Learning Openstack Part1 搭建Openstack环境

在学习Openstack之前我们首选需要搭建一个实验环境,这里我们使用官网推荐的方式安装搭建librty版本实验环境。

实验环境

  • OS:
    • Centos 7.2
  • 安装组件:
    • keystone
    • glance
    • nova
    • cinder
    • neutron
    • lbaas
  • 服务器配置:
    • 控制节点:
      • 主机名: openstack-controller
      • ip: 192.168.33.9
      • cpu: 1 core
      • mem: 4G
      • 硬盘: 20G 系统盘
    • 计算节点(存储节点):
      • 主机名: openstack-compute
      • ip: 192.168.33.8
      • cpu:2 core
      • mem: 8G
      • 硬盘: 20G系统盘 + 100G存储盘

实验步骤:

1. 环境初始化

1.1 为所有节点配置Openstack Yum源

为了提高部署效率,这里我们配置本地搭建的openstack yum源码,如何搭建本地yum源请参考使用cobbler搭建本地openstack liberty yum源

cat > /etc/yum.repos.d/openstak-liberty.repo << EOF
[openstakc-liberty]
name="openstack liberty local repo"
baseurl=http://192.168.33.5/cobbler/repo_mirror/openstack-liberty/
enabled=1
gpgcheck=0
EOF
yum clean all && yum makecache

1.2 创建安装节点文件

注意和服务配置对应

mkdir -p /home/fbo/tools/
cd /home/fbo/tools/
cat > install_hosts << EOF
CONTROLLER="openstack-controller"
CONTROLLER_IP=192.168.33.9
COMPUTE="openstack-compute"
COMPUTE_IP=192.168.33.8
EOF

1.3 配置各节点的主机名解析

echo -e "192.168.33.9\topenstack-controller\n192.168.33.8\topenstack-compute" >> /etc/hosts

1.4 打通各个节点之间的ssh通道

ssh-keygen
ssh-copy-id <hosts>

2.开始安装

将“openstack-controller.sh“和”openstack-compute.sh“脚本放入”/home/fbo/tool
s“目录中,执行bash openstack-controller.sh完成一键式安装。脚本内容如下:

  • openstack-controller.sh
 #!/usr/bin/bash

 function gather_pw(){
 echo "DATABASE_PASS=`openssl rand -hex 10`" >> o_password
 echo "ADMIN_PASS=`openssl rand -hex 10`" >> o_password
 echo "CEILOMETER_DBPASS=`openssl rand -hex 10`" >> o_password
 echo "CEILOMETER_PASS=`openssl rand -hex 10`" >> o_password
 echo "CINDER_DBPASS=`openssl rand -hex 10`" >> o_password
 echo "CINDER_PASS=`openssl rand -hex 10`" >> o_password
 echo "DASH_DBPASS=`openssl rand -hex 10`" >> o_password
 echo "DEMO_PASS=`openssl rand -hex 10`" >> o_password
 echo "GLANCE_DBPASS=`openssl rand -hex 10`" >> o_password
 echo "GLANCE_PASS=`openssl rand -hex 10`" >> o_password
 echo "HEAT_DBPASS=`openssl rand -hex 10`" >> o_password
 echo "HEAT_DOMAIN_PASS=`openssl rand -hex 10`" >> o_password
 echo "HEAT_PASS=`openssl rand -hex 10`" >> o_password
 echo "KEYSTONE_DBPASS=`openssl rand -hex 10`" >> o_password
 echo "NEUTRON_DBPASS=`openssl rand -hex 10`" >> o_password
 echo "NEUTRON_PASS=`openssl rand -hex 10`" >> o_password
 echo "NOVA_DBPASS=`openssl rand -hex 10`" >> o_password
 echo "NOVA_PASS=`openssl rand -hex 10`" >> o_password
 echo "RABBIT_PASS=`openssl rand -hex 10`" >> o_password
 echo "SWIFT_PASS=`openssl rand -hex 10`" >> o_password
 }

 function cfg_ntp(){
 rpm -qa | grep chrony &>/dev/null || yum install chrony -y
 sed -i "/^#allow/a\allow 192.168.33.0\/24" /etc/chrony.conf
 systemctl enable chronyd
 systemctl start chronyd
 timedatectl set-timezone Asia/Shanghai
 echo ok > /tmp/cfg_ntp.done
 }

 function install_database(){
 yum install mariadb mariadb-server MySQL-python -y
 cat > /etc/my.cnf << EOF
 [client]
 port       = 3306
 socket     = /var/lib/mysql/mysql.sock
 [mysqld]
 default-storage-engine = innodb
 innodb_file_per_table
 collation-server = utf8_general_ci
 init-connect = 'SET NAMES utf8'
 character-set-server = utf8
 log-error  = /var/log/mariadb/mariadb.log
 port       = 3306
 socket     = /var/lib/mysql/mysql.sock
 skip-external-locking
 key_buffer_size = 16M
 max_allowed_packet = 1M
 table_open_cache = 64
 sort_buffer_size = 512K
 net_buffer_length = 8K
 read_buffer_size = 256K
 read_rnd_buffer_size = 512K
 myisam_sort_buffer_size = 8M
 log-bin=mysql-bin
 binlog_format=mixed
 server-id  = 1
 [mysqldump]
 quick
 max_allowed_packet = 16M
 [mysql]
 no-auto-rehash
 [myisamchk]
 key_buffer_size = 20M
 sort_buffer_size = 20M
 read_buffer = 2M
 write_buffer = 2M
 [mysqlhotcopy]
 interactive-timeout
 EOF

 systemctl enable mariadb.service
 systemctl start mariadb.service

 mysqladmin -uroot password $DATABASE_PASS
 mysql -uroot -p$DATABASE_PASS -e "drop database test;"
 mysql -uroot -p$DATABASE_PASS -e "delete from mysql.user where host <> 'localhost'"
 mysql -uroot -p$DATABASE_PASS -e "select user,host,password from mysql.user;"
 mysql -uroot -p$DATABASE_PASS -e "grant all privileges on *.* to 'root'@'%' identified by \"$DATABASE_PASS\";flush privileges;"
 echo ok > /tmp/install_database.done
 }

 function install_rabbit(){
 yum install rabbitmq-server -y
 # 设置开机启动
 systemctl enable rabbitmq-server.service
 systemctl start rabbitmq-server.service # rabbitmq端口是5672
 # 添加openstack用户
 rabbitmqctl add_user openstack $RABBIT_PASS
 # 给 openstack 用户配置写和读权限:
 rabbitmqctl set_permissions openstack ".*" ".*" ".*"
 # 查看rabbitmq所有插件,打开web管理插件
 # rabbitmq-plugins list
 rabbitmq-plugins enable rabbitmq_management
 systemctl restart rabbitmq-server.service # web界面监听15672,默认用户密码:guest/guest
 echo ok > /tmp/install_rabbit.done
 }

 function install_keystone(){
 my="mysql -uroot -p$DATABASE_PASS -e "
 $my "create database keystone;"
 $my "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
   IDENTIFIED BY \"$KEYSTONE_DBPASS\";"
 $my "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
   IDENTIFIED BY \"$KEYSTONE_DBPASS\";"
 yum install -y openstack-keystone httpd mod_wsgi \
   memcached python-memcached
 systemctl enable memcached.service
 systemctl start memcached.service
 file="/etc/keystone/keystone.conf"
 set_file="openstack-config --set $file"
 $set_file DEFAULT admin_token $ADMIN_PASS
 $set_file database connection mysql://keystone:$KEYSTONE_DBPASS@$CONTROLLER/keystone
 $set_file memcache servers localhost:11211
 $set_file token provider uuid
 $set_file token driver memcache
 $set_file revoke driver sql
 $set_file DEFAULT verbose True

 # 配置apache服务
 sed -i "s,^#ServerName.*80$,ServerName $CONTROLLER:80,g" /etc/httpd/conf/httpd.conf
 ## 创建文件 /etc/httpd/conf.d/wsgi-keystone.conf
 cat > /etc/httpd/conf.d/wsgi-keystone.conf << EOF
 Listen 5000
 Listen 35357

 <VirtualHost *:5000>
     WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
     WSGIProcessGroup keystone-public
     WSGIScriptAlias / /usr/bin/keystone-wsgi-public
     WSGIApplicationGroup %{GLOBAL}
     WSGIPassAuthorization On
     <IfVersion >= 2.4>
       ErrorLogFormat "%{cu}t %M"
     </IfVersion>
     ErrorLog /var/log/httpd/keystone-error.log
     CustomLog /var/log/httpd/keystone-access.log combined

     <Directory /usr/bin>
         <IfVersion >= 2.4>
             Require all granted
         </IfVersion>
         <IfVersion < 2.4>
             Order allow,deny
             Allow from all
         </IfVersion>
     </Directory>
 </VirtualHost>

 <VirtualHost *:35357>
     WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
     WSGIProcessGroup keystone-admin
     WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
     WSGIApplicationGroup %{GLOBAL}
     WSGIPassAuthorization On
     <IfVersion >= 2.4>
       ErrorLogFormat "%{cu}t %M"
     </IfVersion>
     ErrorLog /var/log/httpd/keystone-error.log
     CustomLog /var/log/httpd/keystone-access.log combined

     <Directory /usr/bin>
         <IfVersion >= 2.4>
             Require all granted
         </IfVersion>
         <IfVersion < 2.4>
             Order allow,deny
             Allow from all
         </IfVersion>
     </Directory>
 </VirtualHost>
 EOF
 # 启动apache服务
 systemctl enable httpd.service
 systemctl start httpd.service
 su -s /bin/sh -c "keystone-manage db_sync" keystone

 echo ok > /etc/install_keystone.done
 }

 function init_endpoint(){
 # 配置认证令牌
 export OS_TOKEN=$ADMIN_PASS
 export OS_URL=http://$CONTROLLER:35357/v3
 export OS_IDENTITY_API_VERSION=3
 # 为身份认证服务创建服务实体
 openstack service create --name keystone --description "OpenStack Identity" identity
 ## 身份认证服务管理了一个与您环境相关的 API 端点的目录。
 ## 服务使用这个目录来决定如何与您环境中的其他服务进行通信。
 ## OpenStack使用三个API端点变种代表每种服务:admin,internal和public。
 openstack endpoint create --region RegionOne identity public http://$CONTROLLER:5000/v2.0
 openstack endpoint create --region RegionOne identity internal http://$CONTROLLER:5000/v2.0
 openstack endpoint create --region RegionOne identity admin http://$CONTROLLER:35357/v2.0
 # 创建admin管理的项目、用户和角色:
 openstack project create --domain default --description "Admin Project" admin
 openstack user create --domain default --password $ADMIN_PASS admin
 openstack role create admin
 openstack role add --project admin --user admin admin
 # 创建service项目:
 openstack project create --domain default --description "Service Project" service
 # 创建 demo 项目和用户 user。
 openstack project create --domain default --description "Demo Project" demo
 openstack user create --domain default --password $DEMO_PASS demo
 openstack role create user
 openstack role add --project demo --user demo user # 添加user角色到demo项目和用户:
 # check
 unset OS_TOKEN OS_URL
 check_v=`openstack --os-auth-url http://$CONTROLLER:35357/v3 \
 --os-project-domain-id default \
 --os-user-domain-id default \
 --os-project-name admin \
 --os-username admin \
 --os-auth-type password \
 --os-password $ADMIN_PASS token issue | wc -l`
 if [[ $check_v -ne 0 ]];then echo ok > /tmp/init_endpoint.done;fi
 }

 function create_client_env(){
 cat > admin-openrc.sh << EOF
 export OS_PROJECT_DOMAIN_ID=default
 export OS_USER_DOMAIN_ID=default
 export OS_PROJECT_NAME=admin
 export OS_TENANT_NAME=admin
 export OS_USERNAME=admin
 export OS_PASSWORD=$ADMIN_PASS
 export OS_AUTH_URL=http://$CONTROLLER:35357/v3
 export OS_IDENTITY_API_VERSION=3
 EOF

 cat > demo-openrc.sh << EOF
 export OS_PROJECT_DOMAIN_ID=default
 export OS_USER_DOMAIN_ID=default
 export OS_PROJECT_NAME=demo
 export OS_TENANT_NAME=demo
 export OS_USERNAME=demo
 export OS_PASSWORD=$DEMO_PASS
 export OS_AUTH_URL=http://$CONTROLLER:5000/v3
 export OS_IDENTITY_API_VERSION=3
 EOF

 echo ok > /tmp/create_client_env.done
 }

 function install_glance(){
 # 创建数据库
 mysql -uroot -p$GLANCE_DBPASS -e "show database;" || {
 mysql -uroot -p$DATABASE_PASS -e "create database glance;"

 mysql -uroot -p$DATABASE_PASS -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
   IDENTIFIED BY \"$GLANCE_DBPASS\";"
 mysql -uroot -p$DATABASE_PASS -E "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
   IDENTIFIED BY \"$GLANCE_DBPASS\"";
 }
 # 创建服务认证信息
 source admin-openrc.sh
 openstack user create --domain default --password $GLANCE_PASS glance
 openstack role add --project service --user glance admin
 openstack service create --name glance \
   --description "OpenStack Image service" image
 openstack endpoint create --region RegionOne \
   image public http://$CONTROLLER:9292
 openstack endpoint create --region RegionOne \
   image internal http://$CONTROLLER:9292
 openstack endpoint create --region RegionOne \
   image admin http://$CONTROLLER:9292
 # 安装并配置组件
 yum install openstack-glance python-glance python-glanceclient
 set_file="openstack-config --set /etc/glance/glance-api.conf "

 $set_file database connection mysql://glance:$GLANCE_DBPASS@$CONTROLLER/glance
 $set_file keystone_authtoken auth_uri http://$CONTROLLER:5000
 $set_file keystone_authtoken auth_url http://$CONTROLLER:35357
 $set_file keystone_authtoken auth_plugin password
 $set_file keystone_authtoken project_domain_id default
 $set_file keystone_authtoken user_domain_id default
 $set_file keystone_authtoken project_name service
 $set_file keystone_authtoken username glance
 $set_file keystone_authtoken password $GLANCE_PASS
 $set_file paste_deploy flavor keystone
 $set_file glance_store default_store file
 $set_file glance_store filesystem_store_datadir /var/lib/glance/images/
 $set_file DEFAULT notification_driver noop
 $set_file DEFAULT verbose True
 function setfile(){
 openstack-config --set /etc/glance/glance-registry.conf $1 $2 $3
 }
 setfile database connection mysql://glance:$GLANCE_DBPASS@$CONTROLLER/glance
 setfile keystone_authtoken auth_uri http://$CONTROLLER:5000
 setfile keystone_authtoken auth_url http://$CONTROLLER:35357
 setfile keystone_authtoken auth_plugin password
 setfile keystone_authtoken project_domain_id default
 setfile keystone_authtoken user_domain_id default
 setfile keystone_authtoken project_name service
 setfile keystone_authtoken username glance
 setfile keystone_authtoken password $GLANCE_PASS
 setfile paste_deploy flavor keystone
 setfile DEFAULT notification_driver noop
 setfile DEFAULT verbose True

 # 同步数据库
 check_db=`mysql -uroot -p$GLANCE_DBPASS -s glance -e "show tables;" | wc -l`
 [ $check_db -eq 0 ] && su -s /bin/sh -c "glance-manage db_sync" glance
 systemctl enable openstack-glance-api.service \
   openstack-glance-registry.service
 systemctl start openstack-glance-api.service \
   openstack-glance-registry.service
 # 验证操作
 echo "export OS_IMAGE_API_VERSION=2" \
   | tee -a admin-openrc.sh demo-openrc.sh
 source admin-openrc.sh
 which wget &> /dev/null || yum install -y wget
 wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
 glance image-create --name "cirros" \
   --file cirros-0.3.4-x86_64-disk.img \
   --disk-format qcow2 --container-format bare \
   --visibility public --progress
 glance image-list
 echo ok > /tmp/install_glance.done
 }


 function install_nova(){
 # 创建数据库
 mysql -uroot -p$DATABASE_PASS -e "create database nova;";
 mysql -uroot -p$DATABASE_PASS -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
 IDENTIFIED BY \"$NOVA_DBPASS\";";
 mysql -uroot -p$DATABASE_PASS -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
 IDENTIFIED BY \"$NOVA_DBPASS\";";
 # 创建认证管理信息
 source admin-openrc.sh
 openstack user create --domain default --password $NOVA_PASS nova
 openstack role add --project service --user nova admin
 openstack service create --name nova --description "Openstack Compute" compute

 openstack endpoint create --region RegionOne \
 compute public http://$CONTROLLER:8774/v2/%\(tenant_id\)s
 openstack endpoint create --region RegionOne \
 compute internal http://$CONTROLLER:8774/v2/%\(tenant_id\)s
 openstack endpoint create --region RegionOne \
 compute admin http://$CONTROLLER:8774/v2/%\(tenant_id\)s

 # 安装配置nova
 yum install openstack-nova-api openstack-nova-cert \
 openstack-nova-conductor openstack-nova-console \
 openstack-nova-novncproxy openstack-nova-scheduler \
 python-novaclient -y

 set_file="openstack-config --set /etc/nova/nova.conf"
 $set_file database connection  mysql://nova:$NOVA_DBPASS@$CONTROLLER/nova
 $set_file DEFAULT rpc_backend rabbit
 $set_file oslo_messaging_rabbit rabbit_host $CONTROLLER
 $set_file oslo_messaging_rabbit rabbit_userid openstack
 $set_file oslo_messaging_rabbit rabbit_password $RABBIT_PASS
 $set_file DEFAULT auth_strategy keystone
 $set_file keystone_authtoken auth_uri http://$CONTROLLER:5000
 $set_file keystone_authtoken auth_url http://$CONTROLLER:35357
 $set_file keystone_authtoken auth_plugin password
 $set_file keystone_authtoken project_domain_id default
 $set_file keystone_authtoken user_domain_id default
 $set_file keystone_authtoken project_name service
 $set_file keystone_authtoken username nova
 $set_file keystone_authtoken password $NOVA_PASS
 $set_file DEFAULT my_ip $CONTROLLER_IP
 $set_file DEFAULT network_api_class nova.network.neutronv2.api.API
 $set_file DEFAULT security_group_api neutron
 $set_file DEFAULT linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
 $set_file DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
 $set_file vnc vncserver_listen \$my_ip
 $set_file vnc vncserver_proxyclient_address \$my_ip
 $set_file glance host $CONTROLLER_IP
 $set_file oslo_concurrency lock_path /var/lib/nova/tmp
 $set_file DEFAULT enabled_apis osapi_compute,metadata
 $set_file DEFAULT verbose True

 # 同步数据库
 su -s /bin/sh -c "nova-manage db sync" nova
 # 启动nova服务
 systemctl enable openstack-nova-api.service \
 openstack-nova-cert.service openstack-nova-consoleauth.service \
 openstack-nova-scheduler.service openstack-nova-conductor.service \
 openstack-nova-novncproxy.service
 systemctl start openstack-nova-api.service \
 openstack-nova-cert.service openstack-nova-consoleauth.service \
 openstack-nova-scheduler.service openstack-nova-conductor.service \
 openstack-nova-novncproxy.service

 echo ok > /tmp/install_nova.done
 }

 function install_neutron(){
 function hehe(){
 # 数据库
 mysql -uroot -p$DATABASE_PASS -e "create database neutron;";
 mysql -uroot -p$DATABASE_PASS -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
 IDENTIFIED BY \"$NEUTRON_DBPASS\";";
 mysql -uroot -p$DATABASE_PASS -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
 IDENTIFIED BY \"$NEUTRON_DBPASS\";";
 # 认证信息
 source admin-openrc.sh
 openstack user create --domain default --password $NEUTRON_PASS neutron

 openstack role add --project service --user neutron admin

 openstack service create --name neutron \
 --description "OpenStack Networking" network

 openstack endpoint create --region RegionOne \
 network public http://$CONTROLLER:9696

 openstack endpoint create --region RegionOne \
 network internal http://$CONTROLLER:9696

 openstack endpoint create --region RegionOne \
 network admin http://$CONTROLLER:9696

 # 安装neutron软件包
 yum install -y openstack-neutron openstack-neutron-ml2 \
 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
 }

 function set_cfg(){
 openstack-config --set /etc/neutron/neutron.conf $1 $2 $3
 }
 sed -i "/^[a-z]/d" /etc/neutron/neutron.conf
 set_cfg DEFAULT verbose True
 set_cfg DEFAULT core_plugin ml2
 set_cfg DEFAULT service_plugins router
 set_cfg DEFAULT auth_strategy keystone
 set_cfg DEFAULT notify_nova_on_port_status_changes True
 set_cfg DEFAULT notify_nova_on_port_data_changes True
 set_cfg DEFAULT nova_url http://$CONTROLLER:8774/v2
 set_cfg DEFAULT rpc_backend rabbit
 set_cfg keystone_authtoken uth_uri http://$CONTROLLER:5000
 set_cfg keystone_authtoken auth_url http://$CONTROLLER:35357
 set_cfg keystone_authtoken auth_plugin password
 set_cfg keystone_authtoken project_domain_id default
 set_cfg keystone_authtoken user_domain_id default
 set_cfg keystone_authtoken project_name service
 set_cfg keystone_authtoken username neutron
 set_cfg keystone_authtoken password $NEUTRON_PASS
 set_cfg database connection mysql://neutron:$NEUTRON_DBPASS@$CONTROLLER/neutron
 set_cfg nova auth_url http://$CONTROLLER:35357
 set_cfg nova auth_plugin password
 set_cfg nova project_domain_id default
 set_cfg nova user_domain_id default
 set_cfg nova region_name RegionOne
 set_cfg nova project_name service
 set_cfg nova username nova
 set_cfg nova password $NOVA_PASS
 set_cfg oslo_concurrency lock_path /var/lib/neutron/tmp
 set_cfg oslo_messaging_rabbit rabbit_host $CONTROLLER
 set_cfg oslo_messaging_rabbit rabbit_userid openstack
 set_cfg oslo_messaging_rabbit rabbit_password $RABBIT_PASS

 function set_ml2(){
 openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini $1 $2 $3
 }

 set_ml2 ml2 type_drivers flat,vlan,gre,vxlan,geneve
 set_ml2 ml2 tenant_network_types vlan,gre,vxlan,geneve
 set_ml2 ml2 mechanism_drivers linuxbridge,openvswitch
 set_ml2 ml2 extension_drivers port_security
 set_ml2 ml2_type_flat flat_networks physnet1
 set_ml2 securitygroup enable_ipset True

 function set_br(){
 openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini $1 $2 $3
 }

 set_br linux_bridge physical_interface_mappings physnet1:eth0
 set_br vxlan enable_vxlan False
 set_br securitygroup enable_security_group True
 set_br securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

 set_dhcp(){
 openstack-config --set /etc/neutron/dhcp_agent.ini $1 $2 $3
 }
 set_dhcp DEFAULT verbose True
 set_dhcp DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
 set_dhcp DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
 set_dhcp DEFAULT enable_isolated_metadata true

 set_meta(){
 openstack-config --set /etc/neutron/metadata_agent.ini $1 $2 $3
 }

 sed -i "/^[a-z]/d" /etc/neutron/metadata_agent.ini
 set_meta DEFAULT verbose True
 set_meta DEFAULT auth_uri http://$CONTROLLER:5000
 set_meta DEFAULT auth_url http://$CONTROLLER:35357
 set_meta DEFAULT auth_region RegionOne
 set_meta DEFAULT auth_plugin password
 set_meta DEFAULT project_domain_id default
 set_meta DEFAULT user_domain_id default
 set_meta DEFAULT project_name service
 set_meta DEFAULT username neutron
 set_meta DEFAULT password $NEUTRON_PASS
 set_meta DEFAULT nova_metadata_ip $CONTROLLER_IP
 set_meta DEFAULT metadata_proxy_shared_secret metadata

 function set_nova(){
 openstack-config --set /etc/nova/nova.conf $1 $2 $3
 }

 set_nova neutron url http://$CONTROLLER:9696
 set_nova neutron auth_url http://$CONTROLLER:35357
 set_nova neutron auth_plugin password
 set_nova neutron project_domain_id default
 set_nova neutron user_domain_id default
 set_nova neutron region_name RegionOne
 set_nova neutron project_name service
 set_nova neutron username neutron
 set_nova neutron password $NEUTRON_PASS
 set_nova neutron service_metadata_proxy True
 set_nova neutron metadata_proxy_shared_secret metadata

 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

 su -s /bin/sh -c "neutron-db-manage \
 --config-file /etc/neutron/neutron.conf \
 --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

 systemctl restart openstack-nova-api.service

 systemctl enable neutron-server.service \
 neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
 neutron-metadata-agent.service

 systemctl start neutron-server.service \
 neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
 neutron-metadata-agent.service

 echo ok > /tmp/install_neutron.done
 }

 function install_horizon(){
 yum install openstack-dashboard -y
 sed -i  "s/^OPENSTACK_HOST.*/OPENSTACK_HOST = \"$CONTROLLER\"/g" \
 /etc/openstack-dashboard/local_settings

 sed -i  "s/^ALLOWED_HOSTS.*/ALLOWED_HOSTS = \['\*'\,]/g" \
 /etc/openstack-dashboard/local_settings

 sed  -i "/^\ *'BACKEND'/a\ \t'LOCATION': '$CONTROLLER:11211'," \
 /etc/openstack-dashboard/local_settings

 sed -i "s/^OPENSTACK_KEYSTONE_DEFAULT_ROLE.*/OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"user\"/g" \
 /etc/openstack-dashboard/local_settings

 sed -i "/OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT.*/a OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True" \
 /etc/openstack-dashboard/local_settings

 sed -i "/OPENSTACK_API_VERSIONS/i OPENSTACK_API_VERSIONS = {\n\t\"identity\": 3,\n\t\"volume\": 2,\n}" \
 /etc/openstack-dashboard/local_settings

 sed -i "s/^TIME_ZONE.*/TIME_ZONE = \"Asia\/Shanghai\"/g" \
 /etc/openstack-dashboard/local_settings

 systemctl enable httpd.service memcached.service
 systemctl restart httpd.service memcached.service

 echo ok > /tmp/install_horizon.done
 }

 function install_cinder(){
 # 数据库
 function initdb(){
 mysql -uroot -p$DATABASE_PASS \
 -e "create database cinder;"
 mysql -uroot -p$DATABASE_PASS \
 -e "grant all privileges on cinder.* to 'cinder'@'localhost' identified by '$CINDER_DBPASS';"
 mysql -uroot -p$DATABASE_PASS \
 -e "grant all privileges on cinder.* to 'cinder'@'%' identified by '$CINDER_DBPASS';"
 }
 mysql -ucinder -p$CINDER_DBPASS -s cinder -e "show tables;" &> /dev/null || initdb

 # 认证信息
 source admin-openrc.sh
 function auth(){
 openstack user create --domain default --password $CINDER_PASS cinder
 openstack role add --project service --user cinder admin

 openstack service create --name cinder \
 --description "OpenStack Block Storage" volume

 openstack service create --name cinderv2 \
 --description "OpenStack Block Storage" volumev2

 openstack endpoint create --region RegionOne \
 volume public http://$CONTROLLER:8776/v1/%\(tenant_id\)s
 openstack endpoint create --region RegionOne \
 volume internal http://$CONTROLLER:8776/v1/%\(tenant_id\)s
 openstack endpoint create --region RegionOne \
 volume admin http://$CONTROLLER:8776/v1/%\(tenant_id\)s

 openstack endpoint create --region RegionOne \
 volumev2 public http://$CONTROLLER:8776/v2/%\(tenant_id\)s
 openstack endpoint create --region RegionOne \
 volumev2 internal http://$CONTROLLER:8776/v2/%\(tenant_id\)s
 openstack endpoint create --region RegionOne \
 volumev2 admin http://$CONTROLLER:8776/v2/%\(tenant_id\)s
 }
 openstack endpoint list | grep cinder || auth
 # 安装软件
 yum install -y openstack-cinder python-cinderclient

 # cinder配置
 function set_cfg(){
 openstack-config --set /etc/cinder/cinder.conf $1 $2 $3
 }
 ## 配置数据连接
 set_cfg database connection mysql://cinder:$CINDER_DBPASS@$CONTROLLER/cinder
 ## 配置消息队列
 set_cfg DEFAULT rpc_backend rabbit
 set_cfg oslo_messaging_rabbit rabbit_host $CONTROLLER
 set_cfg oslo_messaging_rabbit rabbit_userid openstack
 set_cfg oslo_messaging_rabbit rabbit_password $RABBIT_PASS
 ## 配置认证服务
 set_cfg DEFAULT auth_strategy keystone
 set_cfg keystone_authtoken auth_uri http://$CONTROLLER:5000
 set_cfg keystone_authtoken auth_url http://$CONTROLLER:35357
 set_cfg keystone_authtoken auth_plugin password
 set_cfg keystone_authtoken project_domain_id default
 set_cfg keystone_authtoken user_domain_id default
 set_cfg keystone_authtoken project_name service
 set_cfg keystone_authtoken username cinder
 set_cfg keystone_authtoken password $CINDER_PASS
 ## 杂项
 set_cfg DEFAULT my_ip $CONTROOLER_IP
 set_cfg oslo_concurrency lock_path /var/lib/cinder/tmp
 set_cfg DEFAULT verbose True

 # 同步数据库
 check_db=`mysql -ucinder -p$CINDER_DBPASS -s cinder -e "show tables;" | wc -l`
 if [[ $check_db -eq 0 ]]
 then
 su -s /bin/sh -c "cinder-manage db sync" cinder
 fi
 # 配置nova节点使用cinder服务
 openstack-config --set /etc/nova/nova.conf cinder os_region_name RegionOne
 systemctl restart openstack-nova-api

 # 启动cinder服务
 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
 systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service

 echo ok > /tmp/install_cinder.done
 }

 function install_lbaas(){
 yum install openstack-neutron-lbaas python-neutron-lbaas haproxy -y
 openstack-config --set /etc/neutron/lbaas_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver

 openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router,lbaas

 systemctl restart neutron-server
 systemctl enable neutron-lbaas-agent
 systemctl start neutron-lbaas-agent

 echo ok > /tmp/install_lbaas.done
 }


 cat o_password &> /dev/null || gather_pw
 source o_password
 source install_hosts
 cat /tmp/cfg_ntp.done &> /dev/null || cfg_ntp
 cat /tmp/install_database.done &> /dev/null || install_database
 cat /tmp/install_rabbit.done &> /dev/null || install_rabbit
 which openstack-config &> /dev/null || yum install -y openstack-utils
 cat /tmp/install_keystone.done &> /dev/null || install_keystone
 which openstack &> /dev/null || yum install -y python-openstackclient
 cat /tmp/init_endpoint.done &> /dev/null|| init_endpoint
 cat /tmp/create_client_env.done &> /dev/null || create_client_env
 cat /tmp/install_glance.done &> /dev/null || install_glance
 cat /tmp/install_nova.done &> /dev/null || install_nova
 cat /tmp/install_neutron.done &> /dev/null || install_neutron
 cat /tmp/install_horizon.done &> /dev/null || install_horizon
 cat /tmp/install_cinder.done &> /dev/null || install_cinder
 cat /tmp/install_lbaas.done &> /dev/null || install_lbaas

 rsync -avrz ./* $COMPUTE:/home/fbo/tools/
 ssh $COMPUTE "which openstack-config &> /dev/null || yum install -y openstack-utils"
 ssh $COMPUTE bash -x /home/fbo/tools/openstack-compute.sh
  • openstack-compute.sh
#!/usr/bin/bash
set -e
sh_dir=/home/fbo/tools/
cd $sh_dir
source o_password
source install_hosts
function c-cfg_ntp(){
rpm -qa | grep chrony &>/dev/null || yum install chrony -y
sed -i -e '1,/^#server/{/^#server/i\server\t$CONTROLLER\tiburst' -e'}' /etc/chrony.conf
systemctl enable chronyd.service
systemctl start chronyd.service
timedatectl set-timezone Asia/Shanghai
echo ok > /tmp/c-cfg_ntp.done
}

function c-install_nova(){
yum install openstack-nova-compute sysfsutils -y
function set_file(){
openstack-config --set /etc/nova/nova.conf $1 $2 $3
}
set_file DEFAULT rpc_backend rabbit
set_file oslo_messaging_rabbit rabbit_host $CONTROLLER
set_file oslo_messaging_rabbit rabbit_userid openstack
set_file oslo_messaging_rabbit rabbit_password $RABBIT_PASS
set_file DEFAULT auth_strategy keystone
set_file keystone_authtoken auth_uri http://$CONTROLLER:5000
set_file keystone_authtoken auth_url http://$CONTROLLER:35357
set_file keystone_authtoken auth_plugin password
set_file keystone_authtoken project_domain_id default
set_file keystone_authtoken user_domain_id default
set_file keystone_authtoken project_name service
set_file keystone_authtoken username nova
set_file keystone_authtoken password $NOVA_PASS
set_file DEFAULT my_ip $COMPUTE_IP
set_file DEFAULT network_api_class nova.network.neutronv2.api.API
set_file DEFAULT security_group_api neutron
set_file DEFAULT linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
set_file DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
set_file vnc enabled True
set_file vnc vncserver_listen 0.0.0.0
set_file vnc vncserver_proxyclient_address \$my_ip
set_file vnc novncproxy_base_url http://$CONTROLLER:6080/vnc_auto.html
set_file glance host $CONTROLLER
set_file oslo_concurrency lock_path /var/lib/nova/tmp
set_file DEFAULT verbose True
if [ `grep -Ec "(vmx|svm)" /proc/cpuinfo` -eq 0 ]
then
    set_file libvirt virt_type qemu
fi
# 启动服务
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service

echo ok > /tmp/c-install_nova.done
}

function c-install_neutron(){
yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset -y
rsync -avrz root@$CONTROLLER:/etc/neutron/neutron.conf /etc/neutron/
rsync -avrz root@$CONTROLLER:/etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/
rsync -avrz root@$CONTROLLER:/etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
chown root:neutron /etc/neutron/plugins/ml2/*

function set_nova(){
openstack-config --set /etc/nova/nova.conf $1 $2 $3
}

set_nova neutron url http://$CONTROLLER:9696
set_nova neutron auth_url http://$CONTROLLER:35357
set_nova neutron auth_plugin password
set_nova neutron project_domain_id default
set_nova neutron user_domain_id default
set_nova neutron region_name RegionOne
set_nova neutron project_name service
set_nova neutron username neutron
set_nova neutron password $NEUTRON_PASS

systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service

echo ok > /tmp/c-install_neutron.done
}

function c-install_cinder(){
dev1=`lsblk | grep -E "^.db" | cut -d " " -f1`
yum install lvm2 -y
systemctl enable lvm2-lvmetad
systemctl start lvm2-lvmetad

pvcreate /dev/$dev1
vgcreate cinder-volumes /dev/$dev1
sed -i "/^devices/a \ filter = [\"a/$dev1/\", \"r/\.\*\/\"]" /etc/lvm/lvm.conf | grep -C1 "^devices"
yum install openstack-cinder targetcli python-oslo-policy -y
rsync -avrz $CONTROLLER:/etc/cinder/cinder.conf /etc/cinder/
openstack-config --set /etc/cinder/cinder.conf DEFAULT glance_api_servers http://$CONTROLLER:9292
openstack-config --set /etc/cinder/cinder.conf DEFAULT glance_api_servers http://$CONTROLLER:9292
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip $COMPUTE_IP
openstack-config --set /etc/cinder/cinder.conf lvm  volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
openstack-config --set /etc/cinder/cinder.conf lvm  volume_group cinder-volumes
openstack-config --set /etc/cinder/cinder.conf lvm  iscsi_protocol iscsi
openstack-config --set /etc/cinder/cinder.conf lvm  iscsi_helper lioadm

systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service

source admin-openrc.sh
cinder service-list | grep cinder-volume1 && echo ok > /tmp/c-install_cinder.done
}

cat /tmp/c-cfg_ntp.done &> /dev/null || c-cfg_ntp
cat /tmp/c-install_nova.done &> /dev/null || c-install_nova
cat /tmp/c-install_neutron.done &> /dev/null || c-install_neutron
cat /tmp/c-install_cinder.done &> /dev/null || c-install_cinder
最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 211,884评论 6 492
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 90,347评论 3 385
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 157,435评论 0 348
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 56,509评论 1 284
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 65,611评论 6 386
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 49,837评论 1 290
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 38,987评论 3 408
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 37,730评论 0 267
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 44,194评论 1 303
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 36,525评论 2 327
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 38,664评论 1 340
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 34,334评论 4 330
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 39,944评论 3 313
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 30,764评论 0 21
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 31,997评论 1 266
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 46,389评论 2 360
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 43,554评论 2 349

推荐阅读更多精彩内容