openstack试验（linux vxlan）

yum install centos-release-openstack-liberty -y
yum upgrade -y
yum install python-openstackclient openstack-selinux -y 
#openstack命令用到的
cat /etc/hosts
127.0.0.1       localhost
192.168.139.70  xcontroller
192.168.139.71  xcompute

yum install mariadb mariadb-server MySQL-python -y
----------
/etc/my.cnf.d/mariadb_openstack.cnf
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8



# systemctl enable mariadb.service
# systemctl start mariadb.service




yum install rabbitmq-server -y

systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

rabbitmqctl add_user openstack haoning
rabbitmqctl set_permissions openstack ".*" ".*" ".*"




GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 BEGIN◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
■■■■■■■■■■■■■■■■■■keystone begin■■■■■■■■■■■■■■■■■■■■■■■■■■

CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'xcontroller' IDENTIFIED BY 'haoning';

flush privileges;



yum install openstack-keystone httpd mod_wsgi memcached python-memcached -y
systemctl enable memcached.service
systemctl start memcached.service

------------------
/etc/keystone/keystone.conf
[DEFAULT]
admin_token = ADMIN_TOKEN
verbose = True
[database]
connection = mysql://keystone:haoning@xcontroller/keystone
[memcache]
servers = xcontroller:11211
[token]
provider = uuid
driver = memcache
[revoke]
driver = sql


su -s /bin/sh -c "keystone-manage db_sync" keystone

-----------------
/etc/httpd/conf/httpd.conf
ServerName xcontroller

----------
/etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
    </Directory>
</VirtualHost>

systemctl enable httpd.service
systemctl start httpd.service


export OS_TOKEN=ADMIN_TOKEN
export OS_URL=http://xcontroller:35357/v3
export OS_IDENTITY_API_VERSION=3

openstack service create  --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region wuhan identity public http://xcontroller:5000/v2.0
openstack endpoint create --region wuhan identity internal http://xcontroller:5000/v2.0
openstack endpoint create --region wuhan identity admin http://xcontroller:35357/v2.0

openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password haoning admin
openstack role create admin
openstack role add --project admin --user admin admin


openstack project create --domain default --description "Service Project" service
#这个干啥用了？
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password haoning demo
openstack role create user
openstack role add --project demo --user demo user

---------------
###一下这段不使用也行 begin
/usr/share/keystone/keystone-dist-paste.ini
#For security reasons, disable the temporary authentication token mechanism:
#Edit the /usr/share/keystone/keystone-dist-paste.ini file and remove admin_token_auth from the [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] sections.
###一下这段不使用也行 end

unset OS_TOKEN OS_URL

openstack --os-auth-url http://xcontroller:35357/v3  --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue
openstack --os-auth-url http://xcontroller:5000/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name demo --os-username demo --os-auth-type password token issue



----------
[root@xcontroller ~]# cat admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=haoning
export OS_AUTH_URL=http://xcontroller:35357/v3
export OS_IDENTITY_API_VERSION=3
[root@xcontroller ~]# cat demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=haoning
export OS_AUTH_URL=http://xcontroller:5000/v3
export OS_IDENTITY_API_VERSION=3
[root@xcontroller ~]#

source admin-openrc.sh
openstack token issue
openstack user list


■■■■■■■■■■■■■■■■■■keystone end■■■■■■■■■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■glance begin■■■■■■■■■■■■■■■■■■■■■■■■■■

CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost'  IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'glance'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;

openstack user create --domain default --password haoning glance
openstack role add --project service --user glance admin

openstack service create --name glance --description "OpenStack Image service" image
openstack endpoint create --region wuhan image public http://xcontroller:9292
openstack endpoint create --region wuhan image internal http://xcontroller:9292
openstack endpoint create --region wuhan image admin http://xcontroller:9292

yum install openstack-glance python-glance python-glanceclient -y



-------------------
/etc/glance/glance-api.conf
[database]
connection = mysql://glance:haoning@xcontroller/glance
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = haoning

[paste_deploy]
flavor = keystone

#Comment out or remove any other options in the [keystone_authtoken] section.
[glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[DEFAULT]
notification_driver = noop
verbose = True

-----------------------
/etc/glance/glance-registry.conf
[database]
connection = mysql://glance:haoning@xcontroller/glance
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = haoning
[paste_deploy]
flavor = keystone
#Comment out or remove any other options in the [keystone_authtoken] section
[DEFAULT]
notification_driver = noop
verbose = True

su -s /bin/sh -c "glance-manage db_sync" glance

systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service

echo "export OS_IMAGE_API_VERSION=2"  | tee -a admin-openrc.sh demo-openrc.sh
source admin-openrc.sh
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare  --visibility public --progress
$ glance image-list

■■■■■■■■■■■■■■■■■■glance end■■■■■■■■■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■nova begin■■■■■■■■■■■■■■■■■■■■■■■■■■
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;


openstack user create --domain default --password haoning nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region wuhan compute public http://xcontroller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region wuhan compute internal http://xcontroller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region wuhan compute admin http://xcontroller:8774/v2/%\(tenant_id\)s

yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient -y

---------------------------
/etc/nova/nova.conf
[database]
connection = mysql://nova:haoning@xcontroller/nova
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning

[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = haoning

#Comment out or remove any other options in the [keystone_authtoken] section.
[DEFAULT]
my_ip = 192.168.139.70
[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
host = xcontroller
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[DEFAULT]
enabled_apis=osapi_compute,metadata
[DEFAULT]
verbose = True

su -s /bin/sh -c "nova-manage db sync" nova

systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service


◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 BEGIN◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
yum install openstack-nova-compute sysfsutils -y

----------/etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning

[DEFAULT]
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = haoning
#Comment out or remove any other options in the [keystone_authtoken] section.

[DEFAULT]
my_ip = 192.168.139.71
#Replace MANAGEMENT_INTERFACE_IP_ADDRESS with the IP address of the management network interface on your compute node, typically 10.0.0.31 for the first node in the example architecture.
[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://xcontroller:6080/vnc_auto.html
#If the web browser to access remote consoles resides on a host that cannot resolve the controller hostname, you must replace controller with the management interface IP address of the controller node.

[glance]
host = xcontroller

[oslo_concurrency]
lock_path = /var/lib/nova/tmp


[DEFAULT]
verbose = True

[libvirt]
#virt_type = qemu

systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service


nova service-list
nova endpoints
nova hypervisor-stats
nova image-list

◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆



■■■■■■■■■■■■■■■■■■nova end■■■■■■■■■■■■■■■■■■■■■■■■■■

■■■■■■■■■■■■■■■■■■neutron begin■■■■■■■■■■■■■■■■■■■■■■■■■■
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;

openstack user create --domain default --password haoning neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region wuhan network public http://xcontroller:9696
openstack endpoint create --region wuhan network internal http://xcontroller:9696
openstack endpoint create --region wuhan network admin http://xcontroller:9696

★★★★★★★★★★Networking Option 2: Self-service networks begin★★★★★★★★★★★★★★★
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset -y

-----------------------
/etc/neutron/neutron.conf
[database]
connection = mysql://neutron:haoning@xcontroller/neutron
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True

[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning

[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
#Comment out or remove any other options in the [keystone_authtoken] section.

[DEFAULT]
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://xcontroller:8774/v2

[nova]
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = nova
password = haoning

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

[DEFAULT]
verbose = True


-------------------------
/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
[ml2]
tenant_network_types = vxlan
[ml2]
mechanism_drivers = linuxbridge,l2population
[ml2]
extension_drivers = port_security
[ml2_type_flat]
flat_networks = public
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = True

--------------
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eth0

#physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
#Replace PUBLIC_INTERFACE_NAME with the name of the underlying physical public network interface.

[vxlan]
enable_vxlan = True
local_ip = 192.168.139.70
l2_population = True

#local_ip = OVERLAY_INTERFACE_IP_ADDRESS
#Replace OVERLAY_INTERFACE_IP_ADDRESS with the IP address of the underlying physical network interface that handles overlay networks. T
#he example architecture uses the management interface to tunnel traffic to the other nodes. Therefore, replace OVERLAY_INTERFACE_IP_ADDRESS with each node’s own management IP address.

[agent]
prevent_arp_spoofing = True

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

--------------------------------------------
/etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
#The external_network_bridge option intentionally lacks a value to enable multiple external networks on a single agent.
[DEFAULT]
verbose = True

-----------------
/etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[DEFAULT]
verbose = True
[DEFAULT]
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf


----------------
echo  "dhcp-option-force=26,1450" > /etc/neutron/dnsmasq-neutron.conf



★★★★★★★★★★Networking Option 2: Self-service networks end★★★★★★★★★★★★★★★

---------------------
/etc/neutron/metadata_agent.ini
[DEFAULT]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_region = wuhan
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
####★★★★★★★★★★★★★★去掉其他的配置，在这里有一堆
# Show debugging output in log (sets DEBUG log level output)
# debug = True
# The Neutron user information for accessing the Neutron API.
#auth_url = http://localhost:5000/v2.0
#auth_region = RegionOne
## Turn off verification of the certificate for ssl
## auth_insecure = False
## Certificate Authority public key (CA cert) file for ssl
## auth_ca_cert =
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%


[DEFAULT]
nova_metadata_ip = xcontroller

[DEFAULT]
metadata_proxy_shared_secret = METADATA_SECRET

[DEFAULT]
verbose = True

----------------------
/etc/nova/nova.conf
[neutron]
url = http://xcontroller:9696
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = neutron
password = haoning

service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET


####Finalize installation
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

systemctl restart openstack-nova-api.service

systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service

neutron agent-list

◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 begin◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
-------------------------------
/etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit

[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning

[DEFAULT]
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
#★★★★★★有一些多余的东西需要去掉

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

[DEFAULT]
verbose = True

-------------------
/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = public:eth0

#Replace PUBLIC_INTERFACE_NAME with the name of the underlying physical public network interface.

[vxlan]
enable_vxlan = True
local_ip = 192.168.139.71
l2_population = True

#Replace OVERLAY_INTERFACE_IP_ADDRESS with the IP address of the underlying physical network interface that handles overlay networks.
#The example architecture uses the management interface to tunnel traffic to the other nodes. Therefore, replace OVERLAY_INTERFACE_IP_ADDRESS with each node’s own management IP address.

[agent]
prevent_arp_spoofing = True

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver


-------------/etc/nova/nova.conf
[neutron]
url = http://xcontroller:9696
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = neutron
password = haoning


systemctl restart openstack-nova-compute.service

systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service

neutron ext-list
neutron agent-list


◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 end◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆


■■■■■■■■■■■■■■■■■■neutron end■■■■■■■■■■■■■■■■■■■■■■■■■■
补丁：
https://review.openstack.org/#/c/258493/1/neutron/agent/linux/ip_lib.py


#---建立一个vm
########public#########
neutron net-create public --shared --provider:physical_network public --provider:network_type flat

#neutron subnet-create public PUBLIC_NETWORK_CIDR --name public --allocation-pool start=START_IP_ADDRESS,end=END_IP_ADDRESS --dns-nameserver DNS_RESOLVER --gateway PUBLIC_NETWORK_GATEWAY

neutron subnet-create public 192.168.142.0/20 --name public --allocation-pool start=192.168.142.180,end=192.168.142.200 --dns-nameserver 8.8.4.4 --gateway 192.168.128.1


###########private######################
neutron net-create private

#neutron subnet-create private PRIVATE_NETWORK_CIDR --name private --dns-nameserver DNS_RESOLVER --gateway PRIVATE_NETWORK_GATEWAY
neutron subnet-create private 172.16.1.0/24 --name private --dns-nameserver 8.8.4.4 --gateway 172.16.1.1

#Add the router: external option to the public provider network:
neutron net-update public --router:external
neutron router-create router
neutron router-list

neutron router-interface-add router private
neutron router-gateway-set router public
ip netns
neutron router-port-list router
ping -c 4  192.168.142.181



ssh-keygen -q -N ""
nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey
nova keypair-list

nova secgroup-list
nova  secgroup-list-rules default
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

nova flavor-list
nova image-list
neutron net-list
nova secgroup-list

#nova boot --flavor m1.tiny --image cirros --nic net-id=PRIVATE_NET_ID --security-group default --key-name mykey private-instance
#nova boot --flavor m1.tiny --image cirros --nic net-id=c273f3dc-a567-4e4a-8473-0ecaa3587ec7 --security-group default --key-name mykey private-instance
nova list

#Add security group rules

nova boot --flavor m1.tiny --image cirros --nic net-id=c273f3dc-a567-4e4a-8473-0ecaa3587ec7 --security-group default --key-name mykey private-instance
nova list
nova get-vnc-console private-instance novnc

neutron floatingip-create public

nova floating-ip-associate private-instance  192.168.142.182

ssh [email protected]

不用密码登陆

http://docs.openstack.org/liberty/install-guide-rdo/launch-instance-private.html