第十部分 安装网络服务neutron
一、准备工作
安装网络服务neutron之前,要先做好以下准备工作
1、备份目前的vmware-workstation虚拟机
关闭2台虚拟机,在windows资源管理器中找到安装vmware-workstation虚拟机的文件夹,备份一下这个文件夹。
2、备份好之后开启2台虚拟机,将虚拟机的网卡eth2调整成混杂模式,控制节点和计算节点均执行
yum install net-tools -y
ifconfig eth2 promisc
ifconfig
控制节点eth2网卡信息中有PROMISC字样表示已经启用混杂模式。
计算节点eth2网卡信息中有PROMISC字样表示已经启用混杂模式。
将上述命令写入到/etc/profile使下次重启后也生效:
vim /etc/profile
3、重启网络,确认主机间的网络通讯
systemctl restart network
ping c1
ping 10.8.20.42
4、在控制节点确认到目前为止所安装的服务都正常运行
. admin-openrc
检查keystone
openstack token issue
检查glance
openstack image list
检查placement
placement-status upgrade check
检查nova
openstack compute service list
nova-status upgrade check
二、在控制节点安装网络服务neutron
结合上一节所讲的物理部署,控制节点主要安装neutron的下面组件
由于下面使用的是二层网络架构,所以不按照l3三层网络的相关组件。
下面在控制节点(ct)进行操作安装Neurton网络服务
创建Neutron数据库
mysql -u root -p
MariaDB [(none)] > CREATE DATABASE neutron;
数据库授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
创建neutron用户
. admin-openrc
openstack user create --domain default --password NEUTRON_PASS neutron
向neutron用户添加admin角色
openstack role add --project service --user neutron admin
创建neutron服务实体
openstack service create --name neutron --description "OpenStack Networking" network
创建neutron服务端点
openstack endpoint create --region RegionOne network public http://ct:9696
openstack endpoint create --region RegionOne network internal http://ct:9696
openstack endpoint create --region RegionOne network admin http://ct:9696
配置二层网络(官方文档为提供商网络)
1、安装软件包
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
openstack-neutron:neutron-server的包
openstack-neutron-ml2:ML2 plugin的包
openstack-neutron-linuxbridge:linux bridge network provider相关的包
ebtables:防火墙相关的包
2、修改 neutron 配置文件(共有5个配置文件需要修改)
(1)neutron server的配置文件neutron.conf
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
grep -Ev '^$|#' /etc/neutron/neutron.conf.bak>/etc/neutron/neutron.conf
vim /etc/neutron/neutron.conf
[database](加1行)
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@ct/neutron
[DEFAULT](加6行)
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:RABBIT_PASS@ct
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken](加9行)
www_authenticate_uri = http://ct:5000
auth_url = http://ct:5000
memcached_servers = ct:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
[nova]([nova]自己加,加8行)
auth_url = http://ct:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
[oslo_concurrency](加1行)
lock_path = /var/lib/neutron/tmp
(2)ML2 plugin的配置文件ml2_conf.ini
cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini.bak>/etc/neutron/plugins/ml2/ml2_conf.ini
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = true
(3)linux bridge network provider的配置文件linuxbridge_agent.ini
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak>/etc/neutron/plugins/ml2/linuxbridge_agent.ini
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth2
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
注意上面的provder:eth2的写法(官方文档的坑点之一,其正确的写法是控制节点及计算节点连接外部网络的网卡eth2)
从这段可以看出,INTERFACE_NAME指的是eth2,就是连接外部网络的那块网卡(provider interface)。
(4) 系统配置文件sysctl.conf(官方文档的坑点之一,它这里只是说明要检查而没有写如何配置)
vim /etc/sysctl.conf
加入下面2行:
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
modprobe br_netfilter
sysctl -p
(5)dhcp agent配置文件dhcp_agent.ini
cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.bak> /etc/neutron/dhcp_agent.ini
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
配置元数据代理,以便和nova通讯(可以参考上节所讲的neutron和nova的交互部分)
vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = ct
metadata_proxy_shared_secret = METADATA_SECRET
修改nova的配置文件,也是为了和neutron进行交互
vim /etc/nova/nova.conf
在原来的基础上,再在[neutron]部分加入:
[neutron](共10行)
auth_url = http://ct:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
建立ml2的软连接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
填充Neutron数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重新启动nova-api服务
systemctl restart openstack-nova-api.service
启动neutron服务和配置开机启动
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
启动好之后,可以使用systemctl status命令查看各个服务运行的状态,使用netstat -tnlup查看是否有9696端口。
至此,控制节点上的neutron服务组件安装完毕,下面切换到另外一台虚拟机,在计算节点上安装neutron服务。
三、在计算节点安装网络服务neutron
结合上一节所讲的物理部署,计算节点主要安装neutron的下面组件
在计算节点(c1)上进行如下操作安装网络服务neutron(计算节点)
安装组件
yum install openstack-neutron-linuxbridge ebtables ipset -y
修改配置文件
(1)修改neutron主配置文件
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
grep -Ev '^$|#' /etc/neutron/neutron.conf.bak>/etc/neutron/neutron.conf
vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@ct
auth_strategy = keystone
[keystone_authtoken](共9行)
www_authenticate_uri = http://ct:5000
auth_url = http://ct:5000
memcached_servers = ct:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
(2)配置Linux网桥代理
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak>/etc/neutron/plugins/ml2/linuxbridge_agent.ini
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth2
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
(3)sysctl.conf
vim /etc/sysctl.conf
加入下面2行:
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
modprobe br_netfilter
sysctl -p
修改nova配置文件
vim /etc/nova/nova.conf
[neutron]
auth_url = http://ct:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
重启nova计算服务
systemctl restart openstack-nova-compute.service
启动neutron服务和设置开机自启动
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
至此,计算节点上面的neutron服务安装完毕,下面切换到控制节点,验证整个neutron的安装。
验证整个neutron服务
在控制节点(ct)执行以下命令验证neutron服务
. admin-openrc
openstack extension list --network
openstack network agent list
一定要确保列表中有4条记录,并且Alive状态为笑脸:-),State为UP。
可以对照官方文档来查看