blob: 07153906589473c05b5261eaf06ae97a7f7f6f69 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
Authenticate
$ . debian_openstack_installer/admin-openrc
verify all network agents are ready
$ openstack network agent list
Create provider network:
define network
$ openstack network create --share --external \
--provider-physical-network provider \
--provider-network-type flat provider
define subnet
$ openstack subnet create --network provider \
--allocation-pool start=192.168.0.20,end=192.168.0.90 \
--dns-nameserver 192.168.0.1 --gateway 192.168.0.1 \
--subnet-range 192.168.0.0/24 provider
enable icmp and ssh ports
$ openstack security group rule create --proto icmp default
$ openstack security group rule create --proto tcp --dst-port 22 default
Generate a key pair:
$ ssh-keygen -q -N ""
cd to your home directory
$ openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
verify
$ openstack keypair list
create cpu flavor
$ openstack flavor create --id 0 --vcpus 2 --ram 1024 --disk 10 m1.nano
download debian openstack image
https://cdimage.debian.org/cdimage/openstack/
upload
$ openstack image create \
--container-format bare \
--disk-format qcow2 \
--property hw_disk_bus=scsi \
--property hw_scsi_model=virtio-scsi \
--property os_type=linux \
--property os_distro=debian \
--property os_admin_user=debian \
--property os_version='10' \
--public \
--file debian-10-openstack-amd64.qcow2 \
debian-10-openstack-amd64
check network
$ openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| da5f9aa8-1bac-4aab-9931-0ce4d835783a | provider | eeeb4a46-8bb0-442b-b81c-20103c2d7f80 |
+--------------------------------------+----------+--------------------------------------+
copy ID as net-id while creating server
$ openstack server create --flavor m1.nano --image debian-10-openstack-amd64 \
--nic net-id=da5f9aa8-1bac-4aab-9931-0ce4d835783a \
--security-group default \
--key-name mykey debianinstance
If you get error like "More than one SecurityGroup exists with the name 'default'."
$ openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------------------+---------+------------------------+----------------------------------+------+
| cd54c8c9-d754-434a-9f5c-807c3288fced | default | Default security group | 53c2118ffdbb4b6388611480c7c7a7c0 | [] |
| f9151d2a-f49b-4828-9467-418d7cdfd1e8 | default | Default security group | 87b3104005904a2fbe18ad1a7ab601b3 | [] |
+--------------------------------------+---------+------------------------+----------------------------------+------+
inspect which one you enabled icmp and port 22 using the following command
$ openstack security group show cd54c8c9-d754-434a-9f5c-807c3288fced
delete the other one
$ openstack security group delete ID
you may also specify security group id instead of name
$ openstack server create --flavor m1.nano --image debian-10-openstack-amd64 \
--nic net-id=b2d69a6e-3a77-4d55-94fd-308558088a3d \
--security-group cd54c8c9-d754-434a-9f5c-807c3288fced \
--key-name mykey debianinstance
You may need to delete other default security group.
note: openstack server list may fail if multiple default profiles are present.
verify
$ openstack server list
when virtual server is ready you may ssh
$ ssh debian@IP
You may install apache2 for testing in vm.
You need to enable port 80 for security group to allow accessing from other hosts.
example:
$ openstack security group rule create --proto tcp --dst-port 80 default
(better create a new security group instead of enabling port 80 for default profile)
dashboard: https://192.168.0.155/horizon/
|