OpenStack Zed : Configure Neutron OVN (Network Node)2022/10/07 |
Configure OpenStack Network Service (Neutron).
This example is based on the environment like follows.
Configure Neutron services with Open Virtual Network (OVN). ------------+-----------------------------+-----------------------------+------------ | | | eth0|10.0.0.30 eth0|10.0.0.50 eth0|10.0.0.51 +-----------+-----------+ +-----------+-----------+ +-----------+-----------+ | [ dlp.srv.world ] | | [ network.srv.world ] | | [ node01.srv.world ] | | (Control Node) | | (Network Node) | | (Compute Node) | | | | | | | | MariaDB RabbitMQ | | Open vSwitch | | Libvirt | | Memcached Nginx | | Neutron Server | | Nova Compute | | Keystone httpd | | OVN-Northd | | Open vSwitch | | Glance Nova API | | Nginx | | OVN Metadata Agent | | | | | | OVN-Controller | +-----------------------+ +-----------------------+ +-----------------------+ |
[1] |
Create a user and endpoints, Database for Neutron on Control Node, refer to here.
On the example of the link, Neutron Server (API) is installed on Control Node, but on this example, Neutron Server is installed on Network Node, so replace the Endpoints of Neutron to [10.0.0.50]. |
[2] | Configure OpenStack Zed repository on Network Node, refer to here of [3], next, Install required packages for Network Node. |
root@network:~# apt -y install neutron-server neutron-plugin-ml2 python3-neutronclient ovn-central openvswitch-switch nginx libnginx-mod-stream
|
[3] | Configure Neutron Server. |
root@network:~# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.org
root@network:~#
vi /etc/neutron/neutron.conf # create new [DEFAULT] bind_host = 127.0.0.1 bind_port = 9696 core_plugin = ml2 service_plugins = ovn-router auth_strategy = keystone state_path = /var/lib/neutron allow_overlapping_ips = True notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True # RabbitMQ connection info transport_url = rabbit://openstack:password@dlp.srv.world # Keystone auth info [keystone_authtoken] www_authenticate_uri = https://dlp.srv.world:5000 auth_url = https://dlp.srv.world:5000 memcached_servers = dlp.srv.world:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = servicepassword # if using self-signed certs on Apache2 Keystone, turn to [true] insecure = false [database] connection = mysql+pymysql://neutron:password@dlp.srv.world/neutron_ml2 [nova] auth_url = https://dlp.srv.world:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = servicepassword # if using self-signed certs on Apache2 Keystone, turn to [true] insecure = false [oslo_concurrency] lock_path = $state_path/tmp
root@network:~#
chmod 640 /etc/neutron/neutron.conf root@network:~# chgrp neutron /etc/neutron/neutron.conf
root@network:~#
mv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.org root@network:~# vi /etc/neutron/plugins/ml2/ml2_conf.ini # create new
[DEFAULT]
debug = false
[ml2]
type_drivers = flat,geneve
tenant_network_types = geneve
mechanism_drivers = ovn
extension_drivers = port_security
overlay_ip_version = 4
[ml2_type_geneve]
vni_ranges = 1:65536
max_header_size = 38
[ml2_type_flat]
flat_networks = *
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovn]
# IP address of this Network node
ovn_nb_connection = tcp:10.0.0.50:6641
ovn_sb_connection = tcp:10.0.0.50:6642
ovn_l3_scheduler = leastloaded
ovn_metadata_enabled = True
root@network:~#
chmod 640 /etc/neutron/plugins/ml2/ml2_conf.ini root@network:~# chgrp neutron /etc/neutron/plugins/ml2/ml2_conf.ini
root@network:~#
vi /etc/default/openvswitch-switch # line 8 : uncomment and add OVS_CTL_OPTS= "--ovsdb-server-options='--remote=ptcp:6640:127.0.0.1'"
|
[4] | Get valid SSL/TLS certificate or Create self-signed certificate for Network Node and configure Nginx for proxy settings. |
root@network:~# unlink /etc/nginx/sites-enabled/default
root@network:~#
vi /etc/nginx/nginx.conf # add to the end stream { upstream neutron-api { server 127.0.0.1:9696; } server { listen 10.0.0.50:9696 ssl; proxy_pass neutron-api; } ssl_certificate "/etc/letsencrypt/live/network.srv.world/fullchain.pem"; ssl_certificate_key "/etc/letsencrypt/live/network.srv.world/privkey.pem"; } |
[5] | Start Neutron services. |
root@network:~#
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini root@network:~# su -s /bin/bash neutron -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head"
root@network:~#
root@network:~# systemctl restart ovn-central ovn-northd root@network:~# ovn-nbctl set-connection ptcp:6641:10.0.0.50 -- set connection . inactivity_probe=60000 root@network:~# ovn-sbctl set-connection ptcp:6642:10.0.0.50 -- set connection . inactivity_probe=60000
systemctl restart neutron-server nginx
|
Sponsored Link |
|