Openstack Ocata安装(Networking Option 2: Self-service networks)
一、安装并配置控制节点
创建数据库
# mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGESON neutron.* TO 'neutron'@'172.16.5.135' IDENTIFIED BY '123qwe';
GRANT ALL PRIVILEGESON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123qwe';创建服务认证(创建neutron用户、给neutron添加admin角色、创建neutron服务实体、创建网络服务API端口):
# source /home/admin-openrc.sh
# openstack user create --domain default --password-prompt neutron
# openstack role add --project service --user neutron admin
# openstack service create --name neutron --deion "OpenStack Networking" network
# openstack endpoint create --region RegionOne network public http://controller:9696
# openstack endpoint create --region RegionOne network internal http://controller:9696
# openstack endpoint create --region RegionOne network admin http://controller:9696二、配置网络选项
在控制节点上进行以下操作:
安装组件
# yum install openstack-neutron openstack-neutron-ml2
openstack-neutron-linuxbridge ebtables配置服务器组件
# vi /etc/neutron/neutron.conf[database]
connection=mysql+pymysql://neutron:123qwe@172.16.5.135/neutron
core_plugin=ml2
service_plugins=router
allow_overlapping_ips=true
transport_url=rabbit://openstack:123qwe@172.16.5.135
auth_strategy=keystone
notify_nova_on_port_status_changes=true
notify_nova_on_port_data_changes=true
[keystone_authtoken]
auth_uri=http://172.16.5.135:5000
auth_url=http://172.16.5.135:35357
memcached_servers=172.16.5.135:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=neutron
password=123qwe
[nova]
auth_url=http://172.16.5.135:35357
auth_type=password
project_domain_name=default
user_domain_name=default
region_name=RegionOne
project_name=service
username=nova
password=123qwe
[oslo_concurrency]
lock_path=/var/lib/neutron/tmp配置ML2
# vi /etc/neutron/plugins/ml2/ml2_conf.ini[ml2]
type_drivers=flat,vlan,vxlan
tenant_network_types=vxlan
mechanism_drivers=linuxbridge,l2population
extension_drivers=port_security
[ml2_type_flat]
flat_networks=provider
[ml2_type_vxlan]
vni_ranges=1:1000
[securitygroup]
enable_ipset=true配置Linux 桥接代理
# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini[linux_bridge]
physical_interface_mappings=provider:eth0
[vxlan]
enable_vxlan=true
local_ip=172.16.5.135
l2_population=true
[securitygroup]
enable_security_group=true
firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver配置3层代理
# vi /etc/neutron/l3_agent.ini[DEFAULT]
interface_driver=linuxbridge配置DHCP代理
# vi /etc/neutron/dhcp_agent.ini[DEFAULT]
interface_driver=linuxbridge
dhcp_driver=neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata=true
nova_metadata_ip=controller
metadata_proxy_shared_secret=123qwe配置计算服务来使用网络
# vi /etc/nova/nova.conf[neutron]
url=http://172.16.5.135:9696
auth_url=http://172.16.5.135:35357
auth_type=password
project_domain_name=default
user_domain_name=default
region_name=RegionOne
project_name=service
username=neutron
password=123qwe
service_metadata_proxy=true
metadata_proxy_shared_secret=123qwe3.完成安装
建立符号链接
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini上传数据库
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron重启计算API服务
# systemctl restart openstack-nova-api.service启动网络服务并配置开机启动
# systemctl enable neutron-server.service
neutron-linuxbridge-agent.service neutron-dhcp-agent.service
neutron-metadata-agent.service
# systemctl start neutron-server.service
neutron-linuxbridge-agent.service neutron-dhcp-agent.service
neutron-metadata-agent.service启用3层服务
# systemctl enable neutron-l3-agent.service
# systemctl start neutron-l3-agent.service三、安装和配置计算节点
安装组件
# yum install openstack-neutron-linuxbridge ebtables ipset配置组件
# vi /etc/neutron/neutron.conf[DEFAULT]
transport_url = rabbit://openstack:123qwe@172.16.5.135
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://172.16.5.135:5000
auth_url = http://172.16.5.135:35357
memcached_servers = 172.16.5.135:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123qwe
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp配置桥接
# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini[linux_bridge]
physical_interface_mappings = provider:eth0
[vxlan]
enable_vxlan = true
local_ip = 172.16.5.136
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver配置计算节点的网络服务
# vi /etc/nova/nova.conf[neutron]
url = http://172.16.5.135:9696
auth_url = http://172.16.5.135:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123qwe完成安装
# systemctl restart openstack-nova-compute.service
# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service验证
# source /home/admin-openrc.sh
# openstack extension list --network
# openstack network agent list