一、管理节点部署服务:
1、安装neutron:
[root@linux-node1 ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset -y
2、注册neutron服务:
[root@linux-node1 ~]# openstack service create --name neutron --description "OpenStack Networking" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | ddffa30ed78b4596936f92fe2d67e279 | | name | neutron | | type | network | +-------------+----------------------------------+ [root@linux-node1 ~]# openstack endpoint create --region RegionOne network public http://172.22.0.218:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 132ec43d7972499db607ec149dec8158 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | ddffa30ed78b4596936f92fe2d67e279 | | service_name | neutron | | service_type | network | | url | http://172.22.0.218:9696 | +--------------+----------------------------------+ [root@linux-node1 ~]# openstack endpoint create --region RegionOne network internal http://172.22.0.218:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | caa0f5d206bd484fb35002a7511d0cd0 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | ddffa30ed78b4596936f92fe2d67e279 | | service_name | neutron | | service_type | network | | url | http://172.22.0.218:9696 | +--------------+----------------------------------+ [root@linux-node1 ~]# openstack endpoint create --region RegionOne network admin http://172.22.0.218:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | cbf98358a3974cd4b7a32c3d8c214640 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | ddffa30ed78b4596936f92fe2d67e279 | | service_name | neutron | | service_type | network | | url | http://172.22.0.218:9696 | +--------------+----------------------------------+
3、创建neutron用户,并添加大service项目,给予admin权限
[root@linux-node1 ~]# openstack user create --domain default --password=neutron neutron +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | d21d0715890447fb87f72e85dce6d4be | | enabled | True | | id | 4f3bc95b2b2b45208fca8fac30025516 | | name | neutron | | password_expires_at | None | +---------------------+----------------------------------+ [root@linux-node1 ~]# openstack role add --project service --user neutron admin
4、修改neutron配置文件:
[root@linux-node1 ~]# vi /etc/neutron/metadata_agent.ini [DEFAULT] auth_uri = http://172.22.0.218:5000 auth_url = http://172.22.0.218:35357 auth_region = RegionOne auth_plugin = password project_domain_id = d21d0715890447fb87f72e85dce6d4be user_domain_id = d21d0715890447fb87f72e85dce6d4be project_name = service username = neutron password = neutron nova_metadata_ip = 172.22.0.218 metadata_proxy_shared_secret = METADATA_SECRET [root@linux-node1 ~]# grep -n "^[a-Z]" /etc/neutron/metadata_agent.ini 6:auth_uri = http://172.22.0.218:5000 7:auth_url = http://172.22.0.218:35357 8:auth_region = RegionOne 9:auth_plugin = password 10:project_domain_id = d21d0715890447fb87f72e85dce6d4be 11:user_domain_id = d21d0715890447fb87f72e85dce6d4be 12:project_name = service 13:username = neutron 14:password = neutron 32:nova_metadata_ip = 172.22.0.218 44:metadata_proxy_shared_secret = neutron [root@linux-node1 ~]# vi /etc/neutron/neutron.conf [DEFAULT] state_path = /var/lib/neutron core_plugin = ml2 service_plugins = router notify_nova_on_port_status_changes = true auth_strategy = keystone notify_nova_on_port_data_changes = true rpc_backend = rabbit nova_url = http://172.22.0.218:8774/v2 [database] connection = mysql://neutron:neutron@172.22.0.218:3306/neutron [oslo_messaging_rabbit] rabbit_host = 172.22.0.218 rabbit_port = 5672 rabbit_userid = openstack rabbit_password = openstack [nova] auth_url = http://172.22.0.218:35357 auth_plugin = password project_domain_id = d21d0715890447fb87f72e85dce6d4be user_domain_id = d21d0715890447fb87f72e85dce6d4be region_name = RegionOne project_name = service username = nova password = nova [oslo_concurrency] lock_path = $state_path/lock [root@linux-node1 ~]# grep -n "^[a-Z]" /etc/neutron/neutron.conf 9:state_path = /var/lib/neutron 27:auth_strategy = keystone 30:core_plugin = ml2 33:service_plugins = router 118:notify_nova_on_port_status_changes = true 122:notify_nova_on_port_data_changes = true 124:nova_url = http://172.22.0.218:8774/v2 538:rpc_backend = rabbit 723:connection = mysql://neutron:neutron@172.22.0.218:3306/neutron 817:auth_uri = http://172.22.0.218:5000 818:auth_url = http://172.22.0.218:35357 819:auth_plugin = password 820:project_domain_id = d21d0715890447fb87f72e85dce6d4be 821:user_domain_id = d21d0715890447fb87f72e85dce6d4be 822:project_name = service 823:username = neutron 824:password = neutron 1006:auth_url = http://172.22.0.218:35357 1007:auth_plugin = password 1008:project_domain_id = d21d0715890447fb87f72e85dce6d4be 1009:user_domain_id = d21d0715890447fb87f72e85dce6d4be 1010:region_name = RegionOne 1011:project_name = service 1012:username = nova 1013:password = nova 1123:lock_path = $state_path/lock 1369:rabbit_host = 172.22.0.218 1379:rabbit_port = 5672 1397:rabbit_userid = openstack 1404:rabbit_password = openstack
5、修改ml2的配置文件
[root@linux-node1 ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = local,flat,vlan,gre,vxlan,geneve tenant_network_types = local,flat,vlan,gre,vxlan,geneve mechanism_drivers = openvswitch,linuxbridge extension_drivers = port_security [ml2_type_flat] flat_networks = * [securitygroup] enable_ipset = true [root@linux-node1 ~]# grep "^[a-Z]" /etc/neutron/plugins/ml2/ml2_conf.ini type_drivers = local,flat,vlan,gre,vxlan,geneve tenant_network_types = local,flat,vlan,gre,vxlan,geneve mechanism_drivers = openvswitch,linuxbridge extension_drivers = port_security flat_networks = * enable_ipset = true
6、修改的linuxbridge配置文件
[root@linux-node1 ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = physnet1:eth0 [vxlan] enable_vxlan = true [agent] prevent_arp_spoofing = true [securitygroup] firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver enable_security_group = true [root@linux-node1 ~]# grep -n "^[a-Z]" /etc/neutron/plugins/ml2/linuxbridge_agent.ini 126:prevent_arp_spoofing = true 143:physical_interface_mappings = physnet1:eth0 156:firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver 161:enable_security_group = true 176: enable_vxlan = false
7、修改DHCP配置文件
修改DHCP配置文件
8、在控制节点的nova中添加关于neutron的配置,`添加如下内容到neutron模块即可
[root@linux-node1 ~]# vi /etc/nova/nova.conf [neutron] url = http://172.22.0.218:9696 auth_url = http://172.22.0.218:35357 auth_plugin = password project_domain_id = d21d0715890447fb87f72e85dce6d4be user_domain_id = d21d0715890447fb87f72e85dce6d4be region_name = RegionOne project_name = service username = neutron password = neutron service_metadata_proxy = True metadata_proxy_shared_secret = neutron [root@linux-node1 ~]# grep -n "^[a-Z]" /etc/nova/nova.conf 14:auth_strategy=keystone 23:use_neutron = True 1328:my_ip=172.22.0.218 3052:enabled_apis=osapi_compute,metadata 3266:firewall_driver = nova.virt.firewall.NoopFirewallDriver 3601:transport_url=rabbit://openstack:openstack@172.22.0.218 3608:rpc_backend=rabbit 3661:connection=mysql://nova:nova@172.22.0.218/nova 4678:connection=mysql://nova:nova@172.22.0.218/nova 4814:api_servers=http://172.22.0.218:9292 5435:auth_uri = http://172.22.0.218:5000 5436:auth_url = http://172.22.0.218:35357 5437:auth_plugin = password 5438:memcached_servers = 172.22.0.218:11211 5439:project_domain_id = d21d0715890447fb87f72e85dce6d4be 5440:user_domain_id = d21d0715890447fb87f72e85dce6d4be 5441:project_name = service 5442:username = nova 5443:password = nova 6474:url = http://172.22.0.218:9696 6475:auth_url = http://172.22.0.218:35357 6476:auth_plugin = password 6477:project_domain_id = d21d0715890447fb87f72e85dce6d4be 6478:user_domain_id = d21d0715890447fb87f72e85dce6d4be 6479:region_name = RegionOne 6480:project_name = service 6481:username = neutron 6482:password = neutron 6483:service_metadata_proxy = True 6484:metadata_proxy_shared_secret = neutron 6719:lock_path=/var/lib/nova/tmp 6965:rabbit_host=172.22.0.218 6974:rabbit_port=5672 6992:rabbit_userid=openstack 6999:rabbit_password=openstack 8338:vncserver_listen=$my_ip 8350:vncserver_proxyclient_address=$my_ip
9、创建ml2的软连接
[root@linux-node1 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
二、同步数据库并检查:
1、数据库同步:
[root@linux-node1 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
2、检查数据库:
MariaDB [(none)]> use neutron Database changed MariaDB [neutron]> show tables; +-----------------------------------------+ | Tables_in_neutron | +-----------------------------------------+ | address_scopes | | agents | | alembic_version | | allowedaddresspairs | | arista_provisioned_nets | | arista_provisioned_tenants | | arista_provisioned_vms | | auto_allocated_topologies | | bgp_peers | | bgp_speaker_dragent_bindings | | bgp_speaker_network_bindings | | bgp_speaker_peer_bindings | | bgp_speakers | | brocadenetworks | | brocadeports | | cisco_csr_identifier_map | | cisco_hosting_devices | | cisco_ml2_apic_contracts | | cisco_ml2_apic_host_links | | cisco_ml2_apic_names | | cisco_ml2_n1kv_network_bindings | | cisco_ml2_n1kv_network_profiles | | cisco_ml2_n1kv_policy_profiles | | cisco_ml2_n1kv_port_bindings | | cisco_ml2_n1kv_profile_bindings | | cisco_ml2_n1kv_vlan_allocations | | cisco_ml2_n1kv_vxlan_allocations | | cisco_ml2_nexus_nve | | cisco_ml2_nexusport_bindings | | cisco_port_mappings | | cisco_router_mappings | | consistencyhashes | | default_security_group | | dnsnameservers | | dvr_host_macs | | externalnetworks | | extradhcpopts | | firewall_policies | | firewall_rules | | firewalls | | flavors | | flavorserviceprofilebindings | | floatingipdnses | | floatingips | | ha_router_agent_port_bindings | | ha_router_networks | | ha_router_vrid_allocations | | healthmonitors | | ikepolicies | | ipallocationpools | | ipallocations | | ipamallocationpools | | ipamallocations | | ipamsubnets | | ipsec_site_connections | | ipsecpeercidrs | | ipsecpolicies | | lsn | | lsn_port | | maclearningstates | | members | | meteringlabelrules | | meteringlabels | | ml2_brocadenetworks | | ml2_brocadeports | | ml2_distributed_port_bindings | | ml2_flat_allocations | | ml2_geneve_allocations | | ml2_geneve_endpoints | | ml2_gre_allocations | | ml2_gre_endpoints | | ml2_nexus_vxlan_allocations | | ml2_nexus_vxlan_mcast_groups | | ml2_port_binding_levels | | ml2_port_bindings | | ml2_ucsm_port_profiles | | ml2_vlan_allocations | | ml2_vxlan_allocations | | ml2_vxlan_endpoints | | multi_provider_networks | | networkconnections | | networkdhcpagentbindings | | networkdnsdomains | | networkgatewaydevicereferences | | networkgatewaydevices | | networkgateways | | networkqueuemappings | | networkrbacs | | networks | | networksecuritybindings | | networksegments | | neutron_nsx_network_mappings | | neutron_nsx_port_mappings | | neutron_nsx_router_mappings | | neutron_nsx_security_group_mappings | | nexthops | | nsxv_edge_dhcp_static_bindings | | nsxv_edge_vnic_bindings | | nsxv_firewall_rule_bindings | | nsxv_internal_edges | | nsxv_internal_networks | | nsxv_port_index_mappings | | nsxv_port_vnic_mappings | | nsxv_router_bindings | | nsxv_router_ext_attributes | | nsxv_rule_mappings | | nsxv_security_group_section_mappings | | nsxv_spoofguard_policy_network_mappings | | nsxv_tz_network_bindings | | nsxv_vdr_dhcp_bindings | | nuage_net_partition_router_mapping | | nuage_net_partitions | | nuage_provider_net_bindings | | nuage_subnet_l2dom_mapping | | poolloadbalanceragentbindings | | poolmonitorassociations | | pools | | poolstatisticss | | portbindingports | | portdnses | | portqueuemappings | | ports | | portsecuritybindings | | providerresourceassociations | | provisioningblocks | | qos_bandwidth_limit_rules | | qos_dscp_marking_rules | | qos_minimum_bandwidth_rules | | qos_network_policy_bindings | | qos_policies | | qos_port_policy_bindings | | qospolicyrbacs | | qosqueues | | quotas | | quotausages | | reservations | | resourcedeltas | | router_extra_attributes | | routerl3agentbindings | | routerports | | routerroutes | | routerrules | | routers | | securitygroupportbindings | | securitygrouprules | | securitygroups | | segmenthostmappings | | serviceprofiles | | sessionpersistences | | standardattributes | | subnet_service_types | | subnetpoolprefixes | | subnetpools | | subnetroutes | | subnets | | subports | | tags | | trunks | | tz_network_bindings | | vcns_router_bindings | | vips | | vpnservices | +-----------------------------------------+
三、重启nova-api,并启动neutron服务、检查neutron-agent结果
[root@linux-node1 ~]# systemctl restart openstack-nova-api
[root@linux-node1 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@linux-node1 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
检查neutron-agent结果:
[root@linux-node1 ~]# neutron agent-list +--------------------------------------+--------------------+-------------+-------------------+-------+----------------+---------------------------+ | id | agent_type | host | availability_zone | alive | admin_state_up | binary | +--------------------------------------+--------------------+-------------+-------------------+-------+----------------+---------------------------+ | 49ce5edb-fe5b-4285-8903-a83619eb287f | Linux bridge agent | linux-node1 | | :-) | True | neutron-linuxbridge-agent | | 7b8424cb-1ff7-4d0d-8411-1b22a7398a1b | Metadata agent | linux-node1 | | :-) | True | neutron-metadata-agent | | ef623514-6be0-46fd-892c-3090cd0d616a | DHCP agent | linux-node1 | nova | :-) | True | neutron-dhcp-agent | +--------------------------------------+--------------------+-------------+-------------------+-------+----------------+---------------------------+
四、部署计算节点:
1、安装:
[root@linux-node2 ~]# yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset -y
2、配置计算节点直接从控制节点scp过去,不需要做任何更改
[root@linux-node1 ~]# scp /etc/neutron/neutron.conf 172.22.0.209:/etc/neutron/
[root@linux-node1 ~]# scp /etc/neutron/plugins/ml2/linuxbridge_agent.ini 172.22.0.209:/etc/neutron/plugins/ml2/
3、修改计算节点的nova配置,添加如下内容到neutron模块即可
[root@linux-node2 ~]# grep -n "^[a-Z]" /etc/nova/nova.conf 14:auth_strategy=keystone 23:use_neutron = True 1328:my_ip=172.22.0.209 3052:enabled_apis=osapi_compute,metadata 3266:firewall_driver = nova.virt.firewall.NoopFirewallDriver 3601:transport_url=rabbit://openstack:openstack@172.22.0.218 3608:rpc_backend=rabbit 3661:connection=mysql://nova:nova@172.22.0.218/nova 4678:connection=mysql://nova:nova@172.22.0.218/nova 4814:api_servers=http://172.22.0.218:9292 5435:auth_uri = http://172.22.0.218:5000 5436:auth_url = http://172.22.0.218:35357 5437:auth_plugin = password 5438:memcached_servers = 172.22.0.218:11211 5439:project_domain_id = d21d0715890447fb87f72e85dce6d4be 5440:user_domain_id = d21d0715890447fb87f72e85dce6d4be 5441:project_name = service 5442:username = nova 5443:password = nova 5675:virt_type=qemu 6473:url = http://172.22.0.218:9696 6474:auth_url = http://172.22.0.218:35357 6475:auth_plugin = password 6476:project_domain_id = d21d0715890447fb87f72e85dce6d4be 6477:user_domain_id = d21d0715890447fb87f72e85dce6d4be 6478:region_name = RegionOne 6479:project_name = service 6480:username = neutron 6481:password = neutron 6538:service_metadata_proxy=true 6549:metadata_proxy_shared_secret = neutron 6714:lock_path=/var/lib/nova/tmp 6960:rabbit_host=172.22.0.218 6969:rabbit_port=5672 6987:rabbit_userid=openstack 6994:rabbit_password=openstack 8310:enabled=true 8326:keymap=en-us 8333:vncserver_listen=0.0.0.0 8345:vncserver_proxyclient_address=$my_ip 8364:novncproxy_base_url=http://172.22.0.218:6080/vnc_auto.htm
4、复制linuxbridge_agent文件,无需更改,并创建ml2软连接
[root@linux-node1 ~]# scp /etc/neutron/plugins/ml2/linuxbridge_agent.ini 172.22.0.209:/etc/neutron/plugins/ml2/
[root@linux-node2 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
五、重启服务验证:
1、重启计算节点的nova-computer
[root@linux-node2 ~]# systemctl restart openstack-nova-compute.service
计算机点上启动linuxbridge_agent服务
[root@linux-node2 ~]# systemctl enable neutron-linuxbridge-agent.service
[root@linux-node2 ~]# systemctl start neutron-linuxbridge-agent.service
2、在控制节点上检查neutron的结果,有四个(控制节点一个,计算节点两个)结果代表正确
[root@linux-node1 ~]# neutron agent-list +--------------------------------------+--------------------+-------------+-------------------+-------+----------------+---------------------------+ | id | agent_type | host | availability_zone | alive | admin_state_up | binary | +--------------------------------------+--------------------+-------------+-------------------+-------+----------------+---------------------------+ | 49ce5edb-fe5b-4285-8903-a83619eb287f | Linux bridge agent | linux-node1 | | :-) | True | neutron-linuxbridge-agent | | 7b8424cb-1ff7-4d0d-8411-1b22a7398a1b | Metadata agent | linux-node1 | | :-) | True | neutron-metadata-agent | | b1d52efc-8622-4457-ac04-0d74cd330756 | Linux bridge agent | linux-node2 | | :-) | True | neutron-linuxbridge-agent | | ef623514-6be0-46fd-892c-3090cd0d616a | DHCP agent | linux-node1 | nova | :-) | True | neutron-dhcp-agent | +--------------------------------------+--------------------+-------------+-------------------+-------+----------------+---------------------------+
部署完成!