- 积分
- 16840
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
配置neutron.conf
% K7 B6 O) p- b2 h2 m, f9 A9 [复制代码$ z" V8 T( c7 b' b1 C* i
# 在全部控制节点操作,以controller01节点为例;
: l. B s6 t. M! _/ L# 注意”bind_host”参数,根据节点修改;1 U$ j* D( X/ G6 }2 S" v S0 R
# 注意neutron.conf文件的权限:root:neutron
- D7 y7 y6 U0 N: Z# f3 e4 O. g[root@controller01 ~]# cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
( e% s r. ?+ }" L$ Q[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/neutron.conf
% z! O4 ~+ ~+ L, f; Q3 Z+ w[DEFAULT]$ N) L* A" n8 b% Q& I3 n
bind_host = 172.30.200.31
3 K- X0 C' R& \0 k" I9 Z; Eauth_strategy = keystone. U& j& ?- u" r4 H
core_plugin = ml2# x( i4 C' p7 n
service_plugins = router
S) s: p# @' m( }3 Q% d0 O& Y4 {allow_overlapping_ips = True# s/ q0 x* j) Y7 P
notify_nova_on_port_status_changes = true. P8 R4 Q& C# T6 M. `! o) w
notify_nova_on_port_data_changes = true! \: ?0 e' l3 V
# l3高可用,可以采用vrrp模式或者dvr模式;
( j/ h: l& Q6 k0 T1 x7 g/ t% u# vrrp模式下,在各网络节点(此处网络节点与控制节点混合部署)以vrrp的模式设置主备virtual router;mater故障时,virtual router不会迁移,而是将router对外服务的vip漂移到standby router上; 8 d$ M& q4 L2 y' J
# dvr模式下,三层的转发(L3 Forwarding)与nat功能都会被分布到计算节点上,即计算节点也有了网络节点的功能;但是,dvr依然不能消除集中式的virtual router,为了节省IPV4公网地址,仍将snat放在网络节点上提供;! d! [& S) N( s2 y8 p
# vrrp模式与dvr模式不可同时使用# U% k7 k& m1 _( k3 W
# Neutron L3 Agent HA 之 虚拟路由冗余协议(VRRP): http://www.cnblogs.com/sammyliu/p/4692081.html; s7 m& s% T: c* I2 _" H. B7 g! L* b
# Neutron 分布式虚拟路由(Neutron Distributed Virtual Routing): http://www.cnblogs.com/sammyliu/p/4713562.html
$ H; W x. P5 {% I* d# “l3_ha = true“参数即启用l3 ha功能% r7 S0 X. y5 M8 r/ r! x9 P# A- C
l3_ha = true
# p' m3 r8 D( T& {9 P# 最多在几个l3 agent上创建ha router
5 n) l# K4 u& O/ Y) n; jmax_l3_agents_per_router = 3
- {( H& T3 i' _- O+ G# 可创建ha router的最少正常运行的l3 agnet数量) R, T6 Q S( Q) H$ t
min_l3_agents_per_router = 2
. O+ f0 s, ?9 y4 L! e# vrrp广播网络4 _0 q' d+ h% ~6 z- r; [
l3_ha_net_cidr = 169.254.192.0/18; T! D' \) r! j1 A+ O8 g# N
# ”router_distributed “参数本身的含义是普通用户创建路由器时,是否默认创建dvr;此参数默认值为“false”,这里采用vrrp模式,可注释此参数
9 V( b& Q3 n& e" }# h# 虽然此参数在mitaka(含)版本后,可与l3_ha参数同时打开,但设置dvr模式还同时需要设置网络节点与计算节点的l3_agent.ini与ml2_conf.ini文件
2 G, V1 i, A/ {% S! B) ^$ |# router_distributed = true: M, B3 f7 `1 G0 \7 R4 c! j
# dhcp高可用,在3个网络节点各生成1个dhcp服务器
/ b' ]4 y0 }/ H3 adhcp_agents_per_network = 3: V9 s3 G# G8 U
# 前端采用haproxy时,服务连接rabbitmq会出现连接超时重连的情况,可通过各服务与rabbitmq的日志查看;
4 D; X( B- K5 a* ]# transport_url = rabbit://openstack:rabbitmq_pass@controller:5673
' W5 Z+ N; b5 o4 u6 J# rabbitmq本身具备集群机制,官方文档建议直接连接rabbitmq集群;但采用此方式时服务启动有时会报错,原因不明;如果没有此现象,强烈建议连接rabbitmq直接对接集群而非通过前端haproxy
3 Z2 `& \8 k1 r; Itransport_url=rabbit://openstack:rabbitmq_pass@controller01:5672,controller02:5672,controller03:5672
& y2 a9 P1 J2 g[agent]" h2 p; Q* d. t% H- A
[cors]
/ y! a- s; T' F[database]
" s: @/ U+ `! } [4 Tconnection = mysql+pymysql://neutron:neutron_dbpass@controller/neutron4 p- i9 {" f+ ?; C0 b2 a7 W
[keystone_authtoken]) R3 K$ L* [+ M3 A' i
auth_uri = http://controller:5000$ w: Z2 i5 n% h' y0 U
auth_url = http://controller:35357) G0 H7 k# O: F5 y8 W, I* U j7 `
memcached_servers = controller01:11211,controller:11211,controller:11211
5 j0 e+ n% L) W3 L, o* [auth_type = password
2 l8 Q& j( p) B, {project_domain_name = default/ J0 E% [. ]4 m6 V
user_domain_name = default" ]; |0 `0 C* C0 _% r2 b
project_name = service
6 T" b5 t, y* }0 U! `2 Ausername = neutron. R+ [! |; S9 |; A* m0 ]! V9 p% s
password = neutron_pass
2 y' F! H k) i) ^9 `( w[matchmaker_redis]
# b5 Y2 E, K0 w: [[nova]
, Q4 _/ r9 f, tauth_url = http://controller:35357
8 a0 A# E9 o$ H0 S1 sauth_type = password5 y: i7 W$ k. O$ ^) a
project_domain_name = default/ m8 `3 }2 q" b/ j( r
user_domain_name = default6 K8 S5 f( b7 E$ f9 p
region_name = RegionTest
; O8 _3 ^3 e& m8 Oproject_name = service: _- V r8 P4 s7 C
username = nova
+ Y0 H8 H9 M6 q* z* W3 }password = nova_pass
& W/ y9 L- D+ S( Z0 D5 c[oslo_concurrency]
j d# s& M( o2 t Hlock_path = /var/lib/neutron/tmp
+ \* T6 k( M: C" N[oslo_messaging_amqp]7 B* ?) v* k4 H, L1 W! w6 d
[oslo_messaging_kafka]
8 T! {: T( j& L( P, H: }[oslo_messaging_notifications], P. Y# b |, o, O0 F
[oslo_messaging_rabbit]# H/ }% s+ R' S. m) q
[oslo_messaging_zmq]
1 }. r) r$ t* X; _. y[oslo_middleware]1 t6 F7 N/ y [! k3 Q' V0 V
[oslo_policy]% C3 \& L. }4 t" S; o. c7 s
[quotas]
- T) I$ a' h+ ], o' o! D+ W/ C5 W o! h[ssl]% s& X+ W% K0 d& D8 j/ D6 O
复制代码
9 R2 f' |3 e* L: _8 ]6 S/ t5. 配置ml2_conf.ini
7 T9 M$ k j1 o0 T6 r复制代码5 _9 o% g8 _- R4 E _
# 在全部控制节点操作,以controller01节点为例;
9 |) L! c1 _+ h, E7 D# ml2_conf.ini文件的权限:root:neutron" I9 O$ w- v3 x, U
[root@controller01 ~]# cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
! Y g) I! s U. @[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/plugins/ml2/ml2_conf.ini
3 w2 J+ Y4 K4 v, ~* b x+ p+ N[DEFAULT]: D3 U1 y1 ?; r
[l2pop]9 B) Z3 c/ r0 J/ s* L1 B
[ml2]9 Q9 C" K" [& @. a
type_drivers = flat,vlan,vxlan
9 y% g' J4 K6 o" U) G; y7 I' g# ml2 mechanism_driver 列表,l2population对gre/vxlan租户网络有效
- q2 d9 @3 n, Vmechanism_drivers = linuxbridge,l2population
* ~& G8 p% F! W' \* R$ j! h+ p O9 a! X# 可同时设置多种租户网络类型,第一个值是常规租户创建网络时的默认值,同时也默认是master router心跳信号的传递网络类型( _* Y" b- {6 t" g
tenant_network_types = vlan,vxlan,flat9 B! M6 O2 k3 u5 N) x
extension_drivers = port_security; b0 b4 k% F9 B. ]
[ml2_type_flat]" t) Z' F# v6 b, c1 g
# 指定flat网络类型名称为”external”,”*”表示任意网络,空值表示禁用flat网络
1 V% N# E+ T9 B, rflat_networks = external/ B, H( F2 h/ n9 n' F2 P5 A: E* l
[ml2_type_geneve]9 m- x$ W' ?. {0 @7 p0 `
[ml2_type_gre]
4 p3 h* N( B' ~[ml2_type_vlan]
% `8 D+ F8 M% M2 g" J5 _# 指定vlan网络类型的网络名称为”vlan”;如果不设置vlan id则表示不受限2 j4 n+ o1 Q [( F
network_vlan_ranges = vlan:3001:3500
1 P1 `) V( h$ F7 y! D c- b[ml2_type_vxlan]+ q8 I+ D" @' z5 _& N& w4 m
vni_ranges = 10001:200006 `, V" D5 B' p1 @& t @
[securitygroup]
+ o. y# k% l# penable_ipset = true
# ]2 d. k/ Y" K# 服务初始化调用ml2_conf.ini中的配置,但指向/etc/neutron/olugin.ini文件' ]5 N2 U2 C- v' T
[root@controller01 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini: ?% D# D" w, _5 ^
复制代码
7 l- ~; A: L( y! g6. 配置linuxbridge_agent.ini7 q. W6 F% @; e6 q
1)配置linuxbridge_agent.ini
; J: `. C$ [0 H. w8 z1 ?2 P复制代码7 A" U/ T; q. z* ]* ^
# 在全部控制节点操作,以controller01节点为例;% v7 I: L5 H; M
# linuxbridge_agent.ini文件的权限:root:neutron
8 f+ L# f9 p% [! B2 v[root@controller01 ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
" T5 m+ j8 k$ ]5 A. m6 T1 R) s[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/plugins/ml2/linuxbridge_agent.ini
% ~3 l7 r/ A( ^1 v8 I5 x[DEFAULT]+ t; j4 f- B$ x% j- ~
[agent]% ~0 W9 i( |6 z
[linux_bridge]
, y5 z7 d1 _1 |/ M# 网络类型名称与物理网卡对应,这里flat external网络对应规划的eth1,vlan租户网络对应规划的eth3,在创建相应网络时采用的是网络名称而非网卡名称;
8 F" u r& \2 K+ x# 需要明确的是物理网卡是本地有效,根据主机实际使用的网卡名确定;
2 S. d) x! d8 k$ w3 }5 X# 另有” bridge_mappings”参数对应网桥( k& v% ]/ f- H
physical_interface_mappings = external:eth1,vlan:eth3* @7 c3 b0 L0 P7 X( f
[network_log]
' j/ h B x* t1 g& z[securitygroup]: L2 B% H5 m R; e9 _
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver4 K7 g$ n% I( a5 f( F6 y
enable_security_group = true( X5 F6 c4 o3 [8 u6 O8 e
[vxlan]$ ~4 `8 [. ?6 ?+ i
enable_vxlan = true
3 K0 A, ^# F% N( ?. T9 s6 }# tunnel租户网络(vxlan)vtep端点,这里对应规划的eth2(的地址),根据节点做相应修改7 @! x! ?4 Q: v6 r
local_ip = 10.0.0.31
9 n& W: [- ]! ~/ l/ }5 J2 J& w! a/ \l2_population = true
H& Q) g! Y- `; b& r0 H: E5 O复制代码) e1 h+ h( B/ j3 `3 G& H
2)配置内核参数
! T% g: I$ p- z. D- Q7 a) R$ ^复制代码+ w( J4 V7 o/ j+ Q) m& M: ~
# bridge:是否允许桥接;$ R; g7 k& c- V; j2 n
# 如果“sysctl -p”加载不成功,报” No such file or directory”错误,需要加载内核模块“br_netfilter”;. Y9 D1 _* Q! S* W% q
# 命令“modinfo br_netfilter”查看内核模块信息;
+ r( d9 }) S& G( [1 x- b# 命令“modprobe br_netfilter”加载内核模块
* L% f4 U5 S; {- ]" _- B! f+ ~! _[root@controller01 ~]# echo "# bridge" >> /etc/sysctl.conf( ? m) |8 l( A8 [! q' l. i3 b
[root@controller01 ~]# echo "net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf* {# k2 F( s0 f7 _1 s/ J! q8 p
[root@controller01 ~]# echo "net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.conf
- @* t' A+ d" Y% o# `* W[root@controller01 ~]# sysctl -p- O7 ~/ d( s0 H9 T$ L
复制代码
# {1 G/ {" R L/ z$ a7. 配置l3_agent.ini(self-networking)( t/ H& ? V( p; Y3 ?, U" [
复制代码8 h& z0 p& L% G: V5 R( Y
# 在全部控制节点操作,以controller01节点为例;
! o8 G, V/ ?: F. ^6 E' V# l3_agent.ini文件的权限:root:neutron, N5 \. g. F4 E1 e) V
[root@controller01 ~]# cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak
6 T& |1 H6 J6 B7 G) |[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/l3_agent.ini% M# Y" v- k' A F+ A* h6 C7 M
[DEFAULT]
( i6 U# }7 \$ A0 J0 ointerface_driver = linuxbridge" [2 u: u n0 Y0 w9 X2 U
[agent]" o+ G2 }, e7 H. W ]6 N! u
[ovs]+ |9 u0 H7 R) e# ?. h8 w6 Z8 b
复制代码+ }2 Q8 Y2 R" x" U
8. 配置dhcp_agent.ini
7 V8 {, c) V$ d+ a$ Y/ z/ i复制代码
q( R8 b2 d( }5 J# 在全部控制节点操作,以controller01节点为例;
$ W' x5 u. i& y% J: a# 使用dnsmasp提供dhcp服务;
; O1 N) O2 U) k: L( r" Z6 g6 {# dhcp_agent.ini文件的权限:root:neutron& N0 `) T! O2 w! Y; a3 ^+ j5 K
[root@controller01 ~]# cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak! [- R* e$ r7 t0 `7 v7 j' S' f
[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/dhcp_agent.ini3 I# |+ D) \0 D9 J5 S6 G; A
[DEFAULT]" u' X' r% Q/ D3 I; b f
interface_driver = linuxbridge& r. t$ C/ ^$ t; ]! |# u
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq, c- h% q6 a. M
enable_isolated_metadata = true2 x. R- \6 ]8 w( u$ l, {
[agent]/ [; `5 J. T' e, O5 y' Y) l
[ovs]' a0 R. P' P" D' z
复制代码
/ V; p2 k3 O1 A6 I; x% f" ?, @9. 配置metadata_agent.ini
* u8 m9 B% E; b& |复制代码
& b8 K s" L, d" r# 在全部控制节点操作,以controller01节点为例;
" r6 P/ _+ L3 x' c* ]! i8 M# metadata_proxy_shared_secret:与/etc/nova/nova.conf文件中参数一致;6 b7 |' `# Y% E) Z8 W& S( Y7 X$ q
# metadata_agent.ini文件的权限:root:neutron
* k V2 g% R ?; C% ?. [[root@controller01 ~]# cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak# u% |. b9 `$ v( |, Y
[root@controller01 ~]# egrep -v "^$|^#" /etc/neutron/metadata_agent.ini0 b7 |' t3 e: P. J+ @
[DEFAULT]$ O: R7 b1 j% K# p; D3 I$ ?
nova_metadata_host = controller
" @- q7 C! f7 D0 A4 cmetadata_proxy_shared_secret = neutron_metadata_secret
; g( o( a1 s/ s3 W9 ]; c4 [0 ][agent]
) j$ c6 z* l& M5 e: M0 Y: o( ][cache]* M8 M: q- O; \) \7 p
复制代码, n: e( ?+ }; l+ S
10. 配置nova.conf
A$ d5 Y2 d7 D% c* C% o& Y复制代码% v4 n2 \7 w6 y% H
# 在全部控制节点操作,以controller01节点为例;/ j# c( [ r! Y) P) Z1 [
# 配置只涉及nova.conf的”[neutron]”字段;2 C1 i# M3 l1 B8 V: c. @: Q
# metadata_proxy_shared_secret:与/etc/neutron/metadata_agent.ini文件中参数一致
4 t/ |: I$ b' o* |[root@controller01 ~]# vim /etc/nova/nova.conf2 ?' A7 V4 W7 K. {
[neutron]/ ?! v3 Z" G4 M2 K |
url = http://controller:9696
( S' Y) Z2 a! gauth_url = http://controller:35357
/ I- r" v& I+ N0 Uauth_type = password
& A% A7 s$ C5 t7 L, D' |project_domain_name = default& {) }. n' B# O1 T) F7 |/ O, l. ?
user_domain_name = default
# ^% D( C0 h8 \9 I2 ^2 U* N5 C( _region_name = RegionTest, k" ^3 w4 l! C2 z) ~
project_name = service, y& W3 u- a! F" ?+ w5 c$ K
username = neutron- O: w% l0 S2 e6 u+ D" p d/ P( y
password = neutron_pass
2 m4 {' l" t% J( ~1 K9 H m a, \- yservice_metadata_proxy = true, [ e: L( e/ e$ i! i U
metadata_proxy_shared_secret = neutron_metadata_secret
! o2 S3 i) z/ g# r复制代码
, W: ?7 l% J/ t- L11. 同步neutron数据库" c/ G; ~6 c# ~) F
# 任意控制节点操作;
0 S! a6 x( f* T. k[root@controller01 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron' U4 C1 S. @4 \6 g3 c
# 验证" C8 ?: ]" H Y) ]* c- d5 ~. x
[root@controller01 ~]# mysql -h controller01 -u neutron -pneutron_dbpass -e "use neutron;show tables;"
4 }# v9 k2 I w0 ^12. 启动服务; J( b+ ~& `1 l, k1 O
复制代码
4 ~6 ?4 a! p9 h0 r D7 s1 v# 全部控制节点操作;& s5 D5 w/ O4 F _3 j% c
# 变更nova配置文件,首先需要重启nova服务
' W( B6 N: e2 X5 D! k( ], D7 s8 }[root@controller01 ~]# systemctl restart openstack-nova-api.service
7 ]& A. I8 q' I) K% h7 y2 l2 U
9 }, Q2 J! A+ W6 M6 M# 开机启动0 P: Q6 f2 P& a+ C% {( N. m4 s
[root@controller01 ~]# systemctl enable neutron-server.service \
0 \. J0 u+ J& {; G3 B- n neutron-linuxbridge-agent.service \/ }9 A' E1 n! R L
neutron-l3-agent.service \
8 E- S8 p+ \7 u neutron-dhcp-agent.service \
8 f; G u/ X( v' k neutron-metadata-agent.service
; J" Q5 B, e) i: |- K6 R; p) A# 启动
& ~8 J7 n- f6 f7 D- ~4 c[root@controller01 ~]# systemctl restart neutron-server.service
A n. y4 W- z[root@controller01 ~]# systemctl restart neutron-linuxbridge-agent.service: w+ Z* n2 o# o& e U
[root@controller01 ~]# systemctl restart neutron-l3-agent.service c+ o3 g; i4 H4 J7 B
[root@controller01 ~]# systemctl restart neutron-dhcp-agent.service% D: g' o& N1 [! R
[root@controller01 ~]# systemctl restart neutron-metadata-agent.service
: C9 I. D6 P1 }6 @0 l复制代码
. }- i+ G1 H8 J a13. 验证
+ ^" N8 c }$ k( n" U复制代码2 n9 X0 ^; o* Z7 p0 H0 x. T$ F. {
[root@controller01 ~]# . admin-openrc % a6 K# b! W8 R2 b8 C
# 查看加载的扩展服务
$ J* x' p' P, M2 W z; E[root@controller01 ~]# openstack extension list --network
( S% C% `" Q; i- B. s# 查看agent服务
, a5 T M( Q7 i% N[root@controller01 ~]# openstack network agent list
. d. P. Z! X& ]3 i& a) z复制代码7 c2 c1 e) e* Q3 }. G
3 A! F$ {3 j% u5 J- Y6 z14. 设置pcs资源9 e+ X- y3 ~5 ^; k' p: I
复制代码3 N. K+ Q7 _7 j0 C
# 在任意控制节点操作;4 t) b4 L) R( j4 S3 G
# 添加资源neutron-server,neutron-linuxbridge-agent,neutron-l3-agent,neutron-dhcp-agent与neutron-metadata-agent
' G: G. \9 E- f3 U! T[root@controller01 ~]# pcs resource create neutron-server systemd:neutron-server --clone interleave=true( M6 r g0 m# U$ \
[root@controller01 ~]# pcs resource create neutron-linuxbridge-agent systemd:neutron-linuxbridge-agent --clone interleave=true- [6 W) V) t7 H4 ^3 f
[root@controller01 ~]# pcs resource create neutron-l3-agent systemd:neutron-l3-agent --clone interleave=true J7 d6 J+ R+ `
[root@controller01 ~]# pcs resource create neutron-dhcp-agent systemd:neutron-dhcp-agent --clone interleave=true
6 k$ A) J$ \ d9 h* T( n$ y[root@controller01 ~]# pcs resource create neutron-metadata-agent systemd:neutron-metadata-agent --clone interleave=true
3 G( S! m. W) H$ Y. G# 查看pcs资源
; U( n1 Z& i/ w! W[root@controller01 ~]# pcs resource
' v9 G2 }/ j4 P3 _6 ^7 Z" O |
|
/4 
窥视卡
雷达卡
发表于 2021-10-8 17:15:33
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
楼主
