|
|
一、控制节点配置2 S$ m3 d: s6 `+ a ^
在控制节点进行以下操作。2 E7 I. L- e: E" ~/ k
0 r3 y# n% o9 C4 E& d# O# Q
1、配置数据库+ I/ Y, x- j$ k5 _: R* @" n
进入数据库控制台(密码123456):
5 C8 \; t. ]4 W* s8 r3 P6 v
* y% b9 j6 _' q# |2 imysql -u root -p! z" T$ S0 P' I6 T! `
$ H+ L4 X9 B. Z4 f/ ~' ]' s, I1 ~! p$ T5 k# ]
bash
. A/ n/ A- u) |创建数据库并授予权限,退出数据库:$ y7 e0 a1 K2 V8 W. w! l
; e/ }# L! ^; ~8 O# o9 m; q3 ?CREATE DATABASE neutron;
; C; {: o9 g0 S2 @. ?GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';! ?' m M* L. U1 p
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';" n. ?# T8 l6 }
N6 T4 K6 a8 W
8 g( ~+ ?$ {0 j9 k4 O6 g# ?' u8 ]' G+ _# }4 B2 H! J r; I
0 B3 Q9 S8 E; ^5 d, J6 Q
% V. u3 ^( t$ H5 a0 q
{2 @* ~& s Z: ]2、创建neutron用户
1 x2 i& g% @% [登录admin支行好:
" G, t. m d/ h3 L5 O, C1 U$ }/ p" ]' g' S, K
. admin-openrc0 A0 h# O1 G) g7 }/ J5 }3 H
1 S1 d' w* X! y2 Fbash- I! k) A8 @4 |- x4 |
在domain:default创建用户neutron:
* C3 z# x+ w( {' q# Z+ m0 u% Y- d' f4 h3 X
openstack user create --domain default --password-prompt neutron# b! |- ]" I2 T- P {1 N
& K2 v1 _" S" ~- k8 L/ Hbash3 R9 }4 B' j$ `9 F* e6 I# {% ?5 g4 r
如下图:
( ]- s7 A" R7 [" f8 x
* a: K* f, }( @" s1 |; [" Z p) [: {9 x6 y/ z+ z3 R0 j
9 G8 B8 I# h; s* E! B授予neutron服务admin权限:
/ E. O! q. H; b; F" y+ m7 I Z7 G' B( d/ L0 X2 s
openstack role add --project service --user neutron admin7 q- t' @4 b T, t
2 Z5 b* f) k( O3 r4 gbash$ J. P' p0 ]$ V m8 m- D# W& v3 }
创建neutron服务入口:
/ }9 \7 S; R( r' j1 \
- ]& s8 Z8 Z9 K# i8 h' x) yopenstack service create --name neutron --description "OpenStack Networking" network
9 R& o+ \ t; E3 I6 V3 g: [$ b( F. H1 v* n* a5 Q
bash$ H7 W. n8 F, C3 ?' |- [0 Z2 R4 X
如下图:
# S% A: t- I: T; _+ p d$ S/ |. U( S; ]
& D9 S8 L. x; _. m' j6 P. X# ?/ j
0 s1 o0 ]; x0 V6 d# z6 k, p创建网络服务API端点:
+ g/ j2 A! N. p7 z4 t1 {* w4 T4 x( x
openstack endpoint create --region RegionOne network public http://controller:9696
4 w( A1 G# q4 a* Uopenstack endpoint create --region RegionOne network internal http://controller:9696
1 g+ j% q3 l) y( b5 M5 @$ ?* Yopenstack endpoint create --region RegionOne network admin http://controller:9696
$ ? G6 t- g0 W% X5 MAI构建项目2 L( h$ X: {- w
bash$ ]- @* _0 \' T, _6 j
如下图:
* M& S% A0 z2 G& Y5 ~ _
" W6 {- T9 r/ I( q0 _. O+ W! F
& U! M% \( |* n7 w3 B# T; H: U* s( y5 ~0 O
3、配置selfservice网络
* z- Q/ D! V9 t安装neutron:9 @+ r1 J7 {) x1 e( a
& c& E8 k" H: v6 P4 f% kyum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y5 @+ @ w& V' C# s; `* l7 g: A" j- B
AI构建项目
$ n2 E/ ?' [1 I2 Q0 [! ]5 `( Nbash0 u, J" `% K1 h! k
备份/etc/neutron/neutron.conf,删除其注释:
: U3 _9 J6 h5 E- R5 f0 }# U1 o. z, t h+ D: a
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.source0 f' u8 u' P, a- g- H* z
cat /etc/neutron/neutron.conf.source | grep -Ev "^#|^$" > /etc/neutron/neutron.conf
2 f6 U* i: \2 S8 @- `3 HAI构建项目
/ Q) P+ |; a" R; Fbash& ]. P; h( Z' R- {6 i% M5 l
编辑/etc/neutron/neutron.conf:
% [4 |+ O+ j5 R3 w6 P2 `* ]4 W; h- Z& V
[DEFAULT]
+ P; W9 l: ^4 c# ...- y8 c q6 \; ^6 S4 [- d
core_plugin = ml23 \- O. ~5 I# o5 x
service_plugins = router
, h6 s x" n n Pallow_overlapping_ips = true3 r$ ]) V6 a# R0 C% d5 L
transport_url = rabbit://openstack:123456@controller! `; q+ B6 I! @. x9 I
auth_strategy = keystone
9 Z9 _3 S j2 a$ ~ ]" nnotify_nova_on_port_status_changes = true
- T& V9 F& z0 t" Wnotify_nova_on_port_data_changes = true+ D6 ?3 p" N7 `" \' n
, F+ A: O0 V! t; _" V2 }[database]. Z' I, x7 B7 d2 u
# ...
* I f% M7 @8 n3 W) Z8 Z4 W! Zconnection = mysql+pymysql://neutron:123456@controller/neutron
: @' @, c. m& o }% V9 ?% {/ v8 v
[keystone_authtoken]
9 `- M9 Q! M: |& N6 `6 _, Q# ...
6 A9 ^9 H7 F4 x/ C; Nwww_authenticate_uri = http://controller:5000* a! \* @1 n+ A
auth_url = http://controller:5000
6 f0 m# n8 |# {* [/ | M* Tmemcached_servers = controller:11211
$ ~2 D2 Q1 j& n$ N* Xauth_type = password0 Z; X1 O7 `" x8 B( I% r' ^
project_domain_name = default
# b! r' a( ]: x. J- N7 kuser_domain_name = default: e; s" c. Q7 u" a" [
project_name = service* a { [, h: t
username = neutron
0 F! R: h, b" ?# kpassword = 1234568 f4 e$ g9 a! k! `
1 s3 r, H3 j- [. W0 [1 U
[nova]
o7 Y+ Q6 {9 E# ...
% t0 z1 [& `2 P! ~: o/ T# }auth_url = http://controller:5000
8 _9 ~$ n2 G2 ~4 t. |auth_type = password" O& h: ?) M& A* Z3 X! h: }
project_domain_name = default
% k3 _; V2 X- c7 \user_domain_name = default
) s2 Z3 S0 J ~4 P0 o* x+ Nregion_name = RegionOne7 h3 c4 |# \" N
project_name = service
7 X8 _& u+ S/ n# C; y5 Q/ m8 [$ \- musername = nova( z/ v0 g! o7 e) Y
password = 123456
2 K- d) [8 I, O2 _ 5 C# I" j% b" a3 E1 o X; s
[oslo_concurrency]
# z: s* _ P5 p B5 J' Q. V ]# ...
1 t! ]; y4 Q, P) J# _. u, M( _lock_path = /var/lib/neutron/tmp
; f; _7 T* A/ _9 U( k& a
/ t$ z+ s* K" s4 ^, v( ]# W( aAI构建项目
" {- M$ y+ @. E2 U& V+ h* I2 Gbash
0 d, P8 w- M( M2 [0 P+ {4、配置ml2
: \$ R' h) B" Z- i 备份/etc/neutron/plugins/ml2/ml2_conf.ini,删除其注释:
9 Z- t4 a7 Z3 `+ B# S
* p$ c" `8 L$ s$ X$ H* Mmv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.source- U* l' |0 A! w& u8 z/ W
cat /etc/neutron/plugins/ml2/ml2_conf.ini.source | grep -Ev "^#|^$" > /etc/neutron/plugins/ml2/ml2_conf.ini, r. m2 ]2 t, O$ ^
AI构建项目! ?4 e7 H( n6 q
bash1 q& |; s' m" @' d+ S7 }. N# J
对/etc/neutron/plugins/ml2/ml2_conf.ini进行以下配置:* A& ]! d4 x, x- s8 x5 x/ R( M& t
0 |& X% l \1 Q4 s3 J, s[ml2]8 D% @ f: A# \/ ^$ \
# ...( K* ?6 O5 x$ l3 @
type_drivers = flat,vlan,vxlan0 l8 `" ^/ H6 C" L
tenant_network_types = vxlan
! W0 j0 E( ]( f0 Bmechanism_drivers = linuxbridge,l2population
* {% b) v7 N- n0 j/ e! a( Lextension_drivers = port_security" @7 H5 J' P1 H# b6 D" X8 |) K
( @- {+ h+ S8 \$ E3 L" w6 N1 k[ml2_type_flat]; N1 |$ E/ v0 K" b
# ...
6 T9 I1 {# A0 q( Z) Hflat_networks = provider
/ Q! N9 E! D2 P$ d/ ^! d 0 Z0 l* {& D/ H+ ~( I
[ml2_type_vxlan]1 v' ~' u) E7 n6 ]: b
# ...
. J" @. b2 a. Z, ~7 D# i- Mvni_ranges = 1:1000& \; o" `" r* G* h! K
0 B3 a# c$ j$ D/ h2 c: P[securitygroup]
- x1 y, p3 K! @' g. u9 H& `7 X( C# ...
! F5 o. k* d5 s; B& Y: [enable_ipset = true2 N$ W k2 V. U
AI构建项目+ k( V0 z U' s& |3 t
bash
$ _' m7 g; }* i" J* x$ q& o5、配置linux网桥6 ?+ H) m, W& U1 K$ m9 [. X
备份/etc/neutron/plugins/ml2/linuxbridge_agent.ini,删除其注释:
; c5 Y' o! ^& u( r
" i- H, D0 i( `! j& Rmv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source3 ^2 ? h3 C2 J; @5 {$ _
cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source | grep -Ev "^#|^$" > /etc/neutron/plugins/ml2/linuxbridge_agent.ini( m8 l+ Y+ s* E& C5 e1 g
AI构建项目
: a P% \# R$ g. U" {bash+ F2 j) x( M% _
对/etc/neutron/plugins/ml2/linuxbridge_agent.ini进行以下配置(physical_interface_mappings 的ens33是网卡号):
2 S1 S9 Z$ r7 H0 I5 |& R! M' U: x, S9 p# f+ d2 g
[linux_bridge]
$ ?/ b" v) a/ c3 Y* s- a( Pphysical_interface_mappings = provider:ens33
! Z- T" Z7 _. p& R) G3 W 3 h3 m: k; d& [$ f
[vxlan]; t4 e9 ^! g6 q7 A5 j' _
enable_vxlan = true
2 i8 s% G l/ D7 alocal_ip = 10.0.0.11
, K& ~) Z& ~+ B& H/ u3 c- al2_population = true
" s. q+ j' u- ?( X& p/ N 4 Y& J' F% [0 ~5 m7 \- _* Y, l7 D
[securitygroup]3 W/ u# @+ G4 J- [. L F1 t2 l$ i% l
# ..." \: ~9 o M4 c6 w
enable_security_group = true
* p+ f) o& j# B7 dfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver% _8 _2 V6 h9 c1 ?4 a0 w; c8 e
AI构建项目* s. T: ], Z+ \* L
bash
' x+ F9 i/ C8 ^/ ^* V2 A& e) R修改 /etc/sysctl.conf,保证系统支持网桥过滤器,添加以下内容:
1 j1 d4 R0 w' q. k5 C; [ W. O7 s7 n) {7 b* s, S$ M
net.bridge.bridge-nf-call-iptables = 14 Q) T4 f& n; B
net.bridge.bridge-nf-call-ip6tables = 1
9 ?% |' L: e" q# ~AI构建项目
/ c( ?2 O ^) v M* M7 O5 Ubash
{! J$ Q+ P' F7 |( G1 X如下图:
" C. m. I" F' J/ u3 ]8 m, M0 w! v: W4 g* ?: g
* F4 b" }* x+ Y- `% x1 h' Z+ w
) Q- J; I8 o4 {5 _5 ^- y: ?1 Y% C E
添加网桥过滤器,并设置开机加载:: e" A. F- p0 B5 r
. t4 S& e" i& R. i$ ]6 |/ Bmodprobe br_netfilter
( h9 l) S% T% A" k m& P0 y& Isysctl -p
1 X& `0 Q. Z8 |" ~: l8 q* j! I8 i Bsed -i '$amodprobe br_netfilter' /etc/rc.local/ ~9 v( w0 \9 Y
AI构建项目
" i1 B8 c5 |) Y1 X) d1 pbash% A# d Q$ j; |6 h
如下图:
- z1 a9 y7 M- m) t" u
: Q/ o- F! \8 c6 {- r# `1 f; @- ]2 C! J6 }5 O- F
8 [9 }0 j4 o, C4 C; `1 x4 j6 Y/ u
6、配置L3代理9 e4 j2 F2 d& m# I5 ]
编辑/etc/neutron/l3_agent.ini,添加以下内容:) {0 `& s1 ~ R7 j
# h) K% Y; v+ G0 J! g% d! {1 a N[DEFAULT]8 a" m* y( @0 u+ U
# ...
9 h! m+ ^! [$ I0 `! R ~interface_driver = linuxbridge
4 ~4 b5 Z. B0 _' `0 _AI构建项目1 R- c1 F4 o/ ~4 d; r$ Q
bash3 v+ H6 e3 c$ Y5 s( U3 l
如下图:5 Z0 p& g+ H2 W: @( b
1 O" D% \* H2 i( U3 \
d. y, Q/ v0 Y4 S# e& l% }
- E9 O8 {/ V3 w) c6 q5 D7、配置dhcp; l* `2 d5 k, @7 N0 Q
编辑/etc/neutron/dhcp_agent.ini,添加以下内容:
; s+ T+ V; Z# I# v3 n8 z6 u' M
/ s7 w, w# C6 I5 d. d- `. h+ l! ?& y[DEFAULT]
! [! h* z8 O7 b: `+ W3 P; O# ...
) L8 U0 B! l; m. U- H3 C8 B/ {9 F* xinterface_driver = linuxbridge5 H; ?# B) e y; ~1 j3 w+ g8 i
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq, `8 `& Q2 w! ^8 M
enable_isolated_metadata = true, C4 f/ H) G- f9 T) K) { \
AI构建项目
/ C% o' k' `# E- z. k1 j7 p |2 @bash3 {; j5 {2 H" m" R5 _
如下图:) ?6 c8 D- \$ O9 A5 {
8 C# b6 A2 k/ z$ J1 D0 B' t0 Z7 A6 | | M
! o( H7 s$ i* z- i9 L: D+ T8、配置meta代理
3 G# { x1 m' {1 B5 s; D3 K/ c4 i编辑/etc/neutron/metadata_agent.ini,进行以下配置:/ O8 F4 R: g0 V, L! h- [8 X/ \
/ s+ u' l) p/ b2 @, z; m1 k7 ~
[DEFAULT]
( _, U/ R1 y) m3 @5 @# ...* S+ u6 t& h2 T0 x# t; J
nova_metadata_host = controller4 s' l5 w9 D: x
metadata_proxy_shared_secret = 123456
7 N7 t" O0 q: S `$ [/ f& C6 T- xAI构建项目$ a$ B: D1 M' O- g+ c
bash
0 V! G; L# [1 b- `' j+ l0 U: x如下图:5 b- |+ b- c( |* l* \5 O
! s5 Q* w4 x2 D7 o1 P0 e* f
' v0 I1 {# |/ y; B O( ^1 u$ a4 z, B
9、配置nova使用neutron服务! e8 S3 ?" ~+ g6 Z$ m2 c" y
编辑/etc/nova/nova.conf,进行以下配置:
: m( V @' D3 p* F" o
$ ?/ b; T+ T" q1 U4 \' ^3 W[neutron]
% J9 Z9 l+ U. {# ...
" }$ [8 U$ o% \' `, cauth_url = http://controller:5000
' n5 S7 u4 H6 q: Uauth_type = password' c+ n# D, l' T" R$ n" ^& H
project_domain_name = default
7 B: ^$ \7 f6 R1 Cuser_domain_name = default
/ r$ A: a8 j$ Z* kregion_name = RegionOne9 ^% y' p# a) s& P) T$ Q7 \
project_name = service
. M4 o7 A8 I. p: T. D1 ]username = neutron
" _' V6 O" h$ Q! Xpassword = 123456
* b8 v7 j6 g2 Y( s; E0 Y, cservice_metadata_proxy = true: P( n. u; x2 d2 g1 L1 }: Z
metadata_proxy_shared_secret = 123456
4 m7 {/ F8 i) U6 ~. G2 ]- D% EAI构建项目
6 y! W8 U, s9 a( H x8 Wbash0 h, @8 B! r, f; V7 w' s7 M
如下图:
) Z4 B! T; z0 X" {; O* I' V- f6 N
0 @& d: @( ?' c" X. g7 O' x0 Y3 J! R2 Q
& z) O+ @1 }) [
10、收尾
# X0 ? L' Q% e N5 @, C创建软连接:
/ d2 v* L7 n" z x4 P! ?. X' ]* N. a0 F$ B
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
( `7 I' }4 A4 Z3 y9 r* ` JAI构建项目& F) b" r. R0 N- y4 A
bash) O0 |9 n$ q& V! O5 D1 n
同步数据库:* V; b1 ~6 d" R) R
" K! ^! n. N* }7 I% R, d: A
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
, E' M1 s8 F0 r/ oAI构建项目& ?5 j( C" e6 V2 J- d! ^
bash
$ {3 C: e6 i# g1 v& _( `+ p) e7 z如下图:
E+ h9 J8 h% a% l
9 U C5 N* ^- P1 W; Q1 H. g/ @% v! Z2 M3 x1 [
: ?3 X! q j8 i/ n, l4 A' ]重启nova-api:
) f- h4 {! ?! `9 B$ V: D4 J
6 w" z1 i' H) G2 Jsystemctl restart openstack-nova-api.service7 R1 l0 |" ] b! ^2 V
AI构建项目% v8 k* S: ^6 o1 u6 q% T
bash
+ v' f$ d0 G) `2 V+ b6 E! U设置开机自启,并启动服务:
$ O3 F6 q8 Y% \9 n \( k! ~$ o; C4 i5 n+ w
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
1 ^4 ?" K3 @' q3 o7 ~. csystemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
" k' a3 \. N% c' ^/ V- Y9 H9 lsystemctl enable neutron-l3-agent.service
% K e8 a- _& @6 n8 r3 _4 Esystemctl start neutron-l3-agent.service( }- r8 D9 r. ~' U. B, n/ A
AI构建项目& v5 N# R0 X9 T" O5 B4 X
bash
9 {4 l4 ~9 Q0 A+ N# X- S& U+ [6 g二、计算节点配置
, ]* j" E6 q, W' M4 y4 ~8 @在计算节点完成以下操作。1 u$ W8 r1 M% p0 Y: P* O2 D4 ]
7 b' Z( s( }# G( s- @ c. E1、安装包
3 Y! x' V3 L' _& P安装包:
; B5 z9 N6 E7 h x, D& Z! | ]. y7 f" O" b$ F
yum install openstack-neutron-linuxbridge ebtables ipset -y, D4 f/ J( J' F. A) T, G
AI构建项目
) d4 S' O/ R% O; Fbash/ ^$ u7 C; A( f4 u2 N
备份/etc/neutron/neutron.conf,删除其注释:
) }: N4 H' ? b( D$ R0 e8 t9 Z& V0 M/ u5 @
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.source
+ V& E. v: @6 U! g) jcat /etc/neutron/neutron.conf.source | grep -Ev "^#|^$" > /etc/neutron/neutron.conf- p7 {0 k' k- K: Z
AI构建项目$ s3 j/ H9 d/ c
bash! w' E- L0 @* v9 A. a; [0 b k
编辑/etc/neutron/neutron.conf,进行如下配置:- g- b. G: T9 l
% |/ G+ l, B- r' s9 k+ @. V8 J. h[DEFAULT]( z: g. I% \4 I
# ...
* M: j& f8 ^3 x5 _* [transport_url = rabbit://openstack:123456@controller& e" X8 X2 I7 S$ |
auth_strategy = keystone
# M/ G. y/ W% F$ M- y& f3 G $ ^# n1 N* u% o B: V
[keystone_authtoken]
8 h; X& w7 F0 b- c2 U! i# ...
1 Q) y9 _! B% |1 P4 v1 zwww_authenticate_uri = http://controller:50008 q% E, e1 _3 k) L M5 Q; b
auth_url = http://controller:5000
* v b6 R) w* H1 Y$ lmemcached_servers = controller:11211
: U a% z+ }* W6 C wauth_type = password
& J8 Y5 \$ N. G: a: B! T# pproject_domain_name = default5 d; X/ E& ^$ ^0 N3 V! j
user_domain_name = default
' M% l3 ~$ E! y- mproject_name = service
7 q5 z5 b, ~! X( t2 B j: |username = neutron. d' r8 ]* b, `
password = 1234560 [4 s) q3 S- G0 [; `
0 Q4 \, T+ S5 Y0 j
[oslo_concurrency]0 h7 z3 b) c) [4 i; W- U, g9 m
# ...& h( |: I' H* {' }4 G
lock_path = /var/lib/neutron/tmp' o2 }; e; x9 M8 @& n
AI构建项目
M% D9 M2 G4 A- l1 obash/ c) k; H2 O! x* X( G- t
2、配置linux网桥
3 z# O1 c: P9 T, ?/ K& n 备份/etc/neutron/plugins/ml2/linuxbridge_agent.ini,删除其注释:9 B8 h+ G; {/ e' j
) T& S6 R) C) w' lmv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source
/ V! Y: m- \( Z7 j2 J acat /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source | grep -Ev "^#|^$" > /etc/neutron/plugins/ml2/linuxbridge_agent.ini/ L+ q. L6 `$ d# P
AI构建项目
* K5 H" K/ R% @$ i: ebash
- F! B& `* T: x4 ~对/etc/neutron/plugins/ml2/linuxbridge_agent.ini进行以下配置(physical_interface_mappings 的ens33是网卡号):! V5 u8 F8 E! M/ \4 \5 f: }9 E2 h
% l: W# _+ i/ {( @ l+ p[linux_bridge]9 u' D( {: C7 |# ~3 y7 {* P; d# E Q8 v
physical_interface_mappings = provider:ens33
- ]% K3 t7 W+ o8 u ( r, |, H* l8 i) y' A
[vxlan]
8 m5 X9 l3 ^) J, Z# denable_vxlan = true& @2 w; n+ h! N; D2 A) X1 t0 \
local_ip = 10.0.0.31
5 E# R$ a6 V xl2_population = true+ a5 b! U# H) e- {
$ R9 \1 v) `( V5 O5 d3 [' P[securitygroup]
2 M% `' T: t+ N# ...& q4 U/ J f Y
enable_security_group = true
. H+ d& O% L: mfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
' g( u9 N- q! {, c9 RAI构建项目
3 u& x* S) i l/ Abash/ v( t! H2 [; I/ U3 }$ E( [
修改 /etc/sysctl.conf,保证系统支持网桥过滤器,添加以下内容:0 k2 z+ ~" o6 { R: `( v
; \7 U( u" n. A0 G2 B: t! vnet.bridge.bridge-nf-call-iptables = 17 P4 N- ]) S6 f. U3 p) u* f) u) q
net.bridge.bridge-nf-call-ip6tables = 1
& u& T+ s4 w0 b2 l) ~AI构建项目
+ i: Y$ ], O( i, U3 N4 ?bash
* e$ Q; M. f' D; a& H如下图:
7 p4 y8 d0 _" K4 y; b7 j: P3 ~$ e1 u0 N3 b% d
" Z" l- z, {# _/ d" Y
+ U# z' {1 ~, q8 Y 添加网桥过滤器,并设置开机加载:" G* W2 e0 {2 [
. H a5 i+ T& F# n1 Jmodprobe br_netfilter% f: n }. Z8 o' P6 a( h$ L
sysctl -p6 X: x: n T* i
sed -i '$amodprobe br_netfilter' /etc/rc.local& O. h' o: u0 I
AI构建项目! L' \" b) J7 V+ V, a& s
bash
) z$ h5 m1 Y- N: m2 X如下图:
: p! U- y8 l& S! Z% ~! z6 u
9 @) ]5 i4 h3 M" c/ u9 V0 t' P2 Y
4 K# d: }, T# h: j$ C0 K3、配置nova使用neutron服务
- R7 k0 L) n8 ~! c# y# h$ m4 D) L. Z3 f/ s 编辑/etc/nova/nova.conf,进行以下配置:
; ^7 j0 x, l {) {# i* j O
: i/ m# H0 e5 W; G! z3 [[neutron]
7 w7 ^, ~/ D8 u& u$ ^; B. F# ...
- F: @" P' r) i$ `9 nauth_url = http://controller:5000
9 \* w) U5 ]- L/ [* E4 Q8 T. Kauth_type = password
) N4 ]2 k M1 R0 `8 P! }7 sproject_domain_name = default/ P8 x! @. s7 Z% q3 X0 `/ `
user_domain_name = default
3 q: o# z- U, ~; O) |# zregion_name = RegionOne
0 s* K/ L8 w3 G- l/ ~project_name = service( J. R. S& l5 z/ B9 b0 K3 `
username = neutron
, b4 }3 ^+ Q; }; q* c4 x9 jpassword = 123456
4 n; j" R c# U. L8 x9 gAI构建项目
$ |! r x4 C T* o- _4 Cbash& \) `7 |& f5 n# y- D. c8 D
如下图:
6 [7 }, \6 z& o% [9 i2 C: A
* i# a7 X: h! r6 T- {
4 b# s# i( ~/ b
1 R# r# _/ f6 w+ v7 p# i( p. _4、收尾0 G# C! w" @0 f# D3 j, j1 `
重启计算服务:
* B8 h5 K3 @7 \* [$ x" F6 y3 t. e# d" g6 O& ?
systemctl restart openstack-nova-compute.service/ E; P# C) z" A+ _, }5 T* u
AI构建项目
' N) v, P/ }; J, Xbash
) B. ] v3 ?8 l$ G设置网桥开机自启,并启动服务:8 U. s/ |- m3 D2 b4 j9 h6 a' O
% |( R$ Z3 y7 h% D
systemctl enable neutron-linuxbridge-agent.service
/ S- {# Y3 `1 | d) K- Bsystemctl start neutron-linuxbridge-agent.service9 m E: M2 J+ z' I2 t% o- W
AI构建项目
; J$ E9 N+ q$ W+ X) Dbash
9 @! k9 [0 E, _0 T/ S4 M三、验证 y: y+ F( K8 h* ^+ c
在控制节点使用如下命令验证:
6 F4 t5 e5 E/ e9 [+ Z6 v
2 l0 f6 T/ I" |: p$ wopenstack network agent list
, v- h$ K! v$ i7 j" _' k |
|
发表于 2025-12-18 11:08:33