注意要 按顺序 搭建服务，在 CentOS 7 安装 Openstack Rocky 版本 - 环境搭建的基础上安装服务。

Networking service -网络服务（Neutron）

在 控制节点 和 计算节点 安装，需要修改 nova 配置文件

控制节点

数据库配置

连接数据库

1 2	# 连接数据库 mysql -u root -p

数据库操作

-- 创建数据库
CREATE DATABASE neutron;

-- 创建用户 neutron ，密码为 mariadb-neutron，并授予权限
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'mariadb-neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'mariadb-neutron';

-- 创建完毕退出
exit

身份认证和 API 配置

创建用户 neutron 并添加到 admin 角色

# 更新环境变量
. admin-openrc

# 创建用户，设置密码为 neutron
openstack user create --domain default --password-prompt neutron
# User Password:
# Repeat User Password:
# +---------------------+----------------------------------+
# | Field               | Value                            |
# +---------------------+----------------------------------+
# | domain_id           | default                          |
# | enabled             | True                             |
# | id                  | c363457342e244fe8cb17ed5e0357e2c |
# | name                | neutron                          |
# | options             | {}                               |
# | password_expires_at | None                             |
# +---------------------+----------------------------------+


# 将用户添加到 admin 角色
openstack role add --project service --user neutron admin
# 无输出

创建 neutron 服务实体和端点（endpoint）

# 创建服务实体
openstack service create --name neutron --description "OpenStack Networking" network
# +-------------+----------------------------------+
# | Field       | Value                            |
# +-------------+----------------------------------+
# | description | OpenStack Networking             |
# | enabled     | True                             |
# | id          | 7a1960eedb524ecc8e2b135fa116dc9a |
# | name        | neutron                          |
# | type        | network                          |
# +-------------+----------------------------------+


# 创建服务 API 端点（endpoint）
openstack endpoint create --region RegionOne network public http://controller:9696
# +--------------+----------------------------------+
# | Field        | Value                            |
# +--------------+----------------------------------+
# | enabled      | True                             |
# | id           | 5c6df6e3175f49f08e8baf61992a846a |
# | interface    | public                           |
# | region       | RegionOne                        |
# | region_id    | RegionOne                        |
# | service_id   | 7a1960eedb524ecc8e2b135fa116dc9a |
# | service_name | neutron                          |
# | service_type | network                          |
# | url          | http://controller:9696           |
# +--------------+----------------------------------+


openstack endpoint create --region RegionOne network internal http://controller:9696
# +--------------+----------------------------------+
# | Field        | Value                            |
# +--------------+----------------------------------+
# | enabled      | True                             |
# | id           | de8462b44e5e4c909126cd6a8deba025 |
# | interface    | internal                         |
# | region       | RegionOne                        |
# | region_id    | RegionOne                        |
# | service_id   | 7a1960eedb524ecc8e2b135fa116dc9a |
# | service_name | neutron                          |
# | service_type | network                          |
# | url          | http://controller:9696           |
# +--------------+----------------------------------+


openstack endpoint create --region RegionOne network admin http://controller:9696
# +--------------+----------------------------------+
# | Field        | Value                            |
# +--------------+----------------------------------+
# | enabled      | True                             |
# | id           | fe75ac7137c3456c86935e359347337c |
# | interface    | admin                            |
# | region       | RegionOne                        |
# | region_id    | RegionOne                        |
# | service_id   | 7a1960eedb524ecc8e2b135fa116dc9a |
# | service_name | neutron                          |
# | service_type | network                          |
# | url          | http://controller:9696           |
# +--------------+----------------------------------+

配置自服务网络

注意：其中一块网卡留空，不设置 IP

Networking Option 2: Self-service networks

安装软件包

1 2	# 安装 yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

编辑配置文件 /etc/neutron/neutron.conf

[database]
connection = mysql+pymysql://neutron:mariadb-neutron@controller/neutron

[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:rabbitmq@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

配置 ML2 插件（第二层），编辑配置文件 /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = true

配置网桥代理，编辑配置文件 /etc/neutron/plugins/ml2/linuxbridge_agent.ini

# ens224 是没有配置 IP 的网卡，10.0.0.11 是本机管理网络的 ip
[linux_bridge]
physical_interface_mappings = provider:ens224

[vxlan]
enable_vxlan = true
local_ip = 10.0.0.11
l2_population = true

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置桥接，将配置写入 /etc/sysctl.conf ，和官方给出的配置不同，禁用了 ipv6 相关的功能

# 加载模块
modprobe br_netfilter

# 写入配置文件
# net.bridge.bridge-nf-call-iptables=1
# net.ipv6.conf.all.disable_ipv6=1

配置第三层代理，编辑配置文件 /etc/neutron/l3_agent.ini

1 2	[DEFAULT] interface_driver = linuxbridge

配置 DHCP 代理，编辑配置文件 /etc/neutron/dhcp_agent.ini

[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

自服务网络配置完毕后，继续进行相关配置。

配置元数据代理（metadata agent），编辑配置文件 /etc/neutron/metadata_agent.ini

# 设置 secret
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = metadatasecret

配置计算服务使用网络服务，编辑配置文件 /etc/nova/nova.conf

# 添加配置，使用上一步设置的 secret
[neutron]
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = metadatasecret

完成安装

# 创建链接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

# 填充数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

# 重启计算服务 API
systemctl restart openstack-nova-api.service

# 启用网络服务
systemctl enable neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
systemctl start neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service

# 自服务网络，启用第三层代理服务
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service

计算节点