Neutron详解与安装
1、组件说明及沟通方式
在这种网络模式下,每个租户都有自己的路由器,而且有多个私有网络,vm可以分别在不同网段下,通过私网连接路由器在连接到浮动IP,最后到外部路由器实现去外部沟通
2、构建实验
1、基础配置 [root@neutron ~]# hostnamectl set-hostname network.nice.com [root@neutron ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.222.5 controller.nice.com 192.168.222.6 network.nice.com 192.168.222.10 compute1.nice.com 192.168.222.20 block1.nice.com [root@neutron ~]# yum install -y ntpdate [root@neutron ~]# ntpdate -u 192.168.222.5 24 Jul 11:02:02 ntpdate[4142]: step time server 192.168.222.5 offset 16395.238622 sec [root@neutron ~]# systemctl restart crond [root@neutron ~]# systemctl enable crond
1、配置controller节点
1、创建数据库,完成下列步骤: a.使用root用户连接mysql数据库 #mysql-u root -p b.创建neutron数据库 CREATE DATABASE neutron; c.创建数据库用户neutron,并授予neutron用户对neutron数据库完全控制权限 GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; 2、执行admin环境变量脚本 # source admin-openrc.sh 3、在认证服务中创建网络服务的认证信息,完成下列步骤: a.创建neutron用户 [root@controller ~]# keystone user-create --name neutron --pass NEUTRON_PASS +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | a7e4e7944d2f4223bd724fcc32678cae | | name | neutron | | username | neutron | +----------+----------------------------------+ b.连接neutron用户到serivce租户和admin角色 [root@controller ~]# keystone user-role-add --user neutron --tenant service --role admin c.创建neutron服务 [root@controller ~]# keystone service-create --name neutron --type network --description "Openstack Networking" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Openstack Networking | | enabled | True | | id | 66e916b7b3264a48b0e4420ecd81423f | | name | neutron | | type | network | +-------------+----------------------------------+ d.创建neutron服务端点 [root@controller ~]# keystone endpoint-create --service-id $(keystone service-list |awk '/network/ {print $2}') --publicurl http://controller.nice.com:9696 --adminurl http://controller.nice.com:9696 --internalurl http://controller.nice.com:9696 --region regionOne +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | adminurl | http://controller.nice.com:9696 | | id | e9fe74bbedd743458feba34cd64c8ef1 | | internalurl | http://controller.nice.com:9696 | | publicurl | http://controller.nice.com:9696 | | region | regionOne | | service_id | 66e916b7b3264a48b0e4420ecd81423f | +-------------+----------------------------------+ 安装网络服务组件 [root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 python-neutronclient which [root@controller ~]# vim /etc/neutron/neutron.conf [root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini [root@controller ~]# vim /etc/nova/nova.conf [root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini [root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron INFO [alembic.migration] Context impl MySQLImpl. INFO [alembic.migration] Will assume non-transactional DDL. INFO [alembic.migration] Running upgrade None -> havana, havana_initial ... ... ... 完成配置 1、为ML2插件配置文件创建连接文件。 # ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini 2、初始化数据库 # su-s /bin/sh-c "neutron-db-manage --config-file /etc/neutron/neutron.conf--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron 3、重新启动计算服务 # systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service 4、启动网络服务并配置开机自动启动# systemctlenable neutron-server.service# systemctlstart neutron-server.service 5、验证 [root@controller ~]# source admin-openrc.sh 列出加载的扩展模块,确认成功启动neutron-server进程。 [root@controller ~]# neutron ext-list +-----------------------+-----------------------------------------------+ | alias | name | +-----------------------+-----------------------------------------------+ | security-group | security-group | | l3_agent_scheduler | L3 Agent Scheduler | | ext-gw-mode | Neutron L3 Configurable external gateway mode | | binding | Port Binding | | provider | Provider Network | | agent | agent | | quotas | Quota management support | | dhcp_agent_scheduler | DHCP Agent Scheduler | | l3-ha | HA Router extension | | multi-provider | Multi Provider Network | | external-net | Neutron external network | | router | Neutron L3 Router | | allowed-address-pairs | Allowed Address Pairs | | extraroute | Neutron Extra Route | | extra_dhcp_opt | Neutron Extra DHCP opts | | dvr | Distributed Virtual Router | +-----------------------+-----------------------------------------------+
2、配置neutron节点
1、编辑/etc/sysctl.conf文件,包含下列参数: net.ipv4.ip_forward=1 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 [root@network ~]# sysctl -p net.ipv4.ip_forward = 1 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0 安装网络组件 # yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch 编辑/etc/neutron/neutron.conf文件并完成下列操作: a.编辑[database]小节,注释任何connection选项。因为network节点不能直接连接数据库。 b.编辑[DEFAULT]小节,配置RabbitMQ消息队列访问 [DEFAULT] ... rpc_backend=rabbit rabbit_host= controller.nice.com rabbit_password= RABBIT_PASS c.编辑[DEFAULT]和[keystone_authtoken]小节,配置认证服务访问: [DEFAULT] ... auth_strategy= keystone [keystone_authtoken] ... auth_uri= http://controller.nice.com:5000/v2.0 identity_uri= http://controller.nice.com:35357admin_tenant_name= service admin_user= neutron admin_password= NEUTRON_PASS d.编辑[DEFAULT]小节,启用Modular Layer2(ML2)插件,路由服务和重叠IP地址功能: [DEFAULT] ... core_plugin= ml2 service_plugins= router allow_overlapping_ips= True e.(可选)在[DEFAULT]小节中配置详细日志输出。方便排错。 [DEFAULT] ... verbose = True ML2插件使用Open vSwitch(OVS)机制为虚拟机实例提供网络框架。编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件并完成下列操作: a.编辑[ml2]小节,启用flat和generic routing encapsulation (GRE)网络类型驱动,配置GRE租户网络和OVS驱动机制。 [ml2] ... type_drivers= flat,gre tenant_network_types= gre mechanism_drivers= openvswitch b.编辑[ml2_type_flat]小节,配置外部网络:[ml2_type_flat] ... flat_networks= external c.编辑[ml2_type_gre]小节,配置隧道标识范围: [ml2_type_gre] ... tunnel_id_ranges= 1:1000 d.编辑[securitygroup]小节,启用安全组,启用ipset并配置OVS防火墙驱动: [securitygroup] ... enable_security_group= True enable_ipset= True firewall_driver= neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver e.编辑[ovs]小节,配置Open vSwitch(OVS) 代理 [ovs] ... local_ip= INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS tunnel_type= gre enable_tunneling= True bridge_mappings= external:br-ex
[root@network ~]# systemctl enable openvswitch.service ln -s '/usr/lib/systemd/system/openvswitch.service' '/etc/systemd/system/multi-user.target.wants/openvswitch.service' [root@network ~]# systemctl start openvswitch.service [root@network ~]# ovs-vsctl add-br br-ex [root@network ~]# ovs-vsctl add-port br-ex eno50332184 [root@network ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini [root@network ~]# cp/usr/lib/systemd/system/neutron-openvswitch-agent.service/usr/lib/systemd/system/neutron-openvswitch-agent.service.orig -bash: cp/usr/lib/systemd/system/neutron-openvswitch-agent.service/usr/lib/systemd/system/neutron-openvswitch-agent.service.orig: No such file or directory [root@network ~]# cp /usr/lib/systemd/system/neutron-openvswitch-agent.service /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig [root@network ~]# sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service [root@network ~]# systemctl enable neutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-ovs-cleanup.service ln -s '/usr/lib/systemd/system/neutron-openvswitch-agent.service' '/etc/systemd/system/multi-user.target.wants/neutron-openvswitch-agent.service' ln -s '/usr/lib/systemd/system/neutron-l3-agent.service' '/etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service' ln -s '/usr/lib/systemd/system/neutron-dhcp-agent.service' '/etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service' ln -s '/usr/lib/systemd/system/neutron-metadata-agent.service' '/etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service' ln -s '/usr/lib/systemd/system/neutron-ovs-cleanup.service' '/etc/systemd/system/multi-user.target.wants/neutron-ovs-cleanup.service' [root@network ~]# systemctl start neutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
3、配置compute节点
4、验证安装
[root@controller ~]# neutron net-create ext-net --shared --router:external True --provider:physical_network external --provider:network_type flat Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | f4314f21-5fc1-423b-b011-e5ad14de1767 | | name | ext-net | | provider:network_type | flat | | provider:physical_network | external | | provider:segmentation_id | | | router:external | True | | shared | True | | status | ACTIVE | | subnets | | | tenant_id | dc4de4d7ecda4ed898b5e0d82809d2ad | +---------------------------+--------------------------------------+ 创建外部网络子网 [root@controller ~]# neutron subnet-create ext-net --name ext-subnet --allocation-pool start=100.100.100.12,end=100.100.100.240 --disable-dhcp --gateway 100.100.100.11 100.100.100.0/24 Created a new subnet: +-------------------+-------------------------------------------------------+ | Field | Value | +-------------------+-------------------------------------------------------+ | allocation_pools | {"start": "100.100.100.12", "end": "100.100.100.240"} | | cidr | 100.100.100.0/24 | | dns_nameservers | | | enable_dhcp | False | | gateway_ip | 100.100.100.11 | | host_routes | | | id | 1b9c8211-ab2d-4e61-8839-7fc780d201c4 | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | ext-subnet | | network_id | f4314f21-5fc1-423b-b011-e5ad14de1767 | | tenant_id | dc4de4d7ecda4ed898b5e0d82809d2ad | +-------------------+-------------------------------------------------------+
创建租户网络 [root@controller ~]# source demo-openrc.sh [root@controller ~]# neutron net-create demo-net Created a new network: +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | admin_state_up | True | | id | c882ea04-dde5-4df0-a407-01a2a8dd7743 | | name | demo-net | | router:external | False | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | ab56bdec367e478cbdfbd1769f9c1649 | +-----------------+--------------------------------------+
测试
[root@controller ~]# neutron router-list +--------------------------------------+-------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+ | id | name | external_gateway_info | distributed | ha | +--------------------------------------+-------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+ | 5b51cc40-0b8f-45f8-958a-66887d38d6ec | demo-router | {"network_id": "f4314f21-5fc1-423b-b011-e5ad14de1767", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "1b9c8211-ab2d-4e61-8839-7fc780d201c4", "ip_address": "100.100.100.12"}]} | False | False | +--------------------------------------+-------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+ C:\Users\Jack>ping 100.100.100.12 正在 Ping 100.100.100.12 具有 32 字节的数据: 来自 100.100.100.12 的回复: 字节=32 时间<1ms TTL=64 来自 100.100.100.12 的回复: 字节=32 时间<1ms TTL=64 来自 100.100.100.12 的回复: 字节=32 时间<1ms TTL=64 来自 100.100.100.12 的回复: 字节=32 时间<1ms TTL=64 100.100.100.12 的 Ping 统计信息: 数据包: 已发送 = 4,已接收 = 4,丢失 = 0 (0% 丢失), 往返行程的估计时间(以毫秒为单位): 最短 = 0ms,最长 = 0ms,平均 = 0ms
