Alma Linux 8 OpenStack入门5--Neutron 网络服务构建

1.已部署组件

主机名	角色	OS	installed组件
controller	控制节点	Alma Linux 8.6	chrony，Yoga YUM Repository，enable powertools，python3-openstackclient，openstack-selinux，mariadb，rabbitmq，memcached，etcd，openstack-keystone，openstack-dashboard，openstack-placement-api，openstack-nova-api，openstack-nova-conductor，openstack-nova-novncproxy，openstack-nova-scheduler，openstack-cinder，openstack-glance
compute	计算节点	Alma Linux 8.6	chrony，Yoga YUM Repository，enable powertools，python3-openstackclient，openstack-selinux，openstack-nova-compute，openstack-neutron-linuxbridge，ebtables，ipset
computehci	存储节点	Alma Linux 8.6	chrony，Yoga YUM Repository，enable powertools，python3-openstackclient，openstack-selinux，openstack-cinder，targetcli

2.新部署组件

主机名	角色	OS	install组件
controller	控制节点	Alma Linux 8.6	openstack-neutron，openstack-neutron-ml2，openstack-neutron-linuxbridge，ebtables
compute	计算节点	Alma Linux 8.6
computehci	存储节点	Alma Linux 8.6

3.配置控制节点

操作对象：控制节点

3.1.创建neutron数据库及用户

# mysql -u root -p

> CREATE DATABASE neutron;

> GRANT ALL PRIVILEGES ON neutron .* TO 'neutron'@'localhost' IDENTIFIED BY 'root';
> GRANT ALL PRIVILEGES ON neutron .* TO 'neutron'@'%' IDENTIFIED BY 'root';
> flush privileges;

3.2.创建neutron服务凭证

#在default域创建用户neutron
# source admin-openrc
# openstack user create --domain default --password-prompt neutron
User Password:

#绑定用户neutron为admin角色
# openstack role add --project service --user neutron admin

#创建neutron服务实体
# openstack service create --name neutron --description "openstack Networking" network

3.4.创建neutron服务端点

# openstack endpoint create --region RegionOne network public http://controller:9696
# openstack endpoint create --region RegionOne network internal http://controller:9696
# openstack endpoint create --region RegionOne network admin http://controller:9696
# openstack endpoint list  --service neutron
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                    |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------+
| 1a899284584f42fa9dc6e8108a733947 | RegionOne | neutron      | network      | True    | internal  | http://controller:9696 |
| e4435a76c32c416185d918f359e9cdbb | RegionOne | neutron      | network      | True    | public    | http://controller:9696 |
| e655436a44304787b1b8ab77bfafdf3f | RegionOne | neutron      | network      | True    | admin     | http://controller:9696 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------+

3.4.neutron组件安装和配置

#安装neutron组件
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

#修改neutron配置文件neutron.conf等
# vi /etc/neutron/neutron.conf
# grep -Ev "^$|^#" /etc/neutron/neutron.conf
# grep -Ev "^$|^#" /etc/neutron/neutron.conf
...
[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:awcloud@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
connection = mysql+pymysql://neutron:root@controller/neutron
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123456
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
...

# vi /etc/neutron/plugins/ml2/ml2_conf.ini
# grep -Ev "^$|^#" /etc/neutron/plugins/ml2/ml2_conf.ini
...
[DEFAULT]
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
flat_networks = provider
enable_ipset = true
...

# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
# grep -Ev "^$|^#" /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

# vi /etc/neutron/dhcp_agent.ini
# grep -Ev "^$|^#" /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

# vi /etc/neutron/metadata_agent.ini
# grep -Ev "^$|^#" /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
[cache]

# vi /etc/nova/nova.conf
# grep -Ev "^$|^#" /etc/nova/nova.conf
...
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
...

#启动服务或重启动服务并设置自启动
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

# systemctl restart openstack-nova-api.service
# systemctl status openstack-nova-api.service
# systemctl enable neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
# systemctl start neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
 
# systemctl status neutron-server.service
# systemctl status neutron-linuxbridge-agent.service
# systemctl status neutron-dhcp-agent.service
# systemctl status neutron-metadata-agent.service

3.5.配置外部网络

操作对象：控制节点

操作内容：

#创建外部网络
# source admin-openrc
# openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider

#创建子网
# openstack subnet create --network provider --allocation-pool start=10.10.200.10,end=10.10.200.100 --dns-nameserver 114.114.114.114 --gateway 10.10.200.1 --subnet-range 10.10.200.0/24 provider

# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID                                   | Name     | Subnets                              |
+--------------------------------------+----------+--------------------------------------+
| 1cd6a28e-c305-4c6a-97f6-ab76d7b7797c | provider | d2e2bab9-fb34-4c5c-824e-8352e4adf32a |
+--------------------------------------+----------+--------------------------------------+

# openstack subnet list
+--------------------------------------+----------+--------------------------------------+----------------+
| ID                                   | Name     | Network                              | Subnet         |
+--------------------------------------+----------+--------------------------------------+----------------+
| d2e2bab9-fb34-4c5c-824e-8352e4adf32a | provider | 1cd6a28e-c305-4c6a-97f6-ab76d7b7797c | 10.10.200.0/24 |
+--------------------------------------+----------+--------------------------------------+----------------+

4.配置计算节点

操作对象：计算节点

操作内容：

#安装neutron组件
略

#修改neutron配置文件neutron.conf
#vi /etc/neutron/neutron.conf
# grep -Ev "^$|^#" /etc/neutron/neutron.conf
...
[DEFAULT]
transport_url = rabbit://openstack:awcloud@controller
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default 
user_domain_name = default
project_name = service
username = neutron
password = 123456
...

# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
# grep -Ev "^$|^#" /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

# vim /etc/nova/nova.conf
添加neutron内容
...
[neutron]
auth_type = password
auth_url = http://controller:5000
project_domain_name = default 
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
...

#启动服务并设置自启动
# systemctl restart openstack-nova-compute.service
# systemctl restart neutron-linuxbridge-agent.service

# systemctl status openstack-nova-compute.service
# systemctl status neutron-linuxbridge-agent.service

5.确认网络服务

操作对象：控制节点

操作内容：

# openstack network agent list

+--------------------------------------+----------------+------------+-------------------+-------+-------+------------------------+
| ID                                   | Agent Type     | Host       | Availability Zone | Alive | State | Binary                 |
+--------------------------------------+----------------+------------+-------------------+-------+-------+------------------------+
| 880734dc-96ae-4c54-9b9c-164ca8d57b0c | DHCP agent     | controller | nova              | :-)   | UP    | neutron-dhcp-agent     |
| dada327b-f94f-40e0-9306-1d480de1c8e1 | Metadata agent | controller | None              | :-)   | UP    | neutron-metadata-agent |
+--------------------------------------+----------------+------------+-------------------+-------+-------+------------------------+
# openstack network agent list
+--------------------------------------+----------------+------------+-------------------+-------+-------+------------------------+
| ID                                   | Agent Type     | Host       | Availability Zone | Alive | State | Binary                 |
+--------------------------------------+----------------+------------+-------------------+-------+-------+------------------------+
| 880734dc-96ae-4c54-9b9c-164ca8d57b0c | DHCP agent     | controller | nova              | :-)   | UP    | neutron-dhcp-agent     |
| dada327b-f94f-40e0-9306-1d480de1c8e1 | Metadata agent | controller | None              | :-)   | UP    | neutron-metadata-agent |
+--------------------------------------+----------------+------------+-------------------+-------+-------+------------------------+

# openstack extension list --network
+----------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Name                                                                                                                                                           | Alias                                | Description                                                                                                                                              |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Address group                                                                                                                                                  | address-group                        | Support address group                                                                                                                                    |
| Address scope                                                                                                                                                  | address-scope                        | Address scopes extension.                                                                                                                                |
| agent                                                                                                                                                          | agent                                | The agent management extension.                                                                                                                          |
| Agent's Resource View Synced to Placement                                                                                                                      | agent-resources-synced               | Stores success/failure of last sync to Placement                                                                                                         |
| Allowed Address Pairs                                                                                                                                          | allowed-address-pairs                | Provides allowed address pairs                                                                                                                           |
| Availability Zone                                                                                                                                              | availability_zone                    | The availability zone extension.                                                                                                                         |
| Availability Zone Filter Extension                                                                                                                             | availability_zone_filter             | Add filter parameters to AvailabilityZone resource                                                                                                       |
| Default Subnetpools                                                                                                                                            | default-subnetpools                  | Provides ability to mark and use a subnetpool as the default.                                                                                            |
| DHCP Agent Scheduler                                                                                                                                           | dhcp_agent_scheduler                 | Schedule networks among dhcp agents                                                                                                                      |
| Empty String Filtering Extension                                                                                                                               | empty-string-filtering               | Allow filtering by attributes with empty string value                                                                                                    |
| Neutron external network                                                                                                                                       | external-net                         | Adds external network attribute to network resource.                                                                                                     |
| Neutron Extra DHCP options                                                                                                                                     | extra_dhcp_opt                       | Extra options configuration for DHCP. For example PXE boot options to DHCP clients can be specified (e.g. tftp-server, server-ip-address, bootfile-name) |
| Filter parameters validation                                                                                                                                   | filter-validation                    | Provides validation on filter parameters.                                                                                                                |
| Neutron Service Flavors                                                                                                                                        | flavors                              | Flavor specification for Neutron advanced services.                                                                                                      |
| IP address substring filtering                                                                                                                                 | ip-substring-filtering               | Provides IP address substring filtering when listing ports                                                                                               |
| Multi Provider Network                                                                                                                                         | multi-provider                       | Expose mapping of virtual networks to multiple physical networks                                                                                         |
| Network MTU                                                                                                                                                    | net-mtu                              | Provides MTU attribute for a network resource.                                                                                                           |
| Network MTU (writable)                                                                                                                                         | net-mtu-writable                     | Provides a writable MTU attribute for a network resource.                                                                                                |
| Network Availability Zone                                                                                                                                      | network_availability_zone            | Availability zone support for network.                                                                                                                   |
| Network IP Availability                                                                                                                                        | network-ip-availability              | Provides IP availability data for each network and subnet.                                                                                               |
| Pagination support                                                                                                                                             | pagination                           | Extension that indicates that pagination is enabled.                                                                                                     |
| Port device profile                                                                                                                                            | port-device-profile                  | Expose the port device profile (Cyborg)                                                                                                                  |
| Neutron Port MAC address regenerate                                                                                                                            | port-mac-address-regenerate          | Network port MAC address regenerate                                                                                                                      |
| Port NUMA affinity policy                                                                                                                                      | port-numa-affinity-policy            | Expose the port NUMA affinity policy                                                                                                                     |
| Port Binding                                                                                                                                                   | binding                              | Expose port bindings of a virtual port to external application                                                                                           |
| Port Bindings Extended                                                                                                                                         | binding-extended                     | Expose port bindings of a virtual port to external application                                                                                           |
| Port Security                                                                                                                                                  | port-security                        | Provides port security                                                                                                                                   |
| project_id field enabled                                                                                                                                       | project-id                           | Extension that indicates that project_id field is enabled.                                                                                               |
| Provider Network                                                                                                                                               | provider                             | Expose mapping of virtual networks to physical networks                                                                                                  |
| Quota engine limit check                                                                                                                                       | quota-check-limit                    | Support for checking the resource usage before applying a new quota limit                                                                                |
| Quota management support                                                                                                                                       | quotas                               | Expose functions for quotas management per project                                                                                                       |
| Quota details management support                                                                                                                               | quota_details                        | Expose functions for quotas usage statistics per project                                                                                                 |
| RBAC Policies                                                                                                                                                  | rbac-policies                        | Allows creation and modification of policies that control tenant access to resources.                                                                    |
| Add address_group type to RBAC                                                                                                                                 | rbac-address-group                   | Add address_group type to network RBAC                                                                                                                   |
| Add address_scope type to RBAC                                                                                                                                 | rbac-address-scope                   | Add address_scope type to RBAC                                                                                                                           |
| Add security_group type to network RBAC                                                                                                                        | rbac-security-groups                 | Add security_group type to network RBAC                                                                                                                  |
| Add subnetpool type to RBAC                                                                                                                                    | rbac-subnetpool                      | Add subnetpool type to RBAC                                                                                                                              |
| If-Match constraints based on revision_number                                                                                                                  | revision-if-match                    | Extension indicating that If-Match based on revision_number is supported.                                                                                |
| Resource revision numbers                                                                                                                                      | standard-attr-revisions              | This extension will display the revision number of neutron resources.                                                                                    |
| Normalized CIDR field for security group rules                                                                                                                 | security-groups-normalized-cidr      | Add new field with normalized remote_ip_prefix cidr in SG rule                                                                                           |
| Port filtering on security groups                                                                                                                              | port-security-groups-filtering       | Provides security groups filtering when listing ports                                                                                                    |
| Remote address group id field for security group rules                                                                                                         | security-groups-remote-address-group | Add new field of remote address group id in SG rules                                                                                                     |
| Security group filtering on the shared field                                                                                                                   | security-groups-shared-filtering     | Support filtering security groups on the shared field                                                                                                    |
| security-group                                                                                                                                                 | security-group                       | The security groups extension.                                                                                                                           |
| Neutron Service Type Management                                                                                                                                | service-type                         | API for retrieving service providers for Neutron advanced services                                                                                       |
| Sorting support                                                                                                                                                | sorting                              | Extension that indicates that sorting is enabled.                                                                                                        |
| standard-attr-description                                                                                                                                      | standard-attr-description            | Extension to add descriptions to standard attributes                                                                                                     |
| Stateful security group                                                                                                                                        | stateful-security-group              | Indicates if the security group is stateful or not                                                                                                       |
| Subnet Onboard                                                                                                                                                 | subnet_onboard                       | Provides support for onboarding subnets into subnet pools                                                                                                |
| Subnet service types                                                                                                                                           | subnet-service-types                 | Provides ability to set the subnet service_types field                                                                                                   |
| Subnet Allocation                                                                                                                                              | subnet_allocation                    | Enables allocation of subnets from a subnet pool                                                                                                         |
| Subnet Pool Prefix Operations                                                                                                                                  | subnetpool-prefix-ops                | Provides support for adjusting the prefix list of subnet pools                                                                                           |
| Tag support for resources with standard attribute: port, subnet, subnetpool, network, security_group, router, floatingip, policy, trunk, network_segment_range | standard-attr-tag                    | Enables to set tag on resources with standard attribute.                                                                                                 |
| Resource timestamps                                                                                                                                            | standard-attr-timestamp              | Adds created_at and updated_at fields to all Neutron resources that have Neutron standard attributes.                                                    |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+

Alma Linux 8 OpenStack入门5--Neutron 网络服务构建

1.已部署组件

2.新部署组件

3.配置控制节点

3.1.创建neutron数据库及用户

3.2.创建neutron服务凭证

3.4.创建neutron服务端点

3.4.neutron组件安装和配置

3.5.配置外部网络

4.配置计算节点

5.确认网络服务

你可能感兴趣的:(Alma Linux 8 OpenStack入门5--Neutron 网络服务构建)