在学习Openstack之前我们首选需要搭建一个实验环境,这里我们使用官网推荐的方式安装搭建librty版本实验环境。
实验环境
- OS:
- Centos 7.2
- 安装组件:
- keystone
- glance
- nova
- cinder
- neutron
- lbaas
- 服务器配置:
- 控制节点:
- 主机名: openstack-controller
- ip: 192.168.33.9
- cpu: 1 core
- mem: 4G
- 硬盘: 20G 系统盘
- 计算节点(存储节点):
- 主机名: openstack-compute
- ip: 192.168.33.8
- cpu:2 core
- mem: 8G
- 硬盘: 20G系统盘 + 100G存储盘
- 控制节点:
实验步骤:
1. 环境初始化
1.1 为所有节点配置Openstack Yum源
为了提高部署效率,这里我们配置本地搭建的openstack yum源码,如何搭建本地yum源请参考使用cobbler搭建本地openstack liberty yum源
cat > /etc/yum.repos.d/openstak-liberty.repo << EOF
[openstakc-liberty]
name="openstack liberty local repo"
baseurl=http://192.168.33.5/cobbler/repo_mirror/openstack-liberty/
enabled=1
gpgcheck=0
EOF
yum clean all && yum makecache
1.2 创建安装节点文件
注意和服务配置对应
mkdir -p /home/fbo/tools/
cd /home/fbo/tools/
cat > install_hosts << EOF
CONTROLLER="openstack-controller"
CONTROLLER_IP=192.168.33.9
COMPUTE="openstack-compute"
COMPUTE_IP=192.168.33.8
EOF
1.3 配置各节点的主机名解析
echo -e "192.168.33.9\topenstack-controller\n192.168.33.8\topenstack-compute" >> /etc/hosts
1.4 打通各个节点之间的ssh通道
ssh-keygen
ssh-copy-id <hosts>
2.开始安装
将“openstack-controller.sh“和”openstack-compute.sh“脚本放入”/home/fbo/tool
s“目录中,执行bash openstack-controller.sh
完成一键式安装。脚本内容如下:
- openstack-controller.sh
#!/usr/bin/bash
function gather_pw(){
echo "DATABASE_PASS=`openssl rand -hex 10`" >> o_password
echo "ADMIN_PASS=`openssl rand -hex 10`" >> o_password
echo "CEILOMETER_DBPASS=`openssl rand -hex 10`" >> o_password
echo "CEILOMETER_PASS=`openssl rand -hex 10`" >> o_password
echo "CINDER_DBPASS=`openssl rand -hex 10`" >> o_password
echo "CINDER_PASS=`openssl rand -hex 10`" >> o_password
echo "DASH_DBPASS=`openssl rand -hex 10`" >> o_password
echo "DEMO_PASS=`openssl rand -hex 10`" >> o_password
echo "GLANCE_DBPASS=`openssl rand -hex 10`" >> o_password
echo "GLANCE_PASS=`openssl rand -hex 10`" >> o_password
echo "HEAT_DBPASS=`openssl rand -hex 10`" >> o_password
echo "HEAT_DOMAIN_PASS=`openssl rand -hex 10`" >> o_password
echo "HEAT_PASS=`openssl rand -hex 10`" >> o_password
echo "KEYSTONE_DBPASS=`openssl rand -hex 10`" >> o_password
echo "NEUTRON_DBPASS=`openssl rand -hex 10`" >> o_password
echo "NEUTRON_PASS=`openssl rand -hex 10`" >> o_password
echo "NOVA_DBPASS=`openssl rand -hex 10`" >> o_password
echo "NOVA_PASS=`openssl rand -hex 10`" >> o_password
echo "RABBIT_PASS=`openssl rand -hex 10`" >> o_password
echo "SWIFT_PASS=`openssl rand -hex 10`" >> o_password
}
function cfg_ntp(){
rpm -qa | grep chrony &>/dev/null || yum install chrony -y
sed -i "/^#allow/a\allow 192.168.33.0\/24" /etc/chrony.conf
systemctl enable chronyd
systemctl start chronyd
timedatectl set-timezone Asia/Shanghai
echo ok > /tmp/cfg_ntp.done
}
function install_database(){
yum install mariadb mariadb-server MySQL-python -y
cat > /etc/my.cnf << EOF
[client]
port = 3306
socket = /var/lib/mysql/mysql.sock
[mysqld]
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
log-error = /var/log/mariadb/mariadb.log
port = 3306
socket = /var/lib/mysql/mysql.sock
skip-external-locking
key_buffer_size = 16M
max_allowed_packet = 1M
table_open_cache = 64
sort_buffer_size = 512K
net_buffer_length = 8K
read_buffer_size = 256K
read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M
log-bin=mysql-bin
binlog_format=mixed
server-id = 1
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
[myisamchk]
key_buffer_size = 20M
sort_buffer_size = 20M
read_buffer = 2M
write_buffer = 2M
[mysqlhotcopy]
interactive-timeout
EOF
systemctl enable mariadb.service
systemctl start mariadb.service
mysqladmin -uroot password $DATABASE_PASS
mysql -uroot -p$DATABASE_PASS -e "drop database test;"
mysql -uroot -p$DATABASE_PASS -e "delete from mysql.user where host <> 'localhost'"
mysql -uroot -p$DATABASE_PASS -e "select user,host,password from mysql.user;"
mysql -uroot -p$DATABASE_PASS -e "grant all privileges on *.* to 'root'@'%' identified by \"$DATABASE_PASS\";flush privileges;"
echo ok > /tmp/install_database.done
}
function install_rabbit(){
yum install rabbitmq-server -y
# 设置开机启动
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service # rabbitmq端口是5672
# 添加openstack用户
rabbitmqctl add_user openstack $RABBIT_PASS
# 给 openstack 用户配置写和读权限:
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
# 查看rabbitmq所有插件,打开web管理插件
# rabbitmq-plugins list
rabbitmq-plugins enable rabbitmq_management
systemctl restart rabbitmq-server.service # web界面监听15672,默认用户密码:guest/guest
echo ok > /tmp/install_rabbit.done
}
function install_keystone(){
my="mysql -uroot -p$DATABASE_PASS -e "
$my "create database keystone;"
$my "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY \"$KEYSTONE_DBPASS\";"
$my "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY \"$KEYSTONE_DBPASS\";"
yum install -y openstack-keystone httpd mod_wsgi \
memcached python-memcached
systemctl enable memcached.service
systemctl start memcached.service
file="/etc/keystone/keystone.conf"
set_file="openstack-config --set $file"
$set_file DEFAULT admin_token $ADMIN_PASS
$set_file database connection mysql://keystone:$KEYSTONE_DBPASS@$CONTROLLER/keystone
$set_file memcache servers localhost:11211
$set_file token provider uuid
$set_file token driver memcache
$set_file revoke driver sql
$set_file DEFAULT verbose True
# 配置apache服务
sed -i "s,^#ServerName.*80$,ServerName $CONTROLLER:80,g" /etc/httpd/conf/httpd.conf
## 创建文件 /etc/httpd/conf.d/wsgi-keystone.conf
cat > /etc/httpd/conf.d/wsgi-keystone.conf << EOF
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
EOF
# 启动apache服务
systemctl enable httpd.service
systemctl start httpd.service
su -s /bin/sh -c "keystone-manage db_sync" keystone
echo ok > /etc/install_keystone.done
}
function init_endpoint(){
# 配置认证令牌
export OS_TOKEN=$ADMIN_PASS
export OS_URL=http://$CONTROLLER:35357/v3
export OS_IDENTITY_API_VERSION=3
# 为身份认证服务创建服务实体
openstack service create --name keystone --description "OpenStack Identity" identity
## 身份认证服务管理了一个与您环境相关的 API 端点的目录。
## 服务使用这个目录来决定如何与您环境中的其他服务进行通信。
## OpenStack使用三个API端点变种代表每种服务:admin,internal和public。
openstack endpoint create --region RegionOne identity public http://$CONTROLLER:5000/v2.0
openstack endpoint create --region RegionOne identity internal http://$CONTROLLER:5000/v2.0
openstack endpoint create --region RegionOne identity admin http://$CONTROLLER:35357/v2.0
# 创建admin管理的项目、用户和角色:
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password $ADMIN_PASS admin
openstack role create admin
openstack role add --project admin --user admin admin
# 创建service项目:
openstack project create --domain default --description "Service Project" service
# 创建 demo 项目和用户 user。
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password $DEMO_PASS demo
openstack role create user
openstack role add --project demo --user demo user # 添加user角色到demo项目和用户:
# check
unset OS_TOKEN OS_URL
check_v=`openstack --os-auth-url http://$CONTROLLER:35357/v3 \
--os-project-domain-id default \
--os-user-domain-id default \
--os-project-name admin \
--os-username admin \
--os-auth-type password \
--os-password $ADMIN_PASS token issue | wc -l`
if [[ $check_v -ne 0 ]];then echo ok > /tmp/init_endpoint.done;fi
}
function create_client_env(){
cat > admin-openrc.sh << EOF
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=$ADMIN_PASS
export OS_AUTH_URL=http://$CONTROLLER:35357/v3
export OS_IDENTITY_API_VERSION=3
EOF
cat > demo-openrc.sh << EOF
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=$DEMO_PASS
export OS_AUTH_URL=http://$CONTROLLER:5000/v3
export OS_IDENTITY_API_VERSION=3
EOF
echo ok > /tmp/create_client_env.done
}
function install_glance(){
# 创建数据库
mysql -uroot -p$GLANCE_DBPASS -e "show database;" || {
mysql -uroot -p$DATABASE_PASS -e "create database glance;"
mysql -uroot -p$DATABASE_PASS -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY \"$GLANCE_DBPASS\";"
mysql -uroot -p$DATABASE_PASS -E "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY \"$GLANCE_DBPASS\"";
}
# 创建服务认证信息
source admin-openrc.sh
openstack user create --domain default --password $GLANCE_PASS glance
openstack role add --project service --user glance admin
openstack service create --name glance \
--description "OpenStack Image service" image
openstack endpoint create --region RegionOne \
image public http://$CONTROLLER:9292
openstack endpoint create --region RegionOne \
image internal http://$CONTROLLER:9292
openstack endpoint create --region RegionOne \
image admin http://$CONTROLLER:9292
# 安装并配置组件
yum install openstack-glance python-glance python-glanceclient
set_file="openstack-config --set /etc/glance/glance-api.conf "
$set_file database connection mysql://glance:$GLANCE_DBPASS@$CONTROLLER/glance
$set_file keystone_authtoken auth_uri http://$CONTROLLER:5000
$set_file keystone_authtoken auth_url http://$CONTROLLER:35357
$set_file keystone_authtoken auth_plugin password
$set_file keystone_authtoken project_domain_id default
$set_file keystone_authtoken user_domain_id default
$set_file keystone_authtoken project_name service
$set_file keystone_authtoken username glance
$set_file keystone_authtoken password $GLANCE_PASS
$set_file paste_deploy flavor keystone
$set_file glance_store default_store file
$set_file glance_store filesystem_store_datadir /var/lib/glance/images/
$set_file DEFAULT notification_driver noop
$set_file DEFAULT verbose True
function setfile(){
openstack-config --set /etc/glance/glance-registry.conf $1 $2 $3
}
setfile database connection mysql://glance:$GLANCE_DBPASS@$CONTROLLER/glance
setfile keystone_authtoken auth_uri http://$CONTROLLER:5000
setfile keystone_authtoken auth_url http://$CONTROLLER:35357
setfile keystone_authtoken auth_plugin password
setfile keystone_authtoken project_domain_id default
setfile keystone_authtoken user_domain_id default
setfile keystone_authtoken project_name service
setfile keystone_authtoken username glance
setfile keystone_authtoken password $GLANCE_PASS
setfile paste_deploy flavor keystone
setfile DEFAULT notification_driver noop
setfile DEFAULT verbose True
# 同步数据库
check_db=`mysql -uroot -p$GLANCE_DBPASS -s glance -e "show tables;" | wc -l`
[ $check_db -eq 0 ] && su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
systemctl start openstack-glance-api.service \
openstack-glance-registry.service
# 验证操作
echo "export OS_IMAGE_API_VERSION=2" \
| tee -a admin-openrc.sh demo-openrc.sh
source admin-openrc.sh
which wget &> /dev/null || yum install -y wget
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
glance image-create --name "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--visibility public --progress
glance image-list
echo ok > /tmp/install_glance.done
}
function install_nova(){
# 创建数据库
mysql -uroot -p$DATABASE_PASS -e "create database nova;";
mysql -uroot -p$DATABASE_PASS -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY \"$NOVA_DBPASS\";";
mysql -uroot -p$DATABASE_PASS -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY \"$NOVA_DBPASS\";";
# 创建认证管理信息
source admin-openrc.sh
openstack user create --domain default --password $NOVA_PASS nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "Openstack Compute" compute
openstack endpoint create --region RegionOne \
compute public http://$CONTROLLER:8774/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute internal http://$CONTROLLER:8774/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute admin http://$CONTROLLER:8774/v2/%\(tenant_id\)s
# 安装配置nova
yum install openstack-nova-api openstack-nova-cert \
openstack-nova-conductor openstack-nova-console \
openstack-nova-novncproxy openstack-nova-scheduler \
python-novaclient -y
set_file="openstack-config --set /etc/nova/nova.conf"
$set_file database connection mysql://nova:$NOVA_DBPASS@$CONTROLLER/nova
$set_file DEFAULT rpc_backend rabbit
$set_file oslo_messaging_rabbit rabbit_host $CONTROLLER
$set_file oslo_messaging_rabbit rabbit_userid openstack
$set_file oslo_messaging_rabbit rabbit_password $RABBIT_PASS
$set_file DEFAULT auth_strategy keystone
$set_file keystone_authtoken auth_uri http://$CONTROLLER:5000
$set_file keystone_authtoken auth_url http://$CONTROLLER:35357
$set_file keystone_authtoken auth_plugin password
$set_file keystone_authtoken project_domain_id default
$set_file keystone_authtoken user_domain_id default
$set_file keystone_authtoken project_name service
$set_file keystone_authtoken username nova
$set_file keystone_authtoken password $NOVA_PASS
$set_file DEFAULT my_ip $CONTROLLER_IP
$set_file DEFAULT network_api_class nova.network.neutronv2.api.API
$set_file DEFAULT security_group_api neutron
$set_file DEFAULT linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
$set_file DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
$set_file vnc vncserver_listen \$my_ip
$set_file vnc vncserver_proxyclient_address \$my_ip
$set_file glance host $CONTROLLER_IP
$set_file oslo_concurrency lock_path /var/lib/nova/tmp
$set_file DEFAULT enabled_apis osapi_compute,metadata
$set_file DEFAULT verbose True
# 同步数据库
su -s /bin/sh -c "nova-manage db sync" nova
# 启动nova服务
systemctl enable openstack-nova-api.service \
openstack-nova-cert.service openstack-nova-consoleauth.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-cert.service openstack-nova-consoleauth.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service
echo ok > /tmp/install_nova.done
}
function install_neutron(){
function hehe(){
# 数据库
mysql -uroot -p$DATABASE_PASS -e "create database neutron;";
mysql -uroot -p$DATABASE_PASS -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY \"$NEUTRON_DBPASS\";";
mysql -uroot -p$DATABASE_PASS -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY \"$NEUTRON_DBPASS\";";
# 认证信息
source admin-openrc.sh
openstack user create --domain default --password $NEUTRON_PASS neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron \
--description "OpenStack Networking" network
openstack endpoint create --region RegionOne \
network public http://$CONTROLLER:9696
openstack endpoint create --region RegionOne \
network internal http://$CONTROLLER:9696
openstack endpoint create --region RegionOne \
network admin http://$CONTROLLER:9696
# 安装neutron软件包
yum install -y openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge python-neutronclient ebtables ipset
}
function set_cfg(){
openstack-config --set /etc/neutron/neutron.conf $1 $2 $3
}
sed -i "/^[a-z]/d" /etc/neutron/neutron.conf
set_cfg DEFAULT verbose True
set_cfg DEFAULT core_plugin ml2
set_cfg DEFAULT service_plugins router
set_cfg DEFAULT auth_strategy keystone
set_cfg DEFAULT notify_nova_on_port_status_changes True
set_cfg DEFAULT notify_nova_on_port_data_changes True
set_cfg DEFAULT nova_url http://$CONTROLLER:8774/v2
set_cfg DEFAULT rpc_backend rabbit
set_cfg keystone_authtoken uth_uri http://$CONTROLLER:5000
set_cfg keystone_authtoken auth_url http://$CONTROLLER:35357
set_cfg keystone_authtoken auth_plugin password
set_cfg keystone_authtoken project_domain_id default
set_cfg keystone_authtoken user_domain_id default
set_cfg keystone_authtoken project_name service
set_cfg keystone_authtoken username neutron
set_cfg keystone_authtoken password $NEUTRON_PASS
set_cfg database connection mysql://neutron:$NEUTRON_DBPASS@$CONTROLLER/neutron
set_cfg nova auth_url http://$CONTROLLER:35357
set_cfg nova auth_plugin password
set_cfg nova project_domain_id default
set_cfg nova user_domain_id default
set_cfg nova region_name RegionOne
set_cfg nova project_name service
set_cfg nova username nova
set_cfg nova password $NOVA_PASS
set_cfg oslo_concurrency lock_path /var/lib/neutron/tmp
set_cfg oslo_messaging_rabbit rabbit_host $CONTROLLER
set_cfg oslo_messaging_rabbit rabbit_userid openstack
set_cfg oslo_messaging_rabbit rabbit_password $RABBIT_PASS
function set_ml2(){
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini $1 $2 $3
}
set_ml2 ml2 type_drivers flat,vlan,gre,vxlan,geneve
set_ml2 ml2 tenant_network_types vlan,gre,vxlan,geneve
set_ml2 ml2 mechanism_drivers linuxbridge,openvswitch
set_ml2 ml2 extension_drivers port_security
set_ml2 ml2_type_flat flat_networks physnet1
set_ml2 securitygroup enable_ipset True
function set_br(){
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini $1 $2 $3
}
set_br linux_bridge physical_interface_mappings physnet1:eth0
set_br vxlan enable_vxlan False
set_br securitygroup enable_security_group True
set_br securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
set_dhcp(){
openstack-config --set /etc/neutron/dhcp_agent.ini $1 $2 $3
}
set_dhcp DEFAULT verbose True
set_dhcp DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
set_dhcp DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
set_dhcp DEFAULT enable_isolated_metadata true
set_meta(){
openstack-config --set /etc/neutron/metadata_agent.ini $1 $2 $3
}
sed -i "/^[a-z]/d" /etc/neutron/metadata_agent.ini
set_meta DEFAULT verbose True
set_meta DEFAULT auth_uri http://$CONTROLLER:5000
set_meta DEFAULT auth_url http://$CONTROLLER:35357
set_meta DEFAULT auth_region RegionOne
set_meta DEFAULT auth_plugin password
set_meta DEFAULT project_domain_id default
set_meta DEFAULT user_domain_id default
set_meta DEFAULT project_name service
set_meta DEFAULT username neutron
set_meta DEFAULT password $NEUTRON_PASS
set_meta DEFAULT nova_metadata_ip $CONTROLLER_IP
set_meta DEFAULT metadata_proxy_shared_secret metadata
function set_nova(){
openstack-config --set /etc/nova/nova.conf $1 $2 $3
}
set_nova neutron url http://$CONTROLLER:9696
set_nova neutron auth_url http://$CONTROLLER:35357
set_nova neutron auth_plugin password
set_nova neutron project_domain_id default
set_nova neutron user_domain_id default
set_nova neutron region_name RegionOne
set_nova neutron project_name service
set_nova neutron username neutron
set_nova neutron password $NEUTRON_PASS
set_nova neutron service_metadata_proxy True
set_nova neutron metadata_proxy_shared_secret metadata
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage \
--config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
echo ok > /tmp/install_neutron.done
}
function install_horizon(){
yum install openstack-dashboard -y
sed -i "s/^OPENSTACK_HOST.*/OPENSTACK_HOST = \"$CONTROLLER\"/g" \
/etc/openstack-dashboard/local_settings
sed -i "s/^ALLOWED_HOSTS.*/ALLOWED_HOSTS = \['\*'\,]/g" \
/etc/openstack-dashboard/local_settings
sed -i "/^\ *'BACKEND'/a\ \t'LOCATION': '$CONTROLLER:11211'," \
/etc/openstack-dashboard/local_settings
sed -i "s/^OPENSTACK_KEYSTONE_DEFAULT_ROLE.*/OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"user\"/g" \
/etc/openstack-dashboard/local_settings
sed -i "/OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT.*/a OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True" \
/etc/openstack-dashboard/local_settings
sed -i "/OPENSTACK_API_VERSIONS/i OPENSTACK_API_VERSIONS = {\n\t\"identity\": 3,\n\t\"volume\": 2,\n}" \
/etc/openstack-dashboard/local_settings
sed -i "s/^TIME_ZONE.*/TIME_ZONE = \"Asia\/Shanghai\"/g" \
/etc/openstack-dashboard/local_settings
systemctl enable httpd.service memcached.service
systemctl restart httpd.service memcached.service
echo ok > /tmp/install_horizon.done
}
function install_cinder(){
# 数据库
function initdb(){
mysql -uroot -p$DATABASE_PASS \
-e "create database cinder;"
mysql -uroot -p$DATABASE_PASS \
-e "grant all privileges on cinder.* to 'cinder'@'localhost' identified by '$CINDER_DBPASS';"
mysql -uroot -p$DATABASE_PASS \
-e "grant all privileges on cinder.* to 'cinder'@'%' identified by '$CINDER_DBPASS';"
}
mysql -ucinder -p$CINDER_DBPASS -s cinder -e "show tables;" &> /dev/null || initdb
# 认证信息
source admin-openrc.sh
function auth(){
openstack user create --domain default --password $CINDER_PASS cinder
openstack role add --project service --user cinder admin
openstack service create --name cinder \
--description "OpenStack Block Storage" volume
openstack service create --name cinderv2 \
--description "OpenStack Block Storage" volumev2
openstack endpoint create --region RegionOne \
volume public http://$CONTROLLER:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
volume internal http://$CONTROLLER:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
volume admin http://$CONTROLLER:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
volumev2 public http://$CONTROLLER:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
volumev2 internal http://$CONTROLLER:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
volumev2 admin http://$CONTROLLER:8776/v2/%\(tenant_id\)s
}
openstack endpoint list | grep cinder || auth
# 安装软件
yum install -y openstack-cinder python-cinderclient
# cinder配置
function set_cfg(){
openstack-config --set /etc/cinder/cinder.conf $1 $2 $3
}
## 配置数据连接
set_cfg database connection mysql://cinder:$CINDER_DBPASS@$CONTROLLER/cinder
## 配置消息队列
set_cfg DEFAULT rpc_backend rabbit
set_cfg oslo_messaging_rabbit rabbit_host $CONTROLLER
set_cfg oslo_messaging_rabbit rabbit_userid openstack
set_cfg oslo_messaging_rabbit rabbit_password $RABBIT_PASS
## 配置认证服务
set_cfg DEFAULT auth_strategy keystone
set_cfg keystone_authtoken auth_uri http://$CONTROLLER:5000
set_cfg keystone_authtoken auth_url http://$CONTROLLER:35357
set_cfg keystone_authtoken auth_plugin password
set_cfg keystone_authtoken project_domain_id default
set_cfg keystone_authtoken user_domain_id default
set_cfg keystone_authtoken project_name service
set_cfg keystone_authtoken username cinder
set_cfg keystone_authtoken password $CINDER_PASS
## 杂项
set_cfg DEFAULT my_ip $CONTROOLER_IP
set_cfg oslo_concurrency lock_path /var/lib/cinder/tmp
set_cfg DEFAULT verbose True
# 同步数据库
check_db=`mysql -ucinder -p$CINDER_DBPASS -s cinder -e "show tables;" | wc -l`
if [[ $check_db -eq 0 ]]
then
su -s /bin/sh -c "cinder-manage db sync" cinder
fi
# 配置nova节点使用cinder服务
openstack-config --set /etc/nova/nova.conf cinder os_region_name RegionOne
systemctl restart openstack-nova-api
# 启动cinder服务
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
echo ok > /tmp/install_cinder.done
}
function install_lbaas(){
yum install openstack-neutron-lbaas python-neutron-lbaas haproxy -y
openstack-config --set /etc/neutron/lbaas_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router,lbaas
systemctl restart neutron-server
systemctl enable neutron-lbaas-agent
systemctl start neutron-lbaas-agent
echo ok > /tmp/install_lbaas.done
}
cat o_password &> /dev/null || gather_pw
source o_password
source install_hosts
cat /tmp/cfg_ntp.done &> /dev/null || cfg_ntp
cat /tmp/install_database.done &> /dev/null || install_database
cat /tmp/install_rabbit.done &> /dev/null || install_rabbit
which openstack-config &> /dev/null || yum install -y openstack-utils
cat /tmp/install_keystone.done &> /dev/null || install_keystone
which openstack &> /dev/null || yum install -y python-openstackclient
cat /tmp/init_endpoint.done &> /dev/null|| init_endpoint
cat /tmp/create_client_env.done &> /dev/null || create_client_env
cat /tmp/install_glance.done &> /dev/null || install_glance
cat /tmp/install_nova.done &> /dev/null || install_nova
cat /tmp/install_neutron.done &> /dev/null || install_neutron
cat /tmp/install_horizon.done &> /dev/null || install_horizon
cat /tmp/install_cinder.done &> /dev/null || install_cinder
cat /tmp/install_lbaas.done &> /dev/null || install_lbaas
rsync -avrz ./* $COMPUTE:/home/fbo/tools/
ssh $COMPUTE "which openstack-config &> /dev/null || yum install -y openstack-utils"
ssh $COMPUTE bash -x /home/fbo/tools/openstack-compute.sh
- openstack-compute.sh
#!/usr/bin/bash
set -e
sh_dir=/home/fbo/tools/
cd $sh_dir
source o_password
source install_hosts
function c-cfg_ntp(){
rpm -qa | grep chrony &>/dev/null || yum install chrony -y
sed -i -e '1,/^#server/{/^#server/i\server\t$CONTROLLER\tiburst' -e'}' /etc/chrony.conf
systemctl enable chronyd.service
systemctl start chronyd.service
timedatectl set-timezone Asia/Shanghai
echo ok > /tmp/c-cfg_ntp.done
}
function c-install_nova(){
yum install openstack-nova-compute sysfsutils -y
function set_file(){
openstack-config --set /etc/nova/nova.conf $1 $2 $3
}
set_file DEFAULT rpc_backend rabbit
set_file oslo_messaging_rabbit rabbit_host $CONTROLLER
set_file oslo_messaging_rabbit rabbit_userid openstack
set_file oslo_messaging_rabbit rabbit_password $RABBIT_PASS
set_file DEFAULT auth_strategy keystone
set_file keystone_authtoken auth_uri http://$CONTROLLER:5000
set_file keystone_authtoken auth_url http://$CONTROLLER:35357
set_file keystone_authtoken auth_plugin password
set_file keystone_authtoken project_domain_id default
set_file keystone_authtoken user_domain_id default
set_file keystone_authtoken project_name service
set_file keystone_authtoken username nova
set_file keystone_authtoken password $NOVA_PASS
set_file DEFAULT my_ip $COMPUTE_IP
set_file DEFAULT network_api_class nova.network.neutronv2.api.API
set_file DEFAULT security_group_api neutron
set_file DEFAULT linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
set_file DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
set_file vnc enabled True
set_file vnc vncserver_listen 0.0.0.0
set_file vnc vncserver_proxyclient_address \$my_ip
set_file vnc novncproxy_base_url http://$CONTROLLER:6080/vnc_auto.html
set_file glance host $CONTROLLER
set_file oslo_concurrency lock_path /var/lib/nova/tmp
set_file DEFAULT verbose True
if [ `grep -Ec "(vmx|svm)" /proc/cpuinfo` -eq 0 ]
then
set_file libvirt virt_type qemu
fi
# 启动服务
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
echo ok > /tmp/c-install_nova.done
}
function c-install_neutron(){
yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset -y
rsync -avrz root@$CONTROLLER:/etc/neutron/neutron.conf /etc/neutron/
rsync -avrz root@$CONTROLLER:/etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/
rsync -avrz root@$CONTROLLER:/etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
chown root:neutron /etc/neutron/plugins/ml2/*
function set_nova(){
openstack-config --set /etc/nova/nova.conf $1 $2 $3
}
set_nova neutron url http://$CONTROLLER:9696
set_nova neutron auth_url http://$CONTROLLER:35357
set_nova neutron auth_plugin password
set_nova neutron project_domain_id default
set_nova neutron user_domain_id default
set_nova neutron region_name RegionOne
set_nova neutron project_name service
set_nova neutron username neutron
set_nova neutron password $NEUTRON_PASS
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
echo ok > /tmp/c-install_neutron.done
}
function c-install_cinder(){
dev1=`lsblk | grep -E "^.db" | cut -d " " -f1`
yum install lvm2 -y
systemctl enable lvm2-lvmetad
systemctl start lvm2-lvmetad
pvcreate /dev/$dev1
vgcreate cinder-volumes /dev/$dev1
sed -i "/^devices/a \ filter = [\"a/$dev1/\", \"r/\.\*\/\"]" /etc/lvm/lvm.conf | grep -C1 "^devices"
yum install openstack-cinder targetcli python-oslo-policy -y
rsync -avrz $CONTROLLER:/etc/cinder/cinder.conf /etc/cinder/
openstack-config --set /etc/cinder/cinder.conf DEFAULT glance_api_servers http://$CONTROLLER:9292
openstack-config --set /etc/cinder/cinder.conf DEFAULT glance_api_servers http://$CONTROLLER:9292
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip $COMPUTE_IP
openstack-config --set /etc/cinder/cinder.conf lvm volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
openstack-config --set /etc/cinder/cinder.conf lvm volume_group cinder-volumes
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_protocol iscsi
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_helper lioadm
systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service
source admin-openrc.sh
cinder service-list | grep cinder-volume1 && echo ok > /tmp/c-install_cinder.done
}
cat /tmp/c-cfg_ntp.done &> /dev/null || c-cfg_ntp
cat /tmp/c-install_nova.done &> /dev/null || c-install_nova
cat /tmp/c-install_neutron.done &> /dev/null || c-install_neutron
cat /tmp/c-install_cinder.done &> /dev/null || c-install_cinder