五、安装neutron服务
1.1建立数据库并授权访问
[root@comtroller1 ~]# mysql -uroot -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
1.2创建用户并添加角色和项目
[root@comtroller1 ~]# source admin-openrc.sh [root@comtroller1 ~]# openstack user create --domain default --password-prompt neutron User Password:neutron Repeat User Password:neutron +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | baea5f616768439f99d3bb03398b3ed2 | | name | neutron | +-----------+----------------------------------+ [root@comtroller1 ~]# openstack role add --project service --user neutron admin
1.3创建服务实体
[root@comtroller1 ~]# openstack service create --name neutron --description "OpenStack Networking" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | e8125d7bc3254f74832c1d38721e6598 | | name | neutron | | type | network | +-------------+----------------------------------+
1.4创建API访问端点
[root@comtroller1 ~]# openstack endpoint create --region RegionOne network public http://controller1:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | ba9288d76fa84d23be43454fafb5f118 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | e8125d7bc3254f74832c1d38721e6598 | | service_name | neutron | | service_type | network | | url | http://controller1:9696 | +--------------+----------------------------------+ [root@comtroller1 ~]# openstack endpoint create --region RegionOne network internal http://controller1:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 7d8129db452746e9be4b8d88bdf62828 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | e8125d7bc3254f74832c1d38721e6598 | | service_name | neutron | | service_type | network | | url | http://controller1:9696 | +--------------+----------------------------------+ [root@comtroller1 ~]# openstack endpoint create --region RegionOne network admin http://controller1:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 717a4c91d8f047d79b7e70f52d2d620c | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | e8125d7bc3254f74832c1d38721e6598 | | service_name | neutron | | service_type | network | | url | http://controller1:9696 | +--------------+----------------------------------+
2.0两种网络架构选择Provider networks和Self-service networks
###2.1.1选择Provider networks,安装组件
[root@comtroller1 ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
2.1.2配置服务组件
[root@comtroller1 ~]# vi /etc/neutron/neutron.conf [database] connection = mysql://neutron:neutron@controller1/neutron [DEFAULT] core_plugin = ml2 service_plugins = [DEFAULT] rpc_backend = rabbit [oslo_messaging_rabbit] rabbit_host = controller1 rabbit_userid = openstack rabbit_password = openstack [DEFAULT] auth_strategy = keystone [keystone_authtoken] #注释此模块下其他配置项 auth_uri = http://controller1:5000 auth_url = http://controller1:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron [DEFAULT] notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://controller1:8774/v2 [nova] auth_url = http://controller1:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = nova password = nova [oslo_concurrency] lock_path = /var/lib/neutron/tmp [DEFAULT] verbose = True #可选,用于排错
2.1.3配置ML2插件
[root@comtroller1 ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan #配置ML2后如果移除此项目会引起数据库不一致 [ml2] tenant_network_types = [ml2] mechanism_drivers = linuxbridge [ml2] extension_drivers = port_security [ml2_type_flat] flat_networks = public [securitygroup] enable_ipset = True
2.1.4配置LINUX桥接代理
[root@comtroller1 ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini #注意桥接的网卡名称 [linux_bridge] physical_interface_mappings = public:enp0s8 [vxlan] enable_vxlan = False [agent] prevent_arp_spoofing = True [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
2.1.5配置DHCP代理
[root@comtroller1 ~]# vi /etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = True [DEFAULT] verbose = True #可选,用于排错
###2.2.0选择Self-service networks,
2.2.1安装组件(controller1)
[root@comtroller1 ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
2.2.2编辑配置文件
[root@comtroller1 ~]# vi /etc/neutron/neutron.conf [database] connection = mysql://neutron:neutron@controller1/neutron [DEFAULT] ##相对1不同 core_plugin = ml2 service_plugins = router allow_overlapping_ips = True [DEFAULT] rpc_backend = rabbit [oslo_messaging_rabbit] rabbit_host = controller1 rabbit_userid = openstack rabbit_password = openstack [DEFAULT] auth_strategy = keystone [keystone_authtoken] #注释此模块下其他配置项 auth_uri = http://controller1:5000 auth_url = http://controller1:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron [DEFAULT] notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://controller1:8774/v2 [nova] auth_url = http://controller1:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = nova password = nova [oslo_concurrency] lock_path = /var/lib/neutron/tmp [DEFAULT] verbose = True #可选,用于排错
2.2.3配置ML2插件
[root@comtroller1 ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan #配置ML2后如果移除此项目会引起数据库不一致 [ml2] tenant_network_types = vxlan [ml2] mechanism_drivers = linuxbridge,l2population [ml2] extension_drivers = port_security [ml2_type_flat] flat_networks = public [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = True
2.2.4配置LINUX桥接代理
[root@comtroller1 ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini #注意桥接的网卡名称 [linux_bridge] physical_interface_mappings = public:enp0s8 [vxlan] enable_vxlan = True local_ip = 192.168.1.235 #物理公共网络接口地址(controller) l2_population = True [agent] prevent_arp_spoofing = True [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
2.2.5配置L3代理
[root@comtroller1 ~]# vi /etc/neutron/l3_agent.ini [DEFAULT] interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver external_network_bridge = [DEFAULT] verbose = True
2.2.6配置DHCP代理
[root@comtroller1 ~]# vi /etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = True [DEFAULT] verbose = True #可选,用于排错 [DEFAULT] dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf [root@comtroller1 ~]# vi /etc/neutron/dnsmasq-neutron.conf dhcp-option-force=26,1450
3.1配置元数据代理
[root@comtroller1 ~]# vi /etc/neutron/metadata_agent.ini #注释此模块下其他配置项 [DEFAULT] auth_uri = http://controller1:5000 auth_url = http://controller1:35357 auth_region = RegionOne auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron [DEFAULT] nova_metadata_ip = 10.0.0.11 [DEFAULT] metadata_proxy_shared_secret = MYPASSWORD [DEFAULT] verbose = True
3.2配置计算节点使用网络
[root@comtroller1 ~]# vi /etc/nova/nova.conf [neutron] url = http://controller1:9696 auth_url = http://controller1:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = neutron password = neutron service_metadata_proxy = True metadata_proxy_shared_secret = MYPASSWORD
3.3创建文件连接
[root@comtroller1 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
3.4初始化数据库
[root@comtroller1 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Running upgrade for neutron ... INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Running upgrade -> juno, juno_initial INFO [alembic.runtime.migration] Running upgrade juno -> 44621190bc02, add_uniqueconstraint_ipavailability_ranges INFO [alembic.runtime.migration] Running upgrade 44621190bc02 -> 1f71e54a85e7, ml2_network_segments models change for multi-segment network. INFO [alembic.runtime.migration] Running upgrade 1f71e54a85e7 -> 408cfbf6923c, remove ryu plugin INFO [alembic.runtime.migration] Running upgrade 408cfbf6923c -> 28c0ffb8ebbd, remove mlnx plugin INFO [alembic.runtime.migration] Running upgrade 28c0ffb8ebbd -> 57086602ca0a, scrap_nsx_adv_svcs_models INFO [alembic.runtime.migration] Running upgrade 57086602ca0a -> 38495dc99731, ml2_tunnel_endpoints_table INFO [alembic.runtime.migration] Running upgrade 38495dc99731 -> 4dbe243cd84d, nsxv INFO [alembic.runtime.migration] Running upgrade 4dbe243cd84d -> 41662e32bce2, L3 DVR SNAT mapping INFO [alembic.runtime.migration] Running upgrade 41662e32bce2 -> 2a1ee2fb59e0, Add mac_address unique constraint INFO [alembic.runtime.migration] Running upgrade 2a1ee2fb59e0 -> 26b54cf9024d, Add index on allocated INFO [alembic.runtime.migration] Running upgrade 26b54cf9024d -> 14be42f3d0a5, Add default security group table INFO [alembic.runtime.migration] Running upgrade 14be42f3d0a5 -> 16cdf118d31d, extra_dhcp_options IPv6 support INFO [alembic.runtime.migration] Running upgrade 16cdf118d31d -> 43763a9618fd, add mtu attributes to network INFO [alembic.runtime.migration] Running upgrade 43763a9618fd -> bebba223288, Add vlan transparent property to network INFO [alembic.runtime.migration] Running upgrade bebba223288 -> 4119216b7365, Add index on tenant_id column INFO [alembic.runtime.migration] Running upgrade 4119216b7365 -> 2d2a8a565438, ML2 hierarchical binding INFO [alembic.runtime.migration] Running upgrade 2d2a8a565438 -> 2b801560a332, Remove Hyper-V Neutron Plugin INFO [alembic.runtime.migration] Running upgrade 2b801560a332 -> 57dd745253a6, nuage_kilo_migrate INFO [alembic.runtime.migration] Running upgrade 57dd745253a6 -> f15b1fb526dd, Cascade Floating IP Floating Port deletion INFO [alembic.runtime.migration] Running upgrade f15b1fb526dd -> 341ee8a4ccb5, sync with cisco repo INFO [alembic.runtime.migration] Running upgrade 341ee8a4ccb5 -> 35a0f3365720, add port-security in ml2 INFO [alembic.runtime.migration] Running upgrade 35a0f3365720 -> 1955efc66455, weight_scheduler INFO [alembic.runtime.migration] Running upgrade 1955efc66455 -> 51c54792158e, Initial operations for subnetpools INFO [alembic.runtime.migration] Running upgrade 51c54792158e -> 589f9237ca0e, Cisco N1kv ML2 driver tables INFO [alembic.runtime.migration] Running upgrade 589f9237ca0e -> 20b99fd19d4f, Cisco UCS Manager Mechanism Driver INFO [alembic.runtime.migration] Running upgrade 20b99fd19d4f -> 034883111f, Remove allow_overlap from subnetpools INFO [alembic.runtime.migration] Running upgrade 034883111f -> 268fb5e99aa2, Initial operations in support of subnet allocation from a pool INFO [alembic.runtime.migration] Running upgrade 268fb5e99aa2 -> 28a09af858a8, Initial operations to support basic quotas on prefix space in a subnet pool INFO [alembic.runtime.migration] Running upgrade 28a09af858a8 -> 20c469a5f920, add index for port INFO [alembic.runtime.migration] Running upgrade 20c469a5f920 -> kilo, kilo INFO [alembic.runtime.migration] Running upgrade kilo -> 354db87e3225, nsxv_vdr_metadata.py INFO [alembic.runtime.migration] Running upgrade 354db87e3225 -> 599c6a226151, neutrodb_ipam INFO [alembic.runtime.migration] Running upgrade 599c6a226151 -> 52c5312f6baf, Initial operations in support of address scopes INFO [alembic.runtime.migration] Running upgrade 52c5312f6baf -> 313373c0ffee, Flavor framework INFO [alembic.runtime.migration] Running upgrade 313373c0ffee -> 8675309a5c4f, network_rbac INFO [alembic.runtime.migration] Running upgrade kilo -> 30018084ec99, Initial no-op Liberty contract rule. INFO [alembic.runtime.migration] Running upgrade 30018084ec99, 8675309a5c4f -> 4ffceebfada, network_rbac INFO [alembic.runtime.migration] Running upgrade 4ffceebfada -> 5498d17be016, Drop legacy OVS and LB plugin tables INFO [alembic.runtime.migration] Running upgrade 5498d17be016 -> 2a16083502f3, Metaplugin removal INFO [alembic.runtime.migration] Running upgrade 2a16083502f3 -> 2e5352a0ad4d, Add missing foreign keys INFO [alembic.runtime.migration] Running upgrade 2e5352a0ad4d -> 11926bcfe72d, add geneve ml2 type driver INFO [alembic.runtime.migration] Running upgrade 11926bcfe72d -> 4af11ca47297, Drop cisco monolithic tables INFO [alembic.runtime.migration] Running upgrade 8675309a5c4f -> 45f955889773, quota_usage INFO [alembic.runtime.migration] Running upgrade 45f955889773 -> 26c371498592, subnetpool hash INFO [alembic.runtime.migration] Running upgrade 26c371498592 -> 1c844d1677f7, add order to dnsnameservers INFO [alembic.runtime.migration] Running upgrade 1c844d1677f7 -> 1b4c6e320f79, address scope support in subnetpool INFO [alembic.runtime.migration] Running upgrade 1b4c6e320f79 -> 48153cb5f051, qos db changes INFO [alembic.runtime.migration] Running upgrade 48153cb5f051 -> 9859ac9c136, quota_reservations INFO [alembic.runtime.migration] Running upgrade 9859ac9c136 -> 34af2b5c5a59, Add dns_name to Port OK
3.5重启服务
[root@comtroller1 ~]# systemctl restart openstack-nova-api.service
3.6启动服务并设置自启动
3.6.1针对两种网络架构
[root@comtroller1 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service. Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service. Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service. Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service. [root@comtroller1 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
3.6.1网络选项2针对L3服务
[root@comtroller1 ~]# systemctl enable neutron-l3-agent.service [root@comtroller1 ~]# systemctl start neutron-l3-agent.service
3.7计算节点安装组件
[root@compute1 ~]# yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset
3.8配置
[root@compute1 ~]# vi /etc/neutron/neutron.conf #注释掉[database]区域任何连接信息,因为不直接访问DB [DEFAULT] rpc_backend = rabbit [oslo_messaging_rabbit] ##注意有相似项目,配错则将检测不到计算节点桥接信息 rabbit_host = controller1 rabbit_userid = openstack rabbit_password = openstack [DEFAULT] auth_strategy = keystone [keystone_authtoken] #注释其他选项 auth_uri = http://controller1:5000 auth_url = http://controller1:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron [oslo_concurrency] lock_path = /var/lib/neutron/tmp [DEFAULT] verbose = True #可选,用于排错
3.9网络选择
3.9.1当选用网络配置Provider networks时配置linux桥接代理
[root@compute1 ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini #注意桥接的网卡名称 [linux_bridge] physical_interface_mappings = public:enp0s8 [vxlan] enable_vxlan = False [agent] prevent_arp_spoofing = True [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
3.9.2当选用网络配置Self-service networks时
[root@compute1 ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini #注意桥接的网卡名称 [linux_bridge] physical_interface_mappings = public:enp0s8 [vxlan] enable_vxlan = True local_ip = 10.0.0.31 l2_population = True [agent] prevent_arp_spoofing = True [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
3.10配置NOVA使用网络
[root@compute1 ~]# vi /etc/nova/nova.conf [neutron] url = http://controller1:9696 auth_url = http://controller1:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = neutron password = neutron
3.11启动服务并设置自启动
[root@compute1 ~]# systemctl restart openstack-nova-compute.service [root@compute1 ~]# systemctl enable neutron-linuxbridge-agent.service Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service. [root@compute1 ~]# systemctl start neutron-linuxbridge-agent.service
3.12验证
3.12.1针对网络架构一:Provider networks
[root@comtroller1 ~]# . admin-openrc.sh [root@comtroller1 ~]# neutron ext-list +-----------------------+--------------------------+ | alias | name | +-----------------------+--------------------------+ | flavors | Neutron Service Flavors | | security-group | security-group | | dns-integration | DNS Integration | | net-mtu | Network MTU | | port-security | Port Security | | binding | Port Binding | | provider | Provider Network | | agent | agent | | quotas | Quota management support | | subnet_allocation | Subnet Allocation | | dhcp_agent_scheduler | DHCP Agent Scheduler | | rbac-policies | RBAC Policies | | external-net | Neutron external network | | multi-provider | Multi Provider Network | | allowed-address-pairs | Allowed Address Pairs | | extra_dhcp_opt | Neutron Extra DHCP opts | +-----------------------+--------------------------+
通常将有3个控制节点Agent和每个计算节点1个Agent,排错日志/var/log/neutron/linuxbridge-agent.log
[root@comtroller1 ~]# neutron agent-list +--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+ | 0f2ffa5f-2789-45a5-b5aa-a2147a589344 | Linux bridge agent | comtroller1 | :-) | True | neutron-linuxbridge-agent | | 3c24d005-fe60-4d79-bae3-063741786a18 | DHCP agent | comtroller1 | :-) | True | neutron-dhcp-agent | | b1d510a0-3dfe-4d3e-abed-ff16fd9c0c36 | Linux bridge agent | compute1 | :-) | True | neutron-linuxbridge-agent | | c1b19a6e-5cf9-4099-a31a-96f7df29b8c3 | Metadata agent | comtroller1 | :-) | True | neutron-metadata-agent | +--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+
3.12.2针对网络架构二:Self-service networks
[root@comtroller1 ~]# . admin-openrc.sh [root@comtroller1 ~]# neutron ext-list +-----------------------+-----------------------------------------------+ | alias | name | +-----------------------+-----------------------------------------------+ | dns-integration | DNS Integration | | ext-gw-mode | Neutron L3 Configurable external gateway mode | | binding | Port Binding | | agent | agent | | subnet_allocation | Subnet Allocation | | l3_agent_scheduler | L3 Agent Scheduler | | external-net | Neutron external network | | flavors | Neutron Service Flavors | | net-mtu | Network MTU | | quotas | Quota management support | | l3-ha | HA Router extension | | provider | Provider Network | | multi-provider | Multi Provider Network | | extraroute | Neutron Extra Route | | router | Neutron L3 Router | | extra_dhcp_opt | Neutron Extra DHCP opts | | security-group | security-group | | dhcp_agent_scheduler | DHCP Agent Scheduler | | rbac-policies | RBAC Policies | | port-security | Port Security | | allowed-address-pairs | Allowed Address Pairs | | dvr | Distributed Virtual Router | +-----------------------+-----------------------------------------------+ [root@comtroller1 ~]# neutron agent-list +--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+ | 643e1106-ac60-4027-856b-6c9304148390 | DHCP agent | comtroller1 | :-) | True | neutron-dhcp-agent | | add77fd9-d837-4023-8311-262b107c2b51 | L3 agent | comtroller1 | :-) | True | neutron-l3-agent | | d61df3d1-a35f-4e3e-82e9-05eb9b99db3d | Linux bridge agent | comtroller1 | :-) | True | neutron-linuxbridge-agent | | dc8f184a-38f9-4c86-bcb3-6402f9db410a | Metadata agent | comtroller1 | :-) | True | neutron-metadata-agent | | efc067fe-d0e4-479d-b1f6-b664975fc938 | Linux bridge agent | compute1 | :-) | True | neutron-linuxbridge-agent | +--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+