OpenStack脚本

未经允许不得转载

openvpn原理
OpenVPN是一个用于创建虚拟专用网络(Virtual Private Network)加密通道的免费开源软件。使用OpenVPN可以方便地在家庭、办公场所、住宿酒店等不同网络访问场所之间搭建类似于局域网的专用网络通道。OpenVPN使用方便，运行性能优秀，支持Solaris、Linux 2.2+(Linux 2.2+表示Linux 2.2及以上版本，下同)、OpenBSD 3.0+、FreeBSD、NetBSD、Mac OS X、Android和Windows 2000+的操作系统，并且采用了高强度的数据加密，再加上其开源免费的特性，使得OpenVPN成为中小型企业及个人的VPN首选产品。

OpenVPN的运行原理其实很简单，其核心机制就是在OpenVPN服务器和客户端所在的计算机上都安装一个虚拟网卡(又称虚拟网络适配器)，并获得一个对应的虚拟IP地址。OpenVPN的服务器和多个客户端就可以通过虚拟网卡，使用这些虚拟IP进行相互访问了。其中，OpenVPN服务器起到一个路由和控制的作用(相当于一个虚拟的路由器)。

在OpenVPN中，最常用的数据加密手段，就是采用SSL协议。使用SSL协议进行传输就需要相应的证书和密钥，因此我们使用OpenVPN之前，还需要在服务器端生成相应的证书、密钥

OpenStack脚本

T版本
需要下载对应的安装包 QQ:498577310

优化系统

#!bin/bash
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install net-tools vim tree htop iftop iotop lrzsz sl wget unzip telnet nmap nc psmisc dos2unix bash-completion -y
yum install -y yum-utils
yum-config-manager --add-repo="file:///mnt"
yum-config-manager -y
sed -ri 's#(^SELINUX=).*#\1disabled#g' /etc/selinux/config 
echo '* - nofile 65535' >> /etc/security/limits.conf
sed -i 's@#UseDNS yes@UseDNS no@g' /etc/ssh/sshd_config
sed -i 's@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config
systemctl stop      firewalld && systemctl disable   firewalld
systemctl stop      NetworkManager && systemctl disable   NetworkManager  
systemctl start     network  && systemctl enable    network
systemctl get-default 
systemctl set-default multi-user.target
systemctl stop crond && systemctl disable crond
systemctl restart sshd
cd  /etc/yum.repos.d/
rm -rf  mnt.repo
yum  install   rsync  -y

安装openstack客户端

yum install python-openstackclient.noarch  -y
yum install openstack-utils.noarch -y
yum install openstack-nova-compute -y
yum install openstack-neutron-linuxbridge ebtables ipset -y

安装nova

yum install openstack-nova-compute -y
cat nova.conf >/etc/nova/nova.conf
\cp /etc/nova/nova.conf{,.bak}
grep -Ev '^$|#' /etc/nova/nova.conf.bak >/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf  DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf  DEFAULT transport_url rabbit://openstack:123456@controller
openstack-config --set /etc/nova/nova.conf  api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf  keystone_authtoken www_authenticate_uri http://controller:5000/
openstack-config --set /etc/nova/nova.conf  keystone_authtoken auth_url http://controller:5000/
openstack-config --set /etc/nova/nova.conf  keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf  keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf  keystone_authtoken project_domain_name Default
openstack-config --set /etc/nova/nova.conf  keystone_authtoken user_domain_name Default
openstack-config --set /etc/nova/nova.conf  keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf  keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf  keystone_authtoken password 123456
openstack-config --set /etc/nova/nova.conf  DEFAULT my_ip 10.0.0.11
openstack-config --set /etc/nova/nova.conf  DEFAULT use_neutron true
openstack-config --set /etc/nova/nova.conf  DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver 
openstack-config --set /etc/nova/nova.conf  vnc enabled true
openstack-config --set /etc/nova/nova.conf  vnc vncserver_listen  0.0.0.0
openstack-config --set /etc/nova/nova.conf  vnc vncserver_proxyclient_address  '$my_ip'
openstack-config --set /etc/nova/nova.conf  vnc novncproxy_base_url http://controller:6080/vnc_auto.html 
openstack-config --set /etc/nova/nova.conf  glance api_servers  http://controller:9292
openstack-config --set /etc/nova/nova.conf  oslo_concurrency lock_path  /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf  placement region_name RegionOne
openstack-config --set /etc/nova/nova.conf  placement project_domain_name Default
openstack-config --set /etc/nova/nova.conf  placement project_name service
openstack-config --set /etc/nova/nova.conf  placement auth_type password
openstack-config --set /etc/nova/nova.conf  placement user_domain_name Default
openstack-config --set /etc/nova/nova.conf  placement auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf  placement username placement
openstack-config --set /etc/nova/nova.conf  placement password 123456
egrep -c '(vmx|svm)' /proc/cpuinfo
openstack-config --set /etc/nova/nova.conf  libvirt  virt_type  qemu

安装neutron

yum install openstack-neutron openstack-neutron-ml2  openstack-neutron-linuxbridge ebtables ipset -y
cat neutron.conf >/etc/neutron/neutron.conf
\cp /etc/neutron/neutron.conf{,.bak}
grep -Ev '^$|#' /etc/neutron/neutron.conf.bak >/etc/neutron/neutron.conf
openstack-config --set /etc/neutron/neutron.conf  DEFAULT transport_url rabbit://openstack:123456@controller
openstack-config --set /etc/neutron/neutron.conf  DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken password 123456
openstack-config --set /etc/neutron/neutron.conf  nova auth_url http://controller:5000
openstack-config --set /etc/neutron/neutron.conf  nova auth_type password
openstack-config --set /etc/neutron/neutron.conf  nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf  nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf  nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf  nova project_name service
openstack-config --set /etc/neutron/neutron.conf  nova username nova
openstack-config --set /etc/neutron/neutron.conf  nova password 123456
openstack-config --set /etc/neutron/neutron.conf  oslo_concurrency lock_path /var/lib/neutron/tmp

\cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
grep '^[a-Z\[]' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak >/etc/neutron/plugins/ml2/linuxbridge_agent.ini
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  linux_bridge physical_interface_mappings eth0                                          
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan enable_vxlan true 
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan local_ip 10.0.0.11
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan l2_population true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
echo net.bridge.bridge-nf-call-iptables = 1   >>/etc/sysctl.conf 
echo net.bridge.bridge-nf-call-ip6tables = 1   >>/etc/sysctl.conf 

systemctl start   libvirtd openstack-nova-compute neutron-linuxbridge-agent
systemctl enable  libvirtd openstack-nova-compute neutron-linuxbridge-agent

posted @ 2020-11-24 17:17 zhengjia1989 阅读(229) 评论(0) 编辑收藏举报

刷新页面返回顶部