openstack T版脚本解读(云计算比赛)

这篇具有很好参考价值的文章主要介绍了openstack T版脚本解读(云计算比赛)。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。


2022云计算国赛指定脚本搭建openstack T版

iaas-pre.sh

初始化脚本,用于设置两台节点的环境初始化,如修改主机名、映射、免密等

#/bin/bash
source /etc/openstack/openrc.sh
#生效环境变量

#Welcome page
cat > /etc/motd <<EOF 
 ################################
 #    Welcome  to  OpenStack    #
 ################################
EOF
#每次登录屏幕打印欢迎页面,将其写入 /etc/motd 文件
#selinux
sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
#关闭 SELinux,并在配置文件 /etc/selinux/config 中将 SELinux 禁用
#firewalld
systemctl stop firewalld
systemctl disable firewalld  >> /dev/null 2>&1
#停止并禁用 firewalld,并且把输出的日志信息丢到/dev/nll这个“回收站”里面

#NetworkManager
systemctl stop NetworkManager >> /dev/null 2>&1
systemctl disable NetworkManager >> /dev/null 2>&1
yum remove -y NetworkManager firewalld
systemctl restart network
#停止并禁用 NetworkManager,移除 NetworkManager 和 firewalld 应用程序。

#iptables
yum install  iptables-services  -y 
if [ 0  -ne  $? ]; then
        echo -e "\033[31mThe installation source configuration errors\033[0m"
        exit 1
fi
systemctl restart iptables
iptables -F
iptables -X
iptables -Z 
/usr/sbin/iptables-save
systemctl stop iptables
systemctl disable iptables
#安装 iptables 服务,并在防火墙上删除所有规则,然后停止并禁用防火墙
# install package 
sed -i -e 's/#UseDNS yes/UseDNS no/g' -e 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
#修改 SSH 配置文件 /etc/ssh/sshd_config,以禁用 DNS 解析和 GSSAPI 身份验证。
yum upgrade -y
yum install python-openstackclient openstack-selinux openstack-utils crudini expect lsof net-tools vim -y
#更新并安装openstack所需要的软件包,crudini和expect是脚本执行中需要的工具
#hosts
if [[ `ip a |grep -w $HOST_IP ` != '' ]];then 
    hostnamectl set-hostname $HOST_NAME
elif [[ `ip a |grep -w $HOST_IP_NODE ` != '' ]];then 
    hostnamectl set-hostname $HOST_NAME_NODE
else
    hostnamectl set-hostname $HOST_NAME
fi
sed -i -e "/$HOST_NAME/d" -e "/$HOST_NAME_NODE/d" /etc/hosts
echo "$HOST_IP $HOST_NAME" >> /etc/hosts
echo "$HOST_IP_NODE $HOST_NAME_NODE" >> /etc/hosts

#根据ip地址修改主机名,然后在/etc/hosts文件中做主机名映射地址
#ssh
if [[ ! -s ~/.ssh/id_rsa.pub ]];then
    ssh-keygen  -t rsa -N '' -f ~/.ssh/id_rsa -q -b 2048
fi
name=`hostname`
if [[ $name == $HOST_NAME ]];then
expect -c "set timeout -1;
               spawn ssh-copy-id  -i /root/.ssh/id_rsa $HOST_NAME_NODE;
               expect {
                   *password:* {send -- $HOST_PASS_NODE\r;
                        expect {
                            *denied* {exit 2;}
                            eof}
                    }
                   *(yes/no)* {send -- yes\r;exp_continue;}
                   eof         {exit 1;}
               }
               "
else
expect -c "set timeout -1;
               spawn ssh-copy-id  -i /root/.ssh/id_rsa $HOST_NAME;
               expect {
                   *password:* {send -- $HOST_PASS\r;
                        expect {
                            *denied* {exit 2;}
                            eof}
                    }
                   *(yes/no)* {send -- yes\r;exp_continue;}
                   eof         {exit 1;}
               }
               "
fi

#对两台机器之间做免密登录,以便于后面脚本中的两台机器的交互
#chrony
yum install -y chrony
if [[ $name == $HOST_NAME ]];then
        sed -i '3,6s/^/#/g' /etc/chrony.conf
        sed -i '7s/^/server controller iburst/g' /etc/chrony.conf
        echo "allow $network_segment_IP" >> /etc/chrony.conf
        echo "local stratum 10" >> /etc/chrony.conf
else
        sed -i '3,6s/^/#/g' /etc/chrony.conf
        sed -i '7s/^/server controller iburst/g' /etc/chrony.conf
fi

systemctl restart chronyd
systemctl enable chronyd

#时间同步服务,将controller节点的ip网段作为主时间节点,该网段在环境变量中设置$network_segment_IP,用于同步计算节点的时间
#DNS
if [[ $name == $HOST_NAME ]];then
yum install bind -y
sed -i -e '13,14s/^/\/\//g' \
-e '19s/^/\/\//g' \
-e '37,42s/^/\/\//g' \
-e 's/recursion yes/recursion no/g' \
-e 's/dnssec-enable yes/dnssec-enable no/g' \
-e 's/dnssec-validation yes/dnssec-validation no/g' /etc/named.conf 
systemctl start named.service
systemctl enable named.service
fi
printf "\033[35mPlease Reboot or Reconnect the terminal\n\033[0m"

#用于解析DNS使用,一般bind进行配置

双节点跑完pre脚本后要刷新页面,可以通过reboot重启,注意重启后检查挂载repo,或者通过ssh的方式来刷新页面,能看见登录时间即可!!

iass-install-mysql.sh

此脚本会安装数据库、rabbitmq、memcached等服务

#!/bin/bash
source /etc/openstack/openrc.sh

ping $HOST_IP -c 4 >> /dev/null 2>&1
if [ 0  -ne  $? ]; then
        echo -e "\033[31m Warning\nPlease make sure the network configuration is cor
rect!\033[0m"
        exit 1
fi

#首先生效环境变量,然后检查本地网络是否可以ping通,不通则会输出警告
#  MariaDB
yum install -y mariadb-10.3.20 mariadb-server-10.3.20 python2-PyMySQL
sed -i  "/^symbolic-links/a\default-storage-engine = innodb\ninnodb_file_per_table\n
collation-server = utf8_general_ci\ninit-connect = 'SET NAMES utf8'\ncharacter-set-s
erver = utf8\nmax_connections=10000" /etc/my.cnf
crudini --set /usr/lib/systemd/system/mariadb.service Service LimitNOFILE 10000
crudini --set /usr/lib/systemd/system/mariadb.service Service LimitNPROC 10000
systemctl daemon-reload
systemctl enable mariadb.service
systemctl restart mariadb.service

expect -c "
spawn /usr/bin/mysql_secure_installation
expect \"Enter current password for root (enter for none):\"
send \"\r\"
expect \"Set root password?\"
send \"y\r\"
expect \"New password:\"
send \"$DB_PASS\r\"
expect \"Re-enter new password:\"
send \"$DB_PASS\r\"
expect \"Remove anonymous users?\"
send \"y\r\"
expect \"Disallow root login remotely?\"
send \"n\r\"
expect \"Remove test database and access to it?\"
send \"y\r\"
expect \"Reload privilege tables now?\"
send \"y\r\"
expect eof
"

#安装mariadb数据库服务,并且在/etc/my.cnf配置文件中做相关调优,然后创建root数据库密码,该密码在环境变量中设置
# RabbitMQ
yum install rabbitmq-server -y
systemctl start rabbitmq-server.service
systemctl enable rabbitmq-server.service

rabbitmqctl add_user $RABBIT_USER $RABBIT_PASS
rabbitmqctl set_permissions $RABBIT_USER ".*" ".*" ".*"

#rabbit服务用于所有组件的消息传递,脚本中创建了openstack这个用户和密码000000,并设置用户权限
# Memcache
yum install memcached python-memcached -y
sed -i  -e 's/OPTIONS.*/OPTIONS="-l 127.0.0.1,::1,'$HOST_NAME'"/g' /etc/sysconfig/memcached

systemctl start memcached.service
systemctl enable memcached.service

#安装memcache缓存服务,并在/etc/sysconfig/memcached配置文件中做相关配置
# ETCD
yum install etcd -y
cp -a /etc/etcd/etcd.conf{,.bak}
sed -i -e 's/#ETCD_LISTEN_PEER_URLS.*/ETCD_LISTEN_PEER_URLS="http:\/\/'$HOST_IP':2380"/g' \
-e 's/^ETCD_LISTEN_CLIENT_URLS.*/ETCD_LISTEN_CLIENT_URLS="http:\/\/'$HOST_IP':2379"/g' \
-e 's/^ETCD_NAME="default"/ETCD_NAME="'$HOST_NAME'"/g' \
-e 's/#ETCD_INITIAL_ADVERTISE_PEER_URLS.*/ETCD_INITIAL_ADVERTISE_PEER_URLS="http:\/\/'$HOST_IP':2380"/g' \
-e 's/^ETCD_ADVERTISE_CLIENT_URLS.*/ETCD_ADVERTISE_CLIENT_URLS="http:\/\/'$HOST_IP':2379"/g' \
-e 's/#ETCD_INITIAL_CLUSTER=.*/ETCD_INITIAL_CLUSTER="'$HOST_NAME'=http:\/\/'$HOST_IP':2380"/g' \
-e 's/#ETCD_INITIAL_CLUSTER_TOKEN.*/ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"/g' \
-e 's/#ETCD_INITIAL_CLUSTER_STATE.*/ETCD_INITIAL_CLUSTER_STATE="new"/g' /etc/etcd/etcd.conf
systemctl start etcd

#etcd 被用作服务注册和发现机制,它可以记录当前哪些服务正在运行,以及它们的地址和端口等信息。这使得 
#OpenStack 组件可以互相发现和连接到彼此,并协同工作,以实现高可用性和可扩展性。

iass-install-keystone.sh

安装 Keystone 服务

#!/bin/bash
source /etc/openstack/openrc.sh

#keystone mysql
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS keystone ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$KEYSTONE_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$KEYSTONE_DBPASS' ;"

#生效环境变量,然后在数据库中创建keystone数据库,以及授权远程访问
#install keystone
yum install openstack-keystone httpd mod_wsgi -y

#安装keystone软件包
#/etc/keystone/keystone.conf
openstack-config --set /etc/keystone/keystone.conf database connection  mysql+pymysql://keystone:$KEYSTONE_DBPASS@$HOST_NAME/keystone
openstack-config --set /etc/keystone/keystone.conf token provider  fernet

#使用openstack-config工具修改/etc/keystone/keystone.conf文件,配置keystone的数据库连接,令牌认证等
su -s /bin/sh -c "keystone-manage db_sync" keystone

#keystone用户执行此命令连接数据库
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

#生成用于加密和解密身份认证令牌的 Fernet 密钥,这里指定了使用 keystone 
#用户和组来管理密钥。

keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

#配置 Keystone 数据库,用于存储和管理用户、服务、角色和权限等身份认证信
#息,同样指定了使用 keystone 用户和组

keystone-manage bootstrap --bootstrap-password $ADMIN_PASS \
    --bootstrap-admin-url http://$HOST_NAME:5000/v3/ \
    --bootstrap-internal-url http://$HOST_NAME:5000/v3/ \
    --bootstrap-public-url http://$HOST_NAME:5000/v3/ \
    --bootstrap-region-id RegionOne

#创建用于管理 Keystone 的管理员账号,并配置 Keystone API 的 URL 和区域 ID。其中,$ADMIN_PASS 是管理员账号的密码
sed -i "s/#ServerName www.example.com:80/ServerName $HOST_NAME/g" /etc/httpd/conf/httpd.conf 
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/  
systemctl enable httpd.service
systemctl restart httpd.service

#配置apahce的默认主机名为controller,然后创建一个软连接,最后重启服务
export OS_USERNAME=admin
export OS_PASSWORD=$ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://$HOST_NAME:5000/v3
export OS_IDENTITY_API_VERSION=3

#设置一个临时的环境变量,里面写入了临时amdin用户的相关信息
openstack domain create --description "Default Domain" $DOMAIN_NAME
openstack project create --domain $DOMAIN_NAME  --description "Admin project" myadmin
openstack user create --domain $DOMAIN_NAME  --password $ADMIN_PASS myadmin
openstack role add --project myadmin --user myadmin admin

#创建了默认域,admin租户、myadmin用户、并赋予了admin角色
export OS_USERNAME=myadmin
export OS_PASSWORD=$ADMIN_PASS
export OS_PROJECT_NAME=myadmin
export OS_USER_DOMAIN_NAME=$DOMAIN_NAME
export OS_PROJECT_DOMAIN_NAME=$DOMAIN_NAME
export OS_AUTH_URL=http://$HOST_NAME:5000/v3
export OS_IDENTITY_API_VERSION=3

# 创建了一个myadmin用户,以及相关信息
openstack project delete admin
#删除临时admin项目

openstack project set --name admin --domain $DOMAIN_NAME --description "Admin Project" --enable myadmin
#创建一个admin项目并设置myadmin为该项目的管理员

export OS_PROJECT_NAME=admin
#设置项目名为admin

openstack user delete admin
openstack user set --name admin --domain $DOMAIN_NAME --project admin --project-domain $DOMAIN_NAME  --password $ADMIN_PASS --enable myadmin 
#创建一个admin用户,并绑定admin项目,和域,设置密码并启动该用户myadmin为管理员用户

export OS_USERNAME=admin
#设置用户名为admin

openstack role add --project admin --user admin admin
#给admin用户赋予admin角色

openstack project create --domain $DOMAIN_NAME --description "Service Project" service
openstack project create --domain $DOMAIN_NAME --description "Demo Project" demo
#创建admin项目和demo项目

openstack user create --domain $DOMAIN_NAME --password $DEMO_PASS demo
openstack role create user
openstack role add --project demo --user demo user
创建一个demo普通用户,并赋予普通user角色
cat > /etc/keystone/admin-openrc.sh <<-EOF
export OS_PROJECT_DOMAIN_NAME=$DOMAIN_NAME
export OS_USER_DOMAIN_NAME=$DOMAIN_NAME
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=$ADMIN_PASS
export OS_AUTH_URL=http://$HOST_NAME:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF

#将管理员用户的环境变量写入/etc/keystone/admin-openrc.sh,作为平台管理员使用

cat > /etc/keystone/demo-openrc.sh <<-EOF
export OS_PROJECT_DOMAIN_NAME=$DOMAIN_NAME
export OS_USER_DOMAIN_NAME=$DOMAIN_NAME
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=$DEMO_PASS
export OS_AUTH_URL=http://$HOST_NAME:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF

#将普通用户的环境变量写入/etc/keystone/demo-openrc.sh

source /etc/keystone/admin-openrc.sh 

#生效环境变量,管理员用户开始生效使用,如果后续出现权限问题,可尝试生效环境变量

iass-install-glance.sh

安装镜像服务

#!/bin/bash
source /etc/openstack/openrc.sh
source /etc/keystone/admin-openrc.sh

#生效环境变量

#glance mysql
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS glance ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost'
 IDENTIFIED BY '$GLANCE_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIF
IED BY '$GLANCE_DBPASS' ;"

#创建glance数据库,并授权远程登录
#glance user role service endpoint 
openstack user create --domain $DOMAIN_NAME --password $GLANCE_PASS glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://$HOST_NAME:9292
openstack endpoint create --region RegionOne image internal http://$HOST_NAME:9292
openstack endpoint create --region RegionOne image admin http://$HOST_NAME:9292

#创建glance用户、项目、服务、以及端点
#glance install 安装软件包
yum install -y openstack-glance 

#/etc/glance/glance-api.conf
openstack-config --set /etc/glance/glance-api.conf database connection  mysql+pymysq
l://glance:$GLANCE_DBPASS@$HOST_NAME/glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri   http://$HOST_NAME:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url  http://$HOST_NAME:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers  $HOST_NAME:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type  password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name  $DOMAIN_NAME
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name  $DOMAIN_NAME
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name  service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username  glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password  $GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
#在/etc/glance/glance-api.conf配置了glance的keystone认证信息

openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store $DOMAIN_NAME'_store' file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir  /var/lib/glance/images/

#配置了镜像的存储位置和格式
#/etc/glance/glance-registry.conf
openstack-config --set /etc/glance/glance-registry.conf database connection  mysql+pymysql://glance:$GLANCE_DBPASS@$HOST_NAME/glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri  http://$HOST_NAME:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url  http://$HOST_NAME:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers  $HOST_NAME:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type  password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name  $DOMAIN_NAME
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name  $DOMAIN_NAME
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name  service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username  glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password  $GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone

#通过/etc/glance/glance-registry.conf文件主要配置glance和数据库的连接,keystone的认证
#su glance mysql
su -s /bin/sh -c "glance-manage db_sync" glance
#通过glance用户连接数据库

systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl restart openstack-glance-api.service openstack-glance-registry.service

#设置glance服务开机自启,并重新启动

iass-install-placement.sh

安装资源管理和调度服务

#!/bin/bash
source /etc/openstack/openrc.sh
source /etc/keystone/admin-openrc.sh
#生效环境变量

#placement mysql
mysql -uroot -p$DB_PASS -e "CREATE DATABASE placement;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'loca
lhost' IDENTIFIED BY '$PLACEMENT_DBPASS';"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' I
DENTIFIED BY '$PLACEMENT_DBPASS';"

#创建placement数据库,并授权远程访问
#placement user role service endpoint
openstack user create --domain $DOMAIN_NAME --password $PLACEMENT_PASS placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://$HOST_NAME:8778
openstack endpoint create --region RegionOne placement internal http://$HOST_NAME:87
78
openstack endpoint create --region RegionOne placement admin http://$HOST_NAME:8778

#创建placement用户并赋予admin角色、服务、以及端点
#placement install 安装placement软件包
yum install openstack-placement-api python2-pip -y

#/etc/placement/placement.conf
openstack-config --set  /etc/placement/placement.conf api auth_strategy  keystone 
openstack-config --set  /etc/placement/placement.conf keystone_authtoken auth_url  http://$HOST_NAME:5000/v3
openstack-config --set  /etc/placement/placement.conf keystone_authtoken memcached_servers  $HOST_NAME:11211
openstack-config --set  /etc/placement/placement.conf keystone_authtoken auth_type  password
openstack-config --set  /etc/placement/placement.conf keystone_authtoken project_domain_name  $DOMAIN_NAME
openstack-config --set  /etc/placement/placement.conf keystone_authtoken user_domain_name  $DOMAIN_NAME
openstack-config --set  /etc/placement/placement.conf keystone_authtoken project_name  service 
openstack-config --set  /etc/placement/placement.conf keystone_authtoken username  placement 
openstack-config --set  /etc/placement/placement.conf keystone_authtoken password  $PLACEMENT_PASS  
openstack-config --set  /etc/placement/placement.conf placement_database connection  mysql+pymysql://placement:$PLACEMENT_DBPASS@$HOST_NAME/placement

#通过/etc/placement/placement.conf配置keystone认证服务、数据库的连接

#su placement mysql
su -s /bin/sh -c "placement-manage db sync" placement
#通过placement用户连接数据库

#/etc/httpd/conf.d/00-placement-api.conf 
cat >> /etc/httpd/conf.d/00-placement-api.conf <<EOF
<Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>   
</Directory>
EOF

#配置httpd的版本为2.4,不然版本过高会报错

iass-install-nova-con/com.sh

计算服务组件

iaas-install-nova-controller.sh

#!/bin/bash
source /etc/openstack/openrc.sh
source /etc/keystone/admin-openrc.sh
#生效环境变量

#neutron mysql
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS nova ;"
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS nova_api ;"
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS nova_cell0 ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDE
NTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED 
BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '$NOVA_DBPASS' ;"

#创建nova相关的数据库,以及授权远程访问
#nova user role service endpoint
openstack user create --domain $DOMAIN_NAME --password $NOVA_PASS nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://$HOST_NAME:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://$HOST_NAME:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://$HOST_NAME:8774/v2.1

#创建nova用户并赋予admin角色,创建计算服务和端点
#nova install 安装nova软件包
yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y

#/etc/nova/nova.conf
openstack-config --set  /etc/nova/nova.conf DEFAULT enabled_apis  osapi_compute,metadata
openstack-config --set  /etc/nova/nova.conf DEFAULT my_ip $HOST_IP
openstack-config --set  /etc/nova/nova.conf DEFAULT use_neutron  true 
openstack-config --set  /etc/nova/nova.conf DEFAULT firewall_driver  nova.virt.firewall.NoopFirewallDriver
openstack-config --set  /etc/nova/nova.conf DEFAULT transport_url  rabbit://openstack:$RABBIT_PASS@$HOST_NAME
#nova只有一个配置文件/etc/nova/nova.conf,此处配置rabbit消息队列连接

openstack-config --set  /etc/nova/nova.conf api_database connection  mysql+pymysql://nova:$NOVA_DBPASS@$HOST_NAME/nova_api
#nova_api连接数据库

openstack-config --set  /etc/nova/nova.conf database connection  mysql+pymysql://nova:$NOVA_DBPASS@$HOST_NAME/nova
#nova连接数据库

openstack-config --set  /etc/nova/nova.conf api auth_strategy  keystone 

openstack-config --set  /etc/nova/nova.conf keystone_authtoken www_authenticate_uri  http://$HOST_NAME:5000/
openstack-config --set  /etc/nova/nova.conf keystone_authtoken auth_url  http://$HOST_NAME:5000/
openstack-config --set  /etc/nova/nova.conf keystone_authtoken memcached_servers  $HOST_NAME:11211
openstack-config --set  /etc/nova/nova.conf keystone_authtoken auth_type  password
openstack-config --set  /etc/nova/nova.conf keystone_authtoken project_domain_name  $DOMAIN_NAME
openstack-config --set  /etc/nova/nova.conf keystone_authtoken user_domain_name  $DOMAIN_NAME
openstack-config --set  /etc/nova/nova.conf keystone_authtoken project_name  service 
openstack-config --set  /etc/nova/nova.conf keystone_authtoken username  nova 
openstack-config --set  /etc/nova/nova.conf keystone_authtoken password  $NOVA_PASS
#配置keystone认证信息

openstack-config --set  /etc/nova/nova.conf vnc enabled true
openstack-config --set  /etc/nova/nova.conf vnc server_listen $HOST_IP
openstack-config --set  /etc/nova/nova.conf vnc server_proxyclient_address $HOST_IP
#vnc配置nova创建的虚拟机的网页控制台连接地址

openstack-config --set  /etc/nova/nova.conf glance api_servers  http://$HOST_NAME:9292
#对接glance服务

openstack-config --set  /etc/nova/nova.conf oslo_concurrency lock_path  /var/lib/nova/tmp 
#锁文件用于控制对共享资源的并发访问,以防止并发访问冲突。存储位置为/var/lib/nova/tmp 

openstack-config --set  /etc/nova/nova.conf placement region_name RegionOne
openstack-config --set  /etc/nova/nova.conf placement project_domain_name $DOMAIN_NAME
openstack-config --set  /etc/nova/nova.conf placement project_name service
openstack-config --set  /etc/nova/nova.conf placement auth_type password
openstack-config --set  /etc/nova/nova.conf placement user_domain_name $DOMAIN_NAME
openstack-config --set  /etc/nova/nova.conf placement auth_url http://$HOST_NAME:5000/v3
openstack-config --set  /etc/nova/nova.conf placement username placement
openstack-config --set  /etc/nova/nova.conf placement password $PLACEMENT_PASS
#配置 placement服务的认证信息

openstack-config --set  /etc/nova/nova.conf scheduler discover_hosts_in_cells_interval 300

#配置主机发现,这个参数用于控制nova调度器检测可用的计算节点的时间间隔,这里设置为300秒(5分钟)

```powershell
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova 
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova

#用nova用户连接数据库
#su nova mysql
systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service  
#重启nova服务,并设置开机自启动

openstack flavor create --id 1 --vcpus 1 --ram 512 --disk 10 m1.tiny 
openstack flavor create --id 2 --vcpus 1 --ram 1024 --disk 20 m1.small
openstack flavor create --id 3 --vcpus 2 --ram 2048 --disk 40 m1.medium 

#创建三个云主机类型

iaas-install-nova-compute.sh

#!/bin/bash
source /etc/openstack/openrc.sh
#生效环境变量

#nova-compute install 安装nova-compute软件包
yum install openstack-nova-compute -y
#/etc/nova/nova.conf
openstack-config --set  /etc/nova/nova.conf DEFAULT my_ip $HOST_IP
openstack-config --set  /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set  /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewa
ll.NoopFirewallDriver
openstack-config --set  /etc/nova/nova.conf DEFAULT enabled_apis  osapi_compute,metadata
openstack-config --set  /etc/nova/nova.conf DEFAULT transport_url  rabbit://$RABBIT_USER:$RABBIT_PASS@$HOST_NAME
#配置rabbitmq消息队列连接

openstack-config --set  /etc/nova/nova.conf api auth_strategy  keystone 
#配置认证类型为keystone

openstack-config --set  /etc/nova/nova.conf keystone_authtoken www_authenticate_uri http://$HOST_NAME:5000/
openstack-config --set  /etc/nova/nova.conf keystone_authtoken auth_url http://$HOST_NAME:5000/
openstack-config --set  /etc/nova/nova.conf keystone_authtoken memcached_servers $HOST_NAME:11211
openstack-config --set  /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set  /etc/nova/nova.conf keystone_authtoken project_domain_name $DOMAIN_NAME
openstack-config --set  /etc/nova/nova.conf keystone_authtoken user_domain_name $DOMAIN_NAME
openstack-config --set  /etc/nova/nova.conf keystone_authtoken project_name  service
openstack-config --set  /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set  /etc/nova/nova.conf keystone_authtoken password $NOVA_PASS
#配置keystone认证信息

openstack-config --set  /etc/nova/nova.conf vnc enabled True
openstack-config --set  /etc/nova/nova.conf vnc server_listen 0.0.0.0
openstack-config --set  /etc/nova/nova.conf vnc server_proxyclient_address  $HOST_IP_NODE
#配置vnc监控地址,以及连接地址

openstack-config --set  /etc/nova/nova.conf vnc novncproxy_base_url  http://$HOST_IP:6080/vnc_auto.html
#配置vnc连接网页地址

openstack-config --set  /etc/nova/nova.conf glance api_servers http://$HOST_NAME:9292
#对接glance服务

openstack-config --set  /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
#配置锁文件路径

openstack-config --set  /etc/nova/nova.conf placement region_name RegionOne
openstack-config --set  /etc/nova/nova.conf placement project_domain_name $DOMAIN_NAME
openstack-config --set  /etc/nova/nova.conf placement project_name service
openstack-config --set  /etc/nova/nova.conf placement auth_type password
openstack-config --set  /etc/nova/nova.conf placement user_domain_name $DOMAIN_NAME
openstack-config --set  /etc/nova/nova.conf placement auth_url http://$HOST_NAME:5000/v3
openstack-config --set  /etc/nova/nova.conf placement username placement
openstack-config --set  /etc/nova/nova.conf placement password $PLACEMENT_PASS
#配置placement连接信息
virt_num=`egrep -c '(vmx|svm)' /proc/cpuinfo`
if [ $virt_num = '0' ];then
crudini --set /etc/nova/nova.conf libvirt virt_type  qemu
fi
#检查本地机器是否支持虚拟化,如果数值等于0,则改成qemu虚拟化类型
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl restart libvirtd.service openstack-nova-compute.service
#设置nova-compute服务开机自启,并重启nova-compute服务

ssh  $HOST_IP "source /etc/keystone/admin-openrc.sh && openstack compute service list --service nova-compute"
ssh  $HOST_IP 'source /etc/keystone/admin-openrc.sh && su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova'

#远程连接到controller节点配置主机发现

iass-install-neutron-con/com.sh

网络组件安装

aas-install-neutron-controller.sh

#!/bin/bash
source /etc/openstack/openrc.sh
source /etc/keystone/admin-openrc.sh
#生效环境变量

#neutron mysql
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS neutron ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhos
t' IDENTIFIED BY '$NEUTRON_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENT
IFIED BY '$NEUTRON_DBPASS' ;"

#创建neutron数据库,并授权远程访问
#neutron  user role service endpoint 
openstack user create --domain $DOMAIN_NAME --password $NEUTRON_PASS neutron

openstack role add --project service --user neutron admin

openstack service create --name neutron --description "OpenStack Networking" network

openstack endpoint create --region RegionOne network public http://$HOST_NAME:9696
openstack endpoint create --region RegionOne network internal http://$HOST_NAME:9696
openstack endpoint create --region RegionOne network admin http://$HOST_NAME:9696
#创建neutron用户并赋予admin角色,network服务,以及端点

#neutron install 安装neutron软件包
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
#network
if [[ `ip a |grep -w $INTERFACE_IP |grep -w $INTERFACE_NAME` = '' ]];then 
cat > /etc/sysconfig/network-scripts/ifcfg-$INTERFACE_NAME <<EOF
DEVICE=$INTERFACE_NAME
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
EOF
systemctl restart network
fi

#修改第二张网卡,作为云主机的网络提供
#/etc/neutron/neutron.conf
openstack-config --set /etc/neutron/neutron.conf database connection  mysql+pymysql://neutron:$NEUTRON_DBPASS@$HOST_NAME/neutron
#配置数据库连接

openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin  ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins  router
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips  true
#配置网络连接插件

openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url  rabbit://$RABBIT_USER:$RABBIT_PASS@$HOST_NAME
#配置连接rabbimq消息队列连接

openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy  keystone
#认证方式为keystone

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://$HOST_NAME:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url  http://$HOST_NAME:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers  $HOST_NAME:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type  password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name  $DOMAIN_NAME
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name  $DOMAIN_NAME
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name  service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username  neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password  $NEUTRON_PASS
#配置keystone认证信息

openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes  true
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes  true
#设置为 "true" 时表示当 neutron 管理的端口状态改变时,会发送通知给 nova 服务。

openstack-config --set /etc/neutron/neutron.conf nova auth_url  http://$HOST_NAME:5000
openstack-config --set /etc/neutron/neutron.conf nova auth_type  password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name  $DOMAIN_NAME
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name  $DOMAIN_NAME
openstack-config --set /etc/neutron/neutron.conf nova region_name  RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name  service
openstack-config --set /etc/neutron/neutron.conf nova username  nova
openstack-config --set /etc/neutron/neutron.conf nova password  $NOVA_PASS
#配置对接nova的连接信息

openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path  /var/lib/neutron/tmp

#配置锁文件路径
#/etc/neutron/plugins/ml2/ml2_conf.ini
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers  flat,vlan,vxlan,gre,local
#设置网卡配置模式

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types  vxlan
#设置租户网络类型为vxlan

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers  linuxbridge,l2population
#将Linux Bridge和L2 Population机制驱动程序配置为ML2插件的机制驱动程序。

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers  port_security
#将Port Security扩展驱动程序配置为ML2插件的扩展驱动程序。

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks  $Physical_NAME
#将Flat类型的网络配置为使用指定的物理网络名称

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vlan network_vlan_ranges $Physical_NAME:$minvlan:$maxvlan
#将VLAN类型的网络配置为使用指定的物理网络名称、最小VLAN ID和最大VLAN ID。

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges  $minvlan:$maxvlan
#将VXLAN类型的网络配置为使用指定的VNI范围,即最小VNI和最大VNI

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset  true

#将安全组配置为启用IP集成,这意味着它将使用Linux内核中的IP集成来优化防火墙规则。
#/etc/neutron/plugins/ml2/linuxbridge_agent.ini
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings  provider:$INTERFACE_NAME
#将物理网络接口映射到 Linux Bridge。

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan  true
#启用 VXLAN 

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip  $HOST_IP
#设置 VXLAN 的本地 IP 地址

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population  true
#启用 VXLAN 的 L2 Population 功能。可以提高网络的性能和可扩展性

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group  true
#启用安全组功能。安全组是一种虚拟网络的访问控制机制,可以限制虚拟机的网络访问权限

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver  neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

#设置防火墙驱动程序。防火墙驱动程序是用于实现安全组功能的一个组件。
#br_netfilter
modprobe br_netfilter 
#加载内核模块 br_netfilter,它允许 Linux 内核通过 netfilter 框架来处理桥接网络数据包。

echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
#将两个内核参数写入 /etc/sysctl.conf 文件中
#允许 Linux 内核在 iptables 防火墙规则中使用 netfilter 框架来处理桥接网络数据包

sysctl -p
sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables

#生效,并重新加载
#/etc/neutron/l3_agent.ini
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver  linuxbridge

#接口类型为网桥
#/etc/neutron/dhcp_agent.ini
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver  linuxbridge
#设置DHCP代理将使用Linux桥接驱动程序来与Linux内核网络堆栈交互,以便在OpenStack云中实现虚拟网络功能。

openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver  neutron.agent.linux.dhcp.Dnsmasq
#DHCP代理将使用Dnsmasq 

openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata  true

#DHCP代理将使用隔离的元数据服务来获取OpenStack云中的虚拟机元数据。
#/etc/neutron/metadata_agent.ini
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host  $HOST_NAME
#设置Neutron元数据代理从哪里获取虚拟机的元数据信息。

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret $METADATA_SECRET

#于确保元数据代理和Nova元数据服务之间的通信是安全的。
#/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf neutron auth_url  http://$HOST_NAME:5000
openstack-config --set /etc/nova/nova.conf neutron auth_type  password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name  $DOMAIN_NAME
openstack-config --set /etc/nova/nova.conf neutron user_domain_name  $DOMAIN_NAME
openstack-config --set /etc/nova/nova.conf neutron region_name  RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name  service
openstack-config --set /etc/nova/nova.conf neutron username  neutron
openstack-config --set /etc/nova/nova.conf neutron password  $NEUTRON_PASS
openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy  true
openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret  $METADATA_SECRET

#用于在nova中配置neutron认证
#su neutron mysql
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
#软连接

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
#用neutron用户创建数据库

systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service  neutron-linuxbridge-agent.service  neutron-dhcp-agent.service neutron-metadata-agent  neutron-l3-agent
systemctl start neutron-server.service   neutron-linuxbridge-agent.service  neutron-dhcp-agent.service neutron-metadata-agent   neutron-l3-agent

#重启并开机自启动neutron服务

iaas-install-neutron-compute.sh

#!/bin/bash
source /etc/openstack/openrc.sh
#生效环境变量

#neutron install 安装neutron软件包
yum install -y openstack-neutron-linuxbridge ebtables ipset

#network
if [[ `ip a |grep -w $INTERFACE_IP |grep -w $INTERFACE_NAME` = '' ]];then 
cat > /etc/sysconfig/network-scripts/ifcfg-$INTERFACE_NAME <<EOF
DEVICE=$INTERFACE_NAME
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
EOF
systemctl restart network
fi

#将第二张网卡配置云主机的提供网卡
#/etc/neutron/neutron.conf
openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url  rabbit://$RABBIT_USER:$RABBIT_PASS@$HOST_NAME
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri  http://$HOST_NAME:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://$HOST_NAME:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers $HOST_NAME:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name $DOMAIN_NAME
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name $DOMAIN_NAME
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password $NEUTRON_PASS

openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp

#配置同上
#/etc/neutron/plugins/ml2/linuxbridge_agent.ini
openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings  provider:$INTERFACE_NAME
openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan  enable_vxlan  True
openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan  local_ip  $HOST_IP_NODE
openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true
openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup  enable_security_group  True 
openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup  firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

#配置同上
#br_netfilter
modprobe br_netfilter 
#加载内核模块 br_netfilter,它允许 Linux 内核通过 netfilter 框架来处理桥接网络数据包。

echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
#将两个内核参数写入 /etc/sysctl.conf 文件中
#允许 Linux 内核在 iptables 防火墙规则中使用 netfilter 框架来处理桥接网络数据包

sysctl -p
sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables

#生效,并重新加载
#/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf neutron url http://$HOST_NAME:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://$HOST_NAME:5000
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name $DOMAIN_NAME
openstack-config --set /etc/nova/nova.conf neutron user_domain_name $DOMAIN_NAME
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service 
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password $NEUTRON_PASS
#在nova中配置neutron认证

systemctl restart openstack-nova-compute.service
systemctl restart neutron-linuxbridge-agent.service
systemctl enable neutron-linuxbridge-agent.service

#重启nova-compute服务,以及neutron服务,并设置开机自启

iass-install-dashboard.sh

openstack网页管理界面

#!/bin/bash
source /etc/openstack/openrc.sh
source /etc/keystone/admin-openrc.sh
#生效环境变量

#dashboard install 安装dashboard软件包
yum install openstack-dashboard -y
#/etc/openstack-dashboard/local_settings
sed -i '/^OPENSTACK_HOST/s#127.0.0.1#'$HOST_NAME'#' /etc/openstack-dashboard/local_settings
#替换为控制节点主机名

sed -i "/^ALLOWED_HOSTS/s#\[.*\]#['*']#" /etc/openstack-dashboard/local_settings
#允许所有主机访问该服务

sed -i '/TIME_ZONE/s#UTC#Asia/Shanghai#' /etc/openstack-dashboard/local_settings
#设置时间区域为上海

sed -i '/^#SESSION_ENGINE/s/#//' /etc/openstack-dashboard/local_settings
#解开注释,即启用缓存作为session存储的后端

sed -i "/^SESSION_ENGINE/s#'.*'#'django.contrib.sessions.backends.cache'#" /etc/openstack-dashboard/local_settings

#将session存储后端切换为缓存。这样可以提高session访问的效率和性能。
cat >> /etc/openstack-dashboard/local_settings  <<EOF
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "$DOMAIN_NAME"
#指定了openstack api的版本,默认角色默认域


CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': '$HOST_NAME:11211',
    }
}
#定义了OpenStack Dashboard使用的缓存服务。具体来说,它使用了Memcached作为缓存后端,并将缓存服务
#的地址设置为$HOST_NAME:11211,其中$HOST_NAME是一个环境变量,表示缓存服务所在的主机名。

WEBROOT = '/dashboard/'
#定义了OpenStack Dashboard的Web根路径为/dashboard/,即在Web服务器上访问OpenStack Dashboard的路径。
EOF
#/etc/httpd/conf.d/openstack-dashboard.conf
sed  -e '4iWSGIApplicationGroup %{GLOBAL}' /etc/httpd/conf.d/openstack-dashboard.conf 

#确保Dashboard使用全局的WSGI应用程序组,以确保在部署过程中能够正常运行
#rebuild dashboard
cd /usr/share/openstack-dashboard && python manage.py make_web_conf --apache > /etc/httpd/conf.d/openstack-dashboard.conf
#确保Dashboard在Apache服务器上的正确配置,以便在Web浏览器中访问和使用Horizon Dashboard。


ln -s /etc/openstack-dashboard /usr/share/openstack-dashboard/openstack_dashboard/conf
#软连接

sed -i "s:WSGIScriptAlias / :WSGIScriptAlias /dashboard :" /etc/httpd/conf.d/openstack-dashboard.conf
#将 Dashboard 应用部署到 /dashboard 目录下。

sed -i "s:Alias /static:Alias /dashboard/static:" /etc/httpd/conf.d/openstack-dashboard.conf
#配置网站时能够正确加载静态文件。

systemctl restart httpd.service memcached.service

#重启httpd和缓存服务
#/root/logininfo.txt
printf "\033[35mThe horizon service is ready,Now you can visit the following;\n\033[0m"
echo  浏览器访问:http://$HOST_IP/dashboard
echo  域:$DOMAIN_NAME
echo  用户名:admin
echo  密码:"${ADMIN_PASS}"
echo  信息输出到root目录下的logininfo.txt中了。
#打印信息到屏幕

cat  >> /root/logininfo.txt << EOF
浏览器访问:http://$HOST_IP/dashboard
域:$DOMAIN_NAME  
用户名:admin  
密码:"${ADMIN_PASS}" 

#输出信息到文件中

iass-install-cinder-con/com.sh

iaas-install-cinder-controller.sh

安装卷存储服务文章来源地址https://www.toymoban.com/news/detail-753714.html

#!/bin/bash
source /etc/openstack/openrc.sh
source /etc/keystone/admin-openrc.sh
#生效环境变量

#cinder mysql
mysql -uroot -p$DB_PASS -e "create database cinder;"
mysql -uroot -p$DB_PASS -e "grant all privileges on cinder.* to 'cinder'@'%' identif
ied by '$CINDER_DBPASS';"
mysql -uroot -p$DB_PASS -e "grant all privileges on cinder.* to 'cinder'@'localhost'
 identified by '$CINDER_DBPASS';"

#创建cinder数据库,并授权远程访问
#cinder user role service endpoint 
openstack user create --domain $DOMAIN_NAME --password $CINDER_PASS cinder
openstack role add --project service --user cinder admin

openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
#创建cinder用户赋予admin角色,创建两个卷服务

openstack endpoint create --region RegionOne volumev2 public http://$HOST_NAME:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://$HOST_NAME:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://$HOST_NAME:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 public http://$HOST_NAME:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 internal http://$HOST_NAME:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 admin http://$HOST_NAME:8776/v3/%\(project_id\)s

#创建端点
#cinder install 安装cinder软件包
yum install openstack-cinder -y

#/etc/cinder/cinder.conf
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:$CINDER_DBPASS@$HOST_NAME/cinder
openstack-config --set /etc/cinder/cinder.conf DEFAULT transport_url rabbit://$RABBIT_USER:$RABBIT_PASS@$HOST_NAME
openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken www_authenticate_uri http://$HOST_NAME:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://$HOST_NAME:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers $HOST_NAME:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_name $DOMAIN_NAME
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_name $DOMAIN_NAME
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password $CINDER_PASS
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip $HOST_IP
openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp
#配置keystone认证信息和文件锁
#/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf cinder os_region_name RegionOne
#Cinder组件用来确定云中数据存储区域的标识符

#su cinder mysql
su -s /bin/sh -c "cinder-manage db sync" cinder
#通过cinder用户连接数据库

systemctl restart openstack-nova-api.service
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl restart openstack-cinder-api.service openstack-cinder-scheduler.service httpd

#重启nova-api服务,cinder服务并开机自启动

iaas-install-cinder-compute.sh

#!/bin/bash
source /etc/openstack/openrc.sh
#生效环境变量

#cinder install 安装软件包
yum install lvm2 device-mapper-persistent-data  openstack-cinder targetcli python-ke
ystone -y

systemctl enable lvm2-lvmetad.service
systemctl restart lvm2-lvmetad.service

#重启并设置开机自启动lvm服务
#Create a disk for cinder volumes
pvcreate /dev/$BLOCK_DISK
#创建物理卷

vgcreate cinder-volumes /dev/$BLOCK_DISK
#创建卷组
partprobe 
#刷新分区表,以便内核重新读取

#sed -i  '/^        filter/d' /etc/lvm/lvm.conf
#sed -i  '/^devices/a\        filter = ["a/sdb/", "a/sda/",  "r/.*/"]' /etc/lvm/lvm.conf
#sed -i  "s/sdz/$BLOCK_DISK/g" /etc/lvm/lvm.conf
#partprobe
#/etc/cinder/cinder.conf
openstack-config --set /etc/cinder/cinder.conf database connection  mysql+pymysql://cinder:$CINDER_DBPASS@$HOST_NAME/cinder
#连接数据库

openstack-config --set /etc/cinder/cinder.conf DEFAULT transport_url  rabbit://$RABBIT_USER:$RABBIT_PASS@$HOST_NAME
#连接rabbit消息队列

openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy  keystone
#配置keystone为认证服务

openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip $HOST_IP_NODE
#配置cinder地址

openstack-config --set /etc/cinder/cinder.conf DEFAULT enabled_backends  lvm
#配置后端存储类型为lvm

openstack-config --set /etc/cinder/cinder.conf DEFAULT glance_api_servers  http://$HOST_NAME:9292
#配置cinder的api地址和端口号

openstack-config --set /etc/cinder/cinder.conf keystone_authtoken www_authenticate_uri  http://$HOST_NAME:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url  http://$HOST_NAME:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers  $HOST_NAME:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type  password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_name $DOMAIN_NAME
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_name $DOMAIN_NAME
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name  service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username  cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password  $CINDER_PASS
#配置keystone认证的信息

openstack-config --set /etc/cinder/cinder.conf lvm volume_driver  cinder.volume.drivers.lvm.LVMVolumeDriver
#指定LVM(逻辑卷管理器)驱动来管理Cinder卷。

openstack-config --set /etc/cinder/cinder.conf lvm volume_group  cinder-volumes
#指定LVM卷组的名称,该卷组将用于存储Cinder卷。

openstack-config --set /etc/cinder/cinder.conf lvm iscsi_protocol  iscsi
#指定使用iSCSI协议来访问Cinder卷。

openstack-config --set /etc/cinder/cinder.conf lvm iscsi_helper  lioadm
#指定使用LIO(Linux iSCSI Target)管理器作为iSCSI协议的帮助程序来访问Cinder卷。

openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path  /var/lib/cinder/tmp
#设置文件锁路径

systemctl enable openstack-cinder-volume.service target.service
systemctl restart openstack-cinder-volume.service target.service
#设置开机自启并重启cinder服务

ssh $HOST_IP "source /etc/keystone/admin-openrc.sh && cinder service-list"

#连接controller节点,查看cinder服务

到了这里,关于openstack T版脚本解读(云计算比赛)的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • 【比赛记录】国电投-光伏电站人工智能运维大数据处理分析比赛

            DataFountain平台举办的比赛,赛题:光伏电站人工智能运维大数据处理分析。以下是比赛链接:光伏电站人工智能运维大数据处理分析 Competitions - DataFountain         在分析光伏发电原理的基础上,论证了辐照度、光伏板工作温度等影响光伏输出功率的因素,通过实

    2024年02月02日
    浏览(45)
  • OpenStack运维题

    一、配置YUM源 注意:如果web登录Dashboard仪表盘出错了请联系管理员刷新,使用https://协议登录成功,可能跟ssl有关。 例题一、repo编写 在配置httpd.conf文件时,需要修改主目录为opt,这样在网站上打开时才会显示opt目录中的文件 修改以下两处: Directory \\\"/opt\\\" DocumentRoot \\\"/opt\\\" 使用

    2024年02月15日
    浏览(39)
  • OpenStack-国基北盛搭建,跑脚本安装各组件步骤详解

    搭建openstack平台所需要的两个镜像包:CentOS-7-X86_64-DVD-1804.iso 和 chinaskill_cloud_iaas.iso镜像文件。 需要镜像的自行下载: 链接:https://pan.baidu.com/s/1ElZEnrN6VDEMlI_2Ixk1Aw  提取码:8888 一、搭建openstack平台,需在VMware上准备两台虚拟机,分别作为controller节点和compute节点。下面是VMw

    2023年04月08日
    浏览(43)
  • 云计算比赛私有云题目

    【适用平台】私有云 【题目1】基础环境配置[1分] 使用提供的两台云主机,按以下要求配置服务器: (1)设置控制节点主机名为controller,设置计算节点主机名为compute; hostnamectl (2)修改hosts文件将IP地址映射为主机名; vim /etc/hosts 完成后提交控制节点的用户名、密码(默

    2024年02月02日
    浏览(48)
  • 【云计算OpenStack-OpenStack Queens版本】基于OpenStack的云计算环境搭建

    OpenStack云计算环境的搭建是基于虚拟机的多节点Linux网络环境基础上搭建起来的,所以需要我们先搭建好集群环境。(基础环境搭建参考:基于虚拟机的多节点Linux网络环境搭建) 操作系统:CentOS7 controller节点IP:192.168.43.199 compute节点IP:192.168.43.74 neutron节点IP:192.168.43.180 说

    2024年02月04日
    浏览(45)
  • GaussDB技术解读系列:运维自动驾驶探索

    近日,在第14届中国数据库技术大会(DTCC2023)的 GaussDB“五高两易”核心技术,给世界一个更优选 择 专场,华为云数据库运维研发总监李东详细解读了GaussDB运维系统自动驾驶探索和实践。 随着企业数字化转型进入深水区,数据库系统越来越复杂,运维团队维护的数据库规模

    2024年02月07日
    浏览(47)
  • Openstack云计算(六)Openstack环境对接ceph

    (1)客户端也要有cent用户:   (2)openstack要用ceph的节点(比如compute-node和storage-node)安装下载的软件包:   或则:每个节点安装 clients(要访问ceph集群的节点):   (3)部署节点上执行,为openstack节点安装ceph:   (4)客户端执行 1 (5)create pools,只需在一个ceph节点上

    2024年02月20日
    浏览(45)
  • 云计算|OpenStack|社区版OpenStack安装部署文档(二---OpenStack运行环境搭建)

    一个良好的运行环境对于任何一个部署工作来说都是必须的,俗话说 万事开头难,其实很多部署工作失败的原因在于初始环境没有正确的配置,因此,按照官网的部署文档并结合自己的实际情况,配置一个合理的OpenStack运行环境是十分有必要的。 OpenStack的运行环境配置文档

    2023年04月08日
    浏览(47)
  • 大学期间计算机专业值得参加的一些优质比赛

    在大学里参加竞赛的好处是真的多,获奖不仅有荣誉,能为保研、考研和找工作加分,而且很多比赛还有不菲的奖金;即使没能获奖,比赛过程中也能提升自己的编程动手能力和团队协作能力,是一份宝贵的经历。 今天给大家推荐一波计算机专业值得参加的竞赛。 1、 ACM/I

    2024年02月16日
    浏览(150)
  • 云计算|OpenStack|社区版OpenStack安装部署文档(五 --- 计算服务nova安装部署---Rocky版)

    nova服务是openstack最重要的一个组件,没有之一,该组件是云计算的计算核心,大体组件如下: OpenStack Docs: Compute service overview 挑些重点,nova-api,libvirt,nova-placement-api,nova-api-metadata,nova-compute 并且nova安装部署是分为controller节点和computer节点了,controller节点就一个,comput

    2024年02月02日
    浏览(47)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包