UPDATE 03/05/2016
Inroduced in Kilo VLAN network type support for distributed virtual routers(DVR)
END UPDATE
Just a reminder in Juno and Kilo DVR was available for deployments using VXLAN tunneling and required l2population activation on all nodes. One of new features of Liberty is DVR compatibility with ML2&OVS&VLAN deployed landscapes. On RDO Liberty packstack doesn't play so nicely doing VLAN deployment as in case of VXLAN tunneling. Attempt to use old templates for answer file just does all configs properly only on Controller/Network Node.
However, it is not a problem replicate across Compute Nodes landscape required samples ifcfg-br-eth1,ifcfg-eth1 ( supporting VLAN vm/data network ) and openvswitch_agent.ini , what makes RDO Liberty system attractive not only in case VXLAN (GRE) tunneling deployments, but still pretty comfortable for VLAN setups.
I also have to notice that on RDO Kilo same answer-file does Compute
Nodes automatically and properly .
DVR setup on VLAN landscape is just easier then in case with VXLAN tunneling, l2population bringing up is not required
[root@ServerCentOS01 ~]# cat answerVLAN.txt
[general]
CONFIG_SSH_KEY=/root/.ssh/id_rsa.pub
CONFIG_DEFAULT_PASSWORD=
CONFIG_MARIADB_INSTALL=y
CONFIG_GLANCE_INSTALL=y
CONFIG_CINDER_INSTALL=y
CONFIG_MANILA_INSTALL=n
CONFIG_NOVA_INSTALL=y
CONFIG_NEUTRON_INSTALL=y
CONFIG_HORIZON_INSTALL=y
CONFIG_SWIFT_INSTALL=y
CONFIG_CEILOMETER_INSTALL=y
CONFIG_SAHARA_INSTALL=n
CONFIG_HEAT_INSTALL=n
CONFIG_TROVE_INSTALL=n
CONFIG_IRONIC_INSTALL=n
CONFIG_CLIENT_INSTALL=y
CONFIG_NTP_SERVERS=
CONFIG_NAGIOS_INSTALL=y
EXCLUDE_SERVERS=
CONFIG_DEBUG_MODE=n
CONFIG_CONTROLLER_HOST=192.169.142.127
CONFIG_COMPUTE_HOSTS=192.169.142.137,192.169.142.147
CONFIG_NETWORK_HOSTS=192.169.142.127
CONFIG_VMWARE_BACKEND=n
CONFIG_UNSUPPORTED=n
CONFIG_USE_SUBNETS=n
CONFIG_VCENTER_HOST=
CONFIG_VCENTER_USER=
CONFIG_VCENTER_PASSWORD=
CONFIG_VCENTER_CLUSTER_NAMES=
CONFIG_STORAGE_HOST=192.169.142.127
CONFIG_SAHARA_HOST=192.169.142.127
CONFIG_USE_EPEL=n
CONFIG_REPO=
CONFIG_ENABLE_RDO_TESTING=n
CONFIG_RH_USER=
CONFIG_SATELLITE_URL=
CONFIG_RH_PW=
CONFIG_RH_OPTIONAL=y
CONFIG_RH_PROXY=
CONFIG_RH_PROXY_PORT=
CONFIG_RH_PROXY_USER=
CONFIG_RH_PROXY_PW=
CONFIG_SATELLITE_USER=
CONFIG_SATELLITE_PW=
CONFIG_SATELLITE_AKEY=
CONFIG_SATELLITE_CACERT=
CONFIG_SATELLITE_PROFILE=
CONFIG_SATELLITE_FLAGS=
CONFIG_SATELLITE_PROXY=
CONFIG_SATELLITE_PROXY_USER=
CONFIG_SATELLITE_PROXY_PW=
CONFIG_SSL_CACERT_FILE=/etc/pki/tls/certs/selfcert.crt
CONFIG_SSL_CACERT_KEY_FILE=/etc/pki/tls/private/selfkey.key
CONFIG_SSL_CERT_DIR=~/packstackca/
CONFIG_SSL_CACERT_SELFSIGN=y
CONFIG_SELFSIGN_CACERT_SUBJECT_C=--
CONFIG_SELFSIGN_CACERT_SUBJECT_ST=State
CONFIG_SELFSIGN_CACERT_SUBJECT_L=City
CONFIG_SELFSIGN_CACERT_SUBJECT_O=openstack
CONFIG_SELFSIGN_CACERT_SUBJECT_OU=packstack
CONFIG_SELFSIGN_CACERT_SUBJECT_CN=ServerCentOS01.localdomain
CONFIG_SELFSIGN_CACERT_SUBJECT_MAIL=admin@ServerCentOS01.localdomain
CONFIG_AMQP_BACKEND=rabbitmq
CONFIG_AMQP_HOST=192.169.142.127
CONFIG_AMQP_ENABLE_SSL=n
CONFIG_AMQP_ENABLE_AUTH=n
CONFIG_AMQP_NSS_CERTDB_PW=PW_PLACEHOLDER
CONFIG_AMQP_AUTH_USER=amqp_user
CONFIG_AMQP_AUTH_PASSWORD=PW_PLACEHOLDER
CONFIG_MARIADB_HOST=192.169.142.127
CONFIG_MARIADB_USER=root
CONFIG_MARIADB_PW=66d38468ec974117
CONFIG_KEYSTONE_DB_PW=e678440a531c47fe
CONFIG_KEYSTONE_DB_PURGE_ENABLE=True
CONFIG_KEYSTONE_REGION=RegionOne
CONFIG_KEYSTONE_ADMIN_TOKEN=e1e05295c5554685b678c91ed83b10b1
CONFIG_KEYSTONE_ADMIN_EMAIL=root@localhost
CONFIG_KEYSTONE_ADMIN_USERNAME=admin
CONFIG_KEYSTONE_ADMIN_PW=89e47996c1c54577
CONFIG_KEYSTONE_DEMO_PW=22182b9b61fa4c89
CONFIG_KEYSTONE_API_VERSION=v2.0
CONFIG_KEYSTONE_TOKEN_FORMAT=UUID
CONFIG_KEYSTONE_SERVICE_NAME=httpd
CONFIG_KEYSTONE_IDENTITY_BACKEND=sql
CONFIG_KEYSTONE_LDAP_URL=ldap://192.169.142.127
CONFIG_KEYSTONE_LDAP_USER_DN=
CONFIG_KEYSTONE_LDAP_USER_PASSWORD=
CONFIG_KEYSTONE_LDAP_SUFFIX=
CONFIG_KEYSTONE_LDAP_QUERY_SCOPE=one
CONFIG_KEYSTONE_LDAP_PAGE_SIZE=-1
CONFIG_KEYSTONE_LDAP_USER_SUBTREE=
CONFIG_KEYSTONE_LDAP_USER_FILTER=
CONFIG_KEYSTONE_LDAP_USER_OBJECTCLASS=
CONFIG_KEYSTONE_LDAP_USER_ID_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_NAME_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_MAIL_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ENABLED_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ENABLED_MASK=-1
CONFIG_KEYSTONE_LDAP_USER_ENABLED_DEFAULT=TRUE
CONFIG_KEYSTONE_LDAP_USER_ENABLED_INVERT=n
CONFIG_KEYSTONE_LDAP_USER_ATTRIBUTE_IGNORE=
CONFIG_KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE=n
CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE=n
CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE=n
CONFIG_KEYSTONE_LDAP_USER_PASS_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ENABLED_EMULATION_DN=
CONFIG_KEYSTONE_LDAP_USER_ADDITIONAL_ATTRIBUTE_MAPPING=
CONFIG_KEYSTONE_LDAP_GROUP_SUBTREE=
CONFIG_KEYSTONE_LDAP_GROUP_FILTER=
CONFIG_KEYSTONE_LDAP_GROUP_OBJECTCLASS=
CONFIG_KEYSTONE_LDAP_GROUP_ID_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_NAME_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_MEMBER_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_DESC_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE=
CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE=n
CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE=n
CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE=n
CONFIG_KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING=
CONFIG_KEYSTONE_LDAP_USE_TLS=n
CONFIG_KEYSTONE_LDAP_TLS_CACERTDIR=
CONFIG_KEYSTONE_LDAP_TLS_CACERTFILE=
CONFIG_KEYSTONE_LDAP_TLS_REQ_CERT=demand
CONFIG_GLANCE_DB_PW=e695f8551e3d434c
CONFIG_GLANCE_KS_PW=ebdba320a904449e
CONFIG_GLANCE_BACKEND=file
CONFIG_CINDER_DB_PW=cfc234405cdf4181
CONFIG_CINDER_DB_PURGE_ENABLE=True
CONFIG_CINDER_KS_PW=ba8df890a6454866
CONFIG_CINDER_BACKEND=lvm
CONFIG_CINDER_VOLUMES_CREATE=y
CONFIG_CINDER_VOLUMES_SIZE=2G
CONFIG_CINDER_GLUSTER_MOUNTS=
CONFIG_CINDER_NFS_MOUNTS=
CONFIG_CINDER_NETAPP_LOGIN=
CONFIG_CINDER_NETAPP_PASSWORD=
CONFIG_CINDER_NETAPP_HOSTNAME=
CONFIG_CINDER_NETAPP_SERVER_PORT=80
CONFIG_CINDER_NETAPP_STORAGE_FAMILY=ontap_cluster
CONFIG_CINDER_NETAPP_TRANSPORT_TYPE=http
CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL=nfs
CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER=1.0
CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES=720
CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START=20
CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP=60
CONFIG_CINDER_NETAPP_NFS_SHARES=
CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG=/etc/cinder/shares.conf
CONFIG_CINDER_NETAPP_VOLUME_LIST=
CONFIG_CINDER_NETAPP_VFILER=
CONFIG_CINDER_NETAPP_PARTNER_BACKEND_NAME=
CONFIG_CINDER_NETAPP_VSERVER=
CONFIG_CINDER_NETAPP_CONTROLLER_IPS=
CONFIG_CINDER_NETAPP_SA_PASSWORD=
CONFIG_CINDER_NETAPP_ESERIES_HOST_TYPE=linux_dm_mp
CONFIG_CINDER_NETAPP_WEBSERVICE_PATH=/devmgr/v2
CONFIG_CINDER_NETAPP_STORAGE_POOLS=
CONFIG_MANILA_DB_PW=PW_PLACEHOLDER
CONFIG_MANILA_KS_PW=PW_PLACEHOLDER
CONFIG_MANILA_BACKEND=generic
CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS=false
CONFIG_MANILA_NETAPP_TRANSPORT_TYPE=https
CONFIG_MANILA_NETAPP_LOGIN=admin
CONFIG_MANILA_NETAPP_PASSWORD=
CONFIG_MANILA_NETAPP_SERVER_HOSTNAME=
CONFIG_MANILA_NETAPP_STORAGE_FAMILY=ontap_cluster
CONFIG_MANILA_NETAPP_SERVER_PORT=443
CONFIG_MANILA_NETAPP_AGGREGATE_NAME_SEARCH_PATTERN=(.*)
CONFIG_MANILA_NETAPP_ROOT_VOLUME_AGGREGATE=
CONFIG_MANILA_NETAPP_ROOT_VOLUME_NAME=root
CONFIG_MANILA_NETAPP_VSERVER=
CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS=true
CONFIG_MANILA_GENERIC_VOLUME_NAME_TEMPLATE=manila-share-%s
CONFIG_MANILA_GENERIC_SHARE_MOUNT_PATH=/shares
CONFIG_MANILA_SERVICE_IMAGE_LOCATION=https://www.dropbox.com/s/vi5oeh10q1qkckh/ubuntu_1204_nfs_cifs.qcow2
CONFIG_MANILA_SERVICE_INSTANCE_USER=ubuntu
CONFIG_MANILA_SERVICE_INSTANCE_PASSWORD=ubuntu
CONFIG_MANILA_NETWORK_TYPE=neutron
CONFIG_MANILA_NETWORK_STANDALONE_GATEWAY=
CONFIG_MANILA_NETWORK_STANDALONE_NETMASK=
CONFIG_MANILA_NETWORK_STANDALONE_SEG_ID=
CONFIG_MANILA_NETWORK_STANDALONE_IP_RANGE=
CONFIG_MANILA_NETWORK_STANDALONE_IP_VERSION=4
CONFIG_MANILA_GLUSTERFS_SERVERS=
CONFIG_MANILA_GLUSTERFS_NATIVE_PATH_TO_PRIVATE_KEY=
CONFIG_MANILA_GLUSTERFS_VOLUME_PATTERN=
CONFIG_MANILA_GLUSTERFS_TARGET=
CONFIG_MANILA_GLUSTERFS_MOUNT_POINT_BASE=
CONFIG_MANILA_GLUSTERFS_NFS_SERVER_TYPE=gluster
CONFIG_MANILA_GLUSTERFS_PATH_TO_PRIVATE_KEY=
CONFIG_MANILA_GLUSTERFS_GANESHA_SERVER_IP=
CONFIG_IRONIC_DB_PW=PW_PLACEHOLDER
CONFIG_IRONIC_KS_PW=PW_PLACEHOLDER
CONFIG_NOVA_DB_PURGE_ENABLE=True
CONFIG_NOVA_DB_PW=48db80033113424c
CONFIG_NOVA_KS_PW=04750d997f7b4cd0
CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO=16.0
CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO=1.5
CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL=tcp
CONFIG_NOVA_COMPUTE_MANAGER=nova.compute.manager.ComputeManager
CONFIG_VNC_SSL_CERT=
CONFIG_VNC_SSL_KEY=
CONFIG_NOVA_PCI_ALIAS=
CONFIG_NOVA_PCI_PASSTHROUGH_WHITELIST=
CONFIG_NOVA_COMPUTE_PRIVIF=eth1
CONFIG_NOVA_NETWORK_MANAGER=nova.network.manager.FlatDHCPManager
CONFIG_NOVA_NETWORK_PUBIF=eth0
CONFIG_NOVA_NETWORK_PRIVIF=eth1
CONFIG_NOVA_NETWORK_FIXEDRANGE=192.168.32.0/22
CONFIG_NOVA_NETWORK_FLOATRANGE=10.3.4.0/22
CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP=n
CONFIG_NOVA_NETWORK_VLAN_START=100
CONFIG_NOVA_NETWORK_NUMBER=1
CONFIG_NOVA_NETWORK_SIZE=255
CONFIG_NEUTRON_KS_PW=3549700b2072492f
CONFIG_NEUTRON_DB_PW=2896cb32038040d1
CONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex
CONFIG_NEUTRON_METADATA_PW=8a5ceeb9f9264e7c
CONFIG_LBAAS_INSTALL=n
CONFIG_NEUTRON_METERING_AGENT_INSTALL=n
CONFIG_NEUTRON_FWAAS=n
CONFIG_NEUTRON_VPNAAS=n
CONFIG_NEUTRON_ML2_TYPE_DRIVERS=vlan,flat
CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=vlan
CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS=openvswitch
CONFIG_NEUTRON_ML2_FLAT_NETWORKS=*
CONFIG_NEUTRON_ML2_VLAN_RANGES=physnet1:100:200
CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES=
CONFIG_NEUTRON_ML2_VXLAN_GROUP=
CONFIG_NEUTRON_ML2_VNI_RANGES=
CONFIG_NEUTRON_L2_AGENT=openvswitch
CONFIG_NEUTRON_ML2_SUPPORTED_PCI_VENDOR_DEVS=['15b3:1004', '8086:10ca']
CONFIG_NEUTRON_ML2_SRIOV_AGENT_REQUIRED=n
CONFIG_NEUTRON_ML2_SRIOV_INTERFACE_MAPPINGS=
CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS=
CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet1:br-eth1
CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-eth1:eth1
CONFIG_NEUTRON_OVS_TUNNEL_IF=
# CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS=12.0.0.0/24
CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT=4789
CONFIG_HORIZON_SSL=n
CONFIG_HORIZON_SECRET_KEY=70c8f53f8a1948768d432c11bbffe94a
CONFIG_HORIZON_SSL_CERT=
CONFIG_HORIZON_SSL_KEY=
CONFIG_HORIZON_SSL_CACERT=
CONFIG_SWIFT_KS_PW=2ad1d724dc6d4764
CONFIG_SWIFT_STORAGES=
CONFIG_SWIFT_STORAGE_ZONES=1
CONFIG_SWIFT_STORAGE_REPLICAS=1
CONFIG_SWIFT_STORAGE_FSTYPE=ext4
CONFIG_SWIFT_HASH=038b40edd19f4251
CONFIG_SWIFT_STORAGE_SIZE=20G
CONFIG_HEAT_DB_PW=PW_PLACEHOLDER
CONFIG_HEAT_AUTH_ENC_KEY=c863b530aaa24240
CONFIG_HEAT_KS_PW=PW_PLACEHOLDER
CONFIG_HEAT_CLOUDWATCH_INSTALL=n
CONFIG_HEAT_CFN_INSTALL=n
CONFIG_HEAT_DOMAIN=heat
CONFIG_HEAT_DOMAIN_ADMIN=heat_admin
CONFIG_HEAT_DOMAIN_PASSWORD=PW_PLACEHOLDER
CONFIG_PROVISION_DEMO=y
CONFIG_PROVISION_TEMPEST=n
CONFIG_PROVISION_DEMO_FLOATRANGE=172.24.4.224/28
CONFIG_PROVISION_IMAGE_NAME=cirros
CONFIG_PROVISION_IMAGE_URL=http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img
CONFIG_PROVISION_IMAGE_FORMAT=qcow2
CONFIG_PROVISION_IMAGE_SSH_USER=cirros
CONFIG_PROVISION_TEMPEST_USER=
CONFIG_PROVISION_TEMPEST_USER_PW=PW_PLACEHOLDER
CONFIG_PROVISION_TEMPEST_FLOATRANGE=172.24.4.224/28
CONFIG_PROVISION_TEMPEST_REPO_URI=https://github.com/openstack/tempest.git
CONFIG_PROVISION_TEMPEST_REPO_REVISION=master
CONFIG_PROVISION_OVS_BRIDGE=y
CONFIG_CEILOMETER_SECRET=8b362a1d225a472d
CONFIG_CEILOMETER_KS_PW=92bb4ec7c7584e18
CONFIG_CEILOMETER_COORDINATION_BACKEND=redis
CONFIG_MONGODB_HOST=192.169.142.127
CONFIG_REDIS_MASTER_HOST=192.169.142.127
CONFIG_REDIS_PORT=6379
CONFIG_REDIS_HA=n
CONFIG_REDIS_SLAVE_HOSTS=
CONFIG_REDIS_SENTINEL_HOSTS=
CONFIG_REDIS_SENTINEL_CONTACT_HOST=
CONFIG_REDIS_SENTINEL_PORT=26379
CONFIG_REDIS_SENTINEL_QUORUM=2
CONFIG_REDIS_MASTER_NAME=mymaster
CONFIG_SAHARA_DB_PW=PW_PLACEHOLDER
CONFIG_SAHARA_KS_PW=PW_PLACEHOLDER
CONFIG_TROVE_DB_PW=PW_PLACEHOLDER
CONFIG_TROVE_KS_PW=PW_PLACEHOLDER
CONFIG_TROVE_NOVA_USER=trove
CONFIG_TROVE_NOVA_TENANT=services
CONFIG_TROVE_NOVA_PW=PW_PLACEHOLDER
CONFIG_NAGIOS_PW=c5b1af910c094f3a
Controller would be done OK. Files generated may serve as samples
for Compute Nodes
******************************************************************************************
Compute Node requires manual updates. Copy over from Controller ifcfg-br-eth1 OVS bridge and ifcfg-eth1 OVS port , /etc/neutron/plugins/ml2neutron_ovsagent.ini,/etc/neutron/plugins/ml2/ml2_conf.ini to Compute Nodes
******************************************************************************************
Create symlink pluging.ini under /etc/neutron
[root@ServerCentOS02 neutron(keystone_admin)]# ls -l
total 80
drwxr-xr-x. 10 root root 4096 Mar 1 22:12 conf.d
-rw-r-----. 1 root neutron 4476 Dec 7 18:53 dhcp_agent.ini
-rw-r-----. 1 root neutron 5537 Dec 7 18:53 l3_agent.ini
-rw-r-----. 1 root neutron 2600 Dec 7 18:53 metadata_agent.ini
-rw-r-----. 1 root neutron 37034 Mar 1 22:12 neutron.conf
lrwxrwxrwx. 1 root root 37 Mar 1 22:38 plugin.ini -> /etc/neutron/plugins/ml2/ml2_conf.ini
drwxr-xr-x. 3 root root 16 Mar 1 22:12 plugins
-rw-r-----. 1 root neutron 9486 Dec 7 18:53 policy.json
-rw-r--r--. 1 root root 1195 Dec 7 18:53 rootwrap.conf
[root@ServerCentOS02 neutron(keystone_admin)]# cat plugin.ini | grep -v ^#|grep -v ^$
[ml2]
type_drivers = vlan,flat
tenant_network_types = vlan
mechanism_drivers =openvswitch
path_mtu = 0
[ml2_type_flat]
flat_networks =*
[ml2_type_vlan]
network_vlan_ranges =physnet1:100:200
[ml2_type_gre]
[ml2_type_vxlan]
[ml2_type_geneve]
[securitygroup]
enable_security_group = True
***********************************************************************************
Update local_ip in openvswitch_agent.ini corresondently on 192.169.142.137
and 192.169.142.147
***********************************************************************************
[root@ServerCentOS02 ml2(keystone_admin)]# cat openvswitch_agent.ini | grep -v ^# | grep -v ^$
[ovs]
network_vlan_ranges = physnet1:100:200
tenant_network_type = vlan
enable_tunneling = False
integration_bridge = br-int
bridge_mappings = physnet1:br-eth1
local_ip = 192.168.1.137
[agent]
polling_interval = 2
l2_population = False
arp_responder = False
prevent_arp_spoofing = True
enable_distributed_routing = False
drop_flows_on_start=False
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
*******************************************************************
Copy over from Controller following ifcfg-* files ,
support VLAN tagged vm/data network connection from
Compute to Controller and vice/versa
*******************************************************************
[root@ServerCentOS02 network-scripts(keystone_admin)]# cat ifcfg-br-eth1
ONBOOT=yes
NM_CONTROLLED=no
DEVICE=br-eth1
DEVICETYPE=ovs
OVSBOOTPROTO=none
TYPE=OVSBridge
[root@ServerCentOS02 network-scripts(keystone_admin)]# cat ifcfg-eth1
DEVICE=eth1
DEVICETYPE=ovs
TYPE=OVSPort
OVS_BRIDGE=br-eth1
ONBOOT=yes
BOOTPROTO=none
************************************
When done on each Compute Node
************************************
Run script
#!/bin/bash -x
chkconfig network on ;
systemctl stop NetworkManager ;
systemctl disable NetworkManager ;
service network restart
Followed by `openstack-service restart` and Node reboot.
Afterwards `ovs-vsctl show` would look like ( on Compute )
[root@ServerCentOS02 ~(keystone_admin)]# ovs-vsctl show
58d168ad-6076-409d-8d61-0f2ca1481da8
Bridge "br-eth1"
Port "eth1"
Interface "eth1"
Port "br-eth1"
Interface "br-eth1"
type: internal
Port "phy-br-eth1"
Interface "phy-br-eth1"
type: patch
options: {peer="int-br-eth1"}
Bridge br-int
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port "int-br-eth1"
Interface "int-br-eth1"
type: patch
options: {peer="phy-br-eth1"}
Port "qvode5c08bd-cf"
tag: 1
Interface "qvode5c08bd-cf"
ovs_version: "2.4.0"
**********************************************************
Controller status right after packstack completion
**********************************************************
[root@ServerCentOS01 neutron(keystone_admin)]# ls -l
total 84
-rw-r-----. 1 root root 182 Mar 1 22:12 api-paste.ini
drwxr-xr-x. 10 root root 4096 Mar 1 22:12 conf.d
-rw-r-----. 1 root neutron 4867 Mar 1 22:12 dhcp_agent.ini
-rw-r-----. 1 root neutron 5856 Mar 1 22:12 l3_agent.ini
-rw-r-----. 1 root neutron 2838 Mar 1 22:12 metadata_agent.ini
-rw-r-----. 1 root neutron 37747 Mar 1 22:12 neutron.conf
lrwxrwxrwx. 1 root root 37 Mar 1 22:12 plugin.ini -> /etc/neutron/plugins/ml2/ml2_conf.ini
drwxr-xr-x. 3 root root 16 Mar 1 22:12 plugins
-rw-r-----. 1 root neutron 9486 Dec 7 18:53 policy.json
-rw-r--r--. 1 root root 1195 Dec 7 18:53 rootwrap.conf
[root@ServerCentOS01 neutron(keystone_admin)]# cat plugin.ini | grep -v ^$|grep -v ^#
[ml2]
type_drivers = vlan,flat
tenant_network_types = vlan
mechanism_drivers =openvswitch
path_mtu = 0
[ml2_type_flat]
flat_networks =*
[ml2_type_vlan]
network_vlan_ranges =physnet1:100:200
[ml2_type_gre]
[ml2_type_vxlan]
[ml2_type_geneve]
[securitygroup]
enable_security_group = True
[root@ServerCentOS01 neutron(keystone_admin)]# cd plugins/ml2
[root@ServerCentOS01 ml2(keystone_admin)]# pwd
/etc/neutron/plugins/ml2
[root@ServerCentOS01 ml2(keystone_admin)]# cat openvswitch_agent.ini | grep -v ^$|grep -v ^#
[ovs]
integration_bridge = br-int
local_ip = 192.169.142.127
bridge_mappings =physnet1:br-eth1
enable_tunneling=False
[agent]
polling_interval = 2
l2_population = False
arp_responder = False
prevent_arp_spoofing = True
enable_distributed_routing = False
drop_flows_on_start=False
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[root@ServerCentOS01 ~]# ovs-vsctl show
5f4d0aa9-049c-4522-a6bf-4c10ba12dcc2
Bridge br-ex
Port br-ex
Interface br-ex
type: internal
Port "eth0"
Interface "eth0"
Port "qg-a1a797a9-9b"
Interface "qg-a1a797a9-9b"
type: internal
Bridge br-int
fail_mode: secure
Port "tap35d4e073-fd"
tag: 1
Interface "tap35d4e073-fd"
type: internal
Port "tap257a060c-22"
tag: 2
Interface "tap257a060c-22"
type: internal
Port br-int
Interface br-int
type: internal
Port "qr-71a634e2-2b"
tag: 2
Interface "qr-71a634e2-2b"
type: internal
Port "int-br-eth1"
Interface "int-br-eth1"
type: patch
options: {peer="phy-br-eth1"}
Bridge "br-eth1"
Port "br-eth1"
Interface "br-eth1"
type: internal
Port "phy-br-eth1"
Interface "phy-br-eth1"
type: patch
options: {peer="int-br-eth1"}
Port "eth1"
Interface "eth1"
ovs_version: "2.4.0"
*******************
DVR SETUP
*******************
On Controller (X=2) and Computes X=(3,4) update :-
# cat ifcfg-br-ex
DEVICE="br-ex"
BOOTPROTO="static"
IPADDR="192.169.142.1(X)7"
NETMASK="255.255.255.0"
DNS1="83.221.202.254"
BROADCAST="192.169.142.255"
GATEWAY="192.169.142.1"
NM_CONTROLLED="no"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="yes"
IPV6INIT=no
ONBOOT="yes"
TYPE="OVSIntPort"
OVS_BRIDGE=br-ex
DEVICETYPE="ovs"
# cat ifcfg-eth0
DEVICE="eth0"
ONBOOT="yes"
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE=br-ex
NM_CONTROLLED=no
IPV6INIT=no
Followed by `service network restart`
*****************************************
On Controller update neutron.conf
*****************************************
router_distributed = True
dvr_base_mac = fa:16:3f:00:00:00
[root@ip-192-169-142-127 neutron(keystone_admin)]# cat l3_agent.ini | grep -v ^#| grep -v ^$
[DEFAULT]
debug = False
interface_driver =neutron.agent.linux.interface.OVSInterfaceDriver
handle_internal_only_routers = True
external_network_bridge = br-ex
metadata_port = 9697
send_arp_for_ha = 3
periodic_interval = 40
periodic_fuzzy_delay = 5
enable_metadata_proxy = True
router_delete_namespaces = False
agent_mode = dvr_snat
[AGENT]
Followed by `openstack-service restart` and status verification
*********************************
On each Compute Node
*********************************
[root@ip-192-169-142-147 neutron]# cat l3_agent.ini | grep -v ^#| grep -v ^$
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
agent_mode = dvr
[AGENT]
Replicate metadata_agent.ini from Controller/Network Node to
all Compute Nodes on your landscape
************************************************************************************
plugin.ini which is symlink to /etc/neutron/plugins/ml2/ml2_conf.ini
stays the same
************************************************************************************
[root@ServerCentOS02 neutron(keystone_admin)]# cat plugin.ini | grep -v ^#|grep -v ^$
[ml2]
type_drivers = vlan,flat
tenant_network_types = vlan
mechanism_drivers =openvswitch
path_mtu = 0
[ml2_type_flat]
flat_networks =*
[ml2_type_vlan]
network_vlan_ranges =physnet1:100:200
[ml2_type_gre]
[ml2_type_vxlan]
[ml2_type_geneve]
[securitygroup]
enable_security_group = True
**********************************************
One update to openvswitch_agent.ini
**********************************************
[root@ServerCentOS02 ml2(keystone_admin)]# cat openvswitch_agent.ini | grep -v ^# | grep -v ^$
[ovs]
network_vlan_ranges = physnet1:100:200
tenant_network_type = vlan
enable_tunneling = False
integration_bridge = br-int
bridge_mappings = physnet1:br-eth1
local_ip = 192.168.1.137
[agent]
polling_interval = 2
l2_population = False
arp_responder = False
prevent_arp_spoofing = True
enable_distributed_routing =True <== here
drop_flows_on_start=False
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
**********************************************************************************
On each Compute node neutron-l3-agent and neutron-metadata-agent are
supposed to be started via script
**********************************************************************************
#!/bin/bash -x
yum install openstack-neutron-ml2 -y ;
systemctl start neutron-l3-agent ;
systemctl start neutron-metadata-agent ;
systemctl restart neutron-openvswitch-agent ;
systemctl enable neutron-l3-agent ;
systemctl enable neutron-metadata-agent
****************************************************************
Followed by `openstack-service restart` and status verification
for each Compute Node
****************************************************************
[root@ServerCentOS02 ~]# openstack-status
== Nova services ==
openstack-nova-api: inactive (disabled on boot)
openstack-nova-compute: active
openstack-nova-network: inactive (disabled on boot)
openstack-nova-scheduler: inactive (disabled on boot)
== neutron services ==
neutron-server: inactive (disabled on boot)
neutron-dhcp-agent: inactive (disabled on boot)
neutron-l3-agent: active
neutron-metadata-agent: active
neutron-openvswitch-agent: active
== Ceilometer services ==
openstack-ceilometer-api: inactive (disabled on boot)
openstack-ceilometer-central: inactive (disabled on boot)
openstack-ceilometer-compute: active
openstack-ceilometer-collector: inactive (disabled on boot)
== Support services ==
openvswitch: active
dbus: active
Warning novarc not sourced
[root@ServerCentOS02 ~]# ovs-vsctl show
58d168ad-6076-409d-8d61-0f2ca1481da8
Bridge "br-eth1"
Port "phy-br-eth1"
Interface "phy-br-eth1"
type: patch
options: {peer="int-br-eth1"} <======veth pair
Port "br-eth1"
Interface "br-eth1"
type: internal
Port "eth1"
Interface "eth1"
Bridge br-ex
Port "eth0"
Interface "eth0"
Port br-ex
Interface br-ex
type: internal
Port "fg-3400fce2-f3"
Interface "fg-3400fce2-f3"
type: internal
Bridge br-int
fail_mode: secure
Port "qvo860a1d40-2c"
tag: 1
Interface "qvo860a1d40-2c"
Port br-int
Interface br-int
type: internal
Port "qr-95a16271-1a"
tag: 1
Interface "qr-95a16271-1a"
type: internal
Port "int-br-eth1"
Interface "int-br-eth1"
type: patch
options: {peer="phy-br-eth1"} <======veth pair
Port "qvof1a54ff1-9b"
tag: 1
Interface "qvof1a54ff1-9b"
ovs_version: "2.4.0"
Testing VM with FIP 192.169.142.164 rinnig on another Compute Node
*********************************************
Neutron work flow Controller
*********************************************
[root@ServerCentOS01 ~(keystone_admin)]# ovs-ofctl dump-flows br-eth1| grep NORMAL
cookie=0x0, duration=9250.016s, table=0, n_packets=5, n_bytes=260, idle_age=9241, priority=0 actions=NORMAL
cookie=0x0, duration=9239.547s, table=2, n_packets=3, n_bytes=126, idle_age=9234, priority=4,in_port=2,dl_vlan=1 actions=mod_vlan_vid:106,NORMAL
cookie=0x0, duration=9239.523s, table=2, n_packets=0, n_bytes=0, idle_age=9239, priority=4,in_port=2,dl_vlan=2 actions=mod_vlan_vid:182,NORMAL
cookie=0x0, duration=9239.432s, table=2, n_packets=76, n_bytes=16883, idle_age=1825, priority=4,in_port=2,dl_vlan=3 actions=mod_vlan_vid:180,NORMAL
cookie=0x0, duration=9240.182s, table=3, n_packets=4783, n_bytes=259509, idle_age=1, priority=1 actions=NORMAL
[root@ServerCentOS01 ~(keystone_admin)]# ovs-ofctl dump-flows br-int| grep NORMAL
cookie=0xa5bb54579234857d, duration=9258.450s, table=0, n_packets=0, n_bytes=0, idle_age=9258, priority=3,in_port=1,dl_vlan=106 actions=mod_vlan_vid:1,NORMAL
cookie=0xa5bb54579234857d, duration=9258.407s, table=0, n_packets=0, n_bytes=0, idle_age=9258, priority=3,in_port=1,dl_vlan=182 actions=mod_vlan_vid:2,NORMAL
cookie=0xa5bb54579234857d, duration=9258.333s, table=0, n_packets=111, n_bytes=13103, idle_age=1840, priority=3,in_port=1,dl_vlan=180 actions=mod_vlan_vid:3,NORMAL
cookie=0xa5bb54579234857d, duration=9269.283s, table=0, n_packets=0, n_bytes=0, idle_age=9269, priority=0 actions=NORMAL
cookie=0xa5bb54579234857d, duration=9259.178s, table=0, n_packets=101, n_bytes=18909, idle_age=1844, priority=1 actions=NORMAL
Compare numbers on br-eth1 ( connecting Compute and Controller ) and external bridge br-ex ( local to particular Compute Node)
*********************************************
Neutron work flow Compute 1
*********************************************
[root@ServerCentOS01 ~(keystone_admin)]# ssh 192.169.142.137
Last login: Fri Mar 4 15:30:56 2016 from ip-192-169-142-127.ip.secureserver.net
[root@ServerCentOS02 ~]# ovs-ofctl dump-flows br-eth1 | grep NORMAL
cookie=0x0, duration=9333.056s, table=0, n_packets=0, n_bytes=0, idle_age=9333, priority=0 actions=NORMAL
cookie=0x0, duration=8878.554s, table=2, n_packets=112, n_bytes=12791, idle_age=1858, priority=4,in_port=2,dl_vlan=1 actions=mod_vlan_vid:180,NORMAL
cookie=0x0, duration=9332.902s, table=3, n_packets=4770, n_bytes=256299, idle_age=0, priority=1 actions=NORMAL
[root@ServerCentOS02 ~]# ovs-ofctl dump-flows br-int | grep NORMAL
cookie=0xb29237804b1bf15f, duration=8886.372s, table=0, n_packets=46, n_bytes=7219, idle_age=1870, priority=3,in_port=1,dl_vlan=180 actions=mod_vlan_vid:1,NORMAL
cookie=0xb29237804b1bf15f, duration=9340.926s, table=0, n_packets=0, n_bytes=0, idle_age=9340, priority=0 actions=NORMAL
cookie=0xb29237804b1bf15f, duration=9340.746s, table=0, n_packets=4906525, n_bytes=4998841358, idle_age=0, priority=1 actions=NORMAL
cookie=0xb29237804b1bf15f, duration=8886.340s, table=24, n_packets=0, n_bytes=0, idle_age=8886, priority=2,icmp6,in_port=3,icmp_type=136,nd_target=fe80::f816:3eff:fe77:fd3c actions=NORMAL
cookie=0xb29237804b1bf15f, duration=7998.122s, table=24, n_packets=0, n_bytes=0, idle_age=7998, priority=2,icmp6,in_port=5,icmp_type=136,nd_target=fe80::f816:3eff:fe91:1446 actions=NORMAL
cookie=0xb29237804b1bf15f, duration=8886.323s, table=24, n_packets=3, n_bytes=126, idle_age=8875, priority=2,arp,in_port=3,arp_spa=70.0.0.15 actions=NORMAL
cookie=0xb29237804b1bf15f, duration=7998.113s, table=24, n_packets=53, n_bytes=2226, idle_age=3, priority=2,arp,in_port=5,arp_spa=70.0.0.17 actions=NORMAL
[root@ServerCentOS02 ~]# ovs-ofctl dump-flows br-ex
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=12992.545s, table=0, n_packets=6096113, n_bytes=6160846107, idle_age=0, priority=0 actions=NORMAL
*********************************************
Neutron work flow Compute 2
*********************************************
[root@ServerCentOS02 ~]# ssh 192.169.142.147
root@192.169.142.147's password:
Last login: Fri Mar 4 15:31:43 2016 from ip-192-169-142-137.ip.secureserver.net
[root@ServerCentOS03 ~]# ovs-ofctl dump-flows br-eth1 | grep NORMAL
cookie=0x0, duration=9390.453s, table=0, n_packets=0, n_bytes=0, idle_age=9390, priority=0 actions=NORMAL
cookie=0x0, duration=8607.979s, table=2, n_packets=68, n_bytes=7003, idle_age=8525, priority=4,in_port=2,dl_vlan=1 actions=mod_vlan_vid:180,NORMAL
cookie=0x0, duration=9390.341s, table=3, n_packets=4884, n_bytes=273145, idle_age=1, priority=1 actions=NORMAL
[root@ServerCentOS03 ~]# ovs-ofctl dump-flows br-int | grep NORMAL
cookie=0xb74d262de8ca4f34, duration=8621.337s, table=0, n_packets=110, n_bytes=20309, idle_age=1900, priority=3,in_port=1,dl_vlan=180 actions=mod_vlan_vid:1,NORMAL
cookie=0xb74d262de8ca4f34, duration=9403.851s, table=0, n_packets=0, n_bytes=0, idle_age=9403, priority=0 actions=NORMAL
cookie=0xb74d262de8ca4f34, duration=9403.721s, table=0, n_packets=12358647, n_bytes=12580495273, idle_age=408, priority=1 actions=NORMAL
cookie=0xb74d262de8ca4f34, duration=8621.313s, table=24, n_packets=0, n_bytes=0, idle_age=8621, priority=2,icmp6,in_port=3,icmp_type=136,nd_target=fe80::f816:3eff:fefe:8274 actions=NORMAL
cookie=0xb74d262de8ca4f34, duration=8621.307s, table=24, n_packets=11, n_bytes=462, idle_age=408, priority=2,arp,in_port=3,arp_spa=70.0.0.16 actions=NORMAL
[root@ServerCentOS03 ~]# ovs-ofctl dump-flows br-ex
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=12712.519s, table=0, n_packets=12685802, n_bytes=12627356349, idle_age=0, priority=0 actions=NORMAL
Inroduced in Kilo VLAN network type support for distributed virtual routers(DVR)
END UPDATE
Just a reminder in Juno and Kilo DVR was available for deployments using VXLAN tunneling and required l2population activation on all nodes. One of new features of Liberty is DVR compatibility with ML2&OVS&VLAN deployed landscapes. On RDO Liberty packstack doesn't play so nicely doing VLAN deployment as in case of VXLAN tunneling. Attempt to use old templates for answer file just does all configs properly only on Controller/Network Node.
However, it is not a problem replicate across Compute Nodes landscape required samples ifcfg-br-eth1,ifcfg-eth1 ( supporting VLAN vm/data network ) and openvswitch_agent.ini , what makes RDO Liberty system attractive not only in case VXLAN (GRE) tunneling deployments, but still pretty comfortable for VLAN setups.
I also have to notice that on RDO Kilo same answer-file does Compute
Nodes automatically and properly .
DVR setup on VLAN landscape is just easier then in case with VXLAN tunneling, l2population bringing up is not required
[root@ServerCentOS01 ~]# cat answerVLAN.txt
[general]
CONFIG_SSH_KEY=/root/.ssh/id_rsa.pub
CONFIG_DEFAULT_PASSWORD=
CONFIG_MARIADB_INSTALL=y
CONFIG_GLANCE_INSTALL=y
CONFIG_CINDER_INSTALL=y
CONFIG_MANILA_INSTALL=n
CONFIG_NOVA_INSTALL=y
CONFIG_NEUTRON_INSTALL=y
CONFIG_HORIZON_INSTALL=y
CONFIG_SWIFT_INSTALL=y
CONFIG_CEILOMETER_INSTALL=y
CONFIG_SAHARA_INSTALL=n
CONFIG_HEAT_INSTALL=n
CONFIG_TROVE_INSTALL=n
CONFIG_IRONIC_INSTALL=n
CONFIG_CLIENT_INSTALL=y
CONFIG_NTP_SERVERS=
CONFIG_NAGIOS_INSTALL=y
EXCLUDE_SERVERS=
CONFIG_DEBUG_MODE=n
CONFIG_CONTROLLER_HOST=192.169.142.127
CONFIG_COMPUTE_HOSTS=192.169.142.137,192.169.142.147
CONFIG_NETWORK_HOSTS=192.169.142.127
CONFIG_VMWARE_BACKEND=n
CONFIG_UNSUPPORTED=n
CONFIG_USE_SUBNETS=n
CONFIG_VCENTER_HOST=
CONFIG_VCENTER_USER=
CONFIG_VCENTER_PASSWORD=
CONFIG_VCENTER_CLUSTER_NAMES=
CONFIG_STORAGE_HOST=192.169.142.127
CONFIG_SAHARA_HOST=192.169.142.127
CONFIG_USE_EPEL=n
CONFIG_REPO=
CONFIG_ENABLE_RDO_TESTING=n
CONFIG_RH_USER=
CONFIG_SATELLITE_URL=
CONFIG_RH_PW=
CONFIG_RH_OPTIONAL=y
CONFIG_RH_PROXY=
CONFIG_RH_PROXY_PORT=
CONFIG_RH_PROXY_USER=
CONFIG_RH_PROXY_PW=
CONFIG_SATELLITE_USER=
CONFIG_SATELLITE_PW=
CONFIG_SATELLITE_AKEY=
CONFIG_SATELLITE_CACERT=
CONFIG_SATELLITE_PROFILE=
CONFIG_SATELLITE_FLAGS=
CONFIG_SATELLITE_PROXY=
CONFIG_SATELLITE_PROXY_USER=
CONFIG_SATELLITE_PROXY_PW=
CONFIG_SSL_CACERT_FILE=/etc/pki/tls/certs/selfcert.crt
CONFIG_SSL_CACERT_KEY_FILE=/etc/pki/tls/private/selfkey.key
CONFIG_SSL_CERT_DIR=~/packstackca/
CONFIG_SSL_CACERT_SELFSIGN=y
CONFIG_SELFSIGN_CACERT_SUBJECT_C=--
CONFIG_SELFSIGN_CACERT_SUBJECT_ST=State
CONFIG_SELFSIGN_CACERT_SUBJECT_L=City
CONFIG_SELFSIGN_CACERT_SUBJECT_O=openstack
CONFIG_SELFSIGN_CACERT_SUBJECT_OU=packstack
CONFIG_SELFSIGN_CACERT_SUBJECT_CN=ServerCentOS01.localdomain
CONFIG_SELFSIGN_CACERT_SUBJECT_MAIL=admin@ServerCentOS01.localdomain
CONFIG_AMQP_BACKEND=rabbitmq
CONFIG_AMQP_HOST=192.169.142.127
CONFIG_AMQP_ENABLE_SSL=n
CONFIG_AMQP_ENABLE_AUTH=n
CONFIG_AMQP_NSS_CERTDB_PW=PW_PLACEHOLDER
CONFIG_AMQP_AUTH_USER=amqp_user
CONFIG_AMQP_AUTH_PASSWORD=PW_PLACEHOLDER
CONFIG_MARIADB_HOST=192.169.142.127
CONFIG_MARIADB_USER=root
CONFIG_MARIADB_PW=66d38468ec974117
CONFIG_KEYSTONE_DB_PW=e678440a531c47fe
CONFIG_KEYSTONE_DB_PURGE_ENABLE=True
CONFIG_KEYSTONE_REGION=RegionOne
CONFIG_KEYSTONE_ADMIN_TOKEN=e1e05295c5554685b678c91ed83b10b1
CONFIG_KEYSTONE_ADMIN_EMAIL=root@localhost
CONFIG_KEYSTONE_ADMIN_USERNAME=admin
CONFIG_KEYSTONE_ADMIN_PW=89e47996c1c54577
CONFIG_KEYSTONE_DEMO_PW=22182b9b61fa4c89
CONFIG_KEYSTONE_API_VERSION=v2.0
CONFIG_KEYSTONE_TOKEN_FORMAT=UUID
CONFIG_KEYSTONE_SERVICE_NAME=httpd
CONFIG_KEYSTONE_IDENTITY_BACKEND=sql
CONFIG_KEYSTONE_LDAP_URL=ldap://192.169.142.127
CONFIG_KEYSTONE_LDAP_USER_DN=
CONFIG_KEYSTONE_LDAP_USER_PASSWORD=
CONFIG_KEYSTONE_LDAP_SUFFIX=
CONFIG_KEYSTONE_LDAP_QUERY_SCOPE=one
CONFIG_KEYSTONE_LDAP_PAGE_SIZE=-1
CONFIG_KEYSTONE_LDAP_USER_SUBTREE=
CONFIG_KEYSTONE_LDAP_USER_FILTER=
CONFIG_KEYSTONE_LDAP_USER_OBJECTCLASS=
CONFIG_KEYSTONE_LDAP_USER_ID_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_NAME_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_MAIL_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ENABLED_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ENABLED_MASK=-1
CONFIG_KEYSTONE_LDAP_USER_ENABLED_DEFAULT=TRUE
CONFIG_KEYSTONE_LDAP_USER_ENABLED_INVERT=n
CONFIG_KEYSTONE_LDAP_USER_ATTRIBUTE_IGNORE=
CONFIG_KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE=n
CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE=n
CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE=n
CONFIG_KEYSTONE_LDAP_USER_PASS_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ENABLED_EMULATION_DN=
CONFIG_KEYSTONE_LDAP_USER_ADDITIONAL_ATTRIBUTE_MAPPING=
CONFIG_KEYSTONE_LDAP_GROUP_SUBTREE=
CONFIG_KEYSTONE_LDAP_GROUP_FILTER=
CONFIG_KEYSTONE_LDAP_GROUP_OBJECTCLASS=
CONFIG_KEYSTONE_LDAP_GROUP_ID_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_NAME_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_MEMBER_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_DESC_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE=
CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE=n
CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE=n
CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE=n
CONFIG_KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING=
CONFIG_KEYSTONE_LDAP_USE_TLS=n
CONFIG_KEYSTONE_LDAP_TLS_CACERTDIR=
CONFIG_KEYSTONE_LDAP_TLS_CACERTFILE=
CONFIG_KEYSTONE_LDAP_TLS_REQ_CERT=demand
CONFIG_GLANCE_DB_PW=e695f8551e3d434c
CONFIG_GLANCE_KS_PW=ebdba320a904449e
CONFIG_GLANCE_BACKEND=file
CONFIG_CINDER_DB_PW=cfc234405cdf4181
CONFIG_CINDER_DB_PURGE_ENABLE=True
CONFIG_CINDER_KS_PW=ba8df890a6454866
CONFIG_CINDER_BACKEND=lvm
CONFIG_CINDER_VOLUMES_CREATE=y
CONFIG_CINDER_VOLUMES_SIZE=2G
CONFIG_CINDER_GLUSTER_MOUNTS=
CONFIG_CINDER_NFS_MOUNTS=
CONFIG_CINDER_NETAPP_LOGIN=
CONFIG_CINDER_NETAPP_PASSWORD=
CONFIG_CINDER_NETAPP_HOSTNAME=
CONFIG_CINDER_NETAPP_SERVER_PORT=80
CONFIG_CINDER_NETAPP_STORAGE_FAMILY=ontap_cluster
CONFIG_CINDER_NETAPP_TRANSPORT_TYPE=http
CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL=nfs
CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER=1.0
CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES=720
CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START=20
CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP=60
CONFIG_CINDER_NETAPP_NFS_SHARES=
CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG=/etc/cinder/shares.conf
CONFIG_CINDER_NETAPP_VOLUME_LIST=
CONFIG_CINDER_NETAPP_VFILER=
CONFIG_CINDER_NETAPP_PARTNER_BACKEND_NAME=
CONFIG_CINDER_NETAPP_VSERVER=
CONFIG_CINDER_NETAPP_CONTROLLER_IPS=
CONFIG_CINDER_NETAPP_SA_PASSWORD=
CONFIG_CINDER_NETAPP_ESERIES_HOST_TYPE=linux_dm_mp
CONFIG_CINDER_NETAPP_WEBSERVICE_PATH=/devmgr/v2
CONFIG_CINDER_NETAPP_STORAGE_POOLS=
CONFIG_MANILA_DB_PW=PW_PLACEHOLDER
CONFIG_MANILA_KS_PW=PW_PLACEHOLDER
CONFIG_MANILA_BACKEND=generic
CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS=false
CONFIG_MANILA_NETAPP_TRANSPORT_TYPE=https
CONFIG_MANILA_NETAPP_LOGIN=admin
CONFIG_MANILA_NETAPP_PASSWORD=
CONFIG_MANILA_NETAPP_SERVER_HOSTNAME=
CONFIG_MANILA_NETAPP_STORAGE_FAMILY=ontap_cluster
CONFIG_MANILA_NETAPP_SERVER_PORT=443
CONFIG_MANILA_NETAPP_AGGREGATE_NAME_SEARCH_PATTERN=(.*)
CONFIG_MANILA_NETAPP_ROOT_VOLUME_AGGREGATE=
CONFIG_MANILA_NETAPP_ROOT_VOLUME_NAME=root
CONFIG_MANILA_NETAPP_VSERVER=
CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS=true
CONFIG_MANILA_GENERIC_VOLUME_NAME_TEMPLATE=manila-share-%s
CONFIG_MANILA_GENERIC_SHARE_MOUNT_PATH=/shares
CONFIG_MANILA_SERVICE_IMAGE_LOCATION=https://www.dropbox.com/s/vi5oeh10q1qkckh/ubuntu_1204_nfs_cifs.qcow2
CONFIG_MANILA_SERVICE_INSTANCE_USER=ubuntu
CONFIG_MANILA_SERVICE_INSTANCE_PASSWORD=ubuntu
CONFIG_MANILA_NETWORK_TYPE=neutron
CONFIG_MANILA_NETWORK_STANDALONE_GATEWAY=
CONFIG_MANILA_NETWORK_STANDALONE_NETMASK=
CONFIG_MANILA_NETWORK_STANDALONE_SEG_ID=
CONFIG_MANILA_NETWORK_STANDALONE_IP_RANGE=
CONFIG_MANILA_NETWORK_STANDALONE_IP_VERSION=4
CONFIG_MANILA_GLUSTERFS_SERVERS=
CONFIG_MANILA_GLUSTERFS_NATIVE_PATH_TO_PRIVATE_KEY=
CONFIG_MANILA_GLUSTERFS_VOLUME_PATTERN=
CONFIG_MANILA_GLUSTERFS_TARGET=
CONFIG_MANILA_GLUSTERFS_MOUNT_POINT_BASE=
CONFIG_MANILA_GLUSTERFS_NFS_SERVER_TYPE=gluster
CONFIG_MANILA_GLUSTERFS_PATH_TO_PRIVATE_KEY=
CONFIG_MANILA_GLUSTERFS_GANESHA_SERVER_IP=
CONFIG_IRONIC_DB_PW=PW_PLACEHOLDER
CONFIG_IRONIC_KS_PW=PW_PLACEHOLDER
CONFIG_NOVA_DB_PURGE_ENABLE=True
CONFIG_NOVA_DB_PW=48db80033113424c
CONFIG_NOVA_KS_PW=04750d997f7b4cd0
CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO=16.0
CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO=1.5
CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL=tcp
CONFIG_NOVA_COMPUTE_MANAGER=nova.compute.manager.ComputeManager
CONFIG_VNC_SSL_CERT=
CONFIG_VNC_SSL_KEY=
CONFIG_NOVA_PCI_ALIAS=
CONFIG_NOVA_PCI_PASSTHROUGH_WHITELIST=
CONFIG_NOVA_COMPUTE_PRIVIF=eth1
CONFIG_NOVA_NETWORK_MANAGER=nova.network.manager.FlatDHCPManager
CONFIG_NOVA_NETWORK_PUBIF=eth0
CONFIG_NOVA_NETWORK_PRIVIF=eth1
CONFIG_NOVA_NETWORK_FIXEDRANGE=192.168.32.0/22
CONFIG_NOVA_NETWORK_FLOATRANGE=10.3.4.0/22
CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP=n
CONFIG_NOVA_NETWORK_VLAN_START=100
CONFIG_NOVA_NETWORK_NUMBER=1
CONFIG_NOVA_NETWORK_SIZE=255
CONFIG_NEUTRON_KS_PW=3549700b2072492f
CONFIG_NEUTRON_DB_PW=2896cb32038040d1
CONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex
CONFIG_NEUTRON_METADATA_PW=8a5ceeb9f9264e7c
CONFIG_LBAAS_INSTALL=n
CONFIG_NEUTRON_METERING_AGENT_INSTALL=n
CONFIG_NEUTRON_FWAAS=n
CONFIG_NEUTRON_VPNAAS=n
CONFIG_NEUTRON_ML2_TYPE_DRIVERS=vlan,flat
CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=vlan
CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS=openvswitch
CONFIG_NEUTRON_ML2_FLAT_NETWORKS=*
CONFIG_NEUTRON_ML2_VLAN_RANGES=physnet1:100:200
CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES=
CONFIG_NEUTRON_ML2_VXLAN_GROUP=
CONFIG_NEUTRON_ML2_VNI_RANGES=
CONFIG_NEUTRON_L2_AGENT=openvswitch
CONFIG_NEUTRON_ML2_SUPPORTED_PCI_VENDOR_DEVS=['15b3:1004', '8086:10ca']
CONFIG_NEUTRON_ML2_SRIOV_AGENT_REQUIRED=n
CONFIG_NEUTRON_ML2_SRIOV_INTERFACE_MAPPINGS=
CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS=
CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet1:br-eth1
CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-eth1:eth1
CONFIG_NEUTRON_OVS_TUNNEL_IF=
# CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS=12.0.0.0/24
CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT=4789
CONFIG_HORIZON_SSL=n
CONFIG_HORIZON_SECRET_KEY=70c8f53f8a1948768d432c11bbffe94a
CONFIG_HORIZON_SSL_CERT=
CONFIG_HORIZON_SSL_KEY=
CONFIG_HORIZON_SSL_CACERT=
CONFIG_SWIFT_KS_PW=2ad1d724dc6d4764
CONFIG_SWIFT_STORAGES=
CONFIG_SWIFT_STORAGE_ZONES=1
CONFIG_SWIFT_STORAGE_REPLICAS=1
CONFIG_SWIFT_STORAGE_FSTYPE=ext4
CONFIG_SWIFT_HASH=038b40edd19f4251
CONFIG_SWIFT_STORAGE_SIZE=20G
CONFIG_HEAT_DB_PW=PW_PLACEHOLDER
CONFIG_HEAT_AUTH_ENC_KEY=c863b530aaa24240
CONFIG_HEAT_KS_PW=PW_PLACEHOLDER
CONFIG_HEAT_CLOUDWATCH_INSTALL=n
CONFIG_HEAT_CFN_INSTALL=n
CONFIG_HEAT_DOMAIN=heat
CONFIG_HEAT_DOMAIN_ADMIN=heat_admin
CONFIG_HEAT_DOMAIN_PASSWORD=PW_PLACEHOLDER
CONFIG_PROVISION_DEMO=y
CONFIG_PROVISION_TEMPEST=n
CONFIG_PROVISION_DEMO_FLOATRANGE=172.24.4.224/28
CONFIG_PROVISION_IMAGE_NAME=cirros
CONFIG_PROVISION_IMAGE_URL=http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img
CONFIG_PROVISION_IMAGE_FORMAT=qcow2
CONFIG_PROVISION_IMAGE_SSH_USER=cirros
CONFIG_PROVISION_TEMPEST_USER=
CONFIG_PROVISION_TEMPEST_USER_PW=PW_PLACEHOLDER
CONFIG_PROVISION_TEMPEST_FLOATRANGE=172.24.4.224/28
CONFIG_PROVISION_TEMPEST_REPO_URI=https://github.com/openstack/tempest.git
CONFIG_PROVISION_TEMPEST_REPO_REVISION=master
CONFIG_PROVISION_OVS_BRIDGE=y
CONFIG_CEILOMETER_SECRET=8b362a1d225a472d
CONFIG_CEILOMETER_KS_PW=92bb4ec7c7584e18
CONFIG_CEILOMETER_COORDINATION_BACKEND=redis
CONFIG_MONGODB_HOST=192.169.142.127
CONFIG_REDIS_MASTER_HOST=192.169.142.127
CONFIG_REDIS_PORT=6379
CONFIG_REDIS_HA=n
CONFIG_REDIS_SLAVE_HOSTS=
CONFIG_REDIS_SENTINEL_HOSTS=
CONFIG_REDIS_SENTINEL_CONTACT_HOST=
CONFIG_REDIS_SENTINEL_PORT=26379
CONFIG_REDIS_SENTINEL_QUORUM=2
CONFIG_REDIS_MASTER_NAME=mymaster
CONFIG_SAHARA_DB_PW=PW_PLACEHOLDER
CONFIG_SAHARA_KS_PW=PW_PLACEHOLDER
CONFIG_TROVE_DB_PW=PW_PLACEHOLDER
CONFIG_TROVE_KS_PW=PW_PLACEHOLDER
CONFIG_TROVE_NOVA_USER=trove
CONFIG_TROVE_NOVA_TENANT=services
CONFIG_TROVE_NOVA_PW=PW_PLACEHOLDER
CONFIG_NAGIOS_PW=c5b1af910c094f3a
Controller would be done OK. Files generated may serve as samples
for Compute Nodes
******************************************************************************************
Compute Node requires manual updates. Copy over from Controller ifcfg-br-eth1 OVS bridge and ifcfg-eth1 OVS port , /etc/neutron/plugins/ml2neutron_ovsagent.ini,/etc/neutron/plugins/ml2/ml2_conf.ini to Compute Nodes
******************************************************************************************
Create symlink pluging.ini under /etc/neutron
[root@ServerCentOS02 neutron(keystone_admin)]# ls -l
total 80
drwxr-xr-x. 10 root root 4096 Mar 1 22:12 conf.d
-rw-r-----. 1 root neutron 4476 Dec 7 18:53 dhcp_agent.ini
-rw-r-----. 1 root neutron 5537 Dec 7 18:53 l3_agent.ini
-rw-r-----. 1 root neutron 2600 Dec 7 18:53 metadata_agent.ini
-rw-r-----. 1 root neutron 37034 Mar 1 22:12 neutron.conf
lrwxrwxrwx. 1 root root 37 Mar 1 22:38 plugin.ini -> /etc/neutron/plugins/ml2/ml2_conf.ini
drwxr-xr-x. 3 root root 16 Mar 1 22:12 plugins
-rw-r-----. 1 root neutron 9486 Dec 7 18:53 policy.json
-rw-r--r--. 1 root root 1195 Dec 7 18:53 rootwrap.conf
[root@ServerCentOS02 neutron(keystone_admin)]# cat plugin.ini | grep -v ^#|grep -v ^$
[ml2]
type_drivers = vlan,flat
tenant_network_types = vlan
mechanism_drivers =openvswitch
path_mtu = 0
[ml2_type_flat]
flat_networks =*
[ml2_type_vlan]
network_vlan_ranges =physnet1:100:200
[ml2_type_gre]
[ml2_type_vxlan]
[ml2_type_geneve]
[securitygroup]
enable_security_group = True
***********************************************************************************
Update local_ip in openvswitch_agent.ini corresondently on 192.169.142.137
and 192.169.142.147
***********************************************************************************
[root@ServerCentOS02 ml2(keystone_admin)]# cat openvswitch_agent.ini | grep -v ^# | grep -v ^$
[ovs]
network_vlan_ranges = physnet1:100:200
tenant_network_type = vlan
enable_tunneling = False
integration_bridge = br-int
bridge_mappings = physnet1:br-eth1
local_ip = 192.168.1.137
[agent]
polling_interval = 2
l2_population = False
arp_responder = False
prevent_arp_spoofing = True
enable_distributed_routing = False
drop_flows_on_start=False
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
*******************************************************************
Copy over from Controller following ifcfg-* files ,
support VLAN tagged vm/data network connection from
Compute to Controller and vice/versa
*******************************************************************
[root@ServerCentOS02 network-scripts(keystone_admin)]# cat ifcfg-br-eth1
ONBOOT=yes
NM_CONTROLLED=no
DEVICE=br-eth1
DEVICETYPE=ovs
OVSBOOTPROTO=none
TYPE=OVSBridge
[root@ServerCentOS02 network-scripts(keystone_admin)]# cat ifcfg-eth1
DEVICE=eth1
DEVICETYPE=ovs
TYPE=OVSPort
OVS_BRIDGE=br-eth1
ONBOOT=yes
BOOTPROTO=none
************************************
When done on each Compute Node
************************************
Run script
#!/bin/bash -x
chkconfig network on ;
systemctl stop NetworkManager ;
systemctl disable NetworkManager ;
service network restart
Followed by `openstack-service restart` and Node reboot.
Afterwards `ovs-vsctl show` would look like ( on Compute )
[root@ServerCentOS02 ~(keystone_admin)]# ovs-vsctl show
58d168ad-6076-409d-8d61-0f2ca1481da8
Bridge "br-eth1"
Port "eth1"
Interface "eth1"
Port "br-eth1"
Interface "br-eth1"
type: internal
Port "phy-br-eth1"
Interface "phy-br-eth1"
type: patch
options: {peer="int-br-eth1"}
Bridge br-int
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port "int-br-eth1"
Interface "int-br-eth1"
type: patch
options: {peer="phy-br-eth1"}
Port "qvode5c08bd-cf"
tag: 1
Interface "qvode5c08bd-cf"
ovs_version: "2.4.0"
**********************************************************
Controller status right after packstack completion
**********************************************************
[root@ServerCentOS01 neutron(keystone_admin)]# ls -l
total 84
-rw-r-----. 1 root root 182 Mar 1 22:12 api-paste.ini
drwxr-xr-x. 10 root root 4096 Mar 1 22:12 conf.d
-rw-r-----. 1 root neutron 4867 Mar 1 22:12 dhcp_agent.ini
-rw-r-----. 1 root neutron 5856 Mar 1 22:12 l3_agent.ini
-rw-r-----. 1 root neutron 2838 Mar 1 22:12 metadata_agent.ini
-rw-r-----. 1 root neutron 37747 Mar 1 22:12 neutron.conf
lrwxrwxrwx. 1 root root 37 Mar 1 22:12 plugin.ini -> /etc/neutron/plugins/ml2/ml2_conf.ini
drwxr-xr-x. 3 root root 16 Mar 1 22:12 plugins
-rw-r-----. 1 root neutron 9486 Dec 7 18:53 policy.json
-rw-r--r--. 1 root root 1195 Dec 7 18:53 rootwrap.conf
[root@ServerCentOS01 neutron(keystone_admin)]# cat plugin.ini | grep -v ^$|grep -v ^#
[ml2]
type_drivers = vlan,flat
tenant_network_types = vlan
mechanism_drivers =openvswitch
path_mtu = 0
[ml2_type_flat]
flat_networks =*
[ml2_type_vlan]
network_vlan_ranges =physnet1:100:200
[ml2_type_gre]
[ml2_type_vxlan]
[ml2_type_geneve]
[securitygroup]
enable_security_group = True
[root@ServerCentOS01 neutron(keystone_admin)]# cd plugins/ml2
[root@ServerCentOS01 ml2(keystone_admin)]# pwd
/etc/neutron/plugins/ml2
[root@ServerCentOS01 ml2(keystone_admin)]# cat openvswitch_agent.ini | grep -v ^$|grep -v ^#
[ovs]
integration_bridge = br-int
local_ip = 192.169.142.127
bridge_mappings =physnet1:br-eth1
enable_tunneling=False
[agent]
polling_interval = 2
l2_population = False
arp_responder = False
prevent_arp_spoofing = True
enable_distributed_routing = False
drop_flows_on_start=False
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[root@ServerCentOS01 ~]# ovs-vsctl show
5f4d0aa9-049c-4522-a6bf-4c10ba12dcc2
Bridge br-ex
Port br-ex
Interface br-ex
type: internal
Port "eth0"
Interface "eth0"
Port "qg-a1a797a9-9b"
Interface "qg-a1a797a9-9b"
type: internal
Bridge br-int
fail_mode: secure
Port "tap35d4e073-fd"
tag: 1
Interface "tap35d4e073-fd"
type: internal
Port "tap257a060c-22"
tag: 2
Interface "tap257a060c-22"
type: internal
Port br-int
Interface br-int
type: internal
Port "qr-71a634e2-2b"
tag: 2
Interface "qr-71a634e2-2b"
type: internal
Port "int-br-eth1"
Interface "int-br-eth1"
type: patch
options: {peer="phy-br-eth1"}
Bridge "br-eth1"
Port "br-eth1"
Interface "br-eth1"
type: internal
Port "phy-br-eth1"
Interface "phy-br-eth1"
type: patch
options: {peer="int-br-eth1"}
Port "eth1"
Interface "eth1"
ovs_version: "2.4.0"
*******************
DVR SETUP
*******************
On Controller (X=2) and Computes X=(3,4) update :-
# cat ifcfg-br-ex
DEVICE="br-ex"
BOOTPROTO="static"
IPADDR="192.169.142.1(X)7"
NETMASK="255.255.255.0"
DNS1="83.221.202.254"
BROADCAST="192.169.142.255"
GATEWAY="192.169.142.1"
NM_CONTROLLED="no"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="yes"
IPV6INIT=no
ONBOOT="yes"
TYPE="OVSIntPort"
OVS_BRIDGE=br-ex
DEVICETYPE="ovs"
# cat ifcfg-eth0
DEVICE="eth0"
ONBOOT="yes"
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE=br-ex
NM_CONTROLLED=no
IPV6INIT=no
Followed by `service network restart`
*****************************************
On Controller update neutron.conf
*****************************************
router_distributed = True
dvr_base_mac = fa:16:3f:00:00:00
[root@ip-192-169-142-127 neutron(keystone_admin)]# cat l3_agent.ini | grep -v ^#| grep -v ^$
[DEFAULT]
debug = False
interface_driver =neutron.agent.linux.interface.OVSInterfaceDriver
handle_internal_only_routers = True
external_network_bridge = br-ex
metadata_port = 9697
send_arp_for_ha = 3
periodic_interval = 40
periodic_fuzzy_delay = 5
enable_metadata_proxy = True
router_delete_namespaces = False
agent_mode = dvr_snat
[AGENT]
Followed by `openstack-service restart` and status verification
*********************************
On each Compute Node
*********************************
[root@ip-192-169-142-147 neutron]# cat l3_agent.ini | grep -v ^#| grep -v ^$
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
agent_mode = dvr
[AGENT]
Replicate metadata_agent.ini from Controller/Network Node to
all Compute Nodes on your landscape
************************************************************************************
plugin.ini which is symlink to /etc/neutron/plugins/ml2/ml2_conf.ini
stays the same
************************************************************************************
[root@ServerCentOS02 neutron(keystone_admin)]# cat plugin.ini | grep -v ^#|grep -v ^$
[ml2]
type_drivers = vlan,flat
tenant_network_types = vlan
mechanism_drivers =openvswitch
path_mtu = 0
[ml2_type_flat]
flat_networks =*
[ml2_type_vlan]
network_vlan_ranges =physnet1:100:200
[ml2_type_gre]
[ml2_type_vxlan]
[ml2_type_geneve]
[securitygroup]
enable_security_group = True
**********************************************
One update to openvswitch_agent.ini
**********************************************
[root@ServerCentOS02 ml2(keystone_admin)]# cat openvswitch_agent.ini | grep -v ^# | grep -v ^$
[ovs]
network_vlan_ranges = physnet1:100:200
tenant_network_type = vlan
enable_tunneling = False
integration_bridge = br-int
bridge_mappings = physnet1:br-eth1
local_ip = 192.168.1.137
[agent]
polling_interval = 2
l2_population = False
arp_responder = False
prevent_arp_spoofing = True
enable_distributed_routing =True <== here
drop_flows_on_start=False
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
**********************************************************************************
On each Compute node neutron-l3-agent and neutron-metadata-agent are
supposed to be started via script
**********************************************************************************
#!/bin/bash -x
yum install openstack-neutron-ml2 -y ;
systemctl start neutron-l3-agent ;
systemctl start neutron-metadata-agent ;
systemctl restart neutron-openvswitch-agent ;
systemctl enable neutron-l3-agent ;
systemctl enable neutron-metadata-agent
****************************************************************
Followed by `openstack-service restart` and status verification
for each Compute Node
****************************************************************
[root@ServerCentOS02 ~]# openstack-status
== Nova services ==
openstack-nova-api: inactive (disabled on boot)
openstack-nova-compute: active
openstack-nova-network: inactive (disabled on boot)
openstack-nova-scheduler: inactive (disabled on boot)
== neutron services ==
neutron-server: inactive (disabled on boot)
neutron-dhcp-agent: inactive (disabled on boot)
neutron-l3-agent: active
neutron-metadata-agent: active
neutron-openvswitch-agent: active
== Ceilometer services ==
openstack-ceilometer-api: inactive (disabled on boot)
openstack-ceilometer-central: inactive (disabled on boot)
openstack-ceilometer-compute: active
openstack-ceilometer-collector: inactive (disabled on boot)
== Support services ==
openvswitch: active
dbus: active
Warning novarc not sourced
[root@ServerCentOS02 ~]# ovs-vsctl show
58d168ad-6076-409d-8d61-0f2ca1481da8
Bridge "br-eth1"
Port "phy-br-eth1"
Interface "phy-br-eth1"
type: patch
options: {peer="int-br-eth1"} <======veth pair
Port "br-eth1"
Interface "br-eth1"
type: internal
Port "eth1"
Interface "eth1"
Bridge br-ex
Port "eth0"
Interface "eth0"
Port br-ex
Interface br-ex
type: internal
Port "fg-3400fce2-f3"
Interface "fg-3400fce2-f3"
type: internal
Bridge br-int
fail_mode: secure
Port "qvo860a1d40-2c"
tag: 1
Interface "qvo860a1d40-2c"
Port br-int
Interface br-int
type: internal
Port "qr-95a16271-1a"
tag: 1
Interface "qr-95a16271-1a"
type: internal
Port "int-br-eth1"
Interface "int-br-eth1"
type: patch
options: {peer="phy-br-eth1"} <======veth pair
Port "qvof1a54ff1-9b"
tag: 1
Interface "qvof1a54ff1-9b"
ovs_version: "2.4.0"
Testing VM with FIP 192.169.142.164 rinnig on another Compute Node
*********************************************
Neutron work flow Controller
*********************************************
[root@ServerCentOS01 ~(keystone_admin)]# ovs-ofctl dump-flows br-eth1| grep NORMAL
cookie=0x0, duration=9250.016s, table=0, n_packets=5, n_bytes=260, idle_age=9241, priority=0 actions=NORMAL
cookie=0x0, duration=9239.547s, table=2, n_packets=3, n_bytes=126, idle_age=9234, priority=4,in_port=2,dl_vlan=1 actions=mod_vlan_vid:106,NORMAL
cookie=0x0, duration=9239.523s, table=2, n_packets=0, n_bytes=0, idle_age=9239, priority=4,in_port=2,dl_vlan=2 actions=mod_vlan_vid:182,NORMAL
cookie=0x0, duration=9239.432s, table=2, n_packets=76, n_bytes=16883, idle_age=1825, priority=4,in_port=2,dl_vlan=3 actions=mod_vlan_vid:180,NORMAL
cookie=0x0, duration=9240.182s, table=3, n_packets=4783, n_bytes=259509, idle_age=1, priority=1 actions=NORMAL
[root@ServerCentOS01 ~(keystone_admin)]# ovs-ofctl dump-flows br-int| grep NORMAL
cookie=0xa5bb54579234857d, duration=9258.450s, table=0, n_packets=0, n_bytes=0, idle_age=9258, priority=3,in_port=1,dl_vlan=106 actions=mod_vlan_vid:1,NORMAL
cookie=0xa5bb54579234857d, duration=9258.407s, table=0, n_packets=0, n_bytes=0, idle_age=9258, priority=3,in_port=1,dl_vlan=182 actions=mod_vlan_vid:2,NORMAL
cookie=0xa5bb54579234857d, duration=9258.333s, table=0, n_packets=111, n_bytes=13103, idle_age=1840, priority=3,in_port=1,dl_vlan=180 actions=mod_vlan_vid:3,NORMAL
cookie=0xa5bb54579234857d, duration=9269.283s, table=0, n_packets=0, n_bytes=0, idle_age=9269, priority=0 actions=NORMAL
cookie=0xa5bb54579234857d, duration=9259.178s, table=0, n_packets=101, n_bytes=18909, idle_age=1844, priority=1 actions=NORMAL
Compare numbers on br-eth1 ( connecting Compute and Controller ) and external bridge br-ex ( local to particular Compute Node)
*********************************************
Neutron work flow Compute 1
*********************************************
[root@ServerCentOS01 ~(keystone_admin)]# ssh 192.169.142.137
Last login: Fri Mar 4 15:30:56 2016 from ip-192-169-142-127.ip.secureserver.net
[root@ServerCentOS02 ~]# ovs-ofctl dump-flows br-eth1 | grep NORMAL
cookie=0x0, duration=9333.056s, table=0, n_packets=0, n_bytes=0, idle_age=9333, priority=0 actions=NORMAL
cookie=0x0, duration=8878.554s, table=2, n_packets=112, n_bytes=12791, idle_age=1858, priority=4,in_port=2,dl_vlan=1 actions=mod_vlan_vid:180,NORMAL
cookie=0x0, duration=9332.902s, table=3, n_packets=4770, n_bytes=256299, idle_age=0, priority=1 actions=NORMAL
[root@ServerCentOS02 ~]# ovs-ofctl dump-flows br-int | grep NORMAL
cookie=0xb29237804b1bf15f, duration=8886.372s, table=0, n_packets=46, n_bytes=7219, idle_age=1870, priority=3,in_port=1,dl_vlan=180 actions=mod_vlan_vid:1,NORMAL
cookie=0xb29237804b1bf15f, duration=9340.926s, table=0, n_packets=0, n_bytes=0, idle_age=9340, priority=0 actions=NORMAL
cookie=0xb29237804b1bf15f, duration=9340.746s, table=0, n_packets=4906525, n_bytes=4998841358, idle_age=0, priority=1 actions=NORMAL
cookie=0xb29237804b1bf15f, duration=8886.340s, table=24, n_packets=0, n_bytes=0, idle_age=8886, priority=2,icmp6,in_port=3,icmp_type=136,nd_target=fe80::f816:3eff:fe77:fd3c actions=NORMAL
cookie=0xb29237804b1bf15f, duration=7998.122s, table=24, n_packets=0, n_bytes=0, idle_age=7998, priority=2,icmp6,in_port=5,icmp_type=136,nd_target=fe80::f816:3eff:fe91:1446 actions=NORMAL
cookie=0xb29237804b1bf15f, duration=8886.323s, table=24, n_packets=3, n_bytes=126, idle_age=8875, priority=2,arp,in_port=3,arp_spa=70.0.0.15 actions=NORMAL
cookie=0xb29237804b1bf15f, duration=7998.113s, table=24, n_packets=53, n_bytes=2226, idle_age=3, priority=2,arp,in_port=5,arp_spa=70.0.0.17 actions=NORMAL
[root@ServerCentOS02 ~]# ovs-ofctl dump-flows br-ex
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=12992.545s, table=0, n_packets=6096113, n_bytes=6160846107, idle_age=0, priority=0 actions=NORMAL
*********************************************
Neutron work flow Compute 2
*********************************************
[root@ServerCentOS02 ~]# ssh 192.169.142.147
root@192.169.142.147's password:
Last login: Fri Mar 4 15:31:43 2016 from ip-192-169-142-137.ip.secureserver.net
[root@ServerCentOS03 ~]# ovs-ofctl dump-flows br-eth1 | grep NORMAL
cookie=0x0, duration=9390.453s, table=0, n_packets=0, n_bytes=0, idle_age=9390, priority=0 actions=NORMAL
cookie=0x0, duration=8607.979s, table=2, n_packets=68, n_bytes=7003, idle_age=8525, priority=4,in_port=2,dl_vlan=1 actions=mod_vlan_vid:180,NORMAL
cookie=0x0, duration=9390.341s, table=3, n_packets=4884, n_bytes=273145, idle_age=1, priority=1 actions=NORMAL
[root@ServerCentOS03 ~]# ovs-ofctl dump-flows br-int | grep NORMAL
cookie=0xb74d262de8ca4f34, duration=8621.337s, table=0, n_packets=110, n_bytes=20309, idle_age=1900, priority=3,in_port=1,dl_vlan=180 actions=mod_vlan_vid:1,NORMAL
cookie=0xb74d262de8ca4f34, duration=9403.851s, table=0, n_packets=0, n_bytes=0, idle_age=9403, priority=0 actions=NORMAL
cookie=0xb74d262de8ca4f34, duration=9403.721s, table=0, n_packets=12358647, n_bytes=12580495273, idle_age=408, priority=1 actions=NORMAL
cookie=0xb74d262de8ca4f34, duration=8621.313s, table=24, n_packets=0, n_bytes=0, idle_age=8621, priority=2,icmp6,in_port=3,icmp_type=136,nd_target=fe80::f816:3eff:fefe:8274 actions=NORMAL
cookie=0xb74d262de8ca4f34, duration=8621.307s, table=24, n_packets=11, n_bytes=462, idle_age=408, priority=2,arp,in_port=3,arp_spa=70.0.0.16 actions=NORMAL
[root@ServerCentOS03 ~]# ovs-ofctl dump-flows br-ex
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=12712.519s, table=0, n_packets=12685802, n_bytes=12627356349, idle_age=0, priority=0 actions=NORMAL