Centos7.4安裝openstack（queens）詳細安裝部署（五）－網絡服務（neutron）安裝

一、創庫授權

　　1.1.、（控制節點）配置數據庫 

mysql -u root -pADMIN_PASS

　　1.2、創建數據庫並配置權限

CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'ADMIN_PASS';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'ADMIN_PASS';

　　1.3、控制節點）創建認證信息 

openstack user create --domain default --password ADMIN_PASS neutron

openstack role add --project service --user neutron admin

openstack service create --name neutron --description "OpenStack Networking" network

openstack endpoint create --region RegionOne network public http://controller:9696

openstack endpoint create --region RegionOne network internal http://controller:9696

openstack endpoint create --region RegionOne network admin http://controller:9696

二、安裝服務

　　1.1、（控制節點）安裝軟件包並配置配置文件 

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

　　1.2、編輯/etc/neutron/neutron.conf文件並配置如下項

/etc/neutron/neutron.conf
cp /etc/neutron/neutron.conf{,.bak}
grep '^[a-z\[]' /etc/neutron/neutron.conf.bak >/etc/neutron/neutron.conf

[database]
connection = mysql+pymysql://neutron:ADMIN_PASS@controller/neutron
...

[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:ADMIN_PASS@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
...

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = ADMIN_PASS
...

[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = ADMIN_PASS
...
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

　　1.3、編輯/etc/neutron/plugins/ml2/ml2_conf.ini文件配置二層插件

cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
grep '^[a-z\[]' /etc/neutron/plugins/ml2/ml2_conf.ini.bak >/etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
...

[ml2_type_flat]
flat_networks = provider
...

[ml2_type_vxlan]
vni_ranges = 1:1000
...

[securitygroup]
enable_ipset = true

　　1.4、編輯/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件配置linux bridge插件

cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
grep '^[a-z\[]' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak >/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:ens34   #第二張網卡網卡名
...

[vxlan]
enable_vxlan = true
local_ip = 172.16.1.11
l2_population = true
...

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

　　1.5、確認內核支持網橋filters並作如下設置，編輯/etc/sysctl.conf增加以下內容

/etc/sysctl.conf

net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1

　　1.6、載入br_netfilter模塊

modprobe br_netfilter

　　從配置文件加載內核參數

sysctl -p

　　1.7、編輯/etc/neutron/l3_agent.ini配置三層插件

/etc/neutron/l3_agent.ini

[DEFAULT]
interface_driver = linuxbridge

　　1.8、編輯/etc/neutron/dhcp_agent.ini配置dhcp插件

/etc/neutron/dhcp_agent.ini

[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

　　1.9、編輯/etc/neutron/metadata_agent.ini文件配置metadata插件

/etc/neutron/metadata_agent.ini

[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = ADMIN_PASS

　　2.0、編輯文件/etc/nova/nova.conf配置計算服務使用網絡服務

/etc/nova/nova.conf

[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = ADMIN_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = ADMIN_PASS

三、（控制節點）完成安裝，導入數據庫表，並啟動服務

　　1.1、創建鏈接文件

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

　　1.2、導入數據庫結構

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

　　1.3、重啟計算服務，設置網絡服務的開機自啟動，並啟動網絡服務

systemctl restart openstack-nova-api.service

systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service

四、（計算節點）計算節點安裝網絡服務

　　1.1、安裝軟件包

yum install openstack-neutron-linuxbridge ebtables ipset -y

　　1.2、編輯/etc/neutron/neutron.conf文件完成如下項

cp /etc/neutron/neutron.conf{,.bak}
grep '^[a-z\[]' /etc/neutron/neutron.conf.bak >/etc/neutron/neutron.conf

[DEFAULT]
transport_url = rabbit://openstack:ADMIN_PASS@controller
auth_strategy = keystone
...

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = ADMIN_PASS
...
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

　　1.3、配置linux bridge插件，編輯/etc/neutron/plugins/ml2/linuxbridge_agent.ini完成如下項

cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
grep '^[a-z\[]' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak >/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens34  #第二張網卡名
...
[vxlan]
enable_vxlan = true
local_ip = 172.16.1.31
l2_population = true
...

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

　　1.4、確認內核支持網橋filters並作如下設置，編輯/etc/sysctl.conf增加以下內容

net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1

　　1.5、載入br_netfilter模塊

modprobe br_netfilter

　　1.6、從配置文件加載內核參數

sysctl -p　　

　　1.7、配置計算服務使用網絡服務/etc/nova/nova.conf

[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = ADMIN_PASS

　　1.8、完成安裝，設置服務

systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service

五、（控制節點）驗證操作

　　1.1、執行命令驗證是否成功啟動

neutron-server
openstack extension list --network

　　1.2、執行命令列出插件，驗證網絡插件是否成功啟動

openstack network agent list

 六、打通第二張網卡（用於vxaln隧道的）網絡

　　1、修改控制節點第二張網卡

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens34
UUID=c7fc6c96-2cf4-4e4e-b0e9-c3d6103c0a02
DEVICE=ens34
ONBOOT=yes
IPADDR="172.16.1.11"
NETMASK="255.255.255.0"

　　2、啟動單張網卡

ifup ens34
ifconfig eth1 172.16.1.11 netmask 255.255.255.0

　　3、修改計算節點第二張網卡

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens34
UUID=6346da53-51b2-4bf7-bd01-244df80590dc
DEVICE=ens34
ONBOOT=yes
IPADDR="172.16.1.31"
NETMASK="255.255.255.0"

　　4、啟動單張網卡

ifup ens34

　　5、驗證操作