第一次可链接openstack中实例

第一次配置成功openstack，值得记录一下。

基本按照docs.openstack.org/diablo/openstack-compute/admin/content/sample-nova-configuration-files.html上面的教程来的，不过切忌一点，修改nova.conf过后一定要重启所有服务，否则整个系统会崩溃。

nova.conf:

--dhcpbridge_flagfile=/etc/nova/nova.conf

--dhcpbridge=/usr/bin/nova-dhcpbridge

--logdir=/var/log/nova

--state_path=/var/lib/nova

--lock_path=/var/lock/nova

--flagfile=/etc/nova/nova-compute.conf

--force_dhcp_release=True

--use_deprecated_auth

--daemonize=1

--image_service=nova.image.glance.GlanceImageService

--verbose

--ec2_host=http://192.168.1.110

--osapi_host=http://192.168.1.110

--s3_host=192.168.1.110

--rabbit_host=192.168.1.110

--fixed_range=172.16.0.0/16

--network_host=192.168.1.110

--network_size=8

--glance_api_servers=192.168.1.110:9292

--routing_source_ip=192.168.1.110

--sql_connection=mysql://nova:nova4881539@192.168.1.110/nova  

--ec2_url=http://192.168.1.110:8773/services/Cloud

--libvirt_type=kvm

--bridge_interface=br100

--flat_network_bridge=br100

/etc/network/interfaces

auto lo 

iface lo inet loopback

auto br100

iface br100 inet static 

address 192.168.1.110

network 192.168.1.0

netmask 255.255.255.0

broadcast 192.168.1.255

gateway 192.168.1.1

bridge_ports eth0 

bridge_stp off

bridge_fd 0

bridge_maxwait 0

#auto eth0 

#iface eth0 inet static

#address 192.168.1.112

#network 192.168.1.0

novarc

NOVARC=$(readlink -f "${BASH_SOURCE:-${0}}"2>/dev/null) ||

    NOVARC=$(python -c'import os,sys; printos.path.abspath(os.path.realpath(sys.argv[1]))'"${BASH_SOURCE:-${0}}")

#NOVA_KEY_DIR=${NOVARC%/*}

NOVA_KEY_DIR="/root/creds/"

exportEC2_ACCESS_KEY="a79cca2e-ab63-4223-8a1a-187664c7e477:project1"

exportEC2_SECRET_KEY="f612c170-4b52-4d9c-bd6f-564a9c360549"

exportEC2_URL="http://192.168.1.110:8773/services/Cloud"

export S3_URL="http://192.168.1.110:3333"

export EC2_USER_ID=42 # nova does not use user id, butbundling requires it

export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem

export EC2_CERT=${NOVA_KEY_DIR}/cert.pem

export NOVA_CERT=${NOVA_KEY_DIR}/cacert.pem

export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seemsto require this set

alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT}--privatekey ${EC2_PRIVATE_KEY} --user 42 --ec2cert${NOVA_CERT}"

alias ec2-upload-bundle="ec2-upload-bundle -a${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert${NOVA_CERT}"

exportNOVA_API_KEY="a79cca2e-ab63-4223-8a1a-187664c7e477"

export NOVA_USERNAME="xuriwuyun"

export NOVA_PROJECT_ID="project1"

export NOVA_URL="http://192.168.1.110:8774/v1.1/"

export NOVA_VERSION="1.1"

现在能ssh上虚拟机，但是外网没连上

ifconfig

br100     Linkencap:Ethernet  HWaddr 02:16:3e:4a:5b:e1 

         inet addr:172.16.0.1 Bcast:172.16.0.255 Mask:255.255.255.0

         inet6 addr:fe80::1a03:73ff:fec1:3c89/64 Scope:Link

         UP BROADCAST RUNNINGMULTICAST  MTU:1500 Metric:1

         RX packets:716 errors:0dropped:0 overruns:0 frame:0

         TX packets:1062 errors:0dropped:0 overruns:0 carrier:0

         collisions:0txqueuelen:0 

         RX bytes:522200 (522.2 KB) TX bytes:165315 (165.3 KB)

eth0     Link encap:Ethernet  HWaddr18:03:73:c1:3c:89  

         inet6 addr:fe80::1a03:73ff:fec1:3c89/64 Scope:Link

         UP BROADCAST RUNNINGMULTICAST  MTU:1500 Metric:1

         RX packets:472 errors:0dropped:0 overruns:0 frame:0

         TX packets:798 errors:0dropped:0 overruns:0 carrier:0

         collisions:0txqueuelen:1000 

         RX bytes:498054 (498.0 KB) TX bytes:133774 (133.7 KB)

         Interrupt:20Memory:e1a00000-e1a20000 

lo       Link encap:Local Loopback 

         inet addr:127.0.0.1 Mask:255.0.0.0

         inet6 addr: ::1/128Scope:Host

         UP LOOPBACK RUNNING MTU:16436  Metric:1

         RX packets:14812 errors:0dropped:0 overruns:0 frame:0

         TX packets:14812 errors:0dropped:0 overruns:0 carrier:0

         collisions:0txqueuelen:0 

         RX bytes:12772285 (12.7 MB) TX bytes:12772285 (12.7 MB)

virbr0    Linkencap:Ethernet  HWaddr 46:04:b8:bd:70:1d 

         inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0

         UP BROADCAST RUNNINGMULTICAST  MTU:1500 Metric:1

         RX packets:0 errors:0dropped:0 overruns:0 frame:0

         TX packets:35 errors:0dropped:0 overruns:0 carrier:0

         collisions:0txqueuelen:0 

         RX bytes:0 (0.0 B) TX bytes:4627 (4.6 KB)

vlan100   Link encap:Ethernet HWaddr 02:16:3e:4a:5b:e1  

         inet6 addr:fe80::16:3eff:fe4a:5be1/64 Scope:Link

         UP BROADCAST RUNNINGMULTICAST  MTU:1500 Metric:1

         RX packets:0 errors:0dropped:0 overruns:0 frame:0

         TX packets:670 errors:0dropped:106 overruns:0 carrier:0

         collisions:0txqueuelen:0 

         RX bytes:0 (0.0 B) TX bytes:108685 (108.6 KB)

vnet0     Linkencap:Ethernet  HWaddr fe:16:3e:6a:da:0a 

         inet6 addr:fe80::fc16:3eff:fe6a:da0a/64 Scope:Link

         UP BROADCAST RUNNINGMULTICAST  MTU:1500 Metric:1

         RX packets:291 errors:0dropped:0 overruns:0 frame:0

         TX packets:617 errors:0dropped:0 overruns:0 carrier:0

         collisions:0txqueuelen:500 

         RX bytes:38442 (38.4 KB) TX bytes:85236 (85.2 KB)

当ssh实例出现如下错误时：

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOSTIDENTIFICATION HAS CHANGED!    @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now(man-in-the-middle attack)!

It is also possible that a host key has just beenchanged.

The fingerprint for the RSA key sent by the remote hostis

8e:95:e5:55:3f:e6:6f:6d:76:06:00:b8:72:ad:42:c4.

Please contact your system administrator.

Add correct host key in /root/.ssh/known_hosts to get rid ofthis message.

Offending RSA key in /root/.ssh/known_hosts:1

  remove with: ssh-keygen -f"/root/.ssh/known_hosts" -R 172.16.0.3

RSA host key for 172.16.0.3 has changed and you have requestedstrict checking.

Host key verification failed.

执行 ssh-keygen -f "/root/.ssh/known_hosts" -R 172.16.0.3