openstack安装(liberty)--安装neutron服务
五、安装neutron服务1.1建立数据库并授权访问
1
2
3
4
# mysql -uroot -p
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
1.2创建用户并添加角色和项目
1
2
3
4
5
6
7
8
9
10
11
12
13
# source admin-openrc.sh
# openstack user create --domain default --password-prompt neutron
User Password:neutron
Repeat User Password:neutron
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | baea5f616768439f99d3bb03398b3ed2 |
| name | neutron |
+-----------+----------------------------------+
# openstack role add --project service --user neutron admin
1.3创建服务实体
1
2
3
4
5
6
7
8
9
10
# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | e8125d7bc3254f74832c1d38721e6598 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
1.4创建API访问端点
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# openstack endpoint create --region RegionOne network public http://controller1:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ba9288d76fa84d23be43454fafb5f118 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e8125d7bc3254f74832c1d38721e6598 |
| service_name | neutron |
| service_type | network |
| url | http://controller1:9696 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne network internal http://controller1:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 7d8129db452746e9be4b8d88bdf62828 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e8125d7bc3254f74832c1d38721e6598 |
| service_name | neutron |
| service_type | network |
| url | http://controller1:9696 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne network admin http://controller1:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 717a4c91d8f047d79b7e70f52d2d620c |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e8125d7bc3254f74832c1d38721e6598 |
| service_name | neutron |
| service_type | network |
| url | http://controller1:9696 |
+--------------+----------------------------------+
2.0两种网络架构选择Provider networks和Self-service networks
###2.1.1选择Provider networks,安装组件
1
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
2.1.2配置服务组件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# vi /etc/neutron/neutron.conf
connection = mysql://neutron:neutron@controller1/neutron
core_plugin = ml2
service_plugins =
rpc_backend = rabbit
rabbit_host = controller1
rabbit_userid = openstack
rabbit_password = openstack
auth_strategy = keystone
#注释此模块下其他配置项
auth_uri = http://controller1:5000
auth_url = http://controller1:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller1:8774/v2
auth_url = http://controller1:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = nova
lock_path = /var/lib/neutron/tmp
verbose = True #可选,用于排错
2.1.3配置ML2插件
1
2
3
4
5
6
7
8
9
10
11
12
13
# vi /etc/neutron/plugins/ml2/ml2_conf.ini
type_drivers = flat,vlan #配置ML2后如果移除此项目会引起数据库不一致
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
flat_networks = public
enable_ipset = True
2.1.4配置LINUX桥接代理
1
2
3
4
5
6
7
8
9
10
# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini #注意桥接的网卡名称
physical_interface_mappings = public:enp0s8
enable_vxlan = False
prevent_arp_spoofing = True
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
2.1.5配置DHCP代理
1
2
3
4
5
6
7
# vi /etc/neutron/dhcp_agent.ini
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
verbose = True #可选,用于排错
###2.2.0选择Self-service networks,
2.2.1安装组件(controller1)
1
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
2.2.2编辑配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# vi /etc/neutron/neutron.conf
connection = mysql://neutron:neutron@controller1/neutron
##相对1不同
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
rabbit_host = controller1
rabbit_userid = openstack
rabbit_password = openstack
auth_strategy = keystone
#注释此模块下其他配置项
auth_uri = http://controller1:5000
auth_url = http://controller1:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller1:8774/v2
auth_url = http://controller1:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = nova
lock_path = /var/lib/neutron/tmp
verbose = True #可选,用于排错
2.2.3配置ML2插件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# vi /etc/neutron/plugins/ml2/ml2_conf.ini
type_drivers = flat,vlan,vxlan #配置ML2后如果移除此项目会引起数据库不一致
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
flat_networks = public
vni_ranges = 1:1000
enable_ipset = True
2.2.4配置LINUX桥接代理
1
2
3
4
5
6
7
8
9
10
11
12
# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini #注意桥接的网卡名称
physical_interface_mappings = public:enp0s8
enable_vxlan = True
local_ip = 192.168.1.235#物理公共网络接口地址(controller)
l2_population = True
prevent_arp_spoofing = True
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
2.2.5配置L3代理
1
2
3
4
5
6
# vi /etc/neutron/l3_agent.ini
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
verbose = True
2.2.6配置DHCP代理
1
2
3
4
5
6
7
8
9
10
11
# vi /etc/neutron/dhcp_agent.ini
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
verbose = True #可选,用于排错
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
# vi /etc/neutron/dnsmasq-neutron.conf
dhcp-option-force=26,1450
3.1配置元数据代理
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# vi /etc/neutron/metadata_agent.ini #注释此模块下其他配置项
auth_uri = http://controller1:5000
auth_url = http://controller1:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
nova_metadata_ip = 10.0.0.11
metadata_proxy_shared_secret = MYPASSWORD
verbose = True
3.2配置计算节点使用网络
1
2
3
4
5
6
7
8
9
10
11
12
13
# vi /etc/nova/nova.conf
url = http://controller1:9696
auth_url = http://controller1:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = MYPASSWORD
3.3创建文件连接
1
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
3.4初始化数据库
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
INFO Context impl MySQLImpl.
INFO Will assume non-transactional DDL.
Running upgrade for neutron ...
INFO Context impl MySQLImpl.
INFO Will assume non-transactional DDL.
INFO Running upgrade-> juno, juno_initial
INFO Running upgrade juno -> 44621190bc02, add_uniqueconstraint_ipavailability_ranges
INFO Running upgrade 44621190bc02 -> 1f71e54a85e7, ml2_network_segments models change for multi-segment network.
INFO Running upgrade 1f71e54a85e7 -> 408cfbf6923c, remove ryu plugin
INFO Running upgrade 408cfbf6923c -> 28c0ffb8ebbd, remove mlnx plugin
INFO Running upgrade 28c0ffb8ebbd -> 57086602ca0a, scrap_nsx_adv_svcs_models
INFO Running upgrade 57086602ca0a -> 38495dc99731, ml2_tunnel_endpoints_table
INFO Running upgrade 38495dc99731 -> 4dbe243cd84d, nsxv
INFO Running upgrade 4dbe243cd84d -> 41662e32bce2, L3 DVR SNAT mapping
INFO Running upgrade 41662e32bce2 -> 2a1ee2fb59e0, Add mac_address unique constraint
INFO Running upgrade 2a1ee2fb59e0 -> 26b54cf9024d, Add index on allocated
INFO Running upgrade 26b54cf9024d -> 14be42f3d0a5, Add default security group table
INFO Running upgrade 14be42f3d0a5 -> 16cdf118d31d, extra_dhcp_options IPv6 support
INFO Running upgrade 16cdf118d31d -> 43763a9618fd, add mtu attributes to network
INFO Running upgrade 43763a9618fd -> bebba223288, Add vlan transparent property to network
INFO Running upgrade bebba223288 -> 4119216b7365, Add index on tenant_id column
INFO Running upgrade 4119216b7365 -> 2d2a8a565438, ML2 hierarchical binding
INFO Running upgrade 2d2a8a565438 -> 2b801560a332, Remove Hyper-V Neutron Plugin
INFO Running upgrade 2b801560a332 -> 57dd745253a6, nuage_kilo_migrate
INFO Running upgrade 57dd745253a6 -> f15b1fb526dd, Cascade Floating IP Floating Port deletion
INFO Running upgrade f15b1fb526dd -> 341ee8a4ccb5, sync with cisco repo
INFO Running upgrade 341ee8a4ccb5 -> 35a0f3365720, add port-security in ml2
INFO Running upgrade 35a0f3365720 -> 1955efc66455, weight_scheduler
INFO Running upgrade 1955efc66455 -> 51c54792158e, Initial operations for subnetpools
INFO Running upgrade 51c54792158e -> 589f9237ca0e, Cisco N1kv ML2 driver tables
INFO Running upgrade 589f9237ca0e -> 20b99fd19d4f, Cisco UCS Manager Mechanism Driver
INFO Running upgrade 20b99fd19d4f -> 034883111f, Remove allow_overlap from subnetpools
INFO Running upgrade 034883111f -> 268fb5e99aa2, Initial operations in support of subnet allocation from a pool
INFO Running upgrade 268fb5e99aa2 -> 28a09af858a8, Initial operations to support basic quotas on prefix space in a subnet pool
INFO Running upgrade 28a09af858a8 -> 20c469a5f920, add index for port
INFO Running upgrade 20c469a5f920 -> kilo, kilo
INFO Running upgrade kilo -> 354db87e3225, nsxv_vdr_metadata.py
INFO Running upgrade 354db87e3225 -> 599c6a226151, neutrodb_ipam
INFO Running upgrade 599c6a226151 -> 52c5312f6baf, Initial operations in support of address scopes
INFO Running upgrade 52c5312f6baf -> 313373c0ffee, Flavor framework
INFO Running upgrade 313373c0ffee -> 8675309a5c4f, network_rbac
INFO Running upgrade kilo -> 30018084ec99, Initial no-op Liberty contract rule.
INFO Running upgrade 30018084ec99, 8675309a5c4f -> 4ffceebfada, network_rbac
INFO Running upgrade 4ffceebfada -> 5498d17be016, Drop legacy OVS and LB plugin tables
INFO Running upgrade 5498d17be016 -> 2a16083502f3, Metaplugin removal
INFO Running upgrade 2a16083502f3 -> 2e5352a0ad4d, Add missing foreign keys
INFO Running upgrade 2e5352a0ad4d -> 11926bcfe72d, add geneve ml2 type driver
INFO Running upgrade 11926bcfe72d -> 4af11ca47297, Drop cisco monolithic tables
INFO Running upgrade 8675309a5c4f -> 45f955889773, quota_usage
INFO Running upgrade 45f955889773 -> 26c371498592, subnetpool hash
INFO Running upgrade 26c371498592 -> 1c844d1677f7, add order to dnsnameservers
INFO Running upgrade 1c844d1677f7 -> 1b4c6e320f79, address scope support in subnetpool
INFO Running upgrade 1b4c6e320f79 -> 48153cb5f051, qos db changes
INFO Running upgrade 48153cb5f051 -> 9859ac9c136, quota_reservations
INFO Running upgrade 9859ac9c136 -> 34af2b5c5a59, Add dns_name to Port
OK
3.5重启服务
1
# systemctl restart openstack-nova-api.service
3.6启动服务并设置自启动
3.6.1针对两种网络架构
1
2
3
4
5
6
# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
3.6.1网络选项2针对L3服务
1
2
# systemctl enable neutron-l3-agent.service
# systemctl start neutron-l3-agent.service
3.7计算节点安装组件
1
# yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset
3.8配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# vi /etc/neutron/neutron.conf #注释掉区域任何连接信息,因为不直接访问DB
rpc_backend = rabbit
##注意有相似项目,配错则将检测不到计算节点桥接信息
rabbit_host = controller1
rabbit_userid = openstack
rabbit_password = openstack
auth_strategy = keystone
#注释其他选项
auth_uri = http://controller1:5000
auth_url = http://controller1:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
lock_path = /var/lib/neutron/tmp
verbose = True#可选,用于排错
3.9网络选择
3.9.1当选用网络配置Provider networks时配置linux桥接代理
1
2
3
4
5
6
7
8
9
10
# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini#注意桥接的网卡名称
physical_interface_mappings = public:enp0s8
enable_vxlan = False
prevent_arp_spoofing = True
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
3.9.2当选用网络配置Self-service networks时
1
2
3
4
5
6
7
8
9
10
11
12
# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini#注意桥接的网卡名称
physical_interface_mappings = public:enp0s8
enable_vxlan = True
local_ip = 10.0.0.31
l2_population = True
prevent_arp_spoofing = True
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
3.10配置NOVA使用网络
1
2
3
4
5
6
7
8
9
10
11
# vi /etc/nova/nova.conf
url = http://controller1:9696
auth_url = http://controller1:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
3.11启动服务并设置自启动
1
2
3
4
# systemctl restart openstack-nova-compute.service
# systemctl enable neutron-linuxbridge-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
# systemctl start neutron-linuxbridge-agent.service
3.12验证
3.12.1针对网络架构一:Provider networks
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# . admin-openrc.sh
# neutron ext-list
+-----------------------+--------------------------+
| alias | name |
+-----------------------+--------------------------+
| flavors | Neutron Service Flavors|
| security-group | security-group |
| dns-integration | DNS Integration |
| net-mtu | Network MTU |
| port-security | Port Security |
| binding | Port Binding |
| provider | Provider Network |
| agent | agent |
| quotas | Quota management support |
| subnet_allocation | Subnet Allocation |
| dhcp_agent_scheduler| DHCP Agent Scheduler |
| rbac-policies | RBAC Policies |
| external-net | Neutron external network |
| multi-provider | Multi Provider Network |
| allowed-address-pairs | Allowed Address Pairs |
| extra_dhcp_opt | Neutron Extra DHCP opts|
+-----------------------+--------------------------+
通常将有3个控制节点Agent和每个计算节点1个Agent,排错日志/var/log/neutron/linuxbridge-agent.log
1
2
3
4
5
6
7
8
9
# neutron agent-list
+--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+
| 0f2ffa5f-2789-45a5-b5aa-a2147a589344 | Linux bridge agent | comtroller1 | :-) | True | neutron-linuxbridge-agent |
| 3c24d005-fe60-4d79-bae3-063741786a18 | DHCP agent | comtroller1 | :-) | True | neutron-dhcp-agent |
| b1d510a0-3dfe-4d3e-abed-ff16fd9c0c36 | Linux bridge agent | compute1 | :-) | True | neutron-linuxbridge-agent |
| c1b19a6e-5cf9-4099-a31a-96f7df29b8c3 | Metadata agent | comtroller1 | :-) | True | neutron-metadata-agent |
+--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+
3.12.2针对网络架构二:Self-service networks
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# . admin-openrc.sh
# neutron ext-list
+-----------------------+-----------------------------------------------+
| alias | name |
+-----------------------+-----------------------------------------------+
| dns-integration | DNS Integration |
| ext-gw-mode | Neutron L3 Configurable external gateway mode |
| binding | Port Binding |
| agent | agent |
| subnet_allocation | Subnet Allocation |
| l3_agent_scheduler | L3 Agent Scheduler |
| external-net | Neutron external network |
| flavors | Neutron Service Flavors |
| net-mtu | Network MTU |
| quotas | Quota management support |
| l3-ha | HA Router extension |
| provider | Provider Network |
| multi-provider | Multi Provider Network |
| extraroute | Neutron Extra Route |
| router | Neutron L3 Router |
| extra_dhcp_opt | Neutron Extra DHCP opts |
| security-group | security-group |
| dhcp_agent_scheduler| DHCP Agent Scheduler |
| rbac-policies | RBAC Policies |
| port-security | Port Security |
| allowed-address-pairs | Allowed Address Pairs |
| dvr | Distributed Virtual Router |
+-----------------------+-----------------------------------------------+
# neutron agent-list
+--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+
| 643e1106-ac60-4027-856b-6c9304148390 | DHCP agent | comtroller1 | :-) | True | neutron-dhcp-agent |
| add77fd9-d837-4023-8311-262b107c2b51 | L3 agent | comtroller1 | :-) | True | neutron-l3-agent |
| d61df3d1-a35f-4e3e-82e9-05eb9b99db3d | Linux bridge agent | comtroller1 | :-) | True | neutron-linuxbridge-agent |
| dc8f184a-38f9-4c86-bcb3-6402f9db410a | Metadata agent | comtroller1 | :-) | True | neutron-metadata-agent |
| efc067fe-d0e4-479d-b1f6-b664975fc938 | Linux bridge agent | compute1 | :-) | True | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+
页:
[1]