neutron简介:

  1. Neutron 通过 plugin 和 agent 提供的网络服务。
  2. plugin 位于 Neutron server,包括 core plugin 和 service plugin。
  3. agent 位于各个节点,负责实现网络服务。
  4. core plugin 提供 L2 功能,ML2 是推荐的 plugin。
  5. 使用最广泛的 L2 agent 是 linux bridage 和 open vswitch。
  6. service plugin 和 agent 提供扩展功能,包括 dhcp, routing, load balance, firewall, vpn 等。

部署flat + linuxbridge网络

在 controller节点、network节点、compute节点部署

配置数据库

MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';       
Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron'; 
Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges ;
Query OK, 0 rows affected (0.00 sec)

配置Neutron服务认证

创建neutron用户:

root@controller:~# openstack user create --password-prompt neutron
User Password:
Repeat User Password:
+----------+----------------------------------+
| Field    | Value                            |
+----------+----------------------------------+
| email    | None                             |
| enabled  | True                             |
| id       | bc616fedbf9d4e26ad9f23821e723069 |
| name     | neutron                          |
| username | neutron                          |
+----------+----------------------------------+

将admin角色添加给neutron用户:

root@controller:~# openstack role add --project service --user neutron admin
+-------+----------------------------------+
| Field | Value                            |
+-------+----------------------------------+
| id    | f0b9e3c9be924357bf8e918dbc2faf91 |
| name  | admin                            |
+-------+----------------------------------+

创建neutron的服务实体:

root@controller:~# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | 12238de38aa04ceca7d84f32d4cdd8a2 |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+

创建neutron服务的API endpoint:

root@controller:~# openstack endpoint create --publicurl http://controller:9696 --adminurl http://controller:9696 --internalurl http://controller:9696 --region RegionOne network
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| adminurl     | http://controller:9696           |
| id           | b1c49fdb9305476a8300a04e32d7c7e7 |
| internalurl  | http://controller:9696           |
| publicurl    | http://controller:9696           |
| region       | RegionOne                        |
| service_id   | 12238de38aa04ceca7d84f32d4cdd8a2 |
| service_name | neutron                          |
| service_type | network                          |
+--------------+----------------------------------+

安装neutron-server

root@controller:~# apt-get install neutron-server neutron-plugin-ml2 python-neutronclient

配置neutron-server

/etc/neutron/neutron.conf:

[DEFAULT]
router_distributed = False
rpc_backend = rabbit
auth_strategy = keystone
#启用Modular Layer2(ML2)插件
core_plugin = ml2
#router服务
service_plugins = router
#overlapping IP addresses
allow_overlapping_ips = True
#网络拓扑变化通知
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2 [keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron [database]
connection = mysql://neutron:neutron@controller/neutron [nova]
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = nova [oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

配置Modular Layer 2 (ML2)插件/etc/neutron/plugins/ml2/ml2_conf.ini:

[ml2]
#启动网络类型驱动
type_drivers = flat,vlan,gre,vxlan
#租户网络类型
tenant_network_types = flat
mechanism_drivers = linuxbridge
[ml2_type_flat]
flat_networks = external
[securitygroup]
enable_security_group = True
enable_ipset = True
[linux_bridge]
physical_interface_mappings = external:eth1

nova需要添加配置,/etc/nova/nova.conf:

#添加配置
[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[neutron] 
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = neutron

初始化数据库:

root@controller:~# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

重启服务:

root@controller:~# service nova-api restart

root@controller:~# service neutron-server restart

安装neutron-network

network节点环境配置:

root@network:~# vi /etc/sysctl.conf
net.ipv4.ip_forward=1 
net.ipv4.conf.all.rp_filter=0 
net.ipv4.conf.default.rp_filter=0 #如果有报错
root@network:~# vi /etc/modules
br_netfilter #添加 root@network:~# modprobe br_netfilter root@network:~# sysctl -p

安装neutron

root@controller:~# apt-get install neutron-plugin-ml2 neutron-plugin-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent -y

配置neutron-network

/etc/neutron/neutron.conf:

#在 [database] 部分,注释掉connection选项,网络不直接访问数据库
[DEFAULT]
router_distributed = False
rpc_backend = rabbit
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_password = openstack
rabbit_userid = openstack

/etc/neutron/plugins/ml2/ml2_conf.ini:

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = flat
mechanism_drivers = linuxbridge
[ml2_type_flat]
flat_networks = external
[securitygroup]
enable_security_group = True
enable_ipset = True
[linux_bridge]
physical_interface_mappings = external:eth1

/etc/neutron/dhcp_agent.ini:

[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
use_namespaces = True
dhcp_delete_namespaces = True
debug = True
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
enable_isolated_metadata = True
enable_metadata_network = True

/etc/neutron/dnsmasq-neutron.conf:

dhcp-option-force=26,1500
no-ping

/etc/neutron/metadata_agent.ini:

[DEFAULT]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron 
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET

controller节点/etc/nova/nova.conf的[neutron] 字段追加配置,并重启nova-api服务:

[neutron] 
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET

重启network节点相关服务:

root@network:~# /etc/init.d/neutron-dhcp-agent restart 
neutron-dhcp-agent stop/waiting
neutron-dhcp-agent start/running, process 4233 root@network:~# /etc/init.d/neutron-metadata-agent restart          
neutron-metadata-agent stop/waiting
neutron-metadata-agent start/running, process 4265 root@network:~# /etc/init.d/neutron-plugin-linuxbridge-agent restart
neutron-plugin-linuxbridge-agent stop/waiting
neutron-plugin-linuxbridge-agent start/running, process 4297

安装neutron-compute

compute节点环境配置:

root@compute1:~# vi /etc/sysctl.conf
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1 #如果有报错
root@compute1:~# vi /etc/modules
br_netfilter #添加 root@compute1:~# modprobe br_netfilter root@compute1:~# sysctl -p

安装neutron:

root@compute1:~# apt-get install neutron-plugin-ml2 neutron-plugin-linuxbridge-agent

配置neutron-compute

/etc/neutron/neutron.conf:

#在 [database] 部分,注释掉connection选项,网络不直接访问数据库
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
core_plugin = ml2
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

/etc/neutron/plugins/ml2/ml2_conf.ini:

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = flat
mechanism_drivers = linuxbridge
[ml2_type_flat]
flat_networks = external
[securitygroup]
enable_security_group = True
enable_ipset = True
[linux_bridge]
physical_interface_mappings = external:eth1

nova-compute的/etc/nova/nova.conf:

#[DEFAULT]字段添加
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver [neutron]
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = neutron

重启服务:

root@compute1:~# service nova-compute restart
nova-compute stop/waiting
nova-compute start/running, process 23866 root@compute1:~# /etc/init.d/neutron-plugin-linuxbridge-agent restart
neutron-plugin-linuxbridge-agent stop/waiting
neutron-plugin-linuxbridge-agent start/running, process 23919

关掉dnsmasq服务:

root@compute1:~# netstat -tlnp 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      23195/dnsmasq   
tcp        0      0 0.0.0.0:43999           0.0.0.0:*               LISTEN      1914/sshd       
tcp6       0      0 :::43999                :::*                    LISTEN      1914/sshd       
root@compute1:~# killall dnsmasq

修改kvm配置

/etc/libvirt/libvirtd.conf

listen_tls = 0
listen_tcp = 1
tcp_port = "16509"
listen_addr = "0.0.0.0"
unix_sock_group = "libvirtd"
unix_sock_ro_perms = "0777"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"
auth_tcp = "none"
max_clients = 5000
min_workers = 50
max_workers = 200
max_requests = 1000
max_client_requests = 200

/etc/default/libvirt-bin

start_libvirtd="yes"
libvirtd_opts="-d -l"

/etc/libvirt/qemu.conf

vnc_listen = "0.0.0.0"
security_driver = "none"
user = "nova"
group = "kvm"
dynamic_ownership = 1

重启KVM:

root@compute1:~# /etc/init.d/libvirt-bin restart
libvirt-bin stop/waiting
libvirt-bin start/running, process 9391

验证

在controller节点验证:

root@controller:~# neutron agent-list 
+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+
| id                                   | agent_type         | host     | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+
| 2127166d-8618-42ee-9735-0e62a9f43b21 | Linux bridge agent | network  | :-)   | True           | neutron-linuxbridge-agent |
| 28fd5729-3c7b-4674-9f99-9c679ad94a83 | Linux bridge agent | compute1 | :-)   | True           | neutron-linuxbridge-agent |
| a38e7e96-787c-49b5-a4e2-28c84051d084 | Metadata agent     | network  | :-)   | True           | neutron-metadata-agent    |
| b24fbd40-66d4-4266-af26-5a969ec40068 | DHCP agent         | network  | :-)   | True           | neutron-dhcp-agent        |
+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+

OpenStack kilo版(5) Neutron部署的更多相关文章

  1. OpenStack Kilo版加CEPH部署手册

    OpenStack Kilo版加CEPH部署手册 作者: yz联系方式: QQ: 949587200日期: 2015-7-13版本: Kilo 转载地址: http://mp.weixin.qq.co ...

  2. OpenStack kilo版(4) Glance部署

    Glance简介 Glance-api:接受云系统镜像的构建.删除.读取请求 Glance-Registry:云系统的镜像注册服务 部署在controller节点 配置数据库 MariaDB [(no ...

  3. OpenStack kilo版(3) Nova部署

    部署在controller和compute节点 配置数据库 MariaDB [(none)]> CREATE DATABASE nova;  Query OK, 1 row affected ( ...

  4. OpenStack kilo版(2) keystone部署

    部署在controller节点 配置数据库 MariaDB [(none)]> CREATE DATABASE keystone; Query OK, 1 row affected (0.00 ...

  5. [译] OpenStack Kilo 版本中 Neutron 的新变化

    OpenStack Kilo 版本,OpenStack 这个开源项目的第11个版本,已经于2015年4月正式发布了.现在是个合适的时间来看看这个版本中Neutron到底发生了哪些变化了,以及引入了哪些 ...

  6. (转)OpenStack Kilo 版本中 Neutron 的新变化

    OpenStack Kilo 版本,OpenStack 这个开源项目的第11个版本,已经于2015年4月正式发布了.现在是个合适的时间来看看这个版本中Neutron到底发生了哪些变化了,以及引入了哪些 ...

  7. OpenStack Train版-7.neutron网络服务概述

    网络服务NEUTRON概述 一.NEUTRON架构 OpenStack的网络服务neutron是整个OpenStack中最复杂的一个部分,它的基本架构是一个中心服务(neutron-server)外加 ...

  8. OpenStack kilo版(1) 部署环境

    硬件 VMware workstation虚拟机 Ubuntu14.04操作系统 虚拟机网络规划 管理网络: eth0, 桥接模式 10.0.0.0/24 外部网络: eth1, nat模式(需要关闭 ...

  9. OpenStack kilo版(8) 部署cinder

    直接将cinder服务和块设备都部署在controller节点上 在controller节点添加一块100G的块设备/dev/sdb 配置数据库 (root@localhost) [(none)]&g ...

随机推荐

  1. Apache调优(一)

    (1).Apache和Tomcat的关系 Apache HTTPD Server与Apache Tomcat同属于Apache的开源项目.两个都可以单独作为web server使用,但是又都有各自的特 ...

  2. 解决软件卸载时Abstract: "Invalid serial number" xe4

    In RAD Studio, Delphi, C++Builder, XE4 there can become a scenario if you try to modify, repair, upg ...

  3. window.open post传参

    目录 前言 获取当前用户信息 使用window.open的两种方式 Get方式 Post方式 前言 我使用的场景是,点击弹窗,然后把我当前用户的消息传过去 获取当前用户信息 打开Chrome浏览器,在 ...

  4. springboot整合mybatis的时候报错Caused by: java.lang.IllegalArgumentException: Property 'sqlSessionFactory' or 'sqlSessionTemplate' are required

    今天闲来无事,学习springboot整合mybatis,在bilibili看视频学的,视频中在dao层的interface上面加上org.apache.ibatis.annotations.Mapp ...

  5. 关于STM32F405的GPIO中断问题

    1. 下面的图,应该是多个引脚中断挂在同一个中断号上面,也就是PA0和PB0同时挂在一个中断源上面,那么就是说只能同时使用其中一个 寄存器的配置,确实只能有一个使用

  6. RabbitMQ官方教程三 Publish/Subscribe(GOLANG语言实现)

    RabbitMQ官方教程三 Publish/Subscribe(GOLANG语言实现) 在上一个教程中,我们创建了一个工作队列. 工作队列背后的假设是,每个任务都恰好交付给一个worker处理. 在这 ...

  7. 【NER】对命名实体识别(槽位填充)的一些认识

    命名实体识别 1. 问题定义 广义的命名实体识别是指识别出待处理文本中三大类(实体类.时间类和数字类).七小类(人名.机构名.地名.日期.货币和百分比)命名实体.但实际应用中不只是识别上述所说的实体类 ...

  8. C++标准模板库集合类与映射类总结

    一.STL集合类 标准模板库向程序员提供了一些容器类,以便在应用程序中频繁而快速的搜索.std::set和std::multiset用于存储一组经过排序的元素,其查找元素的复杂度为对数,而unorde ...

  9. Python中创建数值列表——参考Python编程从入门到实践

    1. 函数range( )的使用 range( )函数可以生成一系列的数字: for value in range(1, 5): print(value) Note:运行结果是打印数字1到4,即该函数 ...

  10. python 之 re模块、hashlib模块

    6.16 re模块 正则就是用一些具有特殊含义的符号组合到一起(称为正则表达式)来描述字符或者字符串的方法.或者说:正则就是用来描述一类事物的规则.(在Python中)它内嵌在Python中,并通过 ...