先放个链接,万一有人关注呢
优质文章推荐
↓ ↓ ↓ ↓ ↓
书接上回:OpenStack部署5.0——计算服务(Nova)
概述
环境部署
进入控制节点的数据库中
mysql -uroot -p123create database neutron;授权数据库
grant all privileges on neutron.* to 'neutron'@'localhost' identified by '123';grant all privileges on neutron.* to 'neutron'@'%' identified by '123';
退出数据库
获得admin凭证用于获取管理员权限
source admin-openrcpenstack user create --domain default --password-prompt neutron输出两次密码,创建成功。输出如下
User Password:Repeat User Password:+---------------------+----------------------------------+| Field | Value |+---------------------+----------------------------------+| domain_id | default || enabled | True || id | c02d02e643094a06b7f4d2480a64eaab || name | neutron || options | {} || password_expires_at | None |+---------------------+----------------------------------+
将网络服务neutron用户添加到具有admin角色的服务项目
openstack role add --project service --user neutron adminopenstack service create --name neutron --description "OpenStack Networking" network输出如下
+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | OpenStack Networking || enabled | True || id | 9127b90902b343efa417ee93ea2a709a || name | neutron || type | network |+-------------+----------------------------------+
openstack endpoint create --region RegionOne network public http://controller:9696输出如下
+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | 5a3d8feb4aad4dfd98424dc112bcc151 || interface | public || region | RegionOne || region_id | RegionOne || service_id | 9127b90902b343efa417ee93ea2a709a || service_name | neutron || service_type | network || url | http://controller:9696 |+--------------+----------------------------------+
openstack endpoint create --region RegionOne network internal http://controller:9696输出如下
+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | c585760abb754b799466ef36f6945c24 || interface | internal || region | RegionOne || region_id | RegionOne || service_id | 9127b90902b343efa417ee93ea2a709a || service_name | neutron || service_type | network || url | http://controller:9696 |+--------------+----------------------------------+
openstack endpoint create --region RegionOne network admin http://controller:9696输出如下
+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | ee40f2aab2d64194b53247d1751f8f9e || interface | admin || region | RegionOne || region_id | RegionOne || service_id | 9127b90902b343efa417ee93ea2a709a || service_name | neutron || service_type | network || url | http://controller:9696 |+--------------+----------------------------------+
在控制节点安装与配置网络
安装计算服务相关组件
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables vi /etc/neutron/neutron.conf[database]# ...connection = mysql+pymysql://neutron:123@controller/neutron
[DEFAULT]# ...core_plugin = ml2service_plugins =
[DEFAULT]# ...transport_url = rabbit://openstack:123@controller
[DEFAULT]# ...auth_strategy = keystone[keystone_authtoken]# ...www_authenticate_uri = http://controller:5000auth_url = http://controller:5000memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = neutronpassword = 123
[DEFAULT]# ...notify_nova_on_port_status_changes = truenotify_nova_on_port_data_changes = true[nova]# ...auth_url = http://controller:5000auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultregion_name = RegionOneproject_name = serviceusername = novapassword = 123
[oslo_concurrency]# ...lock_path = /var/lib/neutron/tmp
vi /etc/neutron/plugins/ml2/ml2_conf.ini[ml2]# ...type_drivers = flat,vlan
[ml2]# ...tenant_network_types =
[ml2]# ...mechanism_drivers = linuxbridge
[ml2]# ...extension_drivers = port_security
[ml2_type_flat]# ...flat_networks = provider
[securitygroup]# ...enable_ipset = true
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini[linux_bridge]physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
这里需要,将PROVIDER_INTERFACE_NAME替换为底层的公共物理网络接口的名称。
[vxlan]enable_vxlan = false
[securitygroup]# ...enable_security_group = truefirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
vi /etc/neutron/dhcp_agent.ini[DEFAULT]# ...interface_driver = linuxbridgedhcp_driver = neutron.agent.linux.dhcp.Dnsmasqenable_isolated_metadata = true
vi /etc/neutron/metadata_agent.ini[DEFAULT]# ...nova_metadata_host = controllermetadata_proxy_shared_secret = 123
vi /etc/nova/nova.conf[neutron]# ...auth_url = http://controller:5000auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultregion_name = RegionOneproject_name = serviceusername = neutronpassword = 123service_metadata_proxy = truemetadata_proxy_shared_secret = 123
网络服务初始化脚本需要一个超链接/etc/neutron/plugin.ini指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini。如果此符号链接不存在,那么就需要手动创建
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.inisu -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutronsystemctl restart openstack-nova-api.servicesystemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.servicesystemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
在计算节点安装与配置网络服务
yum install openstack-neutron-linuxbridge ebtables ipset -yvi /etc/neutron/neutron.conf[DEFAULT]# ...transport_url = rabbit://123@controller
[DEFAULT]# ...auth_strategy = keystone[keystone_authtoken]# ...www_authenticate_uri = http://controller:5000auth_url = http://controller:5000memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = neutronpassword = 123
[oslo_concurrency]# ...lock_path = /var/lib/neutron/tmp
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini[linux_bridge]physical_interface_mappings = provider:ens33
[vxlan]enable_vxlan = false
[securitygroup]# ...enable_security_group = truefirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
vi /etc/nova/nova.conf[neutron]# ...auth_url = http://controller:5000auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultregion_name = RegionOneproject_name = serviceusername = neutronpassword = 123
systemctl restart openstack-nova-compute.servicesystemctl enable neutron-linuxbridge-agent.servicesystemctl start neutron-linuxbridge-agent.service
验证操作
获取管理员权限
source admin-openrcopenstack extension list --network输出如下
+----------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+| Name | Alias | Description |+----------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+| Subnet Pool Prefix Operations | subnetpool-prefix-ops | Provides support for adjusting the prefix list of subnet pools || Default Subnetpools | default-subnetpools | Provides ability to mark and use a subnetpool as the default. || Network IP Availability | network-ip-availability | Provides IP availability data for each network and subnet. || Network Availability Zone | network_availability_zone | Availability zone support for network. || Subnet Onboard | subnet_onboard | Provides support for onboarding subnets into subnet pools || Network MTU (writable) | net-mtu-writable | Provides a writable MTU attribute for a network resource. || Port Binding | binding | Expose port bindings of a virtual port to external application || agent | agent | The agent management extension. || Subnet Allocation | subnet_allocation | Enables allocation of subnets from a subnet pool || DHCP Agent Scheduler | dhcp_agent_scheduler | Schedule networks among dhcp agents || Neutron external network | external-net | Adds external network attribute to network resource. || Empty String Filtering Extension | empty-string-filtering | Allow filtering by attributes with empty string value || Neutron Service Flavors | flavors | Flavor specification for Neutron advanced services. || Network MTU | net-mtu | Provides MTU attribute for a network resource. || Availability Zone | availability_zone | The availability zone extension. || Quota management support | quotas | Expose functions for quotas management per tenant || Tag support for resources with standard attribute: subnet, trunk, network_segment_range, router, network, policy, subnetpool, port, security_group, floatingip | standard-attr-tag | Enables to set tag on resources with standard attribute. || Availability Zone Filter Extension | availability_zone_filter | Add filter parameters to AvailabilityZone resource || If-Match constraints based on revision_number | revision-if-match | Extension indicating that If-Match based on revision_number is supported. || Filter parameters validation | filter-validation | Provides validation on filter parameters. || Multi Provider Network | multi-provider | Expose mapping of virtual networks to multiple physical networks || Quota details management support | quota_details | Expose functions for quotas usage statistics per project || Address scope | address-scope | Address scopes extension. || Agent's Resource View Synced to Placement | agent-resources-synced | Stores success/failure of last sync to Placement || Subnet service types | subnet-service-types | Provides ability to set the subnet service_types field || Neutron Port MAC address regenerate | port-mac-address-regenerate | Network port MAC address regenerate || Add security_group type to network RBAC | rbac-security-groups | Add security_group type to network RBAC || Provider Network | provider | Expose mapping of virtual networks to physical networks || Neutron Service Type Management | service-type | API for retrieving service providers for Neutron advanced services || Neutron Extra DHCP options | extra_dhcp_opt | Extra options configuration for DHCP. For example PXE boot options to DHCP clients can be specified (e.g. tftp-server, server-ip-address, bootfile-name) || Port filtering on security groups | port-security-groups-filtering | Provides security groups filtering when listing ports || Resource timestamps | standard-attr-timestamp | Adds created_at and updated_at fields to all Neutron resources that have Neutron standard attributes. || Resource revision numbers | standard-attr-revisions | This extension will display the revision number of neutron resources. || Pagination support | pagination | Extension that indicates that pagination is enabled. || Sorting support | sorting | Extension that indicates that sorting is enabled. || security-group | security-group | The security groups extension. || RBAC Policies | rbac-policies | Allows creation and modification of policies that control tenant access to resources. || standard-attr-description | standard-attr-description | Extension to add descriptions to standard attributes || IP address substring filtering | ip-substring-filtering | Provides IP address substring filtering when listing ports || Port Security | port-security | Provides port security || Allowed Address Pairs | allowed-address-pairs | Provides allowed address pairs || project_id field enabled | project-id | Extension that indicates that project_id field is enabled. || Port Bindings Extended | binding-extended | Expose port bindings of a virtual port to external application |+----------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
openstack network agent list输出如下
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+| 04d08376-8e40-49b1-90a6-3db9949050df | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent || 3fabf2f2-869d-489c-b5cd-52a9bb2457a0 | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent || 4608ae34-7d72-4365-8db5-e4895b8386d6 | Linux bridge agent | compute | None | :-) | UP | neutron-linuxbridge-agent || 6ed003a1-d711-46c5-94f0-77acef42c0d6 | Linux bridge agent | controller | None | :-) | UP | neutron-linuxbridge-agent |+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
来不及解释了,快上车!(进群看公告)
欢迎新的小伙伴加入!在这里,我们鼓励大家积极参与群内讨论和交流,分享自己的见解和经验,一起学习和成长。同时,也欢迎大家提出问题和建议,让我们不断改进和完善这个平台。
↓↓↓ 点个在看,你最好看!