Openstack+Ceph 安装及配置-06.1.1-Openstack-Yoga Neutron安装-控制节点Provider Network

Openstack Yoga版本Neutron安装-控制节点-Provider Network

安装服务

[root@node-1 ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

配置服务组件

[root@node-1 ~]# vim /etc/neutron/neutron.conf
[root@node-1 ~]# cat /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:RabbitMQ123@node-1
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[cors]
[database]
connection = mysql+pymysql://neutron:Neutron123@node-1/neutron
[keystone_authtoken]
www_authenticate_uri = http://node-1:5000
auth_url = http://node-1:5000
memcached_servers = node-1:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = Neutron123
[nova]
auth_url = http://node-1:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NovaCompute123
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[privsep]
[ssl]

配置 Modular Layer 2 (ML2) 插件，ML2插件使用Linux桥接机制为实例创建layer-2 （桥接/交换）虚拟网络基础设施。

[root@node-1 ~]# cat /etc/neutron/plugins/ml2/ml2_conf.ini
[DEFAULT]
[ml2]
type_drivers = flat,vlan #启用 flat 和 VLAN 网络：
tenant_network_types = #禁用项目（私有）网络
mechanism_drivers = linuxbridge #启用Linux 桥接机制：
extension_drivers = port_security #启用端口安全扩展驱动：
[ml2_type_flat]
flat_networks = provider #配置公共flat提供网络：
[securitygroup]
enable_ipset = true #启用 ipset 增加安全组的方便性：

配置Linux 桥接代理

[root@node-1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@node-1 ~]# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[linux_bridge]
physical_interface_mappings = provider:eno1 #映射公共虚拟网络到公共物理网络接口：
[vxlan]
enable_vxlan = false #禁用 VXLAN overlay 网络：
[agent]
prevent_arp_spoofing = true #启用ARP欺骗防护：
[securitygroup]
enable_security_group = true #启用安全组并配置 Linux 桥接 iptables 防火墙驱动：
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置sysctl，需要加载br_netfilter模块

[root@node-1 ~]# echo net.bridge.bridge-nf-call-iptables = 1 >> /etc/sysctl.conf
[root@node-1 ~]# echo net.bridge.bridge-nf-call-ip6tables = 1 >> /etc/sysctl.conf
[root@node-1 ~]# sysctl -p
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory
[root@node-1 ~]# modprobe br_netfilter
[root@node-1 ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

配置DHCP代理

[root@node-1 ~]# vim /etc/neutron/dhcp_agent.ini
[root@node-1 ~]# cat /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge #配置Linux桥接网卡驱动，Dnsmasq DHCP驱动并启用隔离元数据，这样在公共网络上的实例就可以通过网络访问元数据：
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
verbose = true #启用详细日志。

配置元数据代理主机及共享密码

[root@node-1 ~]# vim /etc/neutron/metadata_agent.ini
[root@node-1 ~]# cat /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = node-1
metadata_proxy_shared_secret = MetaData123
[cache]

编辑nova配置文件，添加neutron相关配置

[root@node-1 ~]# vim /etc/nova/nova.conf
[neutron]
auth_url = http://node-1:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = Neutron123
service_metadata_proxy = true
metadata_proxy_shared_secret = MetaData123

完成安装

网络服务初始化脚本需要一个超链接 /etc/neutron/plugin.ini 指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini

[root@node-1 nova]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

初始化数据库

[root@node-1 nova]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

重启openstack-nova-api服务

[root@node-1 nova]# systemctl restart openstack-nova-api.service

配置启动

[root@node-1 nova]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
erviceCreated symlink /etc/systemd/system/multi-user.target.wants/neutron-server.service → /usr/lib/systemd/system/neutron-server.service.
Created symlink /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service → /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
Created symlink /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service → /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service → /usr/lib/systemd/system/neutron-metadata-agent.service.
[root@node-1 neutron]# systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service