OpenStack stein安装(八)network option1
admin
2023-03-11 12:42:06
0

安装和配置网络组件在controller节点上

  1. 安装包 
    # yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
  2. 配置服务器组件
网络服务组件配置包括数据,验证机制,消息队列,拓扑改变通知和插件.
Edit the /etc/neutron/neutron.conf file and complete the following actions:
○ In the [database] section, configure database access:
    [database]
    # ...
    connection = mysql+pymysql://neutron:neutron123@dbs.flex.net/neutron
    注意:注释或移除其它连接选项在[database]区域中

○ In the [DEFAULT] section, enable the Modular Layer 2 (ML2) plug-in and disable additional plug-ins:
    [DEFAULT]
    # ...
    core_plugin = ml2
    service_plugins =

○ In the [DEFAULT] section, configure RabbitMQ message queue access:
    [DEFAULT]
    # ...
    transport_url = rabbit://openstack:openstack123@dbs.flex.net

○ In the [DEFAULT] and [keystone_authtoken] sections, configure Identity service access:
    [DEFAULT]
    # ...
    auth_strategy = keystone

    [keystone_authtoken]
    # ...
    www_authenticate_uri = http://stack.flex.net:5000
    auth_url = http://stack.flex.net:5000
    memcached_servers = dbs.flex.net:11211
    auth_type = password
    project_domain_name = default
    user_domain_name = default
    project_name = service
    username = neutron
    password = neutron123
    注意:注释或移除其它连接选项在[keystone_authtoken]区域中

○ In the [DEFAULT] and [nova] sections, configure Networking to notify Compute of network topology changes:
    [DEFAULT]
    # ...
    notify_nova_on_port_status_changes = true
    notify_nova_on_port_data_changes = true

    [nova]
    auth_url = http://stack.flex.net:5000
    auth_type = password
    project_domain_name = default
    user_domain_name = default
    region_name = RegionOne
    project_name = service
    username = nova
    password = nova123

○ In the [oslo_concurrency] section, configure the lock path:
    [oslo_concurrency]
    # ...
    lock_path = /var/lib/neutron/tmp
  1. 配置模块Layer 2 (ML2)插件
    实列中使用ML2插件,ML2使用Linux bridge机制建立layer-2(桥接和交换)虚拟网络架构。
    Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file and complete the following actions:
○ In the [ml2] section, enable flat and VLAN networks:
    [ml2]
    # ...
    type_drivers = flat,vlan

○ In the [ml2] section, disable self-service networks:
    [ml2]
    # ...
    tenant_network_types =

○ In the [ml2] section, enable the Linux bridge mechanism:
    [ml2]
    # ...
    mechanism_drivers = linuxbridge
    警告:配置ML2插件后, 从type_drivers移除这个选项会导致数据库不一致.

○ In the [ml2] section, enable the port security extension driver:
    [ml2]
    # ...
    extension_drivers = port_security

○ In the [ml2_type_flat] section, configure the provider virtual network as a flat network:
    [ml2_type_flat]
    # ...
    flat_networks = provider

○ In the [securitygroup] section, enable ipset to increase efficiency of security group rules:
    [securitygroup]
    # ...
    enable_ipset = true
  1. Configure the Linux bridge agent
    The Linux bridge agent builds layer-2 (bridging and switching) virtual networking infrastructure for instances and handles security groups.
    Edit the /etc/neutron/plugins/ml2/linuxbridge_agent.ini file and complete the following actions:
○ In the [linux_bridge] section, map the provider virtual network to the provider physical network interface:
    [linux_bridge]
    physical_interface_mappings = provider:eht1
    使用eth2物理网络接口做为租户的网络连接.

○ In the [vxlan] section, disable VXLAN overlay networks:
    [vxlan]
    enable_vxlan = false
○ In the [securitygroup] section, enable security groups and configure the Linux bridge iptables firewall driver:
    [securitygroup]
    # ...
    enable_security_group = true
    firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

○ Ensure your Linux operating system kernel supports network bridge filters by verifying all the following sysctl values are set to 1:
    net.bridge.bridge-nf-call-iptables
    net.bridge.bridge-nf-call-ip6tables

    #  modprobe br_netfilter
    #  vi /etc/sysctl.conf
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1 
    # sysctl -p
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1

    为了网络支持桥接, 通常的需要加载br_netfilter内核模块. 但这里可以忽略错误,当你重启neutron时会自动加载.

  1. Configure the DHCP agent

    The DHCP agent provides DHCP services for virtual networks.
Edit the /etc/neutron/dhcp_agent.ini file and complete the following actions:
○ In the [DEFAULT] section, configure the Linux bridge interface driver, Dnsmasq DHCP driver, and enable isolated metadata so instances on provider networks can access metadata over the network:
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

完成后返回网络配置或继续网络选项2.

上一篇:OpenStack stein安装(九)network option2

下一篇:用户及用户组命令详解

相关内容

热门资讯

玩家攻略科普“数独大赛.辅助开... 您好:数独大赛这款游戏可以开挂,确实是有挂的,需要了解加客服微信【9784099】很多玩家在这款游戏...
玩家攻略科普“土豪赢三张.到底... 玩家攻略科普“土豪赢三张.到底是不是挂?”外卦神器下载您好,土豪赢三张这个游戏其实有挂的,确实是有挂...
玩家最新攻略“海岛互娱.有没有... 网上科普关于“海岛互娱有没有挂”话题很是火热,小编也是针对海岛互娱作*弊开挂的方法以及开挂对应的知识...
重磅消息“丫丫衡阳字牌.开挂器... 您好:丫丫衡阳字牌这款游戏可以开挂,确实是有挂的,需要了解加客服微信【4282891】很多玩家在这款...
AI专题:AI原生基础设施实践... 今天分享的是:AI专题:AI原生基础设施实践指南(2026) 报告共计:73页 《AI原生基础设施实...
终于明白“荊州晃晃麻将.怎么装... 家人们!今天小编来为大家解答荊州晃晃麻将透视挂怎么安装这个问题咨询软件客服徽9784099的挂在哪里...
最新引进“新人海炸金花.可以开... 有 亲,根据资深记者爆料新人海炸金花是可以开挂的,确实有挂(咨询软件无需...
重磅消息“麻友圈2贵阳捉鸡.是... 您好:麻友圈2贵阳捉鸡这款游戏可以开挂,确实是有挂的,需要了解加客服微信【4282891】很多玩家在...
我来教教您“福建兄弟十三水.真... 您好:福建兄弟十三水这款游戏可以开挂,确实是有挂的,需要了解加客服微信【9784099】很多玩家在这...
【第一财经】“战神牛牛.开挂神... 【第一财经】“战神牛牛.开挂神器?”太坑了果然有挂您好,战神牛牛这个游戏其实有挂的,确实是有挂的,需...