OpenStack install Neutron(网络服务)

2020-09-02虚拟化90root134°c

A⁺ A^-

一、Neutron(网络服务)介绍

Neutron为openstack的虚拟机提供网络方面的功能；原来没有neutron这个组件（G版名称是Quantum）的时候，网络的主要功能也是在nova组件里实现的，那时候底层采用的大多是Linux bridge，无法实现灵活组网和高级的网络功能；为此Openstack把网络大部分功能转到了neutron组件来开发实现，但是nova里还有些网络功能被保留，比如虚拟机的网卡方面的功能。其实，Openstack里网络功能是最复杂的功能，很多计算和存储方面的问题都是和网络紧密相关的。连Openstack的官网也说配置neutron是Openstack里最让人感觉繁琐的事情之一。

相对于交换机整个系统来说，Neutron其实是系统平台的位置，提供配置命令及参数检查，并把网络功能用一种逻辑组织起来；但是无论底层的plugin最终是用软件SDN还是硬件交换机来加速，Neutron自身并不提供任何网络功能，它只是一个架子。Neutron的网络功能大部分是Plugin提供的，除了DHCP和L3-agent等的某些部分功能。

Neutron将网络按照三层交换机的概念分为：

Network：相当于交换机根据vlan创建的一个三层接口；
Subnet：相当于交换机创建了一个三层接口地址；
Port：相当于交换机的一个物理端口，但是这个端口有一个MAC地址；

二、yum install neutron(控制节点)

[[email protected] ~]# yum -y install openstack-neutron openstack-neutron-ml2 python-neutronclient openstack-neutron-linuxbridge

三、neutron配置

3.1 设置数据库链接地址

[[email protected] ~]# cd /etc/neutron/[[email protected] neutron]# vim neutron.confconnection = mysql://neutron:[email protected]:3306/neutron

3.2 设置Neutron链接RabbitMQ地址

[[email protected] neutron]# vim neutron.confrabbit_host = 192.168.15.11
rabbit_password = guest
rabbit_port = 5672
rabbit_userid = guest
rabbit_virtual_host = /

3.3 创建注册用户neutron

[[email protected] ~]# keystone user-create --name neutron --pass neutron+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | ce0197e8b6884206abe35899e4dacc4a |
|   name   |             neutron              |
| username |             neutron              |
+----------+----------------------------------+
[[email protected] ~]# keystone user-role-add --user neutron --tenant admin --role admin

3.4 设置Neutron链接keystone认证服务地址

[[email protected] neutron]# vim neutron.confauth_strategy = keystone
[keystone_authtoken]
auth_host = 192.168.15.11
auth_port = 35357
auth_protocol = http
admin_tenant_name = admin
admin_user = neutron
admin_password = neutron

3.5 设置Neutron链接nova计算服务地址

[[email protected] ~]# keystone tenant-list+----------------------------------+-------+---------+
|                id                |  name | enabled |
+----------------------------------+-------+---------+
| b94ae73b569e46a6a04fdc02d561865d | admin |   True  |
| 47f0c3604d804bdd97258d4b49b58616 |  demo |   True  |
+----------------------------------+-------+---------+
[[email protected] neutron]# vim neutron.confnotify_nova_on_port_status_changes = truenotify_nova_on_port_data_changes = truenova_url = http://192.168.15.11:8774/v2
nova_admin_username = nova
nova_admin_tenant_id = b94ae73b569e46a6a04fdc02d561865d
nova_admin_password = nova
nova_admin_auth_url = http://192.168.15.11:35357/v2.0

3.6 设置Neutron自身网络配置

[[email protected] neutron]# vim neutron.confcore_plugin = ml2                       #neutron插件service_plugins = router,lbaas          #开启路由和负载功能

3.7 设置Neutron日志文件

[[email protected] neutron]# vim neutron.conf
debug = true            #开启日志debug开关log_file = neutron
log_dir = /var/log/neutron

3.8 设置nova文件内的neutron相关配置

[[email protected] neutron]# vim /etc/nova/nova.confneutron_url=http://192.168.15.11:9696
neutron_admin_username=neutron
neutron_admin_password=neutron
neutron_admin_tenant_id=b94ae73b569e46a6a04fdc02d561865d        #tenant admin idneutron_admin_tenant_name=admin
neutron_admin_auth_url=http://192.168.15.11:5000/v2.0
neutron_auth_strategy=keystone#vif_plugging_is_fatal=false#vif_plugging_timeout=10linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver
security_group_api=neutron
service_plugins = router,firewall,lbaas
network_api_class=nova.network.neutronv2.api.API
firewall_driver=nova.virt.firewall.NoopFirewallDriver    #关闭neutron防火墙vif_driver=nova.virt.libvirt.vif.NeutronLinuxBridgeVIFDriver
my_ip=192.168.15.11

3.9 重启nova服务

[[email protected] neutron]# for i in {api,cert,conductor,console,consoleauth,novncproxy,scheduler};do service openstack-nova-$i restart;done

四、创建neutron service 和 endpoint

[[email protected] neutron]# source /root/keystone-admin[[email protected] neutron]# keystone service-create --name neutron --type network+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |                                  |
|   enabled   |               True               |
|      id     | ed2c389ae1b942de8f8921f5b41987df |
|     name    |             neutron              |
|     type    |             network              |
+-------------+----------------------------------+
[[email protected] neutron]# keystone endpoint-create \> --service-id=ed2c389ae1b942de8f8921f5b41987df \
> --publicurl=http://192.168.15.11:9696 \
> --internalurl=http://192.168.15.11:9696 \
> --adminurl=http://192.168.15.11:9696
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
|   adminurl  |    http://192.168.15.11:9696     |
|      id     | 7fd3758c59074e45aece4b49d31b1387 |
| internalurl |    http://192.168.15.11:9696     |
|  publicurl  |    http://192.168.15.11:9696     |
|    region   |            regionOne             |
|  service_id | ed2c389ae1b942de8f8921f5b41987df |
+-------------+----------------------------------+
[[email protected] neutron]# keystone service-list+----------------------------------+----------+----------+--------------------+
|                id                |   name   |   type   |    description     |
+----------------------------------+----------+----------+--------------------+
| c0fe6a5ef1fb4bbeaf795ea7fef00748 |  glance  |  image   |                    |
| e39a683d743340dea051005c3ae35046 | keystone | identity | Openstack Identity |
| ed2c389ae1b942de8f8921f5b41987df | neutron  | network  |                    |
| fa7da98bb9584e48801f0b8716eb762a |   nova   | compute  |                    |
+----------------------------------+----------+----------+--------------------+
[[email protected] neutron]# keystone endpoint-list+----------------------------------+-----------+--------------------------------------------+--------------------------------------------+--------------------------------------------+----------------------------------+
|                id                |   region  |                 publicurl                  |                internalurl                 |                  adminurl                  |            service_id            |
+----------------------------------+-----------+--------------------------------------------+--------------------------------------------+--------------------------------------------+----------------------------------+
| 135732ad0fd34da79cbca5b8fe93b15f | regionOne |         http://192.168.15.11:9292          |         http://192.168.15.11:9292          |         http://192.168.15.11:9292          | c0fe6a5ef1fb4bbeaf795ea7fef00748 |
| 4947486d54ed4bd2a0760bec321b9a34 | regionOne | http://192.168.15.11:8774/v2/%(tenant_id)s | http://192.168.15.11:8774/v2/%(tenant_id)s | http://192.168.15.11:8774/v2/%(tenant_id)s | fa7da98bb9584e48801f0b8716eb762a |
| 7b923b2e790b43ee8b5be99d5c8262d6 | regionOne |       http://192.168.15.11:5000/v2.0       |       http://192.168.15.11:5000/v2.0       |      http://192.168.15.11:35357/v2.0       | e39a683d743340dea051005c3ae35046 |
| 7fd3758c59074e45aece4b49d31b1387 | regionOne |         http://192.168.15.11:9696          |         http://192.168.15.11:9696          |         http://192.168.15.11:9696          | ed2c389ae1b942de8f8921f5b41987df |
+----------------------------------+-----------+--------------------------------------------+--------------------------------------------+--------------------------------------------+----------------------------------+

五、Neutron Plufin

Neutron支持很多的网络插件，此次方案使用Linux bridge的flat模式

5.1 Neutron ML2配置

[[email protected] neutron]# cd /etc/neutron/plugins/ml2/[[email protected] neutron]# vim ml2_conf.initype_drivers = flat,vlan,gre,vxlan          
tenant_network_types = flat,vlan,gre,vxlan  # 租户的网络类型mechanism_drivers = linuxbridge,openvswitch # 设置使用什么插件来创建网络flat_networks = physnet1
enable_security_group = True

5.2 Linux bridge配置

[[email protected] ml2]# vim /etc/neutron/plugins/linuxbridge/linuxbridge_conf.ininetwork_vlan_ranges = physnet1
physical_interface_mappings = physnet1:eth0     #物理机ip在eth0网卡firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDrive   #配置防火墙驱动enable_security_group = True    #开启防火墙

5.3 重启nova-api服务

[[email protected] ml2]# /etc/init.d/openstack-nova-api restart

5.4 修改neutron-server启动脚本

[[email protected] ml2]# vim /etc/init.d/neutron-server 
 18     "/etc/$prog/plugins/ml2/ml2_conf.ini" \     #18行新增

5.3 neutron启动

[[email protected] ml2]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini[[email protected] ml2]# /etc/init.d/neutron-server start[[email protected] ml2]# /etc/init.d/neutron-linuxbridge-agent start[[email protected] ml2]# chkconfig --add neutron-linuxbridge-agent[[email protected] ml2]# chkconfig --add neutron-server[[email protected] ml2]# chkconfig neutron-linuxbridge-agent on[[email protected] ml2]# chkconfig neutron-server on[[email protected] ml2]# netstat -anpt | grep 9696tcp        0      0 0.0.0.0:9696                0.0.0.0:*                   LISTEN      9713/python
[[email protected] ml2]# neutron agent-list+--------------------------------------+--------------------+------------------+-------+----------------+
| id                                   | agent_type         | host             | alive | admin_state_up |
+--------------------------------------+--------------------+------------------+-------+----------------+
| 666cea97-60eb-4a08-b067-acaf773f8c37 | Linux bridge agent | node1.90root.com | :-)   | True           |
+--------------------------------------+--------------------+------------------+-------+----------------+

0人赞二维码

移步手机端

1、打开你手机的二维码扫描APP
2、扫描左则的二维码
3、点击扫描获得的网址
4、可以在手机端阅读此文章

标签：Linux OpenStack