- 积分
- 16840
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
配置neutron.conf " W) o2 y' |! E9 z( B' z
复制代码3 D/ G4 e: k! t6 r
# 在全部控制节点操作,以controller01节点为例;& n- b9 W: i+ G( G$ n
# 注意”bind_host”参数,根据节点修改;
! v. I0 q. o+ P% _+ }4 ~# 注意neutron.conf文件的权限:root:neutron
3 M$ y& q. r) F[root@controller01 ~]# cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak4 j9 ]" H2 ^$ b! ~2 `- H
[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/neutron.conf. j1 t* P) }% U$ l2 b: c
[DEFAULT]
9 J; l3 a- v- A# zbind_host = 172.30.200.310 K9 s( `. M1 C! k! T/ V0 Y# i
auth_strategy = keystone
- i( s2 L: h3 c0 N, Rcore_plugin = ml2, A% _' B3 P# B, ]8 z
service_plugins = router3 R5 c ^, B3 g8 K$ P( J
allow_overlapping_ips = True; T0 g! w! Q! W) t5 G
notify_nova_on_port_status_changes = true0 M- N, d# T8 ~+ T/ S' R; ~
notify_nova_on_port_data_changes = true( `2 q& x, J- t3 I8 W2 X1 U2 F
# l3高可用,可以采用vrrp模式或者dvr模式;& m: J7 z" {$ l0 w0 P; y
# vrrp模式下,在各网络节点(此处网络节点与控制节点混合部署)以vrrp的模式设置主备virtual router;mater故障时,virtual router不会迁移,而是将router对外服务的vip漂移到standby router上; ) _" p& |( w3 \3 [
# dvr模式下,三层的转发(L3 Forwarding)与nat功能都会被分布到计算节点上,即计算节点也有了网络节点的功能;但是,dvr依然不能消除集中式的virtual router,为了节省IPV4公网地址,仍将snat放在网络节点上提供;
1 N9 Z! h$ c& K/ F% K, H& r4 M1 U# vrrp模式与dvr模式不可同时使用
5 O$ H% _8 T7 s1 K3 n) C) B# Neutron L3 Agent HA 之 虚拟路由冗余协议(VRRP): http://www.cnblogs.com/sammyliu/p/4692081.html
8 ` J5 T1 l: j! D! T! Z7 |# Neutron 分布式虚拟路由(Neutron Distributed Virtual Routing): http://www.cnblogs.com/sammyliu/p/4713562.html
) m- v' t& y) f/ {! P# “l3_ha = true“参数即启用l3 ha功能
% U! l/ b+ w W9 ^l3_ha = true8 z' n; x+ v7 J- k( M( K ^7 a# }! l
# 最多在几个l3 agent上创建ha router2 a( i% L7 o5 s6 c
max_l3_agents_per_router = 3
3 H: |0 o$ v& r5 @+ H; M# 可创建ha router的最少正常运行的l3 agnet数量
9 U0 {2 L8 Z0 I7 p1 z& R8 w$ Qmin_l3_agents_per_router = 2
5 o' V- W# Q g, J' X# vrrp广播网络
$ W0 p. G0 L7 f* K3 v$ C% N" Sl3_ha_net_cidr = 169.254.192.0/18
) S4 m0 p5 M1 o' G6 f# ”router_distributed “参数本身的含义是普通用户创建路由器时,是否默认创建dvr;此参数默认值为“false”,这里采用vrrp模式,可注释此参数: ~; U& H3 R& R
# 虽然此参数在mitaka(含)版本后,可与l3_ha参数同时打开,但设置dvr模式还同时需要设置网络节点与计算节点的l3_agent.ini与ml2_conf.ini文件2 I, W+ P- m* F! ^' a. v+ H$ y
# router_distributed = true
- W+ h3 ?% ~* X* y# dhcp高可用,在3个网络节点各生成1个dhcp服务器
( X0 P! ~" Z2 q& }. kdhcp_agents_per_network = 37 M7 C7 E, W% g; V4 @+ K e
# 前端采用haproxy时,服务连接rabbitmq会出现连接超时重连的情况,可通过各服务与rabbitmq的日志查看;0 X6 O' a7 B0 Z% l1 p
# transport_url = rabbit://openstack:rabbitmq_pass@controller:5673+ Z* Z( E% n. S6 {
# rabbitmq本身具备集群机制,官方文档建议直接连接rabbitmq集群;但采用此方式时服务启动有时会报错,原因不明;如果没有此现象,强烈建议连接rabbitmq直接对接集群而非通过前端haproxy
% U& Y, w+ V' k4 t) s" Ttransport_url=rabbit://openstack:rabbitmq_pass@controller01:5672,controller02:5672,controller03:5672
x. e6 ^& m0 S7 f, u[agent]
4 |/ `" {( A8 ]; W7 F[cors]. ^) W9 k4 B0 z
[database]
2 z" n- s' Y6 {+ Z N* Yconnection = mysql+pymysql://neutron:neutron_dbpass@controller/neutron
4 G& d: Y* x2 L0 s[keystone_authtoken]6 Y9 V& N0 h8 ^; q# B
auth_uri = http://controller:5000
3 `0 o, u G/ s3 zauth_url = http://controller:35357
1 K& @! d8 G# y. v, mmemcached_servers = controller01:11211,controller:11211,controller:11211
- [- [$ @+ k7 J/ Tauth_type = password
( S! ?9 X% N( [ Y. H% Fproject_domain_name = default
5 ]( e& o: P4 ^' }$ p) puser_domain_name = default c* ^- m/ g$ C8 [+ m
project_name = service
+ D8 |7 c/ u/ V6 K6 I( A9 W8 Cusername = neutron8 A; p! D: b* J* x7 I2 Z, d3 h, u
password = neutron_pass
5 h3 |- O8 S) L) b, w[matchmaker_redis]) l G' m X; w# x" Z/ Q
[nova]
+ O& z! i2 S) h* T7 Fauth_url = http://controller:353574 o( F' Y. @6 \; n1 \1 G! `
auth_type = password
, o7 P7 h! }9 S; }6 V7 g& Y4 r6 xproject_domain_name = default
+ p' _ o6 R/ j+ M4 `# u, c/ Cuser_domain_name = default
9 w9 L5 C' b' d* v2 }region_name = RegionTest( g* I4 g% @ E$ \$ p1 c/ I
project_name = service4 _4 y* F- o# T
username = nova
* n8 n4 J: t- ^3 Dpassword = nova_pass
5 Z% d2 G6 M5 |! o0 w6 C[oslo_concurrency]' j: K) h0 O. ?. z7 l- h: Q7 C8 \
lock_path = /var/lib/neutron/tmp
: _" `4 M" T! V. h1 M[oslo_messaging_amqp]
: ^( q3 R+ g9 D) f) p. P[oslo_messaging_kafka]
' k% H; y: K' h1 n* \4 o4 [$ k[oslo_messaging_notifications]8 N \" A) Q7 Y9 g* e
[oslo_messaging_rabbit]
! r0 s) [! X( S) e' b[oslo_messaging_zmq]
, J% E* U0 _9 j4 Y+ B) H' n[oslo_middleware]+ k% d5 Z; X9 b# I
[oslo_policy]- i4 ^6 b6 `" g# k* V# |
[quotas]: e$ f2 s H5 {
[ssl]
) h6 [/ `% n6 b; l4 N复制代码2 i2 a8 o5 M! P; u
5. 配置ml2_conf.ini
( F' G+ \0 Z. v" l2 L复制代码
% @/ O! `- b; ~# 在全部控制节点操作,以controller01节点为例;9 R, y. i+ i! `1 c) K l% j
# ml2_conf.ini文件的权限:root:neutron
v T2 X# p9 y7 {4 V[root@controller01 ~]# cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
% a- F( A( M2 o6 j" J3 l4 k! j6 [[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/plugins/ml2/ml2_conf.ini
( t7 z$ H; y% q$ s3 {9 G% V[DEFAULT]6 B* B$ _3 ^* E5 {4 z; ?
[l2pop]3 f2 V0 b8 E4 C& z) p9 [5 ~3 C" z1 C
[ml2]
Z0 t: |4 r/ w) H' w7 N/ Xtype_drivers = flat,vlan,vxlan5 N Z0 x) `/ M& @& z5 j5 D$ c: t
# ml2 mechanism_driver 列表,l2population对gre/vxlan租户网络有效
$ y \. m+ [1 m1 h. Z; C Emechanism_drivers = linuxbridge,l2population
# e; r# f, y: U9 h6 |- [+ s# u# 可同时设置多种租户网络类型,第一个值是常规租户创建网络时的默认值,同时也默认是master router心跳信号的传递网络类型
. D) {# G# b% @# [ Ntenant_network_types = vlan,vxlan,flat: k& A2 Y* f) C. I$ y: H
extension_drivers = port_security. E6 K( |( B9 k; Q
[ml2_type_flat]( T7 c6 `: S' }; x5 V+ g% `
# 指定flat网络类型名称为”external”,”*”表示任意网络,空值表示禁用flat网络
! _0 ^9 }; M& f; [flat_networks = external
5 o8 E* r# w3 V( A! i; v) i[ml2_type_geneve]
% V7 O6 W5 |7 ^9 T[ml2_type_gre]) ?# C4 T. R( ]+ f% R8 t% q
[ml2_type_vlan]
. H$ M6 W& y* g+ P. T T# 指定vlan网络类型的网络名称为”vlan”;如果不设置vlan id则表示不受限
( e8 H0 w. p2 Z: Mnetwork_vlan_ranges = vlan:3001:3500$ Y2 D* e4 @" w' ]- i
[ml2_type_vxlan]8 ~9 ~ K1 n9 X( s
vni_ranges = 10001:20000& V2 x$ W# i7 e( e) T6 D& c0 O
[securitygroup], r9 x7 o/ n8 R% c( F/ O
enable_ipset = true) b6 r$ g( I- y9 h, d0 H
# 服务初始化调用ml2_conf.ini中的配置,但指向/etc/neutron/olugin.ini文件
f: x! c/ A6 a4 @) B6 L[root@controller01 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini6 U7 P y; B: L& _* e2 x
复制代码" T$ V$ R( z. R, g# W
6. 配置linuxbridge_agent.ini
$ c: N5 |! L2 d+ S6 l1)配置linuxbridge_agent.ini
1 W W8 P6 w, _/ l h3 a复制代码+ J3 Q3 J0 y# m! ^- Z5 A; K- p% L
# 在全部控制节点操作,以controller01节点为例;7 A$ h% |4 e' t7 k, E
# linuxbridge_agent.ini文件的权限:root:neutron
& V2 e' U9 _" \; I9 g[root@controller01 ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak2 P* c) Q$ Q! j, x5 k3 B
[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/plugins/ml2/linuxbridge_agent.ini
1 E& }- a7 s! T4 h& b[DEFAULT]
* _. j: w, ]& z' c/ b j[agent]5 O" ~3 h0 u, U, |! z P& u5 f
[linux_bridge]" f. d- O! @! \" O" O
# 网络类型名称与物理网卡对应,这里flat external网络对应规划的eth1,vlan租户网络对应规划的eth3,在创建相应网络时采用的是网络名称而非网卡名称;6 G# ?, Z6 v( L0 Q. f2 d) D6 D
# 需要明确的是物理网卡是本地有效,根据主机实际使用的网卡名确定;
~- ]( B. d% O/ p1 |& n# 另有” bridge_mappings”参数对应网桥/ j' o8 t) ^9 L+ `
physical_interface_mappings = external:eth1,vlan:eth3
. ~ n! V) Q* ~, b% \0 M U[network_log]4 p4 x! J. l, X$ p$ T+ L5 E
[securitygroup]7 u( M# o+ k! w3 g6 n
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
; \) d' W* M7 e( D2 h+ _+ K) k" {enable_security_group = true- t3 R1 z& `( x% J
[vxlan]
V- g2 {& H% K9 {; ]/ venable_vxlan = true
" y% D1 }) d5 k: o; t {# tunnel租户网络(vxlan)vtep端点,这里对应规划的eth2(的地址),根据节点做相应修改
7 f& O( t ]' s1 N" {- k7 clocal_ip = 10.0.0.31
$ v8 ^) X* Y( q- _( r. k& \- n- Ll2_population = true
5 T ?+ S6 R; P# [" a9 Z( t2 D复制代码* ~4 b1 q8 e+ u: X
2)配置内核参数
2 }1 @* H* C, l: g4 G6 ]. {复制代码- C+ Z' w6 n/ A
# bridge:是否允许桥接;7 C7 c' `1 \/ H) @/ G" N* I& R
# 如果“sysctl -p”加载不成功,报” No such file or directory”错误,需要加载内核模块“br_netfilter”;
) e- J0 l/ k* e. G- Z R% Q6 N! @# 命令“modinfo br_netfilter”查看内核模块信息;
7 |0 W, Q8 M1 W3 Q8 G# 命令“modprobe br_netfilter”加载内核模块
. _3 C- O7 g$ \* J3 e, S. g# U[root@controller01 ~]# echo "# bridge" >> /etc/sysctl.conf8 r7 R3 M! d0 j
[root@controller01 ~]# echo "net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf* D) I: X }3 t8 L5 `, x
[root@controller01 ~]# echo "net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.conf. Q: Y2 k4 V: U) u; e
[root@controller01 ~]# sysctl -p
9 h' `: _0 ` Q* J# H% Y# G0 _复制代码& ~7 k: p! S* ^. s
7. 配置l3_agent.ini(self-networking)2 ~2 [) x L( }9 q3 ]4 W/ L4 r
复制代码
3 U% \/ s4 U& x/ a# 在全部控制节点操作,以controller01节点为例;
1 @6 g D6 |: Y$ |6 J _# l3_agent.ini文件的权限:root:neutron }! @% l8 S& b
[root@controller01 ~]# cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak3 e5 C; D N7 t8 ^6 T% ~1 x
[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/l3_agent.ini
* Y( j0 {( ^/ T: p/ _[DEFAULT]
; ^' w/ a- c H a# L5 S! \! ^interface_driver = linuxbridge* F4 I4 I% K N1 Y
[agent]4 `) f4 R8 ~& U+ g" O" r
[ovs], j! c2 v; h5 G5 {- z
复制代码, x" c9 ]' A$ [: U/ P# z
8. 配置dhcp_agent.ini
- r+ P& B {9 k% }# s( x* Z& z复制代码
1 i0 F" @! s) J8 H" ?# 在全部控制节点操作,以controller01节点为例;
$ r0 Q# u7 I& y+ q# 使用dnsmasp提供dhcp服务;8 O# o& B9 Y4 }
# dhcp_agent.ini文件的权限:root:neutron' z3 t( \& }/ _; Q% t
[root@controller01 ~]# cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak C- D/ O! {0 s
[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/dhcp_agent.ini( w* S7 o) {- z) ]+ f# i( G
[DEFAULT]
7 _6 J& i( Z9 X$ G6 P, Vinterface_driver = linuxbridge
g8 V* ?& i+ e2 ]9 m% q; edhcp_driver = neutron.agent.linux.dhcp.Dnsmasq$ }# V3 i. \0 @* n( N$ K9 p% u
enable_isolated_metadata = true; `: C' Y2 M$ C1 M; ]: I0 f
[agent]1 ^5 R# K. @& g6 b8 A$ [
[ovs]! J, p& K- @+ i0 W. c$ C
复制代码/ g6 `1 f, Y2 n, V/ u
9. 配置metadata_agent.ini8 f4 ^9 M$ Y# o- q0 J, T
复制代码
4 S' h* l4 K9 }" [# 在全部控制节点操作,以controller01节点为例;+ f( D; T" p" a' P4 R
# metadata_proxy_shared_secret:与/etc/nova/nova.conf文件中参数一致;
) z( s) k0 _# Y- f# metadata_agent.ini文件的权限:root:neutron5 M; H8 j) E* p$ p% V3 F& D
[root@controller01 ~]# cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak
, d1 i) V8 k/ G6 W% @[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/metadata_agent.ini4 F; l3 Z" s: |! E+ m8 ]3 h
[DEFAULT]
" k' O& X& C' L; V. i. }nova_metadata_host = controller
5 I+ q* m3 N* q9 Gmetadata_proxy_shared_secret = neutron_metadata_secret' S4 @4 C: G. @( i$ r
[agent]6 I* @% ?3 ^, r5 X) v1 E
[cache]
6 h) a" a& P6 f; U3 H) ^* Q& X/ F复制代码0 z( P# }" `/ r
10. 配置nova.conf
5 n& S3 L: O, H, q! G3 D( p复制代码4 ]$ M: k3 A t2 W4 }
# 在全部控制节点操作,以controller01节点为例;" f' K% M5 S3 U k& K8 X+ o; [
# 配置只涉及nova.conf的”[neutron]”字段;
+ j* m1 |: j, Z4 _& Y0 B# metadata_proxy_shared_secret:与/etc/neutron/metadata_agent.ini文件中参数一致, _$ I% E# ?. [+ k$ K. l( V
[root@controller01 ~]# vim /etc/nova/nova.conf9 J$ ?! x8 ]9 [+ ~
[neutron]
5 G! v" ]1 s& L6 hurl = http://controller:9696 `- W! M0 U' e1 y. o
auth_url = http://controller:35357* A3 H( a2 N$ T# c2 t
auth_type = password
8 o1 e4 v/ {0 M! r$ y C3 B1 Nproject_domain_name = default
, p3 f2 K8 A& _" a6 q! Euser_domain_name = default
+ U q# p$ O8 J' W1 x3 q2 dregion_name = RegionTest$ W: f: p; e9 b% P* W5 Z+ Y. n
project_name = service4 C; y1 y$ h' J7 x0 R( `; C& r8 j
username = neutron
* D. R' I1 a" \& l+ Gpassword = neutron_pass
' n& p. @/ B* Y# Y5 qservice_metadata_proxy = true- a( O' q4 i8 A3 h$ q7 u9 X1 j
metadata_proxy_shared_secret = neutron_metadata_secret. X' q7 ]+ K+ ]# ]4 z9 V8 M4 |1 o
复制代码
o- J% h+ h# I1 n' \6 J11. 同步neutron数据库4 V# A: N4 Y/ o$ R `* e* p" w" h
# 任意控制节点操作;4 |" i) R% V" K& G- V
[root@controller01 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
* _ Q9 i. I8 @# 验证6 ?/ ^" t( X8 h# `) Q# ]/ \0 F
[root@controller01 ~]# mysql -h controller01 -u neutron -pneutron_dbpass -e "use neutron;show tables;"
0 @7 t. I, a k9 N( V/ Q12. 启动服务! y3 P1 W* Q0 @
复制代码: ]: W6 t. i& r" |9 r0 p" g' j7 t
# 全部控制节点操作;( G1 |* J& g% |- |# ]
# 变更nova配置文件,首先需要重启nova服务$ a7 S) O( N5 I1 J& }
[root@controller01 ~]# systemctl restart openstack-nova-api.service
1 U L( c' I$ P$ H X6 F/ r+ [9 m# b8 _( ?; G$ z' B3 f1 }6 Y& X
# 开机启动
9 @* y. h0 p2 n9 A1 X[root@controller01 ~]# systemctl enable neutron-server.service \
: s3 G0 j6 j" w T neutron-linuxbridge-agent.service \+ |- f# U% ^8 E+ e; @
neutron-l3-agent.service \- m0 i* L3 m% b* Z3 A' S% x3 G
neutron-dhcp-agent.service \
" \5 n3 z5 M! x# r neutron-metadata-agent.service6 u# F! R# D+ r+ }$ S* D/ a$ y
# 启动" k# f! f- ` o) A, \$ K" v
[root@controller01 ~]# systemctl restart neutron-server.service
; c W; y# x8 }4 Q* P$ E[root@controller01 ~]# systemctl restart neutron-linuxbridge-agent.service
+ R( M" A' R/ W+ t8 \! x) r" {- g[root@controller01 ~]# systemctl restart neutron-l3-agent.service
$ c- n8 n0 i3 a' R3 k' L0 S[root@controller01 ~]# systemctl restart neutron-dhcp-agent.service. ~* _1 q; Z6 j
[root@controller01 ~]# systemctl restart neutron-metadata-agent.service9 r* J& d' y' D8 M4 q
复制代码( C& x+ y/ V1 J7 M
13. 验证
" \( C$ z" _. k, g复制代码# [( w: g! \( H4 q; p( ^3 [5 a
[root@controller01 ~]# . admin-openrc
. t0 m; d/ G- _- U; {# 查看加载的扩展服务7 P5 o& K3 r, v2 y" e% W
[root@controller01 ~]# openstack extension list --network" m! |2 r5 \' \. i9 K" P9 ?; r E2 T' f
# 查看agent服务
( l/ `3 E+ z: h1 ]) Z: ~[root@controller01 ~]# openstack network agent list/ U" D1 u( D5 p3 ~% \% S
复制代码
3 K8 N7 d8 d9 u6 Z& |3 w" I- ^+ h% r1 Z6 S7 e* d. _
14. 设置pcs资源
" g2 }- Z- P- k$ D& h9 S( L' ^复制代码
3 ^" ]# u7 p; A2 T# 在任意控制节点操作;
" U S. a+ u* R1 M% g5 }# 添加资源neutron-server,neutron-linuxbridge-agent,neutron-l3-agent,neutron-dhcp-agent与neutron-metadata-agent! ?/ ^# W" n# F5 s% q
[root@controller01 ~]# pcs resource create neutron-server systemd:neutron-server --clone interleave=true* J* S) C' {5 u) w. ]
[root@controller01 ~]# pcs resource create neutron-linuxbridge-agent systemd:neutron-linuxbridge-agent --clone interleave=true3 b( X7 C8 R3 N1 N; \) u/ C
[root@controller01 ~]# pcs resource create neutron-l3-agent systemd:neutron-l3-agent --clone interleave=true
! T6 ^2 g. X- g0 J+ s[root@controller01 ~]# pcs resource create neutron-dhcp-agent systemd:neutron-dhcp-agent --clone interleave=true
1 A; Z Y4 W4 F# z9 T1 W8 S Q[root@controller01 ~]# pcs resource create neutron-metadata-agent systemd:neutron-metadata-agent --clone interleave=true% D7 f) y5 S- u* p. c: q4 P
# 查看pcs资源
4 o4 C# ?. U3 `3 m/ a5 ^[root@controller01 ~]# pcs resource0 M% f- \# ^3 n5 M* z
|
|
/4 
窥视卡
雷达卡
发表于 2021-10-8 17:15:33
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
楼主
