网络组件neutron在整个openstack体系中应该是最难的一部分,需要在控制节点和计算节点上面同时安装
1、创建neutron用户及授权
[root@controller ~]# source admin-openrc.sh [root@controller ~]# openstack user create --domain default --password=neutron neutron +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | d458b30e034a42a3858fa10aff62f19a | | name | neutron | +-----------+----------------------------------+ [root@controller ~]# openstack role add --project service --user neutron admin
2、注册neutron服务
[root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | 624ad1386598404dba9baeb0e31ae48f | | name | neutron | | type | network | +-------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne network public http://172.16.80.130:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | cfd3eb223f5f4da3b9cd8b80ac7b7e03 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 624ad1386598404dba9baeb0e31ae48f | | service_name | neutron | | service_type | network | | url | http://172.16.80.130:9696 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne network internal http://172.16.80.130:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 1091bd52c35f4f53b5d371b4f32a677a | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 624ad1386598404dba9baeb0e31ae48f | | service_name | neutron | | service_type | network | | url | http://172.16.80.130:9696 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne network admin http://172.16.80.130:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | c674d06b4f1d45ca895e3786df708bfb | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 624ad1386598404dba9baeb0e31ae48f | | service_name | neutron | | service_type | network | | url | http://172.16.80.130:9696 | +--------------+----------------------------------+
3、安装配置neutron
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset -y [root@controller neutron]# grep -n "^[a-Z]" /etc/neutron/neutron.conf 3:verbose = True 20:state_path = /var/lib/neutron 60:core_plugin = ml2 77:service_plugins = router 92:auth_strategy = keystone 573:rpc_backend=rabbit 722:auth_uri = http://172.16.80.130:5000 723:auth_url = http://172.16.80.130:35357 724:auth_plugin = password 725:project_domain_id = default 726:user_domain_id = default 727:project_name = service 728:username = neutron 729:password = neutron 744:connection = mysql://neutron:[email protected]:3306/neutron 788:auth_url = http://172.16.80.130:35357 789:auth_plugin = password 790:project_domain_id = default 791:user_domain_id = default 792:region_name = RegionOne 793:project_name = service 794:username = nova 795:password = nova 831:lock_path = $state_path/lock 970:rabbit_host = 172.16.80.130 971:rabbit_port = 5672 972:rabbit_userid = openstack 973:rabbit_password = openstack 修改ml2配置文件 [root@controller ml2]# grep -n "^[a-Z]" /etc/neutron/plugins/ml2/ml2_conf.ini 5:type_drivers = flat,vlan,gre,vxlan,geneve 13:tenant_network_types = flat,vlan,gre,vxlan,geneve 18:mechanism_drivers = openvswitch,linuxbridge 27:extension_drivers = port_security 67:flat_networks = physnet1 120:enable_ipset = True 修改linuxbriage配置文件 [root@controller ml2]# grep -n "^[a-Z]" /etc/neutron/plugins/ml2/linuxbridge_agent.ini 3:linux_bridge] 12:physical_interface_mappings = physnet1:eno16777736 18:enable_vxlan = false 64:firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver 68:enable_security_group = True 修改dhcp配置文件 [root@controller neutron]# grep -n "^[a-Z]" /etc/neutron/dhcp_agent.ini 14:interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver 37:dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq 60:enable_isolated_metadata = true 修改配置metadata_agent.ini [root@controller neutron]# grep -n "^[a-Z]" /etc/neutron/metadata_agent.ini 5:verbose = True 6:auth_uri = http://172.16.80.130:5000 7:auth_url = http://172.16.80.130:35357 8:auth_region = RegionOne 9:auth_plugin = password 10:project_domain_id = default 11:user_domain_id = default 12:project_name = service 13:username = neutron 14:password = neutron 15:nova_metadata_ip = 172.16.80.130 16:metadata_proxy_shared_secret = neutron
4、在控制节点的nova中添加关于neutron的配置
[neutron] url = http://172.16.80.130:9696 auth_url = http://172.16.80.130:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = neutron password = neutron service_metadata_proxy = True metadata_proxy_shared_secret = neutron [root@controller neutron]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
5、导入数据库并检查结果
[root@controller neutron]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron [root@controller neutron]# mysql -e "use neutron;show tables;" +-----------------------------------------+ | Tables_in_neutron | +-----------------------------------------+ | address_scopes | | agents | | alembic_version | | allowedaddresspairs | | arista_provisioned_nets | | arista_provisioned_tenants | | arista_provisioned_vms | | brocadenetworks | | brocadeports | | cisco_csr_identifier_map | | cisco_hosting_devices | | cisco_ml2_apic_contracts | | cisco_ml2_apic_host_links | | cisco_ml2_apic_names | | cisco_ml2_n1kv_network_bindings | | cisco_ml2_n1kv_network_profiles | | cisco_ml2_n1kv_policy_profiles | | cisco_ml2_n1kv_port_bindings | | cisco_ml2_n1kv_profile_bindings | | cisco_ml2_n1kv_vlan_allocations | | cisco_ml2_n1kv_vxlan_allocations | | cisco_ml2_nexus_nve | | cisco_ml2_nexusport_bindings | | cisco_port_mappings | | cisco_router_mappings | | consistencyhashes | | csnat_l3_agent_bindings | | default_security_group | | dnsnameservers | | dvr_host_macs | | embrane_pool_port | | externalnetworks | | extradhcpopts | | firewall_policies | | firewall_rules | | firewalls | | flavors | | flavorserviceprofilebindings | | floatingips | | ha_router_agent_port_bindings | | ha_router_networks | | ha_router_vrid_allocations | | healthmonitors | | ikepolicies | | ipallocationpools | | ipallocations | | ipamallocationpools | | ipamallocations | | ipamavailabilityranges | | ipamsubnets | | ipavailabilityranges | | ipsec_site_connections | | ipsecpeercidrs | | ipsecpolicies | | lsn | | lsn_port | | maclearningstates | | members | | meteringlabelrules | | meteringlabels | | ml2_brocadenetworks | | ml2_brocadeports | | ml2_dvr_port_bindings | | ml2_flat_allocations | | ml2_geneve_allocations | | ml2_geneve_endpoints | | ml2_gre_allocations | | ml2_gre_endpoints | | ml2_network_segments | | ml2_nexus_vxlan_allocations | | ml2_nexus_vxlan_mcast_groups | | ml2_port_binding_levels | | ml2_port_bindings | | ml2_ucsm_port_profiles | | ml2_vlan_allocations | | ml2_vxlan_allocations | | ml2_vxlan_endpoints | | multi_provider_networks | | networkconnections | | networkdhcpagentbindings | | networkgatewaydevicereferences | | networkgatewaydevices | | networkgateways | | networkqueuemappings | | networkrbacs | | networks | | networksecuritybindings | | neutron_nsx_network_mappings | | neutron_nsx_port_mappings | | neutron_nsx_router_mappings | | neutron_nsx_security_group_mappings | | nexthops | | nsxv_edge_dhcp_static_bindings | | nsxv_edge_vnic_bindings | | nsxv_firewall_rule_bindings | | nsxv_internal_edges | | nsxv_internal_networks | | nsxv_port_index_mappings | | nsxv_port_vnic_mappings | | nsxv_router_bindings | | nsxv_router_ext_attributes | | nsxv_rule_mappings | | nsxv_security_group_section_mappings | | nsxv_spoofguard_policy_network_mappings | | nsxv_tz_network_bindings | | nsxv_vdr_dhcp_bindings | | nuage_net_partition_router_mapping | | nuage_net_partitions | | nuage_provider_net_bindings | | nuage_subnet_l2dom_mapping | | ofcfiltermappings | | ofcnetworkmappings | | ofcportmappings | | ofcroutermappings | | ofctenantmappings | | packetfilters | | poolloadbalanceragentbindings | | poolmonitorassociations | | pools | | poolstatisticss | | portbindingports | | portinfos | | portqueuemappings | | ports | | portsecuritybindings | | providerresourceassociations | | qos_bandwidth_limit_rules | | qos_network_policy_bindings | | qos_policies | | qos_port_policy_bindings | | qosqueues | | quotas | | quotausages | | reservations | | resourcedeltas | | router_extra_attributes | | routerl3agentbindings | | routerports | | routerproviders | | routerroutes | | routerrules | | routers | | securitygroupportbindings | | securitygrouprules | | securitygroups | | serviceprofiles | | sessionpersistences | | subnetpoolprefixes | | subnetpools | | subnetroutes | | subnets | | tz_network_bindings | | vcns_router_bindings | | vips | | ***services | +-----------------------------------------+
6、重启nova-api,并启动neutron服务
[root@controller neutron]# systemctl restart openstack-nova-api [root@controller neutron]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service. Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service. Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service. Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service. [root@controller neutron]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
7、检查结果
[root@controller neutron]# neutron agent-list +--------------------------------------+--------------------+------------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+------------+-------+----------------+---------------------------+ | 4f0ef1a2-85a6-4d6c-874c-51e139a41a8a | Metadata agent | controller | :-) | True | neutron-metadata-agent | | 89ec6936-111c-4416-9c70-ef50ad8c2ae3 | DHCP agent | controller | :-) | True | neutron-dhcp-agent | | d438159e-d277-411f-9f64-edda90ce383d | Linux bridge agent | controller | :-) | True | neutron-linuxbridge-agent | +--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
8、安装部署计算节点上面的neutron服务
[root@computer1 ~]# yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset -y 直接从控制节点复制过去,无需更改 [root@controller neutron]# scp /etc/neutron/neutron.conf 172.16.80.131:/etc/neutron/ neutron.conf 100% 36KB 35.9KB/s 00:00 [root@controller neutron]# scp /etc/neutron/plugins/ml2/linuxbridge_agent.ini 172.16.80.131:/etc/neutron/plugins/ml2/ linuxbridge_agent.ini
9、配置计算节点的nova
[neutron] url = http://172.16.80.130:9696 auth_url = http://172.16.80.130:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = neutron password = neutron service_metadata_proxy = True metadata_proxy_shared_secret = neutron
10、启动服务
[root@computer1 ml2]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini [root@computer1 ml2]# systemctl restart openstack-nova-compute.service [root@computer1 ml2]# systemctl enable neutron-linuxbridge-agent.service Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service. [root@computer1 ml2]# systemctl start neutron-linuxbridge-agent.service
11、在控制节点验证
[root@controller neutron]# neutron agent-list +--------------------------------------+--------------------+------------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+------------+-------+----------------+---------------------------+ | 0f96e7fb-d369-451f-bd3d-6c0900c97a79 | Linux bridge agent | computer1 | :-) | True | neutron-linuxbridge-agent | | 4f0ef1a2-85a6-4d6c-874c-51e139a41a8a | Metadata agent | controller | :-) | True | neutron-metadata-agent | | 89ec6936-111c-4416-9c70-ef50ad8c2ae3 | DHCP agent | controller | :-) | True | neutron-dhcp-agent | | d438159e-d277-411f-9f64-edda90ce383d | Linux bridge agent | controller | :-) | True | neutron-linuxbridge-agent | +--------------------------------------+--------------------+------------+-------+----------------+---------------------------+