OpenStack项目六--网络服务安装(neutron)
Neutron是OpenStack项目中的核心组件之一,专注于网络服务的提供,通过提供丰富的网络功能来支持虚拟机实例的联网和通信,允许用户创建和配置虚拟网络、子网、路由器等网络资源,同时也提供了安全组功能,用于控制虚拟机实例之间的网络连接。
·
这是本人的一些学习笔记,如果有错误的地方或者更好的解决方法,欢迎提出!!
Neutron是OpenStack项目中的核心组件之一,专注于网络服务的提供,通过提供丰富的网络功能来支持虚拟机实例的联网和通信,允许用户创建和配置虚拟网络、子网、路由器等网络资源,同时也提供了安全组功能,用于控制虚拟机实例之间的网络连接。
1.安装neutron服务
[root@openstack01 ~]# yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge
查看查看用户和用户组检验neutron是否正确安装
[root@openstack01 ~]# cat /etc/passwd | grep neutron
neutron:x:990:987:OpenStack Neutron Daemons:/var/lib/neutron:/sbin/nologin
[root@openstack01 ~]# cat /etc/group | grep neutron
neutron:x:987:2.将网卡设置成混杂模式
[root@openstack01 ~]# ip link set ens33 promisc on
设置之前需先检查NAT网卡是否为ens33!
查看网卡信息,检查是否有“PROMISC”的字样
[root@openstack01 ~]# ip a
设置开机自动生效
[root@openstack01 ~]# vim /etc/profile
在文件的末行写入命令,保持退出
ip link set ens33 promisc on加载防火墙模块
编辑文件,在末行写入配置信息
root@openstack01 ~]# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
3.修改neutron配置文件
备份文件
[root@openstack01 ~]# cp /etc/neutron/neutron.conf /etc/neutron/neutron.bak
去除空行注释
[root@openstack01 ~]# grep -Ev '^$|#' /etc/neutron/neutron.bak > /etc/neutron/neutron.conf编辑文件
[root@openstack01 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:000000@openstack01:5672
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
connection = mysql+pymysql://neutron:000000@openstack01/neutron[keystone_authtoken]
auth_url = http://openstack01:5000
memcached_servers = openstack01:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = project
username = neutron
password = 000000
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp下面为新增内容
[nova]
auth_url = http://openstack01:5000
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = project
username = nova
password = 000000
region_name = RegionOne
server_proxyclient_address = 192.168.238.100
4.修改二层模块插件配置文件
备份文件
[root@openstack01 ~]# cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.bak
去除空行和注释生成新文件
[root@openstack01 ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.bak > /etc/neutron/plugins/ml2/ml2_conf.ini编辑文件
[root@openstack01 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini [DEFAULT]
[ml2]
type_drivers = flat
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = true
映射启用文件
[root@openstack01 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini5,修改网桥代理的配置文件
备份文件
[root@openstack01 ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.bak去除空行和注释生成新文件
[root@openstack01 ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini编辑文件
[root@openstack01 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini[DEFAULT]
[linux_bridge]
physical_interface_mappings = provider:ens33
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
6.修改DHCP代理配置文件
备份文件
[root@openstack01 ~]# cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.bak去除配置文件中的注释和空行
[root@openstack01 ~]# grep -Ev '^$|#' /etc/neutron/dhcp_agent.bak > /etc/neutron/dhcp_agent.ini编辑文件
[root@openstack01 ~]# vim /etc/neutron/dhcp_agent.ini[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true7.修改元数据代理配置文件
[root@openstack01 ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = openstack01
metadata_proxy_shared_secret = METADATA_SECRET
8.修改Nova配置文件
[root@openstack01 ~]# vim /etc/nova/nova.conf
[neutron]
auth_url = http://openstack01:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = project
username = neutron
password = 000000
service_metadata_proxy = true
metadata_proxy_shared_secrect = METADATA_SECRET
9.创建数据库并授权
MariaDB [(none)]> create database neutron;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> grant all privileges on neutron.* TO 'neutron'@'localhost' identified by '000000';
Query OK, 0 rows affected (0.013 sec)
MariaDB [(none)]> grant all privileges on neutron.* TO 'neutron'@'%' identified by '000000';
Query OK, 0 rows affected (0.013 sec)
10. 同步数据库
[root@openstack01 ~]# su neutron -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head"
验证是否同步成功
MariaDB [(none)]> use neutron;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [neutron]> show tables;
+-----------------------------------------+
| Tables_in_neutron |
+-----------------------------------------+
| address_scopes |
| agents |
| alembic_version |
| allowedaddresspairs |
| arista_provisioned_nets |
| arista_provisioned_tenants |
| arista_provisioned_vms |
| auto_allocated_topologies |
| bgp_peers |
| bgp_speaker_dragent_bindings |
| bgp_speaker_network_bindings |
| bgp_speaker_peer_bindings |
| bgp_speakers |
| brocadenetworks |
| brocadeports |
| cisco_csr_identifier_map |
| cisco_hosting_devices |
| cisco_ml2_apic_contracts |
11.neutron组件初始化
在OpenStack云计算平台中创建用户 “neutron”
[root@openstack01 ~]# . admin-login
[root@openstack01 ~]# openstack user create neutron --domain default --password 000000
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | d287kecf60b3267c9d47354ec2398365 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
为用户 neutron 分配管理员角色
[root@openstack01 ~]# openstack role add admin --project project --user neutron
创建网络服务
[root@openstack01 ~]# openstack service create --name neutron network
+---------+----------------------------------+
| Field | Value |
+---------+----------------------------------+
| enabled | True |
| id | n8405504e98247369bbe446f7hb718y1 |
| name | neutron |
| type | network |
+---------+----------------------------------+
创建neutron对外服务端点
[root@openstack01 ~]# openstack endpoint create --region RegionOne neutron public http://openstack01:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4f5fcb43bf3f4473a49380ca510a4428 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | n8405504e98247369bbe446f7hb718y1 |
| service_name | neutron |
| service_type | network |
| url | http://openstack01:9696 |
+--------------+----------------------------------+
创建neutron对内服务端点
[root@openstack01 ~]# openstack endpoint create --region RegionOne neutron internal http://openstack01:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0560ded88cec467cbbe116c51f103a9f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | n8405504e98247369bbe446f7hb718y1 |
| service_name | neutron |
| service_type | network |
| url | http://openstack01:9696 |
+--------------+----------------------------------+
创建neutron对管理员访问端点
[root@openstack01 ~]# openstack endpoint create --region RegionOne neutron admin http://openstack01:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0155c371b58c4d1c9fcaf63940bbc613 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | n8405504e98247369bbe446f7hb718y1 |
| service_name | neutron |
| service_type | network |
| url | http://openstack01:9696 |
+--------------+----------------------------------+
12.启动neutron网络服务
重启nova-api服务
[root@openstack01 ~]# systemctl restart openstack-nova-api
[root@openstack01 ~]# systemctl start neutron-server neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent
[root@openstack01 ~]# systemctl enable neutron-server neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent
13.检测控制节点上的Neutron服务
检查9696端口
[root@openstack01 ~]# ss -lntpu | grep 9696
tcp LISTEN 0 128 *:9696 *:* users:(("neutron-server:",pid=51393,fd=3),("neutron-server:",pid=51385,fd=3),("neutron-server:",pid=51384,fd=3),("/usr/bin/python",pid=51383,fd=3),("/usr/bin/python",pid=51380,fd=3),("/usr/bin/python",pid=51379,fd=3),("/usr/bin/python",pid=51313,fd=3))
检查服务运行情况
[root@openstack01 ~]# systemctl status neutron-server
● neutron-server.service - OpenStack Neutron Server
Loaded: loaded (/usr/lib/systemd/system/neutron-server.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2024-08-01 05:22:01 EDT; 5h 52min ago
Main PID: 51313 (/usr/bin/python)
CGroup: /system.slice/neutron-server.service
├─51313 /usr/bin/python2 /usr/bin/neutron-server --config-file
14.将计算节点openstack02的网卡设置成混杂模式
[root@openstack02 ~]# ip link set ens33 promisc on
通过ip addr命令检查
设置开机自动生效
[root@openstack02 ~]# vim /etc/profile
在文件的末行写入命令,保持退出
ip link set ens33 promisc on加载防火墙模块
编辑文件,在末行写入配置信息
root@openstack02 ~]# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
15.在计算结点openstack02安装neutron
[root@openstack02 ~]# yum install openstack-neutron-linuxbridge -y
查看用户组和用户
[root@openstack02 ~]# cat /etc/passwd | grep neutron
neutron:x:993:990:OpenStack Neutron Daemons:/var/lib/neutron:/sbin/nologin
[root@openstack02 ~]# cat /etc/group | grep neutron
neutron:x:990:
16.修改计算节点openstack02的neutron组件配置
备份配置文件
[root@openstack02 ~]# cp /etc/neutron/neutron.conf /etc/neutron/neutron.bak
去除注释和空行生成新文件
[root@openstack02 ~]# grep -Ev '^$|#' /etc/neutron/neutron.bak > /etc/neutron/neutron.conf
编辑文件
[root@openstack02 ~]# vi /etc/neutron/neutron.conf
[root@openstack02 ~]# cat /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:000000@openstack01:5672
auth_strategy = keystone
[cors]
[database]
[keystone_authtoken]
auth_url = http://openstack01:5000
memcached_servers = openstack01:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = project
username = neutron
password = 000000
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[privsep]
[ssl]
17.修改计算节点openstack02网桥代理配置文件
备份文件
[root@openstack02 ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.bak
去除注释和空行生成新文件
[root@openstack02 ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
编辑文件
root@openstack02 ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@openstack02 ~]# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[linux_bridge]
physical_interface_mappings = provider:ens33
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
修改Nova配置文件
[root@openstack02 ~]# vi /etc/nova/nova.conf
[DEFAULT]
vif_plugging_is_fatal = false
vif_plugging_timout = 0
[neutron]
auth_url = http://openstack01:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = project
username = neutron
password = 000000
18.启动计算节点openstack02的neutron服务
重启计算节点openstack02的nova服务
[root@openstack02 ~]# systemctl restart openstack-nova-compute
启动neutron并设置开机自启
[root@openstack02 ~]# systemctl start neutron-linuxbridge-agent
[root@openstack02 ~]# systemctl enable neutron-linuxbridge-agent
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service19.在控制节点openstack01检测neutron服务
[root@openstack01 ~]# openstack network agent list
+--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+
| 0a7f4746-f042-40ea-b066-c54d3ca5e760 | DHCP agent | openstack01 | nova | :-) | UP | neutron-dhcp-agent |
| 6d7301f9-f415-4e0d-8ef7-d7d139ad5067 | Metadata agent | openstack01 | None | :-) | UP | neutron-metadata-agent |
| 7c474986-0b0e-4360-b91c-5a709c6f335d | Linux bridge agent | openstack01 | None | :-) | UP | neutron-linuxbridge-agent |
| dcba425c-d3f4-41cf-ae51-c3392b91fe0c | Linux bridge agent | openstack02 | None | :-) | UP | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+
至此,openstack的neutron服务配置完成
华为开发者空间,是为全球开发者打造的专属开发空间,汇聚了华为优质开发资源及工具,致力于让每一位开发者拥有一台云主机,基于华为根生态开发、创新。
更多推荐
23
0- 0
已为社区贡献1条内容
所有评论(0)