#!/bin/bash
selinux=`cat /etc/selinux/config | grep "SELINUX=" | awk -F"=" 'NR==2{print $2}'`
if [ $selinux != "disabled" ]
then
echo "正在为您关闭selinux 并重新启动系统,重启后重新执行本脚本"
sed -i "s/SELINUX\=.*/SELINUX\=disabled/g" /etc/selinux/config
reboot
else
echo "selinux 已经关闭,可以执行脚本"
fi
yum install centos-release-openstack-stein -y
yum install python-openstackclient openstack-selinux -y
yum clean all
yum list
nodeipx= # 允许node网段同步时间,ip前两位,例如:xxx.xxx
etc=$(ip a | grep -w "BROADCAST" | awk -F ":" 'NR==1{print $2}')
# 过滤网卡名
# BROADCAST [ˈbrɔdˌkæst] 广播,是外网卡
ip=$(ip a | grep -w $etc | awk -F" " 'NR==2{print $2}' )
# 用外网卡名字找改行信息,打印第二行第二列
echo "
$ip linux-node1.openstack
" >> /etc/hosts
sed -i "s/\/24//g" /etc/hosts # 将尾巴 /24 替换为空格
# -g 特殊字符转义, \ 特殊字符转译符号,将符号 / 转译 不被识别
# 关闭 iptables
systemctl start firewalld.service
systemctl stop firewalld.service
systemctl disable firewalld.service
yum install -y chrony
echo "
allow $nodeipx/16
" >> /etc/chrony.conf # 允许网段同步时间
systemctl enable chronyd.service
systemctl start chronyd.service
timedatectl set-timezone Asia/Shanghai
timedatectl status
# 设置同步时间和时区
#Base
yum install -y http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm
yum install -y centos-release-openstack-liberty
yum install -y python-openstackclient
##MySQL
yum install -y mariadb mariadb-server MySQL-python
##RabbitMQ
yum install -y rabbitmq-server
##Keystone
yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached
##Glance
yum install -y openstack-glance python-glance python-glanceclient
##Nova
yum install -y openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient
##Neutron linux-node1.example.com
yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
##Dashboard
yum install -y openstack-dashboard
##Cinder
yum install -y openstack-cinder python-cinderclient
cp /usr/share/mysql/my-medium.cnf /etc/my.cnf
systemctl enable mariadb.service
ln -s '/usr/lib/systemd/system/mariadb.service' '/etc/systemd/system/multi-user.target.wants/mariadb.service'
mysql_install_db --datadir="/var/lib/mysql" --user="mysql"
# 初始化数据库
systemctl start mariadb.service
#################################################################
mysql -e "set password = password('eisccn');"
# mysql 初始没有密码, 直接mysql 进入数据库。-e 是脚本模式,然后设置面登密码为eisccn
## ====创建数据库开始====
mysql -uroot -peisccn -e "
drop database if exists keystone;
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
drop database if exists glance;
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
drop database if exists nova;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
drop database if exists neutron;
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
drop database if exists cinder;
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
flush privileges;
show databases;
"
##################### 创建数据库结束 ######################
systemctl enable rabbitmq-server.service
ln -s '/usr/lib/systemd/system/rabbitmq-server.service' '/etc/systemd/system/multi-user.target.wants/rabbitmq-server.service'
systemctl start rabbitmq-server.service
rabbitmqctl add_user openstack openstack
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
rabbitmq-plugins list
rabbitmq-plugins enable rabbitmq_management #启动插件
systemctl restart rabbitmq-server.service
yum install -y lsof
lsof -i:15672
################
#获取主机IP地址
eth=$(ip a| grep "BROADCAST" | awk -F ":" 'NR==1{print $2}' | sed "s/ //g") ; echo "网卡名为:"$eth ;
# 命令 ip a 查看网卡 过滤;BROADCAST [ˈbrɔːdkɑːst] >广播;字段的行
# awk -F ":" 以冒号为分隔符 ; 选择第一行,第二列,sed删空格
# 符号 ; 分号表示第一条命令结束,第二条开始
ethCatalog=$(find / -name "*$eth" | grep "/etc/" | sed "s/ //g" ) ; echo "网卡路径为: " $ethCatalog
# find 查找网卡名称的路径,grep 过滤/etc 目录下网卡名称。sed删除空格
ip=$(cat $ethCatalog | grep IPADDR | awk -F "=" 'NR==1{print $2}' | sed "s/ //g") ; echo "IP地址为: " $ip
# 查看网卡文件,过滤IPADDR的行,awk -F"=" 分隔符是等于符号,打印第一行第二列
################
echo "
guest 登陆:http://$ip:15672
初始登陆密码:guest/guest
登陆后,点击: 导航栏的 Admin --- openstack --- 展开 Update this user
写入密码 eisccn 确认密码eisccn 再输入管理权限用户组 administrator ; 点击 Update User 更新账户信息
之后退出使用 openstack 账户登录,账户/密码:openstack/eisccn
完成后,请确认继续搭建环境:
"
read -p "您是否已经登陆配置修改新账户;接下来安装 openstack组件!!!!!!!!
y|继续 任意键退出
" openstack
echo $openstack
case "$openstack" in
y|Y) echo "您确认了继续操作";;
*)echo "您否定了继续操作,退出脚本; case 的其他所有情况 * 号 不加双引号"
exit;;
esac
###################### 获取行号,并插入内容 ################################
# 查一行,插一行,不然行号会变; \n 换行
Random=`openssl rand -hex 10` ; echo " Random [ˈrændəm] 随机,生成10位随机数: $Random"
file="cat /etc/keystone/keystone.conf " ; echo $file
NRDEFAULT=`cat -n $file | grep "\[DEFAULT\]" | awk -F" " 'NR==1{print $1}'` ; echo $NRDEFAULT
# 查找标签:[DEFAULT] 所在行,将print $1 改为 print $0 为打印第一行中的所有列信息
sed -i "$NRDEFAULT a\admin_token = $Random \nverbose = true" $file
# $NRDEFAULT 是指定第一行 a\ 的下面插入字符串, \n 是换行符号
NRdatabase=`cat -n $file | grep "\[database\]" | awk -F" " 'NR==1{print $1}'` ; echo $NRdatabase
echo "写入IP地址 $ip"
sed -i "$NRdatabase a\connection = mysql://keystone:keystone@127.0.0.1/keystone" $file
# 设置数据库连接 写到database下
NRmemcache=`cat -n $file | grep "\[memcache\]" | awk -F" " 'NR==1{print $1}'` ; echo $NRmemcache
sed -i "$NRmemcache a\servers = $ip:11211" $file
NRrevoke=`cat -n $file | grep "\[revoke\]" | awk -F" " 'NR==1{print $1}'` ; echo $NRrevoke
sed -i "$NRrevoke a\driver = sql" $file
NRtoken=`cat -n $file | grep "\[token\]" | awk -F" " 'NR==2{print $1}'` ; echo $NRtoken
sed -i "$NRtoken a\provider = uuid \ndriver = memcache" $file
cat $file|grep -v "^#"|grep -v "^$"
#########################################################################
su -s /bin/sh -c "keystone-manage db_sync" keystone
# 创建数据库,使用同步
ll /var/log/keystone/keystone.log # 之所以上面 su 切换是因为这个日志文件属主
# 数据库检查表,生产环境密码不要用keystone,查看时间并改成复杂点的密码:set password = password('eisccn');
mysql -h $ip -u keystone -pkeystone -e "
select now();
"
systemctl enable memcached
ln -s '/usr/lib/systemd/system/memcached.service' '/etc/systemd/system/multi-user.target.wants/memcached.service'
systemctl start memcached
sed -i "s/#ServerName.*/ServerName $ip\:80/g" /etc/httpd/conf/httpd.conf
#######################################
# 修改文件: wsgi-keystone.conf
conf=`find / -name "wsgi-keystone.conf"` ; echo $conf
sed -i "1 a\Listen 35357" $conf
echo "
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
" >> $conf
#######################################
systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
systemctl start httpd
yum install -y net-tools
netstat -lntup|grep httpd # 查看启用的端口,grep过滤httpd的进程
TOKEN=`cat /etc/keystone/keystone.conf | grep "^admin_token =" | awk -F" " '{print $3}' | sed "s/ //g"` ; echo $TOKEN
export OS_TOKEN=$TOKEN
export OS_URL=http://$ip:35357/v3
export OS_IDENTITY_API_VERSION=3
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password-prompt admin
openstack role create admin
openstack role add --project admin --user admin admin
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password=demo demo
openstack role create user
openstack role add --project demo --user demo user
openstack project create --domain default --description "Service Project" service
openstack user list
openstack project list
openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne identity public http://$ip:5000/v2.0
openstack endpoint create --region RegionOne identity internal http://$ip:5000/v2.0
openstack endpoint create --region RegionOne identity admin http://$ip:35357/v2.0
openstack endpoint list