Shulou(Shulou.com)06/02 Report--

Part X installation of Network Services neutron

I. preparatory work

Before installing the network service neutron, you should make the following preparations

1. Back up the current vmware-workstation virtual machine

Shut down the 2 virtual machines, find the folder where the vmware-workstation virtual machine is installed in windows Explorer, and back up this folder.

2. After the backup, start two virtual machines, adjust the network card eth2 of the virtual machine to hybrid mode, and execute both the control node and the computing node.

Yum install net-tools-y

Ifconfig eth2 promisc

Ifconfig

The word PROMISC in the eth2 Nic information of the control node indicates that promiscuous mode has been enabled.

The word PROMISC in the eth2 Nic information of the compute node indicates that promiscuous mode has been enabled.

Write the above command to / etc/profile so that it will take effect after the next restart:

Vim / etc/profile

3. Restart the network and confirm the network communication between hosts.

Systemctl restart network

Ping c1

Ping 10.8.20.42

4. Confirm at the control node that the services installed so far are running normally

. Admin-openrc

Check keystone

Openstack token issue

Check glance

Openstack image list

Check placement

Placement-status upgrade check

Check nova

Openstack compute service list

Nova-status upgrade check

Second, install the network service neutron in the control node

Combined with the physical deployment described in the previous section, the control node mainly installs the following components of neutron

Because the two-tier network architecture is used below, it does not follow the relevant components of the L3 layer-3 network.

Next, the Neurton network service is installed in the control node (ct).

Create a Neutron database

Mysql-u root-p

MariaDB [(none)] > CREATE DATABASE neutron

Database authorization

MariaDB [(none)] > GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY' NEUTRON_DBPASS'

MariaDB [(none)] > GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY' NEUTRON_DBPASS'

Create a neutron user

. Admin-openrc

Openstack user create-domain default-password NEUTRON_PASS neutron

Add admin roles to neutron users

Openstack role add-project service-user neutron admin

Create a neutron service entity

Openstack service create-name neutron-description "OpenStack Networking" network

Create a neutron service endpoint

Openstack endpoint create-- region RegionOne network public http://ct:9696

Openstack endpoint create-- region RegionOne network internal http://ct:9696

Openstack endpoint create-- region RegionOne network admin http://ct:9696

Configure layer 2 network (official document is provider network)

1. Install the software package

Yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

Openstack-neutron:neutron-server 's bag.

Openstack-neutron-ml2:ML2 plugin's bag.

Openstack-neutron-linuxbridge:linux bridge network provider related packages

Ebtables: firewall-related packages

2. Modify the neutron configuration file (a total of 5 configuration files need to be modified)

(1) configuration file neutron.conf of neutron server

Cp / etc/neutron/neutron.conf / etc/neutron/neutron.conf.bak

Grep-Ev'^ $| #'/ etc/neutron/neutron.conf.bak > / etc/neutron/neutron.conf

Vim / etc/neutron/neutron.conf

[database] (plus 1 line)

Connection = mysql+pymysql://neutron:NEUTRON_DBPASS@ct/neutron

[DEFAULT] (add 6 lines)

Core_plugin = ml2

Service_plugins =

Transport_url = rabbit://openstack:RABBIT_PASS@ct

Auth_strategy = keystone

Notify_nova_on_port_status_changes = true

Notify_nova_on_port_data_changes = true

[keystone_authtoken] (plus 9 lines)

Www_authenticate_uri = http://ct:5000

Auth_url = http://ct:5000

Memcached_servers = ct:11211

Auth_type = password

Project_domain_name = default

User_domain_name = default

Project_name = service

Username = neutron

Password = NEUTRON_PASS

[nova] ([nova] add yourself, plus 8 lines)

Auth_url = http://ct:5000

Auth_type = password

Project_domain_name = default

User_domain_name = default

Region_name = RegionOne

Project_name = service

Username = nova

Password = NOVA_PASS

[oslo_concurrency] (plus 1 line)

Lock_path = / var/lib/neutron/tmp

(2) configuration file ml2_conf.ini of ML2 plugin

Cp / etc/neutron/plugins/ml2/ml2_conf.ini / etc/neutron/plugins/ml2/ml2_conf.ini.bak

Grep-Ev'^ $| #'/ etc/neutron/plugins/ml2/ml2_conf.ini.bak > / etc/neutron/plugins/ml2/ml2_conf.ini

Vim / etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]

Type_drivers = flat,vlan

Tenant_network_types =

Mechanism_drivers = linuxbridge

Extension_drivers = port_security

[ml2_type_flat]

Flat_networks = provider

[securitygroup]

Enable_ipset = true

(3) configuration file linuxbridge_agent.ini of linuxbridge network provider

Cp / etc/neutron/plugins/ml2/linuxbridge_agent.ini / etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak

Grep-Ev'^ $| #'/ etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > / etc/neutron/plugins/ml2/linuxbridge_agent.ini

Vim / etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]

Physical_interface_mappings = provider:eth2

[vxlan]

Enable_vxlan = false

[securitygroup]

Enable_security_group = true

Firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

Note the writing of the provder:eth2 above (one of the potholes of the official document, which is correctly written as the eth2 of the control node and the compute node connected to the external network)

As can be seen from this paragraph, INTERFACE_NAME refers to eth2, which is the provider interface that connects to the external network.

(4) system configuration file sysctl.conf (one of the potholes of the official document, which only explains how to check but does not write how to configure)

Vim / etc/sysctl.conf

Add the following 2 lines:

Net.bridge.bridge-nf-call-iptables = 1

Net.bridge.bridge-nf-call-ip6tables = 1

Modprobe br_netfilter

Sysctl-p

(5) dhcp agent configuration file dhcp_agent.ini

Cp / etc/neutron/dhcp_agent.ini / etc/neutron/dhcp_agent.ini.bak

Grep-Ev'^ $| #'/ etc/neutron/dhcp_agent.ini.bak > / etc/neutron/dhcp_agent.ini

Vim / etc/neutron/dhcp_agent.ini

[DEFAULT]

Interface_driver = linuxbridge

Dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

Enable_isolated_metadata = true

Configure the metadata proxy to communicate with nova (you can refer to the interaction section of neutron and nova in the previous section)

Vim / etc/neutron/metadata_agent.ini

[DEFAULT]

Nova_metadata_host = ct

Metadata_proxy_shared_secret = METADATA_SECRET

Modify the configuration file of nova to interact with neutron

Vim / etc/nova/nova.conf

On the basis of the original, add the following in the [neutron] section:

[neutron] (10 lines total)

Auth_url = http://ct:5000

Auth_type = password

Project_domain_name = default

User_domain_name = default

Region_name = RegionOne

Project_name = service

Username = neutron

Password = NEUTRON_PASS

Service_metadata_proxy = true

Metadata_proxy_shared_secret = METADATA_SECRET

Establish a soft connection for ml2

Ln-s / etc/neutron/plugins/ml2/ml2_conf.ini / etc/neutron/plugin.ini

Populate the Neutron database

Su-s / bin/sh-c "neutron-db-manage-- config-file / etc/neutron/neutron.conf-- config-file / etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

Restart the nova-api service

Systemctl restart openstack-nova-api.service

Start the neutron service and configure boot boot

Systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

Systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

After startup, you can use the systemctl status command to check the running status of each service, and use netstat-tnlup to see if there is a port 9696.

At this point, after the neutron service component on the control node is installed, switch to another virtual machine and install the neutron service on the compute node.

Third, install the network service neutron on the computing node

Combined with the physical deployment described in the previous section, the compute node mainly installs the following components of neutron

Install the network service neutron (compute node) on the compute node (C1) by doing the following

Install component

Yum install openstack-neutron-linuxbridge ebtables ipset-y

Modify the configuration file

(1) modify the neutron main configuration file

Cp / etc/neutron/neutron.conf / etc/neutron/neutron.conf.bak

Grep-Ev'^ $| #'/ etc/neutron/neutron.conf.bak > / etc/neutron/neutron.conf

Vim / etc/neutron/neutron.conf

[DEFAULT]

Transport_url = rabbit://openstack:RABBIT_PASS@ct

Auth_strategy = keystone

[keystone_authtoken] (9 lines total)

Www_authenticate_uri = http://ct:5000

Auth_url = http://ct:5000

Memcached_servers = ct:11211

Auth_type = password

Project_domain_name = default

User_domain_name = default

Project_name = service

Username = neutron

Password = NEUTRON_PASS

[oslo_concurrency]

Lock_path = / var/lib/neutron/tmp

(2) configure Linux bridge proxy

Cp / etc/neutron/plugins/ml2/linuxbridge_agent.ini / etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak

Grep-Ev'^ $| #'/ etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > / etc/neutron/plugins/ml2/linuxbridge_agent.ini

Vim / etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]

Physical_interface_mappings = provider:eth2

[vxlan]

Enable_vxlan = false

[securitygroup]

Enable_security_group = true

Firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

(3) sysctl.conf

Vim / etc/sysctl.conf

Add the following 2 lines:

Net.bridge.bridge-nf-call-iptables = 1

Net.bridge.bridge-nf-call-ip6tables = 1

Modprobe br_netfilter

Sysctl-p

Modify nova configuration file

Vim / etc/nova/nova.conf

[neutron]

Auth_url = http://ct:5000

Auth_type = password

Project_domain_name = default

User_domain_name = default

Region_name = RegionOne

Project_name = service

Username = neutron

Password = NEUTRON_PASS

Restart the nova computing service

Systemctl restart openstack-nova-compute.service

Start the neutron service and set up boot self-startup

Systemctl enable neutron-linuxbridge-agent.service

Systemctl start neutron-linuxbridge-agent.service

At this point, the neutron service above the compute node is installed, and then switch to the control node to verify the installation of the entire neutron.

Validate the entire neutron service

Execute the following command at the control node (ct) to verify the neutron service

. Admin-openrc

Openstack extension list-network

Openstack network agent list

Make sure that there are 4 records in the list and that the Alive status is smiley: -) and State is UP.

You can check it against official documents.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.