Openstack 云计算（二）： Openstack Rocky部署四 neutron 部署与验证 (控制节点)

标签（空格分隔）： openstack系列

---

• 一：Neutron概述
• 二：Neutron部署

---

一：Neutron概述

OpenStack Networking（neutron），允许创建、插入接口设备，这些设备由其他的OpenStack服务管理。插件式的实现可以容纳不同的网络设备和软件，为OpenStack架构与部署提供了灵活性。它包含下列组件：neutron-server接收和路由API请求到合适的OpenStack网络插件，以达到预想的目的。OpenStack网络插件和代理插拔端口，创建网络和子网，以及提供IP地址，这些插件和代理依赖于供应商和技术而不同，OpenStack网络基于插件和代理为Cisco 虚拟和物理交换机、NEC OpenFlow产品，Open vSwitch,Linux bridging以及VMware NSX 产品穿线搭桥。常见的代理L3(3层)，DHCP(动态主机IP地址)，以及插件代理。消息队列大多数的OpenStack Networking安装都会用到，用于在neutron-server和各种各样的代理进程间路由信息。也为某些特定的插件扮演数据库的角色，以存储网络状态OpenStack网络主要和OpenStack计算交互，以提供网络连接到它的实例。

二：Neutron部署

2.1 neutron 数据库配置

mysql -uroot -pflyfish225CREATE DATABASE neutron;GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';flush privileges;

2.2 在keystone上创建neutron用户

cd /openstacksource keystone-admin-pass.shopenstack user create --domain default --password=neutron neutronopenstack user list

2.3 将neutron添加到service项目并授予admin角色

openstack role add --project service --user neutron admin创建neutron服务实体openstack service create --name neutron --description "OpenStack Networking" networkopenstack service list

2.4 创建neutron网络服务的API端点（endpoint）

openstack endpoint create --region RegionOne network public http://controller:9696openstack endpoint create --region RegionOne network internal http://controller:9696openstack endpoint create --region RegionOne network admin http://controller:9696openstack endpoint list

2.5 在控制节点安装neutron网络组件

# 关于neutron的网络提供了两种方式：https://docs.openstack.org/neutron/rocky/install/controller-install-option1-rdo.html以下为第一种Networking Option 1: Provider networks

安装neutron软件包yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

配置/etc/neutron/neutron.confopenstack-config --set  /etc/neutron/neutron.conf database connection  mysql+pymysql://neutron:neutron@controller/neutron openstack-config --set  /etc/neutron/neutron.conf DEFAULT core_plugin  ml2  openstack-config --set  /etc/neutron/neutron.conf DEFAULT service_plugins openstack-config --set  /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:openstack@controlleropenstack-config --set  /etc/neutron/neutron.conf DEFAULT auth_strategy  keystone  openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri  http://controller:5000openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_url  http://controller:5000openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken memcached_servers  controller:11211openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_type  password  openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken project_domain_name default  openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken user_domain_name  default  openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken project_name  service  openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken username  neutron  openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken password  neutron  openstack-config --set  /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes  True  openstack-config --set  /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes  True  openstack-config --set  /etc/neutron/neutron.conf nova auth_url  http://controller:5000openstack-config --set  /etc/neutron/neutron.conf nova auth_type  password openstack-config --set  /etc/neutron/neutron.conf nova project_domain_name  default  openstack-config --set  /etc/neutron/neutron.conf nova user_domain_name  default  openstack-config --set  /etc/neutron/neutron.conf nova region_name  RegionOne  openstack-config --set  /etc/neutron/neutron.conf nova project_name  service  openstack-config --set  /etc/neutron/neutron.conf nova username  nova  openstack-config --set  /etc/neutron/neutron.conf nova password  nova  openstack-config --set  /etc/neutron/neutron.conf oslo_concurrency lock_path  /var/lib/neutron/tmp

egrep -v '(^$|^#)' /etc/neutron/neutron.conf ----[DEFAULT]core_plugin = ml2service_plugins = transport_url = rabbit://openstack:openstack@controllerauth_strategy = keystonenotify_nova_on_port_status_changes = Truenotify_nova_on_port_data_changes = True[agent][cors][database]connection = mysql+pymysql://neutron:neutron@controller/neutron[keystone_authtoken]www_authenticate_uri = http://controller:5000auth_url = http://controller:5000memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = neutronpassword = neutron[matchmaker_redis][nova]auth_url = http://controller:5000auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultregion_name = RegionOneproject_name = serviceusername = novapassword = nova[oslo_concurrency]lock_path = /var/lib/neutron/tmp[oslo_messaging_amqp][oslo_messaging_kafka][oslo_messaging_notifications][oslo_messaging_rabbit][oslo_messaging_zmq][oslo_middleware][oslo_policy][quotas][ssl]----

---

快速配置/etc/neutron/plugins/ml2/ml2_conf.ini---openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers  flat,vlanopenstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers  linuxbridgeopenstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers  port_securityopenstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks  provider openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset  True ---

egrep -v '(^$|^#)' /etc/neutron/plugins/ml2/ml2_conf.ini[DEFAULT][l2pop][ml2]type_drivers = flat,vlantenant_network_types = mechanism_drivers = linuxbridgeextension_drivers = port_security[ml2_type_flat]flat_networks = provider[ml2_type_geneve][ml2_type_gre][ml2_type_vlan][ml2_type_vxlan][securitygroup]enable_ipset = True

---

快速配置/etc/neutron/plugins/ml2/linuxbridge_agent.iniopenstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings  provider:eno16777736openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan  enable_vxlan  Falseopenstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup  enable_security_group  True openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup  firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

查看生效的配置egrep -v '(^$|^#)' /etc/neutron/plugins/ml2/linuxbridge_agent.ini---[DEFAULT][agent][linux_bridge]physical_interface_mappings = provider:eno16777736[network_log][securitygroup]enable_security_group = Truefirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver[vxlan]enable_vxlan = False---

---

以下参数在启动neutron-linuxbridge-agent.service的时候会自动设置为1vim /etc/sysctl.conf---net.ipv4.ip_forward = 1net.ipv4.conf.default.rp_filter=0net.ipv4.conf.all.rp_filter=0net.bridge.bridge-nf-call-iptables=1net.bridge.bridge-nf-call-ip6tables=1---modprobe br_netfilterlsmod |grep br_netfiltersysctl net.bridge.bridge-nf-call-iptablessysctl net.bridge.bridge-nf-call-ip6tables

快速配置/etc/neutron/dhcp_agent.iniopenstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  interface_driver  linuxbridgeopenstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  dhcp_driver  neutron.agent.linux.dhcp.Dnsmasqopenstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  enable_isolated_metadata  True

egrep -v '(^$|^#)' /etc/neutron/dhcp_agent.ini

快速配置/etc/neutron/metadata_agent.iniopenstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host controlleropenstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret neutron

egrep -v '(^$|^#)' /etc/neutron/metadata_agent.ini---[DEFAULT]nova_metadata_host = controllermetadata_proxy_shared_secret = neutron[agent][cache]---metadata_proxy_shared_secret选项是元数据代理，需要设置一个合适的密码这里设置为neutron

---

配置计算服务使用网络服务快速配置/etc/nova/nova.conf，将neutron添加到计算节点中openstack-config --set  /etc/nova/nova.conf  neutron url http://controller:9696openstack-config --set  /etc/nova/nova.conf  neutron auth_url http://controller:5000openstack-config --set  /etc/nova/nova.conf  neutron auth_type passwordopenstack-config --set  /etc/nova/nova.conf  neutron project_domain_name defaultopenstack-config --set  /etc/nova/nova.conf  neutron user_domain_name defaultopenstack-config --set  /etc/nova/nova.conf  neutron region_name RegionOneopenstack-config --set  /etc/nova/nova.conf  neutron project_name serviceopenstack-config --set  /etc/nova/nova.conf  neutron username neutronopenstack-config --set  /etc/nova/nova.conf  neutron password neutronopenstack-config --set  /etc/nova/nova.conf  neutron service_metadata_proxy trueopenstack-config --set  /etc/nova/nova.conf  neutron metadata_proxy_shared_secret neutron

egrep -v '(^$|^#)' /etc/nova/nova.conf

初始化安装网络插件# 创建网络插件的链接，初始化网络的脚本插件会用到/etc/neutron/plugin.ini，需要使用ML2的插件进行提供ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

同步数据库su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

重启nova_api服务systemctl restart openstack-nova-api.service

2.6 启动neutron服务并设置开机启动

# 需要启动4个服务systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.servicesystemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.servicesystemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.servicesystemctl list-unit-files |grep neutron* |grep enabled

---

至此，控制端的neutron网络服务就安装完成，之后需要在计算节点安装网络服务组件，使计算节点可以连接到openstack集群