增加Networking - 前期准备(controller)
Networking又叫做Neutron,是Openstack必不可少的组件,它其实是网络虚拟化的实现工具,可以让我们模拟出路由器、交换机、网卡等网络设备。
Neutron支持两种网络模式,第一种是非常简单的网络架构,它仅支持是让实例连接外网,不支持自定义网络、路由器以及浮动ip。只有管理员或者授权的用户有权限去管理网络。第二种网络功能比较强大,支持自定义网络管理,支持自建路由器并且也支持浮动ip。即使没有授权的用户也可以管理网络,支持用户自己配置和管理。
创建库、授权账号 mysql -uroot -ptn1Pi6Ytm
> CREATE DATABASE neutron;
> GRANT ALL PRIVILEGES ON nova.* TO ‘nova‘@‘localhost‘ IDENTIFIED BY ‘RYgv0rg7p‘;
> GRANT ALL PRIVILEGES ON nova.* TO ‘nova‘@‘%‘ IDENTIFIED BY ‘RYgv0rg7p‘;
执行脚本 source admin-openrc.sh
创建neutron用户(密码为mdcGVl29i)
openstack user create --domain default --password-prompt neutron
把admin角色添加到neutron用户里
openstack role add --project service --user neutron admin
创建neutron实例
openstack service create --name neutron --description "OpenStack Networking" network
创建networking服务api终端
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
增加Networking - 配置(controller)
安装组件
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge python-neutronclient ebtables ipset -y
配置服务端组件
vim /etc/neutron/neutron.conf //更改或增加
[DEFAULT]
core_plugin = ml2
service_plugins =
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
verbose = True
[database]
connection = mysql://neutron:[email protected]/neutron
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = o3NXovnz5
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = mdcGVl29i
[nova]
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = hsSNsqc43
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置ml2 插件
vim /etc/neutron/plugins/ml2/ml2_conf.ini //更改或增加
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = public
[securitygroup]
enable_ipset = True
编辑linux桥接agent
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini //增加或更改
[linux_bridge]
physical_interface_mappings = public:eno16777736
[vxlan]
enable_vxlan = False
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置dhcp agent
vim /etc/neutron/dhcp_agent.ini //增加或更改
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
verbose = True
增加Networking - 配置元数据agent(controller)
编辑配置文件
vim /etc/neutron/metadata_agent.ini //更改或增加
[DEFAULT]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = mdcGVl29i
nova_metadata_ip = controller
metadata_proxy_shared_secret = m8uhmQTu2
verbose = True
说明:需要删除掉配置文件里原有的 auth_url auth_region admin_tenant_name admin_user admin_password
增加Networking - compute使用网络(controller)
vim /etc/nova/nova.conf //更改或添加
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = mdcGVl29i
service_metadata_proxy = True
metadata_proxy_shared_secret = m8uhmQTu2
增加Networking - 启动服务(controller)
创建ml2插件配置文件创建软连接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
生成数据
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重启compute api服务
systemctl restart openstack-nova-api.service
启动服务
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
增加Networking - 配置compute节点(compute)
安装组件 yum install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset
配置普通组件 vim /etc/neutron/neutron.conf //更改或增加
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
verbose = True
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = o3NXovnz5
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = mdcGVl29i
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置linux桥接agent
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eno16777736
[vxlan]
enable_vxlan = False
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置compute使用网络
vim /etc/nova/nova.conf //更改或增加
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = mdcGVl29i
启动服务
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
增加Networking - 验证配置(controller)
执行环境变量脚本
source admin-openrc.sh
列出所有的扩展
neutron ext-list
列出所有agent
neutron agent-list
agent type如下:
Linux bridge agent
Linux bridge agent
DHCP agent
Metadata agent
必须要有4个,否则说明上面的某个步骤配置有问题。