OpenStack Ussuri部署
Language : Shell
ISO : CentOS-8.4.2105-x86_64
简介:
(1)CentOS8上部署OpenStack Ussuri版本,通过实践发现跟CenOS7还是有部分区别的,同时实践过程中还是出现各种小毛病。
(2)此文为Shell纯脚本;
(3)关于镜像源设置,本文不做叙述。
一、变量设置
set -e -x
CONTROLLER_IP="192.168.1.xx"
CTRL_HOST_NAME="ussuri-ctrl"
ALL_PASS="123456"
NTP_SERVER="192.168.1.xx"
yum update -y
#以下命令行操作是因为使用的是第三方镜像源库,update后会多出系统生成的源镜像文件,避免对后面有影响,直接rm掉,这块根据自己环境而定。
rm -f /etc/yum.repos.d/CentOS-*
二、基础环境准备
#Install some soft
yum -y install vim
yum -y install net-tools
yum -y install expect
yum -y install crudini
sleep 5
#
hostnamectl set-hostname ${CTRL_HOST_NAME}
#
systemctl stop firewalld
systemctl disable firewalld
#
cp -p /etc/selinux/config /etc/selinux/config.bak.$(date +%Y%m%d)_$(date +%H%M%S)
sed -i "/SELINUX=enforcing/cSELINUX=disabled" /etc/selinux/config
setenforce 0
#
cp /etc/chrony.conf /etc/chrony.conf.bak.$(date +%Y%m%d)_$(date +%H%M%S)
echo "server ${NTP_SERVER} iburst" >> /etc/chrony.conf
systemctl enable chronyd
systemctl restart chronyd
sleep 2
chronyc sources
timedatectl set-timezone Asia/Shanghai
date
sleep 3
#
yum -y install python3-openstackclient
yum -y install openstack-selinux
#SQL
yum -y install mariadb
yum -y install mariadb-server
yum -y install python2-PyMySQL
#
touch /etc/my.cnf.d/openstack.cnf
crudini --set /etc/my.cnf.d/openstack.cnf mysqld bind-address ${CONTROLLER_IP}
crudini --set /etc/my.cnf.d/openstack.cnf mysqld default-storage-engine innodb
crudini --set /etc/my.cnf.d/openstack.cnf mysqld innodb_file_per_table on
crudini --set /etc/my.cnf.d/openstack.cnf mysqld max_connections 4096
crudini --set /etc/my.cnf.d/openstack.cnf mysqld collation-server utf8_general_ci
crudini --set /etc/my.cnf.d/openstack.cnf mysqld character-set-server utf8
#
systemctl enable mariadb.service
systemctl start mariadb.service
if [[ `systemctl is-active mariadb.service` != "active" ]];then
exit 0
fi
sleep 1
#
mysql_secure_installation <<EOF
y
$ALL_PASS
$ALL_PASS
y
y
y
y
EOF
#rabbitmq-server
yum -y install erlang
wget https://github.com/rabbitmq/rabbitmq-server/releases/download/v3.8.1/rabbitmq-server-3.8.1-1.el8.noarch.rpm
dnf -y install ./rabbitmq-server-3.8.1-1.el8.noarch.rpm
chkconfig rabbitmq-server on
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
if [[ `systemctl is-active rabbitmq-server.service` != "active" ]];then
exit 0
fi
sleep 1
rabbitmqctl add_user openstack ${ALL_PASS}
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
#Memcached
yum -y install memcached
yum -y install python3-memcached
cp /etc/sysconfig/memcached /etc/sysconfig/memcached.bak.$(date +%Y%m%d)_$(date +%H%M%S)
sed -i "/OPTIONS=\"-l 127.0.0.1,::1\"/cOPTIONS=\"-l 127.0.0.1,::1,$CONTROLLER_IP\"" /etc/sysconfig/memcached
#
systemctl enable memcached.service
systemctl start memcached.service
if [[ `systemctl is-active memcached.service` != "active" ]];then
exit 0
fi
sleep 2
#ETCD
yum install etcd -y
cp /etc/etcd/etcd.conf /etc/etcd/etcd.conf.bak.$(date +%Y%m%d)_$(date +%H%M%S)
sed -i '/ETCD_DATA_DIR/cETCD_DATA_DIR="/var/lib/etcd/default.etcd"' /etc/etcd/etcd.conf
sed -i "/ETCD_LISTEN_PEER_URLS/cETCD_LISTEN_PEER_URLS=\"http://$CONTROLLER_IP:2380\"" /etc/etcd/etcd.conf
sed -i "/ETCD_LISTEN_CLIENT_URLS/cETCD_LISTEN_CLIENT_URLS=\"http://$CONTROLLER_IP:2379\"" /etc/etcd/etcd.conf
sed -i "/ETCD_NAME/cETCD_NAME=\"$CON_HOST_NAME\"" /etc/etcd/etcd.conf
sed -i "/ETCD_INITIAL_ADVERTISE_PEER_URLS/cETCD_INITIAL_ADVERTISE_PEER_URLS=\"http://$CONTROLLER_IP:2380\"" /etc/etcd/etcd.conf
sed -i "/ETCD_ADVERTISE_CLIENT_URLS/cETCD_ADVERTISE_CLIENT_URLS=\"http://$CONTROLLER_IP:2379\"" /etc/etcd/etcd.conf
sed -i "/ETCD_INITIAL_CLUSTER=/cETCD_INITIAL_CLUSTER=\"$CON_HOST_NAME=http://$CONTROLLER_IP:2380\"" /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER_TOKEN/cETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER_STATE/cETCD_INITIAL_CLUSTER_STATE="new"' /etc/etcd/etcd.conf
systemctl enable etcd
systemctl start etcd
if [[ `systemctl is-active etcd` != "active" ]];then
exit 0
fi
sleep 2
三、KeyStone
#======Keystone=======#
mysql -u root -p${ALL_PASS}<<EOF
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '${ALL_PASS}';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '${ALL_PASS}';
EOF
yum -y install openstack-keystone
yum -y install httpd
#yum -y install mod_wsgi
yum -y install python3-mod_wsgi
cp -p /etc/keystone/keystone.conf /etc/keystone/keystone.conf.$(date +%Y%m%d)_$(date +%H%M%S)
crudini --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:${ALL_PASS}@${CONTROLLER_IP}/keystone
crudini --set /etc/keystone/keystone.conf token provider fernet
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password ${ALL_PASS} \
--bootstrap-admin-url http://${CONTROLLER_IP}:5000/v3/ \
--bootstrap-internal-url http://${CONTROLLER_IP}:5000/v3/ \
--bootstrap-public-url http://${CONTROLLER_IP}:5000/v3/ \
--bootstrap-region-id RegionOne
sed -i "/#ServerName/aServerName $CONTROLLER_IP" /etc/httpd/conf/httpd.conf
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable httpd.service
systemctl start httpd.service
export OS_USERNAME=admin
export OS_PASSWORD=${ALL_PASS}
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://${CONTROLLER_IP}:5000/v3
export OS_IDENTITY_API_VERSION=3
openstack domain create --description "An Example Domain" example
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" myproject
/usr/bin/expect << EOF
set timeout 15
spawn openstack user create --domain default --password-prompt myuser
expect "User*"
send "$ALL_PASS\r"
expect "Repeat *"
send "$ALL_PASS\r"
expect eof
EOF
openstack role create myrole
openstack role add --project myproject --user myuser myrole
unset OS_AUTH_URL OS_PASSWORD
/usr/bin/expect << EOF
set timeout 15
spawn openstack --os-auth-url http://${CONTROLLER_IP}:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
expect "*Password*"
send "$ALL_PASS\r"
expect eof
EOF
#
/usr/bin/expect << EOF
set timeout 15
spawn openstack --os-auth-url http://${CONTROLLER_IP}:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name myproject --os-username myuser token issue
expect "*Password*"
send "$ALL_PASS\r"
expect eof
EOF
#Create admin-openrc
touch /root/admin-openrc
echo "export OS_PROJECT_DOMAIN_NAME=Default" >/root/admin-openrc
echo "export OS_USER_DOMAIN_NAME=Default" >>/root/admin-openrc
echo "export OS_PROJECT_NAME=admin" >>/root/admin-openrc
echo "export OS_USERNAME=admin" >>/root/admin-openrc
echo "export OS_PASSWORD=${ALL_PASS}" >>/root/admin-openrc
echo "export OS_AUTH_URL=http://${CONTROLLER_IP}:5000/v3" >>/root/admin-openrc
echo "export OS_IDENTITY_API_VERSION=3" >>/root/admin-openrc
echo "export OS_IMAGE_API_VERSION=2" >>/root/admin-openrc
#Create demo-openrc
touch /root/demo-openrc
echo "export OS_PROJECT_DOMAIN_NAME=Default" >/root/demo-openrc
echo "export OS_USER_DOMAIN_NAME=Default" >>/root/demo-openrc
echo "export OS_PROJECT_NAME=myuser" >>/root/demo-openrc
echo "export OS_USERNAME=demo" >>/root/demo-openrc
echo "export OS_PASSWORD=${ALL_PASS}" >>/root/demo-openrc
echo "export OS_AUTH_URL=http://${CONTROLLER_IP}:5000/v3" >>/root/demo-openrc
echo "export OS_IDENTITY_API_VERSION=3" >>/root/demo-openrc
echo "export OS_IMAGE_API_VERSION=2" >>/root/demo-openrc
source /root/admin-openrc
openstack token issue
sleep 2
四、Glance
#======Glance=======#
mysql -u root -p${ALL_PASS}<<EOF
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '${ALL_PASS}';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '${ALL_PASS}';
EOF
source /root/admin-openrc
/usr/bin/expect << EOF
set timeout 15
spawn openstack user create --domain default --password-prompt glance
expect "User*"
send "$ALL_PASS\r"
expect "Repeat*"
send "$ALL_PASS\r"
expect eof
EOF
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://${CONTROLLER_IP}:9292
openstack endpoint create --region RegionOne image internal http://${CONTROLLER_IP}:9292
openstack endpoint create --region RegionOne image admin http://${CONTROLLER_IP}:9292
yum -y install openstack-glance
cp -p /etc/glance/glance-api.conf /etc/glance/glance-api.conf.$(date +%Y%m%d)_$(date +%H%M%S)
crudini --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:${ALL_PASS}@${CONTROLLER_IP}/glance
crudini --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://${CONTROLLER_IP}:5000
crudini --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://${CONTROLLER_IP}:5000
crudini --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers ${CONTROLLER_IP}:11211
crudini --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
crudini --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
crudini --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
crudini --set /etc/glance/glance-api.conf keystone_authtoken project_name service
crudini --set /etc/glance/glance-api.conf keystone_authtoken username glance
crudini --set /etc/glance/glance-api.conf keystone_authtoken password ${ALL_PASS}
crudini --set /etc/glance/glance-api.conf paste_deploy flavor keystone
crudini --set /etc/glance/glance-api.conf glance_store stores file,http
crudini --set /etc/glance/glance-api.conf glance_store default_store file
crudini --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service
systemctl start openstack-glance-api.service
五、Placement
#======placement=======#
mysql -u root -p${ALL_PASS}<<EOF
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '${ALL_PASS}';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '${ALL_PASS}';
EOF
source /root/admin-openrc
/usr/bin/expect << EOF
set timeout 15
spawn openstack user create --domain default --password-prompt placement
expect "User*"
send "$ALL_PASS\r"
expect "Repeat*"
send "$ALL_PASS\r"
expect eof
EOF
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://${CONTROLLER_IP}:8778
openstack endpoint create --region RegionOne placement internal http://${CONTROLLER_IP}:8778
openstack endpoint create --region RegionOne placement admin http://${CONTROLLER_IP}:8778
yum -y install openstack-placement-api
cp -p /etc/placement/placement.conf /etc/placement/placement.conf.$(date +%Y%m%d)_$(date +%H%M%S)
crudini --set /etc/placement/placement.conf placement_database connection mysql+pymysql://placement:${ALL_PASS}@${CONTROLLER_IP}/placement
crudini --set /etc/placement/placement.conf api auth_strategy keystone
crudini --set /etc/placement/placement.conf keystone_authtoken auth_url http://${CONTROLLER_IP}:5000/v3
crudini --set /etc/placement/placement.conf keystone_authtoken memcached_servers ${CONTROLLER_IP}:11211
crudini --set /etc/placement/placement.conf keystone_authtoken auth_type password
crudini --set /etc/placement/placement.conf keystone_authtoken project_domain_name Default
crudini --set /etc/placement/placement.conf keystone_authtoken user_domain_name Default
crudini --set /etc/placement/placement.conf keystone_authtoken project_name service
crudini --set /etc/placement/placement.conf keystone_authtoken username placement
crudini --set /etc/placement/placement.conf keystone_authtoken password ${ALL_PASS}
su -s /bin/sh -c "placement-manage db sync" placement
systemctl restart httpd
六、Nova
#======Nova=======#
mysql -u root -p${ALL_PASS}<<EOF
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '${ALL_PASS}';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '${ALL_PASS}';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '${ALL_PASS}';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '${ALL_PASS}';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '${ALL_PASS}';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '${ALL_PASS}';
EOF
source /root/admin-openrc
/usr/bin/expect << EOF
set timeout 15
spawn openstack user create --domain default --password-prompt nova
expect "User*"
send "$ALL_PASS\r"
expect "Repeat*"
send "$ALL_PASS\r"
expect eof
EOF
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://${CONTROLLER_IP}:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://${CONTROLLER_IP}:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://${CONTROLLER_IP}:8774/v2.1
yum -y install openstack-nova-api
yum -y install openstack-nova-conductor
yum -y install openstack-nova-novncproxy
yum -y install openstack-nova-scheduler
cp -p /etc/nova/nova.conf /etc/nova/nova.conf.$(date +%Y%m%d)_$(date +%H%M%S)
crudini --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
crudini --set /etc/nova/nova.conf DEFAULT my_ip ${CONTROLLER_IP}
crudini --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:${ALL_PASS}@${CONTROLLER_IP}:5672/
crudini --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:${ALL_PASS}@${CONTROLLER_IP}/nova_api
crudini --set /etc/nova/nova.conf database connection mysql+pymysql://nova:${ALL_PASS}@${CONTROLLER_IP}/nova
crudini --set /etc/nova/nova.conf api auth_strategy keystone
crudini --set /etc/nova/nova.conf keystone_authtoken www_authenticate_uri http://${CONTROLLER_IP}:5000/
crudini --set /etc/nova/nova.conf keystone_authtoken auth_url http://${CONTROLLER_IP}:5000/
crudini --set /etc/nova/nova.conf keystone_authtoken memcached_servers ${CONTROLLER_IP}:11211
crudini --set /etc/nova/nova.conf keystone_authtoken auth_type password
crudini --set /etc/nova/nova.conf keystone_authtoken project_domain_name Default
crudini --set /etc/nova/nova.conf keystone_authtoken user_domain_name Default
crudini --set /etc/nova/nova.conf keystone_authtoken project_name service
crudini --set /etc/nova/nova.conf keystone_authtoken username nova
crudini --set /etc/nova/nova.conf keystone_authtoken password ${ALL_PASS}
crudini --set /etc/nova/nova.conf vnc enabled true
crudini --set /etc/nova/nova.conf vnc server_listen \$my_ip
crudini --set /etc/nova/nova.conf vnc server_proxyclient_address \$my_ip
crudini --set /etc/nova/nova.conf glance api_servers http://${CONTROLLER_IP}:9292
crudini --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
crudini --set /etc/nova/nova.conf placement region_name RegionOne
crudini --set /etc/nova/nova.conf placement project_domain_name Default
crudini --set /etc/nova/nova.conf placement project_name service
crudini --set /etc/nova/nova.conf placement auth_type password
crudini --set /etc/nova/nova.conf placement user_domain_name Default
crudini --set /etc/nova/nova.conf placement auth_url http://${CONTROLLER_IP}:5000/v3
crudini --set /etc/nova/nova.conf placement username placement
crudini --set /etc/nova/nova.conf placement password ${ALL_PASS}
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
systemctl enable \
openstack-nova-api.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service
systemctl start \
openstack-nova-api.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service
七、Neutron
#======Neutron=======#
mysql -u root -p${ALL_PASS}<<EOF
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '${ALL_PASS}';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '${ALL_PASS}';
EOF
source /root/admin-openrc
/usr/bin/expect << EOF
set timeout 15
spawn openstack user create --domain default --password-prompt neutron
expect "User*"
send "$ALL_PASS\r"
expect "Repeat*"
send "$ALL_PASS\r"
expect eof
EOF
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://${CONTROLLER_IP}:9696
openstack endpoint create --region RegionOne network internal http://${CONTROLLER_IP}:9696
openstack endpoint create --region RegionOne network admin http://${CONTROLLER_IP}:9696
yum -y install openstack-neutron
yum -y install openstack-neutron-ml2
yum -y install openstack-neutron-openvswitch
yum -y install ebtables
cp -p /etc/neutron/neutron.conf /etc/neutron/neutron.conf.$(date +%Y%m%d)_$(date +%H%M%S)
crudini --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:${ALL_PASS}@${CONTROLLER_IP}/neutron
crudini --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins router
crudini --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips true
crudini --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:${ALL_PASS}@${CONTROLLER_IP}
crudini --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
crudini --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes true
crudini --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes true
crudini --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://${CONTROLLER_IP}:5000
crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://${CONTROLLER_IP}:5000
crudini --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers ${CONTROLLER_IP}:11211
crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
crudini --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name Default
crudini --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name Default
crudini --set /etc/neutron/neutron.conf keystone_authtoken project_name service
crudini --set /etc/neutron/neutron.conf keystone_authtoken username neutron
crudini --set /etc/neutron/neutron.conf keystone_authtoken password ${ALL_PASS}
crudini --set /etc/neutron/neutron.conf nova auth_url http://${CONTROLLER_IP}:5000
crudini --set /etc/neutron/neutron.conf nova auth_type password
crudini --set /etc/neutron/neutron.conf nova project_domain_name Default
crudini --set /etc/neutron/neutron.conf nova user_domain_name Default
crudini --set /etc/neutron/neutron.conf nova region_name RegionOne
crudini --set /etc/neutron/neutron.conf nova project_name service
crudini --set /etc/neutron/neutron.conf nova username nova
crudini --set /etc/neutron/neutron.conf nova password ${ALL_PASS}
crudini --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
cp -p /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.$(date +%Y%m%d)_$(date +%H%M%S)
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch,l2population
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset true
crudini --set /etc/neutron/plugins/ml2/openvswitch_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
crudini --set /etc/neutron/plugins/ml2/openvswitch_agent.ini enable_security_group true
crudini --set /etc/neutron/l3_agent.ini DEFAULT interface_driver openvswitch
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata true
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT force_metadata true
crudini --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host ${CONTROLLER_IP}
crudini --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret ${ALL_PASS}
crudini --set /etc/nova/nova.conf neutron auth_url http://${CONTROLLER_IP}:5000
crudini --set /etc/nova/nova.conf neutron auth_type password
crudini --set /etc/nova/nova.conf neutron project_domain_name Default
crudini --set /etc/nova/nova.conf neutron user_domain_name Default
crudini --set /etc/nova/nova.conf neutron region_name RegionOne
crudini --set /etc/nova/nova.conf neutron project_name service
crudini --set /etc/nova/nova.conf neutron username neutron
crudini --set /etc/nova/nova.conf neutron password ${ALL_PASS}
crudini --set /etc/nova/nova.conf neutron service_metadata_proxy true
crudini --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret ${ALL_PASS}
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service \
neutron-openvswitch-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-openvswitch-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
八、Dashboard
#======Dashboard=======#
yum -y install openstack-dashboard
#/etc/openstack-dashboard/local_settings
cp -p /etc/openstack-dashboard/local_settings /etc/openstack-dashboard/local_settings.bak.$(date +%Y%m%d)_$(date +%H%M%S)
#WEBROOT = '/dashboard/'
sed -i "/DEBUG =/aWEBROOT = '/dashboard/'" /etc/openstack-dashboard/local_settings
sed -i "/OPENSTACK_HOST = /cOPENSTACK_HOST = \"$CONTROLLER_IP\"" /etc/openstack-dashboard/local_settings
sed -i "/ALLOWED_HOSTS = /cALLOWED_HOSTS = ['*']" /etc/openstack-dashboard/local_settings
sed -i "/SESSION_ENGINE = /aSESSION_ENGINE = 'django.contrib.sessions.backends.file'" /etc/openstack-dashboard/local_settings
sed -i '/OPENSTACK_KEYSTONE_URL/cOPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST' /etc/openstack-dashboard/local_settings
sed -i "/OPENSTACK_KEYSTONE_URL =/aOPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True" /etc/openstack-dashboard/local_settings
sed -i "/OPENSTACK_KEYSTONE_URL =/aOPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\"" /etc/openstack-dashboard/local_settings
sed -i "/111 =/aOPENSTACK_KEYSTONE_DEFAULT_ROLE = \"user\"" /etc/openstack-dashboard/local_settings
sed -i '/TIME_ZONE/c#TIME_ZONE = "Asia/Shanghai"' /etc/openstack-dashboard/local_settings
echo "CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '$CONTROLLER_IP:11211',
}
}" >> local_settings
echo "OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}" >> local_settings
echo "WSGIApplicationGroup %{GLOBAL}" >>/etc/httpd/conf.d/openstack-dashboard.conf
#===Fwaas Lbaasv2 Vpnaas===
yum install openstack-neutron-fwaas -y
neutron-db-manage --subproject neutron-fwaas upgrade head
#lbaasv2
yum install openstack-neutron-lbaas -y
neutron-db-manage --subproject neutron-lbaas upgrade head
#vpnaas
yum install openstack-neutron-vpnaas -y
neutron-db-manage --subproject neutron-vpnaas upgrade head
#
##8.Block Storage service
#
#Discover compute
#source /root/admin-openrc
#openstack compute service list --service nova-compute
#su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
#
#add image
#openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public
echo -e "\033[45;37mOpenstack Train computer node install end !!!\033[0m"