다중 노드일시 네트워크 노드를 따로 구축하며 단일 노드일시 파일에 추가적인 기입만 하면 된다.
네트워킹은 Provider network와 Self-service network로 나뉘어 지는데 보통 Self-service에 Provider 설정이 들어가 있으므로 Self-service 설정 방법으로 진행한다.
이번에도 공식 메뉴얼에서 몇몇 오탈자가 발견되어 수정해서 작성하였으니 유의하며 진행하길 바란다.
nova와 horizon, cinder 다음으로 오류를 잘내는 서비스이니 log 위치를 알아두면 좋다
해당 서비스의 로그는 디폴트로 "/var/log/neutron/"에 존재하며 권한 설정상 root 상태로 들어가야한다.
컨트롤러 노드
DB, 서비스 사용자 등록 및 API 엔드포인트 생성
sudo su root
#root 권한으로 로그인
#DB 등록
mysql
#mriadb 로그인
MariaDB [(none)]> CREATE DATABASE neutron;
#neutron DB생성
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
#엑세스 권한 부여 및 NEUTRON_DBPASS 기입
MariaDB [(none)]> exit
#DBMS 나오기
#사용자 서비스 등록
. admin-openrc
#어드민 권한 엑세스
openstack user create --domain default --password-prompt neutron
#neutron 사용자 생성
User Password: #NEUTRON_PASS 기입
Repeat User Password: #NEUTRON_PASS 기입
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | fdb0f541e28141719b6a43c8944bf1fb |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
#출력값 (예시)
openstack role add --project service --user neutron admin
#neutron 역활 부여
openstack service create --name neutron \
--description "OpenStack Networking" network
#서비스 엔터티 생성
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | f71529314dab4a4d8eca427e701d209e |
| name | neutron |
| type | network |
+-------------+----------------------------------+
#출력값 (예시)
#API 엔드포인트 설정
openstack endpoint create --region RegionOne \
network public http://controller:9696
#public
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 85d80a6d02fc4b7683f611d7fc1493a3 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
#출력값 (예시)
openstack endpoint create --region RegionOne \
network internal http://controller:9696
#internal
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 09753b537ac74422a68d2d791cf3714f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
#출력값 (예시)
openstack endpoint create --region RegionOne \
network admin http://controller:9696
#admin
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1ee14289c9374dffb5db92a5c112fc4e |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
#출력값 (예시)
네트워킹 설정(Self-service)
apt-get update
#최신화
apt install neutron-server neutron-plugin-ml2 \
neutron-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent \
neutron-metadata-agent
#network 관련 neutron 패키지들 설치
#서비스 구성
vi /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
....(생략)
# Send notification to nova when port status changes (boolean value)
notify_nova_on_port_status_changes = true
# Send notification to nova when port data (fixed_ips/floatingip) changes so
# nova can update its cache. (boolean value)
notify_nova_on_port_data_changes = true
....(생략)
# The type of authentication to use (string value)
auth_strategy = keystone
....(생략)
transport_url = rabbit://openstack:RABBIT_PASS@controller
#추가 및 수정
#RABBIT_PASS 기입
[database]
....(생략)
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
#NEUTRON_DBPASS 기입
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
#NEUTRON_PASS 기입
#해당 섹션에 위 옵션 대신 다른 옵션이 있다면 '#(주석)' 처리할것
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
[oslo_concurrency]
....(생략)
lock_path = /var/lib/neutron/tmp
wq
#저장
#ML2(Modular Layer 2) 플러그인 구성
vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
....(생략)
type_drivers = flat,vlan,vxlan
#VLAN 및 VXLAN 네트워크를 활성화
tenant_network_types = vxlan
#VXLAN 셀프 서비스 네트워크를 활성화
mechanism_drivers = linuxbridge,l2population
#Linux 브리지 및 레이어 2 채우기 메커니즘을 활성화
extension_drivers = port_security
#포트 보안 확장 드라이버를 활성화
[ml2_type_flat]
....(생략)
flat_networks = provider
#공급자 가상 네트워크를 플랫 네트워크로 구성
[ml2_type_vxlan]
....(생략)
vni_ranges = 1:1000
#셀프 서비스 네트워크에 대한 VXLAN 네트워크 식별자 범위 구성
[securitygroup]
....(생략)
enable_ipset = true
#ipset을 활성화하여 보안 그룹 규칙의 효율성 상승
wq
#저장
#Linux 브리지 에이전트 구성
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
#PROVIDER_INTERFACE_NAME를 실제 인터넷과 연결된 NIC로 기입
#ex) eno1
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
#OVERLAY_INTERFACE_IP_ADDRESS는 실제 컨트롤러 노드의 로컬 ip를 기입할 것
[securitygroup]
....(생략)
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
wq
#저장
#네트워크 브리지 필터를 지원여부 확인
$ sysctl -a | grep net.bridge.bridge-nf-call-iptables
# 1이 출력되어야 정상
$ sysctl -a | grep net.bridge.bridge-nf-call-ip6tables
# 1이 출력되어야 정상
#계층 3 에이전트 구성
vi /etc/neutron/l3_agent.ini
[DEFAULT]
....(생략)
interface_driver = linuxbridge
wq
#저장
#DHCP 에이전트 구성
vi /etc/neutron/dhcp_agent.ini
[DEFAULT]
....(생략)
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
wq
#저장
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
#DB 채우기
service nova-api restart
#nova 재시작
service neutron-server restart
service neutron-linuxbridge-agent restart
service neutron-dhcp-agent restart
service neutron-metadata-agent restart
#네트워킹 서비스 재시작
service neutron-l3-agent restart
#셀프 네트워크시 l3 서비스 재시작
컴퓨팅 노드
구성 요소 설치 및 구성
apt-get update
#최신화
apt install neutron-linuxbridge-agent
#뉴트론 브릿지 다운
vi /etc/neutron/neutron.conf
[DEFAULT]
...(생략)
auth_strategy = keystone
...(생략)
transport_url = rabbit://openstack:RABBIT_PASS@controller
#RABBIT_PASS 기입
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
#NEUTRON_PASS 기입
[oslo_concurrency]
...(생략)
lock_path = /var/lib/neutron/tmp
wq
#저장
#셀프 네트워크 구성
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
#PROVIDER_INTERFACE_NAME에 인터넷과 연결된 NIC 기입
#ex) eno1
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
#OVERLAY_INTERFACE_IP_ADDRESS 해당 compute 서버의 ip 기입
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
wq
#저장
#네트워크 브리지 필터를 지원여부 확인
$ sysctl -a | grep net.bridge.bridge-nf-call-iptables
# 1이 출력되어야 정상
$ sysctl -a | grep net.bridge.bridge-nf-call-ip6tables
# 1이 출력되어야 정상
네트워킹 서비스를 사용하도록 Compute 서비스 구성
vi /etc/nova/nova.conf
auth_url = http://controller:5000/
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
#NEUTRON_PASS에 설정한 비밀번호 기입
#auth_url = 항목에서 끝에 '/' 추가
wq
#저장
설치 마무리
service nova-compute restart
#컴퓨팅 재시작
service neutron-linuxbridge-agent restart
#Linux 브리지 재시작
작동 확인
컨트롤러 노드
. admin-openrc
#어드민 권한 획득
openstack extension list --network
#뉴트론 서버 나열
+---------------------------+---------------------------+----------------------------+
| Name | Alias | Description |
+---------------------------+---------------------------+----------------------------+
| Default Subnetpools | default-subnetpools | Provides ability to mark |
| | | and use a subnetpool as |
| | | the default |
| Availability Zone | availability_zone | The availability zone |
| | | extension. |
| Network Availability Zone | network_availability_zone | Availability zone support |
| | | for network. |
| Port Binding | binding | Expose port bindings of a |
| | | virtual port to external |
| | | application |
| agent | agent | The agent management |
| | | extension. |
| Subnet Allocation | subnet_allocation | Enables allocation of |
| | | subnets from a subnet pool |
| DHCP Agent Scheduler | dhcp_agent_scheduler | Schedule networks among |
| | | dhcp agents |
| Neutron external network | external-net | Adds external network |
| | | attribute to network |
| | | resource. |
| Neutron Service Flavors | flavors | Flavor specification for |
| | | Neutron advanced services |
| Network MTU | net-mtu | Provides MTU attribute for |
| | | a network resource. |
| Network IP Availability | network-ip-availability | Provides IP availability |
| | | data for each network and |
| | | subnet. |
| Quota management support | quotas | Expose functions for |
| | | quotas management per |
| | | tenant |
| Provider Network | provider | Expose mapping of virtual |
| | | networks to physical |
| | | networks |
| Multi Provider Network | multi-provider | Expose mapping of virtual |
| | | networks to multiple |
| | | physical networks |
| Address scope | address-scope | Address scopes extension. |
| Subnet service types | subnet-service-types | Provides ability to set |
| | | the subnet service_types |
| | | field |
| Resource timestamps | standard-attr-timestamp | Adds created_at and |
| | | updated_at fields to all |
| | | Neutron resources that |
| | | have Neutron standard |
| | | attributes. |
| Neutron Service Type | service-type | API for retrieving service |
| Management | | providers for Neutron |
| | | advanced services |
| resources: subnet, | | more L2 and L3 resources. |
| subnetpool, port, router | | |
| Neutron Extra DHCP opts | extra_dhcp_opt | Extra options |
| | | configuration for DHCP. |
| | | For example PXE boot |
| | | options to DHCP clients |
| | | can be specified (e.g. |
| | | tftp-server, server-ip- |
| | | address, bootfile-name) |
| Resource revision numbers | standard-attr-revisions | This extension will |
| | | display the revision |
| | | number of neutron |
| | | resources. |
| Pagination support | pagination | Extension that indicates |
| | | that pagination is |
| | | enabled. |
| Sorting support | sorting | Extension that indicates |
| | | that sorting is enabled. |
| security-group | security-group | The security groups |
| | | extension. |
| RBAC Policies | rbac-policies | Allows creation and |
| | | modification of policies |
| | | that control tenant access |
| | | to resources. |
| standard-attr-description | standard-attr-description | Extension to add |
| | | descriptions to standard |
| | | attributes |
| Port Security | port-security | Provides port security |
| Allowed Address Pairs | allowed-address-pairs | Provides allowed address |
| | | pairs |
| project_id field enabled | project-id | Extension that indicates |
| | | that project_id field is |
| | | enabled. |
+---------------------------+---------------------------+----------------------------+
#출력값 (예시)
openstack network agent list
#network agent 나열
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| f49a4b81-afd6-4b3d-b923-66c8f0517099 | Metadata agent | controller | None | True | UP | neutron-metadata-agent |
| 27eee952-a748-467b-bf71-941e89846a92 | Linux bridge agent | controller | None | True | UP | neutron-linuxbridge-agent |
| 08905043-5010-4b87-bba5-aedb1956e27a | Linux bridge agent | compute1 | None | True | UP | neutron-linuxbridge-agent |
| 830344ff-dc36-4956-84f4-067af667a0dc | L3 agent | controller | nova | True | UP | neutron-l3-agent |
| dd3644c9-1a3a-435a-9282-eb306b4b0391 | DHCP agent | controller | nova | True | UP | neutron-dhcp-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
#출력값 (예시)
