OpenStack
- 初始化环境
- 安装数据库、memcahe、rabbitmq等服务
- 安装keystone服务
- 安装glance服务
- 安装placement服务
- 安装nova服务
- 安装neutron服务
- 安装horizon服务
官网
OpenStack Epoxy 巩固了作为 VMware 替代方案的地位,增强了安全性,并改进了硬件支持
第 31 版的亮点包括 Nova 中 PCI 直通的改进、Watcher 中添加新的 Prometheus 数据源以及 Manila 中的新安全功能。
随着 OpenStack 社区发布第 31 个版本 2025.1 Epoxy,OpenStack 的采用率正在飙升。 来自 BBC 研发中心、暴雪娱乐、Canonical、Cleura、爱立信、Mirantis、NVIDIA、Rackspace、Red Hat 和三星 SDS 等机构的约 450 名贡献者构建了 Epoxy,提供了超过 7,600 项变更和广泛的维护更新。此版本发布正值 OpenStack 社区成立 15 周年之际 。自2010 年以来,OpenStack 已提交超过 940,000 项变更,并已投入生产 4,500 万个核心,OpenStack 仍然是最活跃的开源项目社区之一。
-
强化OpenStack作为VMware的替代方案
Watcher 中新增了 Prometheus 数据源。对于 VMware 迁移,通过 Watcher 将 Prometheus 集成到 OpenStack 中,可以高效监控现有的 VMware 基础架构和迁移过程。这可以跟踪迁移过程中的性能并识别瓶颈。
此版本包含许多 Cinder 支持的存储硬件驱动程序的功能和错误修复,包括 NetApp、PowerMax、LightBits、Fujitsu、PowerFlex、3par、StorPool、Pure Storage、Nimble 和 Hitachi。对各种 Cinder 驱动程序的改进支持意味着简化了严重依赖特定存储解决方案的工作负载的迁移。此外,迁移后,OpenStack 环境可以保持与现有存储基础架构的兼容性,从而使过渡更加顺畅,并降低与存储和数据可访问性相关的风险。 -
增强安全性
Manila 用户现在可以修改共享访问规则的访问级别,将其从“只读”切换为“读写”,反之亦然。此功能可以更精确地控制哪些用户可以修改和访问共享资源。如果用户可以将其访问权限限制为只读,则可以防止未经授权的修改,从而降低数据被意外或恶意更改的风险。
马尼拉用户现在还可以通过共享网络子网元数据设置和修改共享服务器特性。云管理员可以通过 driver_updatable_subnet_metadata 配置选项定义允许的修改内容。此项改进可实现更好的网络隔离和分段,确保不同的数据集或应用程序被隔离在不同的子网中,从而降低发生违规时网络内部横向移动的风险。
在 Octavia 中,用户现在可以将自定义 Neutron 安全组与 Octavia Amphora 负载均衡器 VIP 端口结合使用。通过将特定安全组与负载均衡器的 VIP(虚拟 IP)端口关联,您可以确保只有特定类型的流量才能到达负载均衡器,从而降低未经授权访问的风险。 -
提高硬件支持能力
Ironic 新增了一个接口,支持将 bootc 容器镜像直接部署到主机,无需任何中间步骤。这降低了复杂性,使运维人员和最终用户的部署流程更加简化。
Nova 的 PCI 直通功能现已支持新的内核 vfio-PCI 变体驱动程序,例如 Ubuntu 24.04 上的 Nvidia GRID。操作员现在可以使用这些特定的 PCI 设备创建实例并进行实时迁移,从而增强 OpenStack 支持 AI 工作负载的能力。
初始化环境
单节点搭建
root@huhy:~# hostnamectlStatic hostname: huhyIcon name: computer-vmChassis: vm 🖴Machine ID: 3f78506c26d94d0fad063da03ea75679Boot ID: 06ec0de05bd449ce8e3a59d116855e8bProduct UUID: 4ef84d56-204b-38d6-0a02-5005f7746478AF_VSOCK CID: 4151600248Virtualization: vmware
Operating System: Ubuntu 25.04Kernel: Linux 6.14.0-15-genericArchitecture: x86-64Hardware Vendor: VMware, Inc.Hardware Model: VMware Virtual PlatformHardware Serial: VMware-56 4d f8 4e 4b 20 d6 38-0a 02 50 05 f7 74 64 78
Firmware Version: 6.00Firmware Date: Thu 2020-11-12Firmware Age: 4y 5month 6d
root@huhy:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host noprefixroutevalid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:74:64:78 brd ff:ff:ff:ff:ff:ffaltname enp2s1altname enx000c29746478inet 192.168.200.120/24 brd 192.168.200.255 scope global ens33valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe74:6478/64 scope link proto kernel_llvalid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000link/ether 00:0c:29:74:64:82 brd ff:ff:ff:ff:ff:ffaltname enp2s2altname enx000c29746482
- 初始化环境:免密,主机名、时间同步
vi init.sh
#!/bin/bash# 定义节点信息
NODES=("192.168.200.120 controller root")# 定义当前节点的密码(默认集群统一密码)
HOST_PASS="000000"# 时间同步的目标节点
TIME_SERVER=controller# 时间同步的地址段
TIME_SERVER_IP=192.160.200.0/24# 欢迎界面
cat > /etc/motd <<EOF################################# Welcome to openstack #################################
EOF# 修改主机名
for node in "${NODES[@]}"; doip=$(echo "$node" | awk '{print $1}')hostname=$(echo "$node" | awk '{print $2}')# 获取当前节点的主机名和 IPcurrent_ip=$(hostname -I | awk '{print $1}')current_hostname=$(hostname)# 检查当前节点与要修改的节点信息是否匹配if [[ "$current_ip" == "$ip" && "$current_hostname" != "$hostname" ]]; thenecho "Updating hostname to $hostname on $current_ip..."hostnamectl set-hostname "$hostname"if [ $? -eq 0 ]; thenecho "Hostname updated successfully."elseecho "Failed to update hostname."fibreakfi
done# 遍历节点信息并添加到 hosts 文件
for node in "${NODES[@]}"; doip=$(echo "$node" | awk '{print $1}')hostname=$(echo "$node" | awk '{print $2}')# 检查 hosts 文件中是否已存在相应的解析if grep -q "$ip $hostname" /etc/hosts; thenecho "Host entry for $hostname already exists in /etc/hosts."else# 添加节点的解析条目到 hosts 文件sudo sh -c "echo '$ip $hostname' >> /etc/hosts"echo "Added host entry for $hostname in /etc/hosts."fi
doneif [[ ! -s ~/.ssh/id_rsa.pub ]]; thenssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa -q -b 2048
fi# 检查并安装 sshpass 工具
if ! which sshpass &> /dev/null; thenecho "sshpass 工具未安装,正在安装 sshpass..."sudo apt-get install -y sshpass
fi# 遍历所有节点进行免密操作
for node in "${NODES[@]}"; doip=$(echo "$node" | awk '{print $1}')hostname=$(echo "$node" | awk '{print $2}')user=$(echo "$node" | awk '{print $3}')# 使用 sshpass 提供密码,并自动确认密钥sshpass -p "$HOST_PASS" ssh-copy-id -o StrictHostKeyChecking=no -i /root/.ssh/id_rsa.pub "$user@$hostname"
done# 时间同步
apt install -y chrony
if [[ $TIME_SERVER_IP == *$(hostname -I)* ]]; then# 配置当前节点为时间同步源sed -i '20,23s/^/#/g' /etc/chrony/chrony.confecho "server $TIME_SERVER iburst maxsources 2" >> /etc/chrony/chrony.confecho "allow $TIME_SERVER_IP" >> /etc/chrony/chrony.confecho "local stratum 10" >> /etc/chrony/chrony.conf
else# 配置当前节点同步到目标节点sed -i '20,23s/^/#/g' /etc/chrony/chrony.confecho "pool $TIME_SERVER iburst maxsources 2" >> /etc/chrony/chrony.conf
fi# 重启并启用 chrony 服务
systemctl restart chronyd
systemctl enable chronyecho "###############################################################"
echo "################# 集群初始化成功 #####################"
echo "###############################################################"
配置环境变量
mkdir /etc/openstack/
cat > /etc/openstack/openrc.sh << eof
#--------------------system Config--------------------##
#Controller Server Manager IP. example:x.x.x.x
HOST_IP=192.168.200.120#Controller HOST Password. example:000000
HOST_PASS=000000#Controller Server hostname. example:controller
HOST_NAME=controller#--------------------Rabbit Config ------------------##
#user for rabbit. example:openstack
RABBIT_USER=openstack#Password for rabbit user .example:000000
RABBIT_PASS=000000#--------------------MySQL Config---------------------##
#Password for MySQL root user . exmaple:000000
DB_PASS=000000#--------------------Keystone Config------------------##
#Password for Keystore admin user. exmaple:000000
DOMAIN_NAME=default
ADMIN_PASS=000000
DEMO_PASS=000000#Password for Mysql keystore user. exmaple:000000
KEYSTONE_DBPASS=000000#--------------------Glance Config--------------------##
#Password for Mysql glance user. exmaple:000000
GLANCE_DBPASS=000000#Password for Keystore glance user. exmaple:000000
GLANCE_PASS=000000#--------------------Placement Config----------------------##
#Password for Mysql placement user. exmaple:000000
PLACEMENT_DBPASS=000000#Password for Keystore placement user. exmaple:000000
PLACEMENT_PASS=000000#--------------------Nova Config----------------------##
#Password for Mysql nova user. exmaple:000000
NOVA_DBPASS=000000#Password for Keystore nova user. exmaple:000000
NOVA_PASS=000000#--------------------Neutron Config-------------------##
#Password for Mysql neutron user. exmaple:000000
NEUTRON_DBPASS=000000#Password for Keystore neutron user. exmaple:000000
NEUTRON_PASS=000000#metadata secret for neutron. exmaple:000000
METADATA_SECRET=000000#External Network Interface. example:eth1
INTERFACE_NAME=ens34#用于创建ovs网络
OVS_NAME=br-ens34#External Network The Physical Adapter. example:provider
Physical_NAME=provider#First Vlan ID in VLAN RANGE for VLAN Network. exmaple:101
minvlan=1#Last Vlan ID in VLAN RANGE for VLAN Network. example:200
maxvlan=1000
eof
- 查看客户端版本
root@controller:~# openstack --version
openstack 7.4.0
安装数据库、memcahe、rabbitmq等服务
vi iaas-install-mysql.sh
#!/bin/bash
source /etc/openstack/openrc.sh
apt update
# install package
apt install -y python3-openstackclient
apt install -y mariadb-server python3-pymysqlcat > /etc/mysql/mariadb.conf.d/99-openstack.cnf << EOF
[mysqld]
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
EOFsystemctl enable --now mariadb
mysql -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '$DB_PASS';"
mysql -uroot -p$DB_PASS -e "FLUSH PRIVILEGES"
systemctl restart mariadbapt install -y rabbitmq-server
rabbitmqctl add_user $RABBIT_USER $RABBIT_PASS
rabbitmqctl set_permissions $RABBIT_USER ".*" ".*" ".*"
systemctl enable --now rabbitmq-serverapt install -y memcached python3-memcache
sed -i 's/-l 127.0.0.1/-l 0.0.0.0/'g /etc/memcached.conf
systemctl enable --now memcached
echo "################# mariadb,rabbitmq,memcached installation completed ####################"
bash iaas-install-mysql.sh
安装keystone服务
vi iaas-install-keystone.sh
#!/bin/bash
source /etc/openstack/openrc.sh#keystone mysql
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS keystone ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$KEYSTONE_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$KEYSTONE_DBPASS' ;"apt install -y keystone
cp /etc/keystone/keystone.conf{,.bak}cat > /etc/keystone/keystone.conf << eof
[DEFAULT]
log_dir = /var/log/keystone
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
connection = mysql+pymysql://keystone:$KEYSTONE_DBPASS@$HOST_NAME/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[extra_headers]
Distribution = Ubuntu
[federation]
[fernet_receipts]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[jwt_tokens]
[ldap]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[policy]
[profiler]
[receipt]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[token]
provider = fernet
[tokenless_auth]
[totp]
[trust]
[unified_limit]
[wsgi]
eofsu -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password $ADMIN_PASS \--bootstrap-admin-url http://$HOST_NAME:5000/v3/ \--bootstrap-internal-url http://$HOST_NAME:5000/v3/ \--bootstrap-public-url http://$HOST_NAME:5000/v3/ \--bootstrap-region-id RegionOneecho "ServerName $HOST_NAME" >> /etc/apache2/apache2.conf
systemctl enable --now apache2cat > /etc/keystone/admin-openrc.sh << EOF
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=$ADMIN_PASS
export OS_AUTH_URL=http://$HOST_NAME:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
source /etc/keystone/admin-openrc.sh
openstack project create --domain default --description "Service Project" service
openstack token issue
echo "############################ keystone installation completed ###########################"
bash iaas-install-keystone.sh
- 查看版本
root@controller:~# keystone-manage --version
27.0.0
安装glance服务
vi iaas-install-glance.sh
#!/bin/bash
source /etc/openstack/openrc.sh
source /etc/keystone/admin-openrc.sh#glance mysql
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS glance ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '$GLANCE_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '$GLANCE_DBPASS' ;"openstack user create --domain $DOMAIN_NAME --password $GLANCE_PASS glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://$HOST_NAME:9292
openstack endpoint create --region RegionOne image internal http://$HOST_NAME:9292
openstack endpoint create --region RegionOne image admin http://$HOST_NAME:9292apt install -y glance
cp /etc/glance/glance-api.conf{,.bak}cat > /etc/glance/glance-api.conf << eof
[DEFAULT]
[barbican]
[barbican_service_user]
[cinder]
[cors]
[database]
connection = mysql+pymysql://glance:$GLANCE_DBPASS@$HOST_NAME/glance
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[image_format]
disk_formats = ami,ari,aki,vhd,vhdx,vmdk,raw,qcow2,vdi,iso,ploop.root-tar
[keystone_authtoken]
www_authenticate_uri = http://$HOST_NAME:5000
auth_url = http://$HOST_NAME:5000
memcached_servers = $HOST_NAME:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = $GLANCE_PASS
[paste_deploy]
flavor = keystone
eofsu -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable --now glance-api
systemctl restart glance-api
echo "########################## glance installation completed ###############################"
bash iaas-install-glance.sh
- 查看版本
root@controller:~# glance-manage --version
30.0.0
安装placement服务
vi iaas-install-placement.sh
#!/bin/bash
source /etc/openstack/openrc.sh
source /etc/keystone/admin-openrc.sh#placement mysql
mysql -uroot -p$DB_PASS -e "CREATE DATABASE placement;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '$PLACEMENT_DBPASS';"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '$PLACEMENT_DBPASS';"openstack user create --domain $DOMAIN_NAME --password $PLACEMENT_PASS placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://$HOST_NAME:8778
openstack endpoint create --region RegionOne placement internal http://$HOST_NAME:8778
openstack endpoint create --region RegionOne placement admin http://$HOST_NAME:8778apt install -y placement-apicp /etc/placement/placement.conf{,.bak}
cat > /etc/placement/placement.conf << eof
[DEFAULT]
[api]
auth_strategy = keystone
[cors]
[keystone_authtoken]
auth_url = http://$HOST_NAME:5000/v3
memcached_servers = $HOST_NAME:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = $PLACEMENT_PASS
[placement_database]
connection = mysql+pymysql://placement:$PLACEMENT_DBPASS@$HOST_NAME/placement
eofsu -s /bin/sh -c "placement-manage db sync" placement
systemctl restart apache2
placement-status upgrade check
echo "############################# placement installation completed #########################"
bash iaas-install-placement.sh
- 查看版本
root@controller:~# placement-manage --version
13.0.0
安装nova服务
vi iaas-install-nova-controller.sh
#!/bin/bash
source /etc/openstack/openrc.sh
source /etc/keystone/admin-openrc.shmysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS nova ;"
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS nova_api ;"
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS nova_cell0 ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '$NOVA_DBPASS' ;"openstack user create --domain $DOMAIN_NAME --password $NOVA_PASS nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://$HOST_NAME:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://$HOST_NAME:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://$HOST_NAME:8774/v2.1apt install -y nova-api nova-conductor nova-novncproxy nova-scheduler
apt install -y nova-compute
cp /etc/nova/nova.conf{,.bak}
cat > /etc/nova/nova.conf << eof
[DEFAULT]
log_dir = /var/log/nova
lock_path = /var/lock/nova
state_path = /var/lib/nova
transport_url = rabbit://$RABBIT_USER:$RABBIT_PASS@$HOST_NAME
my_ip = $HOST_IP
[api]
auth_strategy = keystone
[api_database]
connection = mysql+pymysql://nova:$NOVA_DBPASS@$HOST_NAME/nova_api
[barbican]
[barbican_service_user]
[cache]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[cyborg]
[database]
connection = mysql+pymysql://nova:$NOVA_DBPASS@$HOST_NAME/nova
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://$HOST_NAME:9292
[guestfs]
[healthcheck]
[hyperv]
[image_cache]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
www_authenticate_uri = http://$HOST_NAME:5000/
auth_url = http://$HOST_NAME:5000/
memcached_servers = $HOST_NAME:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = $NOVA_PASS
[libvirt]
[metrics]
[mks]
[neutron]
[notifications]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[oslo_reports]
[pci]
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://$HOST_NAME:5000/v3
username = placement
password = $PLACEMENT_PASS
[powervm]
[privsep]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = true
server_listen = $HOST_IP
server_proxyclient_address = $HOST_IP
novncproxy_base_url = http://$HOST_IP:6080/vnc_auto.html
[workarounds]
[wsgi]
[zvm]
[cells]
enable = False
[os_region_name]
openstack =
eofsu -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" novasystemctl enable --now nova-api
systemctl enable --now nova-scheduler
systemctl enable --now nova-conductor
systemctl enable --now nova-novncproxycat > /root/nova-service-restart.sh <<EOF
#!bin/bash
# 处理api服务
service nova-api restart
# 处理资源调度服务
service nova-scheduler restart
# 处理数据库服务
service nova-conductor restart
# 处理vnc远程窗口服务
service nova-novncproxy restart
# 处理nova-compute服务
service nova-compute restart
EOF
nova-manage cell_v2 discover_hosts
nova-manage cell_v2 map_cell_and_hosts
bash /root/nova-service-restart.sh
echo "############################# nova installation completed ##############################"
bash iaas-install-nova-controller.sh
- 查看版本
root@controller:~# nova-manage --version
31.0.0
安装neutron服务
vi iaas-install-neutron-controller.sh
#!/bin/bash
source /etc/openstack/openrc.sh
source /etc/keystone/admin-openrc.shmysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS neutron ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '$NEUTRON_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '$NEUTRON_DBPASS' ;"openstack user create --domain $DOMAIN_NAME --password $NEUTRON_PASS neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://$HOST_NAME:9696
openstack endpoint create --region RegionOne network internal http://$HOST_NAME:9696
openstack endpoint create --region RegionOne network admin http://$HOST_NAME:9696cat >> /etc/sysctl.conf << EOF
# 用于控制系统是否开启对数据包源地址的校验,关闭
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
# 开启二层转发设备
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
EOF
modprobe br_netfilter
sysctl -papt install -y neutron-server neutron-plugin-ml2 neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent neutron-openvswitch-agentcp /etc/neutron/neutron.conf{,.bak}
cat > /etc/neutron/neutron.conf << eof
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
auth_strategy = keystone
state_path = /var/lib/neutron
dhcp_agent_notification = true
allow_overlapping_ips = true
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
transport_url = rabbit://$RABBIT_USER:$RABBIT_PASS@$HOST_NAME
[agent]
root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf"
[database]
connection = mysql+pymysql://neutron:$NEUTRON_DBPASS@$HOST_NAME/neutron
[keystone_authtoken]
www_authenticate_uri = http://$HOST_NAME:5000
auth_url = http://$HOST_NAME:5000
memcached_servers = $HOST_NAME:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = $NEUTRON_PASS
[nova]
auth_url = http://$HOST_NAME:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = $NOVA_PASS
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
eofcp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
cat > /etc/neutron/plugins/ml2/ml2_conf.ini << eof
[DEFAULT]
[ml2]
type_drivers = flat,vlan,vxlan,gre
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = $Physical_NAME
[ml2_type_geneve]
[ml2_type_gre]
[ml2_type_vlan]
[ml2_type_vxlan]
vni_ranges = $minvlan:$maxvlan
[ovs_driver]
[securitygroup]
enable_ipset = true
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[sriov_driver]
eofcp /etc/neutron/plugins/ml2/openvswitch_agent.ini{,.bak}
cat > /etc/neutron/plugins/ml2/openvswitch_agent.ini << eof
[DEFAULT]
[agent]
l2_population = True
tunnel_types = vxlan
prevent_arp_spoofing = True
[dhcp]
[network_log]
[ovs]
local_ip = $HOST_IP
bridge_mappings = $Physical_NAME:$OVS_NAME
[securitygroup]
eofcp /etc/neutron/l3_agent.ini{,.bak}
cat > /etc/neutron/l3_agent.ini << eof
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge =
[agent]
[network_log]
[ovs]
eofcp /etc/neutron/dhcp_agent.ini{,.bak}
cat > /etc/neutron/dhcp_agent.ini << eof
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[agent]
[ovs]
eofcp /etc/neutron/metadata_agent.ini{,.bak}
cat > /etc/neutron/metadata_agent.ini << eof
[DEFAULT]
nova_metadata_host = $HOST_NAME
metadata_proxy_shared_secret = $METADATA_SECRET
[agent]
[cache]
eofsed -i '2s/.*/linuxnet_interface_driver = nova.network.linux_net.LinuxOVSlnterfaceDriver\n&/' /etc/nova/nova.conf
sed -i "50s/.*/auth_url = http:\/\/$HOST_NAME:5000\nauth_type = password\nproject_domain_name = default\nuser_domain_name = default\nregion_name = RegionOne\nproject_name = service\nusername = neutron\npassword = $NEUTRON_PASS\nservice_metadata_proxy = true\nmetadata_proxy_shared_secret = $METADATA_SECRET\n&/" /etc/nova/nova.confsu -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutronsystemctl restart nova-apiovs-vsctl add-br $OVS_NAME
ovs-vsctl add-port $OVS_NAME $INTERFACE_NAMEsystemctl enable --now neutron-server
systemctl enable --now neutron-openvswitch-agent
systemctl enable --now neutron-dhcp-agent
systemctl enable --now neutron-metadata-agent
systemctl enable --now neutron-l3-agentcat > /root/neutron-service-restart.sh <<EOF
#!bin/bash
# 提供neutron服务
service neutron-server restart
# 提供ovs服务
service neutron-openvswitch-agent restart
# 提供地址动态服务
service neutron-dhcp-agent restart
# 提供元数据服务
service neutron-metadata-agent restart
# 提供三层网络服务
service neutron-l3-agent restart
EOF
bash /root/neutron-service-restart.sh
echo "######################### neutron installation completed ###############################"
bash iaas-install-neutron-controller.sh
- 查看版本
root@controller:~# neutron-server --version
This program is using eventlet and has been monkey_patched
neutron-server 26.0.0
安装horizon服务
vi iaas-install-horizon.sh
#!/bin/bash
source /etc/openstack/openrc.sh
source /etc/keystone/admin-openrc.shapt install -y openstack-dashboardcp /etc/openstack-dashboard/local_settings.py{,.bak}
sed -i '126s/.*/OPENSTACK_HOST = "'$HOST_NAME'"/' /etc/openstack-dashboard/local_settings.py
sed -i '112s/.*/SESSION_ENGINE = '\''django.contrib.sessions.backends.cache'\''/' /etc/openstack-dashboard/local_settings.py
sed -i '127s#.*#OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST#' /etc/openstack-dashboard/local_settings.py
echo "OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True" >> /etc/openstack-dashboard/local_settings.py
echo "OPENSTACK_API_VERSIONS = {\"identity\": 3,\"image\": 2,\"volume\": 3,
}" >> /etc/openstack-dashboard/local_settings.py
echo "OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\"" >> /etc/openstack-dashboard/local_settings.py
echo 'OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"' >> /etc/openstack-dashboard/local_settings.py
echo "OPENSTACK_CINDER_FEATURES = {'enable_backup': True,
}" >> /etc/openstack-dashboard/local_settings.py
sed -i '131s/.*/TIME_ZONE = "Asia\/Shanghai"/' /etc/openstack-dashboard/local_settings.pysystemctl reload apache2
echo "######################### horizon installation completed ###############################"
bash iaas-install-horizon.sh
- 浏览器访问web服务:IP/horizon(admin/000000)
:基于多尺度注意力TCN-KAN与小波变换的时间序列预测模型)
)
