-
Notifications
You must be signed in to change notification settings - Fork 0
nova
irixjp edited this page Nov 17, 2012
·
3 revisions
Horizon を使用せずコマンドから起動してみましょう。インスタンスを起動するには nova boot コマンドを使用します。
$ nova help boot
usage: nova boot [--flavor <flavor>] [--image <image>] [--meta <key=value>]
[--file <dst-path=src-path>] [--key-name <key-name>]
[--user-data <user-data>]
[--availability-zone <availability-zone>]
[--security-groups <security-groups>]
[--block-device-mapping <dev-name=mapping>]
[--hint <key=value>]
[--nic <net-id=net-uuid,v4-fixed-ip=ip-addr>]
[--config-drive <value>] [--poll]
<name>
Boot a new server.
Positional arguments:
<name> Name for the new server
Optional arguments:
--flavor <flavor> Flavor ID (see 'nova flavor-list').
--image <image> Image ID (see 'nova image-list').
--meta <key=value> Record arbitrary key/value metadata to /meta.js on the
new server. Can be specified multiple times.
--file <dst-path=src-path>
Store arbitrary files from <src-path> locally to <dst-
path> on the new server. You may store up to 5 files.
--key-name <key-name>
Key name of keypair that should be created earlier
with the command keypair-add
--user-data <user-data>
user data file to pass to be exposed by the metadata
server.
--availability-zone <availability-zone>
The availability zone for instance placement.
--security-groups <security-groups>
Comma separated list of security group names.
--block-device-mapping <dev-name=mapping>
Block device mapping in the format <dev-
name>=<id>:<type>:<size(GB)>:<delete-on-terminate>.
--hint <key=value> Send arbitrary key/value pairs to the scheduler for
custom use.
--nic <net-id=net-uuid,v4-fixed-ip=ip-addr>
Create a NIC on the server. Specify option multiple
times to create multiple NICs. net-id: attach NIC to
network with this UUID (optional) v4-fixed-ip: IPv4
fixed address for NIC (optional). port-id: attach NIC
to port with this UUID (optional)
--config-drive <value>
Enable config drive
--poll Blocks while instance builds so progress can be
reported.
最低限必要なオプションは次の4つです。
| オプション | 説明 |
|---|---|
| --flavor | 起動するフレーバーを指定(nova flavor-list で確認) |
| --image | 起動するイメージを指定(nova image-list で確認) |
| --security-groups | セキュリティグループを1つ以上指定(nova secgroup-list で確認) |
| --nic | 所属させるネットワークを指定(quantum net-list で指定?) |
例:
$ nova boot --flavor m1.tiny --image 69989707-d9ca-4905-aff7-39e3b025d704 --security-groups default --nic net-id=cb2f35e8-2ac7-493d-8089-a302e3be5cee testvm01
作成されたインスタンスを確認しましょう。
$ nova list
+--------------------------------------+----------+--------+------------------+
| ID | Name | Status | Networks |
+--------------------------------------+----------+--------+------------------+
| 5414970e-cd6e-4306-a144-ba8e3e618ae1 | testvm01 | ACTIVE | net1=172.24.17.2 |
+--------------------------------------+----------+--------+------------------+
$ nova show 5414970e-cd6e-4306-a144-ba8e3e618ae1
+------------------------+----------------------------------------------------------------+
| Property | Value |
+------------------------+----------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-STS:power_state | 1 |
| OS-EXT-STS:task_state | None |
| OS-EXT-STS:vm_state | active |
| accessIPv4 | |
| accessIPv6 | |
| config_drive | |
| created | 2012-11-17T15:30:32Z |
| flavor | m1.tiny (1) |
| hostId | 8b25c3d143c24a8716a8bdfb4a7dd578cfa7de8e5943d45aed6d7dc8 |
| id | 5414970e-cd6e-4306-a144-ba8e3e618ae1 |
| image | cirros-0.3.0-x86_64-uec (46c3a248-f527-48d5-83db-06039b839011) |
| key_name | testvm01 |
| metadata | {} |
| name | testvm01 |
| net1 network | 172.24.17.2 |
| progress | 0 |
| security_groups | [{u'name': u'default'}] |
| status | ACTIVE |
| tenant_id | ad6bc57213b04c7f867aadbab97519e3 |
| updated | 2012-11-17T15:31:56Z |
| user_id | 5f003e1815ea4f76991a8b824402a918 |
+------------------------+----------------------------------------------------------------+
$ nova-manage vm list 2> /dev/null
instance node type state launched image kernel ramdisk project user zone index
testvm01 v157-7-133-23 m1.tiny active 2012-11-17 15:30:38 46c3a248-f527-48d5-83db-06039b839011 acd2c73c-7e71-42a9-b1a2-e0ffa4845243 4389a1ad-321a-4c07-9508-f45b7c28b66e ad6bc57213b04c7f867aadbab97519e3 5f003e1815ea4f76991a8b824402a918 None 0
$ cd /opt/stack/data/nova/instances/
$ find . | xargs grep --color 5414970e-cd6e-4306-a144-ba8e3e618ae1
./instance-0000000f/libvirt.xml: <uuid>5414970e-cd6e-4306-a144-ba8e3e618ae1</uuid>
devstackの環境ではlibvirt経由で qemu or kvm が使われるので、virshコマンドを使って状態が確認できます。
$ virsh list
Id Name State
----------------------------------
11 instance-0000000f running
詳細の表示
$ virsh dumpxml instance-0000000f
<domain type='qemu' id='11'>
<name>instance-0000000f</name>
<uuid>5414970e-cd6e-4306-a144-ba8e3e618ae1</uuid>
<memory>524288</memory>
<currentMemory>524288</currentMemory>
<vcpu>1</vcpu>
<os>
<type arch='x86_64' machine='pc-1.0'>hvm</type>
<kernel>/opt/stack/data/nova/instances/instance-0000000f/kernel</kernel>
<initrd>/opt/stack/data/nova/instances/instance-0000000f/ramdisk</initrd>
<cmdline>root=/dev/vda console=ttyS0</cmdline>
<boot dev='hd'/>
</os>
<features>
<acpi/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2' cache='none'/>
<source file='/opt/stack/data/nova/instances/instance-0000000f/disk'/>
<target dev='vda' bus='virtio'/>
<alias name='virtio-disk0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</disk>
<interface type='bridge'>
<mac address='fa:16:3e:5a:6b:56'/>
<source bridge='qbr40217e48-01'/>
<target dev='vnet0'/>
<filterref filter='nova-instance-instance-0000000f-fa163e5a6b56'>
<parameter name='DHCPSERVER' value='172.24.17.1'/>
<parameter name='IP' value='172.24.17.2'/>
<parameter name='PROJMASK' value='255.255.255.0'/>
<parameter name='PROJNET' value='172.24.17.0'/>
</filterref>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<serial type='file'>
<source path='/opt/stack/data/nova/instances/instance-0000000f/console.log'/>
<target port='0'/>
<alias name='serial0'/>
</serial>
<serial type='pty'>
<source path='/dev/pts/21'/>
<target port='1'/>
<alias name='serial1'/>
</serial>
<console type='file'>
<source path='/opt/stack/data/nova/instances/instance-0000000f/console.log'/>
<target type='serial' port='0'/>
<alias name='serial0'/>
</console>
<input type='tablet' bus='usb'>
<alias name='input0'/>
</input>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='5900' autoport='yes' listen='127.0.0.1' keymap='en-us'>
<listen type='address' address='127.0.0.1'/>
</graphics>
<video>
<model type='cirrus' vram='9216' heads='1'/>
<alias name='video0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
<alias name='balloon0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</memballoon>
</devices>
<seclabel type='dynamic' model='apparmor' relabel='yes'>
<label>libvirt-5414970e-cd6e-4306-a144-ba8e3e618ae1</label>
<imagelabel>libvirt-5414970e-cd6e-4306-a144-ba8e3e618ae1</imagelabel>
</seclabel>
</domain>
次は defalut のセキュリティグループを編集して 80 番ポートを開放した時の動きを確認します。
※ 実行前にインスタンスが稼動しているホストで $ sudo iptables -L コマンドで iptables の状態を確認しておきます。
$ nova secgroup-add-rule default tcp 80 80 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 80 | 80 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
セキュリティグループに対してルールを追加するとセキュリティグループを適用しているインスタンスの iptables が変化します。
ここでは INPUT チェインに http を許可する行が追加されます。
$ sudo iptables -L
nova-compute-provider all -- anywhere anywhere
ACCEPT udp -- 172.24.17.1 anywhere udp spt:bootps dpt:bootpc
ACCEPT all -- 172.24.17.0/24 anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http ← ここに一行追加される
$ nova boot --flavor m1.tiny --image 46c3a248-f527-48d5-83db-06039b839011 --nic net-id=6e4e800c-0329-49f4-b6b1-c5e887d8b853 --availability-zone cloudcore4 testvm01
提供されるデータの確認
$ wget -q -O - http://169.254.169.254/latest/meta-data/
ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
hostname
instance-action
instance-id
instance-type
kernel-id
local-hostname
local-ipv4
placement/
public-hostname
public-ipv4
ramdisk-id
reservation-id
例)インスタンスの所属するゾーンを取得
$ wget -q -O - http://169.254.169.254/latest/meta-data/placement/availability-zone
cloudcore4
169.254.169.254 のDNAT
$ sudo ip netns exec qrouter-132c24b2-66bd-408b-8b29-6392c259a29a iptables -nvL -t nat
Chain quantum-l3-agent-PREROUTING (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 169.254.169.254 tcp dpt:80 to:157.7.133.23:8775
0 0 DNAT all -- * * 0.0.0.0/0 10.0.0.4 to:172.24.17.3