Ubuntu搭建Openstack平台（kilo）(五.neutron(二)网络节点与计算节点)

参考文档：http://www.aboutyun.com/thread-13116-1-1.html

http://www.aboutyun.com/thread-13117-1-1.html

网络节点

一.配置参数

• 环境配置

vim /etc/sysctl.conf

net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0

• 使配置生效

sysctl -p

二.安装neutron组件

1.安装

apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent -y

2.修改配置

vim /etc/neutron/neutron.conf

[DEFAULT]
verbose = True
rpc_backend = rabbit
#配置认证访问
auth_strategy = keystone

#启用 Modular Layer 2 (ML2) plug-in,路由服务, 和 overlapping IP addresses:
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True

#在[database]模块注释掉connection，因为网络节点不需要连接数据库

[oslo_messaging_rabbit]
#配置RabbitMQ 消息队列服务
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS(密码为创建的消息中间件密码，我的为123)

[keystone_authtoken]
#配置认证访问
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = NEUTRON_PASS(我的密码为neutron)

3.修改Modular Layer 2 (ML2) plug-in

vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
#启用flat,VLAN,GRE和VXLAN网络类型驱动,GRE租户网络,和OVS机制驱动:
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch

[ml2_type_gre]
#配置隧道标识的id范围
tunnel_id_ranges = 1:1000

[ml2_type_flat]
#配置external flat 提供的网络
flat_networks = external

[securitygroup]
#启用security groups, 启用 ipset, 和 配置  OVS iptables firewall 驱动
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs]
#启用隧道，配置本地隧道服务，和映射外部 flat 私有网络到 br-ex 外部网桥
#INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS是网络节点实例隧道网络接口的IP 我的是10.0.1.21
local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS（10.0.1.21）
bridge_mappings = external:br-ex

[agent]
#启用GRE隧道
tunnel_types = gre

4.配置Layer-3 (L3) agent

vim /etc/neutron/l3_agent.ini

[DEFAULT]
verbose = True
#配置网卡驱动，外部网桥，和启用是删除路由命名空间失效，external_network_bridge 是没有值的
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge =
router_delete_namespaces = True

5.配置DHCP

vim /etc/neutron/dhcp_agent.ini 

[DEFAULT]
verbose = True
#配置接口和 dhcp 驱动，启用失效删除 DHCP 命令空间
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
dhcp_delete_namespaces = True

6.配置 metadata

vim  /etc/neutron/metadata_agent.ini

[DEFAULT]
verbose = True
#配置访问参数
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = NEUTRON_PASS（我的neutron）

#配置metadata的主机
nova_metadata_ip = controller

#配置metadata共享代理密码（我设置的是123，与控制节点的要一致）
metadata_proxy_shared_secret = METADATA_SECRET（123）

• 在控制节点添加上面的密码配置

vim /etc/nova/nova.conf

[neutron]
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET(123)

退出后，重启nova-api服务
service nova-api restart

7.配置 Open vSwitch (OVS)服务

• 重启OVS服务

ervice openvswitch-switch restart

• 添加外部网桥

ovs-vsctl add-br br-ex

• 添加混杂模式网卡到 br-ex(INTERFACE_NAME是自己上外网的网卡，我的为eth2)

ovs-vsctl add-port br-ex INTERFACE_NAME(eth2)

• 注意,根据不同的网卡驱动，你可以需要禁用 generic receive offload (GRO)，暂时禁用 GRO 在外部网卡

ethtool -K INTERFACE_NAME gro off

8.重启网络服务

service neutron-plugin-openvswitch-agent restart
service neutron-l3-agent restart
service neutron-dhcp-agent restart
service neutron-metadata-agent restart

9.验证（控制节点）

• 加载环境

source admin-openrc.sh

• 列出创建成功的neutron代理

neutron agent-list
+------------------------------------+------------------+--------+-----+-------------+-------------------------+
|id                                  |agent_type        |host   |alive|admin_state_up| binary                  |
+-------------------------------------+-----------------+--------+-----+-------------+-------------------------+
|30275801-e17a-41e4-8f53-9db63544f689|Metadata agent    |network| :-) |True          |neutron-metadata-agent   |
|4bd8c50e-7bad-4f3b-955d-67658a491a15|Open vSwitch agent|network| :-) |True          |neutron-openvswitch-agent|
|756e5bba-b70f-4715-b80e-e37f59803d20|L3 agent          |network| :-) |True          |neutron-l3-agent         |
|9c45473c-6d6d-4f94-8df1-ebd0b6838d5f|DHCP agent        |network| :-) |True          |neutron-dhcp-agent       |
+------------------------------------+------------------+-------+-----+--------------+-------------------------+

计算节点

1.配置一定的内核网络参数

• 配置

vim  /etc/sysctl.conf 

net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1

• 生效

sysctl -p

2.安装neutron组件

apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent

3.修改配置

vim /etc/neutron/neutron.conf

[DEFAULT]
verbose = True
rpc_backend = rabbit
#配置认证访问
auth_strategy = keystone

#启用 Modular Layer 2 (ML2) plug-in,路由服务, 和 overlapping IP addresses:
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True

#在[database]模块注释掉connection，因为网络节点不需要连接数据库

[oslo_messaging_rabbit]
#配置RabbitMQ 消息队列服务
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS(密码为创建的消息中间件密码，我的为123)

[keystone_authtoken]
#配置认证访问
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = NEUTRON_PASS(我的密码为neutron)

4.修改Modular Layer 2 (ML2) plug-in

vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
#启用flat,VLAN,GRE和VXLAN网络类型驱动,GRE租户网络,和OVS机制驱动:
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch

[ml2_type_gre]
#配置隧道标识的id范围
tunnel_id_ranges = 1:1000

[securitygroup]
#启用security groups, 启用 ipset, 和 配置  OVS iptables firewall 驱动
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs]
#启用隧道，配置本地隧道服务
#INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS是计算节点实例隧道网络接口的IP 我的是10.0.1.31
local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS（10.0.1.31）

[agent]
#启用GRE隧道
tunnel_types = gre

5.配置 Open vSwitch (OVS)服务

• 重启OVS 服务

service openvswitch-switch restart

• 配置计算节点nova.conf(添加如下内容）

vim /etc/nova/nova.conf

[DEFAULT]
#配置Apis与驱动
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[neutron]
#配置访问参数
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = NEUTRON_PASS（我的密码为neutron）

• 重启计算服务与OVS代理

service nova-compute restart
service neutron-plugin-openvswitch-agent restart

6.控制节点验证

• 加载环境

source admin-openrc.sh

• 列出创建的neutron代理

neutron agent-list
+------------------------------------+------------------+-------+-----+--------------+--------------------------+
| id                                 | agent_type       | host  |alive|admin_state_up| binary                   |
+------------------------------------+------------------+-------+-----+--------------+--------------------------+
|30275801-e17a-41e4-8f53-9db63544f689|Metadata agent    |network| :-) | True         |neutron-metadata-agent    |
|4bd8c50e-7bad-4f3b-955d-67658a491a15|Open vSwitch agent|network| :-) | True         |neutron-openvswitch-agent |
|756e5bba-b70f-4715-b80e-e37f59803d20|L3 agent          |network| :-) | True         |neutron-l3-agent          |
|9c45473c-6d6d-4f94-8df1-ebd0b6838d5f|DHCP agent        |network| :-) | True         |neutron-dhcp-agent        |
|a5a49051-05eb-4b4f-bfc7-d36235fe9131|Open vSwitch agent|compute| :-) | True         |neutron-openvswitch-agent |
+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+