RDO部署openstack（2）

配置ML2和VXLAN

 

1. 安装和配置Neutron ML2 框架

(1) 安装在控制节点上（运行Neutron-server的节点）

service neutron-server stop

yum install openstack-neutron-ml2 python-pyudev -y

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini -f

(2) 配置ML2参数

crudini --set /etc/neutron/neutron.conf DEFAULT core_plugin neutron.plugins.ml2.plugin.Ml2Plugin

# 启用L3路由服务，这里还可以在后面增加LBaaS、VPNaaS、FWaaS插件，插件间用逗号分隔即可。

crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins neutron.services.l3_router.l3_router_plugin.L3RouterPlugin

# 启动Mechanism插件，默认启用了OpenvSwitch，LinuxBridge和L2Population。

crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch,linuxbridge,l2population

# 启动Type插件，目前默认支持local、flat、vlan、gre、vxlan。

crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers local,flat,vlan,gre,vxlan

# 租户网络类型，这边我们选择vxlan

crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan

# 数据库配置，可直接参考/etc/neutron/neutron.conf

crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini database sql_connection mysql://neutron:<password>@<host>/neutron_ml2

# 防火墙驱动

crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

# 给每类Type插件，定义参数

crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vlan network_vlan_ranges <same range syntax as openvswitch>

crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks <list of physical_networks or *>

crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre tunnel_id_ranges <list of ranges>

# 这里我们为vxlan配置vni范围，在1:10000。

crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:10000

(3) 数据库初始化

mysql -e "drop database if exists neutron_ml2;"

mysql -e "create database neutron_ml2 character set utf8;"

mysql -e "grant all on neutron_ml2.* to 'neutron'@'%';"

neutron-db-manage --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head

service neutron-server start

(4) 在网络节点和计算节点上配置

/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini:

[ovs]

tunnel_id_ranges=1:10000

tenant_network_type=vxlan

enable_tunneling=True

tunnel_type = vxlan

local_ip = 192.168.188.136

 

[agent]

 

tunnel_types = vxlan

l2_population = True

service neutron-openvswitch-agent restart

(5) 配置IPtables策略，开放vxlan端口

/etc/sysconfig/iptables:

-A INPUT -p udp --dport 4789 -j ACCEPT