Linux bridge & L3 HA

[root@controller1 ~]# source admin-openrc 

[root@controller1 ~]# openstack service create --name neutron --description "OpenStack Networking" network

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | OpenStack Networking             |

| enabled     | True                             |

| id          | ad17484f2f19423b9ffe8ab2b451906d |

| name        | neutron                          |

| type        | network                          |

+-------------+----------------------------------+

[root@controller1 ~]# openstack endpoint create --region RegionOne network public http://controller:9696

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | c4e2c0741118449d933107948c67651d |

| interface    | public                           |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | ad17484f2f19423b9ffe8ab2b451906d |

| service_name | neutron                          |

| service_type | network                          |

| url          | http://controller:9696           |

+--------------+----------------------------------+

[root@controller1 ~]# openstack endpoint create --region RegionOne network internal http://controller:9696

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | f35d94a749ae47d68b243a90015493bb |

| interface    | internal                         |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | ad17484f2f19423b9ffe8ab2b451906d |

| service_name | neutron                          |

| service_type | network                          |

| url          | http://controller:9696           |

+--------------+----------------------------------+

[root@controller1 ~]# openstack endpoint create --region RegionOne network admin http://controller:9696

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 61e469452d914b78aabbf4bcc0a51732 |

| interface    | admin                            |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | ad17484f2f19423b9ffe8ab2b451906d |

| service_name | neutron                          |

| service_type | network                          |

| url          | http://controller:9696           |

+--------------+----------------------------------+

[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset -y

[root@controller1 ~]# cp /etc/neutron/neutron.conf{,.bak2}

[root@controller1 ~]# echo '

> [DEFAULT]

> bind_port = 9696

> bind_host = controller1

> core_plugin = ml2

> service_plugins =

> #service_plugins = trunk

> #service_plugins = router

> allow_overlapping_ips = true

> transport_url = rabbit://openstack:openstack@controller

> auth_strategy = keystone

> notify_nova_on_port_status_changes = true

> notify_nova_on_port_data_changes = true

> 

> [keystone_authtoken]

> auth_uri = http://controller:5000

> auth_url = http://controller:35357

> memcached_servers = controller1:11211

> auth_type = password

> project_domain_name = default

> user_domain_name = default

> project_name = service

> username = neutron

> password = neutron

> 

> [nova]

> auth_url = http://controller:35357

> auth_plugin = password

> project_domain_id = default

> user_domain_id = default

> region_name = RegionOne

> project_name = service

> username = nova

> password = nova

> 

> [database]

> connection = mysql://neutron:neutron@controller:3306/neutron

> 

> [oslo_concurrency]

> lock_path = /var/lib/neutron/tmp 

> #'>/etc/neutron/neutron.conf

[root@controller1 ~]# cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}

[root@controller1 ~]# echo '#

> [ml2]

> tenant_network_types = 

> type_drivers = vlan,flat

> mechanism_drivers = linuxbridge

> extension_drivers = port_security

> [ml2_type_flat]

> flat_networks = provider

> [securitygroup]

> enable_ipset = True

> #vlan

> # [ml2_type_valn]

> # network_vlan_ranges = provider:3001:4000

> #'>/etc/neutron/plugins/ml2/ml2_conf.ini

[root@controller1 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

[root@controller1 ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}

[root@controller1 ~]# echo '#

> [linux_bridge]

> physical_interface_mappings = provider:'ens37'

> [vxlan]

> enable_vxlan = false

> [agent]

> prevent_arp_spoofing = True

> [securitygroup]

> firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

> enable_security_group = True

> #'>/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[root@controller1 ~]# cp /etc/neutron/dhcp_agent.ini{,.bak}

[root@controller1 ~]# echo '#

> [DEFAULT]

> interface_driver = linuxbridge

> dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

> enable_isolated_metadata = true

> #'>/etc/neutron/dhcp_agent.ini

[root@controller1 ~]# cp /etc/neutron/metadata_agent.ini{,.bak}

[root@controller1 ~]# echo '

> [DEFAULT]

> nova_metadata_ip = controller

> metadata_proxy_shared_secret = metadata

> #'>/etc/neutron/metadata_agent.ini

[root@controller1 ~]# cp /etc/nova/nova.conf{,.bak}

[root@controller1 ~]# echo '

> #

> [neutron]

> url = http://controller:9696

> auth_url = http://controller:35357

> auth_type = password

> project_domain_name = default

> user_domain_name = default

> region_name = RegionOne

> project_name = service

> username = neutron

> password = neutron

> service_metadata_proxy = true

> metadata_proxy_shared_secret = metadata

> #'>>/etc/nova/nova.conf

[root@controller1 ~]# cp /etc/neutron/l3_agent.ini{,.bak}

[root@controller1 ~]# 

[root@controller1 ~]# echo '

> [DEFAULT]

> interface_driver = linuxbridge

> #'>/etc/neutron/l3_agent.ini

[root@controller1 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

[root@controller1 ~]# mysql -h controller -u neutron -pneutron -e "use neutron;show tables;"

[root@controller1 ~]# echo '

> #Neutron_API

> listen Neutron_API_cluster

> bind controller:9696

> balance source

> option tcpka

> option tcplog

> server controller1 controller1:9696 check inter 2000 rise 2 fall 5

> server controller2 controller2:9696 check inter 2000 rise 2 fall 5

> server controller3 controller3:9696 check inter 2000 rise 2 fall 5

> '>>/etc/haproxy/haproxy.cfg

[[email protected] ~]# '

[root@controller1 ~]# systemctl restart haproxy.service

[root@controller1 ~]# netstat -antp|grep haproxy

tcp        0      0 192.168.220.20:9292     0.0.0.0:*               LISTEN      76948/haproxy       

tcp        0      0 0.0.0.0:1080            0.0.0.0:*               LISTEN      76948/haproxy       

tcp        0      0 192.168.220.20:35357    0.0.0.0:*               LISTEN      76948/haproxy       

tcp        0      0 192.168.220.20:9696     0.0.0.0:*               LISTEN      76948/haproxy       

tcp        0      0 192.168.220.20:5000     0.0.0.0:*               LISTEN      76948/haproxy

[root@controller1 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

[root@controller1 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

[root@controller1 ~]# systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

[root@controller2 ~]# rsync -avzP -e 'ssh -p 22' controller1:/etc/nova/* /etc/nova/

[root@controller2 ~]# sed -i 's/controller1/controller2/' /etc/neutron/neutron.conf

[root@controller2 ~]# rsync -avzP -e 'ssh -p 22' controller1:/etc/haproxy/* /etc/haproxy/

[root@controller2 ~]# systemctl restart haproxy

[root@controller2 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

[root@controller2 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

[root@controller3 ~]# rsync -avzP -e 'ssh -p 22' controller1:/etc/neutron/* /etc/neutron/

[root@controller3 ~]# sed -i 's/controller1/controller3/' /etc/neutron/neutron.conf

[root@controller3 ~]# rsync -avzP -e 'ssh -p 22' controller1:/etc/haproxy/* /etc/haproxy/

[root@controller3 ~]# systemctl restart haproxy

[root@controller3 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

[root@controller3 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT l3_ha True

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT router_distributed True

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT l3_ha True

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT l3_ha_net_cidr 169.254.192.0/18

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT max_l3_agents_per_router 3

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT min_l3_agents_per_router 2

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vxlan

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch,l2population

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks external

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs local_ip TUNNEL_INTERFACE_IP_ADDRESS

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings external:br-ex

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent enable_distributed_routing True

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent tunnel_types vxlan

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent l2_population True

[root@controller ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT ha_vrrp_auth_password password

[root@controller ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver openvswitch

[root@controller ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge 

[root@controller ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr_snat

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs local_ip TUNNEL_INTERFACE_IP_ADDRESS

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings external:br-ex

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent enable_distributed_routing True

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent tunnel_types vxlan

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent l2_population True

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver openvswitch

openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge 

openstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr

[root@controller1 ~]# openstack network agent list

+--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+

| ID                                   | Agent Type         | Host        | Availability Zone | Alive | State | Binary                    |

+--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+

| 1a4efb8b-aa65-4d4a-8092-7213592acd22 | Linux bridge agent | controller1 | None              | :-)   | UP    | neutron-linuxbridge-agent |

| 3b35bc6e-4cec-42e2-9fde-e99c601cf609 | DHCP agent         | controller3 | nova              | :-)   | UP    | neutron-dhcp-agent        |

| 42e57e23-eecb-490d-b709-d8e3730107e8 | DHCP agent         | controller2 | nova              | :-)   | UP    | neutron-dhcp-agent        |

| 6b2058a2-d3e3-4342-afbb-717338b1499f | Metadata agent     | controller1 | None              | :-)   | UP    | neutron-metadata-agent    |

| 750b5e5c-c7b6-4f48-ae2f-37580b6e03d9 | DHCP agent         | controller1 | nova              | :-)   | UP    | neutron-dhcp-agent        |

| 7e63ce46-3fd5-40ee-9f63-ee8cc52dd5a4 | Metadata agent     | controller3 | None              | :-)   | UP    | neutron-metadata-agent    |

| 92199bf0-08ef-4642-9557-c33360796405 | Linux bridge agent | controller2 | None              | :-)   | UP    | neutron-linuxbridge-agent |

| 9ae5bafa-0075-4408-b827-1be9bb1ccf99 | Linux bridge agent | controller3 | None              | :-)   | UP    | neutron-linuxbridge-agent |

| f1ed9e45-39e7-4980-aaec-10364e42263f | Metadata agent     | controller2 | None              | :-)   | UP    | neutron-metadata-agent    |

+--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+