openstack - neutron 설치

############################

#### controller node 설치 #######

############################

 

[root@controller ~]# mysql -u root -p

MariaDB [(none)]> create database neutron;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant  all privileges on neutron.* to neutron@'localhost' identified by 'neutron';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant  all privileges on neutron.* to neutron@'%' identified by 'neutron';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

 

[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 ebtables -y

 

[root@controller ~]# source ~/keystonerc
[root@controller ~]# openstack user create --domain default --project service --password-prompt neutron
User Password: neutron
Repeat User Password: neutron

 

[root@controller ~]# openstack role add --project service --user neutron admin
[root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network

 

[root@controller ~]# openstack endpoint create --region RegionOne network public http://192.168.100.110:9696

[root@controller ~]# openstack endpoint create --region RegionOne network internal http://192.168.100.110:9696

[root@controller ~]# openstack endpoint create --region RegionOne network admin http://192.168.100.110:9696

 

[root@controller ~]# openstack user list

[root@controller ~]# openstack service list

[root@controller ~]# openstack catalog list

[root@controller ~]# openstack endpoint list | grep neutron

 

[root@controller ~]# cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak

[root@controller ~]# vi /etc/neutron/neutron.conf

[DEFAULT]
core_plugin = ml2
service_plugins = router
dhcp_agent_notification = True
allow_overlapping_ips = true
transport_url = rabbit://openstack:password@192.168.100.110
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

 

[agent]

root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

 

[keystone_authtoken]
www_authenticate_uri = http://192.168.100.110:5000
auth_url = http://192.168.100.110:5000
memcached_servers = 192.168.100.110:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

 

[database]
connection = mysql+pymysql://neutron:neutron@192.168.100.110/neutron

 

[nova]
auth_url = http://192.168.100.110:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova

[oslo_concurrency]
lock_path = /var/lib/neutron/lock

 

 

 

 

[root@controller ~]# chmod 640 /etc/neutron/neutron.conf

[root@controller ~]# chgrp neutron /etc/neutron/neutron.conf

 

[root@controller ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
mechanism_drivers = linuxbridge,openvswitch,l2population
extension_drivers = port_security

 

[securitygroup]

firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

enable_security_group = true

enable_ipset = true

 

 

[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

 

[root@controller ~]# vi /etc/nova/nova.conf

[DEFAULT]

enabled_apis = osapi_compute,metadata

transport_url = rabbit://openstack:password@192.168.100.110

my_ip = 192.168.100.110

use_neutron = true  //추가

linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver    //추가

firewall_driver = nova.virt.firewall.NoopFirewallDriver

 

[neutron]
url = http://192.168.100.110:9696
auth_url = http://192.168.100.110:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = metadata_secret

 

 

[root@controller ~]# su -s /bin/bash neutron -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head"

....

  OK

 

[root@controller ~]# systemctl enable neutron-server

[root@controller ~]# systemctl start neutron-server
[root@controller ~]# systemctl restart openstack-nova-api

[root@controller ~]# lsof -i tcp:9696

[root@controller ~]# ls -l /var/log/neutron/

 

 

###########################

#### network node 설치 #######

###########################

[root@network ~]# vi /etc/sysctl.conf

net.ipv4.ip_forward=1

net.ipv4.conf.default.rp_filter=0

net.ipv4.conf.all.rp_filter=0

 

[root@network ~]# sysctl -p

[root@network ~]# cat /proc/sys/net/ipv4/ip_forward
[root@network ~]# cat /proc/sys/net/ipv4/conf/default/rp_filter

[root@network ~]# cat /proc/sys/net/ipv4/conf/all/rp_filter

 

[root@network ~]# yum -y install centos-release-openstack-rocky

[root@network ~]# yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch

 

 

[root@network ~]# cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak

[root@network ~]# vi /etc/neutron/neutron.conf

[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
allow_overlapping_ips = true
transport_url = rabbit://openstack:password@192.168.100.110

 

[agent]

root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

 

[keystone_authtoken]
www_authenticate_uri = http://192.168.100.110:5000
auth_url = http://192.168.100.110:5000
memcached_servers = 192.168.100.110:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

 

[oslo_concurrency]
lock_path = /var/lib/neutron/lock

 

[root@network ~]# chmod 640 /etc/neutron/neutron.conf

[root@network ~]# chgrp neutron /etc/neutron/neutron.conf

 

 

[root@network ~]# vi /etc/neutron/l3_agent.ini

[DEFAULT]

interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

...

external_network_bridge =         //주석제거

 

 

[root@network ~]# vi /etc/neutron/dhcp_agent.ini

[DEFAULT]

interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq               //주석제거

enable_isolated_metadata = True                     //주석제거, true 변경

 

[root@network ~]# vi /etc/neutron/metadata_agent.ini

nova_metadata_host = 192.168.100.110

nova_metadata_port = 8775

metadata_proxy_shared_secret = metadata_secret

 

[root@network ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]

type_drivers = flat,vlan,gre,vxlan

tenant_network_types =

mechanism_drivers = linuxbridge,openvswitch,l2population

extension_drivers = port_security

 

[securitygroup]

firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

enable_security_group = true

enable_ipset = true

 

 

[root@network ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

 

[root@network ~]# systemctl enable neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent neutron-openvswitch-agent openvswitch

[root@network ~]# systemctl start neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent neutron-openvswitch-agent openvswitch

 

[root@network ~]# yum install python-openstackclient -y

[root@network ~]# source ~/keystonerc
[root@network ~]# openstack network agent list

 

 

############################

#### compute node 설치 #######

############################

[root@compute ~]# vi /etc/sysctl.conf

net.ipv4.conf.default.rp_filter=0

net.ipv4.conf.all.rp_filter=0

 

[root@compute ~]# sysctl -p

net.ipv4.conf.default.rp_filter = 0

net.ipv4.conf.all.rp_filter = 0

[root@compute ~]# cat /proc/sys/net/ipv4/conf/default/rp_filter

0

[root@compute ~]# cat /proc/sys/net/ipv4/conf/all/rp_filter

0

 

[root@compute ~]# yum install -y openstack-neutron-ml2 openstack-neutron-openvswitch openstack-nova-api openstack-neutron

 

 

 

[root@compute ~]# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak

[root@compute ~]# cp /etc/neutron/neutron.conf.bak /etc/neutron/neutron.conf

[root@compute ~]# vi /etc/neutron/neutron.conf

[DEFAULT]
core_plugin = ml2
service_plugins =
auth_strategy = keystone
allow_overlapping_ips = True
transport_url = rabbit://openstack:password@192.168.100.110

 

[agent]

root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

 

[keystone_authtoken]
www_authenticate_uri = http://192.168.100.110:5000
auth_url = http://192.168.100.110:5000
memcached_servers = 192.168.100.110:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

 

[oslo_concurrency]
lock_path = /var/lib/neutron/lock

 

 

[root@compute ~]# chmod 640 /etc/neutron/neutron.conf

[root@compute ~]# chgrp neutron /etc/neutron/neutron.conf

 

[root@compute ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
mechanism_drivers = linuxbridge,openvswitch,l2population
extension_drivers = port_security

 

[securitygroup]

firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

enable_security_group = true

enable_ipset = true

 

 

[root@compute ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

 

[root@compute ~]# vi /etc/nova/nova.conf

[DEFAULT]

enabled_apis = osapi_compute,metadata

transport_url = rabbit://openstack:password@192.168.100.110

my_ip = 192.168.100.111

 

use_neutron = true

linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver

 

firewall_driver = nova.virt.firewall.NoopFirewallDriver

vif_plugging_is_fatal = True

vif_plugging_timeout = 300

 

[neutron]
url = http://192.168.100.110:9696
auth_url = http://192.168.100.110:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = metadata_secret

 

 

 

[root@compute ~]# systemctl restart openstack-nova-compute openstack-nova-metadata-api
[root@compute ~]# systemctl enable openstack-nova-compute openstack-nova-metadata-api

 

[root@compute ~]# systemctl enable neutron-openvswitch-agent

[root@compute ~]# systemctl start neutron-openvswitch-agent

[root@compute ~]# ls -l /var/log/neutron/

total 4

-rw-r--r--. 1 neutron neutron 1514 Jan 19 02:43 openvswitch-agent.log

 

 

[root@compute ~]# source ~/keystonerc
[root@compute ~]# openstack network agent list

[root@compute ~]# ps -ef | grep nova

[root@compute ~]# openstack compute service list

[root@compute ~]# lsof -i tcp:8775

 

--------------------------------------

[root@controller ~]# neutron ext-list  //프로세스 시작되면 여러 기능들 확인가능

[root@controller ~]# openstack network agent list  //neutron 전체 목록

 

참조 : it00.tistory.com/19?category=808035