Prerequisites

mysql -u root -p
ROOT_DBPASS

CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
exit

openstack user create --domain default --password NEUTRON_PASS neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network

openstack endpoint create --region RegionOne network public http://ctr01:9696
openstack endpoint create --region RegionOne network internal http://ctr01:9696
openstack endpoint create --region RegionOne network admin http://ctr01:9696

Configure networking options

▼jump page

Install the components

dnf -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge iptables-ebtables

※ebtables→iptables-ebtables

Configure the server component

cp -p /etc/neutron/neutron.conf{,_org}
ls -l /etc/neutron/neutron.conf*

cat << EOF > /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@ctr01/neutron

[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:RABBIT_PASS@ctr01
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[keystone_authtoken]
www_authenticate_uri = http://ctr01:5000
auth_url = http://ctr01:5000
memcached_servers = ctr01:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS

[nova]
auth_url = http://ctr01:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
EOF

cat /etc/neutron/neutron.conf

Configure the Modular Layer 2 (ML2) plug-in

cp -p /etc/neutron/plugins/ml2/ml2_conf.ini{,_org}
ls -l /etc/neutron/plugins/ml2/ml2_conf.ini*

cat << EOF > /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[securitygroup]
enable_ipset = true
EOF

cat /etc/neutron/plugins/ml2/ml2_conf.ini

Configure the Linux bridge agent

cp -p /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,_org}
ls -l /etc/neutron/plugins/ml2/linuxbridge_agent.ini*

cat << EOF > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens4

[vxlan]
enable_vxlan = false

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
EOF

cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini

sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables

→要確認
Network Option 1で構成した際はカーネルパラメータが存在しないと表示された。
その後、Network Option 2で構成した後から正しい値(1)が出力されるようになった。と思う。

Configure the DHCP agent

cp -p /etc/neutron/dhcp_agent.ini{,_org}
ls -l /etc/neutron/dhcp_agent.ini*

cat << EOF > /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
EOF

cat /etc/neutron/dhcp_agent.ini

Create the provider network

コンフィグ設定が全て終わってからにする。

▲return page

Configure the metadata agent

cp -p /etc/neutron/metadata_agent.ini{,_org}
ls -l /etc/neutron/metadata_agent.ini*

cat << EOF > /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = ctr01
metadata_proxy_shared_secret = METADATA_SECRET
EOF

cat /etc/neutron/metadata_agent.ini

Configure the Compute service to use the Networking service

cp -p /etc/nova/nova.conf{,_add_neutron}
ls -l /etc/nova/nova.conf*

cat << EOF >> /etc/nova/nova.conf

[neutron]
auth_url = http://ctr01:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
EOF

diff /etc/nova/nova.conf{,_add_neutron}
cat /etc/nova/nova.conf

Finalize installation

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

systemctl restart openstack-nova-api.service

systemctl enable --now \
neutron-server.service \
neutron-linuxbridge-agent.service \
neutron-dhcp-agent.service \
neutron-metadata-agent.service

systemctl status --no-pager -l \
neutron-server.service \
neutron-linuxbridge-agent.service \
neutron-dhcp-agent.service \
neutron-metadata-agent.service

systemctl is-active \
neutron-server.service \
neutron-linuxbridge-agent.service \
neutron-dhcp-agent.service \
neutron-metadata-agent.service

systemctl is-enabled \
neutron-server.service \
neutron-linuxbridge-agent.service \
neutron-dhcp-agent.service \
neutron-metadata-agent.service

systemctl is-active neutron-l3-agent.service
systemctl is-enabled neutron-l3-agent.service
→Network Option 1で構成しているので、inactive,disabledであることを確認する。