openstack搭建之-neutron配置（11）

一、base节点设置

mysql -u root -proot

CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';

二、 ctrl节点设置

#运行环境变量

. admin-openrc

#创建neutron用户并添加角色

openstack user create --domain default --password NEUTRON_PASS neutron

openstack role add --project service --user neutron admin

#创建neutron服务并设置endpoint

openstack service create --name neutron --description "OpenStack Networking" network

openstack endpoint create --region RegionOne network public http://ctrl.test.com:9696

openstack endpoint create --region RegionOne network internal http://ctrl.test.com:9696

openstack endpoint create --region RegionOne network admin http://ctrl.test.com:9696

#安装neutron软件

yum install \

openstack-neutron \

openstack-neutron-ml2 \

openstack-neutron-linuxbridge \

ebtables -y

#编辑neutron配置文件

vim /etc/neutron/neutron.conf

[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@base.test.com/neutron

[DEFAULT]
core_plugin = ml2
service_plugins =
#service_plugins = router
#allow_overlapping_ips = true
transport_url = rabbit://openstack:RABBIT_PASS@base.test.com
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[keystone_authtoken]
auth_uri = http://ctrl.test.com:5000
auth_url = http://ctrl.test.com:35357
memcached_servers = base.test.com:
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS

[nova]
auth_url = http://ctrl.test.com:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

#编辑ml2配置文件

vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,gre,vxlan,geneve
#type_drivers = flat,vlan,vxlan
tenant_network_types = flat,vlan,gre,vxlan,geneve
#tenant_network_types = vxlan
mechanism_drivers = linuxbridge
#mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[securitygroup]
enable_ipset = true

#[ml2_type_vxlan]
#vni_ranges = :

#编辑linuxbridge_agent配置文件

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:eth1

[vxlan]
enable_vxlan = false
#enable_vxlan = true
#local_ip = 172.16.2.52
#l2_population = true

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

#编辑l3配置文件

#vim /etc/neutron/l3_agent.ini

[DEFAULT]
#interface_driver = linuxbridge

#编辑dhcp配置文件

vim /etc/neutron/dhcp_agent.ini

[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

#编辑metadata配置文件

vim /etc/neutron/metadata_agent.ini

[DEFAULT]
nova_metadata_host =ctrl.test.com
metadata_proxy_shared_secret = METADATA_SECRET

#编辑Nova配置文件

vim /etc/nova/nova.conf

[neutron]
url = http://ctrl.test.com:9696
auth_url = http://ctrl.test.com:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET

#创建软连接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

#初始化数据库

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \

--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

#启动服务

systemctl restart openstack-nova-api.service

systemctl restart neutron-server.service \

neutron-linuxbridge-agent.service \

neutron-dhcp-agent.service \

neutron-metadata-agent.service

systemctl enable neutron-server.service \

neutron-linuxbridge-agent.service \

neutron-dhcp-agent.service \

neutron-metadata-agent.service

#systemctl restart neutron-l3-agent.service

#systemctl enable neutron-l3-agent.service

#验证（计算节点配置完成再验证）

. admin-openrc

openstack extension list --network

openstack network agent list

三、 com计算节点配置

#安装软件

yum install openstack-neutron-linuxbridge ebtables ipset -y

#编辑neutron配置文件

vim /etc/neutron/neutron.conf

[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@base.test.com
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://ctrl.test.com:5000
auth_url = http://ctrl.test.com:35357
memcached_servers = base.test.com:
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

#编辑桥接配置文件

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:eth0

[vxlan]
enable_vxlan = false
#enable_vxlan = true
#local_ip = 172.16.2.53
#l2_population = true

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

#编辑Nova配置文件

vim /etc/nova/nova.conf

[neutron]
url = http://ctrl.test.com:9696
auth_url = http://ctrl.test.com:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS

#开启服务

systemctl restart openstack-nova-compute.service

systemctl restart neutron-linuxbridge-agent.service

systemctl enable neutron-linuxbridge-agent.service

注：配置文件中注释部分配置文件为创建L3路由网络使用的配置信息。未注释的配置信息为交换机网络。后续创建网络根据需要进行开启。注意，相同项保留一项即可。