neutron組件安裝分為控制節點和計算節點,還是先從控制節點安裝
1、前提條件,數據庫為nova創建庫和賬戶密碼來連接數據庫
# mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
2、向keystone驗明身份
# source admin-openrc
3、創建neutron用戶:
# openstack user create --domain default --password-prompt neutron 設定密碼:neutron
將admin角色添加到neutron用戶上:
# openstack role add --project service --user neutron admin
創建neutron服務實體:
# openstack service create --name neutron --description "OpenStack Networking" network
創建網絡服務API endpoints:
# openstack endpoint create --region RegionOne network public http://192.168.101.10:9696 # openstack endpoint create --region RegionOne network internal http://192.168.101.10:9696 # openstack endpoint create --region RegionOne network admin http://192.168.101.10:9696
配置網絡選項:
有兩種網絡選項:
1、provider (external) networks(供應商網絡)
2、self-service networks(私有自助網絡)
這里以provider networks作為示例演示,以后會推出第二種網絡模式
開始進行安裝網絡組件:
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
然后進行配置數據庫、認證、消息隊列等信息:編輯配置文件/etc/neutron/neutron.conf
[database] connection = mysql+pymysql://neutron:neutron@192.168.101.10/neutron [DEFAULT] core_plugin = ml2 service_plugins = transport_url = rabbit://openstack:openstack@192.168.101.10 auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true 啟用ml2插件並disable additional plug-ins [keystone_authtoken] auth_uri = http://192.168.101.10:5000 auth_url = http://192.168.101.10:35357 memcached_servers = 192.168.101.10:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron [nova] auth_url = http://192.168.101.10:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = nova [oslo_concurrency] lock_path = /var/lib/neutron/tmp
配置模塊layer2 插件信息:修改配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2] type_drivers = flat,vlan tenant_network_types = 取消self-service networks mechanism_drivers = linuxbridge 啟用Linux bridge mechanism extension_drivers = port_security 啟用the port security extension driver [ml2_type_flat] flat_networks = provider [securitygroup] enable_ipset = true
配置Linux橋接agent:修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME Replace PROVIDER_INTERFACE_NAME with the name of the underlying provider physical network interface(底層提供商物理網絡接口的名稱也就是ens33) node1的底層物理網卡設備為ens33,所以這里設置為這個 [vxlan] enable_vxlan = false [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置dhcp agent:修改/etc/neutron/dhcp_agent.ini
[DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true
上面總共修改了下面四種配置文件:
# vim /etc/neutron/neutron.conf # vim /etc/neutron/plugins/ml2/ml2_conf.ini # vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini # vim /etc/neutron/dhcp_agent.ini
配置完了網絡服務后,然后開啟配置metadata agent:
修改配置文件:/etc/neutron/metadata_agent.ini
[DEFAULT] nova_metadata_ip = 192.168.101.10 metadata_proxy_shared_secret = METADATA_SECRET (使用neutron或者matadata或者其他都可以,保持和下面一直,這是自定義的密鑰),這里采用neutron,Replace METADATA_SECRET with a suitable secret for the metadata proxy.
配置計算服務能夠使用網絡服務:修改/etc/nova/nova.conf
[neutron] url = http://192.168.101.10:9696 auth_url = http://192.168.101.10:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET(使用neutron或者matadata都可以,保持和上面一直),由於上面設置的neutron,這里也是neutron
進行鏈接:
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
向數據庫填充數據:
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
Restart the Compute API service:
# systemctl restart openstack-nova-api.service
開啟網絡服務:
# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
2、在計算節點上安裝網絡服務:
1、安裝組件:
# yum install openstack-neutron-linuxbridge ebtables ipset
2、配置通用組件:修改/etc/neutron/neutron.conf
[DEFAULT] transport_url = rabbit://openstack:openstack@192.168.101.10 auth_strategy = keystone [keystone_authtoken] auth_uri = http://192.168.101.10:5000 auth_url = http://192.168.101.10:35357 memcached_servers = 192.168.101.10:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron [oslo_concurrency] lock_path = /var/lib/neutron/tmp
和控制節點一樣,配置網絡服務(兩種網絡服務選擇其中一個,以provider networks為例)
3、配置provider networks
配置橋接agent:修改文件/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME Replace PROVIDER_INTERFACE_NAME with the name of the underlying provider physical network interface.(底層提供商物理網絡接口的名稱也就是ens33)node2的底層物理網卡設備為ens33,所以這里設置為這個
在[vxlan]配置如下:
[vxlan] enable_vxlan = false [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
4、配置計算服務去使用網絡服務:/etc/nova/nova.conf
[neutron] url = http://192.168.101.10:9696 auth_url = http://192.168.101.10:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron
然后重啟計算服務:
# systemctl restart openstack-nova-compute.service
開啟bridge agent:
# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service
以上操作完成后,網絡服務neutron就安裝完成了
校驗neutron的安裝:在控制節點上執行
# source admin-openrc List loaded extensions to verify successful launch of the neutron-server process: # openstack extension list --network
針對網絡:provider networks的校驗:
List agents to verify successful launch of the neutron agents:
# openstack network agent list
至此neutron基於provider networks這樣的網絡服務就搭建成功了
安裝neutron修改了哪些配置文件:
控制節點:
/etc/neutron/neutron.conf /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/dhcp_agent.ini /etc/neutron/metadata_agent.ini /etc/nova/nova.conf
計算節點:
/etc/neutron/neutron.conf /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/nova/nova.conf