openstack之Keystone 服务运维
概述
OpenStack 框架中,Keystone(OpenStack Identity Service)的功能是负责验证身份、
校验服务规则和发布服务令牌的,它实现了 OpenStack 的 Identity API。Keystone 可分解为
两个功能,即权限管理和服务目录。权限管理主要用于用户的管理授权。服务目录,类似一
个服务总线,或者说是整个 OpenStack 框架的注册表。认证模块提供 API 服务、Token 令牌
机制、服务目录、规则和认证发布等功能。
Keystone 运维命令
(1)创建用户
- 创建一个名称为“alice”账户,密码为“mypassword123”,邮箱为“alice@example.com”。
命令如下。
具体格式如下:
$openstack user create[--domain <domain>]
[--password <password>]
[--email <email-address>]
[--enable | --disable]
<name>
[root@controller ~]# source /etc/keystone/admin-openrc.sh
[root@controller ~]# openstack user create --password mypassword123 --email alice@example.com --domain demo alice
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | ee04cbb02c8345079219d0be95c346c2 |
| email | alice@example.com |
| enabled | True |
| id | e1a6f11bb50a4e00a02df3589fc69f2c |
| name | alice |
+-----------+----------------------------------+
(2)创建项目
一个 Project 就是一个项目、团队或组织,当请求 OpenStack 服务时,必须定义一个项目。
$ openstack project create [--domain <domain>]
[--description <description>]
[--enable | --disable]
<project-name>
[root@controller ~]# openstack project create --domain demo acme
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | ee04cbb02c8345079219d0be95c346c2 |
| enabled | True |
| id | 470fb40d002e4b969a1db16fa809a251 |
| is_domain | False |
| name | acme |
| parent_id | ee04cbb02c8345079219d0be95c346c2 |
+-------------+----------------------------------+
(3)创建角色
角色限定了用户的操作权限
$ openstack user create <name>
[root@controller ~]# openstack role create compute-user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 1987d07be47143a59d365db1cc0e4273 |
| name | compute-user |
+-----------+----------------------------------+
(4)绑定用户和项目权限
添加的用户需要分配一定的权限,这就需要把用户关联绑定到对应的项目和角色
$ openstack role add--user <user>--project <project><role>
- 给用户“alice”分配“acme”项目下的“compute-user”角色
[root@controller ~]# openstack role add --user alice --project acme compute-user
Keystone** 基础查询命令
(1)用户列表查询
OpenStack 平台所使用的用户可以通过 Keystone 组件进行查询。
-
查询当前所有用户列表信息
[root@controller ~]# openstack user list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 4903e47a402441d3b20e550d9bbc4cc3 | nova |
| 5f7ae9eaa7fa4fbfaf43f618e161853f | swift |
| 8572acd789674e88be334d4f5b62cafe | neutron |
| 9e18056074384b4c8cd8f7a346900940 | glance |
| ae8c4dd718de4979b1899d46b4dbb79b | cinder |
| bc8cca0f048f41ee8a2543fff142f87f | admin |
| e1a6f11bb50a4e00a02df3589fc69f2c | alice |
| f784d5ec37f0431e86b90ae2d5fada85 | demo |
+----------------------------------+---------+
-
通过命令查询到具体用户的详细信息,可以查看到用户当前的状态
[root@controller ~]# openstack user show alice
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | ee04cbb02c8345079219d0be95c346c2 |
| email | alice@example.com |
| enabled | True |
| id | e1a6f11bb50a4e00a02df3589fc69f2c |
| name | alice |
+-----------+----------------------------------+
(2)项目列表查询
- 以查询当前 OpenStack 平台中所有存在项目列表
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 470fb40d002e4b969a1db16fa809a251 | acme |
| 4915940ed1cc44b3b97d36942ae6e317 | service |
| e221e26e9ce340eaa215ffaf9b73de18 | admin |
| f24395490e93407d9a977f057ec63981 | demo |
+----------------------------------+---------+
[root@controller ~]# openstack project show acme
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | ee04cbb02c8345079219d0be95c346c2 |
| enabled | True |
| id | 470fb40d002e4b969a1db16fa809a251 |
| is_domain | False |
| name | acme |
| parent_id | ee04cbb02c8345079219d0be95c346c2 |
+-------------+----------------------------------+
(3)角色列表查询
[root@controller ~]# openstack role list
+----------------------------------+--------------+
| ID | Name |
+----------------------------------+--------------+
| 1987d07be47143a59d365db1cc0e4273 | compute-user |
| 2c8ce0842957406a9731d89738e5fc93 | user |
| a85a31d5dfb94f07a172a734af9e01fa | admin |
+----------------------------------+--------------+
[root@controller ~]# openstack role show compute-user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 1987d07be47143a59d365db1cc0e4273 |
| name | compute-user |
+-----------+----------------------------------+
(4)端点地址查询
Keystone 组件管理 OpenStack 平台中所有服务端点信息
[root@controller ~]# openstack endpoint list
+------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
| 05ec27962c82429587db043452aa | RegionOne | cinder | volume | True | admin | http://controller:8776/v1/%( |
| ae8b | | | | | | tenant_id)s |
| 12a511a0476240ffb5ae69e3d0f1 | RegionOne | nova | compute | True | admin | http://controller:8774/v2.1/ |
| 2c5f | | | | | | %(tenant_id)s |
| 14c09e59339e47daa8c93aea91d1 | RegionOne | swift | object-store | True | public | http://controller:8080/v1/AU |
| c95a | | | | | | TH_%(tenant_id)s |
| 17be41127c74496888014fd5f267 | RegionOne | neutron | network | True | public | http://controller:9696 |
| daf5 | | | | | | |
| 28821b96d93c4c04957c850c9983 | RegionOne | swift | object-store | True | admin | http://controller:8080/v1 |
| 3589 | | | | | | |
| 39dd31527614489ea4e64536b088 | RegionOne | cinder | volume | True | internal | http://controller:8776/v1/%( |
| ea32 | | | | | | tenant_id)s |
| 3b227946b66d4d06884d4d5cdfd2 | RegionOne | glance | image | True | internal | http://controller:9292 |
| c688 | | | | | | |
| 42cc123dd76d4b16a6c434f76e28 | RegionOne | swift | object-store | True | internal | http://controller:8080/v1/AU |
| 0dce | | | | | | TH_%(tenant_id)s |
| 430ded9641df46c588c8e1756c0a | RegionOne | cinderv2 | volumev2 | True | public | http://controller:8776/v2/%( |
| c454 | | | | | | tenant_id)s |
| 547afe78cffd4c1e9ed30291103b | RegionOne | glance | image | True | public | http://controller:9292 |
| f9eb | | | | | | |
| 7b8f1841e7224ca899419325c781 | RegionOne | neutron | network | True | internal | http://controller:9696 |
| e73d | | | | | | |
| 88bb708fd47d41358a9452b332d2 | RegionOne | keystone | identity | True | public | http://controller:5000/v3 |
| 1146 | | | | | | |
| 957a7e7109204300893f41dba242 | RegionOne | cinderv2 | volumev2 | True | admin | http://controller:8776/v2/%( |
| 7019 | | | | | | tenant_id)s |
| 9d5fd3e11ef14ef7b2d06e4f0c07 | RegionOne | keystone | identity | True | internal | http://controller:5000/v3 |
| 87e5 | | | | | | |
| a1a5ca5a65ee4728a4576caf8766 | RegionOne | nova | compute | True | public | http://controller:8774/v2.1/ |
| c608 | | | | | | %(tenant_id)s |
| a9ca8fc797474c0a92a45cdb6ee5 | RegionOne | cinder | volume | True | public | http://controller:8776/v1/%( |
| dab7 | | | | | | tenant_id)s |
| bca5b8487e264cc196ff9dd96959 | RegionOne | keystone | identity | True | admin | http://controller:35357/v3 |
| c39b | | | | | | |
| c511baefff0c4f8288293eeb42a1 | RegionOne | cinderv2 | volumev2 | True | internal | http://controller:8776/v2/%( |
| 4744 | | | | | | tenant_id)s |
| dc578f9d90304e23a44275954c19 | RegionOne | nova | compute | True | internal | http://controller:8774/v2.1/ |
| 617d | | | | | | %(tenant_id)s |
| df20a18a22314401ab775faf3ff1 | RegionOne | neutron | network | True | admin | http://controller:9696 |
| 2d7c | | | | | | |
| e003ba42f3f74bdcbda19ec9ef7e | RegionOne | glance | image | True | admin | http://controller:9292 |
| 7fb1 | | | | | | |
+------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
Glance 服务运维
Glance 镜像服务实现发现、注册、获取虚拟机镜像和镜像元数据,镜像数据支持多种存储系统,可以是简单文件系统、对象存储系统等。Glance 镜像服务是典型的 C/S 架构,Glance 架构包括 glance-CLIent、Glance 和 Glance Store。Glance 主要包括 REST API、数据库抽象层(DAL)、域控制器(glance domain controller)和注册层(registry layer),Glance 使用集中数据库(Glance DB)在 Glance 各组件间直接共享数据。
Glance 管理镜像
(1)创建镜像
- 创建一个名称为“cirros”镜像,镜像文件使用提供的“cirros-0.3.4-x86_64-disk.img”。
[root@controller ~]# ls
anaconda-ks.cfg cirros-0.3.4-x86_64-disk.img XianDian-IaaS-v2.2.iso
[root@controller ~]# glance image-create --name "cirros" --disk-format qcow2 --container-format bare --progress < cirros-0.3.4-x86_64-disk.img
[=============================>] 100%
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2022-07-18T01:52:58Z |
| disk_format | qcow2 |
| id | ff1c4a78-ecec-4742-8928-60fa0f1a82ab |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | e221e26e9ce340eaa215ffaf9b73de18 |
| protected | False |
| size | 13287936 |
| status | active |
| tags | [] |
| updated_at | 2022-07-18T01:53:00Z |
| virtual_size | None |
| visibility | private |
+------------------+--------------------------------------+
(2)查看镜像列表
[root@controller ~]# glance image-list
+--------------------------------------+-----------+
| ID | Name |
+--------------------------------------+-----------+
| eafd3ba6-ff00-4abd-9549-e6167b068bd9 | centos7.2 |
| ff1c4a78-ecec-4742-8928-60fa0f1a82ab | cirros |
+--------------------------------------+-----------+
Glance 镜像运维
(1)查看镜像详情
- 通过 glance image-show 命令查看镜像的详细信息(id 参数可以是对应镜像 id 或者镜像名称)
[root@controller ~]# glance image-show ff1c4a78-ecec-4742-8928-60fa0f1a82ab
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2022-07-18T01:52:58Z |
| disk_format | qcow2 |
| id | ff1c4a78-ecec-4742-8928-60fa0f1a82ab |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | e221e26e9ce340eaa215ffaf9b73de18 |
| protected | False |
| size | 13287936 |
| status | active |
| tags | [] |
| updated_at | 2022-07-18T01:53:00Z |
| virtual_size | None |
| visibility | private |
+------------------+--------------------------------------+
(2)更改镜像
可以使用 glance image-update 更新镜像信息,使用 glance image-delete 删除镜像信息。
- 如果需要改变镜像启动硬盘最低要求值(min-disk)时,min-disk 默认单位为 G
[root@controller ~]# glance image-update --min-disk=1 ff1c4a78-ecec-4742-8928-60fa0f1a82ab
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2022-07-18T01:52:58Z |
| disk_format | qcow2 |
| id | ff1c4a78-ecec-4742-8928-60fa0f1a82ab |
| min_disk | 1 |
| min_ram | 0 |
| name | cirros |
| owner | e221e26e9ce340eaa215ffaf9b73de18 |
| protected | False |
| size | 13287936 |
| status | active |
| tags | [] |
| updated_at | 2022-07-18T02:03:59Z |
| virtual_size | None |
| visibility | private |
+------------------+--------------------------------------+
(3)删除镜像
[root@controller ~]# glance image-delete ff1c4a78-ecec-4742-8928-60fa0f1a82ab
[root@controller ~]# glance image-list
+--------------------------------------+-----------+
| ID | Name |
+--------------------------------------+-----------+
| eafd3ba6-ff00-4abd-9549-e6167b068bd9 | centos7.2 |
+--------------------------------------+-----------+
Nova 服务运维
(1)Nova 管理安全组规则
安全组(security group)是一些规则的集合,用来对虚拟机的访问流量加以限制,这反映到底层,就是使用 iptables,给虚拟机所在的宿主机添加 iptables 规则。可以定义 n 个安全组,每个安全组可以有 n 个规则,可以给每个实例绑定 n 个安全组。Nova 中总是有一个 default安全组,这个是不能被删除的。创建实例的时候,如果不指定安全组,会默认使用这个 default安全组。现在 Nova 中安全组应该会移到 Neutron 中,并且会增加对虚拟机外出流量的控制。
注意:Nova中的安全组只是对进入虚拟机的流量加以控制,对虚拟机外出流量没有加以限制。
#创建一个名为 test 的安全组,描述为'test the nova command about the rules',
[root@controller ~]# nova secgroup-create test 'test the nova command about the rules'
+--------------------------------------+------+---------------------------------------+
| Id | Name | Description |
+--------------------------------------+------+---------------------------------------+
| dd7ebbc4-318e-44bb-94ca-443983920b4d | test | test the nova command about the rules |
+--------------------------------------+------+---------------------------------------+
[root@controller ~]# nova secgroup-list --all-tenants
+--------------------------------------+---------+---------------------------------------+----------------------------------+
| Id | Name | Description | Tenant_ID |
+--------------------------------------+---------+---------------------------------------+----------------------------------+
| 9d892c53-4403-4b78-b2d1-fd7d2dde1984 | default | Default security group | 4915940ed1cc44b3b97d36942ae6e317 |
| 7dad9b7b-e574-4cd4-a8d5-24b50669dd7d | default | Default security group | e221e26e9ce340eaa215ffaf9b73de18 |
| dd7ebbc4-318e-44bb-94ca-443983920b4d | test | test the nova command about the rules | e221e26e9ce340eaa215ffaf9b73de18 |
+--------------------------------------+---------+---------------------------------------+----------------------------------+
[root@controller ~]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| udp | 1 | 65535 | 0.0.0.0/0 | |
| icmp | -1 | -1 | 0.0.0.0/0 | |
| tcp | 1 | 65535 | 0.0.0.0/0 | |
| | | | | default |
| | | | | default |
+-------------+-----------+---------+-----------+--------------+
(2)Nova 管理虚拟机类型
虚拟机类型是在创建实例的时候,分配给实例的资源情况,接下来介绍 Nova 对虚拟机类型的管理。
创建一个虚拟机类型:nova flavor-create
- 使用命令创建一个名为 test,ID 为 6,内存为 2048 MB,磁盘为 20 GB,vCPU 数量为2 的云主机类型。
[root@controller ~]# nova flavor-create test 6 2048 20 2
+----+------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+----+------+-----------+------+-----------+------+-------+-------------+-----------+
| 6 | test | 2048 | 20 | 0 | | 2 | 1.0 | True |
+----+------+-----------+------+-----------+------+-------+-------------+-----------+
[root@controller ~]# nova flavor-show test
+----------------------------+-------+
| Property | Value |
+----------------------------+-------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 20 |
| extra_specs | {} |
| id | 6 |
| name | test |
| os-flavor-access:is_public | True |
| ram | 2048 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 2 |
+----------------------------+-------+
Nova 实例管理
(1)启动实例
Nova 可对云平台中的实例进行管理,包括创建实例、启动实例、删除实例和实例迁移等操作。
[root@controller ~]# nova flavor-list
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | | 1 | 1.0 | True |
| 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True |
| 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True |
| 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | 1.0 | True |
| 6 | test | 2048 | 20 | 0 | | 2 | 1.0 | True |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
[root@controller ~]# nova secgroup-list --all-tenants
+--------------------------------------+---------+---------------------------------------+----------------------------------+
| Id | Name | Description | Tenant_ID |
+--------------------------------------+---------+---------------------------------------+----------------------------------+
| 9d892c53-4403-4b78-b2d1-fd7d2dde1984 | default | Default security group | 4915940ed1cc44b3b97d36942ae6e317 |
| 7dad9b7b-e574-4cd4-a8d5-24b50669dd7d | default | Default security group | e221e26e9ce340eaa215ffaf9b73de18 |
| dd7ebbc4-318e-44bb-94ca-443983920b4d | test | test the nova command about the rules | e221e26e9ce340eaa215ffaf9b73de18 |
+--------------------------------------+---------+---------------------------------------+----------------------------------+
启动实例: nova boot
格式:
$ nova boot --flavor FLAVOR_ID --image IMAGE_ID --key-name kEY_NAME \
-- user-data USER_DATA_FILE --security-groups SEC_GROUP_NAME --meta KEY=VALUE \
INSTANCE_NAME
可选参数
[--flavor <flavor>]:虚拟机类型。
[--image <image>]:选用的镜像。
[--image-with <key=value>] :镜像的元数据属性。
[--boot-volume <volume_id>:启动逻辑卷的 ID。 [--snapshot <snapshot_id>] 快照
[--num-instances <number>] 实例数量
[--meta <key=value>] 元数据
[--file <dst-path=src-path>] 文件
[--key-name <key-name>] 密钥名称
[--user-data <user-data>] 注入的用户数据
[--availability-zone <availability-zone>] 可用域
[--security-groups <security-groups>] 安全组
[--block-device-mapping <dev-name=mapping>] 块存储格式化
[--block-device key1=value1[,key2=value2...]] 块设备参数
[--swap <swap_size>] 交换分区大小
[--ephemeral size=<size>[,format=<format>]] 连接块存储大小
[--hint <key=value>] 自定义数据
[--nic ] 配置 IP
[--config-drive <value>] 驱动使能
[--poll] 显示创建进度
(2)删除实例
删除实例:nova delete
格式:
usage: nova delete [--all-tenants] <server> [<server> ...]
Immediately shut down and delete specified server(s).
Positional arguments:
<server> Name or ID of server(s).
Optional arguments:
--all-tenants Delete server(s) in another tenant by name (Admin only).
Neutron 服务运维
Neutron 网络目的是灵活地划分物理网络,在多租户环境下提供给每个租户独立的网络环境。它是可以被用户创建的对象,如果要和物理环境下的概念映射的话,这个对象相当于一个巨大的交换机,可以拥有无限多个动态可创建和销毁的虚拟端口。
Neutron 查询
- 使用 Neutron 相关命令查询网络服务的列表信息中的“binary”一列
[root@controller ~]# neutron agent-list -c binary
+---------------------------+
| binary |
+---------------------------+
| neutron-openvswitch-agent |
| neutron-dhcp-agent |
| neutron-metadata-agent |
| neutron-lbaas-agent |
| neutron-openvswitch-agent |
| neutron-metadata-agent |
| neutron-l3-agent |
+---------------------------+
查询网络详情
[root@controller ~]# neutron net-list
+--------------------------------------+------+-----------------------------------------+
| id | name | subnets |
+--------------------------------------+------+-----------------------------------------+
| 44b68db6-7e80-4596-8836-752455b62183 | net1 | 2b869943-fb42-47fe-8ed2-076561d29102 |
| | | 192.168.2.0/24 |
| a8afe12e-1137-45c6-8a02-e025c8ce3de5 | net2 | |
+--------------------------------------+------+-----------------------------------------+
查询 Neutron 相关组件服务
使用 Neutron 相关命令查询网络服务 DHCP agent 的详细信息(id 为查询到 DHCP agent
服务对应 id)
[root@controller ~]# neutron agent-list
+------------+------------+------------+-------------------+-------+----------------+----------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+------------+------------+------------+-------------------+-------+----------------+----------------+
| 0a7f8cb9-8 | Open | compute | | :-) | True | neutron- |
| 7b7-4f65-a | vSwitch | | | | | openvswitch- |
| b94-5aab61 | agent | | | | | agent |
| 7fdfc7 | | | | | | |
| 0abae8e2-c | DHCP agent | controller | nova | :-) | True | neutron-dhcp- |
| 7a4-4106-8 | | | | | | agent |
| 438-ef0968 | | | | | | |
| 48c23e | | | | | | |
| 5b13403d-d | Metadata | controller | | :-) | True | neutron- |
| 358-45f9-9 | agent | | | | | metadata-agent |
| be6-297a86 | | | | | | |
| b9d4e5 | | | | | | |
| 8ab777df-3 | Loadbalanc | controller | | xxx | True | neutron-lbaas- |
| c23-4a86-9 | er agent | | | | | agent |
| b85-34b8dd | | | | | | |
| 271e36 | | | | | | |
| c2376638-8 | Open | controller | | :-) | True | neutron- |
| f52-4018 | vSwitch | | | | | openvswitch- |
| -b3ca-0820 | agent | | | | | agent |
| f16b8d25 | | | | | | |
| d5eb064f- | Metadata | compute | | :-) | True | neutron- |
| e33b-421f- | agent | | | | | metadata-agent |
| aaf4-b8f7b | | | | | | |
| 4084206 | | | | | | |
| fd245e50-8 | L3 agent | controller | nova | :-) | True | neutron-l3-age |
| f93-4d9d-a | | | | | | nt |
| 369-5e65a8 | | | | | | |
| 334542 | | | | | | |
+------------+------------+------------+-------------------+-------+----------------+----------------+
Cinder 服务运维
创建云硬盘
创建一个 2 GB 的云硬盘 extend-demo
[root@controller ~]# cinder create --name cinder-volume-demo 2
+--------------------------------+--------------------------------------+
| Property | Value |
+--------------------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2022-07-25T06:14:47.000000 |
| description | None |
| encrypted | False |
| id | fe940d3f-88c9-4c67-a6e6-67edc85fd197 |
| metadata | {} |
| migration_status | None |
| multiattach | False |
| name | cinder-volume-demo |
| os-vol-host-attr:host | None |
| os-vol-mig-status-attr:migstat | None |
| os-vol-mig-status-attr:name_id | None |
| os-vol-tenant-attr:tenant_id | e221e26e9ce340eaa215ffaf9b73de18 |
| replication_status | disabled |
| size | 2 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| updated_at | None |
| user_id | bc8cca0f048f41ee8a2543fff142f87f |
| volume_type | None |
+--------------------------------+--------------------------------------+
[root@controller ~]# cinder list
+--------------------------------------+--------+--------------------+------+-------------+----------+-------------+
| ID | Status | Name | Size | Volume Type | Bootable | Attached to |
+--------------------------------------+--------+--------------------+------+-------------+----------+-------------+
| fe940d3f-88c9-4c67-a6e6-67edc85fd197 | error | cinder-volume-demo | 2 | - | false | |
+--------------------------------------+--------+--------------------+------+-------------+----------+-------------+
创建云硬盘卷类型
创建 type 标识的卷类型。
可以通过 cinder type-create 命令来创建卷类型,创建了一个名为“lvm”的卷类型
[root@controller ~]# cinder type-create lvm
+--------------------------------------+------+-------------+-----------+
| ID | Name | Description | Is_Public |
+--------------------------------------+------+-------------+-----------+
| 82727a95-7933-46a0-b651-b64bea807d65 | lvm | - | True |
+--------------------------------------+------+-------------+-----------+
- 可以通过 cinder type-list 命令来查看现有的卷类型。
[root@controller ~]# cinder type-list
+--------------------------------------+------+-------------+-----------+
| ID | Name | Description | Is_Public |
+--------------------------------------+------+-------------+-----------+
| 82727a95-7933-46a0-b651-b64bea807d65 | lvm | - | True |
+--------------------------------------+------+-------------+-----------+
创建带标识云硬盘
type 标识为例,创建一块带“lvm”标识的云硬盘
[root@controller ~]# cinder create --name type_test_demo --volume-type lvm 1
+--------------------------------+--------------------------------------+
| Property | Value |
+--------------------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2022-07-25T06:17:55.000000 |
| description | None |
| encrypted | False |
| id | 59dc7baf-5222-44a3-aeb5-53d8c18a1533 |
| metadata | {} |
| migration_status | None |
| multiattach | False |
| name | type_test_demo |
| os-vol-host-attr:host | None |
| os-vol-mig-status-attr:migstat | None |
| os-vol-mig-status-attr:name_id | None |
| os-vol-tenant-attr:tenant_id | e221e26e9ce340eaa215ffaf9b73de18 |
| replication_status | disabled |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | error |
| updated_at | 2022-07-25T06:17:55.000000 |
| user_id | bc8cca0f048f41ee8a2543fff142f87f |
| volume_type | lvm |
+--------------------------------+--------------------------------------+
创建成功后可以通过命令查看结果,可以看到该卷的volume_type字段已修改为“lvm”,
[root@controller ~]# cinder show type_test_demo
+--------------------------------+--------------------------------------+
| Property | Value |
+--------------------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2022-07-25T06:17:55.000000 |
| description | None |
| encrypted | False |
| id | 59dc7baf-5222-44a3-aeb5-53d8c18a1533 |
| metadata | {} |
| migration_status | None |
| multiattach | False |
| name | type_test_demo |
| os-vol-host-attr:host | None |
| os-vol-mig-status-attr:migstat | None |
| os-vol-mig-status-attr:name_id | None |
| os-vol-tenant-attr:tenant_id | e221e26e9ce340eaa215ffaf9b73de18 |
| replication_status | disabled |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | error |
| updated_at | 2022-07-25T06:17:55.000000 |
| user_id | bc8cca0f048f41ee8a2543fff142f87f |
| volume_type | lvm |
+--------------------------------+--------------------------------------+
- 删除指定的 Cinder 卷,删除 Cinder 卷的方法比较简单,用户可以通过命令“cinder delete [ …]”来删除一个或多个 Cinder 卷
[root@controller ~]# cinder delete cinder-volume-demo
Request to delete volume cinder-volume-demo has been accepted.
Swift 服务运维
创建容器
[root@controller ~]# swift post test
查询容器
[root@controller ~]# swift list test
通过显示结果可以看出目前“test”容器里面的内容是空的,这时用户希望将本地的 file
目录内容递归上传到“test”容器内。首先创建 file 目录,并同时新建 3 个文件 one.txt、two.doc
和 three.png
[root@controller ~]# mkdir file
[root@controller ~]# touch one.txt
[root@controller ~]# touch two.doc
[root@controller ~]# touch three.png
Swift 上传和下载
[root@controller ~]# swift upload test file
file
- one.txt 文件上传到“test”容器内 file 目录内
[root@controller ~]# swift upload test/file one.txt
file/one.txt
- 换一种方式将剩下的 two.doc 和 three.png 递归上传到“test”容器下的 file 目录内
[root@controller ~]# mv two.doc three.png file/
[root@controller ~]# swift upload test file/ file/*
file/three.png
file/two.doc
file/three.png
file/two.doc
数据在 Swift 集群内保存,随时供用户下载使用,现在下载 three.png 文件
[root@controller ~]# rm -rf file/
[root@controller ~]# swift download test file/three.png
file/three.png [auth 0.633s, headers 0.838s, total 0.838s, 0.000 MB/s]
[root@controller ~]# ls
anaconda-ks.cfg cirros-0.3.4-x86_64-disk.img file one.txt XianDian-IaaS-v2.2.iso
[root@controller ~]# ls file/
three.png
[root@controller ~]# swift delete test file/three.png
file/three.png
[root@controller ~]# swift stat
Account: AUTH_e221e26e9ce340eaa215ffaf9b73de18
Containers: 1
Objects: 4
Bytes: 0
Containers in policy "policy-0": 1
Objects in policy "policy-0": 4
Bytes in policy "policy-0": 0
X-Account-Project-Domain-Id: ee04cbb02c8345079219d0be95c346c2
X-Timestamp: 1659048336.40572
X-Trans-Id: tx49b80f3d466a47d29b19a-0062de387e
Content-Type: text/plain; charset=utf-8
Accept-Ranges: bytes
[root@controller ~]# swift stat test
Account: AUTH_e221e26e9ce340eaa215ffaf9b73de18
Container: test
Objects: 3
Bytes: 0
Read ACL:
Write ACL:
Sync To:
Sync Key:
Accept-Ranges: bytes
X-Storage-Policy: Policy-0
X-Timestamp: 1659048336.42119
X-Trans-Id: txc2090f5cdfee453594db3-0062de384f
Content-Type: text/plain; charset=utf-8
