IT/Openstack

[Openstack-rocky] Ubuntu에 Openstack 설치 하기(5) - neutron(network) 설치

louky 2019. 8. 16. 13:43
반응형

 

code-name 

  •    keystone

  •    glance 

  •    nova

  •    neutron 

 

2019/08/16 - [IT/Openstack] - [Openstack-rocky] Ubuntu에 Openstack 설치 하기(1) - openstack PKG 설치

 

[Openstack-rocky] Ubuntu에 Openstack 설치 하기(1) - openstack PKG 설치

Centos/RHEL에 설치 하는 환경은 비슷하다 설치 환경 H/W : HP DL380G9 (2ea) OS : UBUNTU 18.04 LTS 최소 자원 Node CPU RAM Disk Nic controller 1 core 4GB 5GB 2 compute 1 core 2GB 10GB 2 ubuntu 18.04 네트..

louky0714.tistory.com

2019/08/16 - [IT/Openstack] - [Openstack-rocky] Ubuntu에 Openstack 설치 하기(2) - Keystone 설치

 

[Openstack-rocky] Ubuntu에 Openstack 설치 하기(2) - Keystone 설치

Openstack service PKG install code-name : openstack내 service pkg들은 각각의 code name으로 불리운다. keystone glance nova neutron 공통 환경 변수 controller_name="controller" controller_ip="10.168.0...

louky0714.tistory.com

2019/08/16 - [IT/Openstack] - [Openstack-rocky] Ubuntu에 Openstack 설치 하기(3) - Glance(image)설치

 

[Openstack-rocky] Ubuntu에 Openstack 설치 하기(3) - Glance(image)설치

Openstack service PKG install code-name keystone glance nova neutron 공통 환경 변수 controller_name="controller" controller_ip="10.168.0.101" DB_PW="maria.123" KEYSTONE_PW="keystone.123" GLANCE_PW="..

louky0714.tistory.com

2019/08/16 - [IT/Openstack] - [Openstack-rocky] Ubuntu에 Openstack 설치 하기(4) - nova(compute) 설치

 

[Openstack-rocky] Ubuntu에 Openstack 설치 하기(4) - nova(compute) 설치

code-name keystone glance nova neutron 공통 환경 변수 controller_name="controller" controller_ip="10.168.0.101" DB_PW="maria.123" KEYSTONE_PW="keystone.123" GLANCE_PW="glance.123" RABBIT_PW="rabbit...

louky0714.tistory.com

 

 

 

공통 환경 변수 

controller_name="controller"
controller_ip="10.168.0.101"

DB_PW="maria.123"

KEYSTONE_PW="keystone.123"

GLANCE_PW="glance.123"

RABBIT_PW="rabbit.123"

NOVA_PW="nova.123"

PLACEMENT_PW="placement.123"

NEUTRON_PW="neutron.123"

META_PW="meta.123"

 

 

 

Neutron install (All node)

 

 

A. Controller node Install 

 

A-1. neutron database생성 

-DB 생성 전 확인

root@rocky-osc:~# mysql -uroot -pmaria.123 -e "show databases;"
+--------------------+
| Database           |
+--------------------+
| glance             |
| information_schema |
| keystone           |
| mysql              |
| nova               |
| nova_api           |
| nova_api_cell0     |
| nova_cell0         |
| performance_schema |
| placement          |
+--------------------+

-DB 생성

root@rocky-osc:~# mysql -uroot -pmaria.123 -e "CREATE DATABASE neutron;"

-DB 생성 후 확인

root@rocky-osc:~# mysql -uroot -pmaria.123 -e "show databases;"
+--------------------+
| Database           |
+--------------------+
| glance             |
| information_schema |
| keystone           |
| mysql              |
| neutron            |
| nova               |
| nova_api           |
| nova_api_cell0     |
| nova_cell0         |
| performance_schema |
| placement          |
+--------------------+

 

 

A-2. neturon database권한 설정

root@rocky-osc:~# mysql -uroot -pmaria.123 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron.123';"
root@rocky-osc:~# mysql -uroot -pmaria.123 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron.123';"

 

A-3. admin환경 변수 loading

root@rocky-osc:~# source /root/admin_openrc

환경변수 설정 참고 => 2019/08/16 - [IT/Openstack] - [Openstack-rocky] Ubuntu에 Openstack 설치 하기(1) - openstack PKG 설치

 

A-4. openstack user neutron 생성

root@rocky-osc:~# openstack user create --domain default --password neutron.123 neutron
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | b07d469572084ebb8f8e9d75eccf5ed0 |
| name                | neutron                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

 

A-5. admin role에 neutron  추가  

root@rocky-osc:~# openstack role add --project service --user neutron admin

 

A-6. neutron  service 생성

root@rocky-osc:~# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | 500b01c2937c4b60b7ac10a82044806a |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+

 

A-7. neutron  service endpoint  생성

root@rocky-osc:~# openstack endpoint create --region RegionOne network public http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 946045ef3a824c25b004805d3d401e84 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 500b01c2937c4b60b7ac10a82044806a |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+
root@rocky-osc:~# openstack endpoint create --region RegionOne network internal http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 7cd7d37be6184a948114936610834350 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 500b01c2937c4b60b7ac10a82044806a |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+
root@rocky-osc:~# openstack endpoint create --region RegionOne network admin http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 02ae98ebbad3421f9196215715fab503 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 500b01c2937c4b60b7ac10a82044806a |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+

 

 

A-8. PKG Install 

root@rocky-osc:~# apt install -y neutron-server neutron-plugin-ml2 neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent

 

A-9. Config 원본 백업

root@rocky-osc:~# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.orig

 

A-10. Config 수정 

 

A-10-01. /etc/neutron/neutron.conf

root@rocky-osc:~#echo "[DEFAULT]
core_plugin = ml2

## provider  settitng
#service_plugins =

## self-service setting
service_plugins = router
allow_overlapping_ips = true

transport_url = rabbit://openstack:rabbit.123@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[agent]
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

[cors]

[database]
#connection = sqlite:////var/lib/neutron/neutron.sqlite
connection = mysql+pymysql://neutron:neutron.123@controller/neutron

[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron.123

[matchmaker_redis]

[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova.123

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

[oslo_messaging_amqp]

[oslo_messaging_kafka]

[oslo_messaging_notifications]

[oslo_messaging_rabbit]

[oslo_messaging_zmq]

[oslo_middleware]

[oslo_policy]

[quotas]

[ssl]" > /etc/neutron/neutron.conf

 

A-10-02. /etc/neutron/plugins/ml2/ml2_conf.ini

root@rocky-osc:~#echo "[DEFAULT]

[l2pop]

[ml2]
## provider setting
#type_drivers = flat,vlan
#tenant_network_types =
#mechanism_drivers = linuxbridge

## self-service setting
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population

## provider & self-service common
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[ml2_type_geneve]

[ml2_type_gre]

[ml2_type_vlan]

[ml2_type_vxlan]
## self-service setting
vni_ranges = 1:1000

[securitygroup]
enable_ipset = true" > /etc/neutron/plugins/ml2/ml2_conf.ini

 

A-10-03. /etc/neutron/plugins/ml2/linuxbridge_agent.ini

root@rocky-osc:~# echo "[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = provider:eth2
[network_log]


[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver


[vxlan]
## provider setting
#enable_vxlan = false


## self-service setting
enable_vxlan = true
local_ip = 10.168.0.101


## provider & self-service common
l2_population = true" > /etc/neutron/plugins/ml2/linuxbridge_agent.ini

 

 

A-10-04. /etc/neutron/dhcp_agent.ini

root@rocky-osc:~# echo "[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

[agent]

[ovs]
" > /etc/neutron/dhcp_agent.ini

 

A-10-05. /etc/neutron/l3_agent.ini

root@rocky-osc:~# echo "[DEFAULT]
interface_driver = linuxbridge

[agent]

[ovs]
" > /etc/neutron/l3_agent.ini

 

A-10-6. config 파일 퍼미션 변경 

root@rocky-osc:~# chown root.neutron /etc/neutron/neutron.conf  \
 /etc/neutron/plugins/ml2/ml2_conf.ini \
 /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
 /etc/neutron/dhcp_agent.ini \
 /etc/neutron/l3_agent.ini

 

 

A-11. SystemKernel parameter  확인 및 변경

root@rocky-osc:~# sysctl -a | grep -E "net.bridge.bridge-nf-call-ip"
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

kernel 설정이 값이 1이 아닐 경우 설정 

root@rocky-osc:~# echo " ### neutron  parameter
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf

root@rocky-osc:~# sysctl -p
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

 

A-12. /etc/nova/nova.conf에 neutron config 설정

A-12-1. 기존 설정 백업 

root@rocky-osc:~# cp -rpRf /etc/nova/nova.conf /etc/nova/nova.conf.bak

 

A-12-2.  Neutron config 추가 

root@rocky-osc:~# echo "[DEFAULT]
log_dir = /var/log/nova
lock_path = /var/lock/nova
state_path = /var/lib/nova


transport_url = rabbit://openstack:rabbit.123@controller
my_ip = 10.168.0.101
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver


[api]
auth_strategy = keystone


[api_database]
#connection = sqlite:////var/lib/nova/nova_api.sqlite
connection = mysql+pymysql://nova:nova.123@controller/nova_api


[barbican]


[cache]


[cells]
enable = False


[cinder]


[compute]


[conductor]


[console]


[consoleauth]


[cors]


[database]
#connection = sqlite:////var/lib/nova/nova.sqlite
connection = mysql+pymysql://nova:nova.123@controller/nova


[devices]


[ephemeral_storage_encryption]


[filter_scheduler]


[glance]
api_servers = http://controller:9292


[guestfs]


[healthcheck]


[hyperv]


[ironic]


[key_manager]


[keystone]


[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova.123


[libvirt]


[matchmaker_redis]


[metrics]


[mks]


[neutron]
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron.123
service_metadata_proxy = true
metadata_proxy_shared_secret = meta.123


[notifications]


[osapi_v21]


[oslo_concurrency]
lock_path = /var/lib/nova/tmp


[oslo_messaging_amqp]


[oslo_messaging_kafka]


[oslo_messaging_notifications]


[oslo_messaging_rabbit]


[oslo_messaging_zmq]


[oslo_middleware]


[oslo_policy]


[pci]


[placement]
os_region_name = openstack
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = placement.123


[placement_database]
connection = mysql+pymysql://placement:placement.123@controller/placement


[powervm]


[profiler]


[quota]


[rdp]


[remote_debug]


[scheduler]
discover_hosts_in_cells_interval = 300


[serial_console]


[service_user]


[spice]


[upgrade_levels]


[vault]


[vendordata_dynamic_auth]


[vmware]


[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip


[workarounds]


[wsgi]


[xenserver]


[xvp]


[zvm] > /etc/nova/nova.conf 

 

 

A-12-3. /etc/nova/nova.conf 퍼미션 변경

root@rocky-osc:~# chown root.nova /etc/nova/nova.conf

 

A-13 neutron databases tabled 생성 

- Table 생성 전

root@rocky-osc:~# mysql -uroot -pmaria.123 neutron -e "show tables;"

 

- Table 생성

root@rocky-osc:~# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
  Running upgrade for neutron ...
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Running upgrade  -> kilo
INFO  [alembic.runtime.migration] Running upgrade kilo -> 354db87e3225
INFO  [alembic.runtime.migration] Running upgrade 354db87e3225 -> 599c6a226151
INFO  [alembic.runtime.migration] Running upgrade 599c6a226151 -> 52c5312f6baf
INFO  [alembic.runtime.migration] Running upgrade 52c5312f6baf -> 313373c0ffee
INFO  [alembic.runtime.migration] Running upgrade 313373c0ffee -> 8675309a5c4f
INFO  [alembic.runtime.migration] Running upgrade 8675309a5c4f -> 45f955889773
INFO  [alembic.runtime.migration] Running upgrade 45f955889773 -> 26c371498592
INFO  [alembic.runtime.migration] Running upgrade 26c371498592 -> 1c844d1677f7
INFO  [alembic.runtime.migration] Running upgrade 1c844d1677f7 -> 1b4c6e320f79
INFO  [alembic.runtime.migration] Running upgrade 1b4c6e320f79 -> 48153cb5f051
INFO  [alembic.runtime.migration] Running upgrade 48153cb5f051 -> 9859ac9c136
INFO  [alembic.runtime.migration] Running upgrade 9859ac9c136 -> 34af2b5c5a59
INFO  [alembic.runtime.migration] Running upgrade 34af2b5c5a59 -> 59cb5b6cf4d
INFO  [alembic.runtime.migration] Running upgrade 59cb5b6cf4d -> 13cfb89f881a
INFO  [alembic.runtime.migration] Running upgrade 13cfb89f881a -> 32e5974ada25
INFO  [alembic.runtime.migration] Running upgrade 32e5974ada25 -> ec7fcfbf72ee
INFO  [alembic.runtime.migration] Running upgrade ec7fcfbf72ee -> dce3ec7a25c9
INFO  [alembic.runtime.migration] Running upgrade dce3ec7a25c9 -> c3a73f615e4
INFO  [alembic.runtime.migration] Running upgrade c3a73f615e4 -> 659bf3d90664
INFO  [alembic.runtime.migration] Running upgrade 659bf3d90664 -> 1df244e556f5
INFO  [alembic.runtime.migration] Running upgrade 1df244e556f5 -> 19f26505c74f
INFO  [alembic.runtime.migration] Running upgrade 19f26505c74f -> 15be73214821
INFO  [alembic.runtime.migration] Running upgrade 15be73214821 -> b4caf27aae4
INFO  [alembic.runtime.migration] Running upgrade b4caf27aae4 -> 15e43b934f81
INFO  [alembic.runtime.migration] Running upgrade 15e43b934f81 -> 31ed664953e6
INFO  [alembic.runtime.migration] Running upgrade 31ed664953e6 -> 2f9e956e7532
INFO  [alembic.runtime.migration] Running upgrade 2f9e956e7532 -> 3894bccad37f
INFO  [alembic.runtime.migration] Running upgrade 3894bccad37f -> 0e66c5227a8a
INFO  [alembic.runtime.migration] Running upgrade 0e66c5227a8a -> 45f8dd33480b
INFO  [alembic.runtime.migration] Running upgrade 45f8dd33480b -> 5abc0278ca73
INFO  [alembic.runtime.migration] Running upgrade kilo -> 30018084ec99
INFO  [alembic.runtime.migration] Running upgrade 30018084ec99 -> 4ffceebfada
INFO  [alembic.runtime.migration] Running upgrade 4ffceebfada -> 5498d17be016
INFO  [alembic.runtime.migration] Running upgrade 5498d17be016 -> 2a16083502f3
INFO  [alembic.runtime.migration] Running upgrade 2a16083502f3 -> 2e5352a0ad4d
INFO  [alembic.runtime.migration] Running upgrade 2e5352a0ad4d -> 11926bcfe72d
INFO  [alembic.runtime.migration] Running upgrade 11926bcfe72d -> 4af11ca47297
INFO  [alembic.runtime.migration] Running upgrade 4af11ca47297 -> 1b294093239c
INFO  [alembic.runtime.migration] Running upgrade 1b294093239c -> 8a6d8bdae39
INFO  [alembic.runtime.migration] Running upgrade 8a6d8bdae39 -> 2b4c2465d44b
INFO  [alembic.runtime.migration] Running upgrade 2b4c2465d44b -> e3278ee65050
INFO  [alembic.runtime.migration] Running upgrade e3278ee65050 -> c6c112992c9
INFO  [alembic.runtime.migration] Running upgrade c6c112992c9 -> 5ffceebfada
INFO  [alembic.runtime.migration] Running upgrade 5ffceebfada -> 4ffceebfcdc
INFO  [alembic.runtime.migration] Running upgrade 4ffceebfcdc -> 7bbb25278f53
INFO  [alembic.runtime.migration] Running upgrade 7bbb25278f53 -> 89ab9a816d70
INFO  [alembic.runtime.migration] Running upgrade 5abc0278ca73 -> d3435b514502
INFO  [alembic.runtime.migration] Running upgrade d3435b514502 -> 30107ab6a3ee
INFO  [alembic.runtime.migration] Running upgrade 30107ab6a3ee -> c415aab1c048
INFO  [alembic.runtime.migration] Running upgrade c415aab1c048 -> a963b38d82f4
INFO  [alembic.runtime.migration] Running upgrade 89ab9a816d70 -> c879c5e1ee90
INFO  [alembic.runtime.migration] Running upgrade c879c5e1ee90 -> 8fd3918ef6f4
INFO  [alembic.runtime.migration] Running upgrade 8fd3918ef6f4 -> 4bcd4df1f426
INFO  [alembic.runtime.migration] Running upgrade 4bcd4df1f426 -> b67e765a3524
INFO  [alembic.runtime.migration] Running upgrade a963b38d82f4 -> 3d0e74aa7d37
INFO  [alembic.runtime.migration] Running upgrade 3d0e74aa7d37 -> 030a959ceafa
INFO  [alembic.runtime.migration] Running upgrade 030a959ceafa -> a5648cfeeadf
INFO  [alembic.runtime.migration] Running upgrade a5648cfeeadf -> 0f5bef0f87d4
INFO  [alembic.runtime.migration] Running upgrade 0f5bef0f87d4 -> 67daae611b6e
INFO  [alembic.runtime.migration] Running upgrade 67daae611b6e -> 6b461a21bcfc
INFO  [alembic.runtime.migration] Running upgrade 6b461a21bcfc -> 5cd92597d11d
INFO  [alembic.runtime.migration] Running upgrade 5cd92597d11d -> 929c968efe70
INFO  [alembic.runtime.migration] Running upgrade 929c968efe70 -> a9c43481023c
INFO  [alembic.runtime.migration] Running upgrade a9c43481023c -> 804a3c76314c
INFO  [alembic.runtime.migration] Running upgrade 804a3c76314c -> 2b42d90729da
INFO  [alembic.runtime.migration] Running upgrade 2b42d90729da -> 62c781cb6192
INFO  [alembic.runtime.migration] Running upgrade 62c781cb6192 -> c8c222d42aa9
INFO  [alembic.runtime.migration] Running upgrade c8c222d42aa9 -> 349b6fd605a6
INFO  [alembic.runtime.migration] Running upgrade 349b6fd605a6 -> 7d32f979895f
INFO  [alembic.runtime.migration] Running upgrade 7d32f979895f -> 594422d373ee
INFO  [alembic.runtime.migration] Running upgrade 594422d373ee -> 61663558142c
INFO  [alembic.runtime.migration] Running upgrade 61663558142c -> 867d39095bf4, port forwarding
INFO  [alembic.runtime.migration] Running upgrade b67e765a3524 -> a84ccf28f06a
INFO  [alembic.runtime.migration] Running upgrade a84ccf28f06a -> 7d9d8eeec6ad
INFO  [alembic.runtime.migration] Running upgrade 7d9d8eeec6ad -> a8b517cff8ab
INFO  [alembic.runtime.migration] Running upgrade a8b517cff8ab -> 3b935b28e7a0
INFO  [alembic.runtime.migration] Running upgrade 3b935b28e7a0 -> b12a3ef66e62
INFO  [alembic.runtime.migration] Running upgrade b12a3ef66e62 -> 97c25b0d2353
INFO  [alembic.runtime.migration] Running upgrade 97c25b0d2353 -> 2e0d7a8a1586
INFO  [alembic.runtime.migration] Running upgrade 2e0d7a8a1586 -> 5c85685d616d
  OK
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
  Running upgrade for neutron-fwaas ...
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Running upgrade  -> start_neutron_fwaas, start neutron-fwaas chain
INFO  [alembic.runtime.migration] Running upgrade start_neutron_fwaas -> 4202e3047e47, add_index_tenant_id
INFO  [alembic.runtime.migration] Running upgrade 4202e3047e47 -> 540142f314f4, FWaaS router insertion
INFO  [alembic.runtime.migration] Running upgrade 540142f314f4 -> 796c68dffbb, cisco_csr_fwaas
INFO  [alembic.runtime.migration] Running upgrade 796c68dffbb -> kilo, kilo
INFO  [alembic.runtime.migration] Running upgrade kilo -> c40fbb377ad, Initial Liberty no-op script.
INFO  [alembic.runtime.migration] Running upgrade c40fbb377ad -> 4b47ea298795, add reject rule
INFO  [alembic.runtime.migration] Running upgrade 4b47ea298795 -> d6a12e637e28, neutron-fwaas v2.0
INFO  [alembic.runtime.migration] Running upgrade d6a12e637e28 -> 876782258a43, create_default_firewall_groups_table
INFO  [alembic.runtime.migration] Running upgrade 876782258a43 -> f24e0d5e5bff, uniq_firewallgroupportassociation0port
INFO  [alembic.runtime.migration] Running upgrade kilo -> 67c8e8d61d5, Initial Liberty no-op script.
INFO  [alembic.runtime.migration] Running upgrade 67c8e8d61d5 -> 458aa42b14b, fw_table_alter script to make <name> column case sensitive
INFO  [alembic.runtime.migration] Running upgrade 458aa42b14b -> f83a0b2964d0, rename tenant to project
INFO  [alembic.runtime.migration] Running upgrade f83a0b2964d0 -> fd38cd995cc0, change shared attribute for firewall resource
  OK

 

- Table 생성 확인 

root@rocky-osc:~# mysql -uroot -pmaria.123 neutron -e "show tables;"
+-----------------------------------------+
| Tables_in_neutron                       |
+-----------------------------------------+
| address_scopes                          |
| agents                                  |
| alembic_version                         |
| alembic_version_fwaas                   |
| allowedaddresspairs                     |
| arista_provisioned_nets                 |
| arista_provisioned_tenants              |
| arista_provisioned_vms                  |
| auto_allocated_topologies               |
| bgp_peers                               |
| bgp_speaker_dragent_bindings            |
| bgp_speaker_network_bindings            |
| bgp_speaker_peer_bindings               |
| bgp_speakers                            |
| brocadenetworks                         |
| brocadeports                            |
| cisco_csr_identifier_map                |
| cisco_firewall_associations             |
| cisco_hosting_devices                   |
| cisco_ml2_apic_contracts                |
| cisco_ml2_apic_host_links               |
| cisco_ml2_apic_names                    |
| cisco_ml2_n1kv_network_bindings         |
| cisco_ml2_n1kv_network_profiles         |
| cisco_ml2_n1kv_policy_profiles          |
| cisco_ml2_n1kv_port_bindings            |
| cisco_ml2_n1kv_profile_bindings         |
| cisco_ml2_n1kv_vlan_allocations         |
| cisco_ml2_n1kv_vxlan_allocations        |
| cisco_ml2_nexus_nve                     |
| cisco_ml2_nexusport_bindings            |
| cisco_port_mappings                     |
| cisco_router_mappings                   |
| consistencyhashes                       |
| default_firewall_groups                 |
| default_security_group                  |
| dnsnameservers                          |
| dvr_host_macs                           |
| externalnetworks                        |
| extradhcpopts                           |
| firewall_group_port_associations_v2     |
| firewall_groups_v2                      |
| firewall_policies                       |
| firewall_policies_v2                    |
| firewall_policy_rule_associations_v2    |
| firewall_router_associations            |
| firewall_rules                          |
| firewall_rules_v2                       |
| firewalls                               |
| flavors                                 |
| flavorserviceprofilebindings            |
| floatingipdnses                         |
| floatingips                             |
| ha_router_agent_port_bindings           |
| ha_router_networks                      |
| ha_router_vrid_allocations              |
| healthmonitors                          |
| ikepolicies                             |
| ipallocationpools                       |
| ipallocations                           |
| ipamallocationpools                     |
| ipamallocations                         |
| ipamsubnets                             |
| ipsec_site_connections                  |
| ipsecpeercidrs                          |
| ipsecpolicies                           |
| logs                                    |
| lsn                                     |
| lsn_port                                |
| maclearningstates                       |
| members                                 |
| meteringlabelrules                      |
| meteringlabels                          |
| ml2_brocadenetworks                     |
| ml2_brocadeports                        |
| ml2_distributed_port_bindings           |
| ml2_flat_allocations                    |
| ml2_geneve_allocations                  |
| ml2_geneve_endpoints                    |
| ml2_gre_allocations                     |
| ml2_gre_endpoints                       |
| ml2_nexus_vxlan_allocations             |
| ml2_nexus_vxlan_mcast_groups            |
| ml2_port_binding_levels                 |
| ml2_port_bindings                       |
| ml2_ucsm_port_profiles                  |
| ml2_vlan_allocations                    |
| ml2_vxlan_allocations                   |
| ml2_vxlan_endpoints                     |
| multi_provider_networks                 |
| networkconnections                      |
| networkdhcpagentbindings                |
| networkdnsdomains                       |
| networkgatewaydevicereferences          |
| networkgatewaydevices                   |
| networkgateways                         |
| networkqueuemappings                    |
| networkrbacs                            |
| networks                                |
| networksecuritybindings                 |
| networksegments                         |
| neutron_nsx_network_mappings            |
| neutron_nsx_port_mappings               |
| neutron_nsx_router_mappings             |
| neutron_nsx_security_group_mappings     |
| nexthops                                |
| nsxv_edge_dhcp_static_bindings          |
| nsxv_edge_vnic_bindings                 |
| nsxv_firewall_rule_bindings             |
| nsxv_internal_edges                     |
| nsxv_internal_networks                  |
| nsxv_port_index_mappings                |
| nsxv_port_vnic_mappings                 |
| nsxv_router_bindings                    |
| nsxv_router_ext_attributes              |
| nsxv_rule_mappings                      |
| nsxv_security_group_section_mappings    |
| nsxv_spoofguard_policy_network_mappings |
| nsxv_tz_network_bindings                |
| nsxv_vdr_dhcp_bindings                  |
| nuage_net_partition_router_mapping      |
| nuage_net_partitions                    |
| nuage_provider_net_bindings             |
| nuage_subnet_l2dom_mapping              |
| poolloadbalanceragentbindings           |
| poolmonitorassociations                 |
| pools                                   |
| poolstatisticss                         |
| portbindingports                        |
| portdataplanestatuses                   |
| portdnses                               |
| portforwardings                         |
| portqueuemappings                       |
| ports                                   |
| portsecuritybindings                    |
| providerresourceassociations            |
| provisioningblocks                      |
| qos_bandwidth_limit_rules               |
| qos_dscp_marking_rules                  |
| qos_fip_policy_bindings                 |
| qos_minimum_bandwidth_rules             |
| qos_network_policy_bindings             |
| qos_policies                            |
| qos_policies_default                    |
| qos_port_policy_bindings                |
| qospolicyrbacs                          |
| qosqueues                               |
| quotas                                  |
| quotausages                             |
| reservations                            |
| resourcedeltas                          |
| router_extra_attributes                 |
| routerl3agentbindings                   |
| routerports                             |
| routerroutes                            |
| routerrules                             |
| routers                                 |
| securitygroupportbindings               |
| securitygrouprules                      |
| securitygroups                          |
| segmenthostmappings                     |
| serviceprofiles                         |
| sessionpersistences                     |
| standardattributes                      |
| subnet_service_types                    |
| subnetpoolprefixes                      |
| subnetpools                             |
| subnetroutes                            |
| subnets                                 |
| subports                                |
| tags                                    |
| trunks                                  |
| tz_network_bindings                     |
| vcns_router_bindings                    |
| vips                                    |
| vpnservices                             |
+-----------------------------------------+

 

 

A-14 neutron pkg daemon 재시작 

root@rocky-osc:~# service nova-api restart

root@rocky-osc:~# service neutron-server restart
root@rocky-osc:~# service neutron-linuxbridge-agent restart
root@rocky-osc:~# service neutron-dhcp-agent restart
root@rocky-osc:~# service neutron-metadata-agent restart

 

## self-service 설정시

root@rocky-osc:~# service neutron-l3-agent restart

 

 

 

B. Compute node Install 

 

 

B-1. PKG Install 

root@rocky-nova01:~# apt install -y neutron-linuxbridge-agent

 

B-2. Config 원본 백업

root@rocky-nova01:~# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.orig
root@rocky-nova01:~# mv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.orig

B-3. Config 수정

 

B-3-1. /etc/neutron/neutron.conf

root@rocky-nova01:~# echo "[DEFAULT]
core_plugin = ml2
auth_strategy = keystone
transport_url = rabbit://openstack:rabbit.123@controller

[agent]
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

[cors]

[database]
connection = sqlite:////var/lib/neutron/neutron.sqlite

[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron.123


[matchmaker_redis]


[nova]


[oslo_concurrency]


[oslo_messaging_amqp]


[oslo_messaging_kafka]


[oslo_messaging_notifications]


[oslo_messaging_rabbit]


[oslo_messaging_zmq]


[oslo_middleware]


[oslo_policy]


[quotas]


[ssl] " > /etc/neutron/neutron.conf

 

B-3-1. /etc/neutron/plugins/ml2/linuxbridge_agent.ini

root@rocky-nova01:~# echo "[DEFAULT]

[agent]

[linux_bridge]
physical_interface_mappings = provider:eth2

[network_log]

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

[vxlan]
## provider setting
#enable_vxlan = false

## Self-service setting
enable_vxlan = true
local_ip = 10.168.0.111
l2_population = true" > /etc/neutron/plugins/ml2/linuxbridge_agent.ini

 

 

 

B-4. /etc/nova/nova.conf에 neutron config 추가 

 

B-4-1. /etc/nova/nova.conf 백업

root@rocky-nova01:~# mv /etc/nova/nova.conf /etc/nova/nova.conf.bak

 

B-4-2. /etc/nova/nova.conf 수정

root@rocky-nova01:~# echo "[DEFAULT]
log_dir = /var/log/nova
lock_path = /var/lock/nova
state_path = /var/lib/nova

transport_url = rabbit://openstack:rabbit.123@controller
my_ip = 10.168.0.111
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api]
auth_strategy = keystone

[api_database]
connection = sqlite:////var/lib/nova/nova_api.sqlite

[barbican]

[cache]

[cells]
enable = False

[cinder]

[compute]

[conductor]

[console]

[consoleauth]

[cors]

[database]
connection = sqlite:////var/lib/nova/nova.sqlite

[devices]

[ephemeral_storage_encryption]

[filter_scheduler]

[glance]
api_servers = http://controller:9292

[guestfs]

[healthcheck]

[hyperv]

[ironic]

[key_manager]

[keystone]

[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova.123

[libvirt]

[matchmaker_redis]

[metrics]

[mks]

[neutron]
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron.123

[notifications]

[osapi_v21]

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[oslo_messaging_amqp]

[oslo_messaging_kafka]

[oslo_messaging_notifications]

[oslo_messaging_rabbit]

[oslo_messaging_zmq]

[oslo_middleware]

[oslo_policy]

[pci]

[placement]
os_region_name = openstack
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = placement.123

[placement_database]

[powervm]

[profiler]

[quota]

[rdp]

[remote_debug]

[scheduler]

[serial_console]

[service_user]

[spice]

[upgrade_levels]

[vault]

[vendordata_dynamic_auth]

[vmware]

[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://${controller_ip}:6080/vnc_auto.html

[workarounds]

[wsgi]

[xenserver]

[xvp]

[zvm] " > /etc/nova/nova.conf

 

 

B-5. config 파일 퍼미션 변경 

root@rocky-nova01:~# chown root.neutron /etc/neutron/neutron.conf /etc/neutron/plugins/ml2/linuxbridge_agent.ini
root@rocky-nova01:~# chown root.nova /etc/nova/nova.conf

 

 

B-6. SystemKernel parameter  확인 및 변경

root@rocky-nova01:~# sysctl -a | grep -E "net.bridge.bridge-nf-call-ip"
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

 

kernel 설정이 값이 1이 아닐 경우 설정 

root@rocky-nova01:~# echo " ### neutron  parameter
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf

root@rocky-nova01:~# sysctl -p
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

B-7. PKG daemon 재시작 

root@rocky-nova01:~# service nova-compute restart
root@rocky-nova01:~# service neutron-linuxbridge-agent restart

 

 

C. neutron  설정 확인 

 

C-1. 환경변수 loading

root@rocky-osc:~# source admin_openrc

 

C-2.  확인

root@rocky-osc:~# openstack network agent list
+--------------------------------------+--------------------+--------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host         | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+--------------+-------------------+-------+-------+---------------------------+
| 421491a0-9b0a-49cc-a0c6-7e29eb058cd0 | Linux bridge agent | rocky-osc    | None              | :-)   | UP    | neutron-linuxbridge-agent |
| 6b2c9e1c-96d7-443e-9e74-c13a296ff383 | Linux bridge agent | rocky-nova01 | None              | :-)   | UP    | neutron-linuxbridge-agent |
| 6c300e91-48e7-4625-a2ab-7a8d3b9321b8 | DHCP agent         | rocky-osc    | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 79c8261f-316e-499d-a5ea-b532c090d715 | Metadata agent     | rocky-osc    | None              | :-)   | UP    | neutron-metadata-agent    |
| c18c52a4-c1db-4149-baa7-1c3c3c3863c8 | L3 agent           | rocky-osc    | nova              | :-)   | UP    | neutron-l3-agent          |
+--------------------------------------+--------------------+--------------+-------------------+-------+-------+---------------------------+
반응형