Ubuntu 22.04
Sponsored Link

OpenStack Zed : Configure Neutron OVN (Network Node)
2022/10/07
 
Configure OpenStack Network Service (Neutron).
This example is based on the environment like follows.
Configure Neutron services with Open Virtual Network (OVN).
------------+-----------------------------+-----------------------------+------------
            |                             |                             |
        eth0|10.0.0.30                eth0|10.0.0.50                eth0|10.0.0.51
+-----------+-----------+     +-----------+-----------+     +-----------+-----------+
|   [ dlp.srv.world ]   |     | [ network.srv.world ] |     |  [ node01.srv.world ] |
|     (Control Node)    |     |     (Network Node)    |     |     (Compute Node)    |
|                       |     |                       |     |                       |
|  MariaDB    RabbitMQ  |     |      Open vSwitch     |     |        Libvirt        |
|  Memcached  Nginx     |     |     Neutron Server    |     |      Nova Compute     |
|  Keystone   httpd     |     |      OVN-Northd       |     |      Open vSwitch     |
|  Glance     Nova API  |     |         Nginx         |     |   OVN Metadata Agent  |
|                       |     |                       |     |     OVN-Controller    |
+-----------------------+     +-----------------------+     +-----------------------+

[1]
Create a user and endpoints, Database for Neutron on Control Node, refer to here.
On the example of the link, Neutron Server (API) is installed on Control Node,
but on this example, Neutron Server is installed on Network Node,
so replace the Endpoints of Neutron to [10.0.0.50].
[2] Configure OpenStack Zed repository on Network Node, refer to here of [3], next, Install required packages for Network Node.
root@network:~#
apt -y install neutron-server neutron-plugin-ml2 python3-neutronclient ovn-central openvswitch-switch nginx libnginx-mod-stream
[3] Configure Neutron Server.
root@network:~#
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.org

root@network:~#
vi /etc/neutron/neutron.conf
# create new

[DEFAULT]
bind_host = 127.0.0.1
bind_port = 9696
core_plugin = ml2
service_plugins = ovn-router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
# RabbitMQ connection info
transport_url = rabbit://openstack:password@dlp.srv.world

# Keystone auth info
[keystone_authtoken]
www_authenticate_uri = https://dlp.srv.world:5000
auth_url = https://dlp.srv.world:5000
memcached_servers = dlp.srv.world:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = servicepassword
# if using self-signed certs on Apache2 Keystone, turn to [true]
insecure = false

[database]
connection = mysql+pymysql://neutron:password@dlp.srv.world/neutron_ml2

[nova]
auth_url = https://dlp.srv.world:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = servicepassword
# if using self-signed certs on Apache2 Keystone, turn to [true]
insecure = false

[oslo_concurrency]
lock_path = $state_path/tmp

root@network:~#
chmod 640 /etc/neutron/neutron.conf

root@network:~#
chgrp neutron /etc/neutron/neutron.conf
root@network:~#
mv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.org

root@network:~#
vi /etc/neutron/plugins/ml2/ml2_conf.ini
# create new

[DEFAULT]
debug = false

[ml2]
type_drivers = flat,geneve
tenant_network_types = geneve
mechanism_drivers = ovn
extension_drivers = port_security
overlay_ip_version = 4

[ml2_type_geneve]
vni_ranges = 1:65536
max_header_size = 38

[ml2_type_flat]
flat_networks = *

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovn]
# IP address of this Network node
ovn_nb_connection = tcp:10.0.0.50:6641
ovn_sb_connection = tcp:10.0.0.50:6642
ovn_l3_scheduler = leastloaded
ovn_metadata_enabled = True

root@network:~#
chmod 640 /etc/neutron/plugins/ml2/ml2_conf.ini

root@network:~#
chgrp neutron /etc/neutron/plugins/ml2/ml2_conf.ini
root@network:~#
vi /etc/default/openvswitch-switch
# line 8 : uncomment and add

OVS_CTL_OPTS=
"--ovsdb-server-options='--remote=ptcp:6640:127.0.0.1'"
[4] Get valid SSL/TLS certificate or Create self-signed certificate for Network Node and configure Nginx for proxy settings.
root@network:~#
unlink /etc/nginx/sites-enabled/default

root@network:~#
vi /etc/nginx/nginx.conf
# add to the end

stream {
    upstream neutron-api {
        server 127.0.0.1:9696;
    }
    server {
        listen 10.0.0.50:9696 ssl;
        proxy_pass neutron-api;
    }
    ssl_certificate "/etc/letsencrypt/live/network.srv.world/fullchain.pem";
    ssl_certificate_key "/etc/letsencrypt/live/network.srv.world/privkey.pem";
}
[5] Start Neutron services.
root@network:~#
systemctl restart openvswitch-switch

root@network:~#
ovs-vsctl add-br br-int
root@network:~#
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

root@network:~#
su -s /bin/bash neutron -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head"
root@network:~#
systemctl restart ovn-central ovn-northd

root@network:~#
ovn-nbctl set-connection ptcp:6641:10.0.0.50 -- set connection . inactivity_probe=60000

root@network:~#
ovn-sbctl set-connection ptcp:6642:10.0.0.50 -- set connection . inactivity_probe=60000
root@network:~#
systemctl restart neutron-server nginx
Matched Content