CC00017.CloudOpenStack——|OpenStack&组件.V04|——|OpenStack-controller|
谈炳
一、openstack-neutron:在openstack_controller节点配置1配置先决条件
### --- 创建数据库,完成下列步骤
~~~ 使用root用户连接mysql数据库
[root@controller ~]# mysql -uroot -p
Enter password: 123456### --- 创建neutron数据库
MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.00 sec)### --- 创建数据库用户neutron,并授予neutron用户对neutron数据库完全控制权限
~~~ 退出数据库连接
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
Query OK, 0 rows affected (0.00 sec)### --- 执行admin环境变量脚本
[root@controller ~]# source admin-openrc.sh### --- 在认证服务中创建网络服务的认证信息,完成下列步骤:
~~~ 创建neutron用户
[root@controller ~]# keystone user-create --name neutron --pass NEUTRON_PASS
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 0e2c1cbe865742a7be0ce02f3bb9227d |
| name | neutron |
| username | neutron |
+----------+----------------------------------+### --- 连接neutron用户到service租户和admin角色
[root@controller ~]# keystone user-role-add --user neutron --tenant service --role admin### --- 创建neutron服务
[root@controller ~]# keystone service-create --name neutron --type network --description "OpenStack Networking"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 2a780bab744f4af9bf53af14b125a444 |
| name | neutron |
| type | network |
+-------------+----------------------------------+[root@controller ~]# keystone endpoint-create \
> --service-id $(keystone service-list | awk '/ network / {print $2}') \
> --publicurl http://controller.nice.com:9696 \
> --adminurl http://controller.nice.com:9696 \
> --internalurl http://controller.nice.com:9696 \
> --region regionOne
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://controller.nice.com:9696 |
| id | a1a573e58fbf4635ac6be5e2a44af52c |
| internalurl | http://controller.nice.com:9696 |
| publicurl | http://controller.nice.com:9696 |
| region | regionOne |
| service_id | 2a780bab744f4af9bf53af14b125a444 |
+-------------+----------------------------------+
二、安装网络服务组件
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 python-neutronclient which
Installed:
openstack-neutron.noarch 0:2014.2-5.el7.centos openstack-neutron-ml2.noarch 0:2014.2-5.el7.centos
Dependency Installed:
conntrack-tools.x86_64 0:1.4.2-3.el7 dnsmasq-utils.x86_64 0:2.66-12.el7 ipset.x86_64 0:6.19-4.el7 ipset-libs.x86_64 0:6.19-4.el7
libnetfilter_cthelper.x86_64 0:1.0.0-4.el7 libnetfilter_cttimeout.x86_64 0:1.0.0-2.el7 libnetfilter_queue.x86_64 0:1.0.2-2.el7 python-jsonrpclib.noarch 0:0.1.3-1.el7
python-neutron.noarch 0:2014.2-5.el7.centos radvd.x86_64 0:2.7-1.el7.centos
Complete!
三、配置网络服务组件
### --- 编辑/etc/neutron/neutron.conf文件,并完成下列操作:
[root@controller ~]# vim /etc/neutron/neutron.conf
# 编辑[database]小节,配置数据库访问
[database]
......
connection=mysql://neutron:NEUTRON_DBPASS@controller.nice.com/neutron
# 编辑[DEFAULT]
......
rpc_backend=rabbit
rabbit_host=controller.nice.com
rabbit_password=guest
# 编辑[DEFAULT]修改一下认证方式为keystone的方式
......
auth_strategy=keystone
# 编辑[DEFAULT]和[keystone_authtoken]小节,配置认证服务访问:
[DEFAULT]
......
auth_uri=http://controller.nice.com:5000/v2.0
identity_uri=http://controller.nice.com:35357
admin_tenant_name=service
admin_user=neutron
admin_password=NEUTRON_PASS
# 编辑[DEFAULT]小节,启用Modular Layer2(ML2)插件,路由服务和重叠IP地址功能:
[DEFAULT]
......
core_plugin=ml2
service_plugins=router
allow_overlapping_ips=True # 开启安全组设置,相当于云环境的防火墙
# 编辑[DEFAULT]小节,配置当网络拓扑结构发生变化时通知计算服务:
[DEFAULT]
......
notify_nova_on_port_status_changes=True # 开启端口状态,相当于网卡连接部分
notify_nova_on_port_data_changes=True # 开启端口的数据发生变化,状态连接数据
nova_url=http://controller.nice.com:8774/v2 # nova的访问地址
nova_admin_auth_url=http://controller.nice.com:35357/v2.0 # nova下admin的访问地址
nova_region_name=regionOne # nova的可用域
nova_admin_username=nova # nova当前的管理用户
nova_admin_tenant_id=48bee3be288e477889d404a41a0b6f33 # nova的admin管理员用户的ID号
nova_admin_password=NOVA_PASS # nova管理员的密码### --- 通过命令获取SERVICE_TENANT_ID号
[root@controller ~]# source admin-openrc.sh
[root@controller ~]# keystone tenant-get service
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Service Tenant |
| enabled | True |
| id | 48bee3be288e477889d404a41a0b6f33 |
| name | service |
+-------------+----------------------------------+
~~~ ID号获取即可
~~~ (可选)在[DEFAULT]小节中配置详细日志输出,方便排错。
[DEFAULT]
......
verbose=True
四、配置Modular Layer2(ML2)plug-in
### --- 编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件,并完成下列操作:
~~~ 编辑[ml2]小节,启用flat和generic routing encapsulation(GRE)网络类型驱动,
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 配置GRE租户网络和OVS驱动机制。
[ml2]
......
type_drivers=flat,gre # flat是一般网络类型,gre是多租户组网
tenant_network_types=gre # 租户的默认类型为gre,默认使用gre租户组网
mechanism_drivers=openvswitch # 以及我们的组件openvswitch,软件级别的交换,做的功能是负责交换的事情
# 编辑[ml2_type_gre]小节,配置隧道标识范围:
[ml2_type_gre]
......
tunnel_id_ranges=1:1000 # ml2租户使用的ID的范围为1~1000
# 编辑[securitygroup]小节,启用安全组,启用ipset并配置OVS防火墙驱动:
[securitygroup]
......
enable_security_group=True # 开启安全组
enable_ipset=True # 允许ml2相关对它的调试开启
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver # 添加一个防火墙驱动,驱动是固定化的,不需要再去配置
五、配置计算服务使用neutron
### --- 默认情况下,计算服务使用传统网络,我们需要重新配置;把nova和neutron平台结合起来
~~~ 编辑/etc/nova/nova.conf文件,并完成下列操作:
[root@controller ~]# vim /etc/nova/nova.conf
# 编辑[DEFAULT]小节,配置API接口和驱动程序:
[DEFAULT]
......
network_api_class=nova.network.neutronv2.api.API # 网络连接过程的类
security_group_api=neutron # 修改安全组为neutron为用户去提供的
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver # 修改它的驱动类型 //虚拟机的网卡驱动,一般在开启虚拟化的时候会访问网卡驱动是什么
firewall_driver==nova.virt.firewall.NoopFirewallDriver # 设置一下防火墙
# 编辑[neutron]小节,配置访问参数:
[neutron]
......
url=http://controller.nice.com:9696 # 修改neutron的访问路径
auth_strategy=keystone # 修改认证方案
admin_auth_url=http://controller.nice.com:35357/v2.0 # 注意空格,会有报错,曾经auth_strategy=keystone 前多了个空格,导致我无法解析
admin_tenant_name=service # 配置admin租户它的名称
admin_username=neutron # 配置用户名称
admin_password=NEUTRON_PASS # admin的密码
六、完成配置
### --- 为ML2 插件配置文件创建连接文件。默认是不被使用的。所以需要创建软连接
[root@controller ~]#ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
### --- 初始化数据库
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron
INFO [alembic.migration] Running upgrade 544673ac99ab -> juno, juno### --- 进入数据库,检查有没有问题
[root@controller ~]# mysql -uroot -p
MariaDB [(none)]> use neutron
MariaDB [neutron]> show tables;
+-------------------------------------+
| Tables_in_neutron |
+-------------------------------------+
| agents |
| alembic_version |
| allowedaddresspairs |
| arista_provisioned_nets |
| arista_provisioned_tenants |
| arista_provisioned_vms |
| brocadenetworks |
| brocadeports |
| cisco_credentials |
| cisco_csr_identifier_map |
| cisco_hosting_devices |
| cisco_ml2_apic_contracts |
| cisco_ml2_apic_host_links |
| cisco_ml2_apic_names |
| cisco_ml2_nexusport_bindings |
| cisco_n1kv_multi_segments |
| cisco_n1kv_network_bindings |
| cisco_n1kv_port_bindings |
| cisco_n1kv_profile_bindings |
| cisco_n1kv_trunk_segments |
| cisco_n1kv_vlan_allocations |
| cisco_n1kv_vmnetworks |
| cisco_n1kv_vxlan_allocations |
| cisco_network_profiles |
| cisco_policy_profiles |
| cisco_port_mappings |
| cisco_provider_networks |
| cisco_qos_policies |
| cisco_router_mappings |
| consistencyhashes |
| csnat_l3_agent_bindings |
| dnsnameservers |
| dvr_host_macs |
| embrane_pool_port |
| externalnetworks |
| extradhcpopts |
| firewall_policies |
| firewall_rules |
| firewalls |
| floatingips |
| ha_router_agent_port_bindings |
| ha_router_networks |
| ha_router_vrid_allocations |
| healthmonitors |
| hyperv_network_bindings |
| hyperv_vlan_allocations |
| ikepolicies |
| ipallocationpools |
| ipallocations |
| ipavailabilityranges |
| ipsec_site_connections |
| ipsecpeercidrs |
| ipsecpolicies |
| lsn |
| lsn_port |
| maclearningstates |
| members |
| meteringlabelrules |
| meteringlabels |
| ml2_brocadenetworks |
| ml2_brocadeports |
| ml2_dvr_port_bindings |
| ml2_flat_allocations |
| ml2_gre_allocations |
| ml2_gre_endpoints |
| ml2_network_segments |
| ml2_port_bindings |
| ml2_vlan_allocations |
| ml2_vxlan_allocations |
| ml2_vxlan_endpoints |
| mlnx_network_bindings |
| multi_provider_networks |
| network_bindings |
| network_states |
| networkconnections |
| networkdhcpagentbindings |
| networkflavors |
| networkgatewaydevicereferences |
| networkgatewaydevices |
| networkgateways |
| networkqueuemappings |
| networks |
| networksecuritybindings |
| neutron_nsx_network_mappings |
| neutron_nsx_port_mappings |
| neutron_nsx_router_mappings |
| neutron_nsx_security_group_mappings |
| nexthops |
| nuage_net_partition_router_mapping |
| nuage_net_partitions |
| nuage_provider_net_bindings |
| nuage_subnet_l2dom_mapping |
| ofcfiltermappings |
| ofcnetworkmappings |
| ofcportmappings |
| ofcroutermappings |
| ofctenantmappings |
| ovs_network_bindings |
| ovs_tunnel_allocations |
| ovs_tunnel_endpoints |
| ovs_vlan_allocations |
| packetfilters |
| poolloadbalanceragentbindings |
| poolmonitorassociations |
| pools |
| poolstatisticss |
| port_profile |
| portbindingports |
| portinfos |
| portqueuemappings |
| ports |
| portsecuritybindings |
| providerresourceassociations |
| qosqueues |
| quotas |
| router_extra_attributes |
| routerflavors |
| routerl3agentbindings |
| routerports |
| routerproviders |
| routerroutes |
| routerrules |
| routers |
| routerservicetypebindings |
| securitygroupportbindings |
| securitygrouprules |
| securitygroups |
| segmentation_id_allocation |
| servicerouterbindings |
| sessionpersistences |
| subnetroutes |
| subnets |
| tunnelkeylasts |
| tunnelkeys |
| tz_network_bindings |
| vcns_edge_monitor_bindings |
| vcns_edge_pool_bindings |
| vcns_edge_vip_bindings |
| vcns_firewall_rule_bindings |
| vcns_router_bindings |
| vips |
| vpnservices |
+-------------------------------------+
142 rows in set (0.00 sec)### --- 重新启动计算服务:重启nova的API接口,scheduler调度,conductor数据库交互的部分
systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service
~~~ 检查重启后所有服务的状态是否为up状态
[root@controller ~]# nova service-list
+----+------------------+---------------------+----------+---------+-------+----------------------------+-----------------+
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+----+------------------+---------------------+----------+---------+-------+----------------------------+-----------------+
| 1 | nova-consoleauth | controller.nice.com | internal | enabled | up | 2021-01-11T06:30:50.000000 | - |
| 2 | nova-cert | controller.nice.com | internal | enabled | up | 2021-01-11T06:30:50.000000 | - |
| 3 | nova-conductor | controller.nice.com | internal | enabled | up | 2021-01-11T06:30:54.000000 | - |
| 4 | nova-scheduler | controller.nice.com | internal | enabled | up | 2021-01-11T06:30:54.000000 | - |
| 5 | nova-compute | compute1.nice.com | nova | enabled | up | 2021-01-11T06:30:51.000000 | - |
+----+------------------+---------------------+----------+---------+-------+----------------------------+-----------------+### --- 启动网络服务并配置开机自动启动
[root@controller ~]# systemctl enable neutron-server.service
[root@controller ~]# systemctl start neutron-server.service
七、验证
### --- 执行admin环境变量脚本
[root@controller ~]# source admin-openrc.sh### --- 列出加载的扩展模块,确认启动neutron-server进程
[root@controller ~]# neutron ext-list
+-----------------------+-----------------------------------------------+
| alias | name |
+-----------------------+-----------------------------------------------+
| security-group | security-group |
| l3_agent_scheduler | L3 Agent Scheduler |
| ext-gw-mode | Neutron L3 Configurable external gateway mode |
| binding | Port Binding |
| provider | Provider Network |
| agent | agent |
| quotas | Quota management support |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| l3-ha | HA Router extension |
| multi-provider | Multi Provider Network |
| external-net | Neutron external network |
| router | Neutron L3 Router |
| allowed-address-pairs | Allowed Address Pairs |
| extraroute | Neutron Extra Route |
| extra_dhcp_opt | Neutron Extra DHCP opts |
| dvr | Distributed Virtual Router |
+-----------------------+-----------------------------------------------+
类似资料: