Openstack（十一）部署網絡服務neutron（控制節點）

11.1neutron服務介紹

neutron是openstack的網絡組件，是OpenStack的網絡服務，Openstack在2010年正式發佈它的第一個版本Austin的時候，nova-network做爲它的核心組件被包含其中，由於商標侵權的緣由，Openstack在Havana版本上將Quantum(美國昆騰公司, 昆騰公司的硬盤驅動器業務於2000年4月2日被邁拓(Maxtor)公司收購，隨後邁拓於2005年被希捷(Seagate)收購)改名爲Neutron，如下是網絡的簡單介紹：

網絡：在顯示的網絡環境中咱們使用交換機將多個計算機鏈接起來從而造成了網絡，而在neutron的環境裏，網絡的功能也是將多個不一樣的雲主機鏈接起來。

子網：是現實的網絡環境下能夠將一個網絡劃分紅多個邏輯上的子網絡，從而實現網絡隔離，在neutron裏面子網也是屬於網絡。

端口：計算機鏈接交換機經過網線連，而網線插在交換機的不一樣端口，在neutron裏面端口屬於子網，即每一個雲主機的子網都會對應到一個端口。

路由器：用於鏈接不通的網絡或者子網。

下面是插件圖：

 

網絡類型：

提供者網絡：虛擬機橋接到物理機，而且虛擬機必須和物理機在同一個網絡範圍內。

自服務網絡：能夠本身建立網絡，最終會經過虛擬路由器鏈接外網

11.2數據庫準備

11.2.1 SQL服務器建立數據庫並受權：

# mysql

> CREATE DATABASE neutron;

> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%'  IDENTIFIED BY 'neutron123';

> flush privileges;

11.2.2控制端測試鏈接

# mysql -uneutron -pneutron123 -h192.168.10.100

11.3建立neutron服務並註冊

11.3.1建立neutron服務：

# openstack service create --name neutron --description "OpenStack Networking" network

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | OpenStack Networking             |

| enabled     | True                             |

| id          | 154c0450a2be4a8fa0d8819e5f045bc0 |

| name        | neutron                          |

| type        | network                          |

+-------------+----------------------------------+

11.3.2註冊公共端點

# openstack endpoint create --region RegionOne  network public http://192.168.10.100:9696

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | ba022a5dd78c469bb4f82bc655d84720 |

| interface    | public                           |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 154c0450a2be4a8fa0d8819e5f045bc0 |

| service_name | neutron                          |

| service_type | network                          |

| url          | http://192.168.10.100:9696       |

+--------------+----------------------------------+

11.3.3註冊私有端點

# openstack endpoint create --region RegionOne  network internal http://192.168.10.100:9696

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | b608eee2d21a4808953e5a9a9e761e92 |

| interface    | internal                         |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 154c0450a2be4a8fa0d8819e5f045bc0 |

| service_name | neutron                          |

| service_type | network                          |

| url          | http://192.168.10.100:9696       |

+--------------+----------------------------------+

11.3.4註冊管理端點

# openstack endpoint create --region RegionOne  network admin http://192.168.10.100:9696

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 00a1f952c49348e09f4ebfeb20233825 |

| interface    | admin                            |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 154c0450a2be4a8fa0d8819e5f045bc0 |

| service_name | neutron                          |

| service_type | network                          |

| url          | http://192.168.10.100:9696       |

+--------------+----------------------------------+

11.3.5驗證端點添加成功

 

11.4配置haproxy負載

11.4.1配置haproxy

# vim /etc/haproxy/haproxy.cfg

listen neutron

    bind 192.168.10.100:9696

    mode tcp

    log global

    balance source

    server neutron-server 192.168.10.201:9696 check inter 5000 rise 3 fall 3

#重啓haproxy

# systemctl  restart haproxy

11.4.2驗證端口

11.5安裝neutron控制端

# yum install -y openstack-neutron openstack-neutron-ml2   openstack-neutron-linuxbridge ebtables

11.6配置neutron服務

11.6.1編輯neutron.conf

# vim /etc/neutron/neutron.conf

[DEFAULT]

766 connection = mysql+pymysql://neutron:neutron123@192.168.10.100/neutron

30 core_plugin = ml2

33 service_plugins =

570 transport_url = rabbit://openstack:123456@192.168.10.205

27 auth_strategy = keystone

99 notify_nova_on_port_status_changes = true

103 notify_nova_on_port_data_changes = true

846 [keystone_authtoken]

 847 auth_uri = http://192.168.10.100:5000

 848 auth_url = http://192.168.10.100:35357

 849 memcached_servers = 192.168.10.100:11211

 850 auth_type = password

 851 project_domain_name = default

 852 user_domain_name = default

 853 project_name = service

 854 username = neutron

 855 password = neutron

1075 [nova]

1076 auth_url = http://192.168.10.100:35357

1077 auth_type = password

1078 project_domain_name = default

1079 user_domain_name = default

1080 region_name = RegionOne

1081 project_name = service

1082 username = nova

1083 password = nova

[oslo_concurrency]

1197 lock_path = /var/lib/neutron/tmp

11.6.2Modular Layer2

# ML2插件使用Linuxbridge機制來爲實例建立layer－2虛擬網絡基礎設施

# vim /etc/neutron/plugins/ml2/ml2_conf.ini

1:[DEFAULT]

113:[ml2]

122:type_drivers = flat,vlan

127:tenant_network_types =

131:mechanism_drivers = linuxbridge

136:extension_drivers = port_security

163:[ml2_type_flat]

172:flat_networks = internal

233:[securitygroup]

249:enable_ipset = true

11.6.3配置linuxbridge代理

# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

1:[DEFAULT]

113:[agent]

144:[linux_bridge]

155:physical_interface_mappings = internal:band0

161:[securitygroup]

168:firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

173:enable_security_group = true

180:[vxlan]

188:enable_vxlan = false

11.6.4配置DHCP代理

# vim /etc/neutron/dhcp_agent.ini

16 interface_driver = linuxbridge

32 dhcp_driver =  neutron.agent.linux.dhcp.Dnsmasq

41 enable_isolated_metadata = true

11.6.5配置元數據

# vim /etc/neutron/metadata_agent.ini

1:[DEFAULT]

22:nova_metadata_ip = 192.168.10.100

34:metadata_proxy_shared_secret = 20170912

185:[agent]

200:[cache]

11.6.6配置nova調用neutron

# vim  /etc/nova/nova.conf

6935 [neutron]

 6936 url = http://192.168.10.100:9696

 6937 auth_url = http://192.168.10.100:35357

 6938 auth_type = password

 6939 project_domain_name = default

 6940 user_domain_name = default

 6941 region_name = RegionOne

 6942 project_name = service

 6943 username = neutron

 6944 password = neutron

 6945 service_metadata_proxy = true

 6946 metadata_proxy_shared_secret = 20170912

11.6.7建立軟連接

# ln -sv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

11.6.8初始化數據庫

# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

11.6.9重啓nova API服務

# systemctl restart openstack-nova-api.service

# tail -n200 /var/log/nova/nova-api.log  -f

11.6.10配置haproxy代理

# 負載服務器

# vim /etc/haproxy/haproxy.cfg

listen nova-api

    bind 192.168.10.100:8775

    mode tcp

    log global

    balance source

    server nova-server1 192.168.10.201:8775 check inter 5000 rise 3 fall 3

# systemctl restart haproxy

11.7啓動neutron服務

# systemctl enable neutron-server.service   neutron-linuxbridge-agent.service neutron-dhcp-agent.service   neutron-metadata-agent.service

# systemctl start neutron-server.service   neutron-linuxbridge-agent.service neutron-dhcp-agent.service   neutron-metadata-agent.service

11.8驗證neutron日誌

# tail -f /var/log/neutron/*.log

11.9驗證neutron控制端日否註冊成功

#此步驟要求各服務器時間必須一致

# neutron agent-list

11.10neutron控制端重啓腳本

# vim neutron-restart.sh

#!/bin/bash

systemctl restart openstack-nova-api.service  neutron-server.service  neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

# chmod  a+x neutron-restart.sh