控制节点上neutron是网络的管理组件,提供网络、子网和路由器抽象功能,利用neutron可以很快搭建好私有云内部网络。本次搭建采用的是flat模式,使得内网的机子能访问外网。
1)在controller1上创建neutron数据库
```
MariaDB [(none)]> CREATE DATABASE neutron;
```
2)在controller1创建数据库用户并赋予权限
```
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'yjscloud';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'yjscloud';
```
3)在controller1上创建neutron用户及赋予admin权限
```
source /root/admin-openrc
openstack user create --domain default neutron --password yjscloud
openstack role add --project service --user neutron admin
```
4)在controller1上创建network服务
```
openstack service create --name neutron --description "OpenStack Networking" network
```
5)在controller1上创建endpoint
```
openstack endpoint create --region RegionOne network public http://yjscloud.com:9696
openstack endpoint create --region RegionOne network internal http://yjscloud.com:9696
openstack endpoint create --region RegionOne network admin http://yjscloud.com:9696
```
6)在controller1、2、3上安装neutron相关软件
```
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
```
7)在controller1、2、3上配置neutron配置文件`/etc/neutron/neutron.conf`
```
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
>/etc/neutron/neutron.conf
openstack-config --set /etc/neutron/neutron.conf DEFAULT debug False
openstack-config --set /etc/neutron/neutron.conf DEFAULT verbose true
openstack-config --set /etc/neutron/neutron.conf DEFAULT bind_host controller1
openstack-config --set /etc/neutron/neutron.conf DEFAULT bind_port 9797
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin neutron.plugins.ml2.plugin.Ml2Plugin
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron.services.metering.metering_plugin.MeteringPlugin
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT advertise_mtu True
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_response_timeout 180
openstack-config --set /etc/neutron/neutron.conf DEFAULT mac_generation_retries 32
openstack-config --set /etc/neutron/neutron.conf DEFAULT dhcp_lease_duration 600
openstack-config --set /etc/neutron/neutron.conf DEFAULT global_physnet_mtu 1500
openstack-config --set /etc/neutron/neutron.conf DEFAULT control_exchange neutron
openstack-config --set /etc/neutron/neutron.conf DEFAULT api_workers 4
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_workers 4
openstack-config --set /etc/neutron/neutron.conf DEFAULT agent_down_time 75
openstack-config --set /etc/neutron/neutron.conf DEFAULT dhcp_agents_per_network 2
openstack-config --set /etc/neutron/neutron.conf DEFAULT router_distributed False
openstack-config --set /etc/neutron/neutron.conf DEFAULT router_scheduler_driver neutron.scheduler.l3_agent_scheduler.ChanceScheduler
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_automatic_l3agent_failover True
openstack-config --set /etc/neutron/neutron.conf DEFAULT l3_ha True
openstack-config --set /etc/neutron/neutron.conf DEFAULT max_l3_agents_per_router 0
openstack-config --set /etc/neutron/neutron.conf DEFAULT min_l3_agents_per_router 2
openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:yjscloud@yjscloud.com/neutron
openstack-config --set /etc/neutron/neutron.conf database idle_timeout 3600
openstack-config --set /etc/neutron/neutron.conf database max_pool_size 30
openstack-config --set /etc/neutron/neutron.conf database max_retries -1
openstack-config --set /etc/neutron/neutron.conf database retry_interval 2
openstack-config --set /etc/neutron/neutron.conf database max_overflow 60
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_hosts controller1:5672,controller2:5672,controller3:5672
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password yjscloud
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_ha_queues True
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_retry_interval 1
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_retry_backoff 2
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_max_retries 0
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit amqp_durable_queues False
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://yjscloud.com:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://yjscloud.com:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller1:11211,controller2:11211,controller3:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password yjscloud
openstack-config --set /etc/neutron/neutron.conf nova auth_url http://yjscloud.com:35357
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password yjscloud
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
openstack-config --set /etc/neutron/neutron.conf agent report_interval 30
openstack-config --set /etc/neutron/neutron.conf agent root_helper sudo neutron-rootwrap /etc/neutron/rootwrap.conf
```
```
scp -p /etc/neutron/neutron.conf controller2:/etc/neutron/neutron.conf
scp -p /etc/neutron/neutron.conf controller3:/etc/neutron/neutron.conf
```
注意更改节点controller编号
8)在controller1、2、3上配置配置`/etc/neutron/plugins/ml2/ml2_conf.ini`
```
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 path_mtu 1500
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True
```
9)在controller1、2、3配置`/etc/neutron/plugins/ml2/linuxbridge_agent.ini`
```
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini DEFAULT debug false
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth0
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 10.2.2.150 # 负责到其他2/3节点上是注意更改ip
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini agent prevent_arp_spoofing True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
```
注意eth0是public网卡,一般这里写的网卡名都是能访问外网的,如果不是外网网卡,那么VM就会与外界网络隔离。
10)在controller1、2、3配置 `/etc/neutron/l3_agent.ini`
```
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT debug false
```
11)在controller1、2、3配置 配置`/etc/neutron/dhcp_agent.ini`
```
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT verbose True
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT debug false
```
12)在controller1、2、3上重新配置`/etc/nova/nova.conf`,配置这步的目的是让compute节点能使用上neutron网络
```
openstack-config --set /etc/nova/nova.conf neutron url http://yjscloud.com:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://yjscloud.com:35357
openstack-config --set /etc/nova/nova.conf neutron auth_plugin password
openstack-config --set /etc/nova/nova.conf neutron project_domain_id default
openstack-config --set /etc/nova/nova.conf neutron user_domain_id default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password yjscloud
openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy True
openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret yjscloud
```
13)在controller1、2、3上将dhcp-option-force=26,1450写入/etc/neutron/dnsmasq-neutron.conf
echo "dhcp-option-force=26,1450" >/etc/neutron/dnsmasq-neutron.conf
14)在controller1、2、3上配置`/etc/neutron/metadata_agent.ini`
```
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip yjscloud.com
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret yjscloud
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_workers 4
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT verbose True
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT debug false
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_protocol http
```
15)在controller1、2、3上创建软链接
```
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
```
16)在controller1上同步数据库
```
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
```
17)在controller1、2、3上重启nova服务,因为刚才改了nova.conf
```
systemctl restart openstack-nova-api.service
systemctl status openstack-nova-api.service
```
18)在controller1、2、3上重启neutron服务并设置开机启动
```
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
```
19)在controller1、2、3上启动neutron-l3-agent.service并设置开机启动
```
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
systemctl status neutron-l3-agent.service
```
20)随便一节点上执行验证
```
source /root/admin-openrc
neutron agent-list
```
- 献给我的朋友们
- 一、个人对学习的看法
- 二、运维技能图谱
- 三、运维常用技能
- 3.1 Vim(最好用的编辑器)
- 3.2 Nginx & Tengine(Web服务)
- 1. Nginx介绍和部署
- 2. Nginx配置解析
- 3. Nginx常用模块
- 4. Nginx 的session 一致性问题
- 3.3 Tomcat(Web中间件)
- 3.4 Keepalived(负载均衡高可用)
- 3.5 Memcache(分布式缓存)
- 3.6 Zookeeper(分布式协调系统)
- 3.7 KVM(开源虚拟化)
- 1. 虚拟化介绍
- 2. KVM基础
- 3. 设置VNC和时间同步
- 4. kvm虚拟机快照备份
- 5. kvm虚拟机在线扩展磁盘
- 6. kvm虚拟机静态迁移
- 7. kvm虚拟机动态迁移
- 8. kvm虚拟机存储池配置
- 9. cpu添加虚拟化功能
- 3.8 GitLab(版本控制)
- 3.8.1 GitLab安装与汉化
- 3.9 Jenkins(运维自动化)
- 3.10 WAF(Web防火墙)
- 3.10.1初探WAF
- 四、常用数据库
- 4.1 MySQL(关系型数据库)
- 1. MySQL源码安装
- 4.2 Mongodb(适用与大数据分析的数据库)
- 4.3 Redis(非关系数据库)
- 五、自动化运维工具
- 5.1 Cobbler(系统自动化部署)
- 5.2 Ansible(自动化部署)
- 5.3 Puppet(自动化部署)
- 5.4 SaltStack(自动化运维)
- 六、存储
- 6.1 GFS(文件型存储)
- 6.2 Ceph(后端存储)
- 七、运维监控工具
- 7.1 对监控的理解
- 7.2 Zabbix(运维监控)
- 7.2.1 Zabbix简介
- 7.2.2 Zabbix服务部署
- 1. Zabbix服务端部署
- 2. Zabbix客服端部署
- 3. 配置前端展示
- 4. zabbix告警配置
- 7.2.3 Zabbix监控服务
- 1. 监控网络设备
- 2. 自定义Nginx监控
- 7.3 云镜(安全监控)
- 7.4 ELK(日志收集展示)
- 八、运维云平台
- 8.1 OpenStack(开源云操作系统)
- 8.1.1 OpenStack简介
- 8.1.2 实验架构设计
- 8.1.3 集群环境准备
- 8.1.4 controller节点部署
- 1. 安装Mariadb Galera Cluster集群
- 2. 安装RabbitMQ Cluster集群
- 3. 安装Pacemaker
- 4. 安装HAProxy
- 5. 安装配置Keystone
- 6. 安装配置glance
- 1. 制作镜像模板
- 7. 安装配置nova
- 8. 安装配置neutron
- 1. 配置虚拟机网络
- 9. 安装Dashboard
- 10. 安装配置cinder
- 8.1.5 compute节点部署
- 1. 安装相关软件包
- 2. 安装Neutron
- 3. 配置cinder
- 4. 创建第一个虚拟机
- 8.1.6 OpenStack报错处理
- 1. cinder僵尸卷删除
- 8.1.7 快速孵化虚拟机方案
- 8.1.8 Kolla容器化部署OpenStack
- 1. 单点部署
- 2. 多节点部署
- 8.2 Tstack(腾讯云平台)
- 8.3 K8s(微服务容器化)
- 九、运维编程技能
- 9.1 Shell(运维必会语言)
- 9.2 Python(万能的胶水语言)
- 十、Devops运维
- 10.1 理念
- 10.2 Devops实战