Ubuntu16手动安装OpenStack——neutron篇

文章目录
  1. 1. 目标
  2. 2. neutron简介
  3. 3. 主机网络
  4. 4. 控制节点
    1. 4.1. root用户
    2. 4.2. 数据库
    3. 4.3. 证书和端点
    4. 4.4. 安装配置
    5. 4.5. 完成安装
  5. 5. 计算节点
    1. 5.1. root用户
    2. 5.2. 安装配置
  6. 6. 验证操作

目标

紧接着《Ubuntu16手动安装OpenStack——nova篇》,本文我们来安装neutron,主要参考Networking serviceInstall and configure for UbuntuOpenStack Queens : Configure Neutron

neutron简介

OpenStack Networking(neutron)允许用户创建和连接接口设备,这些设备由其他OpenStack服务管理并连入网络。可以实现插件以适应不同的网络设备和软件,为OpenStack架构和部署提供灵活性。

它包括以下组件:
neutron-server
接受API请求,并将请求通过路由找到适当的OpenStack Networking插件以进行操作。

OpenStack Networking plug-ins and agents
插拔端口,创建网络或子网,并提供IP寻址。这些插件和代理程序因特定云中使用的供应商和技术而异。OpenStack Networking附带了很多插件和代理,可以用于思科虚拟和物理交换机,NEC OpenFlow产品,Open vSwitch,Linux桥接和VMware NSX产品。

公共代理是L3(第3层),DHCP(动态主机IP寻址)和插件代理。

Messaging queue
大多数OpenStack Networking安装使用messaging queue,在neutron-server和各种代理之间传递信息。还用于存储特定插件的网络状态,算是一个数据库。

OpenStack Networking主要与OpenStack Compute交互,为其实例提供网络和连接。

更多信息请参考Networking (neutron) concepts

主机网络

在每个节点上安装操作系统后,必须配置网络接口。官方建议禁用任何自动网络管理工具,并手动编辑配置文件。有关如何配置网络的详细信息,请参阅文档

出于管理目的,所有节点都需要Internet访问,例如程序包安装,安全更新,域名系统(DNS)和网络时间协议(NTP)。在大多数情况下,节点应通过管理网络接口获得Internet访问。为了突出网络分离的重要性,示例体系结构使用专用地址空间用于管理网络,并假设物理网络基础结构通过网络地址转换(NAT)或其他方法提供Internet访问。

在provider网络架构中,所有实例都直接连接到provider网络。在私网体系结构中,实例可以连接到一个私网或多个私网。私网可以完全属于OpenStack,不接入外网;也可以通过provider网络接入外部网络。

控制节点

root用户

为了避免权限问题,建议切换到root用户进行操作(否则要加很多sudo)。
sudo -i

数据库

1、登录数据库
mysql -uroot -p,密码为openstack。

2、创建neutron数据库
CREATE DATABASE neutron;

3、授权

1
2
3
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'openstack';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'openstack';

4、退出数据库
exit;

证书和端点

1、使admin环境生效
. admin-openrc

2、创建neutron用户
openstack user create --domain default --password-prompt neutron

根据提示设置密码为openstack。

3、添加admin角色给neutron用户
openstack role add --project service --user neutron admin

4、创建neutron服务实体
openstack service create --name neutron --description "OpenStack Networking" network

5、创建网络服务端点

1
2
3
4
5
openstack endpoint create --region RegionOne network public http://controller:9696

openstack endpoint create --region RegionOne network internal http://controller:9696

openstack endpoint create --region RegionOne network admin http://controller:9696

安装配置

1、安装相关组件

1
apt-get -y install neutron-server neutron-plugin-ml2 neutron-plugin-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent python-neutronclient

2、备份neutron.conf
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak

3、vim /etc/neutron/neutron.conf,新建neutron.conf内容为:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
dhcp_agent_notification = True
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
# RabbitMQ connection info
transport_url = rabbit://openstack:openstack@controller

[agent]
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

# Keystone auth info
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = openstack

# MariaDB connection info
[database]
connection = mysql+pymysql://neutron:openstack@controller/neutron

# Nova connection info
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = openstack

[oslo_concurrency]
lock_path = $state_path/tmp

4、更改权限
chmod 640 /etc/neutron/neutron.conf

chgrp neutron /etc/neutron/neutron.conf

5、vi /etc/neutron/l3_agent.ini,如下修改:

1
2
# line 17: add
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

6、vi /etc/neutron/dhcp_agent.ini,如下修改:

1
2
3
4
5
6
# line 17: add
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
# line 28: uncomment
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
# line 37: uncomment and change
enable_isolated_metadata = true

7、vi /etc/neutron/metadata_agent.ini,如下修改:

1
2
3
4
5
6
# line 22: uncomment and specify Nova API server
nova_metadata_host = controller
# line 34: uncomment and specify any secret key you like
metadata_proxy_shared_secret = openstack
# line 260: uncomment and specify Memcache Server
memcache_servers = controller:11211

8、vi /etc/neutron/plugins/ml2/ml2_conf.ini,如下修改:

1
2
3
4
5
6
7
8
9
10
11
# line 129: add ( it's OK with no value for "tenant_network_types" (set later if need) )
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types =
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
# line 262: uncomment and add
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
# end line: uncomment
enable_ipset = True

9、vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini,如下修改:

1
2
# line 235: add own IP address
local_ip = 192.168.56.110

10、vi /etc/nova/nova.conf,如下修改:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# add follows into [DEFAULT] section
use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
vif_plugging_is_fatal = True
vif_plugging_timeout = 300

# add follows to the end : Neutron auth info
# the value of metadata_proxy_shared_secret is the same with the one in metadata_agent.ini
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = openstack
service_metadata_proxy = True
metadata_proxy_shared_secret = openstack

完成安装

1、创建链接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

2、生成数据库表结构
su -s /bin/bash neutron -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head"

3、重启网络服务并设置开机启动

1
2
3
4
for service in server l3-agent dhcp-agent metadata-agent linuxbridge-agent; do
systemctl restart neutron-$service
systemctl enable neutron-$service
done

4、重启nova
systemctl restart nova-api nova-compute

5、查看网络agent
openstack network agent list

如上图,看到4个agent,都在controller节点上。

计算节点

主要参考OpenStack Queens : Configure Neutron

root用户

为了避免权限问题,建议切换到root用户进行操作(否则要加很多sudo)。
sudo -i

安装配置

1、安装组件
apt-get -y install neutron-common neutron-plugin-ml2 neutron-plugin-linuxbridge-agent

2、备份neutron.conf
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak

3、vim /etc/neutron/neutron.conf,新建neutron.conf如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = True
# RabbitMQ connection info
transport_url = rabbit://openstack:openstack@controller

[agent]
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

# Keystone auth info
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = openstack

[oslo_concurrency]
lock_path = $state_path/lock

4、修改权限
chmod 640 /etc/neutron/neutron.conf

chgrp neutron /etc/neutron/neutron.conf

5、vi /etc/neutron/plugins/ml2/ml2_conf.ini,如下修改:

1
2
3
4
5
6
7
8
9
10
11
# line 129: add ( it's OK with no value for "tenant_network_types" (set later if need) )
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types =
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
# line 262: uncomment and add
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
# end line: uncomment
enable_ipset = True

6、vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini,如下修改:

1
2
# line 235: add own Ip address
local_ip = 192.168.56.111

7、vi /etc/nova/nova.conf,如下修改:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# add follows into [DEFAULT] section
use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
vif_plugging_is_fatal = True
vif_plugging_timeout = 300
# add follows to the end: Neutron auth info
# the value of metadata_proxy_shared_secret is the same with the one in metadata_agent.ini
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = openstack
service_metadata_proxy = True
metadata_proxy_shared_secret = openstack

8、创建链接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

9、重启网络服务
systemctl restart nova-compute neutron-linuxbridge-agent

10、设置开启自启动
systemctl enable neutron-linuxbridge-agent

验证操作

在控制节点执行以下命令。

1、使admin环境生效
. admin-openrc

2、查看agents
openstack network agent list

如上图,此时就能看到5个agent,其中4个在controller节点,1个在compute节点。