OpenStack Pike

2017/09/03

Travaux de synthèse : Taylor VOLI

Volet 6
 2

OpenStack Pike : Neutron Network (VXLAN)

2017/09/04

Configure virtual networking by OpenStack Network Service (Neutron).

For example, configure VXLAN type of networking on here.
Before it, Configure basic settings on Control Node, Network Node, Compute Node.
Furthermore, this example is based on the environment that Network Node has 2 network
interfaces.
------------+---------------------------+--------------------------
-+------------
| |
|
eth0|10.0.0.30 eth0|10.0.0.50
eth0|10.0.0.51
+-----------+-----------+ +-----------+-----------+ +----------
-+-----------+
| [ Control Node ] | | [ Network Node ] | | [
Compute Node ] |
| | | | |
|
| MariaDB RabbitMQ | | Open vSwitch | |
Libvirt |
| Memcached httpd | | L2 Agent | | Nova
Compute |
| Keystone Glance | | L3 Agent | | Open
vSwitch |
| Nova API | | Metadata Agent | | L2
Agent |
| Neutron Server | | | |
|
| Metadata Agent | | | |
|
+-----------------------+ +-----------+-----------+ +----------
-------------+
|eth1

[1] Change settings on Control Node.

[root@dlp ~(keystone)]#
vi /etc/neutron/plugins/ml2/ml2_conf.ini
# line 115: add a value to tenant_network_types

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
vxlan
# line 166: add

[ml2_type_flat]
flat_networks = physnet1

2
 3

# line 220: add

[ml2_type_vxlan]
vni_ranges = 1:1000
[root@dlp ~(keystone)]#
systemctl restart neutron-server

[2] Change settings on Network Node.

# add bridge

[root@network ~]#
ovs-vsctl add-br br-eth1

# add eth1 to the port of the bridge above

[root@network ~]#
ovs-vsctl add-port br-eth1 eth1

[root@network ~]#
vi /etc/neutron/plugins/ml2/ml2_conf.ini
# line 115: add a value to tenant_network_types

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
vxlan
# line 166: add

[ml2_type_flat]
flat_networks = physnet1
# line 220: add

[ml2_type_vxlan]
vni_ranges = 1:1000
[root@network ~]#
vi /etc/neutron/plugins/ml2/openvswitch_agent.ini
# line 114: add

[agent]
tunnel_types = vxlan
l2_population = True
prevent_arp_spoofing = True
# line 182: add (specify IP address of this host for local_ip)

[ovs]

3
 4

local_ip = 10.0.0.50
bridge_mappings = physnet1:br-eth1
[root@network ~]#
for service in dhcp-agent l3-agent metadata-agent openvswitch-agent; do
systemctl restart neutron-$service
done
# if Firewalld is running, stop it

[root@network ~]#
systemctl stop firewalld

[root@network ~]#
systemctl disable firewalld

[3] Change settings on Compute Node.

[root@node01 ~]#
vi /etc/neutron/plugins/ml2/ml2_conf.ini
# line 115: add a value to tenant_network_types

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
vxlan
# line 166: add

[ml2_type_flat]
flat_networks = physnet1
# line 220: add

[ml2_type_vxlan]
vni_ranges = 1:1000
[root@node01 ~]#
vi /etc/neutron/plugins/ml2/openvswitch_agent.ini
# line 114: add

[agent]
tunnel_types = vxlan
l2_population = True
prevent_arp_spoofing = True
# line 182: add (specify IP address of this host for local_ip)

[ovs]
local_ip = 10.0.0.51
[root@node01 ~]#
systemctl restart neutron-openvswitch-agent
# if Firewalld is running, stop it

4
 5

[root@node01 ~]#
systemctl stop firewalld

[root@node01 ~]#
systemctl disable firewalld

[4] Create a Virtual router. It's OK to work on any node. (This example is on Control Node)
[root@dlp ~(keystone)]#
openstack router create router01

+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2017-09-06T07:49:37Z |
| description | |
| distributed | False |
| external_gateway_info | None |
| flavor_id | None |
| ha | False |
| id | 1408558e-f10e-4c37-af33-f302f048a44c |
| name | router01 |
| project_id | 09158bee8c6441519bf3a3743d936566 |
| revision_number | None |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2017-09-06T07:49:37Z |
+-------------------------+--------------------------------------+
[5] Create internal network and associate with the router above.
# create internal network

[root@dlp ~(keystone)]#
openstack network create int_net --provider-network-type vxlan

+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2017-09-06T07:49:58Z |
| description | |
| dns_domain | None |
| id | b70e8cdc-8c61-4a3b-8dfc-060cba8f82f9 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |

5
 6

| is_default | False |
| is_vlan_transparent | None |
| mtu | 1450 |
| name | int_net |
| port_security_enabled | True |
| project_id | 09158bee8c6441519bf3a3743d936566 |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | 89 |
| qos_policy_id | None |
| revision_number | 2 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2017-09-06T07:49:58Z |
+---------------------------+--------------------------------------+

# create subnet in the internal network

[root@dlp ~(keystone)]#
openstack subnet create subnet1 --network int_net \
--subnet-range 192.168.100.0/24 --gateway 192.168.100.1 \
--dns-nameserver 10.0.0.10

+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| allocation_pools | 192.168.100.2-192.168.100.254 |
| cidr | 192.168.100.0/24 |
| created_at | 2017-09-06T07:50:25Z |
| description | |
| dns_nameservers | 10.0.0.10 |
| enable_dhcp | True |
| gateway_ip | 192.168.100.1 |
| host_routes | |
| id | 3627d5d7-8196-469f-897e-2159f695052a |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | subnet1 |
| network_id | b70e8cdc-8c61-4a3b-8dfc-060cba8f82f9 |
| project_id | 09158bee8c6441519bf3a3743d936566 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2017-09-06T07:50:25Z |
| use_default_subnet_pool | None |
+-------------------------+--------------------------------------+

6
 7

# set internal network to the router above

[root@dlp ~(keystone)]#
openstack router add subnet router01 subnet1
[6] Create external network and associate with the router above.
# create external network

[root@dlp ~(keystone)]#
openstack network create \
--provider-physical-network physnet1 \
--provider-network-type flat --external ext_net

+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2017-09-06T07:51:02Z |
| description | |
| dns_domain | None |
| id | e27d7f02-773f-4e11-8aa9-e70ebc05ab76 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | ext_net |
| port_security_enabled | True |
| project_id | 09158bee8c6441519bf3a3743d936566 |
| provider:network_type | flat |
| provider:physical_network | physnet1 |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 3 |
| router:external | External |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2017-09-06T07:51:02Z |
+---------------------------+--------------------------------------+

# create subnet in external network

[root@dlp ~(keystone)]#
openstack subnet create subnet2 \
--network ext_net --subnet-range 10.0.0.0/24 \

7
 8

--allocation-pool start=10.0.0.200,end=10.0.0.254 \
--gateway 10.0.0.1 --dns-nameserver 10.0.0.10 --no-dhcp

+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| allocation_pools | 10.0.0.200-10.0.0.254 |
| cidr | 10.0.0.0/24 |
| created_at | 2017-09-06T07:51:24Z |
| description | |
| dns_nameservers | 10.0.0.10 |
| enable_dhcp | False |
| gateway_ip | 10.0.0.1 |
| host_routes | |
| id | 85f3a6a0-07ab-493d-91a3-cd60ecd908c7 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | subnet2 |
| network_id | e27d7f02-773f-4e11-8aa9-e70ebc05ab76 |
| project_id | 09158bee8c6441519bf3a3743d936566 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2017-09-06T07:51:24Z |
| use_default_subnet_pool | None |
+-------------------------+--------------------------------------+

# set gateway to the router above

[root@dlp ~(keystone)]#
openstack router set router01 --external-gateway ext_net

[7] Create and start Virtual machine Instance.

[root@dlp ~(keystone)]#
Int_Net_ID=`openstack network list | grep int_net | awk '{ print $2 }'`

[root@dlp ~(keystone)]#
openstack image list

+--------------------------------------+---------+--------+
| ID | Name | Status |
+--------------------------------------+---------+--------+
| 68132026-60aa-4afe-8976-398b0482cfd6 | CentOS7 | active |
+--------------------------------------+---------+--------+

# create a keypair

[root@dlp ~(keystone)]#

8
 9

ssh-keygen -q -N ""

Enter file in which to save the key (/root/.ssh/id_rsa):

# add the public key

[root@dlp ~(keystone)]#
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey

+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 35:15:20:3f:b9:51:9e:b3:91:41:6a:ac:91:30:3d:22 |
| name | mykey |
| user_id | 09d8dfa20e0f40eaae448d369943b195 |
+-------------+-------------------------------------------------+

[root@dlp ~(keystone)]#
openstack server create --flavor m1.small --image CentOS7 --security-group default --nic net-
id=$Int_Net_ID --key-name mykey CentOS_7
[root@dlp ~(keystone)]#
openstack server list

+--------------------------------------+----------+--------+-----------------------
+---------+----------+
| ID | Name | Status | Networks |
Image | Flavor |
+--------------------------------------+----------+--------+-----------------------
+---------+----------+
| 4f43ccb8-68b0-4406-9c4d-46990285cf8e | CentOS_7 | ACTIVE | int_net=192.168.100.7 |
CentOS7 | m1.small |
+--------------------------------------+----------+--------+-----------------------
+---------+----------+
[8] Assign floating IP address to the Instance above.
[root@dlp ~(keystone)]#
openstack floating ip create ext_net

+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2017-09-06T07:55:10Z |
| description | |
| fixed_ip_address | None |
| floating_ip_address | 10.0.0.201 |
| floating_network_id | e27d7f02-773f-4e11-8aa9-e70ebc05ab76 |
| id | af5feb8b-2d11-42ea-9ea4-f0df0886e255 |
| name | 10.0.0.201 |
| port_id | None |
| project_id | 09158bee8c6441519bf3a3743d936566 |
| revision_number | 0 |
| router_id | None |
| status | DOWN |

9
 10

| updated_at | 2017-09-06T07:55:10Z |
+---------------------+--------------------------------------+

[root@dlp ~(keystone)]#
openstack server add floating ip CentOS_7 10.0.0.201

# confirm settings

[root@dlp ~(keystone)]#
openstack floating ip show 10.0.0.201

+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2017-09-06T07:55:10Z |
| description | |
| fixed_ip_address | 192.168.100.7 |
| floating_ip_address | 10.0.0.201 |
| floating_network_id | e27d7f02-773f-4e11-8aa9-e70ebc05ab76 |
| id | af5feb8b-2d11-42ea-9ea4-f0df0886e255 |
| name | 10.0.0.201 |
| port_id | cf1722ca-84b9-4857-9791-dfa9fa71991a |
| project_id | 09158bee8c6441519bf3a3743d936566 |
| revision_number | 1 |
| router_id | 1408558e-f10e-4c37-af33-f302f048a44c |
| status | ACTIVE |
| updated_at | 2017-09-06T07:55:29Z |
+---------------------+--------------------------------------+

[root@dlp ~(keystone)]#
openstack server list

+-----------+----------+--------+-----------------------------------+---------+-----
-----+
| ID | Name | Status | Networks | Image |
Flavor |
+-----------+----------+--------+-----------------------------------+---------+-----
-----+
| 4f43ccb8- | CentOS_7 | ACTIVE | int_net=192.168.100.7, 10.0.0.201 | CentOS7 |
m1.small |
+-----------+----------+--------+-----------------------------------+---------+-----
-----+
[9] Configure security settings like follows to access with SSH and ICMP.
# permit ICMP

[root@dlp ~(keystone)]#
openstack security group rule create --protocol icmp --ingress default

+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+

10
 11

| created_at | 2017-09-06T07:56:43Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 912d420b-074e-4385-b0c9-6614ae0ccef6 |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 09158bee8c6441519bf3a3743d936566 |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 223c2ca2-ee19-45e8-8d90-24c785c69624 |
| updated_at | 2017-09-06T07:56:43Z |
+-------------------+--------------------------------------+

# permit SSH

[root@dlp ~(keystone)]#
openstack security group rule create --protocol tcp --dst-port 22:22 default

+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2017-09-06T07:56:57Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 1c12b037-2620-42a4-af36-b66016c06778 |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 09158bee8c6441519bf3a3743d936566 |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 223c2ca2-ee19-45e8-8d90-24c785c69624 |
| updated_at | 2017-09-06T07:56:57Z |
+-------------------+--------------------------------------+

[root@dlp ~(keystone)]#
openstack security group rule list

+--------------+-------------+-----------+------------+-----------------------------
+-------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group
| Security Group |
+--------------+-------------+-----------+------------+-----------------------------
+-------------------+
| 1c12b037-... | tcp | 0.0.0.0/0 | 22:22 | None
| 223c2ca2-ee19-... |

11
 12

| 4678dc3a-... | None | None | | 223c2ca2-ee19-45e8-8d90-...

| 223c2ca2-ee19-... |
| 46e00d97-... | None | None | | None
| 223c2ca2-ee19-... |
| 6c315c95-... | None | None | | 223c2ca2-ee19-45e8-8d90-...
| 223c2ca2-ee19-... |
| 7673b04c-... | None | None | | None
| 223c2ca2-ee19-... |
| 912d420b-... | icmp | 0.0.0.0/0 | | None
| 223c2ca2-ee19-... |
+--------------+-------------+-----------+------------+-----------------------------
+-------------------+
[10] It's possible to login to the Instance to connect to the IP address with SSH like follows.
[root@dlp ~(keystone)]#
openstack server list

+-----------+----------+--------+-----------------------------------+---------+-----
-----+
| ID | Name | Status | Networks | Image |
Flavor |
+-----------+----------+--------+-----------------------------------+---------+-----
-----+
| 4f43ccb8- | CentOS_7 | ACTIVE | int_net=192.168.100.7, 10.0.0.201 | CentOS7 |
m1.small |
+-----------+----------+--------+-----------------------------------+---------+-----
-----+

[root@dlp ~(keystone)]#
ssh [email protected]

The authenticity of host '10.0.0.201 (10.0.0.201)' can't be established.

ECDSA key fingerprint is 94:11:48:02:fa:62:ff:9c:c4:75:8f:eb:16:62:a9:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.201' (ECDSA) to the list of known hosts.
[centos@centos-7 ~]$
# just logined

12