S1_搭建分布式OpenStack集群_08 网络服务（neutron）安装部署

一、数据库配置（控制节点）
创建数据库以及用户：
# mysql -uroot -p12345678
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron123';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit;

二、创建认证信息（控制节点）
先生效一下环境变量,之后创建neutron用户：
# openstack user create --domain default --password=neutron neutron #此处密码我设置了neutorn

将neutron加入到admin组和service项目
# openstack role add --project service --user neutron admin

创建网络项目：
# openstack service create --name neutron --description "OpenStack Networking" network

创建endpoint，将网络服务端口信息注册到认证服务：    
# openstack endpoint create --region RegionOne \
network public http://10.10.11.13:9696
# openstack endpoint create --region RegionOne \
network internal http://10.10.11.13:9696
# openstack endpoint create --region RegionOne \
network admin http://10.10.11.13:9696

三、安装二层简单网络(网络节点)
执行安装包:
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

编辑配置文件：neutron.conf
# vim /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://neutron:neutron123@10.10.11.11/neutron
[DEFAULT]
core_plugin = ml2
service_plugins = router
transport_url = rabbit://openstack:openstack123@10.10.11.11
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
auth_uri = http://10.10.11.11:5000
auth_url = http://10.10.11.11:35357
memcached_servers = 10.10.11.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[nova]
auth_url = http://10.10.11.11:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova123
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

编辑ml2_conf.ini文件配置二层插件
# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,gre,vxlan,geneve
tenant_network_types = vlan,gre,vxlan,geneve
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = phynet1 #随便起个名字
[securitygroup]
enable_ipset = true

编辑linuxbridge_agent.ini文件配置linux bridge插件：
# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = phynet1:eth1 #第二张网卡网卡名
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

确认内核支持网桥filters并作如下设置,修改为以下内容：
# vim /usr/lib/sysctl.d/00-system.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
生效sysctl -p

编辑/etc/neutron/dhcp_agent.ini    
# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

编辑/etc/neutron/metadata_agent.ini
# vim /etc/neutron/metadata_agent.ini
[default]
nova_metadata_host = 10.10.11.11
metadata_proxy_shared_secret = neutron

四、在控制节点nova配置neutron
控制节点执行：
编辑/etc/nova/nova.conf，添加neutron内容：
# vim /etc/nova/nova.conf
[neutron]
url = http://10.10.11.13:9696
auth_url = http://10.10.11.11:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = neutron

网络节点执行,创建连接文件:
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
# 导入数据库结构：
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

控制节点：
# systemctl restart openstack-nova-api.service

网络节点：
# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service

# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service

# systemctl status neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service

五、计算节点安装网络服务
计算节点安装软件包：
# yum install openstack-neutron-linuxbridge ebtables ipset -y
修改配置文件：
# vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:openstack123@10.10.11.11
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://10.10.11.11:5000
auth_url = http://10.10.11.11:35357
memcached_servers = 10.10.11.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

修改linuxbridge_agent.ini
# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = phynet1:eth1
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置nova 使用neutron，
# vim /etc/nova/nova.conf
[neutron]
url = http://10.10.11.13:9696
auth_url = http://10.10.11.11:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron

确认内核支持网桥filters并作如下设置
# vim /usr/lib/sysctl.d/00-system.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1

生效：
# sysctl -p

重启服务：
# systemctl restart openstack-nova-compute.service
# systemctl status  openstack-nova-compute.service

启动服务：    
# systemctl status  openstack-nova-compute.service
# systemctl start  neutron-linuxbridge-agent.service
# systemctl status neutron-linuxbridge-agent.service

六、控制节点验证
设置admin环境变量
执行命令验证是否成功启动neutron-server
# openstack extension list --network

执行命令列出插件，验证网络插件是否成功启动
# openstack network agent list