作者:【吴业亮】云计算开发工程师
博客:http://blog.csdn.net/wylfengyujiancheng
1、创建neutron数据库
# mysql -uroot -pChangeme_123 -e "CREATE DATABASE neutron;"
注意:Changeme_123为数据库root密码
2、创建数据库用户并赋予权限
# mysql -uroot -pChangeme_123 -e "GRANT ALL PRIVILEGES ON neutron.* TO \ 'neutron'@'localhost' IDENTIFIED BY 'Changeme_123';"
# mysql -uroot -pChangeme_123 -e "GRANT ALL PRIVILEGES ON neutron.* TO \ 'neutron'@'%' IDENTIFIED BY 'Changeme_123';"
注意:将Changeme_123替换为自己的密码
3、创建neutron用户及赋予admin权限
# openstack user create neutron --password Changeme_123
# openstack role add --project service --user neutron admin
注意:将Changeme_123替换为自己的密码
4、创建network服务
# openstack service create --name neutron --description "OpenStack Networking" network
5、创建endpoint
# openstack endpoint create --region RegionOne network public http://${HOSTNAME}:9696
# openstack endpoint create --region RegionOne network internal http://${HOSTNAME}:9696
# openstack endpoint create --region RegionOne network admin http://${HOSTNAME}:9696
6、安装neutron相关软件
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient -y
7、配置neutron配置文件/etc/neutron/neutron.conf
# openstack-config --set /etc/neutron/neutron.conf database connection mysql://neutron:Changeme_123@${HOSTNAME}/neutron
# openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
# openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
# openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
# openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
# openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host ${HOSTNAME}
# openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
# openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password Changeme_123
# openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://${HOSTNAME}:5000
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://${HOSTNAME}:35357
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_plugin password
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_id default
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_id default
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password Changeme_123
# openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
# openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_url http://${HOSTNAME}:8774/v2
# openstack-config --set /etc/neutron/neutron.conf nova auth_url http://${HOSTNAME}:35357
# openstack-config --set /etc/neutron/neutron.conf nova auth_plugin password
# openstack-config --set /etc/neutron/neutron.conf nova project_domain_id default
# openstack-config --set /etc/neutron/neutron.conf nova user_domain_id default
# openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
# openstack-config --set /etc/neutron/neutron.conf nova project_name service
# openstack-config --set /etc/neutron/neutron.conf nova username nova
# openstack-config --set /etc/neutron/neutron.conf nova password Changeme_123
# openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
# openstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True
8、配置/etc/neutron/plugins/ml2/ml2_conf.
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks public
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True
9、配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini。
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings public:ETH1_IP
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan True
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip ETH1_IP
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population True
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini agent prevent_arp_spoofing True
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
注意将ETH1_IP替换为eth1的IP。
10、配置 /etc/neutron/l3_agent.ini
# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge
# # openstack-config --set /etc/neutron/l3_agent.ini DEFAULT verbose True
11、配置/etc/neutron/dhcp_agent.ini
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT verbose True
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
12、将dhcp-option-force=26,1450写入/etc/neutron/dnsmasq-neutron.conf
# echo "dhcp-option-force=26,1450" >/etc/neutron/dnsmasq-neutron.conf
13、配置/etc/neutron/metadata_agent.ini
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_uri http://${HOSTNAME}:5000
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_url http://${HOSTNAME}:35357
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_region RegionOne
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_plugin password
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT project_domain_id default
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT user_domain_id default
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT project_name service
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT username neutron
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT password Changeme_123
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip ${HOSTNAME}
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret Changeme_123
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT verbose True
14、配置/etc/nova/nova.conf
# openstack-config --set /etc/nova/nova.conf neutron url http://${HOSTNAME}:9696
# openstack-config --set /etc/nova/nova.conf neutron auth_url http://${HOSTNAME}:35357
# openstack-config --set /etc/nova/nova.conf neutron auth_plugin password
# openstack-config --set /etc/nova/nova.conf neutron project_domain_id default
# openstack-config --set /etc/nova/nova.conf neutron user_domain_id default
# openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
# openstack-config --set /etc/nova/nova.conf neutron project_name service
# openstack-config --set /etc/nova/nova.conf neutron username neutron
# openstack-config --set /etc/nova/nova.conf neutron password Changeme_123
# openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy True
# openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret Changeme_123
15、创建链接
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
16、同步数据库
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file \
/etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
17、重启nova服务
# systemctl restart openstack-nova-api.service
18、重启neutron服务并设置开机启动
# systemctl enable neutron-server.service neutron-linuxbridge-agent.service \
neutron-dhcp-agent.service neutron-metadata-agent.service
# systemctl start neutron-server.service neutron-linuxbridge-agent.service \
neutron-dhcp-agent.service neutron-metadata-agent.service
19、启动neutron-l3-agent.service并设置开机启动
# systemctl enable neutron-l3-agent.service
# systemctl start neutron-l3-agent.service
20、验证
# source /root/admin-openrc.sh
# neutron ext-list
# neutron agent-list
21、创建demo-key
# source /root/demo-openrc.sh
# nova keypair-add demo-key
22、设置安全组规则
# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
23、创建虚拟机外出网段
# source /root/admin-openrc.sh
# neutron net-create public --shared -- \
provider:physical_network public --provider:network_type flat
24、创建public子网
# neutron subnet-create public 192.168.80.0/24 --name public --allocation-pool \ start=192.168.80.10,end=192.168.8.200 --dns-nameserver 8.8.8.8 --gateway 192.168.80.1
25、创建租户网络
# source /root/demo-openrc.sh
# neutron net-create private
26、创建租户网络子网
# neutron subnet-create private 10.10.10.0/24 --name private \
--dns-nameserver 8.8.8.8 --gateway 10.10.10.1
27、修改public为共享
# source /root/admin-openrc.sh
# neutron net-update public --router:external
28、创建路由器
# source /root/demo-openrc.sh
# neutron router-create router
29、将public和private网络绑定到路由器上
# neutron router-interface-add router private
# neutron router-gateway-set router public
30、验证
# source /root/admin-openrc.sh
# neutron router-port-list router