centos7+openstack (5) neutron配置

Submitted by Lizhe on Sat, 07/15/2017 - 23:41

 

开始之前我建议你先关闭SELinux

 

临时关闭SELinux
setenforce 0

临时打开SELinux
setenforce 1

开机关闭SELinux
编辑/etc/selinux/config文件,将SELINUX的值设置为disabled

查看SELinux状态
执行getenforce命令

 

修改/etc/neutron/neutron.conf 文件

 

cat /etc/neutron/neutron.conf|grep -v "^#"|grep -v "^$"

[DEFAULT] 
state_path = /var/lib/neutron 
core_plugin = ml2 
service_plugins = router 
auth_strategy = keystone 
notify_nova_on_port_status_changes = True 
notify_nova_on_port_data_changes = True 
nova_url = http://192.168.1.151:8774/v2 
rpc_backend=rabbit 
[matchmaker_redis] 
[matchmaker_ring] 
[quotas] 
[agent] 
[keystone_authtoken] 
auth_uri = http://192.168.1.151:5000 
auth_url = http://192.168.1.151:35357 
auth_plugin = password 
project_domain_id = default 
user_domain_id = default 
project_name = service 
username = neutron 
password = neutron 
admin_tenant_name = %SERVICE_TENANT_NAME% 
admin_user = %SERVICE_USER% 
admin_password = %SERVICE_PASSWORD% 
[database] 
connection = mysql://neutron:neutron@192.168.1.151:3306/neutron 
[nova] 
auth_url = http://192.168.1.151:35357 
auth_plugin = password 
project_domain_id = default 
user_domain_id = default 
region_name = RegionOne 
project_name = service 
username = nova 
password = nova 
[oslo_concurrency] 
lock_path = $state_path/lock 
[oslo_policy] 
[oslo_messaging_amqp] 
[oslo_messaging_qpid] 
[oslo_messaging_rabbit] 
rabbit_host = 192.168.1.151 
rabbit_port = 5672 
rabbit_userid = openstack 
rabbit_password = openstack 
[qos]

修改 /etc/neutron/plugins/ml2/ml2_conf.ini
cat /etc/neutron/plugins/ml2/ml2_conf.ini|grep -v "^#"|grep -v "^$"

[ml2]
type_drivers = flat,vlan,gre,vxlan,geneve 
tenant_network_types = vlan,gre,vxlan,geneve 
mechanism_drivers = openvswitch,linuxbridge 
extension_drivers = port_security 
[ml2_type_flat] 
flat_networks = physnet1 
[ml2_type_vlan] 
[ml2_type_gre] 
[ml2_type_vxlan] 
[ml2_type_geneve] 
[securitygroup] 
enable_ipset = True

修改 /etc/neutron/plugins/ml2/linuxbridge_agent.ini
cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini|grep -v "^#"|grep -v "^$"

[linux_bridge] 
physical_interface_mappings = physnet1:ens33   (此处ens33为网卡名称,需要使用ifconfig查询得知,不要直接写ens33)
[vxlan] 
enable_vxlan = false 
[agent] 
prevent_arp_spoofing = True 
[securitygroup] 
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver 
enable_security_group = True

修改 /etc/neutron/dhcp_agent.ini
cat /etc/neutron/dhcp_agent.ini|grep -v "^#"|grep -v "^$"

[DEFAULT] 
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver 
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq 
enable_isolated_metadata = true 
[AGENT]

修改/etc/neutron/metadata_agent.ini
cat /etc/neutron/metadata_agent.ini|grep -v "^#"|grep -v "^$"

[DEFAULT] 
auth_uri = http://192.168.1.151:5000 
auth_url = http://192.168.1.151:35357 
auth_region = RegionOne 
auth_plugin = password 
project_domain_id = default 
user_domain_id = default 
project_name = service 
username = neutron 
password = neutron 
nova_metadata_ip = 192.168.1.151 
metadata_proxy_shared_secret = neutron 
admin_tenant_name = %SERVICE_TENANT_NAME% 
admin_user = %SERVICE_USER% 
admin_password = %SERVICE_PASSWORD% 
[AGENT]

 

添加neutron用户

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
source admin-openrc.sh
openstack user create --domain default --password=neutron neutron
openstack role add --project service --user neutron admin

更新数据库
 

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

 

注册keystone

source admin-openrc.sh

openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://192.168.1.151:9696
openstack endpoint create --region RegionOne network internal http://192.168.1.151:9696
openstack endpoint create --region RegionOne network admin http://192.168.1.151:9696

 

重启nova服务

systemctl restart openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
 

启动neutron相关服务

systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

 

neutron agent-list

171

 


计算节点配置

从 centos_admin 上直接拷贝

scp /etc/neutron/neutron.conf 192.168.1.152:/etc/neutron/
scp /etc/neutron/plugins/ml2/linuxbridge_agent.ini 192.168.1.152:/etc/neutron/plugins/ml2/
scp /etc/neutron/plugins/ml2/ml2_conf.ini 192.168.1.152:/etc/neutron/plugins/ml2/

在计算节点centos_compute_1上重启openstack-nova-compute服务

[root@centos_compute_1 ~]# systemctl restart openstack-nova-compute
[root@centos_compute_1 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini


在计算节点上启动bridge

[root@centos_compute_1 ~]# systemctl enable neutron-linuxbridge-agent.service
[root@centos_compute_1 ~]# systemctl start neutron-linuxbridge-agent.service

 

 


 

下面是两个常见错误

 

neutron-linuxbridge-agent.service启动失败

 

2017-07-12 22:33:52.427 4311 INFO neutron.common.config [-] Logging enabled!
2017-07-12 22:33:52.427 4311 INFO neutron.common.config [-] /usr/bin/neutron-linuxbridge-agent version 7.2.0
2017-07-12 22:33:52.427 4311 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Interface mappings: {'physnet1': 'em2'}
2017-07-12 22:33:52.428 4311 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Bridge mappings: {}
2017-07-12 22:33:52.428 4311 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Agent initialized successfully, now running... 
2017-07-12 22:33:52.449 4311 ERROR neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Interface em2 for physical network physnet1 does not exist. Agent terminated!
2017-07-12 22:33:52.450 4311 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Stopping linuxbridge agent.
2017-07-12 22:33:52.450 4311 CRITICAL neutron [-] AttributeError: 'LinuxBridgeNeutronAgentRPC' object has no attribute 'plugin_rpc'
2017-07-12 22:33:52.450 4311 ERROR neutron Traceback (most recent call last):
2017-07-12 22:33:52.450 4311 ERROR neutron   File "/usr/bin/neutron-linuxbridge-agent", line 10, in <module>
2017-07-12 22:33:52.450 4311 ERROR neutron     sys.exit(main())
2017-07-12 22:33:52.450 4311 ERROR neutron   File "/usr/lib/python2.7/site-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 1276, in main
2017-07-12 22:33:52.450 4311 ERROR neutron     launcher.wait()
2017-07-12 22:33:52.450 4311 ERROR neutron   File "/usr/lib/python2.7/site-packages/oslo_service/service.py", line 281, in wait
2017-07-12 22:33:52.450 4311 ERROR neutron     status, signo = self._wait_for_exit_or_signal(ready_callback)
2017-07-12 22:33:52.450 4311 ERROR neutron   File "/usr/lib/python2.7/site-packages/oslo_service/service.py", line 268, in _wait_for_exit_or_signal
2017-07-12 22:33:52.450 4311 ERROR neutron     self.stop()
2017-07-12 22:33:52.450 4311 ERROR neutron   File "/usr/lib/python2.7/site-packages/oslo_service/service.py", line 196, in stop
2017-07-12 22:33:52.450 4311 ERROR neutron     self.services.stop()
2017-07-12 22:33:52.450 4311 ERROR neutron   File "/usr/lib/python2.7/site-packages/oslo_service/service.py", line 612, in stop
2017-07-12 22:33:52.450 4311 ERROR neutron     service.stop()
2017-07-12 22:33:52.450 4311 ERROR neutron   File "/usr/lib/python2.7/site-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 929, in stop
2017-07-12 22:33:52.450 4311 ERROR neutron     self.set_rpc_timeout(self.quitting_rpc_timeout)
2017-07-12 22:33:52.450 4311 ERROR neutron   File "/usr/lib/python2.7/site-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 1241, in set_rpc_timeout
2017-07-12 22:33:52.450 4311 ERROR neutron     for rpc_api in (self.plugin_rpc, self.sg_plugin_rpc,
2017-07-12 22:33:52.450 4311 ERROR neutron AttributeError: 'LinuxBridgeNeutronAgentRPC' object has no attribute 'plugin_rpc'
2017-07-12 22:33:52.450 4311 ERROR neutron

原来是 {'physnet1': 'eth0'} 找不到,通过ifconfig发现网卡名称是ens33

解决办法:
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini 

在linux_bridge部分将physical_interface_mappings改为physnet1:ens33,重启neutron-linuxbridge-agent服务即可
[linux_bridge]
...
physical_interface_mappings = physnet1:ens33

然后遇到第二个错误

服务启动了,但是列表里仍然没有bridge

[root@centos_admin ~]# systemctl status neutron-linuxbridge-agent.service
?neutron-linuxbridge-agent.service - OpenStack Neutron Linux Bridge Agent
   Loaded: loaded (/usr/lib/systemd/system/neutron-linuxbridge-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2017-07-12 22:51:57 CST; 4min 5s ago
  Process: 4341 ExecStartPre=/usr/bin/neutron-enable-bridge-firewall.sh (code=exited, status=0/SUCCESS)
 Main PID: 4348 (neutron-linuxbr)
   CGroup: /system.slice/neutron-linuxbridge-agent.service
           忖4348 /usr/bin/python2 /usr/bin/neutron-linuxbridge-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/linuxbridge_a...

Jul 12 22:51:58 centos_admin neutron-linuxbridge-agent[4348]: server = manager.get_server()
Jul 12 22:51:58 centos_admin neutron-linuxbridge-agent[4348]: File "/usr/lib64/python2.7/multiprocessing/managers.py", line 493, in get_server
Jul 12 22:51:58 centos_admin neutron-linuxbridge-agent[4348]: self._authkey, self._serializer)
Jul 12 22:51:58 centos_admin neutron-linuxbridge-agent[4348]: File "/usr/lib64/python2.7/multiprocessing/managers.py", line 162, in __init__
Jul 12 22:51:58 centos_admin neutron-linuxbridge-agent[4348]: self.listener = Listener(address=address, backlog=16)
Jul 12 22:51:58 centos_admin neutron-linuxbridge-agent[4348]: File "/usr/lib/python2.7/site-packages/oslo_rootwrap/jsonrpc.py", line 66, in __init__
Jul 12 22:51:58 centos_admin neutron-linuxbridge-agent[4348]: self._socket.bind(address)
Jul 12 22:51:58 centos_admin neutron-linuxbridge-agent[4348]: File "/usr/lib64/python2.7/socket.py", line 224, in meth
Jul 12 22:51:58 centos_admin neutron-linuxbridge-agent[4348]: return getattr(self._sock,name)(*args)
Jul 12 22:51:58 centos_admin neutron-linuxbridge-agent[4348]: socket.error: [Errno 13] Permission denied

权限相关...权限相关...最后果然是万恶的SELinux


临时关闭SELinux
setenforce 0

临时打开SELinux
setenforce 1

开机关闭SELinux
编辑/etc/selinux/config文件,将SELINUX的值设置为disabled

查看SELinux状态
执行getenforce命令