照著官網來安裝openstack pike之neutron安裝

neutron元件安裝分為控制節點和計算節點，還是先從控制節點安裝

1、前提條件，資料庫為nova建立庫和賬戶密碼來連線資料庫

# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';

 2、向keystone驗明身份

# source admin-openrc

 3、建立neutron使用者：

# openstack user create --domain default --password-prompt neutron
    設定密碼：neutron

將admin角色新增到neutron使用者上：

# openstack role add --project service --user neutron admin

建立neutron服務實體：

# openstack service create --name neutron --description "OpenStack Networking" network

建立網路服務API endpoints：

# openstack endpoint create --region RegionOne network public http://192.168.101.10:9696
# openstack endpoint create --region RegionOne network internal http://192.168.101.10:9696
# openstack endpoint create --region RegionOne network admin http://192.168.101.10:9696

配置網路選項：

　　有兩種網路選項：

　　1、provider (external) networks（供應商網路）

　　2、self-service networks（私有自助網路）

這裡以provider networks作為示例演示，以後會推出第二種網路模式

開始進行安裝網路元件：

# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

然後進行配置資料庫、認證、訊息佇列等資訊：編輯配置檔案/etc/neutron/neutron.conf

[database]
connection = mysql+pymysql://neutron:neutron@192.168.101.10/neutron

[DEFAULT]
core_plugin = ml2
service_plugins =      
transport_url = rabbit://openstack:openstack@192.168.101.10  
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
    啟用ml2外掛並disable additional plug-ins


[keystone_authtoken]
auth_uri = http://192.168.101.10:5000
auth_url = http://192.168.101.10:35357
memcached_servers = 192.168.101.10:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron


[nova]
auth_url = http://192.168.101.10:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

配置模組layer2 外掛資訊：修改配置檔案/etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan
tenant_network_types =            取消self-service networks
mechanism_drivers = linuxbridge      啟用Linux bridge mechanism
extension_drivers = port_security     啟用the port security extension driver


[ml2_type_flat]
flat_networks = provider

[securitygroup]
enable_ipset = true

配置Linux橋接agent：修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
    Replace PROVIDER_INTERFACE_NAME with the name of the underlying provider physical network interface（底層提供商物理網路介面的名稱也就是ens33）
node1的底層物理網路卡裝置為ens33，所以這裡設定為這個


[vxlan]
enable_vxlan = false

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置dhcp agent：修改/etc/neutron/dhcp_agent.ini

[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

上面總共修改了下面四種配置檔案：

# vim /etc/neutron/neutron.conf
# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
# vim /etc/neutron/dhcp_agent.ini

配置完了網路服務後，然後開啟配置metadata agent：

修改配置檔案：/etc/neutron/metadata_agent.ini

[DEFAULT]
nova_metadata_ip = 192.168.101.10
metadata_proxy_shared_secret = METADATA_SECRET
    （使用neutron或者matadata或者其他都可以，保持和下面一直，這是自定義的金鑰），這裡採用neutron，Replace METADATA_SECRET with a suitable secret for the metadata proxy.

配置計算服務能夠使用網路服務：修改/etc/nova/nova.conf

[neutron]
url = http://192.168.101.10:9696
auth_url = http://192.168.101.10:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET（使用neutron或者matadata都可以，保持和上面一直），由於上面設定的neutron，這裡也是neutron

進行連結：

# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

向資料庫填充資料：

# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

Restart the Compute API service:

# systemctl restart openstack-nova-api.service

開啟網路服務：

# systemctl enable neutron-server.service  neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

 

2、在計算節點上安裝網路服務：

1、安裝元件：

# yum install openstack-neutron-linuxbridge ebtables ipset

2、配置通用元件：修改/etc/neutron/neutron.conf

[DEFAULT]
transport_url = rabbit://openstack:openstack@192.168.101.10
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://192.168.101.10:5000
auth_url = http://192.168.101.10:35357
memcached_servers = 192.168.101.10:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

和控制節點一樣，配置網路服務（兩種網路服務選擇其中一個，以provider networks為例）

3、配置provider networks

配置橋接agent：修改檔案/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
    Replace PROVIDER_INTERFACE_NAME with the name of the underlying provider physical network interface.（底層提供商物理網路介面的名稱也就是ens33）node2的底層物理網路卡裝置為ens33，所以這裡設定為這個

在[vxlan]配置如下：

[vxlan]
enable_vxlan = false

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

4、配置計算服務去使用網路服務：/etc/nova/nova.conf

[neutron]
url = http://192.168.101.10:9696
auth_url = http://192.168.101.10:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron

然後重啟計算服務：

# systemctl restart openstack-nova-compute.service

開啟bridge agent：

# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service

以上操作完成後，網路服務neutron就安裝完成了

 

校驗neutron的安裝：在控制節點上執行

# source admin-openrc
    List loaded extensions to verify successful launch of the neutron-server process:

# openstack extension list --network

針對網路：provider networks的校驗：

　　List agents to verify successful launch of the neutron agents:

# openstack network agent list

至此neutron基於provider networks這樣的網路服務就搭建成功了

 

安裝neutron修改了哪些配置檔案：

控制節點：

/etc/neutron/neutron.conf
/etc/neutron/plugins/ml2/ml2_conf.ini
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
/etc/neutron/dhcp_agent.ini
/etc/neutron/metadata_agent.ini
/etc/nova/nova.conf

計算節點：

/etc/neutron/neutron.conf
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
/etc/nova/nova.conf