九、OpenStack服务-neutron（计算节点）

一、neutron计算节点安装配置

1、安装neutron计算节点软件：

[root@compute1 ~]# yum -y install openstack-neutron-linuxbridge ebtables ipset

注释：
#openstack-neutron-linuxbridge 为虚拟机创建桥接网卡
计算节点上有两个服务：
#nova-compute：提供虚拟
#neutron-linuxbridge：创建桥接网卡

2、修改配置文件：/etc/neutron/neutron.conf

1）在[database]部分，注释所有connection 项，因为计算节点不直接访问数据库。
在 “[DEFAULT]”和 “[oslo_messaging_rabbit]”部分，配置 “RabbitMQ” 消息队列的连接：

[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@controller

2）配置认证服务访问：
[DEFAULT]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
3）配置锁路径
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

自动化修改：
cp -a /etc/neutron/neutron.conf{,.bak}
grep '^[a-z\[]' /etc/neutron/neutron.conf.bak >/etc/neutron/neutron.conf

openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy  keystone
openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url  rabbit://openstack:openstack@controller
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri  http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url  http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers  controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type  password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name  default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name  default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name  service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username  neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password  neutron
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path  /var/lib/neutron/tmp

3、修改linuxbridge配置文件

自动化修改配置文件:/etc/neutron/plugins/ml2/linuxbridge_agent.ini

cp -a /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
grep '^[a-z\[]' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak >/etc/neutron/plugins/ml2/linuxbridge_agent.ini

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings  provider:eth0
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan  false
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group  true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver  neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

Ensure your Linux operating system kernel supports network bridge filters
by verifying all the following sysctl values are set to 1

net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-ip6tables

执行：
[root@compute1 ~]# vim /etc/sysctl.conf 
[root@compute1 ~]# sysctl -p
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

[root@compute1 ~]# lsmod|grep bridge
bridge                151336  1 br_netfilter
stp                    12976  1 bridge
llc                    14552  2 stp,bridge

To enable networking bridge support, typically the br_netfilter kernel
module needs to be loaded. Check your operating system’s documentation for
additional details on enabling this module.

4、为计算节点配置网络服务

修改nova配置文件 /etc/nova/nova.conf

#vim /etc/nova/nova.conf
[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS

自动化方式修改配置文件：
修改nova配置文件**/etc/nova/nova.conf**
openstack-config --set /etc/nova/nova.conf neutron url  http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url  http://controller:5000
openstack-config --set /etc/nova/nova.conf neutron auth_type  password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name  default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name  default
openstack-config --set /etc/nova/nova.conf neutron region_name  RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name  service
openstack-config --set /etc/nova/nova.conf neutron username  neutron
openstack-config --set /etc/nova/nova.conf neutron password  neutron

查看：
[root@compute1 ~]# grep '^[a-Z]' /etc/nova/nova.conf 
enabled_apis=osapi_compute,metadata
transport_url = rabbit://openstack:openstack@controller
my_ip = 192.168.223.171
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
auth_strategy = keystone
api_servers = http://controller:9292
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = nova
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
lock_path = /var/lib/nova/tmp
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = placement
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

5、启动neutron计算节点服务

[root@compute1 ~]# systemctl restart openstack-nova-compute.service
[root@compute1 ~]# systemctl enable neutron-linuxbridge-agent.service
[root@compute1 ~]# systemctl start neutron-linuxbridge-agent.service

查看启动状态：
[root@compute1 ~]# systemctl status neutron-linuxbridge-agent.service
● neutron-linuxbridge-agent.service - OpenStack Neutron Linux Bridge Agent
   Loaded: loaded (/usr/lib/systemd/system/neutron-linuxbridge-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since 日 2020-02-23 00:35:26 CST; 42s ago
  Process: 21489 ExecStartPre=/usr/bin/neutron-enable-bridge-firewall.sh (code=exited, status=0/SUCCESS)
 Main PID: 21497 (neutron-linuxbr)
    Tasks: 1
   CGroup: /system.slice/neutron-linuxbridge-agent.service
           └─21497 /usr/bin/python2 /usr/bin/neutron-linuxbridge-agent --config-file /usr/share/neu...

6、验证

[root@controller ~]# . admin-openrc 
[root@controller ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host       | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 274aab6a-66bd-4da8-9353-81f62c75bb47 | DHCP agent         | controller | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 6cca7537-071d-4e6a-9bc8-671890d4985f | Metadata agent     | controller | None              | :-)   | UP    | neutron-metadata-agent    |
| cb95211d-3102-4daf-b776-5bbef7074e35 | Linux bridge agent | controller | None              | :-)   | UP    | neutron-linuxbridge-agent |
| f740b804-cbd0-4669-83ff-7b4619b9a85e | Linux bridge agent | compute1   | None              | :-)   | UP    | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+

[root@controller ~]# openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| ID | Binary           | Host       | Zone     | Status  | State | Updated At                 |
+----+------------------+------------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth | controller | internal | enabled | up    | 2020-02-22T16:39:58.000000 |
|  2 | nova-scheduler   | controller | internal | enabled | up    | 2020-02-22T16:39:56.000000 |
|  3 | nova-conductor   | controller | internal | enabled | up    | 2020-02-22T16:39:55.000000 |
|  6 | nova-compute     | compute1   | nova     | enabled | up    | 2020-02-22T16:40:02.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+

[root@controller ~]# neutron agent-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host       | availability_zone | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 274aab6a-66bd-4da8-9353-81f62c75bb47 | DHCP agent         | controller | nova              | :-)   | True           | neutron-dhcp-agent        |
| 6cca7537-071d-4e6a-9bc8-671890d4985f | Metadata agent     | controller |                   | :-)   | True           | neutron-metadata-agent    |
| cb95211d-3102-4daf-b776-5bbef7074e35 | Linux bridge agent | controller |                   | :-)   | True           | neutron-linuxbridge-agent |
| f740b804-cbd0-4669-83ff-7b4619b9a85e | Linux bridge agent | compute1   |                   | :-)   | True           | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+