`
haoningabc
  • 浏览: 1478071 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

openstack试验(linux vxlan)

阅读更多
yum install centos-release-openstack-liberty -y
yum upgrade -y
yum install python-openstackclient openstack-selinux -y 
#openstack命令用到的
cat /etc/hosts
127.0.0.1       localhost
192.168.139.70  xcontroller
192.168.139.71  xcompute

yum install mariadb mariadb-server MySQL-python -y
----------
/etc/my.cnf.d/mariadb_openstack.cnf
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8



# systemctl enable mariadb.service
# systemctl start mariadb.service




yum install rabbitmq-server -y

systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

rabbitmqctl add_user openstack haoning
rabbitmqctl set_permissions openstack ".*" ".*" ".*"




GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 BEGIN◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
■■■■■■■■■■■■■■■■■■keystone begin■■■■■■■■■■■■■■■■■■■■■■■■■■

CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'xcontroller' IDENTIFIED BY 'haoning';

flush privileges;



yum install openstack-keystone httpd mod_wsgi memcached python-memcached -y
systemctl enable memcached.service
systemctl start memcached.service

------------------
/etc/keystone/keystone.conf
[DEFAULT]
admin_token = ADMIN_TOKEN
verbose = True
[database]
connection = mysql://keystone:haoning@xcontroller/keystone
[memcache]
servers = xcontroller:11211
[token]
provider = uuid
driver = memcache
[revoke]
driver = sql


su -s /bin/sh -c "keystone-manage db_sync" keystone

-----------------
/etc/httpd/conf/httpd.conf
ServerName xcontroller

----------
/etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
    </Directory>
</VirtualHost>

systemctl enable httpd.service
systemctl start httpd.service


export OS_TOKEN=ADMIN_TOKEN
export OS_URL=http://xcontroller:35357/v3
export OS_IDENTITY_API_VERSION=3

openstack service create  --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region wuhan identity public http://xcontroller:5000/v2.0
openstack endpoint create --region wuhan identity internal http://xcontroller:5000/v2.0
openstack endpoint create --region wuhan identity admin http://xcontroller:35357/v2.0

openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password haoning admin
openstack role create admin
openstack role add --project admin --user admin admin


openstack project create --domain default --description "Service Project" service
#这个干啥用了?
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password haoning demo
openstack role create user
openstack role add --project demo --user demo user

---------------
###一下这段不使用也行 begin
/usr/share/keystone/keystone-dist-paste.ini
#For security reasons, disable the temporary authentication token mechanism:
#Edit the /usr/share/keystone/keystone-dist-paste.ini file and remove admin_token_auth from the [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] sections.
###一下这段不使用也行 end

unset OS_TOKEN OS_URL

openstack --os-auth-url http://xcontroller:35357/v3  --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue
openstack --os-auth-url http://xcontroller:5000/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name demo --os-username demo --os-auth-type password token issue



----------
[root@xcontroller ~]# cat admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=haoning
export OS_AUTH_URL=http://xcontroller:35357/v3
export OS_IDENTITY_API_VERSION=3
[root@xcontroller ~]# cat demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=haoning
export OS_AUTH_URL=http://xcontroller:5000/v3
export OS_IDENTITY_API_VERSION=3
[root@xcontroller ~]#

source admin-openrc.sh
openstack token issue
openstack user list


■■■■■■■■■■■■■■■■■■keystone end■■■■■■■■■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■glance begin■■■■■■■■■■■■■■■■■■■■■■■■■■

CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost'  IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'glance'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;

openstack user create --domain default --password haoning glance
openstack role add --project service --user glance admin

openstack service create --name glance --description "OpenStack Image service" image
openstack endpoint create --region wuhan image public http://xcontroller:9292
openstack endpoint create --region wuhan image internal http://xcontroller:9292
openstack endpoint create --region wuhan image admin http://xcontroller:9292

yum install openstack-glance python-glance python-glanceclient -y



-------------------
/etc/glance/glance-api.conf
[database]
connection = mysql://glance:haoning@xcontroller/glance
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = haoning

[paste_deploy]
flavor = keystone

#Comment out or remove any other options in the [keystone_authtoken] section.
[glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[DEFAULT]
notification_driver = noop
verbose = True

-----------------------
/etc/glance/glance-registry.conf
[database]
connection = mysql://glance:haoning@xcontroller/glance
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = haoning
[paste_deploy]
flavor = keystone
#Comment out or remove any other options in the [keystone_authtoken] section
[DEFAULT]
notification_driver = noop
verbose = True

su -s /bin/sh -c "glance-manage db_sync" glance

systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service

echo "export OS_IMAGE_API_VERSION=2"  | tee -a admin-openrc.sh demo-openrc.sh
source admin-openrc.sh
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare  --visibility public --progress
$ glance image-list

■■■■■■■■■■■■■■■■■■glance end■■■■■■■■■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■nova begin■■■■■■■■■■■■■■■■■■■■■■■■■■
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;


openstack user create --domain default --password haoning nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region wuhan compute public http://xcontroller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region wuhan compute internal http://xcontroller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region wuhan compute admin http://xcontroller:8774/v2/%\(tenant_id\)s

yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient -y

---------------------------
/etc/nova/nova.conf
[database]
connection = mysql://nova:haoning@xcontroller/nova
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning

[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = haoning

#Comment out or remove any other options in the [keystone_authtoken] section.
[DEFAULT]
my_ip = 192.168.139.70
[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
host = xcontroller
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[DEFAULT]
enabled_apis=osapi_compute,metadata
[DEFAULT]
verbose = True

su -s /bin/sh -c "nova-manage db sync" nova

systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service


◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 BEGIN◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
yum install openstack-nova-compute sysfsutils -y

----------/etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning

[DEFAULT]
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = haoning
#Comment out or remove any other options in the [keystone_authtoken] section.

[DEFAULT]
my_ip = 192.168.139.71
#Replace MANAGEMENT_INTERFACE_IP_ADDRESS with the IP address of the management network interface on your compute node, typically 10.0.0.31 for the first node in the example architecture.
[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://xcontroller:6080/vnc_auto.html
#If the web browser to access remote consoles resides on a host that cannot resolve the controller hostname, you must replace controller with the management interface IP address of the controller node.

[glance]
host = xcontroller

[oslo_concurrency]
lock_path = /var/lib/nova/tmp


[DEFAULT]
verbose = True

[libvirt]
#virt_type = qemu

systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service


nova service-list
nova endpoints
nova hypervisor-stats
nova image-list

◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆



■■■■■■■■■■■■■■■■■■nova end■■■■■■■■■■■■■■■■■■■■■■■■■■

■■■■■■■■■■■■■■■■■■neutron begin■■■■■■■■■■■■■■■■■■■■■■■■■■
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;

openstack user create --domain default --password haoning neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region wuhan network public http://xcontroller:9696
openstack endpoint create --region wuhan network internal http://xcontroller:9696
openstack endpoint create --region wuhan network admin http://xcontroller:9696

★★★★★★★★★★Networking Option 2: Self-service networks begin★★★★★★★★★★★★★★★
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset -y

-----------------------
/etc/neutron/neutron.conf
[database]
connection = mysql://neutron:haoning@xcontroller/neutron
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True

[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning

[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
#Comment out or remove any other options in the [keystone_authtoken] section.

[DEFAULT]
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://xcontroller:8774/v2

[nova]
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = nova
password = haoning

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

[DEFAULT]
verbose = True


-------------------------
/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
[ml2]
tenant_network_types = vxlan
[ml2]
mechanism_drivers = linuxbridge,l2population
[ml2]
extension_drivers = port_security
[ml2_type_flat]
flat_networks = public
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = True

--------------
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eth0

#physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
#Replace PUBLIC_INTERFACE_NAME with the name of the underlying physical public network interface.

[vxlan]
enable_vxlan = True
local_ip = 192.168.139.70
l2_population = True

#local_ip = OVERLAY_INTERFACE_IP_ADDRESS
#Replace OVERLAY_INTERFACE_IP_ADDRESS with the IP address of the underlying physical network interface that handles overlay networks. T
#he example architecture uses the management interface to tunnel traffic to the other nodes. Therefore, replace OVERLAY_INTERFACE_IP_ADDRESS with each node’s own management IP address.

[agent]
prevent_arp_spoofing = True

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

--------------------------------------------
/etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
#The external_network_bridge option intentionally lacks a value to enable multiple external networks on a single agent.
[DEFAULT]
verbose = True

-----------------
/etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[DEFAULT]
verbose = True
[DEFAULT]
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf


----------------
echo  "dhcp-option-force=26,1450" > /etc/neutron/dnsmasq-neutron.conf



★★★★★★★★★★Networking Option 2: Self-service networks end★★★★★★★★★★★★★★★

---------------------
/etc/neutron/metadata_agent.ini
[DEFAULT]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_region = wuhan
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
####★★★★★★★★★★★★★★去掉其他的配置,在这里有一堆
# Show debugging output in log (sets DEBUG log level output)
# debug = True
# The Neutron user information for accessing the Neutron API.
#auth_url = http://localhost:5000/v2.0
#auth_region = RegionOne
## Turn off verification of the certificate for ssl
## auth_insecure = False
## Certificate Authority public key (CA cert) file for ssl
## auth_ca_cert =
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%


[DEFAULT]
nova_metadata_ip = xcontroller

[DEFAULT]
metadata_proxy_shared_secret = METADATA_SECRET

[DEFAULT]
verbose = True

----------------------
/etc/nova/nova.conf
[neutron]
url = http://xcontroller:9696
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = neutron
password = haoning

service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET


####Finalize installation
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

systemctl restart openstack-nova-api.service

systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service

neutron agent-list

◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 begin◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
-------------------------------
/etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit

[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning

[DEFAULT]
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
#★★★★★★有一些多余的东西需要去掉

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

[DEFAULT]
verbose = True

-------------------
/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = public:eth0

#Replace PUBLIC_INTERFACE_NAME with the name of the underlying physical public network interface.

[vxlan]
enable_vxlan = True
local_ip = 192.168.139.71
l2_population = True

#Replace OVERLAY_INTERFACE_IP_ADDRESS with the IP address of the underlying physical network interface that handles overlay networks.
#The example architecture uses the management interface to tunnel traffic to the other nodes. Therefore, replace OVERLAY_INTERFACE_IP_ADDRESS with each node’s own management IP address.

[agent]
prevent_arp_spoofing = True

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver


-------------/etc/nova/nova.conf
[neutron]
url = http://xcontroller:9696
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = neutron
password = haoning


systemctl restart openstack-nova-compute.service

systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service

neutron ext-list
neutron agent-list


◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 end◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆


■■■■■■■■■■■■■■■■■■neutron end■■■■■■■■■■■■■■■■■■■■■■■■■■
补丁:
https://review.openstack.org/#/c/258493/1/neutron/agent/linux/ip_lib.py


#---建立一个vm
########public#########
neutron net-create public --shared --provider:physical_network public --provider:network_type flat

#neutron subnet-create public PUBLIC_NETWORK_CIDR --name public --allocation-pool start=START_IP_ADDRESS,end=END_IP_ADDRESS --dns-nameserver DNS_RESOLVER --gateway PUBLIC_NETWORK_GATEWAY

neutron subnet-create public 192.168.142.0/20 --name public --allocation-pool start=192.168.142.180,end=192.168.142.200 --dns-nameserver 8.8.4.4 --gateway 192.168.128.1


###########private######################
neutron net-create private

#neutron subnet-create private PRIVATE_NETWORK_CIDR --name private --dns-nameserver DNS_RESOLVER --gateway PRIVATE_NETWORK_GATEWAY
neutron subnet-create private 172.16.1.0/24 --name private --dns-nameserver 8.8.4.4 --gateway 172.16.1.1

#Add the router: external option to the public provider network:
neutron net-update public --router:external
neutron router-create router
neutron router-list

neutron router-interface-add router private
neutron router-gateway-set router public
ip netns
neutron router-port-list router
ping -c 4  192.168.142.181



ssh-keygen -q -N ""
nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey
nova keypair-list

nova secgroup-list
nova  secgroup-list-rules default
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

nova flavor-list
nova image-list
neutron net-list
nova secgroup-list

#nova boot --flavor m1.tiny --image cirros --nic net-id=PRIVATE_NET_ID --security-group default --key-name mykey private-instance
#nova boot --flavor m1.tiny --image cirros --nic net-id=c273f3dc-a567-4e4a-8473-0ecaa3587ec7 --security-group default --key-name mykey private-instance
nova list

#Add security group rules

nova boot --flavor m1.tiny --image cirros --nic net-id=c273f3dc-a567-4e4a-8473-0ecaa3587ec7 --security-group default --key-name mykey private-instance
nova list
nova get-vnc-console private-instance novnc

neutron floatingip-create public

nova floating-ip-associate private-instance  192.168.142.182

ssh cirros@192.168.142.182

不用密码登陆

http://docs.openstack.org/liberty/install-guide-rdo/launch-instance-private.html



分享到:
评论

相关推荐

    openstack vxlan搭建指南

    openstack Newton vxlan模型搭建N版,亲测有效;手动搭建分布式OpenStack Newton vxlan模式v1.0

    openstack使用linux bridge+vxlan模式的网络变化与分析.pdf

    "OpenStack 使用 Linux Bridge+VXLAN 模式的网络变化与分析" OpenStack 是一个开源的云计算平台,提供了丰富的网络功能,以满足不同的应用场景。其中,Neutron 是 OpenStack 的网络组件,负责管理和维护网络资源。...

    手动搭建分布式Openstack Mitaka vxlan模式

    手动搭建分布式Openstack Mitaka vxlan模式。。。。。。

    openstack使用openvswitch实现vxlan的方法

    openstack使用openvswitch实现vxlan,分享给大家,具体如下: openstack环境: 1 版本:ocata 2 系统:ubuntu16.04.2 3 控制节点 1个 + 计算节点 1个 4 控制节点网卡为ens33,ip = 172.171.5.200 ens34 manual模式 ...

    浅谈openstack中使用linux_bridge实现vxlan网络

    在探讨OpenStack中使用Linux Bridge实现VXLAN网络的过程中,我们将涉及以下几个方面的知识点: 1. OpenStack环境部署和网络组件 OpenStack版本为ocata,系统采用Ubuntu 16.04.2,部署了一个控制节点和一个计算节点...

    手动搭建分布式OpenStack Ocata vxlan模式

    本文章为手工搭建的openstack 一、环境准备 1. 前提准备 安装vmware workstation12.5.0,虚拟出三台配置至少CPU 4c MEM 4G的虚拟机 Controller节点和Compute节点配置: CPU:4c MEM:4G Disk:200G Network: 3 (eth0 ...

    CentOS6.3下制作可以在OpenStack运行的Linux系统模版

    CentOS6.3下制作可以在OpenStack运行的Linux系统模版

    OpenStack Days China 2016 UnitedStack王为:VXLAN在OpenStack企业网实践

    该文档来自OpenStack Days China 2016。UnitedStack有云高级软件工程师王为发表的题为“VXLAN在OpenStack企业网实践” 的主题演讲,欢迎下载!

    Openstack linux网桥的知识

    Linux网桥在OpenStack云计算平台中的应用是一项重要的网络虚拟化技术。在OpenStack中,网桥被用来桥接物理网络接口和虚拟机,或者多个虚拟机之间的网络通信。理解Linux网桥的原理和工作机制对于深入理解OpenStack的...

    Linux云计算教程之openstack

    同时,了解云计算的基本概念,如虚拟化技术(如KVM)、网络模型(如VXLAN)和分布式存储原理,将有助于深入理解和操作OpenStack。 在实际应用中,OpenStack可以与许多其他开源工具集成,如Docker容器、Kubernetes...

    109-VXLAN 概念(Part II)1

    VXLAN,全称Virtual eXtensible ...在Neutron等OpenStack组件中,VXLAN被广泛用于构建大规模、灵活的云网络环境。在后续的学习中,我们会深入探讨如何在Neutron中配置和应用VXLAN,以实现虚拟网络的动态管理和扩展。

    openstack install guid for Linux,CentOS,Fedora

    OpenStack Installation Guide for Red Hat Enterprise Linux, CentOS, and Fedora: The OpenStack® system consists of several key projects that you install separately but that work together depending on ...

    云计算OpenStack技术云数据库中心与运维

    OpenStack是一个开源的云计算管理平台项目,是一系列软件开源项目的组合。由NASA(美国国家航空航天局)和Rackspace合作研发并发起,以Apache许可证(Apache软件基金会发布的一个...

    openstack-neutron-linuxbridge-13.0.7-1.el7.noarch.rpm

    官方离线安装包,测试可用。使用rpm -ivh [rpm完整包名] 进行安装

    151-制作 OpenStack Linux 镜像1

    本篇主要讲述了如何制作和定制Linux镜像,以适应OpenStack环境。 首先,对于OpenStack的新手来说,了解Glance是非常重要的。Glance是OpenStack的镜像服务,它负责存储、检索和管理虚拟机镜像。在OpenStack中,我们...

    OpenStack 软硬件支持

    Ubuntu是最早支持OpenStack的Linux发行版之一,从11.04版本开始,Ubuntu提供了官方的OpenStack云镜像和工具,简化了OpenStack的部署和管理。 在网络服务领域,思科系统的加入为OpenStack带来了强大的网络功能。思科...

    linux云计算教程之openstack

    【标题】"Linux云计算教程之OpenStack"是一个针对Linux运维人员设计的学习资源,旨在深入探讨OpenStack在云计算领域的应用和管理。OpenStack是一个开源的云计算平台,它提供了一整套工具来构建和管理私有云、公有云...

Global site tag (gtag.js) - Google Analytics