首页 > 其他分享> > Networking service – neutron安装(wallaby版本-allinone)

1 先决条件

在配置 OpenStack Networking (neutron) 服务之前,您必须创建数据库、服务凭证和 API 端点。

  1. 要创建数据库,请完成以下步骤:

    • 使用数据库访问客户端以root用户身份连接数据库服务器:

      $ mysql -u root -p
    • 创建neutron数据库:

      MariaDB [(none)] CREATE DATABASE neutron;
    • 授予对neutron数据库的适当访问权限,替换 NEUTRON_DBPASS为合适的密码:

      MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
      MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
    • 退出数据库访问客户端。

  2. 来源admin凭据来访问仅管理员CLI命令:

    $ . admin-openrc.sh
  3. 要创建服务凭证,请完成以下步骤:

    • 创建neutron用户:

      $ openstack user create --domain default --password-prompt neutron
      User Password:123456
      Repeat User Password:123456
      | Field               | Value                            |
      | domain_id           | default                          |
      | enabled             | True                             |
      | id                  | fdb0f541e28141719b6a43c8944bf1fb |
      | name                | neutron                          |
      | options             | {}                               |
      | password_expires_at | None                             |
    • adminneutron用户添加角色:

      $ openstack role add --project service --user neutron admin


    • 创建neutron服务实体:

      $ openstack service create --name neutron --description "OpenStack Networking" network
      | Field       | Value                            |
      | description | OpenStack Networking             |
      | enabled     | True                             |
      | id          | f71529314dab4a4d8eca427e701d209e |
      | name        | neutron                          |
      | type        | network                          |
  4. 创建网络服务 API 端点:

    $ openstack endpoint create --region RegionOne network public http://controller:9696
    | Field        | Value                            |
    | enabled      | True                             |
    | id           | 85d80a6d02fc4b7683f611d7fc1493a3 |
    | interface    | public                           |
    | region       | RegionOne                        |
    | region_id    | RegionOne                        |
    | service_id   | f71529314dab4a4d8eca427e701d209e |
    | service_name | neutron                          |
    | service_type | network                          |
    | url          | http://controller:9696           |
    $ openstack endpoint create --region RegionOne network internal http://controller:9696
    | Field        | Value                            |
    | enabled      | True                             |
    | id           | 09753b537ac74422a68d2d791cf3714f |
    | interface    | internal                         |
    | region       | RegionOne                        |
    | region_id    | RegionOne                        |
    | service_id   | f71529314dab4a4d8eca427e701d209e |
    | service_name | neutron                          |
    | service_type | network                          |
    | url          | http://controller:9696           |
    $ openstack endpoint create --region RegionOne network admin http://controller:9696
    | Field        | Value                            |
    | enabled      | True                             |
    | id           | 1ee14289c9374dffb5db92a5c112fc4e |
    | interface    | admin                            |
    | region       | RegionOne                        |
    | region_id    | RegionOne                        |
    | service_id   | f71529314dab4a4d8eca427e701d209e |
    | service_name | neutron                          |
    | service_type | network                          |
    | url          | http://controller:9696           |


您可以使用选项 1 和 2 表示的两种架构之一来部署网络服务。

选项 1 部署了最简单的架构,该架构仅支持将实例附加到提供商(外部)网络。没有自助(专用)网络、路由器或浮动 IP 地址。只有该admin或其他特权用户才能管理提供商网络。

选项 2 使用支持将实例附加到自助服务网络的第 3 层服务扩充了选项 1。该demo用户或其他非特权用户可以管理自助服务网络,包括在自助服务和提供商网络之间提供连接的路由器。此外,浮动 IP 地址使用来自外部网络(例如 Internet)的自助服务网络提供与实例的连接。

自助服务网络通常使用覆盖网络。VXLAN 等覆盖网络协议包含额外的标头,这些标头会增加开销并减少可用于有效负载或用户数据的空间。在不了解虚拟网络基础架构的情况下,实例尝试使用 1500 字节的默认以太网最大传输单元 (MTU) 发送数据包。网络服务通过 DHCP 自动向实例提供正确的 MTU 值。但是,某些云映像不使用 DHCP 或忽略 DHCP MTU 选项,需要使用元数据或脚本进行配置。

选项 2 还支持将实例附加到提供商网络。


网络选项 2:自助服务网络



# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y


替换RABBIT_PASS为您openstack在 RabbitMQ 中为帐户选择的密码 。

配置模块化第 2 层 (ML2) 插件

ML2 插件使用 Linux 桥接机制为实例构建第 2 层(桥接和交换)虚拟网络基础设施。

配置 Linux 网桥代理

Linux 桥接代理为实例构建第 2 层(桥接和交换)虚拟网络基础架构并处理安全组。


第 3 层 (L3) 代理为自助服务虚拟网络提供路由和 NAT 服务。

配置 DHCP 代理

DHCP 代理为虚拟网络提供 DHCP 服务。





配置 Compute 服务以使用 Networking 服务

必须安装 Nova 计算服务才能完成此步骤。有关更多详细信息,请参阅文档网站安装指南部分 下的计算安装指南 。


  1. 网络服务初始化脚本需要一个/etc/neutron/plugin.ini指向 ML2 插件配置文件的符号链接 /etc/neutron/plugins/ml2/ml2_conf.ini。如果此符号链接不存在,请使用以下命令创建它:

    # ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
  2. 填充数据库:

    # su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

    由于脚本需要完整的服务器和插件配置文件,因此稍后会为 Networking 填充数据库。

  3. 重启计算 API 服务:

    # systemctl restart openstack-nova-api.service
  4. 启动网络服务并将它们配置为在系统启动时启动。


    # systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
    # systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

    对于网络选项 2,还启用并启动第 3 层服务:

    # systemctl enable neutron-l3-agent.service
    # systemctl start neutron-l3-agent.service



  1. 来源admin凭据来访问仅管理员CLI命令:

    $ . admin-openrc.sh
  2. 列出加载的扩展以验证neutron-server进程是否成功启动 :

    $ openstack extension list --network
    | Name                      | Alias                     | Description                |
    | Default Subnetpools       | default-subnetpools       | Provides ability to mark   |
    |                           |                           | and use a subnetpool as    |
    |                           |                           | the default                |
    | Availability Zone         | availability_zone         | The availability zone      |
    |                           |                           | extension.                 |
    | Network Availability Zone | network_availability_zone | Availability zone support  |
    |                           |                           | for network.               |
    | Port Binding              | binding                   | Expose port bindings of a  |
    |                           |                           | virtual port to external   |
    |                           |                           | application                |
    | agent                     | agent                     | The agent management       |
    |                           |                           | extension.                 |
    | Subnet Allocation         | subnet_allocation         | Enables allocation of      |
    |                           |                           | subnets from a subnet pool |
    | DHCP Agent Scheduler      | dhcp_agent_scheduler      | Schedule networks among    |
    |                           |                           | dhcp agents                |
    | Neutron external network  | external-net              | Adds external network      |
    |                           |                           | attribute to network       |
    |                           |                           | resource.                  |
    | Neutron Service Flavors   | flavors                   | Flavor specification for   |
    |                           |                           | Neutron advanced services  |
    | Network MTU               | net-mtu                   | Provides MTU attribute for |
    |                           |                           | a network resource.        |
    | Network IP Availability   | network-ip-availability   | Provides IP availability   |
    |                           |                           | data for each network and  |
    |                           |                           | subnet.                    |
    | Quota management support  | quotas                    | Expose functions for       |
    |                           |                           | quotas management per      |
    |                           |                           | tenant                     |
    | Provider Network          | provider                  | Expose mapping of virtual  |
    |                           |                           | networks to physical       |
    |                           |                           | networks                   |
    | Multi Provider Network    | multi-provider            | Expose mapping of virtual  |
    |                           |                           | networks to multiple       |
    |                           |                           | physical networks          |
    | Address scope             | address-scope             | Address scopes extension.  |
    | Subnet service types      | subnet-service-types      | Provides ability to set    |
    |                           |                           | the subnet service_types   |
    |                           |                           | field                      |
    | Resource timestamps       | standard-attr-timestamp   | Adds created_at and        |
    |                           |                           | updated_at fields to all   |
    |                           |                           | Neutron resources that     |
    |                           |                           | have Neutron standard      |
    |                           |                           | attributes.                |
    | Neutron Service Type      | service-type              | API for retrieving service |
    | Management                |                           | providers for Neutron      |
    |                           |                           | advanced services          |
    | resources: subnet,        |                           | more L2 and L3 resources.  |
    | subnetpool, port, router  |                           |                            |
    | Neutron Extra DHCP opts   | extra_dhcp_opt            | Extra options              |
    |                           |                           | configuration for DHCP.    |
    |                           |                           | For example PXE boot       |
    |                           |                           | options to DHCP clients    |
    |                           |                           | can be specified (e.g.     |
    |                           |                           | tftp-server, server-ip-    |
    |                           |                           | address, bootfile-name)    |
    | Resource revision numbers | standard-attr-revisions   | This extension will        |
    |                           |                           | display the revision       |
    |                           |                           | number of neutron          |
    |                           |                           | resources.                 |
    | Pagination support        | pagination                | Extension that indicates   |
    |                           |                           | that pagination is         |
    |                           |                           | enabled.                   |
    | Sorting support           | sorting                   | Extension that indicates   |
    |                           |                           | that sorting is enabled.   |
    | security-group            | security-group            | The security groups        |
    |                           |                           | extension.                 |
    | RBAC Policies             | rbac-policies             | Allows creation and        |
    |                           |                           | modification of policies   |
    |                           |                           | that control tenant access |
    |                           |                           | to resources.              |
    | standard-attr-description | standard-attr-description | Extension to add           |
    |                           |                           | descriptions to standard   |
    |                           |                           | attributes                 |
    | Port Security             | port-security             | Provides port security     |
    | Allowed Address Pairs     | allowed-address-pairs     | Provides allowed address   |
    |                           |                           | pairs                      |
    | project_id field enabled  | project-id                | Extension that indicates   |
    |                           |                           | that project_id field is   |
    |                           |                           | enabled.                   |


来源: https://blog.csdn.net/weixin_44271177/article/details/122570183