- 说明
本文用来替换CentOS7 desktop openstack queens 环境搭建中
neutron(控制节点)和neutron(计算节点)
这种部署方式无法把provider网络的端口添加到虚拟机上
- 先决条件
网络节点
三张网卡:管理网络、provider、overlay(应该是给vxlan用的)计算节点
添加一张overlay的网卡
- neutron(控制节点)
- 创建数据库
mysql -uroot -p123456
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'controller' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';- 创建neutron用户
. admin-openrc
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin- 创建neutron service
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696- 下载(
self-service networks)
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch ebtables -y- 配置(
self-service networks)
vi /etc/neutron/neutron.conf[DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:123456@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [database] connection = mysql+pymysql://neutron:123456@controller/neutron [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = 123456 [nova] auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = 123456 [oslo_concurrency] lock_path = /var/lib/neutron/tmp
- 配置(
self-service networks)
vi /etc/neutron/plugins/ml2/ml2_conf.ini[ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = openvswitch,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vlan] network_vlan_ranges = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true注:
[ml2_type_vlan]并不需要
启动ovs服务
systemctl enable openvswitch && systemctl restart openvswitch
ovs-vsctl add-br br-ex
ovs-vsctl add-port br-ex eth3
ovs-vsctl add-port br-ex eth2
ip a del 192.168.111.142/24 dev eth2
ip a add 192.168.111.142/24 dev br-ex
ip li set br-ex up配置(
self-service networks)
vi /etc/neutron/plugins/ml2/openvswitch_agent.ini[ovs] bridge_mappings = provider:br-ex local_ip = 192.168.111.142 [agent] tunnel_types = vxlan l2_population = True [securitygroup] firewall_driver = iptables_hybrid
- 配置(
self-service networks)
通过验证以下所有sysctl值设置为1:确保您的Linux操作系统内核支持网桥过滤器
vi /etc/sysctl.confnet.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1重启生效:
reboot
立即生效:
modprobe br_netfilter
sysctl -p
引用:br_netfilter 模块开机自动方法
CentOS 7 开机加载内核模块
注:因为openstack已经配置了br_netfilter开机自启动,所以不需要进行开机启动重复配置了
- 配置(
self-service networks)
vi /etc/neutron/l3_agent.ini[DEFAULT] interface_driver = openvswitch external_network_bridge =
- 配置(
self-service networks)
vi /etc/neutron/dhcp_agent.ini[DEFAULT] interface_driver = openvswitch dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true
- 配置
vi /etc/neutron/metadata_agent.ini[DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = 123456
- 配置
vi /etc/nova/nova.conf[neutron] url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = 123456 service_metadata_proxy = true metadata_proxy_shared_secret = 123456
- 数据库
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron- 启动
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service && systemctl start neutron-server.service neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service- 启动(
self-service networks)
systemctl enable neutron-l3-agent.service && systemctl start neutron-l3-agent.service
- neutron(计算节点)
- 下载
yum install openstack-neutron-openvswitch ebtables ipset -y- 配置
vi /etc/neutron/neutron.conf[DEFAULT] transport_url = rabbit://openstack:123456@controller auth_strategy = keystone [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = 123456 [oslo_concurrency] lock_path = /var/lib/neutron/tmp
- 配置(
self-service networks)
vi /etc/neutron/plugins/ml2/openvswitch_agent.ini[ovs] local_ip = 192.168.111.182 [agent] tunnel_types = vxlan l2_population = True
- 配置(
self-service networks)
通过验证以下所有sysctl值设置为1:确保您的Linux操作系统内核支持网桥过滤器
vi /etc/sysctl.confnet.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1重启生效:
reboot
立即生效:
modprobe br_netfilter
sysctl -p
- 配置
vi /etc/nova/nova.conf[neutron] url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = 123456
- 启动
systemctl restart openstack-nova-compute.service- 启动
systemctl enable neutron-openvswitch-agent.service && systemctl start neutron-openvswitch-agent.service- 验证(在控制节点)
openstack network agent list
