本帖最后由 pig2 于 2015-8-16 14:53 编辑
问题导读
1.如何配置启用 OVS iptables firewall 驱动?
2.同步数据库是否可以以前同步?
3.如何验证安装是否成功?
1.安装准备
1.创建数据
a.使用root登录mysql
[mw_shl_code=bash,true]mysql -u root -p[/mw_shl_code]
b.创建neutron数据库
[mw_shl_code=bash,true]CREATE DATABASE neutron;[/mw_shl_code]
c.授权访问数据库
[mw_shl_code=bash,true]GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';[/mw_shl_code]
d.退出数据库
[mw_shl_code=bash,true]exit[/mw_shl_code]
2.生效环境变量
[mw_shl_code=bash,true]source admin-openrc.sh[/mw_shl_code]
3.创建网络用户并授权
a.创建neutron用户
[mw_shl_code=bash,true] openstack user create --password-prompt neutron[/mw_shl_code]
User Password:
Repeat User Password:
b.创建admin角色到neutron用户
[mw_shl_code=bash,true]openstack role add --project service --user neutron admin[/mw_shl_code]
[mw_shl_code=bash,true]+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | cd2cb9a39e874ea69e5d4b896eb16128 |
| name | admin |
+-------+----------------------------------+[/mw_shl_code]
c.创建neutron 服务实例
[mw_shl_code=bash,true]openstack service create --name neutron \
--description "OpenStack Networking" network[/mw_shl_code]
[mw_shl_code=bash,true]+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | f71529314dab4a4d8eca427e701d209e |
| name | neutron |
| type | network |
+-------------+----------------------------------+[/mw_shl_code]
4.创建网络服务API endpoint
[mw_shl_code=bash,true]openstack endpoint create \
--publicurl http://controller:9696 \
--adminurl http://controller:9696 \
--internalurl http://controller:9696 \
--region RegionOne \
network[/mw_shl_code]
[mw_shl_code=bash,true]+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| adminurl | http://controller:9696 |
| id | 04a7d3c1de784099aaba83a8a74100b3 |
| internalurl | http://controller:9696 |
| publicurl | http://controller:9696 |
| region | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
+--------------+----------------------------------+[/mw_shl_code]
2.安装新的网络组件
[mw_shl_code=bash,true] apt-get install neutron-server neutron-plugin-ml2 python-neutronclient[/mw_shl_code]
3.配置网络服务组件
编辑文件 /etc/neutron/neutron.conf完成下面内容
a.在 [database]部分,配置数据库访问
[mw_shl_code=bash,true][database]
...
connection = mysql://neutron:NEUTRON_DBPASS@controller/neutron[/mw_shl_code]
neutron:NEUTRON_DBPASS记得替换为自己的密码
b.在[DEFAULT] 和 [oslo_messaging_rabbit]部分,配置RabbitMQ 消息队列服务
[mw_shl_code=bash,true][DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS[/mw_shl_code]
c. 在[DEFAULT] 和 [keystone_authtoken]部分,配置认证访问
[mw_shl_code=bash,true][DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = NEUTRON_PASS[/mw_shl_code]
NEUTRON_PASS密码记得替换为自己设置的密码,这里设置为123
[keystone_authtoken] 标签中,移除或则注释掉其它选项
d.在 [DEFAULT]部分,启用 Modular Layer 2 (ML2) plug-in,路由服务, 和 overlapping IP addresses:
[mw_shl_code=bash,true][DEFAULT]
...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True[/mw_shl_code]
e.在 [DEFAULT] 和 [nova]部分,配置计算节点网络拓扑变化通知
[mw_shl_code=bash,true][DEFAULT]
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
[nova]
...
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS[/mw_shl_code]
NOVA_PASS记得密码替换为自己设置的
f.启用日志信息详细记录
[mw_shl_code=bash,true][DEFAULT]
...
verbose = True[/mw_shl_code]
4.配置Modular Layer 2 (ML2) plug-in
ML2插件使用e Open vSwitch (OVS) 机制作为实例的虚拟网络架构,尽管如此,计算节点不需要ovs组件,因为它不处理实例的网络
编辑文件 /etc/neutron/plugins/ml2/ml2_conf.ini完成下面内容
a.在[ml2]部分,启用e flat, VLAN, generic routing encapsulation (GRE), 和 virtual extensible LAN (VXLAN) 网络类型驱动, GRE 租户网络, 和OVS 机制驱动:
[mw_shl_code=bash,true][ml2]
...
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch[/mw_shl_code]
注意:一旦配置ML2插件,如何改变type_drivers值的话,会导致数据库不一致
b. 在[ml2_type_gre]部分,配置隧道标识符id的范围
[mw_shl_code=bash,true][ml2_type_gre]
...
tunnel_id_ranges = 1:1000[/mw_shl_code]
c.在[securitygroup] 部分,启用security groups, 启用 ipset, 和 配置 OVS iptables firewall 驱动:
[mw_shl_code=bash,true][securitygroup]
...
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver[/mw_shl_code]
5.重新配置网络【控制节点】
编辑文件 /etc/nova/nova.conf完成下面内容
a.在 [DEFAULT]部分,配置APIs和驱动
[mw_shl_code=bash,true][DEFAULT]
...
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver[/mw_shl_code]
b.在 [neutron] 部分,配置访问参数
[mw_shl_code=bash,true][neutron]
...
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = NEUTRON_PASS[/mw_shl_code]
NEUTRON_PASS 记得替换为自己的密码
6.完成安装
1.同步数据库[mw_shl_code=bash,true]su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron[/mw_shl_code]
数据同步脚本是根据配置文件特别是插件的配置来进行同步的
2.重启计算服务
[mw_shl_code=bash,true]service nova-api restart[/mw_shl_code]
3.重启网络服务
[mw_shl_code=bash,true]service neutron-server restart[/mw_shl_code]
7.验证安装
1.生效环境变量
[mw_shl_code=bash,true]source admin-openrc.sh[/mw_shl_code]
2.列出创建成功的neutron-server 进程
[mw_shl_code=bash,true]neutron ext-list[/mw_shl_code]
[mw_shl_code=bash,true]+-----------------------+-----------------------------------------------+
| alias | name |
+-----------------------+-----------------------------------------------+
| security-group | security-group |
| l3_agent_scheduler | L3 Agent Scheduler |
| ext-gw-mode | Neutron L3 Configurable external gateway mode |
| binding | Port Binding |
| provider | Provider Network |
| agent | agent |
| quotas | Quota management support |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| l3-ha | HA Router extension |
| multi-provider | Multi Provider Network |
| external-net | Neutron external network |
| router | Neutron L3 Router |
| allowed-address-pairs | Allowed Address Pairs |
| extraroute | Neutron Extra Route |
| extra_dhcp_opt | Neutron Extra DHCP opts |
| dvr | Distributed Virtual Router |
+-----------------------+-----------------------------------------------+[/mw_shl_code]
相关内容
openstack【Kilo】入门 【准备篇】零:整体介绍
openstack【Kilo】入门 【准备篇】一: Ubuntu14.04远程连接(ssh安装)
openstack【Kilo】入门 【准备篇】二:NTP安装
openstack【Kilo】入门 【准备篇】三:mysql(MariaDB)安装【控制节点】
openstack【Kilo】入门 【准备篇】四:RabbitMQ 安装
openstack【Kilo】入门 【keystone篇】五:keystone安装与配置
openstack【Kilo】入门 【keystone篇】六:创建服务实例和 API endpoint
openstack【Kilo】入门 【keystone篇】七:创建租户、用户、角色
openstack【Kilo】入门 【keystone篇】八:验证keystone安装部署
openstack【Kilo】入门 【keystone篇】九: 创建openstack客户端环境变量脚本
openstack【Kilo】入门 【glance篇】十:glance安装配置【控制节点】
openstack【Kilo】入门 【glance篇】十一:glance安装验证
openstack【Kilo】入门 【nova篇】十二:安装配置nova
openstack【Kilo】入门 【网络篇】十三:安装配置【控制节点】
openstack【Kilo】入门 【网络篇】十四:安装配置【网络节点】
openstack【Kilo】入门 【网络篇】十五:安装配置【计算节点】
openstack【Kilo】入门 【网络篇】十六:实例化网络
openstack【Kilo】入门 【网络篇】十七:创建实例
|
/2 
京ICP备2020039040号
简书网举报电话:021-34700000
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡
