[root@linux-node1]# cd /usr/local/src/neutron-2014.1
[root@linux-node1 neutron-2014.1]# python setup.py install
[root@linux-node1 etc]# pwd
/usr/local/src/neutron-2014.1/etc
[root@linux-node1 etc]# mkdir /etc/neutron
[root@linux-node1 etc]# mkdir /var/log/neutron
[root@linux-node1 etc]# mkdir /var/run/neutron
[root@linux-node1 etc]# mkdir /var/lib/neutron
[root@linux-node1 etc]# cp -r * /etc/neutron/
[root@linux-node1 etc]# cd /etc/neutron/
[root@linux-node1 neutron]# ll
總用量 76
-rw-r--r-- 1 root root 1017 8月 19 08:14 api-paste.ini
-rw-r--r-- 1 root root 3497 8月 19 08:14 dhcp_agent.ini
-rw-r--r-- 1 root root 109 8月 19 08:14 fwaas_driver.ini
drwxr-xr-x 2 root root 4096 8月 19 08:14 init.d
-rw-r--r-- 1 root root 3109 8月 19 08:14 l3_agent.ini
-rw-r--r-- 1 root root 1400 8月 19 08:14 lbaas_agent.ini
-rw-r--r-- 1 root root 1335 8月 19 08:14 metadata_agent.ini
-rw-r--r-- 1 root root 407 8月 19 08:14 metering_agent.ini
drwxr-xr-x 4 root root 4096 8月 19 08:14 neutron
-rw-r--r-- 1 root root 17471 8月 19 08:14 neutron.conf
-rw-r--r-- 1 root root 6148 8月 19 08:14 policy.json
-rw-r--r-- 1 root root 1216 8月 19 08:14 rootwrap.conf
-rw-r--r-- 1 root root 1128 8月 19 08:14 services.conf
-rw-r--r-- 1 root root 526 8月 19 08:14 ***_agent.ini
[root@linux-node1 neutron]# cd neutron
[root@linux-node1 neutron]# pwd
/etc/neutron/neutron
[root@linux-node1 neutron]# mv * ../
[root@linux-node1 neutron]# cd ..
[root@linux-node1 neutron]# ll
總用量 84
-rw-r--r-- 1 root root 1017 8月 19 08:14 api-paste.ini
-rw-r--r-- 1 root root 3497 8月 19 08:14 dhcp_agent.ini
-rw-r--r-- 1 root root 109 8月 19 08:14 fwaas_driver.ini
drwxr-xr-x 2 root root 4096 8月 19 08:14 init.d
-rw-r--r-- 1 root root 3109 8月 19 08:14 l3_agent.ini
-rw-r--r-- 1 root root 1400 8月 19 08:14 lbaas_agent.ini
-rw-r--r-- 1 root root 1335 8月 19 08:14 metadata_agent.ini
-rw-r--r-- 1 root root 407 8月 19 08:14 metering_agent.ini
drwxr-xr-x 2 root root 4096 8月 19 08:15 neutron
-rw-r--r-- 1 root root 17471 8月 19 08:14 neutron.conf
drwxr-xr-x 21 root root 4096 8月 19 08:14 plugins
-rw-r--r-- 1 root root 6148 8月 19 08:14 policy.json
-rw-r--r-- 1 root root 1216 8月 19 08:14 rootwrap.conf
drwxr-xr-x 2 root root 4096 8月 19 08:14 rootwrap.d
-rw-r--r-- 1 root root 1128 8月 19 08:14 services.conf
-rw-r--r-- 1 root root 526 8月 19 08:14 ***_agent.ini
[root@linux-node1 neutron]# rm -fr neutron
[root@linux-node1 neutron]# ll
總用量 80
-rw-r--r-- 1 root root 1017 8月 19 08:14 api-paste.ini
-rw-r--r-- 1 root root 3497 8月 19 08:14 dhcp_agent.ini
-rw-r--r-- 1 root root 109 8月 19 08:14 fwaas_driver.ini
drwxr-xr-x 2 root root 4096 8月 19 08:14 init.d
-rw-r--r-- 1 root root 3109 8月 19 08:14 l3_agent.ini
-rw-r--r-- 1 root root 1400 8月 19 08:14 lbaas_agent.ini
-rw-r--r-- 1 root root 1335 8月 19 08:14 metadata_agent.ini
-rw-r--r-- 1 root root 407 8月 19 08:14 metering_agent.ini
-rw-r--r-- 1 root root 17471 8月 19 08:14 neutron.conf
drwxr-xr-x 21 root root 4096 8月 19 08:14 plugins
-rw-r--r-- 1 root root 6148 8月 19 08:14 policy.json
-rw-r--r-- 1 root root 1216 8月 19 08:14 rootwrap.conf
drwxr-xr-x 2 root root 4096 8月 19 08:14 rootwrap.d
-rw-r--r-- 1 root root 1128 8月 19 08:14 services.conf
-rw-r--r-- 1 root root 526 8月 19 08:14 ***_agent.ini
[root@linux-node1 neutron]# vim /etc/neutron/neutron.conf
406gg
connection = mysql://neutron:[email protected]:3306/neutron
70gg
auth_strategy = keystone
395gg
[keystone_authtoken]
auth_host = 192.168.33.11
auth_port = 35357
auth_protocol = http
admin_tenant_name = admin
admin_user = admin
admin_password = admin
signing_dir = $state_path/keystone-signing
134gg
rabbit_host = 192.168.33.11
# Password of the RabbitMQ server
rabbit_password = guest
# Port where RabbitMQ server is running/listening
rabbit_port = 5672
# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
# rabbit_hosts = localhost:5672
# User ID used for RabbitMQ connections
rabbit_userid = guest
# Location of a virtual RabbitMQ installation.
rabbit_virtual_host = /
3gg
# Print more verbose output (set logging level to INFO instead of default WARNING level).
verbose = true
# Print debugging output (set logging level to DEBUG instead of default WARNING level).
debug = true
29gg
log_file = neutron.log
log_dir = /var/log/neutron
306gg
nova_admin_tenant_id = cdbb9a7dcd044328a7969bc8069624ae
要用下面的這個id
[root@linux-node1 neutron]# keystone tenant-list
+----------------------------------+-------+---------+
| id | name | enabled |
+----------------------------------+-------+---------+
| cdbb9a7dcd044328a7969bc8069624ae | admin | True |
| ed844c55ff2a45da880c818e356f8a71 | demo | True |
+----------------------------------+-------+---------+
299gg
notify_nova_on_port_status_changes = True
# Send notifications to nova when port data (fixed_ips/floatingips) change
# so nova can update it's cache.
notify_nova_on_port_data_changes = True
# URL for connection to nova (Only supports one nova region currently).
nova_url = http://192.168.33.11:8774/v2
# Name of nova region to use. Useful if keystone manages more than one region
# nova_region_name =
# Username for connection to nova in admin context
nova_admin_username = admin
# The uuid of the admin nova tenant
nova_admin_tenant_id = cdbb9a7dcd044328a7969bc8069624ae
# Password for connection to nova in admin context.
nova_admin_password = admin
# Authorization URL for connection to nova in admin context.
nova_admin_auth_url =
http://192.168.33.11:35357/v2.0
core_plugin = ml2
# Example: core_plugin = ml2
# (ListOpt) List of service plugin entrypoints to be loaded from the
# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of
# the plugins included in the neutron source distribution. For compatibility
# with previous versions, the class name of a plugin can be specified instead
# of its entrypoint name.
#
service_plugins = router
[root@linux-node1 ~]# vim /etc/nova/nova.conf
[root@linux-node1 ~]# keystone tenant-list
+----------------------------------+-------+---------+
| id | name | enabled |
+----------------------------------+-------+---------+
| cdbb9a7dcd044328a7969bc8069624ae | admin | True |
| ed844c55ff2a45da880c818e356f8a71 | demo | True |
+----------------------------------+-------+---------+
neutron_url=http://192.168.33.11:9696
neutron_admin_username=admin
neutron_admin_password=admin
neutron_admin_tenant_id=cdbb9a7dcd044328a7969bc8069624ae
neutron_admin_tenant_name=admin
neutron_admin_auth_url=
http://192.168.33.11:5000/v2.0
1966gg
vif_plugging_is_fatal=false
創建虛擬機的時候創建不了網卡,所以把上面的這個參數改掉。
vif_plugging_timeout=10
[root@linux-node1 ~]# history |grep for
220 glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2 --container-format bare --is-public True --file cirros-0.3.2-x86_64-disk.img
275 for i in {api,cert,conductor,scheduler,consoleauth,novncproxy};do /etc/init.d/openstack-nova-$i start;done
355 history |grep for
[root@linux-node1 ~]# for i in {api,cert,conductor,scheduler,consoleauth,novncproxy};do /etc/init.d/openstack-nova-$i restart;done
[root@linux-node1 ~]# keystone service-create --name neutron --type network --description "OpenStack Networking"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | b753f69cb75d49e9bb72e653cf8c41e9 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@linux-node1 ~]# keystone endpoint-create \
usage: keystone endpoint-create [--region <endpoint-region>] --service
<service> --publicurl <public-url>
[--adminurl <admin-url>]
[--internalurl <internal-url>]
keystone endpoint-create: error: argument --service/--service-id/--service_id is required
[root@linux-node1 ~]# keystone endpoint-create \
> --service-id=b753f69cb75d49e9bb72e653cf8c41e9 \
> --publicurl=http://192.168.33.11:9696 \
> --internalurl=http://192.168.33.11:9696 \
> --adminurl=http://192.168.33.11:9696
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://192.168.33.11:9696 |
| id | 02fe6cedbb784d4188b266be32868ce2 |
| internalurl | http://192.168.33.11:9696 |
| publicurl | http://192.168.33.11:9696 |
| region | regionOne |
| service_id | b753f69cb75d49e9bb72e653cf8c41e9 |
+-------------+----------------------------------+
[root@linux-node1 ~]# keystone endpoint-create --service-id=b753f69cb75d49e9bb72e653cf8c41e9 --publicurl=http://192.168.33.11:9696 --internalurl=http://192.168.33.11:9696 --adminurl=http://192.168.33.11:9696
修改neutron插件
neutron支持很多插件如下:
[root@linux-node1 ~]# ll /etc/neutron/plugins/
總用量 76
drwxr-xr-x 3 root root 4096 8月 19 08:14 bigswitch
drwxr-xr-x 2 root root 4096 8月 19 08:14 brocade
drwxr-xr-x 2 root root 4096 8月 19 08:14 cisco
drwxr-xr-x 2 root root 4096 8月 19 08:14 embrane
drwxr-xr-x 2 root root 4096 8月 19 08:14 hyperv
drwxr-xr-x 2 root root 4096 8月 19 08:14 ibm
drwxr-xr-x 2 root root 4096 8月 19 08:14 linuxbridge
drwxr-xr-x 2 root root 4096 8月 19 08:14 metaplugin
drwxr-xr-x 2 root root 4096 8月 19 08:14 midonet
drwxr-xr-x 2 root root 4096 8月 19 08:14 ml2
drwxr-xr-x 2 root root 4096 8月 19 08:14 mlnx
drwxr-xr-x 2 root root 4096 8月 19 08:14 nec
drwxr-xr-x 2 root root 4096 8月 19 08:14 nicira
drwxr-xr-x 2 root root 4096 8月 19 08:14 nuage
drwxr-xr-x 2 root root 4096 8月 19 08:14 oneconvergence
drwxr-xr-x 2 root root 4096 8月 19 08:14 openvswitch
drwxr-xr-x 2 root root 4096 8月 19 08:14 plumgrid
drwxr-xr-x 2 root root 4096 8月 19 08:14 ryu
drwxr-xr-x 2 root root 4096 8月 19 08:14 vmware
紅色的部分是開源的,黑色的部分都是商業版的
支持兩種網絡:單一扁平網絡,虛擬機和物理機在一個網段,虛擬機的網關就是物理機的網關。
有一個問題:因爲虛擬機和物理機都在一個網段,會有廣播包,降低整個網絡性能。VLAN:
二層
網關:性能,、網絡絡節點:單點故障。
網絡的流量我們會把它轉到3層交換機上去。
[root@linux-node1 ~]# vim /etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
我要把我的網卡映射到物理網卡上面去,這裏面只是一個標識
network_vlan_ranges = phpysnet1
Example: network_vlan_ranges = physnet1:1000:2999
physical_interface_mappings = physnet1:eth0
打開安全組
enable_security_group = True
它用到Linux的iptables
最好不要用,規則是openstack刷進去的。
生產環境最好人爲控制。
支持直接調用物理防火牆。
shengke
軟件定義網絡
不依靠硬件,如各種協議,
[root@linux-node1 ~]# grep '^[a-z]' /etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
network_vlan_ranges = phpysnet1
physical_interface_mappings = physnet1:eth0
enable_security_group = True
[root@linux-node1 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
幾乎涵蓋了neutron支持的所有網絡類型
單一扁平網絡、VLAN、gre:隧道網絡、Vxlan
租戶的網絡類型
tenant_network_types = flat
mechanism_drivers = linuxbridge
flat_networks = physnet1 物理網卡接口名稱
安全組打開
enable_security_group = True
[root@linux-node1 ~]# grep "^[a-z]" /etc/neutron/plugins/ml2/ml2_conf.ini
type_drivers = flat
tenant_network_types = flat
mechanism_drivers = linuxbridge
flat_networks = physnet1
enable_security_group = True
[root@linux-node1 ~]# cd init.d
[root@linux-node1 init.d]# cp openstack-neutron-server /etc/init.d/
[root@linux-node1 init.d]# cp openstack-neutron-linuxbridge-agent /etc/init.d/
[root@linux-node1 init.d]# chmod +x /etc/init.d/openstack-*
[root@linux-node1 init.d]# chkconfig --add openstack-neutron-server
[root@linux-node1 init.d]# chkconfig --add openstack-neutron-linuxbridge-agent
[root@linux-node1 init.d]# chkconfig openstack-neutron-server on
[root@linux-node1 init.d]# chkconfig openstack-neutron-linuxbridge-agent on
[root@linux-node1 ~]# /etc/init.d/openstack-neutron-server start
正在啓動 openstack-neutron-server: [確定]
[root@linux-node1 ~]# /etc/init.d/openstack-neutron-linuxbridge-agent start
正在啓動 openstack-neutron-linuxbridge-agent: [確定]
[root@linux-node1 ~]# tail -f /var/log/neutron/neutron.log
[root@linux-node1 ~]# netstat -lntp
[root@linux-node1 ~]# ps aux | grep neutron
tar czvf