OPENSTACK with OVS

# OPENSTACK with OVS ### 安裝環境 * CentOs 7 * OPENSTACK Rocky --- **[Controller]** 下載-套件 ``` yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y ``` 修改-config ``` # /etc/neutron/neutron.conf [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:fanguiju@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [database] connection = mysql+pymysql://neutron:fanguiju@controller/neutron [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = fanguiju [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = fanguiju [oslo_concurrency] lock_path = /var/lib/neutron/tmp ``` ``` # /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan # 因为实验环境 IP 地址不多，所以启动 VxLAN 网络类型 tenant_network_types = vxlan extension_drivers = port_security mechanism_drivers = openvswitch,l2population [securitygroup] enable_ipset = true [ml2_type_vxlan] vni_ranges = 1:1000 ``` ``` # /etc/neutron/plugins/ml2/openvswitch_agent.ini [ovs] ... # 物理网络隐射，OvS Bridge br-provider 需要手动创建 bridge_mappings = provider:br-provider # OVERLAY_INTERFACE_IP_ADDRESS local_ip = 192.168.168.100 [agent] ... tunnel_types = vxlan l2_population = True [securitygroup] ... firewall_driver = iptables_hybrid ``` ``` # /etc/neutron/l3_agent.ini [DEFAULT] ... interface_driver = openvswitch # The external_network_bridge option intentionally contains no value. external_network_bridge = ``` ``` # /etc/neutron/dhcp_agent.ini [DEFAULT] ... interface_driver = openvswitch dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true ``` ``` # /etc/neutron/metadata_agent.ini [DEFAULT] ... nova_metadata_host = controller metadata_proxy_shared_secret = password ``` ``` # /etc/nova/nova.conf ... [neutron] url = http://controller:9696 auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = fanguiju service_metadata_proxy = true metadata_proxy_shared_secret = fanguiju ``` 建立 symbolic link ``` ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini ``` Open vSwitch ``` systemctl enable openvswitch systemctl start openvswitch systemctl status openvswitch ``` ens224 應該為controller的provider介面卡 ``` ovs-vsctl add-br br-provider ovs-vsctl add-port br-provider ens224 ``` 驗證結果 ``` [root@controller ~]# ovs-vsctl show 8ef8d299-fc4c-407a-a937-5a1058ea3355 Bridge br-provider Port "ens224" Interface "ens224" Port br-provider Interface br-provider type: internal ovs_version: "2.10.1" ``` 因為我們是先跑過完整的OpenStack Installation Guide 所以這邊只需要重新啟動 Neutron資料庫 ``` su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron ``` 啟動服務 ``` systemctl restart openstack-nova-api.service systemctl enable neutron-server.service neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service systemctl start neutron-server.service neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service systemctl status neutron-server.service neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl start neutron-l3-agent.service systemctl status neutron-l3-agent.service ``` 此時,用ovs-vsctl show來看OVS的情況,會看到多了兩個bridge (br-tun, br-int).此外,各個bridge之間會有一些patch連接.如果沒出現新加的bridge以及patch,則表示設定有錯誤結果應該如下圖，確認是否正確 ``` [root@controller ~]# ovs-vsctl show 8ef8d299-fc4c-407a-a937-5a1058ea3355 Manager "ptcp:6640:127.0.0.1" is_connected: true Bridge br-tun Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure Port br-tun Interface br-tun type: internal Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Bridge br-int Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure Port int-br-provider Interface int-br-provider type: patch options: {peer=phy-br-provider} Port br-int Interface br-int type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Bridge br-provider Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure Port phy-br-provider Interface phy-br-provider type: patch options: {peer=int-br-provider} Port "ens224" Interface "ens224" Port br-provider Interface br-provider type: internal ovs_version: "2.10.1" ``` --- **[Compute]** 下載-套件 ``` yum install openstack-neutron-openvswitch ipset -y ``` 修改config ``` # /etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:fanguiju@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = fanguiju [oslo_concurrency] lock_path = /var/lib/neutron/tmp ``` ``` # /etc/neutron/plugins/ml2/openvswitch_agent.ini [ovs] ... local_ip = 192.168.168.102 [agent] ... tunnel_types = vxlan l2_population = True ``` ``` # /etc/nova/nova.conf ... [neutron] url = http://controller:9696 auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = fanguiju ``` Open vSwitch ``` systemctl enable openvswitch systemctl start openvswitch systemctl status openvswitch ``` 啟動服務 ``` systemctl restart openstack-nova-compute.service systemctl enable neutron-openvswitch-agent.service systemctl start neutron-openvswitch-agent.service systemctl status neutron-openvswitch-agent.service ``` 驗證結果 ``` [root@compute ~]# ovs-vsctl show 80d8929a-9dc8-411c-8d20-8f1d0d6e2056 Manager "ptcp:6640:127.0.0.1" is_connected: true Bridge br-tun Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure Port br-tun Interface br-tun type: internal Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Bridge br-int Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure Port br-int Interface br-int type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} ovs_version: "2.10.1 ``` 驗證服務是否正確開啟 ``` [root@controller ~]# source admin-openrc [root@controller ~]# openstack network agent list +--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+ | 41925586-9119-4709-bc23-4668433bd413 | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent | | 43281ac1-7699-4a81-a5b6-d4818f8cf8f9 | Open vSwitch agent | controller | None | :-) | UP | neutron-openvswitch-agent | | b815e569-c85d-4a37-84ea-7bdc5fe5653c | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent | | d1ef7214-d26c-42c8-ba0b-2a1580a44446 | L3 agent | controller | nova | :-) | UP | neutron-l3-agent | | f55311fc-635c-4985-ae6b-162f3fa8f886 | Open vSwitch agent | compute | None | :-) | UP | neutron-openvswitch-agent | +--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+ ``` > [手动部署 OpenStack Rocky 双节点](http://www.ishenping.com/ArtInfo/116900.html#Neutron_Open_vSwitch_mechanism_driverController_983) > [time=Mon, Jun 10, 2019 2:12 PM]