Neutron是OpenStack管理網絡的服務,需要在Controller和Compute節點都做相應的配置。
1. Controller節點
建立資料庫(注意替換NEUTRON_DBPASS)
sudo mysql -u root -p
MariaDB [(none)] CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
加載環境變量
. admin-openrc
建立使用者并加入角色
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
建立服務
openstack service create --name neutron --description "OpenStack Networking" network
建立api端點
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
OpenStack有兩種網絡模式,這裡選用provider模式,安裝程式
sudo apt-get install neutron-server neutron-plugin-ml2 \
neutron-linuxbridge-agent neutron-dhcp-agent \
neutron-metadata-agent
修改配置檔案
sudo vim /etc/neutron/neutron.conf
修改database(注意替換NEUTRON_DBPASS)
[database]
# ...
connection = mysql+pymysql://neutron:[email protected]/neutron
修改Default(注意替換RABBIT_PASS)
[DEFAULT]
# ...
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:[email protected]
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
修改keystone_authtoken(注意替換NEUTRON_PASS)
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
修改nova(注意替換NOVA_PASS)
[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
修改oslo_concurrency
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
修改配置檔案
sudo vim /etc/neutron/plugins/ml2/ml2_conf.ini
修改ml2
[ml2]
# ...
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
修改ml2_type_flat
[ml2_type_flat]
# ...
flat_networks = provider
修改securitygroup
[securitygroup]
# ...
enable_ipset = true
修改配置檔案
sudo vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
修改linux_bridge,這裡PROVIDER_INTERFACE_NAME是實際的實體網卡接口名稱eno1,不是我們建立的虛拟網卡
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
修改vxlan
[vxlan]
enable_vxlan = false
修改securitygroup
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
修改系統配置
sudo vim /etc/sysctl.conf
加入兩行
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
使之生效
sudo sysctl -p
修改配置檔案
sudo vim /etc/neutron/dhcp_agent.ini
修改Default
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
下面開始建立Provider網絡,首先加載環境變量
. admin-openrc
建立網絡
openstack network create --share --external \
--provider-physical-network provider \
--provider-network-type flat provider
建立子網
openstack subnet create --network provider \
--allocation-pool start=START_IP_ADDRESS,end=END_IP_ADDRESS \
--dns-nameserver DNS_RESOLVER --gateway PROVIDER_NETWORK_GATEWAY \
--subnet-range PROVIDER_NETWORK_CIDR provider
需要替換的變量
START_IP_ADDRESS:子網起始IP,如192.168.100.100
END_IP_ADDRESS:子網的結束IP,如192.168.100.250
DNS_RESOLVER:域名伺服器位址,如8.8.4.4
PROVIDER_NETWORK_GATEWAY:子網網關,如192.168.100.1
PROVIDER_NETWORK_CIDR:子網CIDR标記,如192.168.100.0/24
openstack subnet create --network provider \
--allocation-pool start=192.168.0.200,end=192.168.0.250 \
--dns-nameserver 114.114.114.114 --gateway 192.168.0.1 \
--subnet-range 192.168.0.0/24 provider
修改配置檔案
sudo vim /etc/neutron/metadata_agent.ini
修改Default,注意METADATA_SECRET應該是和之前Compute節點配置的一樣
[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
建立資料庫
sudo su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重新開機nova-api服務
sudo service nova-api restart
啟動網絡服務
sudo service neutron-server restart
sudo service neutron-linuxbridge-agent restart
sudo service neutron-dhcp-agent restart
sudo service neutron-metadata-agent restart
2. Compute節點
安裝程式
sudo apt-get install neutron-linuxbridge-agent
修改配置檔案
sudo vim /etc/neutron/neutron.conf
修改Default(注意替換RABBIT_PASS)
[DEFAULT]
# ...
transport_url = rabbit://openstack:[email protected]
auth_strategy = keystone
修改keystone_authtoken(注意替換NEUTRON_PASS)
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
修改oslo_concurrency
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
修改配置檔案
sudo vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
修改linux_bridge,這裡PROVIDER_INTERFACE_NAME是對外的實體網卡名稱,如eno1
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
修改vxlan
[vxlan]
enable_vxlan = false
修改securitygroup
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
修改系統配置
sudo vim /etc/sysctl.conf
加入兩行
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
使之生效
sudo sysctl -p
重新開機服務
sudo service nova-compute restart
sudo service neutron-linuxbridge-agent restart
3. 驗證服務
. admin-openrc
openstack network agent list
應該看到四個active的服務
![sudo apt-get update 出錯 Updating from such a repository can‘t be done securely, and is therefore[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)