Neutron

コンポーネント

neutron-server

OpenStack Networking plug-ins and agents

Messaging queue

Install and configure controller node

データベース作成

code:sql

CREATE DATABASE neutron;

権限付与

code:sql

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';

ユーザの作成

code:shell

# openstack user create --domain default --password-prompt neutron

管理者権限の付与

code:shell

# openstack role add --project service --user neutron admin

Neutron サービスエンティティ作成

code:shell

# openstack service create --name neutron --description "OpenStack Networking" network

Networking 用の API エンドポイント作成

code:shell

Networking Option 2: Self-service networks

パッケージのインストール

code:shell

# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

code:shell

# diff -u /etc/neutron/neutron.conf.org /etc/neutron/neutron.conf

--- /etc/neutron/neutron.conf.org 2020-05-13 22:15:30.000000000 +0900

+++ /etc/neutron/neutron.conf 2020-08-02 08:47:36.112750234 +0900

@@ -4,6 +4,15 @@

# From oslo.log

#

+core_plugin = ml2

+service_plugins = router

+allow_overlapping_ips = true

+

+auth_strategy = keystone

+

+notify_nova_on_port_status_changes = true

+notify_nova_on_port_data_changes = true

+

# If set to true, the logging level will be set to DEBUG instead of the default

# INFO level. (boolean value)

# Note: This option can be changed without restarting.

@@ -181,7 +190,7 @@

# oslo_messaging.TransportURL at

# (string value)

-#transport_url = rabbit://

+transport_url = rabbit://openstack:MppaYJZEgT6b@controller

# The default exchange under which topics are scoped. May be overridden by an

# exchange name specified in the transport_url option. (string value)

@@ -268,7 +277,7 @@

-#connection = <None>

+connection = mysql+pymysql://neutron:pass@controller/neutron

# The SQLAlchemy connection string to use to connect to the slave database.

# (string value)

@@ -370,7 +379,8 @@

# because normal end users may not be able to reach that endpoint. (string

# value)

-#www_authenticate_uri = <None>

# DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not

# be an "admin" endpoint, as it should be accessible by all end users.

@@ -431,7 +441,7 @@

# Optionally specify a list of memcached server(s) to use for caching. If left

# undefined, tokens will instead be cached in-process. (list value)

-#memcached_servers = <None>

+memcached_servers = controller:11211

# In order to prevent excessive effort spent validating tokens, the middleware

# caches previously-seen tokens for a configurable duration (in seconds). Set

@@ -511,7 +521,12 @@

# Authentication type to load (string value)

-#auth_type = <None>

+auth_type = password

+project_domain_name = default

+user_domain_name = default

+project_name = service

+username = neutron

+password = neutron

# Config Section from which to load plugin specific options (string value)

@@ -530,7 +545,7 @@

# should only be writable by the user running the processes that need locking.

# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used,

# a lock path must be set. (string value)

-# lock_path = $state_path/lock

+lock_path = /var/lib/neutron/tmp

@@ -1063,3 +1078,13 @@

# Sets the list of available ciphers. value should be a string in the OpenSSL

# cipher list format. (string value)

+

+auth_type = password

+project_domain_name = default

+user_domain_name = default

+region_name = RegionOne

+project_name = service

+username = nova

+password = nova

code:shell

# diff -u /etc/neutron/plugins/ml2/ml2_conf.ini.org /etc/neutron/plugins/ml2/ml2_conf.ini

--- /etc/neutron/plugins/ml2/ml2_conf.ini.org 2020-05-13 22:15:27.000000000 +0900

+++ /etc/neutron/plugins/ml2/ml2_conf.ini 2020-08-02 08:50:10.537533302 +0900

@@ -1,5 +1,5 @@

-

+

#

# From oslo.log

#

@@ -148,3 +148,18 @@

# Enables or disables fatal status of deprecations. (boolean value)

+

+type_drivers = flat,vlan,vxlan

+tenant_network_types = vxlan

+mechanism_drivers = linuxbridge,l2population

+extension_drivers = port_security

+

+flat_networks = provider

+

+vni_ranges = 1:1000

+

+enable_ipset = true

/etc/neutron/plugins/ml2/linuxbridge_agent.ini

code:shell

# diff -u /etc/neutron/plugins/ml2/linuxbridge_agent.ini.org /etc/neutron/plugins/ml2/linuxbridge_agent.ini

--- /etc/neutron/plugins/ml2/linuxbridge_agent.ini.org 2020-05-13 22:15:25.000000000 +0900

+++ /etc/neutron/plugins/ml2/linuxbridge_agent.ini 2020-08-02 11:09:46.987598162 +0900

@@ -148,3 +148,14 @@

# Enables or disables fatal status of deprecations. (boolean value)

+physical_interface_mappings = provider:wlp1s0

+

+enable_vxlan = true

+local_ip = 192.168.11.19

+l2_population = true

+

+enable_security_group = true

+firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

/etc/neutron/l3_agent.ini

code:shell

# diff -u /etc/neutron/l3_agent.ini.org /etc/neutron/l3_agent.ini

--- /etc/neutron/l3_agent.ini.org 2020-05-13 22:15:25.000000000 +0900

+++ /etc/neutron/l3_agent.ini 2020-08-02 09:12:40.074187927 +0900

@@ -1,5 +1,7 @@

+interface_driver = linuxbridge

+

#

# From oslo.log

#

code:conf

# ...

nova_metadata_host = controller

metadata_proxy_shared_secret = METADATA_SECRET

code:conf

(snip)

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = NEUTRON_PASS

service_metadata_proxy = true

metadata_proxy_shared_secret = METADATA_SECRET

(snip)

シンボリックリンクの作成

code:shell

# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

データベースにデータ投入

code:shell

# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

Nova restart

code:shell

# systemctl restart openstack-nova-api.service

Neutron 起動

code:shell

# systemctl enable neutron-server.service \

neutron-linuxbridge-agent.service neutron-dhcp-agent.service \

neutron-metadata-agent.service

# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

Layer-3 起動

code:shell

# systemctl enable neutron-l3-agent.service

# systemctl start neutron-l3-agent.service

Install and configure compute node

コンポーネントインストール

code:shell

# yum install openstack-neutron-linuxbridge ebtables ipset

Controller と Compute を同居させているので手順は省く

起動

code:shell

# systemctl enable neutron-linuxbridge-agent.service

# systemctl start neutron-linuxbridge-agent.service

動作確認

ネットワーク拡張機能リスト表示

code:shell

# openstack extension list --network

Neutron エージェント起動確認

code:shell

# openstack network agent list

+--------------------------------------+--------------------+------+-------------------+-------+-------+---------------------------+

| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |

+--------------------------------------+--------------------+------+-------------------+-------+-------+---------------------------+

| 7c9d8a0f-d17a-4b54-b203-c3921e987243 | Linux bridge agent | reno | None | :-) | UP | neutron-linuxbridge-agent |

| a0da57c6-9ccb-45fe-82fb-78520dd889cf | DHCP agent | reno | nova | :-) | UP | neutron-dhcp-agent |

| c72c8701-2f87-422c-aa6c-7cba8d818f5a | L3 agent | reno | nova | :-) | UP | neutron-l3-agent |

| d82e3fb1-2530-444a-8532-2d7686ad09f1 | Metadata agent | reno | None | :-) | UP | neutron-metadata-agent |

+--------------------------------------+--------------------+------+-------------------+-------+-------+---------------------------+