OpenStack stein安裝（八）network option1

安裝和配置網絡組件在controller節點上

1. 安裝包

   # yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

2. 配置服務器組件

網絡服務組件配置包括數據，驗證機制，消息隊列，拓撲改變通知和插件.
Edit the /etc/neutron/neutron.conf file and complete the following actions:
○ In the [database] section, configure database access:
    [database]
    # ...
    connection = mysql+pymysql://neutron:neutron123@dbs.flex.net/neutron
    注意：註釋或移除其它鏈接選項在[database]區域中

○ In the [DEFAULT] section, enable the Modular Layer 2 (ML2) plug-in and disable additional plug-ins:
    [DEFAULT]
    # ...
    core_plugin = ml2
    service_plugins =

○ In the [DEFAULT] section, configure RabbitMQ message queue access:
    [DEFAULT]
    # ...
    transport_url = rabbit://openstack:openstack123@dbs.flex.net

○ In the [DEFAULT] and [keystone_authtoken] sections, configure Identity service access:
    [DEFAULT]
    # ...
    auth_strategy = keystone

    [keystone_authtoken]
    # ...
    www_authenticate_uri = http://stack.flex.net:5000
    auth_url = http://stack.flex.net:5000
    memcached_servers = dbs.flex.net:11211
    auth_type = password
    project_domain_name = default
    user_domain_name = default
    project_name = service
    username = neutron
    password = neutron123
    注意：註釋或移除其它鏈接選項在[keystone_authtoken]區域中

○ In the [DEFAULT] and [nova] sections, configure Networking to notify Compute of network topology changes:
    [DEFAULT]
    # ...
    notify_nova_on_port_status_changes = true
    notify_nova_on_port_data_changes = true

    [nova]
    auth_url = http://stack.flex.net:5000
    auth_type = password
    project_domain_name = default
    user_domain_name = default
    region_name = RegionOne
    project_name = service
    username = nova
    password = nova123

○ In the [oslo_concurrency] section, configure the lock path:
    [oslo_concurrency]
    # ...
    lock_path = /var/lib/neutron/tmp

3. 配置模塊Layer 2 (ML2)插件

實列中使用ML2插件，ML2使用Linux bridge機制創建layer-2(橋接和交換)虛擬網絡架構。
    Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file and complete the following actions:
○ In the [ml2] section, enable flat and VLAN networks:
    [ml2]
    # ...
    type_drivers = flat,vlan

○ In the [ml2] section, disable self-service networks:
    [ml2]
    # ...
    tenant_network_types =

○ In the [ml2] section, enable the Linux bridge mechanism:
    [ml2]
    # ...
    mechanism_drivers = linuxbridge
    警告：配置ML2插件後, 從type_drivers移除這個選項會致使數據庫不一致.

○ In the [ml2] section, enable the port security extension driver:
    [ml2]
    # ...
    extension_drivers = port_security

○ In the [ml2_type_flat] section, configure the provider virtual network as a flat network:
    [ml2_type_flat]
    # ...
    flat_networks = provider

○ In the [securitygroup] section, enable ipset to increase efficiency of security group rules:
    [securitygroup]
    # ...
    enable_ipset = true

4. Configure the Linux bridge agent

The Linux bridge agent builds layer-2 (bridging and switching) virtual networking infrastructure for instances and handles security groups.
    Edit the /etc/neutron/plugins/ml2/linuxbridge_agent.ini file and complete the following actions:
○ In the [linux_bridge] section, map the provider virtual network to the provider physical network interface:
    [linux_bridge]
    physical_interface_mappings = provider:eht1
    使用eth1物理網絡接口作爲租戶的網絡鏈接.

○ In the [vxlan] section, disable VXLAN overlay networks:
    [vxlan]
    enable_vxlan = false
○ In the [securitygroup] section, enable security groups and configure the Linux bridge iptables firewall driver:
    [securitygroup]
    # ...
    enable_security_group = true
    firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

○ Ensure your Linux operating system kernel supports network bridge filters by verifying all the following sysctl values are set to 1:
    net.bridge.bridge-nf-call-iptables
    net.bridge.bridge-nf-call-ip6tables

    #  modprobe br_netfilter
    #  vi /etc/sysctl.conf
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1 
    # sysctl -p
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1

    爲了網絡支持橋接, 一般的須要加載br_netfilter內核模塊. 但這裏能夠忽略錯誤，當你重啓neutron時會自動加載.

5. Configure the DHCP agent

   The DHCP agent provides DHCP services for virtual networks.
   Edit the /etc/neutron/dhcp_agent.ini file and complete the following actions:
   ○ In the [DEFAULT] section, configure the Linux bridge interface driver, Dnsmasq DHCP driver, and enable isolated metadata so instances on provider networks can access metadata over the network:
   [DEFAULT]
   # ...
   interface_driver = linuxbridge
   dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
   enable_isolated_metadata = true
   
   完成後返回網絡配置或繼續網絡選項2.