1.Controller节点安装neutron
1.1 安装前准备
1.1.1 数据库配置
创建一个neutron数据库,一个neutron用户,NEUTRON_DBPASS设置为自己需要的。
mysql CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
1.1.2 导入管理员认证环境变量
. admin-openrc
1.1.3 创建neutron身份认证
1.创建neutron用户
openstack user create --domain default --password-prompt neutron
2.将neutron赋予管理员权限
openstack role add --project service --user neutron admin
3.创建neutron服务条目
openstack service create --name neutron --description "OpenStack Networking" network
4.创建neutron api访问
openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696
1.2 安装软件包
apt install neutron-server neutron-plugin-ml2 \ neutron-linuxbridge-agent neutron-dhcp-agent \ neutron-metadata-agent
1.3 修改 /etc/neutron/neutron.conf
1.配置数据库,NEUTRON_DBPASS替换成之前设置的
[database] # ... connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
2.启用Modular Layer 2和RabbitMQ ,RABBIT_PASS改成之前设置的
[DEFAULT] # ... core_plugin = ml2 service_plugins = [DEFAULT] # ... transport_url = rabbit://openstack:RABBIT_PASS@controller
3.配置身份认证,NEUTRON_PASS改成之前设置的
[DEFAULT] # ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS
4.配置如下内容使计算节点收到网络变更,NOVA_PASS替换成自己设置的
[DEFAULT] # ... notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [nova] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = NOVA_PASS
1.4 修改/etc/neutron/plugins/ml2/ml2_conf.ini
要修改的内容如下
[ml2] # ... type_drivers = flat,vlan [ml2] # ... tenant_network_types = [ml2] # ... mechanism_drivers = linuxbridge [ml2] # ... extension_drivers = port_security [ml2_type_flat] # ... flat_networks = provider [securitygroup] # ... enable_ipset = true
1.5 修改linuxbridge_agent.ini
绝对路径为:/etc/neutron/plugins/ml2/linuxbridge_agent.ini,把PROVIDER_INTERFACE_NAME替换成provider网卡的名称。
[linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = false [securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver local_ip = 管理网络网卡所在的ip
1.6修改/etc/neutron/dhcp_agent.ini
[DEFAULT] # ... interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true
1.7 修改/etc/neutron/metadata_agent.ini
在这里设置METADATA_SECRET密码
[DEFAULT] # ... nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET
1.8 修改/etc/nova/nova.conf
NEUTRON_PASS 、METADATA_SECRET替换成自己设置的。
[neutron] # ... url = http://controller:9696 auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET
1.9 确认安装
1.迁移数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
2.重启服务
service nova-api restart service neutron-server restart service neutron-linuxbridge-agent restart service neutron-dhcp-agent restart service neutron-metadata-agent restart
2.Compute节点安装neutron
2.1安装软件包
apt install neutron-linuxbridge-agent
2.2 修改配置文件
2.2.1 修改/etc/neutron/neutron.conf
将RABBIT_PASS、NEUTRON_PASS替换成之前设置的。
[DEFAULT] # ... transport_url = rabbit://openstack:RABBIT_PASS@controller [DEFAULT] # ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS
2.2.2 修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini
替换PROVIDER_INTERFACE_NAME为compute节点上provider网卡的名称。
[linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = false [securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver local_ip = 管理网络网卡所在的ip
2.2.3修改/etc/nova/nova.conf
NEUTRON_PASS替换成之前设置的。
[neutron] # ... url = http://controller:9696 auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS
2.3 重启服务
service nova-compute restart service neutron-linuxbridge-agent restart
3.测试是否安装成功
执行如下命令,应该controller节点有三个agent,每个计算节点有一个agent。
root@ubuntu-ControllerNode:/home/ubuntu# openstack network agent list +--------------------------------------+--------------------+-----------------------+-------------------+-------+-------+---------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+--------------------+-----------------------+-------------------+-------+-------+---------------------------+ | 020bc708-0125-4aa1-ae3a-0dd938ac6722 | DHCP agent | ubuntu-ControllerNode | nova | :-) | UP | neutron-dhcp-agent | | 0ffe4c63-6eda-4562-ba50-233938da768a | Linux bridge agent | ubuntu-ControllerNode | None | :-) | UP | neutron-linuxbridge-agent | | 8a61a57d-17f7-4cf6-9f13-5b9b9647c5fc | Metadata agent | ubuntu-ControllerNode | None | :-) | UP | neutron-metadata-agent | | bbfb7301-502d-4deb-9d1b-b41250a06a0c | Linux bridge agent | ubuntu-ComputeNode | None | :-) | UP | neutron-linuxbridge-agent | +--------------------------------------+--------------------+-----------------------+-------------------+-------+-------+---------------------------+