neutron的主要作用是在openstack中為啟動虛拟機執行個體提供網絡服務,對于neutron來講,它可以提供兩種類型的網絡;第一種是provider network,這種網絡就是我們常說的橋接網絡,虛拟機内部網絡通常是通過bridge的方式直接橋接到主控端的某塊實體網卡上,進而實作虛拟機可以正常的通路外部網絡,同時虛拟機外部網絡也可以通路虛拟機的内部網絡;第二種是self-service networks,這種網絡就是nat網絡;nat網絡的實作是通過在虛拟機和主控端之間實作了虛拟路由器,在虛拟機内部可以是一個私有位址連接配接至虛拟路由器的一個接口上,而虛拟路由器的另外一端通過網橋橋接到主控端的某一張實體網卡;
一、簡介
neutron的主要作用是在openstack中為啟動虛拟機執行個體提供網絡服務,對于neutron來講,它可以提供兩種類型的網絡;第一種是provider network,這種網絡就是我們常說的橋接網絡,虛拟機内部網絡通常是通過bridge的方式直接橋接到主控端的某塊實體網卡上,進而實作虛拟機可以正常的通路外部網絡,同時虛拟機外部網絡也可以通路虛拟機的内部網絡;第二種是self-service networks,這種網絡就是nat網絡;nat網絡的實作是通過在虛拟機和主控端之間實作了虛拟路由器,在虛拟機内部可以是一個私有位址連接配接至虛拟路由器的一個接口上,而虛拟路由器的另外一端通過網橋橋接到主控端的某一張實體網卡;是以nat網絡很好的隐藏了虛拟機的位址,它能夠實作虛拟機通路外部網絡,而外網使用者是不能夠直接通路虛拟機的;但在openstack中,它能夠實作虛拟機和外部的網絡做一對一nat綁定,進而實作從虛拟機外部網絡通路虛拟機;
self-service network 示意圖
提示:self-service network 和provide network最大的差別是自服務網絡中有虛拟路由器;有路由器就意味着虛拟機要和外網通信,網絡封包要走三層,而對于provide network 來講,它的網絡封包就可以直接走二層網絡;是以在openstack上這兩種類型的網絡實作方式和對應的元件也有所不同;
provide network 實作所需元件
Provider networks - Overview
Provider networks 連接配接示意圖
提示:橋接網絡也叫共享網絡,虛拟機執行個體網絡是通過橋接的方式直接共享主控端網絡;虛拟機和主控端通信,就類似主控端同區域網路的其他主機通信一樣;是以虛拟機和主控端通信封包都不會到三層,是以這裡面就不涉及三層網絡相關的操作和配置;
self-service network實作所需元件
雲計算管理平台之OpenStack網絡服務neutron
Self-service networks - Overview
Self-service networks連接配接示意圖
對比上面兩種網絡的實作所需元件,我們可以發現self-service network的實作要比provide network要多一個networking L3 Agent插件;這個插件用作實作3層網絡功能,比如,提供或管理虛拟路由器;從上面的兩種網絡連接配接示意圖也可以看出,self-service network是包含provide network,也就是說我們選擇使用self-service network這種類型的網絡結構,我們即可以 建立自服務網絡,也可以建立橋接網絡;對于自服務網絡來講,我們在計算節點啟動的虛拟機,虛拟機想要通路外部網絡,它會通過計算節點的vxlan接口,這裡的vxlan我們可以了解為在計算節點内部實作的虛拟交換機,各虛拟機執行個體通過連接配接不同的vni(網絡辨別符,類似vlan id一樣)的vxlan來實作網絡的隔離,同時vxlan這個虛拟接口通常是橋接在本地管理網絡接口上,這個管理網絡一般是不能夠和外部網絡通信;虛拟機通路外部網絡,通過vxlan接口實作的vxlan隧道,這個隧道是一頭是和計算節點的管理網絡接口連接配接,一頭是和控制節點的管理網絡接口連接配接;虛拟機通路外部網絡是通過vxlan隧道,再通過控制節點中的虛拟路由器,将請求通過路由規則,路由到控制節點能夠上外網的接口上,然後發出去,進而實作虛拟機能夠和外部網絡進行互動;而對于外部網絡要通路虛拟機,在openstack上是通過一對一nat綁定實作;也就說在控制節點能夠上外網的接口上配置很多ip位址,這些IP位址都是可以正常通路外部網絡的,在虛拟機通路外部網絡時,在控制節點的虛拟機路由器上就固定的把計算節點的某個虛拟機的流量通過固定SNAT的方式進行資料發送,對于這個固定位址在控制節點上再做固定的DNAT,進而實作外部網絡通路控制節點上的這個固定ip,通過DNAT規則把外部流量引入到虛拟機,進而實作外部網絡和虛拟機通信;
neutron工作流程
neutron服務主要由neutron-server、neutron agents、neutron plugins這三個元件組成,這三者都依賴消息隊列服務;其中neutron server主要用來接收使用者的請求,比如建立或管理網絡;當neutron server接收到用戶端(openstack其他服務,如nova,neutron專有用戶端)請求後,它會把請求丢到消息隊列中去,然後neutron agents負責從消息隊列中取出用戶端的請求,在本地完成網絡建立或管理,并把對應的操作的結果寫到neutron 資料庫中進行儲存;這裡需要說明一點neutron agents是指很多agent,每個agent都負責完成一件事,比如DHCP agent負責配置設定ip位址,network manage agent負責管理網絡;而對于neutron plugins 主要用來借助外部插件的方式提供某種服務;比如ML2 plugin用來提供2層虛拟網絡服務的;如果neutron agents在建立或管理網絡需要用到某個插件服務時,它會把請求插件的消息丢到消息隊列,然後neutron plugins 從消息隊列取出消息,并響應請求,把結果丢到消息隊列,同時也會寫到資料庫中;
二、neutron服務的安裝、配置
1、準備neutron 資料庫、使用者以及授權使用者對neutron資料庫下的所有表有所有權限;
[root@node02 ~]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 184
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]>
驗證:用其他主機用neutron使用者,看看是否可以正常連接配接資料庫?
[root@node01 ~]# mysql -uneutron -pneutron -hnode02
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 185
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| neutron |
| test |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]>
2、在控制節點安裝配置neutron
導出admin環境變量,建立neutron使用者,設定其密碼為neutron
[root@node01 ~]# source admin.sh
[root@node01 ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 47c0915c914c49bb8670703e4315a80f |
| enabled | True |
| id | e7d0eae696914cc19fb8ebb24f4b5b0f |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@node01 ~]#
将neutron使用者添加至service項目,并授權為admin角色
[root@node01 ~]# openstack role add --project service --user neutron admin
[root@node01 ~]#
建立neutron服務
[root@node01 ~]# openstack service create --name neutron \
> --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 3dc79e6a21e2484e8f92869e8745122c |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@node01 ~]#
建立neutron服務端點(注冊neutron服務)
公共端點
[root@node01 ~]# openstack endpoint create --region RegionOne \
> network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4a8c9c97417f4764a0e61b5a7a1f3a5f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3dc79e6a21e2484e8f92869e8745122c |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@node01 ~]#
私有端點
[root@node01 ~]# openstack endpoint create --region RegionOne \
> network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1269653296e14406920bc43db65fd8af |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3dc79e6a21e2484e8f92869e8745122c |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@node01 ~]#
管理端點
[root@node01 ~]# openstack endpoint create --region RegionOne \
> network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 8bed1c51ed6d4f0185762edc2d5afd8a |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3dc79e6a21e2484e8f92869e8745122c |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@node01 ~]#
安裝neutron服務元件包
[root@node01 ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
編輯neutron服務的配置檔案/etc/neutron/neutron.conf的【DEFAULT】配置段配置連接配接rabbitmq相關資訊以及核心插件和網絡插件等;
提示:我這裡選擇使用自服務網絡類型;是以這裡要配置service_plugins = router 并且啟用疊加網絡選項;
在【database】配置段配置連接配接neutron資料庫相關資訊
在【keystone_authtoken】配置段配置使用keystone做認證的相關資訊
在【DEFAULT】配置段配置網絡通知相關選項
在【nova】配置段配置nova服務相關資訊
在【oslo_concurrency】配置段配置鎖路徑
neutron.conf的最終配置
[root@node01 ~]# grep -i ^"[a-z\[]" /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:openstack123@node02
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[agent]
[cors]
[database]
connection = mysql+pymysql://neutron:neutron@node02/neutron
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = node02:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[matchmaker_redis]
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[quotas]
[ssl]
[root@node01 ~]#
配置ML2插件
編輯配置檔案/etc/neutron/plugins/ml2/ml2_conf.ini ,在【ml2】配置段配置支援flat(平面網絡),vlan和vxlan
提示:配置ML2插件之後,删除type_drivers選項中的值可能會導緻資料庫不一緻;意思是初始化資料庫後,如果在删除上面的值,可能導緻資料庫不一緻的情況;
在【ml2】配置段開啟租戶網絡類型為vxlan
在【ml2】配置段啟用Linux橋接和二層填充機制
在【ml2】配置段中啟用端口安全擴充驅動程式
在【ml2_type_flat】配置段配置flat_networks = provider
提示:這裡主要是指定平面網絡的名稱,就是虛拟機内部網絡叫什麼名,這個名稱可以自定義,但後面會用到把該網絡橋接到實體網卡中的配置,以及後續的建立網絡都要用到這名稱,請確定後續的名稱和這裡的名稱保持一緻;
在【ml2_type_vxlan】配置段中配置vxlan的辨別範圍
在【securitygroup】配置段啟用ipset
ml2_conf.ini的最終配置
[root@node01 ~]# grep -i ^"[a-z\[]" /etc/neutron/plugins/ml2/ml2_conf.ini
[DEFAULT]
[l2pop]
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_geneve]
[ml2_type_gre]
[ml2_type_vlan]
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
[root@node01 ~]#
配置linux bridge agent
編輯/etc/neutron/plugins/ml2/linuxbridge_agent.ini,在【linux_bridge】配置段配置provider網絡映射到實體的那個接口
提示:這裡主要是配置把把虛拟機内部的那個網絡和實體接口的橋接映射,請確定虛拟機内部網絡名稱和這裡配置的保持一緻;冒号前指定虛拟機内部網絡名稱,冒号後面指定要橋接的實體網卡接口名稱;
在【vxlan】配置段配置啟用vxlan,并配置本地管理ip位址和開啟l2_population
提示:local_ip寫控制節點的管理ip位址(如果有多個ip位址的話);
在【securitygroup】配置段配置啟用安全組并配置Linux bridge iptables防火牆驅動程式
linuxbridge_agent.ini的最終配置
[root@node01 ~]# grep -i ^"[a-z\[]" /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = provider:ens33
[network_log]
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = true
local_ip = 192.168.0.41
l2_population = true
[root@node01 ~]#
确定
br_netfilter核心子產品是加載啟用,若沒加載,加載核心子產品并配置相關核心參數
[root@node01 ~]# lsmod |grep br_netfilter
[root@node01 ~]# modprobe br_netfilter
[root@node01 ~]# lsmod |grep br_netfilter
br_netfilter 22209 0
bridge 136173 1 br_netfilter
[root@node01 ~]#
配置相關核心參數
[root@node01 ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
[root@node01 ~]#
配置L3 agent
編輯/etc/neutron/l3_agent.ini配置檔案,在【DEFAULT】配置段網絡接口驅動為linuxbridge
[DEFAULT]
interface_driver = linuxbridge 配置DHCP agent
編輯/etc/neutron/dhcp_agent.ini配置檔案,在【DEFAULT】配置段配置網絡接口驅動為linuxbridge,啟用中繼資料隔離,并配置dhcp驅動程式
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true 配置metadata agent
編輯/etc/neutron/metadata_agent.ini配置檔案,在【DEFAULT】配置段配置metadata server位址和共享密鑰
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET 提示:metadata_proxy_shared_secret 這個是配置共享密鑰的參數,後面的密鑰可以随機生成,也可以設定任意字元串;
配置nova服務使用neutron服務
編輯/etc/nova/nova.conf配置檔案,在【neutron】配置段配置neutron相關資訊
[neutron]
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET 提示:這裡的metadata_proxy_shared_secret要和上面配置的metadata agent中配置的密鑰保持一緻即可;
将ml2的配置檔案軟連接配接到/etc/neutron/plugin.ini
[root@node01 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@node01 ~]# ll /etc/neutron/
total 132
drwxr-xr-x 11 root root 260 Oct 31 00:03 conf.d
-rw-r----- 1 root neutron 10867 Oct 31 01:23 dhcp_agent.ini
-rw-r----- 1 root neutron 14466 Oct 31 01:23 l3_agent.ini
-rw-r----- 1 root neutron 11394 Oct 31 01:30 metadata_agent.ini
-rw-r----- 1 root neutron 72285 Oct 31 00:25 neutron.conf
lrwxrwxrwx 1 root root 37 Oct 31 01:36 plugin.ini -> /etc/neutron/plugins/ml2/ml2_conf.ini
drwxr-xr-x 3 root root 17 Oct 31 00:03 plugins
-rw-r----- 1 root neutron 12689 Feb 28 2020 policy.json
-rw-r--r-- 1 root root 1195 Feb 28 2020 rootwrap.conf
[root@node01 ~]#
初始化neutron資料庫
[root@node01 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
> --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Running upgrade for neutron ...
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade -> kilo
INFO [alembic.runtime.migration] Running upgrade kilo -> 354db87e3225
INFO [alembic.runtime.migration] Running upgrade 354db87e3225 -> 599c6a226151
INFO [alembic.runtime.migration] Running upgrade 599c6a226151 -> 52c5312f6baf
INFO [alembic.runtime.migration] Running upgrade 52c5312f6baf -> 313373c0ffee
INFO [alembic.runtime.migration] Running upgrade 313373c0ffee -> 8675309a5c4f
INFO [alembic.runtime.migration] Running upgrade 8675309a5c4f -> 45f955889773
INFO [alembic.runtime.migration] Running upgrade 45f955889773 -> 26c371498592
INFO [alembic.runtime.migration] Running upgrade 26c371498592 -> 1c844d1677f7
INFO [alembic.runtime.migration] Running upgrade 1c844d1677f7 -> 1b4c6e320f79
INFO [alembic.runtime.migration] Running upgrade 1b4c6e320f79 -> 48153cb5f051
INFO [alembic.runtime.migration] Running upgrade 48153cb5f051 -> 9859ac9c136
INFO [alembic.runtime.migration] Running upgrade 9859ac9c136 -> 34af2b5c5a59
INFO [alembic.runtime.migration] Running upgrade 34af2b5c5a59 -> 59cb5b6cf4d
INFO [alembic.runtime.migration] Running upgrade 59cb5b6cf4d -> 13cfb89f881a
INFO [alembic.runtime.migration] Running upgrade 13cfb89f881a -> 32e5974ada25
INFO [alembic.runtime.migration] Running upgrade 32e5974ada25 -> ec7fcfbf72ee
INFO [alembic.runtime.migration] Running upgrade ec7fcfbf72ee -> dce3ec7a25c9
INFO [alembic.runtime.migration] Running upgrade dce3ec7a25c9 -> c3a73f615e4
INFO [alembic.runtime.migration] Running upgrade c3a73f615e4 -> 659bf3d90664
INFO [alembic.runtime.migration] Running upgrade 659bf3d90664 -> 1df244e556f5
INFO [alembic.runtime.migration] Running upgrade 1df244e556f5 -> 19f26505c74f
INFO [alembic.runtime.migration] Running upgrade 19f26505c74f -> 15be73214821
INFO [alembic.runtime.migration] Running upgrade 15be73214821 -> b4caf27aae4
INFO [alembic.runtime.migration] Running upgrade b4caf27aae4 -> 15e43b934f81
INFO [alembic.runtime.migration] Running upgrade 15e43b934f81 -> 31ed664953e6
INFO [alembic.runtime.migration] Running upgrade 31ed664953e6 -> 2f9e956e7532
INFO [alembic.runtime.migration] Running upgrade 2f9e956e7532 -> 3894bccad37f
INFO [alembic.runtime.migration] Running upgrade 3894bccad37f -> 0e66c5227a8a
INFO [alembic.runtime.migration] Running upgrade 0e66c5227a8a -> 45f8dd33480b
INFO [alembic.runtime.migration] Running upgrade 45f8dd33480b -> 5abc0278ca73
INFO [alembic.runtime.migration] Running upgrade 5abc0278ca73 -> d3435b514502
INFO [alembic.runtime.migration] Running upgrade d3435b514502 -> 30107ab6a3ee
INFO [alembic.runtime.migration] Running upgrade 30107ab6a3ee -> c415aab1c048
INFO [alembic.runtime.migration] Running upgrade c415aab1c048 -> a963b38d82f4
INFO [alembic.runtime.migration] Running upgrade kilo -> 30018084ec99
INFO [alembic.runtime.migration] Running upgrade 30018084ec99 -> 4ffceebfada
INFO [alembic.runtime.migration] Running upgrade 4ffceebfada -> 5498d17be016
INFO [alembic.runtime.migration] Running upgrade 5498d17be016 -> 2a16083502f3
INFO [alembic.runtime.migration] Running upgrade 2a16083502f3 -> 2e5352a0ad4d
INFO [alembic.runtime.migration] Running upgrade 2e5352a0ad4d -> 11926bcfe72d
INFO [alembic.runtime.migration] Running upgrade 11926bcfe72d -> 4af11ca47297
INFO [alembic.runtime.migration] Running upgrade 4af11ca47297 -> 1b294093239c
INFO [alembic.runtime.migration] Running upgrade 1b294093239c -> 8a6d8bdae39
INFO [alembic.runtime.migration] Running upgrade 8a6d8bdae39 -> 2b4c2465d44b
INFO [alembic.runtime.migration] Running upgrade 2b4c2465d44b -> e3278ee65050
INFO [alembic.runtime.migration] Running upgrade e3278ee65050 -> c6c112992c9
INFO [alembic.runtime.migration] Running upgrade c6c112992c9 -> 5ffceebfada
INFO [alembic.runtime.migration] Running upgrade 5ffceebfada -> 4ffceebfcdc
INFO [alembic.runtime.migration] Running upgrade 4ffceebfcdc -> 7bbb25278f53
INFO [alembic.runtime.migration] Running upgrade 7bbb25278f53 -> 89ab9a816d70
INFO [alembic.runtime.migration] Running upgrade 89ab9a816d70 -> c879c5e1ee90
INFO [alembic.runtime.migration] Running upgrade c879c5e1ee90 -> 8fd3918ef6f4
INFO [alembic.runtime.migration] Running upgrade 8fd3918ef6f4 -> 4bcd4df1f426
INFO [alembic.runtime.migration] Running upgrade 4bcd4df1f426 -> b67e765a3524
INFO [alembic.runtime.migration] Running upgrade a963b38d82f4 -> 3d0e74aa7d37
INFO [alembic.runtime.migration] Running upgrade 3d0e74aa7d37 -> 030a959ceafa
INFO [alembic.runtime.migration] Running upgrade 030a959ceafa -> a5648cfeeadf
INFO [alembic.runtime.migration] Running upgrade a5648cfeeadf -> 0f5bef0f87d4
INFO [alembic.runtime.migration] Running upgrade 0f5bef0f87d4 -> 67daae611b6e
INFO [alembic.runtime.migration] Running upgrade 67daae611b6e -> 6b461a21bcfc
INFO [alembic.runtime.migration] Running upgrade 6b461a21bcfc -> 5cd92597d11d
INFO [alembic.runtime.migration] Running upgrade 5cd92597d11d -> 929c968efe70
INFO [alembic.runtime.migration] Running upgrade 929c968efe70 -> a9c43481023c
INFO [alembic.runtime.migration] Running upgrade a9c43481023c -> 804a3c76314c
INFO [alembic.runtime.migration] Running upgrade 804a3c76314c -> 2b42d90729da
INFO [alembic.runtime.migration] Running upgrade 2b42d90729da -> 62c781cb6192
INFO [alembic.runtime.migration] Running upgrade 62c781cb6192 -> c8c222d42aa9
INFO [alembic.runtime.migration] Running upgrade c8c222d42aa9 -> 349b6fd605a6
INFO [alembic.runtime.migration] Running upgrade 349b6fd605a6 -> 7d32f979895f
INFO [alembic.runtime.migration] Running upgrade 7d32f979895f -> 594422d373ee
INFO [alembic.runtime.migration] Running upgrade 594422d373ee -> 61663558142c
INFO [alembic.runtime.migration] Running upgrade 61663558142c -> 867d39095bf4, port forwarding
INFO [alembic.runtime.migration] Running upgrade b67e765a3524 -> a84ccf28f06a
INFO [alembic.runtime.migration] Running upgrade a84ccf28f06a -> 7d9d8eeec6ad
INFO [alembic.runtime.migration] Running upgrade 7d9d8eeec6ad -> a8b517cff8ab
INFO [alembic.runtime.migration] Running upgrade a8b517cff8ab -> 3b935b28e7a0
INFO [alembic.runtime.migration] Running upgrade 3b935b28e7a0 -> b12a3ef66e62
INFO [alembic.runtime.migration] Running upgrade b12a3ef66e62 -> 97c25b0d2353
INFO [alembic.runtime.migration] Running upgrade 97c25b0d2353 -> 2e0d7a8a1586
INFO [alembic.runtime.migration] Running upgrade 2e0d7a8a1586 -> 5c85685d616d
OK
[root@node01 ~]#
驗證:連接配接neutron資料庫中是否有表生成?
MariaDB [(none)]> use neutron
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [neutron]> show tables;
+-----------------------------------------+
| Tables_in_neutron |
+-----------------------------------------+
| address_scopes |
| agents |
| alembic_version |
| allowedaddresspairs |
| arista_provisioned_nets |
| arista_provisioned_tenants |
| arista_provisioned_vms |
| auto_allocated_topologies |
| bgp_peers |
| bgp_speaker_dragent_bindings |
| bgp_speaker_network_bindings |
| bgp_speaker_peer_bindings |
| bgp_speakers |
| brocadenetworks |
| brocadeports |
| cisco_csr_identifier_map |
| cisco_hosting_devices |
| cisco_ml2_apic_contracts |
| cisco_ml2_apic_host_links |
| cisco_ml2_apic_names |
| cisco_ml2_n1kv_network_bindings |
| cisco_ml2_n1kv_network_profiles |
| cisco_ml2_n1kv_policy_profiles |
| cisco_ml2_n1kv_port_bindings |
| cisco_ml2_n1kv_profile_bindings |
| cisco_ml2_n1kv_vlan_allocations |
| cisco_ml2_n1kv_vxlan_allocations |
| cisco_ml2_nexus_nve |
| cisco_ml2_nexusport_bindings |
| cisco_port_mappings |
| cisco_router_mappings |
| consistencyhashes |
| default_security_group |
| dnsnameservers |
| dvr_host_macs |
| externalnetworks |
| extradhcpopts |
| firewall_policies |
| firewall_rules |
| firewalls |
| flavors |
| flavorserviceprofilebindings |
| floatingipdnses |
| floatingips |
| ha_router_agent_port_bindings |
| ha_router_networks |
| ha_router_vrid_allocations |
| healthmonitors |
| ikepolicies |
| ipallocationpools |
| ipallocations |
| ipamallocationpools |
| ipamallocations |
| ipamsubnets |
| ipsec_site_connections |
| ipsecpeercidrs |
| ipsecpolicies |
| logs |
| lsn |
| lsn_port |
| maclearningstates |
| members |
| meteringlabelrules |
| meteringlabels |
| ml2_brocadenetworks |
| ml2_brocadeports |
| ml2_distributed_port_bindings |
| ml2_flat_allocations |
| ml2_geneve_allocations |
| ml2_geneve_endpoints |
| ml2_gre_allocations |
| ml2_gre_endpoints |
| ml2_nexus_vxlan_allocations |
| ml2_nexus_vxlan_mcast_groups |
| ml2_port_binding_levels |
| ml2_port_bindings |
| ml2_ucsm_port_profiles |
| ml2_vlan_allocations |
| ml2_vxlan_allocations |
| ml2_vxlan_endpoints |
| multi_provider_networks |
| networkconnections |
| networkdhcpagentbindings |
| networkdnsdomains |
| networkgatewaydevicereferences |
| networkgatewaydevices |
| networkgateways |
| networkqueuemappings |
| networkrbacs |
| networks |
| networksecuritybindings |
| networksegments |
| neutron_nsx_network_mappings |
| neutron_nsx_port_mappings |
| neutron_nsx_router_mappings |
| neutron_nsx_security_group_mappings |
| nexthops |
| nsxv_edge_dhcp_static_bindings |
| nsxv_edge_vnic_bindings |
| nsxv_firewall_rule_bindings |
| nsxv_internal_edges |
| nsxv_internal_networks |
| nsxv_port_index_mappings |
| nsxv_port_vnic_mappings |
| nsxv_router_bindings |
| nsxv_router_ext_attributes |
| nsxv_rule_mappings |
| nsxv_security_group_section_mappings |
| nsxv_spoofguard_policy_network_mappings |
| nsxv_tz_network_bindings |
| nsxv_vdr_dhcp_bindings |
| nuage_net_partition_router_mapping |
| nuage_net_partitions |
| nuage_provider_net_bindings |
| nuage_subnet_l2dom_mapping |
| poolloadbalanceragentbindings |
| poolmonitorassociations |
| pools |
| poolstatisticss |
| portbindingports |
| portdataplanestatuses |
| portdnses |
| portforwardings |
| portqueuemappings |
| ports |
| portsecuritybindings |
| providerresourceassociations |
| provisioningblocks |
| qos_bandwidth_limit_rules |
| qos_dscp_marking_rules |
| qos_fip_policy_bindings |
| qos_minimum_bandwidth_rules |
| qos_network_policy_bindings |
| qos_policies |
| qos_policies_default |
| qos_port_policy_bindings |
| qospolicyrbacs |
| qosqueues |
| quotas |
| quotausages |
| reservations |
| resourcedeltas |
| router_extra_attributes |
| routerl3agentbindings |
| routerports |
| routerroutes |
| routerrules |
| routers |
| securitygroupportbindings |
| securitygrouprules |
| securitygroups |
| segmenthostmappings |
| serviceprofiles |
| sessionpersistences |
| standardattributes |
| subnet_service_types |
| subnetpoolprefixes |
| subnetpools |
| subnetroutes |
| subnets |
| subports |
| tags |
| trunks |
| tz_network_bindings |
| vcns_router_bindings |
| vips |
| vpnservices |
+-----------------------------------------+
167 rows in set (0.00 sec)
MariaDB [neutron]>
重新開機nova-api服務
[root@node01 ~]# systemctl restart openstack-nova-api.service
[root@node01 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:9292 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 100 *:6080 *:*
LISTEN 0 128 *:8774 *:*
LISTEN 0 128 *:8775 *:*
LISTEN 0 128 *:9191 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 :::5000 :::*
LISTEN 0 128 :::8778 :::*
[root@node01 ~]#
提示:重新開機確定nova-api服務的8774和8775端口正常監聽;
啟動neutron相關服務,并将其設定為開機啟動
[root@node01 ~]# systemctl start neutron-server.service \
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
> neutron-metadata-agent.service
[root@node01 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
[root@node01 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:9292 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:9696 *:*
LISTEN 0 100 *:6080 *:*
LISTEN 0 128 *:8774 *:*
LISTEN 0 128 *:8775 *:*
LISTEN 0 128 *:9191 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 :::5000 :::*
LISTEN 0 128 :::8778 :::*
[root@node01 ~]#
提示:請確定9696端口正常監聽;
如果我們選用的是self-service network 我們還需要啟動L3 agent 服務,并将其設定為開機啟動
[root@node01 ~]# systemctl start neutron-l3-agent.service
[root@node01 ~]# systemctl enable neutron-l3-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service to /usr/lib/systemd/system/neutron-l3-agent.service.
[root@node01 ~]#
到此控制節點的neutron服務就配置好了
3、在計算節點安裝配置neutron服務
安裝neutron相關服務包
[root@node03 ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y
編輯/etc/neutron/neutron.conf,在【DEFAULT】配置段配置連接配接rabbitmq相關資訊,以及配置認證政策為keystone
在【keystone_authtoken】配置段配置keystone認證相關資訊
在【
oslo_concurrency】配置段配置鎖路徑
neutron.conf最終配置
[root@node03 ~]# grep -i ^"[a-z\[]" /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:openstack123@node02
auth_strategy = keystone
[agent]
[cors]
[database]
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = node02:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[matchmaker_redis]
[nova]
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[quotas]
[ssl]
[root@node03 ~]#
編輯/etc/neutron/plugins/ml2/linuxbridge_agent.ini配置檔案,在【linux_bridge】配置段配置provider網絡映射到實體的那個接口
提示:這裡冒号前邊的是虛拟機内部網絡名稱,這個名稱請確定和控制節點上配置的虛拟機内部網絡名稱相同;冒号後面的是配置要橋接的實體接口名稱;
linuxbridge_agent.ini最終配置
[root@node03 ~]# grep -i ^"[a-z\[]" /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = provider:ens33
[network_log]
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = true
local_ip = 192.168.0.43
l2_population = true
[root@node03 ~]#
確定
br_netfilter子產品是否加載,若未加載,加載子產品
[root@node03 ~]# lsmod |grep br_netfilter
[root@node03 ~]# modprobe br_netfilter
[root@node03 ~]# lsmod |grep br_netfilter
br_netfilter 22209 0
bridge 136173 1 br_netfilter
[root@node03 ~]#
編輯/etc/sysctl.conf配置核心參數
[root@node03 ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
[root@node03 ~]#
編輯/etc/nova/nova.conf配置檔案,在【neutron】配置段配置neutron服務相關配置
[neutron]
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron 重新開機nova-compute服務
[root@node03 ~]# systemctl restart openstack-nova-compute.service
[root@node03 ~]#
啟動neutron-linuxbridge-agent服務,并将其設定為開機啟動
[root@node03 ~]# systemctl start neutron-linuxbridge-agent.service
[root@node03 ~]# systemctl enable neutron-linuxbridge-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
[root@node03 ~]#
到此,計算節點的網絡服務就安裝配置完成;
驗證:在控制節點上導出admin環境變量,列出加載的擴充,以驗證成功啟動neutron伺服器程序
[root@node01 ~]# openstack extension list --network
+-----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Name | Alias | Description |
+-----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Default Subnetpools | default-subnetpools | Provides ability to mark and use a subnetpool as the default. |
| Availability Zone | availability_zone | The availability zone extension. |
| Network Availability Zone | network_availability_zone | Availability zone support for network. |
| Auto Allocated Topology Services | auto-allocated-topology | Auto Allocated Topology Services. |
| Neutron L3 Configurable external gateway mode | ext-gw-mode | Extension of the router abstraction for specifying whether SNAT should occur on the external gateway |
| Port Binding | binding | Expose port bindings of a virtual port to external application |
| agent | agent | The agent management extension. |
| Subnet Allocation | subnet_allocation | Enables allocation of subnets from a subnet pool |
| L3 Agent Scheduler | l3_agent_scheduler | Schedule routers among l3 agents |
| Neutron external network | external-net | Adds external network attribute to network resource. |
| Tag support for resources with standard attribute: subnet, trunk, router, network, policy, subnetpool, port, security_group, floatingip | standard-attr-tag | Enables to set tag on resources with standard attribute. |
| Neutron Service Flavors | flavors | Flavor specification for Neutron advanced services. |
| Network MTU | net-mtu | Provides MTU attribute for a network resource. |
| Network IP Availability | network-ip-availability | Provides IP availability data for each network and subnet. |
| Quota management support | quotas | Expose functions for quotas management per tenant |
| If-Match constraints based on revision_number | revision-if-match | Extension indicating that If-Match based on revision_number is supported. |
| Availability Zone Filter Extension | availability_zone_filter | Add filter parameters to AvailabilityZone resource |
| HA Router extension | l3-ha | Adds HA capability to routers. |
| Filter parameters validation | filter-validation | Provides validation on filter parameters. |
| Multi Provider Network | multi-provider | Expose mapping of virtual networks to multiple physical networks |
| Quota details management support | quota_details | Expose functions for quotas usage statistics per project |
| Address scope | address-scope | Address scopes extension. |
| Neutron Extra Route | extraroute | Extra routes configuration for L3 router |
| Network MTU (writable) | net-mtu-writable | Provides a writable MTU attribute for a network resource. |
| Empty String Filtering Extension | empty-string-filtering | Allow filtering by attributes with empty string value |
| Subnet service types | subnet-service-types | Provides ability to set the subnet service_types field |
| Neutron Port MAC address regenerate | port-mac-address-regenerate | Network port MAC address regenerate |
| Resource timestamps | standard-attr-timestamp | Adds created_at and updated_at fields to all Neutron resources that have Neutron standard attributes. |
| Provider Network | provider | Expose mapping of virtual networks to physical networks |
| Neutron Service Type Management | service-type | API for retrieving service providers for Neutron advanced services |
| Router Flavor Extension | l3-flavors | Flavor support for routers. |
| Port Security | port-security | Provides port security |
| Neutron Extra DHCP options | extra_dhcp_opt | Extra options configuration for DHCP. For example PXE boot options to DHCP clients can be specified (e.g. tftp-server, server-ip-address, bootfile-name) |
| Port filtering on security groups | port-security-groups-filtering | Provides security groups filtering when listing ports |
| Resource revision numbers | standard-attr-revisions | This extension will display the revision number of neutron resources. |
| Pagination support | pagination | Extension that indicates that pagination is enabled. |
| Sorting support | sorting | Extension that indicates that sorting is enabled. |
| security-group | security-group | The security groups extension. |
| DHCP Agent Scheduler | dhcp_agent_scheduler | Schedule networks among dhcp agents |
| Floating IP Port Details Extension | fip-port-details | Add port_details attribute to Floating IP resource |
| Router Availability Zone | router_availability_zone | Availability zone support for router. |
| RBAC Policies | rbac-policies | Allows creation and modification of policies that control tenant access to resources. |
| standard-attr-description | standard-attr-description | Extension to add descriptions to standard attributes |
| IP address substring filtering | ip-substring-filtering | Provides IP address substring filtering when listing ports |
| Neutron L3 Router | router | Router abstraction for basic L3 forwarding between L2 Neutron networks and access to external networks via a NAT gateway. |
| Allowed Address Pairs | allowed-address-pairs | Provides allowed address pairs |
| Port Bindings Extended | binding-extended | Expose port bindings of a virtual port to external application |
| project_id field enabled | project-id | Extension that indicates that project_id field is enabled. |
| Distributed Virtual Router | dvr | Enables configuration of Distributed Virtual Routers. |
+-----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@node01 ~]#
提示:如果能夠看上面顯示的内容,則表示neutron服務啟動了很多程序,服務沒有問題;
進一步驗證:列出網絡agent清單,看看各agent是否都是up狀态?
[root@node01 ~]# source admin.sh
[root@node01 ~]# openstack network agent list
+--------------------------------------+--------------------+-----------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+-----------------+-------------------+-------+-------+---------------------------+
| 749a9639-e85c-4cfd-a936-6c379ee85aac | L3 agent | node01.test.org | nova | :-) | UP | neutron-l3-agent |
| ab400ecf-0488-4710-87ff-9405e84ba444 | Linux bridge agent | node01.test.org | None | :-) | UP | neutron-linuxbridge-agent |
| b08152c8-c3ef-4230-ac50-c7ab445dade2 | DHCP agent | node01.test.org | nova | :-) | UP | neutron-dhcp-agent |
| bea011e8-4302-44c5-9b91-56fbc282e990 | Metadata agent | node01.test.org | None | :-) | UP | neutron-metadata-agent |
| ec25d21e-f197-4eb1-95aa-bd9ec0d1d43f | Linux bridge agent | node03.test.org | None | :-) | UP | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+-----------------+-------------------+-------+-------+---------------------------+
[root@node01 ~]#
提示:能夠看到node01上有4個agent,node03有一個agent都處于up狀态,說明我們配置neutron agent沒有問題,都正常運作着;
ok,到此neutron網絡服務在控制節點和計算節點的安裝配置驗證就完成了;
作者:Linux-1874
出處:https://www.cnblogs.com/qiuhom-1874/
本文版權歸作者和部落格園共有,歡迎轉載,但未經作者同意必須保留此段聲明,且在文章頁面明顯位置給出原文連接配接,否則保留追究法律責任的權利.