yum upgrade -y
yum install python-openstackclient openstack-selinux -y
#openstack命令用到的
cat /etc/hosts
127.0.0.1 localhost
192.168.139.70 xcontroller
192.168.139.71 xcompute
yum install mariadb mariadb-server MySQL-python -y
----------
/etc/my.cnf.d/mariadb_openstack.cnf
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
# systemctl enable mariadb.service
# systemctl start mariadb.service
yum install rabbitmq-server -y
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
rabbitmqctl add_user openstack haoning
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 BEGIN◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
■■■■■■■■■■■■■■■■■■keystone begin■■■■■■■■■■■■■■■■■■■■■■■■■■
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;
yum install openstack-keystone httpd mod_wsgi memcached python-memcached -y
systemctl enable memcached.service
systemctl start memcached.service
------------------
/etc/keystone/keystone.conf
[DEFAULT]
admin_token = ADMIN_TOKEN
verbose = True
[database]
connection = mysql://keystone:haoning@xcontroller/keystone
[memcache]
servers = xcontroller:11211
[token]
provider = uuid
driver = memcache
[revoke]
driver = sql
su -s /bin/sh -c "keystone-manage db_sync" keystone
-----------------
/etc/httpd/conf/httpd.conf
ServerName xcontroller
----------
/etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
Require all granted
Order allow,deny
Allow from all
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
Require all granted
Order allow,deny
Allow from all
systemctl enable httpd.service
systemctl start httpd.service
export OS_TOKEN=ADMIN_TOKEN
export OS_URL=http://xcontroller:35357/v3
export OS_IDENTITY_API_VERSION=3
openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region wuhan identity public http://xcontroller:5000/v2.0
openstack endpoint create --region wuhan identity internal http://xcontroller:5000/v2.0
openstack endpoint create --region wuhan identity admin http://xcontroller:35357/v2.0
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password haoning admin
openstack role create admin
openstack role add --project admin --user admin admin
openstack project create --domain default --description "Service Project" service
#这个干啥用了?
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password haoning demo
openstack role create user
openstack role add --project demo --user demo user
---------------
###一下这段不使用也行 begin
/usr/share/keystone/keystone-dist-paste.ini
#For security reasons, disable the temporary authentication token mechanism:
#Edit the /usr/share/keystone/keystone-dist-paste.ini file and remove admin_token_auth from the [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] sections.
###一下这段不使用也行 end
unset OS_TOKEN OS_URL
openstack --os-auth-url http://xcontroller:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue
openstack --os-auth-url http://xcontroller:5000/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name demo --os-username demo --os-auth-type password token issue
----------
[root@xcontroller ~]# cat admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=haoning
export OS_AUTH_URL=http://xcontroller:35357/v3
export OS_IDENTITY_API_VERSION=3
[root@xcontroller ~]# cat demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=haoning
export OS_AUTH_URL=http://xcontroller:5000/v3
export OS_IDENTITY_API_VERSION=3
[root@xcontroller ~]#
source admin-openrc.sh
openstack token issue
openstack user list
■■■■■■■■■■■■■■■■■■keystone end■■■■■■■■■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■glance begin■■■■■■■■■■■■■■■■■■■■■■■■■■
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'glance'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;
openstack user create --domain default --password haoning glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image service" image
openstack endpoint create --region wuhan image public http://xcontroller:9292
openstack endpoint create --region wuhan image internal http://xcontroller:9292
openstack endpoint create --region wuhan image admin http://xcontroller:9292
yum install openstack-glance python-glance python-glanceclient -y
-------------------
/etc/glance/glance-api.conf
[database]
connection = mysql://glance:haoning@xcontroller/glance
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = haoning
[paste_deploy]
flavor = keystone
#Comment out or remove any other options in the [keystone_authtoken] section.
[glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[DEFAULT]
notification_driver = noop
verbose = True
-----------------------
/etc/glance/glance-registry.conf
[database]
connection = mysql://glance:haoning@xcontroller/glance
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = haoning
[paste_deploy]
flavor = keystone
#Comment out or remove any other options in the [keystone_authtoken] section
[DEFAULT]
notification_driver = noop
verbose = True
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
echo "export OS_IMAGE_API_VERSION=2" | tee -a admin-openrc.sh demo-openrc.sh
source admin-openrc.sh
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress
$ glance image-list
■■■■■■■■■■■■■■■■■■glance end■■■■■■■■■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■nova begin■■■■■■■■■■■■■■■■■■■■■■■■■■
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;
openstack user create --domain default --password haoning nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region wuhan compute public http://xcontroller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region wuhan compute internal http://xcontroller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region wuhan compute admin http://xcontroller:8774/v2/%\(tenant_id\)s
yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient -y
---------------------------
/etc/nova/nova.conf
[database]
connection = mysql://nova:haoning@xcontroller/nova
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = haoning
#Comment out or remove any other options in the [keystone_authtoken] section.
[DEFAULT]
my_ip = 192.168.139.70
[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
host = xcontroller
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[DEFAULT]
enabled_apis=osapi_compute,metadata
[DEFAULT]
verbose = True
su -s /bin/sh -c "nova-manage db sync" nova
systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 BEGIN◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
yum install openstack-nova-compute sysfsutils -y
----------/etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = haoning
#Comment out or remove any other options in the [keystone_authtoken] section.
[DEFAULT]
my_ip = 192.168.139.71
#Replace MANAGEMENT_INTERFACE_IP_ADDRESS with the IP address of the management network interface on your compute node, typically 10.0.0.31 for the first node in the example architecture.
[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://xcontroller:6080/vnc_auto.html
#If the web browser to access remote consoles resides on a host that cannot resolve the controller hostname, you must replace controller with the management interface IP address of the controller node.
[glance]
host = xcontroller
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[DEFAULT]
verbose = True
[libvirt]
#virt_type = qemu
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
nova service-list
nova endpoints
nova hypervisor-stats
nova image-list
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
■■■■■■■■■■■■■■■■■■nova end■■■■■■■■■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■neutron begin■■■■■■■■■■■■■■■■■■■■■■■■■■
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;
openstack user create --domain default --password haoning neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region wuhan network public http://xcontroller:9696
openstack endpoint create --region wuhan network internal http://xcontroller:9696
openstack endpoint create --region wuhan network admin http://xcontroller:9696
★★★★★★★★★★Networking Option 2: Self-service networks begin★★★★★★★★★★★★★★★
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset -y
-----------------------
/etc/neutron/neutron.conf
[database]
connection = mysql://neutron:haoning@xcontroller/neutron
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
#Comment out or remove any other options in the [keystone_authtoken] section.
[DEFAULT]
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://xcontroller:8774/v2
[nova]
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = nova
password = haoning
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[DEFAULT]
verbose = True
-------------------------
/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
[ml2]
tenant_network_types = vxlan
[ml2]
mechanism_drivers = linuxbridge,l2population
[ml2]
extension_drivers = port_security
[ml2_type_flat]
flat_networks = public
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = True
--------------
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eth0
#physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
#Replace PUBLIC_INTERFACE_NAME with the name of the underlying physical public network interface.
[vxlan]
enable_vxlan = True
local_ip = 192.168.139.70
l2_population = True
#local_ip = OVERLAY_INTERFACE_IP_ADDRESS
#Replace OVERLAY_INTERFACE_IP_ADDRESS with the IP address of the underlying physical network interface that handles overlay networks. T
#he example architecture uses the management interface to tunnel traffic to the other nodes. Therefore, replace OVERLAY_INTERFACE_IP_ADDRESS with each node’s own management IP address.
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
--------------------------------------------
/etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
#The external_network_bridge option intentionally lacks a value to enable multiple external networks on a single agent.
[DEFAULT]
verbose = True
-----------------
/etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[DEFAULT]
verbose = True
[DEFAULT]
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
----------------
echo "dhcp-option-force=26,1450" > /etc/neutron/dnsmasq-neutron.conf
★★★★★★★★★★Networking Option 2: Self-service networks end★★★★★★★★★★★★★★★
---------------------
/etc/neutron/metadata_agent.ini
[DEFAULT]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_region = wuhan
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
####★★★★★★★★★★★★★★去掉其他的配置,在这里有一堆
# Show debugging output in log (sets DEBUG log level output)
# debug = True
# The Neutron user information for accessing the Neutron API.
#auth_url = http://localhost:5000/v2.0
#auth_region = RegionOne
## Turn off verification of the certificate for ssl
## auth_insecure = False
## Certificate Authority public key (CA cert) file for ssl
## auth_ca_cert =
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
[DEFAULT]
nova_metadata_ip = xcontroller
[DEFAULT]
metadata_proxy_shared_secret = METADATA_SECRET
[DEFAULT]
verbose = True
----------------------
/etc/nova/nova.conf
[neutron]
url = http://xcontroller:9696
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = neutron
password = haoning
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
####Finalize installation
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
neutron agent-list
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 begin◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
-------------------------------
/etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
#★★★★★★有一些多余的东西需要去掉
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[DEFAULT]
verbose = True
-------------------
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eth0
#Replace PUBLIC_INTERFACE_NAME with the name of the underlying physical public network interface.
[vxlan]
enable_vxlan = True
local_ip = 192.168.139.71
l2_population = True
#Replace OVERLAY_INTERFACE_IP_ADDRESS with the IP address of the underlying physical network interface that handles overlay networks.
#The example architecture uses the management interface to tunnel traffic to the other nodes. Therefore, replace OVERLAY_INTERFACE_IP_ADDRESS with each node’s own management IP address.
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
-------------/etc/nova/nova.conf
[neutron]
url = http://xcontroller:9696
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = neutron
password = haoning
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
neutron ext-list
neutron agent-list
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 end◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
■■■■■■■■■■■■■■■■■■neutron end■■■■■■■■■■■■■■■■■■■■■■■■■■
补丁:
https://review.openstack.org/#/c/258493/1/neutron/agent/linux/ip_lib.py
#---建立一个vm
########public#########
neutron net-create public --shared --provider:physical_network public --provider:network_type flat
#neutron subnet-create public PUBLIC_NETWORK_CIDR --name public --allocation-pool start=START_IP_ADDRESS,end=END_IP_ADDRESS --dns-nameserver DNS_RESOLVER --gateway PUBLIC_NETWORK_GATEWAY
neutron subnet-create public 192.168.142.0/20 --name public --allocation-pool start=192.168.142.180,end=192.168.142.200 --dns-nameserver 8.8.4.4 --gateway 192.168.128.1
###########private######################
neutron net-create private
#neutron subnet-create private PRIVATE_NETWORK_CIDR --name private --dns-nameserver DNS_RESOLVER --gateway PRIVATE_NETWORK_GATEWAY
neutron subnet-create private 172.16.1.0/24 --name private --dns-nameserver 8.8.4.4 --gateway 172.16.1.1
#Add the router: external option to the public provider network:
neutron net-update public --router:external
neutron router-create router
neutron router-list
neutron router-interface-add router private
neutron router-gateway-set router public
ip netns
neutron router-port-list router
ping -c 4 192.168.142.181
ssh-keygen -q -N ""
nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey
nova keypair-list
nova secgroup-list
nova secgroup-list-rules default
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova flavor-list
nova image-list
neutron net-list
nova secgroup-list
#nova boot --flavor m1.tiny --image cirros --nic net-id=PRIVATE_NET_ID --security-group default --key-name mykey private-instance
#nova boot --flavor m1.tiny --image cirros --nic net-id=c273f3dc-a567-4e4a-8473-0ecaa3587ec7 --security-group default --key-name mykey private-instance
nova list
#Add security group rules
nova boot --flavor m1.tiny --image cirros --nic net-id=c273f3dc-a567-4e4a-8473-0ecaa3587ec7 --security-group default --key-name mykey private-instance
nova list
nova get-vnc-console private-instance novnc
neutron floatingip-create public
nova floating-ip-associate private-instance 192.168.142.182
ssh [email protected]
不用密码登陆
http://docs.openstack.org/liberty/install-guide-rdo/launch-instance-private.html