在controller node安装配置neuthon组件
数据库创库授权
mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost'
IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%'
IDENTIFIED BY 'NEUTRON_DBPASS';
服务注册授权
创建「neutron」用户账号
openstack user create --domain default --password NEUTRON_PASS neutron
给「neutron」账号关联「admin」角色
openstack role add --project service --user neutron admin
❝
注解:
此命令没有任何输出
❞
创建名称为 neutron 的网络类型的服务
openstack service create --name neutron
--description "OpenStack Networking" network
创建 network 服务的 api 端点
[root@controller ~]# openstack endpoint create --region RegionOne
network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 6aef00b99e1b497083768d0023f42ffb |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e72ff70480e0496c962682f01754588c |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne
network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e093ef25cc7743fab5221843cec34cb9 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e72ff70480e0496c962682f01754588c |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------
[root@controller ~]# openstack endpoint create --region RegionOne
network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 91390a991b0a42e791c69ff623fe1bdc |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e72ff70480e0496c962682f01754588c |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
❝
注解:
neutron API 端口:tcp 9696
❞
neutron 网络配置(option 1 类型)
在 OpenStack 环境中的网络,我们可以选择两种类型,官方称这两种类型为:options 1 and 2.
option 1:提供一个简单的二层网络,直接连接物理网络。相当于加了一台二层交换机,OpenStack 环境内的虚拟机都接到这台交换机上与物理网络互通。
option 2:提供一个三层网络,相当于把交换机换成了路由器,我们拥有了自己的私有网络,也就是统称的“内网”。在内网中,我们可以任意设计网络结构,最后通过路由器与外界网络互通。云服务运营商都是采用的这种结构,如阿里云,我们购买一台 ECS 虚拟主机,阿里云会分配给我们一对公网+私网 IP 地址。
选择原则:
-
企业私有云平台,选择 Option 1,使 OpenStack 内部的虚拟机与企业网络直接互通; -
企业混合云或公有云平台,选择 Option 2,对外提供商业运营。
安装软件包
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2
openstack-neutron-linuxbridge ebtables
网络服务配置
neutron 网络服务配置涉及多个方面,包括数据库、认证机制、消息阵列等。
-
「编辑/etc/neutron/neutron.conf 配置文件」
[root@controller ~]# cd /etc/neutron/
[root@controller neutron]# cp -a neutron.conf neutron.conf.bak
[root@controller neutron]# >neutron.conf
[root@controller neutron]# vim neutron.conf
[DEFAULT]
#ml2,二层网络模块插件
core_plugin = ml2
service_plugins =
#消息阵列
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
#拓扑变更消息提醒
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[agent]
[cors]
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
[matchmaker_redis]
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[quotas]
[ssl]
-
「编辑/etc/neutron/plugins/ml2/ml2_conf.ini 配置文件」
[root@controller neutron]# cd plugins/ml2/
[root@controller ml2]# pwd
/etc/neutron/plugins/ml2
[root@controller ml2]# cp -a ml2_conf.ini ml2_conf.ini.bak
[root@controller ml2]#>ml2_conf.ini
[root@controller ml2]#vim ml2_conf.ini
[DEFAULT]
[l2pop]
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_geneve]
[ml2_type_gre]
[ml2_type_vlan]
[ml2_type_vxlan]
[securitygroup]
enable_ipset = true
-
编辑 /etc/neutron/plugins/ml2/linuxbridge_agent.ini配置文件
[root@controller ml2]#
[root@controller ml2]# ls -l
total 36
-rw-r----- 1 root neutron 10183 Oct 23 2019 linuxbridge_agent.ini
-rw-r----- 1 root neutron 281 Jan 13 15:19 ml2_conf.ini
-rw-r----- 1 root neutron 9763 Oct 23 2019 ml2_conf.ini.bak
-rw-r----- 1 root neutron 6126 Oct 23 2019 sriov_agent.ini
[root@controller ml2]# egrep -v "^$|^#" linuxbridge_agent.ini.bak > linuxbridge_agent.ini
[root@controller ml2]# vim linuxbridge_agent.ini
[DEFAULT]
[agent]
[linux_bridge]
[network_log]
[securitygroup]
[vxlan]
[root@controller ml2]# vim linuxbridge_agent.ini
[root@controller ml2]# more linuxbridge_agent.ini
[DEFAULT]
[agent]
[linux_bridge]
#指定虚拟网络与物理网络互通的物理接口,通过ip addr命令查看
physical_interface_mappings = provider:ens32
[network_log]
[securitygroup]
#启用安全组与Linux bridge iptables的防火墙驱动
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
#禁用vxvlan
enable_vxlan = false
#创建链接
[root@controller ml2]#ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
-
「确保 Linux 系统 kernel 支持 network bridge」
[root@controller ~]# modprobe br_netfilter
[root@controller ~]# cat <<EOF >> /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
> EOF
[root@controller ~]# sysctl -p
#在iptables链中过滤IPv4包
net.bridge.bridge-nf-call-iptables = 1
#在ip6tables链中过滤IPv6包
net.bridge.bridge-nf-call-ip6tables = 1
❝
错误现象:
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory解决方案:modprobe br_netfilter
❞
-
编辑**/etc/neutron/dhcp_agent.ini**配置文件
[root@controller ~]# cd /etc/neutron/
[root@controller neutron]# cp -a dhcp_agent.ini dhcp_agent.ini.bak
[root@controller neutron]# egrep -v "^$|^#" dhcp_agent.ini.bak > dhcp_agent.ini
[root@controller neutron]# vim dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
[agent]
[ovs]
配置 metadata agent 服务
Metadata 服务能够向虚机提供主机名,ssh 公钥,网络配置、用户传入的一些定制数据等其他信息。
编辑**/etc/neutron/metadata_agent.ini**配置文件
[root@controller neutron]# cp -a metadata_agent.ini metadata_agent.ini.bak
[root@controller neutron]#egrep -v "^$|^#" metadata_agent.ini.bak > metadata_agent.ini
[root@controller neutron]# vim metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
[agent]
[cache]
配置 nove 服务使用 neutron
编辑**/etc/nova/nova.conf**,配置[neutron] 段,其他不变。
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
网络服务脚本初始化软链接
网络服务脚本初始化需要 ML2 插件配置文件的软链接
[root@controller ~]#ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步 neutron 数据库
[root@controller neutron]#su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
#验证
[root@controller neutron]# mysql neutron -e "show tables;"
+-----------------------------------------+
| Tables_in_neutron |
+-----------------------------------------+
| address_scopes |
| agents |
| alembic_version |
| allowedaddresspairs |
| arista_provisioned_nets |
...
❝
注意:
同步数据库放在了最后,因为脚本需要各种服务及插件配置完成后才能操作。
❞
重启 nova-api 服务
[root@controller ~]# systemctl restart openstack-nova-api.service
[root@controller ~]# ss -lntp |grep nova-api
LISTEN 0 128 *:8774 *:* users:(("nova-api",pid=18265,fd=6),("nova-api",pid=18264,fd=6),("nova-api",pid=18261,fd=6),("nova-api",pid=18260,fd=6),("nova-api",pid=18248,fd=6))
LISTEN 0 128 *:8775 *:* users:(("nova-api",pid=18265,fd=7),("nova-api",pid=18264,fd=7),("nova-api",pid=18248,fd=7))
neutron 服务启动
#开机启动
systemctl enable neutron-server.service
neutron-linuxbridge-agent.service neutron-dhcp-agent.service
neutron-metadata-agent.service
#启动服务
systemctl start neutron-server.service
neutron-linuxbridge-agent.service neutron-dhcp-agent.service
neutron-metadata-agent.service
❝
注意:如果我们当初采用的是 Option 2 网络类型,还需要再启动 layer-3 服务
❞
# systemctl enable neutron-l3-agent.service
# systemctl start neutron-l3-agent.service
在 compute node 安装配置 neuthon 组件
安装软件包
yum install -y openstack-neutron-linuxbridge ebtables ipset
编辑 「/etc/neutron/neutron.conf」配置文件
[root@compute1 ~]# cd /etc/neutron/
[root@compute1 neutron]# ll
total 76
drwxr-xr-x 4 root root 67 Jan 13 20:42 conf.d
-rw-r----- 1 root neutron 73390 Oct 23 2019 neutron.conf
drwxr-xr-x 3 root root 17 Jan 13 20:42 plugins
-rw-r--r-- 1 root root 1195 Oct 23 2019 rootwrap.conf
[root@compute1 neutron]# cp -a neutron.conf neutron.conf.bak
[root@compute1 neutron]# egrep -v "^$|^#" neutron.conf.bak > neutron.conf
[root@compute1 neutron]# vim neutron.conf
-
[DEFAULT]段
[DEFAULT]
# RabbitMQ消息阵列访问
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
-
[keystone_authtoken]段
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
-
[oslo_concurrency]段
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
neutron 网络配置(option 1 类型)
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@compute1 neutron]# cd plugins/ml2/
[root@compute1 ml2]# pwd
/etc/neutron/plugins/ml2
root@compute1 ml2]# ls -l
total 12
-rw-r----- 1 root neutron 10183 Oct 23 2019 linuxbridge_agent.ini
[root@compute1 ml2]# cp -a linuxbridge_agent.ini linuxbridge_agent.ini.bak
[root@compute1 ml2]# egrep -v "^$|^#" linuxbridge_agent.ini.bak > linuxbridge_agent.ini
[root@compute1 ml2]# vim linuxbridge_agent.ini
-
[linux_bridge]段
指定虚拟网络与物理网络互通的物理接口,通过ip addr命令查看
physical_interface_mappings = provider:ens32
-
[vxlan]段
enable_vxlan = false
-
[securitygroup]段
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
确保 Linux 系统 kernel 支持 network bridge
[root@compute1 ~]# modprobe br_netfilter
[root@compute1 ~]# cat <<EOF >> /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
[root@compute1 ~]# sysctl -p
❝
#在 iptables 链中过滤 IPv4 包 net.bridge.bridge-nf-call-iptables = 1 #在 ip6tables 链中过滤 IPv6 包 net.bridge.bridge-nf-call-ip6tables = 1
❞
配置 nova 使用 neutron 服务
编辑/etc/nova/nova.conf配置文件
[root@compute1 ml2]# cd /etc/nova/
[root@compute1 nova]# vim nova.conf
#修改[neutron]段,添加如下内容:
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
启动相关服务
重启 nove 服务
systemctl restart openstack-nova-compute.service
❝
注意:此命令没有任何输出
❞
启动Linuxbridge agent服务并设置为开机启动
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
neutron 功能验证
在controller node上操作
[root@controller ~]# openstack network agent list
如果出现任何问题,一定首先看日志,日志路径:
/var/log/neutron
[root@controller neutron]# tree
.
├── dhcp-agent.log
├── linuxbridge-agent.log
├── metadata-agent.log
└── server.log
0 directories, 4 files
关于 neutron 的安装配置到此告一段落,Good lucky!
扫描二维码获取
更多精彩
带米的笨老头
原文始发于微信公众号(带米的笨老头):
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
文章由极客之音整理,本文链接:https://www.bmabk.com/index.php/post/20810.html
