OpenStack部署(五)

部署版本:pike
部署环境:CentOS7.6
配置文件中所有controller可修改为控制节点ip地址
配置过程中使用 echo $? 验证命令执行情况
Networking service
安装与配置neutron (OVS+VXLAN)

OpenStack Networking允许创建由其他OpenStack服务管理的接口设备,并将其连接到网络。可以实现插件以适应不同的网络设备和软件,从而为OpenStack架构和部署提供灵活性
VXLAN
OpenStack部署(五)

部署控制节点
一、安装和配置
先决条件
1.使用root进入数据库

[root@controller /]# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.

2.创建数据库

MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.00 sec)

3.赋予权限

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'controller' IDENTIFIED BY 'qwer1234';
Query OK, 0 rows affected (0.02 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'qwer1234';
Query OK, 0 rows affected (0.00 sec)

安装和配置组件:
1.安装软件

[root@controller /]# yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-fwaas openstack-neutron-lbaas

2.配置neutron server服务
获取管理员凭据以启用仅限管理员的CLI命令:

[root@controller openrc]# source admin-openrc.sh 

创建服务凭据、创建neutron用户:

[root@controller /]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 9ed51eb476a74cb89951db63d8e8cd06 |
| name                | neutron                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

将管理员角色添加到用户:

[root@controller /]# openstack role add --project service --user neutron admin
[root@controller /]# echo $?
0

创建neutron 服务实体:

[root@controller /]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | b280ad289b4045c589f4306e4bf013af |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+

创建网络服务API端点:

[root@controller /]# openstack endpoint create --region RegionOne network public http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 20b23b30bd9d43578b27f69f8cc0d146 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | b280ad289b4045c589f4306e4bf013af |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696        |
+--------------+----------------------------------+
[root@controller /]# openstack endpoint create --region RegionOne network internal http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 3cbf83e296ff4a96963dee771830cf7d |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | b280ad289b4045c589f4306e4bf013af |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696        |
+--------------+----------------------------------+
[root@controller /]# openstack endpoint create --region RegionOne network admin http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 324e054ad36f465192c0db6284a7e886 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | b280ad289b4045c589f4306e4bf013af |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696        |
+--------------+----------------------------------+

3.网络服务器组件配置

编辑/etc/nova/nova.conf文件及修改内容

[root@controller /]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:Sitech_AMQP~2021@controller:5672
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
bind_port = 10.121.17.2
rpc_workers = 32


[database]
connection = mysql+pymysql://neutron:Sitech_Neutron~2021@controller/neutron


[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = qwer1234


[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = qwer1234


[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

4.配置模块化第2层(ML2)插件
编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件及修改内容

[root@controller /]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan,gre
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true

创建软连接:

[root@controller /]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controller /]# echo $?
0

5.配置nova api使用neutron服务

[root@controller /]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = qwer1234
service_metadata_proxy = true
metadata_proxy_shared_secret = qwer1234

6.所有计算节点配置nova compute使用neutron服务

[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = qwer1234

7.填充neutron数据库

[root@controller /]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

8.启动设计开机自启

[root@controller /]# systemctl start neutron-server.service
[root@controller /]# systemctl enable neutron-server.service
[root@controller /]# systemctl restart openstack-nova-api.service
[root@controller /]# echo $?
0

9.重启nova-compute

[root@controller /]# systemctl restart openstack-nova-compute.service
[root@controller /]# echo $?
0

部署网络节点
一、安装和配置组件
1.安装软件

[root@controller /]# yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch openstack-neutron-fwaas openstack-neutron-lbaas ebtables ipset

2.配置agent服务
编辑 /etc/neutron/neutron.conf文件及修改内容

[DEFAULT]
auth_strategy = keystone
transport_url = rabbit://openstack:qwer1234@controller
[database]
connection = mysql+pymysql://neutron:qwer1234@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = qwer1234
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

3.配置l3 agent

[root@controller /]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge = br-ex

4.配置dhcp agent

[root@controller /]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

5.配置metadata agent

[root@controller /]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = qwer1234

6.配置openvswitch agent

[root@controller /]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
[agent]
tunnel_types = vxlan,gre
l2_population = true
arp_responder = true
[ovs]
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = controller
bridge_mappings = provider:br-ex
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

启动服务并设置开机自启

[root@controller /]# systemctl enable openvswitch neutron-openvswitch-agent neutron-dhcp-agent neutron-metadata-agent neutron-l3-agent
Created symlink from /etc/systemd/system/multi-user.target.wants/openvswitch.service to /usr/lib/systemd/system/openvswitch.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-openvswitch-agent.service to /usr/lib/systemd/system/neutron-openvswitch-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service to /usr/lib/systemd/system/neutron-l3-agent.service.
[root@controller /]# systemctl start openvswitch neutron-openvswitch-agent neutron-dhcp-agent neutron-metadata-agent neutron-l3-agent
[root@controller /]# echo $?
0

[root@controller /]# ovs-vsctl add-br br-ex
[root@controller /]# echo $?
0

7.配置fwaas
管理节点操作

[root@controller /]# vim /etc/neutron/neutron.conf
[DEFAULT]
service_plugins = [existing service plugins],firewall
[service_providers]
service_provider = FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default
[fwaas]
driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
enabled = True

网络节点操作

[root@controller /]# vim /etc/neutron/l3_agent.ini
[agent]
extensions = fwaas


[root@controller /]# vim /etc/neutron/neutron.conf


[fwaas]
agent_version = v1
driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
enabled = True
conntrack_driver = conntrack

重启服务

[root@controller /]# neutron-db-manage --subproject neutron-fwaas upgrade head
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
  Running upgrade for neutron-fwaas ...
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
  OK
[root@controller /]# systemctl restart neutron-server
[root@controller /]# echo $?
0
[root@controller /]# systemctl restart neutron-l3-agent
[root@controller /]# echo $?
0

8.配置lbaas agent
安装软件

[root@controller /]# yum install -y haproxy

管理节点操作:

[root@controller /]# vim /etc/neutron/neutron.conf


service_plugins = [existing service plugins],neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2

管理节点和网络节点操作:

[root@controller /]# vim /etc/neutron/neutron_lbaas.conf
[service_providers]
service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default


[root@controller /]# vim /etc/neutron/lbaas_agent.ini


[DEFAULT]
device_driver = neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver
interface_driver = openvswitch
[haproxy]
user_group = haproxy

管理节点操作

[root@controller /]# neutron-db-manage --subproject neutron-lbaas upgrade head
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
  Running upgrade for neutron-lbaas ...
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
  OK

网络节点操作:

[root@controller /]# systemctl start neutron-lbaasv2-agent.service
[root@controller /]# echo $?
0
[root@controller /]# systemctl enable neutron-lbaasv2-agent.service
[root@controller /]# echo $?
0

管理节点操作

[root@controller /]# systemctl restart neutron-server
[root@controller /]# echo $?
0

9.配置qos

[root@controller /]# vim /etc/neutron/neutron.conf
service_plugins = [existing service plugins],neutron.services.qos.qos_plugin.QoSPlugin
[root@controller /]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
extension_drivers = port_security,qos
[root@controller /]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
[agent]
extensions = qos

重启服务

[root@controller /]# systemctl restart neutron-server.service
[root@controller /]# echo $?
0
[root@controller /]# systemctl restart neutron-openvswitch-agent.service
[root@controller /]# echo $?
0

部署计算节点
一、安装和配置组件
1.安装软件

[root@controller /]# yum install -y openstack-neutron-ml2 openstack-neutron-openvswitch ebtables ipset

2.配置服务

[root@controller /]# vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = qwer1234
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[root@controller /]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
[ovs]
local_ip = MANAGEMENT_INTERFACE_IP_ADDRESS

3.启动服务及设置开机重启

systemctl enable openvswitch neutron-openvswitch-agent
systemctl start openvswitch neutron-openvswitch-agent
ovs-vsctl add-br br-ex
ovs-vsctl add-port br-ex ens37

展示现有节点和虚拟机的所有情况

ovs-vsctl showovs-vsctl show

验证
openstack network agent list

上一篇:有关Java基础的面试题分享【持续更新中】


下一篇:若3行代码能改进简化为1行代码,那对整个公司会有多少影响?