目前OpenStackNeutron框架支持的网络服务有:LoadBalancing as a Service,VPNas a Service,Firewallas a Service。

1. 安装和配置网络服务(在网络节点上)

(1) 安装软件包

yum install openstack-neutron-vpn-agent openstack-neutron openswan haproxy

/etc/sysctl.conf:
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.default.send_redirects=0

(2) VPNaaS的特别要求

检查Ipsec服务状态,VPNaaS需要。
chkconfig ipsec on
service ipsec start
ipsec verify

ln -s /dev/urandom /dev/random

(3) 配置服务(我这边把三类服务一起配了,其实一看就该明白,配置项都类似)

/usr/share/neutron/neutron-dist.conf
service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
service_provider = FIREWALL:Iptables:neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver

/etc/neutron/neutron.conf
service_plugins = neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron.services.loadbalancer.plugin.LoadBalancerPlugin, neutron.services.firewall.fwaas_plugin.FirewallPlugin,neutron.services.vpn.plugin.VPNDriverPlugin

/etc/neutron/fwaas_driver.ini
[fwaas]
#driver =neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
enabled = True

/etc/neutron/vpn_agent.ini
[DEFAULT]
# VPN-Agent configuration file
# Note vpn-agent inherits l3-agent, so you can use configs on l3-agent also

[vpnagent]
#vpn device drivers which vpn agent will use
#If we want to use multiple drivers, we need to define this option multipletimes.
vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver
#vpn_device_driver=another_driver

[ipsec]
#Status check interval
#ipsec_status_check_interval=60

/etc/neutron/lbaas_agent.ini
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output).
# debug = False
debug = False

# The LBaaS agent will resync its state with Neutron to recoverfrom any
# transient notification or rpc errors. The interval is number of
# seconds between attempts.
# periodic_interval = 10

# LBaas requires an interface driver be set. Choose the one thatbest
# matches your plugin.
# interface_driver =
interface_driver =neutron.agent.linux.interface.OVSInterfaceDriver

# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC, NVP,
# BigSwitch/Floodlight)
# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

# Use veth for an OVS interface or not.
# Support kernels with limited namespace support
# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True.
# ovs_use_veth = False

# Example of interface_driver option for LinuxBridge
#interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

# The agent requires a driver to manage the loadbalancer. HAProxy is the
# opensource version.
# device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver

# The user group
# user_group = nogroup
user_group = haproxy
use_namespaces=True

 
 
Neutron安全组的配置需要仔细。

需要在所有计算节点上配置:

/etc/nova/nova.conf:

# 该配置项有时候会遗漏,导致iptables策略无法生效
libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver

linuxnet_interface_driver =nova.network.linux_net.LinuxOVSInterfaceDriver

# 让Nova在调用安全组API时,直接通知neutron处理

security_group_api = neutron

# 配置Nova禁用firewalldriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver

/etc/neutron/ovs_neutron_plugin.ini:
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

 
/etc/init.d/neutron-vpn-agent start
/etc/init.d/neutron-lbaas-agent start
/etc/init.d/neutron-l3-agent restart
/etc/init.d/neutron-server restart

RDO部署openstack(3)的更多相关文章

  1. O01-Linux CentOS7中利用RDO部署OpenStack

    一.前言 1.RDO是红帽Red Hat 的一个开源项目,全称是RPM Distribution of OpenStack,能够帮助我们快捷部署OpenStack项目. 官方部署文档:https:// ...

  2. RDO部署openstack(1)

    1. 安装系统CentOS 6.5   2. 网络配置   Eth0 设置 # cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 ON ...

  3. RDO部署openstack(2)

    配置ML2和VXLAN   1. 安装和配置Neutron ML2 框架 (1) 安装在控制节点上(运行Neutron-server的节点) service neutron-server stop y ...

  4. RDO快速部署OpenStack

    RDO快速部署OpenStack 1.RDO是什么 RDO是红帽Red Hat Enterprise Linux OpenStack Platform的社区版,类似RHEL和Fedora,RHEV和o ...

  5. RDO部署多节点OpenStack Havana(OVS+GRE)

    RDO是由红帽RedHat公司推出的部署OpenStack集群的一个基于Puppet的部署工具,可以很快地通过RDO部署一套复杂的OpenStack环境,当前的RDO默认情况下,使用Neutron进行 ...

  6. 部署 OpenStack VirtualBox

    VirtualBox 中部署 OpenStack 大家新年好,CloudMan 今天给大家带来一件新年礼物. 一直以来大家都反馈 OpenStack 学习有两大障碍:1. 实验环境难搭2. 体系复杂, ...

  7. CentOS6.6部署OpenStack Havana(Nova-Network版)

    CentOS6.4部署OpenStack Havana(Nova-Network版) 一 基本设备介绍 测试环境 CentOS6.4 x64 OpenStack 服务 介绍 计算 (Compute) ...

  8. 在CentOS7上部署OpenStack 步骤详解

    OpenStack作为一个由NASA(美国国家航空航天局)和Rackspace合作研发并发起的,开放源代码项目的云计算管理平台项目.具体知识我会在后面文章中做出介绍,本章主要按步骤给大家演示在Cent ...

  9. CentOS7.2非HA分布式部署Openstack Pike版 (实验)

    部署环境 一.组网拓扑 二.设备配置 笔记本:联想L440处理器:i3-4000M 2.40GHz内存:12G虚拟机软件:VMware® Workstation 12 Pro(12.5.2 build ...

随机推荐

  1. LeetCode Median of Two Sorted Arrays 找中位数(技巧)

    题意: 给两个有序(升or降)的数组,求两个数组合并之后的中位数. 思路: 按照找第k大的思想,很巧妙.将问题的规模降低,对于每个子问题,k的规模至少减半. 考虑其中一个子问题,在两个有序数组中找第k ...

  2. window8快捷键

    win8中有很多比较重要的快捷键经常忘记: cmd快捷键:win+x; 截图工具:win+q; 添加环境变量:右键点击左下角window图标; 添加定时任务:右键点击计算机管理->任务计划程序.

  3. shell脚本 gawk语言 综采话单 对账 字段核对

    今天被分配到对账组下的字段程序的了解和修改,在 SecureCRT 下的 run.sh 是字段对账的主程序,其中run.sh文件中含有gawk的代码. 程序的主要功能为 有两个文件夹 source存的 ...

  4. sticky bit

    • Sticky Bit这个Sticky Bit当前只针对目录有效,对文件没有效果.SBit对目录的作用是:“在具有SBit的目录下,用户若在该目录下具有w及x权限,则当用户在该目录下建立文件或目录时 ...

  5. 解读vmstat中的ACTIVE/INACTIVE MEMORY

    vmstat 命令能够报告关于内核线程.虚拟内存.磁盘.陷阱和 CPU 活动的统计信息,那么我们又该如何理解其工作原理呢? vmstat -a 命令能看到active memory 和 inactiv ...

  6. == 和equals比较

    遇到的问题是 导出excel数据 有些为null  之前进行判断是  o.getEmployeeNumber()!=null 原来是null为字符串类型   字符串类型要用!o.getEmployee ...

  7. csu 1604 SunnyPig (bfs)

    Description SunnyPig is a pig who is much cleverer than any other pigs in the pigpen. One sunny morn ...

  8. C#部分---二维数组、split分割;

    二维数组定义方式: int[,] array = new int[3, 4]{ {1,2,3,4}, {3,4,5,6}, {5,6,7,8} };                  3表示,有三个一 ...

  9. Kernel panic - not syncing: Attempted to kill init

    解决方法:系统启动的时候,按下‘e’键进入grub编辑界面,编辑grub菜单,选择“kernel /vmlinuz-2.6.23.1-42.fc8 ro root=/dev/vogroup00/log ...

  10. UVALive-7303 Aquarium (最小生成树)

    题目大意:在nxm的方格中,每一个1x1的小方格中都有一堵沿对角线的墙,并且每堵墙都有一个坚固程度,这些墙将nxm的方格分割成了若干个区域.现在要拆除一些墙,使其变成一个区域. 题目分析:将区域视作点 ...