目前OpenStackNeutron框架支持的网络服务有:LoadBalancing as a Service,VPNas a Service,Firewallas a Service。

1. 安装和配置网络服务(在网络节点上)

(1) 安装软件包

yum install openstack-neutron-vpn-agent openstack-neutron openswan haproxy

/etc/sysctl.conf:
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.default.send_redirects=0

(2) VPNaaS的特别要求

检查Ipsec服务状态,VPNaaS需要。
chkconfig ipsec on
service ipsec start
ipsec verify

ln -s /dev/urandom /dev/random

(3) 配置服务(我这边把三类服务一起配了,其实一看就该明白,配置项都类似)

/usr/share/neutron/neutron-dist.conf
service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
service_provider = FIREWALL:Iptables:neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver

/etc/neutron/neutron.conf
service_plugins = neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron.services.loadbalancer.plugin.LoadBalancerPlugin, neutron.services.firewall.fwaas_plugin.FirewallPlugin,neutron.services.vpn.plugin.VPNDriverPlugin

/etc/neutron/fwaas_driver.ini
[fwaas]
#driver =neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
enabled = True

/etc/neutron/vpn_agent.ini
[DEFAULT]
# VPN-Agent configuration file
# Note vpn-agent inherits l3-agent, so you can use configs on l3-agent also

[vpnagent]
#vpn device drivers which vpn agent will use
#If we want to use multiple drivers, we need to define this option multipletimes.
vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver
#vpn_device_driver=another_driver

[ipsec]
#Status check interval
#ipsec_status_check_interval=60

/etc/neutron/lbaas_agent.ini
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output).
# debug = False
debug = False

# The LBaaS agent will resync its state with Neutron to recoverfrom any
# transient notification or rpc errors. The interval is number of
# seconds between attempts.
# periodic_interval = 10

# LBaas requires an interface driver be set. Choose the one thatbest
# matches your plugin.
# interface_driver =
interface_driver =neutron.agent.linux.interface.OVSInterfaceDriver

# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC, NVP,
# BigSwitch/Floodlight)
# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

# Use veth for an OVS interface or not.
# Support kernels with limited namespace support
# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True.
# ovs_use_veth = False

# Example of interface_driver option for LinuxBridge
#interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

# The agent requires a driver to manage the loadbalancer. HAProxy is the
# opensource version.
# device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver

# The user group
# user_group = nogroup
user_group = haproxy
use_namespaces=True

 
 
Neutron安全组的配置需要仔细。

需要在所有计算节点上配置:

/etc/nova/nova.conf:

# 该配置项有时候会遗漏,导致iptables策略无法生效
libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver

linuxnet_interface_driver =nova.network.linux_net.LinuxOVSInterfaceDriver

# 让Nova在调用安全组API时,直接通知neutron处理

security_group_api = neutron

# 配置Nova禁用firewalldriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver

/etc/neutron/ovs_neutron_plugin.ini:
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

 
/etc/init.d/neutron-vpn-agent start
/etc/init.d/neutron-lbaas-agent start
/etc/init.d/neutron-l3-agent restart
/etc/init.d/neutron-server restart

RDO部署openstack(3)的更多相关文章

  1. O01-Linux CentOS7中利用RDO部署OpenStack

    一.前言 1.RDO是红帽Red Hat 的一个开源项目,全称是RPM Distribution of OpenStack,能够帮助我们快捷部署OpenStack项目. 官方部署文档:https:// ...

  2. RDO部署openstack(1)

    1. 安装系统CentOS 6.5   2. 网络配置   Eth0 设置 # cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 ON ...

  3. RDO部署openstack(2)

    配置ML2和VXLAN   1. 安装和配置Neutron ML2 框架 (1) 安装在控制节点上(运行Neutron-server的节点) service neutron-server stop y ...

  4. RDO快速部署OpenStack

    RDO快速部署OpenStack 1.RDO是什么 RDO是红帽Red Hat Enterprise Linux OpenStack Platform的社区版,类似RHEL和Fedora,RHEV和o ...

  5. RDO部署多节点OpenStack Havana(OVS+GRE)

    RDO是由红帽RedHat公司推出的部署OpenStack集群的一个基于Puppet的部署工具,可以很快地通过RDO部署一套复杂的OpenStack环境,当前的RDO默认情况下,使用Neutron进行 ...

  6. 部署 OpenStack VirtualBox

    VirtualBox 中部署 OpenStack 大家新年好,CloudMan 今天给大家带来一件新年礼物. 一直以来大家都反馈 OpenStack 学习有两大障碍:1. 实验环境难搭2. 体系复杂, ...

  7. CentOS6.6部署OpenStack Havana(Nova-Network版)

    CentOS6.4部署OpenStack Havana(Nova-Network版) 一 基本设备介绍 测试环境 CentOS6.4 x64 OpenStack 服务 介绍 计算 (Compute) ...

  8. 在CentOS7上部署OpenStack 步骤详解

    OpenStack作为一个由NASA(美国国家航空航天局)和Rackspace合作研发并发起的,开放源代码项目的云计算管理平台项目.具体知识我会在后面文章中做出介绍,本章主要按步骤给大家演示在Cent ...

  9. CentOS7.2非HA分布式部署Openstack Pike版 (实验)

    部署环境 一.组网拓扑 二.设备配置 笔记本:联想L440处理器:i3-4000M 2.40GHz内存:12G虚拟机软件:VMware® Workstation 12 Pro(12.5.2 build ...

随机推荐

  1. struts2 中的 result 返回类型是 json 的配置问题

    struts2 中的 result 返回类型是 json 的配置问题 1.引入包(本文中的包全部引自struts-2.1.8.1\lib): struts2-json-plugin-2.1.8.1.j ...

  2. 《JavaScript Ninja》之正则表达式

    正则表达式 是一个拆分字符串并查询相关信息的过程. 练习网站:JS Bin 正则表达式测试网站:Regular Expression Test Page for JavaScript 正则表达式进修 ...

  3. 深入理解JavaScript闭包

    Closure 闭包的定义1: <JavaScript高级程序设计>定义闭包:闭包是指有权访问另一个函数作用域中的变量的函数. 创建闭包的常见方式,就是在一个函数内部创建另一个函数. 然而 ...

  4. OVS ARP Responder – Theory and Practice

    Prefix In the GRE tunnels post I’ve explained how overlay networks are used for connectivity and ten ...

  5. 【转】apache与tomcat的区别

    Apache 和 Tomcat 都是web网络服务器,两者既有联系又有区别,在进行HTML.PHP.JSP.Perl等开发过程中,需要准确掌握其各自特点,选择最佳的服务器配置. Apache是web服 ...

  6. bedtools 每天都会用到的工具

    详细的使用说明:http://bedtools.readthedocs.org/en/latest/ Collectively, the bedtools utilities are a swiss- ...

  7. hdu 4252 A Famous City

    题意:一张相片上的很多建筑相互遮住了,根据高低不同就在相片上把一座高楼的可见部分作为一个矩形,并用数字描述其高度,若一张相片上的两个建筑群中间有空地,高度则为0;求最少有多少个建筑; 分析: 输入的0 ...

  8. Vue.js相关知识4-路由

    <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8" ...

  9. GPU(CUDA)学习日记(十一)------ 深入理解CUDA线程层次以及关于设置线程数的思考

    GPU线程以网格(grid)的方式组织,而每个网格中又包含若干个线程块,在G80/GT200系列中,每一个线程块最多可包含512个线程,Fermi架构中每个线程块支持高达1536个线程.同一线程块中的 ...

  10. PCA人脸识别

    人脸数据来自http://www.cl.cam.ac.uk/research/dtg/attarchive/facedatabase.html 实现代码和效果如下.由于图片数量有限(40*10),将原 ...