1.neutron提供了两种体系结构之一来部署网络服务(本次部署这里条件有限,使用提供商网络)
1.1提供商网络 提供商仅支持将实例附加到提供者(外部)网络的最简单的可能架构。 没有自助服务(专用)网络,路由器或浮动IP地址。只有管理员或其他特权用户才能管理提供商网络。 1.2自助服务网络 自助服务网络,增加了提供商网络,其中支持将实例附加到自助服务网络的第3层服务,可以使用路由器和浮动IP地址。 |
2.安装neutron所需的包
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y |
3.创建neutron数据库
3.1登录数据库 [root@controller ~]# mysql -u root -p000000 3.2创建neutron数据库 MariaDB [(none)]> CREATE DATABASE neutron; Query OK, 1 row affected (0.02 sec) 3.3授予neutron用户对neutron数据库的访问权限(000000为密码) MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ -> IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.09 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.00 sec) 3.4退出数据库 MariaDB [(none)]> exit Bye |
4.创建neutron服务实体和API端点
4.1创建neutron用户 [root@controller ~]# openstack user create --domain default --password-prompt neutron User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | 11c1d63da1784b51bc6d13335f635778 | | enabled | True | | id | 8998b1fce4804985b0d22b7fb4d9de3d | | name | neutron | +-----------+----------------------------------+ 4.2赋予neutron用户service项目admin角色 [root@controller ~]# openstack role add --project service --user neutron admin 4.3创建neutron的服务实体 [root@controller ~]# openstack service create --name neutron \ --description "OpenStack Networking" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | 4524bf3fded5470fabf968907ae73fb2 | | name | neutron | | type | network | +-------------+----------------------------------+ 4.4创建neutron的三个API端点 [root@controller ~]# openstack endpoint create --region RegionOne \ network public http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 254213602f3f46efb753490ae3473786 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 4524bf3fded5470fabf968907ae73fb2 | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne \ network internal http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 4ebaf278144744ee967ad44d0e66a40d | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 4524bf3fded5470fabf968907ae73fb2 | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne \ network admin http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | f3f49161e14f4ceea7f094480d5aab77 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 4524bf3fded5470fabf968907ae73fb2 | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ |
5.编辑多个配置文件
5.1编辑/etc/neutron/neutron.conf配置文件 vim /etc/neutron/neutron.conf 1 [DEFAULT] 2 core_plugin = ml2#启动ml2插件并禁用其它插件 3 service_plugins = #这里可以空着,也可以删掉 4 rpc_backend = rabbit#消息队列类型 5 auth_strategy = keystone 6 notify_nova_on_port_status_changes = True 7 notify_nova_on_port_data_changes = True 658 [database]#配置数据库访问 659 connection = mysql+pymysql://neutron:000000@controller/neutron 1145 [oslo_messaging_rabbit]#配置消息队列访问 1146 rabbit_host = controller 1147 rabbit_userid = openstack 1148 rabbit_password = 000000 767 [keystone_authtoken]#配置身份服务访问 768 auth_uri = http://controller:5000 769 auth_url = http://controller:35357 770 memcached_servers = controller:11211 771 auth_type = password 772 project_domain_name = default 773 user_domain_name = default 774 project_name = service 775 username = neutron 776 password = 000000 944 [nova]#配置nova 945 auth_url = http://controller:35357 946 auth_type = password 947 project_domain_name = default 948 user_domain_name = default 949 region_name = RegionOne 950 project_name = service 951 username = nova 952 password = 000000 1051 [oslo_concurrency]#锁路径 1052 lock_path = /var/lib/neutron/tmp 5.2编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件 [root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini 99 [ml2] 100 type_drivers = flat,vlan#启动平面网络和vlan 101 tenant_network_types = 102 mechanism_drivers = linuxbridge#启动桥接机制 103 extension_drivers = port_security#启动安全端口扩展驱动程序 148 [ml2_type_flat] 149 flat_networks = provider#将提供者虚拟网络配置为扁平网络 219 [securitygroup] 220 enable_ipset = True 5.3编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini [root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini 127 [linux_bridge] 128 physical_interface_mappings = provider:eno33554960#将提供者网络映射到物理接口,这里填控制节点的IP2名称(非管理IP) 164 [vxlan] 165 enable_vxlan = False#禁用xvlan覆盖网络 145 [securitygroup]#启用安全组并配置Linux网桥iptables防火墙驱动程序 146 enable_security_group = True 147 firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver 5.4编辑/etc/neutron/dhcp_agent.ini[root@controller ~]# vim /etc/neutron/dhcp_agent.ini 1 [DEFAULT]#配置Linux网桥接口驱动程序,Dnsmasq DHCP驱动程序,并启用隔离的元数据,以便提供商网络上的实例可以通过网络访问元数据。 2 interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver 3 dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq 4 enable_isolated_metadata = True 5.5编辑/etc/neutron/metadata_agent.ini配置文件 3 metadata_proxy_shared_secret = 000000#元数据密码 5.6编辑vim /etc/nova/nova.conf配置文件[root@controller ~]# vim /etc/nova/nova.conf 4146 [neutron]#配置neutron访问参数 4147 url = http://controller:9696 4148 auth_url = http://controller:35357 4149 auth_type = password 4150 project_domain_name = default 4151 user_domain_name = default 4152 region_name = RegionOne 4153 project_name = service 4154 username = neutron 4155 password = 000000 4157 service_metadata_proxy = True#启用元数据代理并配置密钥 4158 metadata_proxy_shared_secret = 000000 |
6.创建软连接并同步数据库
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini [root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ > --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron No handlers could be found for logger "oslo_config.cfg" INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Running upgrade for neutron ... INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Running upgrade -> kilo, kilo_initial INFO [alembic.runtime.migration] Running upgrade kilo -> 354db87e3225, nsxv_vdr_metadata.py INFO [alembic.runtime.migration] Running upgrade 354db87e3225 -> 599c6a226151, neutrodb_ipam INFO [alembic.runtime.migration] Running upgrade 599c6a226151 -> 52c5312f6baf, . .. ... 省略 |
7.启动服务
7.1重启nova-api [root@controller ~]# systemctl restart openstack-nova-api.service 7.2启动neutron服务并设置开机自动启动 [root@controller ~]# systemctl start neutron-server.service \ > neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ > neutron-metadata-agent.service [root@controller ~]# systemctl enable neutron-l3-agent.service Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service to /usr/lib/systemd/system/neutron-l3-agent.service. [root@controller ~]# systemctl start neutron-l3-agent.service |
8.验证操作
[root@controller ~]# neutron agent-list +--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+ | id | agent_type | host | availability_zone | alive | admin_state_up | binary | +--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+ | 2dd2220d-f579-49cd-9b08-f9504846d6c5 | Metadata agent | controller | | :-) | True | neutron-metadata-agent | | 97c1bf87-c65b-4c7d-aa0e-826fce839d02 | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent | | 9a841c18-6264-4a78-8e26-677aad09663a | L3 agent | controller | nova | :-) | True | neutron-l3-agent | | e5fb6817-f1ae-4160-8e40-fa290dd3a1af | Linux bridge agent | controller | | :-) | True | neutron-linuxbridge-agent | +--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+ |