配置Networking服务

在数据库服务器上创建

要创建数据库，请完成以下步骤

mysql -u root -p

MariaDB [(none)] CREATE DATABASE neutron;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY '123'; 

在控制端上

1. 创建neutron用户

openstack user create --domain default --password-prompt neutron

2. 将admin角色添加到neutron用户

openstack role add --project service --user neutron admin

3. 创建neutron服务实体

openstack service create --name neutron  --description "OpenStack Networking" network

4. 创建网络服务API端点

openstack endpoint create --region RegionOne network public http://controller:9696

openstack endpoint create --region RegionOne  network internal http://controller:9696

openstack endpoint create --region RegionOne  network admin http://controller:9696 

配置网络选项

5. 安装组件

yum install openstack-neutron openstack-neutron-ml2  openstack-neutron-linuxbridge ebtables

配置服务器组件

6. 编辑/etc/neutron/neutron.conf文件

sed -i.bak -e '/^#/d' -e '/^$/d' /etc/neutron/neutron.conf

[DEFAULT]core_plugin = ml2service_plugins =transport_url = rabbit://openstack:123@openvip.comauth_strategy = keystonenotify_nova_on_port_status_changes = truenotify_nova_on_port_data_changes = true

[cors]

[database]connection = mysql+pymysql://neutron:123@openvip.com/neutron

[keystone_authtoken]www_authenticate_uri = http://controller:5000auth_url = http://controller:5000memcached_servers = openvip.com:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = neutronpassword = 123

[oslo_concurrency]lock_path = /var/lib/neutron/tmp

[oslo_messaging_amqp]

[oslo_messaging_kafka]

[oslo_messaging_notifications]

[oslo_messaging_rabbit]

[oslo_middleware]

[oslo_policy]

[privsep]

[ssl]

[nova]auth_url = http://controller:5000auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultregion_name = RegionOneproject_name = serviceusername = novapassword = 123 

[nova]这个选项没有，要手动加，在结尾加

配置模块化第2层（ML2）插件

7. 编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件

sed -i.bak -e '/^#/d' -e '/^$/d' /etc/neutron/plugins/ml2/ml2_conf.ini

[DEFAULT]

[ml2]type_drivers = flat,vlantenant_network_types =mechanism_drivers = linuxbridgeextension_drivers = port_security[ml2_type_flat]flat_networks = provider

[securitygroup]enable_ipset = true

配置Linux桥代理

8. 编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件

sed -i.bak -e '/^#/d' -e '/^$/d' /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[DEFAULT]

[linux_bridge]physical_interface_mappings = provider:eth0

[vxlan]enable_vxlan = false

[securitygroup]enable_security_group = truefirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver 

9. 设置/etc/sysctl.conf文件

net.bridge.bridge-nf-call-iptables = 1

net.bridge.bridge-nf-call-ip6tables = 1

生效

sysctl -p

这里会报错，不管

sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory

sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory 

配置DHCP代理

10. 编辑/etc/neutron/dhcp_agent.ini文件

[DEFAULT]interface_driver = linuxbridgedhcp_driver = neutron.agent.linux.dhcp.Dnsmasqenable_isolated_metadata = true

配置元数据代理

11. 编辑/etc/neutron/metadata_agent.ini文件

[DEFAULT]nova_metadata_host = controllermetadata_proxy_shared_secret = 123

nova_metadata_host写控制端ip

metadata_proxy_shared_secret为元数据代理的密码

配置Compute服务以使用Networking服务

12. 编辑/etc/nova/nova.conf文件

[neutron]url = http://controller:9696auth_url = http://controller:5000auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultregion_name = RegionOneproject_name = serviceusername = neutronpassword = 123service_metadata_proxy = truemetadata_proxy_shared_secret = 123

metadata_proxy_shared_secret 这是我们第11条里配置的密码

13. 网络服务初始化脚本需要一个/etc/neutron/plugin.ini指向ML2插件配置文件的符号链接/etc/neutron/plugins/ml2/ml2_conf.ini。

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

14. 填充数据库：

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron 

15. 重新启动Compute API服务：

systemctl restart openstack-nova-api.service

16. 启动网络服务并将其配置为在系统引导时启动

systemctl enable neutron-server.service \ neutron-linuxbridge-agent.service \ neutron-dhcp-agent.service \ neutron-metadata-agent.service

systemctl restart neutron-server.service \ neutron-linuxbridge-agent.service \ neutron-dhcp-agent.service \ neutron-metadata-agent.service 

注：如果选择了Self-service networks，就需要启动第3层服务，我们选择的是Provider networks所以不需要

systemctl enable neutron-l3-agent.service

systemctl start neutron-l3-agent.service

资料来自：https://thson.blog.csdn.net/article/details/100055035