From 3f060aa6fa97a584b96e899fb1339dcca35efe53 Mon Sep 17 00:00:00 2001 From: Christian Berendt Date: Mon, 13 Jul 2015 22:04:36 +0200 Subject: [PATCH] Improve networking Change-Id: I2458013809e5a773ae60dd910bb4f1e693f99736 --- Vagrantfile | 48 +++++++++++++++++++----------------- ansible/initialize.yaml | 7 ++++-- ansible/network.yaml | 5 ++-- config.yaml.sample | 15 ++++++++--- doc/source/configuration.rst | 20 ++++++++++----- files/ifcfg-br-ex.j2 | 11 +++++++++ files/ifcfg-enp0s9 | 6 +++++ files/packstack.answers.j2 | 16 ++++++------ files/scripts/setup.sh | 2 +- 9 files changed, 85 insertions(+), 45 deletions(-) create mode 100644 files/ifcfg-br-ex.j2 create mode 100644 files/ifcfg-enp0s9 diff --git a/Vagrantfile b/Vagrantfile index 7cdd89c..719a997 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -64,41 +64,43 @@ Vagrant.configure(2) do |config| name = "compute#{index + 1}" config.vm.define name do |node| node.vm.hostname = name - node.vm.network :public_network, - ip: address, - netmask: CONFIG['netmask_internal'], - bridge: CONFIG['bridge_internal'] node.vm.network :private_network, ip: "10.0.0.2#{index}", virtualbox__intnet: 'tunnel' + node.vm.network :public_network, + ip: address, + netmask: CONFIG['network']['internal']['netmask'], + bridge: CONFIG['network']['internal']['bridge'] end end - %w(network storage).each do |name| - config.vm.define name do |node| - node.vm.hostname = name - node.vm.network :public_network, - ip: CONFIG['address'][name], - netmask: CONFIG['netmask_internal'], - bridge: CONFIG['bridge_internal'] - if name == 'network' - node.vm.network :private_network, - ip: '10.0.0.30', - virtualbox__intnet: 'tunnel' - elsif name == 'storage' - add_block_device(node, 1, CONFIG['resources']['storage']) - add_block_device(node, 2, CONFIG['resources']['storage']) - add_block_device(node, 3, CONFIG['resources']['storage']) - end - end + config.vm.define 'network' do |node| + node.vm.hostname = 'network' + node.vm.network :private_network, + ip: '10.0.0.30', + virtualbox__intnet: 'tunnel' + node.vm.network :public_network, + bridge: CONFIG['network']['internal']['bridge'], + auto_config: false + end + + config.vm.define 'storage' do |node| + node.vm.hostname = 'storage' + node.vm.network :public_network, + ip: CONFIG['address']['storage'], + netmask: CONFIG['network']['internal']['netmask'], + bridge: CONFIG['network']['internal']['bridge'] + add_block_device(node, 1, CONFIG['resources']['storage']) + add_block_device(node, 2, CONFIG['resources']['storage']) + add_block_device(node, 3, CONFIG['resources']['storage']) end config.vm.define 'controller', primary: true do |node| node.vm.hostname = 'controller' node.vm.network :public_network, ip: CONFIG['address']['controller'], - netmask: CONFIG['netmask_internal'], - bridge: CONFIG['bridge_internal'] + netmask: CONFIG['network']['internal']['netmask'], + bridge: CONFIG['network']['internal']['bridge'] node.vm.provider 'virtualbox' do |vb| memory = CONFIG['resources']['memory'] * 2 vcpus = CONFIG['resources']['vcpus'] * 2 diff --git a/ansible/initialize.yaml b/ansible/initialize.yaml index 3811678..0ac2be1 100644 --- a/ansible/initialize.yaml +++ b/ansible/initialize.yaml @@ -2,8 +2,11 @@ - lineinfile: dest=/etc/yum/pluginconf.d/fastestmirror.conf regexp=^enabled= line=enabled=0 - yum: name=http://rdoproject.org/repos/openstack-kilo/rdo-release-kilo.rpm state=present - yum: name=* state=latest -- yum: name=openstack-selinux state=present -- yum: name=vim state=present +- yum: name={{ item }} state=present + with_items: + - openstack-selinux + - vim + - tcpdump - copy: src=files/id_rsa dest=/home/vagrant/.ssh/id_packstack mode=0600 owner=vagrant group=vagrant - copy: src=files/id_rsa.pub dest=/home/vagrant/.ssh/id_packstack.pub mode=0600 owner=vagrant group=vagrant - copy: src=files/selinux dest=/etc/selinux/config mode=0644 owner=root group=root diff --git a/ansible/network.yaml b/ansible/network.yaml index 0bbde47..7c3f96e 100644 --- a/ansible/network.yaml +++ b/ansible/network.yaml @@ -1,5 +1,6 @@ --- - yum: name=openvswitch state=present - service: name=openvswitch state=started enabled=yes -- openvswitch_bridge: bridge=br-ex state=present -- openvswitch_port: bridge=br-ex port=enp0s09 state=present +- template: src=files/ifcfg-br-ex.j2 dest=/etc/sysconfig/network-scripts/ifcfg-br-ex +- copy: src=files/ifcfg-enp0s9 dest=/etc/sysconfig/network-scripts/ifcfg-enp0s9 +- service: name=network state=restarted diff --git a/config.yaml.sample b/config.yaml.sample index f07a1e4..1f920c7 100644 --- a/config.yaml.sample +++ b/config.yaml.sample @@ -4,10 +4,17 @@ box: storage_controller: 'SATA Controller' debug: false development: false -bridge_internal: tap0 -network_agent: openvswitch -network_type: gre -netmask_internal: 255.255.0.0 +network: + type: gre + agent: openvswitch + tunnel_interface: enp0s8 + internal: + bridge: tap0 + netmask: 255.255.0.0 + gateway: 10.100.0.1 + broadcast: 10.100.255.255 + dns1: 208.67.222.222 + dns2: 208.67.220.220 secret: password proxy: http://proxy.dummy.site:3128 storage_backend: nfs diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst index 3980dd7..01bd206 100644 --- a/doc/source/configuration.rst +++ b/doc/source/configuration.rst @@ -33,19 +33,25 @@ storage controller of the used base box must support at least three ports. Networking ---------- -Bridges -~~~~~~~ +Internal network +~~~~~~~~~~~~~~~~ :: - bridge_internal: tap0 + network: + internal: + bridge: tap0 + netmask: 255.255.0.0 + broadcast: 10.100.255.255 + gateway: 10.100.0.1 + dns1: 208.67.222.222 + dns2: 208.67.220.220 Addresses ~~~~~~~~~ :: - netmask_internal: 255.255.0.0 address: controller: 10.100.50.10 network: 10.100.50.30 @@ -62,14 +68,16 @@ L2 agent :: - network_agent: openvswitch + network: + agent: openvswitch Tenant networks ~~~~~~~~~~~~~~~ :: - network_type: gre + network: + type: gre Clock synchronization (NTP) --------------------------- diff --git a/files/ifcfg-br-ex.j2 b/files/ifcfg-br-ex.j2 new file mode 100644 index 0000000..ab51b4d --- /dev/null +++ b/files/ifcfg-br-ex.j2 @@ -0,0 +1,11 @@ +NM_CONTROLLED=no +DEVICE=br-ex +DEVICETYPE=ovs +TYPE=OVSBridge +BOOTPROTO=static +IPADDR={{ address.network }} +NETMASK={{ network.internal.netmask }} +BROADCAST={{ network.internal.broadcast }} +GATEWAY={{ network.internal.gateway }} +DNS1={{ network.internal.dns1 }} +DNS2={{ network.internal.dns2 }} diff --git a/files/ifcfg-enp0s9 b/files/ifcfg-enp0s9 new file mode 100644 index 0000000..8b8e1c8 --- /dev/null +++ b/files/ifcfg-enp0s9 @@ -0,0 +1,6 @@ +NM_CONTROLLED=no +DEVICE=enp0s9 +TYPE=OVSPort +DEVICETYPE=ovs +OVS_BRIDGE=br-ex +ONBOOT=yes diff --git a/files/packstack.answers.j2 b/files/packstack.answers.j2 index 9afab08..86840a0 100644 --- a/files/packstack.answers.j2 +++ b/files/packstack.answers.j2 @@ -810,7 +810,8 @@ CONFIG_NEUTRON_DB_PW={{ secret }} # the OpenStack Networking L3 agent to use for external traffic. # Specify 'provider' if you intend to use a provider network to handle # external traffic. -CONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex +#CONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex +CONFIG_NEUTRON_L3_EXT_BRIDGE=provider # Password for the OpenStack Networking metadata agent. CONFIG_NEUTRON_METADATA_PW={{ secret }} @@ -830,19 +831,19 @@ CONFIG_NEUTRON_FWAAS=y # Comma-separated list of network-type driver entry points to be # loaded from the neutron.ml2.type_drivers namespace. ['local', # 'flat', 'vlan', 'gre', 'vxlan'] -CONFIG_NEUTRON_ML2_TYPE_DRIVERS={{ network_type }},flat +CONFIG_NEUTRON_ML2_TYPE_DRIVERS={{ network.type }},flat # Comma-separated, ordered list of network types to allocate as # tenant networks. The 'local' value is only useful for single-box # testing and provides no connectivity between hosts. ['local', # 'vlan', 'gre', 'vxlan'] -CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES={{ network_type }} +CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES={{ network.type }} # Comma-separated ordered list of networking mechanism driver entry # points to be loaded from the neutron.ml2.mechanism_drivers # namespace. ['logger', 'test', 'linuxbridge', 'openvswitch', # 'hyperv', 'ncs', 'arista', 'cisco_nexus', 'mlnx', 'l2population'] -CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS={{ network_agent }} +CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS={{ network.agent }} # Comma-separated list of physical_network names with which flat # networks can be created. Use * to allow flat networks with arbitrary @@ -874,7 +875,7 @@ CONFIG_NEUTRON_ML2_VNI_RANGES=10:100 # Name of the L2 agent to be used with OpenStack Networking. # ['linuxbridge', 'openvswitch'] -CONFIG_NEUTRON_L2_AGENT={{ network_agent }} +CONFIG_NEUTRON_L2_AGENT={{ network.agent }} # Comma-separated list of interface mappings for the OpenStack # Networking linuxbridge plugin. Each tuple in the list must be in the @@ -886,7 +887,8 @@ CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS= # Networking Open vSwitch plugin. Each tuple in the list must be in # the format :. Example: physnet1:br- # eth1,physnet2:br-eth2,physnet3:br-eth3 -CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet:br-enp0s9 +#CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet:br-ex +CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=external:br-ex # Comma-separated list of colon-separated Open vSwitch # : pairs. The interface will be added to the @@ -896,7 +898,7 @@ CONFIG_NEUTRON_OVS_BRIDGE_IFACES= # Interface for the Open vSwitch tunnel. Packstack overrides the IP # address used for tunnels on this hypervisor to the IP found on the # specified interface (for example, eth1). -CONFIG_NEUTRON_OVS_TUNNEL_IF=enp0s9 +CONFIG_NEUTRON_OVS_TUNNEL_IF={{ network.tunnel_interface }} # VXLAN UDP port. CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT=4789 diff --git a/files/scripts/setup.sh b/files/scripts/setup.sh index 1322d0d..d6dfd19 100755 --- a/files/scripts/setup.sh +++ b/files/scripts/setup.sh @@ -21,7 +21,7 @@ fi openstack role add admin --project services --user admin OS_TENANT_NAME=services neutron net-create floating001 --router:external --provider:physical_network external --provider:network_type flat -OS_TENANT_NAME=services neutron subnet-create --name floating001 --allocation-pool start=203.0.113.100,end=203.0.113.200 --disable-dhcp --gateway 203.0.113.1 floating001 203.0.113.0/24 +OS_TENANT_NAME=services neutron subnet-create --name floating001 --allocation-pool start=10.100.50.100,end=10.100.50.200 --disable-dhcp --gateway 10.100.0.1 --dns-nameserver 208.67.222.222 --dns-nameserver 208.67.220.220 floating001 10.100.50.0/16 neutron net-create internal001 neutron subnet-create --name internal001 internal001 192.168.200.0/24