目錄

1.在控制節(jié)點登錄數(shù)據(jù)庫配置

2.要創(chuàng)建服務(wù)證書，完成這些步驟

3.創(chuàng)建網(wǎng)絡(luò)服務(wù)API端點：

4.安裝網(wǎng)絡(luò)組件

5.配置neutron組件

6.配置 Modular Layer 2 (ML2) 插件

7.配置Linuxbridge代理

8.配置DHCP代理

9.配置元數(shù)據(jù)代理

10.編輯``/etc/nova/nova.conf``文件并完成以下操作

11.安裝完成

12.然后再計算節(jié)點

13.配置Linuxbridge代理

14.為計算節(jié)點配置網(wǎng)絡(luò)服務(wù)

14.完成安裝

15.驗證

• neutron是openstack核心項目之一，提供云計算環(huán)境下的虛擬網(wǎng)絡(luò)功能
• OpenStack網(wǎng)絡(luò)（neutron）管理OpenStack環(huán)境中所有虛擬網(wǎng)絡(luò)基礎(chǔ)設(shè)施（VNI），物理網(wǎng)絡(luò)基礎(chǔ)設(shè)施（PNI）的接入層。

1.在控制節(jié)點登錄數(shù)據(jù)庫配置

• 用數(shù)據(jù)庫連接客戶端以?root?用戶連接到數(shù)據(jù)庫服務(wù)器：

[root@controller ~]# mysql -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 18
Server version: 10.3.20-MariaDB MariaDB ServerCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> 

• 創(chuàng)建``neutron`` 數(shù)據(jù)庫：

MariaDB [(none)]> CREATE DATABASE neutron;

• 對``neutron`` 數(shù)據(jù)庫授予合適的訪問權(quán)限，使用合適的密碼替換``NEUTRON_DBPASS``：

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \IDENTIFIED BY '123';

• 退出數(shù)據(jù)庫客戶端。

2.要創(chuàng)建服務(wù)證書，完成這些步驟

• 創(chuàng)建``neutron``用戶：

openstack user create --domain default --password-prompt neutron

• 添加``admin`` 角色到``neutron`` 用戶：?

openstack role add --project service --user neutron admin

• ?創(chuàng)建``neutron``服務(wù)實體：

openstack service create --name neutron --description "OpenStack Networking" network

3.創(chuàng)建網(wǎng)絡(luò)服務(wù)API端點：

openstack endpoint create --region RegionOne  network public http://controller:9696openstack endpoint create --region RegionOne network internal http://controller:9696openstack endpoint create --region RegionOne network admin http://controller:9696

?4.安裝網(wǎng)絡(luò)組件

yum install openstack-neutron openstack-neutron-ml2  openstack-neutron-linuxbridge ebtables -y

5.配置neutron組件

• 編輯``/etc/neutron/neutron.conf`` 文件

vi /etc/neutron/neutron.conf

• 在?[database]?部分，配置數(shù)據(jù)庫訪問：

[database]
connection = mysql+pymysql://neutron:123@controller/neutron

• 在``[DEFAULT]``部分，啟用ML2插件并禁用其他插件：

[DEFAULT]
core_plugin = ml2
service_plugins =

• 在 “[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分，配置 “RabbitMQ” 消息隊列的連接：

[DEFAULT]
transport_url = rabbit://openstack:123@controller

• 在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分，配置認(rèn)證服務(wù)訪問：

[DEFAULT]
auth_strategy = keystone[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

• 在``[DEFAULT]``和``[nova]``部分，配置網(wǎng)絡(luò)服務(wù)來通知計算節(jié)點的網(wǎng)絡(luò)拓?fù)渥兓?#xff1a;

[DEFAULT]
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova

• 在?[oslo_concurrency]?部分，配置鎖路徑：

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

?6.配置 Modular Layer 2 (ML2) 插件

• 編輯``/etc/neutron/plugins/ml2/ml2_conf.ini``文件并完成以下操作：

vi /etc/neutron/plugins/ml2/ml2_conf.ini

• 刪除里面所有的內(nèi)容添加下面內(nèi)容，然后進(jìn)行修改

[DEFAULT]#
# From oslo.log
## If set to true, the logging level will be set to DEBUG instead of the default
# INFO level. (boolean value)
# Note: This option can be changed without restarting.
#debug = false# DEPRECATED: If set to false, the logging level will be set to WARNING instead
# of the default INFO level. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#verbose = true# The name of a logging configuration file. This file is appended to any
# existing logging configuration files. For details about logging configuration
# files, see the Python logging module documentation. Note that when logging
# configuration files are used then all logging configuration is set in the
# configuration file and other logging configuration options are ignored (for
# example, logging_context_format_string). (string value)
# Note: This option can be changed without restarting.
# Deprecated group/name - [DEFAULT]/log_config
#log_config_append = <None># Defines the format string for %%(asctime)s in log records. Default:
# %(default)s . This option is ignored if log_config_append is set. (string
# value)
#log_date_format = %Y-%m-%d %H:%M:%S# (Optional) Name of log file to send logging output to. If no default is set,
# logging will go to stderr as defined by use_stderr. This option is ignored if
# log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logfile
#log_file = <None># (Optional) The base directory used for relative log_file  paths. This option
# is ignored if log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logdir
#log_dir = <None># Uses logging handler designed to watch file system. When log file is moved or
# removed this handler will open a new log file with specified path
# instantaneously. It makes sense only if log_file option is specified and
# Linux platform is used. This option is ignored if log_config_append is set.
# (boolean value)
#watch_log_file = false# Use syslog for logging. Existing syslog format is DEPRECATED and will be
# changed later to honor RFC5424. This option is ignored if log_config_append
# is set. (boolean value)
#use_syslog = false# Syslog facility to receive log lines. This option is ignored if
# log_config_append is set. (string value)
#syslog_log_facility = LOG_USER# Log output to standard error. This option is ignored if log_config_append is
# set. (boolean value)
#use_stderr = true# Format string to use for log messages with context. (string value)
#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s# Format string to use for log messages when context is undefined. (string
# value)
#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s# Additional data to append to log message when logging level for the message
# is DEBUG. (string value)
#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d# Prefix each line of exception output with this format. (string value)
#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s# Defines the format string for %(user_identity)s that is used in
# logging_context_format_string. (string value)
#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s# List of package logging levels in logger=LEVEL pairs. This option is ignored
# if log_config_append is set. (list value)
#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO# Enables or disables publication of error events. (boolean value)
#publish_errors = false# The format for an instance that is passed with the log message. (string
# value)
#instance_format = "[instance: %(uuid)s] "# The format for an instance UUID that is passed with the log message. (string
# value)
#instance_uuid_format = "[instance: %(uuid)s] "# Enables or disables fatal status of deprecations. (boolean value)
#fatal_deprecations = false[ml2]#
# From neutron.ml2
## List of network type driver entrypoints to be loaded from the
# neutron.ml2.type_drivers namespace. (list value)
#type_drivers = local,flat,vlan,gre,vxlan,geneve# Ordered list of network_types to allocate as tenant networks. The default
# value 'local' is useful for single-box testing but provides no connectivity
# between hosts. (list value)
#tenant_network_types = local# An ordered list of networking mechanism driver entrypoints to be loaded from
# the neutron.ml2.mechanism_drivers namespace. (list value)
#mechanism_drivers =# An ordered list of extension driver entrypoints to be loaded from the
# neutron.ml2.extension_drivers namespace. For example: extension_drivers =
# port_security,qos (list value)
#extension_drivers =# Maximum size of an IP packet (MTU) that can traverse the underlying physical
# network infrastructure without fragmentation when using an overlay/tunnel
# protocol. This option allows specifying a physical network MTU value that
# differs from the default global_physnet_mtu value. (integer value)
#path_mtu = 0# A list of mappings of physical networks to MTU values. The format of the
# mapping is <physnet>:<mtu val>. This mapping allows specifying a physical
# network MTU value that differs from the default global_physnet_mtu value.
# (list value)
#physical_network_mtus =# Default network type for external networks when no provider attributes are
# specified. By default it is None, which means that if provider attributes are
# not specified while creating external networks then they will have the same
# type as tenant networks. Allowed values for external_network_type config
# option depend on the network type values configured in type_drivers config
# option. (string value)
#external_network_type = <None># IP version of all overlay (tunnel) network endpoints. Use a value of 4 for
# IPv4 or 6 for IPv6. (integer value)
#overlay_ip_version = 4[ml2_type_flat]#
# From neutron.ml2
## List of physical_network names with which flat networks can be created. Use
# default '*' to allow flat networks with arbitrary physical_network names. Use
# an empty list to disable flat networks. (list value)
#flat_networks = *[ml2_type_geneve]#
# From neutron.ml2
## Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of
# Geneve VNI IDs that are available for tenant network allocation (list value)
#vni_ranges =# Geneve encapsulation header size is dynamic, this value is used to calculate
# the maximum MTU for the driver. This is the sum of the sizes of the outer ETH
# + IP + UDP + GENEVE header sizes. The default size for this field is 50,
# which is the size of the Geneve header without any additional option headers.
# (integer value)
#max_header_size = 30[ml2_type_gre]#
# From neutron.ml2
## Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE
# tunnel IDs that are available for tenant network allocation (list value)
#tunnel_id_ranges =[ml2_type_vlan]#
# From neutron.ml2
## List of <physical_network>:<vlan_min>:<vlan_max> or <physical_network>
# specifying physical_network names usable for VLAN provider and tenant
# networks, as well as ranges of VLAN tags on each available for allocation to
# tenant networks. (list value)
#network_vlan_ranges =[ml2_type_vxlan]#
# From neutron.ml2
## Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of
# VXLAN VNI IDs that are available for tenant network allocation (list value)
#vni_ranges =# Multicast group for VXLAN. When configured, will enable sending all broadcast
# traffic to this multicast group. When left unconfigured, will disable
# multicast VXLAN mode. (string value)
#vxlan_group = <None>[securitygroup]#
# From neutron.ml2
## Driver for security groups firewall in the L2 agent (string value)
#firewall_driver = <None># Controls whether the neutron security group API is enabled in the server. It
# should be false when using no security groups or using the nova security
# group API. (boolean value)
#enable_security_group = true# Use ipset to speed-up the iptables based security groups. Enabling ipset
# support requires that ipset is installed on L2 agent node. (boolean value)
#enable_ipset = true

• 在``[ml2]``部分，啟用flat和VLAN網(wǎng)絡(luò)：

[ml2]
type_drivers = flat,vlan

• 在``[ml2]``部分，禁用私有網(wǎng)絡(luò)：

[ml2]
tenant_network_types =

• 在``[ml2]``部分，啟用Linuxbridge機(jī)制：

[ml2]
mechanism_drivers = linuxbridge

• 在``[ml2]`` 部分，啟用端口安全擴(kuò)展驅(qū)動：

[ml2]
extension_drivers = port_security

• 在``[ml2_type_flat]``部分，配置公共虛擬網(wǎng)絡(luò)為flat網(wǎng)絡(luò)：

[ml2_type_flat]
flat_networks = extent

• 在?``[securitygroup]``部分，啟用?ipset?增加安全組規(guī)則的高效性：

[securitygroup]
enable_ipset = true

7.?配置Linuxbridge代理

• 編輯``/etc/neutron/plugins/ml2/linuxbridge_agent.ini``文件

vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini

?刪除里面所有的內(nèi)容添加下面內(nèi)容，然后進(jìn)行修改

[DEFAULT]#
# From oslo.log
## If set to true, the logging level will be set to DEBUG instead of the default
# INFO level. (boolean value)
# Note: This option can be changed without restarting.
#debug = false# DEPRECATED: If set to false, the logging level will be set to WARNING instead
# of the default INFO level. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#verbose = true# The name of a logging configuration file. This file is appended to any
# existing logging configuration files. For details about logging configuration
# files, see the Python logging module documentation. Note that when logging
# configuration files are used then all logging configuration is set in the
# configuration file and other logging configuration options are ignored (for
# example, logging_context_format_string). (string value)
# Note: This option can be changed without restarting.
# Deprecated group/name - [DEFAULT]/log_config
#log_config_append = <None># Defines the format string for %%(asctime)s in log records. Default:
# %(default)s . This option is ignored if log_config_append is set. (string
# value)
#log_date_format = %Y-%m-%d %H:%M:%S# (Optional) Name of log file to send logging output to. If no default is set,
# logging will go to stderr as defined by use_stderr. This option is ignored if
# log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logfile
#log_file = <None># (Optional) The base directory used for relative log_file  paths. This option
# is ignored if log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logdir
#log_dir = <None># Uses logging handler designed to watch file system. When log file is moved or
# removed this handler will open a new log file with specified path
# instantaneously. It makes sense only if log_file option is specified and
# Linux platform is used. This option is ignored if log_config_append is set.
# (boolean value)
#watch_log_file = false# Use syslog for logging. Existing syslog format is DEPRECATED and will be
# changed later to honor RFC5424. This option is ignored if log_config_append
# is set. (boolean value)
#use_syslog = false# Syslog facility to receive log lines. This option is ignored if
# log_config_append is set. (string value)
#syslog_log_facility = LOG_USER# Log output to standard error. This option is ignored if log_config_append is
# set. (boolean value)
#use_stderr = true# Format string to use for log messages with context. (string value)
#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s# Format string to use for log messages when context is undefined. (string
# value)
#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s# Additional data to append to log message when logging level for the message
# is DEBUG. (string value)
#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d# Prefix each line of exception output with this format. (string value)
#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s# Defines the format string for %(user_identity)s that is used in
# logging_context_format_string. (string value)
#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s# List of package logging levels in logger=LEVEL pairs. This option is ignored
# if log_config_append is set. (list value)
#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO# Enables or disables publication of error events. (boolean value)
#publish_errors = false# The format for an instance that is passed with the log message. (string
# value)
#instance_format = "[instance: %(uuid)s] "# The format for an instance UUID that is passed with the log message. (string
# value)
#instance_uuid_format = "[instance: %(uuid)s] "# Enables or disables fatal status of deprecations. (boolean value)
#fatal_deprecations = false[agent]#
# From neutron.ml2.linuxbridge.agent
## The number of seconds the agent will wait between polling for local device
# changes. (integer value)
#polling_interval = 2# Set new timeout in seconds for new rpc calls after agent receives SIGTERM. If
# value is set to 0, rpc timeout won't be changed (integer value)
#quitting_rpc_timeout = 10# DEPRECATED: Enable suppression of ARP responses that don't match an IP
# address that belongs to the port from which they originate. Note: This
# prevents the VMs attached to this agent from spoofing, it doesn't protect
# them from other devices which have the capability to spoof (e.g. bare metal
# or VMs attached to agents without this flag set to True). Spoofing rules will
# not be added to any ports that have port security disabled. For LinuxBridge,
# this requires ebtables. For OVS, it requires a version that supports matching
# ARP headers. This option will be removed in Ocata so the only way to disable
# protection will be via the port security extension. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#prevent_arp_spoofing = true# Extensions list to use (list value)
#extensions =[linux_bridge]#
# From neutron.ml2.linuxbridge.agent
## Comma-separated list of <physical_network>:<physical_interface> tuples
# mapping physical network names to the agent's node-specific physical network
# interfaces to be used for flat and VLAN networks. All physical networks
# listed in network_vlan_ranges on the server should have mappings to
# appropriate interfaces on each agent. (list value)
#physical_interface_mappings =# List of <physical_network>:<physical_bridge> (list value)
#bridge_mappings =[securitygroup]#
# From neutron.ml2.linuxbridge.agent
## Driver for security groups firewall in the L2 agent (string value)
#firewall_driver = <None># Controls whether the neutron security group API is enabled in the server. It
# should be false when using no security groups or using the nova security
# group API. (boolean value)
#enable_security_group = true# Use ipset to speed-up the iptables based security groups. Enabling ipset
# support requires that ipset is installed on L2 agent node. (boolean value)
#enable_ipset = true[vxlan]#
# From neutron.ml2.linuxbridge.agent
## Enable VXLAN on the agent. Can be enabled when agent is managed by ml2 plugin
# using linuxbridge mechanism driver (boolean value)
#enable_vxlan = true# TTL for vxlan interface protocol packets. (integer value)
#ttl = <None># TOS for vxlan interface protocol packets. (integer value)
#tos = <None># Multicast group(s) for vxlan interface. A range of group addresses may be
# specified by using CIDR notation. Specifying a range allows different VNIs to
# use different group addresses, reducing or eliminating spurious broadcast
# traffic to the tunnel endpoints. To reserve a unique group for each possible
# (24-bit) VNI, use a /8 such as 239.0.0.0/8. This setting must be the same on
# all the agents. (string value)
#vxlan_group = 224.0.0.1# IP address of local overlay (tunnel) network endpoint. Use either an IPv4 or
# IPv6 address that resides on one of the host network interfaces. The IP
# version of this value must match the value of the 'overlay_ip_version' option
# in the ML2 plug-in configuration file on the neutron server node(s). (IP
# address value)
#local_ip = <None># Extension to use alongside ml2 plugin's l2population mechanism driver. It
# enables the plugin to populate VXLAN forwarding table. (boolean value)
#l2_population = false# Enable local ARP responder which provides local responses instead of
# performing ARP broadcast into the overlay. Enabling local ARP responder is
# not fully compatible with the allowed-address-pairs extension. (boolean
# value)
#arp_responder = false

• 在``[linux_bridge]``部分，將公共虛擬網(wǎng)絡(luò)和公共物理網(wǎng)絡(luò)接口對應(yīng)起來：

[linux_bridge]
physical_interface_mappings = extent:ens33

• 在``[vxlan]``部分，禁止VXLAN覆蓋網(wǎng)絡(luò)：

[vxlan]
enable_vxlan = false

• 在?``[securitygroup]``部分，啟用安全組并配置 Linuxbridge?iptables?firewall driver:

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

• 通過驗證以下所有sysct1值都設(shè)置為，確保您的 Linux 操作系統(tǒng)內(nèi)核支持網(wǎng)橋過濾器1，修改文件?

#vi /etc/sysctl.confnet.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

• 修改完，執(zhí)行?

modprobe br_netfilter

8.配置DHCP代理

• 編輯``/etc/neutron/dhcp_agent.ini``文件并完成下面的操作：

[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

9.配置元數(shù)據(jù)代理

• 編輯``/etc/neutron/metadata_agent.ini``文件并完成以下操作：
• 在``[DEFAULT]`` 部分，配置元數(shù)據(jù)主機(jī)以及共享密碼：

[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = hao123

10. 編輯``/etc/nova/nova.conf``文件并完成以下操作

[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutronservice_metadata_proxy = True
metadata_proxy_shared_secret = hao123

11.安裝完成

• 網(wǎng)絡(luò)服務(wù)初始化腳本需要一個超鏈接?/etc/neutron/plugin.ini``指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini``。如果超鏈接不存在，使用下面的命令創(chuàng)建它：

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

• ?同步數(shù)據(jù)庫：

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

• ?重啟計算API 服務(wù)：

systemctl restart openstack-nova-api.service

• 當(dāng)系統(tǒng)啟動時，啟動 Networking 服務(wù)并配置它啟動。

systemctl enable neutron-server.service \neutron-linuxbridge-agent.service neutron-dhcp-agent.service \neutron-metadata-agent.service
systemctl start neutron-server.service \neutron-linuxbridge-agent.service neutron-dhcp-agent.service \neutron-metadata-agent.service

?12.然后再計算節(jié)點

• 安裝neutron組件

yum install openstack-neutron-linuxbridge ebtables ipset

• 編輯``/etc/neutron/neutron.conf`` 文件并完成如下操作：

[DEFAULT]
transport_url = rabbit://openstack:123@controller

• ?在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分，配置認(rèn)證服務(wù)訪問：

[DEFAULT]
auth_strategy = keystone[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

• ?在?[oslo_concurrency]?部分，配置鎖路徑：

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

13.配置Linuxbridge代理

• 編輯``/etc/neutron/plugins/ml2/linuxbridge_agent.ini``文件并且完成以下操作：?

[linux_bridge]
physical_interface_mappings = extnet:ens33

• ?在``[vxlan]``部分，禁止VXLAN覆蓋網(wǎng)絡(luò)：

[vxlan]
enable_vxlan = false

• 在?``[securitygroup]``部分，啟用安全組并配置 Linuxbridge?iptables?firewall driver:

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

• ?修改/etc/sysctl.conf文件

net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

14.為計算節(jié)點配置網(wǎng)絡(luò)服務(wù)

• 編輯``/etc/nova/nova.conf``文件并完成下面的操作：?

[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron

14.完成安裝

• 重啟計算服務(wù)：

systemctl restart openstack-nova-compute.service

• 啟動Linuxbridge代理并配置它開機(jī)自啟動：

systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service

15.驗證

openstack extension list --network

neutron部署完成?

• Neutron網(wǎng)絡(luò)結(jié)構(gòu)圖，管理員創(chuàng)建和管理Neutron外部網(wǎng)絡(luò)，是租戶虛擬機(jī)與互聯(lián)網(wǎng)信息交互的橋梁。更具體的，外部網(wǎng)絡(luò)會分出一個子網(wǎng)，它是一組在互聯(lián)網(wǎng)上可尋址的IP地址。一般情況下，外部網(wǎng)絡(luò)只有一個（neutron是支持多個外部網(wǎng)絡(luò)的），且由管理員創(chuàng)建。租戶虛擬機(jī)創(chuàng)建和管理租戶網(wǎng)絡(luò)，每個網(wǎng)絡(luò)可以根據(jù)需要劃分成多個子網(wǎng)。諸多子網(wǎng)通過路由器與Neutron外部網(wǎng)絡(luò)(圖中具體是子網(wǎng)A)連接。路由器的gateway網(wǎng)關(guān)端連接外部網(wǎng)絡(luò)的子網(wǎng)，interfaces接口端有多個，連接租戶網(wǎng)絡(luò)的子網(wǎng)。路由器及interface接口端連接的網(wǎng)絡(luò)都是由租戶根據(jù)需要自助創(chuàng)建，管理者只創(chuàng)建和管理Neutron外部網(wǎng)絡(luò)部分。

總結(jié)來看，創(chuàng)建一個Neutron網(wǎng)絡(luò)的過程如下：

? ? ? ?1 、首先管理員拿到一組可以在互聯(lián)網(wǎng)上尋址的IP地址，并且創(chuàng)建一個外部網(wǎng)絡(luò)和子網(wǎng)

? ? ? ?2、 租戶創(chuàng)建一個網(wǎng)絡(luò)和子網(wǎng)

? ? ? ?3、 租戶創(chuàng)建一個路由器并且連接租戶子網(wǎng)和外部網(wǎng)絡(luò)

? ? ? ?4、 租戶創(chuàng)建虛擬機(jī)

OpenStack簡介 | 常見的基礎(chǔ)組件

OpenStack云平臺搭建(1) | 基礎(chǔ)環(huán)境準(zhǔn)備

OpenStack云平臺搭建(2) | 安裝Keystone

OpenStack云平臺搭建(3) | 部署Glance

OpenStack云平臺搭建(4) | 部署Placement

OpenStack云平臺搭建(5) | 部署Nova