Neutron - Networking asennus

controller.foo.bar

1. Luodaan neutron-tunnus.

# keystone user-create --name neutron --pass neutron +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 3cfee195331942a58cc134be7c5503af | | name | neutron | | username | neutron | +----------+----------------------------------+

2. Lisätään neutron-tunnukselle admin-rooli ja lisätään tunnus service tenant-ryhmään.

# keystone user-role-add --user neutron --tenant service --role admin
(Tämä komento ei tulosta mitään)

3. Luodaan neutron-service ja servicen tyypiksi network.

# keystone service-create --name neutron --type network --description "OpenStack Networking"
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |       OpenStack Networking       |
|   enabled   |               True               |
|      id     | 7a2204ee37db43b38260e5cab0ec59f9 |
|     name    |             neutron              |
|     type    |             network              |
+-------------+----------------------------------+

4. Luodaan neutron endpoint.

# keystone endpoint-create --service-id $(keystone service-list | awk '/ network / {print $2}') \
--publicurl http://10.0.0.11:9696 --adminurl http://10.0.0.11:9696 \
--internalurl http://10.0.0.11:9696 --region regionOne
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
|   adminurl  |      http://10.0.0.11:9696       |
|      id     | 9769e010f1454f69b9f3731b0a0f58f7 |
| internalurl |      http://10.0.0.11:9696       |
|  publicurl  |      http://10.0.0.11:9696       |
|    region   |            regionOne             |
|  service_id | 7a2204ee37db43b38260e5cab0ec59f9 |
+-------------+----------------------------------+

5. Asennetaan Neutron.

# apt-get install neutron-server neutron-plugin-ml2 python-neutronclient

6. Tarvitsemme nova_admin_tenant_id :n neutron-asetuksia varten.

# keystone tenant-get service
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |          Service Tenant          |
|   enabled   |               True               |
|      id     | 6aa93fa0f6a0428a9c8019855ff023da |
|     name    |             service              |
+-------------+----------------------------------+

7. Muokataan /etc/neutron/neutron.conf -tiedostoa.

[DEFAULT]
...
rpc_backend = neutron.openstack.common.rpc.impl_kombu
rabbit_host = 10.0.0.11
rabbit_userid = openstack
rabbit_password = openstack

core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin

service_plugins = neutron.services.l3_router.l3_router_plugin.L3RouterPlugin

auth_strategy = keystone
allow_overlapping_ips = True

notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = 10.0.0.11:8774/v2
nova_admin_auth_url = 10.0.0.11:35357/v2.0
nova_region_name = regionOne
nova_admin_username = nova
nova_admin_tenant_id = 6aa93fa0f6a0428a9c8019855ff023da
nova_admin_password = nova

[keystone_authtoken]
...
auth_uri = http://10.0.0.11:5000/v2.0
identity_uri = http://10.0.0.11:35357
admin_tenant_name = service
admin_user = neutron
admin_password = neutron

[database]
...
connection = mysql://neutron:neutrondb@10.0.0.11/neutron

8. Muokataan /etc/neutron/plugins/ml2/ml2_conf.ini -tiedostoa.

[ml2]
...
type_drivers = flat,gre
tenant_network_types = gre
mechanism_drivers = openvswitch
        	
[ml2_type_gre]
...
tunnel_id_ranges = 1:1000

[securitygroup]
...   
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver


9. Muutetaan Compute hallitsemaan verkkoja Network -palvelun kautta: Muokataan /etc/nova/nova.conf -tiedostoa.

[DEFAULT]
...
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[neutron]
...
neutron_url = http://10.0.0.11:9696
neutron_auth_strategy = keystone
neutron_admin_auth_url = http://10.0.0.11:35357/v2.0
neutron_admin_tenant_name = service
neutron_admin_username = neutron
neutron_admin_password = neutron

10. Sykronoidaan Neutron tietokanta.

# neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head

11. Uudelleenkäynnistetään Nova- ja Neutron servicet.

# service nova-api restart
# service nova-scheduler restart
# service nova-conductor restart
# service neutron-server restart

12. Testataan Neutronin toiminta ja ladatut palvelut.

# neutron ext-list
+-----------------------+-----------------------------------------------+
| alias                 | name                                          |
+-----------------------+-----------------------------------------------+
| security-group        | security-group                                |
| l3_agent_scheduler    | L3 Agent Scheduler                            |
| ext-gw-mode           | Neutron L3 Configurable external gateway mode |
| binding               | Port Binding                                  |
| provider              | Provider Network                              |
| agent                 | agent                                         |
| quotas                | Quota management support                      |
| dhcp_agent_scheduler  | DHCP Agent Scheduler                          |
| multi-provider        | Multi Provider Network                        |
| external-net          | Neutron external network                      |
| router                | Neutron L3 Router                             |
| allowed-address-pairs | Allowed Address Pairs                         |
| extra_dhcp_opt        | Neutron Extra DHCP opts                       |
| extraroute            | Neutron Extra Route                           |
+-----------------------+-----------------------------------------------+


network.foo.bar

13. Siirrytään network-palvelimelle ja muutetaan aluksi kernelin verkkoasetuksia. Muokataan /etc/sysctl.conf-tiedostoa.

net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
net.ipv4.ip_forward=1

14. Päivitetään asetukset.

# sysctl -p

15. Asennetaan Neutronin pakettit.

# apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent \
neutron-l3-agent neutron-dhcp-agent openvswitch-switch dnsmasq-base \
dnsmasq-utils neutron-metadata-agent vlan bridge-utils ipset

16. Muokataan /etc/neutron/neutron.conf-tiedostoa ja kommentoidaan [database] -osiosta connection -rivi pois, koska compute -palvelulla ei ole suoraa yhteyttä tietokantaan.

[DEFAULT]
...
rpc_backend = neutron.openstack.common.rpc.impl_kombu 
rabbit_host = 10.0.0.11
rabbit_userid = openstack
rabbit_password = openstack
auth_strategy = keystone

[keystone_authtoken]
...
auth_uri = http://10.0.0.11:5000/v2.0
identity_uri = http://10.0.0.11:35357
admin_tenant_name = service
admin_user = neutron
admin_password = neutron

[DEFAULT]
...
core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
service_plugins = neutron.services.l3_router.l3_router_plugin.L3RouterPlugin
allow_overlapping_ips = True

17. Muokataan /etc/neutron/plugins/ml2/ml2_conf.ini -tiedostoa.

[ml2]
...
type_drivers = flat,gre
tenant_network_types = gre
mechanism_drivers = openvswitch

[ml2_type_flat]
...
flat_networks = external

[ml2_type_gre]
...
tunnel_id_ranges = 1:1000

[securitygroup]
...
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs]
...
local_ip = 172.16.0.21
enable_tunneling = True
bridge_mappings = external:br-ex

[agent]
...
tunnel_types = gre

18. Muokataan /etc/neutron/l3_agent.ini -tiedostoa.

[DEFAULT]
... 
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = True

external_network_bridge = br-ex
router_delete_namespaces = True

19. Muokataan /etc/neutron/dhcp_agent.ini -tiedostoa.

[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
use_namespaces = True
dhcp_delete_namespaces = True
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf

20. Luodaan /etc/neutron/dnsmasq-neutron.conf-tiedosto.

dhcp-option-force=26,1454

21. Muokataan /etc/neutron/metadata_agent.ini-tiedostoa:

[DEFAULT]
...
auth_url = http://10.0.0.11:5000/v2.0
auth_region = regionOne
admin_tenant_name = service
admin_user = neutron
admin_password = neutron

nova_metadata_ip = 10.0.0.11
metadata_proxy_shared_secret = metadata


controller.foo.bar

22. Siirrytään controller-palvelimelle ja muokataan /etc/nova/nova.conf -tiedostoa, ja lisätään neutron_metadata_proxy_shared_secret -salasana: Huom. metadata_agent.ini ja nova.conf -tiedostoissa metadata_proxy_shared_secret -arvon määritelmä ei ole identtinen!

service_neutron_metadata_proxy = True
neutron_metadata_proxy_shared_secret = metadata

23. Uudelleenkäynnistetään Nova-API:

# service nova-api restart


network.foo.bar

24. Takaisin network-palvelimelle, jossa uudelleenkäynnistetään openvswitch -palvelu.

# service openvswitch-switch restart

25. Luodaan virtuaali-bridge ja liitetään se eth2-verkkokorttiin, joka on liitettynä management-verkkoon (172.16.0.0/24).

# ovs-vsctl add-br br-ex
# ovs-vsctl add-port br-ex eth2

26. Uudelleenkäynnistetään palvelut.

# service neutron-plugin-openvswitch-agent restart
# service neutron-l3-agent restart
# service neutron-dhcp-agent restart
# service neutron-metadata-agent restart

27. Testataan että agentit toimii.

# neutron agent-list +--------------------------------------+--------------------+---------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+---------+-------+----------------+---------------------------+ | 1508d0a7-d35a-4f62-8143-e6a11099e213 | DHCP agent | network | :-) | True | neutron-dhcp-agent | | 26ce8114-ba60-4ab5-a93a-8f412a474fb5 | Metadata agent | network | :-) | True | neutron-metadata-agent | | 51befac0-1a4b-4695-bbe9-2854e5e1405b | L3 agent | network | :-) | True | neutron-l3-agent | | 99c3bbe8-669a-4e41-94f4-3d629d466c3b | Open vSwitch agent | network | :-) | True | neutron-openvswitch-agent | +--------------------------------------+--------------------+---------+-------+----------------+---------------------------+


compute.foo.bar

28. Siirrytään compute-palvelimelle ja muutetaan kernelin verkkoasetuksia. Muokataan /etc/sysctl.conf-tiedostoa.

net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0

29. Päivitetään asetukset.

# sysctl -p

30. Asennetaan Neutron-pluginit.

# apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent

31. Muokataan /etc/neutron/neutron.conf -tiedostoa ja Kommentoidaan [database] osiosta connection -rivi pois, koska compute-palvelulla ei ole suoraa yhteyttä tietokantaan.

[DEFAULT]
...
rpc_backend = neutron.openstack.common.rpc.impl_kombu 
rabbit_host = 10.0.0.11
rabbit_password = openstack
rabbit_userid = openstack

[DEFAULT]
...
auth_strategy = keystone

[keystone_authtoken]
...
auth_uri = http://10.0.0.11:5000/v2.0
identity_uri = http://10.0.0.11:35357
admin_tenant_name = service
admin_user = neutron
admin_password = neutron

[DEFAULT]
...
core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
service_plugins = neutron.services.l3_router.l3_router_plugin.L3RouterPlugin
allow_overlapping_ips = True

32. Muokataan /etc/neutron/plugins/ml2/ml2_conf.ini -tiedostoa.

[ml2]
...
type_drivers = flat,gre
tenant_network_types = gre
mechanism_drivers = openvswitch

[ml2_type_gre]
...
tunnel_id_ranges = 1:1000

[securitygroup]
...
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs]
...
local_ip = 172.16.0.31
enable_tunneling = True

[agent]
...
tunnel_types = gre

33. Uudelleenkäynnistetään Openswitch-palvelu.

# service openvswitch-switch restart

34. Muokataan /etc/nova/nova.conf -tiedostoa.

[DEFAULT]
...
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[neutron]
...
neutron_url = http://10.0.0.11:9696
neutron_auth_strategy=keystone
neutron_admin_tenant_name = service
neutron_admin_username = neutron
neutron_admin_password = neutron
neutron_admin_auth_url=http://10.0.0.11:35357/v2.0

35. Uudelleenkäynnistetään Nova-compute ja Openswitch-plugin.

# service nova-compute restart
# service neutron-plugin-openvswitch-agent restart


controller.foo.bar

36. Luodaan uusi verkko nimeltään ext-net.

# neutron net-create ext-net --router:external True
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | 07841b37-8afc-4243-9eb2-9d094236d322 |
| name                      | ext-net                              |
| provider:network_type     | vxlan                                |
| provider:physical_network |                                      |
| provider:segmentation_id  | 3                                    |
| router:external           | True                                 |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tenant_id                 | 4ad9732718a74c85b914ba96551e430b     |
+---------------------------+--------------------------------------+

37. Luodaan subnet ext-net -verkolle, lisätään ip-allocation-pool ja lisätään gateway.

# neutron subnet-create ext-net --name ext-subnet \
--allocation-pool start=192.168.0.230,end=192.168.0.240 \
--disable-dhcp --gateway 192.168.0.1 192.168.0.0/24
Created a new subnet:
+------------------+----------------------------------------------------+
| Field            | Value                                              |
+------------------+----------------------------------------------------+
| allocation_pools | {"start": "192.168.0.230", "end": "192.168.0.240"} |
| cidr             | 192.168.0.0/24                                     |
| dns_nameservers  |                                                    |
| enable_dhcp      | False                                              |
| gateway_ip       | 192.168.0.1                                        |
| host_routes      |                                                    |
| id               | fce6ec39-5432-46b1-9d59-e9cfbf24a653               |
| ip_version       | 4                                                  |
| name             | ext-subnet                                         |
| network_id       | e64a1af7-10a4-419a-a0be-6eebaf851689               |
| tenant_id        | 4ad9732718a74c85b914ba96551e430b                   |
+------------------+----------------------------------------------------+

38. Luodaan demo-net.

# neutron net-create demo-net
Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | b517833c-e358-4d9e-b549-1bad1586b713 |
| name                      | demo-net                             |
| provider:network_type     | vxlan                                |
| provider:physical_network |                                      |
| provider:segmentation_id  | 4                                    |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tenant_id                 | 4ad9732718a74c85b914ba96551e430b     |
+---------------------------+--------------------------------------+

39. Luodaan subnet demo-net -verkolle, lisätään gateway

# neutron subnet-create demo-net --name demo-subnet --gateway 192.168.1.1 192.168.1.0/24
Created a new subnet:
+------------------+--------------------------------------------------+
| Field            | Value                                            |
+------------------+--------------------------------------------------+
| allocation_pools | {"start": "192.168.1.2", "end": "192.168.1.254"} |
| cidr             | 192.168.1.0/24                                   |
| dns_nameservers  |                                                  |
| enable_dhcp      | True                                             |
| gateway_ip       | 192.168.1.1                                      |
| host_routes      |                                                  |
| id               | 5da7a9e2-bc24-4479-9e31-22072e4325e7             |
| ip_version       | 4                                                |
| name             | demo-subnet                                      |
| network_id       | 2ef127eb-7106-415d-8a9d-a649464d8eab             |
| tenant_id        | 4ad9732718a74c85b914ba96551e430b                 |
+------------------+--------------------------------------------------+

40. Luodaan demo-router.

# neutron router-create demo-router
Created a new router:
+-----------------------+--------------------------------------+
| Field                 | Value                                |
+-----------------------+--------------------------------------+
| admin_state_up        | True                                 |
| external_gateway_info |                                      |
| id                    | 2295995a-0267-42ba-94cc-2b50cfaa48e4 |
| name                  | demo-router                          |
| status                | ACTIVE                               |
| tenant_id             | 4ad9732718a74c85b914ba96551e430b     |
+-----------------------+--------------------------------------+

41. Yhdistetään demo-router demo-verkkoon.

# neutron router-interface-add demo-router demo-subnet
Added interface demo-router to router demo-subnet.

42. Lisätään demo-ruoterin gatewayksi ext-net.

# neutron router-gateway-set demo-router ext-net
Set gateway for router demo-router