标签:驱动 ip地址 code drive l3-agent source 状态 安全组 efault
controller
1.创建数据库并设置权限
mysql -u root -p0330
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘localhost‘ \ IDENTIFIED BY ‘NEUTRON_DBPASS‘;
GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘%‘ \ IDENTIFIED BY ‘NEUTRON_DBPASS‘;
2.创建openstack用户
source openrc
openstack user create --domain default --password=neutron neutron
3.给neutron设置成admin角色
openstack role add --project service --user neutron admin
4.创建服务
openstack service create --name neutron \ --description "OpenStack Networking" network
5.创建服务端点
openstack endpoint create --region RegionOne \ network public http://controller:9696
openstack endpoint create --region RegionOne \ network internal http://controller:9696
openstack endpoint create --region RegionOne \ network admin http://controller:9696
6.安装服务
yum install openstack-neutron openstack-neutron-ml2 openvswitch openstack-neutron-openvswitch ebtables -y
/etc/neutron/plugins/ml2/ml2_conf.ini
/etc/neutron/plugins/ml2/ml2_conf.ini
.bak/etc/neutron/l3_agent.ini
/etc/neutron/l3_agent.ini
.bak/etc/neutron/dhcp_agent.ini
/etc/neutron/dhcp_agent.ini
.bak/etc/neutron/metadata_agent.ini
/etc/neutron/metadata_agent.ini
.bak[DEFAULT]
state_path = /var/lib/neutron #neutron扩展库目录
auth_strategy = keystone #认证方式
core_plugin = ml2 #核心插件
service_plugins = router #服务插件:路由
dhcp_agent_notification = true #开启dhcp自动分配IP
allow_overlapping_ips = True
notify_nova_on_port_status_changes = true #允许更改端口
notify_nova_on_port_data_changes = true #更改端口的元数据
transport_url = rabbit://openstack:admin@controller
[agent]
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[matchmaker_redis]
[nova]
region_name = RegionOne
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
project_name = service
user_domain_name = default
username = nova
password = nova
[oslo_concurrency]
lock_path = $state_path/lock #临时文件目录
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[qos]
[quotas]
[ssl]
[DEFAULT]
[ml2]
type_drivers = flat,vxlan #类型驱动
tenant_network_types = vxlan #租户网络类型
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
[ml2_type_flat]
[ml2_type_geneve]
[ml2_type_gre]
[ml2_type_vlan]
[ml2_type_vxlan]
vni_ranges = 1:1000 #vlan的id号码的取值范围
[securitygroup]
enable_ipset = true #开启安全组策略
[DEFAULT]
[agent]
tunnel_types = vxlan #隧道类型
l2_population = True
[ovs]
tunnel_bridge = br-tun #隧道网桥
local_ip = 192.168.42.147 #租户网的ip地址
bridge_mappings =
[securitygroup]
firewall_driver = iptables_hybrid
enable_security_group = true
[xenapi]
[DEFAULT]
interface_driver = openvswitch 1路由由openswitch做出来的
external_network_bridge = br-ex #外网的网桥
[agent]
[ovs]
[DEFAULT]
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true #开启元数据
[agent]
[ovs]
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET #元数据证书的密码
[agent]
[cache]
8.编辑nova的配置文件
[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
9.创建软链接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
10.同步数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
11.重启服务
systemctl restart openstack-nova-api.service、
systemctl enable neutron-server.service neutron-dhcp-agent.service openvswitch neutron-openvswitch-agent neutron-metadata-agent.service
systemctl start neutron-server.service neutron-dhcp-agent.service openvswitch neutron-openvswitch-agent neutron-metadata-agent.service
12.创建网桥
ovs-vsctl add-br br-ex
/etc/neutron/neutron.conf
/etc/neutron/neutron.conf
.bak/etc/neutron/plugins/ml2/openswitch_agent.ini
/etc/neutron/plugins/ml2/openswitch_agent.ini
.bak[DEFAULT]
#state_path = /var/lib/neutron
auth_strategy = keystone
#core_plugin = ml2
#service_plugins = router
#dhcp_agent_notification = true
#allow_overlapping_ips = True
#notify_nova_on_port_status_changes = true
#notify_nova_on_port_data_changes = true
transport_url = rabbit://openstack:admin@controller
[agent]
[cors]
[cors.subdomain]
[database]
#connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[matchmaker_redis]
[nova]
region_name = RegionOne
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
project_name = service
user_domain_name = default
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[qos]
[quotas]
[ssl]
[DEFAULT]
[agent]
tunnel_types = vxlan
l2_population = True
[ovs]
tunnel_bridge = br-tun
local_ip = 192.168.42.151
bridge_mappings =
[securitygroup]
firewall_driver = iptables_hybrid
enable_security_group = true
[xenapi]
3.编辑nova配置文件
[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
4.重启服务
systemctl restart openstack-nova-compute.service
systemctl enable openvswitch neutron-openvswitch-agent
标签:驱动 ip地址 code drive l3-agent source 状态 安全组 efault
原文地址:https://www.cnblogs.com/daisyyang/p/10981403.html