openstack搭建10、 Neutron控制/網路節點叢集
阿新 • • 發佈:2021-01-21
10、 Neutron控制/網路節點叢集
neutron-server 埠9696 api:接受和響應外部的網路管理請求
neutron-linuxbridge-agent: 負責建立橋接網絡卡
neturon-dhcp-agent: 負責分配IP
neturon-metadata-agent: 配合Nova-metadata-api實現虛擬機器的定製化操作
L3-agent 實現三層網路vxlan(網路層)
**Neutron Server:**對外提供Openstack網路API,接收請求,並呼叫Plugin處理請求。
**Plugin:**處理Neturon Server發來的請求,維護Openstack邏輯網路狀態,並呼叫Agent處理請求。
**Agent:**處理Plugin的請求,負責在network provider上真正實現各種網路功能。
**Network provider:**提供網路服務的虛擬或物理網路裝置,例如Linux Bridge,Open vSwitch或者其他支援Neutron的物理交換機。
**Queue:**Neutron Server,Plugin和Agent之間通過Messagings Queue通訊和呼叫。
**Database:**存放OpenStack的網路狀態資訊,包括Network,Subnet,Port,Router等。
10.1 建立neutron資料庫(在任意控制節點建立資料庫,後臺資料自動同步)
[root@controller1:/root]# mysql -uroot -p"123456" MariaDB [(none)]> CREATE DATABASE neutron; Query OK, 1 row affected (0.009 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_szh'; Query OK, 0 rows affected (0.009sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_szh'; Query OK, 0 rows affected (0.011 sec) MariaDB [(none)]> flush privileges; MariaDB [(none)]> exit Bye
10.2 建立neutron使用者、賦權、服務實體
[root@controller1:/root]# source openrc [root@controller1:/root]# openstack user create --domain default --password=neutron_szh neutron +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | a80531c8a7534a30954246b1eefd74d1 | | name | neutron | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+ // 為neutron使用者賦予admin許可權 [root@controller1:/root]# openstack role add --project service --user neutron admin // neutron服務實體型別”network” [root@controller1:/root]# openstack service create --name neutron --description "OpenStack Networking" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | 78246c2a2efa4c95864a22630886bfa0 | | name | neutron | | type | network | +-------------+----------------------------------+ [root@controller1:/root]# openstack service list +----------------------------------+-----------+-----------+ | ID | Name | Type | +----------------------------------+-----------+-----------+ | eac467e3e05f464e8fa2bec9237f2338 | nova | compute | | d0311e554ec742069c267963d4c3acfa | glance | image | | 5c44c9890e7744d8b322531192aa12db | keystone | identity | | 78246c2a2efa4c95864a22630886bfa0 | neutron | network | | 850824217408494daa58f31293918560 | placement | placement | +----------------------------------+-----------+-----------+
10.3 建立neutron-api
// neutron-api 服務型別為network; [root@controller1:/root]# openstack endpoint create --region RegionOne network public http://VirtualIP:9997 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 670dfb6bb8ba4b0eb29cf5ce117fa7f7 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 78246c2a2efa4c95864a22630886bfa0 | | service_name | neutron | | service_type | network | | url | http://VirtualIP:9997 | +--------------+----------------------------------+ [root@controller1:/root]# openstack endpoint create --region RegionOne network internal http://VirtualIP:9997 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 2c6b3657b8bd431586934cc9dde33f84 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 78246c2a2efa4c95864a22630886bfa0 | | service_name | neutron | | service_type | network | | url | http://VirtualIP:9997 | +--------------+----------------------------------+ [root@controller1:/root]# openstack endpoint create --region RegionOne network admin http://VirtualIP:9997 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 5ff90d7cff57495d80338ef7299319d3 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 78246c2a2efa4c95864a22630886bfa0 | | service_name | neutron | | service_type | network | | url | http://VirtualIP:9997 | +--------------+----------------------------------+ [root@controller1:/root]# openstack endpoint list +----------------------------------+-----------+--------------+--------------+---------+---- | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +----------------------------------+-----------+--------------+--------------+---------+---- | 2c6b3657b8bd431586934cc9dde33f84 | RegionOne | neutron | network | True | internal | http://VirtualIP:9697 | | 2e109052bb4a4affa30fe3b9e3e5fcc3 | RegionOne | keystone | identity | True | internal | http://VirtualIP:5001/v3/ | | 3ae6c07e8c1844b3a21c3fc073cd3da9 | RegionOne | nova | compute | True | public | http://VirtualIP:9774/v2.1 | | 40e4fa83731d4933afe694481b5e0464 | RegionOne | glance | image | True | admin | http://VirtualIP:9293 | | 53be3d592dfa4060b46ca6a488067191 | RegionOne | placement | placement | True | admin | http://VirtualIP:9778 | | 5ff90d7cff57495d80338ef7299319d3 | RegionOne | neutron | network | True | admin | http://VirtualIP:9997 | | 670dfb6bb8ba4b0eb29cf5ce117fa7f7 | RegionOne | neutron | network | True | public | http://VirtualIP:9997 | | 7bff1a44974a42a59e49eebffad550c0 | RegionOne | nova | compute | True | admin | http://VirtualIP:9774/v2.1 | | 8ddb366df7e94af9af298b5f11774fb4 | RegionOne | keystone | identity | True | admin | http://VirtualIP:5001/v3/ | | 9035afba42be4b4387571d02b16c168c | RegionOne | placement | placement | True | internal | http://VirtualIP:9778 | | a592cb41c0bb424c9817633ed1946b45 | RegionOne | keystone | identity | True | public | http://VirtualIP:5001/v3/ | | b0f71d34aedf41a9a8fb9d56313efb00 | RegionOne | nova | compute | True | internal | http://VirtualIP:9774/v2.1 | | b7b0084313744b8a91a142b1221e0443 | RegionOne | glance | image | True | internal | http://VirtualIP:9293 | | c2a1f308b3c04a448667967afb6016fe | RegionOne | placement | placement | True | public | http://VirtualIP:9778 | | fdb2cdadfb7544abad1f216ca719f478 | RegionOne | glance | image | True | public | http://VirtualIP:9293 | +----------------------------------+-----------+--------------+--------------+---------+---- 注:誤操作,刪除命令://# openstack endpoint delete ff76f2ea08914c98ad6e8fee3a789498 [root@controller1:/root]# openstack catalog list +-----------+-----------+----------------------------------------+ | Name | Type | Endpoints | +-----------+-----------+----------------------------------------+ | nova | compute | RegionOne | | | | public: http://VirtualIP:9774/v2.1 | | | | RegionOne | | | | admin: http://VirtualIP:9774/v2.1 | | | | RegionOne | | | | internal: http://VirtualIP:9774/v2.1 | | | | | | glance | image | RegionOne | | | | admin: http://VirtualIP:9293 | | | | RegionOne | | | | internal: http://VirtualIP:9293 | | | | RegionOne | | | | public: http://VirtualIP:9293 | | | | | | keystone | identity | RegionOne | | | | internal: http://VirtualIP:5001/v3/ | | | | RegionOne | | | | admin: http://VirtualIP:5001/v3/ | | | | RegionOne | | | | public: http://VirtualIP:5001/v3/ | | | | | | neutron | network | RegionOne | | | | internal: http://VirtualIP:9997 | | | | RegionOne | | | | admin: http://VirtualIP:9997 | | | | RegionOne | | | | public: http://VirtualIP:9997 | | | | | | placement | placement | RegionOne | | | | admin: http://VirtualIP:9778 | | | | RegionOne | | | | internal: http://VirtualIP:9778 | | | | RegionOne | | | | public: http://VirtualIP:9778 | | | | | +-----------+-----------+----------------------------------------+
10.4 部署Neutron
10.4.1 安裝Neutron程式
[root@controller1:/root]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y [root@controller2:/root]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y [root@controller3:/root]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
10.4.2 配置neutron.conf
[root@controller1:/root]# cp -p /etc/neutron/neutron.conf{,.bak} [root@controller2:/root]# cp -p /etc/neutron/neutron.conf{,.bak} [root@controller3:/root]# cp -p /etc/neutron/neutron.conf{,.bak} //注意neutron.conf檔案的許可權:root:neutron //配置neutron.conf [root@controller1:/root]# vim /etc/neutron/neutron.conf [DEFAULT] # bind_host = 192.168.110.121 auth_strategy = keystone core_plugin = ml2 allow_overlapping_ips = true notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true service_plugins = router transport_url = rabbit://openstack:adminopenstack@controller1:5672,openstack:adminopenstack@controller2:5672,openstack:adminopenstack@controller3:5672 [database] connection = mysql+pymysql://neutron:NEUTRON_szh@VirtualIP:3307/neutron [keystone_authtoken] www_authenticate_uri = http://VirtualIP:5001/v3 auth_url = http://VirtualIP:5001/v3 memcache_servers=controller1:11211,controller2:11211,controller3:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = neutron_szh [nova] auth_url = http://VirtualIP:5001/v3 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = nova_szh [oslo_concurrency] lock_path = /var/lib/neutron/tmp [root@controller2:/root]# vim /etc/neutron/neutron.conf # bind_host = 192.168.110.122 auth_strategy = keystone core_plugin = ml2 allow_overlapping_ips = true notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true service_plugins = router transport_url = rabbit://openstack:adminopenstack@controller1:5672,openstack:adminopenstack@controller2:5672,openstack:adminopenstack@controller3:5672 [database] connection = mysql+pymysql://neutron:NEUTRON_szh@VirtualIP:3307/neutron [keystone_authtoken] www_authenticate_uri = http://VirtualIP:5001/v3 auth_url = http://VirtualIP:5001/v3 memcache_servers=controller1:11211,controller2:11211,controller3:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = neutron_szh [nova] auth_url = http://VirtualIP:5001/v3 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = nova_szh [oslo_concurrency] lock_path = /var/lib/neutron/tmp [root@controller3:/root]# vim /etc/neutron/neutron.conf # bind_host = 192.168.110.123 auth_strategy = keystone core_plugin = ml2 allow_overlapping_ips = true notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true service_plugins = router transport_url = rabbit://openstack:adminopenstack@controller1:5672,openstack:adminopenstack@controller2:5672,openstack:adminopenstack@controller3:5672 [database] connection = mysql+pymysql://neutron:NEUTRON_szh@VirtualIP:3307/neutron [keystone_authtoken] www_authenticate_uri = http://VirtualIP:5001/v3 auth_url = http://VirtualIP:5001/v3 memcache_servers=controller1:11211,controller2:11211,controller3:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = neutron_szh [nova] auth_url = http://VirtualIP:5001/v3 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = nova_szh [oslo_concurrency] lock_path = /var/lib/neutron/tmp [root@controller$:/root]# egrep -v "^$|^#" /etc/neutron/neutron.conf
10.4.3 配置ml2_conf.ini
[root@controller1:/root]# cp -p /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak} [root@controller2:/root]# cp -p /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak} [root@controller3:/root]# cp -p /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak} [root@controller2:/root]# vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true [root@controller1:/root]# vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true [root@controller3:/root]# vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true
10.4.4 配置linuxbridge_agent.ini
[root@controller1:/root]# cp -p /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak} [root@controller2:/root]# cp -p /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak} [root@controller3:/root]# cp -p /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak} [DEFAULT] [agent] [linux_bridge] physical_interface_mappings = provider:ens160 # 外網網絡卡名 [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver [vxlan] enable_vxlan = True local_ip = 192.168.110.121 # 這裡使用的管理地址,做vxlan隧道,每個節點填寫本地管理地址 l2_population = True
10.4.5 配置l3_agent.ini
l3_agent.ini配置: [DEFAULT] interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver external_network_bridge = # 藍色部分為網路高可用切換設定 ha_confs_path = $state_path/ha_confs ha_vrrp_auth_type = PASS ha_vrrp_auth_password = ha_vrrp_advert_int = 2 [AGENT]
10.4.6 配置dhcp_agent.ini
dhcp_agent.ini 配置如下: [DEFAULT] interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver external_network_bridge = [AGENT]
10.4.7 配置metadata_agent.ini
metadata_agent.ini 配置如下: [DEFAULT] nova_metadata_ip = controller metadata_proxy_shared_secret = METADATA_SECRET [AGENT]
10.4.8 配置nova.conf (在全部控制節點操作 controller1 controller2 controller3)
[root@controller$:/root]# vim /etc/nova/nova.conf [neutron] url = http://VirtualIP:9997 auth_url = http://VirtualIP:5001 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron_szh service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET //*注:節後在[default]下加上以下內容:(優化DHCP Agent服務的高可用)*// agent_down_time = 30 report_interval=15 dhcp_agents_per_network = 3
10.4.9 建立軟連結 (在全部控制節點操作 controller1 controller2 controller3)
[root@controller$:/root]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
10.4.10 同步neutron資料庫並驗證
[root@controller3:/root]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron [root@controller2:/root]# mysql -u neutron -p"NEUTRON_szh" -e "use neutron;show tables;"
10.4.11 重啟nova服務並啟動neutron服務
[root@controller$:/root]#systemctl restart openstack-nova-api.service 執行完成,再次確認nova各項服務是否正常 各項服務正常。 啟動neutron各項服務,建議一項一項啟動,監測日誌有無報錯資訊 [root@controller1 ~]# systemctl start neutron-server.service [root@controller1 ~]# systemctl start neutron-linuxbridge-agent.service [root@controller1 ~]# systemctl start neutron-dhcp-agent.service [root@controller1 ~]# systemctl start neutron-metadata-agent.service [root@controller1 ~]# systemctl start neutron-l3-agent.service 全部啟動成功,日誌列印都是 info 資訊,設定開機啟動,前面的服務都是設定為開機啟動的。 [root@controller1 ~]# systemctl enable neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service neutron-l3-agent.service
10.4.12 設定PCS資源(在任意控制節點操作)
//新增資源neutron-server,neutron-linuxbridge-agent,neutron-l3-agent,neutron-dhcp-agent與neutron-metadata-agent //在任意控制節點操作 pcs resource create neutron-server systemd:neutron-server --clone interleave=true pcs resource create neutron-openvswitch-agent systemd:neutron-linuxbridge-agent --clone interleave=true pcs resource create neutron-l3-agent systemd:neutron-l3-agent --clone interleave=true pcs resource create neutron-dhcp-agent systemd:neutron-dhcp-agent --clone interleave=true pcs resource create neutron-metadata-agent systemd:neutron-metadata-agent --clone interleave=true //檢視PCS資源 pcs resource
10.5 部署計算節點上的Neutron
10.5.1 安裝openstack-neutron-linuxbridge服務
[root@compute1:/root]# yum install openvswitch openstack-neutron-linuxbridge ebtables ipset -y [root@compute2:/root]# yum install openvswitch openstack-neutron-linuxbridge ebtables ipset -y [root@compute3:/root]# yum install openvswitch openstack-neutron-linuxbridge ebtables ipset -y
10.5.2 配置neutron.conf
[root@compute1:/root]# cp -p /etc/neutron/neutron.conf{,.bak} [root@compute2:/root]# cp -p /etc/neutron/neutron.conf{,.bak} [root@compute3:/root]# cp -p /etc/neutron/neutron.conf{,.bak} [root@compute3:/root]# vim /etc/neutron/neutron.conf [DEFAULT] auth_strategy = keystone state_path = /var/lib/neutron transport_url = rabbit://openstack:adminopenstack@controller1:5672,openstack:adminopenstack@controller2:5672,openstack:adminopenstack@controller3:5672 [keystone_authtoken] www_authenticate_uri = http://VirtualIP:5001 auth_url = http://VirtualIP:5001 memcached_servers = controller1:11211,controller2:11211,controller3:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron_szh [oslo_concurrency] lock_path = /var/lib/neutron/tmp [root@compute3:/root]# scp /etc/neutron/neutron.conf compute2:/etc/neutron/ [root@compute3:/root]# scp /etc/neutron/neutron.conf compute1:/etc/neutron/
10.5.3 配置linuxbridge_agent.ini
[root@compute1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [DEFAULT] [agent] [linux_bridge] physical_interface_mappings = provider:ens160 [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver [vxlan] enable_vxlan = True local_ip = 192.168.110.117 l2_population = True [root@compute2 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [DEFAULT] [agent] [linux_bridge] physical_interface_mappings = provider:ens160 [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver [vxlan] enable_vxlan = True local_ip = 192.168.110.118 l2_population = True [root@compute3 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [DEFAULT] [agent] [linux_bridge] physical_interface_mappings = provider:ens160 [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver [vxlan] enable_vxlan = True local_ip = 192.168.110.119 l2_population = True
10.5.4 配置 nova.conf
[root@compute1:/root]# vim /etc/nova/nova.conf [neutron] url = http://VirtualIP:9997 auth_url = http://VirtualIP:5001 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron_szh [root@compute2:/root]# vim /etc/nova/nova.conf [neutron] url = http://VirtualIP:9997 auth_url = http://VirtualIP:5001 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron_szh [root@compute3:/root]# vim /etc/nova/nova.conf [neutron] url = http://VirtualIP:9997 auth_url = http://VirtualIP:5001 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron_szh
10.5.5 重啟nova服務並啟動neutron服務
[root@compute1:/root]#systemctl restart openstack-nova-compute.service [root@compute1:/root]#systemctl enable openvswitch neutron-linuxbridge-agent.service [root@compute1:/root]#systemctl restart openvswitch neutron-linuxbridge-agent.service [root@compute1:/root]#systemctl status openvswitch neutron-linuxbridge-agent.service [root@compute2:/root]#systemctl restart openstack-nova-compute.service [root@compute2:/root]#systemctl enable openvswitch neutron-linuxbridge-agent.service [root@compute2:/root]#systemctl restart openvswitch neutron-linuxbridge-agent.service [root@compute2:/root]#systemctl status openvswitch neutron-linuxbridge-agent.service [root@compute3:/root]#systemctl restart openstack-nova-compute.service [root@compute3:/root]#systemctl enable openvswitch neutron-linuxbridge-agent.service [root@compute3:/root]#systemctl restart openvswitch neutron-linuxbridge-agent.service [root@compute3:/root]#systemctl status openvswitch neutron-linuxbridge-agent.service
驗證網路服務#
在任意controller節點上執行:
. admin-openrc neutron ext-list neutron agent-list
網路服務正常,再次確認計算服務
nova service-list
計算服務正常。neutron配置成功。