5 安装Neutron网络服务

5.1通过脚本安装neutron服务

5.2-5.11网络服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：

#Controller节点

执行脚本iaas-install-neutron-controller.sh进行安装

#Compute节点

执行脚本iaas-install-neutron-compute.sh进行安装

5.2创建Neutron数据库

#mysql -u root -p

mysql> CREATE DATABASE neutron;

mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost'   IDENTIFIED BY  '$NEUTRON_DBPASS';

mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '$NEUTRON_DBPASS';

5.3创建用户

# openstack user create --domain $DOMAIN_NAME --password $NEUTRON_PASS neutron

# openstack role add --project service --user neutron admin

5.4创建Endpoint和API端点

# openstack service create --name neutron --description "OpenStack Networking" network

# openstack endpoint create --region RegionOne network public http://$HOST_NAME:9696

# openstack endpoint create --region RegionOne  network internal http://$HOST_NAME:9696

# openstack endpoint create --region RegionOne  network admin http://$HOST_NAME:9696

5.5安装neutron网络服务软件包

# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

5.6配置Neutron服务

# crudini --set /etc/neutron/neutron.conf DEFAULT core_plugin  ml2

# crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins  router

# crudini --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips  true

# crudini --set /etc/neutron/neutron.conf DEFAULT transport_url  rabbit://openstack:$NEUTRON_DBPASS@$HOST_NAME

# crudini --set /etc/neutron/neutron.conf DEFAULT auth_strategy  keystone

# crudini --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes  true

# crudini --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes  true

# crudini --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:$NEUTRON_DBPASS@$HOST_NAME/neutron

# crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_uri  http://$HOST_NAME:5000

# crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_url  http://$HOST_NAME:35357

# crudini --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers  $HOST_NAME:11211

# crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_type  password

# crudini --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name  $DOMAIN_NAME

# crudini --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name  $DOMAIN_NAME

# crudini --set /etc/neutron/neutron.conf keystone_authtoken project_name  service

# crudini --set /etc/neutron/neutron.conf keystone_authtoken username  neutron

# crudini --set /etc/neutron/neutron.conf keystone_authtoken password  $NEUTRON_PASS

# crudini --set /etc/neutron/neutron.conf nova auth_url  http://$HOST_NAME:35357

# crudini --set /etc/neutron/neutron.conf nova auth_type  password

# crudini --set /etc/neutron/neutron.conf nova project_domain_name  $DOMAIN_NAME

# crudini --set /etc/neutron/neutron.conf nova user_domain_name  $DOMAIN_NAME

# crudini --set /etc/neutron/neutron.conf nova region_name  RegionOne

# crudini --set /etc/neutron/neutron.conf nova project_name  service

# crudini --set /etc/neutron/neutron.conf nova username  nova

# crudini --set /etc/neutron/neutron.conf nova password  $NOVA_PASS

# crudini --set /etc/neutron/neutron.conf oslo_concurrency lock_path  /var/lib/neutron/tmp

# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers  flat,vlan,vxlan

# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types  vxlan

# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers  linuxbridge,l2population

# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers  port_security

# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks  $Physical_NAME

# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vlan network_vlan_ranges $Physical_NAME:$minvlan:$maxvlan

# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges  $minvlan:$maxvlan

# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset  true

# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings  $Physical_NAME:$INTERFACE_NAME

# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan  true

# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip  $INTERFACE_IP

# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population  true

# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group  true

# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver  neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

# crudini --set /etc/neutron/l3_agent.ini DEFAULT interface_driver  linuxbridge

# crudini --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver  linuxbridge

# crudini --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver  neutron.agent.linux.dhcp.Dnsmasq

# crudini --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata  true

# #/etc/neutron/metadata_agent.ini

# crudini --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host  $HOST_NAME

# crudini --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret  $METADATA_SECRET

# crudini --set /etc/nova/nova.conf neutron url  http://$HOST_NAME:9696

# crudini --set /etc/nova/nova.conf neutron auth_url  http://$HOST_NAME:35357

# crudini --set /etc/nova/nova.conf neutron auth_type  password

# crudini --set /etc/nova/nova.conf neutron project_domain_name  $DOMAIN_NAME

# crudini --set /etc/nova/nova.conf neutron user_domain_name  $DOMAIN_NAME

# crudini --set /etc/nova/nova.conf neutron region_name  RegionOne

# crudini --set /etc/nova/nova.conf neutron project_name  service

# crudini --set /etc/nova/nova.conf neutron username  neutron

# crudini --set /etc/nova/nova.conf neutron password  $NEUTRON_PASS

# crudini --set /etc/nova/nova.conf neutron service_metadata_proxy  true

# crudini --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret  $METADATA_SECRET

5.7 创建数据库

# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

5.8 启动服务和创建网桥

systemctl restart openstack-nova-api.service

systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service

systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service

#Compute节点

5.9 安装软件包

# yum install openstack-neutron-linuxbridge ebtables ipset net-tools -y

5.10 配置Neutron服务

# crudini --set /etc/neutron/neutron.conf DEFAULT transport_url  rabbit://openstack:$NEUTRON_DBPASS@$HOST_NAME

# crudini --set /etc/neutron/neutron.conf DEFAULT auth_strategy  keystone

# crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_uri  http://$HOST_NAME:5000

# crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_url  http://$HOST_NAME:35357

# crudini --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers  $HOST_NAME:11211

# crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_type  password

# crudini --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name  $DOMAIN_NAME

# crudini --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name  $DOMAIN_NAME

# crudini --set /etc/neutron/neutron.conf keystone_authtoken project_name  service

# crudini --set /etc/neutron/neutron.conf keystone_authtoken username  neutron

# crudini --set /etc/neutron/neutron.conf keystone_authtoken password  $NEUTRON_PASS

# crudini --set /etc/neutron/neutron.conf oslo_concurrency lock_path  /var/lib/neutron/tmp

# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings  provider:$INTERFACE_NAME

# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan  true

# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip $INTERFACE_IP

# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population  true

# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group  true

# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver  neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

# crudini --set /etc/nova/nova.conf neutron url  http://$HOST_NAME:9696

# crudini --set /etc/nova/nova.conf neutron auth_url  http://$HOST_NAME:35357

# crudini --set /etc/nova/nova.conf neutron auth_type  password

# crudini --set /etc/nova/nova.conf neutron project_domain_name  $DOMAIN_NAME

# crudini --set /etc/nova/nova.conf neutron user_domain_name  $DOMAIN_NAME

# crudini --set /etc/nova/nova.conf neutron region_name  RegionOne

# crudini --set /etc/nova/nova.conf neutron project_name  service

# crudini --set /etc/nova/nova.conf neutron username  neutron

# crudini --set /etc/nova/nova.conf neutron password  $NEUTRON_PASS

5.11 启动服务进而创建网桥

# systemctl restart openstack-nova-compute.service

# systemctl start neutron-linuxbridge-agent.service

# systemctl enable neutron-linuxbridge-agent.service