|
|
配置neutron.conf & `- |, d1 ]6 p
复制代码
6 M a( j$ i# b# M# 在全部控制节点操作,以controller01节点为例;
7 m$ p. Q2 |- v: A7 }# 注意”bind_host”参数,根据节点修改; ]- C* L3 h" P0 Y$ X. ?
# 注意neutron.conf文件的权限:root:neutron8 _7 q+ x% m; N* i7 P9 q
[root@controller01 ~]# cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
/ H8 k# w! B: S[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/neutron.conf
2 Y1 Y/ S+ l* q; l[DEFAULT]
/ R* e1 u7 Q/ d- o) X( gbind_host = 172.30.200.31
2 n1 m8 c+ a- k9 Q9 P% Xauth_strategy = keystone
( O1 S! V: C4 q# q. V/ Q/ Rcore_plugin = ml2
" b$ ]8 `4 V3 p2 ^0 pservice_plugins = router; v+ k$ |2 v3 ?. S+ N9 v U* Y
allow_overlapping_ips = True
) Q/ Q8 j3 J4 R) f3 [notify_nova_on_port_status_changes = true6 _% F2 ~* W3 h- f( ~
notify_nova_on_port_data_changes = true
- c' {5 Q8 I6 d S+ ?# l3高可用,可以采用vrrp模式或者dvr模式;6 W6 {" R+ I- S& K+ Y, Q
# vrrp模式下,在各网络节点(此处网络节点与控制节点混合部署)以vrrp的模式设置主备virtual router;mater故障时,virtual router不会迁移,而是将router对外服务的vip漂移到standby router上;
7 |8 r0 J- f! u/ K# dvr模式下,三层的转发(L3 Forwarding)与nat功能都会被分布到计算节点上,即计算节点也有了网络节点的功能;但是,dvr依然不能消除集中式的virtual router,为了节省IPV4公网地址,仍将snat放在网络节点上提供;
( v7 @/ C# e, `3 P) v; J5 p! y# vrrp模式与dvr模式不可同时使用
, a4 t4 S! l9 g: @8 \* J$ ]1 i# Neutron L3 Agent HA 之 虚拟路由冗余协议(VRRP): http://www.cnblogs.com/sammyliu/p/4692081.html
1 L5 X; s8 z' q4 f" t# Neutron 分布式虚拟路由(Neutron Distributed Virtual Routing): http://www.cnblogs.com/sammyliu/p/4713562.html! \' M% d9 r i
# “l3_ha = true“参数即启用l3 ha功能
m; E) a. U, u8 J/ Tl3_ha = true
/ s; A/ c) n1 |2 `! H$ x1 W# 最多在几个l3 agent上创建ha router% w/ N. F; Z. t
max_l3_agents_per_router = 3( ?" p; \0 T* D, C0 j) |" i5 O
# 可创建ha router的最少正常运行的l3 agnet数量 n* }' o8 D1 R! z0 ]
min_l3_agents_per_router = 2
; U# J- q( H& H+ k6 A, o# vrrp广播网络' z, }, N+ ?2 Z! o9 h
l3_ha_net_cidr = 169.254.192.0/18
8 D- t! s# r4 K+ x, f# ”router_distributed “参数本身的含义是普通用户创建路由器时,是否默认创建dvr;此参数默认值为“false”,这里采用vrrp模式,可注释此参数7 R6 Y2 M6 r! z1 w1 l2 G
# 虽然此参数在mitaka(含)版本后,可与l3_ha参数同时打开,但设置dvr模式还同时需要设置网络节点与计算节点的l3_agent.ini与ml2_conf.ini文件
; O. M z( N. S' P# router_distributed = true, N2 |; _+ [/ G }
# dhcp高可用,在3个网络节点各生成1个dhcp服务器
- }: ^0 w& t$ O3 z2 b7 u+ g' w4 Kdhcp_agents_per_network = 3, K: g( F, k& ^4 S, ~' g
# 前端采用haproxy时,服务连接rabbitmq会出现连接超时重连的情况,可通过各服务与rabbitmq的日志查看;. N7 \; p4 O2 V' i( h- s/ P* n- Y
# transport_url = rabbit://openstack:rabbitmq_pass@controller:5673' `' q+ k' @* G8 i) s, l
# rabbitmq本身具备集群机制,官方文档建议直接连接rabbitmq集群;但采用此方式时服务启动有时会报错,原因不明;如果没有此现象,强烈建议连接rabbitmq直接对接集群而非通过前端haproxy
a' p4 P% }2 ]4 i2 [% G7 J$ Htransport_url=rabbit://openstack:rabbitmq_pass@controller01:5672,controller02:5672,controller03:56729 A) i$ y9 N8 r3 H" u
[agent]
0 N% l& {( ^2 V T# _[cors], o) c) l/ E: s+ ?8 K
[database]
, L8 a$ m1 V: Z# Zconnection = mysql+pymysql://neutron:neutron_dbpass@controller/neutron
5 E* r& W# n* [# O% Z[keystone_authtoken]
D, S# u7 I$ e) P6 tauth_uri = http://controller:5000
- W% y4 A. m/ @3 v) {4 F$ Vauth_url = http://controller:35357
. e1 y; `# ~2 m# tmemcached_servers = controller01:11211,controller:11211,controller:11211
9 b& @! I' G. y" n2 oauth_type = password
; T: o$ @1 d& R" Z* V) Nproject_domain_name = default
; y; k4 L; E. o; v8 y& l/ E$ duser_domain_name = default
& f$ I% D: f5 d% w) l) C2 p# R# gproject_name = service
$ T% x* F/ Y8 m5 eusername = neutron
; p& S* v5 |7 Xpassword = neutron_pass$ M: H( Z/ S' u) R- u
[matchmaker_redis]
; h/ K, ^; E0 b: I$ p3 ~! ?[nova]
2 Q- b! N' [ c# `- \" T( Zauth_url = http://controller:35357: `1 E; J% U! g# i6 G% h
auth_type = password
_# H1 U% Z+ jproject_domain_name = default& }/ _$ ~5 b% D* d& ?/ I( T9 ^3 Q ~
user_domain_name = default
3 S0 B$ B; {; ~$ H( T+ Bregion_name = RegionTest. V! Q. T" n2 c7 R; ]
project_name = service+ _- z( H( \& A, ^# \- z8 @
username = nova* S; }# m, [, O3 I0 V' T
password = nova_pass
% R# B/ Z" _. f[oslo_concurrency]' i% \3 {9 Y9 P6 _
lock_path = /var/lib/neutron/tmp" Q7 R' [, B6 _- V G
[oslo_messaging_amqp]9 f$ ]0 t. v$ k$ u1 i- ?' N; n9 t
[oslo_messaging_kafka]% M; b& @& `( \$ E. k2 M
[oslo_messaging_notifications]
) w# ~* G/ O# x# P7 V1 ^, v+ w[oslo_messaging_rabbit]' }' s0 t1 M0 P+ B
[oslo_messaging_zmq]8 x# s3 q$ E7 N) V/ N
[oslo_middleware]
' a. d/ p$ e/ C4 ?$ G& P[oslo_policy]
* a8 _& |6 [" m$ B% f9 K _( M0 l[quotas]( d9 t( ~* E: i9 }# Z% B) Z! h1 L
[ssl]
( D! J# E2 {% P8 ]$ D; `& u5 o+ I复制代码
0 I& y5 G1 B/ N; |5. 配置ml2_conf.ini8 I/ Z9 M( S1 V4 \% X
复制代码
+ w% K7 C8 k5 \/ {* i" d* Y# 在全部控制节点操作,以controller01节点为例;
" n. _: K( {& A: t+ ]0 n* D ~# ml2_conf.ini文件的权限:root:neutron1 T" @' y' Q$ n( c+ J% Y: K. t" E; K
[root@controller01 ~]# cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
' p+ U) ~& L6 x0 ?. h, t& D7 g[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/plugins/ml2/ml2_conf.ini
) U! c2 E* w% L[DEFAULT]
" F: E0 t3 X1 `- _( ^; v a4 K[l2pop], C6 M1 L e' M
[ml2]" u$ g3 P, b9 B
type_drivers = flat,vlan,vxlan
* g5 [) n' @/ f% I. G" z2 q# ml2 mechanism_driver 列表,l2population对gre/vxlan租户网络有效
2 Q; u' g& U8 Z7 C+ `) rmechanism_drivers = linuxbridge,l2population
0 r$ ~5 k' O) U, S% w# 可同时设置多种租户网络类型,第一个值是常规租户创建网络时的默认值,同时也默认是master router心跳信号的传递网络类型
3 t, w% k0 n5 y* c+ ltenant_network_types = vlan,vxlan,flat
' ?$ ? Q- G9 }5 iextension_drivers = port_security
( J# p" s9 ^, A$ v v/ E J9 P[ml2_type_flat]: E0 C' c1 | r6 {
# 指定flat网络类型名称为”external”,”*”表示任意网络,空值表示禁用flat网络
* T% t% {* c4 ]( e+ Oflat_networks = external
8 H' G3 Z7 \, g& @! \# f2 X[ml2_type_geneve]4 _4 P* G; `( b8 K5 f: @2 q
[ml2_type_gre]
: D2 X5 l1 ?3 L[ml2_type_vlan]
- L2 Z. `( } c1 Y, _% `; g: r# 指定vlan网络类型的网络名称为”vlan”;如果不设置vlan id则表示不受限/ G h% v) R, _) _+ L% z
network_vlan_ranges = vlan:3001:3500
2 p% ~+ W4 v* Q; x, O: d[ml2_type_vxlan]7 j8 [7 M( L4 r; G, N
vni_ranges = 10001:20000
2 C2 q2 \% L' v& i[securitygroup]
9 i& R0 k% _. b: D N8 g: q9 m1 J Henable_ipset = true: ~5 q2 S- W7 g- |
# 服务初始化调用ml2_conf.ini中的配置,但指向/etc/neutron/olugin.ini文件
& p2 E0 ~3 t' ]2 A[root@controller01 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini) k& S2 Q3 K5 V/ s+ I
复制代码
# ~& U, ~( s/ N$ p0 Y. Z: z6. 配置linuxbridge_agent.ini
0 f- P1 Z- R$ {0 L% W1 P1)配置linuxbridge_agent.ini, o2 D0 v! t3 M( h5 C9 J0 K* n" K7 q
复制代码. z' s. J9 v* \0 @# p b! x) y9 R6 B
# 在全部控制节点操作,以controller01节点为例; j1 l1 j4 X2 N: \' h q j
# linuxbridge_agent.ini文件的权限:root:neutron0 |- [) n! K$ I9 e
[root@controller01 ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
2 P$ I! _+ n( O, Z( z( B! E/ H[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/plugins/ml2/linuxbridge_agent.ini
; R1 p3 v* b$ i% U r, l0 _[DEFAULT]1 A3 @- v- K9 s- t0 l* ^
[agent]0 ~! M5 G/ H* e5 s" c
[linux_bridge]2 J+ q! X8 {" ]1 ?
# 网络类型名称与物理网卡对应,这里flat external网络对应规划的eth1,vlan租户网络对应规划的eth3,在创建相应网络时采用的是网络名称而非网卡名称;
' Q; t, S$ Y) r# 需要明确的是物理网卡是本地有效,根据主机实际使用的网卡名确定;
: \: ]6 Z1 u5 q1 V& C7 \# 另有” bridge_mappings”参数对应网桥
4 p1 }- F6 {! E3 x6 Uphysical_interface_mappings = external:eth1,vlan:eth39 m! q+ Q9 J+ f" Z' e( _
[network_log]2 N4 _% O1 |1 D# b$ v& F
[securitygroup]
6 z3 V) l- M9 {$ f( S& Dfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
/ P. N' n- q. K0 ?; Benable_security_group = true W$ C% m I4 M' i, w, O
[vxlan]+ J0 O$ f" u! W9 g, t/ A
enable_vxlan = true
+ M; f4 r; |* o8 W2 z8 M" W# tunnel租户网络(vxlan)vtep端点,这里对应规划的eth2(的地址),根据节点做相应修改
# `+ h/ X1 e v3 j" F& s' ^local_ip = 10.0.0.31. r; R! b) }& T+ f I& ^( i
l2_population = true& J6 s. p: _9 J9 z. A
复制代码. @! m1 t/ z% _3 K7 A
2)配置内核参数4 }9 _" W6 i/ L. ~
复制代码
* M9 b" A1 d8 R# bridge:是否允许桥接;
8 k7 w" d! W6 \' `" N8 g% Z/ f8 S# 如果“sysctl -p”加载不成功,报” No such file or directory”错误,需要加载内核模块“br_netfilter”;' n& _$ A8 z" [' n# ]
# 命令“modinfo br_netfilter”查看内核模块信息;) d b& \0 `/ ~* n
# 命令“modprobe br_netfilter”加载内核模块' A2 l) b. p# X0 y3 |8 O# ^, a
[root@controller01 ~]# echo "# bridge" >> /etc/sysctl.conf
2 H/ E! \% `" K2 T+ u[root@controller01 ~]# echo "net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf, s; s" r# E2 ]" {8 _8 h
[root@controller01 ~]# echo "net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.conf) k8 g1 q5 ^+ u3 f
[root@controller01 ~]# sysctl -p: n: c, }' _1 R, {
复制代码
- j) p" R- ~8 n2 j' Q7. 配置l3_agent.ini(self-networking). @4 k) t' i- n( ^8 Z
复制代码
9 [: \! Z7 y, m# 在全部控制节点操作,以controller01节点为例;
! O P" D3 {' f% W2 Z0 p" L9 C3 m# l3_agent.ini文件的权限:root:neutron% B# @& B' n8 u' {
[root@controller01 ~]# cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak1 K( s# ^1 E, N
[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/l3_agent.ini+ @0 h$ I* r7 _: W( c
[DEFAULT], R, M" k, }1 ^' C. `& H
interface_driver = linuxbridge
/ p {2 ?+ z r: l9 M: ^[agent]9 F0 Y$ h' i. S; m$ e1 S
[ovs]/ i I* B+ _( M
复制代码9 ^ ~" }* a8 k* \; p' q' O7 m9 P
8. 配置dhcp_agent.ini
/ Y7 J/ h6 u+ o6 R复制代码+ A, E8 _) T/ s$ M2 h7 R
# 在全部控制节点操作,以controller01节点为例;
" ? J3 }2 y* X; |% j5 T5 I# 使用dnsmasp提供dhcp服务;5 D" F1 M+ ^( t
# dhcp_agent.ini文件的权限:root:neutron
- q( D4 m4 f: I$ m[root@controller01 ~]# cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak3 o b2 z" o" a3 J$ N
[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/dhcp_agent.ini, ]# {* ?$ x* y+ V' p9 T
[DEFAULT]3 j2 f7 y5 l5 @3 W T6 a# K
interface_driver = linuxbridge
4 l" k' \4 q) E$ ]( {; fdhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
2 i% m) u. ~- c {- T' O6 s; ^: eenable_isolated_metadata = true
y7 }0 E/ W8 D% E: B3 R8 B" x! e6 l7 |[agent]
( M/ F$ u2 m" c5 x+ t7 S/ D- w[ovs]4 r! L6 W) s# O& a4 M
复制代码8 Q( M. i- S* q
9. 配置metadata_agent.ini
: [4 `8 C# \4 t: R复制代码
& o* \9 B( P/ x8 H% U4 S$ ]' m# 在全部控制节点操作,以controller01节点为例;
! T' I+ b& z9 [3 F! j( J# metadata_proxy_shared_secret:与/etc/nova/nova.conf文件中参数一致;( ^( ^ N( J/ y6 e
# metadata_agent.ini文件的权限:root:neutron
6 p& o! `( |5 x! P[root@controller01 ~]# cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak& F$ e$ P0 p2 H" f* x
[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/metadata_agent.ini
' ]1 q! h, S" Y( s5 i[DEFAULT]
! u1 X) |# ^1 enova_metadata_host = controller% n: P, v! ~# F
metadata_proxy_shared_secret = neutron_metadata_secret7 ?# G) R1 l+ |
[agent]2 P6 v0 D/ `0 [) C
[cache]4 f$ {" R+ a/ T6 Y
复制代码% l, y1 o. h1 I9 d- K. F
10. 配置nova.conf# C/ x; Q" C' R1 ?1 K
复制代码
8 A$ z" h' P, T! H# 在全部控制节点操作,以controller01节点为例;
% g. b3 e1 }) ?3 n' ^5 A# 配置只涉及nova.conf的”[neutron]”字段;! x8 I8 S2 ?" g- c5 r' M, c
# metadata_proxy_shared_secret:与/etc/neutron/metadata_agent.ini文件中参数一致2 S* u; m& P0 @+ R$ M
[root@controller01 ~]# vim /etc/nova/nova.conf% ` P0 |6 w" B# Z; R
[neutron]
2 |8 L/ K6 V4 J! A1 aurl = http://controller:9696
7 J! X5 K$ K' m* R$ _auth_url = http://controller:35357
2 W0 Y! S- O, u% l4 W8 tauth_type = password h9 i4 _, t, p+ _1 r
project_domain_name = default
& s% {" t3 z. ^! `user_domain_name = default
& a/ _! Q9 m3 C& t! Fregion_name = RegionTest8 E- T- `) e, t0 |
project_name = service
+ l4 c6 ]. m8 R9 O) Jusername = neutron, h( c* p9 R& V1 P2 P" G% j4 J8 O
password = neutron_pass+ s) [6 }/ d7 `4 W. B0 S
service_metadata_proxy = true
' N: I1 h: F4 Y% _- r+ ]. ? `metadata_proxy_shared_secret = neutron_metadata_secret2 ]! p& C; [5 |, `/ T" d
复制代码
s4 b2 Z9 O0 a" q11. 同步neutron数据库
+ }, M: F. H5 d# 任意控制节点操作;) T' f" T& p8 X1 a, x6 n6 w
[root@controller01 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
0 _+ o3 b$ ]* ^! i% ~+ S8 g# 验证+ h" j1 l* I" D \# G$ s! l0 P& h
[root@controller01 ~]# mysql -h controller01 -u neutron -pneutron_dbpass -e "use neutron;show tables;"- @/ t! c) }+ c+ B _7 M3 b
12. 启动服务+ n2 |- n2 k/ l% X2 S, `, s3 K
复制代码9 ?8 o$ t9 l$ Z, u+ Q. [
# 全部控制节点操作;
+ Y2 K+ L5 U* c$ I- O2 @" E# 变更nova配置文件,首先需要重启nova服务
' l: X5 O! |8 ]' p- ?; v( N[root@controller01 ~]# systemctl restart openstack-nova-api.service
( e; e8 L- e( O8 S+ J- s; l [: N* k3 u: f7 ^! p
# 开机启动
5 w$ w/ Y8 m/ [1 ^" {2 y[root@controller01 ~]# systemctl enable neutron-server.service \" [/ B3 \# [' u
neutron-linuxbridge-agent.service \
1 e+ p) o+ ^; i neutron-l3-agent.service \3 r9 f8 g3 L1 A) a4 {/ K' q
neutron-dhcp-agent.service \5 `9 b( d g2 W
neutron-metadata-agent.service
" f1 C7 Y; n: P8 t# 启动
: J ?% s/ P. n8 t3 g[root@controller01 ~]# systemctl restart neutron-server.service
. i; ?% a+ D2 b0 y" @* v[root@controller01 ~]# systemctl restart neutron-linuxbridge-agent.service8 v1 t7 p& J" Z9 J; T4 W
[root@controller01 ~]# systemctl restart neutron-l3-agent.service! G# t# r0 i# h: R! g, O
[root@controller01 ~]# systemctl restart neutron-dhcp-agent.service2 W9 V( B7 S1 O5 f- ?
[root@controller01 ~]# systemctl restart neutron-metadata-agent.service
& o: K. ^+ W% W# P$ y复制代码% o" o! [5 |$ o5 T
13. 验证
d2 J5 Q& A/ U/ D9 g! X% g复制代码: q. ?, m; a4 M: h/ z6 @+ W
[root@controller01 ~]# . admin-openrc
9 L2 }1 q- x) R2 H' s( E) v# 查看加载的扩展服务 s! p* R+ w4 W! z: y G
[root@controller01 ~]# openstack extension list --network
3 N2 S+ O* }+ C2 t$ I7 Z# 查看agent服务0 s8 m4 f% w3 E3 e+ O. W+ o- w
[root@controller01 ~]# openstack network agent list
1 \3 C; F* ]7 |% ^" {复制代码
/ w4 j2 Y: _( L. @2 @' M0 T7 A! C
14. 设置pcs资源
0 H7 d+ K. a6 l, \复制代码# C8 S$ W: Q9 B( n; e1 Z
# 在任意控制节点操作;' M5 c" T8 K& P5 I( M* ~& }
# 添加资源neutron-server,neutron-linuxbridge-agent,neutron-l3-agent,neutron-dhcp-agent与neutron-metadata-agent4 a/ ?6 e5 g7 i% t Z
[root@controller01 ~]# pcs resource create neutron-server systemd:neutron-server --clone interleave=true
5 G$ l4 e& \2 ^+ L/ ~6 m[root@controller01 ~]# pcs resource create neutron-linuxbridge-agent systemd:neutron-linuxbridge-agent --clone interleave=true
* U3 b& u. |, q[root@controller01 ~]# pcs resource create neutron-l3-agent systemd:neutron-l3-agent --clone interleave=true- s. c# P( h% K5 u* j2 c
[root@controller01 ~]# pcs resource create neutron-dhcp-agent systemd:neutron-dhcp-agent --clone interleave=true
9 d$ G+ I; C" ?7 r0 S[root@controller01 ~]# pcs resource create neutron-metadata-agent systemd:neutron-metadata-agent --clone interleave=true9 ~, B' J1 k& y: }5 F: h
# 查看pcs资源
! e c( J: m8 F: k, C' ][root@controller01 ~]# pcs resource
?7 w# @! u( H$ x/ h* T$ T; m' J7 S1 g |
|
发表于 2021-10-8 17:15:33