본문 바로가기
Openstack

5. 오픈스택: neutron 설치

by 왈레 2023. 4. 6.

컨트롤러 노드에서 진행

$ mysql
> CREATE DATABASE neutron;
> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'a';
> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'a';
> quit

# 유저 생성 및 admin 권한 부여
$ openstack user create --domain default --password-prompt neutron # 비밀번호 a
$ openstack role add --project service --user neutron admin

# 서비스 추가
$ openstack service create --name neutron --description "OpenStack Networking" network

# API 엔드포인트 추가 
$ openstack endpoint create --region RegionOne network public <http://172.0.0.4:9696>
$ openstack endpoint create --region RegionOne network internal <http://controller:9696>
$ openstack endpoint create --region RegionOne network admin <http://controller:9696>

# 확인
$ openstack user list | grep neutron
$ openstack service list | grep neutron
$ openstack endpoint list | grep neutron

### Self-service networks인 경우 (패키지 설치 6개)###
$ apt install neutron-server neutron-plugin-ml2 \\
  neutron-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent \\
  neutron-metadata-agent

# (1번째) neutron.conf 수정
$ cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.org
$ grep -E '^[^#].' /etc/neutron/neutron.conf.org > /etc/neutron/neutron.conf
$ vi /etc/neutron/neutron.conf 
[database]
connection = mysql+pymysql://neutron:a@controller/neutron

[DEFAULT]
transport_url = rabbit://openstack:a@controller

auth_strategy = keystone

core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true

notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[keystone_authtoken]
www_authenticate_uri = <http://controller:5000>
auth_url = <http://controller:5000>
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = a

[nova]
auth_url = <http://controller:5000>
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = a

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

# (2번째) ML2(Modular Layer 2) 플러그인 구성
$ cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.org
$ grep -E '^[^#].' /etc/neutron/plugins/ml2/ml2_conf.ini.org > /etc/neutron/plugins/ml2/ml2_conf.ini
$ vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = true

# (3번째) Linux 브리지 에이전트 구성
$ cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.org
$ grep -E '^[^#].' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.org > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
$ vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini 
[linux_bridge]
physical_interface_mappings = provider:카드이름 # 172 영역대 ip 인터페이스 카드이름 -> 명령어 ip a로 확인

[vxlan]
enable_vxlan = true
local_ip = 10.0.0.11 # 10 영역대 ip
l2_population = true

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

# 다음 내용있는지 확인
$ sysctl -a | grep net.bridge.bridge-nf-call-iptables # 1이 출력되어야 정상
$ sysctl -a | grep net.bridge.bridge-nf-call-ip6tables # 1이 출력되어야 정상

# (4번째) 레이어3 에이전트 구성
$ cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.org
$ grep -E '^[^#].' /etc/neutron/l3_agent.ini.org > /etc/neutron/l3_agent.ini
$ vi /etc/neutron/l3_agent.ini 
[DEFAULT]
interface_driver = linuxbridge 

# (5번째) DHCP 에이전트 구성
$ cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.org
$ grep -E '^[^#].' /etc/neutron/dhcp_agent.ini.org > /etc/neutron/dhcp_agent.ini
$ vi /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

# (6번째) 메타데이터 에이전트 구성
$ cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.org
$ grep -E '^[^#].' /etc/neutron/metadata_agent.ini.org > /etc/neutron/metadata_agent.ini
$ vi /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = a

# 네트워킹 서비스를 사용할 수 있도록 컴퓨팅 서비스 구성 (nova.conf)
$ vi /etc/nova/nova.conf
[neutron]
auth_url = <http://controller:5000>
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = a
service_metadata_proxy = true
metadata_proxy_shared_secret = a

# 우분투 22.04, 오픈스택 Zed의 경우 추가 // 오픈스택 버전이 zed 이전 버전인 경우 experimental 설정 X
[experimental]
linuxbridge = true

# DB insertt
$ su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \\
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

$ service nova-api restart
$ service neutron-server restart
$ service neutron-linuxbridge-agent restart
$ service neutron-dhcp-agent restart
$ service neutron-metadata-agent restart
$ service neutron-l3-agent restart

# 확인
$ service nova-api status
$ service neutron-server status
$ service neutron-linuxbridge-agent status
$ service neutron-dhcp-agent status
$ service neutron-metadata-agent status
$ service neutron-l3-agent status

# 검증 (compute 노드 추가후 검증 시 Agent Type이 Linux bridge agent로 compute도 떠야함)
$ openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host       | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 00af93f3-7b27-4f8c-acd1-75fc926c20ab | DHCP agent         | controller | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 02c72f05-78f8-4282-b3f0-3542cbaf3a5a | Linux bridge agent | controller | None              | :-)   | UP    | neutron-linuxbridge-agent |
| 0e7302b9-2437-4220-bd84-ad68067efada | L3 agent           | controller | nova              | :-)   | UP    | neutron-l3-agent          |
| c225a191-1d63-4ad7-988a-1b9214872562 | Metadata agent     | controller | None              | :-)   | UP    | neutron-metadata-agent    |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+

 

트러블 슈팅

# 에러 메세지
Unable to establish connection to <http://172.0.0.4:9696/v2.0/agents:> 
HTTPConnectionPool(host='172.30.0.4', port=9696): Max retries exceeded with
 url: /v2.0/agents (Caused by NewConnectionError('<urllib3.connection.HTTPConnection 
object at 0x7f224aaef730>: Failed to establish a new connection: [Errno 111] Connection
 refused'))
ERROR neutron.common.experimental [-] Feature 'linuxbridge' is experimental and has to be explicitly enabled in 'cfg.CONF.experimental'

# 원인
뉴트론이 정삭적으로 작동하지않아서 정상적으로 서비스가 동작되고있지 않기때문
뉴트론이 정상적으로 동작하지 않은 이유는 linuxbridge 기능이란게 실험적 기능인데
뉴트론 설정파일에서 실험적 기능을 사용한다고 명시적으로 써줘야했음. 
우분투 20.04 우수리에선 없던 버그인데 우분투 22.04 제드버전 설치하다가 발견한 버그

# 해결 방법
$ vi /etc/neutron/neutron.conf
[experimental]
linuxbridge = true

'Openstack' 카테고리의 다른 글

7. 오픈스택: cinder(블록 스토리지) 설치(1)  (0) 2023.04.06
6. 오픈스택: horizon 설치  (0) 2023.04.06
4. 오픈스택: nova 설치  (0) 2023.04.06
3. 오픈스택: placement 설치  (0) 2023.04.06
2. 오픈스택: glance 설치  (1) 2023.04.06

관련글

댓글

티스토리툴바