zoukankan      html  css  js  c++  java
  • OpenStack:安装Neutron与provider network

    1. 安装
    (1)Install Networking services on a dedicated network node
    # apt-get install neutron-server neutron-dhcp-agent neutron-plugin-openvswitch-agent
    不需要L3Agent
    删除sqlite
    rm -f /var/lib/neutron/neutron.sqlite

    编辑/etc/sysctl.conf, Enable packet forwarding and disable packet destination filtering
    net.ipv4.ip_forward=1
    net.ipv4.conf.all.rp_filter=0
    net.ipv4.conf.default.rp_filter=0

    重新加载
    # sysctl -p
    # service networking restart
    如果不行,则
    # /etc/init.d/networking restart
    2. 创建db
    create database neutron;
    grant all privileges on neutron.* to 'neutron'@'%' identified by 'openstack';
    grant all privileges on neutron.* to 'neutron'@'localhost' identified by 'openstack';

    3. 创建user, role
    # keystone user-create --name=neutron --pass=openstack
    # keystone user-role-add --user=neutron --tenant=service --role=admin

    4. 配置:
    (1)配置/etc/neutron/neutron.conf :
    [DEFAULT]
    core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
    auth_strategy=keystone
    control_exchange = neutron
    rabbit_host = controller
    rabbit_userid = guest
    rabbit_password = openstack
    notification_driver = neutron.openstack.common.notifier.rabbit_notifier

    [database]
    connection = mysql://neutron:openstack@controller/neutron

    [keystone_authtoken]
    auth_uri = http://controller:35357
    auth_host = controller
    auth_port = 35357
    auth_protocol = http
    admin_tenant_name = service
    admin_user = neutron
    admin_password = openstack

    (2)配置/etc/neutron/api-paste.ini:
    [filter:authtoken]
    paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
    auth_uri = http://controller:35357
    auth_host = controller
    auth_port = 35357
    admin_tenant_name = service
    admin_user = neutron
    admin_password = openstack

    警告:Warning
    keystoneclient.middleware.auth_token: You must configure auth_uri to point to the public identity endpoint. Otherwise, clients might not be able to authenticate against an admin endpoint.

    (3)配置/etc/neutron/dhcp_agent.ini
    dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

    (4)配置 /etc/nova/nova.conf, 回头关联nova
    [DEFAULT]
    neutron_metadata_proxy_shared_secret = openstack
    service_neutron_metadata_proxy = true

    network_api_class=nova.network.neutronv2.api.API

    neutron_admin_username=neutron
    neutron_admin_password=openstack
    neutron_admin_auth_url=http://controller:35357/v2.0/
    neutron_auth_strategy=keystone
    neutron_admin_tenant_name=service
    neutron_url=http://controller:9696/

    需要重启:
    # service nova-api restart

    (5)配置/etc/neutron/metadata_agent.ini
    [DEFAULT]
    auth_url = http://controller:35357/v2.0
    auth_region = regionOne
    admin_tenant_name = service
    admin_user = neutron
    admin_password = openstack
    nova_metadata_ip = controller
    metadata_proxy_shared_secret = openstack

    5. 注册service, endpoint:
    # keystone service-create
    --name=neutron --type=network
    --description="OpenStack Networking Service"

    # keystone endpoint-create
    --service-id 455075d2fb9540ac864c345109c291cf
    --publicurl http://controller:9696
    --adminurl http://controller:9696
    --internalurl http://controller:9696

    -------------------------------------------------------------------
    >在Network Node安装Neutron
    0. 安装OVS
    知道3种interface
    MGMI_INTERFACE: 管理接口, 使用eth1, 一般要关闭
    DATA_INTERFACE: 数据接口, 使用eth1
    EXTERNAL_INTERFACE: 外部接口, 使用eth0, 如果有多ISP,都绑定于该interface.
    (1) 安装
    # apt-get install neutron-plugin-openvswitch-agent
    # ovs-vsctl add-br br-int
    br-int是OVS连接VM必需的, 至于br-ex根据网络拓扑需要, 在flat网络则不用.

    (2) 配置 /etc/neutron/dhcp_agent.ini
    [DEFAULT]
    enable_isolated_metadata = True
    interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
    use_namespaces = False
    其中use_namespaces根据需要设定,如果是flat应该没有必要吧?
    需要重启
    # service neutron-dhcp-agent restart

    (3)配置/etc/neutron/neutron.conf, 设置OVS
    core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2

    (4)配置/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini, 设置firewall_driver
    [securitygroup]
    # Firewall driver for realizing neutron security group function.
    firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

    [ovs]
    tenant_network_type = none
    enable_tunneling = False
    network_vlan_ranges = physnet0, physnet1
    bridge_mappings = physnet0:br-eth0, physnet1:br-eth1
    则需要创建

    (5)重启
    # service openvswitch-switch restart(只在安装后重启一次即可,不能重启)
    # service neutron-plugin-openvswitch-agent restart
    -------------------------------------------------------------------

    8. 重启neutron服务.
    service neutron-server restart
    service neutron-dhcp-agent restart
    service neutron-metadata-agent restart
    service neutron-plugin-openvswitch-agent restart

    ======================================
    配置网络:

    (1)执行下述ovs命令
    # ovs-vsctl add-br br-eth0
    # ovs-vsctl add-port br-eth0 eth0
    # ovs-vsctl add-br br-eth1
    # ovs-vsctl add-port br-eth1 eth1

    (2)配置interfaces
    openstack@openstack:~$ cat /etc/network/interfaces
    # This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).

    # The loopback network interface
    auto lo
    iface lo inet loopback

    auto eth0
    iface eth0 inet manual
            up ifconfig eth0 0.0.0.0 promisc up
            down ifconfig eth0 down

    auto br-eth0
    iface br-eth0 inet static
            address 192.168.2.3
            netmask 255.255.255.0
            gateway 192.168.2.2
            dns-nameservers 192.168.2.2

    auto eth1
    iface eth1 inet manual
            up ifconfig eth1 0.0.0.0 promisc up
            down ifconfig eth1 down

    auto br-eth1
    iface br-eth1 inet static
            address 10.0.0.3
            netmastk 255.255.255.0

    一旦声明 bridge_ports eth0,就不能再声明iface eth0, 否则Linux启动会报网络错误.
    -----------------------------------------------
    关闭gro
    ethtool -k eth0
    ethtool -K eth0 gro off
    ethtool -k eth1
    ethtool -K eth1 gro off
    ------------------------------------------------

  • 相关阅读:
    学习PyQt5(二):PyQt5布局管理
    学习PyQt5(一):安装PyQt5以及在PyCharm上配置PyQt5
    Day037--Python--线程的其他方法,GIL, 线程事件,队列,线程池,协程
    Day036--Python--线程
    Day035--Python--管道, Manager, 进程池, 线程切换
    Day034--Python--锁, 信号量, 事件, 队列, 生产者消费者模型, joinableQueue
    Day033--Python--进程
    Day032--Python--操作系统, process进程
    Day30--Python--struct, socketserver
    Day29--Python--缓冲区, 粘包
  • 原文地址:https://www.cnblogs.com/zolo/p/5849199.html
Copyright © 2011-2022 走看看