neutron网络服务部署
控制节点执行 #第一步 登陆数据库 mysql -u root -p #导入neutron这个库 CREATE DATABASE neutron; #创建neutron这个用户和密码,并允许本地登陆和第三方登陆 GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost IDENTIFIED BY 'NEUTRON_DBPASS'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; #退出 exit #宣告环境变量 . admin-openrc #第二步 创建neutron这个用户 openstack user create --domain default --password=neutron neutron #把neutron这个用设置为管理员 openstack role add --project service --user neutron admin #创建一个neutron网络服务 openstack service create --name neutron \ --description "OpenStack Networking" network #添加neutron服务的端点 openstack endpoint create --region RegionOne \ network public http://controller:9696 openstack endpoint create --region RegionOne \ network internal http://controller:9696 openstack endpoint create --region RegionOne \ network admin http://controller:9696 #点击第二个链接 • Networking Option 2: Self-service networks #第三步 下载neutron主服务,neutron-ml2插件 yum install openstack-neutron -y yum install openstack-neutron-ml2 -y yum install ebtables –y yum install openvswitch –y yum install openstack-neutron-openvswitch -y #编辑neutron主配置文件 cd /etc/neutron cp neutron.conf neutron.conf.bak vim neutron.conf #清空配置,粘贴如下内容 [DEFAULT] state_path = /var/lib/neutron #扩展库目录 auth_strategy = keystone core_plugin = ml2 #核心插件 service_plugins = router #服务查看,安装三层虚拟路由器 dhcp_agent_notification = true allow_overlapping_ips = True #允许隧道类型的网络 notify_nova_on_port_status_changes = true #关于网络、端口的状态数据都可以更改 notify_nova_on_port_data_changes = true transport_url = rabbit://openstack:admin@controller [agent] [cors] [cors.subdomain] [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron [matchmaker_redis] [nova] region_name = RegionOne auth_url = http://controller:35357 auth_type = password project_domain_name = default project_name = service user_domain_name = default username = nova password = nova [oslo_concurrency] lock_path = $state_path/lock [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_messaging_zmq] [oslo_middleware] [oslo_policy] [qos] [quotas] [ssl] #修改ml2核心插件配置文件 cp ml2_conf.ini ml2_conf.ini.bak vim ml2_conf.ini #清空所有内容,粘贴如下内容 [DEFAULT] [ml2] type_drivers = flat,vxlan #类型驱动 tenant_network_types = vxlan #租户网用的类型 mechanism_drivers = openvswitch,l2population #机制驱动是openvswitch extension_drivers = port_security #外部网络驱动 [ml2_type_flat] [ml2_type_geneve] [ml2_type_gre] [ml2_type_vlan] [ml2_type_vxlan] vni_ranges = 1:1000 #vxlan它的网络id [securitygroup] enable_ipset = true #是否开启安全组,安全组起到了防火墙的作用 #还是在此目录编辑 cp openvswitch_agent.ini openvswitch_agent.ini.bak #清空里面内容,粘贴如下内容 [DEFAULT] [agent] tunnel_types = vxlan l2_population = True [ovs] tunnel_bridge = br-tun #隧道网桥 local_ip = #控制节点第二块网卡IP bridge_mappings = [securitygroup] firewall_driver = iptables_hybrid #驱动 enable_security_group = true [xenapi] #编辑layer-3配置文件,他给我们提供路由功能 cd /etc/neutron/ cp l3_agent.ini l3_agent.ini.bak vim l3_agent.ini #清空所有配置,粘贴如下内容 [DEFAULT] interface_driver = openvswitch #这个网口驱动提供 external_network_bridge = br-ex #外部网桥 [agent] [ovs] #编辑dhcp_agent配置文件,因为虚拟机要获取IP cp dhcp_agent.ini dhcp_agent.ini.bak vim dhcp_agent.ini #清空原有配置,粘贴如下内容 [DEFAULT] interface_driver = openvswitch dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true [agent] [ovs] #配置metadata_agent配置文件 cd /etc/neutron/ cp metadata_agent.ini metadata_agent.ini.bak vim metadata_agent.ini #清空配置内容,粘贴如下内容 [DEFAULT] nova_metadata_ip = controller metadata_proxy_shared_secret = METADATA_SECRET #这里的密码可以改,但要与/etc/nova/nova.conf里的[neutron]配置段的metadata_proxy_shared_secret一致 [agent] [cache] #解开neutron注释 vim /etc/nova/nova.conf #把[neutron]配置段注释都删掉 #第四步 创建软连接 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini #第五步 同步neutron数据库 su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron #重启nova-api systemctl restart openstack-nova-api.service #开启插件和设为开机自启 systemctl start neutron-server.service systemctl start neutron-dhcp-agent.service systemctl start neutron-openvswitch-agent systemctl start neutron-metadata-agent.service systemctl start openvswitch systemctl enable neutron-server.service systemctl enable neutron-dhcp-agent.service systemctl enable neutron-openvswitch-agent systemctl enable neutron-metadata-agent.service systemctl enable openvswitch #查看 neutron agent-list openstack network agent list #创建网桥,并把此网桥绑定到第二块网卡上 ovs-vsctl add-br br-ex #查看 ovs-vsctl show ovs-vsctl add-port br-ex eth2 #开启路由功能和设置开机自启 systemctl start neutron-l3-agent.service systemctl enable neutron-l3-agent.service #查看 openstack network agent list #刷出来四项,都是up部署成功 计算节点配置 yum install ipset -y yum install ebtables –y yum install openvswitch –y yum install openstack-neutron-openvswitch -y #编辑netron.conf配置文件 cd /etc/neutron cp neutron.conf neutron.conf.bak vim neutron.conf #清空配置,粘贴如下内容 [DEFAULT] #state_path = /var/lib/neutron auth_strategy = keystone #core_plugin = ml2 #核心插件 #service_plugins = router #安装三层虚拟路由器 #dhcp_agent_notification = true #allow_overlapping_ips = True #允许隧道类型的网络 #notify_nova_on_port_status_changes = true #关于网络、端口的状态数据都可以更改 #notify_nova_on_port_data_changes = true transport_url = rabbit://openstack:admin@controller [agent] [cors] [cors.subdomain] [database] #connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron [matchmaker_redis] [nova] region_name = RegionOne auth_url = http://controller:35357 auth_type = password project_domain_name = default project_name = service user_domain_name = default username = nova password = nova [oslo_concurrency] lock_path = $state_path/lock [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_messaging_zmq] [oslo_middleware] [oslo_policy] [qos] [quotas] [ssl] #编辑openvswitch_agent配置文件 cd /etc/neutron/plugins/ml2/ cp openvswitch_agent.ini openvswitch_agent.ini.bak vim openvswitch_agent.ini #清空配置内容,粘贴如下内容 [DEFAULT] [agent] tunnel_types = vxlan l2_population = True [ovs] tunnel_bridge = br-tun local_ip = #计算节点第二块网卡IP bridge_mappings = [securitygroup] firewall_driver = iptables_hybrid #驱动 enable_security_group = true [xenapi] #编辑nova配置文件 vim /etc/nova.conf #在[neutron]段添加如下内容 url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron #service_metadata_proxy = true #metadata_proxy_shared_secret = METADATA_SECRET #重启计算服务 systemctl restart openstack-nova-compute.service #启动服务和设为开机自启 systemctl start neutron-openvswitch-agent systemctl start openvswitch systemctl enable neutron-openvswitch-agent systemctl enable openvswitch