总体结构
/srv/
├── pillar
│ ├── openstack
│ │ ├── glance
│ │ │ └── init.sls
│ │ └── nova
│ │ └── init.sls
│ └── top.sls
└── salt
└── openstack
├── chrony
│ ├── files
│ │ └── chrony.conf
│ └── service.sls
├── glance
│ ├── glance-api.conf
│ ├── glance-registry.conf
│ ├── init.sls
│ └── map.jinja
├── keystone
│ ├── endpoint.sls
│ ├── files
│ │ ├── httpd.conf
│ │ ├── keystone.conf
│ │ └── wsgi-keystone.conf
│ ├── init.sls
│ ├── install.sls
│ └── user.sls
├── memcached
│ ├── files
│ │ └── memcached
│ └── install.sls
├── mysql
│ ├── files
│ │ └── my.cnf
│ ├── glance.sls
│ ├── init.sls
│ ├── install.sls
│ ├── keystone.sls
│ ├── neutron.sls
│ └── nova.sls
├── nova_compute
│ ├── init.sls
│ ├── map.jinja
│ ├── nova-compute.conf
│ └── nova.conf
├── nova_server
│ ├── init.sls
│ ├── map.jinja
│ └── nova.conf
├── rabbitmq
│ └── install.sls
└── yum
├── install.sls
└── yum.repo
/srv/pillar/openstack/glance/init.sls
glance:
dbserver: 172.25.50.101
server: 172.25.50.101
dbname: glance
dbuser: glance
dbpass: glance
dbclienthost: '%'
database: glance.*
user: glance
pass: glance
email: root@root
/srv/pillar/openstack/neutron/init.sls
neutron:
dbserver: 172.25.50.101
server: 172.25.50.101
dbname: neutron
dbuser: neutron
dbpass: neutron
dbclienthost: '%'
database: neutron.*
user: neutron
pass: neutron
email: root@root
metadata_proxy_shared_secret
/srv/pillar/openstack/nova/init.sls
nova:
dbserver: 172.25.50.101
server: 172.25.50.101
dbname: nova
dbuser: nova
dbpass: nova
dbclienthost: '%'
database: nova.*
user: nova
pass: nova
email: root@root
compute:
mgmt: compute
yum
yum/
├── install.sls
└── yum.repo
0 directories, 2 files
/srv/salt/openstack/yum/install.sls
install:
file.managed:
- name: /etc/yum.repos.d/yum.repo
- source: salt://openstack/yum/yum.repo
cmd.run:
- name: yum upgrade -y && touch /etc/yum.repos.d/yum_upgrade
- unless: test -f /etc/yum.repos.d/yum_upgrade
chrony
chrony/
├── files
│ └── chrony.conf
└── service.sls
1 directory, 2 files
/srv/salt/openstack/chrony/service.sls
chrony-service:
pkg.installed:
- name: chrony
file.managed:
- name: /etc/chrony.conf
- source: salt://openstack/chrony/files/chrony.conf
service.running:
- name: chronyd
- enable: True
- watch:
- file: chrony-service
cmd.run:
- name: chronyc sources -v
- watch:
- file: chrony-service
MySQL
mysql/
├── files
│ └── my.cnf
├── glance.sls
├── init.sls
├── install.sls
├── keystone.sls
├── neutron.sls
└── nova.sls
1 directory, 7 files
/srv/salt/openstack/mysql/install.sls
include:
- openstack.yum.install
mariadb-install:
pkg.installed:
- pkgs:
- python-openstackclient
- mariadb
- mariadb-server
- MySQL-python
/etc/my.cnf:
file.managed:
- source: salt://openstack/mysql/files/my.cnf
- require:
- pkg: mariadb-install
mariadb-service:
service.running:
- name: mariadb
- enable: True
- watch:
- file: /etc/my.cnf
- require:
- pkg: mariadb-install
cmd.run:
- name: mysql -e "UPDATE mysql.user SET Password=PASSWORD('westos') WHERE User='root';DELETE FROM mysql.user WHERE User='';DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');DROP DATABASE IF EXISTS test;FLUSH PRIVILEGES;" && touch /etc/mariadb-init.lock
- unless: test -f /etc/mariadb-init.lock
/srv/salt/openstack/mysql/keystone.sls
#mysql-keystone:
# cmd.run:
# - names:
# - mysql -pwestos -e "CREATE DATABASE keystone;"
# - mysql -pwestos -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"
# - mysql -pwestos -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"
mysql-keystone:
mysql_database.present:
- name: keystone
- connection_user: root
- connection_pass: westos
mysql_user.present:
- hosts:
- '%'
- 'localhost'
- name: keystone
- password: keystone
- connection_user: root
- connection_pass: westos
mysql_grants.present:
- grant: all
- database: keystone.*
- user: keystone
- hosts:
- '%'
- 'localhost'
- connection_user: root
- connection_pass: westos
/srv/salt/openstack/mysql/glance.sls
#mysql-glance:
# cmd.run:
# - names:
# - mysql -pwestos -e "CREATE DATABASE glance;"
# - mysql -pwestos -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';"
# - mysql -pwestos -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';"
mysql-glance:
mysql_database.present:
- name: glance
- connection_user: root
- connection_pass: westos
mysql_user.present:
- host: '%'
- name: glance
- password: glance
- connection_user: root
- connection_pass: westos
mysql_grants.present:
- grant: all
- database: glance.*
- user: glance
- host: '%'
- connection_user: root
- connection_pass: westos
/srv/salt/openstack/mysql/nova.sls
#mysql-nova_api:
# cmd.run:
# - names:
# - mysql -pwestos -e "CREATE DATABASE nova_api;"
# - mysql -pwestos -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
# - mysql -pwestos -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
#
#mysql-nova:
# cmd.run:
# - names:
# - mysql -pwestos -e "CREATE DATABASE nova;"
# - mysql -pwestos -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
# - mysql -pwestos -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
mysql-nova-user:
mysql_user.present:
- host: '%'
- name: nova
- password: nova
- connection_user: root
- connection_pass: westos
mysql-nova-api:
mysql_database.present:
- name: nova_api
- connection_user: root
- connection_pass: westos
mysql_grants.present:
- grant: all
- database: nova_api.*
- user: nova
- host: '%'
- connection_user: root
- connection_pass: westos
mysql-nova:
mysql_database.present:
- name: nova
- connection_user: root
- connection_pass: westos
mysql_grants.present:
- grant: all
- database: nova.*
- user: nova
- host: '%'
- connection_user: root
- connection_pass: westos
/srv/salt/openstack/mysql/neutron.sls
#mysql-neutron:
# cmd.run:
# - names:
# - mysql -pwestos -e "CREATE DATABASE neutron;"
# - mysql -pwestos -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';"
# - mysql -pwestos -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';"
mysql-neutron:
mysql_database.present:
- name: neutron
- connection_user: root
- connection_pass: westos
mysql_user.present:
- host: '%'
- name: neutron
- password: neutron
- connection_user: root
- connection_pass: westos
mysql_grants.present:
- grant: all
- database: neutron.*
- user: neutron
- host: '%'
- connection_user: root
- connection_pass: westos
/srv/salt/openstack/mysql/init.sls
include:
- openstack.mysql.install
- openstack.mysql.keystone
- openstack.mysql.glance
- openstack.mysql.nova
- openstack.mysql.neutron
keystone
keystone/
├── endpoint.sls
├── files
│ ├── httpd.conf
│ ├── keystone.conf
│ └── wsgi-keystone.conf
├── init.sls
├── install.sls
└── user.sls
1 directory, 7 files
/srv/salt/openstack/keystone/install.sls
keystone-install:
pkg.installed:
- pkgs:
- openstack-keystone
- httpd
- mod_wsgi
- python-keystoneclient
file.managed:
- name: /etc/keystone/keystone.conf
- source: salt://openstack/keystone/files/keystone.conf
cmd.run:
- name: su -s /bin/sh -c "keystone-manage db_sync" keystone && touch /etc/keystone-dbsync.lock
- unless: test -f /etc/keystone-dbsync.lock
- require:
- mysql_grants: mysql-keystone
fernet-keys:
- cmd.run: keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone && touch /etc/fernet-keys.lock
- unless: test -f /etc/fernet-keys.lock
- require:
- cmd: keystone-install
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://openstack/keystone/files/httpd.conf
openstack-keystone:
file.managed:
- name: /etc/httpd/conf.d/wsgi-keystone.conf
- source: salt://openstack/keystone/files/wsgi-keystone.conf
- require:
- file: /etc/httpd/conf/httpd.conf
service.running:
- name: httpd
- enable: True
- require:
- cmd: fernet-keys
- watch:
- file: /etc/httpd/conf/httpd.conf
openstack-domain:
cmd.run:
- names:
- openssl rand -hex 10 > /mnt/openssl
- export OS_TOKEN=`cat /mnt/openssl` && export OS_URL=http://172.25.50.1:35357/v3 && export OS_IDENTITY_API_VERSION=3 && openstack domain create --description "Default Domain" default && touch /etc/openstack-domain.lock
- unless: test -f /etc/openstack-domain.lock
/srv/salt/openstack/keystone/user.sls
admin project:
keystone.project_present:
- name: admin
- description: "Admin Project"
- enabled: True
demo project:
keystone.project_present:
- name: demo
- description: "Demo Project"
service porject:
keystone.project_present:
- name: service
- description: "Service Project"
keystone roles:
keystone.role_present:
- names:
- admin
- user
admin:
keystone.user_present:
- password: 'admin'
- email: admin@domain.com
- roles:
admin:
- admin
- project: admin
- require:
- keystone: admin project
- keystone: keystone roles
demo:
keystone.user_present:
- password: 'demo'
- email: demo@domain.com
- roles:
demo:
- user
- project: demo
- require:
- keystone: demo project
- keystone: keystone roles
/srv/salt/openstack/keystone/init.sls
include:
- openstack.keystone.install
- openstack.keystone.endpoint
- openstack.keystone.user
glance
keystone/
├── endpoint.sls
├── files
│ ├── httpd.conf
│ ├── keystone.conf
│ └── wsgi-keystone.conf
├── init.sls
├── install.sls
└── user.sls
1 directory, 7 files
/srv/salt/openstack/glance/init.sls
glance:
pkg:
- installed
glance-api:
service.running:
- watch:
- file: /etc/glance/glance-api.conf
- require:
- file: /etc/glance/glance-api.conf
/etc/glance/glance-api.conf:
file.managed:
- source: salt://openstack/glance/glance-api.conf
- user: glance
- group: glance
- mode: 640
- template: jinja
- require:
- pkg: glance
glance-registry:
service.running:
- watch:
- file: /etc/glance/glance-registry.conf
- require:
- file: /etc/glance/glance-registry.conf
/etc/glance/glance-registry.conf:
file.managed:
- source: salt://openstack/glance/glance-registry.conf
- user: glance
- group: glance
- mode: 640
- template: jinja
- require:
- pkg: glance
glance_service:
keystone.service_present:
- name: glance
- service_type: image
- description: OpenStack Image Service
nova_server
nova_server/
├── init.sls
├── map.jinja
└── nova.conf
0 directories, 3 files
/srv/salt/openstack/nova_server/init.sls
nova_server:
pkg.installed:
- pkgs:
- nova-api
- nova-cert
- nova-conductor
- nova-consoleauth
- nova-novncproxy
- nova-scheduler
- python-novaclient
/etc/nova/nova.conf:
file.managed:
- source: salt://openstack/nova_server/nova.conf
- user: nova
- group: nova
- mode: 640
- template: jinja
- require:
- pkg: nova_server
nova_services:
service.running:
- names:
- nova-api
- nova-cert
- nova-consoleauth
- nova-scheduler
- nova-conductor
- nova-novncproxy
- watch:
- file: /etc/nova/nova.conf
- require:
- file: /etc/nova/nova.conf
nova_service:
keystone.service_present:
- name: nova
- service_type: compute
- description: OpenStack Compute
nova_compet
nova_compute/
├── init.sls
├── map.jinja
├── nova-compute.conf
└── nova.conf
0 directories, 4 files
/srv/salt/openstack/nova_compute/init.sls
nova-compute:
pkg.installed: []
service.running:
- watch:
- file: /etc/nova/nova.conf
- require:
- file: /etc/nova/nova.conf
/etc/nova/nova.conf:
file.managed:
- source: salt://openstack/nova_compute/nova.conf
- user: nova
- group: nova
- mode: 640
- template: jinja
- require:
- pkg: nova-compute
/etc/nova/nova-compute.conf:
file.managed:
- source: salt://openstack/nova_compute/nova-compute.conf
- user: nova
- group: nova
- mode: 640
- template: jinja
- require:
- pkg: nova-compute
###**memcached**
memcached/
├── files
│ └── memcached
└── install.sls
1 directory, 2 files
/srv/salt/openstack/memcached/install.sls
memcache-service:
pkg.installed:
- name: memcached
file.managed:
- name: /etc/sysconfig/memcached
- source: salt://openstack/memcached/files/memcached
service.running:
- name: memcached
- enable: True
- watch:
- file: memcache-service
##**rabbitmq**
rabbitmq/
└── install.sls
0 directories, 1 file
/srv/salt/openstack/rabbitmq/install.sls
rabbitmq-install:
pkg.installed:
- name: rabbitmq-server
service.running:
- name: rabbitmq-server
- enable: True
cmd.run:
- name: rabbitmqctl add_user openstack openstack && rabbitmqctl set_permissions openstack “.” “.” “.*” && touch /etc/rabbitmq-openstack.lock
- unless: test -f /etc/rabbitmq-openstack.lock
openstack:
rabbitmq_user.present:
- password: openstack
- perms:
- ‘/’:
- ‘.*’
- ‘.*’
- ‘.*’
- runas: rabbitmq
rabbitmq_management:
rabbitmq_plugin.enabled: []
“`