openstack on centos 7.1（networking）

1.Install and configure controller node

Prerequisites

mysql -u root -p

CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';

exit;

. admin-openrc

openstack user create --domain default --password-prompt neutron

openstack role add --project service --user neutron admin

openstack service create --name neutron --description "OpenStack Networking" network

openstack endpoint create --region RegionOne network public http://controller:9696 
openstack endpoint create --region RegionOne network internal http://controller:9696 
openstack endpoint create --region RegionOne network admin http://controller:9696[/code] 
———————————————-
Networking Option 1: Provider networks
Networking Option 2: Self-service networks
Install the components
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables


Configure the server component
/etc/neutron/neutron.conf

[DEFAULT]
...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True

[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS #Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ

[database]
...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron #Replace NEUTRON_DBPASS with the password you chose for the database

[keystone_authtoken]
...
auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS #Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service

[nova]
...
auth_url = http://controller:35357 auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS #Replace NOVA_PASS with the password you chose for the nova user in the Identity service

[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp


Configure the Modular Layer 2 (ML2) plug-in
/etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
...
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_flat]
...
flat_networks = provider

[ml2_type_vxlan]
...
vni_ranges = 1:1000

[securitygroup]
...
enable_ipset = True


Configure the Linux bridge agent
/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME #物理公共网络接口名字（controller）

[vxlan]
enable_vxlan = True
local_ip = OVERLAY_INTERFACE_IP_ADDRESS #物理公共网络接口地址（controller）
l2_population = True

[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver


Configure the layer-3 agent
/etc/neutron/l3_agent.ini

[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =


Configure the DHCP agent
/etc/neutron/dhcp_agent.ini

[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True


———————————————-
Configure the metadata agent
/etc/neutron/metadata_agent.ini

[DEFAULT]
...
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET #Replace METADATA_SECRET with a suitable secret for the metadata proxy


/etc/nova/nova.conf

[neutron]
...
url = http://controller:9696 auth_url = http://controller:35357 auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS #Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service

service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET #Replace METADATA_SECRET with the secret you chose for the metadata proxy


Finalize installation
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

systemctl restart openstack-nova-api.service

systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

systemctl enable neutron-l3-agent.service

systemctl start neutron-l3-agent.service


2.Install and configure compute node
Install the components
yum install openstack-neutron-linuxbridge ebtables ipset


Configure the common component
/etc/neutron/neutron.conf

[DEFAULT]
...
rpc_backend = rabbit
auth_strategy = keystone

[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS #Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ

[keystone_authtoken]
...
auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS #Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service

[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp


———————————————-
Networking Option 1: Provider networks
Networking Option 2: Self-service networks
Configure the Linux bridge agent
/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME #物理公共网络接口名字（compute）

[vxlan]
enable_vxlan = True
local_ip = OVERLAY_INTERFACE_IP_ADDRESS #物理公共网络接口地址（compute）
l2_population = True

[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDrive


———————————————-
Configure Compute to use Networking
/etc/nova/nova.conf

[neutron]
...
url = http://controller:9696 auth_url = http://controller:35357 auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS


Finalize installation
systemctl restart openstack-nova-compute.service

systemctl enable neutron-linuxbridge-agent.service

systemctl start neutron-linuxbridge-agent.service


3.Verify operation
. admin-openrc

neutron ext-list #必须显示一个列表，否侧前面步骤可能有问题，需要看日志解决


———————————————-
Networking Option 1: Provider networks
Networking Option 2: Self-service networks
neutron agent-list


———————————————-