@[TOC](openstack neutron控制端和计算节点(小节6))
mysql
[root@mysql ~]# mysql -uroot -p123.com -h127.0.0.1
创建'neutron'数据库
MariaDB [(none)]> CREATE DATABASE neutron;
授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron123';
controller1
验证数据能否连接、并可以看到库
[root@controller1 ~]# mysql -uneutron -pneutron123 -h192.168.37.101
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| neutron |
+--------------------+
2 rows in set (0.001 sec)
创建neutron用户
[root@controller1 ~]# openstack user create --domain default --password-prompt neutron
User Password: <--密码:neutron
Repeat User Password: <--密码:neutron
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 3d6cf6014ee04da69c088ae6b9b9766a |
| enabled | True |
| id | a4421ad7296c44909679101ffad22c7e |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
添加权限
[root@controller1 ~]# openstack role add --project service --user neutron admin
创建实体
[root@controller1 ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 408c14e39c5e424fa2df23bc2211abea |
| name | neutron |
| type | network |
+-------------+----------------------------------+
注册API
[root@controller1 ~]# openstack endpoint create --region RegionOne network public http://openstack.123.net:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 6622437852a3469c97a5203006a56003 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 408c14e39c5e424fa2df23bc2211abea |
| service_name | neutron |
| service_type | network |
| url | http://openstack.123.net:9696 |
+--------------+----------------------------------+
[root@controller1 ~]# openstack endpoint create --region RegionOne network internal http://openstack.123.net:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2529210b197d4833a0fc35066d6ee0c2 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 408c14e39c5e424fa2df23bc2211abea |
| service_name | neutron |
| service_type | network |
| url | http://openstack.123.net:9696 |
+--------------+----------------------------------+
[root@controller1 ~]# openstack endpoint create --region RegionOne network admin http://openstack.123.net:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4959e63c88ce4b43b66f63acad70308a |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 408c14e39c5e424fa2df23bc2211abea |
| service_name | neutron |
| service_type | network |
| url | http://openstack.123.net:9696 |
+--------------+----------------------------------+
安装网络配置
安装包
[root@controller1 ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
修改'neutron.conf'配置文件
[root@controller1 ~]# vim /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://neutron:neutron123@openstack.123.net/neutron
[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:openstack123@openstack.123.net
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
www_authenticate_uri = http://openstack.123.net:5000
auth_url = http://openstack.123.net:5000
memcached_servers = openstack.123.net:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[nova] <--如果没有建议在文件最后添加
auth_url = http://openstack.123.net:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
修改'ml2_conf.ini'配置文件
[root@controller1 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2] <--如果没有建议在文件最后添加
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = external <--(外部网络'external',内部网络'internal')
[securitygroup] <--安全组
enable_ipset = true
修改'linuxbridge_agent.ini'配置文件
[root@controller1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
...
[linux_bridge]
physical_interface_mappings = external:eth0 <--此处写物理网卡的实际名称'eth0'(桥接到那个网段就写那个网段的网卡名称)
[vxlan]
enable_vxlan = false
[securitygroup] <--安全组
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
...
在内核中添加两个参数
[root@controller1 ~]# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
修改配置DHCP客户端
[root@controller1 ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
配置元数据代理
[root@controller1 ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = openstack.123.net <--控制端的'IP地址'或'域名'
metadata_proxy_shared_secret = 20202020 <--认证方式:密码
配置计算服务以使用网络服务
[root@controller1 ~]# vim /etc/nova/nova.conf
[neutron]
url = http://openstack.123.net:9696
auth_url = http://openstack.123.net:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = 20202020
软链接
[root@controller1 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
初始化数据库
[root@controller1 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
mysql
[root@mysql ~]# mysql -uroot -p123.com -h127.0.0.1
MariaDB [(none)]> use neutron;
#可以看到很多表
MariaDB [neutron]> show tables;
controller1
重启openstack-nova-api服务
[root@controller1 ~]# systemctl restart openstack-nova-api.service
网络服务设为开机启动
[root@controller1 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
启动网络服务
[root@controller1 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
使内核参数生效
[root@controller1 ~]# sysctl -p
node1
安装包
[root@node1 ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y
配置通用组件
[root@node1 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:openstack123@openstack.123.net <--rabbitmq连接地址
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://openstack.123.net:5000
auth_url = http://openstack.123.net:5000
memcached_servers = openstack.123.net:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置Linux网桥代理
[root@node1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = external:eth0
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
sysctl值都设置为1
[root@node1 ~]# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
配置计算服务以使用网络服务
[root@node1 ~]# vim /etc/nova/nova.conf
[neutron]
url = http://openstack.123.net:9696
auth_url = http://openstack.123.net:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
重启服务
[root@node1 ~]# systemctl restart openstack-nova-compute.service
设置开机启动、并启动服务
[root@node1 ~]# systemctl enable neutron-linuxbridge-agent.service
[root@node1 ~]# systemctl start neutron-linuxbridge-agent.service
使内核参数生效
[root@node1 ~]# sysctl -p
创建脚本目录
[root@node1 ~]# mkdir scripts
#重启脚本(执行'bash scripts/nova-restart_agent.sh'、下面脚本同理)
[root@node1 ~]# vim scripts/nova-restart_agent.sh
#!/bin/bash
systemctl restart openstack-nova-compute.service
[root@node1 ~]# vim scripts/neutron-restart_agent.sh
#!/bin/bash
systemctl restart neutron-linuxbridge-agent.service
controller1
验证
#导入环境变量
[root@controller1 ~]# source scripts/admin_stein.sh
列出加载的扩展,以验证中子服务器进程的成功启动:
[root@controller1 ~]# openstack extension list --network
+----------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Name | Alias | Description |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Default Subnetpools | default-subnetpools | Provides ability to mark and use a subnetpool as the default. |
| Network IP Availability | network-ip-availability | Provides IP availability data for each network and subnet. |
| Network Availability Zone | network_availability_zone | Availability zone support for network. |
| Subnet Onboard | subnet_onboard | Provides support for onboarding subnets into subnet pools |
| Network MTU (writable) | net-mtu-writable | Provides a writable MTU attribute for a network resource. |
| Port Binding | binding | Expose port bindings of a virtual port to external application |
| agent | agent | The agent management extension. |
| Subnet Allocation | subnet_allocation | Enables allocation of subnets from a subnet pool |
| DHCP Agent Scheduler | dhcp_agent_scheduler | Schedule networks among dhcp agents |
| Neutron external network | external-net | Adds external network attribute to network resource. |
| Empty String Filtering Extension | empty-string-filtering | Allow filtering by attributes with empty string value |
| Neutron Service Flavors | flavors | Flavor specification for Neutron advanced services. |
| Network MTU | net-mtu | Provides MTU attribute for a network resource. |
| Availability Zone | availability_zone | The availability zone extension. |
| Quota management support | quotas | Expose functions for quotas management per tenant |
| Tag support for resources with standard attribute: subnet, trunk, network_segment_range, router, network, policy, subnetpool, port, security_group, floatingip | standard-attr-tag | Enables to set tag on resources with standard attribute. |
| Availability Zone Filter Extension | availability_zone_filter | Add filter parameters to AvailabilityZone resource |
| If-Match constraints based on revision_number | revision-if-match | Extension indicating that If-Match based on revision_number is supported. |
| Filter parameters validation | filter-validation | Provides validation on filter parameters. |
| Multi Provider Network | multi-provider | Expose mapping of virtual networks to multiple physical networks |
| Quota details management support | quota_details | Expose functions for quotas usage statistics per project |
| Address scope | address-scope | Address scopes extension. |
| Agent's Resource View Synced to Placement | agent-resources-synced | Stores success/failure of last sync to Placement |
| Subnet service types | subnet-service-types | Provides ability to set the subnet service_types field |
| Neutron Port MAC address regenerate | port-mac-address-regenerate | Network port MAC address regenerate |
| Add security_group type to network RBAC | rbac-security-groups | Add security_group type to network RBAC |
| Provider Network | provider | Expose mapping of virtual networks to physical networks |
| Neutron Service Type Management | service-type | API for retrieving service providers for Neutron advanced services |
| Neutron Extra DHCP options | extra_dhcp_opt | Extra options configuration for DHCP. For example PXE boot options to DHCP clients can be specified (e.g. tftp-server, server-ip-address, bootfile-name) |
| Port filtering on security groups | port-security-groups-filtering | Provides security groups filtering when listing ports |
| Resource timestamps | standard-attr-timestamp | Adds created_at and updated_at fields to all Neutron resources that have Neutron standard attributes. |
| Resource revision numbers | standard-attr-revisions | This extension will display the revision number of neutron resources. |
| Pagination support | pagination | Extension that indicates that pagination is enabled. |
| Sorting support | sorting | Extension that indicates that sorting is enabled. |
| security-group | security-group | The security groups extension. |
| RBAC Policies | rbac-policies | Allows creation and modification of policies that control tenant access to resources. |
| standard-attr-description | standard-attr-description | Extension to add descriptions to standard attributes |
| IP address substring filtering | ip-substring-filtering | Provides IP address substring filtering when listing ports |
| Port Security | port-security | Provides port security |
| Allowed Address Pairs | allowed-address-pairs | Provides allowed address pairs |
| project_id field enabled | project-id | Extension that indicates that project_id field is enabled. |
| Port Bindings Extended | binding-extended | Expose port bindings of a virtual port to external application |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
针对网络:provider networks的校验:
[root@controller1 ~]# openstack network agent list
+--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+
| 4a2a0ff2-2dcc-4fd1-8d30-55c3b89d7e92 | Linux bridge agent | node1 | None | :-) | UP | neutron-linuxbridge-agent |
| ace303e8-bcc2-42fe-a348-207c34f7032f | Linux bridge agent | controller1 | None | :-) | UP | neutron-linuxbridge-agent |
| b146298d-7dd4-4624-8d9e-d25b481bb7c3 | DHCP agent | controller1 | nova | :-) | UP | neutron-dhcp-agent |
| ca704fc1-f8f7-450b-9652-b08d4aed5f62 | Metadata agent | controller1 | None | :-) | UP | neutron-metadata-agent |
+--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+
neutron启动脚本
[root@controller1 ~]# vim scripts/neutron-restart.sh
#!/bin/bash
systemctl restart neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
