OpenStack使用OVN

1. Controller节点

1.1 安装 OVS和OVN

安装 Python3.7：

yum -y groupinstall "Development tools"
yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel libffi-devel zlib1g-dev zlib* libffi-devel

wget https://www.python.org/ftp/python/3.7.2/Python-3.7.2.tar.xz
tar -xvJf  Python-3.7.2.tar.xz
mkdir /usr/local/python3

cd Python-3.7.2
./configure --prefix=/usr/local/python3 --enable-optimizations --with-ssl 

make && make install

ln -s /usr/local/python3/bin/python3 /usr/local/bin/python3
ln -s /usr/local/python3/bin/pip3 /usr/local/bin/pip3

python3 -V
pip3 -V

安装 ovs和ovn：

yum install -y epel-release net-tools gcc gcc-c++  kernel-devel kernel-headers kernel.x86_64 \
    numactl-devel.x86_64 numactl-libs.x86_64 libpcap.x86_64 libpcap-devel.x86_64 pciutils \
    autoconf automake libtool

git clone https://github.com/openvswitch/ovs.git
git branch -a
git checkout
git checkout origin/branch-2.12
./boot.sh
./configure
make
make install

# 配置数据库
mkdir -p /usr/local/etc/openvswitch
ovsdb-tool create /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema

# 启动 ovsdb-server
mkdir -p /usr/local/var/run/openvswitch
mkdir -p /usr/local/var/log/openvswitch/
ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock \
    --remote=db:Open_vSwitch,Open_vSwitch,manager_options \
    --private-key=db:Open_vSwitch,SSL,private_key \
    --certificate=db:Open_vSwitch,SSL,certificate \
    --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert \
    --pidfile --detach --log-file

ovs-vsctl --no-wait init
ovs-vswitchd --pidfile --detach --log-file

# 启动 ovn_northd
/usr/local/share/openvswitch/scripts/ovn-ctl start_northd

其他：

yum install -y python-networking-ovn

允许远程访问 osvdb-server：（将 0.0.0.0 替换成管理网络接口的IP，可以避免监听所有接口）

ovn-nbctl set-connection ptcp:6641:0.0.0.0 -- set connection . inactivity_probe=60000
ovn-sbctl set-connection ptcp:6642:0.0.0.0 -- set connection . inactivity_probe=60000

如果使用 vtep，则还需如下配置：

ovs-appctl -t ovsdb-server ovsdb-server/add-remote ptcp:6640:0.0.0.0

编辑配置文件 /etc/neutron/neutron.conf，添加或修改如下内容：

[DEFAULT]
...
core_plugin = ml2
service_plugins = ovn-router

# 其他配置

注：其他配置正常（https://docs.openstack.org/neutron/latest/install/controller-install-rdo.html）。

编辑配置文件 /etc/neutron/plugins/ml2/ml2_conf.ini：

[ml2]
...
mechanism_drivers = ovn
type_drivers = local,flat,vlan,geneve
tenant_network_types = geneve
extension_drivers = port_security
overlay_ip_version = 4

[ml2_type_flat]
flat_networks = PHYSICAL_NETWORK

[ml2_type_geneve]
vni_ranges = 1:65536
max_header_size = 38

[ml2_type_vlan]
network_vlan_ranges = PHYSICAL_NETWORK:MIN_VLAN_ID:MAX_VLAN_ID

[securitygroup]
enable_security_group = true

[ovn]
ovn_nb_connection = tcp:IP_ADDRESS:6641
ovn_sb_connection = tcp:IP_ADDRESS:6642
ovn_l3_scheduler = OVN_L3_SCHEDULER

将 PHYSICAL_NETWORK 替换为物理网络名称（自己取即可），如， provider。

MIN_VXLAN_ID:MAX_VLAN_ID 定义了最小、最大可用的 vlan id，如，1001:2000。

将 IP_ADDRESS 替换为 controller 节点上运行 osvdb-server 服务的IP地址。

OVN_L3_SCHEDULER可选值:

• leastloaded：let the scheduler to select a compute node with the least number of gateway ports.
• chance：let the scheduler to randomly select a compute node from the available list of compute nodes.

Set ovn-cms-options with enable-chassis-as-gw in Open_vSwitch table’s external_ids column. Then if this chassis has proper bridge mappings, it will be selected for scheduling gateway routers.

ovs-vsctl set open . external-ids:ovn-cms-options=enable-chassis-as-gw

重新填充数据库：（DBPASS：数据库登录密码，NEUTRON_DBPASS：neutron服务连接数据库时使用的密码）

mysql -uroot -p$DBPASS <<EOF
DROP DATABASE IF EXISTS neutron;
CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '$NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '$NEUTRON_DBPASS';

quit
EOF

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

停止 linux-bridge 等服务（因为此处将 controller 节点也用作了 network 节点），并重新启动 neutron-server：

systemctl stop neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
systemctl disable neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service

systemctl restart neutron-server.service

2. Network节点

不再需要 DHCP 和 L3 功能。

3. Compute节点

使用 controller 节点上的 ovs 数据库：

systemctl start openvswitch
ovs-vsctl set open . external-ids:ovn-remote=tcp:IP_ADDRESS:6642

将 IP_ADDRESS 替换为 controller 上运行 ovsdb-server 服务的 IP地址。

ovs-vsctl set open . external-ids:ovn-encap-type=geneve,vxlan
ovs-vsctl set open . external-ids:ovn-encap-ip=IP_ADDRESS

Replace IP_ADDRESS with the IP address of the overlay network interface on the compute node.

4. Controller节点

启动 ovn-controller：

/usr/local/share/openvswitch/scripts/ovn-ctl start_controller

5. 验证

# openstack network create net1
# openstack subnet create --subnet-range 172.0.0.0/24 --network net1 subnet1
# openstack port create --network net1 --fixed-ip subnet=subnet1,ip-address=172.0.0.10 port1

# ovn-nbctl show
switch 00d310e3-1919-4dc8-a6d4-c9baaba1b006 (neutron-4c3d437a-f161-4c3e-9a57-606e9f80ed14) (aka net1)
    port 40e23569-fd75-40fb-ae07-ce93053a007b (aka port1)
        addresses: ["fa:16:3e:98:22:c7 172.0.0.10"]

参考资料

https://docs.openstack.org/neutron/latest/install/ovn/manual_install.html

https://www.cnblogs.com/xiujin/p/11477419.html

https://www.cnblogs.com/gaozhengwei/p/7100140.html