一、数据库配置(Controller节点)
用数据库连接客户端以 root 用户连接到数据库服务器:
#mysql -u root -p000000
创建neutron 数据库:
CREATE DATABASE neutron;
对neutron 数据库授予合适的访问权限
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '000000';
退出数据库客户端。
二、创建服务凭证和API端点:
1、获得 admin 凭证来获取只有管理员能执行的命令的访问权限:
. admin-openrc
2、创建neutron用户:
openstack user create --domain default --password-prompt neutron
添加admin 角色到neutron 用户:
openstack role add --project service --user neutron admin
创建neutron服务实体:
openstack service create --name neutron --description "OpenStack Networking" network
创建网络服务API端点:
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
Controller节点
1、安装Neutron组件安装包:
yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
2、修改配置文件 /etc/neutron/neutron.conf
vi /etc/neutron/neutron.conf
在[DEFAULT]部分,启用Modular Layer 2 (ML2)插件,路由服务和重叠的IP地址,配置 “RabbitMQ” 消息队列的连接,配置认证服务访问,配置网络服务来通知计算节点的网络拓扑变化:
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
在 [database] 部分,配置数据库访问:
[database]
connection = mysql+pymysql://neutron:000000@controller/neutron
在[oslo_messaging_rabbit]”部分,配置 “RabbitMQ” 消息队列的连接:
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 000000
在“[keystone_authtoken]” 部分,配置认证服务访问:
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 000000
在[nova]``部分,配置网络服务来通知计算节点的网络拓扑变化:
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 000000
在 [oslo_concurrency] 部分,配置锁路径:
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
3、配置 Modular Layer 2 (ML2) 插件,ML2插件使用Linuxbridge机制来为实例创建layer-2虚拟网络基础设施:
vi /etc/neutron/plugins/ml2/ml2_conf.ini
在[ml2]部分,启用flat,VLAN以及VXLAN网络,启用VXLAN私有网络,启用Linuxbridge和layer-2机制,启用端口安全扩展驱动,:
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
在[ml2_type_flat]部分,配置公共虚拟网络为flat网络
[ml2_type_flat]
flat_networks = provider
在[ml2_type_vxlan]部分,为私有网络配置VXLAN网络识别的网络范围:
[ml2_type_vxlan]
vni_ranges = 1:1000
在 [securitygroup]部分,启用 ipset 增加安全组规则的高效性:
[securitygroup]
enable_ipset = True
4、配置Linuxbridge代理
Linuxbridge代理为实例建立layer-2虚拟网络并且处理安全组规则。
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
在[linux_bridge]部分,将公共虚拟网络和公共物理网络接口对应起来:
[linux_bridge]
physical_interface_mappings = provider:eno16777736 #外网网卡名
在[vxlan]部分,启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2 population:
[vxlan]
enable_vxlan = True
local_ip = 192.168.100.10
l2_population = True
在 [securitygroup]部分,启用安全组并配置 Linuxbridge iptables firewall driver:
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
5、配置layer-3代理
Layer-3代理为私有虚拟网络提供路由和NAT服务
编辑/etc/neutron/l3_agent.ini文件并完成以下操作:
vi /etc/neutron/l3_agent.ini
在[DEFAULT]部分,配置Linuxbridge接口驱动和外部网络网桥:
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
#external_network_bridge选项特意设置成缺省值,这样就可以在一个代理上允许多种外部网络
配置DHCP代理¶
The DHCP agent provides DHCP services for virtual networks.
6、编辑/etc/neutron/dhcp_agent.ini文件并完成下面的操作:
vi /etc/neutron/dhcp_agent.ini
在[DEFAULT]部分,配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据,这样在公共网络上的实例就可以通过网络来访问元数据
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
7、修改配置文件/etc/neutron/metadata_agent.ini
负责提供配置信息,例如:访问实例的凭证
vi /etc/neutron/metadata_agent.ini
配置元数据主机以及共享密码
[DEFAULT]
nova_metadata_ip = controller #元数据服务器使用的IP地址
metadata_proxy_shared_secret = 000000
8、修改配置文件/etc/nova/nova.conf
vi /etc/nova/nova.conf
配置neutron访问参数
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
service_metadata_proxy = True#启用元数据代理
metadata_proxy_shared_secret = 000000
9、网络服务初始化脚本需要一个超链接 /etc/neutron/plugin.ini指向ML2插件配置文件 /etc/neutron/plugins/ml2/ml2_conf.ini
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
10、同步数据库:(忽略不推荐的信息)
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
11、启动Nutron服务并设置开机自启
#systemctl restart openstack-nova-api.service
#systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
#systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
三、安装并配置Neutron组件(Compute节点执行以下操作)
Compute节点
一、安装neutron组件安装包:
#yum -y install openstack-neutron-linuxbridge ebtables ipset
1、修改配置文件 /etc/neutron/neutron.conf
vi /etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit #启用消息队列
auth_strategy = keystone #启用keystone认证
配置消息队列
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 000000
配置认证服务访问
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 000000
配置锁路径
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
2、修改配置文件/etc/neutron/plugins/ml2/linuxbridge_agent.ini
Linuxbridge代理为实例建立layer-2虚拟网络并且处理安全组规则
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
将公共虚拟网络和公共物理网络接口对应起来
[linux_bridge]
physical_interface_mappings = provider:eno16777736 #本机外网网卡名
启用VXLAN覆盖网络
[vxlan]
enable_vxlan = True #启用代理VXLAN
local_ip = 192.168.100.20 #本机内部网络ip地址
l2_population = True #扩展使用和ML2插件的l2population机制驱动
启用安全组
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver #配置linuxbridge iptables防火墙驱动程序
3、修改配置文件/etc/nova/nova.conf
vi /etc/nova/nova.conf
配置neutron访问参数
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 000000
4、启动Neutron服务并设置开机自启
#systemctl restart openstack-nova-compute.service
#systemctl enable neutron-linuxbridge-agent.service
#systemctl start neutron-linuxbridge-agent.service
四、验证Neutron服务(Controller节点执行以下步骤)
Controller节点
. admin-openrc
neutron ext-list
列出代理以验证启动 neutron 代理是否成功
.
neutron agent-list
