OpenStack Train版双节点安装(十)安装网络服务neutron
更新:HHH   时间:2023-1-7


第十部分 安装网络服务neutron


一、准备工作

安装网络服务neutron之前,要先做好以下准备工作

1、备份目前的vmware-workstation虚拟机

关闭2台虚拟机,在windows资源管理器中找到安装vmware-workstation虚拟机的文件夹,备份一下这个文件夹。


2、备份好之后开启2台虚拟机,将虚拟机的网卡eth2调整成混杂模式,控制节点和计算节点均执行

yum install net-tools -y

ifconfig eth2 promisc

ifconfig

控制节点eth2网卡信息中有PROMISC字样表示已经启用混杂模式。


计算节点eth2网卡信息中有PROMISC字样表示已经启用混杂模式。

将上述命令写入到/etc/profile使下次重启后也生效:

vim /etc/profile


3、重启网络,确认主机间的网络通讯

systemctl restart network

ping c1

ping 10.8.20.42


4、在控制节点确认到目前为止所安装的服务都正常运行

. admin-openrc

检查keystone

openstack token issue


检查glance

openstack image list


检查placement

placement-status upgrade check


检查nova

openstack compute service list


nova-status upgrade check



二、在控制节点安装网络服务neutron

结合上一节所讲的物理部署,控制节点主要安装neutron的下面组件

由于下面使用的是二层网络架构,所以不按照l3三层网络的相关组件。


下面在控制节点(ct)进行操作安装Neurton网络服务

创建Neutron数据库
mysql -u root -p
MariaDB [(none)] > CREATE DATABASE neutron;

数据库授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';

创建neutron用户
. admin-openrc
openstack user create --domain default --password NEUTRON_PASS neutron

向neutron用户添加admin角色
openstack role add --project service --user neutron admin

创建neutron服务实体
openstack service create --name neutron --description "OpenStack Networking" network

创建neutron服务端点
openstack endpoint create --region RegionOne network public http://ct:9696
openstack endpoint create --region RegionOne network internal http://ct:9696
openstack endpoint create --region RegionOne network admin http://ct:9696

配置二层网络(官方文档为提供商网络)
1、安装软件包
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

openstack-neutron:neutron-server的包

openstack-neutron-ml2:ML2 plugin的包

openstack-neutron-linuxbridge:linux bridge network provider相关的包

ebtables:防火墙相关的包

2、修改 neutron 配置文件(共有5个配置文件需要修改)

(1)neutron server的配置文件neutron.conf
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
grep -Ev '^$|#' /etc/neutron/neutron.conf.bak>/etc/neutron/neutron.conf
vim /etc/neutron/neutron.conf

[database](加1行)
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@ct/neutron

[DEFAULT](加6行)
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:RABBIT_PASS@ct
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[keystone_authtoken](加9行)
www_authenticate_uri = http://ct:5000
auth_url = http://ct:5000
memcached_servers = ct:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS

[nova]([nova]自己加,加8行)
auth_url = http://ct:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS

[oslo_concurrency](加1行)
lock_path = /var/lib/neutron/tmp

(2)ML2 plugin的配置文件ml2_conf.ini
cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini.bak>/etc/neutron/plugins/ml2/ml2_conf.ini
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[securitygroup]
enable_ipset = true

(3)linux bridge network provider的配置文件linuxbridge_agent.ini
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak>/etc/neutron/plugins/ml2/linuxbridge_agent.ini
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:eth2

[vxlan]
enable_vxlan = false

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

注意上面的provder:eth2的写法(官方文档的坑点之一,其正确的写法是控制节点及计算节点连接外部网络的网卡eth2

从这段可以看出,INTERFACE_NAME指的是eth2,就是连接外部网络的那块网卡(provider interface)。

(4) 系统配置文件sysctl.conf(官方文档的坑点之一,它这里只是说明要检查而没有写如何配置
vim /etc/sysctl.conf
加入下面2行:
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

modprobe br_netfilter
sysctl -p

(5)dhcp agent配置文件dhcp_agent.ini
cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.bak> /etc/neutron/dhcp_agent.ini
vim /etc/neutron/dhcp_agent.ini

[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

配置元数据代理,以便和nova通讯(可以参考上节所讲的neutron和nova的交互部分)
vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = ct
metadata_proxy_shared_secret = METADATA_SECRET

修改nova的配置文件,也是为了和neutron进行交互
vim /etc/nova/nova.conf
在原来的基础上,再在[neutron]部分加入:
[neutron](共10行)
auth_url = http://ct:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET

建立ml2的软连接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

填充Neutron数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

重新启动nova-api服务
systemctl restart openstack-nova-api.service

启动neutron服务和配置开机启动
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

启动好之后,可以使用systemctl status命令查看各个服务运行的状态,使用netstat -tnlup查看是否有9696端口。
至此,控制节点上的neutron服务组件安装完毕,下面切换到另外一台虚拟机,在计算节点上安装neutron服务。

三、在计算节点安装网络服务neutron

结合上一节所讲的物理部署,计算节点主要安装neutron的下面组件

计算节点(c1)上进行如下操作安装网络服务neutron(计算节点)


安装组件
yum install openstack-neutron-linuxbridge ebtables ipset -y

修改配置文件
(1)修改neutron主配置文件
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
grep -Ev '^$|#' /etc/neutron/neutron.conf.bak>/etc/neutron/neutron.conf
vim /etc/neutron/neutron.conf

[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@ct
auth_strategy = keystone

[keystone_authtoken](共9行)
www_authenticate_uri = http://ct:5000
auth_url = http://ct:5000
memcached_servers = ct:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

(2)配置Linux网桥代理
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak>/etc/neutron/plugins/ml2/linuxbridge_agent.ini
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:eth2

[vxlan]
enable_vxlan = false

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

(3)sysctl.conf
vim /etc/sysctl.conf
加入下面2行:
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

modprobe br_netfilter
sysctl -p

修改nova配置文件
vim /etc/nova/nova.conf
[neutron]
auth_url = http://ct:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS

重启nova计算服务
systemctl restart openstack-nova-compute.service

启动neutron服务和设置开机自启动
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service

至此,计算节点上面的neutron服务安装完毕,下面切换到控制节点,验证整个neutron的安装。

验证整个neutron服务
控制节点(ct)执行以下命令验证neutron服务
. admin-openrc
openstack extension list --network

openstack network agent list

一定要确保列表中有4条记录,并且Alive状态为笑脸:-),State为UP。

可以对照官方文档来查看

返回云计算教程...