openstack Q版部署-----网络服务（neutron）安装部署（7）

一、数据库配置（控制节点）

控制节点创建数据库：

CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron2018';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron2018';

flush privileges;

exit;

二、创建认证信息（控制节点）

先生效一下环境变量

创建neutron用户：

openstack user create --domain default --password=neutron neutron #此处密码我设置了neutorn

将neutron加入到admin组和service项目

openstack role add --project service --user neutron admin

创建网络项目：

openstack service create --name neutron --description "OpenStack Networking" network

创建endpoint，将网络服务端口信息注册到认证服务：

openstack endpoint create --region RegionOne \

network public http://10.1.80.112:9696

openstack endpoint create --region RegionOne \

network internal http://10.1.80.112:9696

openstack endpoint create --region RegionOne \

network admin http://10.1.80.112:9696

三、安装二层简单网络

在网络节点执行安装包：

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

编辑配置文件：/etc/neutron/neutron.conf

[database]

connection = mysql://neutron:neutron2018@10.1.80.110/neutron

[DEFAULT]

core_plugin = ml2

service_plugins = router

transport_url = rabbit://openstack:openstack2018@10.1.80.110

auth_strategy = keystone

notify_nova_on_port_status_changes = true

notify_nova_on_port_data_changes = true

[keystone_authtoken]

auth_uri = http://10.1.80.110:5000

auth_url = http://10.1.80.110:35357

memcached_servers = 10.1.80.110:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = neutron

[nova]

auth_url = http://10.1.80.110:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = nova

password = nova2018

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件配置二层插件

[ml2]

type_drivers = flat,vlan,gre,vxlan,geneve

tenant_network_types = vlan,gre,vxlan,geneve

mechanism_drivers = linuxbridge

extension_drivers = port_security

[ml2_type_flat]

flat_networks = pyth1##可以自己随便取

[securitygroup]

enable_ipset = true

编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件配置linux bridge插件：

[linux_bridge]

physical_interface_mappings = pyth1:ens160 #第二张网卡网卡名

[vxlan]

enable_vxlan = false

[securitygroup]

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

确认内核支持网桥filters并作如下设置，编辑vi /usr/lib/sysctl.d/00-system.conf 修改以下内容：

net.bridge.bridge-nf-call-iptables=1

net.bridge.bridge-nf-call-ip6tables=1

生效sysctl -p

编辑/etc/neutron/dhcp_agent.ini

[DEFAULT]

interface_driver = linuxbridge

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = true

编辑/etc/neutron/metadata_agent.ini

[default]

nova_metadata_host = 10.1.80.110

metadata_proxy_shared_secret = neutron

四、在控制节点nova配置neutron

控制节点执行：

编辑/etc/nova/nova.conf，添加neutron内容：

[neutron]

url = http://10.1.80.112:9696

auth_url = http://10.1.80.110:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = neutron

service_metadata_proxy = true

metadata_proxy_shared_secret = neutron

网络节点执行：

创建连接文件

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

导入数据库结构：

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \

--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

控制节点：

systemctl restart openstack-nova-api.service

网络节点：

systemctl enable neutron-server.service \

neutron-linuxbridge-agent.service neutron-dhcp-agent.service \

neutron-metadata-agent.service

systemctl start neutron-server.service \

neutron-linuxbridge-agent.service neutron-dhcp-agent.service \

neutron-metadata-agent.service

systemctl status neutron-server.service \

neutron-linuxbridge-agent.service neutron-dhcp-agent.service \

neutron-metadata-agent.service

五、计算节点安装网络服务

计算节点安装软件包：

yum install openstack-neutron-linuxbridge ebtables ipset -y

修改配置文件:

[DEFAULT]

transport_url = rabbit://openstack:openstack2018@10.1.80.110

auth_strategy = keystone

[keystone_authtoken]

auth_uri = http://10.1.80.110:5000

auth_url = http://10.1.80.110:35357

memcached_servers = 10.1.80.110:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = neutron

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]

physical_interface_mappings = pyth1:ens160

[vxlan]

enable_vxlan = false

[securitygroup]

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置nova 使用neutron，/etc/nova/nova.conf

[neutron]

url = http://10.1.80.112:9696

auth_url = http://10.1.80.110:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = neutron

确认内核支持网桥filters并作如下设置，编辑vi /usr/lib/sysctl.d/00-system.conf 修改以下内容：

net.bridge.bridge-nf-call-iptables=1

net.bridge.bridge-nf-call-ip6tables=1

sysctl -p

重启服务：

systemctl restart openstack-nova-compute.service

systemctl status openstack-nova-compute.service

启动服务：

systemctl enable neutron-linuxbridge-agent.service

systemctl start neutron-linuxbridge-agent.service

systemctl status neutron-linuxbridge-agent.service

六、控制节点验证

设置admin环境变量

执行命令验证是否成功启动neutron-server

openstack extension list --network

执行命令列出插件，验证网络插件是否成功启动

openstack network agent list