OpenStack install Neutron(网络服务)
2020-09-02虚拟化90root44°c
A+ A-一、Neutron(网络服务)介绍
Neutron为openstack的虚拟机提供网络方面的功能;原来没有neutron这个组件(G版名称是Quantum)的时候,网络的主要功能也是在nova组件里实现的,那时候底层采用的大多是Linux bridge,无法实现灵活组网和高级的网络功能;为此Openstack把网络大部分功能转到了neutron组件来开发实现,但是nova里还有些网络功能被保留,比如虚拟机的网卡方面的功能。其实,Openstack里网络功能是最复杂的功能,很多计算和存储方面的问题都是和网络紧密相关的。连Openstack的官网也说配置neutron是Openstack里最让人感觉繁琐的事情之一。
相对于交换机整个系统来说,Neutron其实是系统平台的位置,提供配置命令及参数检查,并把网络功能用一种逻辑组织起来;但是无论底层的plugin最终是用软件SDN还是硬件交换机来加速,Neutron自身并不提供任何网络功能,它只是一个架子。Neutron的网络功能大部分是Plugin提供的,除了DHCP和L3-agent等的某些部分功能。
Neutron将网络按照三层交换机的概念分为:
Network:相当于交换机根据vlan创建的一个三层接口;
Subnet:相当于交换机创建了一个三层接口地址;
Port:相当于交换机的一个物理端口,但是这个端口有一个MAC地址;
二、yum install neutron(控制节点)
[[email protected] ~]# yum -y install openstack-neutron openstack-neutron-ml2 python-neutronclient openstack-neutron-linuxbridge
三、neutron配置
3.1 设置数据库链接地址
[[email protected] ~]# cd /etc/neutron/[[email protected] neutron]# vim neutron.confconnection = mysql://neutron:[email protected]:3306/neutron
3.2 设置Neutron链接RabbitMQ地址
[[email protected] neutron]# vim neutron.confrabbit_host = 192.168.15.11 rabbit_password = guest rabbit_port = 5672 rabbit_userid = guest rabbit_virtual_host = /
3.3 创建注册用户neutron
[[email protected] ~]# keystone user-create --name neutron --pass neutron+----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | ce0197e8b6884206abe35899e4dacc4a | | name | neutron | | username | neutron | +----------+----------------------------------+ [[email protected] ~]# keystone user-role-add --user neutron --tenant admin --role admin
3.4 设置Neutron链接keystone认证服务地址
[[email protected] neutron]# vim neutron.confauth_strategy = keystone [keystone_authtoken] auth_host = 192.168.15.11 auth_port = 35357 auth_protocol = http admin_tenant_name = admin admin_user = neutron admin_password = neutron
3.5 设置Neutron链接nova计算服务地址
[[email protected] ~]# keystone tenant-list+----------------------------------+-------+---------+ | id | name | enabled | +----------------------------------+-------+---------+ | b94ae73b569e46a6a04fdc02d561865d | admin | True | | 47f0c3604d804bdd97258d4b49b58616 | demo | True | +----------------------------------+-------+---------+ [[email protected] neutron]# vim neutron.confnotify_nova_on_port_status_changes = truenotify_nova_on_port_data_changes = truenova_url = http://192.168.15.11:8774/v2 nova_admin_username = nova nova_admin_tenant_id = b94ae73b569e46a6a04fdc02d561865d nova_admin_password = nova nova_admin_auth_url = http://192.168.15.11:35357/v2.0
3.6 设置Neutron自身网络配置
[[email protected] neutron]# vim neutron.confcore_plugin = ml2 #neutron插件service_plugins = router,lbaas #开启路由和负载功能
3.7 设置Neutron日志文件
[[email protected] neutron]# vim neutron.conf debug = true #开启日志debug开关log_file = neutron log_dir = /var/log/neutron
3.8 设置nova文件内的neutron相关配置
[[email protected] neutron]# vim /etc/nova/nova.confneutron_url=http://192.168.15.11:9696 neutron_admin_username=neutron neutron_admin_password=neutron neutron_admin_tenant_id=b94ae73b569e46a6a04fdc02d561865d #tenant admin idneutron_admin_tenant_name=admin neutron_admin_auth_url=http://192.168.15.11:5000/v2.0 neutron_auth_strategy=keystone#vif_plugging_is_fatal=false#vif_plugging_timeout=10linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver security_group_api=neutron service_plugins = router,firewall,lbaas network_api_class=nova.network.neutronv2.api.API firewall_driver=nova.virt.firewall.NoopFirewallDriver #关闭neutron防火墙vif_driver=nova.virt.libvirt.vif.NeutronLinuxBridgeVIFDriver my_ip=192.168.15.11
3.9 重启nova服务
[[email protected] neutron]# for i in {api,cert,conductor,console,consoleauth,novncproxy,scheduler};do service openstack-nova-$i restart;done
四、创建neutron service 和 endpoint
[[email protected] neutron]# source /root/keystone-admin[[email protected] neutron]# keystone service-create --name neutron --type network+-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | | | enabled | True | | id | ed2c389ae1b942de8f8921f5b41987df | | name | neutron | | type | network | +-------------+----------------------------------+ [[email protected] neutron]# keystone endpoint-create \> --service-id=ed2c389ae1b942de8f8921f5b41987df \ > --publicurl=http://192.168.15.11:9696 \ > --internalurl=http://192.168.15.11:9696 \ > --adminurl=http://192.168.15.11:9696 +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | adminurl | http://192.168.15.11:9696 | | id | 7fd3758c59074e45aece4b49d31b1387 | | internalurl | http://192.168.15.11:9696 | | publicurl | http://192.168.15.11:9696 | | region | regionOne | | service_id | ed2c389ae1b942de8f8921f5b41987df | +-------------+----------------------------------+ [[email protected] neutron]# keystone service-list+----------------------------------+----------+----------+--------------------+ | id | name | type | description | +----------------------------------+----------+----------+--------------------+ | c0fe6a5ef1fb4bbeaf795ea7fef00748 | glance | image | | | e39a683d743340dea051005c3ae35046 | keystone | identity | Openstack Identity | | ed2c389ae1b942de8f8921f5b41987df | neutron | network | | | fa7da98bb9584e48801f0b8716eb762a | nova | compute | | +----------------------------------+----------+----------+--------------------+ [[email protected] neutron]# keystone endpoint-list+----------------------------------+-----------+--------------------------------------------+--------------------------------------------+--------------------------------------------+----------------------------------+ | id | region | publicurl | internalurl | adminurl | service_id | +----------------------------------+-----------+--------------------------------------------+--------------------------------------------+--------------------------------------------+----------------------------------+ | 135732ad0fd34da79cbca5b8fe93b15f | regionOne | http://192.168.15.11:9292 | http://192.168.15.11:9292 | http://192.168.15.11:9292 | c0fe6a5ef1fb4bbeaf795ea7fef00748 | | 4947486d54ed4bd2a0760bec321b9a34 | regionOne | http://192.168.15.11:8774/v2/%(tenant_id)s | http://192.168.15.11:8774/v2/%(tenant_id)s | http://192.168.15.11:8774/v2/%(tenant_id)s | fa7da98bb9584e48801f0b8716eb762a | | 7b923b2e790b43ee8b5be99d5c8262d6 | regionOne | http://192.168.15.11:5000/v2.0 | http://192.168.15.11:5000/v2.0 | http://192.168.15.11:35357/v2.0 | e39a683d743340dea051005c3ae35046 | | 7fd3758c59074e45aece4b49d31b1387 | regionOne | http://192.168.15.11:9696 | http://192.168.15.11:9696 | http://192.168.15.11:9696 | ed2c389ae1b942de8f8921f5b41987df | +----------------------------------+-----------+--------------------------------------------+--------------------------------------------+--------------------------------------------+----------------------------------+
五、Neutron Plufin
Neutron支持很多的网络插件,此次方案使用Linux bridge的flat模式
5.1 Neutron ML2配置
[[email protected] neutron]# cd /etc/neutron/plugins/ml2/[[email protected] neutron]# vim ml2_conf.initype_drivers = flat,vlan,gre,vxlan tenant_network_types = flat,vlan,gre,vxlan # 租户的网络类型mechanism_drivers = linuxbridge,openvswitch # 设置使用什么插件来创建网络flat_networks = physnet1 enable_security_group = True
5.2 Linux bridge配置
[[email protected] ml2]# vim /etc/neutron/plugins/linuxbridge/linuxbridge_conf.ininetwork_vlan_ranges = physnet1 physical_interface_mappings = physnet1:eth0 #物理机ip在eth0网卡firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDrive #配置防火墙驱动enable_security_group = True #开启防火墙
5.3 重启nova-api服务
[[email protected] ml2]# /etc/init.d/openstack-nova-api restart
5.4 修改neutron-server启动脚本
[[email protected] ml2]# vim /etc/init.d/neutron-server 18 "/etc/$prog/plugins/ml2/ml2_conf.ini" \ #18行新增
5.3 neutron启动
[[email protected] ml2]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini[[email protected] ml2]# /etc/init.d/neutron-server start[[email protected] ml2]# /etc/init.d/neutron-linuxbridge-agent start[[email protected] ml2]# chkconfig --add neutron-linuxbridge-agent[[email protected] ml2]# chkconfig --add neutron-server[[email protected] ml2]# chkconfig neutron-linuxbridge-agent on[[email protected] ml2]# chkconfig neutron-server on[[email protected] ml2]# netstat -anpt | grep 9696tcp 0 0 0.0.0.0:9696 0.0.0.0:* LISTEN 9713/python [[email protected] ml2]# neutron agent-list+--------------------------------------+--------------------+------------------+-------+----------------+ | id | agent_type | host | alive | admin_state_up | +--------------------------------------+--------------------+------------------+-------+----------------+ | 666cea97-60eb-4a08-b067-acaf773f8c37 | Linux bridge agent | node1.90root.com | :-) | True | +--------------------------------------+--------------------+------------------+-------+----------------+