注意事项!!!
Openstack主要组件安装的顺序
- Keystone(apache)
- glance
- nova
- neutron
controller节点配置
创建数据库和授权用户
[root@controller ~]# mysql -uroot -p000000 MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '000000'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '000000'; MariaDB [(none)]> flush privileges; MariaDB [(none)]> exit
创建用户服务和API的endpoint
创建用户服务
[root@controller ~]# openstack user create --domain default --password 000000 neutron [root@controller ~]# openstack role add --project service --user neutron admin [root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network #创建network服务,服务类型为network
创建API的endpoint
三种API端点代表三种服务:admin、internal、public
[root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696 [root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696 [root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696
安装openstack–neutron软件
[root@controller ~]# yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables conntrack-tools
编辑配置文件
编辑neutron.conf
[root@controller ~]# cp -a /etc/neutron/neutron.conf{,.bak} #在保留源文件属性的前提下进行批量复制 [root@controller ~]# grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf #对neutron.conf.bak反向过滤掉空格和注释项,覆盖到neutron.conf [root@controller ~]# vi /etc/neutron/neutron.conf [DEFAULT] core_plugin = ml2 #启用二层网络插件 service_plugins = router #启用三层网络插件 allow_overlapping_ips = true transport_url = rabbit://openstack:000000@controller #配置rabbitmq连接 auth_strategy = keystone #认证的方式:keystone notify_nova_on_port_status_changes = true #当网络接口发生变化时,通知给计算节点 notify_nova_on_port_data_changes = true #当端口数据发生变化,通知计算节点 [cors] [database] #配置数据库连接 connection = mysql+pymysql://neutron:000000@controller/neutron [keystone_authtoken] #配置keystone认证信息 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = 000000 [oslo_concurrency] #配置锁路径 lock_path = /var/lib/neutron/tmp [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_middleware] [oslo_policy] [privsep] [ssl] [nova] #neutron需要给nova返回数据 auth_url = http://controller:5000 #到keystone认证nova auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova #通过nova的用户名和密码到keystone验证nova的token password = 000000
编辑ml2_conf.ini
[root@controller ~]# cp -a /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak} [root@controller ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini.bak > /etc/neutron/plugins/ml2/ml2_conf.ini [root@controller ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini [DEFAULT] [ml2] type_drivers = flat,vlan,vxlan #配置驱动类型;单一扁平网络(桥接)和vlan;让二层网络支持桥接,支持基于vlan做子网划分 tenant_network_types = vxlan #租户网络类型(vxlan) mechanism_drivers = linuxbridge,l2population #启用Linuxbridge和l2机制,(l2population机制是为了简化网络通信拓扑,减少网络广播): extension_drivers = port_security #启用端口安全扩展驱动程序,基于iptables实现访问控制;但配置了扩展安全组会导致一些端口限制,造成一些服务无法启动 [ml2_type_flat] flat_networks = provider #配置公共虚拟网络为flat网络 [ml2_type_vxlan] vni_ranges = 1:1000 #为私有网络配置VXLAN网络识别的网络范围 [securitygroup] enable_ipset = true #启用 ipset 增加安全组的方便性
编辑linuxbridge_agent.ini
[root@controller ~]# cp -a /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak} [root@controller ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini [root@controller ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini [DEFAULT] [linux_bridge] physical_interface_mappings = provider:ens34 #指定上个文件中的桥接网络名称,与eth0物理网卡做关联,后期给虚拟机分配external网络,就可以通过eth0上外网;物理网卡有可能是bind0、br0等 [vxlan] #启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2 population enable_vxlan = true #允许用户创建自定义网络(3层网络) local_ip = 192.168.1.100 l2_population = true [securitygroup] #启用安全组并配置 Linux 桥接 iptables 防火墙驱动 enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
修改内核参数
[root@controller ~]# echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf
[root@controller ~]# echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf
[root@controller ~]# modprobe br_netfilter
#表示向内核加入参数
[root@controller ~]# sysctl -p
编辑l3_agent.ini 接口驱动和外部网络网桥
[root@controller ~]# cp -a /etc/neutron/l3_agent.ini{,.bak} [root@controller ~]# grep -Ev '^$|#' /etc/neutron/l3_agent.ini.bak > /etc/neutron/l3_agent.ini [root@controller ~]# vi /etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge
编辑dhcp_agent.ini
[root@controller ~]# cp -a /etc/neutron/dhcp_agent.ini{,.bak}
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.bak > /etc/neutron/dhcp_agent.ini
[root@controller ~]# vi /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge #指定默认接口驱动为linux网桥
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq #指定DHCP驱动
enable_isolated_metadata = true #开启iso元数据
配置元数据代理、用于配置桥接与自服务网络的通用配置
[root@controller ~]# cp -a /etc/neutron/metadata_agent.ini{,.bak}
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/metadata_agent.ini.bak > /etc/neutron/metadata_agent.ini
[root@controller ~]# vi /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = 000000
[cache]
编辑nova配置文件
[root@controller ~]# vi /etc/nova/nova.conf
添加[neurton]处数据
[neutron]
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 000000
service_metadata_proxy = true
metadata_proxy_shared_secret = 000000
创建ML2插件文件符号连接
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini #网络服务初始化脚本需要/etc/neutron/plugin.ini指向ML2插件配置文件的符号链接
初始化数据库
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
> --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
启动服务
先重启nova-api服务
[root@controller ~]# systemctl restart openstack-nova-api.service
开启neutron服务,设置开机自启动
[root@controller ~]# systemctl enable neutron-server.service \
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
> neutron-metadata-agent.service
[root@controller ~]# systemctl start neutron-server.service \
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
> neutron-metadata-agent.service
开启第三层网络服务
[root@controller ~]# systemctl enable neutron-l3-agent.service [root@controller ~]# systemctl restart neutron-l3-agent.service
查看9696端口是否开启
[root@controller ~]# netstat -anutp |grep 9696
compute节点配置
安装openstack–neutron软件
[root@compute ~]# yum -y install openstack-neutron-linuxbridge ebtables ipset conntrack-tools
编辑配置文件
编辑neutron.conf
[root@compute ~]# cp -a /etc/neutron/neutron.conf{,.bak} [root@compute ~]# grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf [root@compute ~]# vi /etc/neutron/neutron.conf [DEFAULT] #neutron的server端与agent端通讯也是通过rabbitmq进行通讯的 transport_url = rabbit://openstack:000000@controller auth_strategy = keystone #认证策略:keystone [cors] [database] [keystone_authtoken] #指定keystone认证的信息 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = 000000 [oslo_concurrency] #配置锁路径(管理线程库) lock_path = /var/lib/neutron/tmp [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_middleware] [oslo_policy] [privsep] [ssl]
编辑网桥linuxbridge_agent.ini
[root@compute ~]# cp -a /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak} [root@compute ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini [root@compute ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini [DEFAULT] [linux_bridge] physical_interface_mappings = provider:ens34 [vxlan] #开启Vxlan网络 enable_vxlan = true local_ip = 192.168.1.200 l2_population = true #L2 Population 是用来提高 VXLAN 网络扩展能力的组件 [securitygroup] enable_security_group = true #开启安全组 firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
修改内核
[root@compute ~]# echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf [root@compute ~]# echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf [root@compute ~]# modprobe br_netfilter #modprobe:用于向内核中加载模块或者从内核中移除模块。modprobe -r 表示移除 [root@c1 ~]# sysctl -p
修改nova.conf配置文件
[root@compute ~]# vi /etc/nova/nova.conf 添加[neurton]处数据 [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = 000000
启动服务
开启neutron服务,设置开机自启动
[root@compute ~]# systemctl enable neutron-linuxbridge-agent.service
[root@compute ~]# systemctl start neutron-linuxbridge-agent.service
验证整体服务
controller节点操作
[root@controller ~]# openstack network agent list
