This section creates the necessary virtual networks to support launching instances. Networking option 1 includes one provider (external) network with one instance that uses it. Networking option 2 includes one provider network with one instance that uses it and one self-service (private) network with one instance that uses it. The instructions in this section use command-line interface (CLI) tools on the controller node. However, you can follow the instructions on any host that the tools are installed. For more information on the CLI tools, see the OpenStack End User Guide. To use the dashboard, see the OpenStack End User Guide.
根据你在网络选项中的选择来创建虚拟网络。如果你选择选项1,只需创建一个公有网络。如果你选择选项2,同时创建一个公有网络和一个私有网络
在你完成自己环境中合适网络的创建后,你可以继续后面的步骤来准备创建实例。
默认的最小规格的主机需要512 MB内存。对于环境中计算节点内存不足4 GB的,我们推荐创建只需要64 MB的``m1.nano``规格的主机。若单纯为了测试的目的,请使用``m1.nano``规格的主机来加载CirrOS镜像
$ openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field                      | Value   |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled   | False   |
| OS-FLV-EXT-DATA:ephemeral  | 0       |
| disk                       | 1       |
| id                         | 0       |
| name                       | m1.nano |
| os-flavor-access:is_public | True    |
| ram                        | 64      |
| rxtx_factor                | 1.0     |
| swap                       |         |
| vcpus                      | 1       |
+----------------------------+---------+
大部分云镜像支持 :term:`public key authentication`而不是传统的密码登陆。在启动实例前,你必须添加一个公共密钥到计算服务。
导入``demo``项目凭证
$ . demo-openrc
Generate a key pair and add a public key:
$ ssh-keygen -q -N ""
$ openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field       | Value                                           |
+-------------+-------------------------------------------------+
| fingerprint | ee:3d:2e:97:d4:e2:6a:54:6d:0d:ce:43:39:2c:ba:4d |
| name        | mykey                                           |
| user_id     | 58126687cbcc4888bfa9ab73a2256f27                |
+-------------+-------------------------------------------------+
注解
另外,你可以跳过执行 ssh-keygen 命令而使用已存在的公钥。
验证公钥的添加:
$ openstack keypair list
+-------+-------------------------------------------------+
| Name  | Fingerprint                                     |
+-------+-------------------------------------------------+
| mykey | ee:3d:2e:97:d4:e2:6a:54:6d:0d:ce:43:39:2c:ba:4d |
+-------+-------------------------------------------------+
默认情况下, ``default``安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像,我们推荐至少允许ICMP (ping) 和安全shell(SSH)规则。
添加规则到 default 安全组。
Permit ICMP (ping):
$ openstack security group rule create --proto icmp default
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| created_at        | 2016-10-05T09:52:31Z                 |
| description       |                                      |
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| headers           |                                      |
| id                | 6ee8d630-9803-4d3d-9aea-8c795abbedc2 |
| port_range_max    | None                                 |
| port_range_min    | None                                 |
| project_id        | 77ae8d7104024123af342ffb0a6f1d88     |
| project_id        | 77ae8d7104024123af342ffb0a6f1d88     |
| protocol          | icmp                                 |
| remote_group_id   | None                                 |
| remote_ip_prefix  | 0.0.0.0/0                            |
| revision_number   | 1                                    |
| security_group_id | 4ceee3d4-d2fe-46c1-895c-382033e87b0d |
| updated_at        | 2016-10-05T09:52:31Z                 |
+-------------------+--------------------------------------+
允许安全 shell (SSH) 的访问:
$ openstack security group rule create --proto tcp --dst-port 22 default
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| created_at        | 2016-10-05T09:54:50Z                 |
| description       |                                      |
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| headers           |                                      |
| id                | 3cd0a406-43df-4741-ab29-b5e7dcb7469d |
| port_range_max    | 22                                   |
| port_range_min    | 22                                   |
| project_id        | 77ae8d7104024123af342ffb0a6f1d88     |
| project_id        | 77ae8d7104024123af342ffb0a6f1d88     |
| protocol          | tcp                                  |
| remote_group_id   | None                                 |
| remote_ip_prefix  | 0.0.0.0/0                            |
| revision_number   | 1                                    |
| security_group_id | 4ceee3d4-d2fe-46c1-895c-382033e87b0d |
| updated_at        | 2016-10-05T09:54:50Z                 |
+-------------------+--------------------------------------+
如果你的环境包括云编排服务,你可以创建一个栈来自动化创建一个实例。
For more information, see the Orchestration installation guide.
 
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.