基本的にComputeサービスまでは、公式の手順に沿って構築しています。
OVSの導入は参考文献のサイトの手順で構築しています。
ここでは、OVSの導入までをメモっておきます。
OpenStack構築ドキュメント
環境
項目 | 内容 |
---|---|
OS | CentOS7.2 |
OpenStack | Mitaka |
コントローラーノード | 1台 |
コンピュートノード | 1台 |
管理系コンポーネントは、コントローラーノード1台で構築しています。
それと、もう一台コンピュートノードが存在しています。
OVS導入手順
コントローラーノードの手順
前提条件
公式にある前提条件の手順を実施します。
(1) neutronのDBを作成します。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
[root@controller ~]# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 17 Server version: 10.1.12-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> create database neutron; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all privileges on neutron.* to neutron@localhost identified by 'PASSWORD; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all privileges on neutron.* to neutron@'%' identified by 'PASSWORD'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> quit Bye |
(2) neutronユーザーを作成して、ロールを追加します。
1 2 3 4 5 6 7 8 9 10 11 12 13 |
[root@controller ~]# . admin-openrc [root@controller ~]# openstack user create --domain default --password-prompt neutron User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | 805c29e5f7504f3e94a3267dd24a2c42 | | enabled | True | | id | b08c370e52764ec8a14e15121f6c375e | | name | neutron | +-----------+----------------------------------+ |
1 2 |
[root@controller ~]# openstack role add --project service --user neutron admin |
(3) サービスエンティティーを作成します。
1 2 3 4 5 6 7 8 9 10 11 |
[root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | e00d3ab6db96428c8de14ad64f71af48 | | name | neutron | | type | network | +-------------+----------------------------------+ |
(4) APIのエンドポイントを作成します。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | b75d58e52ab242fcafd922b07c78ee8c | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | e00d3ab6db96428c8de14ad64f71af48 | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | a772b9fc71da40cab15b8c49ecaf5b1f | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | e00d3ab6db96428c8de14ad64f71af48 | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | df18cce056b4491eb6e4ac69dcb04108 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | e00d3ab6db96428c8de14ad64f71af48 | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ |
パッケージの導入
(1) 必要なパッケージをインストールします。
1 2 |
[root@controller ~]# yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch |
各種設定
カーネルパラメーター
(1) カーネルパラメーターの設定をします。
1 2 3 4 5 6 7 8 |
[root@controller ~]# echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf [root@controller ~]# echo 'net.ipv4.conf.default.rp_filter=0' >> /etc/sysctl.conf [root@controller ~]# echo 'net.ipv4.conf.all.rp_filter=0' >> /etc/sysctl.conf [root@controller ~]# sysctl -p net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.all.rp_filter = 0 |
neutronパラメーター
(1) neutronの設定をします。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
[root@controller ~]# vi /etc/neutron/neutron.conf [DEFAULT] core_plugin = ml2 service_plugins = router auth_strategy = keystone state_path = /var/lib/neutron dhcp_agent_notification = True allow_overlapping_ips = True notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True rpc_backend = rabbit [agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf [cors] [cors.subdomain] [database] connection = mysql+pymysql://neutron:PASSWORD@controller/neutron [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = PASSWORD [matchmaker_redis] [nova] auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = PASSWORD [oslo_concurrency] lock_path = /var/lib/neutron/tmp [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = PASSWORD [oslo_policy] [quotas] [ssl] |
ml2プラグインパラメーター
(1) ml2の設定をします。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
[DEFAULT] [ml2] type_drivers = flat,vlan,gre,vxlan tenant_network_types = mechanism_drivers = openvswitch,l2population extension_drivers = port_security [ml2_type_flat] [ml2_type_geneve] [ml2_type_gre] [ml2_type_vlan] [ml2_type_vxlan] [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_ipset = True |
L3 Agentパラメーター
(1) L3 Agentの設定をします。
1 2 3 4 5 6 |
[root@controller ~]# vi /etc/neutron/l3_agent.ini [DEFAULT] interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver external_network_bridge = [AGENT] |
DHCP Agentパラメーター
(1) DHCP Agentの設定をします。
1 2 3 4 5 6 7 |
[root@controller ~]# vi /etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = True [AGENT] |
Metadata Agentパラメーター
(1) Metadata Agentの設定をします。
1 2 3 4 5 6 |
[root@controller ~]# vi /etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_ip = controller metadata_proxy_shared_secret = METADATA_SECRET [AGENT] |
METADATA_SECRET
は、任意の文字列に変更してください。
novaのパラメーター
(1) novaの設定をします。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
[DEFAULT] use_neutron = True linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver my_ip=192.168.1.60 enabled_apis = osapi_compute,metadata auth_strategy=keystone firewall_driver = nova.virt.firewall.NoopFirewallDriver use_neutron=True rpc_backend=rabbit [api_database] connection = mysql+pymysql://nova:PASSWORD@controller/nova_api [barbican] [cache] [cells] [cinder] [conductor] [cors] [cors.subdomain] [database] connection = mysql+pymysql://nova:PASSWORD@controller/nova [ephemeral_storage_encryption] [glance] api_servers = http://controller:9292 [guestfs] [hyperv] [image_file_url] [ironic] [keymgr] [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = PASSWORD [libvirt] [matchmaker_redis] [metrics] [neutron] url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = PASSWORD [osapi_v21] [oslo_concurrency] lock_path=/var/lib/nova/tmp [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] rabbit_host=controller rabbit_userid=openstack rabbit_password=PASSWORD [oslo_middleware] [oslo_policy] [rdp] [serial_console] [spice] [ssl] [trusted_computing] [upgrade_levels] [vmware] [vnc] vncserver_listen=$my_ip vncserver_proxyclient_address=$my_ip [workarounds] [xenserver] |
インストールの最終作業
(1) プラグインのシンボリックリンクを作成します。
1 2 |
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini |
(2) データベースを展開します。
1 2 3 4 5 6 7 8 |
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron No handlers could be found for logger "oslo_config.cfg" INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Running upgrade for neutron ... (snip) OK |
サービス起動・再起動
(1) 各種サービスを起動・再起動します。
1 2 3 4 5 6 |
[root@controller ~]# systemctl start neutron-server neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent neutron-openvswitch-agent [root@controller ~]# systemctl enable neutron-server neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent neutron-openvswitch-agent [root@controller ~]# systemctl restart openstack-nova-api [root@controller ~]# systemctl start openvswitch [root@controller ~]# systemctl enable openvswitch |
OVSでブリッジ作成
(1) br-intを作成します。br-intが存在しないか確認します。
1 2 3 |
[root@compute1 ~]# ovs-vsctl list-br br-int |
br-int
が表示されない場合は追加します。
1 2 |
[root@controller ~]# ovs-vsctl list-ports br-int |
コンピュートノードの手順
パッケージの導入
(1) 必要なパッケージをインストールします。
1 2 |
[root@compute1 ~]# yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch |
各種設定
カーネルパラメーター
(1) カーネルパラメーターの設定をします。
1 2 3 4 5 6 |
[root@compute1 ~]# echo 'net.ipv4.conf.default.rp_filter=0' >> /etc/sysctl.conf [root@compute1 ~]# echo 'net.ipv4.conf.all.rp_filter=0' >> /etc/sysctl.conf [root@compute1 ~]# sysctl -p net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.all.rp_filter = 0 |
neutronパラメーター
(1) neutronの設定をします。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
[root@compute1 ~]# vi /etc/neutron/neutron.conf [DEFAULT] core_plugin = ml2 service_plugins = router auth_strategy = keystone state_path = /var/lib/neutron allow_overlapping_ips = True rpc_backend = rabbit [agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf [cors] [cors.subdomain] [database] [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = PASSWORD [matchmaker_redis] [nova] [oslo_concurrency] lock_path = /var/lib/neutron/tmp [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = PASSWORD [oslo_policy] [quotas] [ssl] |
ml2プラグインパラメーター
(1) ml2の設定をします。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
[root@compute1 ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini [DEFAULT] [ml2] type_drivers = flat,vlan,gre,vxlan tenant_network_types = mechanism_drivers = openvswitch,l2population extension_drivers = port_security [ml2_type_flat] [ml2_type_geneve] [ml2_type_gre] [ml2_type_vlan] [ml2_type_vxlan] [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_ipset = True |
novaのパラメーター
(1) novaの設定をします。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
[root@compute1 ~]# vi /etc/nova/nova.conf [DEFAULT] use_neutron = True linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver vif_plugging_is_fatal = True vif_plugging_timeout = 300 my_ip=192.168.1.61 auth_strategy=keystone firewall_driver = nova.virt.firewall.NoopFirewallDriver use_neutron=True rpc_backend=rabbit [api_database] [barbican] [cache] [cells] [cinder] [conductor] [cors] [cors.subdomain] [database] [ephemeral_storage_encryption] [glance] api_servers = http://controller:9292 [guestfs] [hyperv] [image_file_url] [ironic] [keymgr] [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = PASSWORD [libvirt] [matchmaker_redis] [metrics] [neutron] url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = PASSWORD service_metadata_proxy = True metadata_proxy_shared_secret = METADATA_SECRET [osapi_v21] [oslo_concurrency] lock_path=/var/lib/nova/tmp [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] rabbit_host=controller rabbit_userid=openstack rabbit_password=PASSWORD [oslo_middleware] [oslo_policy] [rdp] [serial_console] [spice] [ssl] [trusted_computing] [upgrade_levels] [vmware] [vnc] enabled=true vncserver_listen=0.0.0.0 vncserver_proxyclient_address=$my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html [workarounds] [xenserver] |
METADATA_SECRET
は、任意の文字列に変更してください。
サービス起動・再起動
(1) 各種サービスを起動・再起動します。
1 2 3 4 5 6 |
[root@compute1 ~]# systemctl start openvswitch [root@compute1 ~]# systemctl enable openvswitch [root@compute1 ~]# systemctl restart openstack-nova-compute [root@compute1 ~]# systemctl start neutron-openvswitch-agent [root@compute1 ~]# systemctl enable neutron-openvswitch-agent |
OVSでブリッジ作成
(1) br-intを作成します。br-intが存在しないか確認します。
1 2 3 |
[root@compute1 ~]# ovs-vsctl list-br br-int |
br-int
が表示されない場合は追加します。
1 2 |
[root@controller ~]# ovs-vsctl list-ports br-int |
動作確認
(1) コントローラー側で拡張機能一覧を表示してみます。
1 2 |
[root@controller ~]# . admin-openrc |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
[root@controller ~]# neutron ext-list +---------------------------+-----------------------------------------------+ | alias | name | +---------------------------+-----------------------------------------------+ | default-subnetpools | Default Subnetpools | | network-ip-availability | Network IP Availability | | network_availability_zone | Network Availability Zone | | auto-allocated-topology | Auto Allocated Topology Services | | ext-gw-mode | Neutron L3 Configurable external gateway mode | | binding | Port Binding | | agent | agent | | subnet_allocation | Subnet Allocation | | l3_agent_scheduler | L3 Agent Scheduler | | tag | Tag support | | external-net | Neutron external network | | net-mtu | Network MTU | | availability_zone | Availability Zone | | quotas | Quota management support | | l3-ha | HA Router extension | | provider | Provider Network | | multi-provider | Multi Provider Network | | address-scope | Address scope | | extraroute | Neutron Extra Route | | timestamp_core | Time Stamp Fields addition for core resources | | router | Neutron L3 Router | | extra_dhcp_opt | Neutron Extra DHCP opts | | dns-integration | DNS Integration | | security-group | security-group | | dhcp_agent_scheduler | DHCP Agent Scheduler | | router_availability_zone | Router Availability Zone | | rbac-policies | RBAC Policies | | standard-attr-description | standard-attr-description | | port-security | Port Security | | allowed-address-pairs | Allowed Address Pairs | | dvr | Distributed Virtual Router | +---------------------------+-----------------------------------------------+ |
(2) コントローラー側でAgentの状態を確認しています。
1 2 3 4 5 6 7 8 9 10 11 |
[root@controller ~]# neutron agent-list +--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+ | id | agent_type | host | availability_zone | alive | admin_state_up | binary | +--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+ | 07a9218a-7b44-4a0e-9071-4d71807d3d39 | Open vSwitch agent | controller | | :-) | True | neutron-openvswitch-agent | | 498f3639-ee4e-48e4-aead-8b0ba02636e8 | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent | | a7d410da-671f-47f6-bf1e-3b5f12202165 | Metadata agent | controller | | :-) | True | neutron-metadata-agent | | cc4cbe2d-0692-4f6f-b9ef-38b7d13ac952 | Open vSwitch agent | compute1 | | :-) | True | neutron-openvswitch-agent | | f2ebf1a6-6715-4548-891c-79049a9f069e | L3 agent | controller | nova | :-) | True | neutron-l3-agent | +--------------------------------------+--------------------+------------+-------------------+-------+----------------+--------------------------- |
これで、準備が整いました。
flat/VLAN/VXLANの設定を追加でしてあげればインスタンスのネットワーク通信ができると思います。 🙂
この設定は、別ページでしてみようと思います。