OpenStack（5）-neutron服务部署

OpenStack Networking（neutron）允许您创建由其他OpenStack服务管理的接口设备并将其连接到网络。可以实现插件以适应不同的网络设备和软件，为OpenStack架构和部署提供灵活性。

它包括以下组件：

中子服务器

接受并将API请求路由到适当的OpenStack Networking插件以进行操作。

OpenStack Networking插件和代理

插拔端口，创建网络或子网，并提供IP寻址。这些插件和代理程序因特定云中使用的供应商和技术而异。OpenStack Networking附带了用于思科虚拟和物理交换机，NEC OpenFlow产品，Open vSwitch，Linux桥接和VMware NSX产品的插件和代理。

公共代理是L3（第3层），DHCP（动态主机IP寻址）和插件代理。

消息队列

大多数OpenStack Networking安装使用它来在中子服务器和各种代理之间路由信息。还充当数据库以存储特定插件的网络状态。

OpenStack Networking主要与OpenStack Compute交互，为其实例提供网络和连接。

接下来我们进行neutron的搭建；

1.创建neutron的数据库；

mysql> CREATE DATABASE neutron;
Query OK, 1 row affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
    ->   IDENTIFIED BY '123';
Query OK, 0 rows affected, 1 warning (0.09 sec)

mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
    ->   IDENTIFIED BY '123';
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> 

2.创建neutron用户；

[root@sxb1 ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 454a19cd9fe24a32857e17a8ee8d8b40 |
| name                | neutron                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

3.将neutron添加到admin角色中；

[root@sxb1 ~]# openstack role add --project service --user neutron admin

4.创建neutron服务；

[root@sxb1 ~]# openstack service create --name neutron \
>   --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | 0c0e5eed3b9446dbb21a24fce483c665 |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+

5.简历网络服务api端点；

[root@sxb1 ~]# openstack endpoint create --region RegionOne   network public http://192.168.88.101:9696^C
[root@sxb1 ~]# openstack endpoint create --region RegionOne   network internal http://192.168.88.101:9696^C
[root@sxb1 ~]# openstack endpoint create --region RegionOne   network admin http://192.168.88.101:9696^C

6.选择Networking Option 2: Self-service networks模式；

安装相关软件；

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

7.配置neutron文件；

[root@sxb1 ~]# vim /etc/neutron/neutron.conf

[nova]
auth_url = http://192.168.88.101:5000　　　　　　需自己填写
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123

[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:[email protected]
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[database]
connection = mysql+pymysql://neutron:[email protected]/neutron

[keystone_authtoken]
www_authenticate_uri = http://192.168.88.101:5000
auth_url = http://192.168.88.101:5000
memcached_servers = 192.168.88.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

8.配置二层文件；

[root@sxb1 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population

extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = true

9.配置二层网桥；

[root@sxb1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:ens37

[vxlan]
enable_vxlan = true
local_ip = 192.168.88.101
l2_population = true

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

10.修改内核参数为1；（需加载内核参数）

[root@sxb1 ~]# modprobe br_netfilter

[root@sxb1 ~]# cat /proc/sys/net/bridge/bridge-nf-call-iptables 
1
[root@sxb1 ~]# cat /proc/sys/net/bridge/bridge-nf-call-ip6tables 
1

11.配置三层插件文件；

[root@sxb1 ~]# vim /etc/neutron/l3_agent.ini 

[DEFAULT]
interface_driver = linuxbridge

12.配置DHCP文件；

[root@sxb1 ~]# vim /etc/neutron/dhcp_agent.ini

[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

13.配置metadaba文件；

[root@sxb1 ~]# vim /etc/neutron/metadata_agent.ini 

[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = 123

14.配置nova文件；

[root@sxb1 ~]# vim /etc/nova/nova.conf 

[neutron]
url = http://192.168.88.101:9696
auth_url = http://192.168.88.101:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123
service_metadata_proxy = true
metadata_proxy_shared_secret = 123

15.生成插件配置文件，初始化数据库出现OK；

[root@sxb1 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini^C


[root@sxb1 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

16.重启nova服务；

[root@sxb1 ~]# systemctl restart openstack-nova-api.service
[root@sxb1 ~]# systemctl status openstack-nova-api.service
● openstack-nova-api.service - OpenStack Nova API Server
   Loaded: loaded (/usr/lib/systemd/system/openstack-nova-api.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2019-09-09 02:59:40 EDT; 7s ago
 Main PID: 6249 (nova-api)
   CGroup: /system.slice/openstack-nova-api.service
           ├─6249 /usr/bin/python2 /usr/bin/nova-api
           ├─6260 /usr/bin/python2 /usr/bin/nova-api
           └─6261 /usr/bin/python2 /usr/bin/nova-api

Sep 09 02:59:37 sxb1.101.com systemd[1]: Stopped OpenStack Nova API Server.
Sep 09 02:59:37 sxb1.101.com systemd[1]: Starting OpenStack Nova API Server...
Sep 09 02:59:38 sxb1.101.com nova-api[6249]: /usr/lib/python2.7/site-packages/p....
Sep 09 02:59:38 sxb1.101.com nova-api[6249]: return pkg_resources.EntryPoint.pa...)
Sep 09 02:59:40 sxb1.101.com systemd[1]: Started OpenStack Nova API Server.
Hint: Some lines were ellipsized, use -l to show in full.

17.启动neutron服务（使用status查看服务是否正常启动）；

[root@sxb1 ~]# systemctl enable neutron-server.service   neutron-linuxbridge-agent.service neutron-dhcp-agent.service   neutron-metadata-agent.service^C
[root@sxb1 ~]# systemctl start neutron-server.service   neutron-linuxbridge-agent.service neutron-dhcp-agent.service   neutron-metadata-agent.service^C

18.启动3层服务（status查看服务状态）；

[root@sxb1 ~]# systemctl restart neutron-l3-agent.service
[root@sxb1 ~]# systemctl status neutron-l3-agent.service
● neutron-l3-agent.service - OpenStack Neutron Layer 3 Agent
   Loaded: loaded (/usr/lib/systemd/system/neutron-l3-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2019-09-09 03:39:22 EDT; 2s ago
 Main PID: 8267 (/usr/bin/python)
   CGroup: /system.slice/neutron-l3-agent.service
           └─8267 /usr/bin/python2 /usr/bin/neutron-l3-agent --config-file /usr/...

Sep 09 03:39:22 sxb1.101.com systemd[1]: Started OpenStack Neutron Layer 3 Agent.
Sep 09 03:39:23 sxb1.101.com neutron-l3-agent[8267]: net_mlx5: cannot load glue ...
Sep 09 03:39:23 sxb1.101.com neutron-l3-agent[8267]: net_mlx5: cannot initialize...
Sep 09 03:39:23 sxb1.101.com neutron-l3-agent[8267]: PMD: net_mlx4: cannot load ...
Sep 09 03:39:23 sxb1.101.com neutron-l3-agent[8267]: PMD: net_mlx4: cannot initi...
Hint: Some lines were ellipsized, use -l to show in full.

到这里neutron在控制器节点的配置就完成了，接下来我们进行计算节点neutron的配置

1.安装相关的组件；

[root@sxb2 ~]# yum install openstack-neutron-linuxbridge ebtables ipset

2.配置neutron文件（database不能有配置）；

[root@sxb2 ~]# vim /etc/neutron/neutron.conf 

[DEFAULT]
transport_url = rabbit://openstack:[email protected]
auth_strategy = keystone

[keystone_authtoken]
www_authenticate_uri = http://192.168.88.101:5000
auth_url = http://192.168.88.101:5000
memcached_servers =192.168.88.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

3.Networking Option 2: Self-service networks

配置2层网络文件；

[root@sxb2 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:ens37

[vxlan]
enable_vxlan = true
local_ip = 192.168.88.102
l2_population = true

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

4.修改内核参数为1（加载模块）；

[root@sxb2 ~]# modprobe br_netfilter
[root@sxb2 ~]# cat /proc/sys/net/bridge/bridge-nf-call-iptables 
1
[root@sxb2 ~]# cat /proc/sys/net/bridge/bridge-nf-call-ip6tables 
1

5.配置计算节点nova文件；

[root@sxb2 ~]# vim /etc/nova/nova.conf

[neutron]
url = http://192.168.88.101:9696
auth_url = http://192.168.88.101:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123

6.重启nova服务，查看服务状态；

[root@sxb2 ~]# systemctl restart openstack-nova-compute.service
[root@sxb2 ~]# systemctl status openstack-nova-compute.service
● openstack-nova-compute.service - OpenStack Nova Compute Server
   Loaded: loaded (/usr/lib/systemd/system/openstack-nova-compute.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2019-09-09 04:11:23 EDT; 9s ago
 Main PID: 17327 (nova-compute)
    Tasks: 22
   CGroup: /system.slice/openstack-nova-compute.service
           └─17327 /usr/bin/python2 /usr/bin/nova-compute

Sep 09 04:11:21 sxb2.102.com systemd[1]: Stopped OpenStack Nova Compute Server.
Sep 09 04:11:21 sxb2.102.com systemd[1]: Starting OpenStack Nova Compute Server...
Sep 09 04:11:23 sxb2.102.com systemd[1]: Started OpenStack Nova Compute Server.
Hint: Some lines were ellipsized, use -l to show in full.

7.启动neutron服务，检查服务状态；

[root@sxb2 ~]# systemctl start neutron-linuxbridge-agent.service^C
[root@sxb2 ~]# systemctl status neutron-linuxbridge-agent.service^C
[root@sxb2 ~]# systemctl enable neutron-linuxbridge-agent.service^C

验证：

[root@sxb1 ~]# openstack extension list --network    可以显示就可以

[root@sxb1 ~]# openstack network agent list
+--------------------------------------+--------------------+--------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host         | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+--------------+-------------------+-------+-------+---------------------------+
| 265134cd-eb4a-4eaa-a3bd-2de3acaf9a2c | L3 agent           | sxb1.101.com | nova              | :-)   | UP    | neutron-l3-agent          |
| 3ec7350c-1aea-4e09-9bd0-91096700a577 | Linux bridge agent | sxb2.102.com | None              | :-)   | UP    | neutron-linuxbridge-agent |
| 48fa3421-ece7-46b5-b161-c5a9bc7c805c | Metadata agent     | sxb1.101.com | None              | :-)   | UP    | neutron-metadata-agent    |
| 84130651-c3cd-4242-bde4-7a940cf7fc57 | Linux bridge agent | sxb1.101.com | None              | :-)   | UP    | neutron-linuxbridge-agent |
| cc65ec28-9f19-4097-9191-287122730c92 | DHCP agent         | sxb1.101.com | nova              | :-)   | UP    | neutron-dhcp-agent        |
+--------------------------------------+--------------------+--------------+-------------------+-------+-------+---------------------------+

出现5个就没有问题了，下一章我们进行Dashboard配置