ip a add ip/24 dev ensxxx

cd /etc/sysconfig/network-scripts

nmcli conn delete 'name'

nmcli con

nmcli conn add con-name ens160 ifname ens160 type ethernet

nmcli conn modify ens160 ipv4.method manual ipv4.address 192.168.212.129/24 autoconnect yes

ip a del 192.168.212.128/24 dev ens160
ip a add 192.168.212.129/24 dev ens160

yum provides ifconfig

yum list net-*

yum -y install net-tools

yum -y install net-tools --allowerasing

ls /etc/yum.repos.d

hostname

hostnamectl set-hostname <主机名>

vi /etc/hosts

ip	对应主机名称

ping 对应主机名称

systemctl status firewalld

systemctl stop/start/enable/disable firewalld

vi /etc/chrony.conf

allow 192.168.211.0/24

systemctl restart chronyd
systemctl enable chronyd

chronyc <参数>

chronyc sources

chronyc add server time1.cloud.tencent.com

chronyc delete time1.cloud.tencent.com

yum -y install openstack-rellease-train

yum upgrade -y --nobest --skip-broken

yum -y install python-openstackclient

yum -y install mariadb-server python-PyMySQL

vi /etc/my.cnf.d/openstack.cnf

[mysqld]
bind-address = 192.168.212.139
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

systemctl enable mariadb

systemctl start mariadb

mysql_secure_installation

mysql -h<数据库ip地址> -u<用户名> -p<密码>

yum -y install rabbitmq-server

systemctl enable rabbitmq-server

systemctl start rabbitmq-server

rabbitmqctl add_user <用户> <密码>

rabbitmqctl delete_user <用户名>

rabbitmqctl change_password <用户名> <新密码>

rabbitmqctl set_permissions <用户名> ".*" ".*" ".*"

rabbitmqctl list_user_permissions openstack

netstat -lntup

yum -y install memcached python-memcached

cat /etc/passwd | grep memcached

vi /etc/sysconfig/memcached

PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 0.0.0.0,::1"

systemctl enable memcached
systemctl start memcached

netstat -lntup | grep memcached

yum -y install etcd

vi /etc/etcd/etcd.conf

# [member]
ETCD_NAME=control
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
#ETCD_WAL_DIR=""
#ETCD_SNAPSHOT_COUNT="10000"
#ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000"
ETCD_LISTEN_PEER_URLS="http://192.168.212.139:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.212.139:2379,http://127.0.0.1:2379"
#ETCD_MAX_SNAPSHOTS="5"
#ETCD_MAX_WALS="5"
#ETCD_CORS=""
#
#[cluster]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.212.139:2380"
# if you use different ETCD_NAME (e.g. test), set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."
ETCD_INITIAL_CLUSTER="control=http://192.168.212.139:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.212.139:2379"
#ETCD_DISCOVERY=""
#ETCD_DISCOVERY_SRV=""
#ETCD_DISCOVERY_FALLBACK="proxy"
#ETCD_DISCOVERY_PROXY=""
#ETCD_STRICT_RECONFIG_CHECK="false"
#ETCD_AUTO_COMPACTION_RETENTION="0"
#
#[proxy]
#ETCD_PROXY="off"
#ETCD_PROXY_FAILURE_WAIT="5000"
#ETCD_PROXY_REFRESH_INTERVAL="30000"
#ETCD_PROXY_DIAL_TIMEOUT="1000"
#ETCD_PROXY_WRITE_TIMEOUT="5000"
#ETCD_PROXY_READ_TIMEOUT="0"
#
#[security]
#ETCD_CERT_FILE=""
#ETCD_KEY_FILE=""
#ETCD_CLIENT_CERT_AUTH="false"
#ETCD_TRUSTED_CA_FILE=""
#ETCD_AUTO_TLS="false"
#ETCD_PEER_CERT_FILE=""
#ETCD_PEER_KEY_FILE=""
#ETCD_PEER_CLIENT_CERT_AUTH="false"
#ETCD_PEER_TRUSTED_CA_FILE=""
#ETCD_PEER_AUTO_TLS="false"
#
#[logging]
#ETCD_DEBUG="false"
# examples for -log-package-levels etcdserver=WARNING,security=DEBUG
#ETCD_LOG_PACKAGE_LEVELS=""

systemctl enable etcd
systemctl start etcd

netstat -lntup | grep etcd

etcdctl put <键> <值>

etcdctl get <键>

hostnamectl set-hostname compute

vi /etc/hosts

192.168.212.139 control
192.168.212.149 compute

vi /etc/selinux/config

setenforce 0

systemctl disable firewalld
systemctl stop firewalld

mount /opt/openStack-train.iso /opt/openstack

vi /etc/fstab

/opt/openStack-train.iso /opt/openstack iso9660 defaults 0 0

cd /etc/yum.repos.d 
mkdir bak
mv *.repo bak

vi /etc/yum.repos.d/OpenStack.repo

[OS]
name=OS
baseurl=ftp://control/openstack/OS
enable=1
gpgcheck=0

[everything]
name=everything
baseurl=ftp://control/openstack/everything
enable=1
gpgcheck=0

[EPOL]
name=EPOL
baseurl=ftp://control/openstack/EPOL
enable=1
gpgcheck=0

[update]
name=update
baseurl=ftp://control/openstack/update
enable=1
gpgcheck=0

[OpenStack_Train]
name=OpenStack_Train
baseurl=ftp://control/openstack/OpenStack_Train
enable=1
gpgcheck=0

yum clean all

yum makecache

yum repolist

yum -y install vsftpd

vi /etc/vsftpd/vsftpd.conf

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
anon_root=/opt
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/xferlog
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
# the behaviour when these options are disabled.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=NO
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES

systemctl enable vsftpd
systemctl start vsftpd

cd /etc/yum.repos.d
mkdir bak
mv *.repo bak

vi OpenStack.repo

[OS]
name=OS
baseurl=ftp://control/openstack/OS
enable=1
gpgcheck=0

[everything]
name=everything
baseurl=ftp://control/openstack/everything
enable=1
gpgcheck=0

[EPOL]
name=EPOL
baseurl=ftp://control/openstack/EPOL
enable=1
gpgcheck=0

[update]
name=update
baseurl=ftp://control/openstack/update
enable=1
gpgcheck=0

[OpenStack_Train]
name=OpenStack_Train
baseurl=ftp://control/openstack/OpenStack_Train
enable=1
gpgcheck=0

yum clean all
yum makecache

yum repolist

vi /etc/chrony.conf

local stratum 1
allow 192.168.212.0/24

systemctl restart chronyd

vi /etc/chrony.conf

pool pool.ntp.org iburst => server control iburst

systemctl restart chronyd

chronyc sources

yum -y install openstack-release-train

rm -rf /etc/yum.repos.d/openstack-train.repo

yum -y install python-openstackclient

yum -y install mariadb-server python-PyMySQL

vi /etc/my.cnf.d/openstack.cnf

[mysqld]
bind-address = 192.168.212.149
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

systemctl enable mariadb

systemctl start mariadb

mysql_secure_installation

mysql -h<数据库ip地址> -u<用户名> -p<密码>

yum -y install rabbitmq-server

systemctl enable rabbitmq-server

systemctl start rabbitmq-server

rabbitmqctl add_user rabbitmq <密码>

rabbitmqctl set_permissions rabbitmq ".*" ".*" ".*"

rabbitmqctl list_users

netstat -lntup

yum -y install memcached python-memcached

vi /etc/sysconfig/memcached

PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 0.0.0.0,::1"

systemctl enable memcached
systemctl start memcached

netstat -lntup | grep 11211

yum -y install etcd

vi /etc/etcd/etcd.conf

# [member]
ETCD_NAME=compute
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
#ETCD_WAL_DIR=""
#ETCD_SNAPSHOT_COUNT="10000"
#ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000"
ETCD_LISTEN_PEER_URLS="http://192.168.212.149:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.212.149:2379,http://127.0.0.1:2379"
#ETCD_MAX_SNAPSHOTS="5"
#ETCD_MAX_WALS="5"
#ETCD_CORS=""
#
#[cluster]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.212.149:2380"
# if you use different ETCD_NAME (e.g. test), set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."
ETCD_INITIAL_CLUSTER="control=http://192.168.212.149:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.212.149:2379"
#ETCD_DISCOVERY=""
#ETCD_DISCOVERY_SRV=""
#ETCD_DISCOVERY_FALLBACK="proxy"
#ETCD_DISCOVERY_PROXY=""
#ETCD_STRICT_RECONFIG_CHECK="false"
#ETCD_AUTO_COMPACTION_RETENTION="0"
#
#[proxy]
#ETCD_PROXY="off"
#ETCD_PROXY_FAILURE_WAIT="5000"
#ETCD_PROXY_REFRESH_INTERVAL="30000"
#ETCD_PROXY_DIAL_TIMEOUT="1000"
#ETCD_PROXY_WRITE_TIMEOUT="5000"
#ETCD_PROXY_READ_TIMEOUT="0"
#
#[security]
#ETCD_CERT_FILE=""
#ETCD_KEY_FILE=""
#ETCD_CLIENT_CERT_AUTH="false"
#ETCD_TRUSTED_CA_FILE=""
#ETCD_AUTO_TLS="false"
#ETCD_PEER_CERT_FILE=""
#ETCD_PEER_KEY_FILE=""
#ETCD_PEER_CLIENT_CERT_AUTH="false"
#ETCD_PEER_TRUSTED_CA_FILE=""
#ETCD_PEER_AUTO_TLS="false"
#
#[logging]
#ETCD_DEBUG="false"
# examples for -log-package-levels etcdserver=WARNING,security=DEBUG
#ETCD_LOG_PACKAGE_LEVELS=""

systemctl enable etcd
systemctl start etcd

netstat -lntup | grep etcd

cd /etc/yum.repos.d

mv /bak/*.repo ../

mv OpenStack.repo /bak

yum clean all && yum makecache

yum -y install openstack-keystone httpd mod_wsgi

mysql -uroot -p<密码>

grant all privileges on keystone.* to 'keystone'@'localhost' identified by '验证密码';
grant all privileges on keystone.* to 'keystone'@'%' identified by '验证密码';

vi /etc/keystone/keystone.conf

connection = mysql+pymysql://keystone:验证密码@control/keystone

provider = fernet

su keystone -s /bin/sh -c "keystone-manage db_sync"

mysql -uroot -p<密码>
use keystone;
show tables;

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

keystone-manage bootstrap --bootstrap-password <密码> --bootstrap-admin-url http://control:5000/v3 --bootstrap-internal-url http://control:5000/v3 --bootstrap-public-url http://control:5000/v3 --bootstrap-region-id RegionOne

vi /etc/httpd/conf/httpd.conf

ServerName control

systemctl restart httpd && systemctl enable httpd

vi admin-login

export OS_USERNAME=admin
export OS_PASSWORD=<密码>
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://control:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

source admin-login

export -p

ip地址:5000/v3

openstack project create --domain default project

openstack project list

openstack role create user

openstack role list

openstack domain list

openstack user list

yum -y install openstack-glance

cat /etc/passwd | grep glance

cat /etc/group | grep glance

mysql -uroot -p<密码>

create database glance;

grant all privileges on glance.* to 'glance'@'localhost' identified by '<密码>';

grant all privileges on glance.* to 'glance'@'%' identified by '<密码>';

quit

cp /etc/glance/glance-api.conf /etc/glance/glance-api-bak.conf

grep -Ev '^$|#' /etc/glance/glance-api-bak.conf > /etc/glance/glance-api.conf

vi /etc/glance/glance-api.conf

[DEFAULT]
[cinder]
[cors]
[database]
connection=mysql+pymysql://glance:<密码>@<主机名>/glance
[file]
[glance.store.http.store]
[glance.store.rbd.store]
[glance.store.sheepdog.store]
[glance.store.swift.store]
[glance.store.vmware_datastore.store]
[glance_store]
stores=file
default_store=file
filesystem_store_datadir=/var/lib/glance/images
[image_format]
[keystone_authtoken]
auth_url=http://<主机名>:5000
memcached_servers=<主机名>:11211
auth_type=password
username=glance
password=<密码>
project_name=project
user_domain_name=Default
project_domain_name=Default
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
flavor=keystone
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]

cd ~

source admin-login

openstack user create --domain default --password <密码> glance

openstack role add --project project --user glance admin

openstack service create --name glance image

openstack endpoint create --region RegionOne glance public http://control:9292

openstack endpoint create --region RegionOne glance internal http://control:9292

openstack endpoint create --region RegionOne glance admin http://control:9292

systemctl enable openstack-glance-api

systemctl start openstack-glance-api

netstat -lntup |grep 9292

systemctl status openstack-glance-api

cd ~

openstack image create --file cirros-0.5.1-x86_64-disk.img --disk-format qcow2 --container-format bare --public cirros

openstack image list

ll /var/lib/glance/images

yum -y install openstack-placement-api

cat /etc/passwd |grep placement

cat /etc/group |grep placement

mysql -uroot -p<密码>

create database placement;

grant all privileges on placement.* to 'placement'@'localhost' identified by '<密码>';

grant all privileges on placement.* to 'placement'@'%' identified by '<密码>';

cp /etc/placement/placement.conf /etc/placement/placement-bak.conf

grep -Ev '^$|#' /etc/placement/placement-bak.conf > /etc/placement/placement.conf

vi /etc/placement/placement.conf

[DEFAULT]
[api]
auth_strategy=keystone
[cors]
[keystone_authtoken]
auth_url=http://<主机名>:5000
memcached_servers=<主机名>:11211
auth_type=password
project_domain_name=Default
user_domain_name=Default
project_name=project
username=placement
password=<密码>
[oslo_policy]
[placement]
[placement_database]
connection=mysql+pymysql://placement:<密码>@<主机名>/placement
[profiler]

su placement -s /bin/sh -c "placement-manage db sync"

mysql -uroot -p<密码>

use placement;

show tables;

source admin-login

opensatck user create --domain default --password lzgbzat placement

openstack role add --project project --user placement admin

openstack service create --name placement placement

openstack endpoint create --region RegionOne placement public http://control:8778

openstack endpoint create --region RegionOne placement internal http://control:8778

openstack endpoint create --region RegionOne placement admin http://control:8778

systemctl restart httpd

netstat -lntup |grep 8778

curl http://control:8778

yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-scheduler openstack-nova-novncproxy

cat /etc/passwd | grep nova

cat /etc/group | grep nova

mysql -uroot -p

create database nova_api;

create database nova_cell0;

create database nova;

grant all privileges on nova_api.* to 'nova'@'localhost' identified by '<密码>';

grant all privileges on nova_api.* to 'nova'@'%' identified by '<密码>';

grant all privileges on nova_cell0.* to 'nova'@'localhost' identified by '<密码>';

grant all privileges on nova_cell0.* to 'nova'@'%' identified by '<密码>';

grant all privileges on nova.* to 'nova'@'localhost' identified by '<密码>';

grant all privileges on nova.* to 'nova'@'%' identified by '<密码>';

cp /etc/nova/nova.conf /etc/nova/nova-bak.conf

grep -Ev '^$|#' /etc/nova/nova-bak.conf > /etc/nova/nova.conf

vi /etc/nova/nova.conf

[DEFAULT]
enabled_apis=osapi_compute,metadata
transport_url=rabbit://<rabbitmq服务的用户名>:<rabbitmq的密码>@<主机名>:5672
my_ip=192.168.212.139
use_neutron=true
firewall_driver=nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy=keystone
[api_database]
connection=mysql+pymysql://nova:<密码>@<主机名>/nova_api
[barbican]
[cache]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[database]
connection=mysql+pymysql://nova:<密码>@<主机名>/nova
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers=http://<主机名>:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
auth_url=http://<主机名>:5000
memcached_servers=<主机名>:11211
auth_type=password
project_domain_name=Default
user_domain_name=Default
project_name=project
username=nova
password=<密码>
[libvirt]
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path=/var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
auth_url=http://<主机名>:5000
auth_type=password
project_domain_name=Default
user_domain_name=Default
project_name=project
username=placement
password=<密码>
region_name=RegionOne
[powervm]
[privsep]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled=true
server_listen=$my_ip
server_proxyclient_address=$my_ip
[workarounds]
[wsgi]
[xenserver]
[xvp]
[zvm]

su nova -s /bin/sh -c "nova-manage api_db sync"

su nova -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1"

su nova -s /bin/sh -c "nova-manage cell_v2 map_cell0"

su nova -s /bin/sh -c "nova-manage db sync"

nova-manage cell_v2 list_cells

source admin-login

openstack user create --domain default --password <密码> nova

openstack role add --project project --user nova admin

openstack service create --name nova compute

openstack endpoint create --region RegionOne nova public http://<主机名>:8774/v2.1

openstack endpoint create --region RegionOne nova internal http://<主机名>:8774/v2.1

openstack endpoint create --region RegionOne nova admin http://<主机名>:8774/v2.1

systemctl enable openstack-nova-api openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy

systemctl start openstack-nova-api openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy

netstat -lntup |grep 877

openstack compute service list

yum -y install openstack-nova-compute

cat /etc/passwd | grep nova

cat /etc/group | grep nova

cp /etc/nova/nova.conf /etc/nova/nova-bak.conf

grep -Ev '^$|#' /etc/nova/nova-bak.conf > /etc/nova/nova.conf

vi /etc/nova/nova.conf

[DEFAULT]
enabled_apis=osapi_compute,metadata
transport_url=rabbit://<rabbitmq用户名>:<rabbitmq用户密码>@<主机>:5672
my_ip=192.168.212.149
use_neutron=true
firewall_driver=nova.virt.firewall.NoopFirewallDriver
compute_driver=libvirt.LibvirtDriver
instances_path=/var/lib/nova/instances/
[api]
auth_strategy=keystone
[api_database]
[barbican]
[cache]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[database]
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers=http://<主机>:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
auth_url=http://<主机>:5000
memcached_servers=<主机>:11211
auth_type=password
project_domain_name=Default
user_domain_name=Default
project_name=project
username=nova
password=<密码>
[libvirt]
virt_type=qemu
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path=/var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
auth_url=http://<主机>:5000
auth_type=password
project_domain_name=Default
user_domain_name=Default
project_name=project
username=placement
password=<密码>
region_name=RegionOne
[powervm]
[privsep]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled=true
server_listen=0.0.0.0
server_proxyclient_address=$my_ip
novncproxy_base_url=http://192.168.212.139:6080/vnc_auto.html
[workarounds]
[wsgi]
[xenserver]
[xvp]
[zvm]

systemctl enable libvirtd openstack-nova-compute

systemctl start libvirtd openstack-nova-compute

source admin-login

su nova -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose"

[scheduler]
discover_hosts_in_cells_interval=600

systemctl restart openstack-nova-api

openstack compute service list

openstack catalog list

nova-status upgrade check

yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

cat /etc/passwd | grep neutron

cat /etc/group | grep neutron

mysql -uroot -p<密码>

create database neutron;

grant all privileges on neutron.* to 'neutron'@'localhost' identified by '<密码>';

grant all privileges on neutron.* to 'neutron'@'%' identified by '<密码>';

cp /etc/neutron/neutron.conf /etc/neutron/neutron-bak.conf

grep -Ev '^$|#' /etc/neutron/neutron-bak.conf > /etc/neutron/neutron.conf

vi /etc/neutron/neutron.conf

[DEFAULT]
core_plugin=ml2
service_plugins=
transport_url=rabbit://<rabbitmq用户名>:<密码>@<主机名>
auth_strategy=keystone
notify_nova_on_port_status_changes=true
notify_nova_on_port_data_changes=true
[cors]
[database]
connection=mysql+pymysql://neutron:<密码>@<主机名>/neutron
[keystone_authtoken]
auth_url=http://<主机名>:5000
memcached_servers=<主机名>:11211
auth_type=password
project_domain_name=Default
user_domain_name=Default
project_name=project
username=neutron
password=<密码>
[nova]
auth_url=http://<主机名>:5000
auth_type=password
project_domain_name=Default
user_domain_name=Default
project_name=project
username=nova
password=<密码>
region_name=RegionOne
[oslo_concurrency]
lock_path=/var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[privsep]
[ssl]

cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf-bak.ini

grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf-bak.ini>/etc/neutron/plugins/ml2/ml2_conf.ini

[DEFAULT]
[ml2]
type_drivers=flat
tenant_network_types=
mechanism_drivers=linuxbridge
extension_drivers=port_security
[ml2_type_flat]
flat_networks=provider
[securitygroup]
enable_ipset=true

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent-bak.ini

grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent-bak.ini>/etc/neutron/plugins/ml2/linuxbridge_agent.ini

vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[DEFAULT]
[linux_bridge]
physical_interface_mappings=provider:<Nat模式下的网卡名称，例如ens160>
[vxlan]
enable_vxlan=false
[securitygroup]
enable_security_group=true
firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent-bak.ini

grep -Ev '^$|#' /etc/neutron/dhcp_agent-bak.ini>/etc/neutron/dhcp_agent.ini

vi /etc/neutron/dhcp_agent.ini

[DEFAULT]
interface_driver=linuxbridge
dhcp_driver=neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata=true

cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent-bak.ini

grep -Ev '^$|#' /etc/neutron/metadata_agent-bak.ini > /etc/neutron/metadata_agent.ini

vi /etc/neutron/metadata_agent.ini

[DEFAULT]
nova_metadata_host=<主机名>
metadata_proxy_shared_secret=METADATA_SECRET
[cache]

vi /etc/nova/nova.conf

[neutron]
auth_url=http://<主机名>:5000
auth_type=password
project_domain_name=Default
user_domain_name=Default
region_name=RegionOne
project_name=project
username=neutron
password=<密码>
service_metadata_proxy=true
metadata_proxy_shared_secret=METADATA_SECRET

su neutron -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head"

mysql -uroot -p<密码>

use neutron;

show tables;

source admin-login

openstack user create --domain default --password <密码> neutron

openstack role add --project project --user neutron admin

openstack service create --name neutron network

openstack endpoint create --region RegionOne neutron public http://<主机名>:9696

openstack endpoint create --region RegionOne neutron internal http://<主机名>:9696

openstack endpoint create --region RegionOne neutron admin http://<主机名>:9696

systemctl restart openstack-nova-api

systemctl enable neutron-server neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent

systemctl start neutron-server neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent

netstat -lntup | grep 9696

curl http://<主机名>:9696

yum -y install openstack-neutron-linuxbridge

cat /etc/passwd | grep neutron

cat /etc/group | grep neutron

vi /etc/neutron/neutron.conf

[DEFAULT]
transport_url=rabbit://rabbitmq:<密码>@<主机名>:5672
auth_strategy=keystone
[cors]
[database]
[keystone_authtoken]
auth_url=http://<主机名>:5000
memcached_servers=<主机名>:11211
auth_type=password
project_domain_name=Default
user_domain_name=Default
project_name=project
username=neutron
password=<密码>
[oslo_concurrency]
lock_path=/var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[privsep]
[ssl]

cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent-bak.ini

grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent-bak.ini>/etc/neutron/plugins/ml2/linuxbridge_agent.ini

vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[DEFAULT]
[linux_bridge]
physical_interface_mappings=provider:<Nat模式下的网卡名称，例如ens160>
[vxlan]
enable_vxlan=false
[securitygroup]
enable_security_group=true
firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

vi /etc/nova/nova.conf

vif_plugging_is_fatal=false
vif_plugging_timeout=0

[neutron]
auth_url=http://<主机名>:5000
auth_type=password
project_domain_name=Default
user_domain_name=Default
region_name=RegionOne
project_name=project
username=neutron
password=<密码>

systemctl restart openstack-nova-compute

systemctl enable neutron-linuxbridge-agent

systemctl start neutron-linuxbridge-agent

source admin-login

openstack network agent list

neutron-status upgrade check

yum -y install openstack-dashboard

ALLOWED_HOSTS = ['*']

OPENSTACK_HOST = "control"

TIME_ZONE = "Asia/Shanghai"

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
    'default': {
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
        'LOCATION': 'control:11211',
    },
}

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT=True
OPENSTACK_API_VERSIONS={
        "identify":3,
        "image":2,
        "volume":3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN="Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE="user"

OPENSTACK_NEUTRON_NETWORK = {
    'enable_auto_allocated_network': False,
    'enable_distributed_router': False,
    'enable_fip_topology_check': False,
    'enable_ha_router': False,
    'enable_ipv6': False,
    # TODO(amotoki): Drop OPENSTACK_NEUTRON_NETWORK completely from here.
    # enable_quotas has the different default value here.
    'enable_quotas': False,
    'enable_rbac_policy': False,
    'enable_router': False,

    'default_dns_nameservers': [],
    'supported_provider_types': ['*'],
    'segmentation_id_range': {},
    'extra_provider_types': {},
    'supported_vnic_types': ['*'],
    'physical_networks': [],

}

cd /usr/share/openstack-dashboard/

python manage.py make_web_conf --apache > /etc/httpd/conf.d/openstack-dashboard.conf

cat /etc/httpd/conf.d/openstack-dashboard.conf

ls /etc/openstack-dashboard/

ln -s /etc/openstack-dashboard/ /usr/share/openstack-dashboard/openstack_dashboard/conf

ll /usr/share/openstack-dashboard/openstack_dashboard/

systemctl enable httpd

systemctl start httpd

systemctl restart chronyd

yum -y install openstack-cinder

cat /etc/passwd | grep cinder

cat /etc/group | grep cinder

mysql -uroot -p<密码>

grant all privileges on cinder.* to 'cinder'@'localhost' identified by '<密码>';

grant all privileges on cinder.* to 'cinder'@'%' identified by '<密码>';

cp /etc/cinder/cinder.conf /etc/cinder/cinder-bak.conf

grep -Ev '^$|#' /etc/cinder/cinder-bak.conf > /etc/cinder/cinder.conf

vi /etc/cinder/cinder.conf

[DEFAULT]
auth_strategy=keystone
transport_url=rabbit://<rabbitmq用户>:<密码>@<主机名>:5672
[barbican]
[cors]
[database]
connection=mysql+pymysql://cinder:<密码>@<主机名>/cinder
[healthcheck]
[key_manager]
[keystone_authtoken]
auth_url=http://<主机名>:5000
memcached_servers=<主机名>:11211
auth_type=password
project_domain_name=Default
user_domain_name=Default
project_name=project
username=cinder
password=<密码>
[oslo_concurrency]
lock_path=/var/lib/cinder/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[oslo_reports]
[oslo_versionedobjects]
[privsep]
[profiler]
[sample_castellan_source]
[sample_remote_file_source]
[ssl]
[vault]

vi /etc/nova/nova.conf

[cinder]
os_region_name=RegionOne

su cinder -s /bin/sh -c "cinder-manage db sync"

source admin-login

openstack user create --domain default --password <密码> cinder

openstack role add --project project --user cinder admin

openstack service create --name cinderv3 volumev3

openstack endpoint create --region RegionOne volumev3 public http://control:8776/v3/%\(project_id\)s

openstack endpoint create --region RegionOne volumev3 internal http://control:8776/v3/%\(project_id\)s

openstack endpoint create --region RegionOne volumev3 admin http://control:8776/v3/%\(project_id\)s

systemctl restart openstack-nova-api

systemctl enable openstack-cinder-api openstack-cinder-scheduler

systemctl start openstack-cinder-api openstack-cinder-scheduler

netstat -lntup | grep 8776

openstack volume service list

lsblk

pvcreate /dev/<sdb或者nvme0n2>

vgcreate cinder-volumes /dev/<sdb或者nvme0n2>

filter=["a/<sdb或者nvme0n2>/","r/.*/"]

yum -y install openstack-cinder targetcli python-keystone

cp /etc/cinder/cinder.conf /etc/cinder/cinder-bak.conf

grep -Ev '^$|#' /etc/cinder/cinder-bak.conf > /etc/cinder/cinder.conf

vi /etc/cinder//cinder.conf