OpenStack stein安装（七）neutron on controller

  OpenStack网络(neutron)容许您建立并将其余OpenStack服务管理的接口设备附加到网络上。能够实现插件来适应不一样的网络设备和软件，从而为OpenStack体系结构和部署提供灵活性。
  它包括如下组成部分:

• neutron-server
  接受API请求并将其路由到适当的OpenStack网络插件以执行操做。
• OpenStack Networking plug-ins and agents
  插件式的网络端口，建立网络或子网，并提供IP地址。这些插件和代理的差别取决于特定云中使用的供应商和技术。OpenStack网络附带了用于Cisco虚拟和物理交换机、NEC OpenFlow产品、Open vSwitch、Linux桥接和VMware NSX产品的插件和代理。
  常见的代理包括L3 (layer 3)、DHCP(动态主机IP寻址)和插件代理。

• Messaging queue
  大多数OpenStack网络安装都使用它在neutron-server和各类代理之间路由信息。还充当数据库，存储特定插件的网络状态。

  Prerequisites

  Before you configure the OpenStack Networking (neutron) service, you must create a database, service credentials, and API endpoints.

  1. To create the database, complete these steps:

     ○ Use the database access client to connect to the database server as the root user:
     $ mysql -u root -p root123
     ○ Create the neutron database:
     MariaDB [keystone]> CREATE DATABASE neutron;
     ○ Grant proper access to the neutron database, replacing NEUTRON_DBPASS with a suitable password:
     MariaDB [keystone]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron123';

  2. Source the admin credentials to gain access to admin-only CLI commands:

     $ . admin-openrc

  3. To create the service credentials, complete these steps:

     ○ Create the neutron user:
     $ openstack user create --domain default --password-prompt neutron
     User Password:neutron123
     Repeat User Password:neutron123
     +---------------------+----------------------------------+
     | Field               | Value                            |
     +---------------------+----------------------------------+
     | domain_id           | default                          |
     | enabled             | True                             |
     | id                  | fdb0f541e28141719b6a43c8944bf1fb |
     | name                | neutron                          |
     | options             | {}                               |
     | password_expires_at | None                             |
     +---------------------+----------------------------------+
     ○ Add the admin role to the neutron user:
     $ openstack role add --project service --user neutron admin
      
     Note: This command provides no output.
     ○ Create the neutron service entity:
     $ openstack service create --name neutron --description "OpenStack Networking" network
     
     +-------------+----------------------------------+
     | Field       | Value                            |
     +-------------+----------------------------------+
     | description | OpenStack Networking             |
     | enabled     | True                             |
     | id          | f71529314dab4a4d8eca427e701d209e |
     | name        | neutron                          |
     | type        | network                          |
     +-------------+----------------------------------+

  4. Create the Networking service API endpoints:

     #openstack endpoint create --region RegionOne network public http://stack.flex.net:9696
     +--------------+----------------------------------+
     | Field        | Value                            |
     +--------------+----------------------------------+
     | enabled      | True                             |
     | id           | 85d80a6d02fc4b7683f611d7fc1493a3 |
     | interface    | public                           |
     | region       | RegionOne                        |
     | region_id    | RegionOne                        |
     | service_id   | f71529314dab4a4d8eca427e701d209e |
     | service_name | neutron                          |
     | service_type | network                          |
     | url          | http://stack.flex.net:9696           |
     +--------------+----------------------------------+

  #openstack endpoint create --region RegionOne network internal http://stack.flex.net:9696

  +--------------+----------------------------------+
  | Field | Value |
  +--------------+----------------------------------+
  | enabled | True |
  | id | 09753b537ac74422a68d2d791cf3714f |
  | interface | internal |
  | region | RegionOne |
  | region_id | RegionOne |
  | service_id | f71529314dab4a4d8eca427e701d209e |
  | service_name | neutron |
  | service_type | network |
  | url | http://stack.flex.net:9696 |
  +--------------+----------------------------------+

  #openstack endpoint create --region RegionOne network admin http://stack.flex.net:9696

  +--------------+----------------------------------+
  | Field | Value |
  +--------------+----------------------------------+
  | enabled | True |
  | id | 1ee14289c9374dffb5db92a5c112fc4e |
  | interface | admin |
  | region | RegionOne |
  | region_id | RegionOne |
  | service_id | f71529314dab4a4d8eca427e701d209e |
  | service_name | neutron |
  | service_type | network |
  | url | http://stack.flex.net:9696 |
  +--------------+----------------------------------+

  #### Configure networking options

  可使用选项1和选项2表示的两种体系结构中的一种部署网络服务。

  选项1部署了最简单的体系结构，它只支持将实例附加到provider(external)网络。没有self-service(private)网络、路由器或浮动IP地址。只有管理员或其余特权用户才能管理provider网络。

  选项2支持将实例附加到自助服务网络的3层服务来加强选项1。demo或其余无特权用户能够管理自助服务网络，包括在自助服务网络和提供者网络之间提供链接的路由器。此外，浮动IP地址使用来自外部网络(如Internet)的自助服务网络提供到实例的链接。

  自服务网络一般使用overlay网络。overlay网络协议如vxlan包括额外的头部信息，这些头文件增长了开销，减小了有效负载或用户数据可用的空间。在不了解虚拟网络基础设施的状况下，实例尝试使用默认的1500字节以太网最大传输单元(MTU)发送数据包。网络服务经过DHCP自动向实例提供正确的MTU值。可是，有些云镜像不使用DHCP或忽略DHCP MTU选项，须要使用元数据或脚本进行配置。

  选择下列网络选项中的一个，或两个全选，参看下面的两个章节。并返回这里再向下继续配置
  ○ Networking Option 1: Provider networks
  ○ Networking Option 2: Self-service networks

Configure the metadata agent

The metadata agent provides configuration information such as credentials to instances.
Edit the /etc/neutron/metadata_agent.ini file and complete the following actions:

○ In the [DEFAULT] section, configure the metadata host and shared secret:
        [DEFAULT]
        # ...
        nova_metadata_host = stack.flex.net
        metadata_proxy_shared_secret = 1234 

        Replace METADATA_SECRET with a suitable secret for the metadata proxy.

Configure the Compute service to use the Networking service

Note: The Nova compute service must be installed to complete this step.
Edit the /etc/nova/nova.conf file and perform the following actions:

○ In the [neutron] section, configure access parameters, enable the metadata proxy, and configure the secret:
        [neutron]
        # ...
        url = http://stack.flex.net:9696
        auth_url = http://stack.flex.net:5000
        auth_type = password
        project_domain_name = default
        user_domain_name = default
        region_name = RegionOne
        project_name = service
        username = neutron
        password = neutron123
        service_metadata_proxy = true
        metadata_proxy_shared_secret = 1234

Finalize installation

1. The Networking service initialization scripts expect a symbolic link /etc/neutron/plugin.ini pointing to the ML2 plug-in configuration file, /etc/neutron/plugins/ml2/ml2_conf.ini. If this symbolic link does not exist, create it using the following command:

   # ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

2. Populate the database:

   # su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
     --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
   注意：因为脚本须要完整的服务器和插件配置文件，数据库填充将在稍后用于网络。 

3. Restart the Compute API service:

   # systemctl restart openstack-nova-api.service

4. Start the Networking services and configure them to start when the system boots.

For both networking options:
    # systemctl enable neutron-server.service \
      neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
      neutron-metadata-agent.service
    # systemctl start neutron-server.service \
      neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
      neutron-metadata-agent.service

For networking option 2, also enable and start the layer-3 service:
    # systemctl enable neutron-l3-agent.service
    # systemctl start neutron-l3-agent.service