OpenStack Yoga : Configure Neutron #22022/04/29 |
Configure OpenStack Network Service (Neutron).
This example is based on the environment like follows.
If you'd like to install Neutron services on another Host, refer to here.
Configure Neutron services with Open Virtual Network (OVN).
eth0|10.0.0.30 +-----------+-----------+ | [ dlp.srv.world ] | | (Control Node) | | | | MariaDB RabbitMQ | | Memcached httpd | | Keystone Glance | | Nova API/Compute | | Neutron Server | | Open vSwitch | | OVN Metadata Agent | | OVN-Controller | +-----------------------+ |
[1] | Install Neutron services. |
root@dlp ~(keystone)# apt -y install neutron-server neutron-plugin-ml2 neutron-ovn-metadata-agent python3-neutronclient ovn-central ovn-host openvswitch-switch
|
[2] | Configure Neutron services. |
root@dlp ~(keystone)# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.org
root@dlp ~(keystone)#
vi /etc/neutron/neutron.conf # create new [DEFAULT] bind_host = 127.0.0.1 bind_port = 9696 core_plugin = ml2 service_plugins = ovn-router auth_strategy = keystone state_path = /var/lib/neutron allow_overlapping_ips = True notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True # RabbitMQ connection info transport_url = rabbit://openstack:password@dlp.srv.world # Keystone auth info [keystone_authtoken] www_authenticate_uri = https://dlp.srv.world:5000 auth_url = https://dlp.srv.world:5000 memcached_servers = dlp.srv.world:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = servicepassword # if using self-signed certs on Apache2 Keystone, turn to [true] insecure = false [database] connection = mysql+pymysql://neutron:password@dlp.srv.world/neutron_ml2 [nova] auth_url = https://dlp.srv.world:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = servicepassword # if using self-signed certs on Apache2 Keystone, turn to [true] insecure = false [oslo_concurrency] lock_path = $state_path/tmp
root@dlp ~(keystone)#
chmod 640 /etc/neutron/neutron.conf root@dlp ~(keystone)# chgrp neutron /etc/neutron/neutron.conf
root@dlp ~(keystone)#
mv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.org root@dlp ~(keystone)# vi /etc/neutron/plugins/ml2/ml2_conf.ini # create new [DEFAULT] debug = false [ml2] type_drivers = flat,geneve tenant_network_types = geneve mechanism_drivers = ovn extension_drivers = port_security overlay_ip_version = 4 [ml2_type_geneve] vni_ranges = 1:65536 max_header_size = 38 [ml2_type_flat] flat_networks = * [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver [ovn] ovn_nb_connection = tcp:10.0.0.30:6641 ovn_sb_connection = tcp:10.0.0.30:6642 ovn_l3_scheduler = leastloaded ovn_metadata_enabled = True
root@dlp ~(keystone)#
chmod 640 /etc/neutron/plugins/ml2/ml2_conf.ini root@dlp ~(keystone)# chgrp neutron /etc/neutron/plugins/ml2/ml2_conf.ini
root@dlp ~(keystone)#
vi /etc/neutron/neutron_ovn_metadata_agent.ini [DEFAULT] # line 2 : add to specify Nova API host nova_metadata_host = dlp.srv.world nova_metadata_protocol = https # specify any secret key you like metadata_proxy_shared_secret = metadata_secret # line 230 : change [ovs] ovsdb_connection = tcp:127.0.0.1:6640 # add to the end [agent] root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf [ovn] ovn_sb_connection = tcp:10.0.0.30:6642
root@dlp ~(keystone)#
vi /etc/default/openvswitch-switch # line 8 : uncomment and add like follows OVS_CTL_OPTS= "--ovsdb-server-options='--remote=ptcp:6640:127.0.0.1'"
root@dlp ~(keystone)#
vi /etc/nova/nova.conf # add follows into the [DEFAULT] section
vif_plugging_is_fatal = True
vif_plugging_timeout = 300
# add follows to the end : Neutron auth info
# the value of [metadata_proxy_shared_secret] is the same with the one in [metadata_agent.ini]
[neutron]
auth_url = https://dlp.srv.world:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = servicepassword
service_metadata_proxy = True
metadata_proxy_shared_secret = metadata_secret
insecure = false
|
[4] | Configure Nginx for proxy settings. |
root@dlp ~(keystone)#
vi /etc/nginx/nginx.conf # add into the [stream] section
stream {
upstream glance-api {
server 127.0.0.1:9292;
}
server {
listen 10.0.0.30:9292 ssl;
proxy_pass glance-api;
}
upstream nova-api {
server 127.0.0.1:8774;
}
server {
listen 10.0.0.30:8774 ssl;
proxy_pass nova-api;
}
upstream nova-metadata-api {
server 127.0.0.1:8775;
}
server {
listen 10.0.0.30:8775 ssl;
proxy_pass nova-metadata-api;
}
upstream placement-api {
server 127.0.0.1:8778;
}
server {
listen 10.0.0.30:8778 ssl;
proxy_pass placement-api;
}
upstream novncproxy {
server 127.0.0.1:6080;
}
server {
listen 10.0.0.30:6080 ssl;
proxy_pass novncproxy;
}
upstream neutron-api {
server 127.0.0.1:9696;
}
server {
listen 10.0.0.30:9696 ssl;
proxy_pass neutron-api;
}
ssl_certificate "/etc/letsencrypt/live/dlp.srv.world/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/dlp.srv.world/privkey.pem";
}
|
[5] | Start Neutron services. |
root@dlp ~(keystone)#
systemctl restart openvswitch-switch root@dlp ~(keystone)# ovs-vsctl add-br br-int
root@dlp ~(keystone)#
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini root@dlp ~(keystone)# su -s /bin/bash neutron -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head"
root@dlp ~(keystone)#
systemctl restart ovn-central ovn-northd ovn-controller ovn-host root@dlp ~(keystone)# ovn-nbctl set-connection ptcp:6641:10.0.0.30 -- set connection . inactivity_probe=60000 root@dlp ~(keystone)# ovn-sbctl set-connection ptcp:6642:10.0.0.30 -- set connection . inactivity_probe=60000 root@dlp ~(keystone)# ovs-vsctl set open . external-ids:ovn-remote=tcp:10.0.0.30:6642 root@dlp ~(keystone)# ovs-vsctl set open . external-ids:ovn-encap-type=geneve root@dlp ~(keystone)# ovs-vsctl set open . external-ids:ovn-encap-ip=10.0.0.30
root@dlp ~(keystone)#
systemctl restart neutron-server neutron-ovn-metadata-agent nova-compute nginx
# show status root@dlp ~(keystone)# openstack network agent list +--------------------------------------+----------------------+---------------+-------------------+-------+-------+----------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+----------------------+---------------+-------------------+-------+-------+----------------------------+ | 0435b8ba-f502-5ead-b5b2-af74b1e44afb | OVN Metadata agent | dlp.srv.world | | :-) | UP | neutron-ovn-metadata-agent | | 7879dc15-8f6b-458e-bd63-6d6279701272 | OVN Controller agent | dlp.srv.world | | :-) | UP | ovn-controller | +--------------------------------------+----------------------+---------------+-------------------+-------+-------+----------------------------+ |
Sponsored Link |