OpenStack Newton : Neutron Network (FLAT)
2016/11/17 |
Configure virtual networking by OpenStack Network Service (Neutron).
For example, configure FLAT type of provider networking on here.
Furthermore, this example is based on the environment that Network Node and Compute Node have 2 network interfaces.
Before it, Configure basic settings on Control Node, Network Node, Compute Node. | +-------------+ +----+----+ | Name Server | | Gateway | +------+------+ +----+----+ |10.0.0.10 |10.0.0.1 | | +------------+-----------------+------------------+ | | | | 10.0.0.200-10.0.0.250 eth0|10.0.0.30 | eth0|10.0.0.50 | +-----------------+ +--------+---------+ | +-----------+----------+ | +---| Virtual Machine | | [ Control Node ] | | | [ Network Node ] | | | +-----------------+ | Keystone | | | DHCP Agent | | | +-----------------+ | Glance | | | L3 Agent |eth1 | |---| Virtual Machine | | Nova API | | | L2 Agent | | | +-----------------+ | Neutron Server | | | Metadata Agent | | | +-----------------+ +------------------+ | +----------------------+ +-----+---| Virtual Machine | | | +-----------------+ | +----------------------+ | +-----------------+ | eth0| [ Compute Node ] | |---| Virtual Machine | +-----| Nova Compute |eth1 | +-----------------+ 10.0.0.51| L2 Agent | | +-----------------+ +----------------------+ +---| Virtual Machine | +-----------------+ |
[1] | Change settings like follows on both Network Node and Compute Node. |
root@network:~#
vi /etc/neutron/plugins/ml2/ml2_conf.ini # line 154: add [ml2_type_flat]
flat_networks = physnet1
root@network:~#
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini # line 133: add [linux_bridge]
physical_interface_mappings = physnet1:eth1
# line 176: uncomment and change enable_vxlan = false
systemctl restart neutron-linuxbridge-agent |
[2] | Create network. It's OK to work on any node. (This example is on Control Node) |
root@dlp ~(keystone)#
tenantID=`openstack project list | grep service | awk '{print $2}'` # create network named "sharednet1" root@dlp ~(keystone)# neutron net-create --tenant-id $tenantID sharednet1 \ --shared --provider:network_type flat --provider:physical_network physnet1 Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2016-11-18T06:59:51Z | | description | | | id | f8ebfce4-3459-4f1a-9afc-2aa940e699fd | | ipv4_address_scope | | | ipv6_address_scope | | | mtu | 1500 | | name | sharednet1 | | port_security_enabled | True | | project_id | e2fed44089aa40dc88f5ae6ed9dfe915 | | provider:network_type | flat | | provider:physical_network | physnet1 | | provider:segmentation_id | | | revision_number | 3 | | router:external | False | | shared | True | | status | ACTIVE | | subnets | | | tags | | | tenant_id | e2fed44089aa40dc88f5ae6ed9dfe915 | | updated_at | 2016-11-18T06:59:51Z | +---------------------------+--------------------------------------+ # create subnet "10.0.0.0/24" in "sharednet1" root@dlp ~(keystone)# neutron subnet-create \ --tenant-id $tenantID --gateway 10.0.0.1 --allocation-pool start=10.0.0.200,end=10.0.0.250 \ --dns-nameserver 10.0.0.1 sharednet1 10.0.0.0/24 Created a new subnet: +-------------------+----------------------------------------------+ | Field | Value | +-------------------+----------------------------------------------+ | allocation_pools | {"start": "10.0.0.200", "end": "10.0.0.250"} | | cidr | 10.0.0.0/24 | | created_at | 2016-11-18T07:13:16Z | | description | | | dns_nameservers | 10.0.0.1 | | enable_dhcp | True | | gateway_ip | 10.0.0.1 | | host_routes | | | id | d1a496c3-6f7c-46d6-9c29-826fd8039512 | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | | | network_id | f8ebfce4-3459-4f1a-9afc-2aa940e699fd | | project_id | e2fed44089aa40dc88f5ae6ed9dfe915 | | revision_number | 2 | | service_types | | | subnetpool_id | | | tenant_id | e2fed44089aa40dc88f5ae6ed9dfe915 | | updated_at | 2016-11-18T07:13:16Z | +-------------------+----------------------------------------------+ # confirm settings root@dlp ~(keystone)# neutron net-list +--------------------------------+------------+--------------------------------+ | id | name | subnets | +--------------------------------+------------+--------------------------------+ | f8ebfce4-3459-4f1a-9afc- | sharednet1 | d1a496c3-6f7c- | | 2aa940e699fd | | 46d6-9c29-826fd8039512 | | | | 10.0.0.0/24 | +--------------------------------+------------+--------------------------------+ |
[3] | Create and start a Virtual machine Instance with the network just created above. |
root@dlp ~(keystone)# netID=`neutron net-list | grep sharednet1 | awk '{print $2}'` root@dlp ~(keystone)# openstack image list +--------------------------------------+------------+--------+ | ID | Name | Status | +--------------------------------------+------------+--------+ | 7d0cf100-6017-448c-9a6b-5bcf20d93f73 | Ubuntu1604 | active | +--------------------------------------+------------+--------+
root@dlp ~(keystone)#
root@dlp ~(keystone)# openstack server create --flavor m1.small --image Ubuntu1604 --security-group default --nic net-id=$netID Ubuntu_1604
openstack server list +--------------------+-------------+--------+---------------------+------------+ | ID | Name | Status | Networks | Image Name | +--------------------+-------------+--------+---------------------+------------+ | ac239720-867d-49d5 | Ubuntu_1604 | ACTIVE | sharednet1=10.0.0.2 | Ubuntu1604 | | -b8f5-1c387a5f95e0 | | | 07 | | +--------------------+-------------+--------+---------------------+------------+ |
[4] | Configure security settings like follows to access with SSH and ICMP. |
# permit ICMP root@dlp ~(keystone)# neutron security-group-rule-create --direction ingress --protocol icmp default Created a new security_group_rule: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2016-11-18T07:18:26Z | | description | | | direction | ingress | | ethertype | IPv4 | | id | 6580784f-03d5-441e-ba73-44347edf231c | | port_range_max | | | port_range_min | | | project_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | protocol | icmp | | remote_group_id | | | remote_ip_prefix | | | revision_number | 1 | | security_group_id | 6f9266c8-881f-42df-a071-5ee1858a28ed | | tenant_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | updated_at | 2016-11-18T07:18:26Z | +-------------------+--------------------------------------+ # permit SSH root@dlp ~(keystone)# neutron security-group-rule-create --direction ingress --protocol tcp --port_range_min 22 --port_range_max 22 default Created a new security_group_rule: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2016-11-18T07:18:41Z | | description | | | direction | ingress | | ethertype | IPv4 | | id | 832fea91-92cd-4da2-9a00-a6f2ff4881d6 | | port_range_max | 22 | | port_range_min | 22 | | project_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | protocol | tcp | | remote_group_id | | | remote_ip_prefix | | | revision_number | 1 | | security_group_id | 6f9266c8-881f-42df-a071-5ee1858a28ed | | tenant_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | updated_at | 2016-11-18T07:18:41Z | +-------------------+--------------------------------------+root@dlp ~(keystone)# neutron security-group-rule-list +------------+----------------+-----------+-----------+---------------+---------------+ | id | security_group | direction | ethertype | port/protocol | remote | +------------+----------------+-----------+-----------+---------------+---------------+ | 14bcbec0-3 | default | ingress | IPv4 | any | default | | 8e6-44df-8 | | | | | (group) | | 211-d8d61d | | | | | | | 97697a | | | | | | | 26fcb8ad- | default | ingress | IPv6 | any | default | | f6de-4264 | | | | | (group) | | -988f-b996 | | | | | | | f70976bb | | | | | | | 3a3ca4b0-4 | default | egress | IPv6 | any | any | | dba-4704-8 | | | | | | | 0e8-8df82c | | | | | | | 4a560f | | | | | | | 5a553435-3 | default | egress | IPv4 | any | any | | 059-4602-9 | | | | | | | 626-833fbb | | | | | | | 7e2d79 | | | | | | | 6580784f- | default | ingress | IPv4 | icmp | any | | 03d5-441e- | | | | | | | ba73-44347 | | | | | | | edf231c | | | | | | | 832fea91 | default | ingress | IPv4 | 22/tcp | any | | -92cd-4da2 | | | | | | | -9a00-a6f2 | | | | | | | ff4881d6 | | | | | | +------------+----------------+-----------+-----------+---------------+---------------+ |
[5] | Login to Instance. |
root@dlp ~(keystone)# ssh ubuntu@10.0.0.207
The authenticity of host '10.0.0.207 (10.0.0.207)' can't be established.
ECDSA key fingerprint is SHA256:SsoSJR8Mq6olDKmaKKcRhYhdGO9m6GXVhd3RFViSo+E.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.207' (ECDSA) to the list of known hosts.
ubuntu@10.0.0.207's password:
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-47-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Last login: Fri Nov 18 10:36:51 2016
ubuntu@localhost:~$ # just logined
|