neutron網絡服務部署

控制節點執行
#第一步 登錄數據庫
mysql -u root -p
#導入neutron這個庫
CREATE DATABASE neutron;
#建立neutron這個用戶和密碼，並容許本地登錄和第三方登錄
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
#退出
exit
#宣告環境變量
. admin-openrc
#第二步 建立neutron這個用戶
openstack user create --domain default --password=neutron neutron
#把neutron這個用設置爲管理員
openstack role add --project service --user neutron admin
#建立一個neutron網絡服務
openstack service create --name neutron \
  --description "OpenStack Networking" network
#添加neutron服務的端點
openstack endpoint create --region RegionOne \
  network public http://controller:9696
openstack endpoint create --region RegionOne \
  network internal http://controller:9696
openstack endpoint create --region RegionOne \
  network admin http://controller:9696
#點擊第二個連接
•    Networking Option 2: Self-service networks
#第三步 下載neutron主服務，neutron-ml2插件
yum install openstack-neutron -y 
yum install openstack-neutron-ml2 -y
yum install ebtables –y
yum install openvswitch –y
yum install openstack-neutron-openvswitch -y
#編輯neutron主配置文件 
cd /etc/neutron
cp neutron.conf neutron.conf.bak
vim neutron.conf
#清空配置，粘貼以下內容
[DEFAULT]
state_path = /var/lib/neutron #擴展庫目錄
auth_strategy = keystone
core_plugin = ml2  #核心插件
service_plugins = router #服務查看，安裝三層虛擬路由器
dhcp_agent_notification = true 
allow_overlapping_ips = True #容許隧道類型的網絡
notify_nova_on_port_status_changes = true #關於網絡、端口的狀態數據均可以更改
notify_nova_on_port_data_changes = true
transport_url = rabbit://openstack:admin@controller
 
[agent]
 
[cors]
 
[cors.subdomain]
 
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
 
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
 
[matchmaker_redis]
 
[nova]
region_name = RegionOne
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
project_name = service
user_domain_name = default
username = nova
password = nova
 
[oslo_concurrency]
lock_path = $state_path/lock
 
[oslo_messaging_amqp]
 
[oslo_messaging_kafka]
 
[oslo_messaging_notifications]
 
[oslo_messaging_rabbit]
 
[oslo_messaging_zmq]
 
[oslo_middleware]
 
[oslo_policy]
 
[qos]
 
[quotas]
 
[ssl]
#修改ml2核心插件配置文件
cp ml2_conf.ini ml2_conf.ini.bak
vim ml2_conf.ini 
#清空全部內容，粘貼以下內容
[DEFAULT]
 
[ml2]
type_drivers = flat,vxlan #類型驅動
tenant_network_types = vxlan #租戶網用的類型
mechanism_drivers = openvswitch,l2population #機制驅動是openvswitch
extension_drivers = port_security #外部網絡驅動
 
[ml2_type_flat]
 
[ml2_type_geneve]
 
[ml2_type_gre]
 
[ml2_type_vlan]
 
[ml2_type_vxlan]
vni_ranges = 1:1000 #vxlan它的網絡id
 
[securitygroup]
enable_ipset = true #是否開啓安全組，安全組起到了防火牆的做用
#仍是在此目錄編輯
cp openvswitch_agent.ini openvswitch_agent.ini.bak
#清空裏面內容，粘貼以下內容
[DEFAULT]
 
[agent]
tunnel_types = vxlan
l2_population = True
 
[ovs]
tunnel_bridge = br-tun #隧道網橋
local_ip = #控制節點第二塊網卡IP
bridge_mappings =
 
[securitygroup]
firewall_driver = iptables_hybrid #驅動
enable_security_group = true
 
[xenapi]
#編輯layer-3配置文件，他給咱們提供路由功能
cd /etc/neutron/
cp l3_agent.ini l3_agent.ini.bak
vim l3_agent.ini 
#清空全部配置，粘貼以下內容
[DEFAULT]
interface_driver = openvswitch #這個網口驅動提供
external_network_bridge = br-ex #外部網橋
 
[agent]
 
[ovs]
#編輯dhcp_agent配置文件，由於虛擬機要獲取IP
cp dhcp_agent.ini dhcp_agent.ini.bak
vim dhcp_agent.ini
#清空原有配置，粘貼以下內容
[DEFAULT]
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
 
[agent]
 
[ovs]
#配置metadata_agent配置文件
cd /etc/neutron/
cp metadata_agent.ini metadata_agent.ini.bak
vim metadata_agent.ini
#清空配置內容，粘貼以下內容
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET #這裏的密碼能夠改，但要與/etc/nova/nova.conf裏的[neutron]配置段的metadata_proxy_shared_secret一致
 
[agent]
 
[cache]
#解開neutron註釋
vim /etc/nova/nova.conf
#把[neutron]配置段註釋都刪掉
#第四步 建立軟鏈接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
#第五步 同步neutron數據庫
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
#重啓nova-api
systemctl restart openstack-nova-api.service
#開啓插件和設爲開機自啓
systemctl start neutron-server.service 
systemctl start neutron-dhcp-agent.service
systemctl start neutron-openvswitch-agent
systemctl start neutron-metadata-agent.service
systemctl start openvswitch 
systemctl enable neutron-server.service 
systemctl enable neutron-dhcp-agent.service
systemctl enable neutron-openvswitch-agent
systemctl enable neutron-metadata-agent.service
systemctl enable openvswitch
#查看 neutron agent-list
openstack network agent list
#建立網橋,並把此網橋綁定到第二塊網卡上
ovs-vsctl add-br br-ex
#查看 ovs-vsctl show
ovs-vsctl add-port br-ex eth2
#開啓路由功能和設置開機自啓
systemctl start neutron-l3-agent.service
systemctl enable neutron-l3-agent.service
#查看 openstack network agent list
#刷出來四項，都是up部署成功
計算節點配置
yum install ipset -y 
yum install ebtables –y
yum install openvswitch –y
yum install openstack-neutron-openvswitch -y
#編輯netron.conf配置文件
cd /etc/neutron
cp neutron.conf neutron.conf.bak
vim neutron.conf
#清空配置，粘貼以下內容
[DEFAULT]
#state_path = /var/lib/neutron
auth_strategy = keystone
#core_plugin = ml2  #核心插件
#service_plugins = router #安裝三層虛擬路由器
#dhcp_agent_notification = true 
#allow_overlapping_ips = True #容許隧道類型的網絡
#notify_nova_on_port_status_changes = true #關於網絡、端口的狀態數據均可以更改
#notify_nova_on_port_data_changes = true
transport_url = rabbit://openstack:admin@controller
 
[agent]
 
[cors]
 
[cors.subdomain]
 
[database]
#connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
 
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
 
[matchmaker_redis]
 
[nova]
region_name = RegionOne
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
project_name = service
user_domain_name = default
username = nova
password = nova
 
[oslo_concurrency]
lock_path = $state_path/lock
 
[oslo_messaging_amqp]
 
[oslo_messaging_kafka]
 
[oslo_messaging_notifications]
 
[oslo_messaging_rabbit]
 
[oslo_messaging_zmq]
 
[oslo_middleware]
 
[oslo_policy]
 
[qos]
 
[quotas]
 
[ssl]
#編輯openvswitch_agent配置文件
cd /etc/neutron/plugins/ml2/
cp openvswitch_agent.ini openvswitch_agent.ini.bak
vim openvswitch_agent.ini
#清空配置內容，粘貼以下內容
[DEFAULT]
 
[agent]
tunnel_types = vxlan
l2_population = True
 
[ovs]
tunnel_bridge = br-tun 
local_ip = #計算節點第二塊網卡IP
bridge_mappings =
 
[securitygroup]
firewall_driver = iptables_hybrid #驅動
enable_security_group = true
 
[xenapi]
#編輯nova配置文件
vim  /etc/nova.conf
#在[neutron]段添加以下內容
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
#service_metadata_proxy = true
#metadata_proxy_shared_secret = METADATA_SECRET
#重啓計算服務
systemctl restart openstack-nova-compute.service
#啓動服務和設爲開機自啓
systemctl start neutron-openvswitch-agent
systemctl start openvswitch
systemctl enable neutron-openvswitch-agent
systemctl enable openvswitch