|
|
一、控制节点配置
4 u6 A5 a- j- e. |在控制节点进行以下操作。2 f- H8 s( V, O9 J; a) F5 x! x
9 O% b( W) p+ v! h9 Z/ b% q1 T2 H
1、配置数据库 a' E2 t$ ^9 R/ Z0 B2 R, ~8 W8 f$ C
进入数据库控制台(密码123456):$ h* C" F2 S$ v# r1 Z
" T8 h( d1 `5 E8 emysql -u root -p
: M7 p/ G0 Q8 K7 j! X/ e X' E& i
% f0 E5 |+ _# D; S, M
3 H- s) s" g: a( c* lbash9 u, V! W- S# V
创建数据库并授予权限,退出数据库:& q v" \/ O: y
# V6 S. u; g8 K1 vCREATE DATABASE neutron;, U. [' ?4 K# I& d1 c* E
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';
) W/ F1 P4 _5 b8 w5 TGRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';
( a& I4 z x( Z* C# n
% l. b" H$ \* q% |. K) }
) g4 M/ c8 F- d7 g8 e2 j* g
+ @1 s3 T9 _5 }% U5 D' u# h9 I; j/ a" m+ M2 N5 T: ?
/ c/ c4 A* p# W: G6 e6 ]8 O2 p2 h) H' ^; m% C
2、创建neutron用户 U8 e: \+ `2 E& v( c; j2 B
登录admin支行好:
2 c0 u, j r( H0 C+ o# ?( K0 v% t$ a- }/ ?' F8 Z# y3 n
. admin-openrc
/ t- g* E) N$ Y3 v, V# d, H2 \1 J% w
# r ]6 F2 m/ U* m# |5 E4 Abash
2 V1 M1 u! p& i5 P0 F0 N' Q) u在domain:default创建用户neutron:+ o9 ~# I3 B8 H. o4 J
# I* C0 R, d& K, y/ W5 h# y& H
openstack user create --domain default --password-prompt neutron7 f+ _' R$ E. Q( r6 S8 n
* n9 P% A0 g5 o- `; s
bash4 y" B7 y6 P, I7 K/ q" O0 E; ~1 ?
如下图:& b; T4 X1 |9 v& J; q4 l
% N- [2 C) ]( S v* B$ N
- T6 @! Q0 S$ r
* o1 Y# }7 t! I }3 A7 B& {授予neutron服务admin权限:0 ]: A, @& d" z: U
; o% E- s1 z+ ^ k$ z0 o2 _openstack role add --project service --user neutron admin" s' E( ^( m& y6 H( v" G& o
2 o N2 l' K0 ~% e$ ibash8 u: T3 l/ y) o2 P
创建neutron服务入口:+ @2 J3 S. M# f3 p4 s
/ y" S) W+ [- D' ~% f
openstack service create --name neutron --description "OpenStack Networking" network5 ] T: E1 H& N! W
" J& Z2 @. U Z& A
bash
7 _5 p4 \! A, d$ x/ s5 @如下图:# {7 x3 Q3 E8 ]3 k( P* z- F) f5 i
: x3 i4 ~4 Y# u* c5 N
! B9 [8 u+ B# G) g( C3 i/ |
+ y" Z2 V( Y. n! Z" b; U& N, z: D5 N创建网络服务API端点:+ O$ U! H5 { G( b
, _$ _1 m! A- r) p! k$ S+ @
openstack endpoint create --region RegionOne network public http://controller:9696
6 `" t: ?$ U( p4 Zopenstack endpoint create --region RegionOne network internal http://controller:9696
8 y2 d" h L, Z" zopenstack endpoint create --region RegionOne network admin http://controller:9696, U3 ?: V% b# R) m2 c$ d5 }( A
AI构建项目: X: B% o1 x4 T
bash7 G/ f- T& K6 A6 S T
如下图:
/ a. M7 j/ J- v4 W- H F( C1 U5 C5 F w
! |1 X+ c% O: {, d' O3 w$ A6 \9 C# F2 _; w- O7 @. u
3、配置selfservice网络
8 x% } }& K. K5 F+ }* d安装neutron:. B0 s+ ^) a9 o% z. A! R% p
& W: m7 y6 s+ \7 L( w+ s4 u+ H; Nyum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y4 H8 h) @' S( \
AI构建项目
1 I- {3 R' e; u7 g6 n% f% Pbash
: p! M% j: _: f: q* \备份/etc/neutron/neutron.conf,删除其注释: P F' G5 W+ y: l# _) u
6 e; s' i1 c0 x3 W& M
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.source! B; e( A0 l: o
cat /etc/neutron/neutron.conf.source | grep -Ev "^#|^$" > /etc/neutron/neutron.conf
- }0 r# E' `2 S0 rAI构建项目/ N* S. h+ O; X4 t% X {$ O9 k. ^
bash
. d2 `9 A5 l9 b. o1 f- y编辑/etc/neutron/neutron.conf:
4 v0 L8 e) U9 B, _4 Y4 S( l4 t
% _& T8 B6 g$ b) y6 R# z. | r% x[DEFAULT]
# A% H: u0 ]- n+ w# ...6 |! y0 w- S4 K! F
core_plugin = ml2
) H, c1 Y+ t: D0 ] uservice_plugins = router
+ W7 \ l7 ^9 `4 Dallow_overlapping_ips = true
; m3 U. T( Q5 Ptransport_url = rabbit://openstack:123456@controller
- v: L; ^2 [- f# a% K, q' a! Tauth_strategy = keystone! m( h% Z, q- q9 m$ g$ n
notify_nova_on_port_status_changes = true: a1 ]) _; T* z/ @9 q: F
notify_nova_on_port_data_changes = true3 e1 I A* R5 r3 I
9 s2 |4 S% r5 z% Y/ s" k
[database]
: Q5 y& p/ ~8 W9 v# M" L# ...1 S0 F- L% H' v6 v4 s! Q- Q/ x
connection = mysql+pymysql://neutron:123456@controller/neutron* k% |# ]2 J- W- u* V+ f7 r
. i& D' [0 Q7 A8 C$ l$ `4 o- O
[keystone_authtoken]
# q0 f: o B1 D6 D+ _9 c" e) m8 v+ O# ...
6 v, k7 D- I) U- N1 Dwww_authenticate_uri = http://controller:5000
$ P) }9 P) V( d5 ~% g5 Pauth_url = http://controller:50004 i$ J( l4 N) [7 q7 B5 c
memcached_servers = controller:11211
. L% g* D T/ Z$ N! F/ j/ eauth_type = password: h3 a. \6 e: ^& i( l7 P2 t
project_domain_name = default
; K/ c5 ] H( w3 m; E1 Guser_domain_name = default
$ X0 W2 f0 B4 z& J+ iproject_name = service X# C2 Q4 T2 O" o' R
username = neutron
2 S" [5 G/ h- A6 n epassword = 1234563 ^# f; a+ s$ k; V: n" R
( x$ z. D( g4 l* e' s8 n# ?( n, L
[nova]7 H+ U5 D5 p9 @6 ?3 x3 M* A, `8 V
# ...
' Q6 \: J$ k0 v; z- t5 `: w# @$ E' Jauth_url = http://controller:5000+ Q9 K# u- N5 B Z% T/ h, V. b1 ]
auth_type = password( T2 L1 b7 B) S+ w
project_domain_name = default. L" K0 v. Q, K
user_domain_name = default- y3 S4 v4 [$ l5 O$ A& n+ B
region_name = RegionOne; ?" |6 A8 N) L3 U# {$ [! d0 d
project_name = service: {4 D# w p( j4 Q9 j( ?& i
username = nova
2 i. P7 a7 w! V$ ~" Dpassword = 123456" s0 r5 p7 z6 }( K" S- |- }+ |; T- E) n
) K3 H4 s5 v$ U# b3 L# u[oslo_concurrency]4 H0 P6 ]* ?- P, C
# ...
2 z! V( Y6 m* O0 `0 B6 G# [0 rlock_path = /var/lib/neutron/tmp
. w9 [0 R' l! |/ b. n: o/ o 7 g$ s- R' a* v
AI构建项目
* s$ s7 K4 {1 j. G Ybash
0 X" U& }: a# m4、配置ml26 ?. }1 ]0 N: L) N; p& H
备份/etc/neutron/plugins/ml2/ml2_conf.ini,删除其注释:
1 o- R2 y/ ^; Z1 N' T" b, U* }% V) b
. ^! W4 G4 X4 x. bmv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.source: W' y% S t9 ?3 [/ W, @9 o4 g' Z
cat /etc/neutron/plugins/ml2/ml2_conf.ini.source | grep -Ev "^#|^$" > /etc/neutron/plugins/ml2/ml2_conf.ini
' l8 {6 H: F6 K0 TAI构建项目
! w3 }) a2 y# V/ i$ f, Obash
* z5 L' ]: F7 \; `) P" }3 e对/etc/neutron/plugins/ml2/ml2_conf.ini进行以下配置:( R3 E; A+ T1 v7 M3 p
- p1 h3 l3 q. W( o3 W M
[ml2]/ c$ s! W) \7 D' E
# ...
7 F+ F6 a5 S; V) Y2 u4 \type_drivers = flat,vlan,vxlan' v. B1 p: K7 A6 A% O( [. }
tenant_network_types = vxlan
( W) M) _: J6 {7 y+ [mechanism_drivers = linuxbridge,l2population0 ^' I# o# b6 v; g$ x4 E- b7 W
extension_drivers = port_security; E( \6 }9 V0 I4 [
' z$ G P% m% q! g& y0 o; v8 {1 y
[ml2_type_flat]
# j8 i9 x6 ]& r I! g# ...
$ u A& S3 X, B4 `! C' [4 g, M5 I$ X: }flat_networks = provider
1 u& m0 F! e" h Y6 N
( ?+ e) [6 O4 ?6 P: O[ml2_type_vxlan]7 h F- a+ I4 g
# ..." Z9 i$ @9 z H: V: P$ F& G
vni_ranges = 1:1000$ w& I3 {4 F5 |% E3 m4 c. U
) B5 \: _9 d& G* A- E6 X- T. V( h
[securitygroup]
: W2 l$ Q6 R+ Y9 }# D, W; t' r# ...
9 k. O% \. c' @; `" q% F3 eenable_ipset = true
) g2 Q! ^' q4 w& ^0 c' HAI构建项目" a% P) O1 {0 O; y( r& y
bash/ B m# E8 c; o# i
5、配置linux网桥
J0 P* |; n* y8 Z( O; c# o: d 备份/etc/neutron/plugins/ml2/linuxbridge_agent.ini,删除其注释:; \4 Z! [3 t, o# ?/ i& M+ @/ b
( ^+ h2 \' n% ]! J; C# j8 e- T/ r1 u
mv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source* F7 Q( y7 { M& o; P
cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source | grep -Ev "^#|^$" > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
+ v% l8 W/ m& M/ y6 EAI构建项目# f8 H3 X! M" ?3 x W
bash9 e; c8 _0 b; ~/ N5 ?2 q: w" x8 \
对/etc/neutron/plugins/ml2/linuxbridge_agent.ini进行以下配置(physical_interface_mappings 的ens33是网卡号):
$ x: c2 i4 M/ s; z) O6 A/ g. |' K. M' J0 c
[linux_bridge]$ `5 U9 d0 v9 q6 x' M0 W- `+ a( n
physical_interface_mappings = provider:ens33( Z+ a" I; y4 D: r
- n" l% K8 O' b; h; e/ y[vxlan]
3 y9 r! q- k, N4 Cenable_vxlan = true" c: G5 }0 z3 S! l( c$ I
local_ip = 10.0.0.11. N r0 T. h9 [" M1 {! v6 E$ ]4 O, S
l2_population = true1 K9 `, O" a( X. l- |' T0 v
: J, W- _& ] X5 L, A[securitygroup]
# ^- C: y9 z8 R% f# ...
, a3 P8 k6 @; S1 H cenable_security_group = true( k; a" L0 U+ l" @. B2 a! s$ ?6 m
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
: Z0 P0 O, }0 R6 I; {' \' P* Z: a0 P( |AI构建项目" H: u9 q$ G( J$ W7 T( p' t- d
bash
. k2 F1 ~; a6 b7 i$ _修改 /etc/sysctl.conf,保证系统支持网桥过滤器,添加以下内容:
% [4 T+ V2 O: {- [3 O! I1 V) a3 S d. k
net.bridge.bridge-nf-call-iptables = 14 s: W; B2 H$ |' ]
net.bridge.bridge-nf-call-ip6tables = 1
. `! ~0 ?% ^5 F0 \* `; X5 _AI构建项目( S5 p/ g; Q0 o1 x" m0 B1 q
bash* b& P( E8 N' R) O
如下图:
: E; |- `1 @, G7 y! Z+ t/ D. T/ B b6 x% d! ?, Y4 L% a# l
1 K$ x' W. c& Q7 B2 o1 p; K
7 \# _8 F# ~% D0 I1 y
添加网桥过滤器,并设置开机加载:
! D0 F& }$ K1 ^2 E, V/ B n
3 O1 t! h0 M1 N3 m7 d2 Kmodprobe br_netfilter' l& Y+ a7 _/ Q2 D- A- ^2 b
sysctl -p8 }* F5 {# L2 s7 O
sed -i '$amodprobe br_netfilter' /etc/rc.local
4 X2 J: ~" N8 Y) Q1 @AI构建项目
# Y& T) g5 t2 W7 _6 O' W4 l% X `bash
s# u1 z% f8 o4 n如下图:
: {: A/ |) h! u( P, L, \; c+ z7 P3 U0 x5 D9 r
2 L4 A2 _! z2 w. P1 f' v5 |+ j# @
' u+ D! l" N9 o7 @) C" F q6、配置L3代理* T2 t% n& i( ~5 C7 H9 f, O
编辑/etc/neutron/l3_agent.ini,添加以下内容:
5 ~; N; e( S% ]: u
( r- v; d# S) V, _( z[DEFAULT], m% ?5 n% |3 q, |
# ...
1 x3 L0 x0 [+ L; G; q4 ^& a# l( Hinterface_driver = linuxbridge
) V' A& r# }; }) |0 ~8 IAI构建项目" q6 @* K T; c8 I/ M; ]
bash
# ?9 n& @# B- T; O: ]* \, L' _% n如下图:
; T) k) E2 ], L) |4 d; g: z8 |; G6 e& a. C
4 [7 v9 |. Q3 P' Q
, E( {4 o+ G4 _$ E* E7、配置dhcp: v9 ^+ m- y% j# E/ T+ e' T
编辑/etc/neutron/dhcp_agent.ini,添加以下内容:! g1 I8 f$ U* G6 E
: ~, s# i5 u" |3 O- a[DEFAULT]
4 u z% F0 D P. d+ i0 }7 y# ...
) ?7 F% W$ S+ m7 d5 x& Ginterface_driver = linuxbridge
/ K8 b- U9 G. G E9 cdhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
1 r0 |' P% C: V% X" b% I& N+ cenable_isolated_metadata = true* ?4 B0 S! N9 P! O0 ]8 R
AI构建项目( @9 f% q5 T, N# | N, k! W8 `
bash
! N- q3 ]' q+ i) t5 R" I1 a# h如下图:( l/ E, X4 M; V/ k/ W
/ h' z: U* b; ?& |% w5 a
5 ~/ J, p5 ^- T7 r9 a- G1 D4 o2 H0 z' H+ \- T) }( T8 k* q6 O
8、配置meta代理( @( \8 ]$ G5 m2 E( O, R3 s
编辑/etc/neutron/metadata_agent.ini,进行以下配置:1 K$ F7 t% }( x% c, x
3 j0 z! y9 x, H/ L+ Y[DEFAULT]
3 @, B2 j* j6 J, Y* Y( ~9 c9 D" Y) G8 ]# ...' P" A2 R9 D' `
nova_metadata_host = controller
# z1 ~; P" C+ H& v' \1 Rmetadata_proxy_shared_secret = 123456 H- H' ~9 V* ~8 z5 O
AI构建项目
4 b. J; [/ p" q! ]. Sbash
; ?' Q/ B9 l# }如下图:( S. e- O/ J$ s F& I
* v4 {( P7 W9 ]) ^! p7 |% c. i5 b$ c' |, m
6 ^0 m. ]% U2 T0 l
9、配置nova使用neutron服务
/ x* B* R1 F# r# R/ j1 l+ X编辑/etc/nova/nova.conf,进行以下配置:
* ^* j6 e! T+ _4 A0 a9 T4 Y
& X4 o! |/ ? D: d3 e[neutron]
U# v8 b3 I# a/ l6 m; c# ...+ A. z$ f! y6 O' ~! ?. f K9 z5 a+ B. V
auth_url = http://controller:50005 n7 N1 y8 P3 Q; d$ Q! ^
auth_type = password1 w" x& c5 L% \& j
project_domain_name = default
\$ K( e M) B2 R- Q, euser_domain_name = default
: _* r& g7 g* V1 z K0 {2 _" Pregion_name = RegionOne* ?; Q- r) v; i. L3 ~% V3 s
project_name = service
! Q! L- V: @) H7 L8 g; {username = neutron/ r" t# @1 x' }$ x; o
password = 1234568 }- n/ X- I8 {# q9 P" V6 {
service_metadata_proxy = true& ~8 X4 _1 u+ y; C8 p
metadata_proxy_shared_secret = 123456- }) y7 [) O7 ~7 j. j4 Q) w
AI构建项目
+ R5 U0 V1 y. p; kbash
/ u7 w# V" i! a如下图:
0 W( E! R, B! O0 \, Y9 S5 z5 L U0 ?9 i; T, m
0 q4 m' |2 r0 a2 ?
+ U0 `6 h9 l2 d/ q, @10、收尾( d! K8 ?+ T! F) j
创建软连接:
& u: d% w8 G& C* ^( l1 N7 F1 A$ P6 K: W3 ]1 l4 d3 o% U$ y V
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
" ^$ [# g5 C. J+ |AI构建项目- z% k5 j5 l2 f
bash
! q! ]8 U3 Z1 T. W% `; Q同步数据库:
! u1 }6 x* ?" S6 @1 `2 h! V, {' \" c- T5 J1 t8 W6 f& ~
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
! H' c6 X8 e% o1 _, h5 B. [% PAI构建项目
( K: N7 [, S' H0 \4 m; T* Gbash
; ^0 E* w& k! Z) C如下图:9 ?. C4 N; W( M9 U+ F1 y0 `' _
/ `# ~1 B& B. U$ d; ?+ F6 l1 K4 [9 S) }( D* ]2 C
4 X8 X( k# p/ T. [7 [# V
重启nova-api:+ h* E$ s) W# ?0 [6 u
! L% m; i" y+ Z6 m' N$ P0 Q
systemctl restart openstack-nova-api.service3 \* {( S; t2 Q# b! D9 D' R
AI构建项目
+ W9 `# e1 [" \- n! B9 Dbash
' _5 ^4 l# i- o! c8 { _设置开机自启,并启动服务:
, {- Q% F& Q1 S1 s5 J& m
0 U* D3 Q5 W2 f- _systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service/ D" |1 j; V, A! a: x; d# |+ R
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
+ u4 g t6 e \0 M6 K$ Usystemctl enable neutron-l3-agent.service
* _- e/ n: {1 tsystemctl start neutron-l3-agent.service
, f0 s9 U; H* }) aAI构建项目
2 A5 L1 c; M5 @2 ~8 c7 v- Dbash
0 t5 E. R. g9 K5 U/ c) p二、计算节点配置; _7 {7 Y g% v. ?& _8 O: L
在计算节点完成以下操作。
$ g& W; G# m2 h/ K: Y5 ^
; C) m. v7 z$ I7 z* x3 M1、安装包2 A! B8 o9 R6 C! z: _, }
安装包:
) F% u' l, C K4 s4 y
! e8 D- j+ q% s+ n$ B4 syum install openstack-neutron-linuxbridge ebtables ipset -y, E" j8 ]( |- Y9 v
AI构建项目 I/ s( d$ _" u: r) }
bash' y) H. `9 |& H! u4 Y& x5 {
备份/etc/neutron/neutron.conf,删除其注释:
/ R/ `% ~% D# l9 T, P& D" L5 x2 m( G$ p( F
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.source7 U7 ~6 @. h% q# e
cat /etc/neutron/neutron.conf.source | grep -Ev "^#|^$" > /etc/neutron/neutron.conf
; z: w9 w/ _: ^1 w$ o2 O, J. FAI构建项目
) f$ A3 l6 g+ ` o' \bash# w, ?) y4 D* q7 x6 U$ h0 X" `
编辑/etc/neutron/neutron.conf,进行如下配置:0 K' ]8 L1 l' |" N/ d9 h
) C, Q5 K7 W9 C7 K, H[DEFAULT]
& W3 b4 R" q! S9 _* J* q# .../ U. d A. H6 G: T1 }( Y" f
transport_url = rabbit://openstack:123456@controller4 `+ K( S! _" [* E' o3 E8 p8 Q
auth_strategy = keystone
0 R, T5 f9 O9 Z 3 B3 A# Q* j8 G& q/ [
[keystone_authtoken]
3 B2 }, u; U+ t( a, q4 o- D d. z# ...9 I" n0 E' R9 M
www_authenticate_uri = http://controller:5000! {3 J0 [- a6 U( f8 x5 b9 M) e. E
auth_url = http://controller:50004 b! L$ `) T4 Z& |: @
memcached_servers = controller:112115 \* ^8 S# M0 p
auth_type = password7 Q; W S6 h8 S) t% r
project_domain_name = default& P" k* r6 f, Y' S6 ?8 o/ [
user_domain_name = default
3 [ t* f8 Z- pproject_name = service
1 [' r9 ~; w4 ^) f; @ kusername = neutron' |+ @2 A3 |2 r: N# Q
password = 123456
7 f; y! d3 v4 V1 o
5 |8 Q8 p; c. t& ?& G0 t# h9 C[oslo_concurrency]$ W% _- f+ I0 X4 w% D& Y
# ...
, ^$ ]& d. Q: C* t klock_path = /var/lib/neutron/tmp
8 U) N& o4 Q7 ?3 MAI构建项目# [. g H. y) q, R
bash' y, L8 i# k" g3 ~; |8 n+ T! T
2、配置linux网桥
# G- C4 ?* _- V: C4 l, w 备份/etc/neutron/plugins/ml2/linuxbridge_agent.ini,删除其注释:! \* e, o& x5 A7 M% `' h, m
y8 h9 e. s0 `mv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source
/ i! A% ]* S) n$ x! ccat /etc/neutron/plugins/ml2/linuxbridge_agent.ini.source | grep -Ev "^#|^$" > /etc/neutron/plugins/ml2/linuxbridge_agent.ini, x% @$ L) y) [7 D
AI构建项目) k8 l, _8 i& c/ K4 V0 u
bash0 y6 O8 e6 R S, F
对/etc/neutron/plugins/ml2/linuxbridge_agent.ini进行以下配置(physical_interface_mappings 的ens33是网卡号):
9 V, K* E- r7 N" ?: i' j- o& d- i
$ w' z1 N! R% r) @4 V' Z m[linux_bridge]5 }( l. d: \% L9 }, ^2 a' d
physical_interface_mappings = provider:ens33
9 _6 ^: N2 t5 }5 Q
* D9 F( o0 J+ Y& T[vxlan]
4 p: Y7 ]2 U1 ~0 p( N% ~$ S% ?enable_vxlan = true
3 z' }& b# o+ `) h& Hlocal_ip = 10.0.0.31& U5 u4 T' k8 u& T
l2_population = true9 n5 D' k+ W6 P; B* L
8 A4 Z% v$ P0 |0 a[securitygroup] g3 D, M& p0 p2 M% {
# ...* O+ }* _, h+ d4 y7 Z
enable_security_group = true
/ U5 l5 d6 B, H# nfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver3 x2 [5 F& p* I' `% N
AI构建项目
* i! u4 L# e1 x. S g' F Dbash1 }9 T4 G$ R# |; ]3 n4 ~
修改 /etc/sysctl.conf,保证系统支持网桥过滤器,添加以下内容:
" D0 ~9 p1 ?6 x1 ~: F b7 H' \! C' b, ^* p/ S. {
net.bridge.bridge-nf-call-iptables = 1* x: _! j- `+ b$ q+ }0 V
net.bridge.bridge-nf-call-ip6tables = 16 Y% X9 i2 N' ^! R1 e
AI构建项目: d }7 t' p Y# _1 S' j
bash2 @* Z. X: {4 E
如下图:- X$ {5 X9 f# B# v' ]$ _" s
' u( m9 H- {. q& T
1 f3 _! c" C4 a% o: J+ C; Y5 ?) r8 `0 _
' P; E- T2 i T G- c 添加网桥过滤器,并设置开机加载:
$ r' |' ~; d/ O3 }
; z# B% b4 I% `+ Nmodprobe br_netfilter
; E/ ]; ~' }) q2 R8 O" b* Jsysctl -p' f- _2 X( D* {/ u$ ]: `
sed -i '$amodprobe br_netfilter' /etc/rc.local
! }( F' Q7 }3 D2 ?* g* p6 i$ OAI构建项目2 s* K& F" [- i& B! _+ A* \0 g
bash
/ K5 H2 q2 m, C) y" f0 f如下图:
; I2 f8 A& A+ L/ u; O, V/ h! _: c! N
4 j; y9 L$ N7 L' U! d6 A1 T+ V, Z
9 a) Z8 b2 z# C3、配置nova使用neutron服务
, [- |2 O+ B3 a* l6 [+ R6 q+ Q" { 编辑/etc/nova/nova.conf,进行以下配置:
+ f; K" s# B* \: H8 S$ Z0 Q9 H' P. t- G1 h0 P; X- T% N6 T
[neutron]* i# j) m. R2 u; G4 e
# ...
7 W2 E0 _, A. Q9 L& ]auth_url = http://controller:5000
1 Y8 s+ ?, v' K. W& L" P* A2 oauth_type = password
3 C: L. h2 r T( B% Z; i- D6 c% qproject_domain_name = default
: W( J2 i3 @# H% `user_domain_name = default
) y6 } D% \9 H/ P1 Eregion_name = RegionOne% w7 j" A! ?3 \* E ~
project_name = service: P j$ I3 k% G* B; |+ M, `3 l# t
username = neutron7 q& _4 A `+ [1 F
password = 1234567 O" g3 ~ D- z8 V( Y
AI构建项目
6 l2 v& U8 l% K9 ?6 y2 Ebash1 L. g0 v4 p- L; r
如下图:; v* g5 ~0 z4 q* V& i" I3 h
, G! h8 V- ]0 w+ Z9 d Q" a8 {+ c
" P/ |, L a/ d# q$ [
$ j3 v6 A" g% K) z4 W4、收尾- z# A9 j; F6 @2 g' d
重启计算服务:- I' L) @9 v$ P2 ]
: I/ \2 ]( U$ x& L
systemctl restart openstack-nova-compute.service5 V# x2 b8 q6 e0 d
AI构建项目
9 c Y- {1 }' N" W8 `% b) t6 ?bash
Z' B7 _* U6 W- l设置网桥开机自启,并启动服务:
0 ]* }1 h* B; q$ K, V% j8 W" k# p; y6 c S, n% h
systemctl enable neutron-linuxbridge-agent.service
3 n1 N( @9 R1 B2 D" psystemctl start neutron-linuxbridge-agent.service# p7 B, t1 N# w
AI构建项目
$ H; b0 v8 L* T8 M8 w5 i1 Z3 G9 k: wbash; e6 K) w, W0 f
三、验证
) ?- l! y( M- e8 i, ]在控制节点使用如下命令验证:# |4 e4 _1 v! m- ` z. R% F
0 N9 O h! I9 a2 ropenstack network agent list
" X8 S& X. x3 l! @5 h |
|
发表于 2025-12-18 11:08:33