Ubuntu 22.04
Sponsored Link

OpenStack Yoga : Configure Neutron #22022/04/29

 
Configure OpenStack Network Service (Neutron).
This example is based on the environment like follows.
If you'd like to install Neutron services on another Host, refer to here.
Configure Neutron services with Open Virtual Network (OVN).
        eth0|10.0.0.30 
+-----------+-----------+
|   [ dlp.srv.world ]   |
|     (Control Node)    |
|                       |
|  MariaDB    RabbitMQ  |
|  Memcached  httpd     |
|  Keystone   Glance    |
|  Nova API/Compute     |
|    Neutron Server     |
|    Open vSwitch       |
|  OVN Metadata Agent   |
|    OVN-Controller     |
+-----------------------+

[1] Install Neutron services.
root@dlp ~(keystone)#
apt -y install neutron-server neutron-plugin-ml2 neutron-ovn-metadata-agent python3-neutronclient ovn-central ovn-host openvswitch-switch
[2] Configure Neutron services.
root@dlp ~(keystone)#
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.org

root@dlp ~(keystone)#
vi /etc/neutron/neutron.conf
# create new

[DEFAULT]
bind_host = 127.0.0.1
bind_port = 9696
core_plugin = ml2
service_plugins = ovn-router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
# RabbitMQ connection info
transport_url = rabbit://openstack:password@dlp.srv.world

# Keystone auth info
[keystone_authtoken]
www_authenticate_uri = https://dlp.srv.world:5000
auth_url = https://dlp.srv.world:5000
memcached_servers = dlp.srv.world:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = servicepassword
# if using self-signed certs on Apache2 Keystone, turn to [true]
insecure = false

[database]
connection = mysql+pymysql://neutron:password@dlp.srv.world/neutron_ml2

[nova]
auth_url = https://dlp.srv.world:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = servicepassword
# if using self-signed certs on Apache2 Keystone, turn to [true]
insecure = false

[oslo_concurrency]
lock_path = $state_path/tmp

root@dlp ~(keystone)#
chmod 640 /etc/neutron/neutron.conf

root@dlp ~(keystone)#
chgrp neutron /etc/neutron/neutron.conf
root@dlp ~(keystone)#
mv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.org

root@dlp ~(keystone)#
vi /etc/neutron/plugins/ml2/ml2_conf.ini
# create new

[DEFAULT]
debug = false

[ml2]
type_drivers = flat,geneve
tenant_network_types = geneve
mechanism_drivers = ovn
extension_drivers = port_security
overlay_ip_version = 4

[ml2_type_geneve]
vni_ranges = 1:65536
max_header_size = 38

[ml2_type_flat]
flat_networks = *

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovn]
ovn_nb_connection = tcp:10.0.0.30:6641
ovn_sb_connection = tcp:10.0.0.30:6642
ovn_l3_scheduler = leastloaded
ovn_metadata_enabled = True

root@dlp ~(keystone)#
chmod 640 /etc/neutron/plugins/ml2/ml2_conf.ini

root@dlp ~(keystone)#
chgrp neutron /etc/neutron/plugins/ml2/ml2_conf.ini
root@dlp ~(keystone)#
vi /etc/neutron/neutron_ovn_metadata_agent.ini
[DEFAULT]
# line 2 : add to specify Nova API host
nova_metadata_host = dlp.srv.world
nova_metadata_protocol = https
# specify any secret key you like
metadata_proxy_shared_secret = metadata_secret

# line 230 : change
[ovs]
ovsdb_connection = tcp:127.0.0.1:6640

# add to the end
[agent]
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf

[ovn]
ovn_sb_connection = tcp:10.0.0.30:6642

root@dlp ~(keystone)#
vi /etc/default/openvswitch-switch
# line 8 : uncomment and add like follows

OVS_CTL_OPTS=
"--ovsdb-server-options='--remote=ptcp:6640:127.0.0.1'"
root@dlp ~(keystone)#
vi /etc/nova/nova.conf
# add follows into the [DEFAULT] section

vif_plugging_is_fatal = True
vif_plugging_timeout = 300

# add follows to the end : Neutron auth info
# the value of [metadata_proxy_shared_secret] is the same with the one in [metadata_agent.ini]
[neutron]
auth_url = https://dlp.srv.world:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = servicepassword
service_metadata_proxy = True
metadata_proxy_shared_secret = metadata_secret
insecure = false
[4] Configure Nginx for proxy settings.
root@dlp ~(keystone)#
vi /etc/nginx/nginx.conf
# add into the [stream] section

stream {
    upstream glance-api {
        server 127.0.0.1:9292;
    }
    server {
        listen 10.0.0.30:9292 ssl;
        proxy_pass glance-api;
    }
    upstream nova-api {
        server 127.0.0.1:8774;
    }
    server {
        listen 10.0.0.30:8774 ssl;
        proxy_pass nova-api;
    }
    upstream nova-metadata-api {
        server 127.0.0.1:8775;
    }
    server {
        listen 10.0.0.30:8775 ssl;
        proxy_pass nova-metadata-api;
    }
    upstream placement-api {
        server 127.0.0.1:8778;
    }
    server {
        listen 10.0.0.30:8778 ssl;
        proxy_pass placement-api;
    }
    upstream novncproxy {
        server 127.0.0.1:6080;
    }
    server {
        listen 10.0.0.30:6080 ssl;
        proxy_pass novncproxy;
    }
    upstream neutron-api {
        server 127.0.0.1:9696;
    }
    server {
        listen 10.0.0.30:9696 ssl;
        proxy_pass neutron-api;
    }
    ssl_certificate "/etc/letsencrypt/live/dlp.srv.world/fullchain.pem";
    ssl_certificate_key "/etc/letsencrypt/live/dlp.srv.world/privkey.pem";
}
[5] Start Neutron services.
root@dlp ~(keystone)#
systemctl restart openvswitch-switch

root@dlp ~(keystone)#
ovs-vsctl add-br br-int
root@dlp ~(keystone)#
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

root@dlp ~(keystone)#
su -s /bin/bash neutron -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head"
root@dlp ~(keystone)#
systemctl restart ovn-central ovn-northd ovn-controller ovn-host

root@dlp ~(keystone)#
ovn-nbctl set-connection ptcp:6641:10.0.0.30 -- set connection . inactivity_probe=60000

root@dlp ~(keystone)#
ovn-sbctl set-connection ptcp:6642:10.0.0.30 -- set connection . inactivity_probe=60000

root@dlp ~(keystone)#
ovs-vsctl set open . external-ids:ovn-remote=tcp:10.0.0.30:6642

root@dlp ~(keystone)#
ovs-vsctl set open . external-ids:ovn-encap-type=geneve

root@dlp ~(keystone)#
ovs-vsctl set open . external-ids:ovn-encap-ip=10.0.0.30

root@dlp ~(keystone)#
systemctl restart neutron-server neutron-ovn-metadata-agent nova-compute nginx
# show status

root@dlp ~(keystone)#
openstack network agent list

+--------------------------------------+----------------------+---------------+-------------------+-------+-------+----------------------------+
| ID                                   | Agent Type           | Host          | Availability Zone | Alive | State | Binary                     |
+--------------------------------------+----------------------+---------------+-------------------+-------+-------+----------------------------+
| 0435b8ba-f502-5ead-b5b2-af74b1e44afb | OVN Metadata agent   | dlp.srv.world |                   | :-)   | UP    | neutron-ovn-metadata-agent |
| 7879dc15-8f6b-458e-bd63-6d6279701272 | OVN Controller agent | dlp.srv.world |                   | :-)   | UP    | ovn-controller             |
+--------------------------------------+----------------------+---------------+-------------------+-------+-------+----------------------------+
Matched Content