雲計算OpenStack學習筆記七：網絡組件（Neutron）部署

1.組件詳解

做用：經過插件的方式給OpenStack提供網絡

常見組件：

neutron-server：接收API請求並轉交給適當的網絡插件來執行操做

neutron database：存儲網絡相關參數信息的neutron數據庫

neutron-dhcp-agent：向全部Project網絡提供動態主機配置協議（DHCP）服務

neutron-l3-agent：執行L3/網絡地址轉換（NAT）轉發，以支持網絡訪問租戶網絡上的VM

neutron-l2-agent：二層網絡插件

neutron-3rd party plugin:第三方網絡插件

流程詳解：

請求： nova-compute -> neutron-server -> neutron database(admin)

配置： neutron-server -> queue -> neutron-plugins -> queue -> compute plugin -> vm實例建立網絡

2.控制節點部署

• 數據庫配置

$ mysql -u root -p
MariaDB [(none)] CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost'  IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%'  IDENTIFIED BY 'neutron';
複製代碼

• 軟件安裝

# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
複製代碼

• 配置文件

vim /etc/neutron/neutron.conf 
[database]
# ...
connection = mysql+pymysql://neutron:neutron@controller/neutron
[DEFAULT]
# 配置二層網絡模塊 Modular Layer2（ML2）核心插件和服務插件
core_plugin = ml2
service_plugins =
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@controller
[DEFAULT]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[DEFAULT]
# 配置nova的通知配置
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[nova]
# 配置nova服務的keystone配置信息
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
# 鎖文件路徑
lock_path = /var/lib/neutron/tmp
複製代碼

vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
# 開啓插件驅動
type_drivers = flat,vlan
[ml2]
# 配置項目的網絡類型
tenant_network_types =
[ml2]
# 設置物理網卡的驅動爲linuxbridge
mechanism_drivers = linuxbridge
[ml2]
# 擴展驅動打開端口安全
extension_drivers = port_security
[ml2_type_flat]
# 設置扁平網絡類型爲提供者網絡
flat_networks = provider
[securitygroup]
# 開啓ipset功能
enable_ipset = true
複製代碼

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth0
# 此處的provider應與ml2_conf.ini文件中flat_networks配置項後面的內容一致
# 同處於provider網絡的主機，都使用本機的eth0來進行通訊
[vxlan]
# 關閉vxlan功能
enable_vxlan = false
[securitygroup]
# 在安全組中，設置防火牆驅動
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
複製代碼

vim  /etc/neutron/dhcp_agent.ini
[DEFAULT]
# 設置驅動接口
interface_driver = linuxbridge
# 設置dhcp驅動
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
# 開啓元數據功能
enable_isolated_metadata = true
複製代碼

vim /etc/neutron/metadata_agent.ini 
[DEFAULT]
# 配置nova元數據存儲主機地址
nova_metadata_host = controller
# 配置元數據共享祕鑰
metadata_proxy_shared_secret = openstack
複製代碼

vim /etc/nova/nova.conf
[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = openstack
# 此處的openstack和metadata_agent.ini配置文件metadata_proxy_shared_secret項的屬性值一致
複製代碼

• 數據同步

ml2初始化配置

# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

neutron數據庫同步

# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

• 認證配置

source admin-openstack.sh
openstack user create --domain default --password neutron neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne  network public http://controller:9696
openstack endpoint create --region RegionOne  network internal http://controller:9696
openstack endpoint create --region RegionOne  network admin http://controller:9696
複製代碼

• 驗證效果

# 重啓計算節點服務
systemctl restart openstack-nova-api.service
# 設置網絡服務自啓
systemctl enable neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
systemctl start neutron-server.service  neutron-linuxbridge-agent.service neutron-dhcp-agent.service  neutron-metadata-agent.service
# 驗證network狀態
openstack network agent list
複製代碼

3.計算節點部署

• 軟件安裝

# conntrack-tools官方沒有說明
# yum install openstack-neutron-linuxbridge ebtables ipset conntrack-tools
複製代碼

• 配置文件

vim /etc/neutron/neutron.conf
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@controller
[DEFAULT]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
複製代碼

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini 
[linux_bridge]
physical_interface_mappings = provider:eth0
[vxlan]
enable_vxlan = false
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
複製代碼

vim /etc/nova/nova.conf
[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
複製代碼

重啓服務

# systemctl restart openstack-nova-compute.service
# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service
# 重啓libvirt服務
systemctl restart libvirtd.service
複製代碼

• 驗證效果

回到controller查看全部的網絡客戶端

openstack network agent list

查看全部的計算節點服務

openstack compute service list