- Add your user
We need to add a user to install DevStack. (if you created a user during install you can skip this step and just give the user sudo privileges below)
$ sudo useradd -s /bin/bash -d /opt/stack -m stack
Since this user will be making many changes to your system, it will need to have sudo privileges:
$ apt-get install sudo -y || yum install -y sudo
$ echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
On some systems you may need to use sudo visudo.
From here on you should use the user you created. Logout and login as that user:
$ sudo su stack && cd ~
- Download DevStack
We’ll grab the latest version of DevStack via https:
$ sudo apt-get install git -y || sudo yum install -y git
$ git clone https://opendev.org/openstack/devstack
$ cd devstack
- Run DevStack
Now to configure stack.sh. DevStack includes a sample in devstack/samples/local.conf. Create local.conf as shown below to do the following:
Set FLOATING_RANGE to a range not used on the local network, i.e. This configures IP addresses ending in 225-254 to be used as floating IPs.
Set FIXED_RANGE to configure the internal address space used by the instances.
Set the administrative password. This password is used for the admin and demo accounts set up as OpenStack users.
Set the MySQL administrative password. The default here is a random hex string which is inconvenient if you need to look at the database directly for anything.
Set the RabbitMQ password.
Set the service password. This is used by the OpenStack services (Nova, Glance, etc) to authenticate with Keystone.
local.conf should look something like this:
Note: There is a sample local.conf file under the samples directory in the devstack repository.
- Run DevStack:
$ ./stack.sh
- MacOS 安装Terraform
brew install hashicorp/tap/terraform
- Debian:
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install terraform
- CentOS:
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
sudo yum -y install terraform
[root@openstack-allinone ~]# openstack endpoint list --service keystone
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
| 5ff3198fce8546edaaed246b0b890906 | RegionOne | keystone | identity | True | public | |
| 93bc23dc7bfe4043bced0da899eb2bdb | RegionOne | keystone | identity | True | internal | |
| cf1be5fe294d48d79a7d17e1953d1b83 | RegionOne | keystone | identity | True | admin | |
[root@openstack-allinone ~]# openstack network list
| ID | Name | Subnets |
| 23f58d17-118d-4a2a-ac3e-e859a08b2f97 | private | ea7584f4-e7df-4862-9800-83fb1bab1037 |
| 6c3ed25b-2a44-487a-b6f0-fc0dda9407dc | public | a4296e1f-ebef-4f2a-a36e-5994fc457445 |
[root@openstack-allinone ~]# openstack security group list
| ID | Name | Description | Project | Tags |
| 576e6bd7-4e05-4e90-a7fe-c5c7faa2887a | default | Default security group | | [] |
| 8fdd6bf9-cdda-4fb1-82d8-f2161f99f4ff | default | Default security group | 614ae836097f4e4c8a5a8e6d979f9f7b | [] |
| b444ec97-76c6-4964-8fe9-0e81ad2a966a | default | Default security group | 3da3d412c29a47198c6564bc763ac395 | [] |
[root@openstack-allinone ~]# openstack availability zone list
| Zone Name | Zone Status |
| internal | available |
| nova | available |
| nova | available |
[root@openstack-allinone ~]# openstack flavor list
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
openstack image list
| ID | Name | Status |
| 2d018602-4faa-45c3-bad1-1fb042ca342a | cirros | active |
[root@openstack-allinone ~]# openstack domain list
| ID | Name | Enabled | Description |
| default | Default | True | The default domain |
resource "aws_vpc" "main" {
cidr_block = var.base_cidr_block
# Block body
variable "image_id" {
type = string
default = "centos7"
variable "availability_zone_names" {
type = list(string)
default = ["us-west-1a"]}
variable "docker_ports" {
type = list(object({
internal = number
external = number
protocol = string
default = [
internal = 8300
external = 8300
protocol = "tcp"
resource "aws_instance" "example" {
instance_type = "t2.micro"
ami = var.image_id
variable "image_id" {
type = string
description = "The id of the machine image (AMI) to use for the server."
validation {
condition = length(var.image_id) > 4 && substr(var.image_id, 0, 4) == "ami-"
error_message = "The image_id value must be a valid AMI id, starting with \"ami-\"."
- provider.tf
cat provider.tf
provider "openstack" {
user_name = "admin"
tenant_name = "admin"
password = "9e08a4a3559d4bce"
auth_url = ""
domain_name = "Default"
- variables.tf 参数初始化
# Params file for variables
variable "image" {
type = string
default = "Centos 7"
variable "external_network" {
type = string
default = "external-network"
# UUID of external gateway
variable "external_gateway" {
type = string
default = "f67f0d72-0ddf-11e4-9d95-e1f29f417e2f"
variable "dns_ip" {
type = list(string)
default = ["", ""]
#### VM HTTP parameters ####
variable "flavor_http" {
type = string
default = "t2.medium"
variable "network_http" {
type = map(string)
default = {
subnet_name = "subnet-http"
cidr = ""
variable "http_instance_names" {
type = set(string)
default = ["http-instance-1",
#### VM DB parameters ####
variable "flavor_db" {
type = string
default = "t2.medium"
variable "network_db" {
type = map(string)
default = {
subnet_name = "subnet-db"
cidr = ""
variable "db_instance_names" {
type = set(string)
default = ["db-instance-1",
- 网络资源初始化 network.tf
# Router creation
resource "openstack_networking_router_v2" "generic" {
name = "router-generic"
external_network_id = var.external_gateway
# Network creation
resource "openstack_networking_network_v2" "generic" {
name = "network-generic"
#### HTTP SUBNET ####
# Subnet http configuration
resource "openstack_networking_subnet_v2" "http" {
name = var.network_http["subnet_name"]
network_id = openstack_networking_network_v2.generic.id
cidr = var.network_http["cidr"]
dns_nameservers = var.dns_ip
# Router interface configuration
resource "openstack_networking_router_interface_v2" "http" {
router_id = openstack_networking_router_v2.generic.id
subnet_id = openstack_networking_subnet_v2.http.id
#### DB SUBNET ####
# Subnet db configuration
resource "openstack_networking_subnet_v2" "db" {
name = var.network_db["subnet_name"]
network_id = openstack_networking_network_v2.generic.id
cidr = var.network_db["cidr"]
dns_nameservers = var.dns_ip
# Router interface configuration
resource "openstack_networking_router_interface_v2" "db" {
router_id = openstack_networking_router_v2.generic.id
subnet_id = openstack_networking_subnet_v2.db.id
- 安全组初始化 security_group.tf
cat 030-security_group.tf
# Acces group, open input port 80 and ssh port
resource "openstack_compute_secgroup_v2" "http" {
name = "http"
description = "Open input http port"
rule {
from_port = 80
to_port = 80
ip_protocol = "tcp"
cidr = ""
# Open mariadb port
resource "openstack_compute_secgroup_v2" "db" {
name = "db"
description = "Open input db port"
rule {
from_port = 3306
to_port = 3306
ip_protocol = "tcp"
cidr = ""
# Open Apache2 port
resource "openstack_compute_secgroup_v2" "ssh" {
name = "ssh"
description = "Open input ssh port"
rule {
from_port = 22
to_port = 22
ip_protocol = "tcp"
cidr = ""
- 创建虚拟机 instance_http.tf
cat 060-instance_http.tf
# Create instance
resource "openstack_compute_instance_v2" "http" {
for_each = var.http_instance_names
name = each.key
image_name = var.image
flavor_name = var.flavor_http
key_pair = openstack_compute_keypair_v2.user_key.name
user_data = file("scripts/first-boot.sh")
network {
port = openstack_networking_port_v2.http[each.key].id
# Create network port
resource "openstack_networking_port_v2" "http" {
for_each = var.http_instance_names
name = "port-http-${each.key}"
network_id = openstack_networking_network_v2.generic.id
admin_state_up = true
security_group_ids = [
fixed_ip {
subnet_id = openstack_networking_subnet_v2.http.id
# Create floating ip
resource "openstack_networking_floatingip_v2" "http" {
for_each = var.http_instance_names
pool = var.external_network
# Attach floating ip to instance
resource "openstack_compute_floatingip_associate_v2" "http" {
for_each = var.http_instance_names
floating_ip = openstack_networking_floatingip_v2.http[each.key].address
instance_id = openstack_compute_instance_v2.http[each.key].id
- terraform.tfstate
This state is used by Terraform to map real world resources to your configuration, keep track of metadata, and to improve performance for large infrastructures.
Terraform uses this local state to create plans and make changes to your infrastructure. Prior to any operation, Terraform does a refresh to update the state with the real infrastructure.
- 从state文件删除对象,而不销毁实际资源
The terraform state rm command is used to remove items from the Terraform state. This command can remove single resources, single instances of a resource, entire modules, and more.
Usage: terraform state rm [options] ADDRESS...
terraform state rm 'packet_device.worker'
terraform state rm 'module.foo.packet_device.worker'
- 删除实际资源
To delete a specific resource, run the following command:
terraform destroy -target=resource_type.resource_name
For example, to delete just the VM in the configuration that you applied earlier, run this command:
terraform destroy -target=opc_compute_instance.default
- Terraform执行三板斧
terraform init # 初始化执行环境,读取相关脚本参数和配置
terraform plan # 预估执行动作,预估资源创建
terraform apply # 执行创建资源
[root@openstack-allinone 04-instance-with-loadbalancer]# terraform init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/openstack...
Error: Failed to install providers
Could not find required providers, but found possible alternatives:
hashicorp/openstack -> terraform-provider-openstack/openstack
If these suggestions look correct, upgrade your configuration with the
following command:
terraform 0.13upgrade .
terraform 0.13upgrade .