CentOS7.1 Liberty云平台之Networking篇(6)

选择Provider networks

控制节点：

一、安装配置Networking服务

1.创建数据库及管理用户

mysql -u root -p

执行以下命令

CREATE DATABASE neutron;GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';

2.生效admin变量

source admin-openrc.sh

3.创建neutron用户

openstack user create --domain default --password-prompt neutron

添加admin角色到neutron用户及service项目

openstack role add --project service --user neutron admin

创建neutron服务实体

openstack service create --name neutron --description "OpenStack Networking" network

4.创建服务API端点

openstack endpoint create --region RegionOne network public http://controller:9696openstack endpoint create --region RegionOne network internal http://controller:9696openstack endpoint create --region RegionOne network admin http://controller:9696

5.安装neutron相关包

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset

6.配置/etc/neutron/neutron.conf

[DEFAULT]core_plugin = ml2service_plugins =rpc_backend = rabbitauth_strategy = keystonenotify_nova_on_port_status_changes = Truenotify_nova_on_port_data_changes = Truenova_url = http://controller:8774/v2verbose = True......[keystone_authtoken]auth_uri = http://controller:5000auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = neutronpassword = 111111......[database]connection = mysql://neutron:NEUTRON_DBPASS@controller/neutron......[nova]auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultregion_name = RegionOneproject_name = serviceusername = novapassword = 111111......[oslo_concurrency]lock_path = /var/lib/neutron/tmp......[oslo_messaging_rabbit]rabbit_host = controllerrabbit_userid = openstackrabbit_password = RABBIT_PASS......

7.配置/etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]type_drivers = flat,vlantenant_network_types =mechanism_drivers = linuxbridgeextension_drivers = port_security......[ml2_type_flat]flat_networks = public......[securitygroup]enable_ipset = True......

8.配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[vxlan]enable_vxlan = False[agent]prevent_arp_spoofing = True[securitygroup]enable_security_group = Truefirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

9.配置/etc/neutron/dhcp_agent.ini

[DEFAULT]interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriverdhcp_driver = neutron.agent.linux.dhcp.Dnsmasqenable_isolated_metadata = Trueverbose = True

10.配置/etc/neutron/metadata_agent.ini

[DEFAULT]auth_uri = http://controller:5000auth_url = http://controller:35357auth_region = RegionOneauth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = neutronpassword = 111111nova_metadata_ip = controllermetadata_proxy_shared_secret = METADATA_SECRETverbose = True

11.配置/etc/nova/nova.conf

[neutron]url = http://controller:9696auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultregion_name = RegionOneproject_name = service username = neutronpassword = 111111service_metadata_proxy = Truemetadata_proxy_shared_secret = METADATA_SECRET

12.创建软链接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

13.填充数据库

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

14.重启Compute API服务

systemctl restart openstack-nova-api.service

15.启动neutron相关服务，并设置开机自启

systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.servicesystemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

计算节点：

二、安装配置控制节点

1.安装neutron相关包

yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset -y

2.配置/etc/neutron/neutron.conf

[DEFAULT]rpc_backend = rabbitauth_strategy = keystoneverbose = True......[keystone_authtoken]auth_uri = http://controller:5000auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = neutronpassword = 111111......[oslo_concurrency]lock_path = /var/lib/neutron/tmp......[oslo_messaging_rabbit]rabbit_host = controllerrabbit_userid = openstackrabbit_password = RABBIT_PASS......

3.配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]physical_interface_mappings = public:ens34[vxlan]enable_vxlan = False[agent]prevent_arp_spoofing = True[securitygroup]nable_security_group = Truefirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

4.配置/etc/nova/nova.conf

[neutron]url = http://controller:9696auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultregion_name = RegionOneproject_name = serviceusername = neutronpassword = 111111

5.重启Compute服务

systemctl restart openstack-nova-compute.service

6.启动Linux bridge agent服务并设置开机自启

systemctl enable neutron-linuxbridge-agent.servicesystemctl start neutron-linuxbridge-agent.service

控制节点：

三、验证

1.生效admin脚本变量

source admin-openrc.sh

2.查看成功运行的neutron服务进程

neutron ext-list

3.查看neutron服务代理

neutron agent-list