在controller节点上安装和配置
创建nova的数据库,服务证书和API端点
- 创建数据库:
使用root身份进入数据库:$ mysql -u root -p创建nova数据库:
<pre>CREATE DATABASE neutron;</pre>把neutron数据库的访问权限赋予名为neutron,来自任何主机地址的用户,并设定访问密码为NEUTRON_DBPASS(替换为合适的密码):
<pre>GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';</pre>
退出数据库。
- 启动admin证书:
$ source admin-openrc.sh - 创建服务证书:
创建neutron用户:
<pre>$ keystone user-create --name neutron --pass NEUTRON_PASS
| Property | Value |
|---|---|
| enabled | True |
| id | 03fdaa93a85b4879a898d031947b81af |
| name | neutron |
| username | neutron |
+----------+----------------------------------+</pre>
用合适的密码代替NEUTRON_PASS。
把admin角色赋予给neutron用户:$ keystone user-role-add --user neutron --tenant service --role admin
这条命令不产生输出显示。
创建neutron服务实体:
<pre>$ keystone service-create --name neutron --type network \
| --description "OpenStack Networking" | |
|---|---|
| Property | Value |
| description | OpenStack Networking |
| enabled | True |
| id | d3cf8211db414c069701f39e778d9765 |
| name | neutron |
| type | network |
+-------------+----------------------------------+</pre>
- 创建网络服务的API端点:
<pre>$ keystone endpoint-create \
--service-id $(keystone service-list | awk '/ network / {print $2}') \
--publicurl http://controller:9696 \
--adminurl http://controller:9696 \
--internalurl http://controller:9696 \
| --region regionOne | |
|---|---|
| Property | Value |
| adminurl | http://controller:9696 |
| id | eb7fd6b67e4d4479886d164486a3fb71 |
| internalurl | http://controller:9696 |
| publicurl | http://controller:9696 |
| region | regionOne |
| service_id | d3cf8211db414c069701f39e778d9765 |
+-------------+----------------------------------+</pre>
安装neutron组件
# apt-get install neutron-server neutron-plugin-ml2 python-neutronclient
配置网络服务组件
编辑# vi /etc/neutron/neutron.conf文件:
在[database]部分,设定数据库的访问选项,需把原始设定注释掉:
<pre>[database]</pre>
...
connection = mysql://neutron:NEUTRON_DBPASS@controller/neutron
NEUTRON_DBPASS为创建neutron数据库时设立的密码。
在[DEFAULT]部分,设定RabbitMQ的访问选项:
<pre>[DEFAULT]</pre>
...
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = RABBIT_PASS
RABBIT_PASS为RabbitMQ guest账户的密码。
在[DEFAULT]和[keystone_authtoken]部分,设定认证服务的访问选项:
<pre>[DEFAULT]</pre>
...
auth_strategy = keystone
<pre>[keystone_authtoken]</pre>
...
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = neutron
admin_password = NEUTRON_PASS
NEUTRON_PASS为创建neutron用户时使用的密码。在[keystone_authtoken]部分,注释掉 auth_host,auth_port,和auth_protocol的选项,因为identity_uri选项是直接代替它们的。
在[DEFAULT]部分,开启Modular Layer 2(ML2)plug-in选项,设定router service和overlapping IP addresses选项:
<pre>[DEFAULT]</pre>
...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
在[DEFAULT]部分,设定网络服务可以通知计算服务网络拓扑的变化:
<pre>[DEFAULT]</pre>
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
nova_admin_auth_url = http://controller:35357/v2.0
nova_region_name = regionOne
nova_admin_username = nova
nova_admin_tenant_id = SERVICE_TENANT_ID
nova_admin_password = NOVA_PASS
NEUTRON_PASS为创建neutron用户时使用的密码。SERVICE_TENANT_ID为认证服务中service租户的ID,可以通过以下命令取得:
<pre>$ source admin-openrc.sh
| $ keystone tenant-get service | |
|---|---|
| Property | Value |
| description | Service Tenant |
| enabled | True |
| id | 5ab4d5c513f543cfbf8e3be97f5df5fb |
| name | service |
+-------------+----------------------------------+</pre>
在[DEFAULT]部分,开启“详细输出日志”选项:
<pre>[DEFAULT]</pre>
...
verbose = True
配置 Modular Layer 2(ML2)plug-in
ML2 plug-in使用Open vSwitch(OVS)机制(agent)来创建虚拟网络框架。由于controller节点不处理实例之间的网络通信,故不需要OVS组件。
编辑# vi /etc/neutron/plugins/ml2/ml2_conf.ini文件:
在[ml2]部分,启用flat和generic routing encapsulation(GRE)网络类型的驱动( network type drivers),GRE 租户网络和OVS机制的驱动:
<pre>[ml2]</pre>
...
type_drivers = flat,gre
tenant_network_types = gre
mechanism_drivers = openvswitch
在[ml2_type_gre]部分,配置tunnel ID的范围:
<pre>[ml2_type_gre]</pre>
...
tunnel_id_ranges = 1:1000
在[securitygroup]部分,启用security groups,ipset, and configure,设定OVS iptables firewall driver:
<pre>[securitygroup]</pre>
...
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
配置计算服务使之使用网络服务
编辑# vi /etc/nova/nova.conf文件:
在[DEFAULT]部分,设定API和驱动:
<pre>[DEFAULT]</pre>
...
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
在[neutron]部分,设定访问参数:
<pre>[neutron]</pre>
...
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = NEUTRON_PASS
NEUTRON_PASS为创建neutron用户时使用的密码。
完成安装
- 同步数据库:
# neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno - 重启计算服务:
# service nova-api restart# service nova-scheduler restart# service nova-conductor restart - 重启网络服务:
# service neutron-server restart
验证操作
- 启动
admin证书:$ source admin-openrc.sh - 显示装载的扩展列表,验证neutron-server进程已成功启动:
<pre>$ neutron ext-list
| alias | name |
|---|---|
| security-group | security-group |
| l3_agent_scheduler | L3 Agent Scheduler |
| ext-gw-mode | Neutron L3 Configurable external gateway mode |
| binding | Port Binding |
| provider | Provider Network |
| agent | agent |
| quotas | Quota management support |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| l3-ha | HA Router extension |
| multi-provider | Multi Provider Network |
| external-net | Neutron external network |
| router | Neutron L3 Router |
| allowed-address-pairs | Allowed Address Pairs |
| extraroute | Neutron Extra Route |
| extra_dhcp_opt | Neutron Extra DHCP opts |
| dvr | Distributed Virtual Router |
+-----------------------+-----------------------------------------------+</pre>
安装时出现的问题及解决方法
输入neutron ext-list后,出现“Unable to establish connection to http://controller:9696/v2.0/extensions.json”,最后发现是之前某个service在keystone里创立时设置的密码与配置neutron时需写入的没对上,导致无法访问。