安装neutron网络服务

• 创建数据库

mysql -u root -p

MariaDB [(none)] CREATE DATABASE neutron;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY 'xxxxxxx';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY 'xxxxxxx';

• 创建neutron用户

  • neutron用密码为：xxxxxxx

. admin-openrc
# 创建neutron用户并设置admin权限
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
# 创建neutron服务
openstack service create --name neutron \
  --description "OpenStack Networking" network
# 创建api端口  
openstack endpoint create --region RegionOne \
  network public http://controller:9696

openstack endpoint create --region RegionOne \
  network internal http://controller:9696  

openstack endpoint create --region RegionOne \
  network admin http://controller:9696

• 安装neutron服务（采用self-service network的方式部署网络）

yum install openstack-neutron openstack-neutron-ml2 \
  openstack-neutron-linuxbridge ebtables -y

• 修改配置文件

vim /etc/neutron/neutron.conf

[database]
# ...
connection = mysql+pymysql://neutron:xxxxxxx@controller/neutron

[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:openstack@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = xxxxxxx

[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = xxxxxxx

[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

• 修改第二层配置文件

vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
# ...
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_flat]
# ...
flat_networks = provider

[ml2_type_vxlan]
# ...
vni_ranges = 1:1000

[securitygroup]
# ...
enable_ipset = true

• 配置linux桥接代理

  • controller节点需双网卡

[root@controller network-scripts]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=none
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=10.0.19.138
PREFIX=24
GATEWAY=10.0.19.254
DNS1=202.96.209.5
DNS2=202.96.209.133

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:eth1     ##第二张网卡名称

[vxlan]
enable_vxlan = true
local_ip = 10.0.19.133
l2_population = true

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

• 修改系统参数

vim /etc/sysctl.conf

net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1

# 载入br_netfilter模块
modprobe br_netfilter
# 从配置文件加载内核参数
sysctl -p

• 配置第三层代理

vim /etc/neutron/l3_agent.ini

[DEFAULT]
# ...
interface_driver = linuxbridge

• 配置DHCP代理

vim /etc/neutron/dhcp_agent.ini

[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

• 配置元数据代理

vim /etc/neutron/metadata_agent.ini

[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = xxxxxxx

• 修改配置文件配置计算服务使用网络服务

vim /etc/nova/nova.conf

[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = xxxxxxx
service_metadata_proxy = true
metadata_proxy_shared_secret = xxxxxxx

• 创建软连接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

• 导入数据库结构

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

• 重启计算服务

systemctl restart openstack-nova-api.service

• 启动网络服务并开机自启

systemctl enable neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
systemctl start neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service

安装neutron网络服务（compute节点）

• 安装组件

yum install openstack-neutron-linuxbridge ebtables ipset -y

• 修改配置文件

vim /etc/neutron/neutron.conf

[DEFAULT]
transport_url = rabbit://openstack:openstack@controller
auth_strategy = keystone

[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = xxxxxxx

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

• 配置Linux桥接代理

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:eth0   # 自己的网卡

[vxlan]
enable_vxlan = true
local_ip = 10.0.19.134                        # 自己的ip地址
l2_population = true

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

vim /etc/sysctl.conf

net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1

modprobe br_netfilter
sysctl -p

• 配置网络服务

vim /etc/nova/nova.conf

[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = xxxxxxx

• 开机自启和启动

systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service

• 验证（在控制节点上操作）

. admin-openrc
# 执行命令验证是否成功启动neutron-server
openstack extension list --network
# 列出插件，验证网络插件是否成功启动
openstack network agent list
# 如在一下出现自己计算节点，那表示成功，如果不成功，在查查日志/var/log/neutron/linuxbridge-agent.log 
[root@controller ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host       | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 244101b3-8905-4999-b415-151fc67cb875 | Linux bridge agent | controller | None              | :-)   | UP    | neutron-linuxbridge-agent |
| 2c1b081a-b132-4091-9b32-519eb3e52629 | Metadata agent     | controller | None              | :-)   | UP    | neutron-metadata-agent    |
| 54dacfca-8aa9-4bcf-a771-88468b872801 | DHCP agent         | controller | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 5cb00320-c954-40a2-adbd-1dfd3c9ed04d | Linux bridge agent | compute-1  | None              | :-)   | UP    | neutron-linuxbridge-agent |
| b16c5b44-f98a-443f-8393-9d62ba69d279 | L3 agent           | controller | nova              | :-)   | UP    | neutron-l3-agent          |
| fcb6fb5f-c509-473f-b636-af99d7bbc34d | Linux bridge agent | compute-2  | None              | :-)   | UP    | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+