1. Neutron
네트워크 연결을 관리하고, 가상 네트워크, 서브넷, 라우터 등을 구성하는 서비스
주요 기능
- VM 간 네트워크 연결 설정
- 플로팅 IP, 보안 그룹, 네트워크 정책 관리
- 외부 네트워크와의 연결을 위한 라우터 및 네트워크 주소 변환(NAT) 기능
연계
- Nova와 통합되어 VM의 네트워크 설정 제공
- Keystone을 통해 인증 및 권한 관리
1. con01
ysql
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'openstack';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'openstack';
exit
. admin-openrc
openstack user create --domain default --password-prompt neutron
User Password: openstack
Repeat User Password: openstack
openstack role add --project service --user neutron admin
openstack service create --name neutron \
--description "OpenStack Networking" network
openstack endpoint create --region RegionOne \
network public http://con01:9696
openstack endpoint create --region RegionOne \
network internal http://con01:9696
openstack endpoint create --region RegionOne \
network admin http://con01:9696
Networking Option 2: Self-service networks
https://docs.openstack.org/neutron/2023.1/install/controller-install-option2-ubuntu.html
apt install neutron-server neutron-plugin-ml2 \
neutron-openvswitch-agent neutron-l3-agent neutron-dhcp-agent \
neutron-metadata-agent
cd /etc/neutron
cp neutron.conf neutron.conf.v0
/nfs/sed.sh neutron.conf
vi neutron.conf
[database]
connection = mysql+pymysql://neutron:openstack@con01/neutron
[DEFAULT]
core_plugin = ml2
service_plugins = router
transport_url = rabbit://openstack:openstack@con01
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
www_authenticate_uri = http://con01:5000
auth_url = http://con01:5000
memcached_servers = con01:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = openstack
[nova]
auth_url = http://con01:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = nova
password = openstack
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
cd /etc/neutron/plugins/ml2/
cp ml2_conf.ini ml2_conf.ini.v0
/nfs/sed.sh ml2_conf.ini
vi ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
cp openvswitch_agent.ini openvswitch_agent.ini.v0
/nfs/sed.sh openvswitch_agent.ini
vi openvswitch_agent.ini
[ovs]
bridge_mappings = provider:PROVIDER_INTERFACE_NAME # 뒤에서 수정
[vxlan]
local_ip = 10.0.0.1
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = openvswitch
#firewall_driver = iptables_hybrid
sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables
cd /etc/neutron/
cp l3_agent.ini l3_agent.ini.v0
/nfs/sed.sh l3_agent.ini
vi l3_agent.ini
[DEFAULT]
interface_driver = openvswitch
cp dhcp_agent.ini dhcp_agent.ini.v0
/nfs/sed.sh dhcp_agent.ini
vi dhcp_agent.ini
[DEFAULT]
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
cd /etc/neutron
cp metadata_agent.ini metadata_agent.ini.v0
/nfs/sed.sh metadata_agent.ini
vi metadata_agent.ini
nova_metadata_host = con01
metadata_proxy_shared_secret = openstack
cd /etc/nova
vi nova.conf
[neutron]
auth_url = http://con01:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = openstack
service_metadata_proxy = true
metadata_proxy_shared_secret = openstack
2. com01
apt install neutron-openvswitch-agent
cd /etc/neutron/
cp neutron.conf neutron.conf.v0
/nfs/sed.sh neutron.conf
vi neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:openstack@con01
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://con01:5000
auth_url = http://con01:5000
memcached_servers = con01:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = openstack
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
Networking Option 2: Self-service networks
https://docs.openstack.org/neutron/2023.1/install/compute-install-option2-ubuntu.html
cd /etc/neutron/plugins/ml2/
cp openvswitch_agent.ini openvswitch_agent.ini.v0
/nfs/sed.sh openvswitch_agent.ini
vi openvswtich_agent.ini
[ovs]
bridge_mappings = provider:PROVIDER_INTERFACE_NAME # 뒤에서 수정
[vxlan]
local_ip = 10.0.0.2
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = openvswitch
#firewall_driver = iptables_hybrid
sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables
cd /etc/nova
vi nova.conf
[neutron]
auth_url = http://con01:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = openstack
3. con01
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
4. OpenVSwitch 설정
왼쪽 메뉴 OpenStack Networking Guide → Deployment examples → Open vSwitch mechanism driver(최하단) → Open vSwitch: Self-service networks
https://docs.openstack.org/neutron/2023.1/admin/deploy-ovs-selfservice.html
4.1 con01
ovs-vsctl add-br br-provider
vi /etc/netplan/00-installer-config.yaml
# This is the network config written by 'subiquity'
network:
ethernets:
enp3s0:
dhcp4: false
enp4s0f0:
addresses:
- 10.0.0.1/24
nameservers:
addresses: []
search: []
enp4s0f1:
dhcp4: true
enp4s0f2:
dhcp4: true
enp4s0f3:
dhcp4: true
bridges:
br-provider:
interfaces:
- enp3s0
addresses:
- 192.168.1.23/24
nameservers:
addresses:
- 8.8.8.8
routes:
- to: default
via: 192.168.1.1
version: 2
# 인터넷 연결 해제됨 주의!
netplan apply
ovs-vsctl add-port br-provider enp3s0
netplan apply
cd plugins/ml2/
vi openvswitch_agent.ini
[ovs]
bridge_mappings = provider:br-provider
ovs-vsctl show
f0794fd9-0b00-40b7-be37-6644e699f6c6
Manager "ptcp:6640:127.0.0.1"
is_connected: true
Bridge br-int
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
datapath_type: system
Port br-int
Interface br-int
type: internal
Bridge br-provider
Port br-provider
Interface br-provider
type: internal
Port enp3s0
Interface enp3s0
ovs_version: "3.1.3"
4.2 com01
ovs-vsctl add-br br-provider
vi /etc/netplan/00-installer-config.yaml
# This is the network config written by 'subiquity'
network:
ethernets:
eno1:
dhcp4: false
enp1s0:
addresses:
- 10.0.0.2/24
bridges:
br-provider:
interfaces:
- eno1
addresses:
- 192.168.1.24/24
nameservers:
addresses:
- 8.8.8.8
routes:
- to: default
via: 192.168.1.1
version: 2
# 인터넷 연결 해제됨 주의!
netplan apply
ovs-vsctl add-port br-provider eno1
netplan apply
cd plugins/ml2/
vi openvswitch_agent.ini
[ovs]
bridge_mappings = provider:br-provider
ovs-vsctl show
f0794fd9-0b00-40b7-be37-6644e699f6c6
Manager "ptcp:6640:127.0.0.1"
is_connected: true
Bridge br-int
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
datapath_type: system
Port br-int
Interface br-int
type: internal
Bridge br-provider
Port br-provider
Interface br-provider
type: internal
Port enp3s0
Interface enp3s0
ovs_version: "3.1.3"
5. con01
service nova-api restart
service neutron-server restart
service neutron-openvswitch-agent restart
service neutron-dhcp-agent restart
service neutron-metadata-agent restart
service neutron-l3-agent restart
6. com01
service nova-compute restart
service neutron-openvswitch-agent restart
Cloud/DevOps & Network Virtualization에 관심 있는 Engineer입니다. 🐳⚓️👨✈️