1.架构图

openstack自服务网络_openstack自服务网络

openstack自服务网络_openstack自服务网络_02

https://blog.51cto.com/taowenwu/5169584部署的基础上,进行自服务网络的配置

2.控制节点

官方文档参考:​​https://docs.openstack.org/neutron/rocky/install/controller-install-option2-rdo.html​

2.1.安装包

yum install openstack-neutron openstack-neutron-ml2 \
  openstack-neutron-linuxbridge ebtables

2.2.配置文件

/etc/neutron/neutron.conf
[root@control1 ~]#  grep -Ev "^(#|$)" /etc/neutron/neutron.conf |grep -v -B 1 "^\["
[DEFAULT]
core_plugin = ml2
service_plugins = router     #路由
transport_url = rabbit://openstack:openstack123@192.168.47.28
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
allow_overlapping_ips = true #表示允许创建重复网段,表示A创建一个是私网,B就也能创建同样的
--
[database]
connection = mysql+pymysql://neutron:neutron123@192.168.47.28/neutron
[keystone_authtoken]
www_authenticate_uri = http://192.168.47.23:5000
auth_url = http://192.168.47.23:5000
memcached_servers = 192.168.47.28:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
--
[nova]
auth_url = http://192.168.47.23:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
/etc/neutron/plugins/ml2/ml2_conf.ini
[root@control1 ~]# grep -Ev "^(#|$)"  /etc/neutron/plugins/ml2/ml2_conf.ini |grep -v -B 1 "^\["
[ml2]
type_drivers = flat,vlan,vxlan 
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = internal,external
--
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@control1 ~]#  grep -Ev "^(#|$)" /etc/neutron/plugins/ml2/linuxbridge_agent.ini |grep -v -B 1 "^\["
[linux_bridge]
physical_interface_mappings = internal:eth1,external:eth0
--
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = true
local_ip = 192.168.47.23 #宿主机ip地址
l2_population = true
/etc/neutron/l3_agent.ini
[root@control1 ~]# grep -Ev "^(#|$)" /etc/neutron/l3_agent.ini |grep -v -B 1 "^\["
[DEFAULT]
interface_driver =linuxbridge

2.3重启服务

systemctl restart neutron-server.service neutron-linuxbridge-agent.service \
neutron-dhcp-agent.service neutron-metadata-agent.service

3.计算节点

官方文档参考:​​https://docs.openstack.org/neutron/rocky/install/compute-install-rdo.html​

3.1安装包

yum list  openstack-neutron-linuxbridge ebtables ipset

3.2.配置文件

[root@node1 ~]# grep -Ev "^(#|$)" /etc/neutron/plugins/ml2/linuxbridge_agent.ini |grep -v -B 1 "^\["
[linux_bridge]
physical_interface_mappings = internal:eth1,external:eth0
--
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = true
local_ip = 192.168.47.26 #当前物理网卡的ip地址
l2_population =true
[root@node2 ~]# grep -Ev "^(#|$)" /etc/neutron/plugins/ml2/linuxbridge_agent.ini |grep -v -B 1 "^\["
[linux_bridge]
physical_interface_mappings = internal:eth1,external:eth0
--
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = true
local_ip = 192.168.47.27
l2_population =true

3.3重启服务

systemctl restart neutron-linuxbridge-agent.service

4.控制端web界面配置

现在用三层需要打开,全部改为true

/etc/openstack-dashboard/local_settings 

OPENSTACK_NEUTRON_NETWORK = {
    'enable_router': True,
    'enable_quotas': True,
    'enable_distributed_router': True,
    'enable_ha_router': True,
    'enable_lb': True,
    'enable_firewall': True,
    'enable_vpn': True,
    'enable_fip_topology_check': True,
}
systemctl restart httpd
systemctl enable neutron-l3-agent.service && systemctl restart neutron-l3-agent.service

5.验证

[root@control1 ~]# neutron agent-list

openstack自服务网络_openstack自服务网络_03

6.创建网络

6.1.网络规划

admin:10.10.0.0./24  10.10.0.1~10.10.0.254
demo: 10.10.0.0./24  10.10.0.1~10.10.0.254
创建外部和内部网络
source admin.sh
#外部网络
openstack network create  --share --external \
--provider-physical-network external \
--provider-network-type flat external-net

openstack subnet create --network external-net \
--allocation-pool start=192.168.47.100,end=192.168.47.120 \
--dns-nameserver 192.168.47.2 --gateway 192.168.47.2 \
--subnet-range 192.168.47.0/24 external-sub

#内部网络
neutron net-create --shared  --provider:physical_network internal  \
--provider:network_type flat internal-net

neutron subnet-create --name internal-subnet  \
--allocation-pool start=10.0.1.30,end=10.0.1.40  \
--dns-nameserver 192.168.47.2 internal-net 10.0.1.0/24

6.2.admin创建网络

source admin.sh
#创建网络名称
openstack network create admin-net
#创建子网
openstack subnet create --network admin-net  \
--dns-nameserver 192.168.47.2 --gateway 10.10.0.1 \
--subnet-range 10.10.0.0/24 admin-sub  #admin-sub 子网名称

#创建路由
openstack router create admin-router
#路由器添加子网接口,一个关联到虚拟主机,一个关联到物理网卡
neutron router-interface-add admin-router  admin-sub     #关联到子网
#关联到网关 
neutron router-gateway-set admin-router external-net     #external-net是外网

6.3.demo创建网络

source demo.sh
openstack network create demo-net
openstack subnet create --network demo-net  \
--dns-nameserver 192.168.47.2 --gateway 10.10.0.1 \
--subnet-range 10.10.0.0/24 demo-sub  
  
#路由
openstack router create demo-router
neutron router-interface-add demo-router  demo-sub 
neutron router-gateway-set demo-router external-net

6.4查看

#列出网络命名空间
[root@openstack1 ~]#  ip netns

#列出路由器上的端口来确定公网网关的IP 地址
neutron router-port-list demo-router
neutron router-port-list admin-router


[root@control1 ~]# openstack network list
+--------------------------------------+--------------+--------------------------------------+
| ID                                   | Name         | Subnets                              |
+--------------------------------------+--------------+--------------------------------------+
| 37488025-b5ee-4104-b2db-fbe154b22149 | external-net | 817f84a4-0732-40f0-bd98-80cfcd5ce6f1 |
| b81b4324-2507-44fb-804f-7f17f0b694ad | admin-net    | 041cd1b9-5dda-4405-b288-05571f5acd00 |
| e39b5c49-b5cc-4dd7-b583-b6720a7538d8 | demo-net     | d2c26f73-eff5-4a55-9657-65fbbfb9ecf0 |
+--------------------------------------+--------------+--------------------------------------+

openstack自服务网络_openstack自服务网络_04

openstack自服务网络_openstack自服务网络_05

7.遇到错误

7.1.执行 openstack network create admin-net 遇到以下错误

Error while executing command: HttpException: 503, Unable to create the network. No tenant network is available for allocation.

openstack自服务网络_openstack自服务网络_06

仔细检查/etc/neutron/plugins/ml2/ml2_conf.ini配置文件

openstack自服务网络_openstack自服务网络_07

参考:​​https://blog.csdn.net/weixin_34343308/article/details/85754789?spm=1001.2101.3001.6650.1&utm_medium=distribute.pc_relevant.none-task-blog-2%7Edefault%7ECTRLIST%7ERate-1.pc_relevant_antiscanv2&depth_1-utm_source=distribute.pc_relevant.none-task-blog-2%7Edefault%7ECTRLIST%7ERate-1.pc_relevant_antiscanv2&utm_relevant_index=2​

7.2创建实例出现以下问题

Failed to allocate the network(s), not rescheduling.].

openstack自服务网络_openstack自服务网络_08