控制器节点安装和配置网络服务
部署条件:在配置OpenStack连网(neutron)服务之前,必须创建数据库、服务凭据和API端点。
1、创建数据库
1)使用数据库访问客户端作为root连接到数据库服务器:
mysql -u root -p123
2)创建neutron数据库:
CREATE DATABASE neutron;
3)授予对neutron数据库的正确访问权限,用合适的密码:
GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron’@’%’ IDENTIFIED BY ‘abc123’;
GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron’@’%’ IDENTIFIED BY ‘abc123’;
4)刷新权限
FLUSH PRIVILEGES;
5)退出数据库
QUIT
2、创建服务凭据
1)来源的管理凭证,以获得访问只有管理CLI命令:
. admin-openrc
2)创建neutron用户,密码abc123:
openstack user create --domain default --password-prompt neutron
3)添加admin 角色到neutron 用户:
openstack role add --project service --user neutron admin4)创建neutron
服务实体:
openstack service create --name neutron
–description “OpenStack Networking” network
5)创建网络服务API端点:
openstack endpoint create --region RegionOne
network public http://controller:9696
openstack endpoint create --region RegionOne
network internal http://controller:9696
openstack endpoint create --region RegionOne
network admin http://controller:9696
3、安装并配置网络组件
1)安装组件
yum install openstack-neutron
openstack-neutron-ml2
openstack-neutron-linuxbridge
ebtables
2)配置服务组件。修改/etc/neutron/neutron.conf配置文件
cd /etc/neutron/
cp neutron.conf neutron.conf.bak
egrep -v “$|#” neutron.conf.bak > neutron.confvi neutron.conf
配置数据库访问:
[database]
connection = mysql+pymysql://neutron:abc123@controller/neutron启用ML2插件并禁用其他插件:
[DEFAULT]
core_plugin = ml2
service_plugins =配置 “RabbitMQ” 消息队列的连接:
[DEFAULT]
transport_url = rabbit://openstack:abc123@controller配置认证服务访问:
[DEFAULT]
auth_strategy = keystone[keystone_authtoken]
auth_url = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = abc123配置网络服务来通知计算节点的网络拓扑变化:
[DEFAULT]
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True[nova]
auth_url = http://controller:35357 auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = nova
password = abc123[oslo_concurrency]
lock_path = /var/lib/neutron/tmp //配置锁定路径保存退出
4、配置 Modular Layer 2 (ML2) 插件
ML2插件使用Linuxbridge机制来为实例创建layer-2虚拟网络基础设施cp ml2_conf.ini ml2_conf.ini.bak
egrep -v “$|#” ml2_conf.ini.bak > ml2_conf.inivi ml2_conf.ini
[ml2]
type_drivers = flat,vlan //启用flat和VLAN网络
tenant_network_types = //禁用私有网络
mechanism_drivers = linuxbridge //启用Linuxbridge机制
extension_drivers = port_security //启用端口安全扩展驱动[ml2_type_flat]
flat_networks = provider //配置公共虚拟网络为flat网络[securitygroup]
enable_ipset = True //启用 ipset 增加安全组规则的高效性保存
5、配置linuxbridge代理
Linuxbridge代理为实例建立layer-2虚拟网络并且处理安全组规则。cd /etc/neutron/plugins/ml2/
cp linuxbridge_agent.ini linuxbridge_agent.ini.bak
egrep -v “$|#” linuxbridge_agent.ini.bak >linuxbridge_agent.ini
vi linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens34
//将公共虚拟网络和公共物理网络接口对应起来[securitygroup] //启用安全组并配置Linux桥接iptables防火墙驱动
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver[vxlan]
enable_vxlan = False //禁止VXLAN覆盖网络6、配置DHCP代理
cd /etc/neutron/
cp dhcp_agent.ini dhcp_agent.ini.bak
egrep -v “$|#” dhcp_agent.ini.bak > dhcp_agent.inivi dhcp_agent.ini
配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据,这样在公共网络上的实例就可以通过网络来访问元数据
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True7、配置元数据代理
metadata_agent元数据负责提供配置信息,例如:访问实例的凭证
编辑/etc/neutron/metadata_agent.ini 文件
cd /etc/neutron/
cp metadata_agent.ini metadata_agent.ini.bak
egrep -v “^ $|^#” metadata_agent.ini.bak > metadata_agent.inivi metadata_agent.ini
[DEFAULT]
nova_metadata_ip = controller //配置元数据主机
metadata_proxy_shared_secret = mate //配置元数据代理共享密码,自定义8、为计算节点配置网络服务
1)编辑/etc/nova/nova.conf文件
cd /etc/nova/
cp nova.conf nova.conf.novavi nova.conf
[neutron] //配置网络服务模块及认证服务,启用元数据代理并设置密码
url = http://controller:9696 auth_url = http://controller:35357 auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = abc123
service_metadata_proxy = True
metadata_proxy_shared_secret = mate
2)网络服务初始化脚本需要一个超链接 /etc/neutron/plugin.ini指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
3)填充数据库:
su -s /bin/sh -c “neutron-db-manage
–config-file /etc/neutron/neutron.conf
–config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head” neutron
4)重新启动Compute API服务:
systemctl restart openstack-nova-api.service
5)启动网络服务,并将其配置为在系统启动时启动。
systemctl enable neutron-server.service
neutron-linuxbridge-agent.service
neutron-dhcp-agent.service
neutron-metadata-agent.service
systemctl start neutron-server.service
neutron-linuxbridge-agent.service
neutron-dhcp-agent.service
neutron-metadata-agent.service
6)对网络选项2,同样启用并启动layer-3服务:
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
7)验证安装结果
neutron ext-list
openstack network agent list
neutron agent-list
———————以上都是控制节点中操作———————
网络服务neutron计算节点的安装及配置
1、安装组件
yum install openstack-neutron-linuxbridge ebtables ipset -y
2、配置通用组件
cd /etc/neutron/
cp neutron.conf neutron.conf.bak
egrep -v “$|#” neutron.conf.bak > neutron.conf
vi neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:abc123@controller //配置 “RabbitMQ” 消息队列的连接
auth_strategy = keystone //配置认证服务访问
[keystone_authtoken] //配置认证服务访问
auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = abc123
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp //配置锁路径
3、配置网络选项
选择与之前在控制节点上选择的相同的网络选项。
(1)配置Linuxbridge代理:
cd /etc/neutron/plugins/ml2/
cp linuxbridge_agent.ini linuxbridge_agent.ini.bak
egrep -v “$|#” linuxbridge_agent.ini.bak >linuxbridge_agent.ini
vi linuxbridge_agent.ini
[linux_bridge] //将公共虚拟网络和公共物理网络接口对应起来
physical_interface_mappings = provider:ens34
[vxlan] //禁止VXLAN覆盖网络
enable_vxlan = False
[securitygroup] //启用安全组并配置Linuxbridge iptables firewalld driver
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
(2)为计算节点配置网络服务:
cd /etc/nova/
cp nova.conf nova.conf.nova
vi nova.conf
[neutron] //配置访问参数
auth_url = http://controller:9696 auth_url = http://controller:35357 auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = abc123
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl restart neutron-linuxbridge-agent.service
neutron agent-list