OpenStack部署-12.neutron计算节点部署

作者: sysit 分类: d 发表于 2018-12-05 209人围观

neutron计算节点根据控制节点的网络插件进行安装。

## 12.1 安装配置neutron计算节点
### 12.1.1 选择linuxbridge的计算节点安装

* 安装neutron-linuxbridge

```
# 在全部计算节点安装neutron-linuxbridge服务，以compute1节点为例
[root@compute1 ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y
```

*  配置neutron.conf
```
# 在全部计算节点操作，以computer1节点为例；
# 注意“bind_host”参数，根据节点修改；
# 注意neutron.conf文件的权限：root:neutron
[root@compute1 ~]# cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@compute1 ~]# egrep -v "^$|^#" /etc/neutron/neutron.conf
[DEFAULT]
debug = False
log_dir = /var/log/neutron
use_stderr = False
bind_host = 10.29.32.11
bind_port = 9696
api_paste_config = /usr/share/neutron/api-paste.ini
api_workers = 5
metadata_workers = 5
rpc_workers = 3
rpc_state_report_workers = 3
metadata_proxy_socket = /var/lib/neutron/metadata_proxy
interface_driver = linuxbridge
allow_overlapping_ips = true
core_plugin = ml2
transport_url = rabbit://openstack:password@10.29.32.7:5672,openstack:password@10.29.32.8:5672,openstack:password@10.29.32.9:5672//
service_plugins = qos,router,port_forwarding
router_distributed = True
ipam_driver = internal
[nova]
auth_url = http://10.29.32.10:35357
auth_type = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = novapassword
endpoint_type = internal
cafile =
[oslo_middleware]
enable_proxy_headers_parsing = True
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[agent]
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
[database]
connection = mysql+pymysql://neutron:neutronpassword@10.29.32.10:3306/neutron
max_retries = -1
[keystone_authtoken]
www_authenticate_uri = http://10.29.32.10:5000
auth_url = http://10.29.32.10:35357
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutronpassword
cafile =
memcached_servers = 10.29.32.7:11211,10.29.32.8:11211,10.29.32.9:11211
[placement]
auth_type = password
auth_url = http://10.29.32.10:35357
username = placement
password = placementpassword
user_domain_name = Default
project_name = service
project_domain_name = Default
os_region_name = RegionOne
os_interface = internal
cafile =
[privsep]
helper_command = sudo neutron-rootwrap /etc/neutron/rootwrap.conf privsep-helper
```

* 配置linuxbridge_agent.ini
```
# 在全部计算节点操作，以compute1节点为例；
# linuxbridge_agent.ini文件的权限：root:neutron
[root@compute1 ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak

[root@compute1 ~]# egrep -v "^$|^#" /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[agent]
extensions = qos
[linux_bridge]
physical_interface_mappings = external:eth0
[network_log]
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = true
local_ip = 10.29.32.11
l2_population = true
```

* 配置内核参数

```
[root@compute1 ~]# modprobe br_netfilter

[root@compute1 ~]# cat >> /etc/sysctl.conf<<'EOF'
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

sysctl -p
```

### 12.1.2 选择openvswitch的计算节点安装

* 安装neutron-openvswitch

```
# 在全部计算节点安装neutron-openvswitch服务，以compute1节点为例
[root@compute1 ~]# yum install openstack-neutron openstack-neutron-openvswitch openstack-neutron-ml2 -y
```

*  配置neutron.conf
```
# 在全部计算节点操作，以computer1节点为例；
# 注意“bind_host”参数，根据节点修改；
# 注意neutron.conf文件的权限：root:neutron
[root@compute1 ~]# cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@compute1 ~]# egrep -v "^$|^#" /etc/neutron/neutron.conf
[DEFAULT]
debug = False
log_dir = /var/log/neutron
use_stderr = False
bind_host = 10.29.32.11
bind_port = 9696
api_paste_config = /usr/share/neutron/api-paste.ini
api_workers = 4
metadata_workers = 4
rpc_workers = 3
rpc_state_report_workers = 3
metadata_proxy_socket = /var/lib/neutron/metadata_proxy
interface_driver = openvswitch
allow_overlapping_ips = true
core_plugin = ml2
service_plugins = qos,router,port_forwarding
dhcp_agents_per_network = 2
l3_ha = true
max_l3_agents_per_router = 3
transport_url = rabbit://openstack:password@10.29.32.7:5672,openstack:password@10.29.32.8:5672,openstack:password@10.29.32.9:5672//
router_distributed = True
dns_domain = cloud.bbdops.com
[nova]
auth_url = http://10.29.32.10:5000
auth_type = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = novapassword
endpoint_type = internal
cafile =
[oslo_middleware]
enable_proxy_headers_parsing = True
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[agent]
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
[database]
connection = mysql+pymysql://neutron:neutronpassword@10.29.32.10:3306/neutron
max_retries = -1
[keystone_authtoken]
www_authenticate_uri = http://10.29.32.10:5000
auth_url = http://10.29.32.10:5000
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutronpassword
cafile =
memcache_security_strategy = ENCRYPT
memcache_secret_key = VAn1VkFjNTdLzIyrWKXSGk4VTcsxx7Mr4rZssLa3
memcached_servers = 10.29.32.7:11211,10.29.32.8:11211,10.29.32.9:11211
[placement]
auth_type = password
auth_url = http://10.29.32.10:5000
username = placement
password = placementpassword
user_domain_name = Default
project_name = service
project_domain_name = Default
os_region_name = RegionOne
os_interface = internal
cafile =
[privsep]
helper_command = sudo neutron-rootwrap /etc/neutron/rootwrap.conf privsep-helper
```

* 配置openvswitch_agent.ini
```
# 在全部计算节点操作，以compute1节点为例；
# linuxbridge_agent.ini文件的权限：root:neutron
[root@compute1 ~]# cp /etc/neutron/plugins/ml2/openvswitch_agent.ini /etc/neutron/plugins/ml2/openvswitch_agent.ini.bak

[root@compute1 ~]# egrep -v "^$|^#" /etc/neutron/plugins/ml2/openvswitch_agent.ini
[agent]
tunnel_types = vxlan
l2_population = true
arp_responder = true
enable_distributed_routing = True
extensions = qos
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs]
bridge_mappings = external:br-ex
datapath_type = system
ovsdb_connection = tcp:127.0.0.1:6640
local_ip = 172.17.32.11
```
> local_ip是作为vxlan的网络的ip，前述部署图未显示IP

* 创建网卡

```
# 在全部计算节点操作，以compute1节点为例；
[root@compute1 ~]# systemctl enable openvswitch
[root@compute1 ~]# systemctl start openvswitch
[root@compute1 ~]# ovs-vsctl add-br br-ex
[root@compute1 ~]# ovs-vsctl add-port br-ex eth0
[root@compute1 ~]# ovs-vsctl show
```

* 网卡（可选）

```
# CentOS8 替换NetworkManager为network-scripts
sudo dnf -y install network-scripts
sudo systemctl enable network
sudo systemctl disable NetworkManager

#可选，其他业务需要复用外网网卡时可配置，否则默认服务器此网卡不通
[root@compute1 ~]# cd /etc/sysconfig/network-scripts/
[root@compute1 network-scripts]# cp ifcfg-eth0 ifcfg-br-ex
[root@compute1 network-scripts]# cat ifcfg-eth0
DEVICE=eth0
TYPE=OVSPort
DEVICETYPE=ovs
NAME=eth0
OVS_BRIDGE=br-ex
ONBOOT=yes
[root@compute1 network-scripts]# cat ifcfg-br-ex 
DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=no
IPADDR=192.168.81.129
NETMASK=255.255.255.0
GATEWAY=192.168.81.1
ONBOOT=yes
[root@compute network-scripts]# systemctl restart network
```

* 配置内核参数

```
[root@compute1 ~]# modprobe br_netfilter

[root@compute1 ~]# cat >> /etc/sysctl.conf<<'EOF'
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

sysctl -p
```

* 配置l3，实现分布式

```
# 在全部计算节点操作，以compute1节点为例；
# l3_agent.ini文件的权限：root:neutron
[root@compute1 ~]# cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak
[root@compute1 ~]# egrep -v "^$|^#"  /etc/neutron/l3_agent.ini
[DEFAULT]
agent_mode = dvr
ha_vrrp_health_check_interval = 5
[agent]
extensions = qos,port_forwarding
[ovs]
ovsdb_connection = tcp:127.0.0.1:6640
```

* metadata agent配置（可选，实际控制节点的metadata足够）

```
# 在全部计算节点操作，以compute1节点为例；
# metadata_proxy_shared_secret：与/etc/nova/nova.conf文件中参数一致；
# metadata_agent.ini文件的权限：root:neutron
[root@compute1 ~]# cp /etc/neutron/metadata_agent.ini  /etc/neutron/metadata_agent.ini.bak
[root@compute1 ~]# egrep -v "^$|^#"  /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = 10.29.32.10
metadata_proxy_shared_secret = METADATA_SECRET
nova_metadata_port = 8775
nova_metadata_protocol = http
[agent]
[cache]
```

## 12.2 compute network配置

```
# 在全部计算节点操作，以compute1节点为例；
# 配置只涉及nova.conf的“[neutron]”字段
[root@compute1 ~]#vi /etc/nova/nova.conf
[neutron]
url = http://10.29.32.10:9696
auth_url = http://10.29.32.10:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutronpassword
```

## 12.3 启动服务
```
# nova.conf文件已变更，首先需要重启全部计算节点的nova服务
[root@compute1 ~]# systemctl restart openstack-nova-compute.service

# neutron-linuxbridge-agent
# 启动
[root@compute1 ~]# systemctl enable neutron-linuxbridge-agent.service
[root@compute1 ~]# systemctl restart neutron-linuxbridge-agent.service

[root@compute1 ~]# systemctl enable neutron-l3-agent.service
[root@compute1 ~]# systemctl start neutron-l3-agent.service

[root@compute1 ~]# systemctl enable neutron-metadata-agent.service
[root@compute1 ~]# systemctl start neutron-metadata-agent.service

# neutron-openvswitch-agent
# 启动
[root@compute1 ~]# systemctl enable neutron-openvswitch-agent.service
[root@compute1 ~]# systemctl restart neutron-openvswitch-agent.service

[root@compute1 ~]# systemctl enable neutron-l3-agent.service
[root@compute1 ~]# systemctl start neutron-l3-agent.service

[root@compute1 ~]# systemctl enable neutron-metadata-agent.service
[root@compute1 ~]# systemctl start neutron-metadata-agent.service
```

## 12.4 验证
```
# 任意控制节点（或具备客户端的节点）操作
[root@controller1 ~]# . admin-openrc

如果觉得我的文章对您有用，请随意赞赏。您的支持将鼓励我继续创作！