技术学堂
这是搭建Openstack云平台的第五堂课,主要讲解网络组件neutron的配置过程。Neutron负责Openstack中的网络资源,提供ip、vlan、vxlan、route等服务。
创建数据库用户
mysql -uroot -pMariadb123
create database neutron; grant all privileges on neutron.* to 'neutron'@'localhost' identified by 'Neutron123'; grant all privileges on neutron.* to 'neutron'@'%' identified by 'Neutron123'; flush privileges; exit
配置neutron服务凭证
创建neutron服务凭证
# source /opt/scripts/admin # 开始创建用户 openstack user create \ --domain default \ --password-prompt neutron
输入密码(Neutron123)后继续:
openstack role add \ --project service \ --user neutron admin openstack service create \ --name neutron \ --description "OpenStack Networking" network
创建endpoint
openstack endpoint create \ --region RegionOne network public http://controller:9696 openstack endpoint create \ --region RegionOne network internal http://controller:9696 openstack endpoint create \ --region RegionOne network admin http://controller:9696
配置控制节点上的网络服务
安装 neutron
yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge
配置 neutron
修改配置/etc/neutron/neutron.conf:
[DEFAULT] bind_host = 10.10.100.150 core_plugin = ml2 service_plugins = allow_overlapping_ips = True auth_strategy = keystone notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True transport_url = rabbit://openstack:Openstack123@controller:5672 [database] connection = mysql+pymysql://neutron:Neutron123@controller/neutron [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = Neutron123 [nova] auth_url = http://controller:35357 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = Nova123 [oslo_concurrency] lock_path = /var/lib/neutron/tmp
配置 modular layer 2
修改配置/etc/neutron/plugins/ml2/ml2_conf.ini:
[ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population #如果不使用vxlan只使用vlan,以上三行改为如下三行 #type_drivers = flat,vlan #tenant_network_types = #mechanism_drivers = linuxbridge extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vlan] #如果不使用vxlan只使用vlan,去掉如下配置的注释 #network_vlan_ranges = provider [ml2_type_vxlan] #值可自行调整;如果不使用vxlan,注释该配置 vni_ranges = 1:1000 [securitygroup] enable_ipset = True
配置 linuxbridge agent
修改配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini:
[linux_bridge] physical_interface_mappings = provider:ens34 [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver [vxlan] #如果不使用vxlan,注释以下三项配置,或enable_vxlan = False enable_vxlan = True local_ip = 10.10.100.150 l2_population = True
注意:
- physical_interface_mappings 为底层的物理公共网络接口
- local_ip 为控制节点的管理网络的IP地址
启用操作系统内核网桥过滤器,修改配置/usr/lib/sysctl.d/00-system.conf:
net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1
配置 layer 3 agent
修改配置/etc/neutron/l3_agent.ini:
[DEFAULT] interface_driver = linuxbridge
配置 dhcp agent
修改配置/etc/neutron/dhcp_agent.ini:
[DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = True
配置 metadata agent
修改配置/etc/neutron/metadata_agent.ini:
[DEFAULT] nova_metadata_ip = 10.10.100.150 metadata_proxy_shared_secret = Metadata123
配置 nova
修改配置/etc/nova/nova.conf:
[neutron] url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = Neutron123 service_metadata_proxy = True metadata_proxy_shared_secret = Metadata123
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步数据
su -s /bin/sh -c "neutron-db-manage \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
启动应用
systemctl enable openstack-nova-api neutron-server neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent neutron-l3-agent systemctl start openstack-nova-api neutron-server neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent neutron-l3-agent
至此,控制节点上的网络服务已经完成配置。
配置计算节点上的网络服务
安装 neutron
yum -y install openstack-neutron-linuxbridge
配置 neutron
修改配置/etc/neutron/neutron.conf:
[DEFAULT] bind_host = 10.10.100.151 auth_strategy = keystone transport_url = rabbit://openstack:Openstack123@controller:5672 [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = Neutron123 [oslo_concurrency] lock_path = /var/lib/neutron/tmp
配置 linuxbridge agent
修改配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini:
[linux_bridge] physical_interface_mappings = provider:ens34 [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver [vxlan] #如果不使用vxlan,注释以下三项配置,或enable_vxlan = False enable_vxlan = true local_ip = 10.10.100.151 l2_population = true
配置 nova
修改配置/etc/nova/nova.conf:
[neutron] url = http://controller:9696 auth_url = http://controller:35357 auth_type = password region_name = RegionOne project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = Neutron123
同样需要确保操作系统内核支持网桥过滤器(参照控制节点)。
启动应用
systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent
验证结果
在控制节点上执行以下命令,查看网络状态。
openstack extension list --network openstack network agent list
至此,计算节点上的网络服务也完成配置。
原创文章禁止转载:技术学堂 » Openstack云平台搭建课程五·网络服务Neutron
