어제보다 성장하기

Neutron 설치

1.MariaDB 데이터베이스 및 사용자 생성 후 권한 부여

mysql -u root -p

create database neutron_ml2;

grant all privileges on nuetron_ml2.* to neutron

2.keystone에 neutron 사용자 생성 및 역할 부여

openstack user create —domain default —project service —password 123qwe neutron

openstack role add —project service —user neutron admin

3.네트워크 서비스 추가

openstack service cerate —name neutron —description “OpenStack Networking service” network

4.네트워크 서비스 엔드포인트 생성

echo $controller

export controller=10.0.0.30

openstack endpoint create —region RegionOne network public http://$controller:9696

openstack endpoint create —region RegionOne network internal http://$controller:9696

openstack endpoint create —region RegionOne network admin http://$controller:9696

5.Neutron 설치하기

yum –y install —enablerepo=centos-openstack-train,epel openstack-neutron-ml2 openstack-neutron-openvswitch

6. neutron 설정파일 내용 수정하기

mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak

vi /etc/neutron/neutron.conf

[DEFAULT]

core_plugin = ml2

service_plugins = router

auth_strategy = keystone

state_path = /var/lib/neutron

dhcp_agent_notification = True

allow_overlapping_ips = True

notify_nova_on_port_status_changes = True

notify_nova_on_port_data_changes = True

# RabbitMQ connection info

transport_url = rabbit://openstack:password@10.0.0.30

# Keystone auth info

[keystone_authtoken]

www_authenticate_uri = http://10.0.0.30:5000

auth_url = http://10.0.0.30:5000

memcached_servers = 10.0.0.30:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = servicepassword

# MariaDB connection info

[database]

connection = mysql+pymysql://neutron:password@10.0.0.30/neutron_ml2

# Nova connection info

[nova]

auth_url = http://10.0.0.30:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = nova

password = servicepassword

[oslo_concurrency]

lock_path = $state_path/tmp

chmod 40 neutron.conf

chgrp neutron neutron.conf

vi l3_agent.ini -> 두번째 줄에 추가

interface_driver=openvswitch

vi dhcp_agent.ini -> 두번째 줄에 추가

interface_driver=opensvswitch

dhcp_driver=neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata=true

vi metadata_agent.ini -> 두번째 줄에 추가

nova_metadata_host = 10.0.0.30

metadata_proxy_shared_secret = metadata_secret

212 memcache_servers = localhost:11211

cd /etc/neutron/plugins/ml2

vi ml2_conf.ini

[ml2]

type_drivers = flat,vlan,gre,vxlan

tenant_network_types =

mechanism_drivers = openvswitch

extension_drivers = port_security

vi openvswitch_agent.ini

[securitygroup]

firewall_driver = openvswitch

enable_security_group = true

enable_ipset = true

vi /etc/nova/nova.conf

[DEFAULT]섹션에 추가

use_neutron = True

linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver

firewall_driver = nova.virt.firewall.NoopFirewallDriver

vif_plugging_is_fatal = True

vif_plugging_timeout = 300

7. SELinux 설정하기

yum -y install --enablerepo=centos-openstack-train openstack-selinux

setsebool -P neutron_can_network on

setsebool -P haproxy_connect_any on

setsebool -P daemons_enable_cluster_mode on

SELinux 모듈 컴파일

vi my-ovsofctl.te

module my-ovsofctl 1.0;

require {

type neutron_t;

class capability sys_rawio;

}

8. SELinux 설정하기

yum -y install --enablerepo=centos-openstack-train openstack-selinux

setsebool -P neutron_can_network on

setsebool -P haproxy_connect_any on

setsebool -P daemons_enable_cluster_mode on

selinux 모듈 컴파일

cd /etc/selinux

checkmodule –m –M –o my-ovsofctl.mod my-ovsofctl.te

semodule_package --outfile my-ovsofctl.pp --module my-ovsofctl.mod

semodule -i my-ovsofctl.pp

9. 방화벽 추가

firewall-cmd --add-port=9696/tcp --permanent

firewall-cmd --reload

10. Neutron서비스 실행

systemctl start openvswitch

systemctl enable openvswitch

ovs-vsctl add-br br-int

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

-> ml2_conf.ini가 실행될 때 /etc/neutron/plugin.ini 이 같이 실행 된다.

su -s /bin/bash neutron -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head“    (위에줄하고 한명령어)

#장애 발생

해본 것들

grant all privileges 를 2개 주어야 하는데

하나만 권한을 주니 작동이 된다.

그리고 conf

for service in server dhcp-agent l3-agent metadata-agent openvswitch-agent; do

systemctl start neutron-$service

systemctl enable neutron-$service

done

systemctl restart openstack-nova-api openstack-nova-compute

openstack network agent list

#neutron이 싱글노드에서 하는 일은 없다.