Linux bridge & L3 HA – Water's Home

Create OpenStack Service

[root@controller1 ~]# source admin-openrc

[root@controller1 ~]# openstack service create --name neutron --description "OpenStack Networking" network

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | OpenStack Networking             |

| enabled     | True                             |

| id          | ad17484f2f19423b9ffe8ab2b451906d |

| name        | neutron                          |

| type        | network                          |

+-------------+----------------------------------+

[root@controller1 ~]# openstack endpoint create --region RegionOne network public http://controller:9696

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | c4e2c0741118449d933107948c67651d |

| interface    | public                           |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | ad17484f2f19423b9ffe8ab2b451906d |

| service_name | neutron                          |

| service_type | network                          |

| url          | http://controller:9696           |

+--------------+----------------------------------+

[root@controller1 ~]# openstack endpoint create --region RegionOne network internal http://controller:9696

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | f35d94a749ae47d68b243a90015493bb |

| interface    | internal                         |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | ad17484f2f19423b9ffe8ab2b451906d |

| service_name | neutron                          |

| service_type | network                          |

| url          | http://controller:9696           |

+--------------+----------------------------------+

[root@controller1 ~]# openstack endpoint create --region RegionOne network admin http://controller:9696

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 61e469452d914b78aabbf4bcc0a51732 |

| interface    | admin                            |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | ad17484f2f19423b9ffe8ab2b451906d |

| service_name | neutron                          |

| service_type | network                          |

| url          | http://controller:9696           |

+--------------+----------------------------------+

Install OpenStack Neutron

[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset -y

Configure Neutron

[root@controller1 ~]# cp /etc/neutron/neutron.conf{,.bak2}

```
[root@controller1 ~]# echo '
```
```
> [DEFAULT]
```
```
> bind_port = 9696
```
```
> bind_host = controller1
```
```
> core_plugin = ml2
```
```
> service_plugins =
```
```
> #service_plugins = trunk
```
```
> #service_plugins = router
```
```
> allow_overlapping_ips = true
```

> transport_url = rabbit://openstack:openstack@controller

```
> auth_strategy = keystone
```

> notify_nova_on_port_status_changes = true

> notify_nova_on_port_data_changes = true

```
> 
```
```
> [keystone_authtoken]
```
```
> auth_uri = http://controller:5000
```
```
> auth_url = http://controller:35357
```
```
> memcached_servers = controller1:11211
```
```
> auth_type = password
```
```
> project_domain_name = default
```
```
> user_domain_name = default
```
```
> project_name = service
```
```
> username = neutron
```
```
> password = neutron
```
```
> 
```
```
> [nova]
```
```
> auth_url = http://controller:35357
```
```
> auth_plugin = password
```
```
> project_domain_id = default
```
```
> user_domain_id = default
```
```
> region_name = RegionOne
```
```
> project_name = service
```
```
> username = nova
```
```
> password = nova
```
```
> 
```
```
> [database]
```

> connection = mysql://neutron:neutron@controller:3306/neutron

```
> 
```
```
> [oslo_concurrency]
```
```
> lock_path = /var/lib/neutron/tmp 
```
```
> #'>/etc/neutron/neutron.conf
```

Configure ML2

[root@controller1 ~]# cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}

```
[root@controller1 ~]# echo '#
```
```
> [ml2]
```
```
> tenant_network_types = 
```
```
> type_drivers = vlan,flat
```
```
> mechanism_drivers = linuxbridge
```
```
> extension_drivers = port_security
```
```
> [ml2_type_flat]
```
```
> flat_networks = provider
```
```
> [securitygroup]
```
```
> enable_ipset = True
```
```
> #vlan
```
```
> # [ml2_type_valn]
```

> # network_vlan_ranges = provider:3001:4000

> #'>/etc/neutron/plugins/ml2/ml2_conf.ini

[root@controller1 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

Configure Linux Bridge

[root@controller1 ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}

```
[root@controller1 ~]# echo '#
```
```
> [linux_bridge]
```

> physical_interface_mappings = provider:'ens37'

```
> [vxlan]
```
```
> enable_vxlan = false
```
```
> [agent]
```
```
> prevent_arp_spoofing = True
```
```
> [securitygroup]
```

> firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

```
> enable_security_group = True
```

> #'>/etc/neutron/plugins/ml2/linuxbridge_agent.ini

Configure DHCP

[root@controller1 ~]# cp /etc/neutron/dhcp_agent.ini{,.bak}

```
[root@controller1 ~]# echo '#
```
```
> [DEFAULT]
```
```
> interface_driver = linuxbridge
```

> dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

```
> enable_isolated_metadata = true
```
```
> #'>/etc/neutron/dhcp_agent.ini
```

Configure Metadata

[root@controller1 ~]# cp /etc/neutron/metadata_agent.ini{,.bak}

```
[root@controller1 ~]# echo '
```
```
> [DEFAULT]
```
```
> nova_metadata_ip = controller
```

> metadata_proxy_shared_secret = metadata

```
> #'>/etc/neutron/metadata_agent.ini
```

Configure Nova

[root@controller1 ~]# cp /etc/nova/nova.conf{,.bak}

```
[root@controller1 ~]# echo '
```
```
> #
```
```
> [neutron]
```
```
> url = http://controller:9696
```
```
> auth_url = http://controller:35357
```
```
> auth_type = password
```
```
> project_domain_name = default
```
```
> user_domain_name = default
```
```
> region_name = RegionOne
```
```
> project_name = service
```
```
> username = neutron
```
```
> password = neutron
```
```
> service_metadata_proxy = true
```

> metadata_proxy_shared_secret = metadata

```
> #'>>/etc/nova/nova.conf
```

Configure L3

[root@controller1 ~]# cp /etc/neutron/l3_agent.ini{,.bak}

```
[root@controller1 ~]# 
```
```
[root@controller1 ~]# echo '
```
```
> [DEFAULT]
```
```
> interface_driver = linuxbridge
```
```
> #'>/etc/neutron/l3_agent.ini
```

Synchronize Database

[root@controller1 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

[root@controller1 ~]# mysql -h controller -u neutron -pneutron -e "use neutron;show tables;"

Configure HAProxy For Neutron API

```
[root@controller1 ~]# echo '
```
```
> #Neutron_API
```
```
> listen Neutron_API_cluster
```
```
> bind controller:9696
```
```
> balance source
```
```
> option tcpka
```
```
> option tcplog
```

> server controller1 controller1:9696 check inter 2000 rise 2 fall 5

> server controller2 controller2:9696 check inter 2000 rise 2 fall 5

> server controller3 controller3:9696 check inter 2000 rise 2 fall 5

```
> '>>/etc/haproxy/haproxy.cfg
```
```
[[email protected] ~]# '
```

[root@controller1 ~]# systemctl restart haproxy.service

[root@controller1 ~]# netstat -antp|grep haproxy

tcp        0      0 192.168.220.20:9292     0.0.0.0:*               LISTEN      76948/haproxy

tcp        0      0 0.0.0.0:1080            0.0.0.0:*               LISTEN      76948/haproxy

tcp        0      0 192.168.220.20:35357    0.0.0.0:*               LISTEN      76948/haproxy

tcp        0      0 192.168.220.20:9696     0.0.0.0:*               LISTEN      76948/haproxy

tcp        0      0 192.168.220.20:5000     0.0.0.0:*               LISTEN      76948/haproxy

Start Neutron Service

[root@controller1 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

[root@controller1 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

[root@controller1 ~]# systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

Configure Controller Node 2 & Start Service

[root@controller2 ~]# rsync -avzP -e 'ssh -p 22' controller1:/etc/nova/* /etc/nova/

[root@controller2 ~]# sed -i 's/controller1/controller2/' /etc/neutron/neutron.conf

[root@controller2 ~]# rsync -avzP -e 'ssh -p 22' controller1:/etc/haproxy/* /etc/haproxy/

[root@controller2 ~]# systemctl restart haproxy

[root@controller2 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

[root@controller2 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

Configure Controller Node 3 & Start Service

[root@controller3 ~]# rsync -avzP -e 'ssh -p 22' controller1:/etc/neutron/* /etc/neutron/

[root@controller3 ~]# sed -i 's/controller1/controller3/' /etc/neutron/neutron.conf

[root@controller3 ~]# rsync -avzP -e 'ssh -p 22' controller1:/etc/haproxy/* /etc/haproxy/

[root@controller3 ~]# systemctl restart haproxy

[root@controller3 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

[root@controller3 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

Configure L3 HA on Controller node

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT l3_ha True

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT router_distributed True

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT l3_ha True

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT l3_ha_net_cidr 169.254.192.0/18

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT max_l3_agents_per_router 3

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT min_l3_agents_per_router 2

```
 
```

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vxlan

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch,l2population

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks external

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000

```
 
```

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs local_ip TUNNEL_INTERFACE_IP_ADDRESS

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings external:br-ex

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent enable_distributed_routing True

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent tunnel_types vxlan

[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent l2_population True

```
 
```

[root@controller ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT ha_vrrp_auth_password password

[root@controller ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver openvswitch

[root@controller ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge

[root@controller ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr_snat

Configure L3 HA on Compute Node

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs local_ip TUNNEL_INTERFACE_IP_ADDRESS

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings external:br-ex

```
 
```

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent enable_distributed_routing True

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent tunnel_types vxlan

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent l2_population True

```
 
```

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

```
 
```

openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver openvswitch

openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge

openstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr

Verify Service

[root@controller1 ~]# openstack network agent list

+--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+

| ID                                   | Agent Type         | Host        | Availability Zone | Alive | State | Binary                    |

+--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+

| 1a4efb8b-aa65-4d4a-8092-7213592acd22 | Linux bridge agent | controller1 | None              | :-)   | UP    | neutron-linuxbridge-agent |

| 3b35bc6e-4cec-42e2-9fde-e99c601cf609 | DHCP agent         | controller3 | nova              | :-)   | UP    | neutron-dhcp-agent        |

| 42e57e23-eecb-490d-b709-d8e3730107e8 | DHCP agent         | controller2 | nova              | :-)   | UP    | neutron-dhcp-agent        |

| 6b2058a2-d3e3-4342-afbb-717338b1499f | Metadata agent     | controller1 | None              | :-)   | UP    | neutron-metadata-agent    |

| 750b5e5c-c7b6-4f48-ae2f-37580b6e03d9 | DHCP agent         | controller1 | nova              | :-)   | UP    | neutron-dhcp-agent        |

| 7e63ce46-3fd5-40ee-9f63-ee8cc52dd5a4 | Metadata agent     | controller3 | None              | :-)   | UP    | neutron-metadata-agent    |

| 92199bf0-08ef-4642-9557-c33360796405 | Linux bridge agent | controller2 | None              | :-)   | UP    | neutron-linuxbridge-agent |

| 9ae5bafa-0075-4408-b827-1be9bb1ccf99 | Linux bridge agent | controller3 | None              | :-)   | UP    | neutron-linuxbridge-agent |

| f1ed9e45-39e7-4980-aaec-10364e42263f | Metadata agent     | controller2 | None              | :-)   | UP    | neutron-metadata-agent    |

+--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+

Create OpenStack Service

Install OpenStack Neutron

Configure Neutron

Configure ML2

Configure Linux Bridge

Configure DHCP

Configure Metadata

Configure Nova

Configure L3

Synchronize Database

Configure HAProxy For Neutron API

Start Neutron Service

Configure Controller Node 2 & Start Service

Configure Controller Node 3 & Start Service

Configure L3 HA on Controller node

Configure L3 HA on Compute Node

Verify Service

Leave a Reply Cancel reply