openstack pike版本安装笔记5(Networking service: neutron组件)
Networking service: neutron组件: Neutron Server(网络服务器节点):可部署在CON节点上(控制节点) 创建用户(neutron) openstack user create --domain default --password-prompt neutron 将用户neutron关联至租户(项目service)和role上: openstack role add --project service --user neutron admin 创建neutron服务实体: openstack service create --name neutron --description "OpenStack Networking" network 创建neutron服务 API 端点(endpoint): openstack endpoint create --region RegionOne network public http://con.colinshi.top:9696 openstack endpoint create --region RegionOne network internal http://con.colinshi.top:9696 openstack endpoint create --region RegionOne network admin http://con.colinshi.top:9696 安装neutron服务包: yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables 从以下开始neutron分为两种网络模型: 公共网络和私有网络 公共网络配置: 采用尽可能简单的架构进行部署,只支持实例连接到公有网络(外部网络)。没有私有网络(个人网络),路由器以及浮动IP地址。只有admin或者其他特权用户才可以管理公有网络 编辑配置文件/etc/neutron/neutron.conf: [DEFAULT] core_plugin = ml2 service_plugins = transport_url = rabbit://rabbit:rabbit@con.colinshi.top auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] auth_uri = http://con.colinshi.top:5000 auth_url = http://con.colinshi.top:35357 memcached_servers = con.colinshi.top:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron [nova] auth_url = http://cont.colinshi.top:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = nova [database] connection = mysql+pymysql://root:123456@con.colinshi.top/neutron [oslo_concurrency] lock_path = /var/lib/neutron/tmp 编辑Modular Layer 2 (ML2) 插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini: [ml2] type_drivers = flat,vlan #启用flat和VLAN网络 tenant_network_types = #禁用私有网络 mechanism_drivers = linuxbridge #启用Linuxbridge机制 extension_drivers = port_security #启用端口安全扩展驱动 [ml2_type_flat] flat_networks = provider #配置公共虚拟网络为flat网络 [securitygroup] enable_ipset = True #启用ipset增加安全组规则的高效性 Linuxbridge代理配置文件/etc/neutron/plugins/ml2/linuxbridge_agent.ini: [linux_bridge] physical_interface_mappings = provider:ens38 #将公共虚拟网络和公共物理网络接口对应起来 [vxlan] enable_vxlan = False #禁止VXLAN覆盖网络 [securitygroup] #启用安全组并配置 Linuxbridge iptables firewall driver enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver 编辑DHCP代理配置文件/etc/neutron/dhcp_agent.ini: [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = True 私有网络配置(在公有网络基础上配置): 公共网络的基础上多了layer-3服务,支持实例连接到私有网络。其他没有特权的用户(租户)可以管理自己的私有网络,包含连接公网和私网的路由器。另外,浮动IP地址可以让实例使用私有网络连接到外部网络,例如互联网 编辑配置文件/etc/neutron/neutron.conf: [DEFAULT]#路由服务和重叠的IP地址 service_plugins = router allow_overlapping_ips = True 编辑Modular Layer 2 (ML2) 插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini: [ml2] type_drivers = flat,vlan,vxlan #启用flat、VLAN和VxLAN网络 tenant_network_types = vxlan #私有网络为VxLAN mechanism_drivers = linuxbridge,l2population #启用Linuxbridge和layer-2机制 [ml2_type_vxlan]#私有网络配置VXLAN网络识别的网络范围 vni_ranges = 1:1000 Linuxbridge代理配置文件/etc/neutron/plugins/ml2/linuxbridge_agent.ini: [vxlan]#启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2 population enable_vxlan = True local_ip = 10.0.0.51 l2_population = true 编辑layer-3代理配置文件/etc/neutron/l3_agent.ini: [DEFAULT] interface_driver = linuxbridge 配置元数据代理: 编辑配置文件/etc/neutron/metadata_agent.ini: [DEFAULT] nova_metadata_ip = con.colinshi.top #元数据主机地址,控制节点 metadata_proxy_shared_secret = metadata #元数据共享密码,自己设置一个 为计算节点配置网络服务(是在控制节点上配置) 编辑配置文件/etc/nova/nova.conf:启用元数据代理并设置密码 [neutron] url = http://con.colinshi.top:9696 auth_url = http://con.colinshi.top:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron service_metadata_proxy = True metadata_proxy_shared_secret = metadata 创建软连接: ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini 同步数据库: su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron 重启NOVA-API服务: systemctl restart openstack-nova-api.service 启动Networking Server(公共网络)并设置其随系统启动: systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service 启用layer-3服务(私有网络)并设置其随系统自启动: systemctl enable neutron-l3-agent.service systemctl start neutron-l3-agent.service Computer Node(计算节点):部署在计算节点上 安装neutron服务包: yum install openstack-neutron-linuxbridge ebtables ipset 编辑配置文件/etc/neutron/neutron.conf: [DEFAULT] transport_url = rabbit://rabbit:rabbit@con.colinshi.top auth_strategy = keystone [keystone_authtoken] auth_uri = http://con.colinshi.top:5000 auth_url = http://con.colinshi.top:35357 memcached_servers = con.colinshi.top:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron [oslo_concurrency] lock_path = /var/lib/neutron/tmp 这里依然分为两种网络模型(可以直接拷贝控制节点的文件): 公共网络配置: 编辑Linuxbridge代理配置文件/etc/neutron/plugins/ml2/linuxbridge_agent.ini: [linux_bridge] physical_interface_mappings = provider:ens38 #将公共虚拟网络和公共物理网络接口对应起来 [vxlan] enable_vxlan = False #禁止VXLAN覆盖网络 [securitygroup] #启用安全组并配置 Linuxbridge iptables firewall driver enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver 私有网络配置(在公有网络基础上配置和修改): Linuxbridge代理配置文件/etc/neutron/plugins/ml2/linuxbridge_agent.ini: [vxlan]#启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2 population enable_vxlan = True local_ip = 10.0.0.51 l2_population = true 私有网络的验证: openstack network agent list +--------------------------------------+--------------------+------------------------+-------------------+-------+-------+---------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+--------------------+------------------------+-------------------+-------+-------+---------------------------+ | 6300fe62-d569-41b2-a75e-0071db0c9e5a | Linux bridge agent | computer1.colinshi.top | None | :-) | UP | neutron-linuxbridge-agent | | 6a149e01-4a13-4c6d-8991-f679ded09c4a | Linux bridge agent | con.colinshi.top | None | :-) | UP | neutron-linuxbridge-agent | | be06cf87-4e22-43c8-b482-389787c72a47 | Metadata agent | con.colinshi.top | None | :-) | UP | neutron-metadata-agent | | cb69b3e1-9ab7-4a22-b881-623db51d16ce | L3 agent | con.colinshi.top | nova | :-) | UP | neutron-l3-agent | | ffa8489c-022a-426b-a236-2accaeb5a7be | DHCP agent | con.colinshi.top | nova | :-) | UP | neutron-dhcp-agent | +--------------------------------------+--------------------+------------------------+-------------------+-------+-------+---------------------------+
这个组件同上一个nova一样重要,他是Openstack整个架构中的重中之重。我这边之后所有的部署均使用的是私有网络模型。
