OpenStack:安装Neutron与provider network

1. 安装
(1)Install Networking services on a dedicated network node
# apt-get install neutron-server neutron-dhcp-agent neutron-plugin-openvswitch-agent
不需要L3Agent
删除sqlite
rm -f /var/lib/neutron/neutron.sqlite

编辑/etc/sysctl.conf, Enable packet forwarding and disable packet destination filtering
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0

重新加载
# sysctl -p
# service networking restart
如果不行,则
# /etc/init.d/networking restart
2. 创建db
create database neutron;
grant all privileges on neutron.* to ‘neutron‘@‘%‘ identified by ‘openstack‘;
grant all privileges on neutron.* to ‘neutron‘@‘localhost‘ identified by ‘openstack‘;

3. 创建user, role
# keystone user-create --name=neutron --pass=openstack
# keystone user-role-add --user=neutron --tenant=service --role=admin

4. 配置:
(1)配置/etc/neutron/neutron.conf :
[DEFAULT]
core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
auth_strategy=keystone
control_exchange = neutron
rabbit_host = controller
rabbit_userid = guest
rabbit_password = openstack
notification_driver = neutron.openstack.common.notifier.rabbit_notifier

[database]
connection = mysql://neutron:[email protected]/neutron

[keystone_authtoken]
auth_uri = http://controller:35357
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = neutron
admin_password = openstack

(2)配置/etc/neutron/api-paste.ini:
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_uri = http://controller:35357
auth_host = controller
auth_port = 35357
admin_tenant_name = service
admin_user = neutron
admin_password = openstack

警告:Warning
keystoneclient.middleware.auth_token: You must configure auth_uri to point to the public identity endpoint. Otherwise, clients might not be able to authenticate against an admin endpoint.

(3)配置/etc/neutron/dhcp_agent.ini
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

(4)配置 /etc/nova/nova.conf, 回头关联nova
[DEFAULT]
neutron_metadata_proxy_shared_secret = openstack
service_neutron_metadata_proxy = true

network_api_class=nova.network.neutronv2.api.API

neutron_admin_username=neutron
neutron_admin_password=openstack
neutron_admin_auth_url=http://controller:35357/v2.0/
neutron_auth_strategy=keystone
neutron_admin_tenant_name=service
neutron_url=http://controller:9696/

需要重启:
# service nova-api restart

(5)配置/etc/neutron/metadata_agent.ini
[DEFAULT]
auth_url = http://controller:35357/v2.0
auth_region = regionOne
admin_tenant_name = service
admin_user = neutron
admin_password = openstack
nova_metadata_ip = controller
metadata_proxy_shared_secret = openstack

5. 注册service, endpoint:
# keystone service-create \
--name=neutron --type=network \
--description="OpenStack Networking Service"

# keystone endpoint-create \
--service-id 455075d2fb9540ac864c345109c291cf \
--publicurl http://controller:9696 \
--adminurl http://controller:9696 \
--internalurl http://controller:9696

-------------------------------------------------------------------
>在Network Node安装Neutron
0. 安装OVS
知道3种interface
MGMI_INTERFACE: 管理接口, 使用eth1, 一般要关闭
DATA_INTERFACE: 数据接口, 使用eth1
EXTERNAL_INTERFACE: 外部接口, 使用eth0, 如果有多ISP,都绑定于该interface.
(1) 安装
# apt-get install neutron-plugin-openvswitch-agent
# ovs-vsctl add-br br-int
br-int是OVS连接VM必需的, 至于br-ex根据网络拓扑需要, 在flat网络则不用.

(2) 配置 /etc/neutron/dhcp_agent.ini
[DEFAULT]
enable_isolated_metadata = True
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = False
其中use_namespaces根据需要设定,如果是flat应该没有必要吧?
需要重启
# service neutron-dhcp-agent restart

(3)配置/etc/neutron/neutron.conf, 设置OVS
core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2

(4)配置/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini, 设置firewall_driver
[securitygroup]
# Firewall driver for realizing neutron security group function.
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs]
tenant_network_type = none
enable_tunneling = False
network_vlan_ranges = physnet0, physnet1
bridge_mappings = physnet0:br-eth0, physnet1:br-eth1
则需要创建

(5)重启
# service openvswitch-switch restart(只在安装后重启一次即可,不能重启)
# service neutron-plugin-openvswitch-agent restart
-------------------------------------------------------------------

8. 重启neutron服务.
service neutron-server restart
service neutron-dhcp-agent restart
service neutron-metadata-agent restart
service neutron-plugin-openvswitch-agent restart

======================================
配置网络:

(1)执行下述ovs命令
# ovs-vsctl add-br br-eth0
# ovs-vsctl add-port br-eth0 eth0
# ovs-vsctl add-br br-eth1
# ovs-vsctl add-port br-eth1 eth1

(2)配置interfaces
[email protected]:~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual
        up ifconfig eth0 0.0.0.0 promisc up
        down ifconfig eth0 down

auto br-eth0
iface br-eth0 inet static
        address 192.168.2.3
        netmask 255.255.255.0
        gateway 192.168.2.2
        dns-nameservers 192.168.2.2

auto eth1
iface eth1 inet manual
        up ifconfig eth1 0.0.0.0 promisc up
        down ifconfig eth1 down

auto br-eth1
iface br-eth1 inet static
        address 10.0.0.3
        netmastk 255.255.255.0

一旦声明 bridge_ports eth0,就不能再声明iface eth0, 否则Linux启动会报网络错误.
-----------------------------------------------
关闭gro
ethtool -k eth0
ethtool -K eth0 gro off
ethtool -k eth1
ethtool -K eth1 gro off
------------------------------------------------