【六】Openstack-Networking (neutron)

部署网络服务neutron

一、Install and configure controller node

#官方地址
https://docs.openstack.org/neutron/train/install/controller-install-rdo.html#configure-the-compute-service-to-use-the-networking-service

#1.To create the database, complete these steps
mysql -u root -p
MariaDB [(none)] CREATE DATABASE neutron;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron123';

#2.Source the admin credentials to gain access to admin-only CLI commands
bash admin-openrc.sh

#3.To create the service credentials, complete these steps
#Create the neutron user
openstack user create --domain default --password-prompt neutron
#Add the admin role to the neutron user
openstack role add --project service --user neutron admin
#Create the neutron service entity
openstack service create --name neutron --description "OpenStack Networking" network
[root@openstack-controller1 ~]# openstack service list
+----------------------------------+-----------+-----------+
| ID                               | Name      | Type      |
+----------------------------------+-----------+-----------+
| 136177a135ec4761b391c077f29091c0 | neutron   | network   |
| 48efaf2b284a4aa1acd745b2a083cc8e | nova      | compute   |
| c615e0c6903344e69fb49a85859cdf64 | keystone  | identity  |
| ccb31e2f5d4d432692f0b3d6b8722a71 | glance    | image     |
| e046d16a01f442938f34f718c3577a4d | placement | placement |
+----------------------------------+-----------+-----------+

#4.Create the Networking service API endpoints:
openstack endpoint create --region RegionOne network public http://openstack-vip.xks.local:9696
openstack endpoint create --region RegionOne network internal http://openstack-vip.xks.local:9696
openstack endpoint create --region RegionOne network admin http://openstack-vip.xks.local:9696
[root@openstack-controller1 ~]# openstack endpoint list | grep 9696
| d1a435bac0f3433085e4b42dab1557d5 | RegionOne | neutron      | network      | True    | public    | http://openstack-vip.xks.local:9696      |
| ebf9df6d7a3f4657afff78b7140a37f8 | RegionOne | neutron      | network      | True    | internal  | http://openstack-vip.xks.local:9696      |
| f948d828723b4a2e85ea135caf275bb6 | RegionOne | neutron      | network      | True    | admin     | http://openstack-vip.xks.local:9696      |

#配置Haproxy 条目
[root@openstack-haproxy1 ~]# vim /etc/haproxy/haproxy.cfg

listen openstack-neutron-9696
  bind 192.168.40.248:9696
  mode tcp
  server 192.168.40.101 192.168.40.101:9696 check inter 3s fall 3 rise 5

[root@openstack-haproxy1 ~]# systemctl restart haproxy

[root@openstack-haproxy1 ~]# netstat -ntlp | grep 9696
tcp        0      0 192.168.40.248:9696     0.0.0.0:*               LISTEN      27257/haproxy

##【Configure networking options】
#Configure networking options-Networking Option 1: Provider networks
#https://docs.openstack.org/neutron/train/install/controller-install-option1-rdo.html
#Install the components
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

#Configure the server component
#Edit the /etc/neutron/neutron.conf file and complete the following actions:
vim /etc/neutron/neutron.conf
[database]
# ...
connection = mysql+pymysql://neutron:neutron123@openstack-vip.xks.local/neutron
#In the [DEFAULT] section, enable the Modular Layer 2 (ML2) plug-in and disable additional plug-ins:
[DEFAULT]
# ...
core_plugin = ml2
service_plugins =
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack123@openstack-vip.xks.local
[DEFAULT]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
www_authenticate_uri = http://openstack-vip.xks.local:5000
auth_url = http://openstack-vip.xks.local:5000
memcached_servers = openstack-vip.xks.local:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

#In the [DEFAULT] and [nova] sections, configure Networking to notify Compute of network topology changes:
[DEFAULT]
# ...
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[nova]
# ...
auth_url = http://openstack-vip.xks.local:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova

#configure the lock path
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
#检查配置
[root@openstack-controller1 neutron]# grep "^[a-Z\[]" /etc/neutron/neutron.conf


#Configure the Modular Layer 2 (ML2) plug-in
#Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file and complete the following action
#由于默认的配置文件不全 需要手动复制配置文件进行修改  下面是配置文件下载路径
#https://docs.openstack.org/newton/config-reference/networking/samples/ml2_conf.ini.html
vim  /etc/neutron/plugins/ml2/ml2_conf.ini 
#In the [ml2] section, enable flat and VLAN networks
[ml2]
# ...
type_drivers = flat,vlan

#In the [ml2] section, disable self-service networks:
[ml2]
# ...
tenant_network_types =

#In the [ml2] section, enable the Linux bridge mechanism
[ml2]
# ...
mechanism_drivers = linuxbridge

#In the [ml2] section, enable the port security extension driver
[ml2]
# ...
extension_drivers = port_security

#In the [ml2_type_flat] section, configure the provider virtual network as a flat network
[ml2_type_flat]
# ...
flat_networks = external

#In the [securitygroup] section, enable ipset to increase efficiency of security group rules
[securitygroup]
# ...
enable_ipset = true
#检查配置
[root@openstack-controller1 neutron]# grep "^[a-Z\[]" /etc/neutron/plugins/ml2/ml2_conf.ini


#Configure the Linux bridge agent
#Edit the /etc/neutron/plugins/ml2/linuxbridge_agent.ini file and complete the following actions:
#默认文件不全 需要官网下载 
#https://docs.openstack.org/newton/config-reference/networking/samples/linuxbridge_agent.ini
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
#In the [linux_bridge] section, map the provider virtual network to the provider physical network interface:
#这里的示例physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME:指上面配置的flat_networks名称为什么就是什么-external
[linux_bridge]
#physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
physical_interface_mappings = external:eth0

#In the [vxlan] section, disable VXLAN overlay networks:
[vxlan]
enable_vxlan = false

#In the [securitygroup] section, enable security groups and configure the Linux bridge iptables firewall driver:
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#检查配置
[root@openstack-controller1 neutron]# grep "^[a-Z\[]" /etc/neutron/plugins/ml2/linuxbridge_agent.ini
#Ensure your Linux operating system kernel supports network bridge filters by verifying all the following sysctl values are set to 1:
vim /etc/sysctl.conf
    net.bridge.bridge-nf-call-iptables = 1
    net.bridge.bridge-nf-call-ip6tables = 1
modprobe br_netfilter
sysctl -p


#Configure the DHCP agent
#Edit the /etc/neutron/dhcp_agent.ini
vim /etc/neutron/dhcp_agent.ini
#In the [DEFAULT] section, configure the Linux bridge interface driver, Dnsmasq DHCP driver, 
#and enable isolated metadata so instances on provider networks can access metadata over the network
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

#Configure the metadata agent
#Edit the /etc/neutron/metadata_agent.ini file
vim /etc/neutron/metadata_agent.ini
#In the [DEFAULT] section, configure the metadata host and shared secret
[DEFAULT]
# ...
nova_metadata_host = openstack-vip.xks.local
metadata_proxy_shared_secret = sheca123

#Configure the Compute service to use the Networking service
#Edit the /etc/nova/nova.conf file and perform the following action
vim /etc/nova/nova.conf
#In the [neutron] section, configure access parameters, enable the metadata proxy, and configure the secret:
[neutron]
# ...
auth_url = http://openstack-vip.xks.local:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = sheca123

#Finalize installation
#1.The Networking service initialization scripts expect a symbolic link /etc/neutron/plugin.ini pointing to the ML2 plug-in configuration file, /etc/neutron/plugins/ml2/ml2_conf.ini. 
#If this symbolic link does not exist, create it using the following command
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

#2.Populate the database
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

#3.Restart the Compute API service
systemctl restart openstack-nova-api.service

#4.Start the Networking services and configure them to start when the system boots.
systemctl enable neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
systemctl start neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
#5.Log查看
[root@openstack-controller1 neutron]# tail -f /var/log/nova/*.log
[root@openstack-node1 ~]# tail -f /var/log/neutron/*.log


#如果选择Optional 2  才需要执行 第一种方式不需要执行
#For networking option 2, also enable and start the layer-3 service
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service

二、Install and configure compute node

#node上操作
#Install the components
yum install -y openstack-neutron-linuxbridge ebtables ipset

##Configure the common component
#etc/neutron/neutron.conf file and complete the following actions:
#In the [DEFAULT] section, configure RabbitMQ message queue access:
vim /etc/neutron/neutron.conf
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack123@openstack-vip.xks.local

#In the [DEFAULT] and [keystone_authtoken] sections, configure Identity service access:
[DEFAULT]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
www_authenticate_uri = http://openstack-vip.xks.local:5000
auth_url = http://openstack-vip.xks.local:5000
memcached_servers = openstack-vip.xks.local:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

#In the [oslo_concurrency] section, configure the lock path:
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

##Configure networking options
#选择Networking Option 1: Provider networks、官方地址:https://docs.openstack.org/neutron/train/install/compute-install-option1-rdo.html
#Configure the Linux bridge agent
#Edit the /etc/neutron/plugins/ml2/linuxbridge_agent.ini file and complete the following actions:
#默认文件不全 需要官网下载 
#https://docs.openstack.org/newton/config-reference/networking/samples/linuxbridge_agent.ini
vim  /etc/neutron/plugins/ml2/linuxbridge_agent.ini
#这里的physical_interface_mappings = external:eth0 external是之前配置controller时配置的参数 
[linux_bridge]
physical_interface_mappings = external:eth0
#In the [vxlan] section, disable VXLAN overlay networks
[vxlan]
enable_vxlan = false
#In the [securitygroup] section, enable security groups and configure the Linux bridge iptables firewall driver:
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#Ensure your Linux operating system kernel supports network bridge filters by verifying all the following sysctl values are set to 1:
vim /etc/sysctl.conf
    net.bridge.bridge-nf-call-iptables = 1
    net.bridge.bridge-nf-call-ip6tables = 1
modprobe br_netfilter
sysctl -p

##Configure the Compute service to use the Networking service#
vim /etc/nova/nova.conf
[neutron]
# ...
auth_url = http://openstack-vip.xks.local:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron

##Finalize installation
#1.Restart the Compute service:
systemctl restart openstack-nova-compute.service
#2.Start the Linux bridge agent and configure it to start when the system boots:
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service

#3.Log
tail -f /var/log/neutron/*.log
tail -f /var/log/nova/*.log


##Verify operation
#https://docs.openstack.org/neutron/train/install/verify-option1.html
#controller 上操作
source admin-openrc.sh

openstack extension list --network

[root@openstack-controller1 ~]# openstack network agent list
+--------------------------------------+--------------------+---------------------------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host                            | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+---------------------------------+-------------------+-------+-------+---------------------------+
| 24543051-e329-4e2a-ac58-c1d373bad7b0 | Linux bridge agent | openstack-controller1.xks.local | None              | :-)   | UP    | neutron-linuxbridge-agent |
| 54413aa2-9430-4529-bdd8-e22c2e2a1b3f | DHCP agent         | openstack-controller1.xks.local | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 970d62fe-5bc9-4a38-a32d-070d9ed26996 | Linux bridge agent | openstack-node1.xks.local       | None              | :-)   | UP    | neutron-linuxbridge-agent |
| de57dd0a-684c-4b6f-8b5f-5c01dca70c93 | Metadata agent     | openstack-controller1.xks.local | None              | :-)   | UP    | neutron-metadata-agent    |
+--------------------------------------+--------------------+---------------------------------+-------------------+-------+-------+---------------------------+

 

posted @ 2023-07-23 21:19  しみずよしだ  阅读(22)  评论(0)    收藏  举报