OpenStack--部署网络服务neutron

1、数据库准备：

#1：SQL 服务器创建数据库并授权：
[root@linux-host4 ~]# mysql -uroot –p
MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 
'neutron123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

#2：控制端测试连接：
[root@linux-host1 ~]# mysql -uneutron -pneutron123 -h192.168.10.100

2、创建 neutron 服务并注册：

#1：创建 neutron 服务：
[root@linux-host1 ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value | +-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 154c0450a2be4a8fa0d8819e5f045bc0 |
| name | neutron |
| type | network |
+-------------+----------------------------------+

#2：注册公共端点：
[root@linux-host1 ~]# openstack endpoint create --region RegionOne network public http://192.168.10.100:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ba022a5dd78c469bb4f82bc655d84720 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 154c0450a2be4a8fa0d8819e5f045bc0 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.10.100:9696 |
+--------------+----------------------------------+

#3：注册私有端点：
[root@linux-host1 ~]# openstack endpoint create --region RegionOne network internal http://192.168.10.100:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b608eee2d21a4808953e5a9a9e761e92 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 154c0450a2be4a8fa0d8819e5f045bc0 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.10.100:9696 |
+--------------+----------------------------------+

#4：注册管理端点：
[root@linux-host1 ~]# openstack endpoint create --region RegionOne network admin http://192.168.10.100:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 00a1f952c49348e09f4ebfeb20233825 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 154c0450a2be4a8fa0d8819e5f045bc0 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.10.100:9696 |
+--------------+----------------------------------+

#5：验证端点添加成功：

#6：配置 haproxy 负载：
[root@linux-host4 ~]# vim /etc/haproxy/haproxy.cfg
listen neutron
 bind 192.168.10.100:9696
 mode tcp
 log global
 balance source
 server neutron-server 192.168.10.201:9696 check inter 5000 rise 3 fall 3
 
#7：重启 haproxy：
[root@linux-host4 ~]# systemctl restart haproxy

#8：验证端口：

3、部署 neutron 控制端：

#1：控制端安装 neutron：
[root@linux-host1 ~]# yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

#2：编辑 neutron 配置文件：
[root@linux-host1 ~]# vim /etc/neutron/neutron.conf
766 connection = mysql+pymysql://neutron:neutron123@192.168.10.100/neutron
30 core_plugin = ml2
33 service_plugins =
570 transport_url = rabbit://openstack:123456@192.168.10.205
27 auth_strategy = keystone
846 [keystone_authtoken]
847 auth_uri = http://192.168.10.100:5000
848 auth_url = http://192.168.10.100:35357
849 memcached_servers = 192.168.10.100:11211
850 auth_type = password
851 project_domain_name = default
852 user_domain_name = default
853 project_name = service
854 username = neutron
855 password = neutron
99 notify_nova_on_port_status_changes = true
103 notify_nova_on_port_data_changes = true
1075 [nova]
1076 auth_url = http://192.168.10.100:35357
1077 auth_type = password
1078 project_domain_name = default
1079 user_domain_name = default
1080 region_name = RegionOne
1081 project_name = service
1082 username = nova
1083 password = nova
1197 lock_path = /var/lib/neutron/tmp

#3：Modular Layer 2：
#ML2 插件使用 Linuxbridge 机制来为实例创建 layer－2 虚拟网络基础设施
[root@linux-host1 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
122 type_drivers = flat,vlan
127 tenant_network_types =
131 mechanism_drivers = linuxbridge
136 extension_drivers = port_security
172 flat_networks = internal
249 enable_ipset = true
#当前配置：
[root@linux-host1 ~]# grep -n "^[a-Z\[]" /etc/neutron/plugins/ml2/ml2_conf.ini 
1:[DEFAULT]
113:[ml2]
122:type_drivers = flat,vlan
127:tenant_network_types = 
131:mechanism_drivers = linuxbridge
136:extension_drivers = port_security
163:[ml2_type_flat]
172:flat_networks = internal
233:[securitygroup]
249:enable_ipset = true

#4：配置 linuxbridge 代理：
[root@linux-host1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
155 physical_interface_mappings = internal:eth0 #内部网络
188 enable_vxlan = false
173 enable_security_group = true
168 firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#/usr/lib/python2.7/site-packages/neutron/agent/linux/iptables_firewall.py
#当前配置：
[root@linux-host1 ~]# grep -n "^[a-Z\[]" /etc/neutron/plugins/ml2/linuxbridge_agent.ini 
1:[DEFAULT]
113:[agent]
144:[linux_bridge]
155:physical_interface_mappings = internal:eth0
161:[securitygroup]
168:firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
173:enable_security_group = true
180:[vxlan]
188:enable_vxlan = false

#5：配置 DHCP 代理：
[root@linux-host1 ~]# vim /etc/neutron/dhcp_agent.ini
16 interface_driver = linuxbridge
32 dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
41 enable_isolated_metadata = true

#6：配置元数据代理：
[root@linux-host1 ~]# vim /etc/neutron/metadata_agent.ini
22 nova_metadata_ip = 192.168.10.100
34 metadata_proxy_shared_secret = 20170912
#当前配置：
[root@linux-host1 ~]# grep -n "^[a-Z\[]" /etc/neutron/metadata_agent.ini 
1:[DEFAULT]
22:nova_metadata_ip = 192.168.10.100
34:metadata_proxy_shared_secret = 20170912
185:[agent]
200:[cache]

#7：配置 nova 调用 neutron：
[root@linux-host1 ~]# vim /etc/nova/nova.conf
6935 [neutron]
6936 url = http://192.168.10.100:9696
6937 auth_url = http://192.168.10.100:35357
6938 auth_type = password
6939 project_domain_name = default
6940 user_domain_name = default
6941 region_name = RegionOne
6942 project_name = service
6943 username = neutron
6944 password = neutron
6945 service_metadata_proxy = true
6946 metadata_proxy_shared_secret = 20170912

#8：创建软连接：
[root@linux-host1 ~]# ln -sv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

#9：初始化数据库：
[root@linux-host1 ~]# su -s /bin/sh -c "neutron-db-manage --config-file 
/etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" 
neutron

#10：启 nova API 服务：
[root@linux-host1 ~]# systemctl restart openstack-nova-api.service

#11：验证 nova api 日志有没有报错：
[root@linux-host1 ~]# tail -n200 /var/log/nova/nova-api.log -f

#12：配置 haproxy 代理：
[root@linux-host4 ~]# vim /etc/haproxy/haproxy.cfg
listen nova-api
 bind 192.168.10.100:8775
 mode tcp
 log global
 balance source
 server nova-server1 192.168.10.201:8775 check inter 5000 rise 3 fall 3
 
#13：启动 neutron 服务并设置为开机启动：
[root@linux-host1 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@linux-host1 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

#14：验证 neutron 日志：
[root@linux-host1 ~]# tail -f /var/log/neutron/*.log

#15：验证 neutron 控制端是否注册成功：
#此步骤要求各服务器时间必须一致

#16：neutron 控制端重启脚本：
[root@linux-host1 ~]# cat neutron-restart.sh 
#!/bin/bash
systemctl restart openstack-nova-api.service neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@linux-host1 ~]# chmod a+x neutron-restart.sh

4、部署 neutron 计算节点：

[root@linux-host2 ~]# yum install openstack-neutron-linuxbridge ebtables ipset –y

#1：编辑配置文件：
[root@linux-host2 ~]# vim /etc/neutron/neutron.conf
27 auth_strategy = keystone
571 transport_url = rabbit://openstack:123456@192.168.10.205
846 [keystone_authtoken]
847 auth_uri = http://192.168.10.100:5000
848 auth_url = http://192.168.10.100:35357
849 memcached_servers = 192.168.10.100:11211
850 auth_type = password
851 project_domain_name = default
852 user_domain_name = default
853 project_name = service
854 username = neutron
855 password = neutron
1188 lock_path = /var/lib/neutron/tmp

#2：配置 linuxbridge 代理：
[root@linux-host2 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
155 physical_interface_mappings = internal:eth0
168 firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
188 enable_vxlan = false
173 enable_security_group = true
#当前配置：
[root@linux-host2 ~]# grep -n "^[a-Z\[]" /etc/neutron/plugins/ml2/linuxbridge_agent.ini 
1:[DEFAULT]
113:[agent]
144:[linux_bridge]
155:physical_interface_mappings = internal:eth0
161:[securitygroup]
168:firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
173:enable_security_group = true
180:[vxlan]
188:enable_vxlan = false

#3：配置 nova 调用使用网络：
[root@linux-host2 ~]# vim /etc/nova/nova.conf
6933 [neutron]
6934 url = http://192.168.10.100:9696
6935 auth_url = http://192.168.10.100:35357
6936 auth_type = password
6937 project_domain_name = default
6938 user_domain_name = default
6939 region_name = RegionOne
6940 project_name = service
6941 username = neutron
6942 password = neutron

#4：重启 nova 服务：
[root@linux-host2 ~]# systemctl restart openstack-nova-compute.service

#5：启动 neutron 并设置为开机启动：
[root@linux-host2 ~]# systemctl enable neutron-linuxbridge-agent.service
[root@linux-host2 ~]# systemctl start neutron-linuxbridge-agent.service

#6：验证 neutron 日志：

#7：neutron 控制端验证计算节点是否注册成功：
[root@linux-host1 ~]# neutron agent-list

#8：验证 neutron server 进程是否正常运行：
[root@linux-host1 ~]# openstack extension list --network