Shulou(Shulou.com)06/01 Report--

OpenstackNetworking (neutron) Services

Install and configure the control node 1. precondition

Before you configure the OpenStack Network (neutron) service, you must create a database, service credentials and API endpoints.

1) create a database

Mysql-uroot-p123123

Create database neutron

Grant all privileges on neutron.* to'neutron'@'localhost' identified by'123123'

Grant all privileges on neutron.* to'neutron'@'%' identified by '123123'

Exit

2) obtain admin credentials to obtain access rights that only administrators can execute commands

Sourceadmin-openrc

3) create service certificate a. Create a neutron user

Openstack user create-- domain default--password-prompt neutron # # set password

b. Add admin roles to neutron users

Openstack role add-project service--user neutron admin

c. Create a neutron service entity

Openstack service create-name neutron--description "OpenStack Networking" network

4) create a network service API endpoint

Openstack endpoint create-- regionRegionOne network public http://controller:9696

Openstack endpoint create-- regionRegionOne network internel http://controller:9696

Openstack endpoint create-- regionRegionOne network admin http://controller:9696

two。 Configure network options (this configuration VPC) 1) install components

Yum install openstack-neutronopenstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

2) configure the service component a. Edit the / etc/neutron/neutron.conf file and complete the following actions

Vi / etc/neutron/neutron.conf

[database]

Connection = mysql+pymysql://neutron:123123@controller/neutron # # configure database access

[DEFAULT]

Core_plugin = ml2

Service_plugins = router

Allow_overlapping_ips = True # # enable Modular Layer 2 (ML2) plug-ins, routing services and overlapping IP addresses

Auth_strategy = keystone # # configure authentication service access

Notify_nova_on_port_status_changes = True

Notify_nova_on_port_data_changes = True # # configure network services to notify computing nodes of network topology changes

Rpc_backend = rabbit # # configure the connection of RabbitMQ message queuing

[oslo_messaging_rabbit]

Rabbit_host = controller

Rabbit_userid = openstack

Rabbit_password = 123123 # # configure the connection of RabbitMQ message queuing

[keystone_authtoken] # # configure authentication service

Auth_uri = http://controller:5000

Auth_url = http://controller:35357

Memcached_servers = controller:11211

Auth_type = password

Project_domain_name = default

User_domain_name = default

Project_name = service

Username = neutron

Password = 123123 # # configure the authentication service, comment in [keystone_authtoken] or delete other options.

[nova] # # configure the network to reflect changes in the computing network topology:

Auth_url = http://controller:35357

Auth_plugin = password

Project_domain_name = default

User_domain_name = default

Region_name = RegionOne

Project_name = service

Username = nova

Password = 123123 # # configure the network to reflect the changes in the computing network topology

[oslo_concurrency]

Lock_path = / var/lib/neutron/tmp # # configure lock path

3) configure the Modular Layer 2 (ML2) plug-in

The ML2 plug-in uses the Linux bridging mechanism to create a layer-2 (bridging / switching) virtual network infrastructure for the instance.

a. Edit the / etc/neutron/plugins/ml2/ml2_conf.ini file and complete the following

Vi / etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]

Type_drivers = flat,vlan,vxlan # # enable flat,VLAN and VXLAN networks

Tenant_network_types = vxlan # # enable VXLAN project (private) network

Mechanism_drivers = linuxbridge,l2population # # enable Linuxbridge and ayer-2 mechanisms

# # after you configure the ML2 plug-in, delete the value of ``type_ drivers`` that may cause database inconsistency. Linux bridging agent only supports VXLAN network.

Extension_drivers = port_security # # enable port security extension driver

[ml2_type_flat]

Flat_networks = provider # # configure public flat to provide network

[ml2_type_vxlan]

Vni_ranges = 1 1000 # # configure the network range identified by the VXLAN network

[securitygroup]

Enable_ipset = True # # enabling ipset to increase the convenience of security groups

4) configure Linux bridging agent a. Edit the / etc/neutron/plugins/ml2/linuxbridge_agent.ini file and complete the following:

Vi / etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]

Physical_interface_mappings = public:eth3 # # maps the public virtual network to the public physical network interface, replacing eth3 with the physical public network interface.

[vxlan]

Enable_vxlan = True

Local_ip = 10.0.0.31

12_population = True # # enable VXLAN overlay network and configure IP addresses that deal with overlay network and layer-2-enabled physical network interfaces

[securitygroup]

Enable_security_group = True

Firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver # # enable security groups and configure Linux bridging iptables firewall driver

5) configure layer-3 agent a. Edit the / etc/neutron/l3_agent.ini file and complete the following:

Vi / etc/neutron/l3_agent.ini

[DEFAULT]

Interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

External_network_bridge =

# # configure Linux bridging network driver and external network bridging. The external_network_bridge option deliberately lacks a value, so that multiple external networks can be enabled on a single agent.

6) configure DHCP agent a. Edit the / etc/neutron/dhcp_agent.ini file and complete the following

Configure the Linux bridge Nic driver, Dnsmasq DHCP driver and enable isolated metadata so that instances on the public network can access the metadata over the network

[DEFAULT]

Interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

Dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

Enable_isolated_metadata = True

3. Configure metadata Agent 1) Edit the / etc/neutron/metadata_agent.ini file and complete the following

Vi / etc/neutron/metadata_agent.ini

[DEFAULT]

Nova_metadata_ip = controller

Metadata_proxy_shared_secret = 123123 # # configure metadata Agent shared password

4. Configure the calculation to use Network 1) Edit the / etc/nova/nova.conf file and complete the following

Vi / etc/nova/nova.conf

[neutron]

Url = http://controller:9696

Auth_url = http://controller:35357

Auth_type = password

Project_domain_name = default

User_domain_name = default

Region_name = RegionOne

Project_name = service

Username = neutron

Password = 123123

Service_metadata_proxy = True

Metadata_proxy_shared_secret = 123123 # # configure access parameters, enable metadata proxy and set password

5. Complete installation 1) the network service initialization script requires a hyperlink / etc/neutron/plugin.ini to the ML2 plug-in configuration file / etc/neutron/plugins/ml2/ml2_conf.ini. If the hyperlink does not exist, create it using the following command:

Ln-s / etc/neutron/plugins/ml2/ml2_conf.ini/etc/neutron/plugin.ini

2) synchronize the database

Su-s/bin/sh-c "neutron-db-manage-- config-file / etc/neutron/neutron.conf--config-file / etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

# # Database synchronization occurs after Networking, because the script needs to complete the configuration files of the server and plug-in.

3) restart the computing API service

Systemctl restart openstack-nova-api.service

4) start the Networking service and configure them to boot a. For all network options:

Systemctl enableneutron-server.service neutron-linuxbridge-agent.serviceneutron-dhcp-agent.service neutron-metadata-agent.service

Systemctl startneutron-server.service neutron-linuxbridge-agent.serviceneutron-dhcp-agent.service neutron-metadata-agent.service

b. For network option 2, also enable and start the layer-3 service

Systemctl enable neutron-13-agent.service

Systemctlstart neutron-13-agent.service

Second, install and configure computing node 1. Install component

Yum install openstack-neutronopenstack-neutron-linuxbridge ebtables ipset

two。 Configure common components

The configuration of Networking common components includes authentication mechanism, message queue and plug-ins.

1) Edit the / etc/neutron/neutron.conf file and complete the following actions:

In the [database] section, comment all connection entries because the compute node does not access the database directly

[DEFAULT]

Rpc_backend = rabbit # # configure RabbitMQ message queuing access

Auth_strategy = keystone # # configure authentication service access

[oslo_messaging_rabbit]

Rabbit_host = controller

Rabbit_userid = openstack

Rabbit_password = 123123 # # configure RabbitMQ message queuing access

[keystone_authtoken]

Auth_uri = http://controller:5000

Auth_url = http://controller:35357

Memcached_servers = controller:11211

Auth_type = password

Project_domain_name = default

User_domain_name = default

Project_name = service

Username = neutron

Password = 123123 # # configure authentication service access, comment in [keystone_authtoken] or delete other options.

[oslo_concurrency]

Lock_path = / var/lib/neutron/tmp # # Lock path

3. Configure network option 1) configure Linux bridging agent a. Edit the / etc/neutron/plugins/ml2/linuxbridge_agent.ini file and complete the following:

Vi / etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]

Physical_interface_mappings = public:eth3

# # Mapping a public virtual network to a public physical network interface and replacing eth3 with a physical public network interface

[vxlan]

Enable_vxlan = True

Local_ip = 10.0.0.31

12_population = True # # enable VXLAN overlay network and configure IP addresses that deal with overlay network and layer-2-enabled physical network interfaces

[securitygroup]

Enable_security_group = True

Firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

# # use security groups and configure Linux to bridge iptables firewall drivers:

4. Configure the computer to use Network 1) Edit the / etc/nova/nova.conf file and complete the following

Vi / etc/nova/nova.conf

[neutron]

Url = http://controller:9696

Auth_url = http://controller:35357

Auth_type = password

Project_domain_name = default

User_domain_name = default

Region_name = RegionOne

Project_name = service

Username = neutron

Password = 123123 # # configure access parameters

5. Complete installation 1) restart computing service

Systemctl restartopenstack-nova-compute.service

2) start the Linuxbridge agent and configure it to boot automatically

Systemctl enableneutron-linuxbridge-agent.service

Systemctl start neutron-linuxbridge-agent.service

Third, verification operation 1. Obtain admin credentials to obtain access rights that only administrators can execute commands

Source admin-openrc

two。 List the loaded extensions to verify that the neutron-server process starts properly

Neutron ext-list

3. Verify the network options and list the agents to verify that the neutron agent was started successfully

Neutron agent-list

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.