022 on tty1
There were 2 failed login attempts since the last successful login.
[centos@centos1 ~]$ 실습
1. CentOS1 삭제
2. mynet2에 CentOS1을 다시 생성
CentOS2와 동일하게 key는 chulsoo 키를 사용해서 생성
3. 둘 다 floating ip를 할당하고 httpd를 설치. CentOS1, CentOS2의 index.html 파일을 다르게 설정해주세요.
4. 모두 종료
take a look