目前OpenStackNeutron框架支持的网络服务有:LoadBalancing as a Service,VPNas a Service,Firewallas a Service。

1. 安装和配置网络服务(在网络节点上)

(1) 安装软件包

yum install openstack-neutron-vpn-agent openstack-neutron openswan haproxy

/etc/sysctl.conf:
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.default.send_redirects=0

(2) VPNaaS的特别要求

检查Ipsec服务状态,VPNaaS需要。
chkconfig ipsec on
service ipsec start
ipsec verify

ln -s /dev/urandom /dev/random

(3) 配置服务(我这边把三类服务一起配了,其实一看就该明白,配置项都类似)

/usr/share/neutron/neutron-dist.conf
service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
service_provider = FIREWALL:Iptables:neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver

/etc/neutron/neutron.conf
service_plugins = neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron.services.loadbalancer.plugin.LoadBalancerPlugin, neutron.services.firewall.fwaas_plugin.FirewallPlugin,neutron.services.vpn.plugin.VPNDriverPlugin

/etc/neutron/fwaas_driver.ini
[fwaas]
#driver =neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
enabled = True

/etc/neutron/vpn_agent.ini
[DEFAULT]
# VPN-Agent configuration file
# Note vpn-agent inherits l3-agent, so you can use configs on l3-agent also

[vpnagent]
#vpn device drivers which vpn agent will use
#If we want to use multiple drivers, we need to define this option multipletimes.
vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver
#vpn_device_driver=another_driver

[ipsec]
#Status check interval
#ipsec_status_check_interval=60

/etc/neutron/lbaas_agent.ini
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output).
# debug = False
debug = False

# The LBaaS agent will resync its state with Neutron to recoverfrom any
# transient notification or rpc errors. The interval is number of
# seconds between attempts.
# periodic_interval = 10

# LBaas requires an interface driver be set. Choose the one thatbest
# matches your plugin.
# interface_driver =
interface_driver =neutron.agent.linux.interface.OVSInterfaceDriver

# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC, NVP,
# BigSwitch/Floodlight)
# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

# Use veth for an OVS interface or not.
# Support kernels with limited namespace support
# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True.
# ovs_use_veth = False

# Example of interface_driver option for LinuxBridge
#interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

# The agent requires a driver to manage the loadbalancer. HAProxy is the
# opensource version.
# device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver

# The user group
# user_group = nogroup
user_group = haproxy
use_namespaces=True

 
 
Neutron安全组的配置需要仔细。

需要在所有计算节点上配置:

/etc/nova/nova.conf:

# 该配置项有时候会遗漏,导致iptables策略无法生效
libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver

linuxnet_interface_driver =nova.network.linux_net.LinuxOVSInterfaceDriver

# 让Nova在调用安全组API时,直接通知neutron处理

security_group_api = neutron

# 配置Nova禁用firewalldriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver

/etc/neutron/ovs_neutron_plugin.ini:
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

 
/etc/init.d/neutron-vpn-agent start
/etc/init.d/neutron-lbaas-agent start
/etc/init.d/neutron-l3-agent restart
/etc/init.d/neutron-server restart

RDO部署openstack(3)的更多相关文章

  1. O01-Linux CentOS7中利用RDO部署OpenStack

    一.前言 1.RDO是红帽Red Hat 的一个开源项目,全称是RPM Distribution of OpenStack,能够帮助我们快捷部署OpenStack项目. 官方部署文档:https:// ...

  2. RDO部署openstack(1)

    1. 安装系统CentOS 6.5   2. 网络配置   Eth0 设置 # cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 ON ...

  3. RDO部署openstack(2)

    配置ML2和VXLAN   1. 安装和配置Neutron ML2 框架 (1) 安装在控制节点上(运行Neutron-server的节点) service neutron-server stop y ...

  4. RDO快速部署OpenStack

    RDO快速部署OpenStack 1.RDO是什么 RDO是红帽Red Hat Enterprise Linux OpenStack Platform的社区版,类似RHEL和Fedora,RHEV和o ...

  5. RDO部署多节点OpenStack Havana(OVS+GRE)

    RDO是由红帽RedHat公司推出的部署OpenStack集群的一个基于Puppet的部署工具,可以很快地通过RDO部署一套复杂的OpenStack环境,当前的RDO默认情况下,使用Neutron进行 ...

  6. 部署 OpenStack VirtualBox

    VirtualBox 中部署 OpenStack 大家新年好,CloudMan 今天给大家带来一件新年礼物. 一直以来大家都反馈 OpenStack 学习有两大障碍:1. 实验环境难搭2. 体系复杂, ...

  7. CentOS6.6部署OpenStack Havana(Nova-Network版)

    CentOS6.4部署OpenStack Havana(Nova-Network版) 一 基本设备介绍 测试环境 CentOS6.4 x64 OpenStack 服务 介绍 计算 (Compute) ...

  8. 在CentOS7上部署OpenStack 步骤详解

    OpenStack作为一个由NASA(美国国家航空航天局)和Rackspace合作研发并发起的,开放源代码项目的云计算管理平台项目.具体知识我会在后面文章中做出介绍,本章主要按步骤给大家演示在Cent ...

  9. CentOS7.2非HA分布式部署Openstack Pike版 (实验)

    部署环境 一.组网拓扑 二.设备配置 笔记本:联想L440处理器:i3-4000M 2.40GHz内存:12G虚拟机软件:VMware® Workstation 12 Pro(12.5.2 build ...

随机推荐

  1. Day06_面向对象第一天

    1.JAVA中的参数传递问题(掌握)      基本类型 形式参数的改变对实际参数没有影响 基本类型的实际参数和形式参数可以看作两个变量,这两个变量分别操作各自的数据,所以互不影响       引用类 ...

  2. Debian下安装Firefox与flash简介

    Debian下安装Firefox与flash简介 由于Debian在Firefox的版权上出现了问题,导致官方发布的Debian系统不能使用默认的Firefox浏览器,最后官方重编的Firefox改名 ...

  3. OpenFlow Switch学习笔记(二)——OpenFlow Ports

    OpenFlow Ports是OpenFlow Switch与剩余网络之间传递Packet的网络接口.OpenFlow Switches之间通过OpenFlow Ports彼此相互逻辑连接.一个Ope ...

  4. 【转】eclipse集成开发工具的插件安装

    转发一:打开Eclipse下载地址(http://www.eclipse.org/downloads/),可以看到有好多版本的Eclipse可供下载,初学者往往是一头雾水,不知道下载哪一个版本. 各个 ...

  5. ZMMR106-批量更新PO交货日期

    ************************************************************************ Title : ZMMR106 ** Applicat ...

  6. 关于string的练习题目

    /*Are they equal*/#include<iostream>#include<string>using namespace std;int n;string dea ...

  7. HTML5 3D动画效果

    对以前来讲,3D动画拿到网页上展示是一件非常奢侈的事情,第一是浏览器不够先进,第二是大部分只能用flash实现伪3D.HTML5的出现,让实现网页3D动画变得非常简单,当然前提是你不要再使用像IE67 ...

  8. HTTP.sys漏洞验证及防护

    使用发包工具构造http请求包检测 以fiddler工具为例,构造如下图的请求包: 1 GET http://192.168.174.145/ HTTP/1.12 Host: 192.168.174. ...

  9. python爬虫抓网页的总结

    python爬虫抓网页的总结 更多 python 爬虫   学用python也有3个多月了,用得最多的还是各类爬虫脚本:写过抓代理本机验证的脚本,写过在discuz论坛中自动登录自动发贴的脚本,写过自 ...

  10. leetcode 38 Count and Say ---java

    这道题主要就是求一个序列,题目得意思就是 1 --> 11 --> 21 --> 1211 -->   111221 --> 312211 --> ..... 1个 ...