10、配置元数据代理
编辑/etc/neutron/metadata_agent.ini文件,完成如下操作
在[DEFAULT]部分配置元数据主机和共享密钥
11、配置Compute服务以使用Networking服务
编辑/etc/nova/nova.conf文件,执行如下操作:
在[neutron]部分,配置访问参数,启用元数据代理,并配置secret:
[neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = 000000 service_metadata_proxy = true metadata_proxy_shared_secret = 000000 # 可使用以下命令直接修改 openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:5000 openstack-config --set /etc/nova/nova.conf neutron auth_type password openstack-config --set /etc/nova/nova.conf neutron project_domain_name default openstack-config --set /etc/nova/nova.conf neutron user_domain_name default openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne openstack-config --set /etc/nova/nova.conf neutron project_name service openstack-config --set /etc/nova/nova.conf neutron username neutron openstack-config --set /etc/nova/nova.conf neutron password 000000 openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy true openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret 000000
12、安装完成
网络服务初始化脚本需要一个符号链接/etc/neutron/plugin.ini指向ML2插件配置文
件/etc/neutron/plugins/ml2/ml2_conf.ini。如果这个符号链接不存在,用下面的命令创建它:
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
填充数据库:
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重新启动Compute API服务:
[root@controller ~]# systemctl restart openstack-nova-api.service
13、启动服务
[root@controller ~]# systemctl enable neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service [root@controller ~]# systemctl start neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service [root@controller ~]# systemctl status neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service
在compute计算节点(14-17)
14、安装组件
[root@compute ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y
15、修改neutron配置文件
编辑/etc/neutron/neutron.conf文件,完成如下操作:
在[database]部分中,注释掉任何连接选项,因为计算节点不直接访问数据库。
在[DEFAULT]部分,配置RabbitMO消息队列访问:
transport_url = rabbit://openstack:000000@controller # 可使用以下命令直接修改 openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:000000@controller
在[DEFAULT]和[keystone_authtoken]部分中,配置身份服务访问:
[DEFAULT] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = 000000 # 可使用以下命令直接修改 openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://controller:5000 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:5000 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password 000000
在[oslo_concurrency]部分中,配置锁路径:
[oslo_concurrency] lock_path = /var/lib/neutron/tmp # 可使用以下命令直接修改 openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
16、配置Linux bridge代理
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件,完成如下操作:
在[linux_bridge]部分中,将提供商虚拟网络映射到提供商物理网络接口:
[linux_bridge] physical_interface_mappings = provider:ens34 # 可使用以下命令直接修改 openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:ens34
在[vxlan]区域,禁用vxlan覆盖网络:
[vxlan] enable_vxlan = false # 可使用以下命令直接修改 openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan false
在[securitygroup]部分,启用安全组并配置Linux bridge iptables防火墙驱动程序:
[securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver # 可使用以下命令直接修改 openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置内核参数
cat >> /etc/sysctl.conf << EOF net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 EOF # 永久加载模块 cat > /etc/modules-load.d/neutron-bridge.conf <<EOF br_netfilter EOF ## 配置开机启动 systemctl restart systemd-modules-load systemctl enable systemd-modules-load sysctl -p
17、配置Compute服务以使用Networking服务
编辑/etc/nova/nova.conf文件,完成如下操作:
在[neutron]部分,配置访问参数:
[neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = 000000 # 可使用以下命令直接修改 openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696 openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:5000 openstack-config --set /etc/nova/nova.conf neutron auth_type password openstack-config --set /etc/nova/nova.conf neutron project_domain_name default openstack-config --set /etc/nova/nova.conf neutron user_domain_name default openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne openstack-config --set /etc/nova/nova.conf neutron project_name service openstack-config --set /etc/nova/nova.conf neutron username neutron openstack-config --set /etc/nova/nova.conf neutron password 000000
18、启动服务
# 重新启动计算服务 [root@compute ~]# systemctl restart openstack-nova-compute.service # 启动Linux bridge代理并将其配置为在系统启动时启动: [root@compute ~]# systemctl start neutron-linuxbridge-agent.service [root@compute ~]# systemctl status neutron-linuxbridge-agent.service [root@compute ~]# systemctl enable neutron-linuxbridge-agent.service
19、验证(在controller执行)
获取admin凭证
[root@controller ~]# source admin-openrc
列出代理,以核实中子代理是否成功启动:
[root@controller ~]# openstack network agent list +--------------------------------------+--------------------+------------+------ -------------+-------+-------+---------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+--------------------+------------+------ -------------+-------+-------+---------------------------+ | 8cc6a3c2-64b5-4b0b-863b-53c97654d163 | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent | | a2180aeb-3e42-4b0a-8961-419086c17088 | Linux bridge agent | controller | None | :-) | UP | neutron-linuxbridge-agent | | a36598f3-6beb-49a4-89a7-100c62c1096a | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent | | ed6e3454-f0f0-4596-a336-c969b75b20f0 | Linux bridge agent | compute | None | :-) | UP | neutron-linuxbridge-agent | +--------------------------------------+--------------------+------------+------ -------------+-------+-------+---------------------------+
20、创建网络
[root@controller ~]# openstack network create --share --external \ --provider-physical-network provider \ --provider-network-type flat provider [root@controller ~]# openstack subnet create --network provider \ --allocation-pool start=192.168.75.100,end=192.168.75.120 \ --dns-nameserver 8.8.8.8 --gateway 192.168.75.2\ --subnet-range 192.168.75.0/24 provider
21、创建自助服务网络
# 创建提供商网络 [root@controller ~]# openstack network create --share --external \ --provider-physical-network provider \ --provider-network-type flat provider [root@controller ~]# openstack subnet create --network provider \ --allocation-pool start=192.168.75.100,end=192.168.75.120 \ --dns-nameserver 8.8.8.8 --gateway 192.168.75.2\ --subnet-range 192.168.75.0/24 provider # 创建自助服务网络接口 [root@controller ~]# openstack network create selfservice [root@controller ~]# openstack subnet create --network selfservice \ --dns-nameserver 8.8.8.8 --gateway 10.0.1.254 \ --subnet-range 10.0.1.0/24 selfservice # 创建路由 [root@controller ~]# openstack router create router # 将路由连接到网络接口 [root@controller ~]# openstack router add subnet router selfservice # 在路由上设置网关 [root@controller ~]# openstack router set router --external-gateway provider
22、验证网络创建
# 加载用户身份 [root@controller ~]# source admin-openrc # 列出网络名称空间。您应该看到一个qrouter名称空间和两个qdhcp名称空间。 [root@controller ~]# ip netns qrouter-f02c61ba-00f6-401b-ab96-28b180a20264 (id: 2) qdhcp-53bbddc9-826d-498b-81dd-8250e17f8e89 (id: 1) qdhcp-c4fabf83-6a38-4f7e-8f6b-cf103dd43c03 (id: 0) # 列出路由器上的端口,以确定提供商网络中的网关IP地址 [root@controller ~]# openstack port list --router router +--------------------------------------+------+-------------------+------------- ------------------------------------------------------------------+--------+ | ID | Name | MAC Address | Fixed IP Addresses | Status | +--------------------------------------+------+-------------------+------------- ------------------------------------------------------------------+--------+ | 4b057afd-20d4-452c-b865-1eab82b87d45 | | fa:16:3e:be:e3:11 | ip_address='192.168.75.113', subnet_id='685e3694-22dd-4f72-abc0-1632d33babc9' | ACTIVE | | 62ef73d4-f7df-4058-8b49-40638301c078 | | fa:16:3e:c7:f6:98 | ip_address='192.168.88.254', subnet_id='8035cb75-8427-4472-9ebd-00cd6b22cfd4' | ACTIVE | +--------------------------------------+------+-------------------+------------- ------------------------------------------------------------------+--------+ # 从控制节点或物理提供商网络上的任何主机Ping此IP地址
