【Openstack Train安装】十、Neutron安装

Neutron，是Openstack中的一大核心组件，设计目标是实现“网络即服务（Networking as a Service）”。为了达到这一目标，在设计上遵循了基于 SDN 实现网络虚拟化的原则，在实现上充分利用了 Linux 系统上的各种网络相关的技术。

本文介绍Neutron安装步骤，Neutron需在控制节点和计算节点安装安装。

在按照本教程安装之前，请确保完成以下配置：

【Openstack Train安装】一、虚拟机创建

【Openstack Train安装】二、NTP安装

【Openstack Train安装】三、openstack安装

【Openstack Train安装】四、MariaDB/RabbitMQ 安装

【Openstack Train安装】五、Memcached/Etcd安装

【Openstack Train安装】六、Keystone安装

【Openstack Train安装】七、glance安装

【Openstack Train安装】八、placement安装

【Openstack Train安装】九、Nova安装

安装环境如下

VMware Workstation	V17.0
本机系统	win11
虚拟机系统	CentOS 7.5

一、控制节点配置

在控制节点进行以下操作。

1、配置数据库

进入数据库控制台（密码123456）：

mysql -u root -p

创建数据库并授予权限，退出数据库：

CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';

如下所示：

2、创建neutron用户

登录admin支行好：

. admin-openrc

在domain：default创建用户neutron：

openstack user create --domain default --password-prompt neutron

如下图：

授予neutron服务admin权限：

openstack role add --project service --user neutron admin

创建neutron服务入口：

openstack service create --name neutron --description "OpenStack Networking" network

如下图：

创建网络服务API端点：

openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696

如下图：

3、配置selfservice网络

安装neutron：

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

备份/etc/neutron/neutron.conf，删除其注释：

mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.source
cat /etc/neutron/neutron.conf.source | grep -Ev "^#|^$" > /etc/neutron/neutron.conf

编辑/etc/neutron/neutron.conf：

[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true[database]
# ...
connection = mysql+pymysql://neutron:123456@controller/neutron[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123456[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

4、配置ml2

备份/etc/neutron/plugins/ml2/ml2_conf.ini，删除其注释：

mv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.source
cat /etc/neutron/plugins/ml2/ml2_conf.ini.source | grep -Ev "^#|^$" > /etc/neutron/plugins/ml2/ml2_conf.ini

对/etc/neutron/plugins/ml2/ml2_conf.ini进行以下配置：

[ml2]
# ...
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security[ml2_type_flat]
# ...
flat_networks = provider[ml2_type_vxlan]
# ...
vni_ranges = 1:1000[securitygroup]
# ...
enable_ipset = true

5、配置linux网桥

备份/etc/neutron/plugins/ml2/linuxbridge_agent.ini，删除其注释：

mv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source
cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source | grep -Ev "^#|^$" > /etc/neutron/plugins/ml2/linuxbridge_agent.ini

对/etc/neutron/plugins/ml2/linuxbridge_agent.ini进行以下配置(physical_interface_mappings 的ens33是网卡号)：

[linux_bridge]
physical_interface_mappings = provider:ens33[vxlan]
enable_vxlan = true
local_ip = 10.0.0.11
l2_population = true[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

修改 /etc/sysctl.conf，保证系统支持网桥过滤器，添加以下内容：

net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

如下图：

添加网桥过滤器，并设置开机加载：

modprobe br_netfilter
sysctl -p
sed -i '$amodprobe br_netfilter' /etc/rc.local

如下图：

6、配置L3代理

编辑/etc/neutron/l3_agent.ini，添加以下内容：

[DEFAULT]
# ...
interface_driver = linuxbridge

如下图：

7、配置dhcp

编辑/etc/neutron/dhcp_agent.ini，添加以下内容：

[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

如下图：

8、配置meta代理

编辑/etc/neutron/metadata_agent.ini，进行以下配置：

[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = 123456

如下图：

9、配置nova使用neutron服务

编辑/etc/nova/nova.conf，进行以下配置：

[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
service_metadata_proxy = true
metadata_proxy_shared_secret = 123456

如下图：

10、收尾

创建软连接：

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

同步数据库：

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

如下图：

重启nova-api：

systemctl restart openstack-nova-api.service

设置开机自启，并启动服务：

systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service

二、计算节点配置

在计算节点完成以下操作。

1、安装包

安装包：

yum install openstack-neutron-linuxbridge ebtables ipset -y

备份/etc/neutron/neutron.conf，删除其注释：

mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.source
cat /etc/neutron/neutron.conf.source | grep -Ev "^#|^$" > /etc/neutron/neutron.conf

编辑/etc/neutron/neutron.conf，进行如下配置：

[DEFAULT]
# ...
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

2、配置linux网桥

备份/etc/neutron/plugins/ml2/linuxbridge_agent.ini，删除其注释：

mv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source
cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source | grep -Ev "^#|^$" > /etc/neutron/plugins/ml2/linuxbridge_agent.ini

对/etc/neutron/plugins/ml2/linuxbridge_agent.ini进行以下配置(physical_interface_mappings 的ens33是网卡号)：

[linux_bridge]
physical_interface_mappings = provider:ens33[vxlan]
enable_vxlan = true
local_ip = 10.0.0.31
l2_population = true[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

修改 /etc/sysctl.conf，保证系统支持网桥过滤器，添加以下内容：

net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

如下图：

添加网桥过滤器，并设置开机加载：

modprobe br_netfilter
sysctl -p
sed -i '$amodprobe br_netfilter' /etc/rc.local

如下图：

3、配置nova使用neutron服务

编辑/etc/nova/nova.conf，进行以下配置：

[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456

如下图：

4、收尾

重启计算服务：

systemctl restart openstack-nova-compute.service

设置网桥开机自启，并启动服务：

systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service

三、验证

在控制节点使用如下命令验证：

openstack network agent list

如下图：