脚本部署Openstack 某企业拟使用OpenStack搭建一个企业云平台，以实现资源池化弹性管理、企业应用集中管理、统一安全认证和授权等管理。 规划： 云服务器1 主机名Controller: 接口eth33IP地址192.168.100.10/24,仅主机模式 接口eth34IP地址保持默认,NAT模式 云服务器2 主机名Compute 接口eth33IP地址192.168.100.20/24,仅主机模式 接口eth34IP地址保持默认,NAT模式 本实验使用到三个网段： 192.168.100.0/24，Openstack管理网络，Vmware仅主机模式 192.168.200.0/24，Openstack数据网络，云主机外部网络，VmwareNAT模式 10.0.0.0/24，云主机内部网络 使用两台主机部署出Openstack平台，要求云平台能够正常创建出云主机并正常通信。

以下是一个简单的脚本部署 OpenStack 的示例，您可以根据自己的实际情况进行修改和调整。本脚本适用于 CentOS 7 系统。

1. 安装必要的软件包：

yum install -y centos-release-openstack-stein
yum update -y
yum install -y python-openstackclient openstack-selinux mariadb mariadb-server rabbitmq-server memcached python-memcached httpd mod_wsgi python2-PyMySQL

2. 配置 MariaDB 数据库：

systemctl enable mariadb.service
systemctl start mariadb.service

# 创建数据库和用户
mysql -u root
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
FLUSH PRIVILEGES;
QUIT;

3. 配置 RabbitMQ 消息队列：

systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
rabbitmqctl add_user openstack RABBIT_PASS
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

4. 配置 Memcached 缓存：

systemctl enable memcached.service
systemctl start memcached.service

5. 配置 Keystone 身份认证服务：

# 修改 /etc/keystone/keystone.conf 文件
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone

[token]
provider = fernet

# 初始化数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone

# 创建 Fernet 密钥
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

# 创建管理员账户和服务
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://controller:5000/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne

# 设置环境变量
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3

# 创建服务和 API 端点
openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne identity public http://controller:5000/v3/
openstack endpoint create --region RegionOne identity internal http://controller:5000/v3/
openstack endpoint create --region RegionOne identity admin http://controller:5000/v3/

6. 配置 Glance 镜像服务：

# 修改 /etc/glance/glance-api.conf 和 /etc/glance/glance-registry.conf 文件
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

[keystone_authtoken]
auth_uri = http://controller:5000/v3
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS

[paste_deploy]
flavor = keystone

# 初始化数据库
su -s /bin/sh -c "glance-manage db_sync" glance

# 设置环境变量
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3

# 创建服务和 API 端点
openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292

7. 配置 Nova 计算服务：

# 修改 /etc/nova/nova.conf 文件
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

[api_database]
connection = mysql+pymysql://nova_api:NOVA_API_DBPASS@controller/nova_api

[keystone_authtoken]
auth_uri = http://controller:5000/v3
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

# 初始化数据库
su -s /bin/sh -c "nova-manage api_db sync" nova_api
su -s /bin/sh -c "nova-manage db sync" nova

# 设置环境变量
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3

# 创建服务和 API 端点
openstack user create --domain default --password-prompt nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s

8. 配置 Neutron 网络服务：

# 修改 /etc/neutron/neutron.conf 文件
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron

[keystone_authtoken]
auth_uri = http://controller:5000/v3
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = NEUTRON_PASS

[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True

[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = True

[ovs]
local_ip = 192.168.100.20
bridge_mappings = provider:br-provider

# 初始化数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

# 设置环境变量
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3

# 创建服务和 API 端点
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696

# 创建网络
openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
openstack subnet create --network provider --allocation-pool start=192.168.200.100,end=192.168.200.200 --dns-nameserver 223.5.5.5 --gateway 192.168.200.1 --subnet-range 192.168.200.0/24 provider

# 创建路由器和子网
openstack router create router
openstack subnet create --subnet-range 10.0.0.0/24 --network provider --gateway 10.0.0.1 provider_subnet
openstack router add subnet router provider_subnet
openstack router set --external-gateway provider router

9. 配置 Horizon 控制台：

# 安装 Apache 和 mod_wsgi
yum install -y httpd mod_wsgi

# 修改 /etc/openstack-dashboard/local_settings 文件
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
    'default': {
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
        'LOCATION': 'controller:11211',
    }
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
    "network": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

# 启动 Apache 服务
systemctl enable httpd.service
systemctl start httpd.service

10. 配置 Compute 节点：

# 安装必要的软件包
yum install -y centos-release-openstack-stein
yum update -y
yum install -y python-openstackclient openstack-selinux qemu-kvm libvirt libguestfs-tools virt-install bridge-utils

# 修改 /etc/nova/nova.conf 文件
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

[api_database]
connection = mysql+pymysql://nova_api:NOVA_API_DBPASS@controller/nova_api

[DEFAULT]
my_ip = 192.168.100.20
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[neutron]
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS

[libvirt]
virt_type = qemu

[keystone_authtoken]
auth_uri = http://controller:5000/v3
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS

# 启动服务
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service

11. 完成以上步骤后，您应该能够正常创建云主机，并能够通过网络正常访问它们。