openstack部署(三)
控制节点(controller)-增加networking[*] Networking又叫做Neutron,是Openstack必不可少的组件,它其实是网络虚拟化的实现工具,可以让我们模拟出路由器、交换机、网卡等网络设备。
[*] 关于Neutron的电子书https://yeasy.gitbooks.io/openstack_understand_neutron/content/
[*] Neutron支持两种网络模式,第一种是非常简单的网络架构,它仅支持是让实例连接外网,不支持自定义网络、路由器以及浮动ip。只有管理员或者授权的用户有权限去管理网络。第二种网络功能比较强大,支持自定义网络管理,支持自建路由器并且也支持浮动ip。即使没有授权的用户也可以管理网络,支持用户自己配置和管理。
创建库、授权账号
# mysql -uroot -proot
MariaDB [(none)]> create database neutron;
MariaDB [(none)]>GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
MariaDB [(none)]>GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
MariaDB [(none)]> create database neutron;
Query OK, 1 row affected (0.02 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
Query OK, 0 rows affected (0.10 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.04 sec)
MariaDB [(none)]> 执行脚本 source admin-openrc.sh
创建neutron用户(密码为neutronpasswd)
openstack user create --domain default --password-prompt neutron
# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 84888f7a68e74de7aa64b5f00b2c319b |
| name | neutron |
+-----------+----------------------------------+
#
把admin角色添加到neutron用户里
openstack role add --project service --user neutron admin
# openstack role add --project service --user neutron admin
创建neutron实例
openstack service create --name neutron --description "OpenStack Networking" network
# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | adef74a465484941a373599f2f3ca3dc |
| name | neutron |
| type | network |
+-------------+----------------------------------+
#
创建networking服务api终端
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
# openstack endpoint create --region RegionOne network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 21f6dc6d05c4433d8f56a84119c6e857 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | adef74a465484941a373599f2f3ca3dc |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
#
# openstack endpoint create --region RegionOne network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 97d78cd451d94525a7fc5b456f5dd8d1 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | adef74a465484941a373599f2f3ca3dc |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
#
# openstack endpoint create --region RegionOne network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 5edccd10210a4fc187091f427b447310 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | adef74a465484941a373599f2f3ca3dc |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
#
安装组件
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge python-neutronclient ebtables ipset
配置服务端组件
vi /etc/neutron/neutron.conf//更改或增加
core_plugin = ml2
service_plugins =
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
verbose = True
connection = mysql://neutron:neutron@controller/neutron
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = xl5780474585
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutronpasswd
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = novapasswd
lock_path = /var/lib/neutron/tmp 配置ml2 插件
vim /etc/neutron/plugins/ml2/ml2_conf.ini//更改或增加
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
flat_networks = public
enable_ipset = True 编辑linux桥接agent
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini//增加或更改
physical_interface_mappings = public:eno16777736
enable_vxlan = False
prevent_arp_spoofing = True
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置dhcp agent
vi /etc/neutron/dhcp_agent.ini//增加或更改
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
verbose = True 编辑配置文件
vi /etc/neutron/metadata_agent.ini//更改或增加
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutronpasswd
nova_metadata_ip = controller
metadata_proxy_shared_secret = 12345678
verbose = True 说明:需要删除掉配置文件里原有的 auth_url auth_region admin_tenant_nameadmin_useradmin_password
vi /etc/nova/nova.conf//更改或添加
url = http://controller:9696
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutronpasswd
service_metadata_proxy = True
metadata_proxy_shared_secret = 12345678 创建ml2插件配置文件创建软连接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
生成数据
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
>--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
INFO Context impl MySQLImpl.
INFO Will assume non-transactional DDL.
Running upgrade for neutron ...
INFO Context impl MySQLImpl.
INFO Will assume non-transactional DDL.
INFO Running upgrade-> juno, juno_initial
INFO Running upgrade juno -> 44621190bc02, add_uniqueconstraint_ipavailability_ranges
INFO Running upgrade 44621190bc02 -> 1f71e54a85e7, ml2_network_segments models change for multi-segment network.
INFO Running upgrade 1f71e54a85e7 -> 408cfbf6923c, remove ryu plugin
INFO Running upgrade 408cfbf6923c -> 28c0ffb8ebbd, remove mlnx plugin
INFO Running upgrade 28c0ffb8ebbd -> 57086602ca0a, scrap_nsx_adv_svcs_models
INFO Running upgrade 57086602ca0a -> 38495dc99731, ml2_tunnel_endpoints_table
INFO Running upgrade 38495dc99731 -> 4dbe243cd84d, nsxv
INFO Running upgrade 4dbe243cd84d -> 41662e32bce2, L3 DVR SNAT mapping
INFO Running upgrade 41662e32bce2 -> 2a1ee2fb59e0, Add mac_address unique constraint
INFO Running upgrade 2a1ee2fb59e0 -> 26b54cf9024d, Add index on allocated
INFO Running upgrade 26b54cf9024d -> 14be42f3d0a5, Add default security group table
INFO Running upgrade 14be42f3d0a5 -> 16cdf118d31d, extra_dhcp_options IPv6 support
INFO Running upgrade 16cdf118d31d -> 43763a9618fd, add mtu attributes to network
INFO Running upgrade 43763a9618fd -> bebba223288, Add vlan transparent property to network
INFO Running upgrade bebba223288 -> 4119216b7365, Add index on tenant_id column
INFO Running upgrade 4119216b7365 -> 2d2a8a565438, ML2 hierarchical binding
INFO Running upgrade 2d2a8a565438 -> 2b801560a332, Remove Hyper-V Neutron Plugin
INFO Running upgrade 2b801560a332 -> 57dd745253a6, nuage_kilo_migrate
INFO Running upgrade 57dd745253a6 -> f15b1fb526dd, Cascade Floating IP Floating Port deletion
INFO Running upgrade f15b1fb526dd -> 341ee8a4ccb5, sync with cisco repo
INFO Running upgrade 341ee8a4ccb5 -> 35a0f3365720, add port-security in ml2
INFO Running upgrade 35a0f3365720 -> 1955efc66455, weight_scheduler
INFO Running upgrade 1955efc66455 -> 51c54792158e, Initial operations for subnetpools
INFO Running upgrade 51c54792158e -> 589f9237ca0e, Cisco N1kv ML2 driver tables
INFO Running upgrade 589f9237ca0e -> 20b99fd19d4f, Cisco UCS Manager Mechanism Driver
INFO Running upgrade 20b99fd19d4f -> 034883111f, Remove allow_overlap from subnetpools
INFO Running upgrade 034883111f -> 268fb5e99aa2, Initial operations in support of subnet allocation from a pool
INFO Running upgrade 268fb5e99aa2 -> 28a09af858a8, Initial operations to support basic quotas on prefix space in a subnet pool
INFO Running upgrade 28a09af858a8 -> 20c469a5f920, add index for port
INFO Running upgrade 20c469a5f920 -> kilo, kilo
INFO Running upgrade kilo -> 354db87e3225, nsxv_vdr_metadata.py
INFO Running upgrade 354db87e3225 -> 599c6a226151, neutrodb_ipam
INFO Running upgrade 599c6a226151 -> 52c5312f6baf, Initial operations in support of address scopes
INFO Running upgrade 52c5312f6baf -> 313373c0ffee, Flavor framework
INFO Running upgrade 313373c0ffee -> 8675309a5c4f, network_rbac
INFO Running upgrade kilo -> 30018084ec99, Initial no-op Liberty contract rule.
INFO Running upgrade 30018084ec99, 8675309a5c4f -> 4ffceebfada, network_rbac
INFO Running upgrade 4ffceebfada -> 5498d17be016, Drop legacy OVS and LB plugin tables
INFO Running upgrade 5498d17be016 -> 2a16083502f3, Metaplugin removal
INFO Running upgrade 2a16083502f3 -> 2e5352a0ad4d, Add missing foreign keys
INFO Running upgrade 2e5352a0ad4d -> 11926bcfe72d, add geneve ml2 type driver
INFO Running upgrade 11926bcfe72d -> 4af11ca47297, Drop cisco monolithic tables
INFO Running upgrade 8675309a5c4f -> 45f955889773, quota_usage
INFO Running upgrade 45f955889773 -> 26c371498592, subnetpool hash
INFO Running upgrade 26c371498592 -> 1c844d1677f7, add order to dnsnameservers
INFO Running upgrade 1c844d1677f7 -> 1b4c6e320f79, address scope support in subnetpool
INFO Running upgrade 1b4c6e320f79 -> 48153cb5f051, qos db changes
INFO Running upgrade 48153cb5f051 -> 9859ac9c136, quota_reservations
INFO Running upgrade 9859ac9c136 -> 34af2b5c5a59, Add dns_name to Port
OK
#
# systemctl restart openstack-nova-api.service
重启compute api服务 启动服务
# systemctl enable neutron-server.service \
>neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
>neutron-metadata-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
#
# systemctl enable neutron-l3-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service to /usr/lib/systemd/system/neutron-l3-agent.service.
# systemctl start neutron-l3-agent.service
#
页:
[1]