[部署篇6]VMWare搭建Openstack——控制节点的Neutron安装

一、预备工作

安装环境：控制节点 192.168.3.180  controller

1. 约定:  neutron使用MySQL数据库存储相关数据，相关参数如下:
          库名: neutron
 账户: neutrondbadmin
 密码: neutron4smtest


2. 创建数据库、账户并配置权限

 sudo mysql -uroot -p#db4smtest# -e 'CREATE DATABASE neutron;'     sudo mysql -uroot -p#db4smtest# -e 'CREATE USER neutrondbadmin;'     sudo mysql -uroot -p#db4smtest# -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutrondbadmin'@'localhost' IDENTIFIED BY 'neutron4smtest';"     sudo mysql -uroot -p#db4smtest# -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutrondbadmin'@'%' IDENTIFIED BY 'neutron4smtest';"     sudo mysql -uroot -p#db4smtest# -e "SET PASSWORD FOR 'neutrondbadmin'@'%' = PASSWORD('neutron4smtest');"

3. 创建Networking Service 账户并设置角色
     keystone user-create --name=neutron --pass=neutron4smtest --email=sm@163.com

sm@controller:~$ keystone user-create --name=neutron --pass=neutron4smtest --email=sm@163.comExpecting an auth URL via either --os-auth-url or env[OS_AUTH_URL]sm@controller:~$ source admin-openrc.shsm@controller:~$ keystone user-create --name=neutron --pass=neutron4smtest --email=sm@163.com+----------+----------------------------------+| Property |              Value               |+----------+----------------------------------+|  email   |            sm@163.com            || enabled  |               True               ||    id    | 1856de8825d249ed95e1d1ae0225bd98 ||   name   |             neutron              || username |             neutron              |+----------+----------------------------------+

     keystone user-role-add --user=neutron --tenant=service --role=admin


4. 创建服务
     keystone service-create --name=neutron --type=network  --description="OpenStack Networking Service"

sm@controller:~$ keystone service-create --name=neutron --type=network  --description="OpenStack Networking Service"+-------------+----------------------------------+|   Property  |              Value               |+-------------+----------------------------------+| description |   OpenStack Networking Service   ||   enabled   |               True               ||      id     | 47cf48c2c0d049659f377e9d70ccd381 ||     name    |             neutron              ||     type    |             network              |+-------------+----------------------------------+

  
5. 创建接入端点
     keystone endpoint-create --service-id=$(keystone service-list | awk '/ network / {print $2}') --publicurl=http://192.168.3.180:9696 --internalurl=http://192.168.3.180:9696 --adminurl=http://192.168.3.180:9696

sm@controller:~$ keystone endpoint-create --service-id=$(keystone service-list | awk '/ network / {print $2}') --publicurl=http://192.168.3.180:9696 --internalurl=http://192.168.3.180:9696 --adminurl=http://192.168.3.180:9696+-------------+----------------------------------+|   Property  |              Value               |+-------------+----------------------------------+|   adminurl  |    http://192.168.3.180:9696     ||      id     | 2dd67a0c91f341b69868081b4882df3c || internalurl |    http://192.168.3.180:9696     ||  publicurl  |    http://192.168.3.180:9696     ||    region   |            regionOne             ||  service_id | 47cf48c2c0d049659f377e9d70ccd381 |+-------------+----------------------------------+

二、安装网络服务neutron
1. 安装网络服务
     sudo apt-get install neutron-server neutron-plugin-ml2 python-neutronclient


2. 编辑/etc/neutron/neutron.conf文件，设置数据库、消息服务及IP相关参数，
     [ sudo vi /etc/neutron/neutron.conf ]

     更新设置如下：
state_path = /var/lib/neutron
core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
service_plugins = neutron.services.l3_router.l3_router_plugin.L3RouterPlugin
auth_strategy = keystone
dhcp_agent_notification = True
rpc_backend = neutron.openstack.common.rpc.impl_kombu
control_exchange = neutron
rabbit_host = 192.168.3.180
rabbit_password = mq4smtest
rabbit_port = 5672
rabbit_userid = guest
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://192.168.3.180:8774/v2
nova_admin_username = nova
nova_admin_tenant_id = 05ec814379cd4935b50bad905b1fd203
nova_admin_password = nova4smtest
nova_admin_auth_url = http://192.168.3.180:35357/v2.0
auth_host = 192.168.3.180
auth_port = 35357
auth_protocol = http
signing_dir = $state_path/keystone-signing
admin_tenant_name = service
admin_user = neutron
admin_password = neutron4smtest
signing_dir = $state_path/keystone-signing
connection = mysql://neutrondbadmin:neutron4smtest@192.168.3.180/neutron
notification_driver = neutron.openstack.common.notifier.rpc_notifier
allow_overlapping_ips = True

service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

值得注意的是，上面有一个需要获得nova_admin_tenant_id的ID，我们可以通过如下命令获取

sm@controller:~$ keystone user-role-list --user admin --tenant admin+----------------------------------+-------+----------------------------------+----------------------------------+|                id                |  name |             user_id              |            tenant_id             |+----------------------------------+-------+----------------------------------+----------------------------------+| 9a010a3589e94f7ca861a73b449f9bb7 | admin | 463c7566468f4cef88efec5312bac893 | 05ec814379cd4935b50bad905b1fd203 |+----------------------------------+-------+----------------------------------+----------------------------------+

也就是05ec814379cd4935b50bad905b1fd203。

我们查看一下neutron.conf的最终结果

sm@controller:~$ sudo grep ^[a-z] /etc/neutron/neutron.conf[sudo] password for sm:state_path = /var/lib/neutronlock_path = $state_path/lockcore_plugin = neutron.plugins.ml2.plugin.Ml2Pluginservice_plugins = neutron.services.l3_router.l3_router_plugin.L3RouterPluginauth_strategy = keystonedhcp_agent_notification = Trueallow_overlapping_ips = Truerpc_backend = neutron.openstack.common.rpc.impl_kombucontrol_exchange = neutronrabbit_host = 192.168.3.180rabbit_password = mq4smtestrabbit_port = 5672rabbit_userid = guestnotification_driver = neutron.openstack.common.notifier.rpc_notifiernotify_nova_on_port_status_changes = Truenotify_nova_on_port_data_changes = Truenova_url = http://192.168.3.180:8774/v2nova_admin_username = novanova_admin_tenant_id = 05ec814379cd4935b50bad905b1fd203nova_admin_password = nova4smtestnova_admin_auth_url = http://192.168.3.180:35357/v2.0root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.confauth_host = 192.168.3.180auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = neutronadmin_password = neutron4smtestsigning_dir = $state_path/keystone-signingconnection = mysql://neutrondbadmin:neutron4smtest@192.168.3.180/neutronservice_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

3. 编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件，
     [ sudo vi /etc/neutron/plugins/ml2/ml2_conf.ini ]

     更新设置如下：
type_drivers = flat,vlan,gre
tenant_network_types = vlan,gre
mechanism_drivers = openvswitch

#在最后添加
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

sm@controller:~$ sudo more /etc/neutron/plugins/ml2/ml2_conf.ini[ml2]# (ListOpt) List of network type driver entrypoints to be loaded from# the neutron.ml2.type_drivers namespace.#type_drivers = flat,vlan,gre# Example: type_drivers = flat,vlan,gre,vxlan# (ListOpt) Ordered list of network_types to allocate as tenant# networks. The default value 'local' is useful for single-box testing# but provides no connectivity between hosts.#tenant_network_types = vlan,gre# Example: tenant_network_types = vlan,gre,vxlan# (ListOpt) Ordered list of networking mechanism driver entrypoints# to be loaded from the neutron.ml2.mechanism_drivers namespace.mechanism_drivers = openvswitch# Example: mechanism_drivers = openvswitch,mlnx# Example: mechanism_drivers = arista# Example: mechanism_drivers = cisco,logger# Example: mechanism_drivers = openvswitch,brocade# Example: mechanism_drivers = linuxbridge,brocade[ml2_type_flat]# (ListOpt) List of physical_network names with which flat networks# can be created. Use * to allow flat networks with arbitrary# physical_network names.## flat_networks =# Example:flat_networks = physnet1,physnet2# Example:flat_networks = *[ml2_type_vlan]# (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples# specifying physical_network names usable for VLAN provider and# tenant networks, as well as ranges of VLAN tags on each# physical_network available for allocation as tenant networks.## network_vlan_ranges =# Example: network_vlan_ranges = physnet1:1000:2999,physnet2[ml2_type_gre]# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation# tunnel_id_ranges =[ml2_type_vxlan]# (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating# ranges of VXLAN VNI IDs that are available for tenant network allocation.## vni_ranges =# (StrOpt) Multicast group for the VXLAN interface. When configured, will# enable sending all broadcast traffic to this multicast group. When left# unconfigured, will disable multicast VXLAN mode.## vxlan_group =# Example: vxlan_group = 239.1.1.1[securitygroup]# Controls if neutron security group is enabled or not.# It should be false when you use nova security group.enable_security_group = Truefirewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

4. 编辑/etc/nova/nova.conf文件，
     [ sudo vi /etc/nova/nova.conf ]


     更新设置如下：
network_api_class=nova.network.neutronv2.api.API
security_group_api=neutron

sm@controller:~$ sudo more /etc/nova/nova.conf[DEFAULT]dhcpbridge_flagfile=/etc/nova/nova.confdhcpbridge=/usr/bin/nova-dhcpbridgelogdir=/var/log/novastate_path=/var/lib/novalock_path=/var/lock/novaforce_dhcp_release=Trueiscsi_helper=tgtadmlibvirt_use_virtio_for_bridges=Trueconnection_type=libvirtroot_helper=sudo nova-rootwrap /etc/nova/rootwrap.confverbose=Trueec2_private_dns_show_ip=Trueapi_paste_config=/etc/nova/api-paste.inivolumes_path=/var/lib/nova/volumesenabled_apis=ec2,osapi_compute,metadatarpc_backend = rabbitrabbit_host = 192.168.3.180rabbit_userid = guestrabbit_password = mq4smtestrabbit_port = 5672my_ip = 192.168.3.180vncserver_listen = 192.168.3.180vncserver_proxyclient_address = 192.168.3.180auth_strategy = keystonenetwork_api_class=nova.network.neutronv2.api.APIsecurity_group_api=neutron[database]connection = mysql://novadbadmin:nova4smtest@192.168.3.180/nova[keystone_authtoken]auth_uri = http://192.168.3.180:5000auth_host = 192.168.3.180auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = novaadmin_password = nova4smtest

5. 重启计算服务
     sudo service nova-api restart
     sudo service nova-scheduler restart
     sudo service nova-conductor restart

sm@controller:~$ sudo service nova-api restartnova-api stop/waitingnova-api start/running, process 21830sm@controller:~$      sudo service nova-scheduler restartnova-scheduler stop/waitingnova-scheduler start/running, process 21848sm@controller:~$      sudo service nova-conductor restartnova-conductor stop/waitingnova-conductor start/running, process 21872

6. 重启网络服务
     sudo service neutron-server restart

sm@controller:~$ sudo service neutron-server restartneutron-server stop/waitingneutron-server start/running, process 21910

只要相关服务重启没有问题，说明安装就没有问题，最关键是就是相关配置文件的输入信息。