1、创建neutorn数据库
[email protected]:~/ocata# mysql -uroot -p -e "CREATE DATABASE neutron"
Enter password:
[email protected]:~/ocata# mysql -uroot -p -e "GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘localhost‘ IDENTIFIED BY ‘zoomtech‘"
Enter password:
[email protected]:~/ocata# mysql -uroot -p -e "GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘%‘ IDENTIFIED BY ‘zoomtech‘"
Enter password:
[email protected]:~/ocata# mysql -uroot -p -e "show databases"
Enter password:
+--------------------+
| Database |
+--------------------+
| glance |
| information_schema |
| keystone |
| mysql |
| neutron |
| performance_schema |
+--------------------+
2、创建neutron用户
[email protected]:~/ocata# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 9b061a9a70b44f789f708204a05b1ca7 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[email protected]:~/ocata# openstack role add --project service --user neutron admin
3、创建neutron服务和API端点
[email protected]:~/ocata# openstack service create --name neutron \
> --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | e93ed45e076040cf8f4270f27a774520 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[email protected]:~/ocata# openstack endpoint create --region RegionOne \
> network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | adb27efba0e14dafb307f061621590e9 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e93ed45e076040cf8f4270f27a774520 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[email protected]:~/ocata# openstack endpoint create --region RegionOne \
> network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a86afe9e4c84438489e63273384999a5 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e93ed45e076040cf8f4270f27a774520 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[email protected]:~/ocata# openstack endpoint create --region RegionOne \
> network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ac23ceb889ef45e4ad4e66e5caeda97f |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e93ed45e076040cf8f4270f27a774520 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
4、安装neutron
[email protected]:~/ocata# apt install neutron-server neutron-plugin-ml2 \
neutron-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent \
neutron-metadata-agent -y
5、配置元数据
[email protected]:~/ocata# vim /etc/neutron/metadata_agent.ini
nova_metadata_ip = controller
metadata_proxy_shared_secret = zoomtech
6、配置计算节点使用neutron服务
[email protected]:~/ocata# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = zoomtech
service_metadata_proxy = true
metadata_proxy_shared_secret = zoomtech
7、配置neutron服务
[email protected]:~/ocata# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
transport_url = rabbit://openstack:[email protected]
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
#connection = sqlite:////var/lib/neutron/neutron.sqlite
connection = mysql+pymysql://neutron:[email protected]/neutron
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = zoomtech
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = zoomtech
8、配置ML2 Plug-in
[email protected]:~/ocata# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = local,flat,vlan,gre,vxlan,geneve
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
#flat_networks = *
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
9、配置Linux bridge
[email protected]:~/ocata# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:enp0s1
[vxlan]
enable_vxlan = true
local_ip = 10.1.1.3
l2_population = True
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
10、配置L3代理
[email protected]:~/ocata# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge
11、配置DHCP代理
[email protected]:~/ocata# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
12、同步数据库
[email protected]:~/ocata# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
13、启动neutron相关服务
[email protected]:~/ocata# service nova-api restart
[email protected]:~/ocata# service neutron-server restart
[email protected]:~/ocata# service neutron-linuxbridge-agent restart
[email protected]:~/ocata# service neutron-dhcp-agent restart
[email protected]:~/ocata# service neutron-metadata-agent restart
[email protected]:~/ocata# service neutron-l3-agent restart
14、验证安装
[email protected]:~/ocata# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 50bab5f4ef81410eb9af71bba516c270 | keystone | identity |
| 86a9f0234e4846bdac32c10b553a41f5 | glance | image |
| e93ed45e076040cf8f4270f27a774520 | neutron | network |
+----------------------------------+----------+----------+
[email protected]:~/ocata# openstack extension list --network
+---------------------------------------------------+---------------------------+---------------------------------------------------+
| Name | Alias | Description |
+---------------------------------------------------+---------------------------+---------------------------------------------------+
| Default Subnetpools | default-subnetpools | Provides ability to mark and use a subnetpool as |
| | | the default |
| Network IP Availability | network-ip-availability | Provides IP availability data for each network |
| | | and subnet. |
| Network Availability Zone | network_availability_zone | Availability zone support for network. |
| Auto Allocated Topology Services | auto-allocated-topology | Auto Allocated Topology Services. |
| Neutron L3 Configurable external gateway mode | ext-gw-mode | Extension of the router abstraction for |
| | | specifying whether SNAT should occur on the |
| | | external gateway |
| Port Binding | binding | Expose port bindings of a virtual port to |
| | | external application |
| agent | agent | The agent management extension. |
| Subnet Allocation | subnet_allocation | Enables allocation of subnets from a subnet pool |
| L3 Agent Scheduler | l3_agent_scheduler | Schedule routers among l3 agents |
| Tag support | tag | Enables to set tag on resources. |
| Neutron external network | external-net | Adds external network attribute to network |
| | | resource. |
| Neutron Service Flavors | flavors | Flavor specification for Neutron advanced |
| | | services |
| Network MTU | net-mtu | Provides MTU attribute for a network resource. |
| Availability Zone | availability_zone | The availability zone extension. |
| Quota management support | quotas | Expose functions for quotas management per tenant |
| HA Router extension | l3-ha | Add HA capability to routers. |
| Provider Network | provider | Expose mapping of virtual networks to physical |
| | | networks |
| Multi Provider Network | multi-provider | Expose mapping of virtual networks to multiple |
| | | physical networks |
| Address scope | address-scope | Address scopes extension. |
| Neutron Extra Route | extraroute | Extra routes configuration for L3 router |
| Subnet service types | subnet-service-types | Provides ability to set the subnet service_types |
| | | field |
| Resource timestamps | standard-attr-timestamp | Adds created_at and updated_at fields to all |
| | | Neutron resources that have Neutron standard |
| | | attributes. |
| Neutron Service Type Management | service-type | API for retrieving service providers for Neutron |
| | | advanced services |
| Router Flavor Extension | l3-flavors | Flavor support for routers. |
| Port Security | port-security | Provides port security |
| Neutron Extra DHCP opts | extra_dhcp_opt | Extra options configuration for DHCP. For example |
| | | PXE boot options to DHCP clients can be specified |
| | | (e.g. tftp-server, server-ip-address, bootfile- |
| | | name) |
| Resource revision numbers | standard-attr-revisions | This extension will display the revision number |
| | | of neutron resources. |
| Pagination support | pagination | Extension that indicates that pagination is |
| | | enabled. |
| Sorting support | sorting | Extension that indicates that sorting is enabled. |
| security-group | security-group | The security groups extension. |
| DHCP Agent Scheduler | dhcp_agent_scheduler | Schedule networks among dhcp agents |
| Router Availability Zone | router_availability_zone | Availability zone support for router. |
| RBAC Policies | rbac-policies | Allows creation and modification of policies that |
| | | control tenant access to resources. |
| Tag support for resources: subnet, subnetpool, | tag-ext | Extends tag support to more L2 and L3 resources. |
| port, router | | |
| standard-attr-description | standard-attr-description | Extension to add descriptions to standard |
| | | attributes |
| Neutron L3 Router | router | Router abstraction for basic L3 forwarding |
| | | between L2 Neutron networks and access to |
| | | external networks via a NAT gateway. |
| Allowed Address Pairs | allowed-address-pairs | Provides allowed address pairs |
| project_id field enabled | project-id | Extension that indicates that project_id field is |
| | | enabled. |
| Distributed Virtual Router | dvr | Enables configuration of Distributed Virtual |
| | | Routers. |
+---------------------------------------------------+---------------------------+---------------------------------------------------+
[email protected]:~/ocata#
[email protected]:~/ocata# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 2f617b1d-4a8e-45e3-a557-55062774c6b2 | DHCP agent | controller | nova | True | UP | neutron-dhcp-agent |
| 549136d3-a6f0-42de-994e-aac0649d69e7 | L3 agent | controller | nova | True | UP | neutron-l3-agent |
| b32558c3-76c0-44b9-8f28-34ddff5efc6f | Metadata agent | controller | None | True | UP | neutron-metadata-agent |
| fc733db6-64ea-47b6-9494-16894240a87c | Linux bridge agent | controller | None | True | UP | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
创建public网络
[email protected]:~# openstack network create --share --provider-physical-network provider --provider-network-type flat --external public
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2017-02-28T07:47:36Z |
| description | |
| dns_domain | None |
| id | bca3dd5e-1ab7-4c83-94e8-40e3a3622984 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| mtu | 1500 |
| name | public |
| port_security_enabled | True |
| project_id | 56d3f276e94d48ffb014a6fe5776d0e5 |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 4 |
| router:external | External |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | |
| updated_at | 2017-02-28T07:47:36Z |
+---------------------------+--------------------------------------+
创建public 子网
[email protected]:~# openstack subnet create --network public --subnet-range 192.168.13.0/24 --gateway 192.168.13.1 --allocation-pool start=192.168.13.105,end=192.168.13.116 public-subnet
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 192.168.13.105-192.168.13.116 |
| cidr | 192.168.13.0/24 |
| created_at | 2017-02-28T07:48:56Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 192.168.13.1 |
| host_routes | |
| id | e1841a5a-5261-4f0b-a733-0baac021bcd4 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | public-subnet |
| network_id | bca3dd5e-1ab7-4c83-94e8-40e3a3622984 |
| project_id | 56d3f276e94d48ffb014a6fe5776d0e5 |
| revision_number | 2 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| updated_at | 2017-02-28T07:48:56Z |
+-------------------+--------------------------------------+
创建Private内部网络和子网
[email protected]:~/ocata# openstack network create private
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2017-02-28T09:08:46Z |
| description | |
| dns_domain | None |
| id | 01c2ac0a-a87c-4cfc-a5d9-7a82a4aadc5a |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| mtu | 1450 |
| name | private |
| port_security_enabled | True |
| project_id | 56d3f276e94d48ffb014a6fe5776d0e5 |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | 70 |
| qos_policy_id | None |
| revision_number | 3 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| updated_at | 2017-02-28T09:08:46Z |
+---------------------------+--------------------------------------+
[email protected]:~/ocata# openstack subnet create --network private --dns-nameserver 202.96.134.133 --gateway 10.1.1.1 --subnet-range 10.1.1.0/24 private-subnet
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 10.1.1.2-10.1.1.254 |
| cidr | 10.1.1.0/24 |
| created_at | 2017-02-28T09:09:00Z |
| description | |
| dns_nameservers | 202.96.134.133 |
| enable_dhcp | True |
| gateway_ip | 10.1.1.1 |
| host_routes | |
| id | af296076-a12f-4d65-a5ce-2d47ba520cff |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | private-subnet |
| network_id | 01c2ac0a-a87c-4cfc-a5d9-7a82a4aadc5a |
| project_id | 56d3f276e94d48ffb014a6fe5776d0e5 |
| revision_number | 2 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| updated_at | 2017-02-28T09:09:00Z |
+-------------------+--------------------------------------+
[email protected]:~/ocata# openstack network list
+--------------------------------------+---------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+---------+--------------------------------------+
| 01c2ac0a-a87c-4cfc-a5d9-7a82a4aadc5a | private | af296076-a12f-4d65-a5ce-2d47ba520cff |
| bca3dd5e-1ab7-4c83-94e8-40e3a3622984 | public | e1841a5a-5261-4f0b-a733-0baac021bcd4 |
+--------------------------------------+---------+--------------------------------------+