Centos 8部署openstack u 版 (二)
五: Networking service Installation Guide
5.1 controller 上配置:
5.1.1 $ mysql -u root -p
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
5.1.2 create the service credentials
$ openstack user create --domain default --password-prompt neutron
$ openstack role add --project service --user neutron admin
$ openstack service create --name neutron --description "OpenStack Networking" network
$ openstack endpoint create --region RegionOne network public http://controller:9696
$openstack endpoint create --region RegionOne network internal http://controller:9696
$ openstack endpoint create --region RegionOne network admin http://controller:9696
//安装包,并配置:
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
# yum install python3-openstackclient
5.1.3 vim /etc/neutron/neutron.conf
[database]
# ...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
5.1.4 vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
5.1.5 vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini 不需要
[linux_bridge]
physical_interface_mappings = provider:ens37
[vxlan]
enable_vxlan = true
local_ip = 192.168.10.101
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
5.1.6 内核添加模块 不是网络节点不需要
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
5.1.7 Configure the metadata agent
vim /etc/neutron/metadata_agent.ini
[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
5.1.8 Finalize installation
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
# systemctl restart openstack-nova-api.service
# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service
# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service
5.2 network 节点配置
Configure networking options 2: Self-service networks
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
# yum install python3-openstackclient
5.2.1 vim /etc/neutron/neutron.conf
[database]
# ...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
5.2.2 vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
# ...
flat_networks = provider
[ml2_type_vxlan]
# ...
vni_ranges = 1:1000
[securitygroup]
# ...
enable_ipset = true
5.2.3 vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens37
[vxlan]
enable_vxlan = true
local_ip = 192.168.10.101
l2_population = true
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
5.2.4 vim /etc/neutron/l3_agent.ini
[DEFAULT]
# ...
interface_driver = linuxbridge
5.2.5 vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
5.2.6 Configure the metadata agent
vim /etc/neutron/metadata_agent.ini
[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
memcache_servers = controller:11211
5.2.7 vim /etc/nova/nova.conf
[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
5.2.8 启动 设置服务
# systemctl restart neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-l3-agent.service
# systemctl enable neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-l3-agent.service
5.3 install and configure compute node
computer节点配置
5.3.1 yum install openstack-neutron-linuxbridge ebtables ipset
5.3.2 vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
[oslo_concurrency]
lock_path = /var/lib/neutron/tm
5.3.3 vim /etc/nova/nova.conf
[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
5.3.4 vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
# 替换接口名PROVIDER_INTERFACE_NAME,我的是ens37
physical_interface_mappings = provider:ens37
[vxlan]
enable_vxlan = true
# 替换OVERLAY_INTERFACE_IP_ADDRESS
local_ip = 192.168.10.103
l2_population = true
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
5.3.5 vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
# ...
flat_networks = provider
[ml2_type_vxlan]
# ...
vni_ranges = 1:1000
[securitygroup]
# ...
enable_ipset = true
5.3.6 启动
# systemctl restart openstack-nova-compute.service
# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service
5.4 验证
# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 0cd9cd75-a20f-4498-bd44-2b244bc56888 | L3 agent | network | nova | :-) | UP | neutron-l3-agent |
| 31bc98cf-985b-4b5b-9160-ae34496b621d | Metadata agent | network | None | :-) | UP | neutron-metadata-agent |
| 3bdb5997-e082-4b8b-bf34-1ba59f029218 | DHCP agent | network | nova | :-) | UP | neutron-dhcp-agent |
| 5b1cf352-5f2f-49f5-8c26-3df6b06e546c | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
| 80b79bd3-bd5c-450b-8eee-bc0a28ac2fca | Linux bridge agent | network | None | :-) | UP | neutron-linuxbridge-agent |
| b80548c5-8d28-4db3-b2c9-b7636a27630b | Linux bridge agent | controller | None | :-) | UP | neutron-linuxbridge-agent |
| c8c361b3-3d58-43ab-a921-ac77a36fef92 | Linux bridge agent | computer1 | None | :-) | UP | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
六 configure the dashboard
1 # yum install openstack-dashboard
2 # vim local_settings
#很多地方不用改,比如在controller上装dashboard 127.0.0.1 就不用改
#允许所以HOSTS登录
ALLOWED_HOSTS = ['*]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } }
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_API_VERSIONS = { "identity": 3, "image": 2, "volume": 3, }
#时区我就不改了
# TIME_ZONE = "TIME_ZONE"
3 vim /etc/httpd/conf.d/openstack-dashboard.conf
添加
WSGIApplicationGroup %{GLOBAL}
4 cd /usr/share/openstack-dashboard
# python3 manage.py make_web_conf --apache > /etc/httpd/conf.d/openstack-dashboard.conf
5 # systemctl restart httpd.service memcached.service
验证: http://controller
