文章目录
- 网络服务概述
- 概念
- 主机网络
- 安装并配置控制节点
- 先决条件
- 完成下面的步骤以创建数据库:
- 用数据库连接客户端以 root 用户连接到数据库服务器:
- 创建 neutron 数据库:
- 对``neutron`` 数据库授予合适的访问权限,使用合适的密码替换``NEUTRON_DBPASS``
- 获得 admin 凭证来获取只有管理员能执行的命令的访问权限
- 要创建服务证书,完成这些步骤:
- 创建``neutron``用户
- 添加``admin`` 角色到``neutron`` 用户:
- 创建``neutron``服务实体:
- 创建网络服务API端点:
- 配置网络选项
- 网络选项2:私有网络
- 安装组件
- 配置服务组件
- 本节完整/etc/neutron/neutron.conf 配置文件
- 配置 Modular Layer 2 (ML2) 插件
- 本节完整/etc/neutron/plugins/ml2/ml2_conf.ini配置文件
- 配置Linuxbridge代理
- 本节完整/etc/neutron/plugins/ml2/linuxbridge_agent.ini配置文件
- 配置layer-3代理
- 配置DHCP代理
- 配置元数据代理
- 为计算节点配置网络服务
- 完成安装
- 安装和配置计算节点
- 安装组件
- 配置通用组件
- 配置网络选项
- 网络选项2:私有网络
- 配置Linuxbridge代理
- 配置计算节点使用网络服务
- 完成安装
- 校验安装
- 列出加载的扩展来验证``neutron-server``进程是否正常启动:
- 结果
- 网络选项2:私有网络
- 列出代理以验证启动 neutron 代理是否成功:
- 错误:没有列出计算节点的l3代理。
- 总结
- 错误
- 计算节点Linux bridge agent状态不对
网络服务概述
OpenStack Networking(neutron),允许创建、插入接口设备,这些设备由其他的OpenStack服务管理。插件式的实现可以容纳不同的网络设备和软件,为OpenStack架构与部署提供了灵活性。
它包含下列组件:
neutron-server
接收和路由API请求到合适的OpenStack网络插件,以达到预想的目的。
OpenStack网络插件和代理
插拔端口,创建网络和子网,以及提供IP地址,这些插件和代理依赖于供应商和技术而不同,OpenStack网络基于插件和代理为Cisco 虚拟和物理交换机、NEC OpenFlow产品,Open vSwitch,Linux bridging以及VMware NSX 产品穿线搭桥。
常见的代理L3(3层),DHCP(动态主机IP地址),以及插件代理。
消息队列
大多数的OpenStack Networking安装都会用到,用于在neutron-server和各种各样的代理进程间路由信息。也为某些特定的插件扮演数据库的角色,以存储网络状态
OpenStack网络主要和OpenStack计算交互,以提供网络连接到它的实例。
概念
OpenStack网络(neutron)管理OpenStack环境中所有虚拟网络基础设施(VNI),物理网络基础设施(PNI)的接入层。OpenStack网络允许租户创建包括像 firewall, :term:load balancer和 :term:virtual private network (VPN)等这样的高级虚拟网络拓扑。
网络服务提供网络,子网以及路由这些对象的抽象概念。每个抽象概念都有自己的功能,可以模拟对应的物理设备:网络包括子网,路由在不同的子网和网络间进行路由转发。
对于任意一个给定的网络都必须包含至少一个外部网络。不像其他的网络那样,外部网络不仅仅是一个定义的虚拟网络。相反,它代表了一种OpenStack安装之外的能从物理的,外部的网络访问的视图。外部网络上的IP地址可供外部网络上的任意的物理设备所访问
外部网络之外,任何 Networking 设置拥有一个或多个内部网络。这些软件定义的网络直接连接到虚拟机。仅仅在给定网络上的虚拟机,或那些在通过接口连接到相近路由的子网上的虚拟机,能直接访问连接到那个网络上的虚拟机。
如果外部网络想要访问实例或者相反实例想要访问外部网络,那么网络之间的路由就是必要的了。每一个路由都配有一个网关用于连接到外部网络,以及一个或多个连接到内部网络的接口。就像一个物理路由一样,子网可以访问同一个路由上其他子网中的机器,并且机器也可以访问路由的网关访问外部网络。
另外,你可以将外部网络的IP地址分配给内部网络的端口。不管什么时候一旦有连接连接到子网,那个连接被称作端口。你可以给实例的端口分配外部网络的IP地址。通过这种方式,外部网络上的实体可以访问实例.
网络服务同样支持安全组。安全组允许管理员在安全组中定义防火墙规则。一个实例可以属于一个或多个安全组,网络为这个实例配置这些安全组中的规则,阻止或者开启端口,端口范围或者通信类型。
每一个Networking使用的插件都有其自有的概念。虽然对操作VNI和OpenStack环境不是至关重要的,但理解这些概念能帮助你设置Networking。所有的Networking安装使用了一个核心插件和一个安全组插件(或仅是空操作安全组插件)。另外,防火墙即服务(FWaaS)和负载均衡即服务(LBaaS)插件是可用的。
主机网络
In the provider networks architecture, all instances attach directly to the provider network. In the self-service (private) networks architecture, instances can attach to a self-service or provider network. Self-service networks can reside entirely within OpenStack or provide some level of external network access using Network Address Translation (NAT) through the provider network.
安装并配置控制节点
先决条件
在你配置OpenStack网络(neutron)服务之前,你必须为其创建一个数据库,服务凭证和API端点。
完成下面的步骤以创建数据库:
用数据库连接客户端以 root 用户连接到数据库服务器:
$ mysql -u root -p
创建 neutron 数据库:
MariaDB [(none)] CREATE DATABASE neutron;
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| glance |
| information_schema |
| keystone |
| mysql |
| neutron |
| nova |
| nova_api |
| nova_cell0 |
| performance_schema |
| placement |
+--------------------+
10 rows in set (0.001 sec)
对neutron 数据库授予合适的访问权限,使用合适的密码替换NEUTRON_DBPASS
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
获得 admin 凭证来获取只有管理员能执行的命令的访问权限
$ . admin-openrc
要创建服务证书,完成这些步骤:
创建neutron用户
$ openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | fdb0f541e28141719b6a43c8944bf1fb |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
结果
[root@controller ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | abf26c29ee144564bd6f35df759f356d |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
添加admin 角色到neutron 用户:
$ openstack role add --project service --user neutron admin
[root@controller ~]# openstack role assignment list
+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+
| Role | User | Group | Project | Domain | System | Inherited |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+
| db335b47ae26492e9da33881087e80c6 | 0343f8c414b042efa206c056cbf765d2 | | cfd7929faa4d456ba0633f4934ed0106 | | | False |
| db335b47ae26492e9da33881087e80c6 | 1a96e4b649cb474da9506226a56ca7d6 | | cfd7929faa4d456ba0633f4934ed0106 | | | False |
| dea0722037a346b9a5dc790e39b0d017 | 62623ccda6ce4e4c82b10cd51521aad8 | | d33724f9baf9444e9622d102d9541826 | | | False |
| db335b47ae26492e9da33881087e80c6 | a24c9f7cffd740afbd1a4388fecadc34 | | cfd7929faa4d456ba0633f4934ed0106 | | | False |
| db335b47ae26492e9da33881087e80c6 | a6a881a6089843b9999b2a0a7397c5d7 | | faf1dd393fae450b8afc29ebc9d9b6d1 | | | False |
| db335b47ae26492e9da33881087e80c6 | abf26c29ee144564bd6f35df759f356d | | cfd7929faa4d456ba0633f4934ed0106 | | | False |
| db335b47ae26492e9da33881087e80c6 | a6a881a6089843b9999b2a0a7397c5d7 | | | | all | False |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+
创建neutron服务实体:
$ openstack service create --name neutron \
--description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | f71529314dab4a4d8eca427e701d209e |
| name | neutron |
| type | network |
+-------------+----------------------------------+
结果
[root@controller ~]# openstack service create --name neutron \
> --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 616eda87003543b2b6e3a6dbbd614b86 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@controller ~]# openstack service list
+----------------------------------+-----------+-----------+
| ID | Name | Type |
+----------------------------------+-----------+-----------+
| 125478add9754a8182936f04f2175c0e | keystone | identity |
| 616eda87003543b2b6e3a6dbbd614b86 | neutron | network |
| 824b05bbfbca4fe7abc376ad9b0b5ec4 | glance | image |
| 8a4f8727095c481bb366eda08743dba6 | nova | compute |
| e380dba4387a41e09d63f359248798f1 | placement | placement |
+----------------------------------+-----------+-----------+
创建网络服务API端点:
$ openstack endpoint create --region RegionOne \
network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 85d80a6d02fc4b7683f611d7fc1493a3 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 09753b537ac74422a68d2d791cf3714f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1ee14289c9374dffb5db92a5c112fc4e |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+
| 207cd10858a24d48ad86beae5c2af00c | RegionOne | nova | compute | True | public | http://controller:8774/v2.1 |
| 270167f7978b458da1110a0e2db815ff | RegionOne | keystone | identity | True | admin | http://controller:5000/v3/ |
| 463b426aad584e9ea6d011cd0a6c527e | RegionOne | keystone | identity | True | internal | http://controller:5000/v3/ |
| 4f22b9f64ebd4dce9d6c13439124c62b | RegionOne | neutron | network | True | admin | http://controller:9696 |
| 6051331a74b74ecd92fd9cf05bb61979 | RegionOne | glance | image | True | internal | http://controller:9292 |
| 62baa669edf2420a930d21948da860b0 | RegionOne | neutron | network | True | public | http://controller:9696 |
| 66025531e4e747bf8c7aecab421da838 | RegionOne | placement | placement | True | public | http://controller:8778 |
| 8910be1558804aa38b9f88a71c8e7b68 | RegionOne | nova | compute | True | internal | http://controller:8774/v2.1 |
| 90b589816dd14b77814928f67e42a601 | RegionOne | glance | image | True | public | http://controller:9292 |
| 99c92cfc2b27431a95167b4113f4a5b4 | RegionOne | keystone | identity | True | public | http://controller:5000/v3/ |
| d2f34737a14a4b55ad948f68b2fd5272 | RegionOne | glance | image | True | admin | http://controller:9292 |
| e4538424631e4a80aa075c6c24c14ff8 | RegionOne | neutron | network | True | internal | http://controller:9696 |
| e4ab36ff450d40c6bc997f8e04093413 | RegionOne | placement | placement | True | internal | http://controller:8778 |
| ed03940afbb444f48d9a8041ce7b971d | RegionOne | placement | placement | True | admin | http://controller:8778 |
| eeb6de38ebff4584978df1c8108407ab | RegionOne | nova | compute | True | admin | http://controller:8774/v2.1 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+
配置网络选项
您可以部署网络服务使用选项1和选项2两种架构中的一种来部署网络服务。
选项1采用尽可能简单的架构进行部署,只支持实例连接到公有网络(外部网络)。没有私有网络(个人网络),路由器以及浮动IP地址。只有admin或者其他特权用户才可以管理公有网络
选项2在选项1的基础上多了layer-3服务,支持实例连接到私有网络。demo或者其他没有特权的用户可以管理自己的私有网络,包含连接公网和私网的路由器。另外,浮动IP地址可以让实例使用私有网络连接到外部网络,例如互联网
典型的私有网络一般使用覆盖网络。覆盖网络,例如VXLAN包含了额外的数据头,这些数据头增加了开销,减少了有效内容和用户数据的可用空间。在不了解虚拟网络架构的情况下,实例尝试用以太网 最大传输单元 (MTU) 1500字节发送数据包。网络服务会自动给实例提供正确的MTU的值通过DHCP的方式。但是,一些云镜像并没有使用DHCP或者忽视了DHCP MTU选项,要求使用元数据或者脚本来进行配置
这里选择选项2
网络选项2:私有网络
在controller节点上安装并配置网络组件
安装组件
# yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
配置服务组件
编辑/etc/neutron/neutron.conf 文件并完成如下操作:
在 [database] 部分,配置数据库访问:
[database]
# ...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
In the [DEFAULT] section, enable the Modular Layer 2 (ML2) plug-in, router service, and overlapping IP addresses:
[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
In the [DEFAULT] section, configure RabbitMQ message queue access:
[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller
Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ.
In the [DEFAULT] and [keystone_authtoken] sections, configure Identity service access:
[DEFAULT]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service.
Note
Comment out or remove any other options in the [keystone_authtoken] section.
In the [DEFAULT] and [nova] sections, configure Networking to notify Compute of network topology changes:
[DEFAULT]
# ...
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
Replace NOVA_PASS with the password you chose for the nova user in the Identity service.
In the [oslo_concurrency] section, configure the lock path:
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
本节完整/etc/neutron/neutron.conf 配置文件
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:12345678@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[cors]
[database]
connection = mysql+pymysql://neutron:12345678@controller/neutron
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 12345678
[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 12345678
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[privsep]
[ssl]
配置 Modular Layer 2 (ML2) 插件
The ML2 plug-in uses the Linux bridge mechanism to build layer-2 (bridging and switching) virtual networking infrastructure for instances.
Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file and complete the following actions:
In the [ml2] section, enable flat, VLAN, and VXLAN networks:
[ml2]
# ...
type_drivers = flat,vlan,vxlan
In the [ml2] section, enable VXLAN self-service networks:
[ml2]
# ...
tenant_network_types = vxlan
In the [ml2] section, enable the Linux bridge and layer-2 population mechanisms:
[ml2]
# ...
mechanism_drivers = linuxbridge,l2population
Warning
After you configure the ML2 plug-in, removing values in the type_drivers option can lead to database inconsistency.
Note
The Linux bridge agent only supports VXLAN overlay networks.
In the [ml2] section, enable the port security extension driver:
[ml2]
# ...
extension_drivers = port_security
In the [ml2_type_flat] section, configure the provider virtual network as a flat network:
[ml2_type_flat]
# ...
flat_networks = provider
In the [ml2_type_vxlan] section, configure the VXLAN network identifier range for self-service networks:
[ml2_type_vxlan]
# ...
vni_ranges = 1:1000
In the [securitygroup] section, enable ipset to increase efficiency of security group rules:
[securitygroup]
# ...
enable_ipset = true
本节完整/etc/neutron/plugins/ml2/ml2_conf.ini配置文件
[DEFAULT]
[ml2]
# ...
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
# ...
flat_networks = provider
[ml2_type_vxlan]
# ...
vni_ranges = 1:1000
[securitygroup]
# ...
enable_ipset = true
配置Linuxbridge代理
The Linux bridge agent builds layer-2 (bridging and switching) virtual networking infrastructure for instances and handles security groups.
Edit the /etc/neutron/plugins/ml2/linuxbridge_agent.ini file and complete the following actions:
In the [linux_bridge] section, map the provider virtual network to the provider physical network interface:
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
Replace PROVIDER_INTERFACE_NAME with the name of the underlying provider physical network interface. See Host networking for more information.
In the [vxlan] section, enable VXLAN overlay networks, configure the IP address of the physical network interface that handles overlay networks, and enable layer-2 population:
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
Replace OVERLAY_INTERFACE_IP_ADDRESS with the IP address of the underlying physical network interface that handles overlay networks. The example architecture uses the management interface to tunnel traffic to the other nodes. Therefore, replace OVERLAY_INTERFACE_IP_ADDRESS with the management IP address of the controller node. See Host networking for more information.
In the [securitygroup] section, enable security groups and configure the Linux bridge iptables firewall driver:
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
Ensure your Linux operating system kernel supports network bridge filters by verifying all the following sysctl values are set to 1:
net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-ip6tables
To enable networking bridge support, typically the br_netfilter kernel module needs to be loaded. Check your operating system’s documentation for additional details on enabling this module.
本节完整/etc/neutron/plugins/ml2/linuxbridge_agent.ini配置文件
[DEFAULT]
[linux_bridge]
physical_interface_mappings = provider:eth0
[vxlan]
enable_vxlan = true
local_ip = 192.168.2.11
l2_population = true
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置layer-3代理
The Layer-3 (L3) agent provides routing and NAT services for self-service virtual networks.
Edit the /etc/neutron/l3_agent.ini file and complete the following actions:
In the [DEFAULT] section, configure the Linux bridge interface driver:
[DEFAULT]
# ...
interface_driver = linuxbridge
配置DHCP代理
The DHCP agent provides DHCP services for virtual networks.
Edit the /etc/neutron/dhcp_agent.ini file and complete the following actions:
In the [DEFAULT] section, configure the Linux bridge interface driver, Dnsmasq DHCP driver, and enable isolated metadata so instances on provider networks can access metadata over the network:
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
配置元数据代理
The :term:metadata agent <Metadata agent>负责提供配置信息,例如:访问实例的凭证
编辑/etc/neutron/metadata_agent.ini文件并完成以下操作:
在[DEFAULT] 部分,配置元数据主机以及共享密码:
[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
用你为元数据代理设置的密码替换 METADATA_SECRET。这个密码和下面保持一致即可。
为计算节点配置网络服务
Note
The Nova compute service must be installed to complete this step. For more details see the compute install guide found under the Installation Guides section of the docs website.
Edit the /etc/nova/nova.conf file and perform the following actions:
In the [neutron] section, configure access parameters, enable the metadata proxy, and configure the secret:
编辑/etc/nova/nova.conf文件并完成以下操作:
在[neutron]部分,配置访问参数,启用元数据代理并设置密码:
[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
将 NEUTRON_PASS 替换为你在认证服务中为 neutron 用户选择的密码。
使用你为元数据代理设置的密码替换METADATA_SECRET
完成安装
网络服务初始化脚本需要一个超链接 /etc/neutron/plugin.ini指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini。如果超链接不存在,使用下面的命令创建它:
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步数据库:
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@controller nova]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
> --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1280, u"Name 'alembic_version_pkc' ignored for PRIMARY key.")
result = self._query(query)
正在对 neutron 运行 upgrade...
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade -> kilo
INFO [alembic.runtime.migration] Running upgrade kilo -> 354db87e3225
INFO [alembic.runtime.migration] Running upgrade 354db87e3225 -> 599c6a226151
INFO [alembic.runtime.migration] Running upgrade 599c6a226151 -> 52c5312f6baf
INFO [alembic.runtime.migration] Running upgrade 52c5312f6baf -> 313373c0ffee
INFO [alembic.runtime.migration] Running upgrade 313373c0ffee -> 8675309a5c4f
INFO [alembic.runtime.migration] Running upgrade 8675309a5c4f -> 45f955889773
INFO [alembic.runtime.migration] Running upgrade 45f955889773 -> 26c371498592
INFO [alembic.runtime.migration] Running upgrade 26c371498592 -> 1c844d1677f7
INFO [alembic.runtime.migration] Running upgrade 1c844d1677f7 -> 1b4c6e320f79
INFO [alembic.runtime.migration] Running upgrade 1b4c6e320f79 -> 48153cb5f051
INFO [alembic.runtime.migration] Running upgrade 48153cb5f051 -> 9859ac9c136
INFO [alembic.runtime.migration] Running upgrade 9859ac9c136 -> 34af2b5c5a59
INFO [alembic.runtime.migration] Running upgrade 34af2b5c5a59 -> 59cb5b6cf4d
INFO [alembic.runtime.migration] Running upgrade 59cb5b6cf4d -> 13cfb89f881a
INFO [alembic.runtime.migration] Running upgrade 13cfb89f881a -> 32e5974ada25
INFO [alembic.runtime.migration] Running upgrade 32e5974ada25 -> ec7fcfbf72ee
INFO [alembic.runtime.migration] Running upgrade ec7fcfbf72ee -> dce3ec7a25c9
INFO [alembic.runtime.migration] Running upgrade dce3ec7a25c9 -> c3a73f615e4
INFO [alembic.runtime.migration] Running upgrade c3a73f615e4 -> 659bf3d90664
INFO [alembic.runtime.migration] Running upgrade 659bf3d90664 -> 1df244e556f5
INFO [alembic.runtime.migration] Running upgrade 1df244e556f5 -> 19f26505c74f
INFO [alembic.runtime.migration] Running upgrade 19f26505c74f -> 15be73214821
INFO [alembic.runtime.migration] Running upgrade 15be73214821 -> b4caf27aae4
INFO [alembic.runtime.migration] Running upgrade b4caf27aae4 -> 15e43b934f81
INFO [alembic.runtime.migration] Running upgrade 15e43b934f81 -> 31ed664953e6
INFO [alembic.runtime.migration] Running upgrade 31ed664953e6 -> 2f9e956e7532
INFO [alembic.runtime.migration] Running upgrade 2f9e956e7532 -> 3894bccad37f
INFO [alembic.runtime.migration] Running upgrade 3894bccad37f -> 0e66c5227a8a
INFO [alembic.runtime.migration] Running upgrade 0e66c5227a8a -> 45f8dd33480b
INFO [alembic.runtime.migration] Running upgrade 45f8dd33480b -> 5abc0278ca73
INFO [alembic.runtime.migration] Running upgrade 5abc0278ca73 -> d3435b514502
INFO [alembic.runtime.migration] Running upgrade d3435b514502 -> 30107ab6a3ee
INFO [alembic.runtime.migration] Running upgrade 30107ab6a3ee -> c415aab1c048
INFO [alembic.runtime.migration] Running upgrade c415aab1c048 -> a963b38d82f4
INFO [alembic.runtime.migration] Running upgrade kilo -> 30018084ec99
INFO [alembic.runtime.migration] Running upgrade 30018084ec99 -> 4ffceebfada
INFO [alembic.runtime.migration] Running upgrade 4ffceebfada -> 5498d17be016
INFO [alembic.runtime.migration] Running upgrade 5498d17be016 -> 2a16083502f3
INFO [alembic.runtime.migration] Running upgrade 2a16083502f3 -> 2e5352a0ad4d
INFO [alembic.runtime.migration] Running upgrade 2e5352a0ad4d -> 11926bcfe72d
INFO [alembic.runtime.migration] Running upgrade 11926bcfe72d -> 4af11ca47297
INFO [alembic.runtime.migration] Running upgrade 4af11ca47297 -> 1b294093239c
INFO [alembic.runtime.migration] Running upgrade 1b294093239c -> 8a6d8bdae39
INFO [alembic.runtime.migration] Running upgrade 8a6d8bdae39 -> 2b4c2465d44b
INFO [alembic.runtime.migration] Running upgrade 2b4c2465d44b -> e3278ee65050
INFO [alembic.runtime.migration] Running upgrade e3278ee65050 -> c6c112992c9
INFO [alembic.runtime.migration] Running upgrade c6c112992c9 -> 5ffceebfada
INFO [alembic.runtime.migration] Running upgrade 5ffceebfada -> 4ffceebfcdc
INFO [alembic.runtime.migration] Running upgrade 4ffceebfcdc -> 7bbb25278f53
INFO [alembic.runtime.migration] Running upgrade 7bbb25278f53 -> 89ab9a816d70
INFO [alembic.runtime.migration] Running upgrade a963b38d82f4 -> 3d0e74aa7d37
INFO [alembic.runtime.migration] Running upgrade 3d0e74aa7d37 -> 030a959ceafa
INFO [alembic.runtime.migration] Running upgrade 030a959ceafa -> a5648cfeeadf
INFO [alembic.runtime.migration] Running upgrade a5648cfeeadf -> 0f5bef0f87d4
INFO [alembic.runtime.migration] Running upgrade 0f5bef0f87d4 -> 67daae611b6e
INFO [alembic.runtime.migration] Running upgrade 89ab9a816d70 -> c879c5e1ee90
INFO [alembic.runtime.migration] Running upgrade c879c5e1ee90 -> 8fd3918ef6f4
INFO [alembic.runtime.migration] Running upgrade 8fd3918ef6f4 -> 4bcd4df1f426
INFO [alembic.runtime.migration] Running upgrade 4bcd4df1f426 -> b67e765a3524
INFO [alembic.runtime.migration] Running upgrade 67daae611b6e -> 6b461a21bcfc
INFO [alembic.runtime.migration] Running upgrade 6b461a21bcfc -> 5cd92597d11d
INFO [alembic.runtime.migration] Running upgrade 5cd92597d11d -> 929c968efe70
INFO [alembic.runtime.migration] Running upgrade 929c968efe70 -> a9c43481023c
INFO [alembic.runtime.migration] Running upgrade a9c43481023c -> 804a3c76314c
INFO [alembic.runtime.migration] Running upgrade 804a3c76314c -> 2b42d90729da
INFO [alembic.runtime.migration] Running upgrade 2b42d90729da -> 62c781cb6192
INFO [alembic.runtime.migration] Running upgrade 62c781cb6192 -> c8c222d42aa9
INFO [alembic.runtime.migration] Running upgrade c8c222d42aa9 -> 349b6fd605a6
INFO [alembic.runtime.migration] Running upgrade 349b6fd605a6 -> 7d32f979895f
INFO [alembic.runtime.migration] Running upgrade 7d32f979895f -> 594422d373ee
INFO [alembic.runtime.migration] Running upgrade 594422d373ee -> 61663558142c
INFO [alembic.runtime.migration] Running upgrade 61663558142c -> 867d39095bf4, port forwarding
INFO [alembic.runtime.migration] Running upgrade 867d39095bf4 -> d72db3e25539, modify uniq port forwarding
INFO [alembic.runtime.migration] Running upgrade d72db3e25539 -> cada2437bf41
INFO [alembic.runtime.migration] Running upgrade cada2437bf41 -> 195176fb410d, router gateway IP QoS
INFO [alembic.runtime.migration] Running upgrade 195176fb410d -> fb0167bd9639
INFO [alembic.runtime.migration] Running upgrade fb0167bd9639 -> 0ff9e3881597
INFO [alembic.runtime.migration] Running upgrade 0ff9e3881597 -> 9bfad3f1e780
INFO [alembic.runtime.migration] Running upgrade 9bfad3f1e780 -> 63fd95af7dcd
INFO [alembic.runtime.migration] Running upgrade 63fd95af7dcd -> c613d0b82681
INFO [alembic.runtime.migration] Running upgrade b67e765a3524 -> a84ccf28f06a
INFO [alembic.runtime.migration] Running upgrade a84ccf28f06a -> 7d9d8eeec6ad
INFO [alembic.runtime.migration] Running upgrade 7d9d8eeec6ad -> a8b517cff8ab
INFO [alembic.runtime.migration] Running upgrade a8b517cff8ab -> 3b935b28e7a0
INFO [alembic.runtime.migration] Running upgrade 3b935b28e7a0 -> b12a3ef66e62
INFO [alembic.runtime.migration] Running upgrade b12a3ef66e62 -> 97c25b0d2353
INFO [alembic.runtime.migration] Running upgrade 97c25b0d2353 -> 2e0d7a8a1586
INFO [alembic.runtime.migration] Running upgrade 2e0d7a8a1586 -> 5c85685d616d
重启计算API 服务:
# systemctl restart openstack-nova-api.service
当系统启动时,启动 Networking 服务并配置它启动。
对于两种网络选项:
# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
对于网络选项2,同样启用layer-3服务并设置其随系统自启动
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
安装和配置计算节点
计算节点处理实例的连接和 安全组 。
在计算节点操作
安装组件
# yum install openstack-neutron-linuxbridge ebtables ipset
配置通用组件
Networking 通用组件的配置包括认证机制、消息队列和插件。
编辑/etc/neutron/neutron.conf 文件并完成如下操作:
在[database] 部分,注释所有connection 项,因为计算节点不直接访问数据库。
在 “[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分,配置 “RabbitMQ” 消息队列的连接:
[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller
用你在RabbitMQ中为openstack选择的密码替换 “RABBIT_PASS”。
在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分,配置认证服务访问:
[DEFAULT]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
将 NEUTRON_PASS 替换为你在认证服务中为 neutron 用户选择的密码。
在 [oslo_concurrency] 部分,配置锁路径:
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
配置网络选项
选择与您之前在控制节点上选择的相同的网络选项。之后,回到这里并进行下一步:为计算节点配置网络服务。
选择网络选项2
网络选项2:私有网络
配置Linuxbridge代理
Linuxbridge代理为实例建立layer-2虚拟网络并且处理安全组规则。
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件并且完成以下操作:
在[linux_bridge]部分,将公共虚拟网络和公共物理网络接口对应起来:
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
将PUBLIC_INTERFACE_NAME 替换为底层的物理公共网络接口。请查看:ref:environment-networking for more information。
在[vxlan]部分,启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2 population:
[vxlan]
enable_vxlan = True
local_ip = 192.168.2.31
l2_population = True
将OVERLAY_INTERFACE_IP_ADDRESS 替换为处理覆盖网络的底层物理网络接口的IP地址。这个示例架构中使用管理网络接口与其他节点建立流量隧道。因此,将OVERLAY_INTERFACE_IP_ADDRESS替换为计算节点的管理网络的IP地址。
在 [securitygroup]部分,启用安全组并配置 Linuxbridge iptables firewall driver:
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置计算节点使用网络服务
Edit the /etc/nova/nova.conf file and complete the following actions:
In the [neutron] section, configure access parameters:
[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
完成安装
重启计算服务:
# systemctl restart openstack-nova-compute.service
启动Linuxbridge代理并配置它开机自启动:
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
校验安装
在控制节点上执行这些命令。
获得 admin 凭证来获取只有管理员能执行的命令的访问权限:
$ . admin-openrc
列出加载的扩展来验证neutron-server进程是否正常启动:
$ openstack extension list --network
+---------------------------+---------------------------+----------------------------+
| Name | Alias | Description |
+---------------------------+---------------------------+----------------------------+
| Default Subnetpools | default-subnetpools | Provides ability to mark |
| | | and use a subnetpool as |
| | | the default |
| Availability Zone | availability_zone | The availability zone |
| | | extension. |
| Network Availability Zone | network_availability_zone | Availability zone support |
| | | for network. |
| Port Binding | binding | Expose port bindings of a |
| | | virtual port to external |
| | | application |
| agent | agent | The agent management |
| | | extension. |
| Subnet Allocation | subnet_allocation | Enables allocation of |
| | | subnets from a subnet pool |
| DHCP Agent Scheduler | dhcp_agent_scheduler | Schedule networks among |
| | | dhcp agents |
| Neutron external network | external-net | Adds external network |
| | | attribute to network |
| | | resource. |
| Neutron Service Flavors | flavors | Flavor specification for |
| | | Neutron advanced services |
| Network MTU | net-mtu | Provides MTU attribute for |
| | | a network resource. |
| Network IP Availability | network-ip-availability | Provides IP availability |
| | | data for each network and |
| | | subnet. |
| Quota management support | quotas | Expose functions for |
| | | quotas management per |
| | | tenant |
| Provider Network | provider | Expose mapping of virtual |
| | | networks to physical |
| | | networks |
| Multi Provider Network | multi-provider | Expose mapping of virtual |
| | | networks to multiple |
| | | physical networks |
| Address scope | address-scope | Address scopes extension. |
| Subnet service types | subnet-service-types | Provides ability to set |
| | | the subnet service_types |
| | | field |
| Resource timestamps | standard-attr-timestamp | Adds created_at and |
| | | updated_at fields to all |
| | | Neutron resources that |
| | | have Neutron standard |
| | | attributes. |
| Neutron Service Type | service-type | API for retrieving service |
| Management | | providers for Neutron |
| | | advanced services |
| resources: subnet, | | more L2 and L3 resources. |
| subnetpool, port, router | | |
| Neutron Extra DHCP opts | extra_dhcp_opt | Extra options |
| | | configuration for DHCP. |
| | | For example PXE boot |
| | | options to DHCP clients |
| | | can be specified (e.g. |
| | | tftp-server, server-ip- |
| | | address, bootfile-name) |
| Resource revision numbers | standard-attr-revisions | This extension will |
| | | display the revision |
| | | number of neutron |
| | | resources. |
| Pagination support | pagination | Extension that indicates |
| | | that pagination is |
| | | enabled. |
| Sorting support | sorting | Extension that indicates |
| | | that sorting is enabled. |
| security-group | security-group | The security groups |
| | | extension. |
| RBAC Policies | rbac-policies | Allows creation and |
| | | modification of policies |
| | | that control tenant access |
| | | to resources. |
| standard-attr-description | standard-attr-description | Extension to add |
| | | descriptions to standard |
| | | attributes |
| Port Security | port-security | Provides port security |
| Allowed Address Pairs | allowed-address-pairs | Provides allowed address |
| | | pairs |
| project_id field enabled | project-id | Extension that indicates |
| | | that project_id field is |
| | | enabled. |
+---------------------------+---------------------------+----------------------------+
结果
[root@controller neutron]# openstack extension list --network
+----------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Name | Alias | Description |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Subnet Pool Prefix Operations | subnetpool-prefix-ops | Provides support for adjusting the prefix list of subnet pools |
| Default Subnetpools | default-subnetpools | Provides ability to mark and use a subnetpool as the default. |
| Availability Zone | availability_zone | The availability zone extension. |
| Network Availability Zone | network_availability_zone | Availability zone support for network. |
| Subnet Onboard | subnet_onboard | Provides support for onboarding subnets into subnet pools |
| Auto Allocated Topology Services | auto-allocated-topology | Auto Allocated Topology Services. |
| Neutron L3 Configurable external gateway mode | ext-gw-mode | Extension of the router abstraction for specifying whether SNAT should occur on the external gateway |
| Port Binding | binding | Expose port bindings of a virtual port to external application |
| agent | agent | The agent management extension. |
| Subnet Allocation | subnet_allocation | Enables allocation of subnets from a subnet pool |
| DHCP Agent Scheduler | dhcp_agent_scheduler | Schedule networks among dhcp agents |
| Neutron external network | external-net | Adds external network attribute to network resource. |
| Empty String Filtering Extension | empty-string-filtering | Allow filtering by attributes with empty string value |
| Tag support for resources with standard attribute: subnet, trunk, network_segment_range, router, network, policy, subnetpool, port, security_group, floatingip | standard-attr-tag | Enables to set tag on resources with standard attribute. |
| Neutron Service Flavors | flavors | Flavor specification for Neutron advanced services. |
| Network MTU | net-mtu | Provides MTU attribute for a network resource. |
| Network IP Availability | network-ip-availability | Provides IP availability data for each network and subnet. |
| Quota management support | quotas | Expose functions for quotas management per tenant |
| If-Match constraints based on revision_number | revision-if-match | Extension indicating that If-Match based on revision_number is supported. |
| Prevent L3 router ports IP address change extension | l3-port-ip-change-not-allowed | Prevent change of IP address for some L3 router ports |
| Availability Zone Filter Extension | availability_zone_filter | Add filter parameters to AvailabilityZone resource |
| HA Router extension | l3-ha | Adds HA capability to routers. |
| Enforce Router's Admin State Down Before Update Extension | router-admin-state-down-before-update | Ensure that the admin state of a router is down (admin_state_up=False) before updating the distributed attribute |
| Filter parameters validation | filter-validation | Provides validation on filter parameters. |
| Multi Provider Network | multi-provider | Expose mapping of virtual networks to multiple physical networks |
| Quota details management support | quota_details | Expose functions for quotas usage statistics per project |
| Address scope | address-scope | Address scopes extension. |
| Neutron Extra Route | extraroute | Extra routes configuration for L3 router |
| Network MTU (writable) | net-mtu-writable | Provides a writable MTU attribute for a network resource. |
| Agent's Resource View Synced to Placement | agent-resources-synced | Stores success/failure of last sync to Placement |
| Subnet service types | subnet-service-types | Provides ability to set the subnet service_types field |
| Floating IP Pools Extension | floatingip-pools | Provides a floating IP pools API. |
| Neutron Port MAC address regenerate | port-mac-address-regenerate | Network port MAC address regenerate |
| Add security_group type to network RBAC | rbac-security-groups | Add security_group type to network RBAC |
| Provider Network | provider | Expose mapping of virtual networks to physical networks |
| Neutron Service Type Management | service-type | API for retrieving service providers for Neutron advanced services |
| Router Flavor Extension | l3-flavors | Flavor support for routers. |
| Port Security | port-security | Provides port security |
| Neutron Extra DHCP options | extra_dhcp_opt | Extra options configuration for DHCP. For example PXE boot options to DHCP clients can be specified (e.g. tftp-server, server-ip-address, bootfile-name) |
| Port filtering on security groups | port-security-groups-filtering | Provides security groups filtering when listing ports |
| Resource timestamps | standard-attr-timestamp | Adds created_at and updated_at fields to all Neutron resources that have Neutron standard attributes. |
| Resource revision numbers | standard-attr-revisions | This extension will display the revision number of neutron resources. |
| Pagination support | pagination | Extension that indicates that pagination is enabled. |
| Sorting support | sorting | Extension that indicates that sorting is enabled. |
| security-group | security-group | The security groups extension. |
| L3 Agent Scheduler | l3_agent_scheduler | Schedule routers among l3 agents |
| Floating IP Port Details Extension | fip-port-details | Add port_details attribute to Floating IP resource |
| Router Availability Zone | router_availability_zone | Availability zone support for router. |
| RBAC Policies | rbac-policies | Allows creation and modification of policies that control tenant access to resources. |
| Atomically add/remove extra routes | extraroute-atomic | Edit extra routes of a router on server side by atomically adding/removing extra routes |
| standard-attr-description | standard-attr-description | Extension to add descriptions to standard attributes |
| IP address substring filtering | ip-substring-filtering | Provides IP address substring filtering when listing ports |
| Neutron L3 Router | router | Router abstraction for basic L3 forwarding between L2 Neutron networks and access to external networks via a NAT gateway. |
| Allowed Address Pairs | allowed-address-pairs | Provides allowed address pairs |
| Port Bindings Extended | binding-extended | Expose port bindings of a virtual port to external application |
| project_id field enabled | project-id | Extension that indicates that project_id field is enabled. |
| Distributed Virtual Router | dvr | Enables configuration of Distributed Virtual Routers. |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
网络选项2:私有网络
列出代理以验证启动 neutron 代理是否成功:
$ openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| f49a4b81-afd6-4b3d-b923-66c8f0517099 | Metadata agent | controller | None | True | UP | neutron-metadata-agent |
| 27eee952-a748-467b-bf71-941e89846a92 | Linux bridge agent | controller | None | True | UP | neutron-linuxbridge-agent |
| 08905043-5010-4b87-bba5-aedb1956e27a | Linux bridge agent | compute1 | None | True | UP | neutron-linuxbridge-agent |
| 830344ff-dc36-4956-84f4-067af667a0dc | L3 agent | controller | nova | True | UP | neutron-l3-agent |
| dd3644c9-1a3a-435a-9282-eb306b4b0391 | DHCP agent | controller | nova | True | UP | neutron-dhcp-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
结果
[root@controller neutron]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 0dbaa5c3-6621-42f2-8e99-b6bafaed4f81 | L3 agent | controller | nova | :-) | UP | neutron-l3-agent |
| 206b0227-47c2-4f27-8927-55ba80cbb1cb | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
| 2a38e713-1807-442a-81b5-fe8b26b5405b | Linux bridge agent | controller | None | :-) | UP | neutron-linuxbridge-agent |
| da9d9209-d65e-40ba-94ab-38ce415f305c | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
错误:没有列出计算节点的l3代理。
原因是对应服务没有启动,忘记这个了。
[root@computer1 ~]# systemctl start neutron-linuxbridge-agent.service
[root@computer1 ~]# systemctl enable neutron-linuxbridge-agent.service
[root@computer1 ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 0dbaa5c3-6621-42f2-8e99-b6bafaed4f81 | L3 agent | controller | nova | :-) | UP | neutron-l3-agent |
| 206b0227-47c2-4f27-8927-55ba80cbb1cb | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
| 2a38e713-1807-442a-81b5-fe8b26b5405b | Linux bridge agent | controller | None | :-) | UP | neutron-linuxbridge-agent |
| 90bc18d8-2f93-4ea5-aa10-62765ad446aa | Linux bridge agent | computer1 | None | :-) | UP | neutron-linuxbridge-agent |
| da9d9209-d65e-40ba-94ab-38ce415f305c | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
总结
安装neutron修改了哪些配置文件:
控制节点:
/etc/neutron/neutron.conf
/etc/neutron/plugins/ml2/ml2_conf.ini
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
/etc/neutron/dhcp_agent.ini
/etc/neutron/metadata_agent.ini
/etc/nova/nova.conf
计算节点:
/etc/neutron/neutron.conf
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
/etc/nova/nova.conf
错误
计算节点Linux bridge agent状态不对
[root@computer1 ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 0daf309a-0f12-4d3b-b6fd-de650c98f4e0 | Linux bridge agent | controller | None | :-) | UP | neutron-linuxbridge-agent |
| 66f0554e-f65d-47e2-80e0-dc5f460bc404 | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
| ac263874-8066-4c48-b1ac-20fc25e38126 | L3 agent | controller | nova | :-) | UP | neutron-l3-agent |
| e5bdb90c-350e-40c9-a92f-223ffb1fc06f | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent |
| f8493f07-134a-4146-bb7c-d76149633f25 | Linux bridge agent | computer1 | None | XXX | UP | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
tail -f /var/log/neutron/linuxbridge-agent.log
2022-04-07 15:16:55.835 12070 ERROR neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Tunneling cannot be enabled without the local_ip bound to an interface on the host. Please configure local_ip 10.0.0.11 on the host interface to be used for tunneling and restart the agent.
查看发现是计算节点/etc/neutron/plugins/ml2/linuxbridge_agent.ini 配置配置错误,中间修改过ip没有改对
