五、安裝neutron服務
1.1建立數據庫並授權訪問
[root@comtroller1 ~]# mysql -uroot -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
1.2創建用戶並添加角色和項目
[root@comtroller1 ~]# source admin-openrc.sh [root@comtroller1 ~]# openstack user create --domain default --password-prompt neutron User Password:neutron Repeat User Password:neutron +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | baea5f616768439f99d3bb03398b3ed2 | | name | neutron | +-----------+----------------------------------+ [root@comtroller1 ~]# openstack role add --project service --user neutron admin
1.3創建服務實體
[root@comtroller1 ~]# openstack service create --name neutron --description "OpenStack Networking" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | e8125d7bc3254f74832c1d38721e6598 | | name | neutron | | type | network | +-------------+----------------------------------+
1.4創建API訪問端點
[root@comtroller1 ~]# openstack endpoint create --region RegionOne network public http://controller1:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | ba9288d76fa84d23be43454fafb5f118 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | e8125d7bc3254f74832c1d38721e6598 | | service_name | neutron | | service_type | network | | url | http://controller1:9696 | +--------------+----------------------------------+ [root@comtroller1 ~]# openstack endpoint create --region RegionOne network internal http://controller1:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 7d8129db452746e9be4b8d88bdf62828 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | e8125d7bc3254f74832c1d38721e6598 | | service_name | neutron | | service_type | network | | url | http://controller1:9696 | +--------------+----------------------------------+ [root@comtroller1 ~]# openstack endpoint create --region RegionOne network admin http://controller1:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 717a4c91d8f047d79b7e70f52d2d620c | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | e8125d7bc3254f74832c1d38721e6598 | | service_name | neutron | | service_type | network | | url | http://controller1:9696 | +--------------+----------------------------------+
2.0兩種網絡架構選擇Provider networks和Self-service networks
###2.1.1選擇Provider networks,安裝組件
[root@comtroller1 ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
2.1.2配置服務組件
[root@comtroller1 ~]# vi /etc/neutron/neutron.conf [database] connection = mysql://neutron:neutron@controller1/neutron [DEFAULT] core_plugin = ml2 service_plugins = [DEFAULT] rpc_backend = rabbit [oslo_messaging_rabbit] rabbit_host = controller1 rabbit_userid = openstack rabbit_password = openstack [DEFAULT] auth_strategy = keystone [keystone_authtoken] #註釋此模塊下其他配置項 auth_uri = http://controller1:5000 auth_url = http://controller1:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron [DEFAULT] notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://controller1:8774/v2 [nova] auth_url = http://controller1:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = nova password = nova [oslo_concurrency] lock_path = /var/lib/neutron/tmp [DEFAULT] verbose = True #可選,用於排錯
2.1.3配置ML2插件
[root@comtroller1 ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan #配置ML2後如果移除此項目會引起數據庫不一致 [ml2] tenant_network_types = [ml2] mechanism_drivers = linuxbridge [ml2] extension_drivers = port_security [ml2_type_flat] flat_networks = public [securitygroup] enable_ipset = True
2.1.4配置LINUX橋接代理
[root@comtroller1 ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini #注意橋接的網卡名稱 [linux_bridge] physical_interface_mappings = public:enp0s8 [vxlan] enable_vxlan = False [agent] prevent_arp_spoofing = True [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
2.1.5配置DHCP代理
[root@comtroller1 ~]# vi /etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = True [DEFAULT] verbose = True #可選,用於排錯
###2.2.0選擇Self-service networks,
2.2.1安裝組件(controller1)
[root@comtroller1 ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
2.2.2編輯配置文件
[root@comtroller1 ~]# vi /etc/neutron/neutron.conf [database] connection = mysql://neutron:neutron@controller1/neutron [DEFAULT] ##相對1不同 core_plugin = ml2 service_plugins = router allow_overlapping_ips = True [DEFAULT] rpc_backend = rabbit [oslo_messaging_rabbit] rabbit_host = controller1 rabbit_userid = openstack rabbit_password = openstack [DEFAULT] auth_strategy = keystone [keystone_authtoken] #註釋此模塊下其他配置項 auth_uri = http://controller1:5000 auth_url = http://controller1:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron [DEFAULT] notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://controller1:8774/v2 [nova] auth_url = http://controller1:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = nova password = nova [oslo_concurrency] lock_path = /var/lib/neutron/tmp [DEFAULT] verbose = True #可選,用於排錯
2.2.3配置ML2插件
[root@comtroller1 ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan #配置ML2後如果移除此項目會引起數據庫不一致 [ml2] tenant_network_types = vxlan [ml2] mechanism_drivers = linuxbridge,l2population [ml2] extension_drivers = port_security [ml2_type_flat] flat_networks = public [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = True
2.2.4配置LINUX橋接代理
[root@comtroller1 ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini #注意橋接的網卡名稱 [linux_bridge] physical_interface_mappings = public:enp0s8 [vxlan] enable_vxlan = True local_ip = 192.168.1.235 #物理公共網絡接口地址(controller) l2_population = True [agent] prevent_arp_spoofing = True [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
2.2.5配置L3代理
[root@comtroller1 ~]# vi /etc/neutron/l3_agent.ini [DEFAULT] interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver external_network_bridge = [DEFAULT] verbose = True
2.2.6配置DHCP代理
[root@comtroller1 ~]# vi /etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = True [DEFAULT] verbose = True #可選,用於排錯 [DEFAULT] dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf [root@comtroller1 ~]# vi /etc/neutron/dnsmasq-neutron.conf dhcp-option-force=26,1450
3.1配置元數據代理
[root@comtroller1 ~]# vi /etc/neutron/metadata_agent.ini #註釋此模塊下其他配置項 [DEFAULT] auth_uri = http://controller1:5000 auth_url = http://controller1:35357 auth_region = RegionOne auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron [DEFAULT] nova_metadata_ip = 10.0.0.11 [DEFAULT] metadata_proxy_shared_secret = MYPASSWORD [DEFAULT] verbose = True
3.2配置計算節點使用網絡
[root@comtroller1 ~]# vi /etc/nova/nova.conf [neutron] url = http://controller1:9696 auth_url = http://controller1:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = neutron password = neutron service_metadata_proxy = True metadata_proxy_shared_secret = MYPASSWORD
3.3創建文件連接
[root@comtroller1 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
3.4初始化數據庫
[root@comtroller1 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Running upgrade for neutron ... INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Running upgrade -> juno, juno_initial INFO [alembic.runtime.migration] Running upgrade juno -> 44621190bc02, add_uniqueconstraint_ipavailability_ranges INFO [alembic.runtime.migration] Running upgrade 44621190bc02 -> 1f71e54a85e7, ml2_network_segments models change for multi-segment network. INFO [alembic.runtime.migration] Running upgrade 1f71e54a85e7 -> 408cfbf6923c, remove ryu plugin INFO [alembic.runtime.migration] Running upgrade 408cfbf6923c -> 28c0ffb8ebbd, remove mlnx plugin INFO [alembic.runtime.migration] Running upgrade 28c0ffb8ebbd -> 57086602ca0a, scrap_nsx_adv_svcs_models INFO [alembic.runtime.migration] Running upgrade 57086602ca0a -> 38495dc99731, ml2_tunnel_endpoints_table INFO [alembic.runtime.migration] Running upgrade 38495dc99731 -> 4dbe243cd84d, nsxv INFO [alembic.runtime.migration] Running upgrade 4dbe243cd84d -> 41662e32bce2, L3 DVR SNAT mapping INFO [alembic.runtime.migration] Running upgrade 41662e32bce2 -> 2a1ee2fb59e0, Add mac_address unique constraint INFO [alembic.runtime.migration] Running upgrade 2a1ee2fb59e0 -> 26b54cf9024d, Add index on allocated INFO [alembic.runtime.migration] Running upgrade 26b54cf9024d -> 14be42f3d0a5, Add default security group table INFO [alembic.runtime.migration] Running upgrade 14be42f3d0a5 -> 16cdf118d31d, extra_dhcp_options IPv6 support INFO [alembic.runtime.migration] Running upgrade 16cdf118d31d -> 43763a9618fd, add mtu attributes to network INFO [alembic.runtime.migration] Running upgrade 43763a9618fd -> bebba223288, Add vlan transparent property to network INFO [alembic.runtime.migration] Running upgrade bebba223288 -> 4119216b7365, Add index on tenant_id column INFO [alembic.runtime.migration] Running upgrade 4119216b7365 -> 2d2a8a565438, ML2 hierarchical binding INFO [alembic.runtime.migration] Running upgrade 2d2a8a565438 -> 2b801560a332, Remove Hyper-V Neutron Plugin INFO [alembic.runtime.migration] Running upgrade 2b801560a332 -> 57dd745253a6, nuage_kilo_migrate INFO [alembic.runtime.migration] Running upgrade 57dd745253a6 -> f15b1fb526dd, Cascade Floating IP Floating Port deletion INFO [alembic.runtime.migration] Running upgrade f15b1fb526dd -> 341ee8a4ccb5, sync with cisco repo INFO [alembic.runtime.migration] Running upgrade 341ee8a4ccb5 -> 35a0f3365720, add port-security in ml2 INFO [alembic.runtime.migration] Running upgrade 35a0f3365720 -> 1955efc66455, weight_scheduler INFO [alembic.runtime.migration] Running upgrade 1955efc66455 -> 51c54792158e, Initial operations for subnetpools INFO [alembic.runtime.migration] Running upgrade 51c54792158e -> 589f9237ca0e, Cisco N1kv ML2 driver tables INFO [alembic.runtime.migration] Running upgrade 589f9237ca0e -> 20b99fd19d4f, Cisco UCS Manager Mechanism Driver INFO [alembic.runtime.migration] Running upgrade 20b99fd19d4f -> 034883111f, Remove allow_overlap from subnetpools INFO [alembic.runtime.migration] Running upgrade 034883111f -> 268fb5e99aa2, Initial operations in support of subnet allocation from a pool INFO [alembic.runtime.migration] Running upgrade 268fb5e99aa2 -> 28a09af858a8, Initial operations to support basic quotas on prefix space in a subnet pool INFO [alembic.runtime.migration] Running upgrade 28a09af858a8 -> 20c469a5f920, add index for port INFO [alembic.runtime.migration] Running upgrade 20c469a5f920 -> kilo, kilo INFO [alembic.runtime.migration] Running upgrade kilo -> 354db87e3225, nsxv_vdr_metadata.py INFO [alembic.runtime.migration] Running upgrade 354db87e3225 -> 599c6a226151, neutrodb_ipam INFO [alembic.runtime.migration] Running upgrade 599c6a226151 -> 52c5312f6baf, Initial operations in support of address scopes INFO [alembic.runtime.migration] Running upgrade 52c5312f6baf -> 313373c0ffee, Flavor framework INFO [alembic.runtime.migration] Running upgrade 313373c0ffee -> 8675309a5c4f, network_rbac INFO [alembic.runtime.migration] Running upgrade kilo -> 30018084ec99, Initial no-op Liberty contract rule. INFO [alembic.runtime.migration] Running upgrade 30018084ec99, 8675309a5c4f -> 4ffceebfada, network_rbac INFO [alembic.runtime.migration] Running upgrade 4ffceebfada -> 5498d17be016, Drop legacy OVS and LB plugin tables INFO [alembic.runtime.migration] Running upgrade 5498d17be016 -> 2a16083502f3, Metaplugin removal INFO [alembic.runtime.migration] Running upgrade 2a16083502f3 -> 2e5352a0ad4d, Add missing foreign keys INFO [alembic.runtime.migration] Running upgrade 2e5352a0ad4d -> 11926bcfe72d, add geneve ml2 type driver INFO [alembic.runtime.migration] Running upgrade 11926bcfe72d -> 4af11ca47297, Drop cisco monolithic tables INFO [alembic.runtime.migration] Running upgrade 8675309a5c4f -> 45f955889773, quota_usage INFO [alembic.runtime.migration] Running upgrade 45f955889773 -> 26c371498592, subnetpool hash INFO [alembic.runtime.migration] Running upgrade 26c371498592 -> 1c844d1677f7, add order to dnsnameservers INFO [alembic.runtime.migration] Running upgrade 1c844d1677f7 -> 1b4c6e320f79, address scope support in subnetpool INFO [alembic.runtime.migration] Running upgrade 1b4c6e320f79 -> 48153cb5f051, qos db changes INFO [alembic.runtime.migration] Running upgrade 48153cb5f051 -> 9859ac9c136, quota_reservations INFO [alembic.runtime.migration] Running upgrade 9859ac9c136 -> 34af2b5c5a59, Add dns_name to Port OK
3.5重啓服務
[root@comtroller1 ~]# systemctl restart openstack-nova-api.service
3.6啓動服務並設置自啓動
3.6.1針對兩種網絡架構
[root@comtroller1 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service. Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service. Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service. Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service. [root@comtroller1 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
3.6.1網絡選項2針對L3服務
[root@comtroller1 ~]# systemctl enable neutron-l3-agent.service [root@comtroller1 ~]# systemctl start neutron-l3-agent.service
3.7計算節點安裝組件
[root@compute1 ~]# yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset
3.8配置
[root@compute1 ~]# vi /etc/neutron/neutron.conf #註釋掉[database]區域任何連接信息,因爲不直接訪問DB [DEFAULT] rpc_backend = rabbit [oslo_messaging_rabbit] ##注意有相似項目,配錯則將檢測不到計算節點橋接信息 rabbit_host = controller1 rabbit_userid = openstack rabbit_password = openstack [DEFAULT] auth_strategy = keystone [keystone_authtoken] #註釋其他選項 auth_uri = http://controller1:5000 auth_url = http://controller1:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron [oslo_concurrency] lock_path = /var/lib/neutron/tmp [DEFAULT] verbose = True #可選,用於排錯
3.9網絡選擇
3.9.1當選用網絡配置Provider networks時配置linux橋接代理
[root@compute1 ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini #注意橋接的網卡名稱 [linux_bridge] physical_interface_mappings = public:enp0s8 [vxlan] enable_vxlan = False [agent] prevent_arp_spoofing = True [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
3.9.2當選用網絡配置Self-service networks時
[root@compute1 ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini #注意橋接的網卡名稱 [linux_bridge] physical_interface_mappings = public:enp0s8 [vxlan] enable_vxlan = True local_ip = 10.0.0.31 l2_population = True [agent] prevent_arp_spoofing = True [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
3.10配置NOVA使用網絡
[root@compute1 ~]# vi /etc/nova/nova.conf [neutron] url = http://controller1:9696 auth_url = http://controller1:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = neutron password = neutron
3.11啓動服務並設置自啓動
[root@compute1 ~]# systemctl restart openstack-nova-compute.service [root@compute1 ~]# systemctl enable neutron-linuxbridge-agent.service Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service. [root@compute1 ~]# systemctl start neutron-linuxbridge-agent.service
3.12驗證
3.12.1針對網絡架構一:Provider networks
[root@comtroller1 ~]# . admin-openrc.sh [root@comtroller1 ~]# neutron ext-list +-----------------------+--------------------------+ | alias | name | +-----------------------+--------------------------+ | flavors | Neutron Service Flavors | | security-group | security-group | | dns-integration | DNS Integration | | net-mtu | Network MTU | | port-security | Port Security | | binding | Port Binding | | provider | Provider Network | | agent | agent | | quotas | Quota management support | | subnet_allocation | Subnet Allocation | | dhcp_agent_scheduler | DHCP Agent Scheduler | | rbac-policies | RBAC Policies | | external-net | Neutron external network | | multi-provider | Multi Provider Network | | allowed-address-pairs | Allowed Address Pairs | | extra_dhcp_opt | Neutron Extra DHCP opts | +-----------------------+--------------------------+
通常將有3個控制節點Agent和每個計算節點1個Agent,排錯日誌/var/log/neutron/linuxbridge-agent.log
[root@comtroller1 ~]# neutron agent-list +--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+ | 0f2ffa5f-2789-45a5-b5aa-a2147a589344 | Linux bridge agent | comtroller1 | :-) | True | neutron-linuxbridge-agent | | 3c24d005-fe60-4d79-bae3-063741786a18 | DHCP agent | comtroller1 | :-) | True | neutron-dhcp-agent | | b1d510a0-3dfe-4d3e-abed-ff16fd9c0c36 | Linux bridge agent | compute1 | :-) | True | neutron-linuxbridge-agent | | c1b19a6e-5cf9-4099-a31a-96f7df29b8c3 | Metadata agent | comtroller1 | :-) | True | neutron-metadata-agent | +--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+
3.12.2針對網絡架構二:Self-service networks
[root@comtroller1 ~]# . admin-openrc.sh [root@comtroller1 ~]# neutron ext-list +-----------------------+-----------------------------------------------+ | alias | name | +-----------------------+-----------------------------------------------+ | dns-integration | DNS Integration | | ext-gw-mode | Neutron L3 Configurable external gateway mode | | binding | Port Binding | | agent | agent | | subnet_allocation | Subnet Allocation | | l3_agent_scheduler | L3 Agent Scheduler | | external-net | Neutron external network | | flavors | Neutron Service Flavors | | net-mtu | Network MTU | | quotas | Quota management support | | l3-ha | HA Router extension | | provider | Provider Network | | multi-provider | Multi Provider Network | | extraroute | Neutron Extra Route | | router | Neutron L3 Router | | extra_dhcp_opt | Neutron Extra DHCP opts | | security-group | security-group | | dhcp_agent_scheduler | DHCP Agent Scheduler | | rbac-policies | RBAC Policies | | port-security | Port Security | | allowed-address-pairs | Allowed Address Pairs | | dvr | Distributed Virtual Router | +-----------------------+-----------------------------------------------+ [root@comtroller1 ~]# neutron agent-list +--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+ | 643e1106-ac60-4027-856b-6c9304148390 | DHCP agent | comtroller1 | :-) | True | neutron-dhcp-agent | | add77fd9-d837-4023-8311-262b107c2b51 | L3 agent | comtroller1 | :-) | True | neutron-l3-agent | | d61df3d1-a35f-4e3e-82e9-05eb9b99db3d | Linux bridge agent | comtroller1 | :-) | True | neutron-linuxbridge-agent | | dc8f184a-38f9-4c86-bcb3-6402f9db410a | Metadata agent | comtroller1 | :-) | True | neutron-metadata-agent | | efc067fe-d0e4-479d-b1f6-b664975fc938 | Linux bridge agent | compute1 | :-) | True | neutron-linuxbridge-agent | +--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+