第十三章 neutron组件安装2
前提:以下配置neutron配置文件基于linuxbridge来实现vlan模式的多用户场景。
1、在控制节点行安装neutron组件
apt -y install neutron-server neutron-metadata-agent neutron-plugin-ml2 python3-neutronclient
# 配置文件
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.org # 备份官方
vi /etc/neutron/neutron.conf
# 修改如下
# create new
[DEFAULT]
debug = True # 打开调试功能
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
dhcp_agent_notification = True
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
# RabbitMQ connection info
transport_url = rabbit://openstack:password@192.168.222.29
[agent]
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
# Keystone auth info
[keystone_authtoken]
www_authenticate_uri = http://192.168.222.29:5000
auth_url = http://192.168.222.29:5000
memcached_servers = 192.168.222.29:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = servicepassword
# MariaDB connection info
[database]
connection = mysql+pymysql://neutron:password@192.168.222.29/neutron_ml2
# Nova auth info
[nova]
auth_url = http://192.168.222.29:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = servicepassword
[oslo_concurrency]
lock_path = $state_path/tmp
# network quotas
[quotas]
quota_network = 100
quota_subnet = 100
quota_router = 100
quota_floatingip = 100
quota_security_group = 100
# 修改文件权限
chmod 640 /etc/neutron/neutron.conf
chgrp neutron /etc/neutron/neutron.conf
# 配置文件
vi /etc/neutron/metadata_agent.ini
# 修改如下
nova_metadata_host = 192.168.222.29 # line 22
metadata_proxy_shared_secret = metadata_secret # line 34
# 配置文件
vi /etc/neutron/plugins/ml2/ml2_conf.ini
# 修改如下
[ml2]
type_drivers = flat,vlan,vxlan # line 167
tenant_network_types = vlan # 采用vlan模式
mechanism_drivers = linuxbridge # 暂不采用ovs,后面会进行
extension_drivers = port_security
[ml2_type_flat]
flat_networks = external # line 219
[ml2_type_vlan]
network_vlan_ranges = default:3001:4000 # line 260
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/bash neutron -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head" # 最后显示“OK”
systemctl restart neutron-server neutron-metadata-agent nova-api
systemctl enable neutron-server neutron-metadata-agent # 服务开机自启动
2、在网络节点上安装neutron组件
# 开启网络节点的路由功能和物理接口混杂模式,使得计算节点能通过它上网
# 配置文件
vi /etc/sysctl.conf
# 修改如下
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
# 生效操作
sysctl -p
# 为了让一个没有配置IP地址的接口UP起来,需要做些一些特殊设置
# 配置文件
vi /etc/systemd/network/enp1s0f2.network # 新建
# 修改如下
[Match]
Name=enp1s0f2 # 这里的enp1s0f2为实际规划的,并进行instance 通信的物理网卡名称
[Network]
LinkLocalAddressing=no
IPv6AcceptRA=no
# 配置文件
vi /etc/systemd/network/enp1s0f3.network # 新建
# 修改如下
[Match]
Name=enp1s0f3 # 这里的enp1s0f3为连接外网的物理网卡名称,不配置IP
[Network]
LinkLocalAddressing=no
IPv6AcceptRA=no
systemctl restart systemd-networkd # 重启networkd服务
apt -y install neutron-plugin-ml2 neutron-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent python3-neutronclient
# 配置文件
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.org # 备份官方
vi /etc/neutron/neutron.conf
# 修改如下
# create new
[DEFAULT]
debug = True # 打开调试功能
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = True
# RabbitMQ connection info
transport_url = rabbit://openstack:password@192.168.222.29
[agent]
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
# Keystone auth info
[keystone_authtoken]
www_authenticate_uri = http://192.168.222.29:5000
auth_url = http://192.168.222.29:5000
memcached_servers = 192.168.222.29:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = servicepassword
[oslo_concurrency]
lock_path = $state_path/lock
# network quotas
[quotas]
quota_network = 100
quota_subnet = 100
quota_router = 100
quota_floatingip = 100
quota_security_group = 100
# 修改文件权限
chmod 640 /etc/neutron/neutron.conf
chgrp neutron /etc/neutron/neutron.conf
# 配置文件
vi /etc/neutron/l3_agent.ini
# 修改如下
interface_driver = linuxbridge # line 17
use_namespaces = True
# 配置文件
vi /etc/neutron/dhcp_agent.ini
# 修改如下
interface_driver = linuxbridge # line 17
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq # line 39
use_namespaces = True
enable_isolated_metadata = true # line 49
# 配置文件
vi /etc/neutron/metadata_agent.ini
# 修改如下
nova_metadata_host = 192.168.222.29 # line 22
metadata_proxy_shared_secret = metadata_secret # line 34
# 配置文件
vi /etc/neutron/plugins/ml2/ml2_conf.ini
# 修改如下
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vlan # vlan模式
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = external # 路由器连接外部的网络的接口,名字随便起
[ml2_type_vlan]
network_vlan_ranges = default:3001:4000 # 可以分配的vlan id范围,需要在底层与服务连接的物理交换机上配置trunk模式,并放行30001到4000的vlan id
# 配置文件
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
# 修改如下
[linux_bridge]
physical_interface_mappings = default:enp1s0f2,external:enp1s0f3 # 就是把上面一个文件中标识,如external、default,在这个文件中与物理接口进行关联。
[securitygroup]
enable_security_group = True # line 217
firewall_driver = iptables
enable_ipset = True
[vxlan]
enable_vxlan = False # line 238
local_ip = 192.168.222.26 # line 271
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
for service in l3-agent dhcp-agent metadata-agent linuxbridge-agent; do
systemctl restart neutron-$service
systemctl enable neutron-$service # 促使服务开机自动启动
done
