OpenStack stein安装（八）network option1

安装和配置网络组件在controller节点上

1. 安装包

   # yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

2. 配置服务器组件

网络服务组件配置包括数据，验证机制，消息队列，拓扑改变通知和插件.Edit the /etc/neutron/neutron.conf file and complete the following actions:○ In the [database] section, configure database access:    [database]    # ...    connection = mysql+pymysql://neutron:neutron123@dbs.flex.net/neutron    注意：注释或移除其它连接选项在[database]区域中○ In the [DEFAULT] section, enable the Modular Layer 2 (ML2) plug-in and disable additional plug-ins:    [DEFAULT]    # ...    core_plugin = ml2    service_plugins =○ In the [DEFAULT] section, configure RabbitMQ message queue access:    [DEFAULT]    # ...    transport_url = rabbit://openstack:openstack123@dbs.flex.net○ In the [DEFAULT] and [keystone_authtoken] sections, configure Identity service access:    [DEFAULT]    # ...    auth_strategy = keystone    [keystone_authtoken]    # ...    www_authenticate_uri = http://stack.flex.net:5000    auth_url = http://stack.flex.net:5000    memcached_servers = dbs.flex.net:11211    auth_type = password    project_domain_name = default    user_domain_name = default    project_name = service    username = neutron    password = neutron123    注意：注释或移除其它连接选项在[keystone_authtoken]区域中○ In the [DEFAULT] and [nova] sections, configure Networking to notify Compute of network topology changes:    [DEFAULT]    # ...    notify_nova_on_port_status_changes = true    notify_nova_on_port_data_changes = true    [nova]    auth_url = http://stack.flex.net:5000    auth_type = password    project_domain_name = default    user_domain_name = default    region_name = RegionOne    project_name = service    username = nova    password = nova123○ In the [oslo_concurrency] section, configure the lock path:    [oslo_concurrency]    # ...    lock_path = /var/lib/neutron/tmp

3. 配置模块Layer 2 (ML2)插件

    实列中使用ML2插件，ML2使用Linux bridge机制建立layer-2(桥接和交换)虚拟网络架构。    Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file and complete the following actions:○ In the [ml2] section, enable flat and VLAN networks:    [ml2]    # ...    type_drivers = flat,vlan○ In the [ml2] section, disable self-service networks:    [ml2]    # ...    tenant_network_types =○ In the [ml2] section, enable the Linux bridge mechanism:    [ml2]    # ...    mechanism_drivers = linuxbridge    警告：配置ML2插件后, 从type_drivers移除这个选项会导致数据库不一致.○ In the [ml2] section, enable the port security extension driver:    [ml2]    # ...    extension_drivers = port_security○ In the [ml2_type_flat] section, configure the provider virtual network as a flat network:    [ml2_type_flat]    # ...    flat_networks = provider○ In the [securitygroup] section, enable ipset to increase efficiency of security group rules:    [securitygroup]    # ...    enable_ipset = true

4. Configure the Linux bridge agent

    The Linux bridge agent builds layer-2 (bridging and switching) virtual networking infrastructure for instances and handles security groups.    Edit the /etc/neutron/plugins/ml2/linuxbridge_agent.ini file and complete the following actions:○ In the [linux_bridge] section, map the provider virtual network to the provider physical network interface:    [linux_bridge]    physical_interface_mappings = provider:eht1    使用eth2物理网络接口做为租户的网络连接.○ In the [vxlan] section, disable VXLAN overlay networks:    [vxlan]    enable_vxlan = false○ In the [securitygroup] section, enable security groups and configure the Linux bridge iptables firewall driver:    [securitygroup]    # ...    enable_security_group = true    firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver○ Ensure your Linux operating system kernel supports network bridge filters by verifying all the following sysctl values are set to 1:    net.bridge.bridge-nf-call-iptables    net.bridge.bridge-nf-call-ip6tables    #  modprobe br_netfilter    #  vi /etc/sysctl.conf    net.bridge.bridge-nf-call-ip6tables = 1    net.bridge.bridge-nf-call-iptables = 1     # sysctl -p    net.bridge.bridge-nf-call-ip6tables = 1    net.bridge.bridge-nf-call-iptables = 1    为了网络支持桥接, 通常的需要加载br_netfilter内核模块. 但这里可以忽略错误，当你重启neutron时会自动加载.

5. Configure the DHCP agent

   The DHCP agent provides DHCP services for virtual networks.Edit the /etc/neutron/dhcp_agent.ini file and complete the following actions:○ In the [DEFAULT] section, configure the Linux bridge interface driver, Dnsmasq DHCP driver, and enable isolated metadata so instances on provider networks can access metadata over the network:[DEFAULT]# ...interface_driver = linuxbridgedhcp_driver = neutron.agent.linux.dhcp.Dnsmasqenable_isolated_metadata = true完成后返回网络配置或继续网络选项2.