Neutron服务介绍和Neutron控制节点部署
Openstack Neutron
网络服务概览
Openstack 网络(Neutron)允许创建、插入接口设备,这些设备由其他的Openstack服务管理。插件式的实现可以容纳不同的网络设备和软件,为Openstack架构与部署提供了灵活性。
它包含下列组件:
neutron-server
接收和路由API请求到合适的Openstack网络插件,以达到预想的目的。
Openstack网络插件和代理
插拔端口,创建网络和子网,以及提供IP地址,这些插件和代理依赖于供应商和技术而不同,Openstack网络基于插件和代理为Cisco虚拟和物理交换机、NEC Openflow产品,OpenVSwitch,Linux bridging以及Vmware NSX产品穿线搭桥。
常见的代理L3(3层),DHCP(动态主机IP地址),以及插件代理。
消息队列
大多数的Openstack 网络安装都会用到,用于在neutron-server和各种各样的代理进程间路由信息。也为某些特定的插件扮演数据库的角色,以存储网络状态。
Openstack网络主要和Openstack计算交互,以提供网络连接到它的实例。
网络选项1:公共网络
在Controller节点上安装并配置网络组件
安装组件
[root@linux-node1 ~]# yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
配置服务组件
网络服务器组件的配置包括数据库、认证机制、消息队列、拓扑变化通知和插件。
- 编辑/etc/neutron/neutron.conf文件并完成如下操作:
在[database]部分,配置数据库访问:
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
- 在[DEFAULT]部分,启用ML2插件并禁用其他插件:
[DEFAULT]
core_plugin = ml2
service_plugins =
在[DEFAULT]和[oslo_messaging_rabbit]部分,配置RabbitMQ消息队列的连接:
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = 192.168.1.11
rabbit_userid = openstack
rabbit_password = openstack- 在[DEFAULT]和[keystone_authtoken]部分,配置认证服务访问:
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://192.168.1.11:5000
auth_url = http://192.168.1.11:35357
memcached_servers = 192.168.1.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron- 在[DEFAULT]和[nova]部分,配置网络服务来通知计算节点的网络拓扑变化:
[DEFAULT]
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[nova]
auth_url = http://192.168.1.11:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
检查配置了哪些:
[root@linux-node1 ~]# grep '^[a-z]' /etc/neutron/neutron.conf
auth_strategy = keystone
core_plugin = ml2
service_plugins =
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
rpc_backend = rabbit
connection = mysql+pymysql://neutron:neutron@192.168.1.11/neutron
auth_uri = http://192.168.1.11:5000
auth_url = http://192.168.1.11:35357
memcached_servers = 192.168.1.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
auth_url = http://192.168.1.11:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
lock_path = /var/lib/neutron/tmp
rabbit_host = 192.168.1.11
rabbit_userid = openstack
rabbit_password = openstackNeutron控制节点ML2、LinuxBridge配置
配置Modular Layer 2(ML2)插件
ML2插件使用Linuxbridge机制来为实例创建layer 2虚拟网络基础设施
编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件并完成以下操作:
- 在[ml2]部分,启用flat和VLAN网络:
[ml2]
type_drivers = flat,vlan,gre,vxlan,geneve- 在[ml2]部分,禁用私有网络:
[ml2]
tenant_network_types = flat- 在[ml2]部分,启用Linuxbridge机制:
[ml2]
mechanism_drivers = linuxbridge,openvswitch- 在[ml2]部分,启用端口安全扩展驱动:
[ml2]
extension_drivers = port_security- 在 [securitygroup]部分,启用ipset增加安全组规则的高效性:
[securitygroup]
enable_ipset = True
配置Linuxbridge代理
Linuxbridge代理为实例建立layer 2 虚拟网络并且处理安全组规则。
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件并且完成以下操作:
- 在[linux_bridge]部分,将公共虚拟网络和公共物理网络接口对应起来:
[linux_bridge]
physical_interface_mappings = public:eth0- 在[vxlan]部分,禁止VXLAN覆盖网络:
[vxlan]
enable_vxlan = False- 在[securitygroup]部分,启用安全组并配置 Linuxbridge iptables firewall driver:
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置DHCP代理
编辑/etc/neutron/dhcp_agent.ini文件并完成下面的操作:
- 在[DEFAULT]部分,配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据,这样在公共网络上的实例就可以通过网络来访问元数据
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True配置元数据代理
编辑/etc/neutron/metadata_agent.ini文件并完成以下操作:
在[DEFAULT]部分,配置元数据主机以及共享密码:
[DEFAULT]
nova_metadata_ip = 192.168.1.11
metadata_proxy_shared_secret = unixhot.com为计算节点配置网络服务
编辑/etc/nova/nova.conf文件并完成以下操作:
- 在[neutron]部分,配置访问参数,启用元数据代理并设置密码:
[neutron]
url = http://192.168.1.11:9696
auth_url = http://192.168.1.11:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = dick.com
完成安装
1.网络服务初始化脚本需要一个超链接 /etc/neutron/plugin.ini指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini。如果超链接不存在,使用下面的命令创建它:
[root@linux-node1 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
2.同步数据库:
[root@linux-node1 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
> --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
3.重启计算API服务:
[root@linux-node1 ~]# systemctl restart openstack-nova-api.service
4.当系统启动时,启动网络服务并配置它启动。
[root@linux-node1 ~]# systemctl enable neutron-server.service \
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
> neutron-metadata-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
[root@linux-node1 ~]# systemctl start neutron-server.service \
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
> neutron-metadata-agent.service
最后,
在Keystone上做注册
- 创建"neutron"服务实体:
[root@linux-node1 ~]# source admin-openstack.sh
[root@linux-node1 ~]# openstack service create --name neutron \
> --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 69699f6f973949669f51d42b58a754cc |
| name | neutron |
| type | network |
+-------------+----------------------------------+- 创建网络服务API端点:
[root@linux-node1 ~]# openstack endpoint create --region RegionOne \
> network public http://192.168.1.11:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b2a24c0e2d7f45fdacfb422032416b84 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 69699f6f973949669f51d42b58a754cc |
| service_name | neutron |
| service_type | network |
| url | http://192.168.1.11:9696 |
+--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne \
> network internal http://192.168.1.11:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 801239f0722f4be8a7cf58b268e9519d |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 69699f6f973949669f51d42b58a754cc |
| service_name | neutron |
| service_type | network |
| url | http://192.168.1.11:9696 |
+--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne \
> network admin http://192.168.1.11:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 88be851c11904faebc24c57ddf5acf6f |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 69699f6f973949669f51d42b58a754cc |
| service_name | neutron |
| service_type | network |
| url | http://192.168.1.11:9696 |
+--------------+----------------------------------+查看openstack服务列表:
[root@linux-node1 ~]# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 69699f6f973949669f51d42b58a754cc | neutron | network |
| 78e6f8140aa344e0abbc41ca7d21d9ed | keystone | identity |
| 976981ab6bef4582b49ac0b406fb1a25 | nova | compute |
| c29f2863d89047b997c721cdb51e77cb | glance | image |
+----------------------------------+----------+----------+
查看openstack端点列表:
[root@linux-node1 ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+
| 0306699fe1d240848babc3b41d0be4e3 | RegionOne | nova | compute | True | internal | http://192.168.1.11:8774/v2.1/%(tenant_id)s |
| 1d87e06bff044ae88c50e5487485c3f9 | RegionOne | nova | compute | True | admin | http://192.168.1.11:8774/v2.1/%(tenant_id)s |
| 353d9c2b13ec4f5d8e3d51abe7ca6ee2 | RegionOne | keystone | identity | True | internal | http://192.168.1.11:5000/v3 |
| 801239f0722f4be8a7cf58b268e9519d | RegionOne | neutron | network | True | internal | http://192.168.1.11:9696 |
| 84952464ca3644da82907fae74453c99 | RegionOne | keystone | identity | True | public | http://192.168.1.11:5000/v3 |
| 88be851c11904faebc24c57ddf5acf6f | RegionOne | neutron | network | True | admin | http://192.168.1.11:9696 |
| 9529f8eba1ce4b27bff51a13b7371d51 | RegionOne | glance | image | True | public | http://192.168.1.11:9292 |
| b1c181db93dd461bb11f39888b3c653b | RegionOne | nova | compute | True | public | http://192.168.1.11:8774/v2.1/%(tenant_id)s |
| b2a24c0e2d7f45fdacfb422032416b84 | RegionOne | neutron | network | True | public | http://192.168.1.11:9696 |
| bcafb0d3927f4307bfcc96f9f8882211 | RegionOne | glance | image | True | admin | http://192.168.1.11:9292 |
| f3b9aae336cb4f478b95ad7c77431580 | RegionOne | glance | image | True | internal | http://192.168.1.11:9292 |
| f56fc2678a13414cbe94b6fea506d13c | RegionOne | keystone | identity | True | admin | http://192.168.1.11:35357/v3 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+
测试neutron安装情况:
[root@linux-node1 ~]# neutron agent-list
+--------------------------------------+--------------------+-------------------------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+-------------------------+-------------------+-------+----------------+---------------------------+
| 3f1875f2-17d9-4fd0-a48d-42bd78185fcf | Linux bridge agent | linux-node1.example.com | | :-) | True | neutron-linuxbridge-agent |
| 52e2e5c7-3dce-4412-baa2-565b5d73f437 | Metadata agent | linux-node1.example.com | | :-) | True | neutron-metadata-agent |
| cf45beb1-e731-45fc-95ec-ca8842631a08 | DHCP agent | linux-node1.example.com | nova | :-) | True | neutron-dhcp-agent |
+--------------------------------------+--------------------+-------------------------+-------------------+-------+----------------+---------------------------+Neutron计算节点部署
安装组件
[root@linux-node2 ~]# yum install openstack-neutron-linuxbridge ebtables ipset
1.在node1上将/etc/neutron/neutron.conf和/etc/neutron/plugin/ml2/linuxbridge_agent.ini 复制到node2下的/opt/文件下:
[root@linux-node1 ~]# scp /etc/neutron/neutron.conf 192.168.1.12:/opt/
root@192.168.1.12's password:
neutron.conf 100% 52KB 51.9KB/s 00:00
[root@linux-node1 ~]# scp /etc/neutron/plugins/ml2/linuxbridge_agent.ini 192.168.1.12:/opt/
root@192.168.1.12's password:
linuxbridge_agent.ini2.备份/etc/neutron/neutron.conf文件:
[root@linux-node2 ~]# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
- 将/opt/文件夹下的neutron.conf移动到/etc/neutron/下并修改文件权限:
[root@linux-node2 ~]# mv /opt/neutron.conf /etc/neutron/
[root@linux-node2 ~]# cd /etc/neutron/
[root@linux-node2 neutron]# ll
总用量 108
drwxr-xr-x 4 root root 67 6月 23 11:09 conf.d
-rw-r----- 1 root root 53138 6月 23 11:11 neutron.conf
-rw-r----- 1 root neutron 52645 5月 23 17:08 neutron.conf.bak
drwxr-xr-x 3 root root 17 6月 23 11:09 plugins
-rw-r--r-- 1 root root 1195 2月 1 09:51 rootwrap.conf
[root@linux-node2 neutron]# chown root:neutron neutron.conf
- 将/opt/文件夹下的linuxbridge_agent.ini 移动到/etc/neutron/plugins/ml2/下并修改文件权限:
[root@linux-node2 ml2]# mv /opt/linuxbridge_agent.ini .
[root@linux-node2 ml2]# ls
linuxbridge_agent.ini linuxbridge_agent.ini.bak
[root@linux-node2 ml2]# chown root:neutron linuxbridge_agent.ini
3.在/etc/nova/nova.conf下修改如下:
a.去掉connection数据库代码
解析:计算节点不需要直接连接数据库
查看和原文件相比都改了哪些:
- neutron.conf文件:
[root@linux-node2 neutron]# diff neutron.conf neutron.conf.bak
27c27
< auth_strategy = keystone
---
> #auth_strategy = keystone
30c30
< core_plugin = ml2
---
> #core_plugin = <None>
33c33
< service_plugins =
---
> #service_plugins =
137c137
< notify_nova_on_port_status_changes = true
---
> #notify_nova_on_port_status_changes = true
141c141
< notify_nova_on_port_data_changes = true
---
> #notify_nova_on_port_data_changes = true
511c511
< rpc_backend = rabbit
---
> #rpc_backend = rabbit
683a684
> #connection = <None>
762,770d762
< auth_uri = http://192.168.1.11:5000
< auth_url = http://192.168.1.11:35357
< memcached_servers = 192.168.1.11:11211
< auth_type = password
< project_domain_name = default
< user_domain_name = default
< project_name = service
< username = neutron
< password = neutron
939,948d930
< auth_url = http://192.168.1.11:35357
< auth_type = password
< project_domain_name = default
< user_domain_name = default
< region_name = RegionOne
< project_name = service
< username = nova
< password = nova
<
<
1061c1043
< lock_path = /var/lib/neutron/tmp
---
> # lock_path = $state_path/lock
1212c1194
< rabbit_host = 192.168.1.11
---
> #rabbit_host = localhost
1230c1212
< rabbit_userid = openstack
---
> #rabbit_userid = guest
1234c1216
< rabbit_password = openstack
---
> #rabbit_password = guest
- linuxbridge_agent.ini 文件:
[root@linux-node2 ml2]# diff linuxbridge_agent.ini linuxbridge_agent.ini.bak
141c141
< physical_interface_mappings = public:eth0
---
> #physical_interface_mappings =
151c151
< firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
---
> #firewall_driver = <None>
156c156
< enable_security_group = true
---
> #enable_security_group = true
171c171
< enable_vxlan = false
---
> #enable_vxlan = true
为计算节点配置网络服务
编辑/etc/nova/nova.conf文件并完成下面的操作:
- 在[neutron]部分,配置访问参数:
url = http://192.168.1.11:9696
auth_url = http://192.168.1.11:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron完成安装
1.重启计算服务:
[root@linux-node2 ml2]# systemctl restart openstack-nova-compute.service
2.启动Linuxbridge代理并配置它开机自动启动:
[root@linux-node2 ml2]# systemctl enable neutron-linuxbridge-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
[root@linux-node2 ml2]# systemctl start neutron-linuxbridge-agent.service
[root@linux-node2 ml2]# systemctl status neutron-linuxbridge-agent.service -l
● neutron-linuxbridge-agent.service - OpenStack Neutron Linux Bridge Agent
Loaded: loaded (/usr/lib/systemd/system/neutron-linuxbridge-agent.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since 五 2017-06-23 12:15:50 EDT; 6min ago
Process: 12524 ExecStart=/usr/bin/neutron-linuxbridge-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-linuxbridge-agent --log-file /var/log/neutron/linuxbridge-agent.log (code=exited, status=1/FAILURE)
Process: 12518 ExecStartPre=/usr/bin/neutron-enable-bridge-firewall.sh (code=exited, status=0/SUCCESS)
Main PID: 12524 (code=exited, status=1/FAILURE)
================>>>>修改了:
[root@linux-node2 ml2]# chown root:neutron /etc/neutron/neutron.conf
chown root:neutron linuxbridge_agent.ini
Active: active (running)
6月 23 12:15:50 linux-node2.example.com neutron-linuxbridge-agent[12524]: File "/usr/lib/python2.7/site-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 878, in main
6月 23 12:15:50 linux-node2.example.com neutron-linuxbridge-agent[12524]: common_config.init(sys.argv[1:])
6月 23 12:15:50 linux-node2.example.com neutron-linuxbridge-agent[12524]: File "/usr/lib/python2.7/site-packages/neutron/common/config.py", line 246, in init
6月 23 12:15:50 linux-node2.example.com neutron-linuxbridge-agent[12524]: **kwargs)
6月 23 12:15:50 linux-node2.example.com neutron-linuxbridge-agent[12524]: File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 2171, in __call__
6月 23 12:15:50 linux-node2.example.com neutron-linuxbridge-agent[12524]: self._namespace._files_permission_denied)
6月 23 12:15:50 linux-node2.example.com neutron-linuxbridge-agent[12524]: oslo_config.cfg.ConfigFilesPermissionDeniedError: Failed to open some config files: /etc/neutron/neutron.conf,/etc/neutron/plugins/ml2/linuxbridge_agent.ini
6月 23 12:15:50 linux-node2.example.com systemd[1]: neutron-linuxbridge-agent.service: main process exited, code=exited, status=1/FAILURE
6月 23 12:15:50 linux-node2.example.com systemd[1]: Unit neutron-linuxbridge-agent.service entered failed state.
6月 23 12:15:50 linux-node2.example.com systemd[1]: neutron-linuxbridge-agent.service failed.
检查服务是否已经启动:
[root@linux-node2 ml2]# ps aux | grep python
root 618 0.0 0.9 553152 18468 ? Ssl 05:09 0:01 /usr/bin/python -Es /usr/sbin/tuned -l -P
nova 12349 2.9 5.2 1209236 98896 ? Ssl 11:39 0:03 /usr/bin/python2 /usr/bin/nova-compute
root 12429 0.0 0.0 112664 968 pts/0 R+ 11:41 0:00 grep --color=auto python
验证:
在node1上验证是否安装成功:
[root@linux-node1 ~]# source admin-openstack.sh
[root@linux-node1 ~]# neutron agent-list
+--------------------------------------+--------------------+-------------------------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+-------------------------+-------------------+-------+----------------+---------------------------+
| 3f1875f2-17d9-4fd0-a48d-42bd78185fcf | Linux bridge agent | linux-node1.example.com | | :-) | True | neutron-linuxbridge-agent |
| 52e2e5c7-3dce-4412-baa2-565b5d73f437 | Metadata agent | linux-node1.example.com | | :-) | True | neutron-metadata-agent |
| cf45beb1-e731-45fc-95ec-ca8842631a08 | DHCP agent | linux-node1.example.com | nova | :-) | True | neutron-dhcp-agent |
+--------------------------------------+--------------------+-------------------------+-------------------+-------+----------------+---------------------------+
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
