OpenStack（Queens）详细安装部署（五）－网络服务（neutron）安装

最新推荐文章于 2023-12-19 07:56:03 发布

林大大.

最新推荐文章于 2023-12-19 07:56:03 发布

阅读量3.2k

点赞数

分类专栏： openstack Queens 云计算文章标签： openstack 安装部署 queens q版本

本文链接：https://blog.csdn.net/LL_JCB/article/details/80193734

版权

openstack 同时被 3 个专栏收录

27 篇文章 8 订阅

订阅专栏

云计算

16 篇文章 0 订阅

订阅专栏

Queens

3 篇文章 0 订阅

订阅专栏

本文为扶艾原创文章，版权所有，禁止转载！

本篇文章是本系列的第五篇文章，将继续进行OpenStack网络服务的安装

六、安装网络服务

6.1 （控制节点）配置数据库
- 连接数据库

# mysql -u root -pfuai123

创建数据库并配置权限

MariaDB [(none)] CREATE DATABASE neutron;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY 'fuai123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY 'fuai123';

6.2 （控制节点）创建认证信息
- 设置admin环境变量

# . admin-openrc

创建neutron用户

密码我设置的fuai123

# openstack user create --domain default --password-prompt neutron

User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 7e9b55f8c652478784749ac8fb616a4c |
| name                | neutron                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

将admin角色添加给neutron用户

# openstack role add --project service --user neutron admin

创建neutron服务

# openstack service create --name neutron \
  --description "OpenStack Networking" network

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | 43992283bd8d426a8956751c40a0de49 |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+

将网络服务端口信息注册到认证服务

# openstack endpoint create --region RegionOne \
  network public http://controller:9696

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | c183875c07a54aea810bbdd9e1104827 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 43992283bd8d426a8956751c40a0de49 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+

# openstack endpoint create --region RegionOne \
  network internal http://controller:9696

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 78b007a132654268a8d822f3f2b64678 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 43992283bd8d426a8956751c40a0de49 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+

# openstack endpoint create --region RegionOne \
  network admin http://controller:9696

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 5f152d4b081e448b8e9e76ba002800be |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 43992283bd8d426a8956751c40a0de49 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+

注意：我将采用self-service network的方式部署网络

6.3 （控制节点）安装软件包并配置配置文件
- 安装软件包

# yum install openstack-neutron openstack-neutron-ml2 \
  openstack-neutron-linuxbridge ebtables -y

编辑/etc/neutron/neutron.conf文件并配置如下项

[database]
connection = mysql+pymysql://neutron:fuai123@controller/neutron
...

[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:fuai123@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
...

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = fuai123
...

[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = fuai123
...

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
...

编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件配置二层插件

[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
...

[ml2_type_flat]
flat_networks = provider
...

[ml2_type_vxlan]
vni_ranges = 1:1000
...

[securitygroup]
enable_ipset = true
...

编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件配置linux bridge插件

[linux_bridge]
physical_interface_mappings = provider:enp0s8   #第二张网卡网卡名
...

[vxlan]
enable_vxlan = true
local_ip = 192.168.0.77
l2_population = true
...

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
...

确认内核支持网桥filters并作如下设置，编辑/etc/sysctl.conf增加以下内容

net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1

载入br_netfilter模块

# modprobe br_netfilter

从配置文件加载内核参数

# sysctl -p

编辑/etc/neutron/l3_agent.ini配置三层插件

[DEFAULT]
interface_driver = linuxbridge
...

编辑/etc/neutron/dhcp_agent.ini配置dhcp插件

[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
...

编辑/etc/neutron/metadata_agent.ini文件配置metadata插件

[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = fuai123
...

编辑文件/etc/nova/nova.conf配置计算服务使用网络服务

[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = fuai123
service_metadata_proxy = true
metadata_proxy_shared_secret = fuai123
...

6.4 （控制节点）完成安装，导入数据库表，并启动服务

创建链接文件

# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

导入数据库结构

# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

重启计算服务

# systemctl restart openstack-nova-api.service

设置网络服务的开机自启动，并启动网络服务

# systemctl enable neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
# systemctl start neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service

# systemctl enable neutron-l3-agent.service
# systemctl start neutron-l3-agent.service

6.5 （计算节点）计算节点安装网络服务

安装软件包

# yum install openstack-neutron-linuxbridge ebtables ipset -y

编辑/etc/neutron/neutron.conf文件完成如下项

[DEFAULT]
transport_url = rabbit://openstack:fuai123@controller
auth_strategy = keystone
...

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = fuai123
...

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
...

配置linux bridge插件，编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini完成如下项

[linux_bridge]
physical_interface_mappings = provider:enp0s8  #第二张网卡名
...

[vxlan]
enable_vxlan = true
local_ip = 192.168.0.78
l2_population = true
...

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
...

确认内核支持网桥filters并作如下设置，编辑/etc/sysctl.conf增加以下内容

net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1

载入br_netfilter模块

# modprobe br_netfilter

从配置文件加载内核参数

# sysctl -p

配置计算服务使用网络服务/etc/nova/nova.conf

[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = fuai123
...

完成安装，设置服务

# systemctl restart openstack-nova-compute.service

# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service

6.6 （控制节点）验证操作

设置admin环境变量

# . admin-openrc

执行命令验证是否成功启动neutron-server

这个输出内容太多就没有粘贴出来

# openstack extension list --network

执行命令列出插件，验证网络插件是否成功启动

# openstack network agent list

+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host       | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 4859bc89-2ec8-42e3-aa4e-9bd6173aa996 | DHCP agent         | controller | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 53f36185-cd1a-437f-9b48-151c641a0018 | L3 agent           | controller | nova              | :-)   | UP    | neutron-l3-agent          |
| 68145ddd-7af4-4617-9dd4-026650a3b962 | Metadata agent     | controller | None              | :-)   | UP    | neutron-metadata-agent    |
| 8814a062-43e8-41a8-9fb7-0b07e6160dbf | Linux bridge agent | controller | None              | :-)   | UP    | neutron-linuxbridge-agent |
| fbe37150-a54b-40cb-91e6-30552a3dbcf2 | Linux bridge agent | compute    | None              | :-)   | UP    | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+

至此，OpenStack网络服务已经安装验证完成，下面将进行界面的安装，具体请参见文章《OpenStack（Queens）详细安装部署（六）－界面（horizon）安装》

更多精彩内容，OpenStack干货请扫描下方二维码，关注我们微信公众号“扶艾”！
这里写图片描述

林大大.

关注

0
点赞
踩
5

收藏

觉得还不错? 一键收藏
0
评论
OpenStack（Queens）详细安装部署（五）－网络服务（neutron）安装

本文为扶艾原创文章，版权所有，禁止转载！本篇文章是本系列的第五篇文章，将继续进行OpenStack网络服务的安装六、安装网络服务6.1 （控制节点）配置数据库 - 连接数据库# mysql -u root -pfuai123创建数据库并配置权限MariaDB [(none)] CREATE DATABASE neutron;MariaDB [(none...
复制链接

扫一扫

专栏目录