OpenStack搭建之Networking(五)
文章
林里克斯
在Linux下搭建OpenStack之Networking
一、实验平台:CentOS Linux release 7.3.1611 (Core)
二、openstack版本:Mitake
三、本机所有IP:内网:192.168.1.2 192.168.1.3
外网:192.168.2.4 192.168.2.5
四、openstack1:192.168.1.2 #控制节点 1 处理器, 4 GB 内存, 及20 GB 存储
五、openstack2:192.168.1.3 #计算节点 1 处理器, 2 GB 内存, 及20 GB 存储
一、网络服务概览
OpenStack Networking(neutron,允许创建、插入接口设备,这些设备由其他的OpenStack服务管理。插件式的实现可以容纳不同的网络设备和软件,为OpenStack架构与部署提供了灵活性。
它包含下列组件:
neutron-server接收和路由API请求到合适的OpenStack网络插件,以达到预想的目的。
OpenStack网络插件和代理 插拔端口,创建网络和子网,以及提供IP地址,这些插件和代理依赖于供应商和技术而不同,OpenStack网络基于插件和代理为Cisco 虚拟和物理交换机、NEC OpenFlow产品,Open vSwitch,Linux bridging以及VMware NSX产品穿线搭桥。
常见的代理
L3(3层),DHCP(动态主机IP地址),以及插件代理。
消息队列大多数的OpenStack Networking安装都会用到,用于在neutron-server和各种各样的代理进程间路由信息。也为某些特定的插件扮演数据库的角色,以存储网络状态
OpenStack网络主要和OpenStack计算交互,以提供网络连接到它的实例。
二、安装并配置控制节点
在配置OpenStack网络(neutron)服务之前,你必须为其创建一个数据库,服务凭证和API端点。
创建neutron数据库:
$ mysql -u root -p CREATE DATABASE neutron;对neutron数据库授予合适的访问权限
> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';获得admin凭证来获取只有管理员能执行的命令的访问权限:
$ . admin-openstack.sh要创建服务证书,完成这些步骤:
创建neutron用户:
$ openstack user create --domain default --password-prompt neutron
User Password: #设置密码,我这里设置为neutron
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 563963f57f154b628814c4e1bc9d2169 |
| enabled | True |
| id | eba2e17858b34672b32e7ae2a8873632 |
| name | neutron |
+-----------+----------------------------------+添加admin 角色到neutron用户: openstack role add --project service --user neutron admin 创建neutron服务实体:
$ openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | e557b61726dc4a62bea05fe71124d662 |
| name | neutron |
| type | network |
+-------------+----------------------------------+创建网络服务API端点:
$ openstack endpoint create --region RegionOne network public http://192.168.1.2:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b831f56ecfc441158d39489018326958 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e557b61726dc4a62bea05fe71124d662 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.1.2:9696 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne network internal http://192.168.1.2:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 8be7f9940f6346d4a7fa7da8efde5235 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e557b61726dc4a62bea05fe71124d662 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.1.2:9696 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne network admin http://192.168.1.2:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b5b23b5a14e44bc5a8d033c6be292545 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e557b61726dc4a62bea05fe71124d662 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.1.2:9696 |
+--------------+----------------------------------+检查neutron是否安装成功
$ neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 663b551a-e0c1-4228-ac9e-35ea07bd7b85 | Metadata agent | openstack1 | | :-) | True | neutron-metadata-agent |
| bbe1c6d3-f5ef-4f77-b8c2-dad601aa1f69 | Linux bridge agent | openstack1 | | :-) | True | neutron-linuxbridge-agent |
| dba89587-8675-4b4f-ab30-e5d94d3ea9b0 | DHCP agent | openstack1 | nova | :-) | True | neutron-dhcp-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+网络选项:配置公共网络
安装组件
$ yum -y install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
#neutron和其他组件的小区别是配置完数据库之后不可以马上进行同步,它还依赖其他配置文件编辑/etc/neutron/neutron.conf
$ vim /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://neutron:neutron@192.168.1.2/neutron #配置数据库访问
[DEFAULT]
core_plugin = ml2 #动ML2插件
service_plugins = #service_plugins等号后面什么都不写就是禁用其他插件
rpc_backend = rabbit #配置RabbitMQ消息队列的连接
auth_strategy = keystone #配置认证服务访问
notify_nova_on_port_status_changes = True #配置网络服务来通知计算节点的网络拓扑变化
notify_nova_on_port_data_changes = True #配置网络服务来通知计算节点的网络拓扑变化
[oslo_messaging_rabbit] #配置RabbitMQ消息队列的连接
rabbit_host = 192.168.1.2
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken] #配置认证服务访问
auth_uri = http://192.168.1.2:5000
auth_url = http://192.168.1.2:35357
memcached_servers = 192.168.1.2:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[nova] #配置网络服务来通知计算节点的网络拓扑变化
auth_url = http://192.168.1.2:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nov
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp #配置锁路径配置Modular Layer 2 (ML2)插件
编辑/etc/neutron/plugins/ml2/ml2\_conf.ini
$ vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan #启用flat和VLAN网络
tenant_network_types = #禁用私有网络
mechanism_drivers = linuxbridge #启用Linuxbridge机制
extension_drivers = port_security #启用端口安全扩展驱动
[ml2_type_flat]
flat_networks = provider #配置公共虚拟网络为flat网络
[securitygroup]
enable_ipset = True #启用ipset增加安全组规则的高效性配置Linuxbridge代理
编辑/etc/neutron/plugins/ml2/linuxbridge\_agent.ini
$ vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eth0 #将公共虚拟网络和公共物理网络接口对应起来
#我这里给的是主机模式eth0网卡
[vxlan]
enable_vxlan = False #禁止VXLAN覆盖网络
[securitygroup] #启用安全组并配置 Linuxbridge iptables firewall driver
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver配置DHCP代理
编辑/etc/neutron/dhcp\_agent.ini
$ vim /etc/neutron/dhcp_agent.ini
[DEFAULT] #配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据,这样在公共网络上的实例就可以通过网络来访问元数据
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver #虚拟接口驱动,使用Linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq #dhcp驱动,默认使用Dnsmasq(是一个小的开源项目)来提供dhcp服务
enable_isolated_metadata = True #刷新路由使用配置元数据代理
编辑/etc/nova/nova.conf
$ vim /etc/nova/nova.conf
[DEFAULT] #配置元数据主机以及共享密码
nova_metadata_ip = 192.168.1.2
metadata_proxy_shared_secret = redhat为计算节点配置网络服务 编辑/etc/nova/nova.conf
$ vim /etc/nova/nova.conf
[neutron] #配置访问参数,启用元数据代理并设置密码
url = http://192.168.1.2:9696
auth_url = http://192.168.1.2:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = redhat #配置元数据哪里设置的密钥网络服务初始化脚本需要一个超链接/etc/neutron/plugin.ini指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2\_conf.ini。如果超链接不存在,使用下面的命令创建它:
$ ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini同步数据库:
$ su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
> --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
No handlers could be found for logger "oslo_config.cfg"
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Running upgrade for neutron ...
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade -> kilo, kilo_initial
INFO [alembic.runtime.migration] Running upgrade kilo -> 354db87e3225, nsxv_vdr_metadata.py
INFO [alembic.runtime.migration] Running upgrade 354db87e3225 -> 599c6a226151, neutrodb_ipam
INFO [alembic.runtime.migration] Running upgrade 599c6a226151 -> 52c5312f6baf, Initial operations in support of address scopes
INFO [alembic.runtime.migration] Running upgrade 52c5312f6baf -> 313373c0ffee, Flavor framework
INFO [alembic.runtime.migration] Running upgrade 313373c0ffee -> 8675309a5c4f, network_rbac
INFO [alembic.runtime.migration] Running upgrade 8675309a5c4f -> 45f955889773, quota_usage
INFO [alembic.runtime.migration] Running upgrade 45f955889773 -> 26c371498592, subnetpool hash
INFO [alembic.runtime.migration] Running upgrade 26c371498592 -> 1c844d1677f7, add order to dnsnameservers
INFO [alembic.runtime.migration] Running upgrade 1c844d1677f7 -> 1b4c6e320f79, address scope support in subnetpool
INFO [alembic.runtime.migration] Running upgrade 1b4c6e320f79 -> 48153cb5f051, qos db changes
INFO [alembic.runtime.migration] Running upgrade 48153cb5f051 -> 9859ac9c136, quota_reservations
INFO [alembic.runtime.migration] Running upgrade 9859ac9c136 -> 34af2b5c5a59, Add dns_name to Port
INFO [alembic.runtime.migration] Running upgrade 34af2b5c5a59 -> 59cb5b6cf4d, Add availability zone
INFO [alembic.runtime.migration] Running upgrade 59cb5b6cf4d -> 13cfb89f881a, add is_default to subnetpool
INFO [alembic.runtime.migration] Running upgrade 13cfb89f881a -> 32e5974ada25, Add standard attribute table
INFO [alembic.runtime.migration] Running upgrade 32e5974ada25 -> ec7fcfbf72ee, Add network availability zone
INFO [alembic.runtime.migration] Running upgrade ec7fcfbf72ee -> dce3ec7a25c9, Add router availability zone
INFO [alembic.runtime.migration] Running upgrade dce3ec7a25c9 -> c3a73f615e4, Add ip_version to AddressScope
INFO [alembic.runtime.migration] Running upgrade c3a73f615e4 -> 659bf3d90664, Add tables and attributes to support external DNS integration
INFO [alembic.runtime.migration] Running upgrade 659bf3d90664 -> 1df244e556f5, add_unique_ha_router_agent_port_bindings
INFO [alembic.runtime.migration] Running upgrade 1df244e556f5 -> 19f26505c74f, Auto Allocated Topology - aka Get-Me-A-Network
INFO [alembic.runtime.migration] Running upgrade 19f26505c74f -> 15be73214821, add dynamic routing model data
INFO [alembic.runtime.migration] Running upgrade 15be73214821 -> b4caf27aae4, add_bgp_dragent_model_data
INFO [alembic.runtime.migration] Running upgrade b4caf27aae4 -> 15e43b934f81, rbac_qos_policy
INFO [alembic.runtime.migration] Running upgrade 15e43b934f81 -> 31ed664953e6, Add resource_versions row to agent table
INFO [alembic.runtime.migration] Running upgrade 31ed664953e6 -> 2f9e956e7532, tag support
INFO [alembic.runtime.migration] Running upgrade 2f9e956e7532 -> 3894bccad37f, add_timestamp_to_base_resources
INFO [alembic.runtime.migration] Running upgrade 3894bccad37f -> 0e66c5227a8a, Add desc to standard attr table
INFO [alembic.runtime.migration] Running upgrade kilo -> 30018084ec99, Initial no-op Liberty contract rule.
INFO [alembic.runtime.migration] Running upgrade 30018084ec99 -> 4ffceebfada, network_rbac
INFO [alembic.runtime.migration] Running upgrade 4ffceebfada -> 5498d17be016, Drop legacy OVS and LB plugin tables
INFO [alembic.runtime.migration] Running upgrade 5498d17be016 -> 2a16083502f3, Metaplugin removal
INFO [alembic.runtime.migration] Running upgrade 2a16083502f3 -> 2e5352a0ad4d, Add missing foreign keys
INFO [alembic.runtime.migration] Running upgrade 2e5352a0ad4d -> 11926bcfe72d, add geneve ml2 type driver
INFO [alembic.runtime.migration] Running upgrade 11926bcfe72d -> 4af11ca47297, Drop cisco monolithic tables
INFO [alembic.runtime.migration] Running upgrade 4af11ca47297 -> 1b294093239c, Drop embrane plugin table
INFO [alembic.runtime.migration] Running upgrade 1b294093239c -> 8a6d8bdae39, standardattributes migration
INFO [alembic.runtime.migration] Running upgrade 8a6d8bdae39 -> 2b4c2465d44b, DVR sheduling refactoring
INFO [alembic.runtime.migration] Running upgrade 2b4c2465d44b -> e3278ee65050, Drop NEC plugin tables
INFO [alembic.runtime.migration] Running upgrade e3278ee65050 -> c6c112992c9, rbac_qos_policy
INFO [alembic.runtime.migration] Running upgrade c6c112992c9 -> 5ffceebfada, network_rbac_external
INFO [alembic.runtime.migration] Running upgrade 5ffceebfada -> 4ffceebfcdc, standard_desc
OK重启计算API服务:
$ systemctl restart openstack-nova-api.service当系统启动时,启动 Networking 服务并配置它启动
$ systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
$ systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service三、安装和配置计算节点
安装包
$ yum -y install openstack-neutron-linuxbridge ebtables ipset编辑/etc/neutron/neutron.conf
$ vim /etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit #配置RabbitMQ消息队列的连接
auth_strategy = keystone #配置认证服务访问
[oslo_messaging_rabbit] #配置RabbitMQ消息队列的连接
rabbit_host = 192.168.1.2
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken] #配置认证服务访问
auth_uri = http://192.168.1.2:5000
auth_url = http://192.168.1.2:35357
memcached_servers = 192.168.1.2:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp #配置锁路径配置Linuxbridge代理
编辑/etc/neutron/plugins/ml2/linuxbridge\_agent.ini
$ vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eth0 #将公共虚拟网络和公共物理网络接口对应起来
#我这里给的是主机模式eth0网卡
[vxlan]
enable_vxlan = False #禁止VXLAN覆盖网络
[securitygroup] #启用安全组并配置 Linuxbridge iptables firewall driver
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver为计算节点配置网络服务 编辑/etc/nova/nova.conf
$ vim /etc/nova/nova.conf
[neutron]
url = http://192.168.1.2:9696
auth_url = http://192.168.1.1:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron重启计算服务:
$ systemctl restart openstack-nova-compute.service启动Linuxbridge代理并配置它开机自启动:
$ systemctl enable neutron-linuxbridge-agent.service
$ systemctl start neutron-linuxbridge-agent.service四、验证操作
获得admin凭证来获取只有管理员能执行的命令的访问权限:
在控制节点上执行这些命令。
$ . admin-openstack.sh列出加载的扩展来验证neutron-server进程是否正常启动:
$ neutron ext-list
+---------------------------+-----------------------------------------------+
| alias | name |
+---------------------------+-----------------------------------------------+
| default-subnetpools | Default Subnetpools |
| availability_zone | Availability Zone |
| network_availability_zone | Network Availability Zone |
| auto-allocated-topology | Auto Allocated Topology Services |
| binding | Port Binding |
| agent | agent |
| subnet_allocation | Subnet Allocation |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| tag | Tag support |
| external-net | Neutron external network |
| net-mtu | Network MTU |
| network-ip-availability | Network IP Availability |
| quotas | Quota management support |
| provider | Provider Network |
| multi-provider | Multi Provider Network |
| address-scope | Address scope |
| timestamp_core | Time Stamp Fields addition for core resources |
| extra_dhcp_opt | Neutron Extra DHCP opts |
| security-group | security-group |
| rbac-policies | RBAC Policies |
| standard-attr-description | standard-attr-description |
| port-security | Port Security |
| allowed-address-pairs | Allowed Address Pairs |
+---------------------------+-----------------------------------------------+$ neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 558eebbe-7f5c-42b4-9e5d-5ccbc45324b3 | Linux bridge agent | openstack2 | |/:-) | True | neutron-linuxbridge-agent |
| 663b551a-e0c1-4228-ac9e-35ea07bd7b85 | Metadata agent | openstack1 | |/:-) | True | neutron-metadata-agent |
| bbe1c6d3-f5ef-4f77-b8c2-dad601aa1f69 | Linux bridge agent | openstack1 | |/:-) | True | neutron-linuxbridge-agent |
| dba89587-8675-4b4f-ab30-e5d94d3ea9b0 | DHCP agent | openstack1 | nova |/:-) | True | neutron-dhcp-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
#确保命令列出来的都一致,如果缺了一个有问题,需要排除。
#如果网卡名字不对,也会导致缺少一个Over ~
版权协议须知!
本篇文章来源于 Uambiguous ,如本文章侵犯到任何版权问题,请立即告知本站,本站将及时予与删除并致以最深的歉意
1290 0 2017-01-17
博主卡片
运维时间
搭建这个平台,只为分享及记载自己所遇之事和难题。
现在时间 2024-12-28
今日天气
站点统计
- 文章总数:241篇
- 分类总数:29个
- 评论总数:12条
- 本站总访问量 353258 次
@xiaozi 最后的分享的镜像下载地址打不开 服务器没有开机吗?
@yuanyuan 为什么我的4b安装centos7.9 插上tf卡 显示不兼...
@Wong arrhenius 牛比
@MakerFace 厉害了!
@TongSir 老哥 更新下我的友链链接 https://blog.ton...