配置服务(这里使用网络服务选项2)
controller端(控制端):
[root@controller ~]#yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
[root@controller ~]# grep "^[a-z]" -B 1 /etc/neutron/neutron.conf #编辑/etc/neutron/neutron.conf文件
[DEFAULT]
core_plugin = ml2 #启用Layer 2 (ML2)插件模块,路由服务和重叠的IP地址
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit #配置 "RabbitMQ" 消息队列访问
auth_strategy = keystone #配置认证服务访问
notify_nova_on_port_status_changes = True #配置网络以能够反映计算网络拓扑变化
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
verbose = True #启用详细日志
[keystone_authtoken] #配置认证服务访问,在 [keystone_authtoken] 中注释或者删除其他选项。
uth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = 123456
[database]
connection = mysql://neutron:123456@controller/neutron #配置数据库访问
[nova] #配置网络以能够反映计算网络拓扑变化
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = 123456
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp #配置锁路径
[oslo_messaging_rabbit] #配置 "RabbitMQ"消息队列访问
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 123456
[root@controller ~]# grep "^[a-z]" -B 1 /etc/neutron/plugins/ml2/ml2_conf.ini #编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件
[ml2]
type_drivers = flat,vlan,vxlan #启用flat,VLAN和VXLAN网络
tenant_network_types = vxlan #启用VXLAN项目(私有)网络 Linux桥接代理只支持VXLAN网络。
mechanism_drivers = linuxbridge,l2population #启用Linux 桥接和layer-2 population mechanisms
extension_drivers = port_security #启用端口安全扩展驱动
[ml2_type_flat]
flat_networks = public #配置公共flat提供网络
[ml2_type_vxlan]
vni_ranges = 1:1000 #配置VXLAN网络标识范围与私有网络不同
[securitygroup]
enable_ipset = True #启用 ipset 增加安全组的方便性
[root@controller ~]# grep "^[a-z]" -B 1 /etc/neutron/plugins/ml2/linuxbridge_agent.ini #编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
[linux_bridge]
physical_interface_mappings = public:ens32 #映射公共虚拟网络到公共物理网络接口
[vxlan] #启用VXLAN覆盖网络,配置处理覆盖网络和启用layer-2 的物理网络接口的IP地址
enable_vxlan = True
local_ip = 192.168.1.101
l2_population = True
[agent]
prevent_arp_spoofing = True #启用ARP欺骗防护
[securitygroup] #启用安全组并配置 Linux 桥接 iptables 防火墙驱动
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@controller ~]# grep "^[a-z]" -B 1 /etc/neutron/l3_agent.ini #编辑/etc/neutron/l3_agent.ini 文件
[DEFAULT] #配置Linux桥接网络驱动和外部网络桥接
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge = #故意缺少值,这样就可以在一个代理上启用多个外部网络
verbose = True #启用详细日志
[root@controller ~]# grep "^[a-z]" -B 1 /etc/neutron/dhcp_agent.ini #编辑/etc/neutron/dhcp_agent.ini 文件
[DEFAULT] #配置Linux桥接网卡驱动,Dnsmasq DHCP驱动并启用隔离元数据,这样在公共网络上的实例就可以通过网络访问元数据
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
verbose = True
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf #启用 dnsmasq 配置文件
[root@controller ~]# grep "^[a-z]" -B 1 /etc/neutron/dnsmasq-neutron.conf #编辑创建并/etc/neutron/dnsmasq-neutron.conf 文件
dhcp-option-force=26,1450
[root@controller ~]# grep "^[a-z]" -B 1 /etc/neutron/metadata_agent.ini
[DEFAULT] #配置访问参数
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = 123456
nova_metadata_ip = controller #配置元数据主机
metadata_proxy_shared_secret = 123456 #配置元数据代理共享密码,自定义
verbose = True
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
