saltstack部署openstack

最新推荐文章于 2019-07-21 21:19:05 发布

unique_niebie

最新推荐文章于 2019-07-21 21:19:05 发布

阅读量273

点赞数

文章标签： saltstack openstack

本文链接：https://blog.csdn.net/unique_niebie/article/details/78461260

版权

总体结构

/srv/
├── pillar
│   ├── openstack
│   │   ├── glance
│   │   │   └── init.sls
│   │   └── nova
│   │       └── init.sls
│   └── top.sls
└── salt
    └── openstack
        ├── chrony
        │   ├── files
        │   │   └── chrony.conf
        │   └── service.sls
        ├── glance
        │   ├── glance-api.conf
        │   ├── glance-registry.conf
        │   ├── init.sls
        │   └── map.jinja
        ├── keystone
        │   ├── endpoint.sls
        │   ├── files
        │   │   ├── httpd.conf
        │   │   ├── keystone.conf
        │   │   └── wsgi-keystone.conf
        │   ├── init.sls
        │   ├── install.sls
        │   └── user.sls
        ├── memcached
        │   ├── files
        │   │   └── memcached
        │   └── install.sls
        ├── mysql
        │   ├── files
        │   │   └── my.cnf
        │   ├── glance.sls
        │   ├── init.sls
        │   ├── install.sls
        │   ├── keystone.sls
        │   ├── neutron.sls
        │   └── nova.sls
        ├── nova_compute
        │   ├── init.sls
        │   ├── map.jinja
        │   ├── nova-compute.conf
        │   └── nova.conf
        ├── nova_server
        │   ├── init.sls
        │   ├── map.jinja
        │   └── nova.conf
        ├── rabbitmq
        │   └── install.sls
        └── yum
            ├── install.sls
            └── yum.repo

/srv/pillar/openstack/glance/init.sls

glance:
  dbserver: 172.25.50.101
  server: 172.25.50.101
  dbname: glance
  dbuser: glance
  dbpass: glance
  dbclienthost: '%'
  database: glance.*
  user: glance
  pass: glance
  email: root@root

/srv/pillar/openstack/neutron/init.sls

neutron:
  dbserver: 172.25.50.101
  server: 172.25.50.101
  dbname: neutron
  dbuser: neutron
  dbpass: neutron
  dbclienthost: '%'
  database: neutron.*
  user: neutron
  pass: neutron
  email: root@root
  metadata_proxy_shared_secret

/srv/pillar/openstack/nova/init.sls

nova:
  dbserver: 172.25.50.101
  server: 172.25.50.101
  dbname: nova
  dbuser: nova
  dbpass: nova
  dbclienthost: '%'
  database: nova.*
  user: nova
  pass: nova
  email: root@root

compute:
  mgmt: compute

yum

yum/
├── install.sls
└── yum.repo

0 directories, 2 files

/srv/salt/openstack/yum/install.sls

install:
  file.managed:
    - name: /etc/yum.repos.d/yum.repo
    - source: salt://openstack/yum/yum.repo

  cmd.run:
    - name: yum upgrade -y && touch /etc/yum.repos.d/yum_upgrade
    - unless: test -f /etc/yum.repos.d/yum_upgrade

chrony

chrony/
├── files
│   └── chrony.conf
└── service.sls

1 directory, 2 files

/srv/salt/openstack/chrony/service.sls

chrony-service:
  pkg.installed:
    - name: chrony

  file.managed:
    - name: /etc/chrony.conf
    - source: salt://openstack/chrony/files/chrony.conf

  service.running:
    - name: chronyd
    - enable: True
    - watch:
      - file: chrony-service

  cmd.run:
    - name: chronyc sources -v
    - watch:
      - file: chrony-service

MySQL

mysql/
├── files
│   └── my.cnf
├── glance.sls
├── init.sls
├── install.sls
├── keystone.sls
├── neutron.sls
└── nova.sls

1 directory, 7 files

/srv/salt/openstack/mysql/install.sls

include:
  - openstack.yum.install

mariadb-install:
  pkg.installed:
    - pkgs:
      - python-openstackclient
      - mariadb
      - mariadb-server
      - MySQL-python

/etc/my.cnf:
  file.managed:
    - source: salt://openstack/mysql/files/my.cnf
    - require:
      - pkg: mariadb-install

mariadb-service:
  service.running:
    - name: mariadb
    - enable: True
    - watch:
      - file: /etc/my.cnf
    - require:
      - pkg: mariadb-install

  cmd.run:
    - name: mysql -e "UPDATE mysql.user SET Password=PASSWORD('westos') WHERE User='root';DELETE FROM mysql.user WHERE User='';DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');DROP DATABASE IF EXISTS test;FLUSH PRIVILEGES;" && touch /etc/mariadb-init.lock
    - unless: test -f /etc/mariadb-init.lock

/srv/salt/openstack/mysql/keystone.sls

#mysql-keystone:
#  cmd.run:
#    - names:
#      - mysql -pwestos -e "CREATE DATABASE keystone;"
#      - mysql -pwestos -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"
#      - mysql -pwestos -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"

mysql-keystone:
  mysql_database.present:
    - name: keystone
    - connection_user: root
    - connection_pass: westos
  mysql_user.present:
    - hosts: 
      - '%'
      - 'localhost'
    - name: keystone
    - password: keystone
    - connection_user: root
    - connection_pass: westos
  mysql_grants.present:
    - grant: all
    - database: keystone.*
    - user: keystone
    - hosts: 
      - '%'
      - 'localhost'
    - connection_user: root
    - connection_pass: westos

/srv/salt/openstack/mysql/glance.sls

#mysql-glance:
#  cmd.run:
#    - names:
#      - mysql -pwestos -e "CREATE DATABASE glance;"
#      - mysql -pwestos -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';"
#      - mysql -pwestos -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';"
mysql-glance:
  mysql_database.present:
    - name: glance
    - connection_user: root
    - connection_pass: westos
  mysql_user.present:
    - host: '%'
    - name: glance
    - password: glance
    - connection_user: root
    - connection_pass: westos
  mysql_grants.present:
    - grant: all
    - database: glance.*
    - user: glance
    - host: '%'
    - connection_user: root
    - connection_pass: westos

/srv/salt/openstack/mysql/nova.sls

#mysql-nova_api:
#  cmd.run:
#    - names:
#      - mysql -pwestos -e "CREATE DATABASE nova_api;"
#      - mysql -pwestos -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
#      - mysql -pwestos -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
#
#mysql-nova:
#  cmd.run:
#    - names:
#      - mysql -pwestos -e "CREATE DATABASE nova;"
#      - mysql -pwestos -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
#      - mysql -pwestos -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';"

mysql-nova-user:
  mysql_user.present:
    - host: '%'
    - name: nova
    - password: nova
    - connection_user: root
    - connection_pass: westos

mysql-nova-api:
  mysql_database.present:
    - name: nova_api
    - connection_user: root
    - connection_pass: westos
  mysql_grants.present:
    - grant: all
    - database: nova_api.*
    - user: nova
    - host: '%'
    - connection_user: root
    - connection_pass: westos

mysql-nova:
  mysql_database.present:
    - name: nova
    - connection_user: root
    - connection_pass: westos
  mysql_grants.present:
    - grant: all
    - database: nova.*
    - user: nova
    - host: '%'
    - connection_user: root
    - connection_pass: westos

/srv/salt/openstack/mysql/neutron.sls

#mysql-neutron:
#  cmd.run:
#    - names:
#      - mysql -pwestos -e "CREATE DATABASE neutron;"
#      - mysql -pwestos -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';"
#      - mysql -pwestos -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';"
mysql-neutron:
  mysql_database.present:
    - name: neutron
    - connection_user: root
    - connection_pass: westos
  mysql_user.present:
    - host: '%'
    - name: neutron
    - password: neutron
    - connection_user: root
    - connection_pass: westos
  mysql_grants.present:
    - grant: all
    - database: neutron.*
    - user: neutron
    - host: '%'
    - connection_user: root
    - connection_pass: westos

/srv/salt/openstack/mysql/init.sls

include:
  - openstack.mysql.install
  - openstack.mysql.keystone
  - openstack.mysql.glance
  - openstack.mysql.nova
  - openstack.mysql.neutron

keystone

keystone/
├── endpoint.sls
├── files
│   ├── httpd.conf
│   ├── keystone.conf
│   └── wsgi-keystone.conf
├── init.sls
├── install.sls
└── user.sls

1 directory, 7 files

/srv/salt/openstack/keystone/install.sls

keystone-install:
  pkg.installed:
    - pkgs:
      - openstack-keystone
      - httpd
      - mod_wsgi
      - python-keystoneclient
  file.managed:
    - name: /etc/keystone/keystone.conf
    - source: salt://openstack/keystone/files/keystone.conf
  cmd.run:
    - name: su -s /bin/sh -c "keystone-manage db_sync" keystone && touch /etc/keystone-dbsync.lock
    - unless: test -f /etc/keystone-dbsync.lock
    - require:
      - mysql_grants: mysql-keystone

fernet-keys:
  - cmd.run: keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone  && touch /etc/fernet-keys.lock
  - unless: test -f /etc/fernet-keys.lock
  - require:
    - cmd: keystone-install

/etc/httpd/conf/httpd.conf:
  file.managed:
    - source: salt://openstack/keystone/files/httpd.conf

openstack-keystone:
  file.managed:
    - name: /etc/httpd/conf.d/wsgi-keystone.conf
    - source: salt://openstack/keystone/files/wsgi-keystone.conf
    - require:
      - file: /etc/httpd/conf/httpd.conf
  service.running:
    - name: httpd
    - enable: True
    - require:
      - cmd: fernet-keys
    - watch: 
      - file: /etc/httpd/conf/httpd.conf

openstack-domain:
  cmd.run:
    - names: 
      - openssl rand -hex 10 > /mnt/openssl
      - export OS_TOKEN=`cat /mnt/openssl` && export OS_URL=http://172.25.50.1:35357/v3 && export OS_IDENTITY_API_VERSION=3 && openstack domain create --description "Default Domain" default && touch /etc/openstack-domain.lock
    - unless: test -f /etc/openstack-domain.lock

/srv/salt/openstack/keystone/user.sls

admin project:
  keystone.project_present:
    - name: admin
    - description: "Admin Project"
    - enabled: True

demo project:
  keystone.project_present:
    - name: demo
    - description: "Demo Project"

service porject:
  keystone.project_present:
    - name: service
    - description: "Service Project"


keystone roles:
  keystone.role_present:
    - names:
      - admin
      - user

admin:
  keystone.user_present:
    - password: 'admin'
    - email: admin@domain.com
    - roles:
        admin:
          - admin
    - project: admin
    - require:
      - keystone: admin project
      - keystone: keystone roles

demo:
  keystone.user_present:
    - password: 'demo'
    - email: demo@domain.com
    - roles:
        demo:
          - user
    - project: demo
    - require:
      - keystone: demo project
      - keystone: keystone roles

/srv/salt/openstack/keystone/init.sls

include:
  - openstack.keystone.install
  - openstack.keystone.endpoint
  - openstack.keystone.user

glance

keystone/
├── endpoint.sls
├── files
│   ├── httpd.conf
│   ├── keystone.conf
│   └── wsgi-keystone.conf
├── init.sls
├── install.sls
└── user.sls

1 directory, 7 files

/srv/salt/openstack/glance/init.sls

glance:
  pkg: 
    - installed

glance-api:
  service.running:
    - watch:
      - file: /etc/glance/glance-api.conf
    - require:
      - file: /etc/glance/glance-api.conf

/etc/glance/glance-api.conf:
  file.managed:
    - source: salt://openstack/glance/glance-api.conf
    - user: glance
    - group: glance
    - mode: 640
    - template: jinja
    - require:
      - pkg: glance

glance-registry:
  service.running:
    - watch:
      - file: /etc/glance/glance-registry.conf
    - require:
      - file: /etc/glance/glance-registry.conf

/etc/glance/glance-registry.conf:
  file.managed:
    - source: salt://openstack/glance/glance-registry.conf
    - user: glance
    - group: glance
    - mode: 640
    - template: jinja
    - require:
      - pkg: glance


glance_service:
  keystone.service_present:
    - name: glance
    - service_type: image
    - description: OpenStack Image Service

nova_server

nova_server/
├── init.sls
├── map.jinja
└── nova.conf

0 directories, 3 files

/srv/salt/openstack/nova_server/init.sls

nova_server:
  pkg.installed:
    - pkgs:
      - nova-api
      - nova-cert
      - nova-conductor
      - nova-consoleauth
      - nova-novncproxy
      - nova-scheduler
      - python-novaclient

/etc/nova/nova.conf:
  file.managed:
    - source: salt://openstack/nova_server/nova.conf
    - user: nova
    - group: nova
    - mode: 640
    - template: jinja
    - require:
      - pkg: nova_server

nova_services:
  service.running:
    - names:
      - nova-api
      - nova-cert
      - nova-consoleauth
      - nova-scheduler
      - nova-conductor
      - nova-novncproxy
    - watch:
      - file: /etc/nova/nova.conf
    - require:
      - file: /etc/nova/nova.conf



nova_service:
  keystone.service_present:
    - name: nova
    - service_type: compute
    - description: OpenStack Compute

nova_compet

nova_compute/
├── init.sls
├── map.jinja
├── nova-compute.conf
└── nova.conf

0 directories, 4 files

/srv/salt/openstack/nova_compute/init.sls

nova-compute:
  pkg.installed: []
  service.running:
    - watch:
      - file: /etc/nova/nova.conf
    - require:
      - file: /etc/nova/nova.conf

/etc/nova/nova.conf:
  file.managed:
    - source: salt://openstack/nova_compute/nova.conf
    - user: nova
    - group: nova
    - mode: 640
    - template: jinja
    - require:
      - pkg: nova-compute

/etc/nova/nova-compute.conf:
  file.managed:
    - source: salt://openstack/nova_compute/nova-compute.conf
    - user: nova
    - group: nova
    - mode: 640
    - template: jinja
    - require:
      - pkg: nova-compute

###**memcached**

memcached/
├── files
│ └── memcached
└── install.sls

1 directory, 2 files


/srv/salt/openstack/memcached/install.sls

memcache-service:
pkg.installed:
- name: memcached
file.managed:
- name: /etc/sysconfig/memcached
- source: salt://openstack/memcached/files/memcached
service.running:
- name: memcached
- enable: True
- watch:
- file: memcache-service

##**rabbitmq**

rabbitmq/
└── install.sls

0 directories, 1 file


/srv/salt/openstack/rabbitmq/install.sls

rabbitmq-install:
pkg.installed:
- name: rabbitmq-server
service.running:
- name: rabbitmq-server
- enable: True
cmd.run:
- name: rabbitmqctl add_user openstack openstack && rabbitmqctl set_permissions openstack “.” “.” “.*” && touch /etc/rabbitmq-openstack.lock
- unless: test -f /etc/rabbitmq-openstack.lock

openstack:
rabbitmq_user.present:
- password: openstack
- perms:
- ‘/’:
- ‘.*’
- ‘.*’
- ‘.*’
- runas: rabbitmq

rabbitmq_management:
rabbitmq_plugin.enabled: []

“`

unique_niebie

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
saltstack部署openstack

总体结构/srv/├── pillar│ ├── openstack│ │ ├── glance│ │ │ └── init.sls│ │ └── nova│ │ └── init.sls│ └── top.sls└── salt └── openstack ├── chrony │ ├─
复制链接

扫一扫