本操作在控制节点上完成
在keystone中添加用户及服务
添加neutron用户
root@controller ~(keystone)# openstack user create --domain default --project service --password root neutron
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 2fae0cd7579441f88cab61f4291bfd17 |
| domain_id | default |
| enabled | True |
| id | 9096dfa8801342a39393fb9e1c028903 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
为用户添加管理员角色
root@controller ~(keystone)# openstack role add --project service --user neutron admin
创建服务
root@controller ~(keystone)# openstack service create --name neutron --description "OpenStack Networking service" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking service |
| enabled | True |
| id | 55d64b0169344760acbafb3a0c22c3c0 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
创建nentron服务endpoint(public,internal,admin)
root@controller ~(keystone)# openstack endpoint create --region RegionOne network public http://10.0.0.7:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 098d368ae5d84927b2f6ee25a5a66b4c |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 55d64b0169344760acbafb3a0c22c3c0 |
| service_name | neutron |
| service_type | network |
| url | http://10.0.0.7:9696 |
+--------------+----------------------------------+
root@controller ~(keystone)# openstack endpoint create --region RegionOne network internal http://10.0.0.7:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 05a979c037cf46afb2ce096ab737f5f5 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 55d64b0169344760acbafb3a0c22c3c0 |
| service_name | neutron |
| service_type | network |
| url | http://10.0.0.7:9696 |
+--------------+----------------------------------+
root@controller ~(keystone)# openstack endpoint create --region RegionOne network admin http://10.0.0.7:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3e34074e55e6404fbe390298f6f5e88c |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 55d64b0169344760acbafb3a0c22c3c0 |
| service_name | neutron |
| service_type | network |
| url | http://10.0.0.7:9696 |
+--------------+----------------------------------+
为neutron添加数据库
root@controller ~(keystone)# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 726
Server version: 10.0.38-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database neutron_ml2;
Query OK, 1 row affected (0.18 sec)
MariaDB [(none)]> grant all privileges on neutron_ml2.* to neutron@'localhost' identified by 'root';
Query OK, 0 rows affected (0.18 sec)
MariaDB [(none)]> grant all privileges on neutron_ml2.* to neutron@'%' identified by 'root';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
安装配置neutron
安装neutron服务软件包
root@controller ~(keystone)# apt -y install neutron-server neutron-metadata-agent neutron-plugin-ml2 python-neutronclient
由于官方配置文件修改较为麻烦,这里直接创建一个新的配置文件
root@controller ~(keystone)# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.org
root@controller ~(keystone)# vi /etc/neutron/neutron.conf
# 添加以下内容,保存退出
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
dhcp_agent_notification = True
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
transport_url = rabbit://openstack:root@controller
[agent]
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = root
[database]
connection = mysql+pymysql://neutron:root@controller/neutron_ml2
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = root
[oslo_concurrency]
lock_path = $state_path/tmp
因为配置文件是新建的,这里把权限加回去
root@controller ~(keystone)# chmod 640 /etc/neutron/neutron.conf
root@controller ~(keystone)# chgrp neutron /etc/neutron/neutron.conf
修改元数据代理配置
root@controller ~(keystone)# vi /etc/neutron/metadata_agent.ini
# 第22行:去掉注释并添加控制节点IP
nova_metadata_host = 10.0.0.7
# 第34行:去掉注释并输入元数据代理共享密码
metadata_proxy_shared_secret = metadata_secret
# 第260行:去掉注释并添加控制节点IP
memcache_servers = 10.0.0.7:11211
修改二层插件配置,使用OVS作为虚拟交换机
root@controller ~(keystone)# vi /etc/neutron/plugins/ml2/ml2_conf.ini
# 第129行:添加相应设置(tenant_network_types设置暂时留空,之后会设置)
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
# 第262行:去掉注释并添加firewall_driver
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
# 最后一行:取消注释
enable_ipset = True
修改nova配置文件
root@controller ~(keystone)# vi /etc/nova/nova.conf
# 把以下设置添加到[DEFAULT]栏目里
use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
# 在配置文件最后添加新的栏目并填写以下设置,元数据代理共享密码要跟之前设置的一样
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = root
service_metadata_proxy = True
metadata_proxy_shared_secret = metadata_secret
创建链接文件、同步数据库、重启服务
创建链接文件
root@controller ~(keystone)# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步数据库
root@controller ~(keystone)# su -s /bin/bash neutron -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head"
...
...
INFO [alembic.runtime.migration] Running upgrade f83a0b2964d0 -> fd38cd995cc0, change shared attribute for firewall resource
OK
重启相关服务并设置自启动
root@controller ~(keystone)# systemctl restart neutron-server neutron-metadata-agent nova-api
root@controller ~(keystone)# systemctl enable neutron-server neutron-metadata-agent
Synchronizing state of neutron-server.service with SysV init with /lib/systemd/systemd-sysv-install...
Executing /lib/systemd/systemd-sysv-install enable neutron-server
Synchronizing state of neutron-metadata-agent.service with SysV init with /lib/systemd/systemd-sysv-install...
Executing /lib/systemd/systemd-sysv-install enable neutron-metadata-agent