参考L版本的linuxbridge的安装方式
和k版本的ovs方式结合修改
注意
systemctl stop NetworkManager
否则各种坑
[url]https://review.openstack.org/#/c/258493/1/neutron/agent/linux/ip_lib.py [/url]
☆★★★★★★★★★★★★controller node begin★★★★★★★★★★★★
■■■■■■■■安装controller节点nova begin■■■■■■■■■■■■■■■■■■■
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'vcontroller' IDENTIFIED BY 'haoning';
flush privileges;
openstack user create --password haoning nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region wuhan compute public http://vcontroller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region wuhan compute internal http://vcontroller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region wuhan compute admin http://vcontroller:8774/v2/%\(tenant_id\)s
yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient -y
-----------------
/etc/nova/nova.conf
[database]
connection = mysql://nova:haoning@vcontroller/nova
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = vcontroller
rabbit_userid = openstack
rabbit_password = haoning
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://vcontroller:5000
auth_url = http://vcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = haoning
[DEFAULT]
my_ip = 192.168.139.74
[DEFAULT]
#network_api_class = nova.network.neutronv2.api.API
#security_group_api = neutron
#linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
#firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
host = vcontroller
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[DEFAULT]
enabled_apis=osapi_compute,metadata
[DEFAULT]
verbose = True
su -s /bin/sh -c "nova-manage db sync" nova
systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
■■■■■■■■安装controller节点nova end■■■■■■■■■■■■■■■■■■■
■■■■■■■■安装compute节点nova begin■■■■■■■■■■■■■■■■■■■
yum install openstack-nova-compute sysfsutils -y
----------------
/etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = vcontroller
rabbit_userid = openstack
rabbit_password = haoning
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://vcontroller:5000
auth_url = http://vcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = haoning
[DEFAULT]
my_ip = 192.168.139.72
[DEFAULT]
vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 192.168.139.72
novncproxy_base_url = http://vcontroller:6080/vnc_auto.html
[glance]
host = vcontroller
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[DEFAULT]
verbose = True
[libvirt]
#virt_type = qemu
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
nova service-list
nova endpoints
nova image-list
■■■■■■■■安装compute节点nova end■■■■■■■■■■■■■■■■■■■■■■■
------------------------------------------------neutron------------------------------------
■■■■■■■■安装controller节点neutron begin■■■■■■■■■■■■■■■■■■■
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'vcontroller' IDENTIFIED BY 'haoning';
flush privileges;
openstack user create --password haoning neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region wuhan network public http://vcontroller:9696
openstack endpoint create --region wuhan network internal http://vcontroller:9696
openstack endpoint create --region wuhan network admin http://vcontroller:9696
yum install openstack-neutron openstack-neutron-ml2 python-neutronclient which -y
--------------------
/etc/neutron/neutron.conf
[database]
connection = mysql://neutron:haoning@vcontroller/neutron
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = vcontroller
rabbit_userid = openstack
rabbit_password = haoning
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://vcontroller:5000
auth_url = http://vcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
#################
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
[DEFAULT]
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://vcontroller:8774/v2
[nova]
auth_url = http://vcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = nova
password = haoning
[DEFAULT]
verbose = True
-------------------------
/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
-------------------
/etc/nova/nova.conf
[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[neutron]
url = http://vcontroller:9696
auth_url = http://vcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = neutron
password = haoning
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl restart openstack-nova-scheduler.service
systemctl restart openstack-nova-conductor.service
####一步一步执行,否则会有错误assert cur is not self.greenlet, 'Cannot switch to MAINLOOP from MAINLOOP
systemctl enable neutron-server.service
systemctl start neutron-server.service
neutron ext-list
-----network node---
--------------
/etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
sysctl -p
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch
------------------
/etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = vcontroller
rabbit_userid = openstack
rabbit_password = haoning
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://vcontroller:5000
auth_url = http://vcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
[DEFAULT]
verbose = True
/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch
#In the [ml2_type_flat] section, configure the external flat provider network:
[ml2_type_flat]
flat_networks = external
[ml2_type_gre]
tunnel_id_ranges = 1:1000
#In the [securitygroup] section, enable security groups, enable ipset, and configure the OVS iptables firewall driver:
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
#In the [ovs] section, enable tunnels, configure the local tunnel endpoint, and map the external flat provider network to the br-ex external network bridge:
[ovs]
local_ip = 192.168.139.74
bridge_mappings = external:br-ex
#Replace INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS with the IP address of the instance tunnels network interface on your network node.
#In the [agent] section, enable GRE tunnels:
[agent]
tunnel_types = gre
---------------
/etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge =
router_delete_namespaces = True
verbose = True
---------------
/etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
dhcp_delete_namespaces = True
verbose = True
[DEFAULT]
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
---------------------
/etc/neutron/dnsmasq-neutron.conf
dhcp-option-force=26,1454
pkill dnsmasq
-----------------------
/etc/neutron/metadata_agent.ini
[DEFAULT]
auth_uri = http://vcontroller:5000
auth_url = http://vcontroller:35357
auth_region = wuhan
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
[DEFAULT]
nova_metadata_ip = vcontroller
[DEFAULT]
metadata_proxy_shared_secret = METADATA_SECRET
[DEFAULT]
verbose = True
----------
/etc/nova/nova.conf
[neutron]
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
systemctl restart openstack-nova-api.service
systemctl enable openvswitch.service
systemctl start openvswitch.service
ovs-vsctl add-br br-ex
####ovs-vsctl add-port br-ex eth0
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-br-ex
[root@vcontroller network-scripts]# cat ifcfg-br-ex
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=no
PEERROUTES=no
IPV4_FAILURE_FATAL=no
IPV6INIT=no
NAME=br-ex
ONBOOT=yes
DEVICE=br-ex
IPADDR=192.168.139.74
NETMASK=255.255.240.0
GATEWAY=192.168.128.1
DEVICETYPE=ovs
TYPE=OVSBridge
[root@vcontroller network-scripts]# cat ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=no
PEERROUTES=no
IPV4_FAILURE_FATAL=no
IPV6INIT=no
NAME=eth0
ONBOOT=yes
DEVICE=eth0
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
TYPE=OVSPort
ip link
如果br-ex没有up起来就
ip link set br-ex up
ip link set ovs-system up
★★★★★★★★★★★★★★★★★★★
systemctl stop NetworkManager
这个很重要
systemctl disable NetworkManager
systemctl restart network
ethtool -K eth0 gro off
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
cp /usr/lib/systemd/system/neutron-openvswitch-agent.service /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig
# sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service
sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service
###??????
systemctl enable neutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-ovs-cleanup.service
systemctl start neutron-openvswitch-agent.service
systemctl start neutron-l3-agent.service
systemctl start neutron-dhcp-agent.service
systemctl start neutron-metadata-agent.service
一个一个启动,否则可能会报greenlet的协程的问题
neutron agent-list
■■■■■■■■安装controller节点neutron end■■■■■■■■■■■■■■■■■■
■■■■■■■■安装compute节点neutron begin■■■■■■■■■■■■■■■■■■
---------------------
/etc/sysctl.conf
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
sysctl -p
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y
------------------------
/etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = vcontroller
rabbit_userid = openstack
rabbit_password = haoning
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://vcontroller:5000
auth_url = http://vcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
################################
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
[DEFAULT]
verbose = True
------------------------------------
/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs]
local_ip = 192.168.139.72
[agent]
tunnel_types = gre
systemctl enable openvswitch.service
systemctl start openvswitch.service
--------------
/etc/nova/nova.conf
[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[neutron]
url = http://vcontroller:9696
auth_url = http://vcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = neutron
password = haoning
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
cp /usr/lib/systemd/system/neutron-openvswitch-agent.service /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig
# sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service
sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service
systemctl restart openstack-nova-compute.service
systemctl enable neutron-openvswitch-agent.service
systemctl start neutron-openvswitch-agent.service
neutron agent-list
■■■■■■■■安装compute节点neutron end■■■■■■■■■■■■■■■■■■■
-----例子----
neutron net-create ext-net --router:external --provider:physical_network external --provider:network_type flat
neutron net-list
#neutron subnet-create ext-net EXTERNAL_NETWORK_CIDR --name ext-subnet --allocation-pool start=FLOATING_IP_START,end=FLOATING_IP_END --disable-dhcp --gateway EXTERNAL_NETWORK_GATEWAY
#neutron subnet-create ext-net 192.168.142.0/20 --name ext-subnet --allocation-pool start=192.168.142.170,end=192.168.142.179 --disable-dhcp --gateway 192.168.128.1
neutron subnet-create ext-net 192.168.142.0/20 --name ext-subnet --allocation-pool start=192.168.142.170,end=192.168.142.179 --dns-nameserver 8.8.4.4 --gateway 192.168.128.1
ovs-vsctl show
[root@vcontroller ~(keystone_admin_v3)]# ovs-vsctl show
1df8c1b3-def6-4b23-851f-d94ed709100e
Bridge br-ex
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}
Port "eth0"
Interface "eth0"
Port br-ex
Interface br-ex
type: internal
Bridge br-int
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port int-br-ex
Interface int-br-ex
type: patch
options: {peer=phy-br-ex}
Port "tap1f149beb-f7"
tag: 1
Interface "tap1f149beb-f7"
type: internal
Bridge br-tun
fail_mode: secure
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port br-tun
Interface br-tun
type: internal
Port "gre-c0a88b48"
Interface "gre-c0a88b48"
type: gre
options: {df_default="true", in_key=flow, local_ip="192.168.139.74", out_key=flow, remote_ip="192.168.139.72"}
ovs_version: "2.4.0"
[root@vcontroller ~(keystone_admin_v3)]#
-----租户网络---
neutron net-create demo-net
#neutron subnet-create demo-net TENANT_NETWORK_CIDR --name demo-subnet --dns-nameserver DNS_RESOLVER --gateway TENANT_NETWORK_GATEWAY
neutron subnet-create demo-net 192.168.1.0/24 --name demo-subnet --dns-nameserver 8.8.4.4 --gateway 192.168.1.1
neutron net-list
neutron subnet-list
neutron router-create demo-router
neutron router-list
neutron router-interface-add demo-router demo-subnet
neutron router-port-list demo-router
neutron router-gateway-set demo-router ext-net
neutron router-port-list demo-router
ping -c 4 192.168.142.171
ip netns
-----create a vm----------
ssh-keygen -q -N ""
nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey
nova keypair-list
nova secgroup-list
nova secgroup-list-rules default
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova flavor-list
nova image-list
neutron net-list
nova secgroup-list
#nova boot --flavor m1.tiny --image cirros --nic net-id=PRIVATE_NET_ID --security-group default --key-name mykey private-instance
#nova boot --flavor m1.tiny --image cirros --nic net-id=425e9cbb-f74f-4955-8a53-8e97e59c2be4 --security-group default --key-name mykey private-instance
nova list
#Add security group rules
nova boot --flavor m1.tiny --image cirros --nic net-id=425e9cbb-f74f-4955-8a53-8e97e59c2be4 --security-group default --key-name mykey private-instance
nova list
nova get-vnc-console private-instance novnc
neutron net-list
ip netns
ip netns exec qdhcp-425e9cbb-f74f-4955-8a53-8e97e59c2be4 ssh
[email protected]
neutron floatingip-create ext-net
nova floating-ip-associate private-instance 192.168.142.172
nova list
ssh
[email protected]