openstack-M版--Controller端
2024-06-28 16:01:45
供稿:網友
#!/bin/bashecho '-------------節點ip----------------------------------' controller=192.168.2.11computer1=192.168.2.12echo '-------------網卡設備----------------------------------' dev=eno33554992echo '-------------服務密碼----------------------------------'keystone=keystoneglance=glancenova=novaneutron=neutronrabbit=rabbitecho '-------------用戶密碼----------------------------------'admin=admindemo=demoecho '------------下載所需安裝包-------------------------------------------' yum -y install python-openstackclient mariadb mariadb-server /python2-PyMySQL rabbitmq-server memcached python-memcached /openstack-keystone httpd mod_wsgi openstack-glance /openstack-nova-api openstack-nova-conductor /openstack-nova-console openstack-nova-novncPRoxy /openstack-nova-scheduler openstack-neutron openstack-neutron-ml2 /openstack-neutron-linuxbridge ebtables wget openstack-dashboardecho '------------數據庫初始化-----------------------------'echo "[mysqld]bind-address = $controllerdefault-storage-engine = innodbinnodb_file_per_tablemax_connections = 4096collation-server = utf8_general_cicharacter-set-server = utf8" > /etc/my.cnf.d/openstack.cnfsystemctl enable mariadbsystemctl start mariadbmysql_secure_installationecho '------------啟動rabbit服務和更改密碼-----------------------------'systemctl enable rabbitmq-serversystemctl start rabbitmq-serverrabbitmqctl add_user openstack $rabbitrabbitmqctl set_permissions openstack ".*" ".*" ".*"systemctl restart rabbitmq-server.serviceecho '------------啟動緩存服務memcached-----------------------------'systemctl enable memcached.servicesystemctl restart memcached.serviceecho '------------建立數據庫-------------------------------------------' echo "CREATE DATABASE keystone;GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$keystone';GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$keystone';CREATE DATABASE glance;GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '$glance';GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '$glance';CREATE DATABASE nova_api;GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '$nova';GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '$nova';CREATE DATABASE nova;GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '$nova';GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '$nova';CREATE DATABASE neutron;GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '$neutron';GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '$neutron';flush privileges;" > /root/xxxmysql -u root -p < /root/xxxecho '---------------備份配置文件----------------------------------------' cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bakcp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bakcp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bakcp /etc/nova/nova.conf /etc/nova/nova.conf.bakcp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bakcp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bakcp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bakcp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bakcp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bakecho '--------------配置 keystone----------------------------------------' token=`openssl rand -hex 10`echo "[DEFAULT]admin_token = $token[database]connection = mysql+pymysql://keystone:$keystone@controller/keystone " > /etc/keystone/keystone.confecho '--------------修改keystone權限和數據同步-------------------' keystone-manage db_synckeystone-manage pki_setup --keystone-user keystone --keystone-group keystonechown -R keystone.keystone /var/log/keystone/chown -R keystone.keystone /etc/keystone/echo '--------------配置wsgi-keystone.conf---------------------'echo "Listen 5000Listen 35357<VirtualHost *:5000>WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}WSGIProcessGroup keystone-publicWSGIScriptAlias / /usr/bin/keystone-wsgi-publicWSGIapplicationGroup %{GLOBAL}WSGIPassAuthorization OnErrorLog /var/log/httpd/keystone-error.logCustomLog /var/log/httpd/keystone-access.log combined<Directory /usr/bin> Require all granted</Directory></VirtualHost><VirtualHost *:35357>WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}WSGIProcessGroup keystone-adminWSGIScriptAlias / /usr/bin/keystone-wsgi-adminWSGIApplicationGroup %{GLOBAL}WSGIPassAuthorization OnErrorLog /var/log/httpd/keystone-error.logCustomLog /var/log/httpd/keystone-access.log combined<Directory /usr/bin>Require all granted</Directory></VirtualHost>" > /etc/httpd/conf.d/wsgi-keystone.confecho '---------------配置httpd.conf----------------------------------------'echo "ServerName $controller" >> /etc/httpd/conf/httpd.confsetenforce 0echo '---------------啟動httpd服務----------------------------------------'systemctl enable httpd.servicesystemctl start httpd.serviceecho '---------------認證TOKEN----------------------------------------'export OS_TOKEN=$tokenexport OS_URL=http://$controller:35357/v3export OS_IDENTITY_API_VERSION=3echo '---------------創建keystone服務和端口----------------------------------------'openstack service create --name keystone --description 'OpenStack Identity' identity #創建keystone服務openstack endpoint create --region RegionOne identity public http://controller:5000/v3openstack endpoint create --region RegionOne identity internal http://controller:5000/v3openstack endpoint create --region RegionOne identity admin http://controller:35357/v3 #創建keystone服務端口echo '---------------創建 默認域 �����,admin項目���,admin角色和admin用戶----------------------------------------'openstack domain create --description 'Default Domain' default #默認域openstack project create --domain default --description 'Admin Project' admin #admin項目openstack user create --domain default --passWord $admin admin #admin用戶openstack role create admin #admin角色openstack role add --project admin --user admin admin #將admin角色添加至admin項目和用戶echo '---------------創建 service項目----------------------------------------'openstack project create --domain default --description 'Service Project' service #service項目echo '---------------創建 demo項目�����,user角色和demo用戶----------------------------------------'openstack project create --domain default --description 'Demo Project' demo #demo項目openstack user create --domain default --password $demo demo #demo用戶openstack role create user #user角色openstack role add --project demo --user demo user #將user角色添加至demo項目和用戶echo '----------------創建管理員環境腳本---------------------------------------'echo "export OS_PROJECT_DOMAIN_NAME=defaultexport OS_USER_DOMAIN_NAME=defaultexport OS_PROJECT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=$adminexport OS_AUTH_URL=http://$controller:35357/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2" > /root/openstack-adminecho '----------------創建demo環境腳本---------------------------------------'echo "export OS_PROJECT_DOMAIN_NAME=defaultexport OS_USER_DOMAIN_NAME=defaultexport OS_PROJECT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=$demoexport OS_AUTH_URL=http://$controller:5000/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2" > /root/openstack-demo#echo '----------------更換管理員環境---------------------------------------'#unset OS_TOKEN OS_URL#openstack --os-auth-url http://$controller:35357/v3 /#--os-project-domain-name default --os-user-domain-name default /#--os-project-name admin --os-username admin --os-password admin token issue#openstack --os-auth-url http://$controller:5000/v3 /#--os-project-domain-name default --os-user-domain-name default /#--os-project-name demo --os-username demo --os-password demo token issue#echo '----------------驗證---------------------------------------'#source /root/openstack-admin#openstack token issueecho '----------------開始配置glance---------------------------------------'echo '------------創建glance用戶和分配admin權限-----------------------------'openstack user create --domain default --password $glance glance #創建 glance用戶openstack role add --project service --user glance admin #添加admin角色到glance用戶和service項目openstack service create --name glance --description 'OpenStack Image' image #創建glance服務echo '------------創建glance服務和端口-----------------------------'openstack endpoint create --region RegionOne image public http://controller:9292openstack endpoint create --region RegionOne image internal http://controller:9292openstack endpoint create --region RegionOne image admin http://controller:9292echo '------------配置 /etc/glance/glance-api.conf----------------------------' echo "[database]connection = mysql+pymysql://glance:$glance@controller/glance[keystone_authtoken]auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = $glance[paste_deploy]flavor = keystone[glance_store]stores = file,httpdefault_store = filefilesystem_store_datadir = /var/lib/glance/images/" > /etc/glance/glance-api.confecho '---------------配置 /etc/glance/glance-registry.conf--------------'echo "[database]connection = mysql+pymysql://glance:$glance@controller/glance[keystone_authtoken]auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = $glance[paste_deploy]flavor = keystone " > /etc/glance/glance-registry.confecho '--------------同步glance數據庫和開啟glance服務------------------------' glance-manage db_syncchown -R glance.glance /etc/glance/chown -R glance.glance /var/log/glance/systemctl enable openstack-glance-api.service openstack-glance-registry.servicesystemctl start openstack-glance-api.service openstack-glance-registry.serviceecho '---------------開始配置nova--------------------------------'echo '-----------------創建nova用戶--------------------------------'openstack user create --domain default --password $nova novaecho '-----------------添加管理員角色到nova用戶和服務項目----------'openstack role add --project service --user nova adminecho '-----------------創建nova服務--------------------------------'openstack service create --name nova --description 'OpenStack Compute' computeecho '-----------------創建nova服務端口--------------------------------'openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%/(tenant_id/)sopenstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%/(tenant_id/)sopenstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%/(tenant_id/)secho '---------------/etc/nova/nova.conf--------------------------------'echo "[DEFAULT]enabled_apis = osapi_compute,metadatarpc_backend = rabbitauth_strategy = keystonemy_ip = $controlleruse_neutron = Truefirewall_driver = nova.virt.firewall.NoopFirewallDriver[api_database]connection = mysql+pymysql://nova:$nova@controller/nova_api[database]connection = mysql+pymysql://nova:$nova@controller/nova[oslo_messaging_rabbit]rabbit_host = controllerrabbit_userid = openstackrabbit_password = $rabbit[keystone_authtoken]auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = novapassword = $nova[vnc]vncserver_listen = $controllervncserver_proxyclient_address = $controller[glance]api_servers = http://controller:9292[oslo_concurrency]lock_path = /var/lib/nova/tmp " > /etc/nova/nova.confecho '-----------------同步數據庫--------------------------------'nova-manage api_db syncnova-manage db syncchown -R nova.nova /var/log/novachown -R nova.nova /etc/nova/echo '-----------------啟動服務--------------------------------'systemctl enable openstack-nova-api.service /openstack-nova-consoleauth.service openstack-nova-scheduler.service /openstack-nova-conductor.service openstack-nova-novncproxy.servicesystemctl start openstack-nova-api.service /openstack-nova-consoleauth.service openstack-nova-scheduler.service /openstack-nova-conductor.service openstack-nova-novncproxy.serviceecho '-----------------開始配置neutron--------------------------------'echo '-----------------創建neutron用戶--------------------------------'openstack user create --domain default --password $neutron neutronecho '-----------------添加管理員角色到neutron用戶和服務項目----------'openstack role add --project service --user neutron adminecho '-----------------創建neutron服務--------------------------------'openstack service create --name neutron --description 'OpenStack Networking' networkecho '-----------------創建neutron服務端口--------------------------------'openstack endpoint create --region RegionOne network public http://controller:9696openstack endpoint create --region RegionOne network internal http://controller:9696openstack endpoint create --region RegionOne network admin http://controller:9696echo '----------------/etc/neutron/neutron.conf---------------------------'echo "[database]connection = mysql+pymysql://neutron:$neutron@controller/neutron[DEFAULT]core_plugin = ml2service_plugins = routerallow_overlapping_ips = Truerpc_backend = rabbitauth_strategy = keystone[oslo_messaging_rabbit]rabbit_host = controllerrabbit_userid = openstackrabbit_password = $rabbit[keystone_authtoken]auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = neutronpassword = $neutronnotify_nova_on_port_status_changes = Truenotify_nova_on_port_data_changes = True[nova]auth_url = http://controller:35357auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultregion_name = RegionOneproject_name = serviceusername = novapassword = $nova[oslo_concurrency]lock_path = /var/lib/neutron/tmp" > /etc/neutron/neutron.confecho '-------------/etc/neutron/plugins/ml2/ml2_conf.ini-------------------------'echo "[ml2]type_drivers = flat,vlan,vxlantenant_network_types = vxlanmechanism_drivers = linuxbridge,l2populationextension_drivers = port_security[ml2_type_flat]flat_networks = provider[ml2_type_vxlan]vni_ranges = 1:1000[securitygroup]enable_ipset = True " > /etc/neutron/plugins/ml2/ml2_conf.iniecho '--------/etc/neutron/plugins/ml2/linuxbridge_agent.ini------'echo "[linux_bridge]physical_interface_mappings = provider:$dev[vxlan]enable_vxlan = Truelocal_ip = $controllerl2_population = True[securitygroup]enable_security_group = Truefirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver " > /etc/neutron/plugins/ml2/linuxbridge_agent.iniecho '--------/etc/neutron/l3_agent.ini---------------'echo "[DEFAULT]interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriverexternal_network_bridge = " > /etc/neutron/l3_agent.iniecho '---------/etc/neutron/dhcp_agent.ini---------------'echo "[DEFAULT]interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriverdhcp_driver = neutron.agent.linux.dhcp.Dnsmasqenable_isolated_metadata = True " > /etc/neutron/dhcp_agent.iniecho '----------metadata_agent.ini---------------'echo "[DEFAULT]nova_metadata_ip = controllermetadata_proxy_shared_secret = METADATA_SECRET" > /etc/neutron/metadata_agent.iniecho '----------/etc/nova/nova.conf--------------'echo "[neutron]url = http://controller:9696auth_url = http://controller:35357auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultregion_name = RegionOneproject_name = serviceusername = neutronpassword = $neutronservice_metadata_proxy = Truemetadata_proxy_shared_secret = METADATA_SECRET " >> /etc/nova/nova.confecho '----------初始化和同步neutron數據--------------'ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.inineutron-db-manage --config-file /etc/neutron/neutron.conf /--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade mitakaecho '----------修改權限---------------'chown -R neutron.neutron /var/log/neutron/chown -R neutron.neutron /etc/neutron/echo '-----------------重新啟動nova服務--------------------------------'systemctl restart openstack-nova-api.serviceecho '----------------啟動neutron服務--------------------------------'systemctl enable neutron-server.service /neutron-linuxbridge-agent.service neutron-dhcp-agent.service /neutron-metadata-agent.servicesystemctl start neutron-server.service /neutron-linuxbridge-agent.service neutron-dhcp-agent.service /neutron-metadata-agent.servicesystemctl enable neutron-l3-agent.servicesystemctl start neutron-l3-agent.serviceecho '-----------------END--------------------------------'
