OpenStack Icehouse : Neutron Networking#1
2014/05/23 |
Configure virtual networking by OpenStack Network Service (Neutron).
For example, configure simply flat networking.
Furthermore, this example is based on the environment that Network Node and Compute Node have 2 network interfaces.
Before it, Configure basic settings on Control Node, Network Node, Compute Node. | +-------------+ +----+----+ | Name Server | | Gateway | +------+------+ +----+----+ |10.0.0.10 |10.0.0.1 | | +------------+-----------------+------------------+ | | | | 10.0.0.200-10.0.0.250 eth0|10.0.0.30 | eth0|10.0.0.50 | +-----------------+ +--------+---------+ | +-----------+----------+ | +---| Virtual Machine | | [ Control Node ] | | | [ Network Node ] | | | +-----------------+ | Keystone | | | DHCP Agent | | | +-----------------+ | Glance | | | L3 Agent |eth1 | |---| Virtual Machine | | Nova API | | | L2 Agent | | | +-----------------+ | Neutron Server | | | Metadata Agent | | | +-----------------+ +------------------+ | +----------------------+ +-----+---| Virtual Machine | | | +-----------------+ | +----------------------+ | +-----------------+ | eth0| [ Compute Node ] | |---| Virtual Machine | +-----| Nova Compute |eth1 | +-----------------+ 10.0.0.51| L2 Agent | | +-----------------+ +----------------------+ +---| Virtual Machine | +-----------------+ |
[1] | Change settings like follows on both Network Node and Compute Node. |
root@network:~# ovs-vsctl add-br br-eth1 # add a bridge root@network:~# ovs-vsctl add-port br-eth1 eth1 # add eth1 to the port of the bridge above
root@network:~#
vi /etc/neutron/plugins/ml2/ml2_conf.ini # line 27: add [ml2_type_flat] flat_networks = physnet1
# add at the last line
[ovs]
bridge_mappings = physnet1:br-eth1 service neutron-plugin-openvswitch-agent restart neutron-plugin-openvswitch-agent stop/waiting neutron-plugin-openvswitch-agent start/running, process 5682 |
[2] | Create network. It's OK to work on any node. (This example is on Control Node) |
root@dlp ~(keystone)#
tenantID=`keystone tenant-list | grep service | awk '{print $2}'` # create network named "sharednet1" root@dlp ~(keystone)# neutron net-create --tenant-id $tenantID sharednet1 \ --shared --provider:network_type flat --provider:physical_network physnet1 Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 02d7350f-dc6e-4fdc-b47c-a88c5e51d442 | | name | sharednet1 | | provider:network_type | flat | | provider:physical_network | physnet1 | | provider:segmentation_id | | | shared | True | | status | ACTIVE | | subnets | | | tenant_id | 45fa65597c464d48a20be990f660a27b | +---------------------------+--------------------------------------+ # create subnet "10.0.0.0/24" in "sharednet1" root@dlp ~(keystone)# neutron subnet-create \ --tenant-id $tenantID --gateway 10.0.0.1 --dns-nameserver 10.0.0.10 \ --allocation-pool start=10.0.0.200,end=10.0.0.250 sharednet1 10.0.0.0/24 Created a new subnet: +------------------+----------------------------------------------+ | Field | Value | +------------------+----------------------------------------------+ | allocation_pools | {"start": "10.0.0.200", "end": "10.0.0.250"} | | cidr | 10.0.0.0/24 | | dns_nameservers | 10.0.0.10 | | enable_dhcp | True | | gateway_ip | 10.0.0.1 | | host_routes | | | id | b852ce6a-b1a0-4199-b7ee-50cfa835bc35 | | ip_version | 4 | | name | | | network_id | 02d7350f-dc6e-4fdc-b47c-a88c5e51d442 | | tenant_id | 45fa65597c464d48a20be990f660a27b | +------------------+----------------------------------------------+ # confirm settings root@dlp ~(keystone)# neutron net-list +-----------+------------+--------------------------------------------------+ | id | name | subnets | +-----------+------------+--------------------------------------------------+ | 02d7350f- | sharednet1 | b852ce6a-b1a0-4199-b7ee-50cfa835bc35 10.0.0.0/24 | +-----------+------------+--------------------------------------------------+ |
[3] | Create and start a Virtual machine Instance with the network just created above. |
root@dlp ~(keystone)# netID=`neutron net-list | grep sharednet1 | awk '{print $2}'` root@dlp ~(keystone)# nova image-list +--------------------------------------+-------------+--------+--------+ | ID | Name | Status | Server | +--------------------------------------+-------------+--------+--------+ | 98c7ba58-512f-4750-a0ff-3b892753f096 | Ubuntu14.04 | ACTIVE | | +--------------------------------------+-------------+--------+--------+
root@dlp ~(keystone)#
root@dlp ~(keystone)# nova boot --flavor 2 --image Ubuntu14.04 --security_group default --nic net-id=$netID Ubuntu_Trusty
nova list +-----------+---------------+--------+------------+-------------+-----------------------+ | ID | Name | Status | Task State | Power State | Networks | +-----------+---------------+--------+------------+-------------+-----------------------+ | 63d338b9- | Ubuntu_Trusty | ACTIVE | - | Running | sharednet1=10.0.0.200 | +-----------+---------------+--------+------------+-------------+-----------------------+ |
[4] | Configure security settings like follows to access with SSH and ICMP. |
# permit SSH root@dlp ~(keystone)# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | tcp | 22 | 22 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+ # permit ICMP root@dlp ~(keystone)# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | icmp | -1 | -1 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+root@dlp ~(keystone)# nova secgroup-list-rules default +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | tcp | 22 | 22 | 0.0.0.0/0 | | | icmp | -1 | -1 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+ |
[5] | Login to the Instance. |
root@dlp ~(keystone)# ssh trusty@10.0.0.200
The authenticity of host '10.0.0.200 (10.0.0.200)' can't be established.
* Documentation: https://help.ubuntu.com/ECDSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:af:3d:00. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.0.200' (ECDSA) to the list of known hosts. trusty@10.0.0.200's password: Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-24-generic x86_64) Last login: Thu May 15 21:11:26 2014 trusty@host-10-0-0-200:~$ # just logined |