Openstack neutron component deployment
Follow nova deployment When finished, continue to deploy the neutron component
Create the database neutron and authorize it
[root@ct ~]# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 139 Server version: 10.3.20-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE neutron; Query OK, 1 row affected (0.001 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> exit Bye
ct control node configuration
1. Create a neutron user to authenticate in keystone
[root@ct ~]# openstack user create --domain default --password NEUTRON_PASS neutron
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 0512de2dc615449f989c1a2df21580b8 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
2. Add the neutron user to the service project and have administrator privileges
[root@ct ~]# openstack role add --project service --user neutron admin
3. Create a network service. The service type is network
[root@ct ~]# openstack service create --name neutron --description "OpenStack Networking" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | 2ae3fcc1257f4bacafeab727bd97829a | | name | neutron | | type | network | +-------------+----------------------------------+
4. Register the API to the neutron service and associate the port with the neutron service, that is, add an endpoint
[root@ct ~]# openstack endpoint create --region RegionOne network public http://ct:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 4b43372eb0034d99a6cbd1fcf80697d4 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 2ae3fcc1257f4bacafeab727bd97829a | | service_name | neutron | | service_type | network | | url | http://ct:9696 | +--------------+----------------------------------+ [root@ct ~]# openstack endpoint create --region RegionOne network internal http://ct:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 2c84ee43c15e4fb09fe8478ac828a337 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 2ae3fcc1257f4bacafeab727bd97829a | | service_name | neutron | | service_type | network | | url | http://ct:9696 | +--------------+----------------------------------+ [root@ct ~]# openstack endpoint create --region RegionOne network admin http://ct:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 7aa9431365154ce590925215e324b667 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 2ae3fcc1257f4bacafeab727bd97829a | | service_name | neutron | | service_type | network | | url | http://ct:9696 | +--------------+----------------------------------+
5. Install provider network (bridging)
6. ebtables package is used to manage iptables rules
[root@ct ~]# yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables conntrack-tools
7. Change the master profile
- Modify the main configuration file neutron conf
[root@ct ~]# cp -a /etc/neutron/neutron.conf{,.bak}
[root@ct ~]# grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:NEUTRON_DBPASS@ct/neutron
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips true
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@ct
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes true
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes true
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://ct:5000
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://ct:5000
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers ct:11211
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf nova auth_url http://ct:5000
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf nova auth_type password
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf nova project_name service
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf nova username nova
[root@ct ~]# openstack-config --set /etc/neutron/neutron.conf nova password NOVA_PASS
- View profile
[root@ct ~]# cd /etc/neutron/ [root@ct neutron]# cat neutron.conf [DEFAULT] core_plugin = ml2 //Enable layer 2 network plug-in service_plugins = router //Enable layer 3 network plug-in allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@ct // Configure rabbitmq connection auth_strategy = keystone //Authentication method: keystone notify_nova_on_port_status_changes = true //Notify the computing node when the network interface changes notify_nova_on_port_data_changes = true //Notify the computing node when the port data changes [cors] [database] //Configure database connection connection = mysql+pymysql://neutron:NEUTRON_DBPASS@ct/neutron [keystone_authtoken] //Configure keystone authentication information www_authenticate_uri = http://ct:5000 auth_url = http://ct:5000 memcached_servers = ct:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] //Configure lock path lock_path = /var/lib/neutron/tmp [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_middleware] [oslo_policy] [privsep] [ssl] [nova] //neutron needs to return data to nova auth_url = http://ct:5000 // Go to keystone to authenticate nova auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova //Verify nova's token through nova's user name and password to keystone password = NOVA_PASS
8. Modify ML2 plugin configuration file_ conf.ini
- modify parameters
[root@ct ~]# cp -a /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
[root@ct ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini.bak > /etc/neutron/plugins/ml2/ml2_conf.ini
[root@ct ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
[root@ct ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
[root@ct ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population
[root@ct ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
[root@ct ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider
[root@ct ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
[root@ct ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset true
- View profile
[root@ct neutron]# cat /etc/neutron/plugins/ml2/ml2_conf.ini [DEFAULT] [ml2] type_drivers = flat,vlan,vxlan //Configure the drive type; Single flat network (bridge) and vlan; Make the layer-2 network support bridging and subnet division based on vlan tenant_network_types = vxlan //Tenant network type (vxlan) mechanism_drivers = linuxbridge,l2population //Enable Linuxbridge and l2 mechanism (l2population mechanism is to simplify network communication topology and reduce network broadcasting): extension_drivers = port_security //Enable the port security extension driver and realize access control based on iptables; However, the configuration of extended security group will lead to some port restrictions and make some services unable to start [ml2_type_flat] flat_networks = provider //Configure public virtual network as flat network [ml2_type_vxlan] vni_ranges = 1:1000 //Configure the network range recognized by VXLAN network for private network [securitygroup] enable_ipset = true //Enabling ipset increases the convenience of security groups
9. Modify the configuration file of linux bridge network provider
- Linux bridge configuration
[root@ct ~]# cp -a /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
[root@ct ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@ct ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_ agent. ini linux_ bridge physical_ interface_ Mappings provider: eth0 / / eth0 network card name (intranet network card)
[root@ct ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
[root@ct ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 192.168.100.10 / / IP address of the control node
[root@ct ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true
[root@ct ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
[root@ct ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
- View profile
[root@ct ~]# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini [DEFAULT] [linux_bridge] physical_interface_mappings = provider:eth0 //Specify the bridge network name in the previous file and associate it with eth0 physical network card. Later, assign external network to the virtual machine to connect to the external network through eth0; The physical network card may be bind0, br0, etc [vxlan] //Enable VXLAN overlay network, configure the IP address of the physical network interface of the overlay network, and enable layer-2 population enable_vxlan = true //Allow users to create custom networks (layer 3 networks) local_ip = 192.168.100.10 l2_population = true [securitygroup] //Enable security groups and configure the Linux bridging iptables firewall driver enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
10. Modify kernel parameters
[root@ct ~]# echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf [root@ct ~]# echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf [root@ct ~]# modprobe br_netfilter / / indicates adding parameters to the kernel [root@ct ~]# sysctl -p net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1
11. Configure Linux bridge interface driver and external network bridge
[root@ct ~]# cp -a /etc/neutron/l3_agent.ini{,.bak}
[root@ct ~]# grep -Ev '^$|#' /etc/neutron/l3_agent.ini.bak > /etc/neutron/l3_agent.ini
[root@ct ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver linuxbridge
- View changes
[root@ct ~]# cat /etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge
12. Modify dhcp_agent configuration file
[root@ct ~]# cp -a /etc/neutron/dhcp_agent.ini{,.bak}
[root@ct ~]# grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.bak > /etc/neutron/dhcp_agent.ini
[root@ct ~]# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver linuxbridge
[root@ct ~]# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
[root@ct ~]# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata true
13. Modify dhcp_agent configuration file content
[root@ct ~]# cat /etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge //Specifies that the default interface driver is a linux bridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq //Specify DHCP driver enable_isolated_metadata = true //Enable iso metadata
14. Configure the metadata agent and the general configuration used to configure the bridging and self-service network
[root@ct ~]# cp -a /etc/neutron/metadata_agent.ini{,.bak}
[root@ct ~]# grep -Ev '^$|#' /etc/neutron/metadata_agent.ini.bak > /etc/neutron/metadata_agent.ini
[root@ct ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host ct
[root@ct ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret METADATA_SECRET
- View profile content
[root@ct ~]# cat /etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = ct metadata_proxy_shared_secret = METADATA_SECRET [cache]
15. Modify nova configuration file for neutron interaction
- Modify CT profile
[root@ct ~]# openstack-config --set /etc/nova/nova.conf neutron url http://ct:9696 [root@ct ~]# openstack-config --set /etc/nova/nova.conf neutron auth_url http://ct:5000 [root@ct ~]# openstack-config --set /etc/nova/nova.conf neutron auth_type password [root@ct ~]# openstack-config --set /etc/nova/nova.conf neutron project_domain_name default [root@ct ~]# openstack-config --set /etc/nova/nova.conf neutron user_domain_name default [root@ct ~]# openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne [root@ct ~]# openstack-config --set /etc/nova/nova.conf neutron project_name service [root@ct ~]# openstack-config --set /etc/nova/nova.conf neutron username neutron [root@ct ~]# openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS [root@ct ~]# openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy true [root@ct ~]# openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret METADATA_SECRET
- View profile
[root@ct ~]# cat /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata my_ip = 192.168.100.10 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver transport_url = rabbit://openstack:RABBIT_PASS@ct [api] auth_strategy = keystone [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@ct/nova_api [barbican] [cache] [cinder] [compute] [conductor] [console] [consoleauth] [cors] [database] connection = mysql+pymysql://nova:NOVA_DBPASS@ct/nova [devices] [ephemeral_storage_encryption] [filter_scheduler] [glance] api_servers = http://ct:9292 [guestfs] [healthcheck] [hyperv] [ironic] [key_manager] [keystone] [keystone_authtoken] auth_url = http://ct:5000/v3 memcached_servers = ct:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [libvirt] [metrics] [mks] [neutron] url = http://ct:9696 auth_url = http://ct:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET [notifications] [osapi_v21] [oslo_concurrency] lock_path = /var/lib/nova/tmp [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_middleware] [oslo_policy] [pci] [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://ct:5000/v3 username = placement password = PLACEMENT_PASS [powervm] [privsep] [profiler] [quota] [rdp] [remote_debug] [scheduler] discover_hosts_in_cells_interval = 300 [serial_console] [service_user] [spice] [upgrade_levels] [vault] [vendordata_dynamic_auth] [vmware] [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip [workarounds] [wsgi] [xenserver] [xvp] [zvm] [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@ct/placement
16. Create ML2 plug-in file symbolic connection
- The network service initialization script requires / etc / neutron / plugin Ini symbolic link to ML2 plug-in configuration file
[root@ct ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
17. Initialize the database
[root@ct ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
18. Restart the Nova API service of the computing node
[root@ct ~]# systemctl restart openstack-nova-api.service
19. start the neutron service and set the startup self startup
[root@ct ~]# systemctl enable neutron-server.service \ > neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ > neutron-metadata-agent.service Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service. Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service. Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service. Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service. [root@ct ~]# systemctl start neutron-server.service \ > neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ > neutron-metadata-agent.service
- View the service startup status
[root@ct ~]# netstat -anutp |grep 9696 tcp 0 0 0.0.0.0:9696 0.0.0.0:* LISTEN 3270/server.log
20. Because the layer 3 L3 network service is configured, the layer 3 service needs to be started
[root@ct ~]# systemctl enable neutron-l3-agent.service Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service to /usr/lib/systemd/system/neutron-l3-agent.service. [root@ct ~]# systemctl restart neutron-l3-agent.service
c1 node operation
[root@c1 ~]# yum -y install openstack-neutron-linuxbridge ebtables ipset conntrack-tools //ipset: an extension of iptables that allows a set of matching rules instead of just one IP
1. Modify neutron Conf file
[root@c1 ~]# cp -a /etc/neutron/neutron.conf{,.bak}
[root@c1 ~]# grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf
[root@c1 ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@ct
[root@c1 ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
[root@c1 ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://ct:5000
[root@c1 ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://ct:5000
[root@c1 ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers ct:11211
[root@c1 ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
[root@c1 ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
[root@c1 ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
[root@c1 ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
[root@c1 ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
[root@c1 ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS
[root@c1 ~]# openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
- View profile
[root@c1 ~]# cat /etc/neutron/neutron.conf [DEFAULT] //The server side of neutron communicates with the agent side through rabbitmq transport_url = rabbit://openstack:RABBIT_PASS@ct auth_strategy = keystone //Authentication strategy: keystone [cors] [database] [keystone_authtoken] //Specify keystone authentication information www_authenticate_uri = http://ct:5000 auth_url = http://ct:5000 memcached_servers = ct:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] //Configure lock path (manage Thread Library) lock_path = /var/lib/neutron/tmp [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_middleware] [oslo_policy] [privsep] [ssl]
2. Configure Linux bridge agent
[root@c1 ~]# cp -a /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
[root@c1 ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@c1 ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth0
[root@c1 ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
[root@c1 ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 192.168.100.11
[root@c1 ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true
[root@c1 ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
[root@c1 ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
- View and modify configuration
[root@c1 ~]# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini [DEFAULT] [linux_bridge] physical_interface_mappings = provider:eth0 //Directly bind the external network of the node node to the specified physical network card of the current node. The node node does not need to configure the network name. The node node only needs to receive the instruction of the controller node; The external network name configured on the controller node is effective for the entire openstack environment, so the specified external network is bound to the eth0 physical network card of the current node node (bind0 or BR0 may also be used) [vxlan] enable_vxlan = true //Turn on Vxlan network local_ip = 192.168.100.11 l2_population = true //L2 Population is a component used to improve the network expansion capability of VXLAN [securitygroup] enable_security_group = true //Open security group firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver //Specify security group driver file
3. Modify kernel
[root@c1 ~]# echo 'net. bridge. bridge-nf-call-iptables=1' >> /etc/sysctl. Conf / / allow the data of the virtual machine to go out through the physical machine [root@c1 ~]# echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf [root@c1 ~]# modprobe br_ Netfilter / / modprobe: used to load or remove modules from the kernel. modprobe -r indicates removal [root@c1 ~]# sysctl -p net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1
4. Modify nova Conf configuration file
[root@c1 ~]# openstack-config --set /etc/nova/nova.conf neutron auth_url http://ct:5000 [root@c1 ~]# openstack-config --set /etc/nova/nova.conf neutron auth_type password [root@c1 ~]# openstack-config --set /etc/nova/nova.conf neutron project_domain_name default [root@c1 ~]# openstack-config --set /etc/nova/nova.conf neutron user_domain_name default [root@c1 ~]# openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne [root@c1 ~]# openstack-config --set /etc/nova/nova.conf neutron project_name service [root@c1 ~]# openstack-config --set /etc/nova/nova.conf neutron username neutron [root@c1 ~]# openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS
- View changes
[root@c1 ~]# cat /etc/nova/nova.conf [neutron] auth_url = http://ct:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS
5. Authentication service component (on CT server)
[root@ct ~]# openstack extension list --network +----------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ | Name | Alias | Description | +----------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ | Subnet Pool Prefix Operations | subnetpool-prefix-ops | Provides support for adjusting the prefix list of subnet pools | | Default Subnetpools | default-subnetpools | Provides ability to mark and use a subnetpool as the default. | | Availability Zone | availability_zone | The availability zone extension. | | Network Availability Zone | network_availability_zone | Availability zone support for network. | | Subnet Onboard | subnet_onboard | Provides support for onboarding subnets into subnet pools | | Auto Allocated Topology Services | auto-allocated-topology | Auto Allocated Topology Services. | | Neutron L3 Configurable external gateway mode | ext-gw-mode | Extension of the router abstraction for specifying whether SNAT should occur on the external gateway | | Port Binding | binding | Expose port bindings of a virtual port to external application | | agent | agent | The agent management extension. | | Subnet Allocation | subnet_allocation | Enables allocation of subnets from a subnet pool | | DHCP Agent Scheduler | dhcp_agent_scheduler | Schedule networks among dhcp agents | | Neutron external network | external-net | Adds external network attribute to network resource. | | Empty String Filtering Extension | empty-string-filtering | Allow filtering by attributes with empty string value | | Tag support for resources with standard attribute: subnet, trunk, network_segment_range, router, network, policy, subnetpool, port, security_group, floatingip | standard-attr-tag | Enables to set tag on resources with standard attribute. | | Neutron Service Flavors | flavors | Flavor specification for Neutron advanced services. | | Network MTU | net-mtu | Provides MTU attribute for a network resource. | | Network IP Availability | network-ip-availability | Provides IP availability data for each network and subnet. | | Quota management support | quotas | Expose functions for quotas management per tenant | | If-Match constraints based on revision_number | revision-if-match | Extension indicating that If-Match based on revision_number is supported. | | Prevent L3 router ports IP address change extension | l3-port-ip-change-not-allowed | Prevent change of IP address for some L3 router ports | | Availability Zone Filter Extension | availability_zone_filter | Add filter parameters to AvailabilityZone resource | | HA Router extension | l3-ha | Adds HA capability to routers. | | Enforce Router's Admin State Down Before Update Extension | router-admin-state-down-before-update | Ensure that the admin state of a router is down (admin_state_up=False) before updating the distributed attribute | | Filter parameters validation | filter-validation | Provides validation on filter parameters. | | Multi Provider Network | multi-provider | Expose mapping of virtual networks to multiple physical networks | | Quota details management support | quota_details | Expose functions for quotas usage statistics per project | | Address scope | address-scope | Address scopes extension. | | Neutron Extra Route | extraroute | Extra routes configuration for L3 router | | Network MTU (writable) | net-mtu-writable | Provides a writable MTU attribute for a network resource. | | Agent's Resource View Synced to Placement | agent-resources-synced | Stores success/failure of last sync to Placement | | Subnet service types | subnet-service-types | Provides ability to set the subnet service_types field | | Floating IP Pools Extension | floatingip-pools | Provides a floating IP pools API. | | Neutron Port MAC address regenerate | port-mac-address-regenerate | Network port MAC address regenerate | | Add security_group type to network RBAC | rbac-security-groups | Add security_group type to network RBAC | | Provider Network | provider | Expose mapping of virtual networks to physical networks | | Neutron Service Type Management | service-type | API for retrieving service providers for Neutron advanced services | | Router Flavor Extension | l3-flavors | Flavor support for routers. | | Port Security | port-security | Provides port security | | Neutron Extra DHCP options | extra_dhcp_opt | Extra options configuration for DHCP. For example PXE boot options to DHCP clients can be specified (e.g. tftp-server, server-ip-address, bootfile-name) | | Port filtering on security groups | port-security-groups-filtering | Provides security groups filtering when listing ports | | Resource timestamps | standard-attr-timestamp | Adds created_at and updated_at fields to all Neutron resources that have Neutron standard attributes. | | Resource revision numbers | standard-attr-revisions | This extension will display the revision number of neutron resources. | | Pagination support | pagination | Extension that indicates that pagination is enabled. | | Sorting support | sorting | Extension that indicates that sorting is enabled. | | security-group | security-group | The security groups extension. | | L3 Agent Scheduler | l3_agent_scheduler | Schedule routers among l3 agents | | Floating IP Port Details Extension | fip-port-details | Add port_details attribute to Floating IP resource | | Router Availability Zone | router_availability_zone | Availability zone support for router. | | RBAC Policies | rbac-policies | Allows creation and modification of policies that control tenant access to resources. | | Atomically add/remove extra routes | extraroute-atomic | Edit extra routes of a router on server side by atomically adding/removing extra routes | | standard-attr-description | standard-attr-description | Extension to add descriptions to standard attributes | | IP address substring filtering | ip-substring-filtering | Provides IP address substring filtering when listing ports | | Neutron L3 Router | router | Router abstraction for basic L3 forwarding between L2 Neutron networks and access to external networks via a NAT gateway. | | Allowed Address Pairs | allowed-address-pairs | Provides allowed address pairs | | Port Bindings Extended | binding-extended | Expose port bindings of a virtual port to external application | | project_id field enabled | project-id | Extension that indicates that project_id field is enabled. | | Distributed Virtual Router | dvr | Enables configuration of Distributed Virtual Routers. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ [root@ct ~]# openstack network agent list +--------------------------------------+--------------------+------+-------------------+-------+-------+---------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+--------------------+------+-------------------+-------+-------+---------------------------+ | 1e4bea03-2d7b-4e48-bff2-c20b29e5a39e | DHCP agent | ct | nova | :-) | UP | neutron-dhcp-agent | | 7459f32d-dbf2-4ae7-8d0a-06e7b4d29ec2 | Linux bridge agent | ct | None | :-) | UP | neutron-linuxbridge-agent | | 7741ff4c-3126-4083-90c9-7516eeb22b63 | L3 agent | ct | nova | :-) | UP | neutron-l3-agent | | 8fbc9004-1b24-4c78-bd89-69409b4d82a4 | Metadata agent | ct | None | :-) | UP | neutron-metadata-agent | +--------------------------------------+--------------------+------+-------------------+-------+-------+---------------------------+
c2 node operation
The operation is the same as that of c1. Set / etc / neutron / plugins / ML2 / linuxbridge_ agent. Local of INI configuration file_ Change ip to self ip
summary
The three nodes need to be configured with neutron network. The following is the deployment idea:
Configure the user, authentication and endpoint of the neutron component
Set up provider network (bridge mode here)
- Configure layer 2 network
- Configure bridge (plug-in)
- Optimize kernel
- Configure the bridge interface for external docking
- Modify DHCP configuration (modify configuration file, agent)
- Configure the configuration of bridges and internal components (modify configuration files and agents)
Set the configuration of docking between neutron and nova
The configuration of C1 and C2 nodes is the same