Alma Linux 8 OpenStack入门5--Neutr
2022-09-18 本文已影响0人
負笈在线
1.已部署组件
| 主机名 | 角色 | OS | installed组件 |
|---|---|---|---|
| controller | 控制节点 | Alma Linux 8.6 | chrony,Yoga YUM Repository,enable powertools,python3-openstackclient,openstack-selinux,mariadb,rabbitmq,memcached,etcd,openstack-keystone,openstack-dashboard,openstack-placement-api,openstack-nova-api,openstack-nova-conductor,openstack-nova-novncproxy,openstack-nova-scheduler,openstack-cinder,openstack-glance |
| compute | 计算节点 | Alma Linux 8.6 | chrony,Yoga YUM Repository,enable powertools,python3-openstackclient,openstack-selinux,openstack-nova-compute,openstack-neutron-linuxbridge,ebtables,ipset |
| computehci | 存储节点 | Alma Linux 8.6 | chrony,Yoga YUM Repository,enable powertools,python3-openstackclient,openstack-selinux,openstack-cinder,targetcli |
2.新部署组件
| 主机名 | 角色 | OS | install组件 |
|---|---|---|---|
| controller | 控制节点 | Alma Linux 8.6 | openstack-neutron,openstack-neutron-ml2,openstack-neutron-linuxbridge,ebtables |
| compute | 计算节点 | Alma Linux 8.6 | |
| computehci | 存储节点 | Alma Linux 8.6 |
3.配置控制节点
操作对象:控制节点
3.1.创建neutron数据库及用户
# mysql -u root -p
> CREATE DATABASE neutron;
> GRANT ALL PRIVILEGES ON neutron .* TO 'neutron'@'localhost' IDENTIFIED BY 'root';
> GRANT ALL PRIVILEGES ON neutron .* TO 'neutron'@'%' IDENTIFIED BY 'root';
> flush privileges;
3.2.创建neutron服务凭证
#在default域创建用户neutron
# source admin-openrc
# openstack user create --domain default --password-prompt neutron
User Password:
#绑定用户neutron为admin角色
# openstack role add --project service --user neutron admin
#创建neutron服务实体
# openstack service create --name neutron --description "openstack Networking" network
3.4.创建neutron服务端点
# openstack endpoint create --region RegionOne network public http://controller:9696
# openstack endpoint create --region RegionOne network internal http://controller:9696
# openstack endpoint create --region RegionOne network admin http://controller:9696
# openstack endpoint list --service neutron
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------+
| 1a899284584f42fa9dc6e8108a733947 | RegionOne | neutron | network | True | internal | http://controller:9696 |
| e4435a76c32c416185d918f359e9cdbb | RegionOne | neutron | network | True | public | http://controller:9696 |
| e655436a44304787b1b8ab77bfafdf3f | RegionOne | neutron | network | True | admin | http://controller:9696 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------+
3.4.neutron组件安装和配置
#安装neutron组件
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
#修改neutron配置文件neutron.conf等
# vi /etc/neutron/neutron.conf
# grep -Ev "^$|^#" /etc/neutron/neutron.conf
# grep -Ev "^$|^#" /etc/neutron/neutron.conf
...
[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:awcloud@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
connection = mysql+pymysql://neutron:root@controller/neutron
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123456
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
...
# vi /etc/neutron/plugins/ml2/ml2_conf.ini
# grep -Ev "^$|^#" /etc/neutron/plugins/ml2/ml2_conf.ini
...
[DEFAULT]
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
flat_networks = provider
enable_ipset = true
...
# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
# grep -Ev "^$|^#" /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
# vi /etc/neutron/dhcp_agent.ini
# grep -Ev "^$|^#" /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
# vi /etc/neutron/metadata_agent.ini
# grep -Ev "^$|^#" /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
[cache]
# vi /etc/nova/nova.conf
# grep -Ev "^$|^#" /etc/nova/nova.conf
...
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
...
#启动服务或重启动服务并设置自启动
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
# systemctl restart openstack-nova-api.service
# systemctl status openstack-nova-api.service
# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
# systemctl status neutron-server.service
# systemctl status neutron-linuxbridge-agent.service
# systemctl status neutron-dhcp-agent.service
# systemctl status neutron-metadata-agent.service
3.5.配置外部网络
操作对象:控制节点
操作内容:
#创建外部网络
# source admin-openrc
# openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
#创建子网
# openstack subnet create --network provider --allocation-pool start=10.10.200.10,end=10.10.200.100 --dns-nameserver 114.114.114.114 --gateway 10.10.200.1 --subnet-range 10.10.200.0/24 provider
# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| 1cd6a28e-c305-4c6a-97f6-ab76d7b7797c | provider | d2e2bab9-fb34-4c5c-824e-8352e4adf32a |
+--------------------------------------+----------+--------------------------------------+
# openstack subnet list
+--------------------------------------+----------+--------------------------------------+----------------+
| ID | Name | Network | Subnet |
+--------------------------------------+----------+--------------------------------------+----------------+
| d2e2bab9-fb34-4c5c-824e-8352e4adf32a | provider | 1cd6a28e-c305-4c6a-97f6-ab76d7b7797c | 10.10.200.0/24 |
+--------------------------------------+----------+--------------------------------------+----------------+
4.配置计算节点
操作对象:计算节点
操作内容:
#安装neutron组件
略
#修改neutron配置文件neutron.conf
#vi /etc/neutron/neutron.conf
# grep -Ev "^$|^#" /etc/neutron/neutron.conf
...
[DEFAULT]
transport_url = rabbit://openstack:awcloud@controller
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456
...
# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
# grep -Ev "^$|^#" /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
# vim /etc/nova/nova.conf
添加neutron内容
...
[neutron]
auth_type = password
auth_url = http://controller:5000
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
...
#启动服务并设置自启动
# systemctl restart openstack-nova-compute.service
# systemctl restart neutron-linuxbridge-agent.service
# systemctl status openstack-nova-compute.service
# systemctl status neutron-linuxbridge-agent.service
5.确认网络服务
操作对象:控制节点
操作内容:
# openstack network agent list
+--------------------------------------+----------------+------------+-------------------+-------+-------+------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+----------------+------------+-------------------+-------+-------+------------------------+
| 880734dc-96ae-4c54-9b9c-164ca8d57b0c | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent |
| dada327b-f94f-40e0-9306-1d480de1c8e1 | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
+--------------------------------------+----------------+------------+-------------------+-------+-------+------------------------+
# openstack network agent list
+--------------------------------------+----------------+------------+-------------------+-------+-------+------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+----------------+------------+-------------------+-------+-------+------------------------+
| 880734dc-96ae-4c54-9b9c-164ca8d57b0c | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent |
| dada327b-f94f-40e0-9306-1d480de1c8e1 | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
+--------------------------------------+----------------+------------+-------------------+-------+-------+------------------------+
# openstack extension list --network
+----------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Name | Alias | Description |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Address group | address-group | Support address group |
| Address scope | address-scope | Address scopes extension. |
| agent | agent | The agent management extension. |
| Agent's Resource View Synced to Placement | agent-resources-synced | Stores success/failure of last sync to Placement |
| Allowed Address Pairs | allowed-address-pairs | Provides allowed address pairs |
| Availability Zone | availability_zone | The availability zone extension. |
| Availability Zone Filter Extension | availability_zone_filter | Add filter parameters to AvailabilityZone resource |
| Default Subnetpools | default-subnetpools | Provides ability to mark and use a subnetpool as the default. |
| DHCP Agent Scheduler | dhcp_agent_scheduler | Schedule networks among dhcp agents |
| Empty String Filtering Extension | empty-string-filtering | Allow filtering by attributes with empty string value |
| Neutron external network | external-net | Adds external network attribute to network resource. |
| Neutron Extra DHCP options | extra_dhcp_opt | Extra options configuration for DHCP. For example PXE boot options to DHCP clients can be specified (e.g. tftp-server, server-ip-address, bootfile-name) |
| Filter parameters validation | filter-validation | Provides validation on filter parameters. |
| Neutron Service Flavors | flavors | Flavor specification for Neutron advanced services. |
| IP address substring filtering | ip-substring-filtering | Provides IP address substring filtering when listing ports |
| Multi Provider Network | multi-provider | Expose mapping of virtual networks to multiple physical networks |
| Network MTU | net-mtu | Provides MTU attribute for a network resource. |
| Network MTU (writable) | net-mtu-writable | Provides a writable MTU attribute for a network resource. |
| Network Availability Zone | network_availability_zone | Availability zone support for network. |
| Network IP Availability | network-ip-availability | Provides IP availability data for each network and subnet. |
| Pagination support | pagination | Extension that indicates that pagination is enabled. |
| Port device profile | port-device-profile | Expose the port device profile (Cyborg) |
| Neutron Port MAC address regenerate | port-mac-address-regenerate | Network port MAC address regenerate |
| Port NUMA affinity policy | port-numa-affinity-policy | Expose the port NUMA affinity policy |
| Port Binding | binding | Expose port bindings of a virtual port to external application |
| Port Bindings Extended | binding-extended | Expose port bindings of a virtual port to external application |
| Port Security | port-security | Provides port security |
| project_id field enabled | project-id | Extension that indicates that project_id field is enabled. |
| Provider Network | provider | Expose mapping of virtual networks to physical networks |
| Quota engine limit check | quota-check-limit | Support for checking the resource usage before applying a new quota limit |
| Quota management support | quotas | Expose functions for quotas management per project |
| Quota details management support | quota_details | Expose functions for quotas usage statistics per project |
| RBAC Policies | rbac-policies | Allows creation and modification of policies that control tenant access to resources. |
| Add address_group type to RBAC | rbac-address-group | Add address_group type to network RBAC |
| Add address_scope type to RBAC | rbac-address-scope | Add address_scope type to RBAC |
| Add security_group type to network RBAC | rbac-security-groups | Add security_group type to network RBAC |
| Add subnetpool type to RBAC | rbac-subnetpool | Add subnetpool type to RBAC |
| If-Match constraints based on revision_number | revision-if-match | Extension indicating that If-Match based on revision_number is supported. |
| Resource revision numbers | standard-attr-revisions | This extension will display the revision number of neutron resources. |
| Normalized CIDR field for security group rules | security-groups-normalized-cidr | Add new field with normalized remote_ip_prefix cidr in SG rule |
| Port filtering on security groups | port-security-groups-filtering | Provides security groups filtering when listing ports |
| Remote address group id field for security group rules | security-groups-remote-address-group | Add new field of remote address group id in SG rules |
| Security group filtering on the shared field | security-groups-shared-filtering | Support filtering security groups on the shared field |
| security-group | security-group | The security groups extension. |
| Neutron Service Type Management | service-type | API for retrieving service providers for Neutron advanced services |
| Sorting support | sorting | Extension that indicates that sorting is enabled. |
| standard-attr-description | standard-attr-description | Extension to add descriptions to standard attributes |
| Stateful security group | stateful-security-group | Indicates if the security group is stateful or not |
| Subnet Onboard | subnet_onboard | Provides support for onboarding subnets into subnet pools |
| Subnet service types | subnet-service-types | Provides ability to set the subnet service_types field |
| Subnet Allocation | subnet_allocation | Enables allocation of subnets from a subnet pool |
| Subnet Pool Prefix Operations | subnetpool-prefix-ops | Provides support for adjusting the prefix list of subnet pools |
| Tag support for resources with standard attribute: port, subnet, subnetpool, network, security_group, router, floatingip, policy, trunk, network_segment_range | standard-attr-tag | Enables to set tag on resources with standard attribute. |
| Resource timestamps | standard-attr-timestamp | Adds created_at and updated_at fields to all Neutron resources that have Neutron standard attributes. |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
