安装和配置（计算节点）

安装软件包

yum install openstack-neutron-linuxbridge ebtables ipset -y

如果使用openvswitch使用下面的命令：

yum install openstack-neutron-openvswitch ebtables ipset -y

 

配置通用组件

vi /etc/neutron/neutron.conf

/transport_url

/auth_strategy

[DEFAULT]

# ...

transport_url = rabbit://openstack:RABBIT_PASS@controller-150

service_plugins = router

core_plugin = ml2

auth_strategy = keystone

allow_overlapping_ips = True

/\[keystone_authtoken

[keystone_authtoken]

# ...

www_authenticate_uri = http://controller-150:5000

auth_url = http://controller-150:5000

memcached_servers = controller-150:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = 你的密码

/\[oslo_concurrency

[oslo_concurrency]

# ...

lock_path = /var/lib/neutron/tmp

配置网络选项

选择和controller节点相同的网络选项进行配置。这里选择Provider networks和Self-service networks一起部署：

配置Linux bridge代理（二选一）

vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini

/physical_interface_mappings

PROVIDER_INTERFACE_NAME使用管理口ens224替代

[linux_bridge]

physical_interface_mappings = provider:ens224

 

/\[vxlan

OVERLAY_INTERFACE_IP_ADDRESS使用管理口ip替代

[vxlan]

enable_vxlan = true

local_ip = 192.168.11.151

l2_population = true

/\[securitygroup

[securitygroup]

# ...

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

 

确保net.bridge.bridge-nf-call-iptables = 1，net.bridge.bridge-nf-call-ip6tables = 1

# modprobe br_netfilter

# lsmod  |grep br_netfilter

# sysctl net.bridge.bridge-nf-call-iptables

net.bridge.bridge-nf-call-iptables = 1

# sysctl net.bridge.bridge-nf-call-ip6tables

net.bridge.bridge-nf-call-ip6tables = 1

配置openvswitch 代理（二选一）

 

vi /etc/neutron/plugins/ml2/openvswitch_agent.ini

[ovs]

local_ip = 192.168.11.151 ##OVERLAY_INTERFACE_IP_ADDRESS

bridge_mappings = provider:br-provider

[agent]

tunnel_types = vxlan

l2_population = True

 

[securitygroup]

firewall_driver = openvswitch

enable_security_group = true

 

如果已经将将网络代理配置为linuxbridge，从linux bridge 切换为openvswitch

systemctl disable neutron-linuxbridge-agent

systemctl stop neutron-linuxbridge-agent

systemctl enable neutron-openvswitch-agent

systemctl start neutron-openvswitch-agent

systemctl status neutron-openvswitch-agent

vi /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]

type_drivers = flat,vlan,gre,vxlan

tenant_network_types =

mechanism_drivers = openvswitch,l2population

extension_drivers = port_security

[ml2_type_vxlan]

vni_ranges = 3001:4000

 

配置计算服务使用网络

vi /etc/nova/nova.conf

/\[neutron

url已经弃用，使用endpoint_override替代

[neutron]

# ...

#endpoint_override = http://controller-150:9696

auth_url = http://controller-150:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = 你的密码

service_metadata_proxy = true

metadata_proxy_shared_secret = METADATA_SECRET

 

完成安装

# systemctl restart openstack-nova-compute.service

 

# systemctl enable neutron-linuxbridge-agent.service

# systemctl start neutron-linuxbridge-agent.service && systemctl status neutron-linuxbridge-agent

 

验证

$ . /etc/openstack/admin-openrc

$ openstack extension list --network

$ openstack network agent list

具体参见：

https://docs.openstack.org/neutron/queens/install/verify.html

https://docs.openstack.org/neutron/queens/install/verify-option2.html

https://docs.openstack.org/neutron/queens/install/compute-install-rdo.html