Openstack架构构建及详解(5)--Neutron组件，不得不服

a.创建neutron用户

[root@controller ~]# keystone user-create --name neutron --pass NEUTRON_PASS

±---------±---------------------------------+

| Property | Value |

±---------±---------------------------------+

| email | |

| enabled | True |

| id | a7e4e7944d2f4223bd724fcc32678cae |

| name | neutron |

| username | neutron |

±---------±---------------------------------+

b.连接neutron用户到serivce租户和admin角色

[root@controller ~]# keystone user-role-add --user neutron --tenant service --role admin

c.创建neutron服务

[root@controller ~]# keystone service-create --name neutron --type network --description “Openstack Networking”

±------------±---------------------------------+

| Property | Value |

±------------±---------------------------------+

| description | Openstack Networking |

| enabled | True |

| id | 66e916b7b3264a48b0e4420ecd81423f |

| name | neutron |

| type | network |

±------------±---------------------------------+

d.创建neutron服务端点

[root@controller ~]# keystone endpoint-create --service-id $(keystone service-list |awk ‘/network/ {print $2}’) --publicurl http://controller.nice.com:9696 --adminurl http://controller.nice.com:9696 --internalurl http://controller.nice.com:9696 --region regionOne

±------------±---------------------------------+

| Property | Value |

±------------±---------------------------------+

| adminurl | http://controller.nice.com:9696 |

| id | e9fe74bbedd743458feba34cd64c8ef1 |

| internalurl | http://controller.nice.com:9696 |

| publicurl | http://controller.nice.com:9696 |

| region | regionOne |

| service_id | 66e916b7b3264a48b0e4420ecd81423f |

±------------±---------------------------------+

安装网络服务组件

[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 python-neutronclient which

[root@controller ~]# vim /etc/neutron/neutron.conf

[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini

[root@controller ~]# vim /etc/nova/nova.conf

[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

[root@controller ~]# su -s /bin/sh -c “neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno” neutron

INFO [alembic.migration] Context impl MySQLImpl.

INFO [alembic.migration] Will assume non-transactional DDL.

INFO [alembic.migration] Running upgrade None -> havana, havana_initial

…

…

…

完成配置

1、为ML2插件配置文件创建连接文件。

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

2、初始化数据库

su-s /bin/sh-c “neutron-db-manage --config-file /etc/neutron/neutron.conf–config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno” neutron

3、重新启动计算服务

systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service

4、启动网络服务并配置开机自动启动# systemctlenable neutron-server.service# systemctlstart neutron-server.service

5、验证

[root@controller ~]# source admin-openrc.sh

列出加载的扩展模块，确认成功启动neutron-server进程。

[root@controller ~]# neutron ext-list

±----------------------±----------------------------------------------+

| alias | name |

±----------------------±----------------------------------------------+

| security-group | security-group |

| l3_agent_scheduler | L3 Agent Scheduler |

| ext-gw-mode | Neutron L3 Configurable external gateway mode |

| binding | Port Binding |

| provider | Provider Network |

| agent | agent |

| quotas | Quota management support |

| dhcp_agent_scheduler | DHCP Agent Scheduler |

| l3-ha | HA Router extension |

| multi-provider | Multi Provider Network |

| external-net | Neutron external network |

| router | Neutron L3 Router |

| allowed-address-pairs | Allowed Address Pairs |

| extraroute | Neutron Extra Route |

| extra_dhcp_opt | Neutron Extra DHCP opts |

| dvr | Distributed Virtual Router |

±----------------------±----------------------------------------------+

##### []( )2、配置neutron节点

1、编辑/etc/sysctl.conf文件，包含下列参数：

net.ipv4.ip_forward=1

net.ipv4.conf.all.rp_filter=0

net.ipv4.conf.default.rp_filter=0

[root@network ~]# sysctl -p

net.ipv4.ip_forward = 1

net.ipv4.conf.all.rp_filter = 0

net.ipv4.conf.default.rp_filter = 0

安装网络组件

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch

编辑/etc/neutron/neutron.conf文件并完成下列操作：

a.编辑[database]小节，注释任何connection选项。因为network节点不能直接连接数据库。

b.编辑[DEFAULT]小节，配置RabbitMQ消息队列访问

[DEFAULT]

…

rpc_backend=rabbit

rabbit_host= controller.nice.com

rabbit_password= RABBIT_PASS

c.编辑[DEFAULT]和[keystone_authtoken]小节，配置认证服务访问：

[DEFAULT]

…

auth_strategy= keystone

[keystone_authtoken]

…

auth_uri= http://controller.nice.com:5000/v2.0

identity_uri= http://controller.nice.com:35357admin_tenant_name= service

admin_user= neutron

admin_password= NEUTRON_PASS

d.编辑[DEFAULT]小节，启用Modular Layer2(ML2)插件,路由服务和重叠IP地址功能：

[DEFAULT]

…

core_plugin= ml2

service_plugins= router

allow_overlapping_ips= True

e.（可选）在[DEFAULT]小节中配置详细日志输出。方便排错。

[DEFAULT]

…

verbose = True

ML2插件使用Open vSwitch(OVS)机制为虚拟机实例提供网络框架。编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件并完成下列操作：

a.编辑[ml2]小节，启用flat和generic routing encapsulation (GRE)网络类型驱动，配置GRE租户网络和OVS驱动机制。

[ml2]

…

type_drivers= flat,gre

tenant_network_types= gre

mechanism_drivers= openvswitch

b.编辑[ml2_type_flat]小节，配置外部网络：[ml2_type_flat]

…

flat_networks= external

c.编辑[ml2_type_gre]小节，配置隧道标识范围：

[ml2_type_gre]

…

tunnel_id_ranges= 1:1000

d.编辑[securitygroup]小节，启用安全组，启用ipset并配置OVS防火墙驱动：

[securitygroup]

…

enable_security_group= True

enable_ipset= True

firewall_driver= neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

e.编辑[ovs]小节,配置Open vSwitch(OVS) 代理

[ovs]

…

local_ip= INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS

tunnel_type= gre

enable_tunneling= True

bridge_mappings= external:br-ex

![在这里插入图片描述](https://img-blog.csdnimg.cn/20200727200847966.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ1NzE0Mjcy,size_16,color_FFFFFF,t_70)  

![在这里插入图片描述](https://img-blog.csdnimg.cn/20200727200846642.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ1NzE0Mjcy,size_16,color_FFFFFF,t_70)  

![在这里插入图片描述](https://img-blog.csdnimg.cn/20200727200843396.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ1NzE0Mjcy,size_16,color_FFFFFF,t_70)  

![在这里插入图片描述](https://img-blog.csdnimg.cn/20200727200839811.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ1NzE0Mjcy,size_16,color_FFFFFF,t_70)  

![在这里插入图片描述](https://img-blog.csdnimg.cn/20200727200839189.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ1NzE0Mjcy,size_16,color_FFFFFF,t_70)

[root@network ~]# systemctl enable openvswitch.service

ln -s ‘/usr/lib/systemd/system/openvswitch.service’ ‘/etc/systemd/system/multi-user.target.wants/openvswitch.service’

[root@network ~]# systemctl start openvswitch.service

[root@network ~]# ovs-vsctl add-br br-ex

[root@network ~]# ovs-vsctl add-port br-ex eno50332184

[root@network ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

[root@network ~]# cp/usr/lib/systemd/system/neutron-openvswitch-agent.service/usr/lib/systemd/system/neutron-openvswitch-agent.service.orig

-bash: cp/usr/lib/systemd/system/neutron-openvswitch-agent.service/usr/lib/systemd/system/neutron-openvswitch-agent.service.orig: No such file or directory

[root@network ~]# cp /usr/lib/systemd/system/neutron-openvswitch-agent.service /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig

[root@network ~]# sed -i ‘s,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g’ /usr/lib/systemd/system/neutron-openvswitch-agent.service

[root@network ~]# systemctl enable neutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-ovs-cleanup.service

ln -s ‘/usr/lib/systemd/system/neutron-openvswitch-agent.service’ ‘/etc/systemd/system/multi-user.target.wants/neutron-openvswitch-agent.service’

ln -s ‘/usr/lib/systemd/system/neutron-l3-agent.service’ ‘/etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service’

ln -s ‘/usr/lib/systemd/system/neutron-dhcp-agent.service’ ‘/etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service’

ln -s ‘/usr/lib/systemd/system/neutron-metadata-agent.service’ ‘/etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service’

ln -s ‘/usr/lib/systemd/system/neutron-ovs-cleanup.service’ ‘/etc/systemd/system/multi-user.target.wants/neutron-ovs-cleanup.service’

[root@network ~]# systemctl start neutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

##### []( )3、配置compute节点



![在这里插入图片描述](https://img-blog.csdnimg.cn/20200728095951866.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ1NzE0Mjcy,size_16,color_FFFFFF,t_70)  

![在这里插入图片描述](https://img-blog.csdnimg.cn/20200728100000270.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ1NzE0Mjcy,size_16,color_FFFFFF,t_70)![在这里插入图片描述](https://img-blog.csdnimg.cn/20200728100005889.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ1NzE0Mjcy,size_16,color_FFFFFF,t_70)![在这里插入图片描述](https://img-blog.csdnimg.cn/20200728100015517.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ1NzE0Mjcy,size_16,color_FFFFFF,t_70)![在这里插入图片描述](https://img-blog.csdnimg.cn/20200728100025147.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ1NzE0Mjcy,size_16,color_FFFFFF,t_70)  

![在这里插入图片描述](https://img-blog.csdnimg.cn/20200728100032829.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ1NzE0Mjcy,size_16,color_FFFFFF,t_70)![在这里插入图片描述](https://img-blog.csdnimg.cn/20200728100039171.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ1NzE0Mjcy,size_16,color_FFFFFF,t_70)  

![在这里插入图片描述](https://img-blog.csdnimg.cn/20200728100046444.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ1NzE0Mjcy,size_16,color_FFFFFF,t_70)  

![在这里插入图片描述](https://img-blog.csdnimg.cn/20200728100058124.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ1NzE0Mjcy,size_16,color_FFFFFF,t_70)![在这里插入图片描述](https://img-blog.csdnimg.cn/20200728100109807.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ1NzE0Mjcy,size_16,color_FFFFFF,t_70)



##### []( )4、验证安装

[root@controller ~]# neutron net-create ext-net --shared --router:external True --provider:physical_network external --provider:network_type flat

Created a new network: