7:一步一步部署一个openstack集群
7.1 openstack基础架构
image.png
7.1:准备环境
image.png
注意:主机之间相互host解析
7.1.1 时间同步
#服务端,controller节点
vim /etc/chrony.conf
allow 10.0.0.0/24
systemctl restart chronyd
#客户端,compute1节点
vim /etc/chrony.conf
server 10.0.0.11 iburst
systemctl restart chronyd
验证:同时执行date
7.1.2:配置yum源,并安装客户端
#所有节点
#配置过程:
cd /opt/
rz -E
tar xf openstack_ocata_rpm.tar.gz
cd /etc/yum.repos.d/
mv *.repo /tmp
mv /tmp/CentOS-Base.repo .
vi openstack.repo
[openstack]
name=openstack
baseurl=file:///opt/repo
enable=1
gpgcheck=0
#验证:
yum clean all yum install python-openstackclient -y
7.1.3:安装数据库
#控制节点
yum install mariadb mariadb-server python2-PyMySQL -y
##openstack所有组件使用python开发,openstack在连接数据库需要用到python2-PyMySQL模块
#修改mariadb配置文件
vi /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
#启动数据库
systemctl start mariadb
systemctl enable mariadb
#数据库安全初始化
mysql_secure_installation
回车n
一路y
7.1.3 安装消息队列rabbitmq
#控制节点
#安装消息队列
yum install rabbitmq-server
#启动rabbitmq
systemctl start rabbitmq-server.service
systemctl enable rabbitmq-server.service
#在rabbitmq创建用户
rabbitmqctl add_user openstack 123456
#为刚创建的openstack授权
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
7.1.4 安装memcache缓存
#控制节点
#安装memcache
yum install memcached python-memcached -y
##python-memcached是python连接memcache的模块插件
#配置
vim /etc/sysconfig/memcached
##修改最后一行
OPTIONS="-l 0.0.0.0"
#启动服务
systemctl start memcached
systemctl enable memcached
7.2 安装keystone服务
#创库授权
##登录
mysql
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';
#安装keystone服务
yum install openstack-keystone httpd mod_wsgi -y
##httpd配合mod_wsgi插件调用python项目
#修改keystone配置文件
cp /etc/keystone/keystone.conf{,.bak}
grep -Ev '^$|#' /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf
#完整配置文件如下:
[root@controller ~]# vi /etc/keystone/keystone.conf
[DEFAULT]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[cors.subdomain]
[credential]
[database]
connection = mysql+pymysql://keystone:123456@controller/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[kvs]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[paste_deploy] [policy]
[profiler]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[signing]
[token]
provider = fernet
[tokenless_auth]
[trust]
#校验md5
md5sum /etc/keystone/keystone.conf
85d8b59cce0e4bd307be15ffa4c0cbd6 /etc/keystone/keystone.conf
#同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
##切到普通用户下,使用指定的shell执行某一条命令
##检查数据是否同步成功
mysql keystone -e 'show tables;'|wc -l
#初始化令牌凭据
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
#初始化keystone身份认证服务
keystone-manage bootstrap --bootstrap-password 123456 \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
#配置httpd
#小优化
echo "ServerName controller" >>/etc/httpd/conf/httpd.conf
#在httpd下添加keystone站点配置文件
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
#启动httpd等效于keystone
systemctl start httpd
systemctl enable httpd
#声明环境变量
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
#验证keystone是否正常
openstack user list
#创建service的项目
openstack project create --domain default \
--description "Service Project" service
#修改/root/.bashrc文件
vi /root/.bashrc
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
7.3 安装glance服务
功能:管理镜像模板机
1:创库授权
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ IDENTIFIED BY '123456';
2:keystone上创建用户,关联角色
openstack user create --domain default --password 123456
glance openstack role add --project service --user glance admin
3:keystone上创建服务,注册api地址
openstack service create --name glance \
--description "OpenStack Image" image
openstack endpoint create --region RegionOne \
image public http://controller:9292
openstack endpoint create --region RegionOne \
image internal http://controller:9292
openstack endpoint create --region RegionOne \
image admin http://controller:9292
4:安装服务软件包
yum install openstack-glance -y
5:修改配置文件(连接数据库,keystone授权)
##glance-api 上传下载删除
##glance-registry 修改镜像的属性 x86 根分区大小
#修改glance-api配置文件
cp /etc/glance/glance-api.conf{,.bak}
grep -Ev '^$|#' /etc/glance/glance-api.conf.bak >/etc/glance/glance-api.conf
vim /etc/glance/glance-api.conf
[DEFAULT]
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://glance:123456@controller/glance
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[image_format]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456
[matchmaker_redis]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]
##校验
md5sum /etc/glance/glance-api.conf
a42551f0c7e91e80e0702ff3cd3fc955 /etc/glance/glance-api.conf
##修改glance-registry.conf配置文件
cp /etc/glance/glance-registry.conf{,.bak}
grep -Ev '^$|#' /etc/glance/glance-registry.conf.bak >/etc/glance/glance-registry.conf
vim /etc/glance/glance-registry.conf
[DEFAULT]
[database]
connection = mysql+pymysql://glance:123456@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456
[matchmaker_redis]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
##校验
md5sum /etc/glance/glance-registry.conf
5b28716e936cc7a0ab2a841c914cd080 /etc/glance/glance-registry.conf
6:同步数据库(创表)
su -s /bin/sh -c "glance-manage db_sync" glance
mysql glance -e 'show tables;'|wc -l
7:启动服务
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
#验证端口
netstat -lntup|grep -E '9191|9292'
8:命令行上传镜像
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
##验证
ll /var/lib/glance/images/
#或
openstack image list
7.4 安装nova服务
7.4.1 控制节点安装nova服务
1:创库授权
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \ IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \ IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \ IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \ IDENTIFIED BY '123456';
2:keystone上创建用户,关联角色
openstack user create --domain default --password 123456 nova
openstack role add --project service --user nova admin
#placement 追踪云主机的资源使用具体情况
openstack user create --domain default --password 123456 placement
openstack role add --project service --user placement admin
3:keystone上创建服务,http访问地址(api地址)
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
4:安装服务软件包
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api -y
5:修改配置文件(连接数据库,keystone授权)
#修改nova配置文件
vim /etc/nova/nova.conf
[DEFAULT]
##启动nova服务api和metadata的api
enabled_apis = osapi_compute,metadata
##连接消息队列rabbitmq
transport_url = rabbit://openstack:123456@controller
my_ip = 10.0.0.11
#启动neutron网络服务,禁用nova内置防火墙
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[api_database]
connection = mysql+pymysql://nova:123456@controller/nova_api
[barbican]
[cache]
[cells]
[cinder]
[cloudpipe]
[conductor]
[console]
[consoleauth]
[cors]
[cors.subdomain]
[crypto]
[database]
connection = mysql+pymysql://nova:123456@controller/nova
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://controller:9292
[guestfs]
[healthcheck]
[hyperv]
[image_file_url]
[ironic]
[key_manager]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123456
[libvirt]
[matchmaker_redis]
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[pci]
#追踪虚拟机使用资源情况
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = 123456
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[ssl]
[trusted_computing]
[upgrade_levels]
[vendordata_dynamic_auth]
[vmware]
#vnc的连接信息
[vnc]
enabled = true
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[workarounds]
[wsgi]
[xenserver]
[xvp]
#修改httpd配置文件
vi /etc/httpd/conf.d/00-nova-placement-api.conf
在16行</VirtualHost>这一行上面增加以下内容
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
#重启
httpd systemctl restart httpd
6:同步数据库(创表)
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
#检查
nova-manage cell_v2 list_cells
7:启动服务
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
#检查
openstack compute service list
7.4.2计算节点安装nova服务
1:安装
yum install openstack-nova-compute -y
2:配置
#修改配置文件/etc/nova/nova.conf
vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:123456@controller
my_ip = 10.0.0.31
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api] auth_strategy = keystone
[api_database]
[barbican]
[cache]
[cells]
[cinder]
[cloudpipe]
[conductor]
[console]
[consoleauth]
[cors]
[cors.subdomain]
[crypto] [database]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://controller:9292
[guestfs]
[healthcheck]
[hyperv]
[image_file_url]
[ironic]
[key_manager]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123456
[libvirt]
[matchmaker_redis]
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[pci] [placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = 123456
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[ssl]
[trusted_computing]
[upgrade_levels]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[workarounds]
[wsgi]
[xenserver]
[xvp]
3:启动
systemctl start libvirtd openstack-nova-compute.service
systemctl enable libvirtd openstack-nova�compute.service
4:控制节点上验证
openstack compute service list
5:在控制节点上
发现计算节点:
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
7.5 安装neutron服务
7.5.1 在控制节点上安装neutron服务
1:创库授权
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'NEUTRON_DBPASS';
2:keystone上创建用户,关联角色
openstack user create --domain default --password NEUTRON_PASS neutron
openstack role add --project service --user neutron admin
3:keystone上创建服务,http访问地址(api地址)
openstack service create --name neutron \
--description "OpenStack Networking" network
openstack endpoint create --region RegionOne \
network public http://controller:9696
openstack endpoint create --region RegionOne \
network internal http://controller:9696
openstack endpoint create --region RegionOne \
network admin http://controller:9696
4:安装服务软件包
选择网络选项1
yum install openstack-neutron openstack-neutron-ml2 \ openstack-neutron-linuxbridge ebtables -y
5:修改配置文件(连接数据库,keystone授权)
#修改neutron.conf
vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[agent]
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[keystone_authtoken]
auth_uri = [http://controller:5000](http://controller:5000)
auth_url = [http://controller:35357](http://controller:35357)
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
[matchmaker_redis]
[nova]
auth_url = [http://controller:35357](http://controller:35357)
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123456
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[qos]
[quotas]
[ssl]
##修改ml2_conf.ini
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[DEFAULT]
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_geneve]
[ml2_type_gre]
[ml2_type_vlan]
[ml2_type_vxlan]
[securitygroup]
enable_ipset = true
##编辑linuxbridge_agent.ini
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT
[agent]
[linux_bridge]
physical_interface_mappings = provider:eth0
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = false
##编辑dhcp_agent.ini
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
[agent]
[ovs]
##编辑
vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
[agent]
[cache]
####编辑控制节点。nova配置文件
vim /etc/nova/nova.conf
[neutron]
url = [http://controller:9696](http://controller:9696)
auth_url = [http://controller:35357](http://controller:35357)
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
#再次验证控制节点nova配置文件
md5sum /etc/nova/nova.conf
2c5e119c2b8a2f810bf5e0e48c099047 /etc/nova/nova.conf
6:同步数据库(创表)
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
7:启动服务
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl restart neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
#验证方法
openstack network agent list
7.5.2 在计算节点上安装neutron服务
1:安装
yum install openstack-neutron-linuxbridge ebtables ipset
2:配置
#修改neutron.conf
vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
[agent]
[cors]
[cors.subdomain]
[database]
[keystone_authtoken]
auth_uri = [http://controller:5000](http://controller:5000)
auth_url = [http://controller:35357](http://controller:35357)
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
[matchmaker_redis]
[nova]
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[qos]
[quotas]
[ssl]
##linux_agent配置文件
scp -rp 10.0.0.11:/etc/neutron/plugins/ml2/linuxbridge_agent.ini
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
##在计算节点上,再次修改nova.conf
vim /etc/nova/nova.conf
[neutron]
url = [http://controller:9696](http://controller:9696)
auth_url = [http://controller:35357](http://controller:35357)
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
#校验
md5sum /etc/nova/nova.conf
91cc8aa0f7e33d7b824301cc894e90f1 /etc/nova/nova.conf
3:启动
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
7.6 安装dashboard服务
计算节点安装dashboard
1:安装
yum install openstack-dashboard -y
2:配置
rz local_settings
cat local_settings >/etc/openstack-dashboard/local_settings
3:启动
systemctl start httpd
4: 访问dashboard
访问:http://10.0.0.31/dashboard
image.png
image.png
7.7 启动一台云主机
#创建网络
neutron net-create --shared --provider:physical_network provider --
provider:network_type flat WAN
neutron subnet-create --name subnet-wan --allocation-pool \
start=10.0.0.100,end=10.0.0.200 --dns-nameserver 223.5.5.5 \
--gateway 10.0.0.254 WAN 10.0.0.0/24
#创建硬件配置方案
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
#上传秘钥对
ssh-keygen -q -N "" -f ~/.ssh/id_rsa
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
#安全组开放ping和ssh
openstack security group rule create --proto icmp default
openstack security group rule create --proto tcp --dst-port 22 default
网友评论