OpenStack stein安装(八)network option1
admin
2023-03-11 12:42:06
0

安装和配置网络组件在controller节点上

  1. 安装包 
    # yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
  2. 配置服务器组件
网络服务组件配置包括数据,验证机制,消息队列,拓扑改变通知和插件.
Edit the /etc/neutron/neutron.conf file and complete the following actions:
○ In the [database] section, configure database access:
    [database]
    # ...
    connection = mysql+pymysql://neutron:neutron123@dbs.flex.net/neutron
    注意:注释或移除其它连接选项在[database]区域中

○ In the [DEFAULT] section, enable the Modular Layer 2 (ML2) plug-in and disable additional plug-ins:
    [DEFAULT]
    # ...
    core_plugin = ml2
    service_plugins =

○ In the [DEFAULT] section, configure RabbitMQ message queue access:
    [DEFAULT]
    # ...
    transport_url = rabbit://openstack:openstack123@dbs.flex.net

○ In the [DEFAULT] and [keystone_authtoken] sections, configure Identity service access:
    [DEFAULT]
    # ...
    auth_strategy = keystone

    [keystone_authtoken]
    # ...
    www_authenticate_uri = http://stack.flex.net:5000
    auth_url = http://stack.flex.net:5000
    memcached_servers = dbs.flex.net:11211
    auth_type = password
    project_domain_name = default
    user_domain_name = default
    project_name = service
    username = neutron
    password = neutron123
    注意:注释或移除其它连接选项在[keystone_authtoken]区域中

○ In the [DEFAULT] and [nova] sections, configure Networking to notify Compute of network topology changes:
    [DEFAULT]
    # ...
    notify_nova_on_port_status_changes = true
    notify_nova_on_port_data_changes = true

    [nova]
    auth_url = http://stack.flex.net:5000
    auth_type = password
    project_domain_name = default
    user_domain_name = default
    region_name = RegionOne
    project_name = service
    username = nova
    password = nova123

○ In the [oslo_concurrency] section, configure the lock path:
    [oslo_concurrency]
    # ...
    lock_path = /var/lib/neutron/tmp
  1. 配置模块Layer 2 (ML2)插件
    实列中使用ML2插件,ML2使用Linux bridge机制建立layer-2(桥接和交换)虚拟网络架构。
    Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file and complete the following actions:
○ In the [ml2] section, enable flat and VLAN networks:
    [ml2]
    # ...
    type_drivers = flat,vlan

○ In the [ml2] section, disable self-service networks:
    [ml2]
    # ...
    tenant_network_types =

○ In the [ml2] section, enable the Linux bridge mechanism:
    [ml2]
    # ...
    mechanism_drivers = linuxbridge
    警告:配置ML2插件后, 从type_drivers移除这个选项会导致数据库不一致.

○ In the [ml2] section, enable the port security extension driver:
    [ml2]
    # ...
    extension_drivers = port_security

○ In the [ml2_type_flat] section, configure the provider virtual network as a flat network:
    [ml2_type_flat]
    # ...
    flat_networks = provider

○ In the [securitygroup] section, enable ipset to increase efficiency of security group rules:
    [securitygroup]
    # ...
    enable_ipset = true
  1. Configure the Linux bridge agent
    The Linux bridge agent builds layer-2 (bridging and switching) virtual networking infrastructure for instances and handles security groups.
    Edit the /etc/neutron/plugins/ml2/linuxbridge_agent.ini file and complete the following actions:
○ In the [linux_bridge] section, map the provider virtual network to the provider physical network interface:
    [linux_bridge]
    physical_interface_mappings = provider:eht1
    使用eth2物理网络接口做为租户的网络连接.

○ In the [vxlan] section, disable VXLAN overlay networks:
    [vxlan]
    enable_vxlan = false
○ In the [securitygroup] section, enable security groups and configure the Linux bridge iptables firewall driver:
    [securitygroup]
    # ...
    enable_security_group = true
    firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

○ Ensure your Linux operating system kernel supports network bridge filters by verifying all the following sysctl values are set to 1:
    net.bridge.bridge-nf-call-iptables
    net.bridge.bridge-nf-call-ip6tables

    #  modprobe br_netfilter
    #  vi /etc/sysctl.conf
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1 
    # sysctl -p
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1

    为了网络支持桥接, 通常的需要加载br_netfilter内核模块. 但这里可以忽略错误,当你重启neutron时会自动加载.

  1. Configure the DHCP agent

    The DHCP agent provides DHCP services for virtual networks.
Edit the /etc/neutron/dhcp_agent.ini file and complete the following actions:
○ In the [DEFAULT] section, configure the Linux bridge interface driver, Dnsmasq DHCP driver, and enable isolated metadata so instances on provider networks can access metadata over the network:
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

完成后返回网络配置或继续网络选项2.

上一篇:OpenStack stein安装(九)network option2

下一篇:用户及用户组命令详解

相关内容

热门资讯

女子一吃东西就“大小眼” 确诊... 女子一吃东西就“大小眼”  【女子一吃东西就“大小眼”】河南郑州一位女子患上了一种罕见的怪病。只要一...
“英版特朗普”攻城略地,英国要... 【文/观察者网 柳白】英国政坛正在经历一场强烈震荡。刚刚结束的英国地方议会选举中,首相斯塔默领导的工...
记者观察|透过这场吹风会,看懂... 一项刚从实验室诞生的新技术,如何“能落地、长得好”? 过去很多年里,我们是“先研发技术,再给它找地方...
大破防!美贸易代表炮轰美国法官... 文 观察者网 齐倩美国法院裁定新一轮全球关税非法,特朗普政府随即表示上诉。当地时间5月8日,美国贸易...
地暖管铺的稀,家里不热怎么办- 导读:地暖管铺设是有一定的标准的,如果没有达到预期效果可以找厂家协调解决,实在不行,可以采用墙角线明...
楼梯墙砖怎么贴才好看 楼梯墙砖可以分两部分来贴,第1部分要贴深颜色的,也就是楼梯与墙之间交接的地方,这些地方容易积攒灰尘,...
挂钩买什么样式的好用 吸盘挂钩... 在家居生活中,挂钩几乎是每家每户都有的小配饰。本文介绍了挂钩的几种好用样式,包括粘胶式无痕挂钩、易取...
电暖器什么样的环保? 最佳回答 现在市场上的电暖器还是比较多的。全国一线品牌有格力电暖器、美的电暖器、艾美特电暖器、先锋电...
农村可以安装什么样的热水器 农村地区的生活条件相对城市会落后一些,对于供暖、供热、供水等方面的设备要求也会有所不同。在热水器这一...
中国短剧剧组在泰国被查,8人被... 2026年5月8日,泰国清迈旅游警察逮捕了一个正在清迈非法拍摄中国短剧的8人剧组。这个剧组以当地知名...