部署版本:pike
部署环境:CentOS7.6
配置文件中所有controller可修改为控制节点ip地址
配置过程中使用 echo $?
验证命令执行情况
Networking service
安装与配置neutron (OVS+VXLAN)
OpenStack Networking允许创建由其他OpenStack服务管理的接口设备,并将其连接到网络。可以实现插件以适应不同的网络设备和软件,从而为OpenStack架构和部署提供灵活性。
VXLAN
部署控制节点
一、安装和配置
先决条件
1.使用root进入数据库
[root@controller /]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.
2.创建数据库
MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.00 sec)
3.赋予权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'controller' IDENTIFIED BY 'qwer1234';
Query OK, 0 rows affected (0.02 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'qwer1234';
Query OK, 0 rows affected (0.00 sec)
安装和配置组件:
1.安装软件
[root@controller /]# yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-fwaas openstack-neutron-lbaas
2.配置neutron server服务
获取管理员凭据以启用仅限管理员的CLI命令:
[root@controller openrc]# source admin-openrc.sh
创建服务凭据、创建neutron用户:
[root@controller /]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 9ed51eb476a74cb89951db63d8e8cd06 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
将管理员角色添加到用户:
[root@controller /]# openstack role add --project service --user neutron admin
[root@controller /]# echo $?
0
创建neutron 服务实体:
[root@controller /]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | b280ad289b4045c589f4306e4bf013af |
| name | neutron |
| type | network |
+-------------+----------------------------------+
创建网络服务API端点:
[root@controller /]# openstack endpoint create --region RegionOne network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 20b23b30bd9d43578b27f69f8cc0d146 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b280ad289b4045c589f4306e4bf013af |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller /]# openstack endpoint create --region RegionOne network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3cbf83e296ff4a96963dee771830cf7d |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b280ad289b4045c589f4306e4bf013af |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller /]# openstack endpoint create --region RegionOne network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 324e054ad36f465192c0db6284a7e886 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b280ad289b4045c589f4306e4bf013af |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
3.网络服务器组件配置
编辑/etc/nova/nova.conf文件及修改内容
[root@controller /]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:Sitech_AMQP~2021@controller:5672
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
bind_port = 10.121.17.2
rpc_workers = 32
[database]
connection = mysql+pymysql://neutron:Sitech_Neutron~2021@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = qwer1234
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = qwer1234
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
4.配置模块化第2层(ML2)插件
编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件及修改内容
[root@controller /]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan,gre
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
创建软连接:
[root@controller /]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controller /]# echo $?
0
5.配置nova api使用neutron服务
[root@controller /]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = qwer1234
service_metadata_proxy = true
metadata_proxy_shared_secret = qwer1234
6.所有计算节点配置nova compute使用neutron服务
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = qwer1234
7.填充neutron数据库
[root@controller /]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
8.启动设计开机自启
[root@controller /]# systemctl start neutron-server.service
[root@controller /]# systemctl enable neutron-server.service
[root@controller /]# systemctl restart openstack-nova-api.service
[root@controller /]# echo $?
0
9.重启nova-compute
[root@controller /]# systemctl restart openstack-nova-compute.service
[root@controller /]# echo $?
0
部署网络节点
一、安装和配置组件
1.安装软件
[root@controller /]# yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch openstack-neutron-fwaas openstack-neutron-lbaas ebtables ipset
2.配置agent服务
编辑 /etc/neutron/neutron.conf文件及修改内容
[DEFAULT]
auth_strategy = keystone
transport_url = rabbit://openstack:qwer1234@controller
[database]
connection = mysql+pymysql://neutron:qwer1234@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = qwer1234
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
3.配置l3 agent
[root@controller /]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge = br-ex
4.配置dhcp agent
[root@controller /]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
5.配置metadata agent
[root@controller /]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = qwer1234
6.配置openvswitch agent
[root@controller /]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
[agent]
tunnel_types = vxlan,gre
l2_population = true
arp_responder = true
[ovs]
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = controller
bridge_mappings = provider:br-ex
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
启动服务并设置开机自启
[root@controller /]# systemctl enable openvswitch neutron-openvswitch-agent neutron-dhcp-agent neutron-metadata-agent neutron-l3-agent
Created symlink from /etc/systemd/system/multi-user.target.wants/openvswitch.service to /usr/lib/systemd/system/openvswitch.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-openvswitch-agent.service to /usr/lib/systemd/system/neutron-openvswitch-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service to /usr/lib/systemd/system/neutron-l3-agent.service.
[root@controller /]# systemctl start openvswitch neutron-openvswitch-agent neutron-dhcp-agent neutron-metadata-agent neutron-l3-agent
[root@controller /]# echo $?
0
[root@controller /]# ovs-vsctl add-br br-ex
[root@controller /]# echo $?
0
7.配置fwaas
管理节点操作
[root@controller /]# vim /etc/neutron/neutron.conf
[DEFAULT]
service_plugins = [existing service plugins],firewall
[service_providers]
service_provider = FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default
[fwaas]
driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
enabled = True
网络节点操作
[root@controller /]# vim /etc/neutron/l3_agent.ini
[agent]
extensions = fwaas
[root@controller /]# vim /etc/neutron/neutron.conf
[fwaas]
agent_version = v1
driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
enabled = True
conntrack_driver = conntrack
重启服务
[root@controller /]# neutron-db-manage --subproject neutron-fwaas upgrade head
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Running upgrade for neutron-fwaas ...
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
OK
[root@controller /]# systemctl restart neutron-server
[root@controller /]# echo $?
0
[root@controller /]# systemctl restart neutron-l3-agent
[root@controller /]# echo $?
0
8.配置lbaas agent
安装软件
[root@controller /]# yum install -y haproxy
管理节点操作:
[root@controller /]# vim /etc/neutron/neutron.conf
service_plugins = [existing service plugins],neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2
管理节点和网络节点操作:
[root@controller /]# vim /etc/neutron/neutron_lbaas.conf
[service_providers]
service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
[root@controller /]# vim /etc/neutron/lbaas_agent.ini
[DEFAULT]
device_driver = neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver
interface_driver = openvswitch
[haproxy]
user_group = haproxy
管理节点操作
[root@controller /]# neutron-db-manage --subproject neutron-lbaas upgrade head
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Running upgrade for neutron-lbaas ...
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
OK
网络节点操作:
[root@controller /]# systemctl start neutron-lbaasv2-agent.service
[root@controller /]# echo $?
0
[root@controller /]# systemctl enable neutron-lbaasv2-agent.service
[root@controller /]# echo $?
0
管理节点操作
[root@controller /]# systemctl restart neutron-server
[root@controller /]# echo $?
0
9.配置qos
[root@controller /]# vim /etc/neutron/neutron.conf
service_plugins = [existing service plugins],neutron.services.qos.qos_plugin.QoSPlugin
[root@controller /]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
extension_drivers = port_security,qos
[root@controller /]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
[agent]
extensions = qos
重启服务
[root@controller /]# systemctl restart neutron-server.service
[root@controller /]# echo $?
0
[root@controller /]# systemctl restart neutron-openvswitch-agent.service
[root@controller /]# echo $?
0
部署计算节点
一、安装和配置组件
1.安装软件
[root@controller /]# yum install -y openstack-neutron-ml2 openstack-neutron-openvswitch ebtables ipset
2.配置服务
[root@controller /]# vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = qwer1234
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[root@controller /]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
[ovs]
local_ip = MANAGEMENT_INTERFACE_IP_ADDRESS
3.启动服务及设置开机重启
systemctl enable openvswitch neutron-openvswitch-agent
systemctl start openvswitch neutron-openvswitch-agent
ovs-vsctl add-br br-ex
ovs-vsctl add-port br-ex ens37
展示现有节点和虚拟机的所有情况
ovs-vsctl showovs-vsctl show
验证
openstack network agent list