VScaler: CIX Network Node OpenStack Installation - Neutron

From Define Wiki
Jump to navigation Jump to search

Neutron Network Services

  • 7_vscaler-networknode-neutron.sh
#!/bin/bash

# System prep notes
# - selinux disabled
# - firewalld running and allowing internal forwarding of traffic (compute nodes can access repos)
# - headnode /etc/hosts added entry for headnode, make sure the name 'controller' resolves the headnode also[root@head ~]# vi /etc/hosts
#   [root@head ~]# ping -c 1 controller
#   PING head.ohpc.keele.net (10.10.10.1) 56(84) bytes of data.
#   64 bytes from head.ohpc.keele.net (10.10.10.1): icmp_seq=1 ttl=64 time=0.082 ms
# - enable ntpd on compute nodes; systemctl enable  ntpd ; systemctl start  ntpd
# - disable the epel and ohpc repo 

# source the vscaler installation vars 
. vscaler-env.sh

# disable repos that will muck stuff up
yum-config-manager --disable epel epel-testing OpenHPC_1.0
# or with Ceph Installed
# yum-config-manager --disable epel epel-testing OpenHPC_1.0 Ceph Ceph-noarch Ceph-source 

# add the openstack liberty repo file 
yum -y install centos-release-openstack-liberty

# Setup the openstack client 
yum -y install python-openstackclient

# crudini will be used to update conf files
yum -y install crudini

#-------------------------
# setup neutron networking
#-------------------------

# setup ipforwarding
sysctl -w "net.ipv4.ip_forward=1"
sysctl -w "net.ipv4.conf.default.rp_filter=0"
sysctl -w "net.ipv4.conf.all.rp_filter=0"
sysctl -p

sleep 1

# install packages
yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset

# setup the config files 
crudini --set /etc/neutron/neutron.conf database connection mysql://neutron:$NEUTRON_DBPASS@controller/neutron
crudini --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins router
crudini --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
crudini --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
crudini --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
crudini --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
crudini --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password $RABBIT_PASS
crudini --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
crudini --del /etc/neutron/neutron.conf keystone_authtoken
crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_plugin password
crudini --set /etc/neutron/neutron.conf keystone_authtoken project_domain_id default
crudini --set /etc/neutron/neutron.conf keystone_authtoken user_domain_id default
crudini --set /etc/neutron/neutron.conf keystone_authtoken project_name service
crudini --set /etc/neutron/neutron.conf keystone_authtoken username neutron
crudini --set /etc/neutron/neutron.conf keystone_authtoken password $NEUTRON_PASS
crudini --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
crudini --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
crudini --set /etc/neutron/neutron.conf DEFAULT nova_url http://controller:8774/v2
crudini --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
crudini --set /etc/neutron/neutron.conf nova auth_plugin password
crudini --set /etc/neutron/neutron.conf nova project_domain_id default
crudini --set /etc/neutron/neutron.conf nova user_domain_id default
crudini --set /etc/neutron/neutron.conf nova region_name RegionOne
crudini --set /etc/neutron/neutron.conf nova project_name service
crudini --set /etc/neutron/neutron.conf nova username nova
crudini --set /etc/neutron/neutron.conf nova password $NOVA_PASS
crudini --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
crudini --set /etc/neutron/neutron.conf DEFAULT verbose True

# ml2 plugin config, layer 3 and dhcp
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan

# the linux bridge agent only supports vxlan overlay networks.
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks public
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True

# configure the linux bridge agent
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings public:$MY_EXT_INTERFACE
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan True
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip $MY_VXLAN_IP
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population True
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini agent prevent_arp_spoofing True
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

# configure the layer-3 agent
crudini --set /etc/neutron/l3_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
crudini --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge
crudini --set /etc/neutron/l3_agent.ini DEFAULT verbose True

# configure the dhcp agent
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT verbose True
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf

# create and set dhcp
touch /etc/neutron/dnsmasq-neutron.conf
echo "dhcp-option-force=26,1450" >> /etc/neutron/dnsmasq-neutron.conf

# config metadata
crudini --set /etc/neutron/metadata_agent.ini DEFAULT auth_uri http://controller:5000
crudini --set /etc/neutron/metadata_agent.ini DEFAULT auth_url http://controller:35357
crudini --set /etc/neutron/metadata_agent.ini DEFAULT auth_region RegionOne
crudini --set /etc/neutron/metadata_agent.ini DEFAULT auth_plugin password
crudini --set /etc/neutron/metadata_agent.ini DEFAULT project_domain_id default
crudini --set /etc/neutron/metadata_agent.ini DEFAULT user_domain_id default
crudini --set /etc/neutron/metadata_agent.ini DEFAULT project_name service
crudini --set /etc/neutron/metadata_agent.ini DEFAULT username neutron
crudini --set /etc/neutron/metadata_agent.ini DEFAULT password $NEUTRON_PASS
crudini --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip controller
crudini --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret $METADATA_SECRET
crudini --set /etc/neutron/metadata_agent.ini DEFAULT verbose True

# setup the plugin 
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

# NOTE: at this stage, the port being used for the neutron traffic is just UP with no IP defined. No bridge or anything. That will all be taken care of by the neutron service
# [root@node01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno2 
# DEVICE=eno2
# ONBOOT=yes
# MTU=1500
# BOOTPROTO=none

# setup the neutron services
sleep 1

systemctl enable neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-linuxbridge-agent.service neutron-dhcp-agent.service  neutron-metadata-agent.service

sleep 1

systemctl enable neutron-l3-agent.service
systemctl restart neutron-l3-agent.service

Problems

Neutron file permissions

  • For reasons unknown, various neutron related files and directories end up with random (and unusable) owners which prevent the various neutron services from working.
  • Firstly ensure /etc/passwd and /etc/group are synced with the OHPC headnode

On the OHPC headnode: 

[root@controller01 ~]# wwsh file sync

On the network node: 

[root@networknode01 ~]# /warewulf/bin/wwgetfiles
  • Confirm that the /etc/passwd and /etc/group local to the network node contain the neutron user/group:
[root@networknode01 ~]# grep neutron /etc/passwd
neutron:x:989:984:OpenStack Neutron Daemons:/var/lib/neutron:/sbin/nologin
[root@networknode01 ~]# grep neutron /etc/group
neutron:x:984:
  • Update file and directory permissions:
[root@networknode01 ~]# chown root:neutron /etc/neutron/neutron.conf /usr/share/neutron/neutron-dist.conf /usr/share/neutron/l3_agent/l3_agent.conf /etc/neutron/dhcp_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/metadata_agent.ini
[root@networknode01 ~]# chown -R neutron:neutron /var/log/neutron/
[root@networknode01 ~]# chown root:root /var/log/neutron/neutron-ns-metadata-proxy-*
[root@networknode01 ~]# chown root:neutron /etc/neutron/policy.json
[root@networknode01 ~]# chown neutron:neutron /var/lib/neutron/metadata_proxy
[root@networknode01 ~]# chown -R neutron:neutron /var/lib/neutron/
Retrieved from "http://wiki.define-technology.com/mediawiki-1.35.0/index.php?title=VScaler:_CIX_Network_Node_OpenStack_Installation_-_Neutron&oldid=15371"