傳統(tǒng)公司部署OpenStack（t版）簡易介紹（六）——neutron模塊部署

• 一、ct 控制節(jié)點創(chuàng)建數(shù)據(jù)庫neutron，并進(jìn)行授權(quán)
• 二、c1、c2 節(jié)點（以c1為例）
• 三、ct 節(jié)點驗證
• 總結(jié)

一、ct 控制節(jié)點創(chuàng)建數(shù)據(jù)庫neutron，并進(jìn)行授權(quán)

mysql -u root -p CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; flush privileges; exit#創(chuàng)建neutron用戶，用于在keystone做認(rèn)證 openstack user create --domain default --password NEUTRON_PASS neutron#將neutron用戶添加到service項目中擁有管理員權(quán)限 openstack role add --project service --user neutron admin#創(chuàng)建network服務(wù)，服務(wù)類型為network openstack service create --name neutron --description "OpenStack Networking" network#注冊API到neutron服務(wù)，給neutron服務(wù)關(guān)聯(lián)端口，即添加endpoint openstack endpoint create --region RegionOne network public http://ct:9696 openstack endpoint create --region RegionOne network internal http://ct:9696 openstack endpoint create --region RegionOne network admin http://ct:9696#安裝提供者網(wǎng)絡(luò)(橋接)#ebtables包是用來管理iptables規(guī)則的 yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables conntrack-tools#更改主配置文件neutron.conf cp -a /etc/neutron/neutron.conf{,.bak} grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:NEUTRON_DBPASS@ct/neutron openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2 openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips true openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@ct openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes true openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes true openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://ct:5000 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://ct:5000 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers ct:11211 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp openstack-config --set /etc/neutron/neutron.conf nova auth_url http://ct:5000 openstack-config --set /etc/neutron/neutron.conf nova auth_type password openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne openstack-config --set /etc/neutron/neutron.conf nova project_name service openstack-config --set /etc/neutron/neutron.conf nova username nova openstack-config --set /etc/neutron/neutron.conf nova password NOVA_PASS#修改 ML2 plugin 配置文件 ml2_conf.ini cp -a /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak} grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini.bak > /etc/neutron/plugins/ml2/ml2_conf.ini openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000 openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset true#修改 linux bridge network provider 配置文件 cp -a /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak} grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth1 ###eth1網(wǎng)卡名稱 openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 192.168.100.10 ##控制節(jié)點IP地址 openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver#修改內(nèi)核參數(shù) echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf modprobe br_netfilter sysctl -p#配置Linux bridge接口驅(qū)動和外部網(wǎng)絡(luò)網(wǎng)橋 cp -a /etc/neutron/l3_agent.ini{,.bak} grep -Ev '^$|#' /etc/neutron/l3_agent.ini.bak > /etc/neutron/l3_agent.ini openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver linuxbridge#修改dhcp_agent 配置文件 cp -a /etc/neutron/dhcp_agent.ini{,.bak} grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.bak > /etc/neutron/dhcp_agent.ini openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver linuxbridge openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata true#修改dhcp_agent的配置文件內(nèi)容 cat dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge #指定默認(rèn)接口驅(qū)動為linux網(wǎng)橋 dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq #指定DHCP驅(qū)動 enable_isolated_metadata = true #開啟iso元數(shù)據(jù)#配置元數(shù)據(jù)代理、用于配置橋接與自服務(wù)網(wǎng)絡(luò)的通用配置 cp -a /etc/neutron/metadata_agent.ini{,.bak} grep -Ev '^$|#' /etc/neutron/metadata_agent.ini.bak > /etc/neutron/metadata_agent.ini openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host ct openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret METADATA_SECRET#配置文件內(nèi)容 cat metadata_agent.ini [DEFAULT] nova_metadata_host = ct metadata_proxy_shared_secret = METADATA_SECRET [cache]#修改nova配置文件，用于neutron交互 openstack-config --set /etc/nova/nova.conf neutron url http://ct:9696 openstack-config --set /etc/nova/nova.conf neutron auth_url http://ct:5000 openstack-config --set /etc/nova/nova.conf neutron auth_type password openstack-config --set /etc/nova/nova.conf neutron project_domain_name default openstack-config --set /etc/nova/nova.conf neutron user_domain_name default openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne openstack-config --set /etc/nova/nova.conf neutron project_name service openstack-config --set /etc/nova/nova.conf neutron username neutron openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy true openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret METADATA_SECRET#創(chuàng)建ML2插件文件符號連接 #網(wǎng)絡(luò)服務(wù)初始化腳本需要/etc/neutron/plugin.ini指向ML2插件配置文件的符號鏈接 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini#初始化數(shù)據(jù)庫 su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron#重啟計算節(jié)點nova-api服務(wù) systemctl restart openstack-nova-api.service#開啟neutron服務(wù)、設(shè)置開機(jī)自啟動 systemctl enable neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service systemctl start neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service netstat -anutp |grep 9696#因為配置了第三層L3網(wǎng)絡(luò)服務(wù)、所以需要啟動第三層服務(wù) systemctl enable neutron-l3-agent.service systemctl restart neutron-l3-agent.service

二、c1、c2 節(jié)點（以c1為例）

yum -y install openstack-neutron-linuxbridge ebtables ipset conntrack-tools#修改neutron.conf文件 cp -a /etc/neutron/neutron.conf{,.bak} grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@ct openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://ct:5000 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://ct:5000 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers ct:11211 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp#配置Linux網(wǎng)橋代理 cp -a /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak} grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth1 openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 192.168.100.20 openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver#修改內(nèi)核 echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf #允許虛擬機(jī)的數(shù)據(jù)通過物理機(jī)出去 echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf modprobe br_netfilter #modprobe：用于向內(nèi)核中加載模塊或者從內(nèi)核中移除模塊。modprobe -r 表示移除 sysctl -p#修改nova.conf配置文件 openstack-config --set /etc/nova/nova.conf neutron auth_url http://ct:5000 openstack-config --set /etc/nova/nova.conf neutron auth_type password openstack-config --set /etc/nova/nova.conf neutron project_domain_name default openstack-config --set /etc/nova/nova.conf neutron user_domain_name default openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne openstack-config --set /etc/nova/nova.conf neutron project_name service openstack-config --set /etc/nova/nova.conf neutron username neutron openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS#重啟openstack-nova-compute服務(wù)，配置網(wǎng)絡(luò)服務(wù)。 systemctl restart openstack-nova-compute.service ###重新啟動計算節(jié)點上的Nova服務(wù)#啟動neutron網(wǎng)橋代理服務(wù) 設(shè)置開機(jī)自啟動 systemctl enable neutron-linuxbridge-agent.service systemctl start neutron-linuxbridge-agent.service

三、ct 節(jié)點驗證

#驗證服務(wù)組件 openstack extension list --network openstack network agent list

總結(jié)

• 三個節(jié)點都需要配置neutron網(wǎng)絡(luò)，以下為部署思路：
  • 配置neutron組件的用戶、認(rèn)證、endpoint
  • 設(shè)置提供者provider網(wǎng)絡(luò)（這里是橋接模式）
    ① 配置二層網(wǎng)絡(luò)
    ② 配置網(wǎng)橋（插件）
    ③ 優(yōu)化內(nèi)核
    ④ 配置網(wǎng)橋接口與外部對接
    ⑤ 修改DHCP配置（修改配置文件、代理）
    ⑥ 配置網(wǎng)橋與內(nèi)部組件的配置（修改配置文件、代理）
    設(shè)置neutron與nova對接的配置
    其中C1、C2節(jié)點配置相同

總結(jié)

以上是生活随笔為你收集整理的传统公司部署OpenStack（t版）简易介绍（六）——neutron模块部署的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。