openstack-L版安裝

時間 2019-11-24

標籤 openstack 安裝简体版

原文原文鏈接

參照官方install document：
http://docs.openstack.org/liberty/install-guide-rdo/html

實驗環境：
centos7.2
橋接： 192.168.1.71 主機名：computer computer節點
nat：
橋接：192.168.1.72 主機名：controller controller節點
nat：python

1、基礎配置：（兩臺機器多要配置）mysql

關閉selinux和iptables：
setenforce 0linux

iptables -F
iptables -t nat -F
systemctl stop firewalld
systemctl disable firewalldsql

systemctl stop NetworkManager
systemctl disable NetworkManagermongodb

設置主機名、hosts文件解析等數據庫

時間同步：controller上安裝ntp服務：
yum install -y chrony
vim /etc/chrony.conf
allow 192.168.1.0/24django

systemctl enable chronyd.service
systemctl start chronyd.service
#監聽端口 udp123 json

compute上：做爲時間服務器的客戶端
yum install -y chrony
vim /etc/chrony.conf
server controller iburstvim

systemctl enable chronyd.service
systemctl start chronyd.service

使用dhclient網卡獲取ip：
dhclient eno33554976
#下次使用dhclient時須要kill掉dhclient

#重啓網卡命令：
systemctl restart network.service

準備阿里源、epel源：
yum install -y centos-release-openstack-liberty
yum upgrade
init 6

安裝openstack 客戶端和openstack-selinux
yum install -y python-openstackclient openstack-selinux

2、配置安裝openstack前的基礎依賴服務：

controller節點：

安裝mysql：
yum install -y mariadb mariadb-server MySQL-python

寫入配置文件：
vi /etc/my.cnf.d/mariadb_openstack.cnf
[mysqld]
bind-address = 192.168.1.72
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
啓動mariadb：
systemctl enable mariadb.service
systemctl start mariadb.service

設置root密碼
mysql_secure_installation
設置root密碼爲 123456
mysql -uroot -p123456

安裝nosql數據庫被Telemetry service用到：
這裏咱們安裝的是mongodb爲例
yum install -y mongodb-server mongodb

編輯配置文件
vim /etc/mongod.conf
bind_ip = 192.168.1.72
smallfiles = true

啓動服務
systemctl enable mongod.service
systemctl start mongod.service

安裝消息隊列：（端口5672）

rabbitmq消息隊列服務在openstack中起到很是關鍵的做用，它比如是一個交通樞紐，各個組件之間的通訊由它來完成。
yum install -y rabbitmq-server

啓動rabbitmq-server服務
systemctl enable rabbitmq-server
systemctl start rabbitmq-server

添加openstack用戶（rabbitmq的用戶）
rabbitmqctl add_user openstack 123456
#密碼 123456 用戶名爲openstack

爲openstack用戶受權
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
#容許openstack用戶能夠配置，能夠寫，能夠讀

3、安裝openstack：

controller節點：

安裝keystone：

tenants 租戶（租房子的人能夠租不少個房子）
user 用戶（租房子的人）
role 角色（房子的類型）
Endpoint 服務（）
Credential 用戶身份證
Authentication 認證過程
Token 鑰匙

登錄mysql，建立keystone數據庫：
mysql -uroot -p123456
>create database keystone;
>GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
>GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';

安裝相應的軟件包：
yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached

啓動memcached服務
systemctl enable memcached.service
systemctl start memcached.service

編輯keystone配置文件
vi /etc/keystone/keystone.conf
[DEFAULT]
admin_token = 123456
verbose = true #調試模式
[database]
connection = mysql://keystone:keystone@controller/keystone
#用戶名：密碼@主機名/庫名
[memcache]
servers = localhost:11211
[token]
provider = uuid
driver = memcache
[revoke]
driver = sql

導入keystone相關的數據：
su -s /bin/sh -c "keystone-manage db_sync" keystone
#這裏會有個提示 No handlers could be found for logger "oslo_config.cfg" 忽略它，不影響

檢查有沒有正常導入數據：
mysql -ukeystone -pkeystone -hcontroller -t keystone -e "show tables"

配置httpd：
先編輯配置文件 /etc/httpd/conf/httpd.conf
ServerName controller

編輯配置文件
vim /etc/httpd/conf.d/wsgi-keystone.conf

Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>

啓動httpd：
systemctl enable httpd.service
systemctl start httpd.service

建立服務實例：

首先設置環境變量：
export OS_TOKEN=123456
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3

檢查環境變量：
echo $OS_IDENTITY_API_VERSION

建立服務實例
openstack service create --name keystone --description "OpenStack Identity" identity

建立端點
openstack endpoint create --region RegionOne identity public http://controller:5000/v2.0
openstack endpoint create --region RegionOne identity internal http://controller:5000/v2.0
openstack endpoint create --region RegionOne identity admin http://controller:35357/v2.0

建立admin租戶
openstack project create --domain default --description "Admin Project" admin

建立admin用戶（密碼爲12345六、要輸入的）
openstack user create --domain default --password-prompt admin

建立admin角色
openstack role create admin

給admin租戶和用戶賦予admin的角色
openstack role add --project admin --user admin admin

建立一個service 租戶（後面用到）
openstack project create --domain default --description "Service Project" service

建立demo租戶
openstack project create --domain default --description "Demo Project" demo

建立demo用戶（密碼1234567）
openstack user create --domain default --password-prompt demo

建立角色user
openstack role create user

給demo租戶和demo用戶賦予demo角色
openstack role add --project demo --user demo user

驗證admin用戶和demo用戶是否能正常登錄：
首先作一個安全設置：
vi /usr/share/keystone/keystone-dist-paste.ini
#搜索admin_token_auth
#從[pipeline:public_api], [pipeline:admin_api]和[pipeline:api_v3]中，
#把admin_token_auth去掉
#例如把
#pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service
#改成
#pipeline = sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension user_crud_extension public_service

取消環境變量OS_TOKEN和OS_URL
unset OS_TOKEN OS_URL

而後再登錄admin和demo用戶（密碼12345六、1234567）
openstack --os-auth-url http://controller:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name demo --os-username demo --os-auth-type password token issue

建立admin用戶變量：
vim admin.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
執行腳本
source admin.sh
申請認證令牌
openstack token issue

建立demo用戶變量：
vim demo.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=1234567
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
執行腳本
source demo.sh
申請認證令牌
openstack token issue

glance安裝：

管理鏡像的一個組件，咱們用鏡像來安裝操做系統。
glance支持讓用戶本身管理自定義鏡像。

建立glance庫和用戶
mysql -uroot -p123456
> CREATE database glance;
> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';

執行 admin-openrc.sh 腳本
source admin.sh

建立glance用戶（密碼爲123456）
openstack user create --domain default --password-prompt glance

給glance用戶和service租戶賦予admin角色
openstack role add --project service --user glance admin

建立glance服務實體
openstack service create --name glance --description "OpenStack Image service" image

建立image服務api 端點
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292

安裝glance：
yum install -y openstack-glance python-glance python-glanceclient

編輯配置文件
vim /etc/glance/glance-api.conf
[database]
connection = mysql://glance:glance@controller/glance
# 用戶名：密碼@主機名/庫名
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = 123456
[paste_deploy]
flavor = keystone
[glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[DEFAULT]
notificaction_driver = noop
verbose=True

編輯配置文件
vim /etc/glance/glance-registry.conf
[DEFAULT]
notificaction_driver = noop
verbose=True
[database]
connection = mysql://glance:glance@controller/glance
# 用戶名：密碼@主機名/庫名

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = 123456
[paste_deploy]
flavor = keystone

同步glance數據庫數據
su -s /bin/sh -c "glance-manage db_sync" glance
#進入數據庫檢查是否同步

啓動服務
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service

添加環境變量(在兩個用戶的環境變量腳本中追加了一條)
echo "export OS_IMAGE_API_VERSION=2" | tee -a admin.sh demo.sh

執行admin.sh
source admin.sh

下載鏡像
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

把剛剛下載的鏡像上傳到鏡像服務中心
glance image-create --name "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--visibility public --progress

鏡像目錄：（這個文件的名字和id是一致的。）
/var/lib/glance/images/

查看鏡像：
glance image-list

安裝nova：

建立nova庫，並建立nova用戶
mysql -uroot -p123456
> CREATE DATABASE nova;
> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';

初始化環境變量
source admin.sh

建立nova用戶密碼爲 123456
openstack user create --domain default --password-prompt nova

添加admin角色到nova用戶
openstack role add --project service --user nova admin

建立nova服務實例
openstack service create --name nova --description "OpenStack Compute" compute

建立api端點
openstack endpoint create --region RegionOne compute public http://controller:8774/v2/%$tenant_id$s
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2/%$tenant_id$s
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2/%$tenant_id$s

安裝nova組件：
yum install openstack-nova-api openstack-nova-cert \
openstack-nova-conductor openstack-nova-console \
openstack-nova-novncproxy openstack-nova-scheduler python-novaclient -y

編輯配置文件
vim /etc/nova/nova.conf
[database]
connection = mysql://nova:nova@controller/nova
[DEFAULT]
rpc_backend=rabbit
my_ip=192.168.1.72
auth_strategy=keystone
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
enabled_apis=osapi_compute,metadata
verbose=true
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = 123456
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 123456
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
host = controller
[oslo_concurrency]
lock_path = /var/lib/nova/tmp

同步數據建立nova庫
su -s /bin/sh -c "nova-manage db sync" nova

啓動服務
systemctl enable openstack-nova-api.service \
openstack-nova-cert.service openstack-nova-consoleauth.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service

systemctl start openstack-nova-api.service \
openstack-nova-cert.service openstack-nova-consoleauth.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service

computer節點：

使用以下命令檢查你的機器cpu是否支持虛擬化
egrep -c '(vmx|svm)' /proc/cpuinfo

若是不支持須要修改配置文件：
vim /etc/nova/nova.conf
[libvirt]
virt_type = qemu

安裝nova-compute包
yum install -y openstack-nova-compute sysfsutils

編輯配置文件
vim /etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 192.168.1.71
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
verbose=true
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 123456
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = 123456
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
host = controller
[oslo_concurrency]
lock_path = /var/lib/nova/tmp

啓動服務
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service

controller節點：

執行腳本
source admin.sh

列出服務組件
nova service-list
共有5個：nova-consoleauth nova-conductor nova-scheduler nova-cert nova-compute

列出api端點，
nova endpoints
一共有9組： nova三組，glance三組，keystone三組
若是有提示
WARNING: nova has no endpoint in ! Available endpoints for this service:
能夠忽略掉，也能夠編輯 admin.sh 增長一行 export OS_REGION_NAME=RegionOne

列出鏡像
nova image-list

controller節點：

安裝network：

Networking又叫作Neutron，是Openstack必不可少的組件，它實際上是網絡虛擬化的實現工具，可讓咱們模擬出路由器、交換機、網卡等網絡設備。
Neutron支持兩種網絡模式，
第一種是很是簡單的網絡架構，它僅支持是讓實例鏈接外網，不支持自定義網絡、路由器以及浮動ip。只有管理員或者受權的用戶有權限去管理網絡。
第二種網絡功能比較強大，支持自定義網絡管理，支持自建路由器而且也支持浮動ip。即便沒有受權的用戶也能夠管理網絡，支持用戶本身配置和管理。

建立庫、受權帳號 mysql -uroot -p123456
> CREATE DATABASE neutron;
> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';

執行腳本
source admin.sh

建立neutron用戶（密碼爲123456）
openstack user create --domain default --password-prompt neutron

把admin角色添加到neutron用戶裏
openstack role add --project service --user neutron admin

建立neutron實例
openstack service create --name neutron --description "OpenStack Networking" network

建立networking服務api終端
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696

安裝組件
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge python-neutronclient ebtables ipset

配置服務端組件
vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins =
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
verbose = True
[database]
connection = mysql://neutron:neutron@controller/neutron

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 123456

[nova]
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = 123456
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

配置ml2 插件
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = public
[securitygroup]
enable_ipset = True

編輯linux橋接agent
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eno16777736
#建立的虛擬機的橋接的網卡
[vxlan]
enable_vxlan = False
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置dhcp agent
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
verbose = True

編輯配置文件
vi /etc/neutron/metadata_agent.ini
[DEFAULT]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = 123456
nova_metadata_ip = controller
metadata_proxy_shared_secret = 123456
verbose = True
#說明：須要刪除掉配置文件裏原有的 auth_url auth_region admin_tenant_name admin_user admin_password

編輯配置文件
vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456

service_metadata_proxy = True
metadata_proxy_shared_secret = 123456

建立ml2插件配置文件建立軟鏈接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

生成數據
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

重啓compute api服務
systemctl restart openstack-nova-api.service

啓動服務
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service

computer節點：

安裝組件
yum install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset

配置普通組件
vi /etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
verbose = True
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 123456
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = 123456
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

配置linux橋接agent
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eno16777736

[vxlan]
enable_vxlan = False

[agent]
prevent_arp_spoofing = True

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置compute使用網絡
vi /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456

啓動服務
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service

controller節點：

執行環境變量腳本
source admin.sh

列出全部的擴展
neutron ext-list

列出全部agent
neutron agent-list
agent type以下：
Linux bridge agent
Linux bridge agent
DHCP agent
Metadata agent
必需要有4個，不然說明上面的某個步驟配置有問題。

controller節點：

安裝dashboard：

安裝包 yum install -y openstack-dashboard
編輯配置文件
vi /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ]
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
'LOCATION': '127.0.0.1:11211',
} }
#使用的是mamcached 不是memcached的註釋掉

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"volume": 2,
}
TIME_ZONE = "Asia/Shanghai"

重啓服務
systemctl restart httpd.service memcached.service
此時能夠去訪問了 http://controller/dashboard
使用帳號admin或者demon用戶登錄便可，域爲default

controller節點：

controller：
對象存儲：cinder

controller節點：

命令行操做：
建立實例：

建立網絡：
先中止vmwork 的dhcp服務：

執行初始化腳本
source admin.sh

建立網絡
neutron net-create public --shared --provider:physical_network public \
--provider:network_type flat

建立子網
neutron subnet-create public 192.168.1.0/24 --name public \
--allocation-pool start=192.168.1.10,end=192.168.1.30 \
--dns-nameserver 119.29.29.29 --gateway 192.168.1.1
說明：這裏的公網，其實是虛擬機用的那個網段，
咱們暫時把它做爲公網，在這裏由於涉及到dhcp服務，
會和局域網內的路由器上的dhcp服務產生衝突，因此須要先把路由器上的dhcp服務關掉。

建立key：

執行初始化腳本
source demo.sh
生成密鑰
ssh-keygen -q -N ""
nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey
驗證密鑰
nova keypair-list
增長安全組規則
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
容許ssh 訪問
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

建立虛擬機實例：

執行初始化腳本
source demo-openrc.sh
列出實例類型
nova flavor-list
列出全部鏡像
nova image-list
列出可用網絡
neutron net-list
列出安全組
nova secgroup-list
運行實例
nova boot --flavor m1.tiny --image cirros --nic net-id=PUBLIC_NET_ID \
--security-group default --key-name mykey public-instance
說明：這裏的PUBLIC_NET_ID須要替換爲可用網絡裏面public網絡的id

檢測實例狀態
nova list

使用vnc鏈接（使用下面命令能夠列出vnc的鏈接）
nova get-vnc-console public-instance novnc
#會返回一個http鏈接，在瀏覽器中打開

驗證網絡（在實例裏面）
ping -c 4 192.168.1.1
ping www.baidu.com

遠程鏈接實例首先用nova list 查看實例的ip（假如爲192.168.1.13）驗證ipping -c4 192.168.1.33遠程ssh登陸 ssh cirros@192.168.16.33