openstack私有云布署实践【12.2 网络Neutron-controller节点配置(办公网环境)】
网络这一块推荐使用的是 Neutron--LinuxBirdge的Ha高可用,此高可用方案对Public作用不是很大,Public只用到DHCP,而Private则会用到L3 Agent,则此方案是有用的,但要关掉和牺牲一个L3 population的特性--抑制ARP报文广播。原因在下文的配置文件有说明,并因我们布的是私有云,不像公有云的多租户private网络数量之大,这个特性牺牲在中小私有云是可接受的。
一、首先登录controller1创建neutron数据库,并赋于远程和本地访问的权限。
mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'venic8888';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'venic8888';
flush PRIVILEGES;
二、身份认证调用
其中一台controller创建身份认证调用
source admin-openrc.sh
openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | b20a6692f77b4258926881bf831eb683 |
| name | neutron |
+-----------+----------------------------------+
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | f71529314dab4a4d8eca427e701d209e |
| name | neutron |
| type | network |
+-------------+----------------------------------+
openstack endpoint create --region RegionOne network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 85d80a6d02fc4b7683f611d7fc1493a3 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 09753b537ac74422a68d2d791cf3714f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1ee14289c9374dffb5db92a5c112fc4e |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
三、下载安装neutron组件
1公有网络配置+私有网络配置
2台controller配置
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset -y
修改新增内核参数:
vi /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
sysctl -p
配置neutron.conf服务
在controller1
vi /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
bind_host = 10.40.42.1
bind_port = 9696
l3_ha = True
max_l3_agents_per_router = 3
min_l3_agents_per_router = 2
allow_automatic_l3agent_failover = True
dhcp_agents_per_network = 2
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
verbose = True
[database]
connection = mysql://neutron:venic8888@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
[nova]
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_messaging_rabbit]
rabbit_host=controller
rabbit_userid = openstack
rabbit_password = openstack
rabbit_retry_interval=1
rabbit_retry_backoff=2
rabbit_max_retries=0
rabbit_durable_queues=true
rabbit_ha_queues=true
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[quotas]
quota_port = 10000
在kxcontroller2
vi /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
bind_host = 10.40.42.2
bind_port = 9696
l3_ha = True
max_l3_agents_per_router = 3
min_l3_agents_per_router = 2
allow_automatic_l3agent_failover = True
dhcp_agents_per_network = 2
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
verbose = True
[database]
connection = mysql://neutron:venic8888@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
[nova]
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_messaging_rabbit]
rabbit_host=controller
rabbit_userid = openstack
rabbit_password = openstack
rabbit_retry_interval=1
rabbit_retry_backoff=2
rabbit_max_retries=0
rabbit_durable_queues=true
rabbit_ha_queues=true
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[quotas]
quota_port = 10000
2台controller上配置一样
vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
extension_drivers = port_security
mechanism_drivers = linuxbridge
[ml2_type_flat]
flat_networks = public
[ml2_type_vxlan]
vni_ranges = 1:10000
vxlan_group = 239.2.1.1
[securitygroup]
enable_ipset = True
配置ML2服务配置,跟单服务的自由版本的配法不同,这次使用的l3 HA,不用使用l2_population机制,因有BGU还没修复(切换时,虽然publick的VRRP切换成功。private网段的网关不会触发更新,VM虚拟是PING不通private的网关)
在controller1上
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:bond0
[vxlan]
enable_vxlan = True
local_ip = 10.40.42.1
l2_population = False
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
在controller2上
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:bond0
[vxlan]
enable_vxlan = True
local_ip = 10.40.42.2
l2_population = False
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置L3-agent服务
2台kxcontroller配置一样
vi /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
verbose = True
router_delete_namespaces = True
agent_mode = legacy
配置DHCP服务
2台controller配置一样
vi /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
verbose = True
use_namespaces = True
dhcp_delete_namespaces = True
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
额外配置DHCP MTU配置
2台controller配置一样
vi /etc/neutron/dnsmasq-neutron.conf
dhcp-option-force=26,1450
配置metadata agent
2台controller配置一样
vi /etc/neutron/metadata_agent.ini
[DEFAULT]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
nova_metadata_ip = controller
metadata_proxy_shared_secret = venicchina
新加配置nova与neutron关联-----在11节中我就有提到的那个紫色的配置,这里再提一次
vi /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = venicchina
验证:
1、controller的软链接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
2、其中一台controller同步数据
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
3、两台controller重启nova api
# systemctl restart openstack-nova-api.service
4、两台controller开启网络服务,加入开机自启
# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
openstack私有云布署实践【12.2 网络Neutron-controller节点配置(办公网环境)】的更多相关文章
- openstack私有云布署实践【9.2 Glance镜像管理(办公网环境)】
首先登录controller1创建glance数据库,并赋于远程和本地访问的权限. mysql -u root -p CREATE DATABASE glance; GRANT ALL ...
- openstack私有云布署实践【14.2 登录页dashboard-controller(办公网环境)】
这一小节基本配置相同,但留意以下紫色部份的配置,当初为了管理方便,我们让办公网openstack的dashboard的登录桥接了科兴的dashboard,由此统一dashboard界面的登录地址 ...
- openstack私有云布署实践【4.1 上层代理haproxy配置 (科兴环境)】
官方文档上的高可用配置,它推荐的是使用haproxy的上层代理来实现服务组件的主备访问.或者负载均衡访问 一开始我也是使用haproxy来做的,但后来方式改了 测试环境:haproxy + n ...
- openstack私有云布署实践【9.3 主从controller单向同步glance-image目录】
采用Rysnc单向同步,而不用双方实时同步,原因是在历史的运行过程中,我们发现,有些镜像包太大,当在主用的glance将镜像保存时,并不是一时半会就把镜像保存好,当主用在保存时,备用节点又在实时同步那 ...
- openstack私有云布署实践【9.1 Glance镜像管理(科兴环境)】
首先登录kxcontroller1创建kx_glance数据库,并赋于远程和本地访问的权限. mysql -u root -p CREATE DATABASE kx_glance; GR ...
- openstack私有云布署实践【14.1 登录页dashboard-controller(科兴环境)】
2台kxcontroller安装组件 # yum install openstack-dashboard -y 修改一样的配置 vi /etc/openstack-dashboard/local_ ...
- openstack私有云布署实践【2 安装前的服务器基本环境准备】
服务器物理机都安装centos7.2 1511版本 , 此次采用的分区方式全是自动XFS格式LVM,在装系统时就将所有本地raid5硬盘都加入LVM全用了.默认/home目录有着最大的硬盘空间 并且我 ...
- openstack私有云布署实践【12.1 网络Neutron-controller节点配置(科兴环境)】
网络这一块推荐使用的是 Neutron--LinuxBirdge的Ha高可用,此高可用方案对Public作用不是很大,Public只用到DHCP,而Private则会用到L3 Agent,则此方案是有 ...
- openstack私有云布署实践【0 前言】
管理控制层面示图: 其实在修改这个布署文档是,我发现当时生产中的布署已经严重偏离了openstack高可用的指导思想.我们自己实践的高可用其实是适应自己的架构而做的调整,因为我们现实手头上中没有比较符 ...
随机推荐
- ASP.Net MVC C#画图 页面调用
/////C# 后台代码 public FileContentResult PieChart() { TransactionStatisticsBLL bll = ...
- 结构-行为-样式-Js排序算法之 快速排序
快速排序算法,是我的算法系列博客中的第二个Js实现的算法,主要思路: 在一个数组中随机取一个数(一般都取第一个或者最后一个),使这个数与数组中其他数进行比较,如果比它大就放到它的右边,比它小就放 ...
- pb_ds(平板电视)整理
有人说BZOJ3040用普通的<queue>中priority_queue搞dijkstra过不了. 我只想说你们的djk可能写的太丑了. 先上代码 #include<iostrea ...
- [HMLY]12.iOS中的Protocol
最近工作中遇到一个比较迷惑的事情,在我利用runtime获取类的属性的时候,由于类实现了一个自定义协议,导致遍历出来的属性中包含了NSObject协议中的property.查来查去,只是知道和prot ...
- Nexpose
下载: https://www.rapid7.com/products/nexpose/nexpose-enterprise-trial-thank-you.jsp注册: https://www.ra ...
- configure, make, make install都做了什么
1. 我的理解./configure: 确保接下来的make以及make install所依赖的文件没有问题make: build编译连接生成可执行程序make install: 将编译好的可执行 ...
- C#如何实现url短地址?C#短网址压缩算法与短网址原理入门
c# url短地址压缩算法与短网址原理的例子,详细介绍了短网址的映射算法,将长网址md5生成32位签名串,分为4段,每段8个字节,然后生成短网址,具体见文本实例. 短网址映射算法: 将长网址md5生成 ...
- 【Android】策略模式封装百度地图路线规划模块
百度地图的Demo里有个路线规划的功能,但是,这个功能和Activity耦合性太高,所以需要单独抽离出路径规划功能,进行"解耦". 注:由于项目原因,本文只针对驾车路线规划进行封装 ...
- ubuntu 14.04中文分词 结巴分词
在自然语言处理中,很常见的是要对文本数据进行分词处理.博主是代码小白,目前只是用python作为数据预处理的工具,而按照结巴中文分词的导语:做最好的python中文分词组件“jieba”.因而博主也就 ...
- UNIX基础--进程和守护进程
进程和守护进程 Processes and Daemons 进程(Processes) FreeBSD 是一个多任务操作系统. 这就意味着好像一次可以运行一个以上的程序. 每个占用一定时间运行的程序就 ...