安装与配置Neutron1

这一节主要描述在controller节点上安装Neutron服务。

1、配置前的准备工作

在你安装配置Neutron前,首先得创建neutron数据库、服务凭证与API端点

a、创建数据库,完成以下工作

使用数据库客户端登陆数据库服务器

   

mysql -u root -p

创建neutron数据库

CREATE DATABASE neutron;

赋予足够的访问权限

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY 'NEUTRON_DBPASS';

使用自己的密码替换‘NEUTRON_DBPASS’

退出数据库。


 b、source admin-openrc.sh,定义相应全局变量

source admin-openrc.sh

     

 c、创建服务凭证,完成如下步骤:

创建neutron用户:

$openstack user create --password-prompt neutron
User Password:
Repeat User Password:
+----------+----------------------------------+
| Field    | Value                            |
+----------+----------------------------------+
| email    | None                             |
| enabled  | True                             |
| id       | 7b7f5e256c70453facc9e9d2cbe9c878 |
| name     | neutron                          |
| username | neutron                          |
+----------+----------------------------------+

     

为neutron用户添加admin角色

$openstack role add --project service --user neutron admin
+-------+----------------------------------+
| Field | Value                            |
+-------+----------------------------------+
| id    | e989438490a34b34b4e185eb38ddc23a |
| name  | admin                            |
+-------+----------------------------------+

创建neutron服务实体

$openstack service create --name neutron   --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | a96dd74abcb64064bdc05f0ba90b27b4 |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+



创建网络服务的API端点

$ openstack endpoint create \
   --publicurl http://controller:9696 \
   --adminurl http://controller:9696 \
   --internalurl http://controller:9696 \
   --region RegionOne  network +--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| adminurl     | http://controller:9696           |
| id           | 0ac360757223423b9611f3e7a172e5f4 |
| internalurl  | http://controller:9696           |
| publicurl    | http://controller:9696           |
| region       | RegionOne                        |
| service_id   | a96dd74abcb64064bdc05f0ba90b27b4 |
| service_name | neutron                          |
| service_type | network                          |
+--------------+----------------------------------+

2、在controller上安装neutron

安装neutron

git clone git://git.openstack.org/openstack/neutron cd neutron
pip install -r requirements.txt
python setup.py install

新建/etc/neutron,拷贝配置文件

mkdir /etc/neutron
cp  -r ./etc/*  /etc/neutron/

新建/var/log/neutron 及用户neutron,并修改文件夹权限

mkdir  /var/log/neutron
useradd neutron
chown -R neutron:neutron /var/log/neutron


3、配置网络服务组建

网络服务组建的配置包括数据库、认证服务、消息队列、拓扑变化通知与插件。

配置/etc/neutron/neutron.conf文件,完成如下步骤:

a、 配置[database]区,配置数据库的访问:

[database]
...
connection = mysql://neutron:NEUTRON_DBPASS@controller/neutron

将NEUTRON_DBPASS替换为自己的数据库密码

b、配置[default]区、[oslo_messaging_rabbit],配置消息队列的访问

[DEFAULT]
...
rpc_backend = rabbit
 
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS

将RABBIT_PASS替换为自己的数据库密码

c、配置[DEFAULT]、[keystone_authtoken]区,配置认证服务的访问:

[DEFAULT]
...
auth_strategy = keystone
 
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = NEUTRON_PASS

将NEUTRON_PASS替换为自己的密码

d、配置[DEFAULT]区,使能ml2插件、路由服务、浮动IP

[DEFAULT]
...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True

    

 e、在[DEFAULT]区、[nova]区配置网络发生变化时的通告

[DEFAULT]
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
 
[nova]
...
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS

     

 f、配置verbose 与log_path

[DEFAULT]
...
verbose = True
...
log_dir = /var/log/neutron

    


4、配置二层插件ML2

ML2插件使用OpenVswitch、代理操作虚拟网络架构的网络。在controller节点中,一般不用操作实例的网络,所有不需要OVS。

编辑/etc/neutron/neutron/plugins/ml2/ml2_conf.ini,完成如下步骤:

 a、在[ml2]区,使得flat、VLAN、GRE、VXLAN网络类型的驱动,租户网络类型为GRE,采用OpenVswitch机制

[ml2]
...
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch

 b、在[ml2_type_gre]区配置隧道id的范围:

[ml2_type_gre]
...
tunnel_id_ranges = 1:1000

 c、在[securitygroup]配置如下,使能ipset、配置OVS防火墙驱动

[securitygroup]
...
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver


5、配置Nova使用Neutron网络

默认情况下,Nova使用传统网络,你必须重新配置Nova来使用Neutron。

在controller节点上,编辑/etc/nova/nova.conf,完成如下步骤:

a、在[DEFAULT]配置APIs与驱动

[DEFAULT]
...
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver

注意:默认情况下,Nova使用内部防火墙服务。因为Neutron包括了防火墙服务,这里我们使用nova.virt.firewall.NoopFirewallDriver将其禁止。

b、在[neutron]区,配置访问参数

[neutron]
...
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = NEUTRON_PASS

将NEUTRON_PASS换成你的密码。


6、完成安装

网络服务的初始化脚本包含了一个指向/etc/neutron/neutron/plugins/ml2/ml2_conf.ini的 /etc/neutron/plugin.ini文件,所以使用如下命令生产软链接

ln -s /etc/neutron/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

生成数据库

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

创建启动脚本,新建/usr/lib/systemd/system/neutron-server.service,写入如下内容

[Unit]
Description=OpenStack Neutron Server
After=syslog.target network.target

[Service]
Type=notify
User=neutron
ExecStart=/usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini --config-dir /etc/neutron/conf.d/neutron-server --log-file /var/log/neutron/server.log
PrivateTmp=true
NotifyAccess=all
KillMode=process

[Install]
WantedBy=multi-user.target

重启nova部分服务

$systemctl restart nova-api.service nova-scheduler.service nova-conductor.service

设置开机启动与启动服务

$ systemctl enable neutron-server.service
$ systemctl start neutron-server.service

7、验证安装

a、加载admin-openrc.sh,设置全局变量

$ source admin-openrc.sh

b、显示extension验证成功启动neutron-server

neutron ext-list
+-----------------------+-----------------------------------------------+
| alias                 | name                                          |
+-----------------------+-----------------------------------------------+
| dns-integration       | DNS Integration                               |
| address-scope         | Address scope                                 |
| ext-gw-mode           | Neutron L3 Configurable external gateway mode |
| binding               | Port Binding                                  |
| agent                 | agent                                         |
| subnet_allocation     | Subnet Allocation                             |
| l3_agent_scheduler    | L3 Agent Scheduler                            |
| external-net          | Neutron external network                      |
| flavors               | Neutron Service Flavors                       |
| net-mtu               | Network MTU                                   |
| availability_zone     | Availability Zone                             |
| quotas                | Quota management support                      |
| l3-ha                 | HA Router extension                           |
| provider              | Provider Network                              |
| multi-provider        | Multi Provider Network                        |
| extraroute            | Neutron Extra Route                           |
| extra_dhcp_opt        | Neutron Extra DHCP opts                       |
| security-group        | security-group                                |
| dhcp_agent_scheduler  | DHCP Agent Scheduler                          |
| rbac-policies         | RBAC Policies                                 |
| router                | Neutron L3 Router                             |
| allowed-address-pairs | Allowed Address Pairs                         |
| dvr                   | Distributed Virtual Router                    |
+-----------------------+-----------------------------------------------+

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
永久连接: http://www.nfvschool.cn/?p=372
标签:

发表评论