搭建 OpenStack(Q 版)Neutron 组件

简介

  • 基于 Ubuntu/CentOS 系统,搭建 OpenStack(Q 版)Neutron 组件

Networking Option 1: Provider networks - Service layout

Networking Option 2: Self-service networks - Service layout

Network layout

在 Controller 节点

数据库

  • 进入数据库
1
$ mysql -u root -p
  • 创建数据库
1
MariaDB [(none)] CREATE DATABASE neutron;
  • 赋予数据库权限
1
2
3
4
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY 'NEUTRON_DBPASS';
  • 退出数据库
1
MariaDB [(none)]> exit

安装 Neutron 组件

CentOS/Ubuntu 系统

  • 重新加载 admin 用户的管理凭据
1
$ source /openstack/admin-openrc
  • 创建 neutron 用户
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
$ openstack user create --domain default --password-prompt neutron

User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | fdb0f541e28141719b6a43c8944bf1fb |
| name                | neutron                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
  • 为项目 service 与用户 neutron 添加角色 admin
1
$ openstack role add --project service --user neutron admin
  • 创建 network 服务实体
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
$ openstack service create --name neutron \
  --description "OpenStack Networking" network

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | f71529314dab4a4d8eca427e701d209e |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+
  • 创建 network 服务的访问端点 endpoint
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
$ openstack endpoint create --region RegionOne \
  network public http://controller:9696

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 85d80a6d02fc4b7683f611d7fc1493a3 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+

$ openstack endpoint create --region RegionOne \
  network internal http://controller:9696

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 09753b537ac74422a68d2d791cf3714f |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+

$ openstack endpoint create --region RegionOne \
  network admin http://controller:9696

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 1ee14289c9374dffb5db92a5c112fc4e |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+
  • 配置私有网络 Self-service networks

Ubuntu 系统

  • 安装软件包
1
2
3
$ apt install neutron-server neutron-plugin-ml2 \
  neutron-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent \
  neutron-metadata-agent

CentOS 系统

  • 安装软件包
1
2
$ yum install openstack-neutron openstack-neutron-ml2 \
  openstack-neutron-linuxbridge ebtables

CentOS/Ubuntu 系统

  • 配置 Neutron 服务
1
$ vim /etc/neutron/neutron.conf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
[database]
# <NEUTRON_PASS>为 Neutron 数据库的密码
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
# 启用 ml2,router service,overlapping IP addresses
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
# <RABBIT_PASS>为 RabbitMQ 的密码
transport_url = rabbit://openstack:RABBIT_PASS@controller
# 配置身份认证策略
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[keystone_authtoken]
# <NEUTRON_PASS>为 Neutron 用户的密码
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS

[nova]
# <NOVA_DBPASS>为 Nova 用户的密码
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
  • 配置 ML2 代理
1
$ vim /etc/neutron/plugins/ml2/ml2_conf.ini
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
[ml2]
# 启用的网络类型
type_drivers = flat,vlan,vxlan
# 启用 vxlan 网络
tenant_network_types = vxlan
# 启用桥接网络
mechanism_drivers = linuxbridge,l2population
# 启用安全端口
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = true
  • 配置桥接代理
1
$ vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
[linux_bridge]
# 使用网络接口名代替<PROVIDER_INTERFACE_NAME>
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME

[vxlan]
# 使用 controller 节点的 IP 地址代替<OVERLAY_INTERFACE_IP_ADDRESS>
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
  • 配置 L3 代理
1
$ vim /etc/neutron/l3_agent.ini
1
2
3
4
[DEFAULT]
# <external_network_bridge>为故意缺少值
interface_driver = linuxbridge
external_network_bridge =
  • 配置 DHCP 代理
1
$ vim /etc/neutron/dhcp_agent.ini
1
2
3
4
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
  • 配置 Metadata 代理
1
$ vim /etc/neutron/metadata_agent.ini
1
2
3
4
[DEFAULT]
# 将<METADATA_SECRET>替换为安全的 Secret
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
  • 配置 Nova 服务
1
$ vim /etc/nova/nova.conf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
[neutron]
# <NEUTRON_PASS>为 Neutron 用户的密码
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
# 与 Metadata 代理中的 Secret 一致
metadata_proxy_shared_secret = METADATA_SECRET

CentOS 系统

  • 创建软链接
1
$ ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

CentOS/Ubuntu 系统

  • 同步数据库
1
2
$ su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

Ubuntu 系统

  • 重启 Nova 服务
1
$ service nova-api restart
  • 重启 Neutron 服务
1
2
3
4
5
$ service neutron-server restart
$ service neutron-linuxbridge-agent restart
$ service neutron-dhcp-agent restart
$ service neutron-metadata-agent restart
$ service neutron-l3-agent restart

CentOS 系统

  • 重启 Nova 服务
1
$ systemctl restart openstack-nova-api.service
  • 启动 Neutron 服务并设置开机自启
1
2
3
4
5
6
7
8
# 设置随系统自启
$ systemctl enable neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service neutron-l3-agent.service
# 启动 Neutron 服务
$ systemctl start neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service neutron-l3-agent.service

在 Compute 节点

安装 Neutron 组件

  • 配置私有网络 Self-service networks

Ubuntu 系统

  • 安装软件包
1
$ apt install neutron-linuxbridge-agent

CentOS 系统

  • 安装软件包
1
$ yum install openstack-neutron-linuxbridge ebtables ipset

CentOS/Ubuntu 系统

  • 配置 Neutron 服务
1
$ vim /etc/neutron/neutron.conf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
[DEFAULT]
# 配置 RabbitMQ 消息队列访问,<RABBIT_PASS>为 RabbitMQ 的密码
transport_url = rabbit://openstack:RABBIT_PASS@controller
# 配置身份认证策略
auth_strategy = keystone

[keystone_authtoken]
# <NEUTRON_PASS>为 Neutron 用户的密码
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
  • 配置桥接代理
1
$ vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
[linux_bridge]
# 使用网络接口名代替<PROVIDER_INTERFACE_NAME>
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME

[vxlan]
# 使用 compute 节点的 IP 地址代替<OVERLAY_INTERFACE_IP_ADDRESS>
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
  • 配置 Nova 服务
1
$ vim /etc/nova/nova.conf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
[neutron]
# <NEUTRON_PASS>为 Neutron 用户的密码
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS

Ubuntu 系统

  • 重启 Nova 服务
1
$ service nova-compute restart
  • 重启 Neutron 服务
1
$ service neutron-linuxbridge-agent restart

CentOS 系统

  • 重启 Nova 服务
1
$ systemctl restart openstack-nova-compute.service
  • 启动 Neutron 服务并设置开机自启
1
2
3
4
# 设置随系统自启
$ systemctl enable neutron-linuxbridge-agent.service
# 启动 Neutron 服务
$ systemctl start neutron-linuxbridge-agent.service

在 Controller 节点

测试操作

CentOS/Ubuntu 系统

  • 重新加载 admin 用户的管理凭据
1
$ source /openstack/admin-openrc
  • 列出 Neutron 服务的组件
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
$ openstack extension list --network

+---------------------------+---------------------------+----------------------------+
| Name                      | Alias                     | Description                |
+---------------------------+---------------------------+----------------------------+
| Default Subnetpools       | default-subnetpools       | Provides ability to mark   |
|                           |                           | and use a subnetpool as    |
|                           |                           | the default                |
| Availability Zone         | availability_zone         | The availability zone      |
|                           |                           | extension.                 |
| Network Availability Zone | network_availability_zone | Availability zone support  |
|                           |                           | for network.               |
| Port Binding              | binding                   | Expose port bindings of a  |
|                           |                           | virtual port to external   |
|                           |                           | application                |
| agent                     | agent                     | The agent management       |
|                           |                           | extension.                 |
| Subnet Allocation         | subnet_allocation         | Enables allocation of      |
|                           |                           | subnets from a subnet pool |
| DHCP Agent Scheduler      | dhcp_agent_scheduler      | Schedule networks among    |
|                           |                           | dhcp agents                |
| Tag support               | tag                       | Enables to set tag on      |
|                           |                           | resources.                 |
| Neutron external network  | external-net              | Adds external network      |
|                           |                           | attribute to network       |
|                           |                           | resource.                  |
| Neutron Service Flavors   | flavors                   | Flavor specification for   |
|                           |                           | Neutron advanced services  |
| Network MTU               | net-mtu                   | Provides MTU attribute for |
|                           |                           | a network resource.        |
| Network IP Availability   | network-ip-availability   | Provides IP availability   |
|                           |                           | data for each network and  |
|                           |                           | subnet.                    |
| Quota management support  | quotas                    | Expose functions for       |
|                           |                           | quotas management per      |
|                           |                           | tenant                     |
| Provider Network          | provider                  | Expose mapping of virtual  |
|                           |                           | networks to physical       |
|                           |                           | networks                   |
| Multi Provider Network    | multi-provider            | Expose mapping of virtual  |
|                           |                           | networks to multiple       |
|                           |                           | physical networks          |
| Address scope             | address-scope             | Address scopes extension.  |
| Subnet service types      | subnet-service-types      | Provides ability to set    |
|                           |                           | the subnet service_types   |
|                           |                           | field                      |
| Resource timestamps       | standard-attr-timestamp   | Adds created_at and        |
|                           |                           | updated_at fields to all   |
|                           |                           | Neutron resources that     |
|                           |                           | have Neutron standard      |
|                           |                           | attributes.                |
| Neutron Service Type      | service-type              | API for retrieving service |
| Management                |                           | providers for Neutron      |
|                           |                           | advanced services          |
| Tag support for           | tag-ext                   | Extends tag support to     |
| resources: subnet,        |                           | more L2 and L3 resources.  |
| subnetpool, port, router  |                           |                            |
| Neutron Extra DHCP opts   | extra_dhcp_opt            | Extra options              |
|                           |                           | configuration for DHCP.    |
|                           |                           | For example PXE boot       |
|                           |                           | options to DHCP clients    |
|                           |                           | can be specified (e.g.     |
|                           |                           | tftp-server, server-ip-    |
|                           |                           | address, bootfile-name)    |
| Resource revision numbers | standard-attr-revisions   | This extension will        |
|                           |                           | display the revision       |
|                           |                           | number of neutron          |
|                           |                           | resources.                 |
| Pagination support        | pagination                | Extension that indicates   |
|                           |                           | that pagination is         |
|                           |                           | enabled.                   |
| Sorting support           | sorting                   | Extension that indicates   |
|                           |                           | that sorting is enabled.   |
| security-group            | security-group            | The security groups        |
|                           |                           | extension.                 |
| RBAC Policies             | rbac-policies             | Allows creation and        |
|                           |                           | modification of policies   |
|                           |                           | that control tenant access |
|                           |                           | to resources.              |
| standard-attr-description | standard-attr-description | Extension to add           |
|                           |                           | descriptions to standard   |
|                           |                           | attributes                 |
| Port Security             | port-security             | Provides port security     |
| Allowed Address Pairs     | allowed-address-pairs     | Provides allowed address   |
|                           |                           | pairs                      |
| project_id field enabled  | project-id                | Extension that indicates   |
|                           |                           | that project_id field is   |
|                           |                           | enabled.                   |
+---------------------------+---------------------------+----------------------------+
  • 列出 Neutron 服务的代理
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
$ openstack network agent list

+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host       | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| f49a4b81-afd6-4b3d-b923-66c8f0517099 | Metadata agent     | controller | None              | True  | UP    | neutron-metadata-agent    |
| 27eee952-a748-467b-bf71-941e89846a92 | Linux bridge agent | controller | None              | True  | UP    | neutron-linuxbridge-agent |
| 08905043-5010-4b87-bba5-aedb1956e27a | Linux bridge agent | compute1   | None              | True  | UP    | neutron-linuxbridge-agent |
| 830344ff-dc36-4956-84f4-067af667a0dc | L3 agent           | controller | nova              | True  | UP    | neutron-l3-agent          |
| dd3644c9-1a3a-435a-9282-eb306b4b0391 | DHCP agent         | controller | nova              | True  | UP    | neutron-dhcp-agent        |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+

参考链接