openstack笔记(七)：网络组件（Neutron）部署

1.组件详解

作用：通过插件的方式给OpenStack提供网络

常见组件：

neutron-server：接收API请求并转交给适当的网络插件来执行操作

neutron database：存储网络相关参数信息的neutron数据库

neutron-dhcp-agent：向所有Project网络提供动态主机配置协议（DHCP）服务

neutron-l3-agent：执行L3/网络地址转换（NAT）转发，以支持网络访问租户网络上的VM

neutron-l2-agent：二层网络插件

neutron-3rd party plugin:第三方网络插件

流程详解：

请求： nova-compute -> neutron-server -> neutron database(admin)

配置： neutron-server -> queue -> neutron-plugins -> queue -> compute plugin -> vm实例创建网络

2.控制节点部署

• 数据库配置

$ mysql -u root -p
MariaDB [(none)] CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost'  IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%'  IDENTIFIED BY 'neutron';
复制代码

• 软件安装

# yum install openstack-neutron openstack-neutron-ml2  openstack-neutron-linuxbridge ebtables
复制代码

• 配置文件

vim /etc/neutron/neutron.conf 
[database]
# ...
connection = mysql+pymysql://neutron:neutron@controller/neutron
[DEFAULT]
# 配置二层网络模块 Modular Layer2（ML2）核心插件和服务插件
core_plugin = ml2
service_plugins =
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@controller
[DEFAULT]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[DEFAULT]
# 配置nova的通知配置
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[nova]
# 配置nova服务的keystone配置信息
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
# 锁文件路径
lock_path = /var/lib/neutron/tmp
复制代码

vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
# 开启插件驱动
type_drivers = flat,vlan
[ml2]
# 配置项目的网络类型
tenant_network_types =
[ml2]
# 设置物理网卡的驱动为linuxbridge
mechanism_drivers = linuxbridge
[ml2]
# 扩展驱动打开端口安全
extension_drivers = port_security
[ml2_type_flat]
# 设置扁平网络类型为提供者网络
flat_networks = provider
[securitygroup]
# 开启ipset功能
enable_ipset = true
复制代码

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth0
# 此处的provider应与ml2_conf.ini文件中flat_networks配置项后面的内容一致
# 同处于provider网络的主机，都使用本机的eth0来进行通信
[vxlan]
# 关闭vxlan功能
enable_vxlan = false
[securitygroup]
# 在安全组中，设置防火墙驱动
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
复制代码

vim  /etc/neutron/dhcp_agent.ini
[DEFAULT]
# 设置驱动接口
interface_driver = linuxbridge
# 设置dhcp驱动
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
# 开启元数据功能
enable_isolated_metadata = true
复制代码

vim /etc/neutron/metadata_agent.ini 
[DEFAULT]
# 配置nova元数据存储主机地址
nova_metadata_host = controller
# 配置元数据共享秘钥
metadata_proxy_shared_secret = openstack
复制代码

vim /etc/nova/nova.conf
[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = openstack
# 此处的openstack和metadata_agent.ini配置文件metadata_proxy_shared_secret项的属性值一致
复制代码

• 数据同步

ml2初始化配置

# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

neutron数据库同步

# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

• 认证配置

source admin-openstack.sh
openstack user create --domain default --password neutron neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne  network public http://controller:9696
openstack endpoint create --region RegionOne  network internal http://controller:9696
openstack endpoint create --region RegionOne  network admin http://controller:9696
复制代码

• 验证效果

# 重启计算节点服务
systemctl restart openstack-nova-api.service
# 设置网络服务自启
systemctl enable neutron-server.service 
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service 
  neutron-metadata-agent.service
systemctl start neutron-server.service  neutron-linuxbridge-agent.service neutron-dhcp-agent.service  neutron-metadata-agent.service
# 验证network状态
openstack network agent list
复制代码

3.计算节点部署

• 软件安装

# conntrack-tools官方没有说明
# yum install openstack-neutron-linuxbridge ebtables ipset conntrack-tools
复制代码

• 配置文件

vim /etc/neutron/neutron.conf
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@controller
[DEFAULT]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
复制代码

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini 
[linux_bridge]
physical_interface_mappings = provider:eth0
[vxlan]
enable_vxlan = false
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
复制代码

vim /etc/nova/nova.conf
[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
复制代码

重启服务

# systemctl restart openstack-nova-compute.service
# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service
# 重启libvirt服务
systemctl restart libvirtd.service
复制代码

• 验证效果

回到controller查看所有的网络客户端

openstack network agent list

查看所有的计算节点服务

openstack compute service list