openstack网络服务neutron (控制节点)
官方文档:https://docs.openstack.org/neutron/pike/install/controller-install-rdo.html
https://docs.openstack.org/neutron/pike/install/controller-install-option1-rdo.html
加载环境变量
source admin-openstack.sh
创建neutron用户
openstack user create --domain default --password-prompt neutron
[root@linux-node-1 ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 6fd4dc2d1cd749728417b415b4daffc0 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
授予neutron用户于admin角色
openstack role add --project service --user neutron admin
创建neutron服务
openstack service create --name neutron \
--description "OpenStack Networking" network
[root@linux-node-1 ~]# openstack service create --name neutron \
> --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 59a797c1414045f98b83886f43cd77ae |
| name | neutron |
| type | network |
+-------------+----------------------------------+
创建网络服务API端点:
openstack endpoint create --region RegionOne \
network public http://192.168.2.11:9696
[root@linux-node-1 ~]# openstack endpoint create --region RegionOne \
> network public http://192.168.2.11:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ed42c37429ce46c981f48b303cc3353f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 59a797c1414045f98b83886f43cd77ae |
| service_name | neutron |
| service_type | network |
| url | http://192.168.2.11:9696 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne \
network internal http://192.168.2.11:9696
[root@linux-node-1 ~]# openstack endpoint create --region RegionOne \
> network internal http://192.168.2.11:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 53ba267480e846c7b79a9123d9ccc963 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 59a797c1414045f98b83886f43cd77ae |
| service_name | neutron |
| service_type | network |
| url | http://192.168.2.11:9696 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne \
network admin http://192.168.2.11:9696
[root@linux-node-1 ~]# openstack endpoint create --region RegionOne \
> network admin http://192.168.2.11:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 43a538efaa7e4f1da05ffc7093ac38ad |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 59a797c1414045f98b83886f43cd77ae |
| service_name | neutron |
| service_type | network |
| url | http://192.168.2.11:9696 |
+--------------+----------------------------------+
安装
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables -y
修改配置文件
vim /etc/neutron/neutron.conf
[database]
...
#打开注释并修改
710 connection = mysql+pymysql://neutron:neutron@192.168.2.11/neutron
[DEFAULT]
# ...
#打开注释并修改
30 core_plugin = ml2
#打开注释
33 service_plugins =
[DEFAULT]
# ...
#打开注释并修改
553 transport_url = rabbit://openstack:openstack@192.168.2.11
[DEFAULT]
# ...
#打开注释
27 auth_strategy = keystone
[keystone_authtoken]
# ...
#添加内容(795行)
auth_uri = http://192.168.2.11:5000
auth_url = http://192.168.2.11:35357
memcached_servers = 192.168.2.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[DEFAULT]
# ...
#打开注释(98行、102行)
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[nova]
# ...
#添加内容(1024行)
auth_url = http://192.168.2.11:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
# ...
#打开注释(1143行)
lock_path = /var/lib/neutron/tmp
查看修该改过的内容
[root@linux-node-1 ~]# grep '^[a-Z]' /etc/neutron/neutron.conf
auth_strategy = keystone
core_plugin = ml2
service_plugins =
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
transport_url = rabbit://openstack:openstack@192.168.2.11
connection = mysql+pymysql://neutron:neutron@192.168.2.11/neutron
auth_uri = http://192.168.2.11:5000
auth_url = http://192.168.2.11:35357
memcached_servers = 192.168.2.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
auth_url = http://192.168.2.11:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
lock_path = $state_path/lock
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
...
#打开注释
132 type_drivers = local,flat,vlan,gre,vxlan,geneve
#打开注释并修改
137 tenant_network_types =
#打开注释并修改
141 mechanism_drivers = linuxbridge
#打开注释并修改
146 extension_drivers = port_security
[ml2_type_flat]
# ...
#打开注释并修改(181行)
flat_networks = provider
[securitygroup]
# ...
#打开注释(259行)
enable_ipset = true
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
#打开注释并修改
physical_interface_mappings = provider:ens33
[vxlan]
#打开注释并修改(175行)
enable_vxlan = false
[securitygroup]
# ...
#打开注释(160行)
enable_security_group = true
#打开并修改(155行)
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@linux-node-1 ~]# grep '^[a-Z]' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
physical_interface_mappings =provider:ens33
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = true
enable_vxlan = false
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
# ...
#打开注释并修改(16行)
interface_driver = linuxbridge
#打开注释(31行)
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
#打开注释并修改(41行)
enable_isolated_metadata = true
[root@linux-node-1 ~]# grep '^[a-Z]' /etc/neutron/dhcp_agent.ini
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
[DEFAULT]
#打开注释并修改(23行、35行)
nova_metadata_host = 192.168.2.11
metadata_proxy_shared_secret = openstack
vim /etc/nova/nova.conf
[neutron]
#添加内容(7186行)
url = http://192.168.2.11:9696
auth_url = http://192.168.2.11:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = openstack
创建软链接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重启服务nova-api:
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service \
neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service \
neutron-dhcp-agent.service \
neutron-metadata-agent.service