本帖最后由 pig2 于 2015-9-23 17:27 编辑
问题导读
1.如何配置网络内核参数?
2.DHCP代理的作用是什么?
3.如何配置元数据代理?
配置准备
在配置网络之前,必须配置内核网络参数
1.编辑文件/etc/sysctl.conf ,完成下面内容
[mw_shl_code=bash,true]net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0[/mw_shl_code]
2.生效
[mw_shl_code=bash,true]sysctl -p[/mw_shl_code]
安装网络组件
[mw_shl_code=bash,true]yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch[/mw_shl_code]
配置网络通用组件
编辑文件 /etc/neutron/neutron.conf,完成下面内容
a.在 [database]部分,注释掉connection ,因为网络不直接访问数据库
b.在 [DEFAULT] 和 [oslo_messaging_rabbit] 部分, 配置 RabbitMQ消息队列访问
[mw_shl_code=bash,true][DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS[/mw_shl_code]
RABBIT_PASS 替换为自己设置密码
c.在 [DEFAULT] 和 [keystone_authtoken]部分,配置认证访问
[mw_shl_code=bash,true][DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = NEUTRON_PASS[/mw_shl_code]
NEUTRON_PASS 替换为自己设置密码
d.在 [DEFAULT] 部分,启用 (ML2) plug-in, router服务, 和 overlapping IP addresses:
[mw_shl_code=bash,true][DEFAULT]
...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True[/mw_shl_code]
e.启用详细信息日志记录
[mw_shl_code=bash,true][DEFAULT]
...
verbose = True[/mw_shl_code]
配置(ML2) plug-in插件
ML2 plug-in 插件使用ovs机制为实例构建虚拟网络架构
编辑文件/etc/neutron/plugins/ml2/ml2_conf.ini ,完成下面内容
a.在 [ml2]部分,启用 flat, VLAN, generic routing encapsulation (GRE), 和 virtual extensible LAN (VXLAN)网络类型驱动,gre租户网络和ovs驱动
[mw_shl_code=bash,true][ml2]
...
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch[/mw_shl_code]
b.在 [ml2_type_flat] 部分, 配置 external flat 提供 network:
[mw_shl_code=bash,true][ml2_type_flat]
...
flat_networks = external[/mw_shl_code]
c.在 [ml2_type_gre]部分,配置tunnel id范围
[mw_shl_code=bash,true][ml2_type_gre]
...
tunnel_id_ranges = 1:1000[/mw_shl_code]
d.在 [securitygroup]部分,启用安全组 ipset, 和 配置 OVS iptables 防火墙驱动 :
[mw_shl_code=bash,true][securitygroup]
...
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver[/mw_shl_code]
e.在 [ovs]部分,启用 tunnels, 配置本地隧道 endpoint, 和 映射 external flat 提供的网络到 br-ex 外部网桥:
[mw_shl_code=bash,true][ovs]
...
local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
bridge_mappings = external:br-ex[/mw_shl_code]
INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS替换为网络节点隧道网络ip地址
10.0.0.21
f.配置[agent]部分,启用GRE 隧道
[mw_shl_code=bash,true][agent]
...
tunnel_types = gre[/mw_shl_code]
配置Layer-3 (L3) agent
Layer-3 (L3) agent为虚拟网络提供路由服务
编辑文件 /etc/neutron/l3_agent.ini完成下面内容
a.在 [DEFAULT]部分,配置网卡驱动,外部网桥,禁用路由删除命名空间
[mw_shl_code=bash,true][DEFAULT]
...
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge =
router_delete_namespaces = True[/mw_shl_code]
注意:
external_network_bridge =没有值可以代理多个网络
b.启用日志详细信息记录
[mw_shl_code=bash,true][DEFAULT]
...
verbose = True[/mw_shl_code]
配置DHCP 代理
为虚拟网络提供DHCP服务
1.编辑文件 /etc/neutron/dhcp_agent.ini 完成下面内容
a.在[DEFAULT]部分,配置网卡和DHCP 驱动,启用删除失效的DHCP命名空间
[mw_shl_code=bash,true][DEFAULT]
...
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
dhcp_delete_namespaces = True[/mw_shl_code]
b.启用详细信息日志记录
[mw_shl_code=bash,true][DEFAULT]
...
verbose = True[/mw_shl_code]
2.可选
a.编辑文件/etc/neutron/dhcp_agent.ini,完成下面内容
在[DEFAULT] 部分,启用 dnsmasq配置文件
[mw_shl_code=bash,true][DEFAULT]
...
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf[/mw_shl_code]
b.创建,编辑文件 /etc/neutron/dnsmasq-neutron.conf,完成下面内容
启用DHCP MTU option (26) and 配置1454 bytes:
[mw_shl_code=bash,true]dhcp-option-force=26,1454[/mw_shl_code]
c.杀掉dnsmasq 进程
[mw_shl_code=bash,true] pkill dnsmasq[/mw_shl_code]
配置元数据代理
元数据代理提供配置信息
1.编辑文件/etc/neutron/metadata_agent.ini ,完成下面内容
a.在 [DEFAULT]部分,配置访问参数
[mw_shl_code=bash,true][DEFAULT]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = NEUTRON_PASS[/mw_shl_code]
NEUTRON_PASS 替换为自己设置密码
b.在[DEFAULT]部分,配置metadata host
[mw_shl_code=bash,true][DEFAULT]
...
nova_metadata_ip = controller[/mw_shl_code]
c.在 [DEFAULT]部分, 配置 metadata proxy 共享密码:
[mw_shl_code=bash,true][DEFAULT]
...
metadata_proxy_shared_secret = METADATA_SECRET[/mw_shl_code]
d.启用详细信息日志记录
[mw_shl_code=bash,true][DEFAULT]
...
verbose = True[/mw_shl_code]
2.在控制节点,编辑文件 /etc/nova/nova.conf,完成下面内容
a.在 [neutron] 部分, 启用metadata proxy和配 secret:
[mw_shl_code=bash,true][neutron]
...
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET[/mw_shl_code]
3.在控制节点,重启Compute API 服务:
[mw_shl_code=bash,true]systemctl restart openstack-nova-api.service[/mw_shl_code]
配置ovs服务
1.设置开机启动
[mw_shl_code=bash,true] systemctl enable openvswitch.service
systemctl start openvswitch.service[/mw_shl_code]
2.添加external网桥
[mw_shl_code=bash,true] ovs-vsctl add-br br-ex[/mw_shl_code]
3.添加端口到外部网桥
[mw_shl_code=bash,true] ovs-vsctl add-port br-ex INTERFACE_NAME[/mw_shl_code]
禁用gro
[mw_shl_code=bash,true] ethtool -K INTERFACE_NAME gro off[/mw_shl_code]
完成安装
1.网络初始化脚本, a symbolic link /etc/neutron/plugin.ini指向,ML2 plug-in配置文件 /etc/neutron/plugins/ml2/ml2_conf.ini,如果符号链接不存在,使用下面命令
[mw_shl_code=bash,true] ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini[/mw_shl_code]
由于包的bug,运行下面命令解决
[mw_shl_code=bash,true]cp /usr/lib/systemd/system/neutron-openvswitch-agent.service \
/usr/lib/systemd/system/neutron-openvswitch-agent.service.orig
sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' \
/usr/lib/systemd/system/neutron-openvswitch-agent.service[/mw_shl_code]
2.开启网络服务,配置开机启动
[mw_shl_code=bash,true] systemctl enable neutron-openvswitch-agent.service neutron-l3-agent.service \
neutron-dhcp-agent.service neutron-metadata-agent.service \
neutron-ovs-cleanup.service
systemctl start neutron-openvswitch-agent.service neutron-l3-agent.service \
neutron-dhcp-agent.service neutron-metadata-agent.service[/mw_shl_code]
注意:
没有明确启动neutron-ovs-cleanup 服务.
验证安装
在控制节点运行下面命令
1.加载环境变量
[mw_shl_code=bash,true]source admin-openrc.sh[/mw_shl_code]
2.列出创建成功的neutron 代理
[mw_shl_code=bash,true]neutron agent-list[/mw_shl_code]
[mw_shl_code=bash,true]+--------------------------------------+--------------------+---------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+---------+-------+----------------+---------------------------+
| 30275801-e17a-41e4-8f53-9db63544f689 | Metadata agent | network | :-) | True | neutron-metadata-agent |
| 4bd8c50e-7bad-4f3b-955d-67658a491a15 | Open vSwitch agent | network | :-) | True | neutron-openvswitch-agent |
| 756e5bba-b70f-4715-b80e-e37f59803d20 | L3 agent | network | :-) | True | neutron-l3-agent |
| 9c45473c-6d6d-4f94-8df1-ebd0b6838d5f | DHCP agent | network | :-) | True | neutron-dhcp-agent |
+--------------------------------------+--------------------+---------+-------+----------------+---------------------------+[/mw_shl_code]
相关篇章
openstack【Kilo】入门 【准备篇】一:整体介绍【centos】
http://www.aboutyun.com/thread-15205-1-1.html
openstack【Kilo】入门 【准备篇】二:检测网络互通性【centos】
http://www.aboutyun.com/thread-15206-1-1.html
openstack【Kilo】入门 【准备篇】三:NTP安装【centos】
http://www.aboutyun.com/thread-15207-1-1.html
openstack【Kilo】入门 【准备篇】四:openstack包【centos】
http://www.aboutyun.com/thread-15210-1-1.html
openstack【Kilo】入门 【准备篇】五:mysql及rabbitmq安装【centos】
http://www.aboutyun.com/thread-15213-1-1.html
openstack【Kilo】入门 【keystone篇】六:keystone安装配置【centos】
http://www.aboutyun.com/thread-15214-1-1.html
openstack【Kilo】入门 【keystone篇】七:创建服务实例和API endpoint【centos】
http://www.aboutyun.com/thread-15215-1-1.html
openstack【Kilo】入门 【keystone篇】八:创建租户, 用户, 和角色【centos】
http://www.aboutyun.com/thread-15216-1-1.html
openstack【Kilo】入门 【keystone篇】九:验证keystone安装【centos】
http://www.aboutyun.com/thread-15233-1-1.html
openstack【Kilo】入门 【keystone篇】十:创建openstack客户端脚本【centos】
http://www.aboutyun.com/thread-15234-1-1.html
openstack【Kilo】入门 【glance篇】十一:安装配置glance【centos】
http://www.aboutyun.com/thread-15242-1-1.html
openstack【Kilo】入门 【glance篇】十二:glance安装验证【centos】
http://www.aboutyun.com/thread-15243-1-1.html
openstack【Kilo】入门 【nova篇】十三:nova安装配置1:控制节点【centos】
http://www.aboutyun.com/thread-15258-1-1.html
openstack【Kilo】入门 【nova篇】十四:nova安装配置2:计算节点【centos】
http://www.aboutyun.com/thread-15259-1-1.html
openstack【Kilo】入门 【neutron篇】十五:neutron安装配置:控制节点【centos】
http://www.aboutyun.com/thread-15260-1-1.html
openstack【Kilo】入门 【neutron篇】十六:neutron安装配置:网络节点【centos】
http://www.aboutyun.com/thread-15272-1-1.html
openstack【Kilo】入门 【neutron篇】十七:neutron安装配置:计算节点【centos】
http://www.aboutyun.com/thread-15330-1-1.html
openstack【Kilo】入门 【neutron篇】十八:实例化网络【centos】
http://www.aboutyun.com/thread-15342-1-1.html
openstack【Kilo】入门 【neutron篇】十九:dasboard安装配置【centos】
http://www.aboutyun.com/thread-15352-1-1.html
openstack【Kilo】入门 【neutron篇】二十:创建实例(neutron)【centos】
http://www.aboutyun.com/thread-15356-1-1.html
|
/2 
京ICP备2020039040号
简书网举报电话:021-34700000
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡
