openstack笔记(七):网络组件(Neutron)部署
1.组件详解
作用:通过插件的方式给OpenStack提供网络
常见组件:
neutron-server:接收API请求并转交给适当的网络插件来执行操作
neutron database:存储网络相关参数信息的neutron数据库
neutron-dhcp-agent:向所有Project网络提供动态主机配置协议(DHCP)服务
neutron-l3-agent:执行L3/网络地址转换(NAT)转发,以支持网络访问租户网络上的VM
neutron-l2-agent:二层网络插件
neutron-3rd party plugin:第三方网络插件
流程详解:
请求: nova-compute -> neutron-server -> neutron database(admin)
配置: neutron-server -> queue -> neutron-plugins -> queue -> compute plugin -> vm实例创建网络
2.控制节点部署
- 数据库配置
$ mysql -u root -p
MariaDB [(none)] CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
复制代码
- 软件安装
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
复制代码
- 配置文件
vim /etc/neutron/neutron.conf
[database]
# ...
connection = mysql+pymysql://neutron:neutron@controller/neutron
[DEFAULT]
# 配置二层网络模块 Modular Layer2(ML2)核心插件和服务插件
core_plugin = ml2
service_plugins =
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@controller
[DEFAULT]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[DEFAULT]
# 配置nova的通知配置
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[nova]
# 配置nova服务的keystone配置信息
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
# 锁文件路径
lock_path = /var/lib/neutron/tmp
复制代码
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
# 开启插件驱动
type_drivers = flat,vlan
[ml2]
# 配置项目的网络类型
tenant_network_types =
[ml2]
# 设置物理网卡的驱动为linuxbridge
mechanism_drivers = linuxbridge
[ml2]
# 扩展驱动打开端口安全
extension_drivers = port_security
[ml2_type_flat]
# 设置扁平网络类型为提供者网络
flat_networks = provider
[securitygroup]
# 开启ipset功能
enable_ipset = true
复制代码
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth0
# 此处的provider应与ml2_conf.ini文件中flat_networks配置项后面的内容一致
# 同处于provider网络的主机,都使用本机的eth0来进行通信
[vxlan]
# 关闭vxlan功能
enable_vxlan = false
[securitygroup]
# 在安全组中,设置防火墙驱动
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
复制代码
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
# 设置驱动接口
interface_driver = linuxbridge
# 设置dhcp驱动
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
# 开启元数据功能
enable_isolated_metadata = true
复制代码
vim /etc/neutron/metadata_agent.ini
[DEFAULT]
# 配置nova元数据存储主机地址
nova_metadata_host = controller
# 配置元数据共享秘钥
metadata_proxy_shared_secret = openstack
复制代码
vim /etc/nova/nova.conf
[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = openstack
# 此处的openstack和metadata_agent.ini配置文件metadata_proxy_shared_secret项的属性值一致
复制代码
- 数据同步
ml2初始化配置
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
neutron数据库同步
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
- 认证配置
source admin-openstack.sh
openstack user create --domain default --password neutron neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
复制代码
- 验证效果
# 重启计算节点服务
systemctl restart openstack-nova-api.service
# 设置网络服务自启
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
# 验证network状态
openstack network agent list
复制代码
3.计算节点部署
- 软件安装
# conntrack-tools官方没有说明
# yum install openstack-neutron-linuxbridge ebtables ipset conntrack-tools
复制代码
- 配置文件
vim /etc/neutron/neutron.conf
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@controller
[DEFAULT]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
复制代码
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth0
[vxlan]
enable_vxlan = false
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
复制代码
vim /etc/nova/nova.conf
[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
复制代码
重启服务
# systemctl restart openstack-nova-compute.service
# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service
# 重启libvirt服务
systemctl restart libvirtd.service
复制代码
- 验证效果
回到controller查看所有的网络客户端
openstack network agent list
查看所有的计算节点服务
openstack compute service list
xxx就是我的个性签名