网络组件neutron在整个openstack体系中应该是最难的一部分,需要在控制节点和计算节点上面同时安装
1、创建neutron用户及授权
[root@controller ~]# source admin-openrc.sh
[root@controller ~]# openstack user create --domain default --password=neutron neutron
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | d458b30e034a42a3858fa10aff62f19a |
| name | neutron |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user neutron admin 2、注册neutron服务
[root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 624ad1386598404dba9baeb0e31ae48f |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network public http://172.16.80.130:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | cfd3eb223f5f4da3b9cd8b80ac7b7e03 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 624ad1386598404dba9baeb0e31ae48f |
| service_name | neutron |
| service_type | network |
| url | http://172.16.80.130:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network internal http://172.16.80.130:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1091bd52c35f4f53b5d371b4f32a677a |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 624ad1386598404dba9baeb0e31ae48f |
| service_name | neutron |
| service_type | network |
| url | http://172.16.80.130:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network admin http://172.16.80.130:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c674d06b4f1d45ca895e3786df708bfb |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 624ad1386598404dba9baeb0e31ae48f |
| service_name | neutron |
| service_type | network |
| url | http://172.16.80.130:9696 |
+--------------+----------------------------------+ 3、安装配置neutron
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset -y
[root@controller neutron]# grep -n "^[a-Z]" /etc/neutron/neutron.conf
3:verbose = True
20:state_path = /var/lib/neutron
60:core_plugin = ml2
77:service_plugins = router
92:auth_strategy = keystone
573:rpc_backend=rabbit
722:auth_uri = http://172.16.80.130:5000
723:auth_url = http://172.16.80.130:35357
724:auth_plugin = password
725:project_domain_id = default
726:user_domain_id = default
727:project_name = service
728:username = neutron
729:password = neutron
744:connection = mysql://neutron:neutron@172.16.80.130:3306/neutron
788:auth_url = http://172.16.80.130:35357
789:auth_plugin = password
790:project_domain_id = default
791:user_domain_id = default
792:region_name = RegionOne
793:project_name = service
794:username = nova
795:password = nova
831:lock_path = $state_path/lock
970:rabbit_host = 172.16.80.130
971:rabbit_port = 5672
972:rabbit_userid = openstack
973:rabbit_password = openstack
修改ml2配置文件
[root@controller ml2]# grep -n "^[a-Z]" /etc/neutron/plugins/ml2/ml2_conf.ini
5:type_drivers = flat,vlan,gre,vxlan,geneve
13:tenant_network_types = flat,vlan,gre,vxlan,geneve
18:mechanism_drivers = openvswitch,linuxbridge
27:extension_drivers = port_security
67:flat_networks = physnet1
120:enable_ipset = True
修改linuxbriage配置文件
[root@controller ml2]# grep -n "^[a-Z]" /etc/neutron/plugins/ml2/linuxbridge_agent.ini
3:linux_bridge]
12:physical_interface_mappings = physnet1:eno16777736
18:enable_vxlan = false
64:firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
68:enable_security_group = True
修改dhcp配置文件
[root@controller neutron]# grep -n "^[a-Z]" /etc/neutron/dhcp_agent.ini
14:interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
37:dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
60:enable_isolated_metadata = true
修改配置metadata_agent.ini
[root@controller neutron]# grep -n "^[a-Z]" /etc/neutron/metadata_agent.ini
5:verbose = True
6:auth_uri = http://172.16.80.130:5000
7:auth_url = http://172.16.80.130:35357
8:auth_region = RegionOne
9:auth_plugin = password
10:project_domain_id = default
11:user_domain_id = default
12:project_name = service
13:username = neutron
14:password = neutron
15:nova_metadata_ip = 172.16.80.130
16:metadata_proxy_shared_secret = neutron
4、在控制节点的nova中添加关于neutron的配置
[neutron]
url = http://172.16.80.130:9696
auth_url = http://172.16.80.130:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = neutron
[root@controller neutron]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
5、导入数据库并检查结果
[root@controller neutron]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@controller neutron]# mysql -e "use neutron;show tables;"
+-----------------------------------------+
| Tables_in_neutron |
+-----------------------------------------+
| address_scopes |
| agents |
| alembic_version |
| allowedaddresspairs |
| arista_provisioned_nets |
| arista_provisioned_tenants |
| arista_provisioned_vms |
| brocadenetworks |
| brocadeports |
| cisco_csr_identifier_map |
| cisco_hosting_devices |
| cisco_ml2_apic_contracts |
| cisco_ml2_apic_host_links |
| cisco_ml2_apic_names |
| cisco_ml2_n1kv_network_bindings |
| cisco_ml2_n1kv_network_profiles |
| cisco_ml2_n1kv_policy_profiles |
| cisco_ml2_n1kv_port_bindings |
| cisco_ml2_n1kv_profile_bindings |
| cisco_ml2_n1kv_vlan_allocations |
| cisco_ml2_n1kv_vxlan_allocations |
| cisco_ml2_nexus_nve |
| cisco_ml2_nexusport_bindings |
| cisco_port_mappings |
| cisco_router_mappings |
| consistencyhashes |
| csnat_l3_agent_bindings |
| default_security_group |
| dnsnameservers |
| dvr_host_macs |
| embrane_pool_port |
| externalnetworks |
| extradhcpopts |
| firewall_policies |
| firewall_rules |
| firewalls |
| flavors |
| flavorserviceprofilebindings |
| floatingips |
| ha_router_agent_port_bindings |
| ha_router_networks |
| ha_router_vrid_allocations |
| healthmonitors |
| ikepolicies |
| ipallocationpools |
| ipallocations |
| ipamallocationpools |
| ipamallocations |
| ipamavailabilityranges |
| ipamsubnets |
| ipavailabilityranges |
| ipsec_site_connections |
| ipsecpeercidrs |
| ipsecpolicies |
| lsn |
| lsn_port |
| maclearningstates |
| members |
| meteringlabelrules |
| meteringlabels |
| ml2_brocadenetworks |
| ml2_brocadeports |
| ml2_dvr_port_bindings |
| ml2_flat_allocations |
| ml2_geneve_allocations |
| ml2_geneve_endpoints |
| ml2_gre_allocations |
| ml2_gre_endpoints |
| ml2_network_segments |
| ml2_nexus_vxlan_allocations |
| ml2_nexus_vxlan_mcast_groups |
| ml2_port_binding_levels |
| ml2_port_bindings |
| ml2_ucsm_port_profiles |
| ml2_vlan_allocations |
| ml2_vxlan_allocations |
| ml2_vxlan_endpoints |
| multi_provider_networks |
| networkconnections |
| networkdhcpagentbindings |
| networkgatewaydevicereferences |
| networkgatewaydevices |
| networkgateways |
| networkqueuemappings |
| networkrbacs |
| networks |
| networksecuritybindings |
| neutron_nsx_network_mappings |
| neutron_nsx_port_mappings |
| neutron_nsx_router_mappings |
| neutron_nsx_security_group_mappings |
| nexthops |
| nsxv_edge_dhcp_static_bindings |
| nsxv_edge_vnic_bindings |
| nsxv_firewall_rule_bindings |
| nsxv_internal_edges |
| nsxv_internal_networks |
| nsxv_port_index_mappings |
| nsxv_port_vnic_mappings |
| nsxv_router_bindings |
| nsxv_router_ext_attributes |
| nsxv_rule_mappings |
| nsxv_security_group_section_mappings |
| nsxv_spoofguard_policy_network_mappings |
| nsxv_tz_network_bindings |
| nsxv_vdr_dhcp_bindings |
| nuage_net_partition_router_mapping |
| nuage_net_partitions |
| nuage_provider_net_bindings |
| nuage_subnet_l2dom_mapping |
| ofcfiltermappings |
| ofcnetworkmappings |
| ofcportmappings |
| ofcroutermappings |
| ofctenantmappings |
| packetfilters |
| poolloadbalanceragentbindings |
| poolmonitorassociations |
| pools |
| poolstatisticss |
| portbindingports |
| portinfos |
| portqueuemappings |
| ports |
| portsecuritybindings |
| providerresourceassociations |
| qos_bandwidth_limit_rules |
| qos_network_policy_bindings |
| qos_policies |
| qos_port_policy_bindings |
| qosqueues |
| quotas |
| quotausages |
| reservations |
| resourcedeltas |
| router_extra_attributes |
| routerl3agentbindings |
| routerports |
| routerproviders |
| routerroutes |
| routerrules |
| routers |
| securitygroupportbindings |
| securitygrouprules |
| securitygroups |
| serviceprofiles |
| sessionpersistences |
| subnetpoolprefixes |
| subnetpools |
| subnetroutes |
| subnets |
| tz_network_bindings |
| vcns_router_bindings |
| vips |
| vpnservices |
+-----------------------------------------+
6、重启nova-api,并启动neutron服务
[root@controller neutron]# systemctl restart openstack-nova-api
[root@controller neutron]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
[root@controller neutron]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
7、检查结果
[root@controller neutron]# neutron agent-list
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| 4f0ef1a2-85a6-4d6c-874c-51e139a41a8a | Metadata agent | controller | :-) | True | neutron-metadata-agent |
| 89ec6936-111c-4416-9c70-ef50ad8c2ae3 | DHCP agent | controller | :-) | True | neutron-dhcp-agent |
| d438159e-d277-411f-9f64-edda90ce383d | Linux bridge agent | controller | :-) | True | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+ 8、安装部署计算节点上面的neutron服务
[root@computer1 ~]# yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset -y
直接从控制节点复制过去,无需更改
[root@controller neutron]# scp /etc/neutron/neutron.conf 172.16.80.131:/etc/neutron/
neutron.conf 100% 36KB 35.9KB/s 00:00
[root@controller neutron]# scp /etc/neutron/plugins/ml2/linuxbridge_agent.ini 172.16.80.131:/etc/neutron/plugins/ml2/
linuxbridge_agent.ini 9、配置计算节点的nova
[neutron]
url = http://172.16.80.130:9696
auth_url = http://172.16.80.130:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = neutron 10、启动服务
[root@computer1 ml2]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@computer1 ml2]# systemctl restart openstack-nova-compute.service
[root@computer1 ml2]# systemctl enable neutron-linuxbridge-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
[root@computer1 ml2]# systemctl start neutron-linuxbridge-agent.service
11、在控制节点验证
[root@controller neutron]# neutron agent-list
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| 0f96e7fb-d369-451f-bd3d-6c0900c97a79 | Linux bridge agent | computer1 | :-) | True | neutron-linuxbridge-agent |
| 4f0ef1a2-85a6-4d6c-874c-51e139a41a8a | Metadata agent | controller | :-) | True | neutron-metadata-agent |
| 89ec6936-111c-4416-9c70-ef50ad8c2ae3 | DHCP agent | controller | :-) | True | neutron-dhcp-agent |
| d438159e-d277-411f-9f64-edda90ce383d | Linux bridge agent | controller | :-) | True | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
运维网声明
1、欢迎大家加入本站运维交流群:群②:261659950 群⑤:202807635 群⑦870801961 群⑧679858003
2、本站所有主题由该帖子作者发表,该帖子作者与运维网 享有帖子相关版权
3、所有作品的著作权均归原作者享有,请您和我们一样尊重他人的著作权等合法权益。如果您对作品感到满意,请购买正版
4、禁止制作、复制、发布和传播具有反动、淫秽、色情、暴力、凶杀等内容的信息,一经发现立即删除。若您因此触犯法律,一切后果自负,我们对此不承担任何责任
5、所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其内容的准确性、可靠性、正当性、安全性、合法性等负责,亦不承担任何法律责任
6、所有作品仅供您个人学习、研究或欣赏,不得用于商业或者其他用途,否则,一切后果均由您自己承担,我们对此不承担任何法律责任
7、如涉及侵犯版权等问题,请您及时通知我们,我们将立即采取措施予以解决
8、联系人Email:admin@iyunv.com 网址:www.yunweiku.com