[Openstack 설치 글]
[CLOUD/OpenStack] - Openstack-Victoria설치(사전작업)
[CLOUD/OpenStack] - [Victoria] Keystone 설치
[CLOUD/OpenStack] - [Victoria] Glance 설치
[CLOUD/OpenStack] - [Victoria] Nova 설치
[CLOUD/OpenStack] - [Victoria] Horizon 설치
* Controller 노드에서 진행
1. Neutron 데이터베이스 생성
root@controller:~# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 828
Server version: 10.3.25-MariaDB-0ubuntu0.20.04.1 Ubuntu 20.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database neutron;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> grant all privileges on neutron.* to neutron@'localhost' identified by 'NEUTRON_DBPASS';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> grant all privileges on neutron.* to neutron@'%' identified by 'NEUTRON_DBPASS';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.001 sec)
2. Neutron 사용자, 서비스, 엔드포인트 생성
root@controller:~# openstack user create --domain default --project service --password NEUTRON_PASS neutron
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 403d041d31534b329c8dfc73a0c2584b |
| domain_id | default |
| enabled | True |
| id | d3408711246c470aab17af2557abd752 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
root@controller:~# openstack role add --project service --user neutron admin
root@controller:~# openstack service create --name neutron --description "Openstack Networking service" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Openstack Networking service |
| enabled | True |
| id | 5cdbe564a3a342e291c5090ed715e5d7 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
root@controller:~# openstack endpoint create --region Region01 network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 7d7ecd9eb79e4d9da0e6a7388c770cd0 |
| interface | public |
| region | Region01 |
| region_id | Region01 |
| service_id | 5cdbe564a3a342e291c5090ed715e5d7 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
root@controller:~# openstack endpoint create --region Region01 network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | cb5af076eed74769b2bc3ff78a61b8fd |
| interface | internal |
| region | Region01 |
| region_id | Region01 |
| service_id | 5cdbe564a3a342e291c5090ed715e5d7 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
root@controller:~# openstack endpoint create --region Region01 network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3d3e30adef7145e99234505545829ccb |
| interface | admin |
| region | Region01 |
| region_id | Region01 |
| service_id | 5cdbe564a3a342e291c5090ed715e5d7 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
3. Neutron 패키지 설치 및 설정하기
root@controller:~# apt-get install neutron-server
neutron.conf 파일 수정
root@controller:~# cat /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
network_auto_schedule = True
router_auto_schedule = True
allow_automatic_dhcp_failover = True
allow_automatic_l3agent_failover = True
agent_down_time = 60
allow_automatic_lbaas_agent_failover = true
global_physnet_mtu = 1550
# 인스턴스 mtu 1500으로 할 경우 설정한다.
use_syslog = True
syslog_log_facility = LOG_LOCAL1
dhcp_agents_per_network = 3
[oslo_messaging_rabbit]
pool_max_size = 50
pool_max_overflow = 50
pool_timeout = 30
[agent]
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
max_pool_size = 50
retry_interval = 10
max_overflow = 50
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = Region01
project_name = service
username = nova
password = NOVA_PASS
root@controller:~# chmod 640 /etc/neutron/neutron.conf
root@controller:~# chgrp neutron /etc/neutron/neutron.conf
neutron.conf 파일 내용 설명
[DEFAULT]
core_plugin = ml2
: neutron이 사용할 핵심 플러그인.
service_plugins = router
: neutron이 사용할 서비스 플러그인. 여기서는 router만 정의했으나, firewall,lbaas, vpnaas등 추가 가능.
allow_overlapping_ips = true
transport_url = rabbit://openstack:RABBIT_PASS@controller
: 메시지 큐 서비스
auth_strategy = keystone
notify_nova_on_port_status_changes = true
: nova가 캐시를 업데이트할 수 있도록 포트가 업데이트 되었을 때 전송하게 허용
notify_nova_on_port_data_changes = true
: 포트상태가 변경되었을 때, nova로 알림보내기
network_auto_schedule = True
router_auto_schedule = True
allow_automatic_dhcp_failover = True
allow_automatic_l3agent_failover = True
agent_down_time = 60
global_physnet_mtu = 1550
use_syslog = True
syslog_log_facility = LOG_LOCAL1
dhcp_agents_per_network = 3
[oslo_messaging_rabbit]
pool_max_size = 50
pool_max_overflow = 50
pool_timeout = 30
[agent]
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
max_pool_size = 50
retry_interval = 10
max_overflow = 50
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = Region01
project_name = service
username = nova
password = NOVA_PASS
ml2.conf 파일 수정
ml2.conf : ml2플러그인 파일로, 인스턴스에게 Layer2 가상 네트워크 인프라를 제공하는 리눅스 브리지 기술.
root@controller:~# cat /etc/neutron/plugins/ml2/ml2_conf.ini
[DEFAULT]
[ml2]
type_drivers = flat,vlan,vxlan,gre
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
path_mtu = 1550
# 인스턴스 mtu 1500으로 할 경우 설정한다.
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = True
ml2.conf 파일 내용 설명
[DEFAULT]
[ml2]
type_drivers = flat,vlan,vxlan,gre
: neutron, ml2 네트워크 드라이버가 지원하는 목록
tenant_network_types = vxlan
: 테넌트 네트워크로 할당되는 네트워크 유형의 목록을 의미.
mechanism_drivers = openvswitch,l2population
: 대규코의 네트워크에서 트래픽을 보내기 위해 사용되는 드라이버로, openvswitch, linuxbridge가 주로 쓰이나, 여기서는 openvswitch를 이용해서 사용하였습니다.
extension_drivers = port_security
: ml2가 지원하는 확장 드라이버 가상머신에서의 패킷필터링 기능을 허용하기 위해 사용
path_mtu = 1550
: 인스턴스 mtu 1500으로 할 경우 설정한다.
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = True
:iptables 방화벽의 속도 증가를 위해 사용
nova.conf 파일 내에 neutron 추가
root@controller:~# vi /etc/nova/nova.conf
[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[neutron]
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = Region01
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = True
metadata_proxy_shared_secret = NEUTRON_PASS
root@controller:~# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
4. 데이터베이스 테이블 추가 및 Neutron 재시작
root@controller:~# su -s /bin/bash neutron -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head"
root@controller:~# systemctl restart neutron-server
Neutron 서버의 방화벽 : 9696/tcp
* Neutron 서버에서 진행
1. 커널 설정
root@network:~# sysctl -p
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.ip_forward = 0
2. 패키지 설치 및 설정파일 설정
root@network:~# apt-get -y install neutron-openvswitch-agent neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent neutron-plugin-ml2
root@network:~# cat /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
use_syslog = True
syslog_log_facility = LOG_LOCAL1
[oslo_messaging_rabbit]
pool_max_size = 50
pool_max_overflow = 50
pool_timeout = 30
[agent]
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
[keystone_authtoken]
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
openvswitch_agent.ini 파일 수정
openvswitch_agent.ini : openvswitch 플러그인을 사용하기 위한 파일
root@network:~# cat /etc/neutron/plugins/ml2/openvswitch_agent.ini
[DEFAULT]
[agent]
tunnel_types = vxlan
l2_population = True
ovsdb_monitor_respawn_interval = 30
[ovs]
bridge_mappings = provider:br0
local_ip = 172.16.198.101
[securitygroup]
firewall_driver = openvswitch
enable_security_group = false
enable_ipset = true
metadata_agent.ini 파일 수정
metadata_agent : metadata 에이전트가 사용하는 파일. 인증정보와 같은 설정정보를 인스턴스에게 제공
root@network:~# cat /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_PASS
metadata_agent.ini 파일 내용 설명
[DEFAULT]
nova_metadata_host = controller
: nova-api 서버의 ip 주소 지정
metadata_proxy_shared_secret = METADATA_PASS
: NOVA-METADATA 서버 비밀키 설정
dhcp_agent.ini 파일 수정
dhcp_agent.ini : dhcp 에이전트가 사용하는 파일. 가상네트워크에 dhcp 서비스를 제공함.
root@network:~# cat /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
enable_metadata_network = True
force_metadata = True
[ovs]
ovsdb_timeout = 600
dhcp_agent.ini 파일 설명
[DEFAULT]
interface_driver = openvswitch
: 가상 네트워크 인터페이슬르 관리하기 위해 사용되는 드라이버. (openvswitch, linuxbridge)
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
: DHCP 서버를 관리하기 위해 사용되는 드라이버 정의
enable_isolated_metadata = True
: 독립된 metadata 기능 사용함으로 프로바이더 네트워크에서 인스턴스가 네트워크를 통해 metadata를 접속할 수 있게 허용.
enable_metadata_network = True
force_metadata = True
[ovs]
ovsdb_timeout = 600
l3_agent.ini 파일 수정
l3_agent.ini : L3에이전트가 사용하는 파일. 셀프서비스 가상 네트워크에 라우팅과 NAT서비스를 제공하는 역할을 함.
root@network:~# cat /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = openvswitch
external_network_bridge =
verbose = True
#agent_mode = dvr_snat
[ovs]
l3_agent.ini 파일 설명
[DEFAULT]
interface_driver = openvswitch
: 가상 네트워크 인터페이슬르 관리하기 위해 사용되는 드라이버. (openvswitch, linuxbridge)
external_network_bridge =
: 외부 네트워크 트래픽을 처리하기 위해 사용되는 브리지 이름 정의.
verbose = True
3. 시스템 재시작
root@network:~# systemctl restart neutron-dhcp-agent
root@network:~# systemctl restart neutron-l3-agent
root@network:~# systemctl restart neutron-metadata-agent
root@network:~# systemctl restart neutron-openvswitch-agent
root@network:~# systemctl restart openvswitch-switch
4. 인터페이스 ovs 설정 및 rc.local 설정
root@network:~# vi /etc/network/interfaces
auto eth0
iface eth0 inet manual
up ifconfig $IFACE 0.0.0.0 mtu 9000 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down
auto br0
iface br0 inet static
address 192.168.198.101
netmask 255.255.255.0
gateway 192.168.198.1
auto br0:0
iface br0:0 inet static
address 172.16.198.101
netmask 255.255.248.0
root@network:~# cat /etc/rc.local
#!/bin/bash
ovs-vsctl del-br br0
ovs-vsctl add-br br0
ovs-vsctl add-port br0 eth0
ifup br0:0
systemctl restart neutron-openvswitch-agent neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent
systemctl restart networking
ifup br0:0
exit 0
root@network:~# chmod 755 /etc/rc.local
* compute node 셋팅
1. 패키지 설치 및 설정파일 수정
root@compute:~# cat /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
syslog_log_facility = LOG_LOCAL1
use_syslog = True
rpc_response_timeout=1200
[agent]
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
[keystone_authtoken]
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
root@compute:~# cat /etc/neutron/plugins/ml2/openvswitch_agent.ini
[DEFAULT]
[agent]
tunnel_types = vxlan
l2_population = True
ovsdb_monitor_respawn_interval = 30
[ovs]
local_ip = 172.16.198.102
bridge_mappings = provider:br0
[securitygroup]
firewall_driver = openvswitch
enable_security_group = false
enable_ipset = true
root@compute:~# cat /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = openvswitch
external_network_bridge =
verbose = True
root@compute:~# cat /etc/nova/nova.conf
아래 내용 추가
[neutron]
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = Region01
project_name = service
username = neutron
password = NEUTRON_PASS
2. 인터페이스 ovs 설정 및 rc.local 설정
root@compute:~# cat /etc/network/interfaces
auto eth0
iface eth0 inet manual
up ifconfig $IFACE 0.0.0.0 mtu 9000 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down
auto br0
iface br0 inet static
address 192.168.198.102
netmask 255.255.255.0
gateway 192.168.198.1
dns-nameserver 164.124.101.2
auto br0:0
iface br0:0 inet static
address 172.16.198.102
netmask 255.255.248.0
root@compute:~# cat /etc/rc.local
#!/bin/bash
ovs-vsctl del-br br0
ovs-vsctl add-br br0
ovs-vsctl add-port br0 eth0
ifup br0:0
systemctl restart openvswitch-switch neutron-openvswitch-agent
systemctl restart networking
sleep 10
ifup br0:0
systemctl restart neutron-openvswitch-agent nova-compute
exit 0
root@compute:~# chmod 755 /etc/rc.local
root@controller:/var/log/nova# openstack network agent list
+--------------------------------------+--------------------+---------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+---------+-------------------+-------+-------+---------------------------+
| 2801c971-6bda-46e2-a447-0b25abbce4dc | Open vSwitch agent | network | None | :-) | UP | neutron-openvswitch-agent |
| 2eb8edee-4a7b-4ffd-a571-2211d4f47de6 | Metadata agent | network | None | :-) | UP | neutron-metadata-agent |
| 69e5f7df-b76f-4d13-a827-ea19b48568f0 | L3 agent | network | nova | :-) | UP | neutron-l3-agent |
| a3b6bf9c-14fc-44c0-b074-b52f881d04b8 | DHCP agent | network | nova | :-) | UP | neutron-dhcp-agent |
| c6e866d9-2f3d-4bb8-815a-0363708b2fe5 | Open vSwitch agent | compute | None | :-) | UP | neutron-openvswitch-agent |
+--------------------------------------+--------------------+---------+-------------------+-------+-------+---------------------------+
'OpenStack' 카테고리의 다른 글
| [Victoria] Cinder 설치 (0) | 2021.05.13 |
|---|---|
| [정리] Cinder 이론 (0) | 2021.05.13 |
| ovs-vsctl annot load glue library: libibverbs.so.1 에러메시지 (0) | 2021.02.11 |
| [Victoria] Horizon 설치 (0) | 2020.10.12 |
| [Victoria] Nova 설치 (0) | 2020.10.04 |
