Create OpenStack Service
[root@controller1 ~]# source admin-openrc
[root@controller1 ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | ad17484f2f19423b9ffe8ab2b451906d |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@controller1 ~]# openstack endpoint create --region RegionOne network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c4e2c0741118449d933107948c67651d |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ad17484f2f19423b9ffe8ab2b451906d |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller1 ~]# openstack endpoint create --region RegionOne network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f35d94a749ae47d68b243a90015493bb |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ad17484f2f19423b9ffe8ab2b451906d |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller1 ~]# openstack endpoint create --region RegionOne network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 61e469452d914b78aabbf4bcc0a51732 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ad17484f2f19423b9ffe8ab2b451906d |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
Install OpenStack Neutron
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset -y
Configure Neutron
[root@controller1 ~]# cp /etc/neutron/neutron.conf{,.bak2}
[root@controller1 ~]# echo '
> [DEFAULT]
> bind_port = 9696
> bind_host = controller1
> core_plugin = ml2
> service_plugins =
> #service_plugins = trunk
> #service_plugins = router
> allow_overlapping_ips = true
> transport_url = rabbit://openstack:openstack@controller
> auth_strategy = keystone
> notify_nova_on_port_status_changes = true
> notify_nova_on_port_data_changes = true
>
> [keystone_authtoken]
> auth_uri = http://controller:5000
> auth_url = http://controller:35357
> memcached_servers = controller1:11211
> auth_type = password
> project_domain_name = default
> user_domain_name = default
> project_name = service
> username = neutron
> password = neutron
>
> [nova]
> auth_url = http://controller:35357
> auth_plugin = password
> project_domain_id = default
> user_domain_id = default
> region_name = RegionOne
> project_name = service
> username = nova
> password = nova
>
> [database]
> connection = mysql://neutron:neutron@controller:3306/neutron
>
> [oslo_concurrency]
> lock_path = /var/lib/neutron/tmp
> #'>/etc/neutron/neutron.conf
Configure ML2
[root@controller1 ~]# cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
[root@controller1 ~]# echo '#
> [ml2]
> tenant_network_types =
> type_drivers = vlan,flat
> mechanism_drivers = linuxbridge
> extension_drivers = port_security
> [ml2_type_flat]
> flat_networks = provider
> [securitygroup]
> enable_ipset = True
> #vlan
> # [ml2_type_valn]
> # network_vlan_ranges = provider:3001:4000
> #'>/etc/neutron/plugins/ml2/ml2_conf.ini
[root@controller1 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
Configure Linux Bridge
[root@controller1 ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
[root@controller1 ~]# echo '#
> [linux_bridge]
> physical_interface_mappings = provider:'ens37'
> [vxlan]
> enable_vxlan = false
> [agent]
> prevent_arp_spoofing = True
> [securitygroup]
> firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
> enable_security_group = True
> #'>/etc/neutron/plugins/ml2/linuxbridge_agent.ini
Configure DHCP
[root@controller1 ~]# cp /etc/neutron/dhcp_agent.ini{,.bak}
[root@controller1 ~]# echo '#
> [DEFAULT]
> interface_driver = linuxbridge
> dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
> enable_isolated_metadata = true
> #'>/etc/neutron/dhcp_agent.ini
Configure Metadata
[root@controller1 ~]# cp /etc/neutron/metadata_agent.ini{,.bak}
[root@controller1 ~]# echo '
> [DEFAULT]
> nova_metadata_ip = controller
> metadata_proxy_shared_secret = metadata
> #'>/etc/neutron/metadata_agent.ini
Configure Nova
[root@controller1 ~]# cp /etc/nova/nova.conf{,.bak}
[root@controller1 ~]# echo '
> #
> [neutron]
> url = http://controller:9696
> auth_url = http://controller:35357
> auth_type = password
> project_domain_name = default
> user_domain_name = default
> region_name = RegionOne
> project_name = service
> username = neutron
> password = neutron
> service_metadata_proxy = true
> metadata_proxy_shared_secret = metadata
> #'>>/etc/nova/nova.conf
Configure L3
[root@controller1 ~]# cp /etc/neutron/l3_agent.ini{,.bak}
[root@controller1 ~]#
[root@controller1 ~]# echo '
> [DEFAULT]
> interface_driver = linuxbridge
> #'>/etc/neutron/l3_agent.ini
Synchronize Database
[root@controller1 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@controller1 ~]# mysql -h controller -u neutron -pneutron -e "use neutron;show tables;"
Configure HAProxy For Neutron API
[root@controller1 ~]# echo '
> #Neutron_API
> listen Neutron_API_cluster
> bind controller:9696
> balance source
> option tcpka
> option tcplog
> server controller1 controller1:9696 check inter 2000 rise 2 fall 5
> server controller2 controller2:9696 check inter 2000 rise 2 fall 5
> server controller3 controller3:9696 check inter 2000 rise 2 fall 5
> '>>/etc/haproxy/haproxy.cfg
[[email protected] ~]# '
[root@controller1 ~]# systemctl restart haproxy.service
[root@controller1 ~]# netstat -antp|grep haproxy
tcp 0 0 192.168.220.20:9292 0.0.0.0:* LISTEN 76948/haproxy
tcp 0 0 0.0.0.0:1080 0.0.0.0:* LISTEN 76948/haproxy
tcp 0 0 192.168.220.20:35357 0.0.0.0:* LISTEN 76948/haproxy
tcp 0 0 192.168.220.20:9696 0.0.0.0:* LISTEN 76948/haproxy
tcp 0 0 192.168.220.20:5000 0.0.0.0:* LISTEN 76948/haproxy
Start Neutron Service
[root@controller1 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller1 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller1 ~]# systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
Configure Controller Node 2 & Start Service
[root@controller2 ~]# rsync -avzP -e 'ssh -p 22' controller1:/etc/nova/* /etc/nova/
[root@controller2 ~]# sed -i 's/controller1/controller2/' /etc/neutron/neutron.conf
[root@controller2 ~]# rsync -avzP -e 'ssh -p 22' controller1:/etc/haproxy/* /etc/haproxy/
[root@controller2 ~]# systemctl restart haproxy
[root@controller2 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller2 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
Configure Controller Node 3 & Start Service
[root@controller3 ~]# rsync -avzP -e 'ssh -p 22' controller1:/etc/neutron/* /etc/neutron/
[root@controller3 ~]# sed -i 's/controller1/controller3/' /etc/neutron/neutron.conf
[root@controller3 ~]# rsync -avzP -e 'ssh -p 22' controller1:/etc/haproxy/* /etc/haproxy/
[root@controller3 ~]# systemctl restart haproxy
[root@controller3 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller3 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
Configure L3 HA on Controller node
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT l3_ha True
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT router_distributed True
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT l3_ha True
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT l3_ha_net_cidr 169.254.192.0/18
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT max_l3_agents_per_router 3
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT min_l3_agents_per_router 2
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vxlan
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch,l2population
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks external
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs local_ip TUNNEL_INTERFACE_IP_ADDRESS
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings external:br-ex
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent enable_distributed_routing True
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent tunnel_types vxlan
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent l2_population True
[root@controller ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT ha_vrrp_auth_password password
[root@controller ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver openvswitch
[root@controller ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge
[root@controller ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr_snat
Configure L3 HA on Compute Node
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs local_ip TUNNEL_INTERFACE_IP_ADDRESS
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings external:br-ex
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent enable_distributed_routing True
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent tunnel_types vxlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent l2_population True
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver openvswitch
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr
Verify Service
[root@controller1 ~]# openstack network agent list
+--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+
| 1a4efb8b-aa65-4d4a-8092-7213592acd22 | Linux bridge agent | controller1 | None | :-) | UP | neutron-linuxbridge-agent |
| 3b35bc6e-4cec-42e2-9fde-e99c601cf609 | DHCP agent | controller3 | nova | :-) | UP | neutron-dhcp-agent |
| 42e57e23-eecb-490d-b709-d8e3730107e8 | DHCP agent | controller2 | nova | :-) | UP | neutron-dhcp-agent |
| 6b2058a2-d3e3-4342-afbb-717338b1499f | Metadata agent | controller1 | None | :-) | UP | neutron-metadata-agent |
| 750b5e5c-c7b6-4f48-ae2f-37580b6e03d9 | DHCP agent | controller1 | nova | :-) | UP | neutron-dhcp-agent |
| 7e63ce46-3fd5-40ee-9f63-ee8cc52dd5a4 | Metadata agent | controller3 | None | :-) | UP | neutron-metadata-agent |
| 92199bf0-08ef-4642-9557-c33360796405 | Linux bridge agent | controller2 | None | :-) | UP | neutron-linuxbridge-agent |
| 9ae5bafa-0075-4408-b827-1be9bb1ccf99 | Linux bridge agent | controller3 | None | :-) | UP | neutron-linuxbridge-agent |
| f1ed9e45-39e7-4980-aaec-10364e42263f | Metadata agent | controller2 | None | :-) | UP | neutron-metadata-agent |
+--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+