B11-openstack高可用(t版)-Neutron控制/网络节点集群
1. 创建neutron数据库
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'huayun';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'huayun';
2. 创建neutron-api
1)创建neutron用户
[root@controller01 ~]# openstack user create --domain default --password=huayun neutron
2)neutron赋权
给neutron赋予admin当前权限
[root@controller01 ~]# openstack role add --project service --user neutron admin
3)创建neutron服务实体
[root@controller01 ~]# openstack service create --name neutron --description "OpenStack Networking" network
4)创建neutron-api
[root@controller01 ~]# openstack endpoint create --region RegionOne network public http://10.100.214.200:9696
[root@controller01 ~]# openstack endpoint create --region RegionOne network internal http://10.100.214.200:9696
[root@controller01 ~]# openstack endpoint create --region RegionOne network admin http://10.100.214.200:9696
3. 安装neutron
[root@controller01 ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset -y
4. 配置neutron.conf
[root@controller01 ~]# cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@controller01 ~]# egrep -v "^#|^$" /etc/neutron/neutron.conf
[DEFAULT]
bind_host = 10.100.214.201
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:huayun@10.100.214.200:5672
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
l3_ha = True
max_l3_agents_per_router = 3
min_l3_agents_per_router = 2
dhcp_agents_per_network = 3
[cors]
[database]
connection = mysql+pymysql://neutron:huayun@10.100.214.200/neutron
[keystone_authtoken]
www_authenticate_uri = http://10.100.214.200:5000
auth_url = http://10.100.214.200:5000
memcached_servers = 10.100.214.201:11211,10.100.214.202:11211,10.100.214.203:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = huayun
[nova]
auth_url = http://10.100.214.200:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = huayun
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[privsep]
[ssl]
将controller的neutron.conf拷贝到另外两台节点之后(注意bindip的修改)
[root@controller01 ~]# scp /etc/neutron/neutron.conf 10.100.214.202:/etc/neutron/
[root@controller01 ~]# scp /etc/neutron/neutron.conf 10.100.214.203:/etc/neutron/
5. 配置ml2_conf.ini
[root@controller01 ~]# egrep -v "^#|^$" /etc/neutron/plugins/ml2/ml2_conf.ini
[DEFAULT]
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
[root@controller01 ~]# scp /etc/neutron/plugins/ml2/ml2_conf.ini 10.100.214.202:/etc/neutron/plugins/ml2/
[root@controller01 ~]# scp /etc/neutron/plugins/ml2/ml2_conf.ini 10.100.214.203:/etc/neutron/plugins/ml2/
6. 配置linuxbridge_agent.ini
1)配置linuxbridge_agent.ini
[root@controller01 ~]# egrep -v "^#|^$" /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[linux_bridge]
# 网络类型名称与物理网卡对应,这里flat external网络对应规划的eth1,vlan租户网络对应规划的eth3,在创建相应网络时采用的是网络名称而非网卡名称; # 需要明确的是物理网卡是本地有效,根据主机实际使用的网卡名确定; # 另有” bridge_mappings”参数对应网桥
physical_interface_mappings = external:ens224,vlan:ens256
[vxlan]
enable_vxlan = true
# tunnel租户网络(vxlan)vtep端点,这里对应规划的ens161(的地址),根据节点做相应修改
local_ip = 115.115.115.201
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@controller01 ~]# scp /etc/neutron/plugins/ml2/linuxbridge_agent.ini 10.100.214.202:/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@controller01 ~]# scp /etc/neutron/plugins/ml2/linuxbridge_agent.ini 10.100.214.203:/etc/neutron/plugins/ml2/linuxbridge_agent.ini
2)配置内核参数
# bridge:是否允许桥接; # 如果“sysctl -p”加载不成功,报” No such file or directory”错误,需要加载内核模块“br_netfilter”; # 命令“modinfo br_netfilter”查看内核模块信息; # 命令“modprobe br_netfilter”加载内核模块
[root@controller01 ~]# echo "net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf
[root@controller01 ~]# echo "net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.conf
[root@controller01 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
7. 配置l3_agent.ini(self-networking)
[root@controller01 ~]# egrep -v "^#|^$" /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge
[root@controller01 ~]# scp /etc/neutron/l3_agent.ini 10.100.214.202:/etc/neutron/l3_agent.ini
[root@controller01 ~]# scp /etc/neutron/l3_agent.ini 10.100.214.203:/etc/neutron/l3_agent.ini
8. 配置dhcp_agent.ini
[root@controller01 ~]# egrep -v "^#|^$" /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
[root@controller01 ~]# scp /etc/neutron/dhcp_agent.ini 10.100.214.202:/etc/neutron/dhcp_agent.ini
[root@controller01 ~]# scp /etc/neutron/dhcp_agent.ini 10.100.214.203:/etc/neutron/dhcp_agent.ini
9. 配置metadata_agent.ini
[root@controller01 ~]# egrep -v "^#|^$" /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = 10.100.214.200
metadata_proxy_shared_secret = huayun
[cache]
memcache_servers = 10.100.214.201:11211,10.200.214.202:11211,10.100.214.203:11211
[root@controller01 ~]# scp /etc/neutron/metadata_agent.ini 10.100.214.202:/etc/neutron/
[root@controller01 ~]# scp /etc/neutron/metadata_agent.ini 10.100.214.203:/etc/neutron/
10. 配置nova.conf(每个控制节点都需要添加)
[neutron]
url = http://10.100.214.200:9696
auth_url = http://10.100.214.200:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = huayun
service_metadata_proxy = true
metadata_proxy_shared_secret = huayun
11. 同步neutron数据库
[root@controller01 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controller01 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@controller01~]# mysql -h controller01 -u neutron -phuayun -e "use neutron;show tables;"
12. 启动服务
[root@controller01 ~]# systemctl restart openstack-nova-api.service
[root@controller01~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller01 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller01 ~]# systemctl enable neutron-l3-agent.service
root@controller01~]# systemctl start neutron-l3-agent.service
13. 验证
查看加载的扩展服务
[root@controller01 ~]# openstack extension list --network
14. 设置pcs资源
[root@controller01 ~]# pcs resource create neutron-server systemd:neutron-server --clone interleave=true
[root@controller01 ~]# pcs resource create neutron-linuxbridge-agent systemd:neutron-linuxbridge-agent --clone interleave=true
[root@controller01 ~]# pcs resource create neutron-l3-agent systemd:neutron-l3-agent --clone interleave=true
[root@controller01 ~]# pcs resource create neutron-dhcp-agent systemd:neutron-dhcp-agent --clone interleave=true
[root@controller01 ~]# pcs resource create neutron-metadata-agent systemd:neutron-metadata-agent --clone interleave=true
