|
|
一、控制节点配置* D7 c6 _5 ~# E7 @- B8 A
在控制节点进行以下操作。
: \6 b5 g* K" y! ^2 K6 a5 ?/ d" A- a( }5 ]1 p( S- a3 N0 @
1、配置数据库
. R( T5 n) \. G! G/ t$ F" z3 b进入数据库控制台(密码123456):
* _6 u3 W- Z$ J# z5 t( S4 Y% @4 I" b# }2 n0 v) K
mysql -u root -p
4 `" \! l1 y1 S' _, o' y8 G( @ M1 L5 n6 P# J# ^4 G, g
( ~' ~$ z- G* v7 U' E8 Ubash
) M: Z7 X4 E) Q. n# h. Y( B6 {6 J创建数据库并授予权限,退出数据库:2 M5 O* p+ e* g1 s( a
$ |+ x% ?" _, }* pCREATE DATABASE neutron;+ A8 Z/ }9 i/ C% M! W8 E/ M. r
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';
# [0 E- s4 b- IGRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';
7 D. W: e* ^/ B) ~" s5 L7 i. Q
; H/ T' k2 n0 t* L4 K! y5 ]6 T2 t% b) L5 }6 \ i
/ Z0 r2 S1 C# m2 Y. ]$ u8 n; s& C; c& h
1 N7 m: N% Z# o) x0 ~. e& C8 {: ~5 b" |" `: e
2、创建neutron用户
( w$ R5 ~, b) x1 a% d0 s |登录admin支行好:
0 K" _$ j/ N1 N+ j' V# F2 i5 b# C# v9 l) k) k! j; B
. admin-openrc
" {2 [% H+ q& i7 l/ [1 \/ b
/ @( D! [+ ~8 c* ^ E: r4 }4 [- sbash7 C! h9 g- X9 k. K" w# c
在domain:default创建用户neutron:
% ~2 O! t: g4 R: {2 I/ y; q; |9 J0 }4 ~
openstack user create --domain default --password-prompt neutron
; C" i8 H( @( |$ c+ f' \$ L# {, r% B. [ t5 j$ n+ L8 G- |( P
bash4 U( w2 u: [9 b( ~! A$ G
如下图:0 E8 @2 U1 u8 q2 \0 c
# Q* }. J0 M4 y) ] r2 z
' J1 U$ O. r8 `) y' T
' X' }. ^ v3 _授予neutron服务admin权限:2 a& c4 X* x9 Q/ d* _$ L3 S% l
3 ]% H' E4 l# }! h I, P; b, Y4 a/ Popenstack role add --project service --user neutron admin' D5 h8 ~: [" B2 u
! ?: I+ i& P2 w+ _1 Z8 vbash. G2 C3 W# m5 ?5 @1 w3 F7 u
创建neutron服务入口:) h1 o' n. s* ?, A1 M8 T- B
4 A: O8 ^5 u1 ? w1 H
openstack service create --name neutron --description "OpenStack Networking" network
! J4 h$ @( q/ \
+ m2 k) G M2 R+ O* A; w, jbash4 h) j3 @/ [. y* t. v& ? M
如下图:
# Y2 x# k$ D6 u. o: y) ]1 K& S9 D9 M7 b1 B7 i
9 y# g% u& x. J. M
0 X, s# V! u; Y4 z P) v; n2 G1 A创建网络服务API端点:
/ z& | F2 ~4 S" L$ @/ \8 _
# I! ?9 n" p) O$ Vopenstack endpoint create --region RegionOne network public http://controller:9696
! v& ` r+ t; b9 H9 D8 g( z2 @openstack endpoint create --region RegionOne network internal http://controller:96969 R, Q: Y l8 K+ Z' q2 z
openstack endpoint create --region RegionOne network admin http://controller:96961 {; V1 E0 v% i% O
AI构建项目$ u. `, L& B! |4 B, s0 t
bash
% k% \5 `3 g& _& j3 X5 k" r3 h$ G如下图:$ e! o$ T0 ^, p! e8 P
3 f/ C& D, F! T5 B) N# O; H5 X1 }1 `, {4 Q% q( o' D q5 I
! K' b. B; K( r; d- @9 N
3、配置selfservice网络) x8 z7 N0 A5 x, ?6 k8 `: W
安装neutron:
. q$ I; D& |, }5 z! @1 n' }
& q* Z6 Q/ [1 o, ^0 Zyum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y7 M! W C& ?" r
AI构建项目
- D8 r9 {# q! L5 F d9 dbash
6 E, Z( j* A8 e/ w6 G备份/etc/neutron/neutron.conf,删除其注释:
8 [4 r& k5 o2 F: J v6 y: K9 q7 B. f* y7 C) Y4 @
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.source0 f; G( ^) C4 i1 X6 s
cat /etc/neutron/neutron.conf.source | grep -Ev "^#|^$" > /etc/neutron/neutron.conf
2 x, P8 S. U9 y5 u( yAI构建项目
9 s* g: R# N9 l7 z) nbash
7 L/ U1 U: d+ _5 A编辑/etc/neutron/neutron.conf:1 W; P' W7 B$ z. i8 \
: S+ R% z) O' u u: O) |
[DEFAULT]/ R6 [2 _4 h: o. y d
# ...
0 o# I9 E2 B* m9 P( R2 `core_plugin = ml2
2 W$ c" t! b- Y2 ?! q4 b Tservice_plugins = router5 H! G! W! d- ?( l: K! X8 d3 j- _
allow_overlapping_ips = true+ d' s8 P+ ~; T9 h
transport_url = rabbit://openstack:123456@controller. Q, ^- {3 |$ v
auth_strategy = keystone3 ^, w- `5 o k. }0 }6 N* U
notify_nova_on_port_status_changes = true
9 x+ V z1 j' R% @9 B- T0 ?notify_nova_on_port_data_changes = true
# R( G" X8 W5 c r, Y; V; D8 B# s
[database]
" x1 W4 n4 [- r5 ]* e' ~$ ~# ...+ t' T8 `4 B, ~: v, d5 b3 r
connection = mysql+pymysql://neutron:123456@controller/neutron G- I$ ~" t3 E) s
4 Q8 F* F5 C, ]% m2 e[keystone_authtoken]
! {0 D1 V9 [& S, c# ...
' p+ n+ }8 I+ O% j; F: ~www_authenticate_uri = http://controller:5000! D7 z. R" `! a; X4 Z& G. Z! a
auth_url = http://controller:5000
3 v4 X: S9 T# _' `5 Y6 {; }# `memcached_servers = controller:11211
" X- k0 y( j; C0 R J( g% xauth_type = password
4 {% r+ F: z- E% [ l: lproject_domain_name = default) X3 b# y6 Q% I
user_domain_name = default, v! d4 {5 G; m
project_name = service# }1 s8 p$ {% T# f1 `. z) G
username = neutron* F: \$ `. i V
password = 1234563 Z3 u5 W$ N; h7 K+ T. [5 }0 T
& C1 A$ U2 {& H( M[nova]
. W" c8 F4 N5 b& R& Q# ...( P" ?: |. x& ]* F7 K5 S0 e& _- u
auth_url = http://controller:50004 o1 e% T, j! a3 B. a- N# I$ m
auth_type = password2 w5 s5 \7 P! s7 M
project_domain_name = default
: i4 {' o; h' iuser_domain_name = default
$ N0 E# r2 l' C1 `region_name = RegionOne
9 H* v& A" n3 w; S6 p) eproject_name = service% n8 i t/ z8 [' p
username = nova+ X; M- M6 B$ U1 p5 {
password = 1234564 l) K, d' u7 {6 ` a5 \ a' U1 g7 J
c2 A2 x' ?; T2 v% \4 K[oslo_concurrency]
& X6 E4 J" d$ l: o# ...
- M$ c- h+ v: r% T: e" p% Jlock_path = /var/lib/neutron/tmp
: D6 {) t5 s* ]
; s/ h' q9 W( X7 X0 ~AI构建项目. Q" }/ C( ~( X' a3 |
bash
* O6 N1 y3 ?( u: `* Z# H( e4、配置ml26 U# t# p7 S& C6 d c s' _( Y
备份/etc/neutron/plugins/ml2/ml2_conf.ini,删除其注释:
5 U5 C8 q o) k& s( n+ g
9 b' j2 W; @$ M7 o. Y" rmv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.source2 O9 k# a( x3 b# r! ~- X! |
cat /etc/neutron/plugins/ml2/ml2_conf.ini.source | grep -Ev "^#|^$" > /etc/neutron/plugins/ml2/ml2_conf.ini
- y, _1 q3 }! u* M7 E% {AI构建项目
& k |$ N9 N5 c. Ubash
: ]( P2 B& v% z" O' x, ^, R, L对/etc/neutron/plugins/ml2/ml2_conf.ini进行以下配置:
2 @* L7 ~& v" p7 v( m& @0 C% U7 _. [' b/ I; S7 }' m' A
[ml2]1 l7 k& T' x5 w' T2 {6 K
# ...5 z) N6 P' q5 R+ J" [- M, e0 I
type_drivers = flat,vlan,vxlan
! x, N( t0 [ l2 Xtenant_network_types = vxlan; E2 F3 _ }8 A8 S: A
mechanism_drivers = linuxbridge,l2population
! U0 ?5 o9 `1 O: vextension_drivers = port_security
* c* L0 C- e1 ` K. Z5 I5 T : u; K) t/ {( A; }8 P! v
[ml2_type_flat]6 {( [+ w9 S* R: Y
# ..., x! [/ C/ w* A
flat_networks = provider
5 k& l! o2 F4 t9 T7 z
$ m3 v; N+ ~ x! O6 S1 G% W7 s* @3 r[ml2_type_vxlan]
/ O# W) M" k- w3 a& b6 {" P6 F+ A' W# ...
+ c1 Z# F9 O9 S& Tvni_ranges = 1:1000
" c5 k3 g+ q, i' \2 e @5 r$ M: L
) R6 X/ Y; r- y! j6 w! E0 c8 w[securitygroup]2 y* D4 g9 F! i( H6 v
# ...
+ D2 }4 M# g* D) ?. q! `$ g& henable_ipset = true
7 K& i8 }" S, d7 Q- G% dAI构建项目
/ d) [: J: l7 V# }$ jbash
/ ]4 ~$ k$ x8 X5 S5 k: y5、配置linux网桥
, T ?4 k- n5 D( V* i 备份/etc/neutron/plugins/ml2/linuxbridge_agent.ini,删除其注释:
# x: G6 e3 k M7 t m
4 _$ f5 A9 ^* ~0 j, e/ K: f) w9 f5 ?mv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source
+ i+ k: K# T, f! l' Ecat /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source | grep -Ev "^#|^$" > /etc/neutron/plugins/ml2/linuxbridge_agent.ini& x! l7 J0 e8 j9 _! A
AI构建项目
" l' u- B( R/ `% |' V" @bash4 w8 l: F8 E8 |, u z
对/etc/neutron/plugins/ml2/linuxbridge_agent.ini进行以下配置(physical_interface_mappings 的ens33是网卡号): z9 M. y2 X" e- w1 Q# [% A4 a. p
/ G( h% U* z% i8 R. A% ]- R7 |
[linux_bridge]
K' {! M2 a& u, K) rphysical_interface_mappings = provider:ens33
9 q- f5 U9 g6 m( v' Y2 C+ m4 Y 6 U" p7 }. Y9 [9 t& T& S/ b$ p& A$ [
[vxlan]
# F) c! ~- Z5 H: f- O( r3 Cenable_vxlan = true( ?9 Y/ b: B9 N- D$ |4 C5 [
local_ip = 10.0.0.11
# x* b( p5 l4 Q# h4 ^3 B$ d. k# Wl2_population = true( T9 `) ~) G- j% Z
: S' R" A3 D2 p) g- B[securitygroup]
& z# l( t a# H0 i: ~# ...
3 f% c6 Q# J6 {3 renable_security_group = true
( f# [+ l) K5 _1 K( c7 a) T& y8 ofirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver" T1 l7 G; ~3 r( D) F& M: N
AI构建项目& `$ a0 J5 i. x. Z- a( Q. w# i2 i
bash
9 `; o7 i2 Z' |) _; v: L修改 /etc/sysctl.conf,保证系统支持网桥过滤器,添加以下内容:
' `9 s ^ P% I# a, i, p& [ ]# Z& p' Y0 I9 A6 H
net.bridge.bridge-nf-call-iptables = 18 i. p1 V5 N% i" B+ P; U
net.bridge.bridge-nf-call-ip6tables = 12 ]' s( y1 T! b/ E7 w+ y; N1 C- k
AI构建项目$ n3 S3 ~0 K/ w. p# s. a3 K p
bash
4 N- O8 d; p! F# ]8 p如下图:
* P- T6 G' Z1 @+ \
3 w- |! s1 p* j6 E- w# D( ~. k# L1 G7 X" M5 ^$ q
( {! f" ~% \) G2 w5 u- ?$ e4 {
添加网桥过滤器,并设置开机加载:
1 h: t; ^* ?# v! O( K6 z5 p' S5 z: R
modprobe br_netfilter3 \$ s" n) k) _- V4 U% K) H
sysctl -p
& e& m( q* f" Q# C- e/ W4 V$ `, z" Ssed -i '$amodprobe br_netfilter' /etc/rc.local
; z' M: D% S( HAI构建项目, b4 x6 @0 h. f" L* e+ m
bash
l; M& P7 z6 ^, W) q如下图:
' `. L3 e4 Q9 n2 `& {9 o; J
8 m7 T$ f. j; I, L- w8 R j" ]" E" @3 V; ^+ r
; e( z) b6 J) d; ]2 s
6、配置L3代理
) [% [5 s8 P. ]- L; i, c编辑/etc/neutron/l3_agent.ini,添加以下内容:0 b4 \3 ^1 C( A! q
. r7 K' [8 y, T; w! ?
[DEFAULT]
1 k# C9 g0 f% n* N# .../ W1 [2 I$ H: |! T* Y
interface_driver = linuxbridge
" x/ c$ r+ f$ X" W8 n! zAI构建项目- |+ @4 \# l0 P2 w" R
bash* ~! f" ]( d4 R5 k
如下图:1 l6 Z# a. V" F( U( W
- Q# o9 ^: [. B. t' }4 ?0 D
4 u' K1 [; y( \. K$ {$ s" X. N1 x/ N+ h
0 r0 x) b3 A4 u! y
7、配置dhcp
1 A. ^8 R6 A) w: l6 ~# T7 N编辑/etc/neutron/dhcp_agent.ini,添加以下内容:
' N2 i+ g" X* l) E% x
/ ]* z8 m" ]( _1 F }: _7 b[DEFAULT]
I9 R9 T ?& {% K# ...
( d% V( l" ?! j: [' I8 v8 @, Yinterface_driver = linuxbridge
* i9 y% w# ]9 S+ P6 _$ Xdhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
+ l3 J5 ^# w/ }- K! [" N" K' wenable_isolated_metadata = true
. B n2 `* r" q nAI构建项目
; I/ o. {$ l# i. f4 r* ]7 A, C$ Pbash5 k3 w1 V) u& u5 A7 i* a
如下图:
% f! s0 R% D* r1 B
+ R; J! n0 @: G# i4 H! m: T
" u+ D& x( N) Z' U& P' x8 \1 o. b) H
) t2 F& m4 h o9 G. N8、配置meta代理
4 J0 `) s) z( k' q* h3 J编辑/etc/neutron/metadata_agent.ini,进行以下配置:& r$ L/ h. x8 I, L+ W: B) s
2 S% y8 f, x6 f0 I9 N
[DEFAULT]; i6 u: v6 T3 G! L6 J
# ...3 D7 R$ F; }) H' \
nova_metadata_host = controller/ ]1 m0 O9 g9 k9 @0 g5 m4 q
metadata_proxy_shared_secret = 123456
7 k% P/ x) n5 ~( m9 B7 e; i! UAI构建项目
: ~8 a& O2 i/ ^ \, T" d. Gbash2 q2 h5 z6 j+ ~. j( g" t
如下图:
5 n n, _0 d# W* ]+ l
! l3 Z1 Q0 f* i* r7 f8 S* u. a3 K
2 s3 q2 t4 Z( B
9、配置nova使用neutron服务
4 B# J U- a. h3 S3 `% N编辑/etc/nova/nova.conf,进行以下配置:
7 |: Q- X2 c- _( Y8 F1 w& U
# L) ~8 b8 b: B[neutron]
% v2 V" S+ y/ k# ...
( s9 v* b1 L7 A9 Xauth_url = http://controller:5000/ `: ]+ m# z. Y% N& V5 u9 D0 N
auth_type = password7 {4 p ^7 p9 B7 {" _
project_domain_name = default9 W* g3 u: k3 }/ M9 S, y* J' n
user_domain_name = default% q# Z p4 ^. h8 F0 Z: z, `
region_name = RegionOne
, ^2 a7 q, S* G; T# w* `project_name = service
! H; R; X! [" B5 nusername = neutron
# t9 `9 p5 ~" v5 Zpassword = 123456
' u# W4 Q% u; ^7 e1 d. iservice_metadata_proxy = true
% }/ D6 T" U+ Q" v" E% |metadata_proxy_shared_secret = 123456
: y, e/ q4 B5 p+ U& _AI构建项目4 ?: s9 n2 P+ C, ?
bash% u# V9 b, [" O. k- h6 r3 S
如下图:5 S* f0 ^$ G$ [0 t
7 o8 r2 q, N4 o2 t8 u- Y
: F; H5 M$ U$ V @
/ i3 \+ t8 d+ W) E7 E$ L10、收尾/ e- o. Y. J2 r$ V, p
创建软连接:
0 H) C' ]1 H9 ]& E4 k3 o6 z/ X5 X4 M7 c ~& U" ^$ d
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini/ M; k* X- k4 w/ o. f$ c% [
AI构建项目
5 `+ |& `9 c. W) ybash
0 }( W1 k; ? A6 E) f0 N2 l1 y同步数据库:% S. f7 K- O: l6 G
1 p L# S# t( E5 L0 w; a5 Xsu -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron$ w, q: s$ Z% _, {' @" S Z
AI构建项目
% H; u( y7 V, Q0 o6 J" Abash0 S. h7 I- W$ P+ S9 `, z
如下图:
' U N' r1 y5 s3 B# j2 A. T1 h8 @4 x5 U: w) q
, m- F1 P5 `6 v
6 j9 g2 B& p$ [3 r, j6 z/ X3 J重启nova-api:, c2 B( p% Z- Y2 k7 [9 K7 p' y
( }7 V# J# d: \
systemctl restart openstack-nova-api.service( Z# ^# H# f( O2 Q
AI构建项目! P: m) t$ k p$ m6 P5 _
bash
! w) [5 _0 ~( k: U% l! {% a4 \设置开机自启,并启动服务:
( k. C) m+ }" P5 G7 d
- r, m) e( I2 X) lsystemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
, p# L$ [5 r. B( Q! c& ?systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service$ Z R8 C8 w$ I6 \( l
systemctl enable neutron-l3-agent.service
5 f; F* Q7 V' r6 }' M) f) `+ Dsystemctl start neutron-l3-agent.service
. u, E7 X' K1 v. pAI构建项目
& ]7 O A( v. v" n& qbash1 A4 i& d1 f6 f6 |. \8 ^7 A
二、计算节点配置
3 t8 b b. h- W+ Y7 W在计算节点完成以下操作。
0 H& W$ v7 E1 `+ x' M6 {8 A
2 r0 ], n" A: y: Z4 b1、安装包& m1 E7 t( W) _- n# n3 I: |
安装包:1 f0 A8 S) c4 H {7 o* w
9 L' W6 M9 b7 ]& V$ n
yum install openstack-neutron-linuxbridge ebtables ipset -y9 U; w9 T" S* C) @) T$ ?
AI构建项目' X& @) J% h$ t7 Z+ o, p
bash
. z1 y3 ^% {; J. ^& ]& [- f 备份/etc/neutron/neutron.conf,删除其注释:
1 }2 V4 a. T9 Q7 ^+ G8 i4 P9 b6 {) r F, J5 y. t9 m) \6 C% J
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.source
% P% f. K1 u6 s( x% H9 ecat /etc/neutron/neutron.conf.source | grep -Ev "^#|^$" > /etc/neutron/neutron.conf
3 A2 [- R1 D- Q% O+ bAI构建项目; L1 p" Q) p: z
bash
+ v7 C! H. T4 ?) [编辑/etc/neutron/neutron.conf,进行如下配置:
7 {6 }. b# {7 a8 Z, T% D# a6 ]/ v/ g( D6 L
[DEFAULT]
y2 J) o. w% x8 ~3 {$ Z& I# ...' \4 @7 c0 v0 L) S5 }) r
transport_url = rabbit://openstack:123456@controller
+ Q# A3 Q7 U+ k* G0 P! S, n: Rauth_strategy = keystone1 x; }2 D" x+ } J+ y! y' F/ I
% Z# d* |% _, |1 o[keystone_authtoken]
5 x8 j" S5 a4 [/ J8 v6 X# ...6 T) p" B2 ~3 g% \7 O' R
www_authenticate_uri = http://controller:5000
7 R2 T$ y7 D+ Y8 c. u! Q! hauth_url = http://controller:5000
5 f$ s/ [+ c' F+ W! K/ R7 Gmemcached_servers = controller:112114 ~ o. n+ v' ?/ Z! O# [
auth_type = password
3 x$ n: }/ G( @project_domain_name = default7 |& X/ N; p5 T' A# Z
user_domain_name = default2 e2 [3 i& {, ^& R4 U2 K
project_name = service
; B( F! t2 A! a7 y1 {username = neutron
. l6 k5 ] W# [password = 1234569 G9 z" h9 K0 q- n9 j( m) [5 R
, r& |$ z% t8 y0 C
[oslo_concurrency]& M6 }! C, k% J% q9 X1 K8 A
# ...
+ _1 D) V- V8 H1 Ilock_path = /var/lib/neutron/tmp5 z5 B t2 E& L: D# e U0 k! \
AI构建项目
9 s) k9 i5 k+ u9 p( a6 J# q: ?bash" ]. I4 F3 e8 y
2、配置linux网桥
b4 |$ a5 D4 J0 x. P8 F 备份/etc/neutron/plugins/ml2/linuxbridge_agent.ini,删除其注释:
/ C& R# S; U' [( s$ G: H: g1 `: b# P" K0 D/ b. P H& }% x
mv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source
1 w& z$ a6 _ W0 ?2 T5 |cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source | grep -Ev "^#|^$" > /etc/neutron/plugins/ml2/linuxbridge_agent.ini6 w/ n/ Z! e4 @# F' W9 l) m' u
AI构建项目
/ g' d, b. P) ?, \1 D# W7 Rbash
1 c# S h- d3 J) \6 X0 f7 z9 v- i对/etc/neutron/plugins/ml2/linuxbridge_agent.ini进行以下配置(physical_interface_mappings 的ens33是网卡号):! O$ N7 V3 W: b( A# m: B4 u7 L: a
" I3 Q- u) s _( z o0 v[linux_bridge]! m; K) z" N6 _3 ^
physical_interface_mappings = provider:ens336 D! Z- J1 U1 o0 V5 `6 |
) E# Q0 L3 s) i) Z' p[vxlan]
9 r; D* Q2 e c: l0 a7 {, |* jenable_vxlan = true) M$ o0 G. b) V) |* s, v+ `5 z8 o
local_ip = 10.0.0.31+ g8 {7 x- l, v _6 G
l2_population = true" U& r! ]* R" x3 z+ ^- s! v+ r
& g# l6 m* o6 a6 `3 [! K
[securitygroup]
9 D' Y% m$ B! y% x; v; b6 A7 ^# ...
! M* y5 h6 \! B! zenable_security_group = true
* T! v- M- ~/ A- p+ A1 o& ?firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver- ^- N- E5 y% u8 i$ l, J
AI构建项目
1 o( _& @, Q& A3 q; S/ b0 Ybash, O6 y- M3 u. [0 Y$ J# ^1 q
修改 /etc/sysctl.conf,保证系统支持网桥过滤器,添加以下内容:
7 F9 o) x+ B/ p" B1 e+ u3 U* Z4 K
net.bridge.bridge-nf-call-iptables = 1& ?# E" s2 C9 m5 H
net.bridge.bridge-nf-call-ip6tables = 1
: X+ d& h3 @# O) ]2 eAI构建项目3 h, l7 N9 z; G$ a$ Q! C
bash5 }: ?4 g+ a/ O$ F
如下图:) ~( j! ^5 ^9 l
_2 v7 P0 `4 D
. `# a0 o, o. x2 h/ u" w
, M; G, r+ n, y% X; U 添加网桥过滤器,并设置开机加载:
8 P. G5 W: x4 n o; w% s7 v
; P7 M. z1 @! Smodprobe br_netfilter1 u- Q4 P3 r) I$ x# W
sysctl -p
) L, ^4 O& a, H1 b$ q; T8 [9 g; Z1 Nsed -i '$amodprobe br_netfilter' /etc/rc.local3 N" w `1 }7 X$ S6 d
AI构建项目
& b( f, B! o: N! |9 {8 U& [6 sbash
! l5 u8 j2 h( `) ~8 \9 H如下图:
) G* _: b' ^% v4 W# L+ p1 @9 P9 C$ {" b* ]
5 C/ a( \4 k5 i2 g+ R
1 ~+ r, u6 g( D' i4 f% s3、配置nova使用neutron服务
7 \0 _# M( @9 v$ p7 e 编辑/etc/nova/nova.conf,进行以下配置:1 j: B/ p2 v r7 Y: L
- U' F/ b. Y6 i[neutron]. T* a1 `9 E4 y3 ]
# ...
5 K, E# Q" J# \7 b3 Lauth_url = http://controller:5000" L+ M, ?8 u5 N. `' @- k8 s$ {
auth_type = password* ~) V, W8 h8 Q- O( F7 p& f% \
project_domain_name = default5 G0 p" t1 l6 f7 n, A; J) K
user_domain_name = default7 [$ L- H5 ]9 k( ~7 N
region_name = RegionOne+ v K% R+ l! y2 _% Y- Z+ H+ @
project_name = service
4 L7 T& B' V! Q( S" H) G. L wusername = neutron; V1 c1 n3 z3 }
password = 123456
/ X* s9 t5 _, \. o# l$ x2 _! d& HAI构建项目
4 V% t9 ?$ _" ]; f& T. }) Wbash7 D* X3 g# q; F) i& |6 Z/ `
如下图:
& g1 E2 X, m3 M" r, R# L
/ |* j% Z7 f5 n5 M1 p7 x' A- a3 M" B7 J/ W, M0 C
4 v* \* P- c5 H+ w- O4、收尾2 O4 {! R# ~! W. C2 D2 [
重启计算服务:
. a- S/ g0 P1 e4 T; Z1 Q
- U2 b4 W" ~- V1 T5 [. C- {( nsystemctl restart openstack-nova-compute.service
% h0 R# B* c; I- c- g0 GAI构建项目3 h, e. q6 X8 j6 I5 C
bash
5 f% x# k6 a% _7 x设置网桥开机自启,并启动服务:; W/ {/ Z. b- S; l$ e! a4 E
% m: X. N0 P1 D! I$ asystemctl enable neutron-linuxbridge-agent.service
' W( m2 W" g8 Z# f' qsystemctl start neutron-linuxbridge-agent.service
6 Z$ d* u- M0 J: e5 K, SAI构建项目+ u) \5 D: r. G* A- y5 U
bash M( u5 G2 |2 h: X+ @, |
三、验证# L1 X6 w. S; j0 {- X6 R$ z
在控制节点使用如下命令验证:# o' Z8 x7 o/ V" G5 b$ k* c; c$ Z
. Y7 V& p& y- c) x! _
openstack network agent list
6 N7 U. b+ G: v |
|
发表于 2025-12-18 11:08:33