本帖最后由 pig2 于 2015-9-23 17:27 编辑
问题导读
1.计算节点需要安装哪些包?
2.认证访问需要注意哪些问题?
3. Modular Layer 2 (ML2) 的作用是什么?
配置准备
1.编辑文件 /etc/sysctl.conf完成下面内容
[mw_shl_code=bash,true]net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1[/mw_shl_code]
2.生效改变
[mw_shl_code=bash,true]sysctl -p[/mw_shl_code]
安装网络组件
[mw_shl_code=bash,true] yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch[/mw_shl_code]
配置网络通用组件
编辑文件 /etc/neutron/neutron.conf完成下面内容。
a.在 [database]部分,注释掉connection ,因为计算节点不直接访问数据库
b.在 [DEFAULT] 和 [oslo_messaging_rabbit] 部分,配置RabbitMQ 消息队列访问
[mw_shl_code=bash,true][DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS[/mw_shl_code]
RABBIT_PASS替换为自己设置密码
c.在 [DEFAULT] 和 [keystone_authtoken] 部分, 配置认证访问,
[mw_shl_code=bash,true][DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = NEUTRON_PASS[/mw_shl_code]
注意:注释掉 [keystone_authtoken] 部分其它选项
d.在 [DEFAULT] 部分, 启用 (ML2) 插件, router 服务, 和 overlapping IP 地址:[mw_shl_code=bash,true][DEFAULT]
...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True[/mw_shl_code]
e.启用详细信息日志记录
[mw_shl_code=bash,true][DEFAULT]
...
verbose = True[/mw_shl_code]
配置 Modular Layer 2 (ML2) 插件
ML2 插件使用ovs机制为实例创建虚拟网络框架
编辑文件 /etc/neutron/plugins/ml2/ml2_conf.ini ,完成下面内容
a.在 [ml2]部分,启用 flat, VLAN, generic routing encapsulation (GRE), 和 virtual extensible LAN (VXLAN) 网络类型驱动,GRE 租户网络, 和 OVS 机制驱动。
[mw_shl_code=bash,true][ml2]
...
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch[/mw_shl_code]
b.在 [ml2_type_gre]部分,配置隧道id范围
[mw_shl_code=bash,true][ml2_type_gre]
...
tunnel_id_ranges = 1:1000[/mw_shl_code]
c.在 [securitygroup]部分,启用安全组, ipset, 和 配置OVS iptables防火墙驱动
[mw_shl_code=bash,true][securitygroup]
...
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver[/mw_shl_code]
d. 在[ovs] 部分, 启用 隧道 和 配置本地隧道endpoint:
[mw_shl_code=bash,true][ovs]
...
local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS[/mw_shl_code]
替换为计算节点隧道网络ip地址。这里是10.0.0.31
e.在 [agent] 部分,启用GRE 隧道
[mw_shl_code=bash,true][agent]
...
tunnel_types = gre[/mw_shl_code]
配置OVS服务
启用服务,并配置开机启动
[mw_shl_code=bash,true] systemctl enable openvswitch.service
systemctl start openvswitch.service[/mw_shl_code]
配置计算节点使用网络
编辑文件 /etc/nova/nova.conf,完成下面内容
a.在 [DEFAULT] 部分,配置 APIs 和驱动:
[mw_shl_code=bash,true][DEFAULT]
...
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver[/mw_shl_code]
注意:
默认, 计算节点使用内部防火墙服务. 自从网络包括防火墙, 你使用nova.virt.firewall.NoopFirewallDriver必须禁用计算节点防火墙
b.在[neutron]部分,配置访问参数
[mw_shl_code=bash,true][neutron]
...
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = NEUTRON_PASS[/mw_shl_code]
完成安装
1.网络服务初始化脚本
[mw_shl_code=bash,true]ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini[/mw_shl_code]
由于包可能有bug,运行下面脚本
[mw_shl_code=bash,true]# cp /usr/lib/systemd/system/neutron-openvswitch-agent.service \
/usr/lib/systemd/system/neutron-openvswitch-agent.service.orig
# sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' \
/usr/lib/systemd/system/neutron-openvswitch-agent.service[/mw_shl_code]
2.重启计算服务
[mw_shl_code=bash,true]systemctl restart openstack-nova-compute.service[/mw_shl_code]
3.启动ovs代理,并设置开机启动
[mw_shl_code=bash,true] systemctl enable neutron-openvswitch-agent.service
systemctl start neutron-openvswitch-agent.service[/mw_shl_code]
验证操作【控制节点】
加载环境变量
[mw_shl_code=bash,true] source admin-openrc.sh[/mw_shl_code]
列出创建成功的neutron agents:
[mw_shl_code=bash,true]neutron agent-list[/mw_shl_code]
[mw_shl_code=bash,true]+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+
| 30275801-e17a-41e4-8f53-9db63544f689 | Metadata agent | network | :-) | True | neutron-metadata-agent |
| 4bd8c50e-7bad-4f3b-955d-67658a491a15 | Open vSwitch agent | network | :-) | True | neutron-openvswitch-agent |
| 756e5bba-b70f-4715-b80e-e37f59803d20 | L3 agent | network | :-) | True | neutron-l3-agent |
| 9c45473c-6d6d-4f94-8df1-ebd0b6838d5f | DHCP agent | network | :-) | True | neutron-dhcp-agent |
| a5a49051-05eb-4b4f-bfc7-d36235fe9131 | Open vSwitch agent | compute1 | :-) | True | neutron-openvswitch-agent |
+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+[/mw_shl_code]
相关篇章
openstack【Kilo】入门 【准备篇】一:整体介绍【centos】
http://www.aboutyun.com/thread-15205-1-1.html
openstack【Kilo】入门 【准备篇】二:检测网络互通性【centos】
http://www.aboutyun.com/thread-15206-1-1.html
openstack【Kilo】入门 【准备篇】三:NTP安装【centos】
http://www.aboutyun.com/thread-15207-1-1.html
openstack【Kilo】入门 【准备篇】四:openstack包【centos】
http://www.aboutyun.com/thread-15210-1-1.html
openstack【Kilo】入门 【准备篇】五:mysql及rabbitmq安装【centos】
http://www.aboutyun.com/thread-15213-1-1.html
openstack【Kilo】入门 【keystone篇】六:keystone安装配置【centos】
http://www.aboutyun.com/thread-15214-1-1.html
openstack【Kilo】入门 【keystone篇】七:创建服务实例和API endpoint【centos】
http://www.aboutyun.com/thread-15215-1-1.html
openstack【Kilo】入门 【keystone篇】八:创建租户, 用户, 和角色【centos】
http://www.aboutyun.com/thread-15216-1-1.html
openstack【Kilo】入门 【keystone篇】九:验证keystone安装【centos】
http://www.aboutyun.com/thread-15233-1-1.html
openstack【Kilo】入门 【keystone篇】十:创建openstack客户端脚本【centos】
http://www.aboutyun.com/thread-15234-1-1.html
openstack【Kilo】入门 【glance篇】十一:安装配置glance【centos】
http://www.aboutyun.com/thread-15242-1-1.html
openstack【Kilo】入门 【glance篇】十二:glance安装验证【centos】
http://www.aboutyun.com/thread-15243-1-1.html
openstack【Kilo】入门 【nova篇】十三:nova安装配置1:控制节点【centos】
http://www.aboutyun.com/thread-15258-1-1.html
openstack【Kilo】入门 【nova篇】十四:nova安装配置2:计算节点【centos】
http://www.aboutyun.com/thread-15259-1-1.html
openstack【Kilo】入门 【neutron篇】十五:neutron安装配置:控制节点【centos】
http://www.aboutyun.com/thread-15260-1-1.html
openstack【Kilo】入门 【neutron篇】十六:neutron安装配置:网络节点【centos】
http://www.aboutyun.com/thread-15272-1-1.html
openstack【Kilo】入门 【neutron篇】十七:neutron安装配置:计算节点【centos】
http://www.aboutyun.com/thread-15330-1-1.html
openstack【Kilo】入门 【neutron篇】十八:实例化网络【centos】
http://www.aboutyun.com/thread-15342-1-1.html
openstack【Kilo】入门 【neutron篇】十九:dasboard安装配置【centos】
http://www.aboutyun.com/thread-15352-1-1.html
openstack【Kilo】入门 【neutron篇】二十:创建实例(neutron)【centos】
http://www.aboutyun.com/thread-15356-1-1.html
|