openstack L版本(openvswitch的安装和应用)

参考L版本的linuxbridge的安装方式
和k版本的ovs方式结合修改

注意

systemctl stop NetworkManager
 

否则各种坑

[url]https://review.openstack.org/#/c/258493/1/neutron/agent/linux/ip_lib.py [/url]
☆★★★★★★★★★★★★controller node begin★★★★★★★★★★★★
■■■■■■■■安装controller节点nova begin■■■■■■■■■■■■■■■■■■■
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'vcontroller' IDENTIFIED BY 'haoning';
flush privileges;

openstack user create --password haoning nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region wuhan compute public http://vcontroller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region wuhan compute internal http://vcontroller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region wuhan compute admin http://vcontroller:8774/v2/%\(tenant_id\)s


yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient -y

-----------------
/etc/nova/nova.conf
[database]
connection = mysql://nova:haoning@vcontroller/nova

[DEFAULT]
rpc_backend = rabbit

[oslo_messaging_rabbit]
rabbit_host = vcontroller
rabbit_userid = openstack
rabbit_password = haoning

[DEFAULT]
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://vcontroller:5000
auth_url = http://vcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = haoning

[DEFAULT]
my_ip = 192.168.139.74

[DEFAULT]
#network_api_class = nova.network.neutronv2.api.API
#security_group_api = neutron
#linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
#firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
host = vcontroller
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[DEFAULT]
enabled_apis=osapi_compute,metadata
[DEFAULT]
verbose = True


su -s /bin/sh -c "nova-manage db sync" nova


systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

systemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
■■■■■■■■安装controller节点nova end■■■■■■■■■■■■■■■■■■■

■■■■■■■■安装compute节点nova begin■■■■■■■■■■■■■■■■■■■
yum install openstack-nova-compute sysfsutils -y
----------------
/etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit

[oslo_messaging_rabbit]
rabbit_host = vcontroller
rabbit_userid = openstack
rabbit_password = haoning

[DEFAULT]
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://vcontroller:5000
auth_url = http://vcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = haoning

[DEFAULT]
my_ip = 192.168.139.72

[DEFAULT]
vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 192.168.139.72
novncproxy_base_url = http://vcontroller:6080/vnc_auto.html

[glance]
host = vcontroller
[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[DEFAULT]
verbose = True

[libvirt]
#virt_type = qemu

systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service


nova service-list
nova endpoints
nova image-list

■■■■■■■■安装compute节点nova end■■■■■■■■■■■■■■■■■■■■■■■
------------------------------------------------neutron------------------------------------
■■■■■■■■安装controller节点neutron begin■■■■■■■■■■■■■■■■■■■
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'vcontroller' IDENTIFIED BY 'haoning';
flush privileges;


openstack user create --password haoning neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network

openstack endpoint create --region wuhan network public http://vcontroller:9696
openstack endpoint create --region wuhan network internal http://vcontroller:9696
openstack endpoint create --region wuhan network admin http://vcontroller:9696


yum install openstack-neutron openstack-neutron-ml2 python-neutronclient which -y

--------------------
/etc/neutron/neutron.conf
[database]
connection = mysql://neutron:haoning@vcontroller/neutron

[DEFAULT]
rpc_backend = rabbit

[oslo_messaging_rabbit]
rabbit_host = vcontroller
rabbit_userid = openstack
rabbit_password = haoning

[DEFAULT]
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://vcontroller:5000
auth_url = http://vcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
#################
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True

[DEFAULT]
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://vcontroller:8774/v2

[nova]
auth_url = http://vcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = nova
password = haoning

[DEFAULT]
verbose = True

-------------------------
/etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch

[ml2_type_gre]
tunnel_id_ranges = 1:1000

[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver


-------------------
/etc/nova/nova.conf

[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[neutron]
url = http://vcontroller:9696
auth_url = http://vcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = neutron
password = haoning

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

systemctl restart openstack-nova-api.service
systemctl restart openstack-nova-scheduler.service
systemctl restart openstack-nova-conductor.service
####一步一步执行,否则会有错误assert cur is not self.greenlet, 'Cannot switch to MAINLOOP from MAINLOOP


systemctl enable neutron-server.service
systemctl start neutron-server.service


neutron ext-list



-----network node---
--------------
/etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
sysctl -p
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch

------------------
/etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit

[oslo_messaging_rabbit]
rabbit_host = vcontroller
rabbit_userid = openstack
rabbit_password = haoning

[DEFAULT]
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://vcontroller:5000
auth_url = http://vcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning

[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True

[DEFAULT]
verbose = True


/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch

#In the [ml2_type_flat] section, configure the external flat provider network:
[ml2_type_flat]
flat_networks = external

[ml2_type_gre]
tunnel_id_ranges = 1:1000

#In the [securitygroup] section, enable security groups, enable ipset, and configure the OVS iptables firewall driver:
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

#In the [ovs] section, enable tunnels, configure the local tunnel endpoint, and map the external flat provider network to the br-ex external network bridge:
[ovs]
local_ip = 192.168.139.74
bridge_mappings = external:br-ex
#Replace INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS with the IP address of the instance tunnels network interface on your network node.

#In the [agent] section, enable GRE tunnels:
[agent]
tunnel_types = gre

---------------
/etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge =
router_delete_namespaces = True
verbose = True

---------------
/etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
dhcp_delete_namespaces = True
verbose = True

[DEFAULT]
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf


---------------------
/etc/neutron/dnsmasq-neutron.conf
dhcp-option-force=26,1454

pkill dnsmasq


-----------------------
/etc/neutron/metadata_agent.ini
[DEFAULT]
auth_uri = http://vcontroller:5000
auth_url = http://vcontroller:35357
auth_region = wuhan
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning

[DEFAULT]
nova_metadata_ip = vcontroller

[DEFAULT]
metadata_proxy_shared_secret = METADATA_SECRET

[DEFAULT]
verbose = True


----------
/etc/nova/nova.conf
[neutron]
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET


systemctl restart openstack-nova-api.service


systemctl enable openvswitch.service
systemctl start openvswitch.service


ovs-vsctl add-br br-ex
####ovs-vsctl add-port br-ex eth0

cp /etc/sysconfig/network-scripts/ifcfg-eth0  /etc/sysconfig/network-scripts/ifcfg-br-ex

[root@vcontroller network-scripts]# cat ifcfg-br-ex
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=no
PEERROUTES=no
IPV4_FAILURE_FATAL=no
IPV6INIT=no
NAME=br-ex
ONBOOT=yes
DEVICE=br-ex
IPADDR=192.168.139.74
NETMASK=255.255.240.0
GATEWAY=192.168.128.1
DEVICETYPE=ovs
TYPE=OVSBridge

[root@vcontroller network-scripts]# cat ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=no
PEERROUTES=no
IPV4_FAILURE_FATAL=no
IPV6INIT=no
NAME=eth0
ONBOOT=yes
DEVICE=eth0
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
TYPE=OVSPort


ip link
如果br-ex没有up起来就
ip link set br-ex up
ip link set ovs-system up


★★★★★★★★★★★★★★★★★★★
systemctl stop NetworkManager
这个很重要
systemctl disable NetworkManager

systemctl restart network

ethtool -K eth0 gro off

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

cp /usr/lib/systemd/system/neutron-openvswitch-agent.service  /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig

# sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g'  /usr/lib/systemd/system/neutron-openvswitch-agent.service
sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g'  /usr/lib/systemd/system/neutron-openvswitch-agent.service

###??????

systemctl enable neutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-ovs-cleanup.service
systemctl start neutron-openvswitch-agent.service
systemctl start neutron-l3-agent.service
systemctl start neutron-dhcp-agent.service
systemctl start neutron-metadata-agent.service

一个一个启动,否则可能会报greenlet的协程的问题


neutron agent-list

■■■■■■■■安装controller节点neutron end■■■■■■■■■■■■■■■■■■
■■■■■■■■安装compute节点neutron begin■■■■■■■■■■■■■■■■■■
---------------------
/etc/sysctl.conf
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1

sysctl -p

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y
------------------------
/etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit

[oslo_messaging_rabbit]
rabbit_host = vcontroller
rabbit_userid = openstack
rabbit_password = haoning

[DEFAULT]
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://vcontroller:5000
auth_url = http://vcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
################################
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True

[DEFAULT]
verbose = True

------------------------------------
/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs]
local_ip = 192.168.139.72

[agent]
tunnel_types = gre

systemctl enable openvswitch.service
systemctl start openvswitch.service


--------------
/etc/nova/nova.conf
[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[neutron]
url = http://vcontroller:9696
auth_url = http://vcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = neutron
password = haoning

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

cp /usr/lib/systemd/system/neutron-openvswitch-agent.service /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig
# sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service
sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g'  /usr/lib/systemd/system/neutron-openvswitch-agent.service


systemctl restart openstack-nova-compute.service


systemctl enable neutron-openvswitch-agent.service
systemctl start neutron-openvswitch-agent.service

neutron agent-list
■■■■■■■■安装compute节点neutron end■■■■■■■■■■■■■■■■■■■

-----例子----

neutron net-create ext-net --router:external  --provider:physical_network external --provider:network_type flat
neutron net-list
#neutron subnet-create ext-net EXTERNAL_NETWORK_CIDR --name ext-subnet --allocation-pool start=FLOATING_IP_START,end=FLOATING_IP_END --disable-dhcp --gateway EXTERNAL_NETWORK_GATEWAY
#neutron subnet-create ext-net 192.168.142.0/20 --name ext-subnet --allocation-pool start=192.168.142.170,end=192.168.142.179  --disable-dhcp --gateway 192.168.128.1

neutron subnet-create ext-net 192.168.142.0/20 --name ext-subnet --allocation-pool start=192.168.142.170,end=192.168.142.179  --dns-nameserver 8.8.4.4 --gateway 192.168.128.1

ovs-vsctl show
[root@vcontroller ~(keystone_admin_v3)]# ovs-vsctl show
1df8c1b3-def6-4b23-851f-d94ed709100e
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port "eth0"
            Interface "eth0"
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-int
        fail_mode: secure
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "tap1f149beb-f7"
            tag: 1
            Interface "tap1f149beb-f7"
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
        Port "gre-c0a88b48"
            Interface "gre-c0a88b48"
                type: gre
                options: {df_default="true", in_key=flow, local_ip="192.168.139.74", out_key=flow, remote_ip="192.168.139.72"}
    ovs_version: "2.4.0"
[root@vcontroller ~(keystone_admin_v3)]#

-----租户网络---
neutron net-create demo-net
#neutron subnet-create demo-net TENANT_NETWORK_CIDR --name demo-subnet --dns-nameserver DNS_RESOLVER --gateway TENANT_NETWORK_GATEWAY
neutron subnet-create demo-net 192.168.1.0/24 --name demo-subnet --dns-nameserver 8.8.4.4 --gateway 192.168.1.1
neutron net-list
neutron subnet-list

neutron router-create demo-router
neutron router-list


neutron router-interface-add demo-router demo-subnet
neutron router-port-list  demo-router
neutron router-gateway-set demo-router ext-net
neutron router-port-list  demo-router

ping -c 4 192.168.142.171
ip netns

-----create  a  vm----------
ssh-keygen -q -N ""
nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey
nova keypair-list

nova secgroup-list
nova  secgroup-list-rules default
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

nova flavor-list
nova image-list
neutron net-list
nova secgroup-list

#nova boot --flavor m1.tiny --image cirros --nic net-id=PRIVATE_NET_ID --security-group default --key-name mykey private-instance
#nova boot --flavor m1.tiny --image cirros --nic net-id=425e9cbb-f74f-4955-8a53-8e97e59c2be4 --security-group default --key-name mykey private-instance
nova list

#Add security group rules

nova boot --flavor m1.tiny --image cirros --nic net-id=425e9cbb-f74f-4955-8a53-8e97e59c2be4 --security-group default --key-name mykey private-instance
nova list
nova get-vnc-console private-instance novnc

neutron net-list
ip netns
ip netns exec qdhcp-425e9cbb-f74f-4955-8a53-8e97e59c2be4 ssh [email protected]


neutron floatingip-create  ext-net

nova floating-ip-associate private-instance  192.168.142.172
nova list
ssh [email protected]






你可能感兴趣的:(openstack,neutron,ovs)