OpenStack的部署（六）——Neutron組件

• 一、CT控制節點
• • 1、創建數據庫neutron，并進行授權
  • 2、創建用戶、服務并賦權
  • 3、注冊API到neutron服務，給neutron服務關聯端口，即添加endpoint
  • 4、安裝提供者網絡(橋接)
  • 5、重啟相關服務
• 二、C1、C2計算節點操作
• • 1、部署neutron服務
  • 2、配置Linux網橋代理
• 驗證服務組件ct節點
• 總結

配置接： OpenStack的部署T版（五）——Nova組件

一、CT控制節點

CT VM:192.168.100.10 NAT:192.168.172.70

1、創建數據庫neutron，并進行授權

mysql -u root -p CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; flush privileges; exit

2、創建用戶、服務并賦權

創建neutron用戶，用于在keystone做認證 openstack user create --domain default --password NEUTRON_PASS neutron將neutron用戶添加到service項目中擁有管理員權限 openstack role add --project service --user neutron admin創建network服務，服務類型為network openstack service create --name neutron --description "OpenStack Networking" network

3、注冊API到neutron服務，給neutron服務關聯端口，即添加endpoint

openstack endpoint create --region RegionOne network public http://ct:9696openstack endpoint create --region RegionOne network internal http://ct:9696 openstack endpoint create --region RegionOne network admin http://ct:9696

4、安裝提供者網絡(橋接)

ebtables包是用來管理iptables規則的

yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables conntrack-tools

修改主配置文件neutron.conf

cp -a /etc/neutron/neutron.conf{,.bak} grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf

傳參

openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:NEUTRON_DBPASS@ct/neutron openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2 openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips true openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@ct openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes true openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes true openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://ct:5000 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://ct:5000 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers ct:11211 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp openstack-config --set /etc/neutron/neutron.conf nova auth_url http://ct:5000 openstack-config --set /etc/neutron/neutron.conf nova auth_type password openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne openstack-config --set /etc/neutron/neutron.conf nova project_name service openstack-config --set /etc/neutron/neutron.conf nova username nova openstack-config --set /etc/neutron/neutron.conf nova password NOVA_PASS

修改 ML2 plugin 配置文件 ml2_conf.ini

cp -a /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak} grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini.bak > /etc/neutron/plugins/ml2/ml2_conf.ini

傳參

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000 openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset true

==修改 linux bridge network provider 配置文件 ==

cp -a /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak} grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:ens33 openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 192.168.100.10 openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

修改內核參數

echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf modprobe br_netfilter sysctl -p

配置Linuxbridge接口驅動和外部網絡網橋

cp -a /etc/neutron/l3_agent.ini{,.bak} grep -Ev '^$|#' /etc/neutron/l3_agent.ini.bak > /etc/neutron/l3_agent.iniopenstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver linuxbridge

修改dhcp_agent 配置文件

cp -a /etc/neutron/dhcp_agent.ini{,.bak} grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.bak > /etc/neutron/dhcp_agent.ini

openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver linuxbridge openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata true

配置元數據代理、用于配置橋接與自服務網絡的通用配置

cp -a /etc/neutron/metadata_agent.ini{,.bak} grep -Ev '^$|#' /etc/neutron/metadata_agent.ini.bak > /etc/neutron/metadata_agent.ini

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host ct openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret METADATA_SECRET

修改nova配置文件，用于neutron交互

openstack-config --set /etc/nova/nova.conf neutron url http://ct:9696 openstack-config --set /etc/nova/nova.conf neutron auth_url http://ct:5000 openstack-config --set /etc/nova/nova.conf neutron auth_type password openstack-config --set /etc/nova/nova.conf neutron project_domain_name default openstack-config --set /etc/nova/nova.conf neutron user_domain_name default openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne openstack-config --set /etc/nova/nova.conf neutron project_name service openstack-config --set /etc/nova/nova.conf neutron username neutron openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy true openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret METADATA_SECRET

創建ML2插件文件符號連接
網絡服務初始化腳本需要/etc/neutron/plugin.ini指向ML2插件配置文件的符號鏈接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

初始化數據庫

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

5、重啟相關服務

重啟計算節點nova-api服務

systemctl restart openstack-nova-api.service

開啟neutron服務、設置開機自啟動

systemctl enable neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.servicesystemctl start neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.servicenetstat -anutp |grep 9696

因為配置了第三層L3網絡服務、所以需要啟動第三層服務

systemctl enable neutron-l3-agent.service systemctl restart neutron-l3-agent.service

二、C1、C2計算節點操作

C1 VM:192.168.100.20 NAT:192.168.172.80
C2 VM:192.168.100.30 NAT:192.168.172.90

1、部署neutron服務

安裝neutron即相關服務

yum -y install openstack-neutron-linuxbridge ebtables ipset conntrack-tools #ipset：iptables的擴展，允許匹配規則的集合而不僅僅是一個IP

修改neutron.conf文件

cp -a /etc/neutron/neutron.conf{,.bak} grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf

openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@ct openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://ct:5000 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://ct:5000 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers ct:11211 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp

2、配置Linux網橋代理

修改Linuxbridge網橋配置文件

cp -a /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak} grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:ens33 openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 192.168.100.20 openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

修改內核

echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf #允許虛擬機的數據通過物理機出去 echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf modprobe br_netfilter #modprobe：用于向內核中加載模塊或者從內核中移除模塊。modprobe -r 表示移除 sysctl -p

修改nova.conf配置文件

openstack-config --set /etc/nova/nova.conf neutron auth_url http://ct:5000 openstack-config --set /etc/nova/nova.conf neutron auth_type password openstack-config --set /etc/nova/nova.conf neutron project_domain_name default openstack-config --set /etc/nova/nova.conf neutron user_domain_name default openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne openstack-config --set /etc/nova/nova.conf neutron project_name service openstack-config --set /etc/nova/nova.conf neutron username neutron openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS

重啟openstack-nova-compute服務，配置網絡服務

systemctl restart openstack-nova-compute.service ###重新啟動計算節點上的Nova服務

啟動neutron網橋代理服務 設置開機自啟動

systemctl enable neutron-linuxbridge-agent.servicesystemctl start neutron-linuxbridge-agent.service

C2節點部署neutron服務（與C1節點相同）

驗證服務組件ct節點

openstack extension list --network openstack network agent list

總結

三個節點都需要配置neutron網絡，以下為部署思路：
配置neutron組件的用戶、認證、endpoint
設置提供者provider網絡（這里是橋接模式）
① 配置二層網絡
② 配置網橋（插件）
③ 優化內核
④ 配置網橋接口與外部對接
⑤ 修改DHCP配置（修改配置文件、代理）
⑥ 配置網橋與內部組件的配置（修改配置文件、代理）
設置neutron與nova對接的配置
其中C1、C2節點配置相同

總結

以上是生活随笔為你收集整理的OpenStack的部署T版（六）——Neutron组件的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。