|
|
一、控制节点配置+ H( B( u, w8 o1 \1 e
在控制节点进行以下操作。) h- ?! M4 r" I6 r6 v. H# I8 Y" \+ K
$ o5 _- Q7 p- X
1、配置数据库
( f. f1 S% Q" A3 ?8 P8 O进入数据库控制台(密码123456):
# z! R: F( B. r* y
0 I0 H4 `; Q N. A1 T6 w8 o$ Imysql -u root -p
! u9 m7 _$ k' |: i ]5 B: j. J5 u" P5 P0 I4 y
: Z) g/ |( {# h1 E$ l @bash
/ g3 Q) Q/ A3 W+ X! a. `7 Y创建数据库并授予权限,退出数据库:3 f, I" Q# x/ v- n( M& o
3 P' s$ }! u5 G6 K7 L9 \1 U) DCREATE DATABASE neutron;
* o7 B$ A! ?$ F* ]GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';: Q$ ~3 e3 |, b) A# A
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';
% D5 X4 m: q' p7 M
/ E$ \ Z9 B9 d3 M6 Y3 ?
/ b7 c* T8 c6 C1 n
7 J' ]! {3 V3 r
5 p. P4 b9 b4 G7 ^; h! S3 t$ t2 ?* \9 ~2 M g6 O7 @4 D
) c* I/ y g. A$ Z# r
2、创建neutron用户
: l1 }* G5 n5 T. c6 _6 D0 N登录admin支行好:& f3 v% @; V$ j0 }" X q
8 y8 L3 |3 n) D7 t
. admin-openrc) Y- O: \' U" N: Z5 w4 S
% P K- n0 B- m* Sbash
6 ?2 v! f3 i! h8 |- r1 ?在domain:default创建用户neutron:
' h; H0 C# K/ L! G7 ?- ]+ D( J- P2 g. l6 a# u9 R' |' l2 t
openstack user create --domain default --password-prompt neutron% ]( ~& x- l: h& F' r
- {5 b" B+ ~. |- i
bash
# t, S4 w+ O' O/ q- h: ^: i0 @! F如下图:3 L' |$ p9 V! L1 G2 |# ]9 e9 p7 ^
1 ^: p! P# N, g' X t
0 P* J& ]% ]! H1 e- m$ Z4 I) r0 w& R6 G
授予neutron服务admin权限:
- |' Z% q* b) F( R K9 Q* I) n7 h! @0 ]( M# i4 ?' d
openstack role add --project service --user neutron admin
9 X' J& h/ P: c5 y" G5 x, R# w/ y: A/ J0 Y' F
bash5 v4 C/ F! J/ S' _/ _" y5 k5 n
创建neutron服务入口:1 j/ o3 T. y1 m9 |6 l
; @& l) F) l1 k5 a' D* b; _0 Y
openstack service create --name neutron --description "OpenStack Networking" network0 H% C9 N( n4 [
8 d0 X4 o! k3 Y+ X% R1 Rbash
# L8 q7 ?7 W3 _0 |如下图:
1 a* o3 }5 m; z q2 e& m6 M9 }. I- v d" \4 F
; \0 a/ J: W7 S) W: `7 v
+ {& P. c* ~. U/ R
创建网络服务API端点:
7 V7 y7 N2 y( Z( J0 P. K
2 v7 u/ ^9 _" m/ v$ q& s6 Vopenstack endpoint create --region RegionOne network public http://controller:9696
; O4 Y4 N7 g U* G1 uopenstack endpoint create --region RegionOne network internal http://controller:9696
9 y/ u3 `& E7 hopenstack endpoint create --region RegionOne network admin http://controller:9696
5 B/ e, j9 Z5 ~# D; QAI构建项目
! Z! _/ f5 W" g" a. Tbash
3 j. k& S( a9 v如下图:% ^3 w, d4 q$ C+ {
1 Z" q/ s1 E6 {0 K, N& S+ S [1 `. {) n3 R8 N* B! G
/ l& u- u* O o( q# Y
3、配置selfservice网络) P5 Q' P! ^9 O8 g1 _: n
安装neutron:
. D4 U/ m1 t- w3 N( I5 {4 R; L
; O6 c( E% i; N( [4 ?0 }yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
5 N& E+ p5 s- d( I3 V& ]4 D/ EAI构建项目
; I, F' F' T3 [5 k( s0 ~. a! U/ xbash: A; O* \2 y3 E4 q& F
备份/etc/neutron/neutron.conf,删除其注释:
8 Q; w( i- u& X
+ O# h4 M a5 |7 Emv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.source: V5 u. U$ f; k$ ?! |8 Z3 J
cat /etc/neutron/neutron.conf.source | grep -Ev "^#|^$" > /etc/neutron/neutron.conf
! d% e0 Q: B' H. sAI构建项目- e- X! g6 f, D% n' l8 ^4 j
bash) L- L3 T8 O c3 | p' i
编辑/etc/neutron/neutron.conf:
, Z. s" Y- t- W" T { q7 R9 e% b# K/ o) x1 M+ Z. V+ `
[DEFAULT]- j* a& a$ Z& j6 l, V
# ...
% l' S/ \( Q* [( c* v# T* Kcore_plugin = ml2
2 a8 l, M. {8 _7 t! U5 s$ hservice_plugins = router( n/ T5 R2 ?4 q8 U& l3 h
allow_overlapping_ips = true
% x _ m6 |1 p+ H/ H/ [4 S* \transport_url = rabbit://openstack:123456@controller1 h/ {' A9 T/ m0 r; `5 R
auth_strategy = keystone/ X* x' |' C/ M0 u
notify_nova_on_port_status_changes = true" B6 D+ E, H, b+ C
notify_nova_on_port_data_changes = true2 X+ x0 v" z6 e. L4 j* K
- i' M& F4 Z* C' _# V4 j: j# j2 q
[database]
8 C6 Y0 `3 }' m# ...
: U+ O7 |+ t* Sconnection = mysql+pymysql://neutron:123456@controller/neutron
# @; p' R4 N b- ?! C
4 y" @ `% x0 T4 @3 n7 e# N: H) ][keystone_authtoken]
% I4 Q( j! S3 o; a/ C# .../ W# n1 p2 f6 e& Z/ F
www_authenticate_uri = http://controller:50001 Y) ^# K; Q' [2 W5 ]0 g. Y
auth_url = http://controller:5000
8 \/ P2 L1 _* }+ C) I+ k, m* `$ x* Xmemcached_servers = controller:11211
- G" Z0 x& W+ P4 T6 D) J* b) zauth_type = password3 @4 \$ Y3 D+ B- k0 F% f
project_domain_name = default
! g& J% K0 B* A# L0 u: huser_domain_name = default
/ ^+ p0 D0 t% m+ l$ Z" lproject_name = service
/ c( u5 M/ D6 s1 R7 [' Busername = neutron4 U) I' l) F1 g0 B3 C# ]- r5 M- i l2 c
password = 123456# p4 Q- I4 W h
: Y8 n5 Z2 w) ]% R/ C$ c9 a# k" f
[nova]
1 K: K0 I9 W& l' _* L% U0 R# ...( R+ r4 y7 X& ~" }9 A
auth_url = http://controller:5000
# N) w1 y5 P5 N$ Rauth_type = password
8 V0 E X4 i* c2 W% H3 o- M6 Kproject_domain_name = default4 m, g0 W0 @6 S( g; r1 f/ ~/ v5 Z2 P1 m
user_domain_name = default
0 b; V4 a1 Z5 Q+ g$ `/ Rregion_name = RegionOne
5 z7 \' |3 v+ }- R; q p9 O. mproject_name = service; q9 P6 L" x' L; }8 ~7 l$ x
username = nova
; B, |* W' X7 v& v8 T# apassword = 123456
, L: j8 g3 Z: D7 H1 L
* S2 H/ _9 Z" | |3 U[oslo_concurrency]
2 a4 u. B7 B& _( I9 Q i9 I% y# ...
) v, I& o5 A; J! i O. f. \lock_path = /var/lib/neutron/tmp+ ] U+ D$ L7 ]; _0 d
' d, ^3 O O: Q7 O# Y, tAI构建项目
, v& k! D( X+ w+ pbash" \0 n0 U L, f# d; P+ b$ A
4、配置ml2
( b- Z, m. `% |7 g1 u9 f. ? 备份/etc/neutron/plugins/ml2/ml2_conf.ini,删除其注释:
) _5 C$ ~* W% d7 T7 d# z; @& j0 w l, {6 V% E- |6 S5 s7 Q
mv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.source' w: M, T& L! g" X: V+ `8 M
cat /etc/neutron/plugins/ml2/ml2_conf.ini.source | grep -Ev "^#|^$" > /etc/neutron/plugins/ml2/ml2_conf.ini
+ q, x* i) K! W- uAI构建项目* r% Z$ z0 n5 W3 _4 K/ ~2 h2 |
bash
" N/ u* l: Y4 x+ a7 L) y" Z$ g对/etc/neutron/plugins/ml2/ml2_conf.ini进行以下配置:$ C8 n: @' P- p# u, |5 a$ u
# _: W8 d8 j/ w+ O; n' x. U- F/ Q5 W[ml2], d& @6 f- l0 T8 m+ f3 [/ h
# ...
2 l: g% h" E, Z z* |# I( u3 itype_drivers = flat,vlan,vxlan# Y3 S& G3 Z! s, E1 d
tenant_network_types = vxlan/ _( u. h2 E5 G; L( q4 @4 h: w
mechanism_drivers = linuxbridge,l2population
9 ^0 J8 s2 N" Iextension_drivers = port_security4 `- P5 D, M. J- l) d
3 w# @3 Y& @+ j: C+ D# j[ml2_type_flat]6 c7 y' F7 l4 p+ \& U
# ...9 l4 s$ l* N, J! }5 @# v6 v5 l
flat_networks = provider
" O1 p- l' W& i$ C$ f# l& d 5 Z0 C9 B1 ^- u/ Y. ?+ x, W( e/ z. N
[ml2_type_vxlan]
1 R, B' U+ S& O" o# ...7 |% E1 ?; q! Z% Y) z. T; C& @; `7 H2 ?
vni_ranges = 1:1000/ c7 I4 D9 l( x! Q5 B6 c
# k5 M" N8 M$ z1 b! U9 z0 P/ l[securitygroup]: m& X- {9 A) w8 ?: Y
# ...; X0 a" a0 A- `
enable_ipset = true
% D1 m D3 y6 G& ]AI构建项目- u% j5 X1 f- i3 p3 {9 {
bash$ a n. m) G6 @' D
5、配置linux网桥6 P0 j D+ O* T/ Z9 K. X
备份/etc/neutron/plugins/ml2/linuxbridge_agent.ini,删除其注释:
& `1 T8 m4 h3 ?6 v: k9 d! a9 _3 o" w! ]$ j* M
mv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source' C3 v9 P4 ~$ ^# l0 z
cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source | grep -Ev "^#|^$" > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
. W9 M8 Y" T* E X; |AI构建项目
' M- A& U6 W) S2 X4 T& F- q- L1 ^% mbash
( k2 a3 p4 Q! Q; {9 I对/etc/neutron/plugins/ml2/linuxbridge_agent.ini进行以下配置(physical_interface_mappings 的ens33是网卡号):
1 Z' T3 p* Y% W) x6 z$ k4 K. f* y: c
[linux_bridge]
- n% t$ v4 k0 G! K' H% ~! T4 _physical_interface_mappings = provider:ens33
, {/ d3 ^* R- r3 A& X$ B7 ] Y
# V( y+ S3 Z2 W+ a- W1 Y[vxlan]6 D ^2 B0 s6 r1 m! M6 f
enable_vxlan = true7 [$ Q# W' F/ y1 }& J# X$ g
local_ip = 10.0.0.114 O/ d, p4 A% j- {2 o
l2_population = true1 ^" `( h! J* w8 d: g8 U
4 A; h3 q }! S
[securitygroup]- l) y4 v, Y' |0 c }
# ...: ~5 l9 { K: A: l3 d: {
enable_security_group = true$ a4 Q! W1 e4 R9 N8 q
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
) k7 M2 z7 y H% w( lAI构建项目, B7 z! ^3 ^0 k+ q+ g' ~5 B
bash
) [7 F) L2 e3 h8 w7 w修改 /etc/sysctl.conf,保证系统支持网桥过滤器,添加以下内容:
1 L* g4 s7 ?/ N0 ]0 j1 C8 k/ r- f1 h5 W& ?- v* y# j% C
net.bridge.bridge-nf-call-iptables = 1
& q2 Y( J' z9 Z( U% unet.bridge.bridge-nf-call-ip6tables = 11 s K3 {0 ^5 O0 E3 u
AI构建项目5 V% y: ?- p$ @
bash
" R$ m* {( x+ N3 G$ u1 y/ R如下图:
$ Y8 _( l9 [% z6 n: ~* I
) i6 L- ?' {3 ~2 d3 y3 R2 J8 i6 p9 X9 w Z
) b, U/ |, q3 w4 e9 Q7 n2 h/ {添加网桥过滤器,并设置开机加载:, u! ~, Y' L( V: b8 C; r3 x
@, Z. a) }$ g% |# T0 Wmodprobe br_netfilter
2 h, y L5 O. @# t# J# `, {$ Qsysctl -p+ v& r" a: [) E f, A3 ~1 b3 v5 c# A
sed -i '$amodprobe br_netfilter' /etc/rc.local
/ r6 r& b. W* Y& jAI构建项目7 j0 z/ @; L, A$ m/ v6 A b
bash- O; M) g+ {4 u- E% a
如下图:
: m+ @5 P( d* h2 H, s# W9 p9 r! x$ M) n3 e% K( r
3 ]. ?1 O" i0 O: k4 s: r# W+ u
' @2 M6 ?) a' a9 O9 a0 Q2 s. o
6、配置L3代理1 f, K4 G; {+ J. q
编辑/etc/neutron/l3_agent.ini,添加以下内容:
5 u3 h2 y: D, n+ F* n
- d( e9 `/ @) R" Z# g, J; `[DEFAULT]
# R: v$ ?9 N- i' n$ K4 R9 N! k# ... j: V! V/ j. q4 p, p
interface_driver = linuxbridge: [( {4 g+ x4 I3 b
AI构建项目
# {6 |9 F9 s) k/ P' [- [bash" c! y4 S3 ]! q' m7 u4 Q
如下图:
1 ^" Q! ^- Y8 A" R
; U; b# P7 Q/ @+ k! W" P1 d# m1 k0 R. b5 x! _, J% J6 U: M& I
n9 H/ }( j$ l2 N) `
7、配置dhcp
0 v0 n' B5 |+ u" P编辑/etc/neutron/dhcp_agent.ini,添加以下内容:2 N o! I2 h6 c$ F- s
0 K( T* Q3 q3 I
[DEFAULT]
3 _1 y& B% o3 S0 t% `# ...
9 J; ~1 W/ @: k6 xinterface_driver = linuxbridge
% b3 Q0 s. s$ A) `; k9 N4 N9 z5 zdhcp_driver = neutron.agent.linux.dhcp.Dnsmasq. {* J! `/ U* R: y1 ~! Z) U# _
enable_isolated_metadata = true
& C* P% w# M0 r9 f6 o7 DAI构建项目
. i! t' W5 z& ?' X K, _4 C1 C+ z8 M; Sbash
+ x3 |2 x9 S) h1 l* S9 G& P如下图:+ {0 O, @- a( ^+ u
; D3 B$ M" A6 L$ G# G4 f3 L; ]/ D$ g9 W
7 x2 x) F5 N- [% H$ A) t5 ~. s7 r
8、配置meta代理! B% c4 f0 _+ _/ N, |
编辑/etc/neutron/metadata_agent.ini,进行以下配置:. s1 _, D1 Q7 G
; K+ m' t9 y( ?+ Z6 o* W, I
[DEFAULT]$ o( o! q# b7 B4 p1 B, E
# ...
* y/ b8 B6 q. f! C5 T5 L' Pnova_metadata_host = controller
* T& V; O/ v5 p+ l) e, u! L* Rmetadata_proxy_shared_secret = 123456
7 |+ K4 @. w5 }$ x4 ^2 B5 CAI构建项目
R+ V( b3 N& g) c* ?bash, y5 K2 S' T1 ^- f+ L4 e; g
如下图:6 N2 d4 i+ d) ?5 {
3 Y6 A. N0 T7 B! e, s! @% S! S: C4 V- ?1 z/ ~: l4 w
; `5 p! P1 ~2 ^+ G0 a3 ?9、配置nova使用neutron服务
# \- g) r0 g9 o/ Q编辑/etc/nova/nova.conf,进行以下配置:
/ t2 e1 p1 Y3 g$ Q4 s; Q' U! _3 B
" B. G' m4 K9 ~+ N[neutron]
9 d% _8 f# A! W3 `# s$ u5 q( f& H# ...
4 p: M$ @" Q4 v) Gauth_url = http://controller:5000! b& u! M3 b( f5 N. x9 ^; b
auth_type = password8 k+ h4 \" {. r+ X9 e _: d
project_domain_name = default7 ^6 Q, z O0 P! z1 L
user_domain_name = default; l5 g0 @# t. K- r# t4 V# v# P+ V% P
region_name = RegionOne
& S/ R" U1 [# E) \0 S" _0 X- u! Lproject_name = service: V3 ?! v6 X2 n* E! X. O0 d# W
username = neutron
: g6 r& t* x1 _ q0 jpassword = 123456- c" s. y7 Q# ^: S: T
service_metadata_proxy = true; i. r: ^4 o9 P( \ K6 z
metadata_proxy_shared_secret = 123456
% ^" {4 t0 N5 |: \AI构建项目
& {5 o7 U4 n# f6 Ibash9 B& V: O: _; C) `1 m! O5 j
如下图:2 q% Y p; W) ~. f8 L/ Z- I: J
; R8 V6 b8 `6 N. J* c$ u6 ~
7 s9 @- E2 u% s, Q
, z1 \4 H& k2 i3 e10、收尾6 Z* f! V* }' b5 f% Z5 e
创建软连接:& r" Y3 j3 z: u+ Q
# F0 t7 \0 o" h1 Wln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
: t& U. [+ x6 Y4 w3 RAI构建项目* H3 h3 R4 A2 e1 s; F( O
bash5 H' k. [& l2 ?
同步数据库:
5 i/ Z- I) {" r9 [7 n6 o8 a! _" Q( z' R0 m- B: Q8 L/ I! l
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron; v# }$ [ K* F
AI构建项目/ ]7 U z8 B& S- U& l* M
bash
; A; W* R+ l. B如下图:+ K8 f' g/ L5 ^+ Q' f2 C H9 n0 m
E2 y/ O% p# t/ U
! a k/ r) C. g1 k$ c5 H4 G' ?: R+ `2 h# q: Y& N* B% g/ J
重启nova-api:* G; t( T% R1 U4 Z7 W. J6 i
7 p! X% _9 a- d! y& Nsystemctl restart openstack-nova-api.service- Z u/ l6 @1 S4 P+ [# ~ {' c$ e
AI构建项目, B- Q. N9 A3 t' u5 @6 }+ a
bash8 y0 U; b, B B8 s# @2 w
设置开机自启,并启动服务:6 U2 ^- Y# D6 W8 z
$ y7 n0 M, X, ysystemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
! i7 ~6 D- L( a6 fsystemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
: |/ y6 Q4 q% B' T# |systemctl enable neutron-l3-agent.service
* v T3 g# P x# j4 zsystemctl start neutron-l3-agent.service
! S7 d4 I+ {% a4 r# _: xAI构建项目
& n7 k }- j1 [5 nbash
: D0 F7 L% M! b' |0 z& f二、计算节点配置
% G) g; U2 F5 w& d在计算节点完成以下操作。5 R7 T' p7 h* K" ]1 C" C
3 @2 Y2 `1 x- v
1、安装包
8 H3 I5 |8 s$ v$ P# N+ m# @7 W% h安装包:- D' p; N: Z o% g; F
; z" A3 G7 m# n5 j) f& D' q9 _) Jyum install openstack-neutron-linuxbridge ebtables ipset -y+ l) l) o' D( _; h1 K* p
AI构建项目
' |( E) _) P; R" Nbash& O! x S3 F |3 @ u b
备份/etc/neutron/neutron.conf,删除其注释:
1 W1 h: P( p+ y1 s) }4 s) d, o5 C5 z( m* J4 S
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.source
3 o' p# u! a0 o1 `cat /etc/neutron/neutron.conf.source | grep -Ev "^#|^$" > /etc/neutron/neutron.conf
1 q' x/ H; g# ~# C" @6 xAI构建项目% z# c5 N6 I8 @- a
bash
! O8 V( p, ~) U: x+ e& N7 a# \编辑/etc/neutron/neutron.conf,进行如下配置:
7 n% p* H# X a& d* W. I1 Z7 i
6 b8 n3 k% z) y0 c[DEFAULT]. L& h( D; Y; x3 t
# ...
* I1 D* ?1 l' w% P6 J# c etransport_url = rabbit://openstack:123456@controller+ s9 k+ ^) `; f. a' Y2 `
auth_strategy = keystone2 p" P4 c, V; V& {; D h
, i7 s9 M! `8 W9 _8 E: G8 b[keystone_authtoken]1 E. \" q2 _" v0 t- w1 b
# ...
" u' j- V8 m0 @: f0 kwww_authenticate_uri = http://controller:5000: h4 J% ]4 S8 h/ I) L! \
auth_url = http://controller:50001 V+ E% t/ [& Y$ j* p+ R+ @, E9 o6 t
memcached_servers = controller:11211
: Z" M u$ Z$ H7 c \2 p& y1 a6 `, Bauth_type = password
3 O6 r6 [" H+ y7 @' v, |/ h2 z9 ^1 pproject_domain_name = default: i% {( s& L9 l) M4 @8 ^
user_domain_name = default
( k/ R( a0 _8 [project_name = service
/ W) M6 C7 o( ?! Susername = neutron
: r0 c( H4 _% Z: I! j- \, ppassword = 123456
0 A# m, t* s, f1 m* [/ H 5 S/ Q4 V* e/ b5 Y9 s
[oslo_concurrency]& n: B- _5 o+ Q4 _& Z6 u
# ...! M0 I5 H. r( p9 U
lock_path = /var/lib/neutron/tmp
- ?- S* {) H. m0 F% w6 gAI构建项目) U+ ^. |& Y. l* k: _- h
bash
; W8 H2 A1 w) i9 V* H: R2、配置linux网桥
) v% v0 x7 _" N, q9 }9 k9 L$ c7 E 备份/etc/neutron/plugins/ml2/linuxbridge_agent.ini,删除其注释:
% ?/ M: d8 A" N
9 p- ?/ }( A3 D/ _mv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source) X1 n' S7 U7 I* `' d9 ^
cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source | grep -Ev "^#|^$" > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
! Q2 m0 h" t3 J% W" BAI构建项目6 w1 N4 |, c' a9 d0 E; v
bash6 v2 H" B: @2 l$ R& C. y
对/etc/neutron/plugins/ml2/linuxbridge_agent.ini进行以下配置(physical_interface_mappings 的ens33是网卡号):% U! ~: t+ p( U( w6 {1 |
7 @& H0 F3 i0 L; ?5 J[linux_bridge]
& k0 J# ?1 A0 C* H* ophysical_interface_mappings = provider:ens336 I, w5 O: D+ f1 t$ p, b
3 V: I; n8 ]0 @* T1 O
[vxlan]
+ I: ^6 d# J& w; h, q7 [) Fenable_vxlan = true+ n$ `# v0 S! r& Y% A
local_ip = 10.0.0.31
% w0 H. W. K5 t a/ xl2_population = true
}$ e. A- _& Y3 u. M9 E+ Z# n: n + \$ P, R2 t g3 C" W# t
[securitygroup]4 ^# Q3 ~0 Y' X* X5 U9 S1 D9 V
# ...0 s2 ~; e2 f5 W2 U* X1 q% k
enable_security_group = true9 j8 ~: x2 [8 s' e2 Q" O: @; h8 ]# M
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver. V4 l5 f& b5 i# ~( q, Y
AI构建项目
& ~: X' {: y# P1 Y2 s6 |bash8 [0 `" k4 K- P" R1 p8 R
修改 /etc/sysctl.conf,保证系统支持网桥过滤器,添加以下内容:
/ y% P) p* x; r# w2 n% v
" n& ~. \; a, x9 K+ I: Z9 enet.bridge.bridge-nf-call-iptables = 1: w2 Z" g; e C6 W
net.bridge.bridge-nf-call-ip6tables = 1# B, u1 g7 `7 G4 j3 d
AI构建项目3 c- ^7 {( X" }# I+ I/ p
bash
7 y0 m' \" N. [+ n1 W如下图:* J* b# F* S9 v( |7 l
/ U! Z$ O7 T) b* T d4 ^' z6 M
6 v. X2 [9 B" i1 c1 `# C
. N1 s2 N: {. } q# p
添加网桥过滤器,并设置开机加载:
) g+ Q8 k! i) ]6 c1 B& ]( i: p* e3 e) Z1 n b& @1 ]
modprobe br_netfilter( { t$ n$ |$ P0 L
sysctl -p+ ]( s. g P+ R ]+ y: n
sed -i '$amodprobe br_netfilter' /etc/rc.local& j0 l% U9 z K) M3 X1 u
AI构建项目- k" e$ E2 E# z3 k; e! v2 T$ D) o1 k5 y
bash
1 a$ ?; P6 f$ L9 U- e: e- N8 P% k+ ]如下图:
$ x0 P- T$ D8 v3 |0 v8 g2 B, I
1 A, c( Y& N% S p9 Q; N2 d) b4 i' s! B1 P' t
/ O4 ^" ? G) M$ {3、配置nova使用neutron服务
* p+ E- C+ s( b. Z! T4 r# f 编辑/etc/nova/nova.conf,进行以下配置:- y3 w: {, N4 h j# g/ Z
+ F7 ~! K- [0 x! w5 w[neutron]
: W" s7 N& ]; N! W2 M) F8 F9 i3 f) Y# ...
: H* E3 ~' h: K$ G2 f* I; Xauth_url = http://controller:5000; S3 K+ G. n1 S8 N0 Y7 f
auth_type = password% J2 X/ A/ H' n7 `$ ?1 h1 {
project_domain_name = default! f% N/ t$ Q2 i$ k" s4 _& f" N
user_domain_name = default
, s5 q6 @- G: k4 ^) Cregion_name = RegionOne6 b9 `+ h! [1 h
project_name = service* o" j; h5 u( o6 B
username = neutron0 L1 P- Q( F% N6 {6 g3 k I# Q0 @
password = 123456
1 H; ^9 {7 }* o6 d% cAI构建项目& v; Z# q$ @- w W2 i
bash
: L& l& Q ?# O) t如下图:! z0 B+ V+ u& e" R9 l' G* z
1 d9 g4 c2 `" v7 G$ h9 D- P" Q& m% p" Y5 @
% u" v/ I$ o. q+ O& }
4、收尾+ ^3 J- ]* ~% }9 l
重启计算服务:
. [+ v* B$ j) h
' V0 I. P' ]: H1 P r" [% S: Z% x$ Csystemctl restart openstack-nova-compute.service7 [" P$ G0 ]* t" T8 w) X
AI构建项目1 z3 ^- T9 i2 n2 i; A9 X5 l! v
bash
2 K& k1 n8 H0 d设置网桥开机自启,并启动服务:
& i4 V# O" p% z [; \/ r8 l' u8 m
systemctl enable neutron-linuxbridge-agent.service
8 i; W- O+ ^3 {" E8 wsystemctl start neutron-linuxbridge-agent.service" s3 \5 n! ?5 k/ d* G& k( W
AI构建项目3 m9 V% f. y; B- {' T
bash
. m# R" G# b& w0 {! C) t/ x三、验证6 K3 C- a) X) i1 b. a7 A/ Z
在控制节点使用如下命令验证:
( t- @: k" b6 j8 j1 s
5 m$ G/ j- H/ lopenstack network agent list' C; [% {7 c6 ^0 L W3 \& _
|
|
发表于 2025-12-18 11:08:33