|
|
一、控制节点配置8 B$ `& x7 }8 D. H' q' ~
在控制节点进行以下操作。
. h3 S. H$ q, O+ ~/ ?
( k% Q( ^ V, C2 N7 i1、配置数据库
: a7 o- E8 D& V5 C进入数据库控制台(密码123456):
. c( I# Q8 q9 K5 l. r
9 T* X2 Y( i( ~7 pmysql -u root -p. i5 u5 ^" ~0 \3 I
; {! X. c$ Y) t: i; i2 _
8 z4 Y" k: A B" u8 J3 y7 E2 S1 ~bash
, R" y8 ~3 B# h3 ?' B5 l创建数据库并授予权限,退出数据库:# R. S9 {1 [( D3 H) ^; q4 G2 Z% \
+ V0 q. W3 M) a& W* C, P6 x
CREATE DATABASE neutron;
' w- `& I4 o* S0 d6 z$ wGRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';2 S$ @4 X; J7 m" ~+ g( b
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';
" Z% Q4 x( A' e
1 _; f6 U7 k _+ N2 F2 u$ q' Y
1 Z# x7 s6 N! h3 M, o4 k0 ]0 R0 @. n+ t# Y
7 h4 \. r3 i# m! u4 l5 T
7 X# M* I& H( p/ G9 w& M* ]5 n$ x0 m
2 G9 B9 [* H/ |: C0 p0 F# U' l
2、创建neutron用户' h ]) P) S3 V% }
登录admin支行好:
! d. }5 J2 v4 D- u2 ]; ~" C, W# p" m/ v
. admin-openrc/ `, X0 b7 \& ~. L2 Q9 M
. f1 M1 P5 P2 m2 b( z
bash9 w! E, E! R6 k" C& C2 y
在domain:default创建用户neutron:: Y( Q5 k8 f. k/ q5 R8 _7 e3 f& @1 [
# t, a3 q7 H; {- S
openstack user create --domain default --password-prompt neutron
! e5 G& @+ Z9 g7 ~
2 @5 w. c# C" U9 ]bash* S s! ~; m& y2 c3 w: j* m. d
如下图:
6 ?$ k0 O0 f; u! {' S8 j& g7 l0 k+ l" |- C0 m' ^
5 d$ U2 L( }, {: g4 V# p6 \$ T' G' }7 L
授予neutron服务admin权限:
; W: J0 j2 v. ~8 U7 E, f7 o1 C0 ^" o# ]$ h2 [5 _3 Z3 z
openstack role add --project service --user neutron admin0 G: X# f" Q1 I+ P
, j- j6 ^2 `2 k% H0 n8 C
bash
' f0 |0 g# t- \3 x" }9 I) u# H创建neutron服务入口:9 O0 X3 A# V# B* g7 }2 [
% }( t/ _7 L/ A: S& ]
openstack service create --name neutron --description "OpenStack Networking" network
' s# V4 m( m" H V9 }: F% q; A& L
bash V) n; V( {5 e5 a3 e8 f
如下图:% k$ w4 R# k4 B3 P
, P5 ~, A# U2 K4 t
, Q- p4 `/ v; @5 }
' r7 m' b4 j* Q8 C创建网络服务API端点:
7 f) \9 Z+ |; U$ I% o5 q
2 V; \3 j' C$ d- B( p5 _3 O- hopenstack endpoint create --region RegionOne network public http://controller:9696
* j! T! ^5 L# b0 sopenstack endpoint create --region RegionOne network internal http://controller:9696
0 M7 H% H' O5 _% B, {) G, T! |) popenstack endpoint create --region RegionOne network admin http://controller:96964 g: M& r: f2 Y2 `% @7 J
AI构建项目6 M) K9 e! p4 R
bash
' v9 `; A+ W6 \2 v4 i0 q! N) d如下图:
1 [2 _ o; V Y
: d" R* R) y% f9 F% U' W
1 l6 D |* H8 B, b' f
) y' p# h+ D3 l0 ]8 x- M' ^; i7 c3、配置selfservice网络) J3 P5 Y, e5 Q' ?( i: p' q
安装neutron:
" N. N8 j' z, o# q+ u- t9 T8 _ x+ {7 D8 ]) g1 k
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y, q- `2 c, f7 b% [/ l d6 D, w
AI构建项目3 U3 q' y1 i$ {
bash0 [: d0 M* N& Z6 c2 p
备份/etc/neutron/neutron.conf,删除其注释:
P; @2 o/ i9 R3 ^4 ]* R$ C- ]
# |6 V& `' ^$ A# ^* _mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.source
0 t @7 B4 [6 n: w6 T0 f* a6 @cat /etc/neutron/neutron.conf.source | grep -Ev "^#|^$" > /etc/neutron/neutron.conf# y' q% D, D2 k# R2 K
AI构建项目
1 x" t' x4 i/ dbash4 Y2 B* l/ h6 f1 d
编辑/etc/neutron/neutron.conf:- U2 q, X B7 e( P
r" X$ [( F) I' h2 o
[DEFAULT]5 `9 @, v# g4 J5 I
# ...& S+ U3 H' h0 u9 r9 _
core_plugin = ml2+ J0 }" Z1 w/ {( @: |6 F4 ]* c
service_plugins = router
4 ~1 _# Y! ^) { [) }allow_overlapping_ips = true4 X4 Z8 R3 o7 G" q
transport_url = rabbit://openstack:123456@controller: u* R# A, o. n# U3 y% a
auth_strategy = keystone
3 v; t( Y* ?7 P4 x2 vnotify_nova_on_port_status_changes = true5 u, Y& _! p$ \$ p& {1 m- w$ [
notify_nova_on_port_data_changes = true$ \! O% v B5 B4 i% {
8 y# S- C- ~' U+ \& m2 u; E[database]
1 V6 x. c& z% ~! L# ...
3 w$ P- _; w. V8 R/ X( Tconnection = mysql+pymysql://neutron:123456@controller/neutron
$ \% N' i* b7 J) o7 u4 \ 1 y$ j4 R+ Z) H
[keystone_authtoken]
$ i2 j& V- o) _( E. h% R" l# ...
: O- c* S! x: K( Twww_authenticate_uri = http://controller:5000
3 X$ |- ?; F; f+ ~auth_url = http://controller:5000
! R; j! t% w; | }: hmemcached_servers = controller:11211
7 A% B1 B' f% g# Dauth_type = password
- H$ d$ \' G( xproject_domain_name = default+ Z6 J1 L1 S! u# W
user_domain_name = default, A& d6 D( K% K! ]( S4 @8 {
project_name = service* u, c$ n$ L& _* ?6 C6 e
username = neutron+ F. Y: U+ `# B: S9 z; W) U; _! T
password = 123456
0 g: `- v+ b* A2 [ % Z6 I" t4 @/ U$ i0 {6 H
[nova]6 x/ t) U _1 h' D6 B3 V9 a
# ...: |& n/ }. m8 u4 ~8 l
auth_url = http://controller:5000
/ n2 j: r, y p9 B: C. R- |0 uauth_type = password% ^! V" ]# y2 Q$ F" }5 N
project_domain_name = default" [' w3 D& A8 K4 l( U
user_domain_name = default
% Y6 X1 l; f! g/ m! x* R$ nregion_name = RegionOne
5 H# K: }8 N; I5 u8 wproject_name = service" I3 y# O! z# l$ f, B
username = nova+ m1 `# C" D1 _7 C( s5 Y4 y
password = 1234566 X- b1 d7 z* z' q
$ N7 c. g G/ B0 @) v# y. c, x% g- G[oslo_concurrency]
( S' k6 O7 K% s0 Z* O. u# ...
, ~' r& b7 H" [8 w5 B3 O+ Block_path = /var/lib/neutron/tmp
6 N% C" B0 V! J& n; m
) F# b5 ^, m" H3 T# aAI构建项目
: [' S$ E' a: \9 C: k8 Sbash
* l8 j' ~3 Q2 E- W3 }' D/ q2 o$ v4、配置ml2) d5 R( q3 ^; |+ _
备份/etc/neutron/plugins/ml2/ml2_conf.ini,删除其注释:
1 Z" j0 v8 R4 Z2 ]" n
" p- U# W1 c: H2 p7 f: vmv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.source
/ @, h# w. Z! Y) c4 N) e4 [cat /etc/neutron/plugins/ml2/ml2_conf.ini.source | grep -Ev "^#|^$" > /etc/neutron/plugins/ml2/ml2_conf.ini* ?5 K* h1 {2 V! @9 x
AI构建项目) {! h9 g9 `2 ?
bash
6 w& i& M1 A6 L: g" @对/etc/neutron/plugins/ml2/ml2_conf.ini进行以下配置:* d0 g4 n' x) v7 b6 z; B9 j m
( V, d ]9 N6 Q F+ ^9 G[ml2]
1 F! I7 o" H! g7 Y# ...& ]% L' @, Z8 r D- v
type_drivers = flat,vlan,vxlan0 b4 R; q* _" k/ l0 L& @9 M' u
tenant_network_types = vxlan# W$ j5 P8 }1 i: T" h, A ]
mechanism_drivers = linuxbridge,l2population
3 o+ Q( P: C& }. V. g& W2 k- Xextension_drivers = port_security d6 l- I; c# s) E! {
% l4 f- \2 ?) K" c, o4 q9 P& P[ml2_type_flat]! F& l2 `8 B3 t! B. D! l& D" {
# ...' ?, I3 V* a- K: i0 P8 B
flat_networks = provider X- F$ X$ g) F% z$ s
, M, ^# O4 H: i2 P[ml2_type_vxlan]2 ?5 e$ ?/ \6 J) T" v* ]& i
# ...
C8 [9 h% E* Y! `2 [vni_ranges = 1:10004 i2 W, o% ~# d$ s! |4 n; _5 N
9 b& L) c# ~5 k2 x0 K
[securitygroup]* ?; U" h0 b. C) U. t! `, U8 a
# ...
" V1 K2 b _- y: c& Q1 M% tenable_ipset = true
4 p' J3 S P6 F. s3 i4 K& c4 C8 z$ eAI构建项目' j% {" O/ }! E9 ?+ U f
bash# M( X! }% ?( O! V; y8 x+ |
5、配置linux网桥
' |7 D9 g2 {+ S* a9 { 备份/etc/neutron/plugins/ml2/linuxbridge_agent.ini,删除其注释:
5 S/ p7 q. d0 h- n; H* i2 a) i" H+ U! ~4 o7 S1 f. I$ a8 Q
mv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source! m& Q6 A/ z) h2 m; S ^, e8 f
cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source | grep -Ev "^#|^$" > /etc/neutron/plugins/ml2/linuxbridge_agent.ini [4 _, T4 x) I
AI构建项目& X3 E8 }% @5 L: ]! k/ W1 r8 T% y
bash& ?) B2 K' T$ \& e; V; _1 \" f+ f
对/etc/neutron/plugins/ml2/linuxbridge_agent.ini进行以下配置(physical_interface_mappings 的ens33是网卡号):
( f ~, I' u- k$ k
! w, v L$ C \! w[linux_bridge]7 _! K# p# X0 u' w" B; P3 Z5 t
physical_interface_mappings = provider:ens334 K) G( Y' Q$ C8 C" p" O
1 w; M- n' U# d& p' o5 R) W[vxlan]0 N: Z) V6 d2 o/ L _5 Y% n3 A. Q
enable_vxlan = true
% _9 H# `' X5 O. y4 c9 Flocal_ip = 10.0.0.110 w/ H. ^6 L2 M; X, `
l2_population = true
u. m4 _* |8 C3 w 8 f; q6 W; c' X# _% W" p$ U
[securitygroup]/ p' @( x- ?6 j7 ]+ m5 `
# ...
5 Z4 ^) U: y8 Oenable_security_group = true9 @4 X( f) r' @: c
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
' y6 h, g! v( d3 k$ J4 P2 wAI构建项目
4 b6 N S: _! n/ V4 }5 k, ?bash
6 ~" R7 d+ V/ R9 D/ t+ q, [6 H6 \4 t修改 /etc/sysctl.conf,保证系统支持网桥过滤器,添加以下内容:) ]: l2 J& T7 Y M8 L
! G# n" l/ Q; q `+ X/ s
net.bridge.bridge-nf-call-iptables = 1% m( b, U6 d, T6 \- E" u
net.bridge.bridge-nf-call-ip6tables = 1
+ a- u3 G. |' k: U, cAI构建项目2 U% i& y7 s2 B% F7 C
bash! M P! s, O/ j6 [0 t0 P7 o# M
如下图:7 d m+ d! m, M9 X( p
8 k# { q3 n; T, I
' I0 m5 |8 ?5 \1 G" E: i$ h
" a% E& ?/ O. G$ u: m5 z. {
添加网桥过滤器,并设置开机加载:
: A: q' y) H) C# ?+ Y- }; t% v. q) W, W. l( {7 d1 j- [. G8 y
modprobe br_netfilter: k( I! z' e: f9 n
sysctl -p" g9 I3 X7 S# q4 {- B: M$ h
sed -i '$amodprobe br_netfilter' /etc/rc.local1 }( A. G. ^4 q5 B3 U: N6 B. {$ z L1 `
AI构建项目) o* a3 l; `; J `5 s
bash
% g6 e8 D6 h F. T& \( E如下图:& i& M. q1 Z9 L3 y$ T! U" g6 l
& l( \8 U4 m, Q ~7 ?( s. e
. s$ i7 p9 w/ F8 o: f$ b {$ |- }5 L# U( P" v6 l: d! ^
6、配置L3代理) U; g" L) h1 B' W
编辑/etc/neutron/l3_agent.ini,添加以下内容: S# S7 H3 M5 c
! q9 l' Y0 Y; ~- n+ a
[DEFAULT]
, m, M3 @0 ]6 p+ Q# {- V# ...
9 v: c5 t% J! f5 ^ Yinterface_driver = linuxbridge
; S0 O; N7 t& S% y3 y9 oAI构建项目
' w5 e) O/ L+ i& @2 C; k# kbash3 \/ R/ r$ I- _& b( P( n2 m
如下图:4 R" ]" } t7 j; c& T5 O
: U) r( v ?5 u3 ~: H) W
" j0 [: s, |. t5 o8 i9 r
! o6 R# ?% [# y M9 [7、配置dhcp
! W; G' H/ |% Q8 y, V编辑/etc/neutron/dhcp_agent.ini,添加以下内容:2 M+ h9 M5 \* H% b+ g: I8 M; ? |
( N5 D" g1 G8 P" d9 X[DEFAULT]
! f Z0 q) c& S2 O0 M0 {# ...' h; c+ S5 L6 q& m
interface_driver = linuxbridge
: O& |0 l4 b& X3 L1 Fdhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
9 u; T. L1 B" J; b9 B/ `$ C4 renable_isolated_metadata = true& x, D) J, R% Q6 w e; } P$ T
AI构建项目 d+ t5 D" N+ [
bash7 a4 O3 W. R4 G! ?; _
如下图:6 x% o1 ~6 x% a
3 x! n+ }( N7 i" m1 C6 W/ g$ q2 F
7 p% d, D/ g. I' J& d' O
; b+ w* r' a! Q8、配置meta代理; ]/ w! d: }0 x7 C) Z6 ]
编辑/etc/neutron/metadata_agent.ini,进行以下配置:5 Y' V' L7 Y& Y" I2 G
/ u8 O% Z v0 p* [; Y[DEFAULT]6 c& x3 P- H$ ~
# ...% Y" C4 {3 ~: D7 _& t8 M
nova_metadata_host = controller0 q! ^2 U1 E. t. q# m \$ Z- \. Q
metadata_proxy_shared_secret = 1234561 Q9 o3 H, H9 F# l* ^0 J, a
AI构建项目
. S) `8 A3 {* M, Xbash/ i$ J# {1 `' m7 D; ]+ H
如下图:
3 Y" Z# L2 E- e( z7 c4 t+ {8 l, V& K4 ?" ^- S* X% ~; J
6 [8 n* H+ m7 u( a8 f. X R( X9 C+ y2 t" T6 j
9、配置nova使用neutron服务
; T) u2 X- s7 m9 c6 p" _1 x: `编辑/etc/nova/nova.conf,进行以下配置:( h! F- F) [, G0 s8 V$ U7 b$ @ b
# O$ G2 {7 p6 s0 d7 d1 I[neutron]
( c3 |& q9 \6 T1 ^$ o4 ` U# ...2 f" v" G7 p4 b% H+ A9 y
auth_url = http://controller:5000% B" e7 k C& f6 A. S5 T
auth_type = password
5 F/ b$ X0 ]7 S: z3 |& z8 |! Rproject_domain_name = default
. p: x. V" O7 l2 b! |! M! ruser_domain_name = default
: S, U% {# x4 T" H5 K' `region_name = RegionOne
i0 w& B. S$ ~9 E# oproject_name = service- @ R4 E5 G( l& R- ?8 J$ {, Y
username = neutron. k; y' i& r8 T) ^& A' y
password = 1234562 g; C7 l0 f! l7 x! x
service_metadata_proxy = true
5 Q5 G; Z6 X2 M0 l- ^- g7 e# N/ `9 z) rmetadata_proxy_shared_secret = 123456
5 m8 E/ [: q; z, M( X' @$ jAI构建项目
* A6 N7 j$ U ~" O# ~bash% C( P* A$ F+ o: i5 P
如下图:
& a* }% ~# X8 G; m6 {( I/ y( S7 b
, C$ V0 G. e* s1 X( W: f, G1 g: N R6 V8 c( V
! e* l! x& `4 Q" ^; U. x% O
10、收尾
" ~/ ]: x5 k3 h5 u6 A$ H. B创建软连接:5 o8 b* V% p) H9 u: f8 |! d9 Y: W
8 T* T* e i/ D4 @9 ~0 J, }ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
+ r2 q7 [0 r- _5 f$ BAI构建项目
7 h+ v2 Q0 e' B8 o4 S9 k8 s6 ubash
3 E: b$ a, j7 Z0 ], \同步数据库:
1 m0 |4 n0 ~( O& r; E, o- J. u& W, M9 s
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
! }$ a) L- K) Z3 k3 IAI构建项目6 ~7 ~5 P& R h; ?6 ]
bash( ]& h% N8 G( U. P% m* G* X! r- D
如下图:
& M" {9 G k4 e, h: g: v) u+ D( s: s4 x
* ?$ M" v8 c. _
6 H( A7 g# e# ]重启nova-api:
7 |$ ], l; m% z9 m8 F; S7 D4 [
" e8 N& Q" p/ W0 |6 x+ Csystemctl restart openstack-nova-api.service/ ]. E! T8 x) M1 b
AI构建项目
8 B9 x( F2 m4 y# ^1 p, Y# obash2 l7 B- n4 U! z. X8 Y
设置开机自启,并启动服务:8 g# G8 p. X" o. o( Y& d, h+ M* P
8 g$ _! Y9 c2 x w; q @systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
% F& t+ z2 e3 O o- g) t6 _" Osystemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service% i# E# O: O" O1 z
systemctl enable neutron-l3-agent.service' k y- E! G' L# m& l( R
systemctl start neutron-l3-agent.service ?$ L/ a1 K3 P, t3 S( t6 Q4 r9 s
AI构建项目8 q" G" X; M" D1 I0 U
bash
- u% U# R! m o二、计算节点配置
" r/ H6 G+ z) H8 P3 ~) M在计算节点完成以下操作。
. v: y" K' ^ z+ S
& S2 G: ~& j7 v9 `) C) E* y1、安装包
$ w& ]7 O9 c6 ^( g4 \安装包:' r! E% B2 |8 b( U# {# p) D3 w; D4 {
# i* q+ A+ k, W- w8 l x
yum install openstack-neutron-linuxbridge ebtables ipset -y; F9 y- U) Y% ?6 |2 G; m+ e' F$ @+ r
AI构建项目
; U1 @ {9 k$ ubash
( y; E0 T4 b" r( ~1 K3 i, l. Z6 } 备份/etc/neutron/neutron.conf,删除其注释:
' ]! g: v9 ^% J4 i) ` ] G3 N4 Q, p5 k" i
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.source+ d* `+ n9 E. T9 V0 ^8 S0 ]
cat /etc/neutron/neutron.conf.source | grep -Ev "^#|^$" > /etc/neutron/neutron.conf
5 g% ^% M' l4 c$ T1 q, ?AI构建项目
% M6 p6 J+ |2 K9 V$ Vbash, `( T, n* `; a9 L
编辑/etc/neutron/neutron.conf,进行如下配置:
% `/ U0 ~" S+ |7 [* e$ Y j8 \+ a6 U5 O% \3 c# t* I* O
[DEFAULT]
$ \8 s; K2 s; A0 b. k! L# ...
; L) n9 d% x4 u5 G0 p: k: t+ [transport_url = rabbit://openstack:123456@controller3 J5 k- w* m* _& y& F9 V7 }
auth_strategy = keystone
O$ x+ ~* c4 P$ g/ n5 ` ! B- N5 b/ y( }; Y3 p# w8 _* [ e9 H
[keystone_authtoken]
" ]) h8 g8 C( f" F* m9 s7 S# ..., }" r' ~1 O& g
www_authenticate_uri = http://controller:5000
! b& M9 J6 c3 Fauth_url = http://controller:5000
Q8 G% \4 D1 Z( M" U, mmemcached_servers = controller:11211, q, X; e8 b5 {5 |% R8 F/ R- F
auth_type = password
! a9 H6 Y' f; B1 @/ E& J m5 Kproject_domain_name = default
- {% o& s! g+ [7 puser_domain_name = default; V7 a% T7 \& V6 o
project_name = service( q* n" b1 S$ j" S
username = neutron( Z8 ^# v+ d% Z) X/ }. C1 u$ Q
password = 123456
8 s- D0 L; F; i* l( n
U" w$ }# v5 X- Y& S8 |, @6 `[oslo_concurrency]8 ]1 g: e1 Z! Q* ^7 ^; f: @6 v5 h
# ...* v( B9 }) p. k% s ]( @
lock_path = /var/lib/neutron/tmp
( R/ N# u4 v' G9 ~AI构建项目
) y0 I8 i1 ?; w2 b5 ~+ Pbash
' o# Q( O+ Y' j3 K* M9 z2、配置linux网桥
4 [, b6 b J6 w7 o* s% Y 备份/etc/neutron/plugins/ml2/linuxbridge_agent.ini,删除其注释:& e0 i0 O3 R3 D( N$ r% j7 X4 J, ^8 Z
6 I4 y# ^0 l; W1 F4 {
mv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source
0 |% p" l, y1 u l1 b2 [& z2 d) [cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source | grep -Ev "^#|^$" > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
" O2 @2 d3 \1 j, ~2 KAI构建项目- |) i/ g/ E: N) r6 d; l- t8 q% T
bash
, v& k/ Y/ s' _% D对/etc/neutron/plugins/ml2/linuxbridge_agent.ini进行以下配置(physical_interface_mappings 的ens33是网卡号):$ W4 M1 N9 s4 a2 W6 W; U
& U! V2 ?# ]$ q5 [; C[linux_bridge]
4 S1 i5 r. l' @. J+ }3 Xphysical_interface_mappings = provider:ens331 Q2 ~( t# H( }1 ^5 b5 I
- y( U, A9 j3 g6 E[vxlan]
( _& r; C3 s ~; a# B- i/ E" ?enable_vxlan = true
$ c# V$ w( A, ?7 l/ c+ Zlocal_ip = 10.0.0.318 z' y& b% I1 {8 D' j4 ]7 E
l2_population = true
$ v( C# { y# V5 M1 r9 ]1 p
3 X: i( B8 ^3 ^/ ^4 o[securitygroup]
) l0 h% T6 B8 r1 q% X! `# ...
3 E8 x- v7 \* s" cenable_security_group = true
* s8 G& a6 J7 y# x" xfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
9 N% ^ Z/ Q7 Z+ u! `AI构建项目; `) k& s( S2 x& Z' j
bash1 g4 p3 W0 R I8 n2 y
修改 /etc/sysctl.conf,保证系统支持网桥过滤器,添加以下内容:+ c+ R+ x! {+ a- p" _( h! ?* _( Q
9 |# A. Y/ ]6 ]net.bridge.bridge-nf-call-iptables = 1
6 v6 N6 M5 U- e# @net.bridge.bridge-nf-call-ip6tables = 13 _8 ^" t6 c- o( A5 T
AI构建项目
0 I* H& N9 `" a1 t7 M7 ^8 ~( u; ybash0 _. [: x# a; i% |! r V
如下图:
; W3 A+ r- m J3 I: g
4 M f& Y# k6 J2 q, y% @. s% ~' E3 S0 `
; A) p: H( C5 w
添加网桥过滤器,并设置开机加载:
+ }9 c$ s9 n* ?+ K, R$ x* [# H9 S
modprobe br_netfilter2 Y+ Q" b- I, s/ f
sysctl -p- {* X: |& B: i7 P. p" u
sed -i '$amodprobe br_netfilter' /etc/rc.local
. b Q @2 s1 t, |. aAI构建项目
& E" f: Z/ u4 l$ K1 y0 obash
5 I! O7 _0 y) J3 G N1 N2 y如下图:
* S, M. g. a& w( j" N5 M( l, y3 {0 S6 z# N+ `) d) Q
5 k7 ^7 j9 j$ M2 J- D( }7 u! F5 f7 k( g
3、配置nova使用neutron服务
3 C9 F8 H: z. y2 q& Y 编辑/etc/nova/nova.conf,进行以下配置:. e# K: a( m- t. A& b
! X4 e+ L7 b7 @8 ^: n4 s ][neutron]
, r9 V2 Q2 N9 Z' q# ...
4 i+ C2 Y' {& z$ Q* kauth_url = http://controller:5000. B- }8 x; W+ f% D# _
auth_type = password
) f5 l' L- S# j [8 r9 Rproject_domain_name = default; ^* R2 Y( z" O! ]- L
user_domain_name = default
, x, B9 D4 i: Y! G' x, @! j% d! B' x6 }region_name = RegionOne( |: c, N& S% ]7 D; ~% u# i( ^& f4 p
project_name = service% j$ ?0 n# d8 S7 Q" @
username = neutron
; ]; e% \1 T3 Q3 ?: C3 mpassword = 1234564 T" d1 ~ O; h1 r
AI构建项目: n: Z1 F, Q& K8 F* ~+ l
bash4 k, x4 W3 k/ v1 o2 Q! }
如下图:4 x @( C: } ]
6 p0 V: u9 H1 H g- ]( B
8 F& q! ^, _& v, F- o: X4 c+ X9 [: K8 q" r' H4 `' [
4、收尾5 n3 ]1 I; N: N$ ~
重启计算服务:
2 p9 s2 @1 P, _ d# J! U
1 u1 L7 _5 i/ V |/ p2 n3 @- \# Z* Dsystemctl restart openstack-nova-compute.service: [$ W1 n2 H- y p1 l3 J
AI构建项目
" m+ {: P! z1 ]bash
6 K/ _' R, H& q7 R设置网桥开机自启,并启动服务:
% J5 ~ t' q# H2 {; c9 s6 a) L* ?5 g. y( [- n; o9 M
systemctl enable neutron-linuxbridge-agent.service$ k7 S& Q" |4 R3 D2 Z
systemctl start neutron-linuxbridge-agent.service
$ t A* F1 S2 A+ U+ b. I! _9 dAI构建项目
& ~7 h- J; _+ t, Lbash
& z4 K; C- K; p6 O$ f, C( g% I* u三、验证
g* o7 Q; H1 O" T在控制节点使用如下命令验证:! ~/ x" y) e1 w9 @" E' ~
3 `5 z! h8 N# c
openstack network agent list$ {5 V. c# }8 x X( h6 C
|
|
发表于 2025-12-18 11:08:33