openstack I版的搭建四
# cd /usr/local/src/neutron-2014.1
# python setup.py install
# pwd
/usr/local/src/neutron-2014.1/etc
# mkdir /etc/neutron
# mkdir /var/log/neutron
# mkdir /var/run/neutron
# mkdir /var/lib/neutron
# cp -r * /etc/neutron/
# cd /etc/neutron/
# ll
总用量 76
-rw-r--r-- 1 root root1017 8月19 08:14 api-paste.ini
-rw-r--r-- 1 root root3497 8月19 08:14 dhcp_agent.ini
-rw-r--r-- 1 root root 109 8月19 08:14 fwaas_driver.ini
drwxr-xr-x 2 root root4096 8月19 08:14 init.d
-rw-r--r-- 1 root root3109 8月19 08:14 l3_agent.ini
-rw-r--r-- 1 root root1400 8月19 08:14 lbaas_agent.ini
-rw-r--r-- 1 root root1335 8月19 08:14 metadata_agent.ini
-rw-r--r-- 1 root root 407 8月19 08:14 metering_agent.ini
drwxr-xr-x 4 root root4096 8月19 08:14 neutron
-rw-r--r-- 1 root root 17471 8月19 08:14 neutron.conf
-rw-r--r-- 1 root root6148 8月19 08:14 policy.json
-rw-r--r-- 1 root root1216 8月19 08:14 rootwrap.conf
-rw-r--r-- 1 root root1128 8月19 08:14 services.conf
-rw-r--r-- 1 root root 526 8月19 08:14 ***_agent.ini
# cd neutron
# pwd
/etc/neutron/neutron
# mv * ../
# cd ..
# ll
总用量 84
-rw-r--r--1 root root1017 8月19 08:14 api-paste.ini
-rw-r--r--1 root root3497 8月19 08:14 dhcp_agent.ini
-rw-r--r--1 root root 109 8月19 08:14 fwaas_driver.ini
drwxr-xr-x2 root root4096 8月19 08:14 init.d
-rw-r--r--1 root root3109 8月19 08:14 l3_agent.ini
-rw-r--r--1 root root1400 8月19 08:14 lbaas_agent.ini
-rw-r--r--1 root root1335 8月19 08:14 metadata_agent.ini
-rw-r--r--1 root root 407 8月19 08:14 metering_agent.ini
drwxr-xr-x2 root root4096 8月19 08:15 neutron
-rw-r--r--1 root root 17471 8月19 08:14 neutron.conf
drwxr-xr-x 21 root root4096 8月19 08:14 plugins
-rw-r--r--1 root root6148 8月19 08:14 policy.json
-rw-r--r--1 root root1216 8月19 08:14 rootwrap.conf
drwxr-xr-x2 root root4096 8月19 08:14 rootwrap.d
-rw-r--r--1 root root1128 8月19 08:14 services.conf
-rw-r--r--1 root root 526 8月19 08:14 ***_agent.ini
# rm -fr neutron
# ll
总用量 80
-rw-r--r--1 root root1017 8月19 08:14 api-paste.ini
-rw-r--r--1 root root3497 8月19 08:14 dhcp_agent.ini
-rw-r--r--1 root root 109 8月19 08:14 fwaas_driver.ini
drwxr-xr-x2 root root4096 8月19 08:14 init.d
-rw-r--r--1 root root3109 8月19 08:14 l3_agent.ini
-rw-r--r--1 root root1400 8月19 08:14 lbaas_agent.ini
-rw-r--r--1 root root1335 8月19 08:14 metadata_agent.ini
-rw-r--r--1 root root 407 8月19 08:14 metering_agent.ini
-rw-r--r--1 root root 17471 8月19 08:14 neutron.conf
drwxr-xr-x 21 root root4096 8月19 08:14 plugins
-rw-r--r--1 root root6148 8月19 08:14 policy.json
-rw-r--r--1 root root1216 8月19 08:14 rootwrap.conf
drwxr-xr-x2 root root4096 8月19 08:14 rootwrap.d
-rw-r--r--1 root root1128 8月19 08:14 services.conf
-rw-r--r--1 root root 526 8月19 08:14 ***_agent.ini
# vim /etc/neutron/neutron.conf
406gg
connection = mysql://neutron:neutron@192.168.33.11:3306/neutron
70gg
auth_strategy = keystone
395gg
auth_host = 192.168.33.11
auth_port = 35357
auth_protocol = http
admin_tenant_name = admin
admin_user = admin
admin_password = admin
signing_dir = $state_path/keystone-signing
134gg
rabbit_host = 192.168.33.11
# Password of the RabbitMQ server
rabbit_password = guest
# Port where RabbitMQ server is running/listening
rabbit_port = 5672
# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
# rabbit_hosts = localhost:5672
# User ID used for RabbitMQ connections
rabbit_userid = guest
# Location of a virtual RabbitMQ installation.
rabbit_virtual_host = /
3gg
# Print more verbose output (set logging level to INFO instead of default WARNING level).
verbose = true
# Print debugging output (set logging level to DEBUG instead of default WARNING level).
debug = true
29gg
log_file = neutron.log
log_dir = /var/log/neutron
306gg
nova_admin_tenant_id = cdbb9a7dcd044328a7969bc8069624ae
要用下面的这个id
# keystone tenant-list
+----------------------------------+-------+---------+
| id |name | enabled |
+----------------------------------+-------+---------+
| cdbb9a7dcd044328a7969bc8069624ae | admin | True|
| ed844c55ff2a45da880c818e356f8a71 |demo | True|
+----------------------------------+-------+---------+
299gg
notify_nova_on_port_status_changes = True
# Send notifications to nova when port data (fixed_ips/floatingips) change
# so nova can update it's cache.
notify_nova_on_port_data_changes = True
# URL for connection to nova (Only supports one nova region currently).
nova_url = http://192.168.33.11:8774/v2
# Name of nova region to use. Useful if keystone manages more than one region
# nova_region_name =
# Username for connection to nova in admin context
nova_admin_username = admin
# The uuid of the admin nova tenant
nova_admin_tenant_id = cdbb9a7dcd044328a7969bc8069624ae
# Password for connection to nova in admin context.
nova_admin_password = admin
# Authorization URL for connection to nova in admin context.
nova_admin_auth_url =
http://192.168.33.11:35357/v2.0
core_plugin = ml2
# Example: core_plugin = ml2
# (ListOpt) List of service plugin entrypoints to be loaded from the
# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of
# the plugins included in the neutron source distribution. For compatibility
# with previous versions, the class name of a plugin can be specified instead
# of its entrypoint name.
#
service_plugins = router
# vim /etc/nova/nova.conf
# keystone tenant-list
+----------------------------------+-------+---------+
| id |name | enabled |
+----------------------------------+-------+---------+
| cdbb9a7dcd044328a7969bc8069624ae | admin | True|
| ed844c55ff2a45da880c818e356f8a71 |demo | True|
+----------------------------------+-------+---------+
neutron_url=http://192.168.33.11:9696
neutron_admin_username=admin
neutron_admin_password=admin
neutron_admin_tenant_id=cdbb9a7dcd044328a7969bc8069624ae
neutron_admin_tenant_name=admin
neutron_admin_auth_url=
http://192.168.33.11:5000/v2.0
1966gg
vif_plugging_is_fatal=false
创建虚拟机的时候创建不了网卡,所以把上面的这个参数改掉。
vif_plugging_timeout=10
# history |grep for
220glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2 --container-format bare --is-public True --file cirros-0.3.2-x86_64-disk.img
275for i in {api,cert,conductor,scheduler,consoleauth,novncproxy};do /etc/init.d/openstack-nova-$i start;done
355history |grep for
# for i in {api,cert,conductor,scheduler,consoleauth,novncproxy};do /etc/init.d/openstack-nova-$i restart;done
# keystone service-create --name neutron --type network --description "OpenStack Networking"
+-------------+----------------------------------+
| Property| Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | b753f69cb75d49e9bb72e653cf8c41e9 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
# keystone endpoint-create \
usage: keystone endpoint-create [--region <endpoint-region>] --service
<service> --publicurl <public-url>
[--adminurl <admin-url>]
[--internalurl <internal-url>]
keystone endpoint-create: error: argument --service/--service-id/--service_id is required
# keystone endpoint-create \
> --service-id=b753f69cb75d49e9bb72e653cf8c41e9 \
> --publicurl=http://192.168.33.11:9696 \
> --internalurl=http://192.168.33.11:9696 \
> --adminurl=http://192.168.33.11:9696
+-------------+----------------------------------+
| Property| Value |
+-------------+----------------------------------+
| adminurl| http://192.168.33.11:9696 |
| id | 02fe6cedbb784d4188b266be32868ce2 |
| internalurl | http://192.168.33.11:9696 |
|publicurl| http://192.168.33.11:9696 |
| region | regionOne |
|service_id | b753f69cb75d49e9bb72e653cf8c41e9 |
+-------------+----------------------------------+
# keystone endpoint-create --service-id=b753f69cb75d49e9bb72e653cf8c41e9 --publicurl=http://192.168.33.11:9696 --internalurl=http://192.168.33.11:9696 --adminurl=http://192.168.33.11:9696
修改neutron插件
neutron支持很多插件如下:
# ll /etc/neutron/plugins/
总用量 76
drwxr-xr-x 3 root root 4096 8月19 08:14 bigswitch
drwxr-xr-x 2 root root 4096 8月19 08:14 brocade
drwxr-xr-x 2 root root 4096 8月19 08:14 cisco
drwxr-xr-x 2 root root 4096 8月19 08:14 embrane
drwxr-xr-x 2 root root 4096 8月19 08:14 hyperv
drwxr-xr-x 2 root root 4096 8月19 08:14 ibm
drwxr-xr-x 2 root root 4096 8月19 08:14 linuxbridge
drwxr-xr-x 2 root root 4096 8月19 08:14 metaplugin
drwxr-xr-x 2 root root 4096 8月19 08:14 midonet
drwxr-xr-x 2 root root 4096 8月19 08:14 ml2
drwxr-xr-x 2 root root 4096 8月19 08:14 mlnx
drwxr-xr-x 2 root root 4096 8月19 08:14 nec
drwxr-xr-x 2 root root 4096 8月19 08:14 nicira
drwxr-xr-x 2 root root 4096 8月19 08:14 nuage
drwxr-xr-x 2 root root 4096 8月19 08:14 oneconvergence
drwxr-xr-x 2 root root 4096 8月19 08:14 openvswitch
drwxr-xr-x 2 root root 4096 8月19 08:14 plumgrid
drwxr-xr-x 2 root root 4096 8月19 08:14 ryu
drwxr-xr-x 2 root root 4096 8月19 08:14 vmware
红色的部分是开源的,黑色的部分都是商业版的
支持两种网络:单一扁平网络,虚拟机和物理机在一个网段,虚拟机的网关就是物理机的网关。
有一个问题:因为虚拟机和物理机都在一个网段,会有广播包,降低整个网络性能。VLAN:
二层
网关:性能,、网络络节点:单点故障。
网络的流量我们会把它转到3层交换机上去。
# vim /etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
我要把我的网卡映射到物理网卡上面去,这里面只是一个标识
network_vlan_ranges = phpysnet1
Example: network_vlan_ranges = physnet1:1000:2999
physical_interface_mappings = physnet1:eth0
打开安全组
enable_security_group = True
它用到Linux的iptables
最好不要用,规则是openstack刷进去的。
生产环境最好人为控制。
支持直接调用物理防火墙。
shengke
软件定义网络
不依靠硬件,如各种协议,
# grep '^' /etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
network_vlan_ranges = phpysnet1
physical_interface_mappings = physnet1:eth0
enable_security_group = True
# vim /etc/neutron/plugins/ml2/ml2_conf.ini
几乎涵盖了neutron支持的所有网络类型
单一扁平网络、VLAN、gre:隧道网络、Vxlan
租户的网络类型
tenant_network_types = flat
mechanism_drivers = linuxbridge
flat_networks = physnet1 物理网卡接口名称
安全组打开
enable_security_group = True
# grep "^" /etc/neutron/plugins/ml2/ml2_conf.ini
type_drivers = flat
tenant_network_types = flat
mechanism_drivers = linuxbridge
flat_networks = physnet1
enable_security_group = True
# cd init.d
# cp openstack-neutron-server /etc/init.d/
# cp openstack-neutron-linuxbridge-agent /etc/init.d/
# chmod +x /etc/init.d/openstack-*
# chkconfig --add openstack-neutron-server
# chkconfig --add openstack-neutron-linuxbridge-agent
# chkconfig openstack-neutron-server on
# chkconfig openstack-neutron-linuxbridge-agent on
# /etc/init.d/openstack-neutron-server start
正在启动 openstack-neutron-server: [确定]
# /etc/init.d/openstack-neutron-linuxbridge-agent start
正在启动 openstack-neutron-linuxbridge-agent: [确定]
# tail -f /var/log/neutron/neutron.log
# netstat -lntp
# ps aux | grep neutron
tarczvf
页:
[1]