本文介绍如何把 Neutron ML2 Plugin 的 Mechanism Driver 由linuxbridge 替换为 openvswitch 。
一.现状
部署节点为一个controller节点(包含网络节点),两个compute节点。controller节点有3个网卡,分别为eth0(管理和API网络,CIDR为192.168.128.0/24)、eth1(租户网络,CIDR为10.10.10.0/24)、eth2(外部网络,CIDR为11.11.11.0/24,不设置IP);compute节点有2个网卡,分别为eth0(管理和API网络,CIDR为192.168.128.0/24)、eth1(租户网络,CIDR为10.10.10.0/24)。
controller节点、compute节点的L2 agent 为 neutron-linuxbridge-agent
Neutron网络方案为:
- Neutron ML2的Type Driver为vxlan
- Neutron ML2的Mechanism Driver为LinuxBridge
- Neutron L2 Agent为LinuxBridge
目前的网络服务信息为:
二.替换
controller节点、compute节点的L2 agent 替换为 neutron-openvswitch-agent
Neutron网络方案替换为:
- Neutron ML2的Type Driver为vxlan
- Neutron ML2的Mechanism Driver为Open vSwitch
- Neutron L2 Agent为Open vSwitch
(1). 删除已有的路由器、虚拟网络。
1.当删除网络时,报如下错误
查看日志:delete failed (client error): Unable to complete operation on network 02444a0c-47d1-48ef-9de7-a8614a5fd799. There are one or more ports still in use on the network.
表明有实例连接到这个网络,需要解除实例和网络port的绑定,然后再删除网络。
2.删除外网时,也报类似错误
查看日志:Found port (3db7acca-71d4-4715-94d5-47ecc2e42b21, 11.11.11.11) having IP allocation on subnet 558ee6a0-1145-4e9f-9f12-5318b5fd4ac5, cannot delete
delete failed (client error): Unable to complete operation on subnet 558ee6a0-1145-4e9f-9f12-5318b5fd4ac5: One or more ports have an IP allocation from this subnet.
需要释放浮动IP,再删除外部网络。
(2). 卸载controller节点、compute1节点、compute2节点的 neutron-linuxbridge-agent
先停止neutron-linuxbridge-agent服务
root@controller:~# service neutron-linuxbridge-agent stop
neutron-linuxbridge-agent stop/waiting
root@compute1:~# service neutron-linuxbridge-agent stop
neutron-linuxbridge-agent stop/waiting
root@compute2:~# service neutron-linuxbridge-agent stop
neutron-linuxbridge-agent stop/waiting
再卸载软件
root@controller:~# apt-get --purge remove neutron-linuxbridge-agent
root@compute1:~# apt-get --purge remove neutron-linuxbridge-agent
root@compute2:~# apt-get --purge remove neutron-linuxbridge-agent
(3). 安装controller节点、compute1节点、compute2节点的 neutron-openvswitch-agent
root@controller:~# apt-get install neutron-openvswitch-agent
root@compute1:~# apt-get install neutron-openvswitch-agent
root@compute2:~# apt-get install neutron-openvswitch-agent
(4). 修改配置文件
controller节点
/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
[ml2_type_vxlan]
vni_ranges = 1001:2000
[securitygroup]
enable_ipset = true
/etc/neutron/l3_agent.ini
[DEFAULT]
external_network_bridge = br-ex
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
/etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
/etc/neutron/plugins/ml2/openvswitch_agent.ini
[ovs]
bridge_mappings =
tunnel_bridge = br-tun
local_ip = 10.10.10.10
[agent]
tunnel_types = vxlan
l2_population = True
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = true
compute1节点
/etc/neutron/plugins/ml2/openvswitch_agent.ini
[ovs]
bridge_mappings =
tunnel_bridge = br-tun
local_ip = 10.10.10.11
[agent]
tunnel_types = vxlan
l2_population = True
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = true
compute2节点
[ovs]
bridge_mappings =
tunnel_bridge = br-tun
local_ip = 10.10.10.12
[agent]
tunnel_types = vxlan
l2_population = True
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = true
重启网络相关服务。
再次查看网络服务信息
把已关闭的 neutron-linuxbridge-agent 删除
root@controller:~# neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 21af963d-003d-455e-8723-8b78d201a684 | L3 agent | controller | nova | :-) | True | neutron-l3-agent |
| 25229052-f0cb-4f04-b819-375fc55c510f | Linux bridge agent | controller | | xxx | True | neutron-linuxbridge-agent |
| 80607c88-5c98-4491-839d-0ce715ec3e4d | Open vSwitch agent | compute2 | | :-) | True | neutron-openvswitch-agent |
| aab52c21-8c14-4568-89c6-20e70400da38 | Open vSwitch agent | compute1 | | :-) | True | neutron-openvswitch-agent |
| d51f6d6c-eda0-4179-9fce-f9c24ef20824 | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent |
| d666c263-ba6d-4f09-a09d-72c214787e08 | Loadbalancer agent | controller | | :-) | True | neutron-lbaas-agent |
| e17d1ecf-35d2-49f5-a7c9-206b0c9e2ce4 | Linux bridge agent | compute2 | | xxx | True | neutron-linuxbridge-agent |
| e26dc52e-7827-463b-8ee7-202a19d5c3dc | Metadata agent | controller | | :-) | True | neutron-metadata-agent |
| fba23722-9439-4289-bd17-5b69c43f88da | Linux bridge agent | compute1 | | xxx | True | neutron-linuxbridge-agent |
| fe4a9cf3-9a08-4837-b74f-787118ce57db | Open vSwitch agent | controller | | :-) | True | neutron-openvswitch-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
root@controller:~# neutron agent-delete 25229052-f0cb-4f04-b819-375fc55c510f
Deleted agent: 25229052-f0cb-4f04-b819-375fc55c510f
root@controller:~# neutron agent-delete e17d1ecf-35d2-49f5-a7c9-206b0c9e2ce4
Deleted agent: e17d1ecf-35d2-49f5-a7c9-206b0c9e2ce4
root@controller:~# neutron agent-delete fba23722-9439-4289-bd17-5b69c43f88da
Deleted agent: fba23722-9439-4289-bd17-5b69c43f88da
再次查看网络服务信息,已经没有linuxbridge的agent了
三.验证
验证修改是否成功。
先创建一个vxlan100网络
把已有虚拟机test1、test2和vxlan100网络关联起来
test1、test2重启,然后查看是否获取IP地址
再互ping
至此,L2 agent替换并验证成功!