1、控制节点

1.1、数据库配置

mysql -uroot -p123456
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';

1.2、创建项目

openstack user create --domain default --password neutron neutron
 openstack role add --project service --user neutron admin
 openstack service create --name neutron --description "OpenStack Networking" network
 openstack endpoint create --region RegionOne network public http://controller:9696
 openstack endpoint create --region RegionOne network internal http://controller:9696
 openstack endpoint create --region RegionOne network admin http://controller:9696

1.3、网络配置

1.3.1、网络选项1：提供商网络

1.3.1.1、安装组件

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
sed -ri '/^[ \t]*(#|$)/d' /etc/neutron/neutron.conf

vim /etc/neutron/neutron.conf

[database]
# ...
connection = mysql+pymysql://neutron:neutron@controller/neutron
[DEFAULT]
# ...
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:openstack@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

1.3.1.2、配置模块化第 2 层 （ML2） 插件

cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
sed -ri '/^[ \t]*(#|$)/d' /etc/neutron/plugins/ml2/ml2_conf.ini

vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
# ...
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
# ...
flat_networks = provider
[securitygroup]
# ...
enable_ipset = true

1.3.1.3、配置 Linux 网桥代理

cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
sed  -ri '/^[ \t]*(#|$)/d' /etc/neutron/plugins/ml2/linuxbridge_agent.ini

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:ens192
[vxlan]
enable_vxlan = false
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

1.3.1.4、确保 Linux 操作系统内核支持网桥筛选器

#把值配置为1
sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables
#如果没有这个文件，要启用网络网桥支持
modprobe br_netfilter
vim  /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables =1
net.net.bridge.bridge-nf-call-ip6tables =1 
sysctl -p

1.3.1.5、配置 DHCP 代理

cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak
sed  -ri '/^[ \t]*(#|$)/d' /etc/neutron/dhcp_agent.ini
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True

1.3.2、网络选项2：自助网络

1.3.2.1、安装组件

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
sed -ri '/^[ \t]*(#|$)/d' /etc/neutron/neutron.conf

vim /etc/neutron/neutron.conf

[database]
# ...
connection = mysql+pymysql://neutron:neutron@controller/neutron
[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:openstack@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

1.3.2.2、配置模块化第 2 层 （ML2） 插件

cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
sed -ri '/^[ \t]*(#|$)/d' /etc/neutron/plugins/ml2/ml2_conf.ini

vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
# ...
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
# ...
flat_networks = provider
[ml2_type_vxlan]
# ...
vni_ranges = 1:1000
[securitygroup]
# ...
enable_ipset = true

1.3.2.3、配置 Linux 网桥代理

cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
sed  -ri '/^[ \t]*(#|$)/d' /etc/neutron/plugins/ml2/linuxbridge_agent.ini

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

1.3.2.4、确保 Linux 操作系统内核支持网桥筛选器

#把值配置为1
sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables
#如果没有这个文件，要启用网络网桥支持
modprobe br_netfilter
vim  /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables =1
net.net.bridge.bridge-nf-call-ip6tables =1 
sysctl -p

1.3.2.5、配置第三层代理

[DEFAULT]
# ...
interface_driver = linuxbridge

1.3.2.6、配置 DHCP 代理

cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak
sed  -ri '/^[ \t]*(#|$)/d' /etc/neutron/dhcp_agent.ini
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True

1.4、配置元数据代理

cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak
 sed  -ri '/^[ \t]*(#|$)/d'  /etc/neutron/metadata_agent.ini
vim /etc/neutron/metadata_agent.ini
[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET

1.5、将计算服务配置为使用网络服务

vim /etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET

1.6、完成安装

1.6.1、服务初始化脚本需要一个指向 ML2 插件配置文件的符号链接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

1.6.2、同步数据库

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

1.6.3、启动

1.6.3.1、网络选项1：提供商网络

systemctl restart openstack-nova-api.service && systemctl status openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service  
systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

1.6.3.1、网络选项2：自助网络

systemctl restart openstack-nova-api.service && systemctl status openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service  
systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
#网络选项 2，还启用和启动第 3 层服务
systemctl enable neutron-l3-agent.service
systemctl restart neutron-l3-agent.service
systemctl status neutron-l3-agent.service

2、计算节点

2.1、安装

yum install openstack-neutron-linuxbridge ebtables ipset -y
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
 sed  -ri '/^[ \t]*(#|$)/d' /etc/neutron/neutron.conf
vim /etc/neutron/neutron.conf
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@controller
auth_strategy = keystone
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

2.2、网络配置

2.2.1、网络选项1：提供商网络

2.2.1.1、安装组件、配置网桥代理

cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
sed  -ri '/^[ \t]*(#|$)/d' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[vxlan]
enable_vxlan = false
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

2.2.1.2、确保 Linux 操作系统内核支持网桥筛选器：

#把值配置为1
sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables
#如果没有这个文件，要启用网络网桥支持
modprobe br_netfilter
vim  /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables =1
net.net.bridge.bridge-nf-call-ip6tables =1 
sysctl -p

2.2.2、网络选项2：自助网络

2.2.2.1、安装组件、配置网桥代理

cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
sed  -ri '/^[ \t]*(#|$)/d' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

2.2.2.2、确保 Linux 操作系统内核支持网桥筛选器：

#把值配置为1
sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables
#如果没有这个文件，要启用网络网桥支持
modprobe br_netfilter
vim  /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables =1
net.net.bridge.bridge-nf-call-ip6tables =1 
sysctl -p

2.3、将计算服务配置为使用网络服务

vim /etc/nova/nova.conf
[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron

2.4、启动

systemctl restart openstack-nova-compute.service 
systemctl status openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service 
systemctl restart neutron-linuxbridge-agent.service 
systemctl status neutron-linuxbridge-agent.service

3、验证

openstack extension list --network
openstack network agent list