openstack之kilo安装 添加负载均衡、防火墙和VPN

发表于   |   分类于   |  

这周在折腾openstack,下面是过程小记。

参考:
http://docs.openstack.org/admin-guide-cloud/networking_introduction.html#load-balancer-as-a-service-lbaas-overview

按照官网给的三节点安装kilo文档在CentOS7上安装配置完neutron之horizon之后,默认是没有防火墙,vpn,负载均衡面板的。

要想启用防火墙,vpn,负载均衡模块需要安装相关包并重新配置neutron。

网络节点:

#
yum install -y openstack-neutron-fwaas openstack-neutron-lbaas haproxy  openstack-neutron-vpnaas openswan

在网络节点配置/etc/neutron/neutron.conf文件:

#
echo "[DEFAULT]
service_plugins = router,firewall,lbaas,vpnaas
[service_providers]
service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
service_provider=FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default
service_plugins = neutron.services.firewall.fwaas_plugin.FirewallPlugin">>/etc/neutron/neutron.conf

在网络节点配置/etc/neutron/lbaas_agent.ini 文件:

#
vi /etc/neutron/lbaas_agent.ini
[DEFAULT]
debug = True #打开调试
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
[haproxy]
user_group = haproxy

在网络节点配置/etc/neutron/fwaas_driver.ini

#
echo "[fwaas]
driver =neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
enabled = True">>/etc/neutron/fwaas_driver.ini

[fwaas]
driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
enabled = True

[service_providers]
service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default

启动服务

#
systemctl status neutron-lbaas-agent.service neutron-fw-agent.service neutron-vpn-agent.service

控制节点:

#
echo "[DEFAULT]
service_plugins = router,firewall,lbaas,vpnaas

配置/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py

#
echo ""
OPENSTACK_NEUTRON_NETWORK = {
    'enable_lb': True,
    'enable_firewall': True,
    'enable_vpn': True,

重启 httpd 和 neutron server

#
systemctl restart httpd.service memcached.service neutron-server.service

登录dashboard即可看到