Centos 8部署openstack u 版 (二)


五: Networking service Installation Guide
    
    5.1  controller 上配置:
    
        5.1.1 $ mysql -u root -p
            MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
            IDENTIFIED BY 'NEUTRON_DBPASS';
            MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
            IDENTIFIED BY 'NEUTRON_DBPASS';

        5.1.2  create the service credentials
            $ openstack user create --domain default --password-prompt neutron
            $ openstack role add --project service --user neutron admin
            $ openstack service create --name neutron --description "OpenStack Networking" network
        
            $ openstack endpoint create --region RegionOne network public http://controller:9696
            $openstack endpoint create --region RegionOne network internal http://controller:9696
            $ openstack endpoint create --region RegionOne  network admin http://controller:9696

        //安装包,并配置:
        # yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
        # yum install python3-openstackclient

        5.1.3  vim /etc/neutron/neutron.conf
            [database]
            # ...
            connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
            [DEFAULT]
            # ...
            core_plugin = ml2
            service_plugins = router
            allow_overlapping_ips = true
            transport_url = rabbit://openstack:RABBIT_PASS@controller
            auth_strategy = keystone
            notify_nova_on_port_status_changes = true
            notify_nova_on_port_data_changes = true
   
            [keystone_authtoken]
            # ...
            www_authenticate_uri = http://controller:5000
            auth_url = http://controller:5000
            memcached_servers = controller:11211
            auth_type = password
            project_domain_name = default
            user_domain_name = default
            project_name = service
            username = neutron
            password = NEUTRON_PASS

            [oslo_concurrency]
            # ...
            lock_path = /var/lib/neutron/tmp

            [nova]
            # ...
            auth_url = http://controller:5000
            auth_type = password
            project_domain_name = default
            user_domain_name = default
            region_name = RegionOne
            project_name = service
            username = nova
            password = NOVA_PASS
                
        5.1.4 vim /etc/neutron/plugins/ml2/ml2_conf.ini
            [ml2]
            type_drivers = flat,vlan,vxlan
            tenant_network_types = vxlan
            mechanism_drivers = linuxbridge,l2population
            extension_drivers = port_security

            [ml2_type_flat]
            flat_networks = provider

            [ml2_type_vxlan]
            vni_ranges = 1:1000

            [securitygroup]
            enable_ipset = true

        5.1.5 vim  /etc/neutron/plugins/ml2/linuxbridge_agent.ini
            [linux_bridge]
            physical_interface_mappings = provider:ens37

            [vxlan]
            enable_vxlan = true
            local_ip = 192.168.10.101
            l2_population = true

            [securitygroup]
            enable_security_group = true
            firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver   

         5.1.6 内核添加模块
            vim /etc/sysctl.conf
            net.bridge.bridge-nf-call-ip6tables = 1
            net.bridge.bridge-nf-call-iptables = 1
            net.ipv4.ip_forward = 1
        
        5.1.7 vim /etc/neutron/l3_agent.ini
            [DEFAULT]
            # ...
            interface_driver = linuxbridge

        5.1.8 vim /etc/neutron/dhcp_agent.ini
            [DEFAULT]
            # ...
            interface_driver = linuxbridge
            dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
            enable_isolated_metadata = true


        5.1.9 Configure the metadata agent

         vim /etc/neutron/metadata_agent.ini
         [DEFAULT]
            # ...
            nova_metadata_host = controller
            metadata_proxy_shared_secret = METADATA_SECRET   

        5.1.10 Finalize installation

        #  ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
        # su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
        --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
        # systemctl restart openstack-nova-api.service
        # systemctl enable neutron-server.service \
            neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
            neutron-metadata-agent.service
        # systemctl start neutron-server.service \
            neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
            neutron-metadata-agent.service   
        # systemctl enable neutron-l3-agent.service
        # systemctl start neutron-l3-agent.service

    5.2  network 节点配置
        Configure networking options 2: Self-service networks

        # yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
        # yum install python3-openstackclient


        5.2.1  vim /etc/neutron/neutron.conf
            [database]
            # ...
            connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
            [DEFAULT]
            # ...
            core_plugin = ml2
            service_plugins = router
            allow_overlapping_ips = true
            transport_url = rabbit://openstack:RABBIT_PASS@controller
            auth_strategy = keystone
            notify_nova_on_port_status_changes = true
            notify_nova_on_port_data_changes = true
   
            [keystone_authtoken]
            # ...
            www_authenticate_uri = http://controller:5000
            auth_url = http://controller:5000
            memcached_servers = controller:11211
            auth_type = password
            project_domain_name = default
            user_domain_name = default
            project_name = service
            username = neutron
            password = NEUTRON_PASS

            [oslo_concurrency]
            # ...
            lock_path = /var/lib/neutron/tmp

           [nova]
            # ...
            auth_url = http://controller:5000
            auth_type = password
            project_domain_name = default
            user_domain_name = default
            region_name = RegionOne
            project_name = service
            username = nova
            password = NOVA_PASS

        5.2.2    vim /etc/neutron/plugins/ml2/ml2_conf.ini
                [ml2]
            type_drivers = flat,vlan,vxlan
            tenant_network_types = vxlan
            mechanism_drivers = linuxbridge,l2population
            extension_drivers = port_security
            [ml2_type_flat]
            # ...
            flat_networks = provider
            [ml2_type_vxlan]
            # ...
            vni_ranges = 1:1000
            [securitygroup]
            # ...
            enable_ipset = true


        5.2.3 vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
            [linux_bridge]
            physical_interface_mappings = provider:ens37
            [vxlan]
            enable_vxlan = true
            local_ip = 192.168.10.101
            l2_population = true
            [securitygroup]
            # ...
            enable_security_group = true
            firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver


        5.2.4 vim /etc/neutron/l3_agent.ini
            [DEFAULT]
            # ...
            interface_driver = linuxbridge

        5.2.5 vim /etc/neutron/dhcp_agent.ini
            [DEFAULT]
            # ...
            interface_driver = linuxbridge
            dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
            enable_isolated_metadata = true

        5.2.6  Configure the metadata agent

                    vim /etc/neutron/metadata_agent.ini
                    [DEFAULT]
                        # ...
                        nova_metadata_host = controller
                        metadata_proxy_shared_secret = METADATA_SECRET  
                        memcache_servers = controller:11211

        5.2.7 vim /etc/nova/nova.conf

            [neutron]
            # ...
            auth_url = http://controller:5000
            auth_type = password
            project_domain_name = default
            user_domain_name = default
            region_name = RegionOne
            project_name = service
            username = neutron
            password = NEUTRON_PASS
            service_metadata_proxy = true
            metadata_proxy_shared_secret = METADATA_SECRET

        5.2.8 启动 设置服务

        # systemctl restart neutron-linuxbridge-agent.service neutron-dhcp-agent.service  neutron-l3-agent.service
        # systemctl enable neutron-linuxbridge-agent.service neutron-dhcp-agent.service  neutron-l3-agent.service


    5.3 install and configure compute node
         computer节点配置

        5.3.1  yum install openstack-neutron-linuxbridge ebtables ipset
        
        5.3.2  vim  /etc/neutron/neutron.conf
            [DEFAULT]
            transport_url = rabbit://openstack:RABBIT_PASS@controller
            auth_strategy = keystone

            [keystone_authtoken]
            www_authenticate_uri = http://controller:5000
            auth_url = http://controller:5000
            memcached_servers = controller:11211
            auth_type = password
            project_domain_name = default
            user_domain_name = default
            project_name = service
            username = neutron
            password = NEUTRON_PASS

            [oslo_concurrency]
            lock_path = /var/lib/neutron/tm


        5.3.3 vim /etc/nova/nova.conf

                [neutron]
                # ...
                auth_url = http://controller:5000
                auth_type = password
                project_domain_name = default
                user_domain_name = default
                region_name = RegionOne
                project_name = service
                username = neutron
                password = NEUTRON_PASS

         5.3.4 vim  /etc/neutron/plugins/ml2/linuxbridge_agent.ini
                [linux_bridge]
                # 替换接口名PROVIDER_INTERFACE_NAME,我的是ens37
                physical_interface_mappings = provider:ens37  

                [vxlan]
                enable_vxlan = true
                # 替换OVERLAY_INTERFACE_IP_ADDRESS
                local_ip = 192.168.10.103
                l2_population = true

                [securitygroup]
                # ...
                enable_security_group = true
                firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

        5.3.5 启动
        # systemctl restart openstack-nova-compute.service
        # systemctl enable neutron-linuxbridge-agent.service
        # systemctl start neutron-linuxbridge-agent.service



    5.4    验证
        # openstack network agent list

六  configure the dashboard

    1   # yum install openstack-dashboard
    2 # vim local_settings

        #允许所以HOSTS登录
        ALLOWED_HOSTS = ['*]

    3 vim  /etc/httpd/conf.d/openstack-dashboard.conf
      WSGIApplicationGroup %{GLOBAL}

    4 cd /usr/share/openstack-dashboard
        # python3 manage.py make_web_conf --apache > /etc/httpd/conf.d/openstack-dashboard.conf

    5 # systemctl restart httpd.service memcached.service

 

你可能感兴趣的:(Centos 8部署openstack u 版 (二))