openstack【juno】入门 【网络篇】十五:neutron安装部署(控制节点)
本帖最后由 pig2 于 2015-2-26 17:29 编辑问题导读
1.neutron什么时候同步数据库,与其它组件有什么不同?
2.keystone tenant-get service作用是什么?
3.本文都配置了哪些网络插件?
static/image/hrline/4.gif
接上一篇
openstack【juno】入门 【网络篇】十四:neutron介绍
在安装配置openstack neutron之前,需要创建数据库、服务认证、 API endpoints.
安装准备
1.创建数据库
a.登录mysql
mysql -u root -p
b.创建 neutron 数据库:
CREATE DATABASE neutron;
c.授权
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
d.推出mysql
exit
2.环境变量生效
source admin-openrc.sh内容为
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v2.0
3.创建服务凭证
a.创建neutron用户:
keystone user-create --name neutron --pass NEUTRON_PASS
b.给neutron用户授予admin角色
keystone user-role-add --user neutron --tenant service --role admin没有输出
c.创建neutron 服务实例
keystone service-create --name neutron --type network \
--description "OpenStack Networking"
4.创建网路服务 API endpoints:
keystone endpoint-create \
--service-id $(keystone service-list | awk '/ network / {print $2}') \
--publicurl http://controller:9696 \
--adminurl http://controller:9696 \
--internalurl http://controller:9696 \
--region regionOne
安装网络组件
安装组件
apt-get install neutron-server neutron-plugin-ml2 python-neutronclient
配置网络服务组件
网络服务器组件配置包括数据库,认证机制,消息代理,拓扑改变报警,和插件。
编辑文件 /etc/neutron/neutron.conf,完成下面下面配置
sudo nano/etc/neutron/neutron.conf
a.在 部分, 配置数据库访问:
...
connection = mysql://neutron:NEUTRON_DBPASS@controller/neutron
b.在 部分, 配置 RabbitMQ消息代理访问:
...
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = RABBIT_PASS
c.在 和 部分,配置认证服务
...
auth_strategy = keystone
...
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = neutron
admin_password = NEUTRON_PASS注释掉其它auth_host, auth_port, 和 auth_protocol,因为identity_uri 可能被覆盖
d.在部分配置 Modular Layer 2 (ML2) plug-in, router service, and overlapping IP addresses:
...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
e.在 部分, 配置网络的网络计算拓扑变化通知:
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
nova_admin_auth_url = http://controller:35357/v2.0
nova_region_name = regionOne
nova_admin_username = nova
nova_admin_tenant_id = SERVICE_TENANT_ID
nova_admin_password = NOVA_PASS注意,这里SERVICE_TENANT_ID是keystone service 租户id 。nova_pass是nova用户密码,这是使用的是默认密码
注意保存service 租户的tenant identifier (id):
source admin-openrc.sh
keystone tenant-get service
+-------------+----------------------------------+
| Property| Value |
+-------------+----------------------------------+
| description | Service Tenant |
| enabled | True |
| id | 7694d20c2e814ebd8b8eb855135ce1b0 |
| name | service |
+-------------+----------------------------------+
上面配置替换为下面:
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
nova_admin_auth_url = http://controller:35357/v2.0
nova_region_name = regionOne
nova_admin_username = nova
nova_admin_tenant_id = 7694d20c2e814ebd8b8eb855135ce1b0
nova_admin_password = NOVA_PASS
f.为帮助排除问题,在启用verbose
...
verbose = True
配置Modular Layer 2 (ML2) 插件
ML2插件使用 Open vSwitch (OVS)机制,为实例创建虚拟网络框架。尽管如此控制节点不需要OVS 组件,因为它不处理实例网络互通
编辑文件 /etc/neutron/plugins/ml2/ml2_conf.ini,完成下面步骤
sudo nano/etc/neutron/plugins/ml2/ml2_conf.ini
a.在 部分,配置启用 flat 和 generic routing encapsulation (GRE) 网络驱动,GRE 租户网络和ovs驱动
...
type_drivers = flat,gre
tenant_network_types = gre
mechanism_drivers = openvswitch注意:
一旦配置ML2 插件,禁用网络驱动和重启,将会导致数据库不一致。
b.在 部分, 配置 tunnel identifier (id) 范围:
...
tunnel_id_ranges = 1:1000
c.在 部分,配置安全组,ipset,配置OVS防火墙驱动
...
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
使用网络配置计算
默认情况下,分配包配置使用传统网络计算。你不许通过网络重新配置管理网络计算
编辑文件 /etc/nova/nova.conf,完成下面操作
sudo nano/etc/nova/nova.conf
a.在 默认部分,配置api和驱动
...
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
注意:
默认,计算使用内部防火墙网络,自从网络包含网络防火墙服务,你必须使用nova.virt.firewall.NoopFirewallDriver防火墙驱动停掉计算防火墙服务。
b.在 部分,配置访问参数
...
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = NEUTRON_PASS发现没有这个标签,直接添加了
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
libvirt_use_virtio_for_bridges=True
verbose=True
ec2_private_dns_show_ip=True
api_paste_config=/etc/nova/api-paste.ini
enabled_apis=ec2,osapi_compute,metadata
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = RABBIT_PASS
auth_strategy = keystone
my_ip = 10.0.0.11
vncserver_listen = 10.0.0.11
vncserver_proxyclient_address = 10.0.0.11
verbose = True
connection = mysql://nova:NOVA_DBPASS@controller/nova
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = nova
admin_password = NOVA_PASS
host = controller
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = NEUTRON_PASS
完成安装
1.同步数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron注意:同步数据库最后,是因为脚本需要完成服务 和 插件的配置文件
2.重启计算服务
service nova-api restart
service nova-scheduler restart
service nova-conductor restart
3.重启网络服务
service neutron-server restart
验证是否成功
在控制节点上执行下面命令
1.生效环境变量
source admin-openrc.sh
2.列出创建的加载扩展的 neutron-server进程
neutron ext-list
遇到问题:
不能连接http://controller:9696/v2.0/extensions.json
root@controller:~# neutron ext-list
Unable to establish connection to http://controller:9696/v2.0/extensions.json
原因:
不能同步数据库
,同步即解决
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron
相关内容:
openstack【juno】入门 【准备篇】零:整体介绍
openstack【juno】入门 【准备篇】一: Ubuntu14.04远程连接(ssh安装)
openstack【juno】入门 【准备篇】二::NTP安装
openstack【juno】入门 【准备篇】三:mysql(MariaDB)安装
openstack【juno】入门 【准备篇】四::RabbitMQ 安装
openstack【juno】入门 【keystone篇】五::Keystone部署及介绍
openstack【juno】入门 【keystone篇】六::Keystone使用及遇到问题解决办法
openstack【juno】入门 【keystone篇】七:创建 service entity 和 API endpoint
openstack【juno】入门 【keystone篇】八:新手操作篇(验证操作篇)
openstack【juno】入门 【keystone篇】九:创建openstack客户端环境变量脚本
openstack【juno】入门 【glance 篇】十:glance初步介绍
openstack【juno】入门 【glance 篇】十一:glance安装配置
openstack【juno】入门 【glance 篇】十二:glance安装配置验证及相关操作
openstack【juno】入门 【nova 篇】十三(1):nova简单介绍
openstack【juno】入门 【nova 篇】十三(2):安装配置计算服务
openstack【juno】入门 【网络篇】十四:neutron介绍
openstack【juno】入门 【网络篇】十五:neutron安装部署(控制节点)
openstack【juno】入门 【网络篇】十六:neutron安装部署(网络节点)
openstack【juno】入门 【网络篇】十七:neutron安装部署(计算节点)
openstack【juno】入门 【网络篇】十八:创建实例化网络
openstack【juno】入门 【dashboard篇】十九:添加dashboard
openstack【juno】入门 【cinder篇】二十:cinder介绍及安装配置【控制节点】
openstack【juno】入门 【cinder篇】二十一:安装配置块存储节点(cinder)
openstack【juno】入门 【swift篇】二十二:对象存储安装配置【控制节点】
openstack【juno】入门 【swift篇】二十三:安装配置swift节点
openstack【juno】入门 【swift篇】二十四:创建初始rings
openstack【juno】入门 【swift篇】二十五:验证安装(控制节点)
openstack【juno】入门 【实例篇】二十六:创建实例(neutron)
openstack【juno】入门 【总结篇】二十七:openstack排除故障及常见问题记录
openstack【juno】入门 【总结篇】二十八:keystone及网络总结
检查,是否安装nova_admin_tenant_id是否替换
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
nova_admin_auth_url = http://controller:35357/v2.0
nova_region_name = regionOne
nova_admin_username = nova
nova_admin_tenant_id = 7694d20c2e814ebd8b8eb855135ce1b0
nova_admin_password = NOVA_PASSmysql是否授权
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
把上述内容,都一一检查下。
不知道同步数据库这样算不算成功:
root@controller:~# /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
> --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron
INFO Context impl MySQLImpl.
INFO Will assume non-transactional DDL.
然后在执行neutron ext-list时出错:
root@controller:~# neutron ext-list
Unable to establish connection to http://controller:9696/v2.0/extensions.json
百威 发表于 2015-4-9 17:27
不知道同步数据库这样算不算成功:
root@controller:~# /bin/sh -c "neutron-db-manage --config-file /et ...
1.去mysql找一下neutron数据库,然后看下表。
2.keystone的服务和endpoint出现问题了。建议重新检查下。然后创建keystone服务和endpoint
desehawk 发表于 2015-4-9 22:51
1.去mysql找一下neutron数据库,然后看下表。
2.keystone的服务和endpoint出现问题了。建议重新检查下。 ...
neutron库的表如下
MariaDB > show tables;
+-------------------------------------+
| Tables_in_neutron |
+-------------------------------------+
| agents |
| alembic_version |
| allowedaddresspairs |
| arista_provisioned_nets |
| arista_provisioned_tenants |
| arista_provisioned_vms |
| brocadenetworks |
| brocadeports |
| cisco_credentials |
| cisco_csr_identifier_map |
| cisco_hosting_devices |
| cisco_ml2_apic_contracts |
| cisco_ml2_apic_host_links |
| cisco_ml2_apic_names |
| cisco_ml2_nexusport_bindings |
| cisco_n1kv_multi_segments |
| cisco_n1kv_network_bindings |
| cisco_n1kv_port_bindings |
| cisco_n1kv_profile_bindings |
| cisco_n1kv_trunk_segments |
| cisco_n1kv_vlan_allocations |
| cisco_n1kv_vmnetworks |
| cisco_n1kv_vxlan_allocations |
| cisco_network_profiles |
| cisco_policy_profiles |
| cisco_port_mappings |
| cisco_provider_networks |
| cisco_qos_policies |
| cisco_router_mappings |
| consistencyhashes |
| csnat_l3_agent_bindings |
| dnsnameservers |
| dvr_host_macs |
| embrane_pool_port |
| externalnetworks |
| extradhcpopts |
| firewall_policies |
| firewall_rules |
| firewalls |
| floatingips |
| ha_router_agent_port_bindings |
| ha_router_networks |
| ha_router_vrid_allocations |
| healthmonitors |
| hyperv_network_bindings |
| hyperv_vlan_allocations |
| ikepolicies |
| ipallocationpools |
| ipallocations |
| ipavailabilityranges |
| ipsec_site_connections |
| ipsecpeercidrs |
| ipsecpolicies |
| lsn |
| lsn_port |
| maclearningstates |
| members |
| meteringlabelrules |
| meteringlabels |
| ml2_brocadenetworks |
| ml2_brocadeports |
| ml2_dvr_port_bindings |
| ml2_flat_allocations |
| ml2_gre_allocations |
| ml2_gre_endpoints |
| ml2_network_segments |
| ml2_port_bindings |
| ml2_vlan_allocations |
| ml2_vxlan_allocations |
| ml2_vxlan_endpoints |
| mlnx_network_bindings |
| multi_provider_networks |
| network_bindings |
| network_states |
| networkconnections |
| networkdhcpagentbindings |
| networkflavors |
| networkgatewaydevicereferences |
| networkgatewaydevices |
| networkgateways |
| networkqueuemappings |
| networks |
| networksecuritybindings |
| neutron_nsx_network_mappings |
| neutron_nsx_port_mappings |
| neutron_nsx_router_mappings |
| neutron_nsx_security_group_mappings |
| nexthops |
| nuage_net_partition_router_mapping|
| nuage_net_partitions |
| nuage_provider_net_bindings |
| nuage_subnet_l2dom_mapping |
| ofcfiltermappings |
| ofcnetworkmappings |
| ofcportmappings |
| ofcroutermappings |
| ofctenantmappings |
| ovs_network_bindings |
| ovs_tunnel_allocations |
| ovs_tunnel_endpoints |
| ovs_vlan_allocations |
| packetfilters |
| poolloadbalanceragentbindings |
| poolmonitorassociations |
| pools |
| poolstatisticss |
| port_profile |
| portbindingports |
| portinfos |
| portqueuemappings |
| ports |
| portsecuritybindings |
| providerresourceassociations |
| qosqueues |
| quotas |
| router_extra_attributes |
| routerflavors |
| routerl3agentbindings |
| routerports |
| routerproviders |
| routerroutes |
| routerrules |
| routers |
| routerservicetypebindings |
| securitygroupportbindings |
| securitygrouprules |
| securitygroups |
| segmentation_id_allocation |
| servicerouterbindings |
| sessionpersistences |
| subnetroutes |
| subnets |
| tunnelkeylasts |
| tunnelkeys |
| tz_network_bindings |
| vcns_edge_monitor_bindings |
| vcns_edge_pool_bindings |
| vcns_edge_vip_bindings |
| vcns_firewall_rule_bindings |
| vcns_router_bindings |
| vips |
| vpnservices |
+-------------------------------------+
142 rows in set (0.01 sec)
至于创建keystone服务和endpoint是怎样做?是重启keystone吗?我已经重启了系统,keystone服务是运行中的,endpoint是怎样处理?
百威 发表于 2015-4-10 11:48
neutron库的表如下
MariaDB > show tables;
+-------------------------------------+
就是keystone的服务或则endpoint,可能缺失了,对于每个服务的组件,都有对应的endpoint,楼主可以细心观察下。
如果实在看不懂,就都删掉在增加吧。
keystone service-list
keystone endpoint-list
删除也有对应的命令
keystone service-delete id
keystone endpoint-delete id
desehawk 发表于 2015-4-10 11:59
就是keystone的服务或则endpoint,可能缺失了,对于每个服务的组件,都有对应的endpoint,楼主可以细心观 ...
感谢版主回复。因为是初次接触openstack,所以很多地方还没弄懂,麻烦版主能帮忙再看一下吗?
以下这样有没有问题?
root@controller:~# keystone service-list
+----------------------------------+----------+----------+-------------------------+
| id | name | type | description |
+----------------------------------+----------+----------+-------------------------+
| adf804f2c3b0463d99c92b5cffbf5267 |glance|image | OpenStack Image Service |
| a81c5b51a75244399320e7b9355caefd | keystone | identity | OpenStack Identity |
| 4d4c0f907a7d4b158c9cf6f043d3dd6b | neutron| network| OpenStack Networking|
| 979a2f4888054b9aac6745f625f706ce | nova | compute| OpenStack Compute |
+----------------------------------+----------+----------+-------------------------+
root@controller:~# keystone endpoint-list
+----------------------------------+-----------+-----------------------------------------+-----------------------------------------+-----------------------------------------+----------------------------------+
| id | region| publicurl | internalurl | adminurl | service_id |
+----------------------------------+-----------+-----------------------------------------+-----------------------------------------+-----------------------------------------+----------------------------------+
| 45beaf1e82a544d3a266d577075ed440 | regionOne | http://controller:9696 | http://controller:9696 | http://controller:9696 | 4d4c0f907a7d4b158c9cf6f043d3dd6b |
| 8df36938ea184c7bb26dcb9431c040d7 | regionOne | http://controller:5000/v2.0 | http://controller:5000/v2.0 | http://controller:35357/v2.0 | a81c5b51a75244399320e7b9355caefd |
| 91951c536f86463184a9dc6f2b6a5d7b | regionOne | http://controller:9292 | http://controller:9292 | http://controller:9292 | adf804f2c3b0463d99c92b5cffbf5267 |
| c963ce498e7d4c4b909bf879ef23d96d | regionOne | http://controller:8774/v2/%(tenant_id)s | http://controller:8774/v2/%(tenant_id)s | http://controller:8774/v2/%(tenant_id)s | 979a2f4888054b9aac6745f625f706ce |
+----------------------------------+-----------+-----------------------------------------+-----------------------------------------+-----------------------------------------+----------------------------------+