Centos7安装部署openstack--Networking 网络服务（控制节点）

一、概述

　　OpenStack Networking（neutron），允许创建、插入接口设备，这些设备由其他的OpenStack服务管理。插件式的实现可以容纳不同的网络设备和软件，为OpenStack架构与部署提供了灵活性。

　　它包含下列组件：

　　　　neutron-server：接收和响应外部的网络管理请求

　　　　neutron-linuxbridge-agent：负责创建桥接网卡

　　　　neutron-dhcp-agent：负责分配IP

　　　　neutron-metadata-agent：配合nova-metadata-api实现虚拟机的定制化操作

　　　　L3-agent：实现三层网络vxlan（网络层）

二、安装服务

　　1、创库授权

 CREATE DATABASE neutron;
 GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' 
  IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' 
  IDENTIFIED BY 'NEUTRON_DBPASS';

　　2、在keystone上创建用户（glance、nova、neutron）关联角色。

 openstack user create --domain default --password NEUTRON_PASS neutron
 openstack role add --project service --user neutron admin

　　3、在keystone上创建服务和注册api

 openstack service create --name neutron  --description "OpenStack Networking" network    创建``neutron``服务实体
 openstack endpoint create --region RegionOne network public http://controller:9696       创建网络服务API端点
 openstack endpoint create --region RegionOne network internal http://controller:9696     创建网络服务API端点
 openstack endpoint create --region RegionOne network admin http://controller:9696        创建网络服务API端点

　　4、安装服务响应的软件包

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

　　5、修改配置文件

　　　　1、修改/etc/neutron/neutron.conf

  cp /etc/neutron/neutron.conf{,.bak}
  grep '^[a-z[]' /etc/neutron/neutron.conf.bak >/etc/neutron/neutron.conf
  
  openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
  openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins 
  openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
  openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
  openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
  openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes  True
  openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
  openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
  openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
  openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
  openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
  openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
  openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name  default
  openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
  openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
  openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS
  openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
  openstack-config --set /etc/neutron/neutron.conf nova auth_type password
  openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
  openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
  openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
  openstack-config --set /etc/neutron/neutron.conf nova project_name service
  openstack-config --set /etc/neutron/neutron.conf nova username nova
  openstack-config --set /etc/neutron/neutron.conf nova password NOVA_PASS
  openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
  openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
  openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
  openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password RABBIT_PASS

　　　　2、修改/etc/neutron/plugins/ml2/ml2_conf.ini

  cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
  grep '^[a-z[]' /etc/neutron/plugins/ml2/ml2_conf.ini.bak >/etc/neutron/plugins/ml2/ml2_conf.ini
  openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan
  openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types 
  openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge
  openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
  openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider
  openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True

　　　　3、修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini

  cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
  grep '^[a-z[]' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak >/etc/neutron/plugins/ml2/linuxbridge_agent.ini
  openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:ens33
  openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan False
  openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True
  openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

　　　　4、修改/etc/neutron/dhcp_agent.ini文件

  cp /etc/neutron/dhcp_agent.ini{,.bak}
  grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.bak >/etc/neutron/dhcp_agent.ini
  openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
  openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
  openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True

 　　　　5、修改/etc/neutron/metadata_agent.ini文件

 cp /etc/neutron/metadata_agent.ini{,.bak}
 grep -Ev '^$|#' /etc/neutron/metadata_agent.ini.bak >/etc/neutron/metadata_agent.ini
 openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip controller
 openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret METADATA_SECRET

　　　　6、再次修改/etc/nova/nova.conf文件

 openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
 openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
 openstack-config --set /etc/nova/nova.conf neutron auth_type password
 openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
 openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
 openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
 openstack-config --set /etc/nova/nova.conf neutron project_name service
 openstack-config --set /etc/nova/nova.conf neutron username neutron
 openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS
 openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy True
 openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret METADATA_SECRET

　　　　7、同步数据库

 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
 su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

 　　　　同步成功！！！

　　　　8、验证查看数据库

 mysql neutron -e 'show tables;'

三、启动服务

　　1、重启计算服务

systemctl restart openstack-nova-api.service

　　2、加入自启动

  systemctl enable neutron-server.service 
  neutron-linuxbridge-agent.service 
  neutron-dhcp-agent.service 
  neutron-metadata-agent.service

　　3、启动服务

  systemctl start neutron-server.service 
  neutron-linuxbridge-agent.service 
  neutron-dhcp-agent.service 
  neutron-metadata-agent.service

　　4、验证服务

neutron agent-list