八、网络服务集群
概述
neutron-server
接收和路由API請求到合適的OpenStack網絡插件,以達到預想的目的。
5.1、控制節點安裝
5.1.1、先決條件
在你配置OpenStack網絡(neutron)服務之前,你必須為其創建一個數據庫,服務憑證和API端點。
?
1、創建數據庫
$ mysql -u rgalera -p galera -h 192.168.16.10
創建``neutron`` 數據庫:
?
MariaDB [(none)] CREATE DATABASE neutron;
對``neutron`` 數據庫授予合適的訪問權限,使用合適的密碼替換``NEUTRON_DBPASS``:
?
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
? IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
? IDENTIFIED BY 'NEUTRON_DBPASS';
退出數據庫客戶端。
?
2、創建角色、用戶
獲得 admin 憑證來獲取只有管理員能執行的命令的訪問權限:
$ . admin-openrc
?
創建``neutron``用戶:
$ openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field?????????????? | Value??????????????????????????? |
+---------------------+----------------------------------+
| domain_id?????????? | default??????????????? ??????????|
| enabled???????????? | True???????????????????????????? |
| id????????????????? | fdb0f541e28141719b6a43c8944bf1fb |
| name??????????????? | neutron????????????????????????? |
| options???????????? | {}?????????????????????????????? |
| password_expires_at | None???????????????????????????? |
+---------------------+----------------------------------+
3、添加``admin`` 角色到``neutron`` 用戶
?
$ openstack role add --project service --user neutron admin
?
4、創建``neutron``服務實體:
$ openstack service create --name neutron \
? --description "OpenStack Networking" network
?
+-------------+----------------------------------+
| Field?????? | Value??????????????????????????? |
+-------------+----------------------------------+
| description | OpenStack Networking???????????? |
| enabled???? | True???????????????????????????? |
| id????????? | f71529314dab4a4d8eca427e701d209e |
| name??????? | neutron????????????????????????? |
| type??????? | network????????????????????????? |
+-------------+----------------------------------+
5、創建網絡服務API端點:
?
$ openstack endpoint create --region RegionOne \
? network public http://controller:9696
?
+--------------+----------------------------------+
| Field??????? | Value??????????????????????????? |
+--------------+----------------------------------+
| enabled????? | True???????????????????????????? |
| id?????????? | 85d80a6d02fc4b7683f611d7fc1493a3 |
| interface??? | public?????????????????????????? |
| region?????? | RegionOne????????????????????? ??|
| region_id??? | RegionOne??????????????????????? |
| service_id?? | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron????????????????????????? |
| service_type | network????????????????????????? |
| url????????? | http://controller:9696???? ??????|
+--------------+----------------------------------+
?
$ openstack endpoint create --region RegionOne \
? network internal http://controller:9696
?
+--------------+----------------------------------+
| Field??????? | Value??????????????????????????? |
+--------------+----------------------------------+
| enabled????? | True???????????????????????????? |
| id?????????? | 09753b537ac74422a68d2d791cf3714f |
| interface??? | internal???????????????????????? |
| region?????? | RegionOne???????????????????? ???|
| region_id??? | RegionOne??????????????????????? |
| service_id?? | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron????????????????????????? |
| service_type | network????????????????????????? |
| url????????? | http://controller:9696??? ???????|
+--------------+----------------------------------+
?
$ openstack endpoint create --region RegionOne \
? network admin http://controller:9696
?
+--------------+----------------------------------+
| Field??????? | Value??????????????????????????? |
+--------------+----------------------------------+
| enabled????? | True???????????????????????????? |
| id?????????? | 1ee14289c9374dffb5db92a5c112fc4e |
| interface??? | admin??????????????????????????? |
| region?????? | RegionOne????????????????????? ??|
| region_id??? | RegionOne??????????????????????? |
| service_id?? | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron????????????????????????? |
| service_type | network????????????????????????? |
| url????????? | http://controller:9696???? ??????|
+--------------+----------------------------------+
?
?
5.1.2、提供者網絡服務安裝配置
所有控制節點上安裝安裝軟件
yum install openstack-neutron openstack-neutron-ml2 \
?openstack-neutron-linuxbridge ebtables
Networking 服務器組件的配置包括數據庫、認證機制、消息隊列、拓撲變化通知和插件。
?
編輯``/etc/neutron/neutron.conf`` 文件并完成如下操作:
?
在 [database] 部分,配置數據庫訪問:
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
使用你設置的數據庫密碼替換 NEUTRON_DBPASS 。
?
在``[DEFAULT]``部分,啟用ML2插件并禁用其他插件:
[DEFAULT]
core_plugin = ml2
service_plugins =
?
在``[DEFAULT]``部分,配置``RabbitMQ``消息隊列訪問權限:
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller1
用你在RabbitMQ中為``openstack``選擇的密碼替換 “RABBIT_PASS”。
?
在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分,配置認證服務訪問:
[DEFAULT]
auth_strategy = keystone
?
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers =controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
?
?
在``[DEFAULT]``和``[nova]``部分,配置網絡服務來通知計算節點的網絡拓撲變化:
[DEFAULT]
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
?
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
?
在 [oslo_concurrency] 部分,配置鎖路徑:
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置 Modular Layer 2 (ML2) 插件?
?
ML2插件使用Linuxbridge機制來為實例創建layer-2虛擬網絡基礎設施
編輯``/etc/neutron/plugins/ml2/ml2_conf.ini``文件并完成以下操作:
?
在``[ml2]``部分,啟用flat和VLAN網絡:
[ml2]
type_drivers = flat,vlan
?
在``[ml2]``部分,禁用私有網絡:
[ml2]
tenant_network_types =
?
在``[ml2]``部分,啟用Linuxbridge機制:
?
[ml2]
mechanism_drivers = linuxbridge
?警告
在你配置完ML2插件之后,刪除可能導致數據庫不一致的``type_drivers``項的值。
?
在``[ml2]`` 部分,啟用端口安全擴展驅動:
[ml2]
extension_drivers = port_security
?
在``[ml2_type_flat]``部分,配置公共虛擬網絡為flat網絡:
[ml2_type_flat]
flat_networks = provider
?
在 ``[securitygroup]``部分,啟用 ipset 增加安全組的方便性:
[securitygroup]
enable_ipset = true
?
配置Linuxbridge代理?
Linuxbridge代理為實例建立layer-2虛擬網絡并且處理安全組規則。
?
編輯``/etc/neutron/plugins/ml2/linuxbridge_agent.ini``文件并且完成以下操作:
在``[linux_bridge]``部分,將公共虛擬網絡和公共物理網絡接口對應起來:
?
[linux_bridge]
physical_interface_mappings = provider:ens160
將``PUBLIC_INTERFACE_NAME`` 替換為底層的物理公共網絡接口。請查看:ref:environment-networking for more information。
?
在``[vxlan]``部分,禁止VXLAN覆蓋網絡:
[vxlan]
enable_vxlan = false
在 ``[securitygroup]``部分,啟用安全組并配置 Linux 橋接 iptables 防火墻驅動:
?
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
?
配置DHCP代理?
The DHCP agent provides DHCP services for virtual networks.
編輯``/etc/neutron/dhcp_agent.ini``文件并完成下面的操作:
在``[DEFAULT]``部分,配置Linuxbridge驅動接口,DHCP驅動并啟用隔離元數據,這樣在公共網絡上的實例就可以通過網絡來訪問元數據
?
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
1、配置元數據代理
編輯``/etc/neutron/metadata_agent.ini``文件并完成以下操作:
在``[DEFAULT]`` 部分,配置元數據主機以及共享密碼:
?
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
用你為元數據代理設置的密碼替換 METADATA_SECRET。
?
2、配置計算服務來使用網絡服務
編輯``/etc/nova/nova.conf``文件并完成以下操作:
在``[neutron]``部分,配置訪問參數,啟用元數據代理并設置密碼:
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
將 NEUTRON_PASS 替換為你在認證服務中為 neutron 用戶選擇的密碼。
?
使用你為元數據代理設置的密碼替換``METADATA_SECRET``
?
3、完成安裝
網絡服務初始化腳本需要一個超鏈接 /etc/neutron/plugin.ini``指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini``。如果超鏈接不存在,使用下面的命令創建它:
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
?
同步數據庫:
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
? --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
?注解
?
數據庫的同步發生在 Networking 之后,因為腳本需要完成服務器和插件的配置文件。
?
# systemctl restart openstack-nova-api.service
當系統啟動時,啟動 Networking 服務并配置它啟動。
?
?
Controller2、controller3節點修改同上,nova_metadata_ip改成對應的主機名
對于兩種網絡選項:
4、啟動并開機啟動服務
# systemctl enable neutron-server.service \
? neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
? neutron-metadata-agent.service
# systemctl start neutron-server.service \
? neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
? neutron-metadata-agent.service
?
systemctl status neutron-server.service \
? neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
? neutron-metadata-agent.service | grep running
?
對于網絡選項2,同樣啟用layer-3服務并設置其隨系統自啟動
# systemctl enable neutron-l3-agent.service
# systemctl start neutron-l3-agent.service
5、把neutron服務添加到haproxy里
Vim /etc/harpoxy/haproxy.cfg
listen neutron_api_cluster
? bind 192.168.16.10:9696
? balance? source
? option? tcpka
? option? httpchk
? option? tcplog
? server controller1 192.168.16.11:9696 check inter 2000 rise 2 fall 5
? server controller2 192.168.16.12:9696 check inter 2000 rise 2 fall 5
? server controller3 192.168.16.13:9696 check inter 2000 rise 2 fall 5
copy到其他控制節點上重啟haproxy
5.2、計算節點安裝
計算節點處理實例的連接和 security groups 。
?
1、安裝組件
# yum install openstack-neutron-linuxbridge ebtables ipset
?
2、配置通用組件
?
Networking 通用組件的配置包括認證機制、消息隊列和插件。
?
/etc/neutron/neutron.conf
在``[database]`` 部分,注釋所有``connection`` 項,因為計算節點不直接訪問數據庫。(默認已完全注釋)
在``[DEFAULT]``部分,配置``RabbitMQ``消息隊列訪問權限:
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller1
用你在RabbitMQ中為``openstack``選擇的密碼替換 “RABBIT_PASS”。
在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分,配置認證服務訪問:
?
[DEFAULT]
auth_strategy = keystone
?
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers =controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
?
在 [oslo_concurrency] 部分,配置鎖路徑:
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
?
3、配置Linuxbridge代理
Linuxbridge代理為實例建立layer-2虛擬網絡并且處理安全組規則。
編輯``/etc/neutron/plugins/ml2/linuxbridge_agent.ini``文件并且完成以下操作:
?
在``[linux_bridge]``部分,將公共虛擬網絡和公共物理網絡接口對應起來:
[linux_bridge]
physical_interface_mappings = provider:ens160
將``PUBLIC_INTERFACE_NAME`` 替換為底層的物理公共網絡接口。請查看:ref:environment-networking for more information。
?
在``[vxlan]``部分,禁止VXLAN覆蓋網絡:
[vxlan]
enable_vxlan = false
?
在 ``[securitygroup]``部分,啟用安全組并配置 Linux 橋接 iptables 防火墻驅動:
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
?
4、配置計算服務來使用網絡服務
編輯``/etc/nova/nova.conf``文件并完成下面的操作:
在``[neutron]`` 部分,配置訪問參數:
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
將 NEUTRON_PASS 替換為你在認證服務中為 neutron 用戶選擇的密碼。
?
完成安裝
?
重啟計算服務:
?
# systemctl restart openstack-nova-compute.service
啟動Linuxbridge代理并配置它開機自啟動:
5、啟動、開機啟動服務
# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service
?
5.3、驗證操作
獲得 admin 憑證來獲取只有管理員能執行的命令的訪問權限:
?
$ . admin-openrc
列出加載的擴展來驗證``neutron-server``進程是否正常啟動:
$ openstack extension list--network(太多,略)
?
?
列出代理以驗證啟動 neutron 代理是否成功:
?
$ openstack network agent list
?
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID?????????????????????????????????? | Agent Type???????? | Host?????? | Availability Zone | Alive | State | Binary???? ???????????????|
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 0400c2f6-4d3b-44bc-89fa-99093432f3bf | Metadata agent???? | controller | None????????????? | True ?| UP??? | neutron-metadata-agent??? |
| 83cf853d-a2f2-450a-99d7-e9c6fc08f4c3 | DHCP agent???????? | controller | nova????????????? | True? | UP??? | neutron-dhcp-agent??????? |
| ec302e51-6101-43cf-9f19-88a78613cbee | Linux bridge agent | compute??? | None????????????? | True? | UP??? | neutron-linuxbridge-agent |
| fcb9bc6e-22b1-43bc-9054-272dd517d025 | Linux bridge agent | controller | None????????????? | True? | UP??? | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
輸出結果應該包括控制節點上的三個代理和每個計算節點上的一個代理。
?
轉載于:https://www.cnblogs.com/hanjingzheng/p/9082255.html
總結
- 上一篇: C8-2 圆的周长和面积 (100/10
- 下一篇: tmux颜色高亮跟vim不一致的情况