网络组件neutron在整个openstack体系中应该是最难的一部分,需要在控制节点和计算节点上面同时安装


1、创建neutron用户及授权

[root@controller ~]# source admin-openrc.sh
[root@controller ~]# openstack user create --domain default --password=neutron neutron
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | default                          |
| enabled   | True                             |
| id        | d458b30e034a42a3858fa10aff62f19a |
| name      | neutron                          |
+-----------+----------------------------------+
[root@controller ~]#  openstack role add --project service --user neutron admin

2、注册neutron服务

[root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | 624ad1386598404dba9baeb0e31ae48f |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network public http://172.16.80.130:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | cfd3eb223f5f4da3b9cd8b80ac7b7e03 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 624ad1386598404dba9baeb0e31ae48f |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://172.16.80.130:9696        |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network internal http://172.16.80.130:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 1091bd52c35f4f53b5d371b4f32a677a |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 624ad1386598404dba9baeb0e31ae48f |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://172.16.80.130:9696        |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network admin http://172.16.80.130:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | c674d06b4f1d45ca895e3786df708bfb |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 624ad1386598404dba9baeb0e31ae48f |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://172.16.80.130:9696        |
+--------------+----------------------------------+

3、安装配置neutron

[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset -y

[root@controller neutron]# grep -n "^[a-Z]" /etc/neutron/neutron.conf
3:verbose = True
20:state_path = /var/lib/neutron
60:core_plugin = ml2
77:service_plugins = router
92:auth_strategy = keystone
573:rpc_backend=rabbit
722:auth_uri = http://172.16.80.130:5000
723:auth_url = http://172.16.80.130:35357
724:auth_plugin = password
725:project_domain_id = default
726:user_domain_id = default
727:project_name = service
728:username = neutron
729:password = neutron
744:connection = mysql://neutron:[email protected]:3306/neutron
788:auth_url = http://172.16.80.130:35357
789:auth_plugin = password
790:project_domain_id = default
791:user_domain_id = default
792:region_name = RegionOne
793:project_name = service
794:username = nova
795:password = nova
831:lock_path = $state_path/lock
970:rabbit_host = 172.16.80.130
971:rabbit_port = 5672
972:rabbit_userid = openstack
973:rabbit_password = openstack

修改ml2配置文件
[root@controller ml2]# grep -n "^[a-Z]" /etc/neutron/plugins/ml2/ml2_conf.ini 
5:type_drivers = flat,vlan,gre,vxlan,geneve
13:tenant_network_types = flat,vlan,gre,vxlan,geneve
18:mechanism_drivers = openvswitch,linuxbridge
27:extension_drivers = port_security
67:flat_networks = physnet1
120:enable_ipset = True

修改linuxbriage配置文件
[root@controller ml2]# grep -n "^[a-Z]" /etc/neutron/plugins/ml2/linuxbridge_agent.ini 
3:linux_bridge]
12:physical_interface_mappings = physnet1:eno16777736
18:enable_vxlan = false
64:firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
68:enable_security_group = True

修改dhcp配置文件
[root@controller neutron]# grep -n "^[a-Z]" /etc/neutron/dhcp_agent.ini
14:interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
37:dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq 
60:enable_isolated_metadata = true


修改配置metadata_agent.ini
[root@controller neutron]# grep -n "^[a-Z]" /etc/neutron/metadata_agent.ini 
5:verbose = True
6:auth_uri = http://172.16.80.130:5000
7:auth_url = http://172.16.80.130:35357
8:auth_region = RegionOne
9:auth_plugin = password
10:project_domain_id = default
11:user_domain_id = default
12:project_name = service
13:username = neutron
14:password = neutron
15:nova_metadata_ip = 172.16.80.130
16:metadata_proxy_shared_secret = neutron


4、在控制节点的nova中添加关于neutron的配置

[neutron]

url = http://172.16.80.130:9696
auth_url = http://172.16.80.130:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = neutron

[root@controller neutron]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini


5、导入数据库并检查结果

[root@controller neutron]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@controller neutron]# mysql -e "use neutron;show tables;"
+-----------------------------------------+
| Tables_in_neutron                       |
+-----------------------------------------+
| address_scopes                          |
| agents                                  |
| alembic_version                         |
| allowedaddresspairs                     |
| arista_provisioned_nets                 |
| arista_provisioned_tenants              |
| arista_provisioned_vms                  |
| brocadenetworks                         |
| brocadeports                            |
| cisco_csr_identifier_map                |
| cisco_hosting_devices                   |
| cisco_ml2_apic_contracts                |
| cisco_ml2_apic_host_links               |
| cisco_ml2_apic_names                    |
| cisco_ml2_n1kv_network_bindings         |
| cisco_ml2_n1kv_network_profiles         |
| cisco_ml2_n1kv_policy_profiles          |
| cisco_ml2_n1kv_port_bindings            |
| cisco_ml2_n1kv_profile_bindings         |
| cisco_ml2_n1kv_vlan_allocations         |
| cisco_ml2_n1kv_vxlan_allocations        |
| cisco_ml2_nexus_nve                     |
| cisco_ml2_nexusport_bindings            |
| cisco_port_mappings                     |
| cisco_router_mappings                   |
| consistencyhashes                       |
| csnat_l3_agent_bindings                 |
| default_security_group                  |
| dnsnameservers                          |
| dvr_host_macs                           |
| embrane_pool_port                       |
| externalnetworks                        |
| extradhcpopts                           |
| firewall_policies                       |
| firewall_rules                          |
| firewalls                               |
| flavors                                 |
| flavorserviceprofilebindings            |
| floatingips                             |
| ha_router_agent_port_bindings           |
| ha_router_networks                      |
| ha_router_vrid_allocations              |
| healthmonitors                          |
| ikepolicies                             |
| ipallocationpools                       |
| ipallocations                           |
| ipamallocationpools                     |
| ipamallocations                         |
| ipamavailabilityranges                  |
| ipamsubnets                             |
| ipavailabilityranges                    |
| ipsec_site_connections                  |
| ipsecpeercidrs                          |
| ipsecpolicies                           |
| lsn                                     |
| lsn_port                                |
| maclearningstates                       |
| members                                 |
| meteringlabelrules                      |
| meteringlabels                          |
| ml2_brocadenetworks                     |
| ml2_brocadeports                        |
| ml2_dvr_port_bindings                   |
| ml2_flat_allocations                    |
| ml2_geneve_allocations                  |
| ml2_geneve_endpoints                    |
| ml2_gre_allocations                     |
| ml2_gre_endpoints                       |
| ml2_network_segments                    |
| ml2_nexus_vxlan_allocations             |
| ml2_nexus_vxlan_mcast_groups            |
| ml2_port_binding_levels                 |
| ml2_port_bindings                       |
| ml2_ucsm_port_profiles                  |
| ml2_vlan_allocations                    |
| ml2_vxlan_allocations                   |
| ml2_vxlan_endpoints                     |
| multi_provider_networks                 |
| networkconnections                      |
| networkdhcpagentbindings                |
| networkgatewaydevicereferences          |
| networkgatewaydevices                   |
| networkgateways                         |
| networkqueuemappings                    |
| networkrbacs                            |
| networks                                |
| networksecuritybindings                 |
| neutron_nsx_network_mappings            |
| neutron_nsx_port_mappings               |
| neutron_nsx_router_mappings             |
| neutron_nsx_security_group_mappings     |
| nexthops                                |
| nsxv_edge_dhcp_static_bindings          |
| nsxv_edge_vnic_bindings                 |
| nsxv_firewall_rule_bindings             |
| nsxv_internal_edges                     |
| nsxv_internal_networks                  |
| nsxv_port_index_mappings                |
| nsxv_port_vnic_mappings                 |
| nsxv_router_bindings                    |
| nsxv_router_ext_attributes              |
| nsxv_rule_mappings                      |
| nsxv_security_group_section_mappings    |
| nsxv_spoofguard_policy_network_mappings |
| nsxv_tz_network_bindings                |
| nsxv_vdr_dhcp_bindings                  |
| nuage_net_partition_router_mapping      |
| nuage_net_partitions                    |
| nuage_provider_net_bindings             |
| nuage_subnet_l2dom_mapping              |
| ofcfiltermappings                       |
| ofcnetworkmappings                      |
| ofcportmappings                         |
| ofcroutermappings                       |
| ofctenantmappings                       |
| packetfilters                           |
| poolloadbalanceragentbindings           |
| poolmonitorassociations                 |
| pools                                   |
| poolstatisticss                         |
| portbindingports                        |
| portinfos                               |
| portqueuemappings                       |
| ports                                   |
| portsecuritybindings                    |
| providerresourceassociations            |
| qos_bandwidth_limit_rules               |
| qos_network_policy_bindings             |
| qos_policies                            |
| qos_port_policy_bindings                |
| qosqueues                               |
| quotas                                  |
| quotausages                             |
| reservations                            |
| resourcedeltas                          |
| router_extra_attributes                 |
| routerl3agentbindings                   |
| routerports                             |
| routerproviders                         |
| routerroutes                            |
| routerrules                             |
| routers                                 |
| securitygroupportbindings               |
| securitygrouprules                      |
| securitygroups                          |
| serviceprofiles                         |
| sessionpersistences                     |
| subnetpoolprefixes                      |
| subnetpools                             |
| subnetroutes                            |
| subnets                                 |
| tz_network_bindings                     |
| vcns_router_bindings                    |
| vips                                    |
| ***services                             |
+-----------------------------------------+


6、重启nova-api,并启动neutron服务

[root@controller neutron]# systemctl restart openstack-nova-api
[root@controller neutron]# systemctl enable neutron-server.service   neutron-linuxbridge-agent.service neutron-dhcp-agent.service   neutron-metadata-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
[root@controller neutron]# systemctl start neutron-server.service   neutron-linuxbridge-agent.service neutron-dhcp-agent.service   neutron-metadata-agent.service


7、检查结果

[root@controller neutron]# neutron agent-list
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host       | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| 4f0ef1a2-85a6-4d6c-874c-51e139a41a8a | Metadata agent     | controller | :-)   | True           | neutron-metadata-agent    |
| 89ec6936-111c-4416-9c70-ef50ad8c2ae3 | DHCP agent         | controller | :-)   | True           | neutron-dhcp-agent        |
| d438159e-d277-411f-9f64-edda90ce383d | Linux bridge agent | controller | :-)   | True           | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+

8、安装部署计算节点上面的neutron服务

[root@computer1 ~]# yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset -y

直接从控制节点复制过去,无需更改
[root@controller neutron]# scp /etc/neutron/neutron.conf 172.16.80.131:/etc/neutron/
neutron.conf                                                                                                                                           100%   36KB  35.9KB/s   00:00    
[root@controller neutron]# scp /etc/neutron/plugins/ml2/linuxbridge_agent.ini 172.16.80.131:/etc/neutron/plugins/ml2/
linuxbridge_agent.ini

9、配置计算节点的nova

[neutron]

url = http://172.16.80.130:9696
auth_url = http://172.16.80.130:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = neutron

10、启动服务

[root@computer1 ml2]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@computer1 ml2]# systemctl restart openstack-nova-compute.service
[root@computer1 ml2]# systemctl enable neutron-linuxbridge-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
[root@computer1 ml2]# systemctl start neutron-linuxbridge-agent.service


11、在控制节点验证

[root@controller neutron]# neutron agent-list
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host       | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| 0f96e7fb-d369-451f-bd3d-6c0900c97a79 | Linux bridge agent | computer1  | :-)   | True           | neutron-linuxbridge-agent |
| 4f0ef1a2-85a6-4d6c-874c-51e139a41a8a | Metadata agent     | controller | :-)   | True           | neutron-metadata-agent    |
| 89ec6936-111c-4416-9c70-ef50ad8c2ae3 | DHCP agent         | controller | :-)   | True           | neutron-dhcp-agent        |
| d438159e-d277-411f-9f64-edda90ce383d | Linux bridge agent | controller | :-)   | True           | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+