⑪ OpenStack高可用集羣部署方案(train版)—修改Linuxbridge爲Openvswitch

之前使用的是官網提供的linuxbridge+vxlan模式；
本篇記錄要將linuxbridge+vxlan模式改裝成openvswitch+vxlan模式！

1. 當前集羣應用分佈情況

由於將網絡節點直接部署在了計算節點上，因此，只需要將compute節點上的 neutron-linuxbridge-agent改成neutron-openvswitch-agent即可；

2. 準備工作

2.1 所有安裝過linuxbridge的節點都刪除-compute01/02/03

刪除已經配置的linuxbridge網絡，可直接在dashboard上面操作;
刪除順序如下：釋放虛擬ip端口–>刪除路由–>刪除網絡;
驗證是否還有未刪除網絡，輸出爲空;

[root@controller01 ~]#  openstack network list

2.2 查看安裝linuxbridge的節點

[root@controller01 ~]# openstack network agent list |grep linuxbridge
| 386b5467-6e0a-416d-96cb-6ecee5ec2bac | Linux bridge agent | compute03 | None              | :-)   | UP    | neutron-linuxbridge-agent |
| 553a76ba-996b-4840-af0e-ebee74efe852 | Linux bridge agent | compute02 | None              | :-)   | UP    | neutron-linuxbridge-agent |
| 5a2ed9ea-1e8d-4bc2-a317-a70b8b196703 | Linux bridge agent | compute01 | None              | :-)   | UP    | neutron-linuxbridge-agent |

2.3 關閉並卸載neutron-linuxbridge-agent

全部安裝linuxbridge的計算節點上；

systemctl disable neutron-linuxbridge-agent.service
systemctl stop neutron-linuxbridge-agent.service 
yum remove -y openstack-neutron-linuxbridge

2.4 安裝openvswitch

全部計算節點上；

yum install -y openstack-neutron-openvswitch

內核配置

echo '
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
'>>/etc/sysctl.conf

[root@compute01 ~]# sysctl -p
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0

3. 全部控制節點配置修改

以controller01爲例；
設置開啓route，前面已經設置過的，可不執行

openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router

3.1 備份ml2配置及修改

[root@controller01 ~]# cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.linuxbridge}

[root@controller01 ~]# cat /etc/neutron/plugins/ml2/ml2_conf.ini
[DEFAULT]

[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = true

拷貝到其他控制節點

scp /etc/neutron/plugins/ml2/ml2_conf.ini controller02:/etc/neutron/plugins/ml2/
scp /etc/neutron/plugins/ml2/ml2_conf.ini controller03:/etc/neutron/plugins/ml2/

3.2 全部控制節點重啓服務

systemctl restart neutron-server.service
systemctl status neutron-server.service

4. 全部計算節點配置修改

以compute01爲例；全部計算節點執行

4.1 備份文件

cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.linuxbridge}
cp /etc/neutron/l3_agent.ini{,.linuxbridge}
cp /etc/neutron/dhcp_agent.ini{,.linuxbridge}
cp /etc/neutron/plugins/ml2/openvswitch_agent.ini{,.bak}

4.2 修改ml2_conf.ini

[root@compute01 ~]# cat /etc/neutron/plugins/ml2/ml2_conf.ini
[DEFAULT]

[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = true

拷貝文件到其他計算節點

scp /etc/neutron/plugins/ml2/ml2_conf.ini controller02:/etc/neutron/plugins/ml2/
scp /etc/neutron/plugins/ml2/ml2_conf.ini controller03:/etc/neutron/plugins/ml2/

4.3 l3_agent.ini

[root@compute01 ~]# cat /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge = br-ex

拷貝文件到其他計算節點

scp /etc/neutron/l3_agent.ini controller02:/etc/neutron/
scp /etc/neutron/l3_agent.ini controller03:/etc/neutron/

4.4 修改dhcp_agent.ini

[root@compute01 ~]# cat /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

拷貝文件到其他計算節點

scp /etc/neutron/dhcp_agent.ini controller02:/etc/neutron/
scp /etc/neutron/dhcp_agent.ini controller03:/etc/neutron/

4.5 修改openvswitch_agent.ini

local_ip指定當前主機ip

[root@compute01 ~]# cat >/etc/neutron/plugins/ml2/openvswitch_agent.ini <<EOF
[ovs]
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = 10.15.253.163
#bridge_mappings = br-ex
#bridge_mappings = provider:br-ex
bridge_mappings = 
[agent]
tunnel_types = vxlan,gre
l2_population = true
arp_responder = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
EOF

4.6 啓動openvswitch服務

systemctl enable openvswitch.service
systemctl restart openvswitch.service
systemctl status openvswitch.service

4.7 創建網橋，將ip轉移到網橋，添加到開機啓動

ip地址修改爲當前節點；以compute01爲例

[root@compute01 ~]# echo '#
ovs-vsctl add-br br-ex
ovs-vsctl add-port br-ex ens192
ovs-vsctl show
ifconfig ens192 0.0.0.0 
ifconfig br-ex 10.15.253.162/12
#route add default gw 10.15.253.162 #可選，添加默認路由
#'>>/etc/rc.d/rc.local 

#驗證
[root@compute01 ~]# chmod +x chmod +x /etc/rc.d/rc.local ;tail -n 8 /etc/rc.local |bash
chmod: cannot access 'chmod': No such file or directory
chmod: cannot access '+x': No such file or directory
5b7f7fa2-4c20-407d-b751-e9e9017f2507
    Bridge br-ex
        Port "ens192"
            Interface "ens192"
        Port br-ex
            Interface br-ex
                type: internal
    ovs_version: "2.12.0"

4.8 關閉網卡的開機自啓，修改以下項

[root@compute01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens192
ONBOOT=no

4.9 全部計算節點重啓服務

systemctl restart neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service neutron-openvswitch-agent.service
systemctl status neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service neutron-openvswitch-agent.service

5. 控制節點驗證

[root@controller01 ~]# openstack network agent list