Openstack网络主要是和OpenStack计算交互,提供网络连接到它的实例。
一、OpenStack网络服务包含的组件
图1.1. OpenStack Nova组件
二、OpenStack网络节点基本环节的搭建
1.配置主机名和网络信息
1.1配置主机名
[email protected]:~# vim /etc/hostname network
1.2 配置IP地址
[email protected]:~# vim /etc/network/interfaces auto eth0 iface eth0 inet static address 192.168.100.101 netmask 255.255.255.0 gateway 192.168.100.2 auto eth1 iface eth1 inet static address 192.168.200.101 netmask 255.255.255.0 auto eth2 iface eth2 inet manual up ip link set dev $IFACE up down ip link set dev $IFACE down
1.3 配置名称解析hosts
[email protected]:~# vim /etc/hosts # controller 192.168.100.100 controller # network 192.168.100.101 network # compute1 192.168.100.102 compute1
2.网络时间协议ntp
2.1 安装ntp服务器
[email protected]:~# apt-get install ntp
2.2 配置/etc/ntp.conf 服务
server controller iburst
2.3重启ntp服务
[email protected]:~# /etc/init.d/ntp restart
3.系统升级更新
3.1 更新openstack 仓库源
[email protected]:~# apt-get install ubuntu-cloud-keyring [email protected]:~# vim /etc/apt/sources.list.d/cloudarchive-kilo.list deb http://ubuntu-cloud.archive.canonical.com/ubuntu trusty-updates/kilo main
3.2升级软件包,如果升级过程中包含内核的升级,需要重启服务器。
[email protected]:~# apt-get update [email protected]:~# apt-get dist-upgrade
三、安装和配置控制节点
下面介绍如何在控制节点上面安装和配置OpenStack Networking (neutron) service,下面所有的操作步骤在控制节点上面操作。在安装和配置计算服务之前,必须先创建数据库、服务证书和API。
1.数据库配置
1.1创建数据库
[email protected]:~# mysql -uroot -p MariaDB [(none)]> create database neutron; Query OK, 1 row affected (0.12 sec)
1.2给数据库授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘localhost‘ IDENTIFIED BY ‘sfzhang1109‘; Query OK, 0 rows affected (0.41 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘%‘ IDENTIFIED BY ‘sfzhang1109‘; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.10 sec)
1.3退出数据库客户端
MariaDB [(none)]> exit; Bye
2.导入admin身份凭证以便执行管理命令
[email protected]:~# source admin-openrc.sh
3.创建服务证书
3.1创建neutron用户(密码:neutron)
[email protected]:~# openstack user create --password-prompt neutron User Password: Repeat User Password: +----------+----------------------------------+ | Field | Value | +----------+----------------------------------+ | email | None | | enabled | True | | id | b11104ae8be347459f83dccdc065bc32 | | name | neutron | | username | neutron | +----------+----------------------------------+
3.2添加neutron用户到admin角色
[email protected]:~# openstack role add --project service --user neutron admin +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 05616505a61c4aa78f43fba9e60ba7fc | | name | admin | +-------+----------------------------------+
3.3创建neutron服务实体
[email protected]:~# openstack service create --name neutron --description "OpenStack Networking" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | ac269b9d3c8c4862ac882c23f253e966 | | name | neutron | | type | network | +-------------+----------------------------------+
3.4创建Networking service的API endpoint
[email protected]:~# openstack endpoint create --publicurl http://controller:9696 --adminurl http://controller:9696 --internalurl http://controller:9696 --region RegionOne network +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | adminurl | http://controller:9696 | | id | ce52629dec38402a9ee23e88cc335225 | | internalurl | http://controller:9696 | | publicurl | http://controller:9696 | | region | RegionOne | | service_id | ac269b9d3c8c4862ac882c23f253e966 | | service_name | neutron | | service_type | network | +--------------+----------------------------------+
4.安装和配置网络组建
下面所有的操作在控制节点操作,Networking 服务组件的配置包括数据库配置、身份验证认证机制配置、消息队列、拓扑变化通知和插件配置。
4.1安装软件包
[email protected]:~# apt-get install neutron-server neutron-plugin-ml2 python-neutronclient
4.2编辑neutron的配置文件/etc/neutron/neutron.conf
1)在[database]部分配置数据库访问
[database] … connection = connection = mysql://neutron:[email protected]/neutron
2)在[DEFAULT]和[oslo_messaging_rabbit]部分配置RabbitMQ消息队列访问
[DEFAULT] … rpc_backend = rabbit [oslo_messaging_rabbit] … rabbit_host = controller rabbit_userid = openstack rabbit_password = 2015OS##
这里的密码为rabbitmqctl add_user命令添加openstack用户的密码
3)在[DEFAULT]和[keystone_authtoken]部分配置身份认证服务
[DEFAULT] … auth_strategy = keystone [keystone_authtoken] … auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron
4)在[DEFAULT]部分启用Modular Layer2(ML2)插件、router服务和overlapping IP addresses
[DEFAULT] … core_plugin = ml2 service_plugins = router allow_overlapping_ips = True
5)在[DEFAULT]和[nova]部分,配置网络拓扑变化通知
[DEFAULT] … notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://controller:8774/v2 [nova] … auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = nova password = nova
6)在[DEFAULT]段中开启详细日志配置,为后期的故障排除提供帮助
[DEFAULT] … verbose = True
4.3配置Modular Layer 2 (ML2)插件
编辑配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
1)在[ml2]部分,启用flat, VLAN, generic routing encapsulation (GRE), 和 virtual extensible LAN (VXLAN) 网络类型驱动, GRE 租户网络, 和OVS 机制驱动
[ml2] … type_drivers = flat,vlan,gre,vxlan tenant_network_types = gre mechanism_drivers = openvswitch
注意:一旦配置ML2插件,如何改变type_drivers值的话,会导致数据库不一致
2)在[ml2_type_gre]部分,配置隧道标识符id的范围
[ml2_type_gre] ... tunnel_id_ranges = 1:1000
3)在[securitygroup] 部分,启用security groups, 启用 ipset, 和 配置 OVS iptables firewall 驱动
[securitygroup] … enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
5.配置Compute以使用Networking
默认情况下,发行版的包配置Compute使用传统网络,必须重新配置Compute通过Networking管理网络。下面的步骤在控制节点上面操作。
5.1修改控制节点/etc/nova/nova.conf配置文件
1)在[DEFAULT]部分,配置APIS和驱动
[DEFAULT] … network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver
2)在[neutron]部分,配置访问参数
[neutron] … url = http://controller:9696 auth_strategy = keystone admin_auth_url = http://controller:35357/v2.0 admin_tenant_name = service admin_username = neutron admin_password = neutron
6.完成安装
6.1.初始化数据库
[email protected]:~# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron INFO [alembic.migration] Context impl MySQLImpl. INFO [alembic.migration] Will assume non-transactional DDL. …
6.2重启Compute服务
[email protected]:~# service nova-api restart
6.3重启Networking服务
[email protected]:~# service neutron-server restart
7.验证操作
注意:验证操作在控制节点操作
7.1执行admin身份凭证
[email protected]:~# source admin-openrc.sh
7.2列出创建成功的neutron-server 进程
[email protected]:~# neutron ext-list +-----------------------+-----------------------------------------------+ | alias | name | +-----------------------+-----------------------------------------------+ | security-group | security-group | | l3_agent_scheduler | L3 Agent Scheduler | | net-mtu | Network MTU | | ext-gw-mode | Neutron L3 Configurable external gateway mode | | binding | Port Binding | | provider | Provider Network | | agent | agent | | quotas | Quota management support | | subnet_allocation | Subnet Allocation | | dhcp_agent_scheduler | DHCP Agent Scheduler | | l3-ha | HA Router extension | | multi-provider | Multi Provider Network | | external-net | Neutron external network | | router | Neutron L3 Router | | allowed-address-pairs | Allowed Address Pairs | | extraroute | Neutron Extra Route | | extra_dhcp_opt | Neutron Extra DHCP opts | | dvr | Distributed Virtual Router | +-----------------------+-----------------------------------------------+
四、安装和配置网络节点
下面所有的操作在网络节点操作
1.在安装和配置OpenStack网络之前,必须配置内核参数。
1)编辑配置文件/etc/sysctl.conf修改下面的配置。
net.ipv4.ip_forward=1 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0
2)使修改生效
[email protected]:~# sysctl -p net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.all.rp_filter = 0 net.ipv4.ip_forward = 1
2.安装网络组建
[email protected]:~# apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent
3.配置网络通用组建
网络通用组建包括认证机制、消息队列和插件。
编辑/etc/neutron/neutron.conf配置文件,完成下面配置。
3.1在[database]部分,注释掉connection选择,因为网络不直接使用数据库。
3.2在[DEFAULT]和[oslo_messaging_rabbit]部分,配置消息队列访问
[DEFAULT] ... rpc_backend = rabbit [oslo_messaging_rabbit] ... rabbit_host = controller rabbit_userid = openstack rabbit_password = 2015OS##
3.3在[DEFAULT]和[keystone_authtoken]部分配置认证访问
[DEFAULT] ... auth_strategy = keystone [keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = 2015OS##
3.4在[m2]部分,启用Modular Layer 2 (ML2) plug-in, router service, 和 overlapping IP
addresses [DEFAULT] ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = True
3.5在[DEFAULT]段中开启详细日志配置,为后期的故障排除提供帮助
[DEFAULT] ... verbose = True
4.配置Modular Layer 2(ML2)插件
ML2插件使用Open vSwitch (OVS) 机制构建实例的虚拟网络框架
编辑文件 /etc/neutron/plugins/ml2/ml2_conf.ini,完成下面内容
4.1 在 [ml2]部分,启用 flat, VLAN, generic routing encapsulation (GRE), 和 virtual extensible LAN (VXLAN) 网络类型驱动,GRE 租户网络, 和 OVS 机制驱动。
[ml2] ... type_drivers = flat,vlan,gre,vxlan tenant_network_types = gre mechanism_drivers = openvswitch
4.2在[ml2_type_flat]部分,配置external flat提供的网络
[ml2_type_flat] ... flat_networks = external
4.3在[ml2_type_grp]部分,配置tunnel标识符(id)范围
[ml2_type_gre] ... tunnel_id_ranges = 1:1000
4.4在[securitygroup]部分,启用安全组, ipset, 和配置 OVS iptables firewall driver
[securitygroup] ... enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
4.5在 [ovs]部分,启用tunnels和配置本地 tunnel endpoint,和映射外部flat私有网络到br-ex外部网桥
[ovs] ... local_ip = 192.168.200.101 bridge_mappings = external:br-ex
这里的IP为网络节点隧道网络ip地址192.168.200.101
4.6在 [agent] 部分, 启用 GRE 隧道:
[agent] ... tunnel_types = gre
5.配置Layer-3(L3)代理
Layer-3 (L3) 提供路由服务为虚拟网络
编辑文件/etc/neutron/l3_agent.ini完成下面内容
5.1.在[DEFAULT]部分,配置网卡驱动,外部网桥,和启用是删除路由命名空间失效
[DEFAULT] ... interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver external_network_bridge = router_delete_namespaces = True
5.2在[DEFAULT]部分开启详细日志配置,为后期的故障排除提供帮助
[DEFAULT] ... verbose = True
6.配置DHCP代理
DHCP 代理为虚拟网络提供 DHCP 服务
编辑文件/etc/neutron/dhcp_agent.ini完成下面内容
6.1在 [DEFAULT]部分,配置接口和dhcp驱动,启用失效删除DHCP 命令空间
[DEFAULT] ... interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq dhcp_delete_namespaces = True
6.2在[DEFAULT]段中开启详细日志配置,为后期的故障排除提供帮助
[DEFAULT] ... verbose = True
7.配置metadata代理
Metadata代理提供配置信息,例如凭证的实例。
编辑文件/etc/neutron/metadata_agent.ini,完成下面的配置
7.1在 [DEFAULT]部分,配置访问参数
[DEFAULT] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_region = RegionOne auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron
7.2在[DEFAULT]部分配置metadata host
[DEFAULT] ... nova_metadata_ip = controller
7.3在 [DEFAULT]部分,配置metadata代理共享密码
DEFAULT] ... metadata_proxy_shared_secret = METADATAPASS
7.4在[DEFAULT]段中开启详细日志配置,为后期的故障排除提供帮助
[DEFAULT] ... verbose = True
8.在控制节点,编辑文件etc/nova/nova.conf,完成下面配置
8.1在 [neutron] 部分,启用 metadata 代理并配置 secret,其中secret是上面配置的
[neutron] ... service_metadata_proxy = True metadata_proxy_shared_secret = METADATAPASS
8.2在控制节点,重启Compute API服务
[email protected]:~# service nova-api restart
9.配置Open vSwitch(OVS)服务
9.1重启OVS服务
[email protected]:~# service openvswitch-switch restart
9.2添加外部网桥
[email protected]:~# ovs-vsctl add-br br-ex
9.3添加混杂模式网卡到br-ex
[email protected]:~# ovs-vsctl add-port br-ex eth2
这里eth2为真实的网卡,为External network,即网络节点的第三块网卡。
注意:根据不同的网卡驱动,你可以需要禁用 generic receive offload (GRO),暂时禁用GRO在外部网卡。
[email protected]:~# ethtool -K eth2 gro off
10.完成安装,重启网络服务
[email protected]:~# service neutron-plugin-openvswitch-agent restart [email protected]:~# service neutron-l3-agent restart [email protected]:~# service neutron-dhcp-agent restart [email protected]:~# service neutron-metadata-agent restart
11.验证安装操作
下面操作在控制节点操作
11.1执行admin身份凭证
[email protected]:~# source admin-openrc.sh
11.2列出创建成功的neutron代理
[email protected]:~# neutron agent-list +--------------------------------------+--------------------+---------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+---------+-------+----------------+---------------------------+ | 4b204e1d-096d-4466-9364-7ca7a9d2dc36 | Metadata agent | network | :-) | True | neutron-metadata-agent | | 55da2579-f0a7-4f3b-8971-6d19197cedd4 | Open vSwitch agent | network | :-) | True | neutron-openvswitch-agent | | c5b16aad-5d0a-4528-a4ac-afa6b353b4c6 | DHCP agent | network | :-) | True | neutron-dhcp-agent | | ccc147b2-85f5-465e-8170-33ca84aae6a1 | L3 agent | network | :-) | True | neutron-l3-agent | +--------------------------------------+--------------------+---------+-------+----------------+---------------------------+
五、安装和配置计算节点
1.安装前的准备
在安装配置openstack网络之前,必须修改内核参数。
1.1编辑文件 /etc/sysctl.conf,修改下面参数
net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.all.rp_filter=0
1.2配置文件生效
[email protected]:~# sysctl -p
2.安装网络组建
[email protected]:~# apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent
3.配置网络通用组建
编辑文件/etc/neutron/neutron.conf,完成下面的配置
3.1在 [database]部分,注释掉connection 选项,因为计算节点不直接访问数据库
3.2在[DEFAULT] 和[oslo_messaging_rabbit]部分,配置RabbitMQ 消息队列访问
[DEFAULT] ... rpc_backend = rabbit [oslo_messaging_rabbit] ... rabbit_host = controller rabbit_userid = openstack rabbit_password = 2015OS##
3.3在[DEFAULT]和[keystone_authtoken]部分,配置认证服务
[DEFAULT] ... auth_strategy = keystone [keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron
3.4在[DEFAULT]部分,启用Modular Layer 2 (ML2)插件,router 服务, 和 overlapping IP addresses
[DEFAULT] ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = True
4. 配置 Modular Layer 2 (ML2) 插件
编辑文件/etc/neutron/plugins/ml2/ml2_conf.ini,完成下面配置
4.1在 [ml2] 部分, 启用 flat, VLAN, generic routing encapsulation (GRE), 和 virtual extensible LAN (VXLAN) 网络类型驱动, GRE 租户网络, 和OVS 机制驱动
[ml2] ... type_drivers = flat,vlan,gre,vxlan tenant_network_types = gre mechanism_drivers = openvswitch
4.2在[ml2_type_grp]部分,配置tunnel标识符(id)范围
[ml2_type_gre] ... tunnel_id_ranges = 1:1000
4.3在[securitygroup]部分,启用安全组, ipset, 和配置 OVS iptables firewall driver
[securitygroup] ... enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
4.4在 [ovs]部分,启用tunnels和配置本地 tunnel endpoint
[ovs] ... local_ip = 192.168.200.101
这里的IP为网络节点隧道网络ip地址192.168.200.101
4.5在 [agent] 部分, 启用 GRE 隧道
[agent] ... tunnel_types = gre
5.配置 Open vSwitch (OVS)服务
OVS服务为实例提供了底层的虚拟网络架构。
重启OVS 服务
[email protected]:~# service openvswitch-switch restart
6.配置计算节点使用网络
默认情况下,发行版的包会配置 Compute 使用传统网络。必需重新配置 Compute 来通过
Networking 来管理网络
编辑文件/etc/nova/nova.conf ,完成下面内容
6.1在 [DEFAULT]部分, 配置 APIs 和 驱动
[DEFAULT] ... network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver
6.2在[neutron] 部分,配置访问参数
[neutron] ... url = http://controller:9696 auth_strategy = keystone admin_auth_url = http://controller:35357/v2.0 admin_tenant_name = service admin_username = neutron admin_password = neutron
7.完成安装
7.1重启计算服务
[email protected]:~# service nova-compute restart
7.2重启Open vSwitch (OVS) 代理
[email protected]:~# service neutron-plugin-openvswitch-agent restart
8.验证安装
8.1执行admin身份凭证
[email protected]:~# source admin-openrc.sh
8.2列出创建成功的neutron 代理
[email protected]:~# neutron agent-list +--------------------------------------+--------------------+----------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+----------+-------+----------------+---------------------------+ | 4b204e1d-096d-4466-9364-7ca7a9d2dc36 | Metadata agent | network | :-) | True | neutron-metadata-agent | | 55da2579-f0a7-4f3b-8971-6d19197cedd4 | Open vSwitch agent | network | :-) | True | neutron-openvswitch-agent | | b6a4a5a5-ec15-4669-a899-ea3773a9fe89 | Open vSwitch agent | compute1 | :-) | True | neutron-openvswitch-agent | | c5b16aad-5d0a-4528-a4ac-afa6b353b4c6 | DHCP agent | network | :-) | True | neutron-dhcp-agent | | ccc147b2-85f5-465e-8170-33ca84aae6a1 | L3 agent | network | :-) | True | neutron-l3-agent | +--------------------------------------+--------------------+----------+-------+----------------+---------------------------+
六、初始化网络
1.外部网络
外部网络为实例分配网络连接,该网络通过使用网络地址转换(NAT)访问Internet。可以通过一个floating IP和合适的安全组规则来启用Internet的访问到个别实例。admin 租户拥有这个网络,因为它为多个租户提供了外部网络的访问。
1.1创建外部网络
1)执行admin身份凭证
[email protected]:~# source admin-openrc.sh
2)创建网络
[email protected]:~# neutron net-create ext-net --router:external --provider:physical_network external --provider:network_type flat Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 0ec2aa26-1c49-48c0-80f8-f87cb896283d | | mtu | 0 | | name | ext-net | | provider:network_type | flat | | provider:physical_network | external | | provider:segmentation_id | | | router:external | True | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | d04d4985d62f42e2af2ddc35f442ffd9 | +---------------------------+--------------------------------------+
1.2创建外部网络的子网
创建外部网络子网的命令如下:
neutron subnet-create ext-net EXTERNAL_NETWORK_CIDR --name ext-subnet --allocation-pool start=FLOATING_IP_START,end=FLOATING_IP_END --disable-dhcp --gateway EXTERNAL_NETWORK_GATEWAY
替换掉FLOATING_IP_START,FLOATING_IP_END,分别是floating ip地址的开始地址和结束地址。替换掉EXTERNAL_NETWORK_CIDR子网关联的物理网络。替换 EXTERNAL_NETWORK_GATEWAY 与物理网络的网关。通常是".1"的 ip地址。禁用子网ip地址,因为实例不直接连接外网,floating ip需要手工分配。
举例:使用 203.0.202.0/24 带有浮动IP地址 203.0.202.100 到 203.0.202.200:
[email protected]:~# neutron subnet-create ext-net 203.0.202.0/24 --name ext-subnet --allocation-pool start=203.0.202.100,end=203.0.202.200 --disable-dhcp --gateway 203.0.202.1 Created a new subnet: +-------------------+----------------------------------------------------+ | Field | Value | +-------------------+----------------------------------------------------+ | allocation_pools | {"start": "203.0.202.100", "end": "203.0.202.200"} | | cidr | 203.0.202.0/24 | | dns_nameservers | | | enable_dhcp | False | | gateway_ip | 203.0.202.1 | | host_routes | | | id | 518a1b11-59ff-4a0b-8b1a-cb524d552818 | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | ext-subnet | | network_id | 0ec2aa26-1c49-48c0-80f8-f87cb896283d | | subnetpool_id | | | tenant_id | d04d4985d62f42e2af2ddc35f442ffd9 | +-------------------+----------------------------------------------------+
2.租户网络
租户网络为实例提供内部网络连接。确保这种网络在不同租户间分离。demo 租户拥有这个网络因为其仅仅为其内的实例提供网络连接。
2.1执行demo身份凭证
[email protected]:~# source demo-openrc.sh
2.2创建租户网络
[email protected]:~# neutron net-create demo-net Created a new network: +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | admin_state_up | True | | id | 1b6e6a47-97a1-4e1a-8a04-fd1272a53412 | | mtu | 0 | | name | demo-net | | router:external | False | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 61014ce01ca7474da5a2cce53aa28ade | +-----------------+--------------------------------------+
2.3创建租户网络子网
创建租户网络子网的命令如下:
neutron subnet-create demo-net TENANT_NETWORK_CIDR --name demo-subnet --gateway TENANT_NETWORK_GATEWAY
将其中的TENANT_NETWORK_CIDR 替换为想关联到租户网络的子网并替换TENANT_NETWORK_GATEWAY 为想关联的子网的网关,一般是 ".1" IP 地址。
举例:
[email protected]:~# neutron subnet-create demo-net 172.20.0/24 --name demo-subnet --gateway 172.20.0.1 Created a new subnet: +-------------------+------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------+ | allocation_pools | {"start": "172.20.0.2", "end": "172.20.0.254"} | | cidr | 172.20.0.0/24 | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 172.20.0.1 | | host_routes | | | id | 4ba6a581-1286-4d78-a084-d9812dca945d | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | demo-subnet | | network_id | 1b6e6a47-97a1-4e1a-8a04-fd1272a53412 | | subnetpool_id | | | tenant_id | 61014ce01ca7474da5a2cce53aa28ade | +-------------------+------------------------------------------------+
3.创建租户路由,并附加外网和租户网络到路由
3.1创建路由
[email protected]:~# neutron router-create demo-router Created a new router: +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | admin_state_up | True | | external_gateway_info | | | id | 4cb4e5ac-e8bb-4a8e-a2b4-1c848b15ba67 | | name | demo-router | | routes | | | status | ACTIVE | | tenant_id | 61014ce01ca7474da5a2cce53aa28ade | +-----------------------+--------------------------------------+
3.2连接路由到租户网络
[email protected]:~# neutron router-interface-add demo-router demo-subnet Added interface d675efb5-df70-48b4-b268-3d5d2db44016 to router demo-router.
3.3连接路由器到外部网络通过设置为网关
[email protected]:~# neutron router-gateway-set demo-router ext-net Set gateway for router demo-router
4.联通型验证
在任意一台主机ping外网网关和floating ip最小的那个IP地址,都可以ping通。
如果在虚拟机上配置的OpenStac节点,必须配置管理程序以允许外部网络上的混杂模式。
[email protected]:~# ping 203.0.202.1 -c 4 PING 203.0.202.1 (203.0.202.1) 56(84) bytes of data. 64 bytes from 203.0.202.1: icmp_seq=1 ttl=128 time=0.647 ms 64 bytes from 203.0.202.1: icmp_seq=2 ttl=128 time=0.400 ms 64 bytes from 203.0.202.1: icmp_seq=3 ttl=128 time=0.707 ms 64 bytes from 203.0.202.1: icmp_seq=4 ttl=128 time=0.646 ms --- 203.0.202.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3003ms rtt min/avg/max/mdev = 0.400/0.600/0.707/0.118 ms [email protected]:~# ping 203.0.202.100 -c 4 PING 203.0.202.100 (203.0.202.100) 56(84) bytes of data. 64 bytes from 203.0.202.100: icmp_seq=1 ttl=128 time=1.82 ms 64 bytes from 203.0.202.100: icmp_seq=2 ttl=128 time=1.49 ms 64 bytes from 203.0.202.100: icmp_seq=3 ttl=128 time=1.43 ms 64 bytes from 203.0.202.100: icmp_seq=4 ttl=128 time=1.40 ms --- 203.0.202.100 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3006ms rtt min/avg/max/mdev = 1.402/1.539/1.826/0.173 ms
总结:
1)OpenStack网络节点总共有三个网卡
[email protected]:~# ifconfig eth0 Link encap:以太网 硬件地址 00:0c:29:2e:68:25 inet 地址:192.168.100.101 广播:192.168.100.255 掩码:255.255.255.0 inet6 地址: fe80::20c:29ff:fe2e:6825/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 跃点数:1 接收数据包:4346 错误:0 丢弃:0 过载:0 帧数:0 发送数据包:6074 错误:0 丢弃:0 过载:0 载波:0 碰撞:0 发送队列长度:1000 接收字节:381605 (381.6 KB) 发送字节:1109191 (1.1 MB) 中断:19 基本地址:0x2000 eth1 Link encap:以太网 硬件地址 00:0c:29:2e:68:2f inet 地址:192.168.200.101 广播:192.168.200.255 掩码:255.255.255.0 inet6 地址: fe80::20c:29ff:fe2e:682f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 跃点数:1 接收数据包:80 错误:0 丢弃:0 过载:0 帧数:0 发送数据包:8 错误:0 丢弃:0 过载:0 载波:0 碰撞:0 发送队列长度:1000 接收字节:8612 (8.6 KB) 发送字节:648 (648.0 B) 中断:19 基本地址:0x2080 eth2 Link encap:以太网 硬件地址 00:0c:29:2e:68:39 inet6 地址: fe80::20c:29ff:fe2e:6839/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 跃点数:1 接收数据包:4067 错误:0 丢弃:0 过载:0 帧数:0 发送数据包:3921 错误:0 丢弃:0 过载:0 载波:0 碰撞:0 发送队列长度:1000 接收字节:395049 (395.0 KB) 发送字节:371402 (371.4 KB)
eth0 192.168.100.101用于管理网络,用于OpenStack组件以及MySQL DB Server, RabbitMQ
messaging server之间的通信。
eth1 192.168.200.101用于和计算节点建立隧道连接。
eth2用于通过floating ip访问实例,IP地址范围为203.0.202.100 到 203.0.202.200。
2)租户网络的ip为172.20.0/24网络,用于租户与租户之间的通信。