这一节主要描述在controller节点上安装Neutron服务。
1、配置前的准备工作
在你安装配置Neutron前,首先得创建neutron数据库、服务凭证与API端点
a、创建数据库,完成以下工作
使用数据库客户端登陆数据库服务器
mysql -u root -p
创建neutron数据库
CREATE DATABASE neutron;
赋予足够的访问权限
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'NEUTRON_DBPASS'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'NEUTRON_DBPASS';
使用自己的密码替换‘NEUTRON_DBPASS’
退出数据库。
b、source admin-openrc.sh,定义相应全局变量
source admin-openrc.sh
c、创建服务凭证,完成如下步骤:
创建neutron用户:
$openstack user create --password-prompt neutron User Password: Repeat User Password: +----------+----------------------------------+ | Field | Value | +----------+----------------------------------+ | email | None | | enabled | True | | id | 7b7f5e256c70453facc9e9d2cbe9c878 | | name | neutron | | username | neutron | +----------+----------------------------------+
为neutron用户添加admin角色
$openstack role add --project service --user neutron admin +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | e989438490a34b34b4e185eb38ddc23a | | name | admin | +-------+----------------------------------+
创建neutron服务实体
$openstack service create --name neutron --description "OpenStack Networking" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | a96dd74abcb64064bdc05f0ba90b27b4 | | name | neutron | | type | network | +-------------+----------------------------------+
创建网络服务的API端点
$ openstack endpoint create \ --publicurl http://controller:9696 \ --adminurl http://controller:9696 \ --internalurl http://controller:9696 \ --region RegionOne network +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | adminurl | http://controller:9696 | | id | 0ac360757223423b9611f3e7a172e5f4 | | internalurl | http://controller:9696 | | publicurl | http://controller:9696 | | region | RegionOne | | service_id | a96dd74abcb64064bdc05f0ba90b27b4 | | service_name | neutron | | service_type | network | +--------------+----------------------------------+
2、在controller上安装neutron
安装neutron
git clone git://git.openstack.org/openstack/neutron cd neutron pip install -r requirements.txt python setup.py install
新建/etc/neutron,拷贝配置文件
mkdir /etc/neutron cp -r ./etc/* /etc/neutron/
新建/var/log/neutron 及用户neutron,并修改文件夹权限
mkdir /var/log/neutron useradd neutron chown -R neutron:neutron /var/log/neutron
3、配置网络服务组建
网络服务组建的配置包括数据库、认证服务、消息队列、拓扑变化通知与插件。
配置/etc/neutron/neutron.conf文件,完成如下步骤:
a、 配置[database]区,配置数据库的访问:
[database] ... connection = mysql://neutron:NEUTRON_DBPASS@controller/neutron
将NEUTRON_DBPASS替换为自己的数据库密码
b、配置[default]区、[oslo_messaging_rabbit],配置消息队列的访问
[DEFAULT] ... rpc_backend = rabbit [oslo_messaging_rabbit] ... rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS
将RABBIT_PASS替换为自己的数据库密码
c、配置[DEFAULT]、[keystone_authtoken]区,配置认证服务的访问:
[DEFAULT] ... auth_strategy = keystone [keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = NEUTRON_PASS
将NEUTRON_PASS替换为自己的密码
d、配置[DEFAULT]区,使能ml2插件、路由服务、浮动IP
[DEFAULT] ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = True
e、在[DEFAULT]区、[nova]区配置网络发生变化时的通告
[DEFAULT] ... notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://controller:8774/v2 [nova] ... auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = nova password = NOVA_PASS
f、配置verbose 与log_path
[DEFAULT] ... verbose = True ... log_dir = /var/log/neutron
4、配置二层插件ML2
ML2插件使用OpenVswitch、代理操作虚拟网络架构的网络。在controller节点中,一般不用操作实例的网络,所有不需要OVS。
编辑/etc/neutron/neutron/plugins/ml2/ml2_conf.ini,完成如下步骤:
a、在[ml2]区,使得flat、VLAN、GRE、VXLAN网络类型的驱动,租户网络类型为GRE,采用OpenVswitch机制
[ml2] ... type_drivers = flat,vlan,gre,vxlan tenant_network_types = gre mechanism_drivers = openvswitch
b、在[ml2_type_gre]区配置隧道id的范围:
[ml2_type_gre] ... tunnel_id_ranges = 1:1000
c、在[securitygroup]配置如下,使能ipset、配置OVS防火墙驱动
[securitygroup] ... enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
5、配置Nova使用Neutron网络
默认情况下,Nova使用传统网络,你必须重新配置Nova来使用Neutron。
在controller节点上,编辑/etc/nova/nova.conf,完成如下步骤:
a、在[DEFAULT]配置APIs与驱动
[DEFAULT] ... network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver
注意:默认情况下,Nova使用内部防火墙服务。因为Neutron包括了防火墙服务,这里我们使用nova.virt.firewall.NoopFirewallDriver将其禁止。
b、在[neutron]区,配置访问参数
[neutron] ... url = http://controller:9696 auth_strategy = keystone admin_auth_url = http://controller:35357/v2.0 admin_tenant_name = service admin_username = neutron admin_password = NEUTRON_PASS
将NEUTRON_PASS换成你的密码。
6、完成安装
网络服务的初始化脚本包含了一个指向/etc/neutron/neutron/plugins/ml2/ml2_conf.ini的 /etc/neutron/plugin.ini文件,所以使用如下命令生产软链接
ln -s /etc/neutron/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
生成数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
创建启动脚本,新建/usr/lib/systemd/system/neutron-server.service,写入如下内容
[Unit] Description=OpenStack Neutron Server After=syslog.target network.target [Service] Type=notify User=neutron ExecStart=/usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini --config-dir /etc/neutron/conf.d/neutron-server --log-file /var/log/neutron/server.log PrivateTmp=true NotifyAccess=all KillMode=process [Install] WantedBy=multi-user.target
重启nova部分服务
$systemctl restart nova-api.service nova-scheduler.service nova-conductor.service
设置开机启动与启动服务
$ systemctl enable neutron-server.service $ systemctl start neutron-server.service
7、验证安装
a、加载admin-openrc.sh,设置全局变量
$ source admin-openrc.sh
b、显示extension验证成功启动neutron-server
neutron ext-list +-----------------------+-----------------------------------------------+ | alias | name | +-----------------------+-----------------------------------------------+ | dns-integration | DNS Integration | | address-scope | Address scope | | ext-gw-mode | Neutron L3 Configurable external gateway mode | | binding | Port Binding | | agent | agent | | subnet_allocation | Subnet Allocation | | l3_agent_scheduler | L3 Agent Scheduler | | external-net | Neutron external network | | flavors | Neutron Service Flavors | | net-mtu | Network MTU | | availability_zone | Availability Zone | | quotas | Quota management support | | l3-ha | HA Router extension | | provider | Provider Network | | multi-provider | Multi Provider Network | | extraroute | Neutron Extra Route | | extra_dhcp_opt | Neutron Extra DHCP opts | | security-group | security-group | | dhcp_agent_scheduler | DHCP Agent Scheduler | | rbac-policies | RBAC Policies | | router | Neutron L3 Router | | allowed-address-pairs | Allowed Address Pairs | | dvr | Distributed Virtual Router | +-----------------------+-----------------------------------------------+