安装配置network(neutron) 服务
Mitaka版本网络有两个选择,Provider network 和Self-service network,这里我们选择第二种。
controller 节点
[root@controller ~]# mysql -u root -p >>CREATE DATABASE neutron; >>GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘localhost‘ IDENTIFIED BY ‘NEUTRON_DBPASS‘; >>GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘%‘ IDENTIFIED BY ‘NEUTRON_DBPASS‘;
[root@controller ~]# source /root/admin-openrc.sh [root@controller ~]# openstack user create --domain default --password-prompt neutron [root@controller ~]# openstack role add --project service --user neutron admin [root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network [root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696 [root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696 [root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
[root@controller ~]# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf_bak [root@controller ~]# vim /etc/neutron/neutron.conf [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = True rpc_backend = rabbit auth_strategy = keystone notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron #改为自己数据库密码 [oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS #改为rabbitmq的密码 [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS #改为自己neutron服务的密码 [nova] auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = NOVA_PASS #改为自己nova服务的密码 [oslo_concurrency] lock_path = /var/lib/neutron/tmp
[root@controller ~]#mv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini_bak [root@controller ~]#vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = True
编辑linuxbridge agent 配置文件
[root@controller ~]#mv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini_bak [root@controller ~]#vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME #这里设置为provider网络的网卡名称,我这里eth1 [vxlan] enable_vxlan = True local_ip = OVERLAY_INTERFACE_IP_ADDRESS #这个ip地址我们使用的是管理网段的ip ( l2_population = True [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
编辑L3 agent 配置文件
[root@controller ~]#mv /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini_bak [root@controller ~]#vim /etc/neutron/l3_agent.ini [DEFAULT] interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver external_network_bridge = #留空
编辑dhcp agent配置
[root@controller ~]#mv /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini_bak [root@controller ~]#vim /etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = True
配置metadata agent
[root@controller ~]#mv /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini_bak [root@controller ~]#vim /etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_ip = controller metadata_proxy_shared_secret = METADATA_SECRET #修改为自己的METADATA_SECRET,也可以不修改,要和nova服务配置一样
[root@controller ~]#vim /etc/nova/nova.conf #增加以下内容 [neutron] url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS #改为自己neutron服务密码 service_metadata_proxy = True metadata_proxy_shared_secret = METADATA_SECRET #和上面的METADATA对应
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@controller ~]# systemctl restart openstack-nova-api.service
[root@controller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service [root@controller ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
启动L3 agent
[root@controller ~]# systemctl enable neutron-l3-agent.service [root@controller ~]# systemctl start neutron-l3-agent.service
compute 节点配置
[root@controller ~]# yum install openstack-neutron-linuxbridge ebtables ipset
[root@controller ~]#mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf_bak [root@controller ~]#vim /etc/neutron/neutron.conf [DEFAULT] rpc_backend = rabbit auth_strategy = keystone [oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS #改为rabbit密码 [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS #改为自己neutron服务密码 [oslo_concurrency] lock_path = /var/lib/neutron/tmp
编辑linuxbridge agent 配置
[root@controller ~]#mv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini_bak [root@controller ~]#vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME #改为provider网络的网卡,这里是eth1 [vxlan] enable_vxlan = True local_ip = OVERLAY_INTERFACE_IP_ADDRESS #改为本机managent网络的ip地址 l2_population = True [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@controller ~]#vim /etc/nova/nova.conf #增加以下内容 [neutron] url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS #改为自己的neutron服务密码
[root@controller ~]# systemctl restart openstack-nova-compute.service
[root@controller ~]# systemctl enable neutron-linuxbridge-agent.service [root@controller ~]# systemctl start neutron-linuxbridge-agent.service
[root@controller ~]#source /root/admin-openrc.sh [root@controller ~]# neutron ext-list +---------------------------+-----------------------------------------------+ | alias | name | +---------------------------+-----------------------------------------------+ | default-subnetpools | Default Subnetpools | | network-ip-availability | Network IP Availability | | network_availability_zone | Network Availability Zone | | auto-allocated-topology | Auto Allocated Topology Services | | ext-gw-mode | Neutron L3 Configurable external gateway mode | | binding | Port Binding | | agent | agent | | subnet_allocation | Subnet Allocation | | l3_agent_scheduler | L3 Agent Scheduler | | tag | Tag support | | external-net | Neutron external network | | net-mtu | Network MTU | | availability_zone | Availability Zone | | quotas | Quota management support | | l3-ha | HA Router extension | | provider | Provider Network | | multi-provider | Multi Provider Network | | address-scope | Address scope | | extraroute | Neutron Extra Route | | timestamp_core | Time Stamp Fields addition for core resources | | router | Neutron L3 Router | | extra_dhcp_opt | Neutron Extra DHCP opts | | dns-integration | DNS Integration | | security-group | security-group | | dhcp_agent_scheduler | DHCP Agent Scheduler | | router_availability_zone | Router Availability Zone | | rbac-policies | RBAC Policies | | standard-attr-description | standard-attr-description | | port-security | Port Security | | allowed-address-pairs | Allowed Address Pairs | | dvr | Distributed Virtual Router | +---------------------------+-----------------------------------------------+ [root@controller ~]# neutron agent-list +--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+ | id | agent_type | host | availability_zone | alive | admin_state_up | binary | +--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+ | 45320f3f-bea4-44aa-a79a-f7cf582146d1 | L3 agent | controller | nova | :-) | True | neutron-l3-agent | | 780c205c-867f-4997-90b4-a2f2b2c739bf | Metadata agent | controller | | :-) | True | neutron-metadata-agent | | 7ba54a28-2a26-41b3-a02b-b69c9e5f83d7 | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent | | 9b37f144-f697-4ee9-b761-6ae6ae1d2782 | Linux bridge agent | compute2 | | xxx | True | neutron-linuxbridge-agent | | c4f84424-9e37-417f-b587-d474d7b8c6fd | Linux bridge agent | compute1 | | :-) | True | neutron-linuxbridge-agent | | ca7f5ce5-ef15-4777-8c53-70bb32939d9e | Linux bridge agent | controller | | :-) | True | neutron-linuxbridge-agent | +--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
我这里compute2没有启动所以 alive状态是xxx
