Openstack+Ceph 安装及配置-06.1.2-Openstack-Yoga Neutron安装-控制节点Self-service Network

Openstack Yoga版本Neutron安装-控制节点-Self-service Network

安装服务

[root@node-1 ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

配置

配置/etc/neutron/neutron.conf

[root@node-1 ~]# vim /etc/neutron/neutron.conf
[root@node-1 ~]# cat /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:RabbitMQ123@node-1
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[cors]
[database]
connection = mysql+pymysql://neutron:Neutron123@node-1/neutron
[keystone_authtoken]
www_authenticate_uri = http://node-1:5000
auth_url = http://node-1:5000
memcached_servers = node-1:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = Neutron123
[nova]
auth_url = http://node-1:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NovaCompute123
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[privsep]
[ssl]

配置/etc/neutron/plugins/ml2/ml2_conf.ini

[root@node-1 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[DEFAULT]
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true

配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[root@node-1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[linux_bridge]
physical_interface_mappings = provider:eno1
[vxlan]
enable_vxlan = true
local_ip = 172.16.1.81
l2_population = true
[agent]
prevent_arp_spoofing = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置/etc/neutron/l3_agent.ini

[root@node-1 ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge

配置/etc/neutron/dhcp_agent.ini

[root@node-1 ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
verbose = true

配置/etc/neutron/metadata_agent.ini

[root@node-1 ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = node-1
metadata_proxy_shared_secret = MetaData123
[cache]

配置/etc/nova/nova.conf

[root@node-1 ~]# vim /etc/nova/nova.conf
[neutron]
auth_url = http://node-1:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = Neutron123
service_metadata_proxy = true
metadata_proxy_shared_secret = MetaData123

创建 /etc/neutron/plugins/ml2/ml2_conf.ini软连接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

初始化数据库

[root@node-1 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
正在对 neutron 运行 upgrade...
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
确定

重启网络服务

[root@node-1 ~]# systemctl restart openstack-nova-api.service
[root@node-1 ~]# systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

启动layer-3服务

[root@node-1 ~]# systemctl enable neutron-l3-agent.service
Created symlink /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service → /usr/lib/systemd/system/neutron-l3-agent.service.
[root@node-1 ~]# systemctl start neutron-l3-agent.service

启动后dhcp-agent报错

2022-07-06 19:18:47.473 3836927 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'privsep-helper', '--config-file', '/usr/share/neutron/neutron-dist.conf', '--config-file', '/etc/neutron/neutron.conf', '--config-file', '/etc/neutron/dhcp_agent.ini', '--config-dir', '/etc/neutron/conf.d/neutron-dhcp-agent', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmpjokyntv6/privsep.sock']
2022-07-06 19:18:47.473 3836927 ERROR neutron.agent.dhcp.agent [-] Unable to enable dhcp for 9443230c-9a2a-4615-967e-c9b1639a0b9f.: oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
开启selinux权限
# setsebool -P neutron_can_network on
# setsebool -P haproxy_connect_any on
# setsebool -P daemons_enable_cluster_mode on

最好在一开始就关闭selinux,不然会有各种问题

 

posted @ 2023-02-21 16:43  苦逼挨踢男  阅读(43)  评论(0编辑  收藏  举报