5 安装Neutron网络服务
5.1通过脚本安装neutron服务
5.2-5.11网络服务的操作命令已经编写成shell脚本,通过脚本进行一键安装。如下:
#Controller节点
执行脚本iaas-install-neutron-controller.sh进行安装
#Compute节点
执行脚本iaas-install-neutron-compute.sh进行安装
5.2创建Neutron数据库
#mysql -u root -p
mysql> CREATE DATABASE neutron;
mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '$NEUTRON_DBPASS';
mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '$NEUTRON_DBPASS';
5.3创建用户
# openstack user create --domain $DOMAIN_NAME --password $NEUTRON_PASS neutron
# openstack role add --project service --user neutron admin
5.4创建Endpoint和API端点
# openstack service create --name neutron --description "OpenStack Networking" network
# openstack endpoint create --region RegionOne network public http://$HOST_NAME:9696
# openstack endpoint create --region RegionOne network internal http://$HOST_NAME:9696
# openstack endpoint create --region RegionOne network admin http://$HOST_NAME:9696
5.5安装neutron网络服务软件包
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
5.6配置Neutron服务
# crudini --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
# crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins router
# crudini --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips true
# crudini --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:$NEUTRON_DBPASS@$HOST_NAME
# crudini --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
# crudini --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes true
# crudini --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes true
# crudini --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:$NEUTRON_DBPASS@$HOST_NAME/neutron
# crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://$HOST_NAME:5000
# crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://$HOST_NAME:35357
# crudini --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers $HOST_NAME:11211
# crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
# crudini --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name $DOMAIN_NAME
# crudini --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name $DOMAIN_NAME
# crudini --set /etc/neutron/neutron.conf keystone_authtoken project_name service
# crudini --set /etc/neutron/neutron.conf keystone_authtoken username neutron
# crudini --set /etc/neutron/neutron.conf keystone_authtoken password $NEUTRON_PASS
# crudini --set /etc/neutron/neutron.conf nova auth_url http://$HOST_NAME:35357
# crudini --set /etc/neutron/neutron.conf nova auth_type password
# crudini --set /etc/neutron/neutron.conf nova project_domain_name $DOMAIN_NAME
# crudini --set /etc/neutron/neutron.conf nova user_domain_name $DOMAIN_NAME
# crudini --set /etc/neutron/neutron.conf nova region_name RegionOne
# crudini --set /etc/neutron/neutron.conf nova project_name service
# crudini --set /etc/neutron/neutron.conf nova username nova
# crudini --set /etc/neutron/neutron.conf nova password $NOVA_PASS
# crudini --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population
# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks $Physical_NAME
# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vlan network_vlan_ranges $Physical_NAME:$minvlan:$maxvlan
# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges $minvlan:$maxvlan
# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset true
# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings $Physical_NAME:$INTERFACE_NAME
# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip $INTERFACE_IP
# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true
# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
# crudini --set /etc/neutron/l3_agent.ini DEFAULT interface_driver linuxbridge
# crudini --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver linuxbridge
# crudini --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
# crudini --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata true
# #/etc/neutron/metadata_agent.ini
# crudini --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host $HOST_NAME
# crudini --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret $METADATA_SECRET
# crudini --set /etc/nova/nova.conf neutron url http://$HOST_NAME:9696
# crudini --set /etc/nova/nova.conf neutron auth_url http://$HOST_NAME:35357
# crudini --set /etc/nova/nova.conf neutron auth_type password
# crudini --set /etc/nova/nova.conf neutron project_domain_name $DOMAIN_NAME
# crudini --set /etc/nova/nova.conf neutron user_domain_name $DOMAIN_NAME
# crudini --set /etc/nova/nova.conf neutron region_name RegionOne
# crudini --set /etc/nova/nova.conf neutron project_name service
# crudini --set /etc/nova/nova.conf neutron username neutron
# crudini --set /etc/nova/nova.conf neutron password $NEUTRON_PASS
# crudini --set /etc/nova/nova.conf neutron service_metadata_proxy true
# crudini --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret $METADATA_SECRET
5.7 创建数据库
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
5.8 启动服务和创建网桥
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
#Compute节点
5.9 安装软件包
# yum install openstack-neutron-linuxbridge ebtables ipset net-tools -y
5.10 配置Neutron服务
# crudini --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:$NEUTRON_DBPASS@$HOST_NAME
# crudini --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
# crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://$HOST_NAME:5000
# crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://$HOST_NAME:35357
# crudini --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers $HOST_NAME:11211
# crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
# crudini --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name $DOMAIN_NAME
# crudini --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name $DOMAIN_NAME
# crudini --set /etc/neutron/neutron.conf keystone_authtoken project_name service
# crudini --set /etc/neutron/neutron.conf keystone_authtoken username neutron
# crudini --set /etc/neutron/neutron.conf keystone_authtoken password $NEUTRON_PASS
# crudini --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:$INTERFACE_NAME
# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip $INTERFACE_IP
# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true
# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
# crudini --set /etc/nova/nova.conf neutron url http://$HOST_NAME:9696
# crudini --set /etc/nova/nova.conf neutron auth_url http://$HOST_NAME:35357
# crudini --set /etc/nova/nova.conf neutron auth_type password
# crudini --set /etc/nova/nova.conf neutron project_domain_name $DOMAIN_NAME
# crudini --set /etc/nova/nova.conf neutron user_domain_name $DOMAIN_NAME
# crudini --set /etc/nova/nova.conf neutron region_name RegionOne
# crudini --set /etc/nova/nova.conf neutron project_name service
# crudini --set /etc/nova/nova.conf neutron username neutron
# crudini --set /etc/nova/nova.conf neutron password $NEUTRON_PASS
5.11 启动服务进而创建网桥
# systemctl restart openstack-nova-compute.service
# systemctl start neutron-linuxbridge-agent.service
# systemctl enable neutron-linuxbridge-agent.service