8.OpenStack网络组件
添加网络组件
安装和配置控制器节点
创建数据库
mysql -uroot -ptoyo123 CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'toyo123'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'toyo123'; exit
创建服务凭据
source admin-openrc.sh keystone user-create --name neutron --pass Abcd1234 keystone user-role-add --user neutron --tenant service --role admin keystone service-create --name neutron --type network \ --description "OpenStack Networking" keystone endpoint-create \ --service-id $(keystone service-list | awk '/ network / {print $2}') \ --publicurl http://controller:9696 \ --adminurl http://controller:9696 \ --internalurl http://controller:9696 \ --region regionOne
安装网络组件
yum install -y openstack-neutron openstack-neutron-ml2 python-neutronclient which
查询service id下面编辑配置文件会用到
source admin-openrc.sh keystone tenant-get service
编辑/etc/neutron/neutron.conf文件
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf_bak vim /etc/neutron/neutron.conf [database] connection = mysql://neutron:toyo123@controller/neutron [DEFAULT] rpc_backend = rabbit rabbit_host = controller rabbit_password = Abcd1234 auth_strategy = keystone core_plugin = ml2 service_plugins = router allow_overlapping_ips = True notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://controller:8774/v2 nova_admin_auth_url = http://controller:35357/v2.0 nova_region_name = regionOne nova_admin_username = nova nova_admin_tenant_id = 89bc1f42c0194ef4b1ff2dfea07caf2f nova_admin_password = Abcd1234 verbose = True [keystone_authtoken] auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 admin_tenant_name = service admin_user = neutron admin_password = Abcd1234 [neutron] url = http://controller:9696 auth_strategy = keystone admin_auth_url = http://controller:35357/v2.0 admin_tenant_name = service admin_username = neutron admin_password = Abcd1234
编辑 /etc/neutron/plugins/ml2/ml2_conf.ini文件
mv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini_bak vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,gre tenant_network_types = gre mechanism_drivers = openvswitch [ml2_type_gre] tunnel_id_ranges = 1:1000 [securitygroup] enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
编辑/etc/nova/nova.conf
vim /etc/nova/nova.conf [DEFAULT] network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver [neutron] url = http://controller:9696 auth_strategy = keystone admin_auth_url = http://controller:35357/v2.0 admin_tenant_name = service admin_username = neutron admin_password = Abcd1234
完成安装
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron systemctl restart openstack-nova-api.service openstack-nova-scheduler.service \ openstack-nova-conductor.service systemctl enable neutron-server.service systemctl restart neutron-server.service
验证
source admin-openrc.sh neutron ext-list
安装和配置网络节点
配置内核网络参数
vim /etc/sysctl.conf net.ipv4.ip_forward=1 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 sysctl -p
安装网络组件
yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch
编辑/etc/neutron/neutron.conf
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf_bak vim /etc/neutron/neutron.conf [DEFAULT] rpc_backend = rabbit rabbit_host = controller rabbit_password = Abcd1234 auth_strategy = keystone core_plugin = ml2 service_plugins = router allow_overlapping_ips = True verbose = True [keystone_authtoken] auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 admin_tenant_name = service admin_user = neutron admin_password = Abcd1234
编辑 /etc/neutron/plugins/ml2/ml2_conf.ini
mv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini_bak vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,gre tenant_network_types = gre mechanism_drivers = openvswitch [ml2_type_flat] flat_networks = external [ml2_type_gre] tunnel_id_ranges = 1:1000 [securitygroup] enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver [ovs] local_ip = 192.168.116.8 enable_tunneling = True bridge_mappings = external:br-ex [agent] tunnel_types = gre
编辑/etc/neutron/l3_agent.ini
mv /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini_bak vim /etc/neutron/l3_agent.ini [DEFAULT] interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver use_namespaces = True external_network_bridge = br-ex router_delete_namespaces = True verbose = True
编辑/etc/neutron/dhcp_agent.ini
mv /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini_bak vim /etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq use_namespaces = True dhcp_delete_namespaces = True verbose = True dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
创建/etc/neutron/dnsmasq-neutron.conf并关掉dnsmasq进程
vim /etc/neutron/dnsmasq-neutron.conf dhcp-option-force=26,1454 pkill dnsmasq
编辑/etc/neutron/metadata_agent.ini
mv /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini_bak vim /etc/neutron/metadata_agent.ini [DEFAULT] auth_url = http://controller:5000/v2.0 auth_region = regionOne admin_tenant_name = service admin_user = neutron admin_password = Abcd1234 nova_metadata_ip = controller metadata_proxy_shared_secret = METADATA_SECRET verbose = True
编辑/etc/nova/nova.conf
mv /etc/nova/nova.conf /etc/nova/nova.conf_bak vim /etc/nova/nova.conf [neutron] service_metadata_proxy = True metadata_proxy_shared_secret = Abcd1234
重启nova-api服务
systemctl restart openstack-nova-api.service
配置开放的vSwitch(OVS)服务
systemctl enable openvswitch.service systemctl start openvswitch.service ovs-vsctl del-br br-ex && ovs-vsctl add-br br-ex && ovs-vsctl add-port br-ex eth0 && reboot
创建ifcfg-br-ex
vim /etc/sysconfig/network-scripts/ifcfg-br-ex DEVICE=br-ex DEVICETYPE=ovs TYPE=OVSBridge ONBOOT=yes OVSBOOTPROTO=none IPADDR=192.168.116.8 PREFIX=24 DEFROUTE=yes GATEWAY=192.168.116.1 DNS1="114.114.114.114"
编辑/etc/sysconfig/network-scripts/ifcfg-eth0
vim /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE="Ethernet" BOOTPROTO="none" DEFROUTE="yes" NAME="eth0" UUID="0e9ff19f-53db-4e78-ab16-a271ff92bd2b" DEVICE="eth0" ONBOOT="yes"
停止Gro并重启network服务
ethtool -K eth0 gro off && service network restart
创建ml2_conf.ini重定向并启动服务与设置开机自启动
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini cp /usr/lib/systemd/system/neutron-openvswitch-agent.service \ /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' \ /usr/lib/systemd/system/neutron-openvswitch-agent.service systemctl enable neutron-openvswitch-agent.service neutron-l3-agent.service \ neutron-dhcp-agent.service neutron-metadata-agent.service \ neutron-ovs-cleanup.service systemctl restart neutron-openvswitch-agent.service neutron-l3-agent.service \ neutron-dhcp-agent.service neutron-metadata-agent.service \ neutron-ovs-cleanup.service
验证
source admin-openrc.sh neutron agent-list
配置计算机节点网络
编辑/etc/sysctl.conf
vim /etc/sysctl.conf net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 sysctl -p
安装网络组件
yum install -y openstack-neutron-ml2 openstack-neutron-openvswitch
编辑/etc/neutron/neutron.conf
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf_bak vim /etc/neutron/neutron.conf [DEFAULT] rpc_backend = rabbit rabbit_host = controller rabbit_password = Abcd1234 auth_strategy = keystone core_plugin = ml2 service_plugins = router allow_overlapping_ips = True verbose = True [keystone_authtoken] auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 admin_tenant_name = service admin_user = neutron admin_password = Abcd1234
编辑/etc/neutron/plugins/ml2/ml2_conf.ini
mv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini_bak vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,gre tenant_network_types = gre mechanism_drivers = openvswitch [ml2_type_gre] tunnel_id_ranges = 1:1000 [securitygroup] enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver [ovs] local_ip = 192.168.116.10 enable_tunneling = True [agent] tunnel_types = gre
启动OVS服务并将其配置为开机自启动
systemctl enable openvswitch.service
systemctl restart openvswitch.service
编辑/etc/nova/nova.conf
vim /etc/nova/nova.conf [DEFAULT] network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver [neutron] url = http://controller:9696 auth_strategy = keystone admin_auth_url = http://controller:35357/v2.0 admin_tenant_name = service admin_username = neutron admin_password = Abcd1234
完成安装
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini cp /usr/lib/systemd/system/neutron-openvswitch-agent.service \ /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' \ /usr/lib/systemd/system/neutron-openvswitch-agent.service systemctl restart openstack-nova-compute.service systemctl enable neutron-openvswitch-agent.service systemctl restart neutron-openvswitch-agent.service
验证
source admin-openrc.sh neutron agent-list
创建外部网络
source admin-openrc.sh neutron net-create ext-net --router:external True \ --provider:physical_network external --provider:network_type flat neutron subnet-create ext-net --name ext-subnet \ --allocation-pool start=192.168.116.240,end=192.168.116.250 \ --disable-dhcp --gateway 192.168.116.1 192.168.116.0/24
创建租户网
source demo-openrc.sh neutron net-create lan-net neutron subnet-create lan-net --name lan-subnet \ --gateway 192.168.101.1 192.168.101.0/24 neutron router-create lan-router neutron router-interface-add lan-router lan-subnet neutron router-gateway-set lan-router ext-net
创建路由器以便租户网可以连接外部
验证
ping 192.168.116.150
做了上面的ovs就不要做下面的传统网络
配置控制器节点
配置传统网络
编辑/etc/nova/nova.conf 重启服务
vim /etc/nova/nova.conf [DEFAULT] network_api_class = nova.network.api.API security_group_api = nova systemctl restart openstack-nova-api.service openstack-nova-scheduler.service \ openstack-nova-conductor.service
配置计算机节点
安装网络组件
yum install -y openstack-nova-network openstack-nova-api
编辑 /etc/nova/nova.conf
vim /etc/nova/nova.conf [DEFAULT] network_api_class = nova.network.api.API security_group_api = nova firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver network_manager = nova.network.manager.FlatDHCPManager network_size = 254 allow_same_net_traffic = False multi_host = True send_arp_for_ha = True share_dhcp_address = True force_dhcp_release = True flat_network_bridge = eth0 flat_interface = eth0 public_interface = eth0
启动服务并配置为开机自启动
systemctl enable openstack-nova-network.service openstack-nova-metadata-api.service
systemctl restart openstack-nova-network.service openstack-nova-metadata-api.service
创建初始网络(192.168.116.25/29根据当前外网计算得出的这里的外网是指云主机获取到的ip可直接访问外网,生产环境中可将这里配置为从运营商那里获取到的ip段)
source admin-openrc.sh nova network-create demo-net --bridge eth0 --multi-host T \ --fixed-range-v4 192.168.116.25/29
验证
nova net-list
