使用linuxbridge实现vlan网络类型,并启用l3路由服务。
OpenvSwitch与Linux bridge可应用于不同的的场景,对于SDN集中管理等特性时,Open vSwitch更加有优势,但是在稳定性,大规模网络部署等场景中Linux bridge 是个不错的选择。
环境:
Openstack版本:Mitaka 系统:CentOS Linux release 7.2.1511 (Core) 内核:3.10.0-327.el7.x86_64 关于配置文档解释,请参考Openstack官方文档。
网络节点安装neutron组件:
[root@controller ~]# yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
创建neutron数据库并授权neutron用户:
[root@controller ~]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 49 Server version: 10.1.12-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | glance | | information_schema | | keystone | | mysql | | nova | | nova_api | | performance_schema | +--------------------+ 7 rows in set (0.04 sec) MariaDB [(none)]> create database neutron; Query OK, 1 row affected (0.03 sec) MariaDB [(none)]> grant all privileges on neutron.* to 'neutron'@'localhost' identified by '000000'; Query OK, 0 rows affected (0.04 sec) MariaDB [(none)]> grant all privileges on neutron.* to 'neutron'@'%' identified by '000000'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> exit 创建neutron用户以及授权admin [root@controller ~]# openstack user create --domain default --password 000000 neutron +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | 35e188596b0744d2be8d65f26069e6a9 | | enabled | True | | id | a7c3ee156e004c9d833d6642c69b1b58 | | name | neutron | +-----------+----------------------------------+ [root@controller ~]# openstack role add --project service --user neutron admin 创建neutron实体服务以及API端点: [root@controller ~]# openstack service create --name neutron --description "Openstack Network" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Openstack Network | | enabled | True | | id | d86ab26fa5034743b86a1586c4761dbc | | name | neutron | | type | network | +-------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 2f93396a468041ff9f42fc56f0263703 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | d86ab26fa5034743b86a1586c4761dbc | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | e4ce3271ed9149bdb2931677bae034fe | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | d86ab26fa5034743b86a1586c4761dbc | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 721effc1d0664f66a2f440ee643821a5 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | d86ab26fa5034743b86a1586c4761dbc | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+
修改neutron配置文件:
[root@controller ~]# cat /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins =
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[agent]
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://neutron:000000@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = demo
user_domain_name = demo
project_name = service
username = neutron
password = 000000
[matchmaker_redis]
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = demo
user_domain_name = demo
region_name = RegionOne
project_name = service
username = nova
password = 000000
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 000000
[oslo_policy]
[quotas]
[ssl]
[root@controller neutron]# cat metadata_agent.ini
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = 000000
[AGENT]
[root@controller neutron]# cat dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[AGENT]
修改ML2插件配置文件:
[root@controller ml2]# cat ml2_conf.ini
[DEFAULT]
[ml2]
type_drivers = flat,vlan
tenant_network_types = vlan
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_geneve]
[ml2_type_gre]
[ml2_type_vlan]
network_vlan_ranges = provider:100:300
[ml2_type_vxlan]
[securitygroup]
enable_ipset = True
firewall_driver = iptables_hybrid
[root@controller ml2]# vi linuxbridge_agent.ini
[DEFAULT]
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[linux_bridge]
physical_interface_mappings = provider:eno33554960
[vxlan]
enable_vxlan = False
在nova.conf配置文件找到[neutron]项,添加以下代码:
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = demo
user_domain_name = demo
region_name = RegionOne
project_name = service
username = neutron
password = 000000
网络服务初始化脚本需要一个超链接 /etc/neutron/plugin.ini``指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini``。
如果超链接不存在,使用下面的命令创建
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步neutron数据库:
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
#会有一条报错,可忽略,不影响搭建,具体原因请google
No handlers could be found for logger "oslo_config.cfg"
重启计算API 服务:
[root@controller ~]# systemctl restart openstack-nova-api.service
开启网络服务:
[root@controller ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
开启路由模式修改l3插件:
[root@controller neutron]# cat l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge = eno33554960
[AGENT]
修改neutron.conf:
service_plugins = router
启动l3服务:
[root@controller ~]# systemctl start neutron-l3-agent.service
重启neutron-server:
[root@controller ~]# systemctl start neutron-server.service
计算节点neutron组件安装:
[root@compute ~]# yum -y install openstack-neutron-linuxbridge ebtables ipset
配置计算节点neutron:
[root@compute neutron]# cat neutron.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
[agent]
[cors]
[cors.subdomain]
[database]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = demo
user_domain_name = demo
project_name = service
username = neutron
password = 000000
[matchmaker_redis]
[nova]
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 000000
[oslo_policy]
[quotas]
[ssl]
[root@compute ml2]# cat linuxbridge_agent.ini
[DEFAULT]
[agent]
prevent_arp_spoofing = True
[linux_bridge]
physical_interface_mappings = provider:eno33554960
[securitygroup]
enable_security_group = True
firewall_driver =neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = False
在nova.conf配置文件找到[neutron]项,添加以下代码:
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = demo
user_domain_name = demo
region_name = RegionOne
project_name = service
username = neutron
password = 000000
service_metadata_proxy = True
metadata_proxy_shared_secret = 000000
重启计算服务:
[root@compute ~]# systemctl restart openstack-nova-compute.service
开启计算节点网路服务:
[root@compute ~]# systemctl start neutron-linuxbridge-agent.service
添加外网子网与内网子网:
新建路由:
添加路由接口:
成功获取IP:
如有错误与疑问,欢迎各位下方评论!