openstack-rocky安装部署-05安装neutron
先决条件
创建neutron数据库并授权
mysql -uroot -p123 CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY '123'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY '123';
#创建neutron用户:
openstack user create --domain default --password-prompt neutron
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 9c956221f4d24100bbd7d11b2a97a198 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
#将admin角色添加到neutron用户:
openstack role add --project service --user neutron admin
#创建neutron服务实体:
openstack service create --name neutron \
--description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 5f917fccf7e0443b9ed902d19946bf30 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
#创建网络服务API端点:
openstack endpoint create --region RegionOne \
network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 92e66b3e38d3408cbc3e264850d9b74c |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5f917fccf7e0443b9ed902d19946bf30 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne \
network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 861f29f729974fefa2b143ce9128c903 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5f917fccf7e0443b9ed902d19946bf30 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne \
network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0cf735160b9f4063930b879df3102825 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5f917fccf7e0443b9ed902d19946bf30 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
#安装组件
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
配置
vi /etc/neutron/neutron.conf
[database] # ... connection = mysql+pymysql://neutron:123@controller/neutron #在该[DEFAULT]部分中,启用模块化第2层(ML2)插件,路由器服务和重叠的IP地址: [DEFAULT] # ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:123@controller auth_strategy = keystone # ... notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = 123 [nova] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = 123 [oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp
vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2] # ... type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] # ... flat_networks = provider [ml2_type_vxlan] # ... vni_ranges = 1:1000 [securitygroup] # ... enable_ipset = true
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge] physical_interface_mappings = provider:ens33 [vxlan] enable_vxlan = true local_ip = 10.1.1.11 l2_population = true [securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
sysctl设置为1
net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-ip6tables
modprobe br_netfilter
vi /etc/neutron/l3_agent.ini
[DEFAULT] # ... interface_driver = linuxbridge
vi /etc/neutron/dhcp_agent.ini
[DEFAULT] # ... interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true
vi /etc/neutron/metadata_agent.ini
[DEFAULT] # ... nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET
vi /etc/nova/nova.conf
[neutron] # ... url = http://controller:9696 auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = 123 service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Running upgrade for neutron ... INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Running upgrade -> kilo INFO [alembic.runtime.migration] Running upgrade kilo -> 354db87e3225 INFO [alembic.runtime.migration] Running upgrade 354db87e3225 -> 599c6a226151 INFO [alembic.runtime.migration] Running upgrade 599c6a226151 -> 52c5312f6baf INFO [alembic.runtime.migration] Running upgrade 52c5312f6baf -> 313373c0ffee INFO [alembic.runtime.migration] Running upgrade 313373c0ffee -> 8675309a5c4f INFO [alembic.runtime.migration] Running upgrade 8675309a5c4f -> 45f955889773 INFO [alembic.runtime.migration] Running upgrade 45f955889773 -> 26c371498592 INFO [alembic.runtime.migration] Running upgrade 26c371498592 -> 1c844d1677f7 INFO [alembic.runtime.migration] Running upgrade 1c844d1677f7 -> 1b4c6e320f79 INFO [alembic.runtime.migration] Running upgrade 1b4c6e320f79 -> 48153cb5f051 INFO [alembic.runtime.migration] Running upgrade 48153cb5f051 -> 9859ac9c136 INFO [alembic.runtime.migration] Running upgrade 9859ac9c136 -> 34af2b5c5a59 INFO [alembic.runtime.migration] Running upgrade 34af2b5c5a59 -> 59cb5b6cf4d INFO [alembic.runtime.migration] Running upgrade 59cb5b6cf4d -> 13cfb89f881a INFO [alembic.runtime.migration] Running upgrade 13cfb89f881a -> 32e5974ada25 INFO [alembic.runtime.migration] Running upgrade 32e5974ada25 -> ec7fcfbf72ee INFO [alembic.runtime.migration] Running upgrade ec7fcfbf72ee -> dce3ec7a25c9 INFO [alembic.runtime.migration] Running upgrade dce3ec7a25c9 -> c3a73f615e4 INFO [alembic.runtime.migration] Running upgrade c3a73f615e4 -> 659bf3d90664 INFO [alembic.runtime.migration] Running upgrade 659bf3d90664 -> 1df244e556f5 INFO [alembic.runtime.migration] Running upgrade 1df244e556f5 -> 19f26505c74f INFO [alembic.runtime.migration] Running upgrade 19f26505c74f -> 15be73214821 INFO [alembic.runtime.migration] Running upgrade 15be73214821 -> b4caf27aae4 INFO [alembic.runtime.migration] Running upgrade b4caf27aae4 -> 15e43b934f81 INFO [alembic.runtime.migration] Running upgrade 15e43b934f81 -> 31ed664953e6 INFO [alembic.runtime.migration] Running upgrade 31ed664953e6 -> 2f9e956e7532 INFO [alembic.runtime.migration] Running upgrade 2f9e956e7532 -> 3894bccad37f INFO [alembic.runtime.migration] Running upgrade 3894bccad37f -> 0e66c5227a8a INFO [alembic.runtime.migration] Running upgrade 0e66c5227a8a -> 45f8dd33480b INFO [alembic.runtime.migration] Running upgrade 45f8dd33480b -> 5abc0278ca73 INFO [alembic.runtime.migration] Running upgrade kilo -> 30018084ec99 INFO [alembic.runtime.migration] Running upgrade 30018084ec99 -> 4ffceebfada INFO [alembic.runtime.migration] Running upgrade 4ffceebfada -> 5498d17be016 INFO [alembic.runtime.migration] Running upgrade 5498d17be016 -> 2a16083502f3 INFO [alembic.runtime.migration] Running upgrade 2a16083502f3 -> 2e5352a0ad4d INFO [alembic.runtime.migration] Running upgrade 2e5352a0ad4d -> 11926bcfe72d INFO [alembic.runtime.migration] Running upgrade 11926bcfe72d -> 4af11ca47297 INFO [alembic.runtime.migration] Running upgrade 4af11ca47297 -> 1b294093239c INFO [alembic.runtime.migration] Running upgrade 1b294093239c -> 8a6d8bdae39 INFO [alembic.runtime.migration] Running upgrade 8a6d8bdae39 -> 2b4c2465d44b INFO [alembic.runtime.migration] Running upgrade 2b4c2465d44b -> e3278ee65050 INFO [alembic.runtime.migration] Running upgrade e3278ee65050 -> c6c112992c9 INFO [alembic.runtime.migration] Running upgrade c6c112992c9 -> 5ffceebfada INFO [alembic.runtime.migration] Running upgrade 5ffceebfada -> 4ffceebfcdc INFO [alembic.runtime.migration] Running upgrade 4ffceebfcdc -> 7bbb25278f53 INFO [alembic.runtime.migration] Running upgrade 7bbb25278f53 -> 89ab9a816d70 INFO [alembic.runtime.migration] Running upgrade 5abc0278ca73 -> d3435b514502 INFO [alembic.runtime.migration] Running upgrade d3435b514502 -> 30107ab6a3ee INFO [alembic.runtime.migration] Running upgrade 30107ab6a3ee -> c415aab1c048 INFO [alembic.runtime.migration] Running upgrade c415aab1c048 -> a963b38d82f4 INFO [alembic.runtime.migration] Running upgrade 89ab9a816d70 -> c879c5e1ee90 INFO [alembic.runtime.migration] Running upgrade c879c5e1ee90 -> 8fd3918ef6f4 INFO [alembic.runtime.migration] Running upgrade 8fd3918ef6f4 -> 4bcd4df1f426 INFO [alembic.runtime.migration] Running upgrade 4bcd4df1f426 -> b67e765a3524 INFO [alembic.runtime.migration] Running upgrade a963b38d82f4 -> 3d0e74aa7d37 INFO [alembic.runtime.migration] Running upgrade 3d0e74aa7d37 -> 030a959ceafa INFO [alembic.runtime.migration] Running upgrade 030a959ceafa -> a5648cfeeadf INFO [alembic.runtime.migration] Running upgrade a5648cfeeadf -> 0f5bef0f87d4 INFO [alembic.runtime.migration] Running upgrade 0f5bef0f87d4 -> 67daae611b6e INFO [alembic.runtime.migration] Running upgrade 67daae611b6e -> 6b461a21bcfc INFO [alembic.runtime.migration] Running upgrade 6b461a21bcfc -> 5cd92597d11d INFO [alembic.runtime.migration] Running upgrade 5cd92597d11d -> 929c968efe70 INFO [alembic.runtime.migration] Running upgrade 929c968efe70 -> a9c43481023c INFO [alembic.runtime.migration] Running upgrade a9c43481023c -> 804a3c76314c INFO [alembic.runtime.migration] Running upgrade 804a3c76314c -> 2b42d90729da INFO [alembic.runtime.migration] Running upgrade 2b42d90729da -> 62c781cb6192 INFO [alembic.runtime.migration] Running upgrade 62c781cb6192 -> c8c222d42aa9 INFO [alembic.runtime.migration] Running upgrade c8c222d42aa9 -> 349b6fd605a6 INFO [alembic.runtime.migration] Running upgrade 349b6fd605a6 -> 7d32f979895f INFO [alembic.runtime.migration] Running upgrade 7d32f979895f -> 594422d373ee INFO [alembic.runtime.migration] Running upgrade 594422d373ee -> 61663558142c INFO [alembic.runtime.migration] Running upgrade 61663558142c -> 867d39095bf4, port forwarding INFO [alembic.runtime.migration] Running upgrade b67e765a3524 -> a84ccf28f06a INFO [alembic.runtime.migration] Running upgrade a84ccf28f06a -> 7d9d8eeec6ad INFO [alembic.runtime.migration] Running upgrade 7d9d8eeec6ad -> a8b517cff8ab INFO [alembic.runtime.migration] Running upgrade a8b517cff8ab -> 3b935b28e7a0 INFO [alembic.runtime.migration] Running upgrade 3b935b28e7a0 -> b12a3ef66e62 INFO [alembic.runtime.migration] Running upgrade b12a3ef66e62 -> 97c25b0d2353 INFO [alembic.runtime.migration] Running upgrade 97c25b0d2353 -> 2e0d7a8a1586 INFO [alembic.runtime.migration] Running upgrade 2e0d7a8a1586 -> 5c85685d616d OK
systemctl restart openstack-nova-api.service systemctl enable neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service systemctl start neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl start neutron-l3-agent.service
安装配置计算节点
yum install openstack-neutron-linuxbridge ebtables ipset
配置
vi /etc/neutron/neutron.conf
[DEFAULT] # ... transport_url = rabbit://openstack:123@controller auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = 123 [oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge] physical_interface_mappings = provider:ens33 [vxlan] enable_vxlan = true local_ip = 10.1.1.12 l2_population = true [securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
sysctl设置为1
net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-ip6tables
modprobe br_netfilter
vi /etc/nova/nova.conf
[neutron] # ... url = http://controller:9696 auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = 123
完成安装
systemctl restart openstack-nova-compute.service systemctl enable neutron-linuxbridge-agent.service systemctl start neutron-linuxbridge-agent.service
验证
#列出加载的网络插件 openstack extension list --network +-----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ | Name | Alias | Description | +-----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ | Default Subnetpools | default-subnetpools | Provides ability to mark and use a subnetpool as the default. | | Availability Zone | availability_zone | The availability zone extension. | | Network Availability Zone | network_availability_zone | Availability zone support for network. | | Auto Allocated Topology Services | auto-allocated-topology | Auto Allocated Topology Services. | | Neutron L3 Configurable external gateway mode | ext-gw-mode | Extension of the router abstraction for specifying whether SNAT should occur on the external gateway | | Port Binding | binding | Expose port bindings of a virtual port to external application | | agent | agent | The agent management extension. | | Subnet Allocation | subnet_allocation | Enables allocation of subnets from a subnet pool | | L3 Agent Scheduler | l3_agent_scheduler | Schedule routers among l3 agents | | Neutron external network | external-net | Adds external network attribute to network resource. | | Tag support for resources with standard attribute: subnet, trunk, router, network, policy, subnetpool, port, security_group, floatingip | standard-attr-tag | Enables to set tag on resources with standard attribute. | | Neutron Service Flavors | flavors | Flavor specification for Neutron advanced services. | | Network MTU | net-mtu | Provides MTU attribute for a network resource. | | Network IP Availability | network-ip-availability | Provides IP availability data for each network and subnet. | | Quota management support | quotas | Expose functions for quotas management per tenant | | If-Match constraints based on revision_number | revision-if-match | Extension indicating that If-Match based on revision_number is supported. | | Availability Zone Filter Extension | availability_zone_filter | Add filter parameters to AvailabilityZone resource | | HA Router extension | l3-ha | Adds HA capability to routers. | | Filter parameters validation | filter-validation | Provides validation on filter parameters. | | Multi Provider Network | multi-provider | Expose mapping of virtual networks to multiple physical networks | | Quota details management support | quota_details | Expose functions for quotas usage statistics per project | | Address scope | address-scope | Address scopes extension. | | Neutron Extra Route | extraroute | Extra routes configuration for L3 router | | Network MTU (writable) | net-mtu-writable | Provides a writable MTU attribute for a network resource. | | Empty String Filtering Extension | empty-string-filtering | Allow filtering by attributes with empty string value | | Subnet service types | subnet-service-types | Provides ability to set the subnet service_types field | | Neutron Port MAC address regenerate | port-mac-address-regenerate | Network port MAC address regenerate | | Resource timestamps | standard-attr-timestamp | Adds created_at and updated_at fields to all Neutron resources that have Neutron standard attributes. | | Provider Network | provider | Expose mapping of virtual networks to physical networks | | Neutron Service Type Management | service-type | API for retrieving service providers for Neutron advanced services | | Router Flavor Extension | l3-flavors | Flavor support for routers. | | Port Security | port-security | Provides port security | | Neutron Extra DHCP options | extra_dhcp_opt | Extra options configuration for DHCP. For example PXE boot options to DHCP clients can be specified (e.g. tftp-server, server-ip-address, bootfile-name) | | Port filtering on security groups | port-security-groups-filtering | Provides security groups filtering when listing ports | | Resource revision numbers | standard-attr-revisions | This extension will display the revision number of neutron resources. | | Pagination support | pagination | Extension that indicates that pagination is enabled. | | Sorting support | sorting | Extension that indicates that sorting is enabled. | | security-group | security-group | The security groups extension. | | DHCP Agent Scheduler | dhcp_agent_scheduler | Schedule networks among dhcp agents | | Floating IP Port Details Extension | fip-port-details | Add port_details attribute to Floating IP resource | | Router Availability Zone | router_availability_zone | Availability zone support for router. | | RBAC Policies | rbac-policies | Allows creation and modification of policies that control tenant access to resources. | | standard-attr-description | standard-attr-description | Extension to add descriptions to standard attributes | | IP address substring filtering | ip-substring-filtering | Provides IP address substring filtering when listing ports | | Neutron L3 Router | router | Router abstraction for basic L3 forwarding between L2 Neutron networks and access to external networks via a NAT gateway. | | Allowed Address Pairs | allowed-address-pairs | Provides allowed address pairs | | Port Bindings Extended | binding-extended | Expose port bindings of a virtual port to external application | | project_id field enabled | project-id | Extension that indicates that project_id field is enabled. | | Distributed Virtual Router | dvr | Enables configuration of Distributed Virtual Routers. | +-----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ #显示简版信息 neutron ext-list neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. +--------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ | alias | name | +--------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ | default-subnetpools | Default Subnetpools | | availability_zone | Availability Zone | | network_availability_zone | Network Availability Zone | | auto-allocated-topology | Auto Allocated Topology Services | | ext-gw-mode | Neutron L3 Configurable external gateway mode | | binding | Port Binding | | agent | agent | | subnet_allocation | Subnet Allocation | | l3_agent_scheduler | L3 Agent Scheduler | | external-net | Neutron external network | | standard-attr-tag | Tag support for resources with standard attribute: subnet, trunk, router, network, policy, subnetpool, port, security_group, floatingip | | flavors | Neutron Service Flavors | | net-mtu | Network MTU | | network-ip-availability | Network IP Availability | | quotas | Quota management support | | revision-if-match | If-Match constraints based on revision_number | | availability_zone_filter | Availability Zone Filter Extension | | l3-ha | HA Router extension | | filter-validation | Filter parameters validation | | multi-provider | Multi Provider Network | | quota_details | Quota details management support | | address-scope | Address scope | | extraroute | Neutron Extra Route | | net-mtu-writable | Network MTU (writable) | | empty-string-filtering | Empty String Filtering Extension | | subnet-service-types | Subnet service types | | port-mac-address-regenerate | Neutron Port MAC address regenerate | | standard-attr-timestamp | Resource timestamps | | provider | Provider Network | | service-type | Neutron Service Type Management | | l3-flavors | Router Flavor Extension | | port-security | Port Security | | extra_dhcp_opt | Neutron Extra DHCP options | | port-security-groups-filtering | Port filtering on security groups | | standard-attr-revisions | Resource revision numbers | | pagination | Pagination support | | sorting | Sorting support | | security-group | security-group | | dhcp_agent_scheduler | DHCP Agent Scheduler | | fip-port-details | Floating IP Port Details Extension | | router_availability_zone | Router Availability Zone | | rbac-policies | RBAC Policies | | standard-attr-description | standard-attr-description | | ip-substring-filtering | IP address substring filtering | | router | Neutron L3 Router | | allowed-address-pairs | Allowed Address Pairs | | binding-extended | Port Bindings Extended | | project-id | project_id field enabled | | dvr | Distributed Virtual Router | +--------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+ #查看网络代理列表 openstack network agent list +--------------------------------------+--------------------+-------+-------------------+-------+-------+---------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+--------------------+-------+-------------------+-------+-------+---------------------------+ | 3e0471a8-129d-4be2-848c-4b5767039c66 | DHCP agent | ceph1 | nova | :-) | UP | neutron-dhcp-agent | | 5f473521-5467-46b1-895a-a39df69bf93e | Metadata agent | ceph1 | None | :-) | UP | neutron-metadata-agent | | 88b34a07-151e-4cee-8eb6-40b9cce332cc | Linux bridge agent | ceph2 | None | :-) | UP | neutron-linuxbridge-agent | | e1a4f712-4b2b-4628-937a-061fb96b1903 | L3 agent | ceph1 | nova | :-) | UP | neutron-l3-agent | | fdddcb28-2100-4122-ae93-4dab9019656d | Linux bridge agent | ceph1 | None | :-) | UP | neutron-linuxbridge-agent | +--------------------------------------+--------------------+-------+-------------------+-------+-------+---------------------------+
浙公网安备 33010602011771号