Fork me on GitHub

OpenStack-Pike-Neutron网络服务-控制节点7

字数统计: 1.1k字   |   阅读时长≈ 5分

Neutron网络服务

1
在Neutron的世界里,网络、子网、端口和路由器与物理网络、子网、端口的概念和功能一样。

配置neutron数据库

1
2
3
create database neutron;
grant all privileges on neutron.* to 'neutron'@'%' identified by 'neutron';
grant all privileges on neutron.* to 'neutron'@'localhost' identified by 'neutron';

Neutron控制节点配置

创建Neutron用户

1
source /scripts/admin_openrc

添加neutron用户

1
openstack user create --domain default --password-prompt neutron

将neutron用户同时加入到admin角色和service项目中

1
openstack role add --project service --user neutron admin

创建neutron服务

1
openstack service create --name neutron --description "OpenStack Networking" network

创建网络服务API endpoint

1
2
3
openstack endpoint create --region RegionOne network public http://192.168.56.11:9696
openstack endpoint create --region RegionOne network internal http://192.168.56.11:9696
openstack endpoint create --region RegionOne network admin http://192.168.56.11:9696

Neutron两种网络方式

1
2
3
Neutron提供两种网络方式: 
1. 提供者网络  Provider networks
2. 自服务网络 Self-service networks
  • 注:以下使用Provider networks(桥接)来配置neutron

控制节点安装

1
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

配置

1
vim  /etc/neutron/neutron.conf
1
2
3
配置数据库
[database]
connection = mysql+pymysql://neutron:neutron@192.168.56.11/neutron
1
2
3
4
5
6
启用二层网络模块 Modular Layer2 (ML2)插件
注:此处的Layer2即理解为二层(数据链路层)网络

[DEFAULT]
core_plugin = ml2
service_plugins =    #值置为空
1
2
3
4
配置RabbitMQ(填写Rabbitmq集群主节点IP)

[DEFAULT]
transport_url = rabbit://openstack:openstack@192.168.56.11      #配置文件553行
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
keystone认证配置

[DEFAULT]
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://192.168.56.11:5000
auth_url = http://192.168.56.11:35357
memcached_servers = 192.168.56.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
配置nova

[DEFAULT]
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true       #参数含义:当网络拓扑有变化时,来通知nova

[nova]
auth_url = http://192.168.56.11:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
1
2
3
4
配置锁路径

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

配置Modular Layer 2 (ML2)插件

1
vim /etc/neutron/plugins/ml2/ml2_conf.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
启用flat和vlan网络

[ml2]
type_drivers = flat,vlan

关闭自服务网络self-service
tenant_network_types =       #置为空

启用桥接
mechanism_drivers = linuxbridge

启用端口安全扩展驱动程序
extension_drivers = port_security
1
2
3
4
将提供者虚拟网络配置为扁平网络

[ml2_type_flat]
flat_networks = provider       
1
2
3
4
使用ipset来提高安全组规则的效率

[securitygroup]
enable_ipset = true

配置Linux bridge agent

1
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
1
2
3
4
将提供者虚拟网络映射到提供者物理网络接口

[linux_bridge]
physical_interface_mappings = provider:eth0     #如果你的物理网卡非eth0,这里需要对应修改
1
2
3
4
关闭VXLAN网络

[vxlan]
enable_vxlan = false
1
2
3
4
5
启用安全组并配置Linux网桥iptables防火墙驱动程序

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置DHCP agent( 此项不配置,与现有网络DHCP冲突)

1
vim  /etc/neutron/dhcp_agent.ini
1
2
3
4
5
6
配置Linux网桥接口驱动程序,Dnsmasq DHCP驱动程序,并启用隔离的元数据,以便提供商网络上的实例可以通过网络访问元数据

[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq    
enable_isolated_metadata = true

配置metadata agent

1
vim   /etc/neutron/metadata_agent.ini
1
2
3
4
5
配置元数据主机和共享密钥

[DEFAULT]
nova_metadata_host = 192.168.56.11
metadata_proxy_shared_secret = openstack     #共享密钥配置为openstack

配置nova文件的neutron配置

1
vim  /etc/nova/nova.conf
1
2
3
4
5
6
7
8
9
10
11
12
[neutron]
url = http://192.168.56.11:9696
auth_url = http://192.168.56.11:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = openstack       #此处输入刚才的openstack共享密钥

控制节点完成配置

ML2插件配置文件软链

1
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

同步数据库

1
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

重启nova-api服务

1
systemctl restart openstack-nova-api.service

开机启动

1
2
3
4
5
6
7
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service

systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service

Nutron日志排错

查看端口

1
ss -lntup |grep 9696

查看错误日志

1
2
3
4
5
6
7
grep "ERROR" /var/log/neutron/*log

注:如果此时刚启动neutron日志就报ERROR,很可能是时间未同步导致。
    解决方法:
    1. 清空源neutron错误日志
    2. 控制节点和计算节点同步时间
    3.重启neutron

扫一扫,分享到微信

tag:

    缺失模块。
    1、请确保node版本大于6.2
    2、在博客根目录(注意不是yilia-plus根目录)执行以下命令:
    npm i hexo-generator-json-content --save

    3、在根目录_config.yml里添加配置: 

      jsonContent:
    meta: false
    pages: false
    posts:
      title: true
      date: true
      path: true
      text: false
      raw: false
      content: false
      slug: false
      updated: false
      comments: false
      link: false
      permalink: false
      excerpt: false
      categories: false
      tags: true


不论我写了什么...
其实都是错的......