7.2.3、部署自助服务网络Self-service networks

7.2.3.1、部署Neutron控制节点(controller)

7.2.3.1.1、创库授权

create database neutron;

grant all privileges on neutron.* to 'neutron'@'localhost' identified by 'neutron123';

grant all privileges on neutron.* to 'neutron'@'%' identified by 'neutron123';

flush privileges;

7.2.3.1.2、创建neutron用户

openstack user create --domain default --password-prompt neutron

或者

openstack user create --domain default --password neutron123 neutron

7.2.3.1.3、添加管理员角色给neutron

openstack role add --project service --user neutron admin

7.2.3.1.4、创建neutron服务

openstack service create --name neutron --description "OpenStack Networking" network

7.2.3.1.5、给neutron服务关联endpoint(端点)

openstack endpoint create --region RegionOne network public http://controller1:9696

openstack endpoint create --region RegionOne network internal http://controller1:9696

openstack endpoint create --region RegionOne network admin http://controller1:9696

7.2.3.1.6、安装组件

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

7.2.3.1.7、修改配置文件

7.2.3.1.7.1、配置/etc/neutron/neutron.conf文件

cp -a /etc/neutron/neutron.conf{,.bak}

官网指导方案:

vim /etc/neutron/neutron.conf

[database]

connection = mysql+pymysql://neutron:neutron123@controller1/neutron


[DEFAULT]

core_plugin = ml2

service_plugins = router

allow_overlapping_ips = true

transport_url = rabbit://openstack:openstack123@controller1

auth_strategy = keystone

notify_nova_on_port_status_changes = true

notify_nova_on_port_data_changes = true


[keystone_authtoken]

www_authenticate_uri = http://controller1:5000

auth_url = http://controller1:5000

memcached_servers = controller1:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = neutron123


[nova] #neutron.conf文件中缺少此部分需要新增

auth_url = http://controller1:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = nova

password = nova123


[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

7.2.3.1.7.2、配置文件 /etc/neutron/plugins/ml2/ml2_conf.ini

cp -a /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}

官网指导方案:

vim /etc/neutron/plugins/ml2/ml2_conf.ini

# ml2_conf.ini文件中缺少此部分,以下内容全部需要新增

[ml2]

type_drivers = flat,vlan,vxlan

tenant_network_types = vxlan

mechanism_drivers = linuxbridge,l2population

extension_drivers = port_security


[ml2_type_flat]

flat_networks = provider ##这个名字可以自定义,这一步很重要下一面linuxbridge_agent.ini文件中[linux_bridge]模块也会用到这个名字,要保持一致。


[ml2_type_vxlan]

vni_ranges = 1:1000


[securitygroup]

enable_ipset = true

7.2.3.1.7.3、配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini

cp -a /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}

官网指导方案:

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

# linuxbridge_agent.ini文件中缺少此部分,一下内容全部需要新增

[linux_bridge]

physical_interface_mappings = provider:eth0


[vxlan]

enable_vxlan = true

local_ip = 192.168.56.11

l2_population = true


[securitygroup]

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

修改内核参数

vim /etc/sysctl.conf

在末尾追加

net.bridge.bridge-nf-call-iptables = 1

net.bridge.bridge-nf-call-ip6tables = 1

加载模块

modprobe br_netfilter

检查

sysctl -p


7.2.3.1.7.4、配置/etc/neutron/l3_agent.ini

cp -a /etc/neutron/l3_agent.ini{,.bak}

官网指导方案:

vim /etc/neutron/l3_agent.ini

[DEFAULT]

interface_driver = linuxbridge

7.2.3.1.7.5、配置/etc/neutron/dhcp_agent.ini

cp -a /etc/neutron/dhcp_agent.ini{,.bak}

官网指导方案:

vim /etc/neutron/dhcp_agent.ini

[DEFAULT]

interface_driver = linuxbridge

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = true

7.2.3.1.7.6、配置元数据/etc/neutron/metadata_agent.ini

cp -a /etc/neutron/metadata_agent.ini{,.bak}

官网指导方案:

vim /etc/neutron/metadata_agent.ini

[DEFAULT]

nova_metadata_host = controller1

metadata_proxy_shared_secret = metadata123 #此密码要谨慎记录,与下一步nova.conf文件中[neutron]模块的metadata_proxy_shared_secret参数值保持一致。

7.2.3.1.7.7、配置控制节点nova.conf

cp -a /etc/nova/nova.conf{,.bak1}

vim /etc/nova/nova.conf

[neutron]

auth_url = http://controller1:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = neutron123

service_metadata_proxy = true

metadata_proxy_shared_secret = metadata123

7.2.3.1.8、配置软链接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

7.2.3.1.9、同步数据库

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

7.2.3.1.10、重启nova-api服务

systemctl restart openstack-nova-api.service

7.2.3.1.11、启动neutron服务

systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

7.2.3.1.12、启动3层服务

systemctl enable neutron-l3-agent.service

systemctl start neutron-l3-agent.service

7.2.3.2、部署Neutron计算节点(compute节点)

7.2.3.2.1、安装组件

yum install openstack-neutron-linuxbridge ebtables ipset -y

7.2.3.2.2、修改配置文件

7.2.3.2.2.1、配置/etc/neutron/neutron.conf文件

cp -a /etc/neutron/neutron.conf{,.bak}

vim /etc/neutron/neutron.conf

[DEFAULT]

transport_url = rabbit://openstack:openstack123@controller1

auth_strategy = keystone


[keystone_authtoken]

www_authenticate_uri = http://controller1:5000

auth_url = http://controller1:5000

memcached_servers = controller1:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = neutron123


[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

7.2.3.2.2.2、配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini

选择Self-service networks

cp -a /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}

官网指导方案:

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

# linuxbridge_agent.ini文件中缺少此部分,一下内容全部需要新增

[linux_bridge]

physical_interface_mappings = provider:eth0


[vxlan]

enable_vxlan = true

local_ip = 192.168.56.21

l2_population = true


[securitygroup]

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

修改内核参数

vim /etc/sysctl.conf

在末尾追加

net.bridge.bridge-nf-call-iptables = 1

net.bridge.bridge-nf-call-ip6tables = 1

加载模块

modprobe br_netfilter

检查

sysctl -p

7.2.3.2.2.3、配置计算节点nova.conf

cp -a /etc/nova/nova.conf{,.bak1}

vim /etc/nova/nova.conf

[neutron]

auth_url = http://controller1:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = neutron123

7.2.3.2.3、重启nova-compute服务

systemctl restart openstack-nova-compute.service

7.2.3.2.4、启动neutron服务

systemctl enable neutron-linuxbridge-agent.service

systemctl start neutron-linuxbridge-agent.service

7.2.3.3、验证

7.2.3.3.1、检查服务(controller)

. admin-openrc

openstack extension list --network

openstack network agent list

7.2.3.3.2、创建一个VM实例(controller)

7.2.3.3.2.1、创建网络

. demo-openrc

openstack network create selfservice

openstack network list


7.2.3.3.2.2、创建子网

openstack subnet create --network selfservice --dns-nameserver 114.114.114.114 --gateway 192.168.56.2 --subnet-range 192.168.56.0/24 selfservice

7.2.3.3.2.3、生成密钥对

生成密钥对并添加公钥

ssh-keygen -q -N "" #一直回车

openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey

验证

openstack keypair list


7.2.3.3.2.4、创建安全组并添加规则

查看project ID,创建安全组使用

openstack project list

+----------------------------------+-----------+

| ID | Name |

+----------------------------------+-----------+

| 13dd42b5879e4f6696bc0e71f897b06a | myproject |

| 3705de05550d4ec7a6b6b31d0db2b60e | service |

| 90eeaefc2d1b4594a03fb5a2637f14c6 | admin |

+----------------------------------+-----------+

创建安全组,使用myproject ID

openstack security group create test --description test --project 13dd42b5879e4f6696bc0e71f897b06a

查看安全组是否创建成功

openstack security group list

给安全组添加策略

openstack security group rule create --proto icmp test

openstack security group rule create --proto tcp --dst-port 22 test


7.2.3.3.2.5、上传镜像

将镜像上传到镜像服务器上,然后创建镜像:

. admin-openrc

glance image-create --name "cirros" \

--file cirros-0.4.0-x86_64-disk.img \

--disk-format qcow2 --container-format bare \

--visibility public


openstack image list


7.2.3.3.2.6、创建flavor(规格)

. admin-openrc

openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano

openstack flavor list

7.2.3.3.2.7、创建一个实例

. demo-openrc

openstack server create --flavor m1.nano --image cirros --nic net-id=33447e14-a173-4ddb-8d38-24e809cfdb5a --security-group test --key-name mykey vm1

--flavor可用openstack flavor list查看名称

--image 可用openstack image list查看名称

net-id可用openstack network list网络的ID

--security-group可用openstack security group list查看名称

--key-name可用openstack keypair list查看名称

查看虚拟机状态

openstack server show 6b6aa94e-56af-4b1e-8d52-1971ad309b83

或者用

nova show 6b6aa94e-56af-4b1e-8d52-1971ad309b83


openstack server list

7.2.3.3.2.8、获取虚拟机vnc

openstack console url show 0584f1ef-f600-4577-9986-dfb6dd9a2dbb

OpenStack(Train版)-部署neutron(二)_官网

#要把链接中的controller1改为controller的IP,或者在本地的hosts中添加crontroller1的域名解析。

OpenStack(Train版)-部署neutron(二)_官网_02

登录账号密码在vnc显示中:

OpenStack(Train版)-部署neutron(二)_vim_03