Openstack云平台搭建课程五·网络服务Neutron-技术学堂

这是搭建Openstack云平台的第五堂课，主要讲解网络组件neutron的配置过程。Neutron负责Openstack中的网络资源，提供ip、vlan、vxlan、route等服务。

创建数据库用户

1	mysql -uroot -pMariadb123

create database neutron;

grant all privileges on neutron.* to 'neutron'@'localhost' identified by 'Neutron123';

grant all privileges on neutron.* to 'neutron'@'%' identified by 'Neutron123';

flush privileges;

exit

配置neutron服务凭证

创建neutron服务凭证

# source /opt/scripts/admin

# 开始创建用户

openstack user create \

--domain default \

--password-prompt neutron

输入密码(Neutron123)后继续：

openstack role add \

--project service \

--user neutron admin

openstack service create \

--name neutron \

--description "OpenStack Networking" network

创建endpoint

openstack endpoint create \

--region RegionOne network public http://controller:9696

openstack endpoint create \

--region RegionOne network internal http://controller:9696

openstack endpoint create \

--region RegionOne network admin http://controller:9696

配置控制节点上的网络服务

安装 neutron

1	yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge

配置 neutron

修改配置/etc/neutron/neutron.conf：

[DEFAULT]

bind_host = 10.10.100.150

core_plugin = ml2

service_plugins =

allow_overlapping_ips = True

auth_strategy = keystone

notify_nova_on_port_status_changes = True

notify_nova_on_port_data_changes = True

transport_url = rabbit://openstack:Openstack123@controller:5672

[database]

connection = mysql+pymysql://neutron:Neutron123@controller/neutron

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = neutron

password = Neutron123

[nova]

auth_url = http://controller:35357

auth_type = password

project_domain_name = Default

user_domain_name = Default

region_name = RegionOne

project_name = service

username = nova

password = Nova123

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

配置 modular layer 2

修改配置/etc/neutron/plugins/ml2/ml2_conf.ini：

[ml2]

type_drivers = flat,vlan,vxlan

tenant_network_types = vxlan

mechanism_drivers = linuxbridge,l2population

#如果不使用vxlan只使用vlan，以上三行改为如下三行

#type_drivers = flat,vlan

#tenant_network_types =

#mechanism_drivers = linuxbridge

extension_drivers = port_security

[ml2_type_flat]

flat_networks = provider

[ml2_type_vlan]

#如果不使用vxlan只使用vlan，去掉如下配置的注释

#network_vlan_ranges = provider

[ml2_type_vxlan]

#值可自行调整；如果不使用vxlan，注释该配置

vni_ranges = 1:1000

[securitygroup]

enable_ipset = True

配置 linuxbridge agent

修改配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini：

[linux_bridge]

physical_interface_mappings = provider:ens34

[securitygroup]

enable_security_group = True

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

[vxlan]

#如果不使用vxlan，注释以下三项配置，或enable_vxlan = False

enable_vxlan = True

local_ip = 10.10.100.150

l2_population = True

注意：

physical_interface_mappings 为底层的物理公共网络接口
local_ip 为控制节点的管理网络的IP地址

启用操作系统内核网桥过滤器，修改配置/usr/lib/sysctl.d/00-system.conf：

1 2	net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1

配置 layer 3 agent

修改配置/etc/neutron/l3_agent.ini：

1 2	[DEFAULT] interface_driver = linuxbridge

配置 dhcp agent

修改配置/etc/neutron/dhcp_agent.ini：

[DEFAULT]

interface_driver = linuxbridge

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = True

配置 metadata agent

修改配置/etc/neutron/metadata_agent.ini：

[DEFAULT]

nova_metadata_ip = 10.10.100.150

metadata_proxy_shared_secret = Metadata123

配置 nova

修改配置/etc/nova/nova.conf：

[neutron]

url = http://controller:9696

auth_url = http://controller:35357

auth_type = password

project_domain_name = Default

user_domain_name = Default

region_name = RegionOne

project_name = service

username = neutron

password = Neutron123

service_metadata_proxy = True

metadata_proxy_shared_secret = Metadata123

1	ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

同步数据

su -s /bin/sh -c "neutron-db-manage \

--config-file /etc/neutron/neutron.conf \

--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

启动应用

1 2	systemctl enable openstack-nova-api neutron-server neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent neutron-l3-agent systemctl start openstack-nova-api neutron-server neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent neutron-l3-agent

至此，控制节点上的网络服务已经完成配置。

配置计算节点上的网络服务

安装 neutron

1	yum -y install openstack-neutron-linuxbridge

配置 neutron

修改配置/etc/neutron/neutron.conf：

[DEFAULT]

bind_host = 10.10.100.151

auth_strategy = keystone

transport_url = rabbit://openstack:Openstack123@controller:5672

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = neutron

password = Neutron123

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

配置 linuxbridge agent

修改配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini：

[linux_bridge]

physical_interface_mappings = provider:ens34

[securitygroup]

enable_security_group = True

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

[vxlan]

#如果不使用vxlan，注释以下三项配置，或enable_vxlan = False

enable_vxlan = true

local_ip = 10.10.100.151

l2_population = true

配置 nova

修改配置/etc/nova/nova.conf：

[neutron]

url = http://controller:9696

auth_url = http://controller:35357

auth_type = password

region_name = RegionOne

project_domain_name = Default

user_domain_name = Default

project_name = service

username = neutron

password = Neutron123

同样需要确保操作系统内核支持网桥过滤器（参照控制节点）。

启动应用

1 2	systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent

验证结果

在控制节点上执行以下命令，查看网络状态。

1 2	openstack extension list --network openstack network agent list

至此，计算节点上的网络服务也完成配置。

原创文章禁止转载：技术学堂 » Openstack云平台搭建课程五·网络服务Neutron

Openstack云平台搭建课程五·网络服务Neutron

配置neutron服务凭证

配置控制节点上的网络服务

配置计算节点上的网络服务

验证结果

作者：刘智林

相关推荐

精彩评论点击这里取消回复。

猜您喜欢

最新文章

感谢您的支持与鼓励

支付宝扫一扫打赏

微信扫一扫打赏