openstack Queens版本集群部署(命令集)

作者: oldboy 分类: Openstack 发布时间: 2023-02-21 12:52

1、服务器准备

103.73.119.106  controller 
103.73.119.116  nova01

103.73.119.117  nova02  后期扩容的计算节点

2、控制节点命令

#改名设置密码
hostnamectl set-hostname controller
echo www.123.nyc|passwd --stdin root
#此处需要根据实际情况变更
cat >>/etc/hosts<<EOF
103.73.119.106  controller
103.73.119.116  nova01
103.73.119.117  nova02
EOF
#安装常用软件
yum install -y wget vim bash-completion lrzsz net-tools nfs-utils yum-utils ntpdate
#关闭防火墙和NetworkManager
systemctl disable --now firewalld NetworkManager.service
#关闭SELINUX
sed -i 's/SELINUX=enforcing$/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
#同步时间
ntpdate 61.160.213.184
clock -w
echo "0 */1 * * * /usr/sbin/ntpdate 61.160.213.184 &> /dev/null" >> /var/spool/cron/root
#优化提示符
PS1="\[\e[1;32m\][\t \[\e[1;33m\]\u\[\e[35m\]@\h\[\e[1;31m\] \W\[\e[1;32m\]]\[\e[0m\]\\$"
echo 'PS1="\[\e[1;32m\][\t \[\e[1;33m\]\u\[\e[35m\]@\h\[\e[1;31m\] \W\[\e[1;32m\]]\[\e[0m\]\\$"' >>/etc/profile
#优化历史记录显示
echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >>/etc/bashrc
#保持长时间登录不掉线
echo -e "ClientAliveInterval 30 \nClientAliveCountMax 86400" >>/etc/ssh/sshd_config
#解决远程卡慢的问题
sed -i '/UseDNS/a UseDNS no' /etc/ssh/sshd_config
systemctl restart  sshd
#修改端口
#sed -i '/#Port 22/a Port 52113' /etc/ssh/sshd_config
#下载阿里源（切记不需要epel源）
mkdir /etc/yum.repos.d/bak
\mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak  
wget -O /etc/yum.repos.d/CentOS-Base.repo   http://mirrors.aliyun.com/repo/Centos-7.repo
#wget -O /etc/yum.repos.d/epel.repo   http://mirrors.aliyun.com/repo/epel-7.repo
#去掉阿里云专用源
sed -ri 's@(.*aliyuncs)@#\1@g' /etc/yum.repos.d/CentOS-Base.repo
yum clean all
yum makecache 
#安装openstack queens安装源
yum install -y centos-release-openstack-queens.noarch
#安装MySQL数据库服务并配置
yum install -y mariadb mariadb-server MySQL-python
\cp /usr/share/mysql/my-medium.cnf /etc/my.cnf
sed -i "/^\[mysqld\]/a default-storage-engine = innodb\ninnodb_file_per_table\nmax_connections = 4096\ncollation-server = utf8_general_ci\ninit-connect = 'SET NAMES utf8'\ncharacter-set-server = utf8" /etc/my.cnf
egrep -v '^$|#' /etc/my.cnf
sed -i '/^\[\Service]/a LimitNOFILE=10000\nLimitNPROC=10000' /usr/lib/systemd/system/mariadb.service
#重新加载系统服务，并重启mariadb
systemctl --system daemon-reload
#systemctl restart mariadb.service
systemctl enable --now mariadb.service
systemctl status mariadb.service
#为了保证数据库服务的安全性，运行mysql_secure_installation脚本（需要手动确认下）
mysql_secure_installation

#安装RabbitMQ消息队列并配置
yum install -y rabbitmq-server
systemctl enable --now rabbitmq-server.service
systemctl status rabbitmq-server.service
#设置账户openstack和密码1735e32955b2ef18362e并设置最高权限
rabbitmqctl add_user openstack 1735e32955b2ef18362e
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
#启用web管理模块
rabbitmq-plugins enable rabbitmq_management
systemctl restart rabbitmq-server.service
systemctl status rabbitmq-server.service
#创建KeyStone数据库并授权
mysql
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '9b7976d96ef6ecadccce';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '9b7976d96ef6ecadccce';
exit
#yum安装KeyStone和Memcached
yum install -y openstack-keystone python-openstackclient httpd mod_wsgi memcached python-memcached
systemctl enable --now memcached.service
systemctl status memcached.service
sed -i "/^\[DEFAULT\]/a admin_token = 58d48e8481d5f01b6ca0" /etc/keystone/keystone.conf
sed -i "/^\[database\]/a connection = mysql+pymysql://keystone:9b7976d96ef6ecadccce@controller/keystone" /etc/keystone/keystone.conf
sed -i "/^\[revoke\]/a driver = sql" /etc/keystone/keystone.conf
sed -i "/^\[token\]/a provider = fernet" /etc/keystone/keystone.conf
#初始化身份认证服务的数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
#初始化Fernet keys
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
sed -i '/#ServerName/a ServerName controller' /etc/httpd/conf/httpd.conf
cat >/etc/httpd/conf.d/wsgi-keystone.conf<<'EOF'
Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>
EOF
systemctl enable --now httpd.service
systemctl status httpd.service
export OS_TOKEN=58d48e8481d5f01b6ca0
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
#配置keystone
#创建服务实体和身份认证服务
openstack service create --name keystone --description "OpenStack Identity" identity
#创建认证服务的 API 端点
openstack endpoint create --region RegionOne identity public http://controller:5000/v3
openstack endpoint create --region RegionOne identity internal http://controller:5000/v3
openstack endpoint create --region RegionOne identity admin http://controller:5000/v3
#创建default域
openstack domain create --description "Default Domain" default
#创建admin项目
openstack project create --domain default --description "Admin Project" admin
#创建admin用户并设置密码（www.123.nyc）
#openstack user create --password <password> name
openstack user create --domain default --password www.123nyc admin
#创建admin角色
openstack role create admin
#添加admin角色到admin项目和用户上
openstack role add --project admin --user admin admin
#创建service项目
openstack project create --domain default --description "Service Project" service
#创建Glance数据库并授权
mysql
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'127.0.0.1' IDENTIFIED BY 'a92e900d1dc37b94f347';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'a92e900d1dc37b94f347';
exit
source admin-openrc
#配置glance
#创建glance用户并设置密码(www.123.nyc)
openstack user create --domain default --password www.123.nyc glance
#添加 admin 角色到 glance 用户和 service 项目上
openstack role add --project service --user glance admin
#创建glance服务实体
openstack service create --name glance --description "OpenStack Image" image
#创建镜像服务的 API 端点
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
#yum安装Glance服务
yum install -y openstack-glance python-glance python-glanceclient
sed -i "/^\[database\]/a connection = mysql+pymysql://glance:a92e900d1dc37b94f347@controller/glance" /etc/glance/glance-api.conf
sed -i "/^\[glance_store\]/a stores = file,http\ndefault_store = file\nfilesystem_store_datadir = /var/lib/glance/images" /etc/glance/glance-api.conf
sed -i "/^\[keystone_authtoken\]/a auth_uri = http://controller:5000\nauth_url = http://controller:35357\nmemcached_servers = controller:11211\nauth_type = password\nproject_domain_name = default\nuser_domain_name = default\nproject_name = service\nusername = glance\npassword = www.123.nyc" /etc/glance/glance-api.conf
sed -i "/^\[paste_deploy\]/a flavor = keystone" /etc/glance/glance-api.conf
sed -i "/^\[database\]/a connection = mysql+pymysql://glance:a92e900d1dc37b94f347@controller/glance" /etc/glance/glance-registry.conf
sed -i "/^\[keystone_authtoken\]/a auth_uri = http://controller:5000\nauth_url = http://controller:35357\nmemcached_servers = controller:11211\nauth_type = password\nproject_domain_name = default\nuser_domain_name = default\nproject_name = service\nusername = glance\npassword = www.123.nyc" /etc/glance/glance-registry.conf
sed -i "/^\[paste_deploy\]/a flavor = keystone" /etc/glance/glance-registry.conf
#初始化镜像服务的数据库
su -s /bin/sh -c "glance-manage db_sync" glance
#启动镜像服务、配置他们随机启动
systemctl enable --now openstack-glance-api.service openstack-glance-registry.service
systemctl status openstack-glance-api.service openstack-glance-registry.service
#验证镜像
cd ~
wget --http-user=qwe --http-passwd=qwe http://61.160.213.184/dl/centos/openstack/small.img
##用 QCOW2 磁盘格式， bare 容器格式上传镜像到镜像服务并设置公共可见，这样所有的项目都可以访问它
openstack image create "cirros" --file small.img --disk-format qcow2 --container-format bare --public
#创建Nova数据库并授权
mysql
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'e528734fc653231683c9';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'e528734fc653231683c9';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'e528734fc653231683c9';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'e528734fc653231683c9';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'e528734fc653231683c9';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'e528734fc653231683c9';
exit
#获得admin凭证
cd ~
source admin-openrc
#创建nova并设置密码(www.123.nyc)
openstack user create --domain default --password www.123.nyc nova
#给nova用户添加admin角色
openstack role add --project service --user nova admin
#创建 nova 服务实体
openstack service create --name nova --description "OpenStack Compute" compute
#创建 Compute 服务 API 端点 
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s
#创建placement并设置密码(www.123.nyc)
openstack user create --domain default --password www.123.nyc placement
#给 placement 用户添加 admin 角色
openstack role add --project service --user placement admin
#创建 placement 服务实体
openstack service create --name placement --description "Placement API" placement
#创建 Compute 服务 API 端点 
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
# 控制节点安装与配置Nova
yum install -y openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient openstack-nova-placement-api
#下面有对应的控制节点的IP地址，换机器的话注意修改
sed -i "/^\[DEFAULT\]/a block_device_allocate_retries=180\nmy_ip=103.73.119.106\nuse_neutron=True\nfirewall_driver=nova.virt.firewall.NoopFirewallDriver\nenabled_apis=osapi_compute,metadata\ntransport_url=rabbit://openstack:1735e32955b2ef18362e@controller\nrpc_backend=rabbit\nauth_strategy=keystone" /etc/nova/nova.conf
#开启调整实例大小功能（补充）
sed -i '/allow_resize_to_same_host/a allow_resize_to_same_host=true' /etc/nova/nova.conf
sed -i "/^\[api\]/a auth_strategy=keystone" /etc/nova/nova.conf
sed -i "/^\[api_database\]/a connection=mysql+pymysql://nova:e528734fc653231683c9@controller/nova_api" /etc/nova/nova.conf
sed -i "/^\[cinder\]/a os_region_name=RegionOne" /etc/nova/nova.conf
sed -i "/^\[database\]/a connection=mysql+pymysql://nova:e528734fc653231683c9@controller/nova" /etc/nova/nova.conf
sed -i "/^\[glance\]/a api_servers=http://controller:9292" /etc/nova/nova.conf
sed -i "/^\[keystone_authtoken\]/a auth_uri=http://controller:5000\nauth_url=http://controller:35357\nmemcached_servers=controller:11211\nauth_type=password\nproject_domain_name=default\nuser_domain_name=default\nproject_name=service\nusername=nova\npassword=www.123.nyc" /etc/nova/nova.conf
sed -i "/^\[libvirt\]/a virt_type=kvm\ninject_password=true\ncpu_mode=host-passthrough" /etc/nova/nova.conf
sed -i "/^\[neutron\]/a url = http://controller:9696\nauth_url = http://controller:35357\nauth_type = password\nproject_domain_name = default\nuser_domain_name = default\nregion_name = RegionOne\nproject_name = service\nusername = neutron\npassword = www.123.nyc\nservice_metadata_proxy = True\nmetadata_proxy_shared_secret = neutron" /etc/nova/nova.conf
sed -i "/^\[oslo_concurrency\]/a lock_path=/var/lib/nova/tmp" /etc/nova/nova.conf
sed -i "/^\[oslo_messaging_rabbit\]/a rabbit_host=127.0.0.1\nrabbit_port=5672\nrabbit_userid=openstack\nrabbit_password=1735e32955b2ef18362e" /etc/nova/nova.conf
sed -i "/^\[placement\]/a os_region_name=RegionOne\nauth_type=password\nauth_url=http://controller:35357/v3\nproject_name=service\nproject_domain_name=default\nusername=placement\nuser_domain_name=default\npassword=www.123.nyc" /etc/nova/nova.conf
sed -i "/^\[scheduler\]/a discover_hosts_in_cells_interval=300" /etc/nova/nova.conf
#注意有变量
sed -i '/^\[vnc\]/a enabled=true\nserver_listen=$my_ip\nserver_proxyclient_address=$my_ip\nnovncproxy_base_url=http://103.73.119.106:6080/vnc_auto.html' /etc/nova/nova.conf
#查看修改后
egrep -v '^$|#' /etc/nova/nova.conf
cat >>/etc/httpd/conf.d/00-nova-placement-api.conf<<'EOF'
<Directory /usr/bin>
  <IfVersion >= 2.4>
     Require all granted
  </IfVersion>
  <IfVersion < 2.4>
    Order allow,deny
    Allow from all
  </IfVersion>
</Directory>
EOF
#重启httpd服务
systemctl restart httpd.service
systemctl status httpd.service
#同步nova_api数据
su -s /bin/sh -c "nova-manage api_db sync" nova
# 注册cell0数据库
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
# 创建cell0的单元格
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
#同步nova数据
su -s /bin/sh -c "nova-manage db sync" nova
#验证nova cell0和cell1是否正确注册
nova-manage cell_v2 list_cells
#启动 Compute 服务并将其设置为随系统启动(5个服务)
systemctl enable --now openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl status openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
#创建Neutron数据库并授权
mysql
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'e528734fc653231683c9';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'e528734fc653231683c9';
exit
#获得admin凭证
source admin-openrc
#创建 neutron 用户并设置(www.123.nyc)
openstack user create --domain default --password www.123.nyc neutron
#添加admin角色到neutron 用户
openstack role add --project service --user neutron admin
#创建neutron服务实体
openstack service create --name neutron --description "OpenStack Networking" network
#创建网络服务API端点
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
#安装并配置计算节点
yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
sed -i '/^\[DEFAULT\]/a auth_strategy = keystone\ncore_plugin = ml2\nservice_plugins =\nnotify_nova_on_port_status_changes = True\nnotify_nova_on_port_data_changes = True\ntransport_url = rabbit://openstack:1735e32955b2ef18362e@controller\nrpc_backend = rabbit
' /etc/neutron/neutron.conf
sed -i '/^\[database\]/a connection = mysql+pymysql://neutron:e528734fc653231683c9@controller/neutron' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a auth_uri = http://controller:5000\nauth_url = http://controller:35357\nmemcached_servers = controller:11211\nauth_type = password\nproject_domain_name = default\nuser_domain_name = default\nproject_name = service\nusername = neutron\npassword = www.123.nyc' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a auth_url = http://controller:35357\nauth_type = password\nproject_domain_name = default\nuser_domain_name = default\nregion_name = RegionOne\nproject_name = service\nusername = nova\npassword = www.123.nyc' /etc/neutron/neutron.conf
sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/neutron/tmp' /etc/neutron/neutron.conf
sed -i '/^\[oslo_messaging_rabbit\]/a rabbit_host = 127.0.0.1\nrabbit_port = 5672\nrabbit_userid = openstack\nrabbit_password = 1735e32955b2ef18362e' /etc/neutron/neutron.conf
#egrep -v '^$|#' /etc/neutron/neutron.conf
sed -i '/^\[ml2\]/a type_drivers = flat,vlan\ntenant_network_types =\nmechanism_drivers = linuxbridge\nextension_drivers = port_security
' /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2_type_flat\]/a flat_networks = provider' /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[securitygroup\]/a enable_ipset = true' /etc/neutron/plugins/ml2/ml2_conf.ini
#egrep -v '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[linux_bridge\]/a physical_interface_mappings = provider:eno1' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[securitygroup\]/a firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver\nenable_security_group = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a enable_vxlan = false' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
#egrep -v '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[DEFAULT\]/a interface_driver = linuxbridge\ndhcp_driver = neutron.agent.linux.dhcp.Dnsmasq\nenable_isolated_metadata = true' /etc/neutron/dhcp_agent.ini
#egrep -v '^$|#' /etc/neutron/dhcp_agent.ini
#链接plugin.ini文件。
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
#初始化neutron数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
#重启计算Nova API服务
systemctl restart openstack-nova-api.service
#启动网络服务并将其配置为系统启动时启动
systemctl enable --now neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
#安装并配置
yum install -y openstack-dashboard
sed -i '/OPENSTACK_HOST =/c  OPENSTACK_HOST = "controller"' /etc/openstack-dashboard/local_settings
sed -i "/ALLOWED_HOSTS =/c  ALLOWED_HOSTS = ['*', ]" /etc/openstack-dashboard/local_settings
#这里有个坑，写cache登录就会报错，要写成file
#sed -i "/ALLOWED_HOSTS =/a  SESSION_ENGINE = 'django.contrib.sessions.backends.cache'" /etc/openstack-dashboard/local_settings
sed -i "/ALLOWED_HOSTS =/a  SESSION_ENGINE = 'django.contrib.sessions.backends.file'" /etc/openstack-dashboard/local_settings
sed -i '/^CACHES =/,+4'd /etc/openstack-dashboard/local_settings
cat >>/etc/openstack-dashboard/local_settings<<'EOF'
CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}
EOF
sed -i '/OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT/a OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True' /etc/openstack-dashboard/local_settings
cat >>/etc/openstack-dashboard/local_settings<<'EOF'
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}
EOF
sed -i '/OPENSTACK_KEYSTONE_DEFAULT_DOMAIN =/a OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"' /etc/openstack-dashboard/local_settings
sed -i '/OPENSTACK_KEYSTONE_DEFAULT_ROLE =/c OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"' /etc/openstack-dashboard/local_settings
sed -ri "s#(.*'enable_router': )True.*#\1False,#g" /etc/openstack-dashboard/local_settings
sed -ri "s#(.*'enable_fip_topology_check': )True.*#\1False,#g" /etc/openstack-dashboard/local_settings
sed -i "/enable_fip_topology_check/a \ \ \ \ 'enable_lb': False,\n\ \ \ \ 'enable_firewall': False,\n\ \ \ \ 'enable_vpn': False," /etc/openstack-dashboard/local_settings
sed -i '/TIME_ZONE =/c TIME_ZONE = "Asia/Shanghai"' /etc/openstack-dashboard/local_settings
#egrep -vn '^$|#' /etc/openstack-dashboard/local_settings
#不知道什么作用
sed -i '4i WSGIApplicationGroup %{GLOBAL}' /etc/httpd/conf.d/openstack-dashboard.conf
#重启web服务器以及会话存储服务
systemctl restart httpd.service memcached.service
systemctl status httpd.service memcached.service

3、计算节点命令

#对应修改计算节点的主机名
hostnamectl set-hostname nova01
echo www.123.nyc|passwd --stdin root
cat >>/etc/hosts<<EOF
103.73.119.106  controller
103.73.119.116  nova01
103.73.119.117  nova02
EOF
#安装常用软件
yum install -y wget vim bash-completion lrzsz net-tools nfs-utils yum-utils rdate ntpdate
#关闭防火墙和NetworkManager
systemctl disable --now firewalld NetworkManager.service
#关闭SELINUX
sed -i 's/SELINUX=enforcing$/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
#同步时间
ntpdate 61.160.213.184
clock -w
echo "0 */1 * * * /usr/sbin/ntpdate 61.160.213.184 &> /dev/null" >> /var/spool/cron/root
#优化提示符
PS1="\[\e[1;32m\][\t \[\e[1;33m\]\u\[\e[35m\]@\h\[\e[1;31m\] \W\[\e[1;32m\]]\[\e[0m\]\\$"
echo 'PS1="\[\e[1;32m\][\t \[\e[1;33m\]\u\[\e[35m\]@\h\[\e[1;31m\] \W\[\e[1;32m\]]\[\e[0m\]\\$"' >>/etc/profile
#优化历史记录显示
echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >>/etc/bashrc
#保持长时间登录不掉线
echo -e "ClientAliveInterval 30 \nClientAliveCountMax 86400" >>/etc/ssh/sshd_config
#解决远程卡慢的问题
sed -i '/UseDNS/a UseDNS no' /etc/ssh/sshd_config
systemctl restart  sshd
#修改端口
#sed -i '/#Port 22/a Port 52113' /etc/ssh/sshd_config
#下载阿里源（切记不需要epel源）
mkdir /etc/yum.repos.d/bak
\mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak  
wget -O /etc/yum.repos.d/CentOS-Base.repo   http://mirrors.aliyun.com/repo/Centos-7.repo
#wget -O /etc/yum.repos.d/epel.repo   http://mirrors.aliyun.com/repo/epel-7.repo
#去掉阿里云专用源
sed -ri 's@(.*aliyuncs)@#\1@g' /etc/yum.repos.d/CentOS-Base.repo
yum clean all
yum makecache 
#安装openstack queens安装源
yum install -y centos-release-openstack-queens.noarch
#安装配置nova
yum install -y openstack-nova-compute
#配置/etc/nova/nova.conf文件，对应修改本节点的IP地址
sed -i "/^\[DEFAULT\]/a transport_url=rabbit://openstack:1735e32955b2ef18362e@controller\nauth_strategy=keystone\nmy_ip=103.73.119.116\nuse_neutron=True\nfirewall_driver=nova.virt.firewall.NoopFirewallDriver\nresume_guests_state_on_host_boot=true" /etc/nova/nova.conf
sed -i "/^\[oslo_messaging_rabbit\]/a rabbit_host=controller\nrabbit_userid=openstack\nrabbit_password=1735e32955b2ef18362e" /etc/nova/nova.conf
sed -i "/^\[keystone_authtoken\]/a auth_uri=http://controller:5000\nauth_url=http://controller:35357\nmemcached_servers=controller:11211\nauth_type=password\nproject_domain_name=default\nuser_domain_name=default\nproject_name=service\nusername=nova\npassword=www.123.nyc" /etc/nova/nova.conf
#要写controller的IP地址
sed -i '/^\[vnc\]/a enabled=True\nvncserver_listen=0.0.0.0\nvncserver_proxyclient_address=$my_ip\nnovncproxy_base_url=http://103.73.119.106:6080/vnc_auto.html' /etc/nova/nova.conf
sed -i "/^\[glance\]/a pi_servers=http://controller:9292" /etc/nova/nova.conf
sed -i "/^\[oslo_concurrency\]/a lock_path=/var/lib/nova/tmp" /etc/nova/nova.conf
sed -i "/^\[placement\]/a os_region_name=RegionOne\nproject_domain_name=Default\nproject_name=service\nauth_type=password\nuser_domain_name=Default\nauth_url=http://controller:35357/v3\nusername=placement\npassword=www.123.nyc" /etc/nova/nova.conf
sed -i "/^\[libvirt\]/a virt_type=kvm" /etc/nova/nova.conf
#查看修改后有内容
egrep -v '^$|#' /etc/nova/nova.conf
#启动计算服务及其依赖，并将其配置为随系统自动启动
systemctl enable --now libvirtd.service openstack-nova-compute.service
systemctl status libvirtd.service openstack-nova-compute.service

在控制节点上验证是否发现了计算节点（控制节点上操作）

#发现计算主机操作
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
#确认数据库中是否有计算主机
cd ~
source admin-openrc
openstack compute service list --service nova-compute
#列出服务组件以验证每个进程的成功启动和注册
openstack compute service list
#列出身份服务中的API端点以验证与身份服务的连接
openstack catalog list
#列出Image服务中的图像以验证与Image服务的连接性
openstack image list

返回计算节点继续安装neutron

yum install  -y openstack-neutron-linuxbridge ebtables ipset
sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:1735e32955b2ef18362e@controller\nauth_strategy = keystone' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a auth_uri = http://controller:5000\nauth_url = http://controller:35357\nmemcached_servers = controller:11211\nauth_type = password\nproject_domain_name = default\nuser_domain_name = default\nproject_name = service\nusername = neutron\npassword = www.123.nyc' /etc/neutron/neutron.conf
sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/neutron/tmp' /etc/neutron/neutron.conf
#egrep -v '^$|#' /etc/neutron/neutron.conf
sed -i '/^\[linux_bridge\]/a physical_interface_mappings = provider:eno1' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a enable_vxlan = false' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[securitygroup\]/a enable_security_group = true\nfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
#egrep -v '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[neutron\]/a url = http://controller:9696\nauth_url = http://controller:35357\nauth_type = password\nproject_domain_name = default\nuser_domain_name = default\nregion_name = RegionOne\nproject_name = service\nusername = neutron\npassword = www.123.nyc' /etc/nova/nova.conf
#egrep -v '^$|#' /etc/nova/nova.conf
#重新启动计算服务
systemctl restart openstack-nova-compute.service
systemctl status openstack-nova-compute.service
#启动Linux桥代理并将其配置为在系统引导时启动
systemctl enable --now neutron-linuxbridge-agent.service
systemctl status neutron-linuxbridge-agent.service

验证操作（控制节点操作）

#列出加载的扩展以验证neutron-server过程的成功启动
openstack extension list --network
#验证 neutron agent成功
openstack network agent list

实现冷迁移功能

计算节点互做免密访问，默认用户是nova，要修改成root。

ssh-keygen

ssh-copy-id 计算节点名

sed -i '/User=/c User=root' /usr/lib/systemd/system/openstack-nova-compute.service
#重启服务
systemctl daemon-reload
systemctl restart openstack-nova-compute.service

如果觉得我的文章对您有用，请随意打赏。您的支持将鼓励我继续创作！

笔记本

openstack Queens版本集群部署(命令集)

1、服务器准备

2、控制节点命令

3、计算节点命令

在控制节点上验证是否发现了计算节点（控制节点上操作）

返回计算节点继续安装neutron

验证操作（控制节点操作）

实现冷迁移功能

发表回复取消回复

openstack Queens版本集群部署(命令集)

1、服务器准备

2、控制节点命令

3、计算节点命令

在控制节点上验证是否发现了计算节点（控制节点上操作）

返回计算节点继续安装neutron

验证操作（控制节点操作）

实现冷迁移功能

发表回复 取消回复

发表回复取消回复