Water's Home

Just another Life Style

0%

Linux bridge & L3 HA

Posted on Edited on In , ,

Create OpenStack Service

[root@controller1 ~]# source admin-openrc
[root@controller1 ~]# openstack service create –name neutron –description “OpenStack Networking” network
+————-+———————————-+
Field Value
+————-+———————————-+
description OpenStack Networking
enabled True
id ad17484f2f19423b9ffe8ab2b451906d
name neutron
type network
+————-+———————————-+
[root@controller1 ~]# openstack endpoint create –region RegionOne network public http://controller:9696
+————–+———————————-+
Field Value
+————–+———————————-+
enabled True
id c4e2c0741118449d933107948c67651d
interface public
region RegionOne
region_id RegionOne
service_id ad17484f2f19423b9ffe8ab2b451906d
service_name neutron
service_type network
url http://controller:9696
+————–+———————————-+
[root@controller1 ~]# openstack endpoint create –region RegionOne network internal http://controller:9696
+————–+———————————-+
Field Value
+————–+———————————-+
enabled True
id f35d94a749ae47d68b243a90015493bb
interface internal
region RegionOne
region_id RegionOne
service_id ad17484f2f19423b9ffe8ab2b451906d
service_name neutron
service_type network
url http://controller:9696
+————–+———————————-+
[root@controller1 ~]# openstack endpoint create –region RegionOne network admin http://controller:9696
+————–+———————————-+
Field Value
+————–+———————————-+
enabled True
id 61e469452d914b78aabbf4bcc0a51732
interface admin
region RegionOne
region_id RegionOne
service_id ad17484f2f19423b9ffe8ab2b451906d
service_name neutron
service_type network
url http://controller:9696
+————–+———————————-+

Install OpenStack Neutron

[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset -y

Configure Neutron

[root@controller1 ~]# cp /etc/neutron/neutron.conf{,.bak2}
[root@controller1 ~]# echo ‘

[DEFAULT]
bind_port = 9696
bind_host = controller1
core_plugin = ml2
service_plugins =
#service_plugins = trunk
#service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:openstack@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller1:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

[nova]
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = nova

[database]
connection = mysql://neutron:neutron@controller:3306/neutron

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
#’>/etc/neutron/neutron.conf

Configure ML2

[root@controller1 ~]# cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
[root@controller1 ~]# echo ‘#

[ml2]
tenant_network_types =
type_drivers = vlan,flat
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = True
#vlan

[ml2_type_valn]

network_vlan_ranges = provider:3001:4000

#’>/etc/neutron/plugins/ml2/ml2_conf.ini
[root@controller1 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

Configure Linux Bridge

[root@controller1 ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
[root@controller1 ~]# echo ‘#

[linux_bridge]
physical_interface_mappings = provider:’ens37’
[vxlan]
enable_vxlan = false
[agent]
prevent_arp_spoofing = True
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = True
#’>/etc/neutron/plugins/ml2/linuxbridge_agent.ini

Configure DHCP

[root@controller1 ~]# cp /etc/neutron/dhcp_agent.ini{,.bak}
[root@controller1 ~]# echo ‘#

[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
#’>/etc/neutron/dhcp_agent.ini

Configure Metadata

[root@controller1 ~]# cp /etc/neutron/metadata_agent.ini{,.bak}
[root@controller1 ~]# echo ‘

[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = metadata
#’>/etc/neutron/metadata_agent.ini

Configure Nova

[root@controller1 ~]# cp /etc/nova/nova.conf{,.bak}
[root@controller1 ~]# echo ‘

[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = metadata
#’>>/etc/nova/nova.conf

Configure L3

[root@controller1 ~]# cp /etc/neutron/l3_agent.ini{,.bak}
[root@controller1 ~]#
[root@controller1 ~]# echo ‘

[DEFAULT]
interface_driver = linuxbridge
#’>/etc/neutron/l3_agent.ini

Synchronize Database

[root@controller1 ~]# su -s /bin/sh -c “neutron-db-manage –config-file /etc/neutron/neutron.conf –config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head” neutron
[root@controller1 ~]# mysql -h controller -u neutron -pneutron -e “use neutron;show tables;”

Configure HAProxy For Neutron API

[root@controller1 ~]# echo ‘

#Neutron_API
listen Neutron_API_cluster
bind controller:9696
balance source
option tcpka
option tcplog
server controller1 controller1:9696 check inter 2000 rise 2 fall 5
server controller2 controller2:9696 check inter 2000 rise 2 fall 5
server controller3 controller3:9696 check inter 2000 rise 2 fall 5
‘>>/etc/haproxy/haproxy.cfg
[root@controller1 ~]# ‘
[root@controller1 ~]# systemctl restart haproxy.service
[root@controller1 ~]# netstat -antpgrep haproxy
tcp 0 0 192.168.220.20:9292 0.0.0.0:* LISTEN 76948/haproxy
tcp 0 0 0.0.0.0:1080 0.0.0.0:* LISTEN 76948/haproxy
tcp 0 0 192.168.220.20:35357 0.0.0.0:* LISTEN 76948/haproxy
tcp 0 0 192.168.220.20:9696 0.0.0.0:* LISTEN 76948/haproxy
tcp 0 0 192.168.220.20:5000 0.0.0.0:* LISTEN 76948/haproxy

Start Neutron Service

[root@controller1 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller1 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller1 ~]# systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

Configure Controller Node 2 & Start Service

[root@controller2 ~]# rsync -avzP -e ‘ssh -p 22’ controller1:/etc/nova/* /etc/nova/
[root@controller2 ~]# sed -i ‘s/controller1/controller2/‘ /etc/neutron/neutron.conf
[root@controller2 ~]# rsync -avzP -e ‘ssh -p 22’ controller1:/etc/haproxy/* /etc/haproxy/
[root@controller2 ~]# systemctl restart haproxy
[root@controller2 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller2 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

Configure Controller Node 3 & Start Service

[root@controller3 ~]# rsync -avzP -e ‘ssh -p 22’ controller1:/etc/neutron/* /etc/neutron/
[root@controller3 ~]# sed -i ‘s/controller1/controller3/‘ /etc/neutron/neutron.conf
[root@controller3 ~]# rsync -avzP -e ‘ssh -p 22’ controller1:/etc/haproxy/* /etc/haproxy/
[root@controller3 ~]# systemctl restart haproxy
[root@controller3 ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller3 ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

Configure L3 HA on Controller node

[root@controller ~]# openstack-config –set /etc/neutron/neutron.conf DEFAULT l3_ha True
[root@controller ~]# openstack-config –set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
[root@controller ~]# openstack-config –set /etc/neutron/neutron.conf DEFAULT service_plugins router
[root@controller ~]# openstack-config –set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
[root@controller ~]# openstack-config –set /etc/neutron/neutron.conf DEFAULT router_distributed True
[root@controller ~]# openstack-config –set /etc/neutron/neutron.conf DEFAULT l3_ha True
[root@controller ~]# openstack-config –set /etc/neutron/neutron.conf DEFAULT l3_ha_net_cidr 169.254.192.0/18
[root@controller ~]# openstack-config –set /etc/neutron/neutron.conf DEFAULT max_l3_agents_per_router 3
[root@controller ~]# openstack-config –set /etc/neutron/neutron.conf DEFAULT min_l3_agents_per_router 2

[root@controller ~]# openstack-config –set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vxlan
[root@controller ~]# openstack-config –set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
[root@controller ~]# openstack-config –set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch,l2population
[root@controller ~]# openstack-config –set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
[root@controller ~]# openstack-config –set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks external
[root@controller ~]# openstack-config –set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000

[root@controller ~]# openstack-config –set /etc/neutron/plugins/ml2/ml2_conf.ini ovs local_ip TUNNEL_INTERFACE_IP_ADDRESS
[root@controller ~]# openstack-config –set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings external:br-ex
[root@controller ~]# openstack-config –set /etc/neutron/plugins/ml2/ml2_conf.ini agent enable_distributed_routing True
[root@controller ~]# openstack-config –set /etc/neutron/plugins/ml2/ml2_conf.ini agent tunnel_types vxlan
[root@controller ~]# openstack-config –set /etc/neutron/plugins/ml2/ml2_conf.ini agent l2_population True

[root@controller ~]# openstack-config –set /etc/neutron/l3_agent.ini DEFAULT ha_vrrp_auth_password password
[root@controller ~]# openstack-config –set /etc/neutron/l3_agent.ini DEFAULT interface_driver openvswitch
[root@controller ~]# openstack-config –set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge
[root@controller ~]# openstack-config –set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr_snat

Configure L3 HA on Compute Node

openstack-config –set /etc/neutron/plugins/ml2/ml2_conf.ini ovs local_ip TUNNEL_INTERFACE_IP_ADDRESS
openstack-config –set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings external:br-ex

openstack-config –set /etc/neutron/plugins/ml2/ml2_conf.ini agent enable_distributed_routing True
openstack-config –set /etc/neutron/plugins/ml2/ml2_conf.ini agent tunnel_types vxlan
openstack-config –set /etc/neutron/plugins/ml2/ml2_conf.ini agent l2_population True

openstack-config –set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

openstack-config –set /etc/neutron/l3_agent.ini DEFAULT interface_driver openvswitch
openstack-config –set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge
openstack-config –set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr

Verify Service

[root@controller1 ~]# openstack network agent list
+————————————–+——————–+————-+——————-+——-+——-+—————————+
ID Agent Type Host Availability Zone Alive State Binary
+————————————–+——————–+————-+——————-+——-+——-+—————————+
1a4efb8b-aa65-4d4a-8092-7213592acd22 Linux bridge agent controller1 None :-) UP neutron-linuxbridge-agent
3b35bc6e-4cec-42e2-9fde-e99c601cf609 DHCP agent controller3 nova :-) UP neutron-dhcp-agent
42e57e23-eecb-490d-b709-d8e3730107e8 DHCP agent controller2 nova :-) UP neutron-dhcp-agent
6b2058a2-d3e3-4342-afbb-717338b1499f Metadata agent controller1 None :-) UP neutron-metadata-agent
750b5e5c-c7b6-4f48-ae2f-37580b6e03d9 DHCP agent controller1 nova :-) UP neutron-dhcp-agent
7e63ce46-3fd5-40ee-9f63-ee8cc52dd5a4 Metadata agent controller3 None :-) UP neutron-metadata-agent
92199bf0-08ef-4642-9557-c33360796405 Linux bridge agent controller2 None :-) UP neutron-linuxbridge-agent
9ae5bafa-0075-4408-b827-1be9bb1ccf99 Linux bridge agent controller3 None :-) UP neutron-linuxbridge-agent
f1ed9e45-39e7-4980-aaec-10364e42263f Metadata agent controller2 None :-) UP neutron-metadata-agent
+————————————–+——————–+————-+——————-+——-+——-+—————————+