CentOS7 desktop openstack queens openvswitch vxlan self-service 配置

linuxbridge改openvswitch

说明

本文用来替换CentOS7 desktop openstack queens 环境搭建中neutron（控制节点）和neutron(计算节点)
这种部署方式无法把provider网络的端口添加到虚拟机上

先决条件

网络节点
三张网卡：管理网络、provider、overlay(应该是给vxlan用的)

计算节点
添加一张overlay的网卡

neutron（控制节点）

创建数据库
mysql -uroot -p123456
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'controller' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';

创建neutron用户
. admin-openrc
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin

创建neutron service
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696

下载（self-service networks）
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch ebtables -y

配置（self-service networks）
vi /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[database]
connection = mysql+pymysql://neutron:123456@controller/neutron

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456

[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123456

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置（self-service networks）
vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[ml2_type_vlan]
network_vlan_ranges = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = true
注：[ml2_type_vlan]并不需要

启动ovs服务
systemctl enable openvswitch && systemctl restart openvswitch
ovs-vsctl add-br br-ex
ovs-vsctl add-port br-ex eth3
~~ovs-vsctl add-port br-ex eth2~~
~~ip a del 192.168.111.142/24 dev eth2~~
~~ip a add 192.168.111.142/24 dev br-ex~~
~~ip li set br-ex up~~

配置（self-service networks）
vi /etc/neutron/plugins/ml2/openvswitch_agent.ini
[ovs]
bridge_mappings = provider:br-ex
local_ip = 192.168.111.142

[agent]
tunnel_types = vxlan
l2_population = True

[securitygroup]
firewall_driver = iptables_hybrid
配置（self-service networks）
通过验证以下所有sysctl值设置为1：确保您的Linux操作系统内核支持网桥过滤器
vi /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
重启生效：reboot
立即生效：
modprobe br_netfilter
sysctl -p
引用：br_netfilter 模块开机自动方法
CentOS 7 开机加载内核模块
注：因为openstack已经配置了br_netfilter开机自启动，所以不需要进行开机启动重复配置了

配置（self-service networks）
vi /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = openvswitch
external_network_bridge =
配置（self-service networks）
vi /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
配置
vi /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = 123456
配置
vi /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
service_metadata_proxy = true
metadata_proxy_shared_secret = 123456
数据库
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

启动
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service && systemctl start neutron-server.service neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

启动（self-service networks）
systemctl enable neutron-l3-agent.service && systemctl start neutron-l3-agent.service

neutron(计算节点)

下载
yum install openstack-neutron-openvswitch ebtables ipset -y

配置
vi /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置（self-service networks）
vi /etc/neutron/plugins/ml2/openvswitch_agent.ini
[ovs]
local_ip = 192.168.111.182

[agent]
tunnel_types = vxlan
l2_population = True
配置（self-service networks）
通过验证以下所有sysctl值设置为1：确保您的Linux操作系统内核支持网桥过滤器
vi /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
重启生效：reboot
立即生效：
modprobe br_netfilter
sysctl -p

配置
vi /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
启动
systemctl restart openstack-nova-compute.service

启动
systemctl enable neutron-openvswitch-agent.service && systemctl start neutron-openvswitch-agent.service

验证（在控制节点）
openstack network agent list

CentOS7 desktop openstack queens openvswitch vxlan self-service 配置

你可能感兴趣的:(CentOS7 desktop openstack queens openvswitch vxlan self-service 配置)