controller节点配置

创建数据库和授权用户

[root@controller ~]# mysql -uroot -p000000
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '000000';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '000000';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit

创建用户服务和API的endpoint

创建用户服务

[root@controller ~]# openstack user create --domain default --password 000000 neutron 
[root@controller ~]# openstack role add --project service --user neutron admin
[root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network #创建network服务，服务类型为network

创建API的endpoint

三种API端点代表三种服务：admin、internal、public

[root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696

安装openstack–neutron软件

[root@controller ~]# yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables conntrack-tools

编辑配置文件

编辑neutron.conf

[root@controller ~]# cp -a /etc/neutron/neutron.conf{,.bak}
#在保留源文件属性的前提下进行批量复制
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf
#对neutron.conf.bak反向过滤掉空格和注释项，覆盖到neutron.conf
[root@controller ~]# vi /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2                #启用二层网络插件
service_plugins = router         #启用三层网络插件
allow_overlapping_ips = true
transport_url = rabbit://openstack:000000@controller   #配置rabbitmq连接
auth_strategy = keystone                   #认证的方式:keystone
notify_nova_on_port_status_changes = true         #当网络接口发生变化时，通知给计算节点 
notify_nova_on_port_data_changes = true           #当端口数据发生变化，通知计算节点

[cors]
[database]                         #配置数据库连接
connection = mysql+pymysql://neutron:000000@controller/neutron

[keystone_authtoken]                              #配置keystone认证信息
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 000000

[oslo_concurrency]                       #配置锁路径
lock_path = /var/lib/neutron/tmp

[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[privsep]
[ssl]
[nova]                              #neutron需要给nova返回数据
auth_url = http://controller:5000           #到keystone认证nova
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova                  #通过nova的用户名和密码到keystone验证nova的token
password = 000000

编辑ml2_conf.ini

[root@controller ~]# cp -a /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini.bak > /etc/neutron/plugins/ml2/ml2_conf.ini
[root@controller ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini

[DEFAULT]
[ml2]
type_drivers = flat,vlan,vxlan               #配置驱动类型；单一扁平网络(桥接)和vlan；让二层网络支持桥接，支持基于vlan做子网划分
tenant_network_types = vxlan                 #租户网络类型(vxlan）
mechanism_drivers = linuxbridge,l2population   #启用Linuxbridge和l2机制，(l2population机制是为了简化网络通信拓扑，减少网络广播)：
extension_drivers = port_security        #启用端口安全扩展驱动程序，基于iptables实现访问控制；但配置了扩展安全组会导致一些端口限制，造成一些服务无法启动 

[ml2_type_flat]
flat_networks = provider                  #配置公共虚拟网络为flat网络

[ml2_type_vxlan]
vni_ranges = 1:1000                       #为私有网络配置VXLAN网络识别的网络范围

[securitygroup]
enable_ipset = true                       #启用 ipset 增加安全组的方便性

编辑linuxbridge_agent.ini

[root@controller ~]# cp -a /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@controller ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[linux_bridge]
physical_interface_mappings = provider:ens34    #指定上个文件中的桥接网络名称，与eth0物理网卡做关联，后期给虚拟机分配external网络，就可以通过eth0上外网；物理网卡有可能是bind0、br0等

[vxlan]                       #启用VXLAN覆盖网络，配置覆盖网络的物理网络接口的IP地址，启用layer－2 population
enable_vxlan = true           #允许用户创建自定义网络(3层网络)
local_ip = 192.168.1.100
l2_population = true

[securitygroup]               #启用安全组并配置 Linux 桥接 iptables 防火墙驱动
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

修改内核参数

[root@controller ~]# echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf
[root@controller ~]# echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf
[root@controller ~]# modprobe br_netfilter
#表示向内核加入参数
[root@controller ~]# sysctl -p 

编辑l3_agent.ini 接口驱动和外部网络网桥

[root@controller ~]# cp -a /etc/neutron/l3_agent.ini{,.bak}
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/l3_agent.ini.bak > /etc/neutron/l3_agent.ini
[root@controller ~]# vi /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge

编辑dhcp_agent.ini

[root@controller ~]# cp -a /etc/neutron/dhcp_agent.ini{,.bak}
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.bak > /etc/neutron/dhcp_agent.ini
[root@controller ~]# vi  /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge                 #指定默认接口驱动为linux网桥
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq  #指定DHCP驱动
enable_isolated_metadata = true                 #开启iso元数据

配置元数据代理、用于配置桥接与自服务网络的通用配置

[root@controller ~]# cp -a /etc/neutron/metadata_agent.ini{,.bak}
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/metadata_agent.ini.bak > /etc/neutron/metadata_agent.ini
[root@controller ~]# vi /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = 000000

[cache]

编辑nova配置文件

[root@controller ~]# vi /etc/nova/nova.conf
添加[neurton]处数据
[neutron]
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 000000
service_metadata_proxy = true
metadata_proxy_shared_secret = 000000

创建ML2插件文件符号连接

[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
#网络服务初始化脚本需要/etc/neutron/plugin.ini指向ML2插件配置文件的符号链接

初始化数据库

[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
> --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

启动服务

先重启nova-api服务

[root@controller ~]# systemctl restart openstack-nova-api.service 

开启neutron服务，设置开机自启动

[root@controller ~]# systemctl enable neutron-server.service \ 
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ 
> neutron-metadata-agent.service
[root@controller ~]# systemctl start neutron-server.service \ 
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ 
> neutron-metadata-agent.service

开启第三层网络服务

[root@controller ~]# systemctl enable neutron-l3-agent.service
[root@controller ~]# systemctl restart neutron-l3-agent.service

查看9696端口是否开启

[root@controller ~]# netstat -anutp |grep 9696

compute节点配置

安装openstack–neutron软件

[root@compute ~]# yum -y install openstack-neutron-linuxbridge ebtables ipset conntrack-tools

编辑配置文件

编辑neutron.conf

[root@compute ~]# cp -a /etc/neutron/neutron.conf{,.bak}
[root@compute ~]# grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf
[root@compute ~]# vi /etc/neutron/neutron.conf
[DEFAULT]                                             #neutron的server端与agent端通讯也是通过rabbitmq进行通讯的
transport_url = rabbit://openstack:000000@controller
auth_strategy = keystone                 #认证策略：keystone

[cors]
[database]
[keystone_authtoken]                     #指定keystone认证的信息
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 000000

[oslo_concurrency]                  #配置锁路径（管理线程库）
lock_path = /var/lib/neutron/tmp

[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[privsep]
[ssl]

编辑网桥linuxbridge_agent.ini

[root@compute ~]# cp -a /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
[root@compute ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@compute ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[linux_bridge]
physical_interface_mappings = provider:ens34

[vxlan]                      #开启Vxlan网络
enable_vxlan = true
local_ip = 192.168.1.200
l2_population = true         #L2 Population 是用来提高 VXLAN 网络扩展能力的组件

[securitygroup] 
enable_security_group = true         #开启安全组
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

修改内核

[root@compute ~]# echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf
[root@compute ~]# echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf
[root@compute ~]# modprobe br_netfilter
#modprobe：用于向内核中加载模块或者从内核中移除模块。modprobe -r 表示移除
[root@c1 ~]# sysctl -p

修改nova.conf配置文件

[root@compute ~]# vi /etc/nova/nova.conf
添加[neurton]处数据
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 000000

启动服务

开启neutron服务，设置开机自启动

[root@compute ~]# systemctl enable neutron-linuxbridge-agent.service
[root@compute ~]# systemctl start neutron-linuxbridge-agent.service

验证整体服务

controller节点操作

[root@controller ~]# openstack network agent list