Linux bridge & L3 HA

Create OpenStack Service

  1. [root@controller1 ~]# source admin-openrc 
  2. [root@controller1 ~]# openstack service create --name neutron --description "OpenStack Networking" network
  3. +-------------+----------------------------------+
  4. | Field       | Value                            |
  5. +-------------+----------------------------------+
  6. | description | OpenStack Networking             |
  7. | enabled     | True                             |
  8. | id          | ad17484f2f19423b9ffe8ab2b451906d |
  9. | name        | neutron                          |
  10. | type        | network                          |
  11. +-------------+----------------------------------+
  12. [root@controller1 ~]# openstack endpoint create --region RegionOne network public http://controller:9696
  13. +--------------+----------------------------------+
  14. | Field        | Value                            |
  15. +--------------+----------------------------------+
  16. | enabled      | True                             |
  17. | id           | c4e2c0741118449d933107948c67651d |
  18. | interface    | public                           |
  19. | region       | RegionOne                        |
  20. | region_id    | RegionOne                        |
  21. | service_id   | ad17484f2f19423b9ffe8ab2b451906d |
  22. | service_name | neutron                          |
  23. | service_type | network                          |
  24. | url          | http://controller:9696           |
  25. +--------------+----------------------------------+
  26. [root@controller1 ~]# openstack endpoint create --region RegionOne network internal http://controller:9696
  27. +--------------+----------------------------------+
  28. | Field        | Value                            |
  29. +--------------+----------------------------------+
  30. | enabled      | True                             |
  31. | id           | f35d94a749ae47d68b243a90015493bb |
  32. | interface    | internal                         |
  33. | region       | RegionOne                        |
  34. | region_id    | RegionOne                        |
  35. | service_id   | ad17484f2f19423b9ffe8ab2b451906d |
  36. | service_name | neutron                          |
  37. | service_type | network                          |
  38. | url          | http://controller:9696           |
  39. +--------------+----------------------------------+
  40. [root@controller1 ~]# openstack endpoint create --region RegionOne network admin http://controller:9696
  41. +--------------+----------------------------------+
  42. | Field        | Value                            |
  43. +--------------+----------------------------------+
  44. | enabled      | True                             |
  45. | id           | 61e469452d914b78aabbf4bcc0a51732 |
  46. | interface    | admin                            |
  47. | region       | RegionOne                        |
  48. | region_id    | RegionOne                        |
  49. | service_id   | ad17484f2f19423b9ffe8ab2b451906d |
  50. | service_name | neutron                          |
  51. | service_type | network                          |
  52. | url          | http://controller:9696           |
  53. +--------------+----------------------------------+

Install OpenStack Neutron

  1. [root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset -y

Configure Neutron

  1. [root@controller1 ~]# cp /etc/neutron/neutron.conf{,.bak2}
  2. [root@controller1 ~]# echo '
  3. > [DEFAULT]
  4. > bind_port = 9696
  5. > bind_host = controller1
  6. > core_plugin = ml2
  7. > service_plugins =
  8. > #service_plugins = trunk
  9. > #service_plugins = router
  10. > allow_overlapping_ips = true
  11. > transport_url = rabbit://openstack:openstack@controller
  12. > auth_strategy = keystone
  13. > notify_nova_on_port_status_changes = true
  14. > notify_nova_on_port_data_changes = true
  15. > 
  16. > [keystone_authtoken]
  17. > auth_uri = http://controller:5000
  18. > auth_url = http://controller:35357
  19. > memcached_servers = controller1:11211
  20. > auth_type = password
  21. > project_domain_name = default
  22. > user_domain_name = default
  23. > project_name = service
  24. > username = neutron
  25. > password = neutron
  26. > 
  27. > [nova]
  28. > auth_url = http://controller:35357
  29. > auth_plugin = password
  30. > project_domain_id = default
  31. > user_domain_id = default
  32. > region_name = RegionOne
  33. > project_name = service
  34. > username = nova
  35. > password = nova
  36. > 
  37. > [database]
  38. > connection = mysql://neutron:neutron@controller:3306/neutron
  39. > 
  40. > [oslo_concurrency]
  41. > lock_path = /var/lib/neutron/tmp 
  42. > #'>/etc/neutron/neutron.conf

Configure ML2

  1. [root@controller1 ~]# cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
  2. [root@controller1 ~]# echo '#
  3. > [ml2]
  4. > tenant_network_types = 
  5. > type_drivers = vlan,flat
  6. > mechanism_drivers = linuxbridge
  7. > extension_drivers = port_security
  8. > [ml2_type_flat]
  9. > flat_networks = provider
  10. > [securitygroup]
  11. > enable_ipset = True
  12. > #vlan
  13. > # [ml2_type_valn]
  14. > # network_vlan_ranges = provider:3001:4000
  15. > #'>/etc/neutron/plugins/ml2/ml2_conf.ini
  16. [root@controller1 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

Configure Linux Bridge

  1. [root@controller1 ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
  2. [root@controller1 ~]# echo '#
  3. > [linux_bridge]
  4. > physical_interface_mappings = provider:'ens37'
  5. > [vxlan]
  6. > enable_vxlan = false
  7. > [agent]
  8. > prevent_arp_spoofing = True
  9. > [securitygroup]
  10. > firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
  11. > enable_security_group = True
  12. > #'>/etc/neutron/plugins/ml2/linuxbridge_agent.ini

Configure DHCP

  1. [root@controller1 ~]# cp /etc/neutron/dhcp_agent.ini{,.bak}
  2. [root@controller1 ~]# echo '#
  3. > [DEFAULT]
  4. > interface_driver = linuxbridge
  5. > dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
  6. > enable_isolated_metadata = true
  7. > #'>/etc/neutron/dhcp_agent.ini

Configure Metadata

  1. [root@controller1 ~]# cp /etc/neutron/metadata_agent.ini{,.bak}
  2. [root@controller1 ~]# echo '
  3. > [DEFAULT]
  4. > nova_metadata_ip = controller
  5. > metadata_proxy_shared_secret = metadata
  6. > #'>/etc/neutron/metadata_agent.ini

Configure Nova

  1. [root@controller1 ~]# cp /etc/nova/nova.conf{,.bak}
  2. [root@controller1 ~]# echo '
  3. > #
  4. > [neutron]
  5. > url = http://controller:9696
  6. > auth_url = http://controller:35357
  7. > auth_type = password
  8. > project_domain_name = default
  9. > user_domain_name = default
  10. > region_name = RegionOne
  11. > project_name = service
  12. > username = neutron
  13. > password = neutron
  14. > service_metadata_proxy = true
  15. > metadata_proxy_shared_secret = metadata
  16. > #'>>/etc/nova/nova.conf

Configure L3

  1. [root@controller1 ~]# cp /etc/neutron/l3_agent.ini{,.bak}
  2. [root@controller1 ~]# 
  3. [root@controller1 ~]# echo '
  4. > [DEFAULT]
  5. > interface_driver = linuxbridge
  6. > #'>/etc/neutron/l3_agent.ini

Synchronize Database

  1. [root@controller1 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
  2. [root@controller1 ~]# mysql -h controller -u neutron -pneutron -e "use neutron;show tables;"

Configure HAProxy For Neutron API

  1. [root@controller1 ~]# echo '
  2. > #Neutron_API
  3. > listen Neutron_API_cluster
  4. > bind controller:9696
  5. > balance source
  6. > option tcpka
  7. > option tcplog
  8. > server controller1 controller1:9696 check inter 2000 rise 2 fall 5
  9. > server controller2 controller2:9696 check inter 2000 rise 2 fall 5
  10. > server controller3 controller3:9696 check inter 2000 rise 2 fall 5
  11. > '>>/etc/haproxy/haproxy.cfg
  12. [[email protected] ~]# '
  13. [root@controller1 ~]# systemctl restart haproxy.service
  14. [root@controller1 ~]# netstat -antp|grep haproxy
  15. tcp        0      0 192.168.220.20:9292     0.0.0.0:*               LISTEN      76948/haproxy       
  16. tcp        0      0 0.0.0.0:1080            0.0.0.0:*               LISTEN      76948/haproxy       
  17. tcp        0      0 192.168.220.20:35357    0.0.0.0:*               LISTEN      76948/haproxy       
  18. tcp        0      0 192.168.220.20:9696     0.0.0.0:*               LISTEN      76948/haproxy       
  19. tcp        0      0 192.168.220.20:5000     0.0.0.0:*               LISTEN      76948/haproxy

Start Neutron Service

  1. [root@controller1 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
  2. [root@controller1 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
  3. [root@controller1 ~]# systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

Configure Controller Node 2 & Start Service

  1. [root@controller2 ~]# rsync -avzP -e 'ssh -p 22' controller1:/etc/nova/* /etc/nova/
  2. [root@controller2 ~]# sed -i 's/controller1/controller2/' /etc/neutron/neutron.conf
  3. [root@controller2 ~]# rsync -avzP -e 'ssh -p 22' controller1:/etc/haproxy/* /etc/haproxy/
  4. [root@controller2 ~]# systemctl restart haproxy
  5. [root@controller2 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
  6. [root@controller2 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

Configure Controller Node 3 & Start Service

  1. [root@controller3 ~]# rsync -avzP -e 'ssh -p 22' controller1:/etc/neutron/* /etc/neutron/
  2. [root@controller3 ~]# sed -i 's/controller1/controller3/' /etc/neutron/neutron.conf
  3. [root@controller3 ~]# rsync -avzP -e 'ssh -p 22' controller1:/etc/haproxy/* /etc/haproxy/
  4. [root@controller3 ~]# systemctl restart haproxy
  5. [root@controller3 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
  6. [root@controller3 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

Configure L3 HA on Controller node

  1. [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT l3_ha True
  2. [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
  3. [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
  4. [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
  5. [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT router_distributed True
  6. [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT l3_ha True
  7. [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT l3_ha_net_cidr 169.254.192.0/18
  8. [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT max_l3_agents_per_router 3
  9. [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT min_l3_agents_per_router 2
  10.  
  11. [root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vxlan
  12. [root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
  13. [root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch,l2population
  14. [root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
  15. [root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks external
  16. [root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
  17.  
  18. [root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs local_ip TUNNEL_INTERFACE_IP_ADDRESS
  19. [root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings external:br-ex
  20. [root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent enable_distributed_routing True
  21. [root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent tunnel_types vxlan
  22. [root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent l2_population True
  23.  
  24. [root@controller ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT ha_vrrp_auth_password password
  25. [root@controller ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver openvswitch
  26. [root@controller ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge 
  27. [root@controller ~]# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr_snat

Configure L3 HA on Compute Node

  1. openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs local_ip TUNNEL_INTERFACE_IP_ADDRESS
  2. openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings external:br-ex
  3.  
  4. openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent enable_distributed_routing True
  5. openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent tunnel_types vxlan
  6. openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent l2_population True
  7.  
  8. openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
  9.  
  10. openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver openvswitch
  11. openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge 
  12. openstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr

Verify Service

  1. [root@controller1 ~]# openstack network agent list
  2. +--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+
  3. | ID                                   | Agent Type         | Host        | Availability Zone | Alive | State | Binary                    |
  4. +--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+
  5. | 1a4efb8b-aa65-4d4a-8092-7213592acd22 | Linux bridge agent | controller1 | None              | :-)   | UP    | neutron-linuxbridge-agent |
  6. | 3b35bc6e-4cec-42e2-9fde-e99c601cf609 | DHCP agent         | controller3 | nova              | :-)   | UP    | neutron-dhcp-agent        |
  7. | 42e57e23-eecb-490d-b709-d8e3730107e8 | DHCP agent         | controller2 | nova              | :-)   | UP    | neutron-dhcp-agent        |
  8. | 6b2058a2-d3e3-4342-afbb-717338b1499f | Metadata agent     | controller1 | None              | :-)   | UP    | neutron-metadata-agent    |
  9. | 750b5e5c-c7b6-4f48-ae2f-37580b6e03d9 | DHCP agent         | controller1 | nova              | :-)   | UP    | neutron-dhcp-agent        |
  10. | 7e63ce46-3fd5-40ee-9f63-ee8cc52dd5a4 | Metadata agent     | controller3 | None              | :-)   | UP    | neutron-metadata-agent    |
  11. | 92199bf0-08ef-4642-9557-c33360796405 | Linux bridge agent | controller2 | None              | :-)   | UP    | neutron-linuxbridge-agent |
  12. | 9ae5bafa-0075-4408-b827-1be9bb1ccf99 | Linux bridge agent | controller3 | None              | :-)   | UP    | neutron-linuxbridge-agent |
  13. | f1ed9e45-39e7-4980-aaec-10364e42263f | Metadata agent     | controller2 | None              | :-)   | UP    | neutron-metadata-agent    |
  14. +--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+

Leave a Reply

Your email address will not be published. Required fields are marked *