AI 助理
备案控制台
开发者社区 云计算 文章 正文

云计算|OpenStack|社区版OpenStack安装部署文档(六 --- 网络服务neutron的安装部署---Rocky版)

2023-12-20 192
版权
版权声明:
本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《 阿里云开发者社区用户服务协议》和 《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写 侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
本文涉及的产品
云数据库 RDS MySQL,集群系列 2核4GB
推荐场景:
搭建个人博客
RDS MySQL Serverless 基础系列,0.5-2RCU 50GB
推荐场景:
学生管理系统数据库设计 搭建个人博客
RDS MySQL Serverless 高可用系列,价值2615元额度,1个月
简介: 云计算|OpenStack|社区版OpenStack安装部署文档(六 --- 网络服务neutron的安装部署---Rocky版)

前言:

在这里再次强调一下,openstack社区版的组件是非常多得,详见官网:OpenStack Project Teams — OpenStack Technical Committee Governance Documents

这么多组件,能够全部都使用过的,我愿称他为猛人。

源码下载地址:OpenStack Releases: Zed  当然,别的版本的源码比如,Rocky的:OpenStack Releases: Rocky

总的来说,openstack的组件是非常多得,多到你怀疑人生的那种。

而前面我们已经安装了keystone,glance,nova,这仅仅是openstack的冰山一角,下面要安装的是neutron网络服务。

OpenStack Networking(neutron),允许创建、插入接口设备,这些设备由其他的OpenStack服务管理。插件式的实现可以容纳不同的网络设备和软件,为OpenStack架构与部署提供了灵活性。

它包含下列组件:

neutron-server

接收和路由API请求到合适的OpenStack网络插件,以达到预想的目的。


OpenStack网络插件和代理

插拔端口,创建网络和子网,以及提供IP地址,这些插件和代理依赖于供应商和技术而不同,OpenStack网络基于插件和代理为Cisco 虚拟和物理交换机、NEC OpenFlow产品,Open vSwitch,Linux bridging以及VMware NSX 产品穿线搭桥。


常见的代理L3(3层),DHCP(动态主机IP地址),以及插件代理。


消息队列

大多数的OpenStack Networking安装都会用到,用于在neutron-server和各种各样的代理进程间路由信息。也为某些特定的插件扮演数据库的角色,以存储网络状态


OpenStack网络主要和OpenStack计算交互,以提供网络连接到它的实例。

本文中使用的官方部署文档链接:OpenStack Docs: Install and configure for Red Hat Enterprise Linux and CentOS

一,

在controller节点安装neutron(也就是192.168.123.130这个服务器)

1,

创建neutron数据库,授予合适的访问权限

登陆数据库,执行以下SQL语句(何种方式登陆都可以,比如,本地登陆或者使用Navicat这些都是可以的):

注:注意,密码设置为neutro

CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
flush privileges;

2,

在keystone上创建neutron用户

openstack user create --domain default --password=neutron neutron
#输出如下:
[root@openstack1 ~]# openstack user create --domain default --password=neutron  neutron
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | fc87cddefdbc4087ad48fb86a28f2e40 |
| name                | neutron                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

3,

将neutron添加到service项目并授予admin角色

openstack role add --project service --user neutron admin
#此命令无任何输出为正确

4,

创建neutron服务实体

openstack service create --name neutron --description "OpenStack Networking" network
#输出如下:
[root@openstack1 ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | fed6374c1cdd453a8d26c4e33d664b5d |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+

5,

创建neutron网络服务的API端点(检查点)

注:仍然使用主机名openstack1

openstack endpoint create --region RegionOne network public http://openstack1:9696
openstack endpoint create --region RegionOne network internal http://openstack1:9696
openstack endpoint create --region RegionOne network admin http://openstack1:9696
#输出如下:
[root@openstack1 ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | fed6374c1cdd453a8d26c4e33d664b5d |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+
[root@openstack1 ~]# openstack endpoint create --region RegionOne network public http://openstack1:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | e69de8adfe8042369e05652e6961503e |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | fed6374c1cdd453a8d26c4e33d664b5d |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://openstack1:9696           |
+--------------+----------------------------------+
[root@openstack1 ~]# openstack endpoint create --region RegionOne network internal http://openstack1:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | a1c8d96d44154cbc85f32e5d9ff8e54e |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | fed6374c1cdd453a8d26c4e33d664b5d |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://openstack1:9696           |
+--------------+----------------------------------+
[root@openstack1 ~]# openstack endpoint create --region RegionOne network admin http://openstack1:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 5080d68d4d094baab6246608fd7d277d |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | fed6374c1cdd453a8d26c4e33d664b5d |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://openstack1:9696           |
+--------------+----------------------------------+

6,

yum安装neutron组件

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

7,

快速配置/etc/neutron/neutron.conf

#注,仍然是使用主机名openstack1,密码这些要仔细核对

openstack-config --set  /etc/neutron/neutron.conf database connection  mysql+pymysql://neutron:neutron@openstack1/neutron 
openstack-config --set  /etc/neutron/neutron.conf DEFAULT core_plugin  ml2  
openstack-config --set  /etc/neutron/neutron.conf DEFAULT service_plugins 
openstack-config --set  /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@openstack1
openstack-config --set  /etc/neutron/neutron.conf DEFAULT auth_strategy  keystone  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri  http://openstack1:5000
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_url  http://openstack1:5000
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken memcached_servers  openstack1:11211
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_type  password  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken project_domain_name default  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken user_domain_name  default  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken project_name  service  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken username  neutron  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken password  neutron  
openstack-config --set  /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes  True  
openstack-config --set  /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes  True  
openstack-config --set  /etc/neutron/neutron.conf nova auth_url  http://openstack1:5000
openstack-config --set  /etc/neutron/neutron.conf nova auth_type  password 
openstack-config --set  /etc/neutron/neutron.conf nova project_domain_name  default  
openstack-config --set  /etc/neutron/neutron.conf nova user_domain_name  default  
openstack-config --set  /etc/neutron/neutron.conf nova region_name  RegionOne  
openstack-config --set  /etc/neutron/neutron.conf nova project_name  service  
openstack-config --set  /etc/neutron/neutron.conf nova username  nova  
openstack-config --set  /etc/neutron/neutron.conf nova password  nova  
openstack-config --set  /etc/neutron/neutron.conf oslo_concurrency lock_path  /var/lib/neutron/tmp

查看修改的内容和以上的修改是匹配的:

[root@openstack1 ~]# grep '^[a-z]' /etc/neutron/neutron.conf 
core_plugin = ml2
service_plugins = 
transport_url = rabbit://openstack:RABBIT_PASS@openstack1
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
connection = mysql+pymysql://neutron:neutron@openstack1/neutron
www_authenticate_uri = http://openstack1:5000
auth_url = http://openstack1:5000
memcached_servers = openstack1:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
auth_url = http://openstack1:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
lock_path = /var/lib/neutron/tmp

8,

快速配置/etc/neutron/plugins/ml2/ml2_conf.ini

openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers  flat,vlan
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types 
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers  linuxbridge
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers  port_security
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks  provider 
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset  True

9,

快速配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini

#注,第一行是ens33,主网卡的名称

openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings  provider:ens33
openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan  enable_vxlan  False
openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup  enable_security_group  True 
openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup  firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

10,

快速配置/etc/neutron/dhcp_agent.ini

openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  interface_driver  linuxbridge
openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  dhcp_driver  neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  enable_isolated_metadata  True

11,

快速配置/etc/neutron/metadata_agent.ini

#metadata_proxy_shared_secret选项是元数据代理,需要设置一个合适的密码这里设置为neutron

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host openstack1
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret neutron

12,

配置nova服务和neutron服务结合

#快速配置/etc/nova/nova.conf,将neutron添加到计算节点中,注意,仍然使用的openstack1这个主机名,最后一行的neutron就是上面提到的secret

openstack-config --set  /etc/nova/nova.conf  neutron url http://openstack1:9696
openstack-config --set  /etc/nova/nova.conf  neutron auth_url http://openstack1:5000
openstack-config --set  /etc/nova/nova.conf  neutron auth_type password
openstack-config --set  /etc/nova/nova.conf  neutron project_domain_name default
openstack-config --set  /etc/nova/nova.conf  neutron user_domain_name default
openstack-config --set  /etc/nova/nova.conf  neutron region_name RegionOne
openstack-config --set  /etc/nova/nova.conf  neutron project_name service
openstack-config --set  /etc/nova/nova.conf  neutron username neutron
openstack-config --set  /etc/nova/nova.conf  neutron password neutron
openstack-config --set  /etc/nova/nova.conf  neutron service_metadata_proxy true
openstack-config --set  /etc/nova/nova.conf  neutron metadata_proxy_shared_secret neutron

13,

初始化安装网络插件

# 创建网络插件的链接,初始化网络的脚本插件会用到/etc/neutron/plugin.ini,需要使用ML2的插件进行提供

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

14,

同步创建相关数据库

#注,大概是167个表

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
#此命令输出如下,有一个OK表示OK,并且最好还是echo $?  看一下
[root@openstack1 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
> --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
  Running upgrade for neutron ...
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Running upgrade  -> kilo
INFO  [alembic.runtime.migration] Running upgrade kilo -> 354db87e3225
INFO  [alembic.runtime.migration] Running upgrade 354db87e3225 -> 599c6a226151
INFO  [alembic.runtime.migration] Running upgrade 599c6a226151 -> 52c5312f6baf
INFO  [alembic.runtime.migration] Running upgrade 52c5312f6baf -> 313373c0ffee
INFO  [alembic.runtime.migration] Running upgrade 313373c0ffee -> 8675309a5c4f
INFO  [alembic.runtime.migration] Running upgrade 8675309a5c4f -> 45f955889773
INFO  [alembic.runtime.migration] Running upgrade 45f955889773 -> 26c371498592
INFO  [alembic.runtime.migration] Running upgrade 26c371498592 -> 1c844d1677f7
INFO  [alembic.runtime.migration] Running upgrade 1c844d1677f7 -> 1b4c6e320f79
INFO  [alembic.runtime.migration] Running upgrade 1b4c6e320f79 -> 48153cb5f051
INFO  [alembic.runtime.migration] Running upgrade 48153cb5f051 -> 9859ac9c136
INFO  [alembic.runtime.migration] Running upgrade 9859ac9c136 -> 34af2b5c5a59
INFO  [alembic.runtime.migration] Running upgrade 34af2b5c5a59 -> 59cb5b6cf4d
INFO  [alembic.runtime.migration] Running upgrade 59cb5b6cf4d -> 13cfb89f881a
INFO  [alembic.runtime.migration] Running upgrade 13cfb89f881a -> 32e5974ada25
INFO  [alembic.runtime.migration] Running upgrade 32e5974ada25 -> ec7fcfbf72ee
INFO  [alembic.runtime.migration] Running upgrade ec7fcfbf72ee -> dce3ec7a25c9
INFO  [alembic.runtime.migration] Running upgrade dce3ec7a25c9 -> c3a73f615e4
INFO  [alembic.runtime.migration] Running upgrade c3a73f615e4 -> 659bf3d90664
INFO  [alembic.runtime.migration] Running upgrade 659bf3d90664 -> 1df244e556f5
INFO  [alembic.runtime.migration] Running upgrade 1df244e556f5 -> 19f26505c74f
INFO  [alembic.runtime.migration] Running upgrade 19f26505c74f -> 15be73214821
INFO  [alembic.runtime.migration] Running upgrade 15be73214821 -> b4caf27aae4
INFO  [alembic.runtime.migration] Running upgrade b4caf27aae4 -> 15e43b934f81
INFO  [alembic.runtime.migration] Running upgrade 15e43b934f81 -> 31ed664953e6
INFO  [alembic.runtime.migration] Running upgrade 31ed664953e6 -> 2f9e956e7532
INFO  [alembic.runtime.migration] Running upgrade 2f9e956e7532 -> 3894bccad37f
INFO  [alembic.runtime.migration] Running upgrade 3894bccad37f -> 0e66c5227a8a
INFO  [alembic.runtime.migration] Running upgrade 0e66c5227a8a -> 45f8dd33480b
INFO  [alembic.runtime.migration] Running upgrade 45f8dd33480b -> 5abc0278ca73
INFO  [alembic.runtime.migration] Running upgrade kilo -> 30018084ec99
INFO  [alembic.runtime.migration] Running upgrade 30018084ec99 -> 4ffceebfada
INFO  [alembic.runtime.migration] Running upgrade 4ffceebfada -> 5498d17be016
INFO  [alembic.runtime.migration] Running upgrade 5498d17be016 -> 2a16083502f3
INFO  [alembic.runtime.migration] Running upgrade 2a16083502f3 -> 2e5352a0ad4d
INFO  [alembic.runtime.migration] Running upgrade 2e5352a0ad4d -> 11926bcfe72d
INFO  [alembic.runtime.migration] Running upgrade 11926bcfe72d -> 4af11ca47297
INFO  [alembic.runtime.migration] Running upgrade 4af11ca47297 -> 1b294093239c
INFO  [alembic.runtime.migration] Running upgrade 1b294093239c -> 8a6d8bdae39
INFO  [alembic.runtime.migration] Running upgrade 8a6d8bdae39 -> 2b4c2465d44b
INFO  [alembic.runtime.migration] Running upgrade 2b4c2465d44b -> e3278ee65050
INFO  [alembic.runtime.migration] Running upgrade e3278ee65050 -> c6c112992c9
INFO  [alembic.runtime.migration] Running upgrade c6c112992c9 -> 5ffceebfada
INFO  [alembic.runtime.migration] Running upgrade 5ffceebfada -> 4ffceebfcdc
INFO  [alembic.runtime.migration] Running upgrade 4ffceebfcdc -> 7bbb25278f53
INFO  [alembic.runtime.migration] Running upgrade 7bbb25278f53 -> 89ab9a816d70
INFO  [alembic.runtime.migration] Running upgrade 5abc0278ca73 -> d3435b514502
INFO  [alembic.runtime.migration] Running upgrade d3435b514502 -> 30107ab6a3ee
INFO  [alembic.runtime.migration] Running upgrade 30107ab6a3ee -> c415aab1c048
INFO  [alembic.runtime.migration] Running upgrade c415aab1c048 -> a963b38d82f4
INFO  [alembic.runtime.migration] Running upgrade 89ab9a816d70 -> c879c5e1ee90
INFO  [alembic.runtime.migration] Running upgrade c879c5e1ee90 -> 8fd3918ef6f4
INFO  [alembic.runtime.migration] Running upgrade 8fd3918ef6f4 -> 4bcd4df1f426
INFO  [alembic.runtime.migration] Running upgrade 4bcd4df1f426 -> b67e765a3524
INFO  [alembic.runtime.migration] Running upgrade a963b38d82f4 -> 3d0e74aa7d37
INFO  [alembic.runtime.migration] Running upgrade 3d0e74aa7d37 -> 030a959ceafa
INFO  [alembic.runtime.migration] Running upgrade 030a959ceafa -> a5648cfeeadf
INFO  [alembic.runtime.migration] Running upgrade a5648cfeeadf -> 0f5bef0f87d4
INFO  [alembic.runtime.migration] Running upgrade 0f5bef0f87d4 -> 67daae611b6e
INFO  [alembic.runtime.migration] Running upgrade 67daae611b6e -> 6b461a21bcfc
INFO  [alembic.runtime.migration] Running upgrade 6b461a21bcfc -> 5cd92597d11d
INFO  [alembic.runtime.migration] Running upgrade 5cd92597d11d -> 929c968efe70
INFO  [alembic.runtime.migration] Running upgrade 929c968efe70 -> a9c43481023c
INFO  [alembic.runtime.migration] Running upgrade a9c43481023c -> 804a3c76314c
INFO  [alembic.runtime.migration] Running upgrade 804a3c76314c -> 2b42d90729da
INFO  [alembic.runtime.migration] Running upgrade 2b42d90729da -> 62c781cb6192
INFO  [alembic.runtime.migration] Running upgrade 62c781cb6192 -> c8c222d42aa9
INFO  [alembic.runtime.migration] Running upgrade c8c222d42aa9 -> 349b6fd605a6
INFO  [alembic.runtime.migration] Running upgrade 349b6fd605a6 -> 7d32f979895f
INFO  [alembic.runtime.migration] Running upgrade 7d32f979895f -> 594422d373ee
INFO  [alembic.runtime.migration] Running upgrade 594422d373ee -> 61663558142c
INFO  [alembic.runtime.migration] Running upgrade 61663558142c -> 867d39095bf4, port forwarding
INFO  [alembic.runtime.migration] Running upgrade b67e765a3524 -> a84ccf28f06a
INFO  [alembic.runtime.migration] Running upgrade a84ccf28f06a -> 7d9d8eeec6ad
INFO  [alembic.runtime.migration] Running upgrade 7d9d8eeec6ad -> a8b517cff8ab
INFO  [alembic.runtime.migration] Running upgrade a8b517cff8ab -> 3b935b28e7a0
INFO  [alembic.runtime.migration] Running upgrade 3b935b28e7a0 -> b12a3ef66e62
INFO  [alembic.runtime.migration] Running upgrade b12a3ef66e62 -> 97c25b0d2353
INFO  [alembic.runtime.migration] Running upgrade 97c25b0d2353 -> 2e0d7a8a1586
INFO  [alembic.runtime.migration] Running upgrade 2e0d7a8a1586 -> 5c85685d616d
  OK
[root@openstack1 ~]# echo $?
0

查看表的数目:

[root@openstack1 ~]# mysql -h192.168.123.130 -uneutron -pneutron -e 'use neutron;show tables' |wc -l
168

15,重启nova服务和启动neutron服务以及加入自启

# 需要启动4个服务

systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl list-unit-files |grep nova |grep enabled

# 至此,控制端的neutron网络服务就安装完成,之后需要在计算节点安装网络服务组件,使计算节点可以连接到openstack集群

二,

计算节点安装neutron(在192.168.123.131服务器上操作)

1,

yum安装neutron

yum install openstack-neutron-linuxbridge ebtables ipset -y

2,

快速配置/etc/neutron/neutron.conf

#注,这里仍然需要仔细核对主机名使用的控制节点的,以及前面建立的用户密码

openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url  rabbit://openstack:RABBIT_PASS@openstack1
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri  http://openstack1:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://openstack1:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers openstack1:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password neutron
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp

3,

快速配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings  provider:ens33
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan false
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

4,

配置nova计算服务与neutron网络服务协同工作

##注,这里仍然需要仔细核对主机名使用的控制节点的,以及前面建立的用户密码

openstack-config --set /etc/nova/nova.conf neutron url http://openstack1:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://openstack1:5000
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service 
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password neutron

5,

重启计算节点

systemctl restart openstack-nova-compute.service
systemctl status openstack-nova-compute.service

6,

启动neutron网络组件,并配置开机自启动

#只需要启动1个服务,网桥代理

systemctl enable neutron-linuxbridge-agent.service
systemctl restart neutron-linuxbridge-agent.service
systemctl list-unit-files |grep neutron* |grep enabled

三,

在控制节点检查确认neutron服务安装是否成功

1,

查看扩展插件(服务端)

openstack extension list --network
输出如下;
[root@openstack1 ~]# openstack extension list --network
+-----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Name                                                                                                                                    | Alias                          | Description                                                                                                                                              |
+-----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Default Subnetpools                                                                                                                     | default-subnetpools            | Provides ability to mark and use a subnetpool as the default.                                                                                            |
| Network IP Availability                                                                                                                 | network-ip-availability        | Provides IP availability data for each network and subnet.                                                                                               |
| Network Availability Zone                                                                                                               | network_availability_zone      | Availability zone support for network.                                                                                                                   |
| Network MTU (writable)                                                                                                                  | net-mtu-writable               | Provides a writable MTU attribute for a network resource.                                                                                                |
| Port Binding                                                                                                                            | binding                        | Expose port bindings of a virtual port to external application                                                                                           |
| agent                                                                                                                                   | agent                          | The agent management extension.                                                                                                                          |
| Subnet Allocation                                                                                                                       | subnet_allocation              | Enables allocation of subnets from a subnet pool                                                                                                         |
| DHCP Agent Scheduler                                                                                                                    | dhcp_agent_scheduler           | Schedule networks among dhcp agents                                                                                                                      |
| Neutron external network                                                                                                                | external-net                   | Adds external network attribute to network resource.                                                                                                     |
| Neutron Service Flavors                                                                                                                 | flavors                        | Flavor specification for Neutron advanced services.                                                                                                      |
| Network MTU                                                                                                                             | net-mtu                        | Provides MTU attribute for a network resource.                                                                                                           |
| Availability Zone                                                                                                                       | availability_zone              | The availability zone extension.                                                                                                                         |
| Quota management support                                                                                                                | quotas                         | Expose functions for quotas management per tenant                                                                                                        |
| Tag support for resources with standard attribute: subnet, trunk, router, network, policy, subnetpool, port, security_group, floatingip | standard-attr-tag              | Enables to set tag on resources with standard attribute.                                                                                                 |
| Availability Zone Filter Extension                                                                                                      | availability_zone_filter       | Add filter parameters to AvailabilityZone resource                                                                                                       |
| If-Match constraints based on revision_number                                                                                           | revision-if-match              | Extension indicating that If-Match based on revision_number is supported.                                                                                |
| Filter parameters validation                                                                                                            | filter-validation              | Provides validation on filter parameters.                                                                                                                |
| Multi Provider Network                                                                                                                  | multi-provider                 | Expose mapping of virtual networks to multiple physical networks                                                                                         |
| Quota details management support                                                                                                        | quota_details                  | Expose functions for quotas usage statistics per project                                                                                                 |
| Address scope                                                                                                                           | address-scope                  | Address scopes extension.                                                                                                                                |
| Empty String Filtering Extension                                                                                                        | empty-string-filtering         | Allow filtering by attributes with empty string value                                                                                                    |
| Subnet service types                                                                                                                    | subnet-service-types           | Provides ability to set the subnet service_types field                                                                                                   |
| Neutron Port MAC address regenerate                                                                                                     | port-mac-address-regenerate    | Network port MAC address regenerate                                                                                                                      |
| Resource timestamps                                                                                                                     | standard-attr-timestamp        | Adds created_at and updated_at fields to all Neutron resources that have Neutron standard attributes.                                                    |
| Provider Network                                                                                                                        | provider                       | Expose mapping of virtual networks to physical networks                                                                                                  |
| Neutron Service Type Management                                                                                                         | service-type                   | API for retrieving service providers for Neutron advanced services                                                                                       |
| Neutron Extra DHCP options                                                                                                              | extra_dhcp_opt                 | Extra options configuration for DHCP. For example PXE boot options to DHCP clients can be specified (e.g. tftp-server, server-ip-address, bootfile-name) |
| Port filtering on security groups                                                                                                       | port-security-groups-filtering | Provides security groups filtering when listing ports                                                                                                    |
| Resource revision numbers                                                                                                               | standard-attr-revisions        | This extension will display the revision number of neutron resources.                                                                                    |
| Pagination support                                                                                                                      | pagination                     | Extension that indicates that pagination is enabled.                                                                                                     |
| Sorting support                                                                                                                         | sorting                        | Extension that indicates that sorting is enabled.                                                                                                        |
| security-group                                                                                                                          | security-group                 | The security groups extension.                                                                                                                           |
| RBAC Policies                                                                                                                           | rbac-policies                  | Allows creation and modification of policies that control tenant access to resources.                                                                    |
| standard-attr-description                                                                                                               | standard-attr-description      | Extension to add descriptions to standard attributes                                                                                                     |
| IP address substring filtering                                                                                                          | ip-substring-filtering         | Provides IP address substring filtering when listing ports                                                                                               |
| Port Security                                                                                                                           | port-security                  | Provides port security                                                                                                                                   |
| Allowed Address Pairs                                                                                                                   | allowed-address-pairs          | Provides allowed address pairs                                                                                                                           |
| project_id field enabled                                                                                                                | project-id                     | Extension that indicates that project_id field is enabled.                                                                                               |
| Port Bindings Extended                                                                                                                  | binding-extended               | Expose port bindings of a virtual port to external application                                                                                           |
+-----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+

2,

查看网络代理列表

这个是比较重要的,必须是四个笑脸才表示正常。控制节点三个客户端,计算节点一个客户端:

[root@openstack1 ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host       | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 0676c5ab-96ea-4f2a-83e4-85a46ecef4d4 | DHCP agent         | openstack1 | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 13976d13-5f4e-48e5-88ab-29530b6030eb | Metadata agent     | openstack1 | None              | :-)   | UP    | neutron-metadata-agent    |
| 6e5d6975-8786-4e6e-81c9-624c665c0ba7 | Linux bridge agent | openstack1 | None              | :-)   | UP    | neutron-linuxbridge-agent |
| 897083ed-e704-4dfc-96b3-8c2dd721be83 | Linux bridge agent | openstack2 | None              | :-)   | UP    | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+

OK,neutron服务安装完毕

文章标签:
云数据库 RDS MySQL 版
云计算
数据安全/隐私保护
Linux
数据库
API
关键词:
网络服务
云计算服务
网络部署
云计算网络服务
安装网络
相关实践学习
如何在云端创建MySQL数据库
开始实验后,系统会自动创建一台自建MySQL的 源数据库 ECS 实例和一台 目标数据库 RDS。
全面了解阿里云能为你做什么
阿里云在全球各地部署高效节能的绿色数据中心,利用清洁计算为万物互联的新世界提供源源不断的能源动力,目前开服的区域包括中国(华北、华东、华南、香港)、新加坡、美国(美东、美西)、欧洲、中东、澳大利亚、日本。目前阿里云的产品涵盖弹性计算、数据库、存储与CDN、分析与搜索、云通信、网络、管理与监控、应用服务、互联网中间件、移动服务、视频服务等。通过本课程,来了解阿里云能够为你的业务带来哪些帮助     相关的阿里云产品:云服务器ECS 云服务器 ECS(Elastic Compute Service)是一种弹性可伸缩的计算服务,助您降低 IT 成本,提升运维效率,使您更专注于核心业务创新。产品详情: https://www.aliyun.com/product/ecs
晚风_END
目录
相关文章
李杰-@yd
|
24天前
|
存储 Serverless 数据库
科普文:云计算服务类型IaaS, PaaS, SaaS, BaaS, Faas说明
本文介绍了云计算服务的几种主要类型,包括IaaS(基础设施即服务)、PaaS(平台即服务)、SaaS(软件即服务)、BaaS(后端即服务)和FaaS(函数即服务)。每种服务模式提供了不同的服务层次和功能,从基础设施的提供到应用的开发和运行,再到软件的交付使用,满足了企业和个人用户在不同场景下的需求。文章详细阐述了每种服务模式的特点、优势和缺点,并列举了相应的示例。云计算服务的发展始于21世纪初,随着互联网技术的普及,这些服务模式不断演进,为企业和个人带来了高效、灵活的解决方案。然而,使用这些服务时也需要注意服务的稳定性、数据安全性和成本等问题。
李杰-@yd
552 3
wljslmz
|
1月前
|
边缘计算 安全 网络安全
微软大力推进云计算,Windows Server 更新服务暂停!
【10月更文挑战第4天】
wljslmz
67 4
微软大力推进云计算,Windows Server 更新服务暂停!
游客5fdji2pvmf8888
|
1月前
|
存储 安全 网络安全
云端盾牌:云计算时代的网络安全守护在数字化浪潮中,云计算以其高效、灵活的特性成为企业转型的加速器。然而,伴随其迅猛发展,网络安全问题亦如影随形,成为悬在每个组织头顶的达摩克利斯之剑。本文旨在探讨云计算服务中的网络安全挑战,分析信息安全的重要性,并提出相应对策,以期为企业构建一道坚实的云端防护网。
在当今这个数据驱动的时代,云计算已成为推动创新与效率的关键力量。它允许用户随时随地访问强大的计算资源,降低了企业的运营成本,加速了产品上市时间。但随之而来的网络威胁也日益猖獗,尤其是对于依赖云服务的企业而言,数据泄露、身份盗用等安全事件频发,不仅造成经济损失,更严重损害品牌信誉。本文深入剖析云计算环境中的安全风险,强调建立健全的信息安全管理机制的重要性,并分享一系列有效策略,旨在帮助企业和个人用户在享受云服务带来的便利的同时,也能构筑起强有力的网络防线。
游客5fdji2pvmf8888
79 2
131王
|
2月前
|
机器学习/深度学习 安全 网络安全
云端盾牌:云计算时代的网络安全守护在这个数字脉搏加速跳动的时代,云计算以其高效、灵活的特性,成为推动企业数字化转型的强劲引擎。然而,正如每枚硬币都有两面,云计算的广泛应用也同步放大了网络安全的风险敞口。本文旨在探讨云计算服务中网络安全的关键作用,以及如何构建一道坚不可摧的信息防线,确保数据的安全与隐私。
云计算作为信息技术领域的革新力量,正深刻改变着企业的运营模式和人们的生活。但在享受其带来的便利与效率的同时,云服务的安全问题不容忽视。从数据泄露到服务中断,每一个安全事件都可能给企业和个人带来难以估量的损失。因此,本文聚焦于云计算环境下的网络安全挑战,分析其根源,并提出有效的防护策略,旨在为云服务的安全使用提供指导和参考。
131王
71 8
zhanbao
|
2月前
|
云安全 安全 网络安全
探索云计算与网络安全的共生之道在数字化浪潮席卷全球的今天,云计算作为信息技术的一大革新,正重塑着企业的运营模式与服务交付。然而,随着云服务的普及,网络安全与信息安全的挑战也日益凸显,成为制约其发展的关键因素。本文旨在深入探讨云计算环境下的网络安全问题,分析云服务、网络安全及信息安全之间的相互关系,并提出相应的解决策略,以期为构建一个更安全、可靠的云计算生态系统提供参考。
本文聚焦于云计算环境中的网络安全议题,首先界定了云服务的基本概念及其广泛应用领域,随后剖析了当前网络安全面临的主要威胁,如数据泄露、身份盗用等,并强调了信息安全在维护网络空间秩序中的核心地位。通过对现有安全技术和策略的评估,包括加密技术、访问控制、安全审计等,文章指出了这些措施在应对复杂网络攻击时的局限性。最后,提出了一系列加强云计算安全的建议,如采用零信任架构、实施持续的安全监控与自动化响应机制、提升员工的安全意识教育以及制定严格的合规性标准等,旨在为云计算的安全可持续发展提供实践指南。
zhanbao
75 0
真的很搞笑
|
3月前
|
安全 云计算
云计算演进问题之自服务能力在云计算中扮演角色如何解决
云计算演进问题之自服务能力在云计算中扮演角色如何解决
真的很搞笑
52 3
土木林森
|
3月前
|
SQL 数据管理 关系型数据库
SQL与云计算:利用云数据库服务实现高效数据管理——探索云端SQL应用、性能优化、安全性与成本效益,为企业数字化转型提供全方位支持
【8月更文挑战第31天】在数字化转型中,企业对高效数据管理的需求日益增长。传统本地数据库存在局限,而云数据库服务凭借自动扩展、高可用性和按需付费等优势,成为现代数据管理的新选择。本文探讨如何利用SQL和云数据库服务(如Amazon RDS、Google Cloud SQL和Azure SQL Database)实现高效的数据管理。通过示例和最佳实践,展示SQL在云端的应用、性能优化、安全性及成本效益,助力企业提升竞争力。
土木林森
65 0
不良使
|
网络协议 Linux 网络安全
openstack 云平台一体化部署(超详细)
openstack 云平台一体化部署(超详细)
不良使
1268 0
openstack 云平台一体化部署(超详细)
pbeskoyq7ffm4
|
3月前
|
消息中间件 缓存 Shell
跟我一起来学OpenStack部署
跟我一起来学OpenStack部署
pbeskoyq7ffm4
277 0
shudiFu
|
4月前
|
存储 数据安全/隐私保护 Docker
Kolla-ansible部署openStack
Kolla-ansible部署openStack
shudiFu
403 11

热门文章

最新文章

  • 1
    揭秘2017双11背后的网络-双11的网络产品和技术概览
  • 2
    【深度神经网络 One-shot Learning】孪生网络少样本精准分类
  • 3
    互联网进病毒高发期 黑客瞄准网络春晚
  • 4
    网络运维团队如何应对最新的黑客威胁?
  • 5
    政策力推网络安全建设 千亿市场空间有望打开
  • 6
    默认网关详解:网络通信的无声守护者
  • 7
    从头训练一个神经网络!教它学会莫奈风格作画!⛵
  • 8
    监控网络(nethogs)
  • 9
    网络管理自动化之一、SMS服务器的安装准备工作详解
  • 10
    美国国家安全局网络武器被公开,微软宣布已修复可攻破的 Windows 漏洞
  • 1
    云端之盾:构筑云计算环境下的网络安全防线
    46
  • 2
    云端防御战线:云计算与网络安全的同步进化
    51
  • 3
    探索云计算中的无服务器架构:从概念到实践
    120
  • 4
    构筑安全之云:云计算环境下的网络安全与信息保护
    57
  • 5
    云计算与网络安全:保障信息安全的新挑战与应对策略
    401
  • 6
    从 Redis 开源协议变更看开源软件与云计算巨头之间的竞争博弈
    80
  • 7
    云端防御:云计算环境中的网络安全策略与实践
    69
  • 8
    云端防御战线:云计算与网络安全的协同进化
    52
  • 9
    云计算在企业中的应用与实践
    558
  • 10
    云端之盾:构建云计算环境下的网络安全防线
    89

    • 相关课程

    更多
  • 场景实践- 新手玩转云计算-创建炫酷的简历网页
  • 场景实践- 新手玩转云计算-搭建个人博客

    • 相关电子书

    更多
  • 云计算中的数据安全
  • 汇聚云计算的生态核能——云市场,云上APP Store
  • 天气风险管理的过去、现在与未来——基于大数据和云计算的天气风险管理

    • 相关实验场景

    更多
  • 部署并使用Docker(AlibabaCloud Linux 3)
  • 安装配置Terraform环境
  • 基于ROS快速部署LNMP环境(CentOS 7)
  • 手动部署MySQL数据库(Alibaba Cloud Linux 2)
  • 部署并使用Docker(Alibaba Cloud Linux 3)
  • 部署并使用Docker(Alibaba Cloud Linux 2)
    • 下一篇
    阿里云OSS设置跨域访问