CentOS 7部署OpenStack--部署Newtron
郝朝阳 DevOps视角
创建数据库
[root@controller ~]# mysql -u root -p -e "CREATE DATABASE neutron;"
Enter password:
[root@controller ~]# mysql -u root -p -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';"
Enter password:
[root@controller ~]# mysql -u root -p -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';"
Enter password:安装neutron
[root@controller ~]# yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclientebtables ipset配置neutron
同步数据库
[root@controller ~]# vim /etc/neutron/neutron.conf
729 connection = mysql://neutron:[email protected]:3306/neutron
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage--config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade
head"neutron配置其它项目
[root@controller ~]# vim /etc/neutron/neutron.conf
锁路径
20 state_path = /var/lib/neutron
使用keystone验证
92 auth_strategy = keystone配置连接keystone
716 [keystone_authtoken]
717 auth_uri = http://192.168.1.11:5000
718 auth_url = http://192.168.1.11:35357
719 auth_plugin = password
720 project_domain_id = default
721 user_domain_id = default
722 project_name = service
723 username = neutron
724 password = neutron配置连接rabbitmq
985 rabbit_host = 192.168.1.11
989 rabbit_port = 5672
1001 rabbit_userid = openstack
1005 rabbit_password = openstackNeutron相关配置
60 core_plugin = ml2
77 service_plugins = routerNova相关配置
360 notify_nova_on_port_status_changes = True
364 notify_nova_on_port_data_changes = True
367 nova_url = http://192.168.1.11:8774/v2
774[nova]
775 auth_url =http://192.168.1.11:35357
776 auth_plugin = password
777 project_domain_id = default
778 user_domain_id = default
779 region_name = RegionOne
780 project_name = service
781 username = nova
782 password = nova配置ml2_conf.ini
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
5 type_drivers = flat,vlan,gre,vxlan,geneve //支持的网络驱动
12 tenant_network_types = vlan,gre,vxlan,geneve//网络类型
18 mechanism_drivers = openvswitch,linuxbridge //底层驱动
27 extension_drivers = port_security //端口安全
67 flat_networks = physnet1 //使用单一扁平网络
120 enable_ipset = True配置linuxbridge_agent.ini
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
9 physical_interface_mappings = physnet1:eth0
16 enable_vxlan = False
51 prevent_arp_spoofing= True
56 firewall_driver =neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
60 enable_security_group = True配置dhcp_agent.ini
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
27 interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
31 dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
52 enable_isolated_metadata = True配置metadata_agent.ini
[root@controller ~]# vim /etc/neutron/metadata_agent.ini
5 auth_uri =http://192.168.1.11:5000
6 auth_url =http://192.168.1.11:35357
7 auth_region = RegionOne
8 auth_plugin = password
9 project_domain_id = default
10 user_domain_id = default
11 project_name = service
12 username = neutron
13 password = neutron
27 nova_metadata_ip = 192.168.1.1127 nova_metadata_ip = 192.168.1.11
52 metadata_proxy_shared_secret = neutron修改nova配置
[root@controller ~]# vim /etc/nova/nova.conf
3031 [neutron]
3032 url = http://192.168.1.11:9696
3033 auth_url = http://192.168.1.11:35357
3034 auth_plugin = password
3035 project_domain_id = default
3036 user_domain_id = default
3037 region_name = RegionOne
3038 project_name = service
3039 username = neutron
3040 password = neutron
3048 service_metadata_proxy=true
3052 metadata_proxy_shared_secret=neutron
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini/etc/neutron/plugin.ini创建用户
[root@controller ~]# openstack user create --domain default--password=neutron neutron
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id |33d0790e74e24a4bb0de3b21263155a5 |
| name | neutron |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user neutron admin注册服务
[root@controller ~]# openstack service create --name neutron--description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id |a057284a51ae4ea896fce082d0242fa6 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network public http://192.168.1.11:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id |77d289a63ccf4fa289a42f3ebba18fad |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id |a057284a51ae4ea896fce082d0242fa6 |
| service_name | neutron |
| service_type | network |
| url |http://192.168.1.11:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network internal http://192.168.1.11:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id |571a7fb989f14efb9db43c20a03e3aff |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id |a057284a51ae4ea896fce082d0242fa6 |
| service_name | neutron |
| service_type | network |
| url |http://192.168.1.11:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network admin http://192.168.1.11:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id |008aac0f57e64e3084a76c2743f6c096 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id |a057284a51ae4ea896fce082d0242fa6 |
| service_name | neutron |
| service_type | network |
| url |http://192.168.1.11:9696 |
+--------------+----------------------------------+启动服务
[root@controller ~]# systemctl restart openstack-nova-api
[root@controller ~]# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service \
neutron-dhcp-agent.service \
neutron-metadata-agent.service
[root@controller ~]# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service \
neutron-dhcp-agent.service \
neutron-metadata-agent.service查看验证
[root@controller ~]# neutron agent-list
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| 41bcc4cb-dea4-4a4d-9ffa-18209c746762 | Metadata agent | controller | :-) | True | neutron-metadata-agent |
| 5c7c894f-5260-49d7-9da4-c90c0a591fb6 | DHCP agent | controller | :-) | True | neutron-dhcp-agent |
| 7df41d2f-f4a6-42cc-a761-83d9eab0a0f0 | Linux bridge agent | controller| :-) | True | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+