安装和配置控制器节点
参考安装网站
https://docs.openstack.org/neutron/stein/install/controller-install-rdo.html
创建neutron数据库:
[root@mysql ~]# mysql -uroot -p123456
MariaDB [(none)]> CREATE DATABASE neutron;
授予对neutron数据库的适当访问权限,NEUTRON_DBPASS并用合适的密码代替 :
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron123';
测试连接
[root@controller1 ~]# mysql -uneutron -pneutron123 -h 192.168.200.105
创建neutron用户:
[root@controller1 ~]# source scripts/admin-stein.sh
[root@controller1 ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | c12058276278430fbf36271c39c4e356 |
| enabled | True |
| id | d6c4c7bda1e94cfdab641fba05efe3c8 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
admin向neutron用户添加角色:
[root@controller1 ~]# openstack role add --project service --user neutron admin
创建neutron服务实体:
[root@controller1 ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 2eada1d5feff42ffb1ebf23f2c928e58 |
| name | neutron |
| type | network |
创建网络服务API端点:
[root@controller1 ~]# openstack endpoint create --region RegionOne network public http://openstack-vip.wyh.net:9696
[root@controller1 ~]# openstack endpoint create --region RegionOne network internal http://openstack-vip.wyh.net:9696
[root@controller1 ~]# openstack endpoint create --region RegionOne network admin http://openstack-vip.wyh.net:9696
配置桥接网络
参考网站https://docs.openstack.org/neutron/stein/install/controller-install-option1-rdo.html
## 联网选项1:提供商网络
安装的组件
[](https://docs.openstack.org/neutron/stein/install/controller-install-rdo.html)
[root@controller1 ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
编辑/etc/neutron/neutron.conf文件并完成以下操作:
在该[database]部分中,配置数据库访问
[database]
connection = mysql+pymysql://neutron:neutron123@openstack-vip.wyh.net/neutron
在该[DEFAULT]部分中,启用模块化第2层(ML2)插件并禁用其他插件:
[DEFAULT]
core_plugin = ml2
service_plugins =
在该[DEFAULT]部分中,配置RabbitMQ 消息队列访问:
transport_url = rabbit://openstack:openstack123@openstack-vip.wyh.net
auth_strategy = keystone
在[DEFAULT]和[keystone_authtoken]部分中,配置身份服务访问:
www_authenticate_uri = http://openstack-vip.wyh.net:5000
auth_url = http://openstack-vip.wyh.net:5000
memcached_servers = openstack-vip.wyh.net:11211
auth_type = password
project_domain_name = openstack-vip.wyh.net
user_domain_name = openstack-vip.wyh.net
project_name = service
username = neutron
password = neutron
在[DEFAULT]和[nova]部分中,将网络配置为通知Compute网络拓扑更改:
[DEFAULT]
# ...
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
把nova配置到最后
[nova]
auth_url = http://openstack-vip.wyh.net:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
在该[oslo_concurrency]部分中,配置锁定路径:
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置模块化层2(ML2)插件¶
ML2插件使用Linux桥接器机制为实例构建第2层(桥接和交换)虚拟网络基础架构。
-
编辑
/etc/neutron/plugins/ml2/ml2_conf.ini
文件并完成以下操作:
[ml2]
在本`[ml2]`节中,启用平面和VLAN网络:
type_drivers = flat,vlan
在该[ml2]部分中,禁用自助服务网络:
tenant_network_types =
在本[ml2]节中,启用Linux桥接机制:
mechanism_drivers = linuxbridge
在此[ml2]部分中,启用端口安全扩展驱动程序:
extension_drivers = port_security
在本[ml2_type_flat]节中,将提供者虚拟网络配置为平面网络:
[ml2_type_flat]
# ...
flat_networks = external
在本[securitygroup]节中,启用ipset以提高安全组规则的效率:
[securitygroup]
# ...
enable_ipset = true
## 配置Linux网桥代理[¶](https://docs.openstack.org/neutron/stein/install/controller-install-option1-rdo.html#configure-the-linux-bridge-agent "固定到该标题")
Linux网桥代理为实例构建第2层(桥接和交换)虚拟网络基础结构并处理安全组。
* 编辑`/etc/neutron/plugins/ml2/linuxbridge_agent.ini`文件并完成以下操作:
* 在本`[linux_bridge]`节中,将提供者虚拟网络映射到提供者物理网络接口:
[linux_bridge]
physical_interface_mappings = external:eth0
在该[vxlan]部分中,禁用VXLAN覆盖网络:
[vxlan]
enable_vxlan = false
在该[securitygroup]部分中,启用安全组并配置Linux网桥iptables防火墙驱动程序:
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
通过验证以下所有sysctl值是否设置为确保Linux操作系统内核支持网桥过滤器1:
[root@controller1 ~]# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
[root@controller1 ~]# sysctl -p
## 配置DHCP代理[¶](https://docs.openstack.org/neutron/stein/install/controller-install-option1-rdo.html#configure-the-dhcp-agent "固定到该标题")
DHCP代理为虚拟网络提供DHCP服务。
* 编辑`/etc/neutron/dhcp_agent.ini`文件并完成以下操作:
* 在本`[DEFAULT]`节中,配置Linux桥接口驱动程序Dnsmasq DHCP驱动程序,并启用隔离的元数据,以便提供商网络上的实例可以通过网络访问元数据:
[root@controller1 ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
配置元数据代理¶
元数据代理提供配置信息,例如实例的凭据。
* 编辑`/etc/neutron/metadata_agent.ini`文件并完成以下操作:
* 在该`[DEFAULT]`部分中,配置元数据主机和共享机密
[DEFAULT]
nova_metadata_host = openstack-vip.wyh.net
metadata_proxy_shared_secret = 20191220
配置计算服务使用网络服务
必须安装Nova计算服务才能完成此步骤。有关更多详细信息,请参阅docs网站的“ 安装指南”部分 下的计算安装指南
编辑/etc/nova/nova.conf文件并执行以下操作:
在该[neutron]部分中,配置访问参数,启用元数据代理,并配置机密
[root@controller1 ~]# vim /etc/nova/nova.conf
url = http://openstack-vip.wyh.net:9696
auth_url = http://openstack-vip.wyh.net:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = 20191220
最终确定安装
网络服务初始化脚本需要/etc/neutron/plugin.ini指向ML2插件配置文件的符号链接 /etc/neutron/plugins/ml2/ml2_conf.ini。如果此符号链接不存在,请使用以下命令创建它:
[root@controller1 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
填充数据库:
[root@controller1 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
查看数据库信息
MariaDB [(none)]> use neutron
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [neutron]> show tables;
+-----------------------------------------+
| Tables_in_neutron |
+-----------------------------------------+
| address_scopes |
重新启动Compute API服务:
[root@controller1 ~]# systemctl restart openstack-nova-api.service
启动网络服务,并将其配置为在系统引导时启动。
对于两个网络选项:
# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
安装和配置计算节点
计算节点处理实例的连接性和安全性组。
安装的组件
[root@node1 ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y
编辑/etc/neutron/neutron.conf文件并完成以下操作:
在本[database]节中,注释掉所有connection选项,因为计算节点不会直接访问数据库。
在该[DEFAULT]部分中,配置RabbitMQ 消息队列访问:
[DEFAULT]
transport_url = rabbit://openstack:openstack123@openstack-vip.wyh.net
在[DEFAULT]和[keystone_authtoken]部分中,配置身份服务访问:
[DEFAULT]
# ...
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://openstack-vip.wyh.net:5000
auth_url = http://openstack-vip.wyh.net:5000
memcached_servers = openstack-vip.wyh.net:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
在该[oslo_concurrency]部分中,配置锁定路径:
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置提供者网络,参考网站
[https://docs.openstack.org/neutron/stein/install/compute-install-option1-rdo.html](https://docs.openstack.org/neutron/stein/install/compute-install-option1-rdo.html)
## 配置Linux网桥代理[¶](https://docs.openstack.org/neutron/stein/install/compute-install-option1-rdo.html#configure-the-linux-bridge-agent "固定到该标题")
Linux网桥代理为实例构建第2层(桥接和交换)虚拟网络基础结构并处理安全组。
* 编辑`/etc/neutron/plugins/ml2/linuxbridge_agent.ini`文件并完成以下操作:
在本[linux_bridge]节中,将提供者虚拟网络映射到提供者物理网络接口:
[linux_bridge]
physical_interface_mappings = external:eth0
在该[vxlan]部分中,禁用VXLAN覆盖网络:
[vxlan]
enable_vxlan = false
在该[securitygroup]部分中,启用安全组并配置Linux网桥iptables防火墙驱动程序:
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
通过验证以下所有sysctl值是否设置为确保Linux操作系统内核支持网桥过滤器1:
[root@node1 ~]# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
[root@controller1 ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
## 配置计算服务使用网络服务(https://docs.openstack.org/neutron/stein/install/compute-install-rdo.html#configure-the-compute-service-to-use-the-networking-service "固定到该标题")
* 编辑`/etc/nova/nova.conf`文件并完成以下操作:
* 在该`[neutron]`部分中,配置访问参数
[neutron]
url = http://openstack-vip.wyh.net:9696
auth_url = http://openstack-vip.wyh.net:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
## 最终确定安装[¶](https://docs.openstack.org/neutron/stein/install/compute-install-rdo.html#finalize-installation "固定到该标题")
1. 重新启动计算服务
# systemctl restart openstack-nova-compute.service
启动Linux网桥代理,并将其配置为在系统引导时启动:
# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service
创建脚本目录
[root@node1 ~]# mkdir scripts
[root@node1 ~]# vim scripts/nova-restart_agent.sh
#!/bin/bash
systemctl restart openstack-nova-compute.service
[root@node1 ~]# vim scripts/neutron-restart_agent.sh
#!/bin/bash
systemctl restart neutron-linuxbridge-agent.service
[root@node1 ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
检查日志
[root@node1 scripts]# tail -f /var/log/neutron/linuxbridge-agent.log
网友评论