볼륨 확장
- web-user로 로그인
15기가 입력
power on, compute - 인스턴스
15기가 확인
키분실 시나리오 2
웹서버 유동 ip 연결 해제 해준다.
인스턴스 삭제
볼륨이 남아있는 것을 확인 (cinder가 남아있는 상태)
인스턴스 재생성(부팅소스 - 볼륨)
인스턴스 삭제시 볼륨 삭제를 아니오로 했기때문에 cinder볼륨이 남아있게 된다.
- 네트워크, 네트워크포트 변경사항 x
web-key는 분실키라고 가정했으므로 web-key2를 올려준다. 인스턴스 시작 클릭.
키 분실 시 볼륨을 남겨두어 재 생성한 인스턴스에 연결한 뒤, 새로운 키페어로 접속할 수 있다.
생성한 인스턴스에 유동 ip 연결
Openstack CLI
프로젝트 생성 명령어를 치면 인증 문제로 생성이 되지 않는다.
keystone 파일에 인증 내용이 들어있다.(토큰) admin계정으로 접속해야한다.
# 정상적으로 로그인 될 시, admin으로 접속했다는 것을 나타내주는
export PS1='[\u@\h \W(keystone_admin)]\$ '
토큰을 이용해 admin으로 로그인
[root@localhost ~]# source keystonerc_admin
[root@localhost ~(keystone_admin)]#
[root@localhost ~(keystone_admin)]#
[root@localhost ~(keystone_admin)]#
프로젝트 생성
[root@localhost ~(keystone_admin)]# openstack project create --domain Default --description "cli-project" cli-project
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | cli-project |
| domain_id | default |
| enabled | True |
| id | 75622320e4b44e65b84890872d060b9d |
| is_domain | False |
| name | cli-project |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
- 리스트 목록 확인
[root@localhost ~(keystone_admin)]# openstack project list
+----------------------------------+-------------+
| ID | Name |
+----------------------------------+-------------+
| 0dd4a21a7a174be2bbcd52fe8bef8d7e | services |
| 1695db7b1e7a4f168903b1bc9783e92d | web-project |
| 22bd2c324fec4e348c37ca59c05f6526 | admin |
| 75622320e4b44e65b84890872d060b9d | cli-project |
+----------------------------------+-------------+
유저 생성
[root@localhost ~(keystone_admin)]# openstack user create --domain Default --project cli-project --password-prompt cli-user
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 75622320e4b44e65b84890872d060b9d |
| domain_id | default |
| enabled | True |
| id | c7e89de36c96413d9e6850c31b2e42e4 |
| name | cli-user |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
- 유저 확인
[root@localhost ~(keystone_admin)]# openstack user list
+----------------------------------+------------+
| ID | Name |
+----------------------------------+------------+
| 9dcbfda7ce01499d9029cced375a1813 | admin |
| d6db84a3fd864335bb541011ce48e3c7 | heat_admin |
| 43805eaf0c1a45cc9caac3fce3291df0 | glance |
| d712ae0b4d3341649846ad0940504c81 | cinder |
| cf92b6f65bc64db083c5e24620a39203 | nova |
| acf323619ac24e418e17486c0a8dfc16 | placement |
| 5646950db7554d9594e3147ec00caf52 | neutron |
| 818aaee8b22d4b3eab406838c3ce0dfd | swift |
| 2b86c3feb8444666afb7b62ccd11113d | heat |
| eb3f462dfba9447a82c4c4cffb00db10 | heat-cfn |
| 1a7e9c43b4ae422b8b149f951072aee8 | gnocchi |
| 4cf12c704e9d43d5bc1370f1f0c0f542 | ceilometer |
| 73bcebdbdaea406fb8d140dc8ddaa5ac | aodh |
| 3958cccbdabe4408a30b157d9251a1a8 | web-user |
| c7e89de36c96413d9e6850c31b2e42e4 | cli-user |
+----------------------------------+------------+
role 추가
[root@localhost ~(keystone_admin)]# openstack role add --project cli-project --user cli-user _member_
flavor 생성
[root@localhost ~(keystone_admin)]# openstack flavor create --id 6 --vcpus 1 --ram 1024 --disk 10 m1.micro
+----------------------------+----------+
| Field | Value |
+----------------------------+----------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| description | None |
| disk | 10 |
| id | 6 |
| name | m1.micro |
| os-flavor-access:is_public | True |
| properties | |
| ram | 1024 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+----------+
- flavor 리스트 확인
[root@localhost ~(keystone_admin)]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
| 6 | m1.micro | 1024 | 10 | 0 | 1 | True |
+----+-----------+-------+------+-----------+-------+-----------+
// 지우는 명령어
# opnestack flavor delete m1.mirconetwork 생성
[root@localhost ~(keystone_admin)]# openstack network create --project admin --provider-network-type flat --provider-physical-network extnet --external External-Network
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-05-24T02:10:32Z |
| description | |
| dns_domain | None |
| id | 2aa52471-6188-4195-8923-a7cc0a038f38 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | External-Network |
| port_security_enabled | True |
| project_id | 22bd2c324fec4e348c37ca59c05f6526 |
| provider:network_type | flat |
| provider:physical_network | extnet |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | External |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2022-05-24T02:10:32Z |
+---------------------------+--------------------------------------+
- 네트워크 리스트 확인
[root@localhost ~(keystone_admin)]# openstack network list
+--------------------------------------+------------------+---------+
| ID | Name | Subnets |
+--------------------------------------+------------------+---------+
| 2aa52471-6188-4195-8923-a7cc0a038f38 | External-Network | |
+--------------------------------------+------------------+---------+
서브넷 생성
[root@localhost ~(keystone_admin)]# openstack subnet create --network External-Network --project admin --subnet-range 192.168.0.0/20 --allocation-pool start=192.168.7.1,end=192.168.7.126 --gateway 192.168.0.1 --no-dhcp External-Subnet
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 192.168.7.1-192.168.7.126 |
| cidr | 192.168.0.0/20 |
| created_at | 2022-05-24T02:18:44Z |
| description | |
| dns_nameservers | |
| dns_publish_fixed_ip | None |
| enable_dhcp | False |
| gateway_ip | 192.168.0.1 |
| host_routes | |
| id | 69fb9687-9e21-4ff6-bc36-75ada129fecc |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | External-Subnet |
| network_id | 2aa52471-6188-4195-8923-a7cc0a038f38 |
| project_id | 22bd2c324fec4e348c37ca59c05f6526 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-05-24T02:18:44Z |
+----------------------+--------------------------------------+
- 서브넷 리스트 확인
[root@localhost ~(keystone_admin)]# openstack network list
+--------------------------------------+------------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+------------------+--------------------------------------+
| 2aa52471-6188-4195-8923-a7cc0a038f38 | External-Network | 69fb9687-9e21-4ff6-bc36-75ada129fecc |
+--------------------------------------+------------------+--------------------------------------+
[root@localhost ~(keystone_admin)]# openstack subnet list
+--------------------------------------+-----------------+--------------------------------------+----------------+
| ID | Name | Network | Subnet |
+--------------------------------------+-----------------+--------------------------------------+----------------+
| 69fb9687-9e21-4ff6-bc36-75ada129fecc | External-Subnet | 2aa52471-6188-4195-8923-a7cc0a038f38 | 192.168.0.0/20 |
+--------------------------------------+-----------------+--------------------------------------+----------------+
- 세부 ip 확인
[root@localhost ~(keystone_admin)]# openstack subnet show External-Subnet
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 192.168.7.1-192.168.7.126 |
| cidr | 192.168.0.0/20 |
| created_at | 2022-05-24T02:18:44Z |
| description | |
| dns_nameservers | |
| dns_publish_fixed_ip | None |
| enable_dhcp | False |
| gateway_ip | 192.168.0.1 |
| host_routes | |
| id | 69fb9687-9e21-4ff6-bc36-75ada129fecc |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | External-Subnet |
| network_id | 2aa52471-6188-4195-8923-a7cc0a038f38 |
| project_id | 22bd2c324fec4e348c37ca59c05f6526 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-05-24T02:18:44Z |
+----------------------+--------------------------------------+
유저 토큰 생성
# vi keystonerc_cli-user
unset OS_SERVICE_TOKEN
export OS_USERNAME=cli-user
export OS_PASSWORD='비밀번호'
export OS_REGION_NAME=RegionOne
export OS_AUTH_URL=http://192.168.0.128:5000/v3
export PS1='[\u@\h \W(keystone_cli-user)]\$ '
export OS_PROJECT_NAME=cli-project
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
[root@localhost ~]# exit // R눌러 재 접속
[root@localhost ~]# ls
anaconda-ks.cfg answers.txt keystonerc_admin keystonerc_cli-user
[root@localhost ~]# source keystonerc_cli-user
[root@localhost ~(keystone_cli-user)]#
권한
내가 필요한 권한을 하나하나 추가해주어야한다.
policy.yaml 파일에 넣는다.
[root@localhost ~(keystone_cli-user)]# vi /etc/neutron/policy.yaml
[root@localhost ~(keystone_cli-user)]# projectID=$(openstack project list | grep cli-project | awk '{print $2}')
[root@localhost ~(keystone_cli-user)]# echo $projectID
75622320e4b44e65b84890872d060b9d
[root@localhost ~(keystone_cli-user)]# openstack network create --project $projectID --provider-network-type vxlan Internal-Network
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-05-24T02:45:35Z |
| description | |
| dns_domain | None |
| id | 88408237-d8a6-4b4a-a125-147487fc5c36 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1450 |
| name | Internal-Network |
| port_security_enabled | True |
| project_id | 75622320e4b44e65b84890872d060b9d |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2022-05-24T02:45:35Z |
+---------------------------+--------------------------------------+
[root@localhost ~(keystone_cli-user)]# openstack network list
+--------------------------------------+------------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+------------------+--------------------------------------+
| 2aa52471-6188-4195-8923-a7cc0a038f38 | External-Network | 69fb9687-9e21-4ff6-bc36-75ada129fecc |
| 88408237-d8a6-4b4a-a125-147487fc5c36 | Internal-Network | |
+--------------------------------------+------------------+--------------------------------------+
내부 네트워크 서브넷 생성
[root@localhost ~(keystone_cli-user)]# openstack subnet create --network Internal-Network --subnet-range 10.19.0.0/20 --gateway 10.19.0.1 --dhcp --dns-nameserver 192.168.0.66 --dns-nameserver 8.8.8.8 Internal-Subnet
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 10.19.0.2-10.19.15.254 |
| cidr | 10.19.0.0/20 |
| created_at | 2022-05-24T02:50:04Z |
| description | |
| dns_nameservers | 192.168.0.66, 8.8.8.8 |
| dns_publish_fixed_ip | None |
| enable_dhcp | True |
| gateway_ip | 10.19.0.1 |
| host_routes | |
| id | c8378f4d-aaab-40ba-86ab-af2788ebd876 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | Internal-Subnet |
| network_id | 88408237-d8a6-4b4a-a125-147487fc5c36 |
| project_id | 75622320e4b44e65b84890872d060b9d |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-05-24T02:50:04Z |
+----------------------+--------------------------------------+
- 리스트 확인
[root@localhost ~(keystone_cli-user)]# openstack subnet list
+--------------------------------------+-----------------+--------------------------------------+--------------+
| ID | Name | Network | Subnet |
+--------------------------------------+-----------------+--------------------------------------+--------------+
| c8378f4d-aaab-40ba-86ab-af2788ebd876 | Internal-Subnet | 88408237-d8a6-4b4a-a125-147487fc5c36 | 10.19.0.0/20 |
+--------------------------------------+-----------------+--------------------------------------+--------------+
[root@localhost ~(keystone_cli-user)]# openstack subnet show Internal-Subnet
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 10.19.0.2-10.19.15.254 |
| cidr | 10.19.0.0/20 |
| created_at | 2022-05-24T02:50:04Z |
| description | |
| dns_nameservers | 192.168.0.66, 8.8.8.8 |
| dns_publish_fixed_ip | None |
| enable_dhcp | True |
| gateway_ip | 10.19.0.1 |
| host_routes | |
| id | c8378f4d-aaab-40ba-86ab-af2788ebd876 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | Internal-Subnet |
| network_id | 88408237-d8a6-4b4a-a125-147487fc5c36 |
| project_id | 75622320e4b44e65b84890872d060b9d |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-05-24T02:50:04Z |
+----------------------+--------------------------------------+
라우터 생성
[root@localhost ~(keystone_cli-user)]# openstack router create Router
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-05-24T03:10:28Z |
| description | |
| external_gateway_info | null |
| flavor_id | None |
| id | bf262bf3-a246-4ad4-b5ca-a9190d6e9b94 |
| name | Router |
| project_id | 75622320e4b44e65b84890872d060b9d |
| revision_number | 1 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2022-05-24T03:10:28Z |
+-------------------------+--------------------------------------+
네트워크 연결
[root@localhost ~(keystone_cli-user)]# openstack router set --external-gateway External-Network Router
[root@localhost ~(keystone_cli-user)]# openstack router add subnet Router Internal-Subnet
보안그룹
[root@localhost ~(keystone_cli-user)]# openstack security group create SG-WEB
+-----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2022-05-24T03:17:40Z |
| description | SG-WEB |
| id | 842e55c4-3c59-4ffb-af2e-d7987805082e |
| name | SG-WEB |
| project_id | 75622320e4b44e65b84890872d060b9d |
| revision_number | 1 |
| rules | created_at='2022-05-24T03:17:40Z', direction='egress', ethertype='IPv6', id='6432bd21-b013-45ab-9d59-a6e3e89509bf', standard_attr_id='67', tenant_id='75622320e4b44e65b84890872d060b9d', updated_at='2022-05-24T03:17:40Z' |
| | created_at='2022-05-24T03:17:40Z', direction='egress', ethertype='IPv4', id='738f5bf2-d711-4825-b51f-9ca0bcb858e3', standard_attr_id='66', tenant_id='75622320e4b44e65b84890872d060b9d', updated_at='2022-05-24T03:17:40Z' |
| stateful | True |
| tags | [] |
| updated_at | 2022-05-24T03:17:40Z |
+-----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
규칙 추가
// 핑 허용
[root@localhost ~(keystone_cli-user)]# openstack security group rule create --protocol icmp --ingress SG-WEB
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2022-05-24T03:20:03Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | e4243375-f866-4954-83ca-193a6e06fa8b |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 75622320e4b44e65b84890872d060b9d |
| protocol | icmp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 842e55c4-3c59-4ffb-af2e-d7987805082e |
| tags | [] |
| tenant_id | 75622320e4b44e65b84890872d060b9d |
| updated_at | 2022-05-24T03:20:03Z |
+-------------------------+--------------------------------------+
// ssh 포트
[root@localhost ~(keystone_cli-user)]# openstack security group rule create --protocol tcp --dst-port 22:22 SG-WEB
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2022-05-24T03:20:11Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | b3adf060-1e27-4a20-9908-ec76de2330ef |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 75622320e4b44e65b84890872d060b9d |
| protocol | tcp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 842e55c4-3c59-4ffb-af2e-d7987805082e |
| tags | [] |
| tenant_id | 75622320e4b44e65b84890872d060b9d |
| updated_at | 2022-05-24T03:20:11Z |
+-------------------------+--------------------------------------+
// 80포트
[root@localhost ~(keystone_cli-user)]# openstack security group rule create --protocol tcp --dst-port 80:80 SG-WEB
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2022-05-24T03:20:16Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 9a757832-6f66-4dec-9faa-0444da7c66cc |
| name | None |
| port_range_max | 80 |
| port_range_min | 80 |
| project_id | 75622320e4b44e65b84890872d060b9d |
| protocol | tcp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 842e55c4-3c59-4ffb-af2e-d7987805082e |
| tags | [] |
| tenant_id | 75622320e4b44e65b84890872d060b9d |
| updated_at | 2022-05-24T03:20:16Z |
+-------------------------+--------------------------------------+
DB 보안그룹 생성
[root@localhost ~(keystone_cli-user)]# openstack security group create SG-DB
+-----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2022-05-24T03:34:48Z |
| description | SG-DB |
| id | f4de4c72-c00e-45c8-80cf-17a71f8a03b4 |
| name | SG-DB |
| project_id | 75622320e4b44e65b84890872d060b9d |
| revision_number | 1 |
| rules | created_at='2022-05-24T03:34:48Z', direction='egress', ethertype='IPv4', id='17b383b0-7262-494a-9178-ec4d45686a69', standard_attr_id='72', tenant_id='75622320e4b44e65b84890872d060b9d', updated_at='2022-05-24T03:34:48Z' |
| | created_at='2022-05-24T03:34:48Z', direction='egress', ethertype='IPv6', id='8df148c9-c65e-49a3-94e5-1f8943f89cac', standard_attr_id='73', tenant_id='75622320e4b44e65b84890872d060b9d', updated_at='2022-05-24T03:34:48Z' |
| stateful | True |
| tags | [] |
| updated_at | 2022-05-24T03:34:48Z |
+-----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@localhost ~(keystone_cli-user)]# openstack security group rule create --protocol icmp --ingress SG-DB
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2022-05-24T03:35:10Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 55fa6beb-2da4-434a-86fa-6f73efc0b0dd |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 75622320e4b44e65b84890872d060b9d |
| protocol | icmp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | f4de4c72-c00e-45c8-80cf-17a71f8a03b4 |
| tags | [] |
| tenant_id | 75622320e4b44e65b84890872d060b9d |
| updated_at | 2022-05-24T03:35:10Z |
+-------------------------+--------------------------------------+
[root@localhost ~(keystone_cli-user)]# openstack security group rule create --protocol tcp --dst-port 3306 SG-DB
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2022-05-24T03:36:45Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | cc36d65f-f2d4-4c4c-926c-da3a1fb8c307 |
| name | None |
| port_range_max | 3306 |
| port_range_min | 3306 |
| project_id | 75622320e4b44e65b84890872d060b9d |
| protocol | tcp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | f4de4c72-c00e-45c8-80cf-17a71f8a03b4 |
| tags | [] |
| tenant_id | 75622320e4b44e65b84890872d060b9d |
| updated_at | 2022-05-24T03:36:45Z |
+-------------------------+--------------------------------------+
[root@localhost ~(keystone_cli-user)]# openstack security group rule create --protocol tcp --dst-port 22:22 SG-DB
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2022-05-24T03:37:08Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 935d0b55-6b5f-4906-b97e-d081d1bc9151 |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 75622320e4b44e65b84890872d060b9d |
| protocol | tcp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | f4de4c72-c00e-45c8-80cf-17a71f8a03b4 |
| tags | [] |
| tenant_id | 75622320e4b44e65b84890872d060b9d |
| updated_at | 2022-05-24T03:37:08Z |
+-------------------------+--------------------------------------+
키페어
[root@localhost ~(keystone_cli-user)]# ls ~/.ssh/
authorized_keys id_rsa id_rsa.pub
이미 키페어가 생성되어있다. 퍼블릭 키만 이름 변경하여 사용.
[root@localhost ~(keystone_cli-user)]# openstack keypair create --public-key ~/.ssh/id_rsa.pub cli-key
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| created_at | None |
| fingerprint | b4:18:80:f7:29:3a:6e:ea:3f:19:67:92:3a:e8:91:ec |
| id | cli-key |
| is_deleted | None |
| name | cli-key |
| type | ssh |
| user_id | c7e89de36c96413d9e6850c31b2e42e4 |
+-------------+-------------------------------------------------+
이미지 업로드
CentOS7
[root@localhost ~(keystone_cli-user)]# openstack image create --file CentOS-7-x86_64-GenericCloud-2111.qcow2 \
> --disk-format qcow2 --container-format bare CentOS7
+------------------+---------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+---------------------------------------------------------------------------------------------------------------------------------------------+
| container_format | bare |
| created_at | 2022-05-24T05:13:09Z |
| disk_format | qcow2 |
| file | /v2/images/ee780243-5485-4473-b911-a6d53963897b/file |
| id | ee780243-5485-4473-b911-a6d53963897b |
| min_disk | 0 |
| min_ram | 0 |
| name | CentOS7 |
| owner | 75622320e4b44e65b84890872d060b9d |
| properties | os_hidden='False', owner_specified.openstack.md5='', owner_specified.openstack.object='images/CentOS7', owner_specified.openstack.sha256='' |
| protected | False |
| schema | /v2/schemas/image |
| status | queued |
| tags | |
| updated_at | 2022-05-24T05:13:09Z |
| visibility | shared |
+------------------+---------------------------------------------------------------------------------------------------------------------------------------------+
Ubuntu18
[root@localhost ~(keystone_cli-user)]# openstack image create --file bionic-server-cloudimg-amd64.img \
> --disk-format qcow2 --container-format bare Ubuntu18
+------------------+----------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+----------------------------------------------------------------------------------------------------------------------------------------------+
| container_format | bare |
| created_at | 2022-05-24T05:21:05Z |
| disk_format | qcow2 |
| file | /v2/images/488c9096-3cfb-4c73-85ac-af451c01b7a7/file |
| id | 488c9096-3cfb-4c73-85ac-af451c01b7a7 |
| min_disk | 0 |
| min_ram | 0 |
| name | Ubuntu18 |
| owner | 75622320e4b44e65b84890872d060b9d |
| properties | os_hidden='False', owner_specified.openstack.md5='', owner_specified.openstack.object='images/Ubuntu18', owner_specified.openstack.sha256='' |
| protected | False |
| schema | /v2/schemas/image |
| status | queued |
| tags | |
| updated_at | 2022-05-24T05:21:05Z |
| visibility | shared |
+------------------+----------------------------------------------------------------------------------------------------------------------------------------------+
floating ip
[root@localhost ~(keystone_cli-user)]# openstack floating ip create External-Network
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2022-05-24T05:23:07Z |
| description | |
| dns_domain | None |
| dns_name | None |
| fixed_ip_address | None |
| floating_ip_address | 192.168.7.119 |
| floating_network_id | 2aa52471-6188-4195-8923-a7cc0a038f38 |
| id | 28306b02-fb1c-400a-b3af-480092d8e5e7 |
| name | 192.168.7.119 |
| port_details | None |
| port_id | None |
| project_id | 75622320e4b44e65b84890872d060b9d |
| qos_policy_id | None |
| revision_number | 0 |
| router_id | None |
| status | DOWN |
| subnet_id | None |
| tags | [] |
| updated_at | 2022-05-24T05:23:07Z |
+---------------------+--------------------------------------+
- ip 리스트 확인
[root@localhost ~(keystone_cli-user)]# openstack floating ip list
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| 28306b02-fb1c-400a-b3af-480092d8e5e7 | 192.168.7.119 | None | None | 2aa52471-6188-4195-8923-a7cc0a038f38 | 75622320e4b44e65b84890872d060b9d |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
- 원하는 ip 를 만들고 싶을 때
[root@localhost ~(keystone_cli-user)]# openstack floating ip create --floating-ip-address 192.168.7.7 External-Network
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2022-05-24T05:27:14Z |
| description | |
| dns_domain | None |
| dns_name | None |
| fixed_ip_address | None |
| floating_ip_address | 192.168.7.7 |
| floating_network_id | 2aa52471-6188-4195-8923-a7cc0a038f38 |
| id | e86ea733-c968-447f-b3ca-794eca6d9da7 |
| name | 192.168.7.7 |
| port_details | None |
| port_id | None |
| project_id | 75622320e4b44e65b84890872d060b9d |
| qos_policy_id | None |
| revision_number | 0 |
| router_id | None |
| status | DOWN |
| subnet_id | None |
| tags | [] |
| updated_at | 2022-05-24T05:27:14Z |
+---------------------+--------------------------------------+
[root@localhost ~(keystone_cli-user)]# openstack floating ip list +--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| 28306b02-fb1c-400a-b3af-480092d8e5e7 | 192.168.7.119 | None | None | 2aa52471-6188-4195-8923-a7cc0a038f38 | 75622320e4b44e65b84890872d060b9d |
| e86ea733-c968-447f-b3ca-794eca6d9da7 | 192.168.7.7 | None | None | 2aa52471-6188-4195-8923-a7cc0a038f38 | 75622320e4b44e65b84890872d060b9d |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
floating ip 웹서버에 추가
[root@localhost ~(keystone_cli-user)]# openstack server add floating ip WEBSERVER 192.168.7.7
[root@localhost ~(keystone_cli-user)]# ssh -i .ssh/id_rsa centos@192.168.7.7
192.168.7.7 ip 로 웹브라우저에서 접속
volume 추가
[root@localhost ~(keystone_cli-user)]# openstack volume create --size 8 WEB01-ADD
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2022-05-24T06:30:42.556334 |
| description | None |
| encrypted | False |
| id | bb6815e8-b033-438e-b01c-5c7cb78247f8 |
| multiattach | False |
| name | WEB01-ADD |
| properties | |
| replication_status | None |
| size | 8 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| type | iscsi |
| updated_at | None |
| user_id | c7e89de36c96413d9e6850c31b2e42e4 |
+---------------------+--------------------------------------+
- 확인
[root@localhost ~(keystone_cli-user)]# openstack volume list
+--------------------------------------+-----------+-----------+------+------------------------------------+
| ID | Name | Status | Size | Attached to |
+--------------------------------------+-----------+-----------+------+------------------------------------+
| bb6815e8-b033-438e-b01c-5c7cb78247f8 | WEB01-ADD | available | 8 | |
| 61a38f49-edeb-488a-826f-37b8250463d4 | | in-use | 10 | Attached to WEBSERVER on /dev/vda |
+--------------------------------------+-----------+-----------+------+------------------------------------+
- 서버에 볼륨 붙이기
[root@localhost ~(keystone_cli-user)]# openstack server add volume WEBSERVER WEB01-ADD
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| ID | bb6815e8-b033-438e-b01c-5c7cb78247f8 |
| Server ID | b4cc0dcd-6115-4467-9e3c-d5d046f3db2c |
| Volume ID | bb6815e8-b033-438e-b01c-5c7cb78247f8 |
| Device | /dev/vdb |
| Tag | None |
| Delete On Termination | False |
+-----------------------+--------------------------------------+
// 웹서버로그인
[root@localhost ~(keystone_cli-user)]# ssh -i .ssh/id_rsa centos@192.168.7.7
[centos@webserver ~]$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 10G 0 disk
└─vda1 253:1 0 10G 0 part /
vdb 253:16 0 8G 0 disk
// 포맷
[centos@webserver ~]$ sudo mkfs -t ext4 /dev/vdb
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
524288 inodes, 2097152 blocks
104857 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2147483648
64 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632
Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
// mount
[centos@webserver ~]$ sudo mount /dev/vdb /mnt
[centos@webserver ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 472M 0 472M 0% /dev
tmpfs 496M 0 496M 0% /dev/shm
tmpfs 496M 13M 483M 3% /run
tmpfs 496M 0 496M 0% /sys/fs/cgroup
/dev/vda1 10G 1.1G 9.0G 11% /
tmpfs 100M 0 100M 0% /run/user/0
tmpfs 100M 0 100M 0% /run/user/1000
/dev/vdb 7.8G 36M 7.3G 1% /mnt
[centos@webserver ~]$ cd /mnt/
[centos@webserver mnt]$ ls
lost+found
[centos@webserver mnt]$ sudo touch hello.txt
[centos@webserver mnt]$ ls
hello.txt lost+found
WEBSERVER를 경유지로 하는 것을 Bastion (요새) 호스트
ubuntu db 서버 생성
[root@localhost ~(keystone_cli-user)]# openstack server create --flavor m 1.micro --image Ubuntu18 --security-group SG-DB \
> --network Internal-Network --boot-from-volume 10 --key-name cli-key DBS ERVER
+-----------------------------+------------------------------------------ ---+
| Field | Value |
+-----------------------------+------------------------------------------ ---+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | P2bSKMqsrEsT |
| config_drive | |
| created | 2022-05-24T06:49:51Z |
| flavor | m1.micro (6) |
| hostId | |
| id | 0860a7b3-27e4-431a-9687-d28fe92e5b6d |
| image | N/A (booted from volume) |
| key_name | cli-key |
| name | DBSERVER |
| progress | 0 |
| project_id | 75622320e4b44e65b84890872d060b9d |
| properties | |
| security_groups | name='f4de4c72-c00e-45c8-80cf-17a71f8a03b 4' |
| status | BUILD |
| updated | 2022-05-24T06:49:51Z |
| user_id | c7e89de36c96413d9e6850c31b2e42e4 |
| volumes_attached | |
+-----------------------------+------------------------------------------ ---+
- 생성 확인
[root@localhost ~(keystone_cli-user)]# openstack server list
+--------------------------------------+-----------+--------+------------ -------------------------------+--------------------------+----------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-----------+--------+------------ -------------------------------+--------------------------+----------+
| 0860a7b3-27e4-431a-9687-d28fe92e5b6d | DBSERVER | ACTIVE | Internal-Ne twork=10.19.3.233 | N/A (booted from volume) | m1.micro |
| b4cc0dcd-6115-4467-9e3c-d5d046f3db2c | WEBSERVER | ACTIVE | Internal-Ne twork=10.19.1.178, 192.168.7.7 | N/A (booted from volume) | m1.micro |
+--------------------------------------+-----------+--------+------------ -------------------------------+--------------------------+----------+
키 전송
[root@localhost ~(keystone_cli-user)]# scp -i .ssh/id_rsa centos@192.168. 7.7:/home/centos
