openstack 群集 controller配置
#openstack 群集 controller配置
####所有节点执行 #关闭selinux、防火墙 systemctl stop firewalld.service systemctl disable firewalld.service firewall-cmd --state sed -i '/^SELINUX=.*/c SELINUX=disabled' /etc/selinux/config sed -i 's/^SELINUXTYPE=.*/SELINUXTYPE=disabled/g' /etc/selinux/config grep --color=auto '^SELINUX' /etc/selinux/config setenforce 0 #时间同步 #设置hostname, 每个节点分别设置 #时间同步 ####所有节点执行 yum install -y ntp systemctl enable ntpd && systemctl restart ntpd timedatectl set-timezone Asia/Shanghai /usr/sbin/ntpdate ntp6.aliyun.com echo "*/3 * * * * /usr/sbin/ntpdate ntp6.aliyun.com &> /dev/null" > /tmp/crontab crontab /tmp/crontab hostnamectl --static set-hostname node$(ip addr |grep brd |grep global |head -n1 |cut -d '/' -f1 |cut -d '.' -f4) ###########添加hosts echo ' 192.168.0.171 node171 192.168.0.172 node172 192.168.0.173 node173 192.168.0.174 node174 ' >>/etc/hosts [ `grep -c ' controller$' /etc/hosts ` -eq 0 ] && echo '192.168.0.170 v.meilele.com controller' >>/etc/hosts tail /etc/hosts ##yum源 免密码认证 echo ' [centos-openstack-liberty] name=CentOS-7 - OpenStack liberty baseurl=http://vault.centos.org/centos/7.3.1611/cloud/x86_64/openstack-liberty/ gpgcheck=0 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Centos-7 ' >/etc/yum.repos.d/CentOS-OpenStack-liberty.repo tail /etc/yum.repos.d/CentOS-OpenStack-liberty.repo ########### yum install -y qemu-kvm libvirt virt-install systemctl enable libvirtd && systemctl restart libvirtd ################################ ########http高可用+负载均衡pacemaker #所有控制节点 #安装Pacemake Corosync yum install -y corosync pacemaker pcs fence-agents resource-agents httpd #启动pcsd systemctl enable pcsd.service systemctl restart pcsd.service #修改群集用户hacluster密码 echo 123456 | passwd hacluster --stdin #http设置 cp /etc/httpd/conf/httpd.conf{,.bak} #sed -i 's#^Listen 80#Listen 8080#' /etc/httpd/conf/httpd.conf systemctl start httpd.service netstat -antp|grep httpd echo `hostname`>/var/www/html/index.html #测试主页 ############################################## #####################只在主节点执行 controller #创建、启动my_cluster集群 pcs cluster auth -u hacluster -p 123456 node171 node172 node173 node174 pcs cluster setup --start --name my_cluster node171 node172 node173 node174 #集群自启动 pcs cluster enable --all # 启动集群 pcs cluster start --all #集群状态 pcs cluster status ####检验 #验证corosync corosync-cfgtool -s #查看成员 corosync-cmapctl| grep members #查看corosync状态 pcs status corosync #检查配置 crm_verify -L -V #禁用STONITH pcs property set stonith-enabled=false #无仲裁时,选择忽略 pcs property set no-quorum-policy=ignore #创建 VIP 资源 pcs resource create vip ocf:heartbeat:IPaddr2 ip=192.168.0.170 cidr_netmask=22 op monitor interval=28s # pcs resource rsc defaults resource-stickiness=100 # ### 可选参考 # pcs resource create haproxy systemd:haproxy op monitor interval=5s # pcs constraint colocation add vip haproxy INFINITY #HAProxy和VIP必须在同一节点 # pcs constraint order vip then haproxy #先启动VIP,再启动HAProxy #添加到群集 #pcs resource create WEB apache configfile="/etc/httpd/conf/httpd.conf" statusurl="http://127.0.0.1/server-status" # #创建group作为一个整体 # pcs resource group add MyGroup vip # pcs resource group add MyGroup WEB ############################## ##################################MySQL #####Mariadb Galera Cluster 群集 安装部署 ###################################################### # #配置内核 # echo ' # * soft nofile 65536 # * hard nofile 65536 # '>>/etc/security/limits.conf # # # echo ' # fs.file-max=655350 # net.ipv4.ip_local_port_range = 1025 65000 # net.ipv4.tcp_tw_recycle = 1 # '>>/etc/sysctl.conf # sysctl -p # ########################### ####所有节点执行 yum install -y mariadb mariadb-server mariadb-galera-server yum install expect -y #配置数据库 echo " # [mysqld] bind-address = 0.0.0.0 default-storage-engine = innodb innodb_file_per_table max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 #" >/etc/my.cnf.d/openstack.cnf #启动数据库服务 systemctl enable mariadb.service systemctl start mariadb.service #mysql_secure_installation #初始化设置密码,自动交互 ####初始化数据库服务,只在一个节点执行############# ################### expect -c 'set timeout 30 spawn mysql_secure_installation expect { "enter for none" { send "\r"; exp_continue} "Y/n" { send "Y\r" ; exp_continue} "password:" { send "123456\r"; exp_continue} "new password:" { send "123456\r"; exp_continue} "Y/n" { send "Y\r" ; exp_continue} eof { exit } }' ######## mysql -u root -p123456 -e "show databases;" #########galera配置 所有节点执行 cp /etc/my.cnf.d/galera.cnf{,.bak} egrep -v "#|^$" /etc/my.cnf.d/galera.cnf.bak >/etc/my.cnf.d/galera.cnf sed -i 's/wsrep_on=1/wsrep_on=ON/' /etc/my.cnf.d/galera.cnf sed -i 's/wsrep_sst_auth=root:/wsrep_sst_auth=root:'123456'/' /etc/my.cnf.d/galera.cnf ###################### #########所有节点执行 ###sed -i "s/bind-address = 0.0.0.0/bind-address = $(ip addr |grep global |grep $(route |grep default |awk '{print $NF}') |head -n1 |awk '{print $2}' |cut -d '/' -f1)/" /etc/my.cnf.d/openstack.cnf echo " wsrep_cluster_address="gcomm://node171,node172,node173,node174" wsrep_node_address=$(ip addr |grep global |grep $(route |grep default |awk '{print $NF}') |head -n1 |awk '{print $2}' |cut -d '/' -f1) " >>/etc/my.cnf.d/galera.cnf cat /etc/my.cnf.d/galera.cnf systemctl daemon-reload systemctl stop mariadb.service ###########启动第一个节点 只在主节点执行 galera_new_cluster ########################### ######在其它节点执行 systemctl restart mariadb.service ########################### #####其它节点启动后,重启第一个节点 node171 systemctl restart mariadb.service #####检测 netstat -antp|grep mysqld mysql -u root -p123456 -e "show status like 'wsrep_cluster_size';" mysql -u root -p123456 -e "show status like 'wsrep_incoming_addresses';" #####RabbitMQ Cluster群集安装配置 ############################## #######所有节点运行 yum install -y rabbitmq-server systemctl enable rabbitmq-server.service systemctl restart rabbitmq-server.service rabbitmqctl add_user admin admin rabbitmqctl set_user_tags admin administrator rabbitmqctl add_user openstack 123456 rabbitmqctl change_password openstack 123456 rabbitmqctl set_permissions openstack ".*" ".*" ".*" rabbitmqctl set_user_tags openstack administrator rabbitmq-plugins list rabbitmq-plugins enable rabbitmq_management netstat -tnlp|grep beam ####所有节点命令 群集配置,/var/lib/rabbitmq/.erlang.cookie文件内容必须一致 echo $(echo 123456 |md5sum |cut -d ' ' -f1) >/var/lib/rabbitmq/.erlang.cookie systemctl restart rabbitmq-server.service netstat -tnlp|grep beam ######其它节点运行,主节点不用运行 rabbitmqctl stop_app rabbitmqctl join_cluster rabbit@node171 rabbitmqctl start_app rabbitmqctl cluster_status ####此时 node2 与 node3 也会自动建立连接;如果要使用内存节点,则可以使用 ####rabbitmqctl join_cluster --ram rabbit@ops232 #更改群集名称 ###rabbitmqctl set_cluster_name RabbitMQ-Cluster #查看群集状态 rabbitmqctl cluster_status ###访问RabbitMQ,访问地址是http://ip:15672 ################################### #创建openstack相关数据库、用户授权 #创建openstack相关数据库、用户授权 #以下在controller其中一节点执行即可 ###for d in keystone glance nova neutron cinder ;do mysql -uroot -p123456 -e "drop database if exists $d;show databases;" ;done mysql -uroot -p123456 -e "CREATE DATABASE if not exists keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456'; CREATE DATABASE if not exists glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456'; CREATE DATABASE if not exists nova; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123456'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123456'; CREATE DATABASE if not exists neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456'; CREATE DATABASE if not exists cinder; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '123456'; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '123456'; flush privileges; select User,Password,Host from mysql.user; show databases;" ###测试mysql账号 mysql -ukeystone -p123456 -e "show databases;" mysql -uroot -p123456 -e "show databases;" ######################################### ##OpenStack client 控制节点基础包安装 ####所有节点 ##rabbitmq yum install -y rabbitmq-server ###mysql yum install -y mariadb mariadb-server mariadb-galera-server ### yum install -y python-openstackclient ####如果启用了 SELinux ,安装 openstack-selinux 包实现对OpenStack服务的安全策略进行自动管理 yum install -y openstack-selinux ##keystone yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached ######Glance yum install -y openstack-glance python-glance python-glanceclient ####nova yum install -y openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient ##neutron yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset ##Dashboard yum install -y openstack-dashboard ##cinder yum install -y openstack-cinder python-cinderclient ############################### ################################ ##############Keystone OpenStack身份认证服务 ###只在主节点执行 #####所有节点 #yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached #memcached启动 \cp -f /etc/sysconfig/memcached{,.bak} sed -i 's/127.0.0.1/0.0.0.0/' /etc/sysconfig/memcached systemctl enable memcached.service systemctl restart memcached.service netstat -antp|grep 11211 #export OS_MASTERIP=192.168.0.173 #export OS_MASTERNAME=v.meilele.com #export OS_PWDSTR='123456' export OS_TOKEN=$(echo 123456 |md5sum |cut -d ' ' -f1) env|grep ^OS \cp -f /etc/keystone/keystone.conf{,.bak} echo " [DEFAULT] admin_token = $(echo 123456 |md5sum |cut -d ' ' -f1) [database] connection = mysql://keystone:123456@v.meilele.com/keystone [memcache] servers = v.meilele.com:11211 [revoke] driver = sql [token] provider = uuid driver = memcache " >/etc/keystone/keystone.conf grep admin_token /etc/keystone/keystone.conf ###########只在主节点 su -s /bin/sh -c "keystone-manage db_sync" keystone tail /var/log/keystone/keystone.log ########Apache HTTP ####所有节点执行 echo ' Listen 5000 Listen 35357 <VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t %M" </IfVersion> ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> </VirtualHost> <VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t %M" </IfVersion> ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> </VirtualHost> ' >/etc/httpd/conf.d/wsgi-keystone.conf systemctl enable httpd.service && systemctl restart httpd.service netstat -tnlp|grep httpd ######API ######## ##############只在主节点 export OS_URL=http://v.meilele.com:35357/v3 export OS_IDENTITY_API_VERSION=3 env|grep ^OS #为身份认证服务创建服务实体 openstack service create --name keystone --description "OpenStack Identity" identity #创建认证服务的 API 端点 openstack endpoint create --region RegionOne identity public http://v.meilele.com:5000/v2.0 openstack endpoint create --region RegionOne identity internal http://v.meilele.com:5000/v2.0 openstack endpoint create --region RegionOne identity admin http://v.meilele.com:35357/v2.0 ###admin #创建 admin 项目 openstack project create --domain default --description "Admin Project" admin #创建 admin 用户 openstack user create --domain default --password=123456 admin #创建 admin 角色 openstack role create admin #添加 admin 角色到 admin 项目和用户上,这个命令执行后没有输出 openstack role add --project admin --user admin admin #每个服务包含独有用户的service 项目。创建``service``项目 openstack project create --domain default --description "Service Project" service #常规任务应该使用无特权的项目和用户,作为示例,创建一个demo项目和用户 openstack project create --domain default --description "Demo Project" demo #创建 demo 用户 openstack user create --domain default --password=123456 demo #创建 demo 角色 openstack role create user #添加 demo 角色到 demo 项目和用户上 openstack role add --project demo --user demo user ####所有节点执行 ###########因为安全性的原因,关闭临时认证令牌机制,删除 以下三个段中 admin_token_auth字段 \cp -f /usr/share/keystone/keystone-dist-paste.ini{,.bak} sed -i 's#admin_token_auth##g' /usr/share/keystone/keystone-dist-paste.ini grep admin_token_auth /usr/share/keystone/keystone-dist-paste.ini ###############验证操作 unset OS_TOKEN OS_URL openstack --os-auth-url http://v.meilele.com:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-password=123456 --os-auth-type password token issue openstack --os-auth-url http://v.meilele.com:5000/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name demo --os-username demo --os-password=123456 --os-auth-type password token issue ####前面我们使用环境变量和命令选项的组合通过openstack客户端与身份认证服务交互。为了提升客户端操作的效率,OpenStack支持简单的客户端环境变量脚本即OpenRC 文件 ####创建 admin 和 ``demo``项目和用户创建客户端环境变量脚本,为客户端操作加载合适的的凭证。 ####所有节点执行 echo ' export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=admin export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=123456 export OS_AUTH_URL=http://v.meilele.com:35357/v3 export OS_IDENTITY_API_VERSION=3 ' >admin-openrc.sh source admin-openrc.sh openstack token issue echo ' export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=demo export OS_TENANT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=123456 export OS_AUTH_URL=http://v.meilele.com:5000/v3 export OS_IDENTITY_API_VERSION=3 ' >demo-openrc.sh source demo-openrc.sh ###请求认证令牌信息 openstack token issue ################################ #####Glance 添加镜像服务 ###只在主节点执行 source admin-openrc.sh #创建 glance 用户 openstack user create --domain default --password=123456 glance #添加 admin 角色到 glance 用户和 service 项目上,命令没有输出 openstack role add --project service --user glance admin #创建glance服务实体 openstack service create --name glance --description "OpenStack Image service" image ###创建镜像服务的 API 端点 openstack endpoint create --region RegionOne image public http://v.meilele.com:9292 openstack endpoint create --region RegionOne image internal http://v.meilele.com:9292 openstack endpoint create --region RegionOne image admin http://v.meilele.com:9292 ######Glance ####所有节点执行 #yum install -y openstack-glance python-glance python-glanceclient \cp -f /etc/glance/glance-api.conf{,.bak} \cp -f /etc/glance/glance-registry.conf{,.bak} echo ' [DEFAULT] notification_driver = noop verbose = True [database] connection = mysql://glance:123456@v.meilele.com/glance [glance_store] default_store = file filesystem_store_datadir = /var/lib/glance/images/ [keystone_authtoken] auth_uri = http://v.meilele.com:5000 auth_url = http://v.meilele.com:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = glance password = 123456 [paste_deploy] flavor = keystone ' >/etc/glance/glance-api.conf ########################## echo ' [DEFAULT] notification_driver = noop verbose = True [database] connection = mysql://glance:123456@v.meilele.com/glance [keystone_authtoken] auth_uri = http://v.meilele.com:5000 auth_url = http://v.meilele.com:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = glance password = 123456 [paste_deploy] flavor = keystone ' >/etc/glance/glance-registry.conf #####################################主节点执行 su -s /bin/sh -c "glance-manage db_sync" glance tail /var/log/glance/api.log #####所有节点执行 systemctl enable openstack-glance-api.service openstack-glance-registry.service systemctl restart openstack-glance-api.service openstack-glance-registry.service netstat -tnlp|grep python ###验证操作 主节点执行 echo "export OS_IMAGE_API_VERSION=2" | tee -a admin-openrc.sh demo-openrc.sh export OS_IMAGE_API_VERSION=2 source admin-openrc.sh [ ! -e cirros-0.3.4-x86_64-disk.img ] && wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress #[ -e /root/CentOS-7-x86_64-GenericCloud.qcow2 ] && glance image-create --name "CentOS-7-x86_64-GenericCloud" --file /root/CentOS-7-x86_64-GenericCloud.qcow2 --disk-format qcow2 --container-format bare --visibility public --progress glance image-list ############################################ ##Nova #install_nova ####nova模块配置 #####所有节点执行 ###只在主节点执行 source admin-openrc.sh openstack user create --domain default --password=123456 nova openstack role add --project service --user nova admin openstack service create --name nova --description "OpenStack Compute" compute ##创建计算服务API端点 openstack endpoint create --region RegionOne compute public http://v.meilele.com:8774/v2/%\(tenant_id\)s openstack endpoint create --region RegionOne compute internal http://v.meilele.com:8774/v2/%\(tenant_id\)s openstack endpoint create --region RegionOne compute admin http://v.meilele.com:8774/v2/%\(tenant_id\)s #####所有节点执行 #yum install -y openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient #####所有节点执行 echo " [DEFAULT] rpc_backend = rabbit auth_strategy = keystone my_ip = $(ip addr |grep global |grep $(route |grep default |awk '{print $NF}') |head -n1 |awk '{print $2}' |cut -d '/' -f1) network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver enabled_apis=osapi_compute,metadata verbose = True [database] connection = mysql://nova:123456@v.meilele.com/nova [glance] host = v.meilele.com [keystone_authtoken] auth_uri = http://v.meilele.com:5000 auth_url = http://v.meilele.com:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = nova password = 123456 [neutron] url = http://v.meilele.com:9696 auth_url = http://v.meilele.com:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = neutron password = 123456 service_metadata_proxy = True metadata_proxy_shared_secret = 123456 [oslo_concurrency] lock_path = /var/lib/nova/tmp [oslo_messaging_rabbit] rabbit_host = v.meilele.com rabbit_userid = openstack rabbit_password = 123456 [vnc] vncserver_listen = \$my_ip vncserver_proxyclient_address = \$my_ip " >/etc/nova/nova.conf ############################### 主节点执行 su -s /bin/sh -c "nova-manage db sync" nova tail /var/log/nova/nova-manage.log #####所有节点执行 systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service systemctl restart openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service #######控制节点 启用nova节点 #####所有节点执行 yum install -y openstack-nova-compute sysfsutils echo ' [libvirt] virt_type = kvm ' >>/etc/nova/nova.conf sed -i '/^\[vnc\]/ a novncproxy_base_url = http:\/\/v.meilele.com:6080\/vnc_auto.html' /etc/nova/nova.conf #[ $(egrep -c '(vmx|svm)' /proc/cpuinfo) -eq 0 ] && sed -i 's#virt_type.*#virt_type=qemu#g' /etc/nova/nova.conf || sed -i 's#virt_type.*#virt_type=kvm#g' /etc/nova/nova.conf grep virt_type /etc/nova/nova.conf systemctl enable libvirtd.service openstack-nova-compute.service systemctl restart libvirtd.service openstack-nova-compute.service ############################## ###controller: ######## 主节点执行 source admin-openrc.sh nova service-list openstack host list nova endpoints glance image-list ######################################## ##Neutron ###只在主节点执行 source admin-openrc.sh openstack user create --domain default --password=123456 neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description "OpenStack Networking" network ###创建网络服务API端点 openstack endpoint create --region RegionOne network public http://v.meilele.com:9696 openstack endpoint create --region RegionOne network internal http://v.meilele.com:9696 openstack endpoint create --region RegionOne network admin http://v.meilele.com:9696 ########所有节点执行 #yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset #####所有节点执行 echo ' [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = True rpc_backend = rabbit auth_strategy = keystone notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://v.meilele.com:8774/v2 verbose = True [keystone_authtoken] auth_uri = http://v.meilele.com:5000 auth_url = http://v.meilele.com:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = 123456 [database] connection = mysql://neutron:123456@v.meilele.com/neutron [nova] auth_url = http://v.meilele.com:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = nova password = 123456 [oslo_concurrency] lock_path = /var/lib/neutron/tmp [oslo_messaging_rabbit] rabbit_host = v.meilele.com rabbit_userid = openstack rabbit_password = 123456 ' >/etc/neutron/neutron.conf echo ' [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = public [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = True ' >/etc/neutron/plugins/ml2/ml2_conf.ini echo " [linux_bridge] physical_interface_mappings = public:$(ip addr |grep global |grep $(route |grep default |awk '{print $NF}') |head -n1 |awk '{print $NF}') [vxlan] enable_vxlan = True local_ip = $(ip addr |grep global |grep $(route |grep default |awk '{print $NF}') |head -n1 |awk '{print $2}' |cut -d '/' -f1) l2_population = True [agent] prevent_arp_spoofing = True [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver " >/etc/neutron/plugins/ml2/linuxbridge_agent.ini echo ' [DEFAULT] interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver external_network_bridge = verbose = True ' >/etc/neutron/l3_agent.ini echo ' [DEFAULT] interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = True verbose = True dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf ' >/etc/neutron/dhcp_agent.ini echo 'dhcp-option-force=26,1450' >/etc/neutron/dnsmasq-neutron.conf echo ' [DEFAULT] auth_uri = http://v.meilele.com:5000 auth_url = http://v.meilele.com:35357 auth_region = RegionOne auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = 123456 nova_metadata_ip = v.meilele.com metadata_proxy_shared_secret = 123456 verbose = True admin_tenant_name = %SERVICE_TENANT_NAME% admin_user = %SERVICE_USER% admin_password = %SERVICE_PASSWORD% ' >/etc/neutron/metadata_agent.ini ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini ################################ ######## 主节点执行 su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron #所有节点执行 systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl restart openstack-nova-api.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service #####验证操作: #####controller端(控制端): 主节点执行 source admin-openrc.sh neutron ext-list neutron agent-list ######################创建虚拟网络 controller端 grep physical_interface_mappings /etc/neutron/plugins/ml2/linuxbridge_agent.ini grep flat_networks /etc/neutron/plugins/ml2/ml2_conf.ini ############只在主节点执行 source admin-openrc.sh ####创建网络 桥接到物理网卡的网络 neutron net-create public --shared --provider:physical_network public --provider:network_type flat ##--router:external neutron subnet-create public 192.168.3.0/22 --name public --allocation-pool start=192.168.3.200,end=192.168.3.240 --dns-nameserver 192.168.0.10 --gateway 192.168.0.251 ##--disable-dhcp neutron net-list #source admin-openrc.sh ###设置成外部网络 neutron net-update public --router:external #source demo-openrc.sh neutron net-create private ####配置一个可以解析的DNS --dns-nameserver 114.114.114.114 neutron subnet-create private 10.10.100.0/24 --name private --gateway 10.10.100.1 --dns-nameserver 192.168.0.10 ###创建路由 neutron router-create router ###在路由器添加一个私网子网接口 neutron router-interface-add router private ###在路由器上设置公共网络的网关 neutron router-gateway-set router public neutron net-list ######## ##source admin-openrc.sh ##neutron router-interface-delete router private ##neutron router-gateway-clear router public ##neutron router-delete router ##neutron router-list ##neutron net-delete public ##neutron net-delete private ##neutron net-list ###验证操作 主节点执行 source admin-openrc.sh ##列出网络命名空间。你应该可以看到一个qrouter命名空间和两个qdhcp命名空间。 ip netns ###列出路由器上的端口来确定公网的网关IP 地址 neutron router-port-list router [ ! -e /root/.ssh/id_rsa_admin ] && ssh-keygen -q -N '' -f /root/.ssh/id_rsa_admin nova keypair-add --pub-key ~/.ssh/id_rsa_admin.pub adminkey source demo-openrc.sh [ ! -e /root/.ssh/id_rsa ] && ssh-keygen -q -N '' -f /root/.ssh/id_rsa nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey nova keypair-list nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 source demo-openrc.sh nova flavor-list glance image-list neutron net-list nova secgroup-list nova list #nova boot --flavor m1.tiny --image cirros --nic net-id=$(neutron net-list |grep private |awk '{print $2}') --security-group default --key-name mykey private-instance nova list #nova get-vnc-console private-instance novnc ##访问url:http://v.meilele.com:6080/vnc_auto.html?token=ffec3792-a83a-4c2e-a138-bac3f8c7595d ###user:cubswin ###pwd:cirros ################################### ##Dashboard #yum install -y openstack-dashboard env|grep ^OS \cp -f /etc/openstack-dashboard/local_settings{,.bak} sed -i "s#^OPENSTACK_HOST =.*#OPENSTACK_HOST = 'controller' #g" /etc/openstack-dashboard/local_settings sed -i 's#^ALLOWED_HOSTS =.*#ALLOWED_HOSTS = \["\*"\, \] #g' /etc/openstack-dashboard/local_settings sed -i "s#^ 'BACKEND':.*# 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',\n 'LOCATION': 'controller:11211',#g" /etc/openstack-dashboard/local_settings ####为通过仪表盘创建的用户配置默认的 user 角色 sed -i 's#^OPENSTACK_KEYSTONE_DEFAULT_ROLE =.*#OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"#g' /etc/openstack-dashboard/local_settings #启用multi-domain model sed -i 's#^OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT =.*#OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True#g' /etc/openstack-dashboard/local_settings ####配置服务API版本,这样你就可以通过Keystone V3 API来登录dashboard sed -i '/#OPENSTACK_API_VERSIONS/ i OPENSTACK_API_VERSIONS = { \n "identity": 3,\n "volume": 2,\n}' /etc/openstack-dashboard/local_settings ##配置时区 sed -i 's#^TIME_ZONE =.*#TIME_ZONE = "Asia/Shanghai"#g' /etc/openstack-dashboard/local_settings ################# ###如果选择网络选项1,禁用支持3层网络服务,网络选项2默认即可: sed -i "s#'enable_router': .*#'enable_router': False,#g" /etc/openstack-dashboard/local_settings sed -i "s#'enable_quotas': .*#'enable_quotas': False,#g" /etc/openstack-dashboard/local_settings sed -i "s#'enable_distributed_router': .*#'enable_distributed_router': False,#g" /etc/openstack-dashboard/local_settings sed -i "s#'enable_ha_router': .*#'enable_ha_router': False,#g" /etc/openstack-dashboard/local_settings sed -i "s#'enable_lb': .*#'enable_lb': False,#g" /etc/openstack-dashboard/local_settings sed -i "s#'enable_firewall': .*#'enable_firewall': False,#g" /etc/openstack-dashboard/local_settings sed -i "s#'enable_vpn': .*#'enable_vpn': False,#g" /etc/openstack-dashboard/local_settings sed -i "s#'enable_fip_topology_check': .*#'enable_fip_topology_check': False,#g" /etc/openstack-dashboard/local_settings systemctl enable httpd.service memcached.service systemctl restart httpd.service memcached.service #访问报500 #sed -i '/WSGISocketPrefix run\/wsgi/ a WSGIApplicationGroup %{GLOBAL}' /etc/httpd/conf.d/openstack-dashboard.conf #在浏览器中输入 http://controller/dashboard ##使用"admin"或"demo"用户登录,密码:123456 ################################## ########cinder ###只在主节点执行 source admin-openrc.sh openstack user create --domain default --password=123456 cinder openstack role add --project service --user cinder admin openstack service create --name cinder --description "OpenStack Block Storage" volume openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2 #创建块设备存储服务的 API 入口点,块设备存储服务每个服务实体都需要端点。 openstack endpoint create --region RegionOne volume public http://v.meilele.com:8776/v1/%\(tenant_id\)s openstack endpoint create --region RegionOne volume internal http://v.meilele.com:8776/v1/%\(tenant_id\)s openstack endpoint create --region RegionOne volume admin http://v.meilele.com:8776/v1/%\(tenant_id\)s openstack endpoint create --region RegionOne volumev2 public http://v.meilele.com:8776/v2/%\(tenant_id\)s openstack endpoint create --region RegionOne volumev2 internal http://v.meilele.com:8776/v2/%\(tenant_id\)s openstack endpoint create --region RegionOne volumev2 admin http://v.meilele.com:8776/v2/%\(tenant_id\)s ####所有节点执行 #yum install -y openstack-cinder python-cinderclient \cp -f /etc/cinder/cinder.conf{,.bak} echo " [DEFAULT] rpc_backend = rabbit auth_strategy = keystone my_ip = $(ip addr |grep global |grep $(route |grep default |awk '{print $NF}') |head -n1 |awk '{print $2}' |cut -d '/' -f1) verbose = True [BRCD_FABRIC_EXAMPLE] [CISCO_FABRIC_EXAMPLE] [cors] [cors.subdomain] [database] connection = mysql://cinder:123456@v.meilele.com/cinder [fc-zone-manager] [keymgr] [keystone_authtoken] auth_uri = http://v.meilele.com:5000 auth_url = http://v.meilele.com:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = cinder password = 123456 [matchmaker_redis] [matchmaker_ring] [oslo_concurrency] lock_path = /var/lib/cinder/tmp [oslo_messaging_amqp] [oslo_messaging_qpid] [oslo_messaging_rabbit] rabbit_host = v.meilele.com rabbit_userid = openstack rabbit_password = 123456 [oslo_middleware] [oslo_policy] [oslo_reports] [profiler] " >/etc/cinder/cinder.conf ###配置计算节点以使用块设备存储 添加如下内容 echo ' [cinder] os_region_name = RegionOne '>>/etc/nova/nova.conf ######################## ######主节点执行 su -s /bin/sh -c "cinder-manage db sync" cinder ####所有节点执行 systemctl restart openstack-nova-api.service systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service systemctl restart openstack-cinder-api.service openstack-cinder-scheduler.service ######控制节点安装cinder nfs ###cinder 节点操作 ####所有节点执行 yum install -y nfs-utils rpcbind systemctl enable rpcbind nfs systemctl restart rpcbind nfs mkdir -p /data/nfs echo ' /data/nfs *(rw,no_root_squash) ' >>/etc/exports systemctl reload nfs ################ yum install -y openstack-cinder targetcli python-oslo-policy echo ' [nfs] volume_driver = cinder.volume.drivers.nfs.NfsDriver nfs_shares_config = /etc/cinder/nfs_shares nfs_mount_point_base = $state_path/mnt volume_backend_name=nfs_volumes ' >>/etc/cinder/cinder.conf tail /etc/cinder/cinder.conf [ $(grep -c '^enabled_backends' /etc/cinder/cinder.conf) -eq 0 ] && sed -i 's/\[DEFAULT\]/ a enabled_backends=nfs/g' /etc/cinder/cinder.conf || sed -i 's/^enabled_backends.*=/enabled_backends=nfs,/g' /etc/cinder/cinder.conf #sed -i 's/^enabled_backends.*=/enabled_backends=nfs,/g' /etc/cinder/cinder.conf grep enabled_backends /etc/cinder/cinder.conf echo 'localhost:/data/nfs' >/etc/cinder/nfs_shares chown root.cinder /etc/cinder/nfs_shares chmod 640 /etc/cinder/nfs_shares #chgrp cinder /etc/cinder/nfs_shares systemctl restart openstack-cinder-volume.service ####主节点 操作 只在一台操作 source /root/admin-openrc.sh cinder service-list |grep nfs ##创建云硬盘类型,关联volum NFS cinder type-create nfs cinder type-key nfs set volume_backend_name=nfs_volumes