diff --git a/labs/config/credentials b/labs/config/credentials index 46693707..c44dca6b 100644 --- a/labs/config/credentials +++ b/labs/config/credentials @@ -42,4 +42,7 @@ # Domain to use for email addresses (e.g. admin@example.com) : ${MAIL_DOMAIN:=example.com} +# Metadata secret used by neutron and nova. +: ${METADATA_SECRET:=osbash_training} + # vim: set ai ts=4 sw=4 et ft=sh: diff --git a/labs/config/scripts.network b/labs/config/scripts.network index 4d7a25a4..032eb6ed 100644 --- a/labs/config/scripts.network +++ b/labs/config/scripts.network @@ -1,4 +1,5 @@ # Scripts for network node +scripts setup_neutron_network.sh scripts shutdown.sh boot wait_for_shutdown diff --git a/labs/scripts/apt_pre-download.sh b/labs/scripts/apt_pre-download.sh index 203bacc1..251bde27 100755 --- a/labs/scripts/apt_pre-download.sh +++ b/labs/scripts/apt_pre-download.sh @@ -19,6 +19,5 @@ sudo apt-get install -y --download-only cinder-api cinder-scheduler lvm2 \ cinder-volume glance openstack-dashboard memcached keystone \ neutron-server neutron-plugin-ml2 nova-api nova-cert nova-conductor \ nova-consoleauth nova-novncproxy nova-scheduler python-novaclient \ - nova-compute-kvm python-guestfs neutron-common neutron-plugin-ml2 \ - neutron-plugin-openvswitch-agent - + nova-compute-kvm python-guestfs neutron-common \ + neutron-plugin-openvswitch-agent neutron-l3-agent neutron-dhcp-agent diff --git a/labs/scripts/setup_neutron_controller.sh b/labs/scripts/setup_neutron_controller.sh index 21ea742a..9c6023e8 100755 --- a/labs/scripts/setup_neutron_controller.sh +++ b/labs/scripts/setup_neutron_controller.sh @@ -120,6 +120,8 @@ iniset_sudo $conf DEFAULT neutron_admin_auth_url http://controller-mgmt:35357/v2 iniset_sudo $conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver iniset_sudo $conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver iniset_sudo $conf DEFAULT security_group_api neutron +iniset_sudo $conf DEFAULT service_neutron_metadata_proxy true +iniset_sudo $conf DEFAULT neutron_metadata_proxy_shared_secret "$METADATA_SECRET" echo "Restart nova services" sudo service nova-api restart diff --git a/labs/scripts/setup_neutron_network.sh b/labs/scripts/setup_neutron_network.sh new file mode 100755 index 00000000..4c4251fd --- /dev/null +++ b/labs/scripts/setup_neutron_network.sh @@ -0,0 +1,119 @@ +#!/usr/bin/env bash +TOP_DIR=$(cd $(dirname "$0")/.. && pwd) +source "$TOP_DIR/config/paths" +source "$CONFIG_DIR/credentials" +source "$LIB_DIR/functions.guest" +source "$CONFIG_DIR/labs-openstackrc.sh" +exec_logfile + +indicate_current_auto + +#------------------------------------------------------------------------------ +# Set up OpenStack Networking (neutron) for network node. +#------------------------------------------------------------------------------ + +echo "Disabling Reverse Path Forwarding filter (RFC 3704)." +sudo sysctl -w "net.ipv4.conf.all.rp_filter=0" +sudo sysctl -w "net.ipv4.conf.default.rp_filter=0" +sudo sysctl -w "net.ipv4.ip_forward=1" + +echo "Installing neutron for network node." +sudo apt-get install -y neutron-common neutron-plugin-ml2 \ + neutron-plugin-openvswitch-agent neutron-l3-agent \ + neutron-dhcp-agent + +echo "Configuring neutron for network node." + +neutron_admin_user=$(service_to_user_name neutron) +neutron_admin_password=$(service_to_user_password neutron) + +echo "Configuring neutron to use keystone for authentication." +conf=/etc/neutron/neutron.conf +echo "Configuring $conf." + +# Configuring [DEFAULT] section +iniset_sudo $conf DEFAULT auth_strategy keystone +iniset_sudo $conf DEFAULT verbose True + +# Configure AMQP parameters +iniset_sudo $conf DEFAULT rpc_backend neutron.openstack.common.rpc.impl_kombu +iniset_sudo $conf DEFAULT rabbit_host controller-mgmt +iniset_sudo $conf DEFAULT rabbit_password $RABBIT_PASSWORD + +# Configure network plugin parameters +iniset_sudo $conf DEFAULT core_plugin ml2 +iniset_sudo $conf DEFAULT service_plugins router +iniset_sudo $conf DEFAULT allow_overlapping_ips True + +# Configuring [keystone_authtoken] section +iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000" +iniset_sudo $conf keystone_authtoken auth_host controller-mgmt +iniset_sudo $conf keystone_authtoken auth_port 35357 +iniset_sudo $conf keystone_authtoken auth_protocol http +iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME" +iniset_sudo $conf keystone_authtoken admin_user "$neutron_admin_user" +iniset_sudo $conf keystone_authtoken admin_password "$neutron_admin_password" + +echo "Configuring the OVS plug-in to use GRE tunneling." +conf=/etc/neutron/plugins/ml2/ml2_conf.ini + +# Under the ml2 section +iniset_sudo $conf ml2 type_drivers gre +iniset_sudo $conf ml2 tenant_network_types gre +iniset_sudo $conf ml2 mechanism_drivers openvswitch + +# Under the ml2_type_gre section +iniset_sudo $conf ml2_type_gre tunnel_id_ranges 1:1000 + +# Under the securitygroup section +iniset_sudo $conf securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +iniset_sudo $conf securitygroup enable_security_group True + +# Under the ovs section +iniset_sudo $conf ovs local_ip "$(hostname_to_ip network-data)" +iniset_sudo $conf ovs tunnel_type gre +iniset_sudo $conf ovs enable_tunneling True + +echo "Restarting the Open vSwitch (OVS) service." +sudo service openvswitch-switch restart + +echo "Adding the integration bridge." +sudo ovs-vsctl add-br br-int + +echo "Adding the external bridge" +sudo ovs-vsctl add-br br-ex + +echo "Adding port to external bridge." +sudo ovs-vsctl add-port br-ex eth2 + +echo "Configuring Layer-3 agent." +conf=/etc/neutron/l3_agent.ini +iniset_sudo $conf DEFAULT interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver +iniset_sudo $conf DEFAULT use_namespaces True +iniset_sudo $conf DEFAULT verbose True + +echo "Configuring the metadata agent" +conf=/etc/neutron/metadata_agent.ini +iniset_sudo $conf DEFAULT auth_uri http://controller-mgmt:5000/v2.0 +iniset_sudo $conf DEFAULT auth_region regionOne +iniset_sudo $conf DEFAULT admin_tenant_name "$SERVICE_TENANT_NAME" +iniset_sudo $conf DEFAULT admin_user "$neutron_admin_user" +iniset_sudo $conf DEFAULT admin_password "$neutron_admin_password" +iniset_sudo $conf DEFAULT nova_metadata_ip controller-mgmt +iniset_sudo $conf DEFAULT metadata_proxy_shared_secret "$METADATA_SECRET" + +echo "Configuring the DHCP agent" +conf=/etc/neutron/dhcp_agent.ini +iniset_sudo $conf DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver +iniset_sudo $conf DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq +iniset_sudo $conf DEFAULT use_namespaces True +iniset_sudo $conf DEFAULT verbose True + +echo "Restarting the network service." +sudo service neutron-plugin-openvswitch-agent restart +sudo service neutron-l3-agent restart +sudo service neutron-dhcp-agent restart +sudo service neutron-metadata-agent restart + +echo "Restarting the OVS agent." +sudo service neutron-plugin-openvswitch-agent restart