7. 安装neutron（计算节点）— OpenStack Queens 三节点部署

本操作在计算节点上完成

安装neutron软件包

使用OVS作为虚拟交换机

root@compute:~# apt -y install neutron-common neutron-plugin-ml2 neutron-openvswitch-agent

修改neutron配置文件

由于官方配置文件修改较为麻烦，这里直接创建一个新的配置文件

root@compute:~# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.org
root@compute:~# vi /etc/neutron/neutron.conf

# 添加以下内容，保存退出
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = True
transport_url = rabbit://openstack:root@controller

[agent]
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = root

[oslo_concurrency]
lock_path = $state_path/tmp

因为配置文件是新建的，这里把权限加回去

root@compute:~# chmod 640 /etc/neutron/neutron.conf
root@compute:~# chgrp neutron /etc/neutron/neutron.conf

修改二层插件配置

root@compute:~# vi /etc/neutron/plugins/ml2/ml2_conf.ini

# 第129行：添加相应设置（tenant_network_types设置暂时留空，之后会设置）

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security

# 第262行：去掉注释并添加firewall_driver

enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

# 最后一行：取消注释
enable_ipset = True

修改nova配置文件

root@compute:~# vi /etc/nova/nova.conf

# 把以下设置添加到[DEFAULT]栏目里

use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
vif_plugging_is_fatal = True
vif_plugging_timeout = 300

# 在配置文件最后添加新的栏目并填写以下设置，元数据代理共享密码要跟之前设置的一样

[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = root
service_metadata_proxy = True
metadata_proxy_shared_secret = metadata_secret

创建链接文件、重启服务

创建链接文件

root@compute:~# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

重启服务

root@compute:~# systemctl enable openvswitch-switch neutron-openvswitch-agent
Synchronizing state of openvswitch-switch.service with SysV init with /lib/systemd/systemd-sysv-install...
Executing /lib/systemd/systemd-sysv-install enable openvswitch-switch
Synchronizing state of neutron-openvswitch-agent.service with SysV init with /lib/systemd/systemd-sysv-install...
Executing /lib/systemd/systemd-sysv-install enable neutron-openvswitch-agent

root@compute:~# systemctl restart nova-compute openvswitch-switch neutron-openvswitch-agent

参考

• Server World
• DennisCai's blog