OpenStack in a box : Mode VLAN pour Quantum

Written by admin on May 6, 2013 Categories: Network, OpenStack Tags: , ,

Ceci n’est pas un howto ! C’est un mémo, c’est donc très incomplet :p

Voici l’architecture finale :

test openstack - archi03 - geekarea

On a, sur un host physique, 3 VMs (controller, compute, network).

Controller

/etc/quantum/quantum.conf

[DEFAULT]
verbose = True
state_path = /var/lib/quantum
lock_path = $state_path/lock
bind_host = 0.0.0.0
bind_port = 9696
core_plugin = quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2
api_paste_config = /etc/quantum/api-paste.ini
control_exchange = quantum
rabbit_host = 10.10.10.2
rabbit_password = guest
rabbit_port = 5672
rabbit_userid = guest
notification_driver = quantum.openstack.common.notifier.rpc_notifier
default_notification_level = INFO
notification_topics = notifications
[QUOTAS]
[DEFAULT_SERVICETYPE]
[AGENT]
root_helper = sudo quantum-rootwrap /etc/quantum/rootwrap.conf
[keystone_authtoken]
auth_host = 10.10.10.2
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum-isolated
admin_password = service_pass
signing_dir = /var/lib/quantum/keystone-signing

/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini

Le service n’est pas démarré sur le nœud mais le fichier de conf semble nécessaire.

[DATABASE]
sql_connection = mysql://quantumisoUser:quantumisoPass@10.10.10.2/quantumiso
reconnect_interval = 2
[OVS]
tenant_network_type = vlan
network_vlan_ranges = physnet1:13:13,physnet1:19:19,physnet1:2005:2005
bridge_mappings = physnet1:br-ex
[AGENT]
polling_interval = 2
[SECURITYGROUP]

Puis on démarre le serveur quantum

service quantum-server start

Compute

/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini

[DATABASE]
sql_connection = mysql://quantumisoUser:quantumisoPass@10.10.10.2/quantumiso
reconnect_interval = 2
[OVS]
tenant_network_type = vlan
network_vlan_ranges = physnet1:13:13,physnet1:19:19,physnet1:2005:2005
integration_bridge = br-int
bridge_mappings = physnet1:br-ex
[AGENT]
polling_interval = 2
[SECURITYGROUP]

/etc/nova/nova.conf

[DEFAULT]
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/run/lock/nova
verbose=True
api_paste_config=/etc/nova/api-paste.ini
compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler
rabbit_host=10.10.10.2
nova_url=http://10.10.10.2:8774/v1.1/
sql_connection=mysql://novaUser:novaPass@10.10.10.2/nova
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
use_deprecated_auth=false
auth_strategy=keystone
glance_api_servers=10.10.10.2:9292
image_service=nova.image.glance.GlanceImageService
novnc_enabled=true
novncproxy_base_url=http://10.10.10.2:6080/vnc_auto.html
novncproxy_port=6080
vncserver_proxyclient_address=10.105.134.229
vncserver_listen=0.0.0.0
network_api_class=nova.network.quantumv2.api.API
quantum_url=http://10.10.10.2:9696
quantum_auth_strategy=keystone
quantum_admin_tenant_name=service
quantum_admin_username=quantum-isolated
quantum_admin_password=service_pass
quantum_admin_auth_url=http://10.10.10.2:35357/v2.0
libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver
service_quantum_metadata_proxy = True
quantum_metadata_proxy_shared_secret = helloOpenStack
metadata_host = 10.10.10.2
metadata_listen = 0.0.0.0
metadata_listen_port = 8775
compute_driver=libvirt.LibvirtDriver
volume_api_class=nova.volume.cinder.API
osapi_volume_listen_port=5900

/etc/nova/nova-compute.conf

[DEFAULT]
libvirt_type=kvm
libvirt_ovs_bridge=br-int
libvirt_vif_type=ethernet
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
libvirt_use_virtio_for_bridges=True

On ajoute le br-ex et on plug l’interface externe

ovs-vsctl add-br br-ex
ovs-vsctl add-br br-int
ovs-vsctl add-port br-ex eth3 trunk=13,19,2005
ifconfig eth3 0.0.0.0 up

Puis on démarre quantum-openvswitch-agent

service quantum-plugin-openvswitch-agent start

Puis on redémmarre nova-compute

service nova-compute restart

Network

Ajouter le UP de l’interface eth2 dans /etc/network/interfaces

auto eth2
iface eth2 inet static
        up ifconfig $IFACE 0.0.0.0 up
        up ip link set $IFACE promisc on
        down ip link set $IFACE promisc off
        down ifconfig $IFACE down

On authorise l’ip forwarding

sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
sysctl net.ipv4.ip_forward=1

On ajoute le br-ex et on plug l’interface externe

ovs-vsctl add-br br-ex
ovs-vsctl add-br br-int
ovs-vsctl add-port br-ex eth3 trunk=13,19,2005
ifconfig eth3 0.0.0.0 up

/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini

[DATABASE]
sql_connection = mysql://quantumisoUser:quantumisoPass@10.10.10.2/quantumiso
reconnect_interval = 2
[OVS]
tenant_network_type = vlan
network_vlan_ranges = physnet1:13:13,physnet1:19:19,physnet1:2005:2005
integration_bridge = br-int
bridge_mappings = physnet1:br-ex
[AGENT]
polling_interval = 2
[SECURITYGROUP]

/etc/quantum/dhcp_agent.ini

[DEFAULT]
verbose = True
signing_dir = /var/cache/quantum
admin_tenant_name = service
admin_user = quantum-isolated
admin_password = service_pass
auth_url = http://10.10.10.2:35357/v2.0
dhcp_agent_manager = quantum.agent.dhcp_agent.DhcpAgentWithStateReport
root_helper = sudo quantum-rootwrap /etc/quantum/rootwrap.conf
state_path = /var/lib/quantum
interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = quantum.agent.linux.dhcp.Dnsmasq

/etc/quantum/l3_agent.ini

[DEFAULT]
verbose=True
interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
use_namespaces = True
external_network_bridge = br-ex
signing_dir = /var/cache/quantum
admin_tenant_name = service
admin_user = quantum-isolated
admin_password = service_pass
auth_url = http://10.10.10.2:35357/v2.0
l3_agent_manager = quantum.agent.l3_agent.L3NATAgentWithStateReport
root_helper = sudo quantum-rootwrap /etc/quantum/rootwrap.conf
interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver

On redémarre les service quantum

cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i restart; done

La création des VLAN mappé sur un VLAN existant se fait en ligne de commande, l’interface ne le permet pas encore.

quantum net-create VLAN13 --router:external=True --shared --provider:network_type=vlan --provider:physical_network=physnet1 --provider:segmentation_id=13

Remarque :

Pour être tout à fait exacte, quantum ne pousse pas le VLAN vers les computes, il les map avec un VLAN interne :

Compute :

# ovs-vsctl show
77bd099e-a469-45ac-943a-0a850d092efb
    Bridge "qbr064f3401-2e"
        Port "qbr064f3401-2e"
            Interface "qbr064f3401-2e"
                type: internal
        Port "qvb064f3401-2e"
            Interface "qvb064f3401-2e"
        Port "tap064f3401-2e"
            Interface "tap064f3401-2e"
    Bridge "qbreb61fc32-a2"
        Port "tapeb61fc32-a2"
            Interface "tapeb61fc32-a2"
        Port "qvbeb61fc32-a2"
            Interface "qvbeb61fc32-a2"
        Port "qbreb61fc32-a2"
            Interface "qbreb61fc32-a2"
                type: internal
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "eth3"
            trunks: [13, 19, 2005]
            Interface "eth3"
    Bridge br-int
        Port "qvo064f3401-2e"
            tag: 3
            Interface "qvo064f3401-2e"
        Port int-br-ex
            Interface int-br-ex
        Port br-int
            Interface br-int
                type: internal
        Port "qvoeb61fc32-a2"
            tag: 1
            Interface "qvoeb61fc32-a2"
    ovs_version: "1.4.0+build0"

Network :

# ovs-vsctl show
daf04d76-bb17-4096-80ee-98a75e953188
    Bridge br-ex
        Port "eth3"
            trunks: [13, 19, 2005]
            Interface "eth3"
        Port br-ex
            Interface br-ex
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
    Bridge br-int
        Port br-int
            Interface br-int
                type: internal
        Port "tape40e64dd-ec"
            tag: 1
            Interface "tape40e64dd-ec"
                type: internal
        Port int-br-ex
            Interface int-br-ex
        Port "tap2255b7ef-b1"
            tag: 2
            Interface "tap2255b7ef-b1"
                type: internal
    ovs_version: "1.4.0+build0"

On observe plusieurs choses :

  • sur le compute, on a un bridge créé par VLAN ne portant pas de VLAN ID
  • leur raccordement sur br-int est lui taggé avec un ID interne
  • les dhcp sur le noeud network portent ce même ID interne
  • le mappage de VLAN doit se faire entre br-int et br-ex, un truc à creuser

Sources :

http://longgeek.com/2013/03/31/openstack-grizzly-multi-node-deployment-in-ubuntu-12-04/?lang=en

https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/OVS_MultiNode/OpenStack_Grizzly_Install_Guide.rst

http://brezular.wordpress.com/2011/06/25/part2-openvswich-vlans-trunks-l3-vlan-interface-intervlan-routing-configuration-and-testing/

http://wiki.debian.org/OpenStackHowto/Quantum

No Comments on OpenStack in a box : Mode VLAN pour Quantum

Leave a Reply

Your email address will not be published. Required fields are marked *