8 Openstack-Ussuri-Neutron控制节点部署-ubuntu1804

Nova具体功能如下：
1 Neutron 为整个 OpenStack 环境提供网络支持，包括二层交换，三层路由，负载均衡，防火墙和 VPN 等。
2 Neutron 提供了一个灵活的框架，通过配置，无论是开源还是商业软件都可以被用来实现这些功能。

8.1 配置neutron数据库

#使用root登陆数据库：

mysql -u root -p

#创建neutron数据库:

CREATE DATABASE neutron;

#授予对neutron数据库的访问权限，刷新退出数据库:

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY 'neutron.123';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY 'neutron.123';
  
flush privileges;
exit

8.2 加载管理凭证

source adminrc.sh

8.3 创建neutron相关服务凭证

#创建neutron服务用户，并设置密码为neutron.123

openstack user create --domain default --password-prompt neutron

#输出

User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | f6cad486e8474e3a9e983ca69443af61 |
| name                | neutron                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

#赋予neutron服务用户服务管理员权限及角色，无输出

openstack role add --project service --user neutron admin

#创建neutron服务

openstack service create --name neutron --description "OpenStack Networking" network

#输出

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | 0e20d3c0a35e486bb2aed2bf3cc17c00 |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+

8.4 创建compute API endpoints

#public

openstack endpoint create --region RegionOne network public http://controller160:9696

#输出

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | c05adb051d5b49479a5608c1bad23943 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 0e20d3c0a35e486bb2aed2bf3cc17c00 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller160:9696        |
+--------------+----------------------------------+

#internal

openstack endpoint create --region RegionOne network internal http://controller160:9696

#输出

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 19a4aeaceaa14df3a68322f97c007b55 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 0e20d3c0a35e486bb2aed2bf3cc17c00 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller160:9696        |
+--------------+----------------------------------+

#admin

openstack endpoint create --region RegionOne network admin http://controller160:9696

#输出

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 83afdf2ad4f9489797a899e0faa5a41e |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 0e20d3c0a35e486bb2aed2bf3cc17c00 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller160:9696        |
+--------------+----------------------------------+

8.5 部署与配置neutron server - controller160

#安装包

apt install neutron-server -y

#备份neutron配置

cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
egrep -v "^$|^#" /etc/neutron/neutron.conf.bak >/etc/neutron/neutron.conf

#配置neutron配置文件，在对应项底下增加以下字段
#vim /etc/neutron/neutron.conf

[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
auth_strategy = keystone
transport_url = rabbit://rabbitmq:rabbitmq.123@controller160:5672/
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
# ...
connection = mysql+pymysql://neutron:neutron.123@controller160/neutron

[keystone_authtoken]
# ...
www_authenticate_uri = http://controller160:5000
auth_url = http://controller160:5000
memcached_servers = controller160:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = neutron.123

# ...

[nova]
# ...
auth_url = http://controller160:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova.123

[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

#修改nova配置文件，在对应项底下增加以下字段
#vim /etc/nova/nova.conf

[neutron]
# ...
auth_url = http://controller160:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron.123
service_metadata_proxy = true
metadata_proxy_shared_secret = devops

#配置ml2配置文件，在对应项底下增加以下字段
#vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
# ...
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_flat]
# ...
flat_networks = provider

[ml2_type_vxlan]
# ...
vni_ranges = 1:1000

[securitygroup]
# ...
enable_ipset = true

#填充neutron数据库

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

#输出

INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
  Running upgrade for neutron ...
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Running upgrade 86274d77933e -> f4b9654dd40c
INFO  [alembic.runtime.migration] Running upgrade f4b9654dd40c -> a010322604bc
INFO  [alembic.runtime.migration] Running upgrade a010322604bc -> 263d454a9655
INFO  [alembic.runtime.migration] Running upgrade 263d454a9655 -> Ibac91d24da2
INFO  [alembic.runtime.migration] Running upgrade Ibac91d24da2 -> 2217c4222de6
INFO  [alembic.runtime.migration] Running upgrade 2217c4222de6 -> 18a7e90ae768
INFO  [alembic.runtime.migration] Running upgrade 18a7e90ae768 -> e4e236b0e1ff
INFO  [alembic.runtime.migration] Running upgrade e4e236b0e1ff -> e88badaa9591
INFO  [alembic.runtime.migration] Running upgrade 7d9d8eeec6ad -> a8b517cff8ab
INFO  [alembic.runtime.migration] Running upgrade a8b517cff8ab -> 3b935b28e7a0
INFO  [alembic.runtime.migration] Running upgrade 3b935b28e7a0 -> b12a3ef66e62
INFO  [alembic.runtime.migration] Running upgrade b12a3ef66e62 -> 97c25b0d2353
INFO  [alembic.runtime.migration] Running upgrade 97c25b0d2353 -> 2e0d7a8a1586
INFO  [alembic.runtime.migration] Running upgrade 2e0d7a8a1586 -> 5c85685d616d
  OK

#重启nova-api

systemctl restart nova-api
systemctl status nova-api

#重启neutron-server服务，并配置开机启动:

systemctl enable neutron-server
systemctl restart neutron-server
systemctl status neutron-server

8.6 部署与配置neutron agent -neutron161

#安装包

apt install neutron-server neutron-plugin-ml2 \
  neutron-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent \
  neutron-metadata-agent -y

#备份neutron配置

cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
egrep -v "^$|^#" /etc/neutron/neutron.conf.bak >/etc/neutron/neutron.conf

#配置neutron配置文件，在对应项底下增加以下字段
#vim /etc/neutron/neutron.conf

[DEFAULT]
# ...
auth_strategy = keystone
transport_url = rabbit://rabbitmq:rabbitmq.123@controller160:5672/
[database]
# ...
connection = mysql+pymysql://neutron:neutron.123@controller160/neutron
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller160:5000
auth_url = http://controller160:5000
memcached_servers = controller160:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = neutron.123

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

#备份ml2配置

cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
egrep -v "^$|^#" /etc/neutron/plugins/ml2/ml2_conf.ini.bak >/etc/neutron/plugins/ml2/ml2_conf.ini

#配置ml2配置文件，在对应项底下增加以下字段
#vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
# ...
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_flat]
# ...
flat_networks = provider

[ml2_type_vxlan]
# ...
vni_ranges = 1:1000

[securitygroup]
# ...
enable_ipset = true

#备份linuxbridge_agent.ini配置

cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
egrep -v "^$|^#" /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak >/etc/neutron/plugins/ml2/linuxbridge_agent.ini

#配置linuxbridge_agent.ini文件，在对应项底下增加以下字段
#vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:eth1

[vxlan]
enable_vxlan = true
local_ip = 172.16.3.161
l2_population = true

[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

#备份l3_agent.ini配置

cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak
egrep -v "^$|^#" /etc/neutron/l3_agent.ini.bak >/etc/neutron/l3_agent.ini

#配置l3_agent.ini文件，在对应项底下增加以下字段
#vim /etc/neutron/l3_agent.ini

[DEFAULT]
# ...
interface_driver = linuxbridge

#备份dhcp_agent.ini配置

cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak
egrep -v "^$|^#" /etc/neutron/dhcp_agent.ini.bak >/etc/neutron/dhcp_agent.ini

#配置dhcp_agent.ini文件，在对应项底下增加以下字段
#vim /etc/neutron/dhcp_agent.ini

[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

#备份metadata_agent.ini配置

cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak
egrep -v "^$|^#" /etc/neutron/metadata_agent.ini.bak >/etc/neutron/metadata_agent.ini

#配置metadata_agent.ini文件，在对应项底下增加以下字段
#vim /etc/neutron/metadata_agent.ini

[DEFAULT]
# ...
nova_metadata_host = controller160
metadata_proxy_shared_secret = devops

#确保您的Linux操作系统内核支持网桥过滤器，通过验证所有下列sysctl值设置为1:

cat >> /etc/sysctl.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl -p /etc/sysctl.conf

#重启neutron-agent服务，并配置开机启动:

systemctl enable neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent neutron-l3-agent
systemctl restart neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent neutron-l3-agent
systemctl status neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent neutron-l3-agent

8.7 neutron服务验证

#加载管理凭证

source adminrc.sh

#执行network agent 检查

openstack network agent list

#输出

+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host       | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 0475cec8-24b0-4540-92ce-603e6add0be1 | L3 agent           | neutron161 | nova              | :-)   | UP    | neutron-l3-agent          |
| 0edfd3aa-6278-4749-8e51-6aeb19cdf41a | Linux bridge agent | neutron161 | None              | :-)   | UP    | neutron-linuxbridge-agent |
| 1ddf6f7f-5c3b-4647-8e53-62fa7fafd067 | Metadata agent     | neutron161 | None              | :-)   | UP    | neutron-metadata-agent    |
| cd323219-dd6b-486b-86c4-241c02a5588d | DHCP agent         | neutron161 | nova              | :-)   | UP    | neutron-dhcp-agent        |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+

至此，neutron控制节点服务已部署完毕，如有问题请联系我改正，感激不尽！

8.x 部署过程遇到的问题汇总

eg1. oslo_db.exception.DBError: (pymysql.err.InternalError) (1832, "Cannot change column 'network_id': used in a foreign key constraint 'subnets_ibfk_1'")
[SQL: ALTER TABLE subnets MODIFY network_id VARCHAR(36) NOT NULL]
解决方案：
root@controller160:~# mysql -uroot -p
MariaDB [(none)]> use neutron;
MariaDB [(none)]> ALTER TABLE subnets DROP FOREIGN KEY subnets_ibfk_1;
Query OK, 0 rows affected (0.15 sec)
Records: 0  Duplicates: 0  Warnings: 0

eg2.oslo_db.exception.DBError: (pymysql.err.InternalError) (1071, 'Specified key was too long; max key length is 767 bytes')
[SQL:
CREATE TABLE ovn_hash_ring (
	node_uuid VARCHAR(36) NOT NULL,
	group_name VARCHAR(256) NOT NULL,
	hostname VARCHAR(256) NOT NULL,
	created_at DATETIME NOT NULL,
	updated_at DATETIME NOT NULL,
	PRIMARY KEY (node_uuid, group_name)
)ENGINE=InnoDB

]
解决方案1：
root@controller160:~# vim /etc/mysql/mariadb.conf.d/99-openstack.cnf
增加以下配置：
innodb_large_prefix = on
重启mariadb：
systemctl restart mariadb.service
MariaDB [(none)]> show variables like '%innodb_large_prefix%';
+---------------------+-------+
| Variable_name       | Value |
+---------------------+-------+
| innodb_large_prefix | ON    |
+---------------------+-------+
解决方案2：添加DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC，手动执行即可创建
CREATE TABLE ovn_hash_ring (
	node_uuid VARCHAR(36) NOT NULL,
	group_name VARCHAR(256) NOT NULL,
	hostname VARCHAR(256) NOT NULL,
	created_at DATETIME NOT NULL,
	updated_at DATETIME NOT NULL,
	PRIMARY KEY (node_uuid, group_name)
)ENGINE=InnoDB DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC;