Networking服务
neutron server节点
在实际部署的架构中,neutron的部署架构可以分为三个角色,即neutron server(neutron服务器)、network node(网络节点)和compute node(计算节点),这里先部署neutron服务器。
安装所需软件包
此处配置的为neutron server服务,根据此前的规划,这里将其部署在控制节点上。
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 python-neutronclient
创建neutron数据库
[root@controller ~]# openstack-db --init --service neutron --password neutron
#neutron 需事先导入数据库表,因为其服务启动时会自动创建,所有以上命令报错直接无视
在keystone中创建neutron 用户
[root@controller ~]# keystone user-create --name neutron --pass neutron --email neutron@scholar.com
[root@controller ~]# keystone user-role-add --user neutron --tenant service --role admin
创建neutron服务及访问端点
[root@controller ~]# keystone service-create --name neutron --type network --description "OpenStack Networking"
[root@controller ~]# keystone endpoint-create \
> --service-id $(keystone service-list | awk '/ network / {print $2}') \
> --publicurl http://controller:9696 \
> --adminurl http://controller:9696 \
> --internalurl http://controller:9696
配置neutron server
配置 neutron连接数据库的URL
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf database connection \
> mysql://neutron:neutron@controller/neutron
配置neutron server连入keystone
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \
> auth_strategy keystone
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
> auth_uri http://controller:5000
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
> auth_host controller
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
> auth_protocol http
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
> auth_port 35357
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
> admin_tenant_name service
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
> admin_user neutron
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
> admin_password neutron
配置neutron server使用的消息队列服务
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \
> rpc_backend neutron.openstack.common.rpc.impl_qpid
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \
> qpid_hostname controller
配置neutron server通知compute节点相关网络定义的改变
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \
> notify_nova_on_port_status_changes True
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \
> notify_nova_on_port_data_changes True
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \
> nova_url http://controller:8774/v2
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \
> nova_admin_username nova
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \
> nova_admin_tenant_id $(keystone tenant-list | awk '/ service / { print $2 }')
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \
> nova_admin_password nova
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \
> nova_admin_auth_url http://controller:35357/v2.0
配置使用Modular Layer 2 (ML2)插件及相关服务
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \
> core_plugin ml2
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \
> service_plugins router
配置ML2(Modular Layer 2)插件
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
> type_drivers gre
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
> tenant_network_types gre
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
> mechanism_drivers openvswitch
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre \
> tunnel_id_ranges 1:1000
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \
> firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \
> enable_security_group True
#注意:如果需要ml2支持更多的驱动类型,可将上面一组中的命令的第一个和第二个分别更换为:
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers local,flat,vlan,gre,vxlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vlan,gre,vxlan
配置Compute服务
[root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT \
> network_api_class nova.network.neutronv2.api.API
[root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT \
> neutron_url http://controller:9696
[root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT \
> neutron_auth_strategy keystone
[root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT \
> neutron_admin_tenant_name service
[root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT \
> neutron_admin_username neutron
[root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT \
> neutron_admin_password neutron
[root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT \
> neutron_admin_auth_url http://controller:35357/v2.0
[root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT \
> linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
[root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT \
> firewall_driver nova.virt.firewall.NoopFirewallDriver
[root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT \
> security_group_api neutron
创建连接文件
Networking服务初始化脚本需要通过符号链接文件/etc/neutron/plugin.ini链接至选择使用的插件
[root@controller neutron]# ln -s plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
重启服务
[root@controller ~]# for svc in api scheduler conductor; \
> do service openstack-nova-${svc} restart;done
启动服务
[root@controller ~]# service neutron-server start
Starting neutron: [ OK ]
[root@controller ~]# chkconfig neutron-server on
Network节点
配置内核网络参数
[root@network ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
[root@network ~]# sysctl -p
安装所需软件包
[root@network ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch
配置连入keystone
[root@network ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \
> auth_strategy keystone
[root@network ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
> auth_uri http://controller:5000
[root@network ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
> auth_host controller
[root@network ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
> auth_protocol http
[root@network ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
> auth_port 35357
[root@network ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
> admin_tenant_name service
[root@network ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
> admin_user neutron
[root@network ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
> admin_password neutron
配置其使用的消息队列服务
[root@network ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \
> rpc_backend neutron.openstack.common.rpc.impl_qpid
[root@network ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \
> qpid_hostname controller
配置使用ML2
[root@network ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \
> core_plugin ml2
[root@network ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \
> service_plugins router
配置Layer-3 (L3) agent
[root@network ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT \
> interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
[root@network ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT \
> use_namespaces True
配置DHCP agent
[root@network ~]# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT \
> interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
[root@network ~]# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT \
> dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
[root@network ~]# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT \
> use_namespaces True
配置neutron中dhcp服务使用自定义配置文件
[root@network ~]# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT \
> dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf
#创建配置文件
[root@network ~]# vim /etc/neutron/dnsmasq-neutron.conf
dhcp-option-force=26,1454
配置metadata agent
[root@network ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
> auth_url http://controller:5000/v2.0
[root@network ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
> auth_region regionOne
[root@network ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
> admin_tenant_name service
[root@network ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
> admin_user neutron
[root@network ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
> admin_password neutron
[root@network ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
> nova_metadata_ip controller
[root@network ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
> metadata_proxy_shared_secret METADATA_SECRET
在控制节点上执行如下命令,其中的METADATA_SECRET要替换成与前面选择的相关的密码
[root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT \
> service_neutron_metadata_proxy true
[root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT \
> neutron_metadata_proxy_shared_secret METADATA_SECRET
[root@controller ~]# service openstack-nova-api restart
Stopping openstack-nova-api: [ OK ]
Starting openstack-nova-api: [ OK ]
配置ML2插件
运行如下命令配置ML2插件,其中10.0.10.125为隧道接口的地址
[root@network ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
> type_drivers gre
[root@network ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
> tenant_network_types gre
[root@network ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
> mechanism_drivers openvswitch
[root@network ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre \
> tunnel_id_ranges 1:1000
[root@network ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs \
> local_ip 10.0.10.125
[root@network ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs \
> tunnel_type gre
[root@network ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs \
> enable_tunneling True
[root@network ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \
> firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[root@network ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \
> enable_security_group True
配置Open vSwitch服务
#启动服务
[root@network ~]# service openvswitch start
[root@network ~]# chkconfig openvswitch on
#添加桥设备
[root@network ~]# ovs-vsctl add-br br-int
#添加外部桥
[root@network ~]# ovs-vsctl add-br br-ex
#为外部桥添加外部网络接口,其中eth1为实际的外部物理接口
[root@network ~]# ovs-vsctl add-port br-ex eth1
#修改桥设备br-ex的bridge-id的属性值为br-ex
[root@network ~]# ovs-vsctl br-set-external-id br-ex bridge-id br-ex
配置并启动服务
[root@network ~]# cd /etc/neutron/
[root@network neutron]# ln -s plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@network ~]# cp /etc/init.d/neutron-openvswitch-agent /etc/init.d/neutron-openvswitch-agent.orig
[root@network ~]# sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' /etc/init.d/neutron-openvswitch-agent
[root@network ~]# for svc in openvswitch-agent l3-agent dhcp-agent metadata-agent; \
> do service neutron-${svc} start; chkconfig neutron-${svc} on; done
Starting neutron-openvswitch-agent: [ OK ]
Starting neutron-l3-agent: [ OK ]
Starting neutron-dhcp-agent: [ OK ]
Starting neutron-metadata-agent: [ OK ]
