Install Configure OpenStack Network Service (Neutron)
Based on OpenStack Icehouse releaseconfigure neutron controller node:
1. on keystone node
mysql -uroot -p
mysql> create database neutron;
mysql> grant all privileges on neutron.* to 'neutron'@'localhost' identified by 'NEUTRON-DBPASS';
mysql> grant all privileges on neutron.* to 'neutron'@'%' identified by 'NEUTRON-DBPASS';
mysql> flush privileges;
# Create a neutron user
keystone user-create --tenant service --name neutron --pass NEUTRON-USER-PASSWORD
# Add role to the neutron user
keystone user-role-add --user neutron --tenant service --role admin
# Create the neutron service
keystone service-create --name=neutron --type=network --description="Neutron Network Service"
# Create a Networking endpoint
keystone endpoint-create --region RegionOne --service neutron --publicurl=http://NEUTRON-SERVER:9696 --internalurl=http://NEUTRON-SERVER:9696 --adminurl=http://NEUTRON-SERVER:9696
2. on neutron server node, here we use keystone node on it
yum -y install openstack-neutron openstack-neutron-ml2 python-neutronclient
yum -y update iproute
yum -y install kernel-2.6.32-358.123.2.openstack.el6.x86_64.rpm
reboot
3. vi /etc/neutron/neutron.conf
connection=mysql://neutron:neutron@MYSQL-SERVER/neutron
auth_strategy=keystone
auth_host=controller
auth_port = 35357
auth_protocol = http
auth_uri=http://controller:5000
admin_tenant_name=service
admin_user=neutron
admin_password=NEUTRON-USER-PASSWORD
rpc_backend=neutron.openstack.common.rpc.impl_qpid
qpid_hostname=controller
notify_nova_on_port_status_changes=True
notify_nova_on_port_data_changes=True
nova_url=http://controller:8774/v2
nova_admin_username=nova
nova_admin_tenant_id=$(keystone tenant-list | awk '/service/ { print $2 }')
nova_admin_password=NOVA-USER-PASSWORD
nova_admin_auth_url=http://controller:35357/v2.0
core_plugin=ml2
service_plugins=router
verbose = True
Comment out any lines in the section
4. vi /etc/neutron/plugins/ml2/ml2_conf.ini
type_drivers=gre
tenant_network_types=gre
mechanism_drivers=openvswitch
tunnel_id_ranges=1:1000
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group=True
5. on nova controller node
vi /etc/nova/nova.conf
network_api_class=nova.network.neutronv2.api.API
neutron_url=http://NEUTRON-SERVER:9696
neutron_auth_strategy=keystone
neutron_admin_tenant_name=service
neutron_admin_username=neutron
neutron_admin_password=NEUTRON-USER-PASSWORD
neutron_admin_auth_url=http://controller:35357/v2.0
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver=nova.virt.firewall.NoopFirewallDriver
security_group_api=neutron
vif_plugging_is_fatal=false
vif_plugging_timeout=0
7. cd /etc/neutron
ln -s plugins/ml2/ml2_conf.ini plugin.ini
8. service openstack-nova-api restart; service openstack-nova-scheduler restart; service openstack-nova-conductor restart
9. chown -R neutron:neutron /etc/neutron /var/log/neutron
service neutron-server start; chkconfig neutron-server on
Neutron Network Node:
1. service NetworkManager stop; chkconfig NetworkManager off
service network start; chkconfig network on
disable firewall and selinux
service iptables stop; chkconfig iptables off
service ip6tables stop; chkconfig ip6tables off
2. eth0 for management/public/floating (192.168.1.0/24), eth1 for internal/flat (192.168.30.0/24), it's recommended to use seperated nic for management network
vi /etc/sysconfig/network-scripts/ifcfg-eth2
DEVICE=eth2
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none
3. set hostname in /etc/sysconfig/network and /etc/hosts
192.168.1.10 controller
192.168.1.11 node1
192.168.1.12 neutronnet
4. yum -y install ntp
vi /etc/ntp.conf
server 192.168.1.10
restrict 192.168.1.10
service ntpd start; chkconfig ntpd on
5. yum -y installhttp://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm
yum -y install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum -y install mysql MySQL-python
6. yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch
yum -y update iproute
yum -y install kernel-2.6.32-358.123.2.openstack.el6.x86_64.rpm
reboot
7. Enable packet forwarding and disable packet destination filtering
vi /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
sysctl -p
8. vi /etc/neutron/neutron.conf
auth_strategy = keystone
auth_host=controller
auth_port = 35357
auth_protocol = http
auth_uri=http://controller:5000
admin_tenant_name=service
admin_user=neutron
admin_password=NEUTRON-USER-PASSWORD
rpc_backend=neutron.openstack.common.rpc.impl_qpid
qpid_hostname=controller
core_plugin=ml2
service_plugins=router
verbose = True
Comment out any lines in the section
9. vi /etc/neutron/l3_agent.ini
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces=True
verbose = True
vi /etc/neutron/dhcp_agent.ini
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver=neutron.agent.linux.dhcp.Dnsmasq
use_namespaces=True
verbose = True
10. vi /etc/neutron/metadata_agent.ini
auth_url = http://controller:5000/v2.0
auth_region = RegionOne
admin_tenant_name = service
admin_user = neutron
admin_password = NEUTRON-USER-PASSWORD
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA-PASSWORD
verbose = True
11. on nova controller node
vi /etc/nova/nova.conf
neutron_metadata_proxy_shared_secret=METADATA-PASSWORD
service_neutron_metadata_proxy=true
service openstack-nova-api restart
12. vi /etc/neutron/plugins/ml2/ml2_conf.ini
type_drivers=gre
tenant_network_types=gre
mechanism_drivers=openvswitch
tunnel_id_ranges=1:1000
local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS #192.168.30.12
tunnel_type = gre
enable_tunneling = True
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group=True
13. service openvswitch start; chkconfig openvswitch on
ovs-vsctl add-br br-int
ovs-vsctl add-br br-ex
ovs-vsctl add-port br-ex eth2
ethtool -K eth2 gro off
ethtool -k eth2
vi /etc/sysconfig/network-scripts/ifcfg-eth2
ETHTOOL_OPTS="-K ${DEVICE} gro off"
14. cd /etc/neutron
ln -s plugins/ml2/ml2_conf.ini plugin.ini
15. cp /etc/init.d/neutron-openvswitch-agent /etc/init.d/neutronopenvswitch-agent.orig
sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' /etc/init.d/neutron-openvswitch-agent
16. chown -R neutron:neutron /etc/neutron /var/log/neutron
for s in neutron-{dhcp,metadata,l3,openvswitch}-agent; do
service $s start
chkconfig $s on
done
Neutron Compute Node:
1. service NetworkManager stop; chkconfig NetworkManager off
service network start; chkconfig network on
disable firewall and selinux
service iptables stop; chkconfig iptables off
service ip6tables stop; chkconfig ip6tables off
2. eth0 for management/public/floating (192.168.1.0/24), eth1 for internal/flat (192.168.30.0/24), it's recommended to use seperated nic for management network
3. set hostname in /etc/sysconfig/network and /etc/hosts
192.168.1.10 controller
192.168.1.11 node1
192.168.1.12 neutronnet
4. yum -y install qemu-kvm libvirt python-virtinst bridge-utils
# make sure modules are loaded
lsmod | grep kvm
service libvirtd start; chekconfig libvirtd on
service messagebus start; chkconfig messagebus on
5. yum -y install ntp
vi /etc/ntp.conf
server 192.168.1.10
restrict 192.168.1.10
service ntpd start; chkconfig ntpd on
6. yum -y install http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm
yum -y install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum -y install mysql MySQL-python openstack-utils
7. yum install -y openstack-nova-compute
8. vi /etc/nova/nova.conf
connection=mysql://nova:NOVA-DATABASE-PASSWORD@MYSQL-SERVER/nova
auth_strategy=keystone
auth_host=controller
auth_port=35357
auth_protocol=http
auth_uri=http://controller:5000
admin_user=nova
admin_password=NOVA-USER-PASSWORD
admin_tenant_name=service
rpc_backend=nova.openstack.common.rpc.impl_qpid
qpid_hostname=controller
my_ip=192.168.1.11
vnc_enabled=true
vncserver_listen=0.0.0.0
vncserver_proxyclient_address=192.168.1.11
novncproxy_base_url=http://controller:6080/vnc_auto.html
glance_host=controller
9. egrep -c '(vmx|svm)' /proc/cpuinfo
If this command returns a value of one or greater, do nothiong
If this command returns a value of zero, set libvirt_type=qemu in nova.conf
10. chown -R nova:nova /etc/nova /var/log/nova
service openstack-nova-compute start; chkconfig openstack-nova-compute on
now for neutron plugin agent:
11. disable packet destination filtering
vi /etc/sysctl.conf
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
sysctl -p
12. yum -y install openstack-neutron-ml2 openstack-neutron-openvswitch
yum -y update iproute
yum -y install kernel-2.6.32-358.123.2.openstack.el6.x86_64.rpm
reboot
13. vi /etc/neutron/neutron.conf
auth_strategy = keystone
auth_host=controller
auth_port = 35357
auth_protocol = http
auth_uri=http://controller:5000
admin_tenant_name=service
admin_user=neutron
admin_password=NEUTRON-USER-PASSWORD
rpc_backend=neutron.openstack.common.rpc.impl_qpid
qpid_hostname = controller
core_plugin=ml2
service_plugins=router
verbose = True
Comment out any lines in the section
14. vi /etc/neutron/plugins/ml2/ml2_conf.ini
type_drivers=gre
tenant_network_types=gre
mechanism_drivers=openvswitch
tunnel_id_ranges=1:1000
local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS #192.168.30.11
tunnel_type = gre
enable_tunneling = True
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group=True
15. service openvswitch start; chkconfig openvswitch on
ovs-vsctl add-br br-int
16. vi /etc/nova/nova.conf
network_api_class=nova.network.neutronv2.api.API
neutron_url=http://NEUTRON-SERVER:9696
neutron_auth_strategy=keystone
neutron_admin_tenant_name=service
neutron_admin_username=neutron
neutron_admin_password=NEUTRON-USER-PASSWORD
neutron_admin_auth_url=http://controller:35357/v2.0
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver=nova.virt.firewall.NoopFirewallDriver
security_group_api=neutron
vif_plugging_is_fatal=false
vif_plugging_timeout=0
17. cd /etc/neutron
ln -s plugins/ml2/ml2_conf.ini plugin.ini
18. cp /etc/init.d/neutron-openvswitch-agent /etc/init.d/neutronopenvswitch-agent.orig
sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' /etc/init.d/neutron-openvswitch-agent
service openstack-nova-compute restart
19. chown -R neutron:neutron /etc/neutron /var/log/neutron
service neutron-openvswitch-agent start; chkconfig neutron-openvswitch-agent on
creating neutron network
on controller node:
1. to check neutron-server is communicating with its agents
neutron agent-list
source ~/adminrc (through step 1~2)
# create external network
neutron net-create ext-net --shared --router:external=True [ --provider:network_type gre --provider:segmentation_id SEG_ID ]
Note: SEG_ID is the tunnel id.
2. # create subnet on external network
neutron subnet-create ext-net --name ext-subnet --allocation-pool start=FLOATING_IP_START,end=FLOATING_IP_END --disable-dhcp --gateway EXTERNAL_NETWORK_GATEWAY EXTERNAL_NETWORK_CIDR
neutron subnet-create ext-net --name ext-subnet --allocation-pool start=192.168.1.200,end=192.168.1.210 --disable-dhcp --dns-nameserver 210.22.84.3 --dns-nameserver 210.22.70.3 --gateway 192.168.1.1 192.168.1.0/24
3. # create tenant network
source ~/demo1rc(through step 3~7)
neutron net-create demo-net
4. # create subnet on tenant network
neutron subnet-create demo-net --name demo-subnet --gateway TENANT_NETWORK_GATEWAY TENANT_NETWORK_CIDR
neutron subnet-create demo-net --name demo-subnet --dns-nameserver x.x.x.x --gateway 10.10.10.1 10.10.10.0/24
5. # create virtual router to connect external and tenant network
neutron router-create demo-router
6. # Attach the router to the tenant subnet
neutron router-interface-add demo-router demo-subnet
7. # Attach the router to the external network by setting it as the gateway
neutron router-gateway-set demo-router ext-net
Note: the tenant router gateway should occupy the lowest IP address inthe floating IP address range -- 192.168.1.200
neutron net-list
neutron subnet-list
neutron router-port-list demo-router
Launch Instances
for demo1 tenant:
source ~/demo1rc
neutron security-group-create --description "Test Security Group" test-sec
# permit ICMP
neutron security-group-rule-create --protocol icmp --direction ingress --remote-ip-prefix 0.0.0.0/0 test-sec
# permit ssh
neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 --direction ingress --remote-ip-prefix 0.0.0.0/0 test-sec
neutron security-group-rule-list
nova keypair-add demokey > demokey.pem
nova keypair-list
nova flavor-list
nova image-list
neutron net-list
neutron subnet-list
demonet=`neutron net-list | grep demo-net | awk '{ print $2 }'`
nova boot --flavor 1 --image "CirrOS 0.3.2" --key-name demokey --security-groups test-sec --nic net-id=$demonet CirrOS
Notes: you should have enough memory on KVM nodes, or you will not get instances created.
1. you can use vmware workstation to build images, then upload to glance using dashboard
ubuntu
1). vi /etc/hosts to remove 127.0.1.1. item
2). enable ssh login
3). enable dhcp client on interface
4). enable normal username/password
5). set root password
centos/redhat
1). rm -rf /etc/ssh/ssh_host_*
2). vi /etc/sysconfig/network-scripts/ifcfg-ethX to remove HWADDR and UUID items
3). rm -rf /etc/udev/rules.d/70-persistent-net.rules
4). enable ssh login
5). enable dhcp client on interface (also vi /etc/sysconfig/network, /etc/resolv.conf)
6). enable normal username/password
7). set root password
2. launch instance without keypair
nova commands:
nova list; nova show CirrOS
nova stop CirrOS
nova start CirrOS
# get vnc console address via web browser:
nova get-vnc-console CirrOS novnc
# Create a floating IP addresson the ext-net external network
neutron floatingip-create ext-net
neutron floatingip-list
# Associate the floating IP address with your instance even it's running
nova floating-ip-associate CirrOS 192.168.1.201
( nova floating-ip-disassociate cirros 192.168.1.201 )
nova list
ping 192.168.1.201 (floating ip)
using xshell or putty to ssh -i demokey.pem cirros@192.168.1.201(username: cirros, password: cubswin:))
[ for ubuntu cloud image: username is ubuntu, for fedora cloud image: username is fedora ]
now we can ping and ssh to 192.168.1.201, and CirrOS can access Internet now.
Notes: you should have enough space in /var/lib/nova/instances for store VMs, you can mount partition to it ( using local or shared storages).
Fixed IP addresses with OpenStack Neutron for tenant networks
neutron subnet-list
neutron subnet-show demo-subnet
neutron port-create demo-net --fixed-ip ip_address=10.10.10.10 --name VM-NAME
nova boot --flavor 1 --image "CirrOS 0.3.2" --key-name demokey --security-groups test-sec --nic port-id=xxx VM-NAME
Access novnc console from Internetmethod1
1. add another interface face to Internet on nova controller (normally keystone+dashboard node)
2. assign a public ip address
3. on computer node, vi /etc/nova/nova.conf
novncproxy_base_url=http://public_ip_address_of_nova_controller:6080/vnc_auto.html
service openstack-nova-compute restart
4. nova get-vnc-console CirrOS novnc
http://public_ip_address_of_nova_controller:6080/vnc_auto.html?token=4f9c1f7e-4288-4fda-80ad-c1154a954673
Access novnc console from Internetmethod2
1. you can publish dashboard web site to Internet (normally keystone+dashboard node)
2. on computer node, vi /etc/nova/nova.conf
novncproxy_base_url=http://public_ip_address_of_firewall:6080/vnc_auto.html
service openstack-nova-compute restart
3. nova get-vnc-console CirrOS novnc
http://public_ip_address_of_firewall:6080/vnc_auto.html?token=4f9c1f7e-4288-4fda-80ad-c1154a954673
页:
[1]