溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
安裝和配置網絡組件在controller節點上
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables網絡服務組件配置包括數據,驗證機制,消息隊列,拓撲改變通知和插件.
Edit the /etc/neutron/neutron.conf file and complete the following actions:
○ In the [database] section, configure database access:
[database]
# ...
connection = mysql+pymysql://neutron:neutron123@dbs.flex.net/neutron
注意:注釋或移除其它連接選項在[database]區域中
○ In the [DEFAULT] section, enable the Modular Layer 2 (ML2) plug-in and disable additional plug-ins:
[DEFAULT]
# ...
core_plugin = ml2
service_plugins =
○ In the [DEFAULT] section, configure RabbitMQ message queue access:
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack123@dbs.flex.net
○ In the [DEFAULT] and [keystone_authtoken] sections, configure Identity service access:
[DEFAULT]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
www_authenticate_uri = http://stack.flex.net:5000
auth_url = http://stack.flex.net:5000
memcached_servers = dbs.flex.net:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron123
注意:注釋或移除其它連接選項在[keystone_authtoken]區域中
○ In the [DEFAULT] and [nova] sections, configure Networking to notify Compute of network topology changes:
[DEFAULT]
# ...
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[nova]
auth_url = http://stack.flex.net:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova123
○ In the [oslo_concurrency] section, configure the lock path:
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp 實列中使用ML2插件,ML2使用Linux bridge機制建立layer-2(橋接和交換)虛擬網絡架構。
Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file and complete the following actions:
○ In the [ml2] section, enable flat and VLAN networks:
[ml2]
# ...
type_drivers = flat,vlan
○ In the [ml2] section, disable self-service networks:
[ml2]
# ...
tenant_network_types =
○ In the [ml2] section, enable the Linux bridge mechanism:
[ml2]
# ...
mechanism_drivers = linuxbridge
警告:配置ML2插件后, 從type_drivers移除這個選項會導致數據庫不一致.
○ In the [ml2] section, enable the port security extension driver:
[ml2]
# ...
extension_drivers = port_security
○ In the [ml2_type_flat] section, configure the provider virtual network as a flat network:
[ml2_type_flat]
# ...
flat_networks = provider
○ In the [securitygroup] section, enable ipset to increase efficiency of security group rules:
[securitygroup]
# ...
enable_ipset = true The Linux bridge agent builds layer-2 (bridging and switching) virtual networking infrastructure for instances and handles security groups.
Edit the /etc/neutron/plugins/ml2/linuxbridge_agent.ini file and complete the following actions:
○ In the [linux_bridge] section, map the provider virtual network to the provider physical network interface:
[linux_bridge]
physical_interface_mappings = provider:eht1
使用eth2物理網絡接口做為租戶的網絡連接.
○ In the [vxlan] section, disable VXLAN overlay networks:
[vxlan]
enable_vxlan = false
○ In the [securitygroup] section, enable security groups and configure the Linux bridge iptables firewall driver:
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
○ Ensure your Linux operating system kernel supports network bridge filters by verifying all the following sysctl values are set to 1:
net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-ip6tables
# modprobe br_netfilter
# vi /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
# sysctl -p
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
為了網絡支持橋接, 通常的需要加載br_netfilter內核模塊. 但這里可以忽略錯誤,當你重啟neutron時會自動加載.Configure the DHCP agent
The DHCP agent provides DHCP services for virtual networks.
Edit the /etc/neutron/dhcp_agent.ini file and complete the following actions:
○ In the [DEFAULT] section, configure the Linux bridge interface driver, Dnsmasq DHCP driver, and enable isolated metadata so instances on provider networks can access metadata over the network:
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
完成后返回網絡配置或繼續網絡選項2.免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
