Openstack rocky 部署四： neutron 部署與驗證（控制節點）

Openstack 雲計算（二）： Openstack Rocky部署四 neutron 部署與驗證 (控制節點)

標籤（空格分隔）： openstack系列

---

• 一：Neutron概述
• 二：Neutron部署

---

一：Neutron概述

OpenStack Networking（neutron），容許建立、插入接口設備，這些設備由其餘的OpenStack服務管理。插件式的實現能夠容納不一樣的網絡設備和軟件，爲OpenStack架構與部署提供了靈活性。

它包含下列組件：
neutron-server
接收和路由API請求到合適的OpenStack網絡插件，以達到預想的目的。

OpenStack網絡插件和代理
插拔端口，建立網絡和子網，以及提供IP地址，這些插件和代理依賴於供應商和技術而不一樣，OpenStack網絡基於插件和代理爲Cisco 虛擬和物理交換機、NEC OpenFlow產品，Open vSwitch,Linux bridging以及VMware NSX 產品穿線搭橋。

常見的代理L3(3層)，DHCP(動態主機IP地址)，以及插件代理。

消息隊列
大多數的OpenStack Networking安裝都會用到，用於在neutron-server和各類各樣的代理進程間路由信息。也爲某些特定的插件扮演數據庫的角色，以存儲網絡狀態

OpenStack網絡主要和OpenStack計算交互，以提供網絡鏈接到它的實例。

二：Neutron部署

2.1 neutron 數據庫配置

mysql -uroot -pflyfish225

CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';

flush privileges;

2.2 在keystone上建立neutron用戶

cd /openstack
source keystone-admin-pass.sh
openstack user create --domain default --password=neutron neutron
openstack user list

2.3 將neutron添加到service項目並授予admin角色

openstack role add --project service --user neutron admin

建立neutron服務實體
openstack service create --name neutron --description "OpenStack Networking" network
openstack service list

2.4 建立neutron網絡服務的API端點（endpoint）

openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
openstack endpoint list

2.5 在控制節點安裝neutron網絡組件

# 關於neutron的網絡提供了兩種方式：

https://docs.openstack.org/neutron/rocky/install/controller-install-option1-rdo.html

如下爲第一種Networking Option 1: Provider networks

安裝neutron軟件包

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

配置/etc/neutron/neutron.conf

openstack-config --set  /etc/neutron/neutron.conf database connection  mysql+pymysql://neutron:neutron@controller/neutron 
openstack-config --set  /etc/neutron/neutron.conf DEFAULT core_plugin  ml2  
openstack-config --set  /etc/neutron/neutron.conf DEFAULT service_plugins 
openstack-config --set  /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:openstack@controller
openstack-config --set  /etc/neutron/neutron.conf DEFAULT auth_strategy  keystone  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri  http://controller:5000
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_url  http://controller:5000
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken memcached_servers  controller:11211
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_type  password  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken project_domain_name default  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken user_domain_name  default  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken project_name  service  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken username  neutron  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken password  neutron  
openstack-config --set  /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes  True  
openstack-config --set  /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes  True  
openstack-config --set  /etc/neutron/neutron.conf nova auth_url  http://controller:5000
openstack-config --set  /etc/neutron/neutron.conf nova auth_type  password 
openstack-config --set  /etc/neutron/neutron.conf nova project_domain_name  default  
openstack-config --set  /etc/neutron/neutron.conf nova user_domain_name  default  
openstack-config --set  /etc/neutron/neutron.conf nova region_name  RegionOne  
openstack-config --set  /etc/neutron/neutron.conf nova project_name  service  
openstack-config --set  /etc/neutron/neutron.conf nova username  nova  
openstack-config --set  /etc/neutron/neutron.conf nova password  nova  
openstack-config --set  /etc/neutron/neutron.conf oslo_concurrency lock_path  /var/lib/neutron/tmp

egrep -v '(^$|^#)' /etc/neutron/neutron.conf 

----
[DEFAULT]
core_plugin = ml2
service_plugins = 
transport_url = rabbit://openstack:openstack@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[agent]
[cors]
[database]
connection = mysql+pymysql://neutron:neutron@controller/neutron
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[matchmaker_redis]
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[quotas]
[ssl]
----

---

快速配置/etc/neutron/plugins/ml2/ml2_conf.ini
---
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers  flat,vlan
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types 
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers  linuxbridge
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers  port_security
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks  provider 
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset  True 
---

egrep -v '(^$|^#)' /etc/neutron/plugins/ml2/ml2_conf.ini

[DEFAULT]
[l2pop]
[ml2]
type_drivers = flat,vlan
tenant_network_types = 
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_geneve]
[ml2_type_gre]
[ml2_type_vlan]
[ml2_type_vxlan]
[securitygroup]
enable_ipset = True

---

快速配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini

openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings  provider:eno16777736
openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan  enable_vxlan  False
openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup  enable_security_group  True 
openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup  firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

查看生效的配置

egrep -v '(^$|^#)' /etc/neutron/plugins/ml2/linuxbridge_agent.ini

---
[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = provider:eno16777736
[network_log]
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = False
---

---

如下參數在啓動neutron-linuxbridge-agent.service的時候會自動設置爲1

vim /etc/sysctl.conf
---
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
---

modprobe br_netfilter
lsmod |grep br_netfilter
sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables

快速配置/etc/neutron/dhcp_agent.ini
openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  interface_driver  linuxbridge
openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  dhcp_driver  neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  enable_isolated_metadata  True

egrep -v '(^$|^#)' /etc/neutron/dhcp_agent.ini

快速配置/etc/neutron/metadata_agent.ini

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host controller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret neutron

egrep -v '(^$|^#)' /etc/neutron/metadata_agent.ini

---
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = neutron
[agent]
[cache]
---

metadata_proxy_shared_secret選項是元數據代理，須要設置一個合適的密碼這裏設置爲neutron

---

配置計算服務使用網絡服務

快速配置/etc/nova/nova.conf，將neutron添加到計算節點中

openstack-config --set  /etc/nova/nova.conf  neutron url http://controller:9696
openstack-config --set  /etc/nova/nova.conf  neutron auth_url http://controller:5000
openstack-config --set  /etc/nova/nova.conf  neutron auth_type password
openstack-config --set  /etc/nova/nova.conf  neutron project_domain_name default
openstack-config --set  /etc/nova/nova.conf  neutron user_domain_name default
openstack-config --set  /etc/nova/nova.conf  neutron region_name RegionOne
openstack-config --set  /etc/nova/nova.conf  neutron project_name service
openstack-config --set  /etc/nova/nova.conf  neutron username neutron
openstack-config --set  /etc/nova/nova.conf  neutron password neutron
openstack-config --set  /etc/nova/nova.conf  neutron service_metadata_proxy true
openstack-config --set  /etc/nova/nova.conf  neutron metadata_proxy_shared_secret neutron

egrep -v '(^$|^#)' /etc/nova/nova.conf

初始化安裝網絡插件

# 建立網絡插件的連接，初始化網絡的腳本插件會用到/etc/neutron/plugin.ini，須要使用ML2的插件進行提供

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

同步數據庫
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

重啓nova_api服務
systemctl restart openstack-nova-api.service

2.6 啓動neutron服務並設置開機啓動

# 須要啓動4個服務

systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl list-unit-files |grep neutron* |grep enabled

---

至此，控制端的neutron網絡服務就安裝完成，以後須要在計算節點安裝網絡服務組件，使計算節點能夠鏈接到openstack集羣