El demonio neutron-server gestiona y enruta las operaciones relacionadas con redes virtuales.
1. Preparación de la base de datos
Acceda al gestor de bases de datos y establezca la siguiente estructura:
[root@controlador ~]# mysql -uroot -p
MariaDB [(none)]> CREATE DATABASE servicio_red;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON servicio_red.* TO 'admin_red'@'localhost' IDENTIFIED BY 'ClaveSegura123';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON servicio_red.* TO 'admin_red'@'%' IDENTIFIED BY 'ClaveSegura123';
Query OK, 0 rows affected (0.001 sec)
2. Configuración de credenciales
Cree el usuario y asigne los permisos necesarios dentro del proyecto de servicios:
[root@controlador ~]# source admin-openrc
[root@controlador ~]# openstack user create --domain default --password-prompt admin_red
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 84b7c2a1d59e4f8d9b3e6a2f1c4d870e |
| name | admin_red |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controlador ~]# openstack role add --project servicio --user admin_red admin
3. Registro del servicio de red
Registre el servicio de red en el catálogo de OpenStack:
[root@controlador ~]# openstack service create --name red-ovs --description "Servicio de Red OpenStack" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Servicio de Red OpenStack |
| enabled | True |
| id | 5f8a3c7d2e9f4b6a8c1d4e7f2a5b8c9d |
| name | red-ovs |
| type | network |
+-------------+----------------------------------+
4. Definición de endpoints
Establezca las URLs de acceso para el servicio de red:
[root@controlador ~]# openstack endpoint create --region RegionPrincipal network public http://controlador:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4d |
| interface | public |
| region | RegionPrincipal |
| region_id | RegionPrincipal |
| service_id | 5f8a3c7d2e9f4b6a8c1d4e7f2a5b8c9d |
| service_name | red-ovs |
| service_type | network |
| url | http://controlador:9696 |
+--------------+----------------------------------+
[root@controlador ~]# openstack endpoint create --region RegionPrincipal network internal http://controlador:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d |
| interface | internal |
| region | RegionPrincipal |
| region_id | RegionPrincipal |
| service_id | 5f8a3c7d2e9f4b6a8c1d4e7f2a5b8c9d |
| service_name | red-ovs |
| service_type | network |
| url | http://controlador:9696 |
+--------------+----------------------------------+
[root@controlador ~]# openstack endpoint create --region RegionPrincipal network admin http://controlador:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d |
| interface | admin |
| region | RegionPrincipal |
| region_id | RegionPrincipal |
| service_id | 5f8a3c7d2e9f4b6a8c1d4e7f2a5b8c9d |
| service_name | red-ovs |
| service_type | network |
| url | http://controlador:9696 |
+--------------+----------------------------------+
5. Instalación de paquetes necesarios
Instale los componentes de Neutron con los controladores de red apropiados:
[root@controlador ~]# yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
6. Configuración principal de Neutron
Modifique el archivo principle de configuración con los parámetros del antorno:
[root@controlador ~]# vim /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://admin_red:ClaveSegura123@controlador/servicio_red
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:ContrasenaRabbit@controlador
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
www_authenticate_uri = http://controlador:5000
auth_url = http://controlador:5000
memcached_servers = controlador:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = servicio
username = admin_red
password = ClaveSegura123
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
7. Ajustes del plugin ML2
Configure los controladores y tipos de red en el plugin ML2:
[root@controlador ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = externa
[ml2_type_vxlan]
vni_ranges = 1001:2000
[securitygroup]
enable_ipset = true
8. Configuración del puente Linux
Defina las interfaces de red y parámetros VXLAN para el agente:
[root@controlador ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = externa:ens34
[vxlan]
enable_vxlan = true
local_ip = 192.168.1.10
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
9. Parámetros del kernel
Habilita el filtrado de paquetes a nivel de kernel para el manejo de redes:
[root@controlador ~]# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
[root@controlador ~]# vim /etc/modules-load.d/bridge.conf
br_netfilter
[root@controlador ~]# systemctl restart systemd-modules-load.service
[root@controlador ~]# systemctl enable systemd-modules-load.service
[root@controlador ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
10. Configuración del agente L3
Establezca el controlador de interfaz para el enrutamiento:
[root@controlador ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge
11. Configuración del agente DHCP
Defina el controlador DHCP y parámetros de metadata:
[root@controlador ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
12. Configuración del agente de metadata
Especifique los parámetros de conexión con el servicio de compute:
[root@controlador ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controlador
metadata_proxy_shared_secret = SecretoMetadata
13. Integración con Nova
Actualice la configuración de Nova para interactuar con Neutron:
[root@controlador ~]# vim /etc/nova/nova.conf
[neutron]
auth_url = http://controlador:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionPrincipal
project_name = servicio
username = admin_red
password = ClaveSegura123
service_metadata_proxy = true
metadata_proxy_shared_secret = SecretoMetadata
14. Migración de esquema
Sincronice la estructura de la base de datos con la versión actual del esquema:
[root@controlador ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controlador ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
15. Reinicio de servicois
Reinicie los servicios dependientes y active los componentes de Neutron:
[root@controlador ~]# systemctl restart openstack-nova-api.service
[root@controlador ~]# systemctl is-active openstack-nova-api.service
active
[root@controlador ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
[root@controlador ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
16. Verificación final
Compruebe que todos los agentes están operativos y en buen estado:
[root@controlador ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d | DHCP agent | controlador| nova | :-) | UP | neutron-dhcp-agent |
| 1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e | L3 agent | controlador| nova | :-) | UP | neutron-l3-agent |
| 7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f | Linux bridge agent | controlador| None | :-) | UP | neutron-linuxbridge-agent |
| 9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b | Metadata agent | controlador| None | :-) | UP | neutron-metadata-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+