Neutron - Networking asennus
controller.foo.bar
1. Luodaan neutron-tunnus.
2. Lisätään neutron-tunnukselle admin-rooli ja lisätään tunnus service tenant-ryhmään.
# keystone user-role-add --user neutron --tenant service --role admin (Tämä komento ei tulosta mitään)
3. Luodaan neutron-service ja servicen tyypiksi network.
# keystone service-create --name neutron --type network --description "OpenStack Networking" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | 7a2204ee37db43b38260e5cab0ec59f9 | | name | neutron | | type | network | +-------------+----------------------------------+
4. Luodaan neutron endpoint.
# keystone endpoint-create --service-id $(keystone service-list | awk '/ network / {print $2}') \ --publicurl http://10.0.0.11:9696 --adminurl http://10.0.0.11:9696 \ --internalurl http://10.0.0.11:9696 --region regionOne +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | adminurl | http://10.0.0.11:9696 | | id | 9769e010f1454f69b9f3731b0a0f58f7 | | internalurl | http://10.0.0.11:9696 | | publicurl | http://10.0.0.11:9696 | | region | regionOne | | service_id | 7a2204ee37db43b38260e5cab0ec59f9 | +-------------+----------------------------------+
5. Asennetaan Neutron.
# apt-get install neutron-server neutron-plugin-ml2 python-neutronclient
6. Tarvitsemme nova_admin_tenant_id :n neutron-asetuksia varten.
# keystone tenant-get service +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Service Tenant | | enabled | True | | id | 6aa93fa0f6a0428a9c8019855ff023da | | name | service | +-------------+----------------------------------+
7. Muokataan /etc/neutron/neutron.conf -tiedostoa.
[DEFAULT] ... rpc_backend = neutron.openstack.common.rpc.impl_kombu rabbit_host = 10.0.0.11 rabbit_userid = openstack rabbit_password = openstack core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin service_plugins = neutron.services.l3_router.l3_router_plugin.L3RouterPlugin auth_strategy = keystone allow_overlapping_ips = True notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = 10.0.0.11:8774/v2 nova_admin_auth_url = 10.0.0.11:35357/v2.0 nova_region_name = regionOne nova_admin_username = nova nova_admin_tenant_id = 6aa93fa0f6a0428a9c8019855ff023da nova_admin_password = nova [keystone_authtoken] ... auth_uri = http://10.0.0.11:5000/v2.0 identity_uri = http://10.0.0.11:35357 admin_tenant_name = service admin_user = neutron admin_password = neutron [database] ... connection = mysql://neutron:neutrondb@10.0.0.11/neutron
8. Muokataan /etc/neutron/plugins/ml2/ml2_conf.ini -tiedostoa.
[ml2] ... type_drivers = flat,gre tenant_network_types = gre mechanism_drivers = openvswitch [ml2_type_gre] ... tunnel_id_ranges = 1:1000 [securitygroup] ... enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
9. Muutetaan Compute hallitsemaan verkkoja Network -palvelun kautta: Muokataan /etc/nova/nova.conf -tiedostoa.
[DEFAULT] ... network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver [neutron] ... neutron_url = http://10.0.0.11:9696 neutron_auth_strategy = keystone neutron_admin_auth_url = http://10.0.0.11:35357/v2.0 neutron_admin_tenant_name = service neutron_admin_username = neutron neutron_admin_password = neutron
10. Sykronoidaan Neutron tietokanta.
# neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head
11. Uudelleenkäynnistetään Nova- ja Neutron servicet.
# service nova-api restart # service nova-scheduler restart # service nova-conductor restart # service neutron-server restart
12. Testataan Neutronin toiminta ja ladatut palvelut.
# neutron ext-list +-----------------------+-----------------------------------------------+ | alias | name | +-----------------------+-----------------------------------------------+ | security-group | security-group | | l3_agent_scheduler | L3 Agent Scheduler | | ext-gw-mode | Neutron L3 Configurable external gateway mode | | binding | Port Binding | | provider | Provider Network | | agent | agent | | quotas | Quota management support | | dhcp_agent_scheduler | DHCP Agent Scheduler | | multi-provider | Multi Provider Network | | external-net | Neutron external network | | router | Neutron L3 Router | | allowed-address-pairs | Allowed Address Pairs | | extra_dhcp_opt | Neutron Extra DHCP opts | | extraroute | Neutron Extra Route | +-----------------------+-----------------------------------------------+
network.foo.bar
13. Siirrytään network-palvelimelle ja muutetaan aluksi kernelin verkkoasetuksia. Muokataan /etc/sysctl.conf-tiedostoa.
net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.all.rp_filter=0 net.ipv4.ip_forward=1
14. Päivitetään asetukset.
# sysctl -p
15. Asennetaan Neutronin pakettit.
# apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent \ neutron-l3-agent neutron-dhcp-agent openvswitch-switch dnsmasq-base \ dnsmasq-utils neutron-metadata-agent vlan bridge-utils ipset
16. Muokataan /etc/neutron/neutron.conf-tiedostoa ja kommentoidaan [database] -osiosta connection -rivi pois, koska compute -palvelulla ei ole suoraa yhteyttä tietokantaan.
[DEFAULT] ... rpc_backend = neutron.openstack.common.rpc.impl_kombu rabbit_host = 10.0.0.11 rabbit_userid = openstack rabbit_password = openstack auth_strategy = keystone [keystone_authtoken] ... auth_uri = http://10.0.0.11:5000/v2.0 identity_uri = http://10.0.0.11:35357 admin_tenant_name = service admin_user = neutron admin_password = neutron [DEFAULT] ... core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin service_plugins = neutron.services.l3_router.l3_router_plugin.L3RouterPlugin allow_overlapping_ips = True
17. Muokataan /etc/neutron/plugins/ml2/ml2_conf.ini -tiedostoa.
[ml2] ... type_drivers = flat,gre tenant_network_types = gre mechanism_drivers = openvswitch [ml2_type_flat] ... flat_networks = external [ml2_type_gre] ... tunnel_id_ranges = 1:1000 [securitygroup] ... enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver [ovs] ... local_ip = 172.16.0.21 enable_tunneling = True bridge_mappings = external:br-ex [agent] ... tunnel_types = gre
18. Muokataan /etc/neutron/l3_agent.ini -tiedostoa.
[DEFAULT] ... interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver use_namespaces = True external_network_bridge = br-ex router_delete_namespaces = True
19. Muokataan /etc/neutron/dhcp_agent.ini -tiedostoa.
[DEFAULT] ... interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq use_namespaces = True dhcp_delete_namespaces = True dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
20. Luodaan /etc/neutron/dnsmasq-neutron.conf-tiedosto.
dhcp-option-force=26,1454
21. Muokataan /etc/neutron/metadata_agent.ini-tiedostoa:
[DEFAULT]
...
auth_url = http://10.0.0.11:5000/v2.0
auth_region = regionOne
admin_tenant_name = service
admin_user = neutron
admin_password = neutron
nova_metadata_ip = 10.0.0.11
metadata_proxy_shared_secret = metadata
controller.foo.bar
22. Siirrytään controller-palvelimelle ja muokataan /etc/nova/nova.conf -tiedostoa, ja lisätään neutron_metadata_proxy_shared_secret -salasana: Huom. metadata_agent.ini ja nova.conf -tiedostoissa metadata_proxy_shared_secret -arvon määritelmä ei ole identtinen!
service_neutron_metadata_proxy = True
neutron_metadata_proxy_shared_secret = metadata
23. Uudelleenkäynnistetään Nova-API:
# service nova-api restart
network.foo.bar
24. Takaisin network-palvelimelle, jossa uudelleenkäynnistetään openvswitch -palvelu.
# service openvswitch-switch restart
25. Luodaan virtuaali-bridge ja liitetään se eth2-verkkokorttiin, joka on liitettynä management-verkkoon (172.16.0.0/24).
# ovs-vsctl add-br br-ex # ovs-vsctl add-port br-ex eth2
26. Uudelleenkäynnistetään palvelut.
# service neutron-plugin-openvswitch-agent restart # service neutron-l3-agent restart # service neutron-dhcp-agent restart # service neutron-metadata-agent restart
27. Testataan että agentit toimii.
compute.foo.bar
28. Siirrytään compute-palvelimelle ja muutetaan kernelin verkkoasetuksia. Muokataan /etc/sysctl.conf-tiedostoa.
net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.all.rp_filter=0
29. Päivitetään asetukset.
# sysctl -p
30. Asennetaan Neutron-pluginit.
# apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent
31. Muokataan /etc/neutron/neutron.conf -tiedostoa ja Kommentoidaan [database] osiosta connection -rivi pois, koska compute-palvelulla ei ole suoraa yhteyttä tietokantaan.
[DEFAULT] ... rpc_backend = neutron.openstack.common.rpc.impl_kombu rabbit_host = 10.0.0.11 rabbit_password = openstack rabbit_userid = openstack [DEFAULT] ... auth_strategy = keystone [keystone_authtoken] ... auth_uri = http://10.0.0.11:5000/v2.0 identity_uri = http://10.0.0.11:35357 admin_tenant_name = service admin_user = neutron admin_password = neutron [DEFAULT] ... core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin service_plugins = neutron.services.l3_router.l3_router_plugin.L3RouterPlugin allow_overlapping_ips = True
32. Muokataan /etc/neutron/plugins/ml2/ml2_conf.ini -tiedostoa.
[ml2] ... type_drivers = flat,gre tenant_network_types = gre mechanism_drivers = openvswitch [ml2_type_gre] ... tunnel_id_ranges = 1:1000 [securitygroup] ... enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver [ovs] ... local_ip = 172.16.0.31 enable_tunneling = True [agent] ... tunnel_types = gre
33. Uudelleenkäynnistetään Openswitch-palvelu.
# service openvswitch-switch restart
34. Muokataan /etc/nova/nova.conf -tiedostoa.
[DEFAULT] ... network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver [neutron] ... neutron_url = http://10.0.0.11:9696 neutron_auth_strategy=keystone neutron_admin_tenant_name = service neutron_admin_username = neutron neutron_admin_password = neutron neutron_admin_auth_url=http://10.0.0.11:35357/v2.0
35. Uudelleenkäynnistetään Nova-compute ja Openswitch-plugin.
# service nova-compute restart # service neutron-plugin-openvswitch-agent restart
controller.foo.bar
36. Luodaan uusi verkko nimeltään ext-net.
# neutron net-create ext-net --router:external True +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 07841b37-8afc-4243-9eb2-9d094236d322 | | name | ext-net | | provider:network_type | vxlan | | provider:physical_network | | | provider:segmentation_id | 3 | | router:external | True | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 4ad9732718a74c85b914ba96551e430b | +---------------------------+--------------------------------------+
37. Luodaan subnet ext-net -verkolle, lisätään ip-allocation-pool ja lisätään gateway.
# neutron subnet-create ext-net --name ext-subnet \ --allocation-pool start=192.168.0.230,end=192.168.0.240 \ --disable-dhcp --gateway 192.168.0.1 192.168.0.0/24 Created a new subnet: +------------------+----------------------------------------------------+ | Field | Value | +------------------+----------------------------------------------------+ | allocation_pools | {"start": "192.168.0.230", "end": "192.168.0.240"} | | cidr | 192.168.0.0/24 | | dns_nameservers | | | enable_dhcp | False | | gateway_ip | 192.168.0.1 | | host_routes | | | id | fce6ec39-5432-46b1-9d59-e9cfbf24a653 | | ip_version | 4 | | name | ext-subnet | | network_id | e64a1af7-10a4-419a-a0be-6eebaf851689 | | tenant_id | 4ad9732718a74c85b914ba96551e430b | +------------------+----------------------------------------------------+
38. Luodaan demo-net.
# neutron net-create demo-net Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | b517833c-e358-4d9e-b549-1bad1586b713 | | name | demo-net | | provider:network_type | vxlan | | provider:physical_network | | | provider:segmentation_id | 4 | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 4ad9732718a74c85b914ba96551e430b | +---------------------------+--------------------------------------+
39. Luodaan subnet demo-net -verkolle, lisätään gateway
# neutron subnet-create demo-net --name demo-subnet --gateway 192.168.1.1 192.168.1.0/24 Created a new subnet: +------------------+--------------------------------------------------+ | Field | Value | +------------------+--------------------------------------------------+ | allocation_pools | {"start": "192.168.1.2", "end": "192.168.1.254"} | | cidr | 192.168.1.0/24 | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 192.168.1.1 | | host_routes | | | id | 5da7a9e2-bc24-4479-9e31-22072e4325e7 | | ip_version | 4 | | name | demo-subnet | | network_id | 2ef127eb-7106-415d-8a9d-a649464d8eab | | tenant_id | 4ad9732718a74c85b914ba96551e430b | +------------------+--------------------------------------------------+
40. Luodaan demo-router.
# neutron router-create demo-router Created a new router: +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | admin_state_up | True | | external_gateway_info | | | id | 2295995a-0267-42ba-94cc-2b50cfaa48e4 | | name | demo-router | | status | ACTIVE | | tenant_id | 4ad9732718a74c85b914ba96551e430b | +-----------------------+--------------------------------------+
41. Yhdistetään demo-router demo-verkkoon.
# neutron router-interface-add demo-router demo-subnet Added interface demo-router to router demo-subnet.
42. Lisätään demo-ruoterin gatewayksi ext-net.
# neutron router-gateway-set demo-router ext-net Set gateway for router demo-router