next up previous contents
Next: Self-service network Up: Neutron Previous: 安裝前環境準備-控制節點   Contents

Provider Networks

  1. 安裝 neutron 網路套件。
    [root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 \
    openstack-neutron-linuxbridge ebtables
    
  2. 編輯 /etc/neutron/neutron.conf,設定如下:
    [root@controller ~]# vim /etc/neutron/neutron.conf 
    [root@controller ~]# egrep '^(\[data|\[DEF|\[keystone_a|\[nova|\[oslo_c|[a-z])' \
    /etc/neutron/neutron.conf 
    
    [DEFAULT]
    core_plugin = ml2
    service_plugins =
    transport_url = rabbit://openstack:123qwe@controller
    auth_strategy = keystone
    notify_nova_on_port_status_changes = true
    notify_nova_on_port_data_changes = true
    
    [database]
    connection = mysql+pymysql://neutron:123qwe@controller/neutron
    
    [keystone_authtoken]
    auth_uri = http://controller:5000
    auth_url = http://controller:35357
    memcached_servers = controller:11211
    auth_type = password
    project_domain_name = default
    user_domain_name = default
    project_name = service
    username = neutron
    password = 123qwe
    
    [nova]
    auth_url = http://controller:35357
    auth_type = password
    project_domain_name = default
    user_domain_name = default
    region_name = RegionOne
    project_name = service
    username = nova
    password = 123qwe
    
    [oslo_concurrency]
    lock_path = /var/lib/neutron/tmp
    
  3. 編輯 /etc/neutron/plugins/ml2/ml2_conf.ini,設定 Modular Layer2 (ML2) 外掛。
    [root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini 
    [root@controller ~]# egrep '^(\[ml2\]|\[ml2_type_flat|\[sec|[a-z])' \
    /etc/neutron/plugins/ml2/ml2_conf.ini
    
    [ml2]
    type_drivers = flat,vlan
    tenant_network_types =
    mechanism_drivers = linuxbridge
    extension_drivers = port_security
    
    [ml2_type_flat]
    flat_networks = provider
    
    [securitygroup]
    enable_ipset = true
    
  4. 編輯 /etc/neutron/plugins/ml2/linuxbridge_agent.ini,設定 linux 橋接代理,其中 physical_interface_mappings 設定 em2 為控制節點主機的網卡代號。
    [root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini 
    [root@controller ~]# egrep '^(\[linux_b|\[vxlan|\[sec|[a-z])' \
    /etc/neutron/plugins/ml2/linuxbridge_agent.ini 
    
    [linux_bridge]
    physical_interface_mappings = provider:em2
    
    [securitygroup]
    enable_security_group = true
    firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
    
    [vxlan]
    enable_vxlan = false
    
  5. 核心必須載入 br_netfilter 模組。
    [root@controller ~]# modprobe br_netfilter
    [root@controller ~]# lsmod | grep br_net
    br_netfilter           22256  0 
    bridge                146976  2 br_netfilter,ebtable_broute
    
  6. 設定開機時核心載入 br_netfilter 模組。
    [root@controller ~]# echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf
    
  7. sysctl 設定 net.bridge.bridge-nf-call-iptables 開啟。
    [root@controller ~]# vim /etc/sysctl.d/k8s.conf
    [root@controller ~]# cat /etc/sysctl.d/k8s.conf
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
    [root@controller ~]# /sbin/sysctl -p /etc/sysctl.d/k8s.conf
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
    [root@controller ~]# sysctl -a | grep bridge
    net.bridge.bridge-nf-call-arptables = 1
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
    net.bridge.bridge-nf-filter-pppoe-tagged = 0
    net.bridge.bridge-nf-filter-vlan-tagged = 0
    net.bridge.bridge-nf-pass-vlan-input-dev = 0
    sysctl: reading key "net.ipv6.conf.all.stable_secret"
    sysctl: reading key "net.ipv6.conf.default.stable_secret"
    sysctl: reading key "net.ipv6.conf.em1.stable_secret"
    sysctl: reading key "net.ipv6.conf.em2.stable_secret"
    sysctl: reading key "net.ipv6.conf.em3.stable_secret"
    sysctl: reading key "net.ipv6.conf.em4.stable_secret"
    sysctl: reading key "net.ipv6.conf.lo.stable_secret"
    
  8. 編輯 /etc/neutron/dhcp_agent.ini,設定 DHCP 代理。
    [root@controller ~]# vim /etc/neutron/dhcp_agent.ini 
    [root@controller ~]# egrep '^(\[DEF|[a-z])' /etc/neutron/dhcp_agent.ini 
    
    [DEFAULT]
    interface_driver = linuxbridge
    dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
    enable_isolated_metadata = true
    



De-Yu Wang 2018-12-12