openstack部署之neutron
简介
本次部署neutron组件,neutron组件主要管理openstack网络。分别部署neutron和controller neutron节点,与上一篇博客部署nova类似,controller和compute节点同样分别部署到两台设备上。
部署controller neutron
创建数据库
与其他组件一样,首先需要创建neutron需要的数据库,操作如下:
$ mysql -u root -p
创建neutron数据库
MariaDB [(none)] CREATE DATABASE neutron;
授权数据库
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'neutron'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'neutron';
组件部署
设置环境变量
[root@localhost ~]# source admin-openstack.sh
- 创建neutron user
$ openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | fdb0f541e28141719b6a43c8944bf1fb |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
- 为neutron用户设置admin角色和项目
$ openstack role add --project service --user neutron admin
- 注册服务
$ openstack service create --name neutron --description "OpenStack Networking" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | f71529314dab4a4d8eca427e701d209e | | name | neutron | | type | network | +-------------+----------------------------------+
- 注册endpoints
$ openstack endpoint create --region RegionOne network public http://192.168.46.130:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 85d80a6d02fc4b7683f611d7fc1493a3 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | f71529314dab4a4d8eca427e701d209e | | service_name | neutron | | service_type | network | | url | http://192.168.46.130:9696 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne network internal http://192.168.46.130:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 09753b537ac74422a68d2d791cf3714f | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | f71529314dab4a4d8eca427e701d209e | | service_name | neutron | | service_type | network | | url | http://192.168.46.130:9696 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne network admin http://192.168.46.130:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 1ee14289c9374dffb5db92a5c112fc4e | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | f71529314dab4a4d8eca427e701d209e | | service_name | neutron | | service_type | network | | url | http://192.168.46.130:9696 | +--------------+----------------------------------+
配置Provider networks
安装包
# yum install openstack-neutron openstack-neutron-ml2 \ openstack-neutron-linuxbridge ebtables
修改配置文件
编辑/etc/neutron/neutron.conf文件
- 配置database
[database] # ... connection = mysql+pymysql://neutron:neutron@192.168.46.130/neutron
- ml2配置
[DEFAULT] # ... core_plugin = ml2 service_plugins =
- 配置RabbitMQ
[DEFAULT] # ... transport_url = rabbit://openstack:openstack@192.168.46.130
- 配置keystone
[DEFAULT] # ... auth_strategy = keystone [keystone_authtoken] auth_uri = http://192.168.46.130:5000 auth_url = http://192.168.46.130:35357 memcached_servers = 192.168.46.130:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron
- 配置网络以通知计算网络拓扑的变化
[DEFAULT] # ... notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [nova] auth_url = http://192.168.46.130:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = nova
- 配置锁文件路径
[oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp
配置ML2插件
编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件
- 开启VALN和flat
[ml2] # ... type_drivers = local,flat,vlan,gre,vxlan,geneve //配置文件里已有,直接打开注释
- 关闭self-service networks
[ml2] # ... tenant_network_types =
- 开启linux bridge mechanism
[ml2] # ... mechanism_drivers = linuxbridge
- 启用端口安全扩展驱动程序
[ml2] # ... extension_drivers = port_security
- 配置provider虚拟网络
[ml2_type_flat] # ... flat_networks = provider
- 开启安全组规则
[securitygroup] # ... enable_ipset = true
配置Linux bridge agent
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
- 配置物理网卡映射
[linux_bridge] physical_interface_mappings = provider:ens33 //根据自己的网卡名称填写
- 关闭vxlan
[vxlan] enable_vxlan = false
- 开启安全组和配置防火墙驱动
[securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置DHCP agent
编辑/etc/neutron/dhcp_agent.ini文件
- 修改如下配置
[DEFAULT] # ... interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true
配置metadata agent
编辑/etc/neutron/metadata_agent.ini
- 配置共享密钥
[DEFAULT] # ... nova_metadata_host = 192.168.46.130 metadata_proxy_shared_secret = openstack
配置计算服务
- 在nova中增加neutron配置
[neutron] url = http://192.168.46.130:9696 auth_url = http://192.168.46.130:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron service_metadata_proxy = true metadata_proxy_shared_secret = openstack
最后的配置
- 创建软连接,网络服务默认使用此软连接查找插件
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
- 同步数据库
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
- 重启nova-api服务
# systemctl restart openstack-nova-api.service
- 设置服务自启动
# systemctl enable neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service # systemctl start neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service
部署neutron compute node
安装包
# yum install openstack-neutron-linuxbridge ebtables ipset
编辑配置文件 /etc/neutron/neutron.conf
因为compute node不直接连接database,所以在此不用设置database,这是与controller node的差异
- 配置RabbitMQ
[DEFAULT] # ... transport_url = rabbit://openstack:openstack@192.168.46.130
- 配置keystone
[DEFAULT] # ... auth_strategy = keystone [keystone_authtoken] auth_uri = http://192.168.46.130:5000 auth_url = http://192.168.46.130:35357 memcached_servers = 192.168.46.130:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron
- 配置锁文件路径
[oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp
配置Provider networks
配置Linux bridge agent
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
- 物理网卡映射
[linux_bridge] physical_interface_mappings = provider:ens33
- 开启vxlan
[vxlan] enable_vxlan = false
- 开启安全组
[securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置计算服务
- 在nova中增加neutron配置
[neutron] url = http://192.168.46.130:9696 auth_url = http://192.168.46.130:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron
最后的配置
- 重启nova-compute服务
# systemctl restart openstack-nova-compute.service
- 启动linux bridge agent和配置自动启动
# systemctl enable neutron-linuxbridge-agent.service # systemctl start neutron-linuxbridge-agent.service
验证服务
以上配置都完成后,在controller查看服务状态,可以看到有一个Host为node2,这个就是刚才配置的neutron compute node,所有服务状态都应该为UP
[root@localhost ~]# openstack network agent list +--------------------------------------+--------------------+-----------------------+-------------------+-------+-------+---------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+--------------------+-----------------------+-------------------+-------+-------+---------------------------+ | 2045a739-8a8d-4ad8-8208-cc14142dbb7f | DHCP agent | localhost.localdomain | nova | :-) | UP | neutron-dhcp-agent | | 3a4ac60e-4998-4448-9832-9a90f0011201 | Linux bridge agent | node2 | None | :-) | UP | neutron-linuxbridge-agent | | 810203db-2365-4440-952d-bea1365ed17e | Linux bridge agent | localhost.localdomain | None | :-) | UP | neutron-linuxbridge-agent | | 9b39f669-dde2-4028-b9c4-5f665a31ceac | Metadata agent | localhost.localdomain | None | :-) | UP | neutron-metadata-agent | +--------------------------------------+--------------------+-----------------------+-------------------+-------+-------+---------------------------+
问题总结
1、在所有配置完成后一直不出现neutron compute node,并且查看所有日志都没有报错,经过检查发现,我的controller主机和compute主机使用的hostname都是localhost.localdomain,两台主机的hostname不能一样,虽然以上的所有配置里都是使用的两台设备的IP地址,但是主机名称可能服务底层也使用到了,以下操作修改compute node的设备hostname为node2
- 修改/etc/hosts文件
127.0.0.1 node2 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.46.130 localhost.localdomain #配置通过hostname连接192.168.46.130,同样192.168.46.130设备上也该配置
