OpenStack实践系列⑤网络服务Neutron
OpenStack实践系列⑤网络服务Neutron
3.8 Neturn 服务部署
注册neutron服务
[root@node1 ~]# source admin-openrc.sh
[root@node1 ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 5ab9dbad533f409eb5ef4682f937c1b1 |
| name | neutron |
| type | network |
+-------------+----------------------------------+ [root@node1 ~]# openstack endpoint create --region RegionOne network public http://192.168.3.199:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b1b8f5d4d51c408cbea79f2829d99bbc |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5ab9dbad533f409eb5ef4682f937c1b1 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.3.199:9696 |
+--------------+----------------------------------+ [root@node1 ~]# openstack endpoint create --region RegionOne network internal http://192.168.3.199:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d35182f4e62f49c88c25589e3ae436cb |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5ab9dbad533f409eb5ef4682f937c1b1 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.3.199:9696 |
+--------------+----------------------------------+ [root@node1 ~]# openstack endpoint create --region RegionOne network admin http://192.168.3.199:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0c1cbd066efc44c6b7e48e0d664e69d6 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5ab9dbad533f409eb5ef4682f937c1b1 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.3.199:9696 |
+--------------+----------------------------------+ 创建neutron用户,并添加大service项目,给予admin权限
[root@node1 ~]# openstack user create --domain default --password=neutron neutron
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 5d2a9f0420c14fe9a8c1eeaaf1c70738 |
| name | neutron |
+-----------+----------------------------------+
[root@node1 ~]# openstack role add --project service --user neutron admin
编辑/etc/neutron/neutron.conf文件,并完成以下操作
在[database]部分,配置数据库访问
[database]
...
connection = mysql://neutron:neutron@192.168.3.199:3306/neutron
在[DEFAULT]部分,使模块化第2层(ML2)插件,路由器服务,和重叠的IP地址
[DEFAULT]
...
core_plugin = ml2
service_plugins = router   # 服务插件为router
在[DEFAULT]和[oslo_messaging_rabbit]部分,配置RabbitMQ的消息队列访问
[DEFAULT]
...
rpc_backend = rabbit
state_path = /var/lib/neutron
[oslo_messaging_rabbit]
...
rabbit_host = 192.168.3.199
rabbit_port = 5672
rabbit_userid = openstack
rabbit_password = openstack
在[DEFAULT]和[keystone_authtoken]部分,配置认证服务的访问(注释或删除在[keystone_authtoken]任何其他选项。)
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://192.168.3.199:5000
auth_url = http://192.168.3.199:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
在[DEFAULT]和[nova]部分,配置计算网络通知的网络拓扑变化
[DEFAULT]
...
notify_nova_on_port_status_changes = True # 端口改变需通知nova
notify_nova_on_port_data_changes = True
nova_url = http://192.168.3.199:8774/v2
[nova]
...
auth_url = http://192.168.3.199:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = nova
在[oslo_concurrency]部分,配置锁路径
[oslo_concurrency]
...
lock_path = $state_path/lock
配置结果
[root@node1 neutron]# grep -n '^[a-z]' neutron.conf
:state_path = /var/lib/neutron
:core_plugin = ml2
:service_plugins = router
:auth_strategy = keystone
:notify_nova_on_port_status_changes = True
:notify_nova_on_port_data_changes = True
:nova_url = http://192.168.3.199:8774/v2
:rpc_backend=rabbit
:auth_uri = http://192.168.3.199:5000
:auth_url = http://192.168.3.199:35357
:auth_plugin = password
:project_domain_id = default
:user_domain_id = default
:project_name = service
:username = neutron
:password = neutron
:connection = mysql://neutron:neutron@192.168.3.199:3306/neutron
:auth_url = http://192.168.3.199:35357
:auth_plugin = password
:project_domain_id = default
:user_domain_id = default
:region_name = RegionOne
:project_name = service
:username = nova
:password = nova
:lock_path = $state_path/lock
:rabbit_host = 192.168.3.199
:rabbit_port =
:rabbit_userid = openstack
:rabbit_password = openstack
编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件,并完成以下操作:
在[ML2]部分,配置VLAN和VXLAN各种网络驱动
[ml2]
...
type_drivers = flat,vlan,gre,vxlan,geneve
在[ML2]部分中,启用网络自助服务
tenant_network_types = vlan,gre,vxlan,geneve
在[ML2]部分中,启用网络自助服务
mechanism_drivers = openvswitch,linuxbridge
在[ML2]部分中,启用端口安全扩展驱动程序
extension_drivers = port_security
在[ml2_type_flat]部分,配置提供虚拟网络作为一个平面网络
[ml2_type_flat]
...
flat_networks = physnet1   使用单一扁平网络(和host一个网络)
在[securitygroup]部分,使IPSET增加安全组规则
[securitygroup]
...
enable_ipset = True
[root@node1 neutron]# grep "^[a-Z]" /etc/neutron/plugins/ml2/ml2_conf.ini
type_drivers = flat,vlan,gre,vxlan,geneve
tenant_network_types = vlan,gre,vxlan,geneve
mechanism_drivers = openvswitch,linuxbridge
extension_drivers = port_security
flat_networks = physnet1
enable_ipset = True
配置Linux桥接代理在Linux桥接代理生成的第2层(桥接和交换)为实例虚拟网络的基础设施和处理安全组。
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件中,并完成以下操作:
在[linux_bridge]部分,提供商虚拟网络和物理网络接口
[linux_bridge]
...
physical_interface_mappings = physnet1:eth0
在[VXLAN]部分中,关闭VXLAN网络(如果是三层网络使用vxlan参考OpenStack指南并验证)
[vxlan]
...
enable_vxlan = false
在[securitygroup]部分,启用安全组和配置Linux桥iptables防火墙驱动程序
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
在[agent]部分,启用防arp欺骗
[agent]
...
prevent_arp_spoofing = True
配置结果:
[root@node1 neutron]# grep -n "^[a-Z]" /etc/neutron/plugins/ml2/linuxbridge_agent.ini 
9:physical_interface_mappings = physnet1:eth0
16:enable_vxlan = false
51:prevent_arp_spoofing = True
59:firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
64:enable_security_group = True
修改dhcp的配置文件
编辑/etc/neutron/dhcp_agent.ini文件,并完成以下操作:
在[DEFAULT]部分,配置Linux桥接口驱动程序,DHCP的dnsmasq驱动程序,并启用隔离的元数据,以便对供应商网络的实例可以通过网络访问元数据
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[root@node1 neutron]# grep -n "^[a-Z]" /etc/neutron/dhcp_agent.ini
16:interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
34:dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
55:enable_isolated_metadata = True
修改metadata_agent.ini配置文件
元数据代理提供配置信息,如凭据实例,编辑/etc/neutron/metadata_agent.ini文件,并完成以下操作:
在[DEFAULT]部分,配置元数据主机和共享的密钥
[DEFAULT]
...
auth_uri = http://192.168.3.199:5000
auth_url = http://192.168.3.199:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
nova_metadata_ip = 192.168.3.199
metadata_proxy_shared_secret = neutron
配管结果
[root@node1 neutron]# grep -n '^[a-z]' /etc/neutron/metadata_agent.ini
:auth_uri = http://192.168.3.199:5000
:auth_url = http://192.168.3.199:35357
:auth_region = RegionOne
:auth_plugin = password
:project_domain_id = default
:user_domain_id = default
:project_name = service
:username = neutron
:password = neutron
:nova_metadata_ip = 192.168.3.199
:metadata_proxy_shared_secret = neutron
配置控制节点使用网络,编辑/etc/nova/nova.conf文件并执行以下操作:
在控制节点的nova中添加关于neutron的配置,添加如下内容到neutron模块即可
在[neutron]部分,配置访问参数,启用metadata元数据代理,并配置密钥
[neutron]
...
url = http://192.168.3.199:9696
auth_url = http://192.168.3.199:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = neutron
创建ml2的软连接
[root@node1 neutron]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步neutron数据库,并检查结果
[root@node1 neutron]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron MariaDB [(none)]> use neutron
Database changed
MariaDB [neutron]> show tables;
+-----------------------------------------+
| Tables_in_neutron |
+-----------------------------------------+
| address_scopes |
| agents |
| alembic_version |
| allowedaddresspairs |
| arista_provisioned_nets |
| arista_provisioned_tenants |
| arista_provisioned_vms |
| brocadenetworks |
| brocadeports |
| cisco_csr_identifier_map |
| cisco_hosting_devices |
| cisco_ml2_apic_contracts |
| cisco_ml2_apic_host_links |
| cisco_ml2_apic_names |
| cisco_ml2_n1kv_network_bindings |
| cisco_ml2_n1kv_network_profiles |
| cisco_ml2_n1kv_policy_profiles |
| cisco_ml2_n1kv_port_bindings |
| cisco_ml2_n1kv_profile_bindings |
| cisco_ml2_n1kv_vlan_allocations |
| cisco_ml2_n1kv_vxlan_allocations |
| cisco_ml2_nexus_nve |
| cisco_ml2_nexusport_bindings |
| cisco_port_mappings |
| cisco_router_mappings |
| consistencyhashes |
| csnat_l3_agent_bindings |
| default_security_group |
| dnsnameservers |
| dvr_host_macs |
| embrane_pool_port |
| externalnetworks |
| extradhcpopts |
| firewall_policies |
| firewall_rules |
| firewalls |
| flavors |
| flavorserviceprofilebindings |
| floatingips |
| ha_router_agent_port_bindings |
| ha_router_networks |
| ha_router_vrid_allocations |
| healthmonitors |
| ikepolicies |
| ipallocationpools |
| ipallocations |
| ipamallocationpools |
| ipamallocations |
| ipamavailabilityranges |
| ipamsubnets |
| ipavailabilityranges |
| ipsec_site_connections |
| ipsecpeercidrs |
| ipsecpolicies |
| lsn |
| lsn_port |
| maclearningstates |
| members |
| meteringlabelrules |
| meteringlabels |
| ml2_brocadenetworks |
| ml2_brocadeports |
| ml2_dvr_port_bindings |
| ml2_flat_allocations |
| ml2_geneve_allocations |
| ml2_geneve_endpoints |
| ml2_gre_allocations |
| ml2_gre_endpoints |
| ml2_network_segments |
| ml2_nexus_vxlan_allocations |
| ml2_nexus_vxlan_mcast_groups |
| ml2_port_binding_levels |
| ml2_port_bindings |
| ml2_ucsm_port_profiles |
| ml2_vlan_allocations |
| ml2_vxlan_allocations |
| ml2_vxlan_endpoints |
| multi_provider_networks |
| networkconnections |
| networkdhcpagentbindings |
| networkgatewaydevicereferences |
| networkgatewaydevices |
| networkgateways |
| networkqueuemappings |
| networkrbacs |
| networks |
| networksecuritybindings |
| neutron_nsx_network_mappings |
| neutron_nsx_port_mappings |
| neutron_nsx_router_mappings |
| neutron_nsx_security_group_mappings |
| nexthops |
| nsxv_edge_dhcp_static_bindings |
| nsxv_edge_vnic_bindings |
| nsxv_firewall_rule_bindings |
| nsxv_internal_edges |
| nsxv_internal_networks |
| nsxv_port_index_mappings |
| nsxv_port_vnic_mappings |
| nsxv_router_bindings |
| nsxv_router_ext_attributes |
| nsxv_rule_mappings |
| nsxv_security_group_section_mappings |
| nsxv_spoofguard_policy_network_mappings |
| nsxv_tz_network_bindings |
| nsxv_vdr_dhcp_bindings |
| nuage_net_partition_router_mapping |
| nuage_net_partitions |
| nuage_provider_net_bindings |
| nuage_subnet_l2dom_mapping |
| ofcfiltermappings |
| ofcnetworkmappings |
| ofcportmappings |
| ofcroutermappings |
| ofctenantmappings |
| packetfilters |
| poolloadbalanceragentbindings |
| poolmonitorassociations |
| pools |
| poolstatisticss |
| portbindingports |
| portinfos |
| portqueuemappings |
| ports |
| portsecuritybindings |
| providerresourceassociations |
| qos_bandwidth_limit_rules |
| qos_network_policy_bindings |
| qos_policies |
| qos_port_policy_bindings |
| qosqueues |
| quotas |
| quotausages |
| reservations |
| resourcedeltas |
| router_extra_attributes |
| routerl3agentbindings |
| routerports |
| routerproviders |
| routerroutes |
| routerrules |
| routers |
| securitygroupportbindings |
| securitygrouprules |
| securitygroups |
| serviceprofiles |
| sessionpersistences |
| subnetpoolprefixes |
| subnetpools |
| subnetroutes |
| subnets |
| tz_network_bindings |
| vcns_router_bindings |
| vips |
| vpnservices |
+-----------------------------------------+
rows in set (0.08 sec)
重启nova-api,并启动neutron服务
[root@node1 ~]# systemctl restart openstack-nova-api
[root@node1 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service [root@node1 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
检查neutron-agent结果
[root@node1 ~]# neutron agent-list
+--------------------------------------+--------------------+---------------------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+---------------------+-------+----------------+---------------------------+
| 065dc30e-610f-44d2-b169-29bc33a15e31 | Metadata agent | node1.chinasoft.com | :-) | True | neutron-metadata-agent |
| 46cab8fd-571b-481a-9b69-655c06ff3b26 | DHCP agent | node1.chinasoft.com | :-) | True | neutron-dhcp-agent |
| 5ae87a79-b59a-41b4--7f0bca70e611 | Linux bridge agent | node1.chinasoft.com | :-) | True | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+---------------------+-------+----------------+---------------------------+
开始部署neutron的计算节点,在这里直接scp过去,不需要做任何更改
[root@node1 neutron]# scp /etc/neutron/neutron.conf 192.168.3.200:/etc/neutron/
修改计算节点的nova配置,添加如下内容到neutron模块即可
[neutron]
...
url = http://192.168.3.199:9696
auth_url = http://192.168.3.199:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = neutron
从控制节点复制linuxbridge_agent.ini和到ml2_conf.ini计算节点,文件无需更改
如果网卡名称不是eth0
需要修改linuxbridge_agent.ini的physical_interface_mappings = physnet1:ens37
[root@node1 neutron]# scp /etc/neutron/plugins/ml2/linuxbridge_agent.ini 192.168.3.200:/etc/neutron/plugins/ml2/
[root@node1 neutron]# scp /etc/neutron/plugins/ml2/ml2_conf.ini 192.168.3.200:/etc/neutron/plugins/ml2/
在计算节点创建ml2软连接
[root@node2 nova]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@node2 nova]# ls -l /etc/neutron/plugin.ini
lrwxrwxrwx root root Apr : /etc/neutron/plugin.ini -> /etc/neutron/plugins/ml2/ml2_conf.ini
重启计算节点的nova-computer
[root@node2 nova]# systemctl restart openstack-nova-compute.service
计算机点上启动linuxbridge_agent服务
[root@node2 nova]# systemctl enable neutron-linuxbridge-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
[root@node2 nova]# systemctl start neutron-linuxbridge-agent.service
检查neutron的结果,有四个(控制节点一个,计算节点两个)结果代表正确
[root@node1 ~]# neutron agent-list
+--------------------------------------+--------------------+---------------------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+---------------------+-------+----------------+---------------------------+
| 065dc30e-610f-44d2-b169-29bc33a15e31 | Metadata agent | node1.chinasoft.com | :-) | True | neutron-metadata-agent |
| 46cab8fd-571b-481a-9b69-655c06ff3b26 | DHCP agent | node1.chinasoft.com | :-) | True | neutron-dhcp-agent |
| 5ae87a79-b59a-41b4--7f0bca70e611 | Linux bridge agent | node1.chinasoft.com | :-) | True | neutron-linuxbridge-agent |
| a1e8aeea-d564-45f7-bd8f-70bb8d61c64e | Linux bridge agent | node2.chinasoft.com | :-) | True | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+---------------------+-------+----------------+---------------------------+
OpenStack实践系列⑤网络服务Neutron的更多相关文章
- OpenStack实践系列⑧可视化服务Horizon之Dashboard演示
		OpenStack实践系列⑧可视化服务Horizon之Dashboard演示 七.可视化服务Horizon之Dashboard演示 仪表板依赖于功能核心服务,包括身份,图像服务,计算和网络两种(neu ... 
- OpenStack实践系列⑦深入理解neutron和虚拟机
		OpenStack实践系列⑦深入理解neutron和虚拟机 五.深入理解Neutron 5.1 虚拟机网卡和网桥 [root@node1 ~]# ifconfig brq65c11cc3-8e: fl ... 
- OpenStack实践系列④计算服务Nova
		OpenStack实践系列④计算服务Nova 3.6 Nova控制节点的部署创建服务的凭证,完成下列步骤: 创建nova用户,并加入到service项目中,赋予admin权限 [root@node1 ... 
- OpenStack实践系列③镜像服务Glance
		OpenStack实践系列③镜像服务Glance 3.5 Glance部署 修改glance-api和glance-registry的配置文件,同步数据库 [root@node1 ~]# vim /e ... 
- OpenStack实践系列⑨云硬盘服务Cinder
		OpenStack实践系列⑨云硬盘服务Cinder八.cinder8.1存储的三大分类 块存储:硬盘,磁盘阵列DAS,SAN存储 文件存储:nfs,GluserFS,Ceph(PB级分布式文件系统), ... 
- 【openstack N版】——网络服务neutron
		一.openstack网络服务neutron 1.1neutron介绍 neutron是openstack重要组件之一,在以前是时候没有neutron项目,早期的时候是没有neutron,早期所使用的 ... 
- 【openstack N版】——网络服务neutron(flat扁平网络)
		一.openstack网络服务neutron 1.1neutron介绍 neutron是openstack重要组件之一,在以前是时候没有neutron项目,早期的时候是没有neutron,早期所使用的 ... 
- OpenStack 网络服务 Neutron 私有网络构建(十九)
		本章内容基于之前提供者网络构建的基础上进行改动,之前文章参考如下: Openstack 网络服务 Neutron介绍和控制节点部署 (九) Openstack 网络服务 Neutron计算节点部署(十 ... 
- OpenStack 网络服务 Neutron 多网卡(提供者网络)(十八)
		OpenStack 网络服务 Neutron 多网卡,分为内部网络.外部网络 使用vmware模拟两张网卡 添加网卡 网卡配置 cd /etc/sysconfig/network-scripts cp ... 
随机推荐
- HDU 1016(素数环 深搜)
			题意是说对一个长度为 n 的数环进行排列,使得相邻两数的和为素数,按从小到大的顺序依次输出. 因为是环,所以总能调整成以 1 为序列首输出.用深度优先搜索的方法即可.在判断素数时由于 n 小于 20, ... 
- 解析ArcGis的字段计算器(三)——文本型字段计算,编号那些事儿
			实际操作中我们一般会将编号字段定义为文本型,因为编号不是序号,序号是一个递增数值,而编号往往是一个数字串代码. 本篇无说明的均使用VBScript语句1.怎么编号?最简单的编号—>直接在编号字段 ... 
- ArcGis Go to XY功能代码C#
			IPoint point = new PointClass(); point.PutCoords(x,y); IEnvelope pEnvelope= this.m_hookHelper.Active ... 
- PhotoshopCC2018安装流程以及破解
			2018版增加了不少功能,也对优化PS软件进行了不少的优化,界面更加简洁美观 这里以64位为主. 1.首先下载好PhotoshopCC安装包和破解包,分别解压 2.解压完毕后,在安装包里面双击Setu ... 
- GreenDao设置数据版本
			GreenDao设置数据库版本增加后,会自动删除并创建新数据库,将SCHEMA_VERSION增加即可. 在3.0里可以在config配置里进行设置 apply plugin: 'com.androi ... 
- 用EditPlus和jdk写Java代码
			一.安装EditPlus EditPlus: https://www.editplus.com/latest4.html EditPlus注册码在线生成: https://www.jb51.net/t ... 
- 【U3d】场景加载-GameStart!
			目的:实现点击按钮场景切换 一共四个步骤,轻松食用(ง •̀_•́)ง 1. GameObject→UI→Button向开始场景中添加按钮,示例如下 2. 新建script——"LoadSc ... 
- 关于jQuery——attr方法和prop方法获取input的checked属性操作
			经常使用jQuery插件的attr方法获取checked属性值,获取的值的大小为未定义,此时可以用prop方法获取其真实值,下面介绍这两种方法的区别: 1.通过prop方法获取checked属性,获取 ... 
- iTOP-6818开发板支持AXP228电源管理[官方推荐最佳匹配]_支持动态调频
			iTOP-6818开发板与4418开发板共兼容同一底板: 核心板:::::: 尺寸 50mm*60mm 高度 核心板连接器组合高度1.5mm PCB层数 6层PCB沉金设计 4418 CPU ARM ... 
- tkinter模块常用参数python
			1.使用tkinter.Tk()生成主窗口(root = tkinter.Tk()) root.title("标题名") 修改窗体的名字,也可以在创建的时候使用clas ... 
