2021-11-09

最新推荐文章于 2023-03-15 13:59:56 发布

CrimeHero

最新推荐文章于 2023-03-15 13:59:56 发布

阅读量105

点赞数

文章标签： centos linux 运维 openstack

本文链接：https://blog.csdn.net/weixin_44349806/article/details/121221663

版权

一、变量设置

set -e -x

CONTROLLER_IP="192.168.0.1"
CTRL_HOST_NAME="rocky-xxx"
ALL_PASS="111111"
NTP_SERVER="192.168.0.100"

二、基础环境设置

yum -y install vim
yum -y install net-tools
yum -y install expect

sleep 5
#
hostnamectl set-hostname ${CTRL_HOST_NAME}

#
systemctl stop firewalld
systemctl disable firewalld

#
cp /etc/selinux/config /etc/selinux/config.bak.$(date +%Y%m%d)_$(date +%H%M%S)
sed -i "/SELINUX=enforcing/cSELINUX=disabled" /etc/selinux/config
setenforce 0

#
cp /etc/chrony.conf /etc/chrony.conf.bak.$(date +%Y%m%d)_$(date +%H%M%S)
sed -i "/server 0.centos.pool.ntp.org iburst/cserver {NTP_SERVER} iburst" /etc/chrony.conf
sed -i "/centos.pool.ntp.org/d" /etc/chrony.conf
systemctl enable chronyd
systemctl restart chronyd
sleep 2
chronyc sources
timedatectl set-timezone Asia/Shanghai
date
sleep 3

三、安装包

yum -y install openstack-utils
yum -y install python-openstackclient
yum -y install openstack-selinux

四、SQL

yum -y install mariadb
yum -y install mariadb-server
yum -y install python2-PyMySQL

#
touch /etc/my.cnf.d/openstack.cnf
openstack-config --set /etc/my.cnf.d/openstack.cnf mysqld bind-address ${CONTROLLER_IP}
openstack-config --set /etc/my.cnf.d/openstack.cnf mysqld 
openstack-config --set /etc/my.cnf.d/openstack.cnf mysqld default-storage-engine innodb
openstack-config --set /etc/my.cnf.d/openstack.cnf mysqld innodb_file_per_table on
openstack-config --set /etc/my.cnf.d/openstack.cnf mysqld max_connections 4096
openstack-config --set /etc/my.cnf.d/openstack.cnf mysqld collation-server utf8_general_ci
openstack-config --set /etc/my.cnf.d/openstack.cnf mysqld character-set-server utf8
#
systemctl enable mariadb.service
systemctl start mariadb.service
systemctl status mariadb.service
sleep 1
#
mysql_secure_installation <<EOF

y
$ALL_PASS
$ALL_PASS
y
y
y
y
EOF

五、rabbitmq、memcached、ETCD

yum install rabbitmq-server -y
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
systemctl status rabbitmq-server.service
sleep 1
rabbitmqctl add_user openstack ${ALL_PASS}
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

yum -y install memcached
yum -y install python-memcached

cp /etc/sysconfig/memcached /etc/sysconfig/memcached.bak.$(date +%Y%m%d)_$(date +%H%M%S)
sed -i "/OPTIONS=\"-l 127.0.0.1,::1\"/cOPTIONS=\"-l 127.0.0.1,::1,$CONTROLLER_IP\""  /etc/sysconfig/memcached
#
systemctl enable memcached.service
systemctl start memcached.service
systemctl status memcached.service
sleep 2

yum install etcd -y
cp /etc/etcd/etcd.conf /etc/etcd/etcd.conf.bak.$(date +%Y%m%d)_$(date +%H%M%S)
sed -i '/ETCD_DATA_DIR/cETCD_DATA_DIR="/var/lib/etcd/default.etcd"' /etc/etcd/etcd.conf
sed -i "/ETCD_LISTEN_PEER_URLS/cETCD_LISTEN_PEER_URLS=\"http://$CONTROLLER_IP:2380\"" /etc/etcd/etcd.conf
sed -i "/ETCD_LISTEN_CLIENT_URLS/cETCD_LISTEN_CLIENT_URLS=\"http://$CONTROLLER_IP:2379\"" /etc/etcd/etcd.conf
sed -i "/ETCD_NAME/cETCD_NAME=\"$CON_HOST_NAME\"" /etc/etcd/etcd.conf
sed -i "/ETCD_INITIAL_ADVERTISE_PEER_URLS/cETCD_INITIAL_ADVERTISE_PEER_URLS=\"http://$CONTROLLER_IP:2380\"" /etc/etcd/etcd.conf
sed -i "/ETCD_ADVERTISE_CLIENT_URLS/cETCD_ADVERTISE_CLIENT_URLS=\"http://$CONTROLLER_IP:2379\"" /etc/etcd/etcd.conf
sed -i "/ETCD_INITIAL_CLUSTER=/cETCD_INITIAL_CLUSTER=\"$CON_HOST_NAME=http://$CONTROLLER_IP:2380\"" /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER_TOKEN/cETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER_STATE/cETCD_INITIAL_CLUSTER_STATE="new"' /etc/etcd/etcd.conf

systemctl enable etcd
systemctl start etcd
systemctl status etcd
sleep 2

六、KeyStone

mysql -N -uroot -p$ALL_PASS<<EOF
DROP DATABASE if exists keystone;
CREATE DATABASE if not exists keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$ALL_PASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$ALL_PASS';
EOF


#安装
yum install openstack-keystone -y
yum install httpd -y
yum install mod_wsgi -y

#
cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak.$(date +%Y%m%d)_$(date +%H%M%S)
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:$ALL_PASS@$CONTROLLER_IP/keystone
openstack-config --set /etc/keystone/keystone.conf token provider fernet

#
su -s /bin/sh -c "keystone-manage db_sync" keystone

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
#
keystone-manage bootstrap --bootstrap-password $ALL_PASS \
  --bootstrap-admin-url http://$CONTROLLER_IP:5000/v3/ \
  --bootstrap-internal-url http://$CONTROLLER_IP:5000/v3/ \
  --bootstrap-public-url http://$CONTROLLER_IP:5000/v3/ \
  --bootstrap-region-id RegionOne
#
#ServerName 
sed -i "/#ServerName/aServerName $CONTROLLER_IP" /etc/httpd/conf/httpd.conf
#
#Create a link
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
#
#开机自启和开始httpd.service
systemctl enable httpd.service
systemctl start httpd.service
systemctl status httpd.service
#
#Configure the administrative account
export OS_USERNAME=admin
export OS_PASSWORD=$ALL_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://$CONTROLLER_IP:5000/v3
export OS_IDENTITY_API_VERSION=3
#
#Create a domain, projects, users, and roles
#
openstack domain create --description "An Example Domain" example
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" myproject
#
#嵌套执行expect命令，完成openstack user create --domain default --password-prompt demo自动交互
/usr/bin/expect << EOF
set timeout 15
spawn openstack user create --domain default --password-prompt myuser
expect "User*"
send "$ALL_PASS\r"
expect "Repeat *"
send "$ALL_PASS\r"
expect eof
EOF
#
openstack role create myrole
openstack role add --project myproject --user myuser myrole
#
#Verify operation
unset OS_AUTH_URL OS_PASSWORD
/usr/bin/expect << EOF
set timeout 15
spawn openstack --os-auth-url http://$CONTROLLER_IP:35357/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name admin --os-username admin token issue
expect "*Password*"
send "$ALL_PASS\r"
expect eof
EOF
#
/usr/bin/expect << EOF
set timeout 15
spawn openstack --os-auth-url http://$CONTROLLER_IP:5000/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name myproject --os-username myuser token issue
expect "*Password*"
send "$ALL_PASS\r"
expect eof
EOF
#
#Create admin-openrc
touch /root/admin-openrc
echo "export OS_PROJECT_DOMAIN_NAME=Default" >/root/admin-openrc
echo "export OS_USER_DOMAIN_NAME=Default" >>/root/admin-openrc
echo "export OS_PROJECT_NAME=admin" >>/root/admin-openrc
echo "export OS_USERNAME=admin" >>/root/admin-openrc
echo "export OS_PASSWORD=$ALL_PASS" >>/root/admin-openrc
echo "export OS_AUTH_URL=http://$CONTROLLER_IP:5000/v3" >>/root/admin-openrc
echo "export OS_IDENTITY_API_VERSION=3" >>/root/admin-openrc
echo "export OS_IMAGE_API_VERSION=2" >>/root/admin-openrc
#
#Create demo-openrc
touch /root/demo-openrc
echo "export OS_PROJECT_DOMAIN_NAME=Default" >/root/demo-openrc
echo "export OS_USER_DOMAIN_NAME=Default" >>/root/demo-openrc
echo "export OS_PROJECT_NAME=myuser" >>/root/demo-openrc
echo "export OS_USERNAME=demo" >>/root/demo-openrc
echo "export OS_PASSWORD=$ALL_PASS" >>/root/demo-openrc
echo "export OS_AUTH_URL=http://$CONTROLLER_IP:5000/v3" >>/root/demo-openrc
echo "export OS_IDENTITY_API_VERSION=3" >>/root/demo-openrc
echo "export OS_IMAGE_API_VERSION=2" >>/root/demo-openrc
#
source  /root/admin-openrc
openstack token issue
sleep 2

七、glance

mysql -N -uroot -p$ALL_PASS<<EOF
DROP DATABASE if exists glance;
CREATE DATABASE if not exists glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '$ALL_PASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '$ALL_PASS';
EOF
#
source /root/admin-openrc
#
/usr/bin/expect << EOF
set timeout 15
spawn openstack user create --domain default --password-prompt glance
expect "User*"
send "$ALL_PASS\r"
expect "Repeat*"
send "$ALL_PASS\r"
expect eof
EOF
#
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
#
openstack endpoint create --region RegionOne image public http://$CONTROLLER_IP:9292
openstack endpoint create --region RegionOne image internal http://$CONTROLLER_IP:9292
openstack endpoint create --region RegionOne image admin http://$CONTROLLER_IP:9292
#
#安装openstack-glance
yum install openstack-glance -y
#
#备份glance-api.conf文件后再编辑它
#[]
cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak.$(date +%Y%m%d)_$(date +%H%M%S)

openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:$ALL_PASS@$CONTROLLER_IP/glance

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://$CONTROLLER_IP:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://$CONTROLLER_IP:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers $CONTROLLER_IP:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default 
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password ${ALL_PASS}

openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone

openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/

cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak$(date +%Y%m%d)_$(date +%H%M%S)
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:$ALL_PASS@$CONTROLLER_IP/glance

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri http://$CONTROLLER_IP:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://$CONTROLLER_IP:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers $CONTROLLER_IP:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password ${ALL_PASS}

openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone

su -s /bin/sh -c "glance-manage db_sync" glance

systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
systemctl status openstack-glance-api.service openstack-glance-registry.service
sleep 2
#

八、Nova

mysql -N -uroot -p$ALL_PASS<<EOF
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '$ALL_PASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '$ALL_PASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '$ALL_PASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '$ALL_PASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '$ALL_PASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '$ALL_PASS';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '$ALL_PASS';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '$ALL_PASS';
EOF
#
#
source /root/admin-openrc
/usr/bin/expect << EOF
set timeout 15
spawn openstack user create --domain default --password-prompt nova
expect "User*"
send "$ALL_PASS\r"
expect "Repeat*"
send "$ALL_PASS\r"
expect eof
EOF
#
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
#
openstack endpoint create --region RegionOne compute public http://$CONTROLLER_IP:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://$CONTROLLER_IP:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://$CONTROLLER_IP:8774/v2.1
#
#Placement
/usr/bin/expect << EOF
set timeout 15
spawn openstack user create --domain default --password-prompt placement
expect "User*"
send "$ALL_PASS\r"
expect "Repeat*"
send "$ALL_PASS\r"
expect eof
EOF
#
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
#
openstack endpoint create --region RegionOne placement public http://$CONTROLLER_IP:8778
openstack endpoint create --region RegionOne placement internal http://$CONTROLLER_IP:8778
openstack endpoint create --region RegionOne placement admin http://$CONTROLLER_IP:8778
#
#安装openstack-nova-*(api conductor console novncproxy scheduler placement)
yum -y install openstack-nova-api
yum -y install openstack-nova-conductor
yum -y install openstack-nova-console
yum -y install openstack-nova-novncproxy
yum -y install openstack-nova-scheduler
yum -y install openstack-nova-placement-api
#
cp /etc/nova/nova.conf /etc/nova/nova.conf.bak.$(date +%Y%m%d)_$(date +%H%M%S)
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:$ALL_PASS@$CONTROLLER_IP
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip $CONTROLLER_IP
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron true
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver

openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:$ALL_PASS@$CONTROLLER_IP/nova_api

openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:$ALL_PASS@$CONTROLLER_IP/nova

openstack-config --set /etc/nova/nova.conf placement_database connection mysql+pymysql://placement:$ALL_PASS@$CONTROLLER_IP/placement

openstack-config --set /etc/nova/nova.conf api auth_strategy keystone

openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://$CONTROLLER_IP:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers $CONTROLLER_IP:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password ${ALL_PASS}

openstack-config --set /etc/nova/nova.conf vnc enabled true
openstack-config --set /etc/nova/nova.conf vnc server_listen \$my_ip
openstack-config --set /etc/nova/nova.conf vnc server_proxyclient_address \$my_ip

openstack-config --set /etc/nova/nova.conf glance api_servers http://$CONTROLLER_IP:9292

openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp

openstack-config --set /etc/nova/nova.conf placement os_region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set /etc/nova/nova.conf placement auth_url http://$CONTROLLER_IP:5000/v3
openstack-config --set /etc/nova/nova.conf placement username placement 
openstack-config --set /etc/nova/nova.conf placement password ${ALL_PASS}

#
#备份文件00-nova-placement-api.conf后再编辑它
cp /etc/httpd/conf.d/00-nova-placement-api.conf /etc/httpd/conf.d/00-nova-placement-api.conf.bak
echo "
<Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
</Directory>
" >> /etc/httpd/conf.d/00-nova-placement-api.conf
#
systemctl restart httpd
systemctl status httpd
sleep 2
#

su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
#

su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
#
#
#开机自启和开启服务
systemctl enable openstack-nova-api.service \
  openstack-nova-consoleauth openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
  openstack-nova-consoleauth openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service
#
#Verify operation
source /root/admin-openrc
openstack compute service list
openstack catalog list
openstack image list
nova-status upgrade check
sleep 3

九、Neutron

mysql -N -uroot -p$ALL_PASS<<EOF
DROP DATABASE if exists neutron;
CREATE DATABASE if not exists neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '$ALL_PASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '$ALL_PASS';
EOF
#
source /root/admin-openrc
#
/usr/bin/expect << EOF
spawn openstack user create --domain default --password-prompt neutron
expect "User*"
send "$ALL_PASS\r"
expect "Repeat*"
send "$ALL_PASS\r"
expect eof
EOF
#
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
#
openstack endpoint create --region RegionOne network public http://$CONTROLLER_IP:9696
openstack endpoint create --region RegionOne network internal http://$CONTROLLER_IP:9696
openstack endpoint create --region RegionOne network admin http://$CONTROLLER_IP:9696
#
#安装
yum -y install openstack-neutron
yum -y install openstack-neutron-ml2
yum -y install openstack-neutron-openvswitch
yum -y install ebtables

cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak.$(date +%Y%m%d)_$(date +%H%M%S)
openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:$ALL_PASS@$CONTROLLER_IP/neutron

openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips true 
openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:$ALL_PASS@$CONTROLLER_IP
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes true
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes true

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://$CONTROLLER_IP:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://$CONTROLLER_IP:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers $CONTROLLER_IP:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password $ALL_PASS

openstack-config --set /etc/neutron/neutron.conf nova auth_url http://$CONTROLLER_IP:5000
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name Default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name Default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password ${ALL_PASS}

openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp

cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak.$(date +%Y%m%d)_$(date +%H%M%S)
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan,vlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch,l2population
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vlan network_vlan_ranges physicnet:1000:2000

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 20000:21000

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset true 
#

cp /etc/neutron/plugins/ml2/openvswitch_agent.ini /etc/neutron/plugins/ml2/openvswitch_agent.ini.bak.$(date +%Y%m%d)_$(date +%H%M%S)

#sed -i "/tunnel_types = /atunnel_types = vxlan" /etc/neutron/plugins/ml2/openvswitch_agent.ini

#sed -i "/\[ovs]$/alocal_ip = 10.214.1.2" /etc/neutron/plugins/ml2/openvswitch_agent.ini
#sed -i "/\[ovs]$/atun_peer_patch_port = patch-int" /etc/neutron/plugins/ml2/openvswitch_agent.ini
#sed -i "/\[ovs]$/aint_peer_patch_port = patch-tun" /etc/neutron/plugins/ml2/openvswitch_agent.ini
#sed -i "/\[ovs]$/atunnel_bridge = br-tun" /etc/neutron/plugins/ml2/openvswitch_agent.ini

openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini securitygroup enable_security_group true

cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak.$(date +%Y%m%d)_$(date +%H%M%S)
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver

cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak.$(date +%Y%m%d)_$(date +%H%M%S)

openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata true

sed -i "/force_metadata = /aforce_metadata = true" /etc/neutron/dhcp_agent.ini

cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak.$(date +%Y%m%d)_$(date +%H%M%S)
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host $CONTROLLER_IP
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret $ALL_PASS


#再次编辑nova.conf
openstack-config --set /etc/nova/nova.conf neutron url http://$CONTROLLER_IP:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://$CONTROLLER_IP:5000
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name Default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name Default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password $ALL_PASS
openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy true
openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret $ALL_PASS

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

systemctl restart openstack-nova-api.service

systemctl enable neutron-server.service \
  neutron-openvswitch-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service neutron-l3-agent.service
systemctl start neutron-server.service \
  neutron-openvswitch-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service neutron-l3-agent.service
systemctl status neutron-server.service \
  neutron-openvswitch-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service neutron-l3-agent.service

sleep 2

十、dashboard

yum install openstack-dashboard -y
#
#/etc/openstack-dashboard/local_settings
cp /etc/openstack-dashboard/local_settings /etc/openstack-dashboard/local_settings.bak.$(date +%Y%m%d)_$(date +%H%M%S)

sed -i "/OPENSTACK_HOST = /cOPENSTACK_HOST = \"$CONTROLLER_IP\"" /etc/openstack-dashboard/local_settings

sed -i "/ALLOWED_HOSTS = /cALLOWED_HOSTS = ['*']" /etc/openstack-dashboard/local_settings
#SESSION_ENGINE = 'django.contrib.sessions.backends.cache' 
#CACHES
sed -i "/^CACHES =/iSESSION_ENGINE = 'django.contrib.sessions.backends.cache'" /etc/openstack-dashboard/local_settings
sed -i "/^[ \t]*'BACKEND'/a\\ \t'LOCATION': '$CONTROLLER_IP:11211'," /etc/openstack-dashboard/local_settings
sed -i 's/django.core.cache.backends.locmem.LocMemCache/django.core.cache.backends.memcached.MemcachedCache/g' /etc/openstack-dashboard/local_settings
#
sed -i "/OPENSTACK_KEYSTONE_URL/cOPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST" /etc/openstack-dashboard/local_settings
#
sed -i "/OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT/cOPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True" /etc/openstack-dashboard/local_settings
#OPENSTACK_API_VERSIONS = {
#    "identity": 3,
#    "image": 2,
#    "volume": 2,
#}
sed -i "s/#OPENSTACK_API_VERSIONS/OPENSTACK_API_VERSIONS/g" /etc/openstack-dashboard/local_settings
sed -i "/#    \"identity\": 3,/c\\    \"identity\": 3," /etc/openstack-dashboard/local_settings
sed -i "/#    \"image\": 2,/c\\    \"image\": 2," /etc/openstack-dashboard/local_settings
sed -i "/#    \"volume\": 2,/c\\    \"volume\": 2," /etc/openstack-dashboard/local_settings
sed -i "/#    \"compute\": 2,/a}" /etc/openstack-dashboard/local_settings
#
sed -i "/#OPENSTACK_KEYSTONE_DEFAULT_DOMAIN/cOPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\"" /etc/openstack-dashboard/local_settings
sed -i "/OPENSTACK_KEYSTONE_DEFAULT_ROLE/cOPENSTACK_KEYSTONE_DEFAULT_ROLE = \"user\"" /etc/openstack-dashboard/local_settings
#OPENSTACK_NEUTRON_NETWORK = {
#    ...
#    'enable_router': False,
#    'enable_quotas': False,
#    'enable_distributed_router': False,
#    'enable_ha_router': False,
#    'enable_lb': False,
#    'enable_firewall': False,
#    'enable_vpn': False,
#    'enable_fip_topology_check': False,
#}
#
#/etc/httpd/conf.d/openstack-dashboard.conf
cp /etc/httpd/conf.d/openstack-dashboard.conf /etc/httpd/conf.d/openstack-dashboard.conf.bak
sed -i "/WSGIScriptAlias/iWSGIApplicationGroup %{GLOBAL}" /etc/httpd/conf.d/openstack-dashboard.conf
#
systemctl restart httpd.service memcached.service
#


#fwaas
yum install openstack-neutron-fwaas -y
neutron-db-manage --subproject neutron-fwaas upgrade head
#lbaasv2
yum install openstack-neutron-lbaas -y
neutron-db-manage --subproject neutron-lbaas upgrade head
#vpnaas
yum install openstack-neutron-vpnaas -y
neutron-db-manage --subproject neutron-vpnaas upgrade head
#

:<<!
source /root/admin-openrc

openstack image create "cirros" --file "$0" --disk-format qcow2 --container-format bare --public
openstack image list

openstack compute service list --service nova-compute
#Discover compute hosts
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
!