正文

openstack之neutron

author  author  2022-08-11  617

关键词：

网络组件neutron在整个openstack体系中应该是最难的一部分，需要在控制节点和计算节点上面同时安装

1、创建neutron用户及授权

[[email protected] ~]# source admin-openrc.sh
[[email protected] ~]# openstack user create --domain default --password=neutron neutron
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | default                          |
| enabled   | True                             |
| id        | d458b30e034a42a3858fa10aff62f19a |
| name      | neutron                          |
+-----------+----------------------------------+
[[email protected] ~]#  openstack role add --project service --user neutron admin

2、注册neutron服务

[[email protected] ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | 624ad1386598404dba9baeb0e31ae48f |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne network public http://172.16.80.130:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | cfd3eb223f5f4da3b9cd8b80ac7b7e03 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 624ad1386598404dba9baeb0e31ae48f |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://172.16.80.130:9696        |
+--------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne network internal http://172.16.80.130:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 1091bd52c35f4f53b5d371b4f32a677a |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 624ad1386598404dba9baeb0e31ae48f |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://172.16.80.130:9696        |
+--------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne network admin http://172.16.80.130:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | c674d06b4f1d45ca895e3786df708bfb |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 624ad1386598404dba9baeb0e31ae48f |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://172.16.80.130:9696        |
+--------------+----------------------------------+

3、安装配置neutron

[[email protected] ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset -y

[[email protected] neutron]# grep -n "^[a-Z]" /etc/neutron/neutron.conf
3:verbose = True
20:state_path = /var/lib/neutron
60:core_plugin = ml2
77:service_plugins = router
92:auth_strategy = keystone
573:rpc_backend=rabbit
722:auth_uri = http://172.16.80.130:5000
723:auth_url = http://172.16.80.130:35357
724:auth_plugin = password
725:project_domain_id = default
726:user_domain_id = default
727:project_name = service
728:username = neutron
729:password = neutron
744:connection = mysql://neutron:[email protected]:3306/neutron
788:auth_url = http://172.16.80.130:35357
789:auth_plugin = password
790:project_domain_id = default
791:user_domain_id = default
792:region_name = RegionOne
793:project_name = service
794:username = nova
795:password = nova
831:lock_path = $state_path/lock
970:rabbit_host = 172.16.80.130
971:rabbit_port = 5672
972:rabbit_userid = openstack
973:rabbit_password = openstack

修改ml2配置文件
[[email protected] ml2]# grep -n "^[a-Z]" /etc/neutron/plugins/ml2/ml2_conf.ini 
5:type_drivers = flat,vlan,gre,vxlan,geneve
13:tenant_network_types = flat,vlan,gre,vxlan,geneve
18:mechanism_drivers = openvswitch,linuxbridge
27:extension_drivers = port_security
67:flat_networks = physnet1
120:enable_ipset = True

修改linuxbriage配置文件
[[email protected] ml2]# grep -n "^[a-Z]" /etc/neutron/plugins/ml2/linuxbridge_agent.ini 
3:linux_bridge]
12:physical_interface_mappings = physnet1:eno16777736
18:enable_vxlan = false
64:firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
68:enable_security_group = True

修改dhcp配置文件
[[email protected] neutron]# grep -n "^[a-Z]" /etc/neutron/dhcp_agent.ini
14:interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
37:dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq 
60:enable_isolated_metadata = true


修改配置metadata_agent.ini
[[email protected] neutron]# grep -n "^[a-Z]" /etc/neutron/metadata_agent.ini 
5:verbose = True
6:auth_uri = http://172.16.80.130:5000
7:auth_url = http://172.16.80.130:35357
8:auth_region = RegionOne
9:auth_plugin = password
10:project_domain_id = default
11:user_domain_id = default
12:project_name = service
13:username = neutron
14:password = neutron
15:nova_metadata_ip = 172.16.80.130
16:metadata_proxy_shared_secret = neutron

4、在控制节点的nova中添加关于neutron的配置

[neutron]

url = http://172.16.80.130:9696
auth_url = http://172.16.80.130:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = neutron

[[email protected] neutron]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

5、导入数据库并检查结果

[[email protected] neutron]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[[email protected] neutron]# mysql -e "use neutron;show tables;"
+-----------------------------------------+
| Tables_in_neutron                       |
+-----------------------------------------+
| address_scopes                          |
| agents                                  |
| alembic_version                         |
| allowedaddresspairs                     |
| arista_provisioned_nets                 |
| arista_provisioned_tenants              |
| arista_provisioned_vms                  |
| brocadenetworks                         |
| brocadeports                            |
| cisco_csr_identifier_map                |
| cisco_hosting_devices                   |
| cisco_ml2_apic_contracts                |
| cisco_ml2_apic_host_links               |
| cisco_ml2_apic_names                    |
| cisco_ml2_n1kv_network_bindings         |
| cisco_ml2_n1kv_network_profiles         |
| cisco_ml2_n1kv_policy_profiles          |
| cisco_ml2_n1kv_port_bindings            |
| cisco_ml2_n1kv_profile_bindings         |
| cisco_ml2_n1kv_vlan_allocations         |
| cisco_ml2_n1kv_vxlan_allocations        |
| cisco_ml2_nexus_nve                     |
| cisco_ml2_nexusport_bindings            |
| cisco_port_mappings                     |
| cisco_router_mappings                   |
| consistencyhashes                       |
| csnat_l3_agent_bindings                 |
| default_security_group                  |
| dnsnameservers                          |
| dvr_host_macs                           |
| embrane_pool_port                       |
| externalnetworks                        |
| extradhcpopts                           |
| firewall_policies                       |
| firewall_rules                          |
| firewalls                               |
| flavors                                 |
| flavorserviceprofilebindings            |
| floatingips                             |
| ha_router_agent_port_bindings           |
| ha_router_networks                      |
| ha_router_vrid_allocations              |
| healthmonitors                          |
| ikepolicies                             |
| ipallocationpools                       |
| ipallocations                           |
| ipamallocationpools                     |
| ipamallocations                         |
| ipamavailabilityranges                  |
| ipamsubnets                             |
| ipavailabilityranges                    |
| ipsec_site_connections                  |
| ipsecpeercidrs                          |
| ipsecpolicies                           |
| lsn                                     |
| lsn_port                                |
| maclearningstates                       |
| members                                 |
| meteringlabelrules                      |
| meteringlabels                          |
| ml2_brocadenetworks                     |
| ml2_brocadeports                        |
| ml2_dvr_port_bindings                   |
| ml2_flat_allocations                    |
| ml2_geneve_allocations                  |
| ml2_geneve_endpoints                    |
| ml2_gre_allocations                     |
| ml2_gre_endpoints                       |
| ml2_network_segments                    |
| ml2_nexus_vxlan_allocations             |
| ml2_nexus_vxlan_mcast_groups            |
| ml2_port_binding_levels                 |
| ml2_port_bindings                       |
| ml2_ucsm_port_profiles                  |
| ml2_vlan_allocations                    |
| ml2_vxlan_allocations                   |
| ml2_vxlan_endpoints                     |
| multi_provider_networks                 |
| networkconnections                      |
| networkdhcpagentbindings                |
| networkgatewaydevicereferences          |
| networkgatewaydevices                   |
| networkgateways                         |
| networkqueuemappings                    |
| networkrbacs                            |
| networks                                |
| networksecuritybindings                 |
| neutron_nsx_network_mappings            |
| neutron_nsx_port_mappings               |
| neutron_nsx_router_mappings             |
| neutron_nsx_security_group_mappings     |
| nexthops                                |
| nsxv_edge_dhcp_static_bindings          |
| nsxv_edge_vnic_bindings                 |
| nsxv_firewall_rule_bindings             |
| nsxv_internal_edges                     |
| nsxv_internal_networks                  |
| nsxv_port_index_mappings                |
| nsxv_port_vnic_mappings                 |
| nsxv_router_bindings                    |
| nsxv_router_ext_attributes              |
| nsxv_rule_mappings                      |
| nsxv_security_group_section_mappings    |
| nsxv_spoofguard_policy_network_mappings |
| nsxv_tz_network_bindings                |
| nsxv_vdr_dhcp_bindings                  |
| nuage_net_partition_router_mapping      |
| nuage_net_partitions                    |
| nuage_provider_net_bindings             |
| nuage_subnet_l2dom_mapping              |
| ofcfiltermappings                       |
| ofcnetworkmappings                      |
| ofcportmappings                         |
| ofcroutermappings                       |
| ofctenantmappings                       |
| packetfilters                           |
| poolloadbalanceragentbindings           |
| poolmonitorassociations                 |
| pools                                   |
| poolstatisticss                         |
| portbindingports                        |
| portinfos                               |
| portqueuemappings                       |
| ports                                   |
| portsecuritybindings                    |
| providerresourceassociations            |
| qos_bandwidth_limit_rules               |
| qos_network_policy_bindings             |
| qos_policies                            |
| qos_port_policy_bindings                |
| qosqueues                               |
| quotas                                  |
| quotausages                             |
| reservations                            |
| resourcedeltas                          |
| router_extra_attributes                 |
| routerl3agentbindings                   |
| routerports                             |
| routerproviders                         |
| routerroutes                            |
| routerrules                             |
| routers                                 |
| securitygroupportbindings               |
| securitygrouprules                      |
| securitygroups                          |
| serviceprofiles                         |
| sessionpersistences                     |
| subnetpoolprefixes                      |
| subnetpools                             |
| subnetroutes                            |
| subnets                                 |
| tz_network_bindings                     |
| vcns_router_bindings                    |
| vips                                    |
| vpnservices                             |
+-----------------------------------------+

6、重启nova-api，并启动neutron服务

[[email protected] neutron]# systemctl restart openstack-nova-api
[[email protected] neutron]# systemctl enable neutron-server.service   neutron-linuxbridge-agent.service neutron-dhcp-agent.service   neutron-metadata-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
[[email protected] neutron]# systemctl start neutron-server.service   neutron-linuxbridge-agent.service neutron-dhcp-agent.service   neutron-metadata-agent.service

7、检查结果

[[email protected] neutron]# neutron agent-list
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host       | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| 4f0ef1a2-85a6-4d6c-874c-51e139a41a8a | Metadata agent     | controller | :-)   | True           | neutron-metadata-agent    |
| 89ec6936-111c-4416-9c70-ef50ad8c2ae3 | DHCP agent         | controller | :-)   | True           | neutron-dhcp-agent        |
| d438159e-d277-411f-9f64-edda90ce383d | Linux bridge agent | controller | :-)   | True           | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+

8、安装部署计算节点上面的neutron服务

[[email protected] ~]# yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset -y

直接从控制节点复制过去，无需更改
[[email protected] neutron]# scp /etc/neutron/neutron.conf 172.16.80.131:/etc/neutron/
neutron.conf                                                                                                                                           100%   36KB  35.9KB/s   00:00    
[[email protected] neutron]# scp /etc/neutron/plugins/ml2/linuxbridge_agent.ini 172.16.80.131:/etc/neutron/plugins/ml2/
linuxbridge_agent.ini

9、配置计算节点的nova

[neutron]

url = http://172.16.80.130:9696
auth_url = http://172.16.80.130:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = neutron

10、启动服务

[[email protected] ml2]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[[email protected] ml2]# systemctl restart openstack-nova-compute.service
[[email protected] ml2]# systemctl enable neutron-linuxbridge-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
[[email protected] ml2]# systemctl start neutron-linuxbridge-agent.service

11、在控制节点验证

[[email protected] neutron]# neutron agent-list
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host       | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| 0f96e7fb-d369-451f-bd3d-6c0900c97a79 | Linux bridge agent | computer1  | :-)   | True           | neutron-linuxbridge-agent |
| 4f0ef1a2-85a6-4d6c-874c-51e139a41a8a | Metadata agent     | controller | :-)   | True           | neutron-metadata-agent    |
| 89ec6936-111c-4416-9c70-ef50ad8c2ae3 | DHCP agent         | controller | :-)   | True           | neutron-dhcp-agent        |
| d438159e-d277-411f-9f64-edda90ce383d | Linux bridge agent | controller | :-)   | True           | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+

本文出自 “厚德载物” 博客，谢绝转载！

openstack实战讲解之-----08-计算节点neutron配置

Neutron组件安装[[email protected] ~]# yum install openstack-neutron-linuxbridge ebtables ipset配置通用组件Networking通用组件的配置包括认证机制、消息队列和插件编辑``/etc/neutron/neutron.conf``文件并完成如下查看详情

openstack之neutron服务网络架构二(代码片段)

《OpenStack之Neutron基础服务二》1.1Neutron网络概述(1）APIServer(2)网络插件与代理:(3)Flat网络(4)VLAN网络(5)GRE和VxLAN网络(6)端口(7)子网(8)子网池(9)路由(10)安全组(11)网络东西和南北流向(12)SNAT源地址转换(13)DNAT目的地址转换(14)网络命名... 查看详情

openstack之neutron服务网络架构二(代码片段)

openstack的部署之neutron项目（7-6）(代码片段)

OpenStack的部署之Neutron项目（7-6）一、CT控制节点1、创建数据库neutron，并进行授权2、创建用户、服务并赋权3、注册API4、安装提供者网络(桥接)并修改相关配置文件5、重启相关服务二、C1、C2计算节点操作1、部署neutron... 查看详情

openstack之neutron网络虚拟化

第一：为什么需要网络虚拟化？一.数据中心的现有网络不能满足云计算的物理需求；互联网行业数据中心的基本特征就是服务器的规模偏大。进入云计算时代后，其业务特征变得更加复杂，包括：虚拟化支持、多业务承载、资... 查看详情

云计算之openstack（n版）neutron网络服务最佳实践

...网络不仅仅是一个定义的虚拟网络。相反，它代表了一种openstack安装之外的能从物理的，外部访问的试图。外部网络上的IP地址查看详情

openstack之neutron流表字段的意思

cookie：流表规则标示duration：流表项创建持续的时间（单位：S）table：流表所属的table编号n_packets:流表项匹配到的报文数n_bytes：此流表项匹配到的字节数idle_age：此流表项从最后一个匹配的报文到现在空闲的时间hard_age：此流表... 查看详情

玩转openstack（八.1）linuxbridge实现neutron网络之local、flat、vlan、dhcp

参考技术ANeutron默认使用ML2作为coreplugin，配置文件/etc/neutron/neutron.conf中core_plugin计算节点和控制节点都需要在各自的neutron.conf中配置core_plugin然后配置ML2的配置文件/etc/neutron/plugins/ml2/ml2_conf.ini中mechanism_driversmechanism_drivers可以同... 查看详情

openstack网络服务neutron[五]

Openstack网络服务Neutron[五]Openstack网络服务Neutron[五]openstack时间：2016年11月28日Neutron介绍neutron是openstack重要组件之一，在以前是时候没有neutron项目650)this.width=650;"src="http://static.zybuluo.com/abcdocker/wt8v97no5vyj1gmjrdra 查看详情

openstack安装-计算节点-neutron服务安装(代码片段)

一、安装nettron相关服务yuminstallopenstack-neutron-linuxbridgeebtablesipset-y二、快速配置配置修改红色部分为计算节点的网卡名以及IP地址openstack-config--set/etc/neutron/neutron.confDEFAULTtransport_urlrabbit://openstack:[email protected]openstack-config--s... 查看详情

openstack——网络服务neutron

一、Neutron介绍 OpenStack网络服务已由Quantum改名为Neutron。Neutron是OpenStack核心项目之一，提供云计算环境下的虚拟网络功能服务。 Neutron的设计目标是实现“网络即服务（NetworkingasaService）”。为了达到这一目标，... 查看详情

openstack中neutron的实现模型(代码片段)

一、Neutron概述众所周知，整个Openstack中网络是通过Neutron组件实现，它也成为了整个Openstack中最复杂的部分，本文重点介绍Neutron的实现模型与应用场景，闲言少叙，步入正题。1.Neutron的架构Neutron的架构如下图所示：NeutronServe由Co... 查看详情

openstack——neutron组件

OpenStack（五）——Neutron组件一、OpenStack网络1、Linux网络虚拟化2、Linux虚拟网桥3、虚拟局域网4、开放虚拟交换机（OVS）二、OpenStack网络基础服务1、Neutron网络结构2、网路、子网和端口3、网络拓扑类型小结4、网络... 查看详情

##6.2neutron计算节点--openstack

##6.2Neutron计算节点 ##6.2Neutron计算节点#6.2.Neutron.compute.sh#安装yuminstall-yopenstack-neutron-linuxbridgeebtablesipset#配置cp/etc/neutron/neutron.conf{,.bak}echo‘#[DEFAULT]auth_strategy=keystonetranspor 查看详情

##6.1neutron控制节点--openstack

##6.1Neutron控制节点 ##6.1Neutron控制节点#6.1.Neutron.controller.sh#本实例网络配置方式是：公共网络#官方参考https://docs.openstack.org/neutron/pike/install/controller-install-rdo.html#创建Neutron数据库、用户认证，前面已设置source./admin-op 查看详情

openstack实践系列⑧可视化服务horizon之dashboard演示

OpenStack实践系列⑧可视化服务Horizon之Dashboard演示七、可视化服务Horizon之Dashboard演示仪表板依赖于功能核心服务，包括身份，图像服务，计算和网络两种（neutron）或传统网络（nova-neutron）。与独立的服务环境，如对象存储不能使... 查看详情

openstack部署neutron(代码片段)

controller 　　1.创建数据库并设置权限　　mysql-uroot-p0330　　CREATEDATABASEneutron;　　GRANTALLPRIVILEGESONneutron.*TO‘neutron‘@‘localhost‘\IDENTIFIEDBY‘NEUTRON_DBPASS‘; 　GRANTALLPRIVILEGESONneutron.*T 查看详情

openstack运维-部署neutron组件[t版](代码片段)

OpenStack运维-部署Neutron组件一、Neutron概述二、创建数据库neutron，并进行授权三、计算节点C1/C2四、CT验证服务组件一、Neutron概述Neutron是OpenStack项目中负责提供网络服务的组件，它基于软件定义网络的思想，实现了网... 查看详情