Openstack配置手册-05实现Neutron-3节点配置

     ------------+---------------------------+---------------------------+------------
                 |                           |                           |
             eth0|192.168.10.11          eth0|192.168.10.13          eth0|192.168.10.12
     +-----------+-----------+   +-----------+-----------+   +-----------+-----------+
     |    [ Control Node ]   |   |    [ Network Node ]   |   |    [ Compute Node ]   |
     |   [node1.1000cc.net]  |   |   [node3.1000cc.net]  |   |   [node2.1000cc.net]  |
     |  MariaDB    RabbitMQ  |   |      Open vSwitch     |   |        Libvirt        |
     |  Memcached  httpd     |   |        L2 Agent       |   |     Nova Compute      |
     |  Keystone   Glance    |   |        L3 Agent       |   |      Open vSwitch     |
     |  Nova API             |   |     Metadata Agent    |   |        L2 Agent       |
     |  Neutron Server       |   |                       |   |                       |
     |  Metadata Agent       |   |                       |   |                       |
     +-----------------------+   +-----------------------+   +-----------------------+

[root@node1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword neutron
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 1be75e85ec9445ab9ff7dd7ec2f02b71 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 1ea899f4e2e942e0aed545288ed38218 |
| name                | neutron                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

[root@node1 ~(keystone)]# openstack role add --project service --user neutron admin

[root@node1 ~(keystone)]# openstack service create --name neutron --description "OpenStack Networking service" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking service     |
| enabled     | True                             |
| id          | 5ac54390f4824302a60e48fbf7d0842f |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+

# 设定endpoint信息
[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne network public http://192.168.10.11:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 107537cd8cb247cbb00cb83bf918fd86 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 5ac54390f4824302a60e48fbf7d0842f |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://192.168.10.11:9696        |
+--------------+----------------------------------+

[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne network internal http://192.168.10.11:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | cc980ece31d04b3aa1495f3e468c3d68 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 5ac54390f4824302a60e48fbf7d0842f |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://192.168.10.11:9696        |
+--------------+----------------------------------+

[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne network admin http://192.168.10.11:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 29c14dc0c8ac4637a5fd135a4bc5c3b4 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 5ac54390f4824302a60e48fbf7d0842f |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://192.168.10.11:9696        |
+--------------+----------------------------------+

[root@node1 ~(keystone)]# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 55
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database neutron_ml2;
Query OK, 1 row affected (0.01 sec)

MariaDB [(none)]> grant all privileges on neutron_ml2.* to neutron@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on neutron_ml2.* to neutron@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

1) 安装Neutron Service到控制节点
[root@node1 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-neutron openstack-neutron-ml2  -y

2) 配置Neutron主配置文件
[root@node1 ~(keystone)]# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@node1 ~(keystone)]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
dhcp_agent_notification = True
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True

transport_url = rabbit://openstack:password@192.168.10.11

[keystone_authtoken]
www_authenticate_uri = http://192.168.10.11:5000
auth_url = http://192.168.10.11:5000
memcached_servers = 192.168.10.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = servicepassword

[database]
connection = mysql+pymysql://neutron:password@192.168.10.11/neutron_ml2

[nova]
auth_url = http://192.168.10.11:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = servicepassword

[oslo_concurrency]
lock_path = $state_path/tmp

[root@node1 ~(keystone)]# chmod 640 /etc/neutron/neutron.conf
[root@node1 ~(keystone)]# chgrp neutron /etc/neutron/neutron.conf

3) 配置metadata_agent
[root@node1 ~(keystone)]# vim /etc/neutron/metadata_agent.ini
# 修改22行,指定Nova AIP
nova_metadata_host = 192.168.10.11

# 取消34行注释,并指定共享秘钥
metadata_proxy_shared_secret = qyy_openstack

# 取消260行注释,并指定Memcache Server
memcache_servers = 192.168.10.11:11211

4) 配置ml2
[root@node1 ~(keystone)]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于129行,[ml2]区段下添加如下内容
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security

5) 配置nova
[root@node1 ~(keystone)]# vim /etc/nova/nova.conf
# 于[DEFAULT]区段下添加如下内容
......
......
......
......
......
......

use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver

......
......
......
......
......
......

# 于文件最后，添加Neutron认证信息及设定认证共享密码
[neutron]
auth_url = http://192.168.10.11:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = servicepassword
service_metadata_proxy = True
metadata_proxy_shared_secret = qyy_openstack

5) SElinux设定及防火墙设定
[root@node1 ~(keystone)]# setsebool -P neutron_can_network on
[root@node1 ~(keystone)]# setsebool -P daemons_enable_cluster_mode on
[root@node1 ~(keystone)]# yum --enablerepo=centos-openstack-queens install openstack-selinux -y

[root@node1 ~(keystone)]# firewall-cmd --add-port=9696/tcp --permanent
success
[root@node1 ~(keystone)]# firewall-cmd --reload
success

6) 启动Neutron服务
[root@node1 ~(keystone)]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@node1 ~(keystone)]# su -s /bin/bash neutron -c "neutron-db-manage \
--config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugin.ini upgrade head"

[root@node1 ~(keystone)]# systemctl enable --now neutron-server neutron-metadata-agent
[root@node1 ~(keystone)]# systemctl restart openstack-nova-api

1) 安装Neurton
[root@node3 ~]# yum --enablerepo=centos-openstack-queens,epel install \
openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch libibverbs -y

2) 配置Neurton
[root@node3 ~]# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@node3 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = True

transport_url = rabbit://openstack:password@192.168.10.11

[keystone_authtoken]
www_authenticate_uri = http://192.168.10.11:5000
auth_url = http://192.168.10.11:5000
memcached_servers = 192.168.10.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = servicepassword

[oslo_concurrency]
lock_path = $state_path/lock

[root@node3 ~]# chmod 640 /etc/neutron/neutron.conf
[root@node3 ~]# chgrp neutron /etc/neutron/neutron.conf

3) 配置L3
[root@node3 ~]# vim /etc/neutron/l3_agent.ini
# 于17行，添加如下内容
interface_driver = openvswitch

4) 配置dhcp_agent
[root@node3 ~]# vim /etc/neutron/dhcp_agent.ini
# 于17行，添加如下内容
interface_driver = openvswitch

# 取消28行注释
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

# 取消37行注释,并改为如下内容
enable_isolated_metadata = true

5) 配置metadata_agent
[root@node3 ~]# vim /etc/neutron/metadata_agent.ini
# 取消22行注释,并指定Nova API
nova_metadata_host = 192.168.10.11

# 取消34行注释,并指定共享密码
metadata_proxy_shared_secret = qyy_openstack

# 取消260行注释,并指定Memcached信息
memcache_servers = 192.168.10.11:11211

6) 配置ML2
[root@node3 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于129行，添加所支持的驱动及相关信息
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security

7) 配置OVS
[root@node3 ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
# 于307行，如下内容
[securitygroup]
firewall_driver = openvswitch
enable_security_group = true
enable_ipset = true

8) SELinux设置
[root@node3 ~]# setsebool -P neutron_can_network on
[root@node3 ~]# setsebool -P haproxy_connect_any on
[root@node3 ~]# setsebool -P daemons_enable_cluster_mode on
[root@node3 ~]# yum --enablerepo=centos-openstack-queens install openstack-selinux -y

9) 启动Neutron服务
[root@node3 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@node3 ~]# systemctl enable --now openvswitch
[root@node3 ~]# ovs-vsctl add-br br-int
[root@node3 ~]# systemctl enable --now neutron-dhcp-agent neutron-l3-agent \
neutron-metadata-agent neutron-openvswitch-agent

1) 安装Neutron组件
[root@node2 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-neutron \
openstack-neutron-ml2 openstack-neutron-openvswitch -y

2) 配置Neutron
[root@node2 ~]# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@node2 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = True

transport_url = rabbit://openstack:password@192.168.10.11

[keystone_authtoken]
www_authenticate_uri = http://192.168.10.11:5000
auth_url = http://192.168.10.11:5000
memcached_servers = 192.168.10.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = servicepassword

[oslo_concurrency]
lock_path = $state_path/lock

[root@node2 ~]# chmod 640 /etc/neutron/neutron.conf
[root@node2 ~]# chgrp neutron /etc/neutron/neutron.conf

3) 配置ML2
[root@node2 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于129行添加如下内容
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security

4) 配置ovs
[root@node2 ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
# 于307行添加如下内容
[securitygroup]
firewall_driver = openvswitch
enable_security_group = true
enable_ipset = true

5) 配置nova
[root@node2 ~]# vim /etc/nova/nova.conf
# 于[DEFAULT]区段添加如下内容
......
......
......
......
......
......

use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
vif_plugging_is_fatal = True
vif_plugging_timeout = 300

......
......
......
......
......
......

# 于文件尾部,添加如下内容
[neutron]
auth_url = http://192.168.10.11:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = servicepassword
service_metadata_proxy = True
metadata_proxy_shared_secret = qyy_openstack

7) SELinux配置
[root@node2 ~]# setsebool -P neutron_can_network on
[root@node2 ~]# setsebool -P daemons_enable_cluster_mode on
[root@node2 ~]# yum --enablerepo=centos-openstack-queens install openstack-selinux -y

8) 启动Neutron服务
[root@node2 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@node2 ~]# systemctl enable --now openvswitch
[root@node2 ~]# ovs-vsctl add-br br-int
[root@node2 ~]# systemctl restart openstack-nova-compute
[root@node2 ~]# systemctl enable --now neutron-openvswitch-agent