Bootstrap

基于Ubuntu2404脚本搭建openstackC版-ovn网络驱动

本实验使用VMware虚拟机,双网卡使用net模式,开启CPU虚拟化,OpenStackC版使用OVN作为网络驱动,以提供更加灵活高效的网络环境,使用本脚本只需要修改环境变量中控制节点和计算节点的网络信息和虚拟机密码即可,controller对应跑控制节点脚本,compute对应跑计算节点脚本

双节点只配置第一张网卡,第二张不配置

# This is the network config written by 'subiquity'
network:
  ethernets:
    ens33:
      dhcp4: false
      addresses:
        - 192.168.200.195/24
      routes:
        - to: default
          via: 192.168.200.2
      nameservers:
        addresses:
          - 114.114.114.114
          - 8.8.8.8
    ens34:
      dhcp4: false
  version: 2

配置基础环境

环境初始化,双节点执行

#!/bin/bash

# 定义节点信息
NODES=("192.168.200.195 controller root" "192.168.200.190 compute root")

# 定义当前节点的密码(默认集群统一密码)
HOST_PASS="000000"

# 时间同步的目标节点
TIME_SERVER=controller

# 时间同步的地址段
TIME_SERVER_IP=192.160.200.0/24


cat > /etc/apt/sources.list << eof
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ noble main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ noble main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ noble-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ noble-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ noble-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ noble-backports main restricted universe multiverse
eof

cat > /etc/apt/sources.list.d/ubuntu.sources << eof
Types: deb
URIs: https://mirrors.tuna.tsinghua.edu.cn/ubuntu
Suites: noble noble-updates noble-backports
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
eof

apt update

# 欢迎界面
cat > /etc/motd <<EOF
 ################################
 #    Welcome  to  openstack    #
 ################################
EOF

# 修改主机名
for node in "${NODES[@]}"; do
  ip=$(echo "$node" | awk '{print $1}')
  hostname=$(echo "$node" | awk '{print $2}')

  # 获取当前节点的主机名和 IP
  current_ip=$(hostname -I | awk '{print $1}')
  current_hostname=$(hostname)

  # 检查当前节点与要修改的节点信息是否匹配
  if [[ "$current_ip" == "$ip" && "$current_hostname" != "$hostname" ]]; then
    echo "Updating hostname to $hostname on $current_ip..."
    hostnamectl set-hostname "$hostname"

    if [ $? -eq 0 ]; then
      echo "Hostname updated successfully."
    else
      echo "Failed to update hostname."
    fi

    break
  fi
done

# 遍历节点信息并添加到 hosts 文件
for node in "${NODES[@]}"; do
  ip=$(echo "$node" | awk '{print $1}')
  hostname=$(echo "$node" | awk '{print $2}')

  # 检查 hosts 文件中是否已存在相应的解析
  if grep -q "$ip $hostname" /etc/hosts; then
    echo "Host entry for $hostname already exists in /etc/hosts."
  else
    # 添加节点的解析条目到 hosts 文件
    sudo sh -c "echo '$ip $hostname' >> /etc/hosts"
    echo "Added host entry for $hostname in /etc/hosts."
  fi
done

if [[ ! -s ~/.ssh/id_rsa.pub ]]; then
    ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa -q -b 2048
fi

# 检查并安装 sshpass 工具
if ! which sshpass &> /dev/null; then
    echo "sshpass 工具未安装,正在安装 sshpass..."
    sudo apt-get install -y sshpass
fi

# 遍历所有节点进行免密操作
for node in "${NODES[@]}"; do
    ip=$(echo "$node" | awk '{print $1}')
    hostname=$(echo "$node" | awk '{print $2}')
    user=$(echo "$node" | awk '{print $3}')

    # 使用 sshpass 提供密码,并自动确认密钥
    sshpass -p "$HOST_PASS" ssh-copy-id -o StrictHostKeyChecking=no -i /root/.ssh/id_rsa.pub "$user@$hostname"
done

# 时间同步
apt install -y chrony
if [[ $TIME_SERVER_IP == *$(hostname -I)* ]]; then
    # 配置当前节点为时间同步源
    sed -i '20,23s/^/#/g' /etc/chrony/chrony.conf
    echo "server $TIME_SERVER iburst maxsources 2" >> /etc/chrony/chrony.conf
    echo "allow $TIME_SERVER_IP" >> /etc/chrony/chrony.conf
    echo "local stratum 10" >> /etc/chrony/chrony.conf
else
    # 配置当前节点同步到目标节点
    sed -i '20,23s/^/#/g' /etc/chrony/chrony.conf
    echo "pool $TIME_SERVER iburst maxsources 2" >> /etc/chrony/chrony.conf
fi

# 重启并启用 chrony 服务
systemctl restart chronyd
systemctl enable chrony

echo "###############################################################"
echo "#################      集群初始化成功     #####################"
echo "###############################################################"

配置环境变量

mkdir /etc/openstack/
cat > /etc/openstack/openrc.sh << eof
#--------------------system Config--------------------##
#Controller Server Manager IP. example:x.x.x.x
HOST_IP=192.168.200.195

#Controller HOST Password. example:000000
HOST_PASS=000000

#Controller Server hostname. example:controller
HOST_NAME=controller

#Compute Node Manager IP. example:x.x.x.x
HOST_IP_NODE=192.168.200.190

#Compute HOST Password. example:000000
HOST_PASS_NODE=000000

#Compute Node hostname. example:compute
HOST_NAME_NODE=compute

#--------------------Rabbit Config ------------------##
#user for rabbit. example:openstack
RABBIT_USER=openstack

#Password for rabbit user .example:000000
RABBIT_PASS=000000

#--------------------MySQL Config---------------------##
#Password for MySQL root user . exmaple:000000
DB_PASS=000000

#--------------------Keystone Config------------------##
#Password for Keystore admin user. exmaple:000000
DOMAIN_NAME=default
ADMIN_PASS=000000
DEMO_PASS=000000

#Password for Mysql keystore user. exmaple:000000
KEYSTONE_DBPASS=000000

#--------------------Glance Config--------------------##
#Password for Mysql glance user. exmaple:000000
GLANCE_DBPASS=000000

#Password for Keystore glance user. exmaple:000000
GLANCE_PASS=000000

#--------------------Placement Config----------------------##
#Password for Mysql placement user. exmaple:000000
PLACEMENT_DBPASS=000000

#Password for Keystore placement user. exmaple:000000
PLACEMENT_PASS=000000

#--------------------Nova Config----------------------##
#Password for Mysql nova user. exmaple:000000
NOVA_DBPASS=000000

#Password for Keystore nova user. exmaple:000000
NOVA_PASS=000000

#--------------------Neutron Config-------------------##
#Password for Mysql neutron user. exmaple:000000
NEUTRON_DBPASS=000000

#Password for Keystore neutron user. exmaple:000000
NEUTRON_PASS=000000

#metadata secret for neutron. exmaple:000000
METADATA_SECRET=000000

#External Network Interface. example:eth1
INTERFACE_NAME=ens34

#用于创建ovs网络
OVS_NAME=br-ens34

#External Network The Physical Adapter. example:provider
Physical_NAME=provider

#First Vlan ID in VLAN RANGE for VLAN Network. exmaple:1
MinGeneveID=1

#Last Vlan ID in VLAN RANGE for VLAN Network. example:65535
MaxGeneveID=65536

#--------------------Cinder Config--------------------##
#Password for Mysql cinder user. exmaple:000000
CINDER_DBPASS=000000

#Password for Keystore cinder user. exmaple:000000
CINDER_PASS=000000
eof

iaas-install-mysql.sh

vi iaas-install-mysql.sh
#!/bin/bash
source /etc/openstack/openrc.sh

# install package
apt install -y python3-openstackclient
apt install -y mariadb-server python3-pymysql

cat > /etc/mysql/mariadb.conf.d/99-openstack.cnf << EOF
[mysqld]
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
EOF

systemctl enable --now mariadb
mysql -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '$DB_PASS';"
mysql -uroot -p$DB_PASS -e "FLUSH PRIVILEGES"
systemctl restart mariadb

apt install -y rabbitmq-server
rabbitmqctl add_user $RABBIT_USER $RABBIT_PASS
rabbitmqctl set_permissions $RABBIT_USER ".*" ".*" ".*"
systemctl enable --now rabbitmq-server

apt install -y memcached python3-memcache
sed -i 's/-l 127.0.0.1/-l 0.0.0.0/'g /etc/memcached.conf
systemctl enable --now memcached
echo "################# mariadb,rabbitmq,memcached installation completed ####################"
bash iaas-install-mysql.sh

iaas-install-keystone.sh

vi iaas-install-keystone.sh
#!/bin/bash
source /etc/openstack/openrc.sh

#keystone mysql
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS keystone ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$KEYSTONE_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$KEYSTONE_DBPASS' ;"

apt install -y keystone
cp /etc/keystone/keystone.conf{,.bak}

cat > /etc/keystone/keystone.conf << eof
[DEFAULT]
log_dir = /var/log/keystone
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
connection = mysql+pymysql://keystone:$KEYSTONE_DBPASS@$HOST_NAME/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[extra_headers]
Distribution = Ubuntu
[federation]
[fernet_receipts]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[jwt_tokens]
[ldap]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[policy]
[profiler]
[receipt]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[token]
provider = fernet
[tokenless_auth]
[totp]
[trust]
[unified_limit]
[wsgi]
eof

su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password $ADMIN_PASS \
    --bootstrap-admin-url http://$HOST_NAME:5000/v3/ \
    --bootstrap-internal-url http://$HOST_NAME:5000/v3/ \
    --bootstrap-public-url http://$HOST_NAME:5000/v3/ \
    --bootstrap-region-id RegionOne
    
echo "ServerName $HOST_NAME" >> /etc/apache2/apache2.conf 
systemctl enable --now apache2

cat > /etc/keystone/admin-openrc.sh << EOF
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=$ADMIN_PASS
export OS_AUTH_URL=http://$HOST_NAME:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
source /etc/keystone/admin-openrc.sh
openstack project create --domain default --description "Service Project" service
openstack token issue
echo "############################ keystone installation completed ###########################"
bash iaas-install-keystone.sh

iaas-install-glance.sh

vi  iaas-install-glance.sh
#!/bin/bash
source /etc/openstack/openrc.sh
source /etc/keystone/admin-openrc.sh

#glance mysql
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS glance ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '$GLANCE_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '$GLANCE_DBPASS' ;"

openstack user create --domain $DOMAIN_NAME --password $GLANCE_PASS glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://$HOST_NAME:9292
openstack endpoint create --region RegionOne image internal http://$HOST_NAME:9292
openstack endpoint create --region RegionOne image admin http://$HOST_NAME:9292

apt install -y glance
cp /etc/glance/glance-api.conf{,.bak}

cat > /etc/glance/glance-api.conf << eof
[DEFAULT]
[barbican]
[barbican_service_user]
[cinder]
[cors]
[database]
connection = mysql+pymysql://glance:$GLANCE_DBPASS@$HOST_NAME/glance
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[image_format]
disk_formats = ami,ari,aki,vhd,vhdx,vmdk,raw,qcow2,vdi,iso,ploop.root-tar
[keystone_authtoken]
www_authenticate_uri = http://$HOST_NAME:5000
auth_url = http://$HOST_NAME:5000
memcached_servers = $HOST_NAME:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = $GLANCE_PASS
[paste_deploy]
flavor = keystone
eof

su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable --now glance-api
systemctl restart glance-api
echo "########################## glance installation completed ###############################"
bash iaas-install-glance.sh

iaas-install-placement.sh

vi  iaas-install-placement.sh
#!/bin/bash
source /etc/openstack/openrc.sh
source /etc/keystone/admin-openrc.sh

#placement mysql
mysql -uroot -p$DB_PASS -e "CREATE DATABASE placement;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '$PLACEMENT_DBPASS';"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '$PLACEMENT_DBPASS';"

openstack user create --domain $DOMAIN_NAME --password $PLACEMENT_PASS placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://$HOST_NAME:8778
openstack endpoint create --region RegionOne placement internal http://$HOST_NAME:8778
openstack endpoint create --region RegionOne placement admin http://$HOST_NAME:8778

apt install -y placement-api

cp /etc/placement/placement.conf{,.bak}
cat > /etc/placement/placement.conf << eof
[DEFAULT]
[api]
auth_strategy = keystone
[cors]
[keystone_authtoken]
auth_url = http://$HOST_NAME:5000/v3
memcached_servers = $HOST_NAME:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = $PLACEMENT_PASS
[placement_database]
connection = mysql+pymysql://placement:$PLACEMENT_DBPASS@$HOST_NAME/placement
eof

su -s /bin/sh -c "placement-manage db sync" placement
systemctl restart apache2
placement-status upgrade check
echo "############################# placement installation completed #########################"
bash  iaas-install-placement.sh

iaas-install-nova-controller.sh

vi iaas-install-nova-controller.sh
#!/bin/bash
source /etc/openstack/openrc.sh
source /etc/keystone/admin-openrc.sh

mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS nova ;"
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS nova_api ;"
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS nova_cell0 ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '$NOVA_DBPASS' ;"

openstack user create --domain $DOMAIN_NAME --password $NOVA_PASS nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://$HOST_NAME:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://$HOST_NAME:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://$HOST_NAME:8774/v2.1

apt install -y nova-api nova-conductor nova-novncproxy nova-scheduler
apt install -y nova-compute
cp /etc/nova/nova.conf{,.bak}
cat > /etc/nova/nova.conf << eof
[DEFAULT]
log_dir = /var/log/nova
lock_path = /var/lock/nova
state_path = /var/lib/nova
transport_url = rabbit://$RABBIT_USER:$RABBIT_PASS@$HOST_NAME
my_ip = $HOST_IP
[api]
auth_strategy = keystone
[api_database]
connection = mysql+pymysql://nova:$NOVA_DBPASS@$HOST_NAME/nova_api
[barbican]
[barbican_service_user]
[cache]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[cyborg]
[database]
connection = mysql+pymysql://nova:$NOVA_DBPASS@$HOST_NAME/nova
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://$HOST_NAME:9292
[guestfs]
[healthcheck]
[hyperv]
[image_cache]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
www_authenticate_uri = http://$HOST_NAME:5000/
auth_url = http://$HOST_NAME:5000/
memcached_servers = $HOST_NAME:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = $NOVA_PASS
[libvirt]
[metrics]
[mks]
[notifications]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[oslo_reports]
[pci]
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://$HOST_NAME:5000/v3
username = placement
password = $PLACEMENT_PASS
[powervm]
[privsep]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = true
server_listen = $HOST_IP
server_proxyclient_address = $HOST_IP
novncproxy_base_url = http://$HOST_IP:6080/vnc_auto.html
[workarounds]
[wsgi]
[zvm]
[cells]
enable = False
[os_region_name]
openstack = 
eof

su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova

systemctl enable --now nova-api
systemctl enable --now nova-scheduler
systemctl enable --now nova-conductor
systemctl enable --now nova-novncproxy

cat > /root/nova-service-restart.sh <<EOF 
#!bin/bash
# 处理api服务
service nova-api restart
# 处理资源调度服务
service nova-scheduler restart
# 处理数据库服务
service nova-conductor restart
# 处理vnc远程窗口服务
service nova-novncproxy restart
# 处理nova-compute服务
service nova-compute restart
EOF
nova-manage cell_v2 discover_hosts
nova-manage cell_v2 map_cell_and_hosts
bash /root/nova-service-restart.sh
nova-manage cell_v2 discover_hosts
echo "############################# nova installation completed ##############################"
bash iaas-install-nova-controller.sh

iaas-install-neutron-controller.sh

vi iaas-install-neutron-controller.sh
#!/bin/bash
source /etc/openstack/openrc.sh
source /etc/keystone/admin-openrc.sh

mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS neutron ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '$NEUTRON_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '$NEUTRON_DBPASS' ;"

openstack user create --domain $DOMAIN_NAME --password $NEUTRON_PASS neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://$HOST_NAME:9696
openstack endpoint create --region RegionOne network internal http://$HOST_NAME:9696
openstack endpoint create --region RegionOne network admin http://$HOST_NAME:9696

cat >> /etc/sysctl.conf << EOF
# 用于控制系统是否开启对数据包源地址的校验,关闭
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
# 开启二层转发设备
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
EOF
modprobe br_netfilter
sysctl -p

apt install -y neutron-server neutron-plugin-ml2 python3-neutronclient ovn-central openvswitch-switch

cp /etc/neutron/neutron.conf{,.bak}
cat > /etc/neutron/neutron.conf << eof
[DEFAULT]
bind_host = controller
bind_port = 9696
core_plugin = ml2
service_plugins = ovn-router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
transport_url = rabbit://$RABBIT_USER:$RABBIT_PASS@$HOST_NAME
[agent]
root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf"
[database]
connection = mysql+pymysql://neutron:$NEUTRON_DBPASS@$HOST_NAME/neutron
[keystone_authtoken]
www_authenticate_uri = http://$HOST_NAME:5000
auth_url = http://$HOST_NAME:5000
memcached_servers = $HOST_NAME:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = $NEUTRON_PASS
[nova]
auth_url = http://$HOST_NAME:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = $NOVA_PASS
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
eof

cp  /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
cat > /etc/neutron/plugins/ml2/ml2_conf.ini << eof
[DEFAULT]
[ml2]
type_drivers = flat,vlan,vxlan,gre,geneve
tenant_network_types = geneve
mechanism_drivers = ovn
extension_drivers = port_security
overlay_ip_version = 4
[ml2_type_flat]
flat_networks = $Physical_NAME
[ml2_type_geneve]
vni_ranges = $MinGeneveID:$MaxGeneveID
max_header_size = 38
[ml2_type_gre]
[ml2_type_vlan]
[ml2_type_vxlan]
[ovs_driver]
[securitygroup]
enable_ipset = true
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[sriov_driver]
[ovn]
ovn_nb_connection = tcp:$HOST_IP:6641
ovn_sb_connection = tcp:$HOST_IP:6642
ovn_l3_scheduler = leastloaded
ovn_metadata_enabled = True
eof

cat >> /etc/default/openvswitch-switch << eof
OVS_CTL_OPTS="--ovsdb-server-options='--remote=ptcp:6640:127.0.0.1'"
eof

cat >> /etc/nova/nova.conf << eof
[neutron]
auth_url = http://$HOST_NAME:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = $NEUTRON_PASS
service_metadata_proxy = True
metadata_proxy_shared_secret = $METADATA_SECRET
insecure = false
eof

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

sed -i '1565,1605 s/^/#/' /usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py

ed -s /usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py <<EOF
1564i
    def get_candidates_for_scheduling(self, physnet, cms=None, chassis_physnets=None, availability_zone_hints=None):
        """Return chassis for scheduling gateway router.

        Criteria for selecting chassis as candidates:
        1) Chassis from cms with proper bridge mappings only (that means these
           gateway chassis with the requested physical network).
        2) Filter the available chassis accordingly to the routers
           availability zone hints (if present)

        If the logical router port belongs to a tunnelled network, there won't
        be any candidate.
        """
        cms = cms or self._sb_idl.get_gateway_chassis_from_cms_options()
        chassis_physnets = chassis_physnets or self._sb_idl.get_chassis_and_physnets()
        candidates = set()

        # If CMS is empty, we may assume all chassis are managed
        managed_chassis = cms if cms else [chassis for chassis in chassis_physnets]

        for chassis in managed_chassis:
            physnets = chassis_physnets.get(chassis, [])
            if physnet in physnets:
                candidates.add(chassis)

        # Convert candidates set to list
        candidates = list(candidates)

        # Filter for availability zones
        if availability_zone_hints:
            LOG.debug('Filtering Chassis candidates by availability zone hints: %s', ', '.join(availability_zone_hints))
            filtered_candidates = []
            for ch in candidates:
                azs = utils.get_chassis_availability_zones(self._sb_idl.lookup('Chassis', ch, None))
                if any(az in azs for az in availability_zone_hints):
                    filtered_candidates.append(ch)
            candidates = filtered_candidates

        LOG.debug('Chassis candidates for scheduling gateway router ports for "%s" physical network: %s', physnet, candidates)
        return candidates
.
w
q
EOF

systemctl restart nova-api
systemctl restart openvswitch-switch

ovs-vsctl add-br br-int 
systemctl restart ovn-central ovn-northd
ovn-nbctl set-connection ptcp:6641:$HOST_IP -- set connection . inactivity_probe=60000
ovn-sbctl set-connection ptcp:6642:$HOST_IP -- set connection . inactivity_probe=60000

systemctl restart neutron-server
echo "######################### neutron installation completed ###############################"
bash iaas-install-neutron-controller.sh

iaas-install-horizon.sh

vi iaas-install-horizon.sh
#!/bin/bash
source /etc/openstack/openrc.sh
source /etc/keystone/admin-openrc.sh

apt install -y openstack-dashboard

cp /etc/openstack-dashboard/local_settings.py{,.bak}
sed -i '126s/.*/OPENSTACK_HOST = "'$HOST_NAME'"/' /etc/openstack-dashboard/local_settings.py
sed -i '112s/.*/SESSION_ENGINE = '\''django.contrib.sessions.backends.cache'\''/' /etc/openstack-dashboard/local_settings.py
sed -i '127s#.*#OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST#' /etc/openstack-dashboard/local_settings.py
echo "OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True" >> /etc/openstack-dashboard/local_settings.py
echo "OPENSTACK_API_VERSIONS = {
    \"identity\": 3,
    \"image\": 2,
    \"volume\": 3,
}" >> /etc/openstack-dashboard/local_settings.py
echo "OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\"" >> /etc/openstack-dashboard/local_settings.py
echo 'OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"' >> /etc/openstack-dashboard/local_settings.py
echo "OPENSTACK_CINDER_FEATURES = {
    'enable_backup': True,
}" >> /etc/openstack-dashboard/local_settings.py
sed -i '131s/.*/TIME_ZONE = "Asia\/Shanghai"/' /etc/openstack-dashboard/local_settings.py

systemctl reload apache2
echo "######################### horizon installation completed ###############################"
bash iaas-install-horizon.sh

如果需要搭建单节点,则需要把neutron-compute的配置加到控制节点中

iaas-install-nova-compute.sh

vi iaas-install-nova-compute.sh
#!/bin/bash
source /etc/openstack/openrc.sh

apt install -y nova-compute
cp /etc/nova/nova.conf{,.bak}
cat > /etc/nova/nova.conf << eof
[DEFAULT]
log_dir = /var/log/nova
lock_path = /var/lock/nova
state_path = /var/lib/nova
transport_url = rabbit://$RABBIT_USER:$RABBIT_PASS@$HOST_NAME
my_ip = $HOST_IP_NODE
[api]
auth_strategy = keystone
[api_database]
[barbican]
[barbican_service_user]
[cache]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[cyborg]
[database]
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://$HOST_IP:9292
[guestfs]
[healthcheck]
[hyperv]
[image_cache]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
www_authenticate_uri = http://$HOST_IP:5000/
auth_url = http://$HOST_IP:5000/
memcached_servers = $HOST_IP:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = $NOVA_PASS
[libvirt]
[metrics]
[mks]
[notifications]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[oslo_reports]
[pci]
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://$HOST_IP:5000/v3
username = placement
password = $PLACEMENT_PASS
[powervm]
[privsep]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $HOST_IP_NODE
novncproxy_base_url = http://$HOST_IP:6080/vnc_auto.html
[workarounds]
[wsgi]
[zvm]
[cells]
enable = False
[os_region_name]
openstack = 
eof
systemctl enable --now nova-compute
systemctl restart nova-compute
ssh  $HOST_IP "source /etc/keystone/admin-openrc.sh;openstack compute service list --service nova-compute"
ssh  $HOST_IP 'source /etc/keystone/admin-openrc.sh;su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova'
ssh  $HOST_IP 'nova-manage cell_v2 discover_hosts;nova-manage cell_v2 map_cell_and_hosts;bash /root/nova-service-restart.sh'
echo "############################### compute installation completed #########################"
bash iaas-install-nova-compute.sh

iaas-install-neutron-compute.sh

vi iaas-install-neutron-compute.sh
#!/bin/bash
source /etc/openstack/openrc.sh

cat >> /etc/sysctl.conf << EOF
# 用于控制系统是否开启对数据包源地址的校验,关闭
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
# 开启二层转发设备
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
EOF
modprobe br_netfilter
sysctl -p

apt -y install neutron-common neutron-plugin-ml2 neutron-ovn-metadata-agent ovn-host openvswitch-switch

cp /etc/neutron/neutron.conf{,.bak}
cat > /etc/neutron/neutron.conf << eof
[DEFAULT]
core_plugin = ml2
service_plugins = ovn-router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = True
transport_url = rabbit://openstack:$RABBIT_PASS@controller
[agent]
root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf"
[cache]
[cors]
[database]
[healthcheck]
[ironic]
[keystone_authtoken]
www_authenticate_uri = http://$HOST_NAME:5000
auth_url = http://$HOST_NAME:5000
memcached_servers = $HOST_NAME:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = $NEUTRON_PASS
[nova]
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[oslo_reports]
[placement]
[privsep]
[quotas]
[ssl]
eof

cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
cat > /etc/neutron/plugins/ml2/ml2_conf.ini << eof
[DEFAULT]
[ml2]
type_drivers = flat,geneve
tenant_network_types = geneve
mechanism_drivers = ovn
extension_drivers = port_security
overlay_ip_version = 4
[ml2_type_flat]
flat_networks = $Physical_NAME
[ml2_type_geneve]
vni_ranges = $MinGeneveID:$MaxGeneveID
max_header_size = 38
[ml2_type_gre]
[ml2_type_vlan]
[ml2_type_vxlan]
[ovs_driver]
[securitygroup]
enable_ipset = true
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[sriov_driver]
[ovn]
ovn_nb_connection = tcp:$HOST_IP:6641
ovn_sb_connection = tcp:$HOST_IP:6642
ovn_l3_scheduler = leastloaded
ovn_metadata_enabled = True
eof

cp /etc/neutron/neutron_ovn_metadata_agent.ini{,.bak}
cat > /etc/neutron/neutron_ovn_metadata_agent.ini << eof
[DEFAULT]
nova_metadata_host = $HOST_NAME
nova_metadata_protocol = http
metadata_proxy_shared_secret = $METADATA_SECRET
[metadata_rate_limiting]
[ovs]
ovsdb_connection = tcp:127.0.0.1:6640
[agent]
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
[ovn]
ovn_sb_connection = tcp:$HOST_IP:6642     
eof

cat > /etc/default/openvswitch-switch << eof
OVS_CTL_OPTS="--ovsdb-server-options='--remote=ptcp:6640:127.0.0.1'"
eof

cat >> /etc/nova/nova.conf << eof
[neutron]
auth_url = http://$HOST_NAME:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = $NEUTRON_PASS
service_metadata_proxy = True
metadata_proxy_shared_secret = $METADATA_SECRET
insecure = false
eof

systemctl restart openvswitch-switch ovn-controller ovn-host
systemctl restart neutron-ovn-metadata-agent
systemctl restart nova-compute
ovs-vsctl set open . external-ids:ovn-remote=tcp:$HOST_IP:6642
ovs-vsctl set open . external-ids:ovn-encap-type=geneve
ovs-vsctl set open . external-ids:ovn-encap-ip=$HOST_IP_NODE

ssh  $HOST_IP "source /etc/keystone/admin-openrc.sh;openstack network agent list"

ovs-vsctl add-br $OVS_NAME
ovs-vsctl add-port $OVS_NAME $INTERFACE_NAME
ovs-vsctl set open . external-ids:ovn-bridge-mappings=$Physical_NAME:$OVS_NAME

ssh  $HOST_IP "source /etc/openstack/openrc.sh;ovs-vsctl add-br $OVS_NAME;ovs-vsctl add-port $OVS_NAME $INTERFACE_NAME;ovs-vsctl set open . external-ids:ovn-bridge-mappings=$Physical_NAME:$OVS_NAME"

echo "############################ neutron installation completed ############################"
bash iaas-install-neutron-compute.sh
;