第十三章 neutron組件安裝2

前提：如下配置neutron配置文件基於linuxbridge來實現vlan模式的多用戶場景。

一、在控制節點行安裝neutron組件

apt -y install neutron-server neutron-metadata-agent neutron-plugin-ml2 python3-neutronclient # 配置文件 mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.org # 備份官方 vi /etc/neutron/neutron.conf # 修改以下 # create new [DEFAULT] debug = True # 打開調試功能 core_plugin = ml2 service_plugins = router auth_strategy = keystone state_path = /var/lib/neutron dhcp_agent_notification = True allow_overlapping_ips = True notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True # RabbitMQ connection info transport_url = rabbit://openstack:password@192.168.222.29
 [agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf # Keystone auth info [keystone_authtoken] www_authenticate_uri = http://192.168.222.29:5000
auth_url = http://192.168.222.29:5000
memcached_servers = 192.168.222.29:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = servicepassword # MariaDB connection info [database] connection = mysql+pymysql://neutron:password@192.168.222.29/neutron_ml2
 # Nova auth info [nova] auth_url = http://192.168.222.29:5000
auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = servicepassword [oslo_concurrency] lock_path = $state_path/tmp # network quotas [quotas] quota_network = 100 quota_subnet = 100 quota_router = 100 quota_floatingip = 100 quota_security_group = 100 # 修改文件權限 chmod 640 /etc/neutron/neutron.conf chgrp neutron /etc/neutron/neutron.conf # 配置文件 vi /etc/neutron/metadata_agent.ini # 修改以下 nova_metadata_host = 192.168.222.29             # line 22 metadata_proxy_shared_secret = metadata_secret  # line 34 # 配置文件 vi /etc/neutron/plugins/ml2/ml2_conf.ini # 修改以下 [ml2] type_drivers = flat,vlan,vxlan                # line 167 tenant_network_types = vlan # 採用vlan模式 mechanism_drivers = linuxbridge # 暫不採用ovs，後面會進行 extension_drivers = port_security [ml2_type_flat] flat_networks = external                     # line 219 [ml2_type_vlan] network_vlan_ranges = default:3001:4000     # line 260

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini su -s /bin/bash neutron -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head" # 最後顯示「OK」 systemctl restart neutron-server neutron-metadata-agent nova-api systemctl enable neutron-server neutron-metadata-agent                 # 服務開機自啓動

二、在網絡節點上安裝neutron組件

# 開啓網絡節點的路由功能和物理接口混雜模式，使得計算節點能經過它上網 # 配置文件 vi /etc/sysctl.conf # 修改以下 net.ipv4.ip_forward=1 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 # 生效操做 sysctl -p # 爲了讓一個沒有配置IP地址的接口UP起來，須要作些一些特殊設置 # 配置文件 vi /etc/systemd/network/enp1s0f2.network # 新建 # 修改以下 [Match] Name=enp1s0f2 # 這裏的enp1s0f2爲實際規劃的，並進行instance 通訊的物理網卡名稱 [Network] LinkLocalAddressing=no IPv6AcceptRA=no # 配置文件 vi /etc/systemd/network/enp1s0f3.network # 新建 # 修改以下 [Match] Name=enp1s0f3 # 這裏的enp1s0f3爲鏈接外網的物理網卡名稱，不配置IP [Network] LinkLocalAddressing=no IPv6AcceptRA=no systemctl restart systemd-networkd          # 重啓networkd服務

apt -y install neutron-plugin-ml2 neutron-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent python3-neutronclient # 配置文件 mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.org # 備份官方 vi /etc/neutron/neutron.conf # 修改以下 # create new [DEFAULT] debug = True # 打開調試功能 core_plugin = ml2 service_plugins = router auth_strategy = keystone state_path = /var/lib/neutron allow_overlapping_ips = True # RabbitMQ connection info transport_url = rabbit://openstack:password@192.168.222.29
 [agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf # Keystone auth info [keystone_authtoken] www_authenticate_uri = http://192.168.222.29:5000
auth_url = http://192.168.222.29:5000
memcached_servers = 192.168.222.29:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = servicepassword [oslo_concurrency] lock_path = $state_path/lock # network quotas [quotas] quota_network = 100 quota_subnet = 100 quota_router = 100 quota_floatingip = 100 quota_security_group = 100 # 修改文件權限 chmod 640 /etc/neutron/neutron.conf chgrp neutron /etc/neutron/neutron.conf # 配置文件 vi /etc/neutron/l3_agent.ini # 修改以下 interface_driver = linuxbridge                   # line 17 use_namespaces = True # 配置文件 vi /etc/neutron/dhcp_agent.ini # 修改以下 interface_driver = linuxbridge                   # line 17 dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq   # line 39 use_namespaces = True enable_isolated_metadata = true                 # line 49 # 配置文件 vi /etc/neutron/metadata_agent.ini # 修改以下 nova_metadata_host = 192.168.222.29            # line 22 metadata_proxy_shared_secret = metadata_secret # line 34 # 配置文件 vi /etc/neutron/plugins/ml2/ml2_conf.ini # 修改以下 [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vlan # vlan模式 mechanism_drivers = linuxbridge extension_drivers = port_security [ml2_type_flat] flat_networks = external # 路由器鏈接外部的網絡的接口，名字隨便起 [ml2_type_vlan] network_vlan_ranges = default:3001:4000     # 能夠分配的vlan id範圍，須要在底層與服務鏈接的物理交換機上配置trunk模式，並放行30001到4000的vlan id # 配置文件 vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini # 修改以下 [linux_bridge] physical_interface_mappings = default:enp1s0f2,external:enp1s0f3 # 就是把上面一個文件中標識，如external、default，在這個文件中與物理接口進行關聯。 [securitygroup] enable_security_group = True         # line 217 firewall_driver = iptables enable_ipset = True [vxlan] enable_vxlan = False                # line 238 local_ip = 192.168.222.26           # line 271

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini for service in l3-agent dhcp-agent metadata-agent linuxbridge-agent; do systemctl restart neutron-$service systemctl enable neutron-$service # 促使服務開機自動啓動 done