首页 > 其他分享 >OpenStack(Train版)-部署neutron(二)

OpenStack(Train版)-部署neutron(二)

时间:2023-09-25 23:01:50浏览次数:52  
标签:-- agent etc Train ini openstack OpenStack neutron

7.2.3、部署自助服务网络Self-service networks

7.2.3.1、部署Neutron控制节点(controller)

7.2.3.1.1、创库授权

create database neutron;

grant all privileges on neutron.* to 'neutron'@'localhost' identified by 'neutron123';

grant all privileges on neutron.* to 'neutron'@'%' identified by 'neutron123';

flush privileges;

7.2.3.1.2、创建neutron用户

openstack user create --domain default --password-prompt neutron

或者

openstack user create --domain default --password neutron123 neutron

7.2.3.1.3、添加管理员角色给neutron

openstack role add --project service --user neutron admin

7.2.3.1.4、创建neutron服务

openstack service create --name neutron --description "OpenStack Networking" network

7.2.3.1.5、给neutron服务关联endpoint(端点)

openstack endpoint create --region RegionOne network public http://controller1:9696

openstack endpoint create --region RegionOne network internal http://controller1:9696

openstack endpoint create --region RegionOne network admin http://controller1:9696

7.2.3.1.6、安装组件

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

7.2.3.1.7、修改配置文件

7.2.3.1.7.1、配置/etc/neutron/neutron.conf文件

cp -a /etc/neutron/neutron.conf{,.bak}

官网指导方案:

vim /etc/neutron/neutron.conf

[database]

connection = mysql+pymysql://neutron:neutron123@controller1/neutron


[DEFAULT]

core_plugin = ml2

service_plugins = router

allow_overlapping_ips = true

transport_url = rabbit://openstack:openstack123@controller1

auth_strategy = keystone

notify_nova_on_port_status_changes = true

notify_nova_on_port_data_changes = true


[keystone_authtoken]

www_authenticate_uri = http://controller1:5000

auth_url = http://controller1:5000

memcached_servers = controller1:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = neutron123


[nova] #neutron.conf文件中缺少此部分需要新增

auth_url = http://controller1:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = nova

password = nova123


[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

7.2.3.1.7.2、配置文件 /etc/neutron/plugins/ml2/ml2_conf.ini

cp -a /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}

官网指导方案:

vim /etc/neutron/plugins/ml2/ml2_conf.ini

# ml2_conf.ini文件中缺少此部分,以下内容全部需要新增

[ml2]

type_drivers = flat,vlan,vxlan

tenant_network_types = vxlan

mechanism_drivers = linuxbridge,l2population

extension_drivers = port_security


[ml2_type_flat]

flat_networks = provider ##这个名字可以自定义,这一步很重要下一面linuxbridge_agent.ini文件中[linux_bridge]模块也会用到这个名字,要保持一致。


[ml2_type_vxlan]

vni_ranges = 1:1000


[securitygroup]

enable_ipset = true

7.2.3.1.7.3、配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini

cp -a /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}

官网指导方案:

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

# linuxbridge_agent.ini文件中缺少此部分,一下内容全部需要新增

[linux_bridge]

physical_interface_mappings = provider:eth0


[vxlan]

enable_vxlan = true

local_ip = 192.168.56.11

l2_population = true


[securitygroup]

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

修改内核参数

vim /etc/sysctl.conf

在末尾追加

net.bridge.bridge-nf-call-iptables = 1

net.bridge.bridge-nf-call-ip6tables = 1

加载模块

modprobe br_netfilter

检查

sysctl -p


7.2.3.1.7.4、配置/etc/neutron/l3_agent.ini

cp -a /etc/neutron/l3_agent.ini{,.bak}

官网指导方案:

vim /etc/neutron/l3_agent.ini

[DEFAULT]

interface_driver = linuxbridge

7.2.3.1.7.5、配置/etc/neutron/dhcp_agent.ini

cp -a /etc/neutron/dhcp_agent.ini{,.bak}

官网指导方案:

vim /etc/neutron/dhcp_agent.ini

[DEFAULT]

interface_driver = linuxbridge

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = true

7.2.3.1.7.6、配置元数据/etc/neutron/metadata_agent.ini

cp -a /etc/neutron/metadata_agent.ini{,.bak}

官网指导方案:

vim /etc/neutron/metadata_agent.ini

[DEFAULT]

nova_metadata_host = controller1

metadata_proxy_shared_secret = metadata123 #此密码要谨慎记录,与下一步nova.conf文件中[neutron]模块的metadata_proxy_shared_secret参数值保持一致。

7.2.3.1.7.7、配置控制节点nova.conf

cp -a /etc/nova/nova.conf{,.bak1}

vim /etc/nova/nova.conf

[neutron]

auth_url = http://controller1:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = neutron123

service_metadata_proxy = true

metadata_proxy_shared_secret = metadata123

7.2.3.1.8、配置软链接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

7.2.3.1.9、同步数据库

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

7.2.3.1.10、重启nova-api服务

systemctl restart openstack-nova-api.service

7.2.3.1.11、启动neutron服务

systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

7.2.3.1.12、启动3层服务

systemctl enable neutron-l3-agent.service

systemctl start neutron-l3-agent.service

7.2.3.2、部署Neutron计算节点(compute节点)

7.2.3.2.1、安装组件

yum install openstack-neutron-linuxbridge ebtables ipset -y

7.2.3.2.2、修改配置文件

7.2.3.2.2.1、配置/etc/neutron/neutron.conf文件

cp -a /etc/neutron/neutron.conf{,.bak}

vim /etc/neutron/neutron.conf

[DEFAULT]

transport_url = rabbit://openstack:openstack123@controller1

auth_strategy = keystone


[keystone_authtoken]

www_authenticate_uri = http://controller1:5000

auth_url = http://controller1:5000

memcached_servers = controller1:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = neutron123


[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

7.2.3.2.2.2、配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini

选择Self-service networks

cp -a /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}

官网指导方案:

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

# linuxbridge_agent.ini文件中缺少此部分,一下内容全部需要新增

[linux_bridge]

physical_interface_mappings = provider:eth0


[vxlan]

enable_vxlan = true

local_ip = 192.168.56.21

l2_population = true


[securitygroup]

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

修改内核参数

vim /etc/sysctl.conf

在末尾追加

net.bridge.bridge-nf-call-iptables = 1

net.bridge.bridge-nf-call-ip6tables = 1

加载模块

modprobe br_netfilter

检查

sysctl -p

7.2.3.2.2.3、配置计算节点nova.conf

cp -a /etc/nova/nova.conf{,.bak1}

vim /etc/nova/nova.conf

[neutron]

auth_url = http://controller1:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = neutron123

7.2.3.2.3、重启nova-compute服务

systemctl restart openstack-nova-compute.service

7.2.3.2.4、启动neutron服务

systemctl enable neutron-linuxbridge-agent.service

systemctl start neutron-linuxbridge-agent.service

7.2.3.3、验证

7.2.3.3.1、检查服务(controller)

. admin-openrc

openstack extension list --network

openstack network agent list

7.2.3.3.2、创建一个VM实例(controller)

7.2.3.3.2.1、创建网络

. demo-openrc

openstack network create selfservice

openstack network list


7.2.3.3.2.2、创建子网

openstack subnet create --network selfservice --dns-nameserver 114.114.114.114 --gateway 192.168.56.2 --subnet-range 192.168.56.0/24 selfservice

7.2.3.3.2.3、生成密钥对

生成密钥对并添加公钥

ssh-keygen -q -N "" #一直回车

openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey

验证

openstack keypair list


7.2.3.3.2.4、创建安全组并添加规则

查看project ID,创建安全组使用

openstack project list

+----------------------------------+-----------+

| ID | Name |

+----------------------------------+-----------+

| 13dd42b5879e4f6696bc0e71f897b06a | myproject |

| 3705de05550d4ec7a6b6b31d0db2b60e | service |

| 90eeaefc2d1b4594a03fb5a2637f14c6 | admin |

+----------------------------------+-----------+

创建安全组,使用myproject ID

openstack security group create test --description test --project 13dd42b5879e4f6696bc0e71f897b06a

查看安全组是否创建成功

openstack security group list

给安全组添加策略

openstack security group rule create --proto icmp test

openstack security group rule create --proto tcp --dst-port 22 test


7.2.3.3.2.5、上传镜像

将镜像上传到镜像服务器上,然后创建镜像:

. admin-openrc

glance image-create --name "cirros" \

--file cirros-0.4.0-x86_64-disk.img \

--disk-format qcow2 --container-format bare \

--visibility public


openstack image list


7.2.3.3.2.6、创建flavor(规格)

. admin-openrc

openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano

openstack flavor list

7.2.3.3.2.7、创建一个实例

. demo-openrc

openstack server create --flavor m1.nano --image cirros --nic net-id=33447e14-a173-4ddb-8d38-24e809cfdb5a --security-group test --key-name mykey vm1

--flavor可用openstack flavor list查看名称

--image 可用openstack image list查看名称

net-id可用openstack network list网络的ID

--security-group可用openstack security group list查看名称

--key-name可用openstack keypair list查看名称

查看虚拟机状态

openstack server show 6b6aa94e-56af-4b1e-8d52-1971ad309b83

或者用

nova show 6b6aa94e-56af-4b1e-8d52-1971ad309b83


openstack server list

7.2.3.3.2.8、获取虚拟机vnc

openstack console url show 0584f1ef-f600-4577-9986-dfb6dd9a2dbb

OpenStack(Train版)-部署neutron(二)_vim

#要把链接中的controller1改为controller的IP,或者在本地的hosts中添加crontroller1的域名解析。

OpenStack(Train版)-部署neutron(二)_官网_02

登录账号密码在vnc显示中:

OpenStack(Train版)-部署neutron(二)_linux_03


标签:--,agent,etc,Train,ini,openstack,OpenStack,neutron
From: https://blog.51cto.com/zhanghongxin/7600456

相关文章

  • 17.云市场: 基于OpenStack的Murano模块,开发一个云市场,允许用户发现和部署云应用程序
    基于OpenStack的Murano模块,开发一个云市场可以让用户发现、选择和部署云应用程序。Murano是OpenStack的应用程序目录和部署引擎,它可以用于创建和管理云应用程序的目录、模板和部署。以下是一个简化的示例,演示如何使用Murano来构建这样一个云市场。注意:为了构建这个示例,你需要一个......
  • UserWarning: The parameter 'pretrained' is deprecated since 0.13 and may be remo
    从torchvision0.13开始,加载预训练模型函数的参数从pretrained=True改为weights=预训练模型参数版本。且旧版本的写法将在未来的torchvision0.15版本中被Deprecated。fromtorchvisionimportmodels#旧版本的写法,将在未来的torchvision0.15版本中被Deprecatedmod......
  • IfcConstraintEnum
    IfcConstraintEnum类型定义IfcConstraintNum是用于限定约束的枚举。IFC2.0中的新枚举 EnumerationdefinitionConstantDescriptionHARDQualifiesaconstraintsuchthatitmustbefollowedrigidlywithinoratthevaluesset.SOFTQualifiesaconstraintsu......
  • IfcConstraint
    IfcConstraint实体定义IfcConstraint用于定义可应用于对象或特性值的约束或限制值或边界条件。 约束可以细分为用户定义的约束和系统定义的约束。用户定义的约束由用户应用,并且仅限于对象特性等高级定义。系统定义的约束可以应用于任何对象属性,通常由应用程序定义以强制执行......
  • CentOS 安装OpenStack Packstack 一键部署
    首先我们检查我们的系统是不是有wget wget如果出现commandnotfound 那就得安装wgetyuminstallwget-y安装wget然后行该条语句设置阿里云镜像源#使用wget命令下载wget-O/etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/Cent......
  • Ansible专栏文章之十四:Ansible管理docker和openstack
    回到:Ansible系列文章各位读者,请您:由于Ansible使用Jinja2模板,它的模板语法{%raw%}{{}}{%endraw%}和{%raw%}{%%}{%endraw%}和博客系统的模板使用的符号一样,在渲染时会产生冲突,尽管我尽我努力地花了大量时间做了调整,但无法保证已经全部都调整。因此,如果各位阅读时发......
  • OpenStack(Train版)-部署keystone(controller节点)
    三、部署keystone(controller节点)3.1.1、简介3.1.1.1、作用1.用户管理:验证用户身份信息合法性2.认证服务:提供了其余所有组件的认证信息/令牌的管理,创建,修改等等,使用MySQL作为统一的数据库。3.Keystone是Openstack用来进行身份验证(authN)及高级授权(authZ)的身份识别服务,目前支持基......
  • OpenStack(Train版)-环境准备
    1.1、基本环境准备block1主机IPcontroller1192.168.56.11compute1192.168.56.21block1192.168.56.51block2192.168.56.52Hrorizon192.168.56.61安装操作系统CentOS-7-x86_64基本系统:1VCPU+2048M内存+100G硬盘。网络选择:使用网络地址转换(NAT)。软件包选择:MinimalInstall。关闭......
  • 11.虚拟桌面基础设施: 使用OpenStack的Horizon模块,创建一个虚拟桌面基础设施,允许用户
    使用OpenStack的Horizon模块创建虚拟桌面基础设施可以让用户访问虚拟桌面环境,这通常使用VNC或其他远程桌面协议来实现。Horizon是OpenStack的Web管理界面,用于管理和监控OpenStack云资源。以下是一个简化的示例,演示如何使用Horizon来构建这样一个虚拟桌面基础设施。注意:为了构建这......
  • Training language models to follow instructions with human feedback
    郑重声明:原文参见标题,如有侵权,请联系作者,将会撤销发布!NeurIPS 2022 Abstract将语言模型做得更大并不能从本质上使它们更好地遵循用户的意图。例如,大型语言模型可能生成不真实、有害或对用户毫无帮助的输出。换句话说,这些模型与其用户不一致。在本文中,我们展示了一种通......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99