OpenStack搭建之网络服务Neutron的安装-openvswitch方式(八)

如果想使用linuxbridge方式请访问：

OpenStack搭建之网络服务Neutron的安装-linuxbridge方式(八) - 运维术 (cnbugs.com)

Neutron在控制节点和计算节点都要安装

一、控制节点

创建数据库并设置权限

mysql -uroot -p000000
create database neutron;
grant all privileges on neutron.* to 'neutron'@'localhost' identified by '000000';
grant all privileges on neutron.* to 'neutron'@'%' identified by '000000';

创建用户租户角色信息

openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "Openstack Networking" network

创建端点等信息

openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696

安装软件包

yum install -y openstack-neutron openstack-neutron-ml2 which openvswitch openstack-neutron-linuxbridge.noarch cbtables openstack-neutron-openvswitch ipset

配置neutron配置文件

mv /etc/neutron/neutron.conf mv /etc/neutron/neutron.conf_bak
cat>/etc/neutron/neutron.conf<<EOF
[DEFAULT]
core_plugin=ml2
service_plugins=router
allow_overlapping_ips=True
state_path = /var/lib/neutron
dhcp_agent_notification = true
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
transport_url = rabbit://openstack:000000@controller
auth_strategy = keystone
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 000000
[cors]
[database]
connection = mysql+pymysql://neutron:000000@controller/neutron
[keystone_authtoken]
www_authenticate_uri=http://controller:5000/
auth_url=http://controller:5000/
memcached_servers=controller:11211
auth_type=password
project_domain_name=Default
user_domain_name=Default
project_name=service
username=neutron
password=000000
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[privsep]
[ssl]
EOF

配置Modular Layer plug-in

mv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini_bak
cat>/etc/neutron/plugins/ml2/ml2_conf.ini<<EOF
[DEFAULT]
[ml2]
type_drivers=flat,vlan,vxlan,gre
tenant_network_types=vxlan
mechanism_drivers=openvswitch,l2population
extension_drivers=port_security
[ml2_type_flat]
flat_networks=physnet1
[ml2_type_vxlan]
vni_ranges=1:1000
[securitygroup]
enable_ipset=True
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
EOF

配置openvswitch agent配置文件

cp /etc/neutron/plugins/ml2/openvswitch_agent.ini{,.bak}
cat>/etc/neutron/plugins/ml2/openvswitch_agent.ini<<EOF
[agent]
l2_population = True
tunnel_types = vxlan
prevent_arp_spoofing = True

[ovs]
local_ip = 192.168.100.103
bridge_mappings = physnet1:br-eth2

配置linux内核支持网桥过滤器

cat>>/etc/sysctl.conf<<EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
EOF
modprobe br_netfilter
sysctl -p

配置l3_agent.ini

mv /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini_bak
cat>/etc/neutron/l3_agent.ini <<EOF
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge =
EOF

配置DHCP代理

mv /etc/neutron/dhcp_agent.ini  /etc/neutron/dhcp_agent.ini_bak
cat>/etc/neutron/dhcp_agent.ini<<EOF
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge =
[root@controller ~]# cat /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
EOF

配置元数据代理

 mv /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini_bak
cat>/etc/neutron/metadata_agent.ini<<EOF
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[root@controller ~]# cat /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host=controller
metadata_proxy_shared_secret=000000
[cache]
EOF

配置计算服务使用网络服务，在原来的基础上在DEFAULT字段加入如下参数

vim /etc/nova/nova.conf
[DEFAULT]
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSlnterfaceDriver

配置neutron段

[neutron]
auth_url=http://controller:5000
auth_type=password
project_domain_name=default
user_domain_name=default
region_name=RegionOne
project_name=service
username=neutron
password=000000
service_metadata_proxy=true
metadata_proxy_shared_secret=000000

配置软链接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

初始化数据库

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

重启nova服务

systemctl restart openstack-nova-api

启动neutron服务

systemctl enable --now neutron-server neutron-metadata-agent neutron-openvswitch-agent openvswitch neutron-l3-agent neutron-dhcp-agent

配置桥接

ovs-vsctl show
ovs-vsctl add-br br-int
ovs-vsctl add-br br-flat
ip link list
ovs-vsctl add-port br-flat eth2
ethtool -K eth2 gro off
ethtool -K eth3 gro off

重启neutron服务

systemctl restart neutron-server neutron-metadata-agent neutron-openvswitch-agent openvswitch neutron-l3-agent neutron-dhcp-agent

验证服务

. admin-openrc
neutron agent-list

二、计算节点

配置内核转发

cat >> /etc/sysctl.conf << EOF
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
EOF

modprobe br_netfilter 

sysctl -p

计算节点安装相关软件包

yum install ebtables ipset   openvswitch openstack-neutron-openvswitch   -y

配置neutron配置文件

 mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf_bak
cat>/etc/neutron/neutron.conf<<EOF
[DEFAULT]
core_plugin = ml2
service_plugins = router
state_path = /var/lib/neutron
allow_overlapping_ips = true
transport_url=rabbit://openstack:000000@controller
auth_strategy=keystone
[cors]
[database]
[keystone_authtoken]
www_authenticate_uri=http://controller:5000
auth_url=http://controller:5000
memcached_servers=controller:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=neutron
password=000000
[oslo_concurrency]
lock_path=/var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[privsep]
[ssl]
EOF

配置openvswitch_agent.ini配置文件

[agent]
l2_population = True
tunnel_types = vxlan
prevent_arp_spoofing = True

[ovs]
local_ip = 192.168.100.103
bridge_mappings = physnet1:br-eth2

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
EOF

启动neutron-openvswitch-agent

systemctl enable --now neutron-openvswitch-agent

配置nova服务使用网络服务

修改/etc/nova/nova.conf，在DEFAULT中加入相关驱动

[DEFAULT]
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSlnterfaceDriver
vif_plugging_is_fatal = true
vif_pligging_timeout = 300

配置neutron块

[neutron]
auth_url=http://controller:5000
auth_type=password
project_domain_name=default
user_domain_name=default
region_name=RegionOne
project_name=service
username=neutron
password=000000

启动ovs

systemctl enable --now openvswitch

systemctl enable openvswitch.service
systemctl start openvswitch.service

配置桥接

ovs-vsctl show
ovs-vsctl add-br br-int
ovs-vsctl add-br br-flat
ip link list
ovs-vsctl add-port br-flat eth2
ethtool -K eth2 gro off
ethtool -K eth3 gro off

重启网络相关

systemctl restart network

重启nova和neutron-openvswitch-agent服务并加入开机启动

systemctl restart openstack-nova-compute

systemctl enable --now neutron-openvswitch-agent

创建网络

# 加载openstack环境变量
source /etc/keystone/admin-openrc.sh

# 创建路由器
openstack router create router01

# 创建vxlan网络
openstack network create --provider-network-type vxlan intnet

# 创建子网
openstack subnet create intsubnet --network intnet --subnet-range 166.66.66.0/24 --gateway 166.66.66.1 --dns-nameserver 114.114.114.114

# 将内部网络添加到路由器上
openstack router add subnet router01 intsubnet


# 创建flat网络
openstack network create --provider-physical-network physnet1 --provider-network-type flat  --external extnet

# 创建子网
openstack subnet create extsubnet --network extnet --subnet-range 10.0.0.0/24  --allocation-pool start=10.0.0.20,end=10.0.0.200 --gateway 10.0.0.254 --dns-nameserver 114.114.114.114 --no-dhcp

# 设置路由器网关接口
openstack router set router01 --external-gateway extnet

开放安全组

openstack security group rule create --proto icmp default

openstack security group rule create --proto tcp --dst-port 22:22 default

openstack security group rule list

OVS管理命令

ovs-vsctl show

ovs-ofctl dump-flows br-eth1

ovs-vsctl list-br 

ovs-vsctl add-br demo-br

ovs-vsctl list-ifaces br-eth1

ovs-vsctl get-manager

ovs-vsctl list-ports br-eth1