10.1. neutron(控制)
10.1.1 创建数据库
mysql -u root -p
create database neutron;
grant all privileges on neutron.* to'neutron'@'kilo' identified by 'neutron_pass';
grant all privileges on neutron.* to'neutron'@'localhost' identified by 'neutron_pass';
grant all privileges on neutron.* to'neutron'@'%' identified by 'neutron_pass';
exit
10.1.2 创建认证 neutron APIendpoint
source admin-openrc.sh
openstack user create --password-promptneutron
User Password:
Repeat User Password:
+----------+----------------------------------+
| Field | Value |
+----------+----------------------------------+
| email | None |
| enabled | True |
| id | 5223f51f646b4affaf6c2e025fbab103 |
| name | neutron |
| username | neutron |
+----------+----------------------------------+
openstack role add --project service --userneutron admin
+-------+----------------------------------+
| Field |Value |
+-------+----------------------------------+
| id | 14b826a870464c67900a963d675cc8cb |
| name | admin |
+-------+----------------------------------+
openstack service create --name neutron--description "Openstack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description |Openstack Networking |
| enabled | True |
| id | 38f38c439cc14a62b6d1d670418220b9 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
openstack endpoint create --publicurlhttp://kilo:9696 --adminurl http://kilo:9696 --internal http://kilo:9696--region RegionOne network
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| adminurl | http://kilo:9696 |
| id | 98448a6e7c73400180e4d267f2a4ca1b |
|internalurl | http://kilo:9696 |
| publicurl | http://kilo:9696 |
| region | RegionOne |
| service_id | 38f38c439cc14a62b6d1d670418220b9 |
| service_name |neutron |
| service_type |network |
+--------------+----------------------------------+
10.1.3 安装neutron
sudo apt-get install neutron-server neutron-plugin-ml2python-neutronclient
10.1.4 配置neutron
vim /etc/neutron/neutron.conf
[DEFAULT]
verbose = True
rpc_backend = rabbit
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://kilo:8774/v2
[database]
connection =mysql://neutron:neutron_dbpass@kilo/neutron
[keystone_authtoken]
auth_uri = http://kilo:5000
auth_url = http://kilo:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron_pass
[oslo_messaging_rabbit]
rabbit_host = kilo
rabbit_userid = openstack_rabbit_user
rabbit_password = openstack_rabbit_password
[nova]
auth_url = http://kilo:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = nova_pass
10.1.5 配置Modular Layer2(ML2)插件
启用 flat, VLAN,generic routing encapsulation (GRE), 和 virtual extensible LAN (VXLAN) 网络类型驱动,GRE 租户网络, 和 OVS 机制驱动。
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_flat]
#配置external flat提供的网络
flat_networks = external
[ml2_type_gre]
#配置tunnel标识(id)范围
tunnel_id_ranges = 1:1000
[securitygroup]
#启用安全组, ipset, 和配置 OVS iptables firewall driver
enable_security_group = True
enable_ipset = True
firewall_driver =neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs]
#启用tunnels,配置本地tunnel endpoint, 和映射外部flat私有网络到br-ex外部网桥
#替换INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS 为网络节点隧道网络ip地址ip地址为:172.16.4.139
local_ip =INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
bridge_mappings = external:br-ex
[agent]
tunnel_types = gre
10.1.6 配置计算使用网络
sudo vim /etc/nova/nova.conf
[DEFAULT]
network_api_class =nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver =nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[neutron]
url = http://kilo:9696
auth_strategy = keystone
admin_auth_url = http://kilo:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = neutron_pass
10.1.7 完成配置
sudo bash -c "neutron-db-manage--config-file /etc/neutron/neutron.conf --config-file/etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
sudo service nova-api restart
sudo service neutron-server restart
10.1.8 验证
source admin-openrc.sh
sudo service nova-api restart
sudo service neutron-server restart
neutron ext-list
+-----------------------+-----------------------------------------------+
| alias | name |
+-----------------------+-----------------------------------------------+
| security-group | security-group |
|l3_agent_scheduler | L3 AgentScheduler |
| net-mtu | Network MTU |
|ext-gw-mode | Neutron L3Configurable external gateway mode |
| binding | Port Binding |
| provider | Provider Network |
| agent | agent |
| quotas | Quota management support |
|subnet_allocation | SubnetAllocation |
|dhcp_agent_scheduler | DHCP AgentScheduler |
| l3-ha | HA Router extension |
|multi-provider | Multi ProviderNetwork |
|external-net | Neutron externalnetwork |
| router | Neutron L3 Router |
|allowed-address-pairs | Allowed Address Pairs |
| extraroute | Neutron Extra Route |
|extra_dhcp_opt | Neutron ExtraDHCP opts |
| dvr | Distributed VirtualRouter |
+-----------------------+-----------------------------------------------+
10.2. 网络节点
10.2.1 sysctl
sudo vim /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
sudo sysctl -p
10.2.2 安装neutron
sudo apt-get install neutron-plugin-ml2neutron-plugin-openvswitch-agent neutron-l3-agent neutron-dhcp-agentneutron-metadata-agent
10.2.3 neutron.conf
sudo vim /etc/neutron/neutron.conf
[DEFAULT]
verbose = True
rpc_backend = rabbit
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
[database]
[keystone_authtoken]
auth_uri = http://kilo:5000
auth_url = http://kilo:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron_pass
[oslo_messaging_rabbit]
rabbit_host = kilo
rabbit_userid = openstack_rabbit_user
rabbit_password = openstack_rabbit_password
10.2.4 配置Modular Layer2(ML2)插件
启用 flat, VLAN,generic routing encapsulation (GRE), 和 virtual extensible LAN (VXLAN) 网络类型驱动,GRE 租户网络, 和 OVS 机制驱动。
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_flat]
#配置external flat提供的网络
flat_networks = external
[ml2_type_gre]
#配置tunnel标识(id)范围
tunnel_id_ranges = 1:1000
[securitygroup]
#启用安全组, ipset, 和配置 OVS iptables firewall driver
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs]
#启用tunnels,配置本地tunnel endpoint, 和映射外部flat私有网络到br-ex外部网桥
#替换INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS 为网络节点隧道网络ip地址ip地址为:172.16.4.139
local_ip =INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
bridge_mappings = external:br-ex
[agent]
tunnel_types = gre
10.2.5 配置Layer-3(L3)代理
Layer-3 (L3) 提供路由服务为虚拟网络
sudo vim /etc/neutron/l3_agent.ini
[DEFAULT]
#配置网卡驱动,外部网桥,和启用是删除路由命名空间失效
verbose = True
external_network_bridge =
router_delete_namespaces = True
10.2.6 配置DHCP代理
DHCP 代理为虚拟网络提供 DHCP 服务
sudo vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
#配置接口和dhcp驱动,启用失效删除DHCP 命令空间
verbose = True
interface_driver =neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver =neutron.agent.linux.dhcp.Dnsmasq
dhcp_delete_namespaces = True
Tunneling protocols such as GRE includeadditional packet headers that increase overhead and decrease space availablefor the payload or user data. Without knowledge of the virtual networkinfrastructure, instances attempt to send packets using the default Ethernetmaximum transmission unit (MTU) of 1500 bytes. Internet protocol (IP) networkscontain the path MTU discovery (PMTUD) mechanism to detect end-to-end MTU andadjust packet size accordingly. However, some operating systems and networksblock or otherwise lack support for PMTUD causing performance degradation orconnectivity failure.
Ideally, you can prevent these problems byenabling jumbo frames on the physical network that contains your tenant virtualnetworks. Jumbo frames support MTUs up to approximately 9000 bytes whichnegates the impact of GRE overhead on virtual networks. However, many networkdevices lack support for jumbo frames and OpenStack administrators often lackcontrol over network infrastructure. Given the latter complications, you canalso prevent MTU problems by reducing the instance MTU to account for GREoverhead. Determining the proper MTU value often takes experimentation, but1454 bytes works in most environments. You can configure the DHCP server thatassigns IP addresses to your instances to also adjust the MTU.
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
dnsmasq_config_file =/etc/neutron/dnsmasq-neutron.conf
vim /etc/neutron/dnsmasq-neutron.conf
dhcp-option-force=26,1454
10.2.7 配置metadata代理
sudo vim /etc/neutron/metadata_agent.ini
verbose = True
nova_metadata_ip = kilo
metadata_proxy_shared_secret =METADATA_SECRET
auth_uri = http://kilo:5000
auth_url = http://kilo:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron_pass
注意,需要到控制界点重启nova-api服务
sudo service nova-api restart
10.2.8 配置Open vSwitch(OVS)服务
The OVS service provides the underlyingvirtual networking framework for instances. The integration bridge br-inthandles internal instance network traffic within OVS. The external bridge br-exhandles external instance network traffic within OVS. The external bridgerequires a port on the physical external network interface to provide instanceswith external network access. In essence, this port connects the virtual andphysical external networks in your environment.
sudo service openvswitch-switch restart
sudo ovs-vsctl add-br br-ex
sudo ovs-vsctl add-port br-exINTERFACE_NAME
Depending on your network interface driver,you may need to disable generic receive offload (GRO) to achieve suitablethroughput between your instances and the external network.
To temporarily disable GRO on the externalnetwork interface while testing your environment:
sudo ethtool -K INTERFACE_NAME gro off
10.2.9 重启服务
sudo serviceneutron-plugin-openvswitch-agent restart
sudo service neutron-l3-agent restart
sudo service neutron-dhcp-agent restart
sudo service neutron-metadata-agent restart
10.2.10 验证
登陆控制节点:
source admin-openrc.sh
neutron agent-list
+--------------------------------------+--------------------+------+-------+----------------+---------------------------+
| id |agent_type | host | alive |admin_state_up | binary |
+--------------------------------------+--------------------+------+-------+----------------+---------------------------+
|1e6099fa-12c9-4bea-b5ba-b3f17251d62d | DHCP agent | kilo | :-) | True | neutron-dhcp-agent |
| 4dd2a3d1-05f3-4f57-8d70-fe58b5fd966f| L3 agent | kilo | :-) | True | neutron-l3-agent |
|5955a47a-bc81-4cbd-aa57-36e945bdacc6 | Open vSwitch agent | kilo | :-) | True | neutron-openvswitch-agent |
|cb050c8c-80d6-4aec-9e32-426cd599740b | Metadata agent | kilo | :-) | True | neutron-metadata-agent |
+--------------------------------------+--------------------+------+-------+----------------+---------------------------+
10.3. neutron计算节点
10.3.1 sysctl
vim /etc/sysctl.conf
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
sysctl -p
10.3.2 安装neutron
apt-get install neutron-plugin-ml2neutron-plugin-openvswitch-agent
10.3.3 配置neutron
sudo vim /etc/neutron/neutron.conf
[DEFAULT]
verbose = True
rpc_backend = rabbit
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
[database]
[keystone_authtoken]
auth_uri = http://kilo:5000
auth_url = http://kilo:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron_pass
[oslo_messaging_rabbit]
rabbit_host = kilo
rabbit_userid = openstack_rabbit_user
rabbit_password = openstack_rabbit_password
10.3.4 配置Modular Layer2(ML2)插件
启用 flat, VLAN,generic routing encapsulation (GRE), 和 virtual extensible LAN (VXLAN) 网络类型驱动,GRE 租户网络, 和 OVS 机制驱动。
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_flat]
#配置external flat提供的网络
flat_networks = external
[ml2_type_gre]
#配置tunnel标识(id)范围
tunnel_id_ranges = 1:1000
[securitygroup]
#启用安全组, ipset, 和配置 OVS iptables firewall driver
enable_security_group = True
enable_ipset = True
firewall_driver =neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs]
#启用tunnels,配置本地tunnel endpoint, 和映射外部flat私有网络到br-ex外部网桥
#替换INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS 为网络节点隧道网络ip地址ip地址为:172.16.4.139
local_ip =INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
bridge_mappings = external:br-ex
[agent]
tunnel_types = gre
10.3.5 配置计算节点使用neutron
vim /etc/nova/nova.conf
[DEFAULT]
network_api_class =nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver =nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[neutron]
url = http://kilo:9696
auth_strategy = keystone
admin_auth_url = http://kilo:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = neutron_pass
10.3.6 重启服务
sudo service nova-compute restart
sudo serviceneutron-plugin-openvswitch-agent restart
10.3.7 验证服务
source admin-openrc.sh
neutron agent-list
+--------------------------------------+--------------------+------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up |binary |
+--------------------------------------+--------------------+------+-------+----------------+---------------------------+
|1e6099fa-12c9-4bea-b5ba-b3f17251d62d | DHCP agent | kilo | :-) | True | neutron-dhcp-agent |
|4dd2a3d1-05f3-4f57-8d70-fe58b5fd966f | L3 agent | kilo | :-) | True | neutron-l3-agent |
|5955a47a-bc81-4cbd-aa57-36e945bdacc6 | Open vSwitch agent | kilo | :-) | True | neutron-openvswitch-agent |
|cb050c8c-80d6-4aec-9e32-426cd599740b | Metadata agent | kilo | :-) | True | neutron-metadata-agent |
+--------------------------------------+--------------------+------+-------+----------------+---------------------------+
10.4. 初始化网络
10.4.1 网络模型
10.4.2 创建外部网络
source admin-openrc.sh
neutron net-create ext-net--router:external --provider:physical_network external --provider:network_typeflat
Created a newnetwork:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
|admin_state_up | True |
| id |57657dd3-06e0-4b73-b669-f8cdcefa0a5c |
| mtu | 0 |
| name | ext-net |
|provider:network_type | flat |
|provider:physical_network | external |
|provider:segmentation_id | |
|router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id |9e4ff200c6994bd6bd6e589c21afa2f8 |
+---------------------------+--------------------------------------+
neutron subnet-create ext-net192.168.70.0/24 --name ext-subnet --allocation-poolstart=192.168.70.240,end=192.168.70.250 --disable-dhcp --gateway 192.168.70.1
Created a newsubnet:
+-------------------+------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------+
|allocation_pools | {"start":"192.168.70.240", "end": "192.168.70.250"} |
| cidr | 192.168.70.0/24 |
|dns_nameservers | |
|enable_dhcp | False |
| gateway_ip | 192.168.70.1 |
|host_routes | |
| id |f0138e24-18d9-4739-b1ef-36d04f6df4e7 |
| ip_version | 4 |
|ipv6_address_mode | |
|ipv6_ra_mode | |
| name | ext-subnet |
| network_id | 57657dd3-06e0-4b73-b669-f8cdcefa0a5c |
|subnetpool_id | |
| tenant_id |9e4ff200c6994bd6bd6e589c21afa2f8 |
+-------------------+------------------------------------------------------+
10.4.3 租户网络
source demo-openrc.sh
neutron net-create demo-net
Created a newnetwork:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
|admin_state_up | True |
| id |e10695f5-1833-4017-b610-de1311d0095b |
| mtu | 0 |
| name | demo-net |
|provider:network_type | gre |
|provider:physical_network | |
|provider:segmentation_id | 1 |
|router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id |9e4ff200c6994bd6bd6e589c21afa2f8 |
+---------------------------+--------------------------------------+
neutron subnet-create demo-net192.168.1.0/24 --name demo-subnet --gateway 192.168.1.1
Created a newsubnet:
+-------------------+--------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------+
|allocation_pools | {"start":"192.168.1.2", "end": "192.168.1.254"} |
| cidr | 192.168.1.0/24 |
|dns_nameservers | |
|enable_dhcp | True |
| gateway_ip | 192.168.1.1 |
|host_routes | |
| id |acf9603b-7605-4d32-9b54-7f17c203d84e |
| ip_version | 4 |
|ipv6_address_mode | |
|ipv6_ra_mode | |
| name | demo-subnet |
| network_id |e10695f5-1833-4017-b610-de1311d0095b |
|subnetpool_id | |
| tenant_id |9e4ff200c6994bd6bd6e589c21afa2f8 |
+-------------------+--------------------------------------------------+
10.4.4 创建路由并绑定到外部网络
neutron router-create demo-router
Created a newrouter:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
|admin_state_up | True |
|distributed | False |
|external_gateway_info | |
| ha | False |
| id |f6e98724-4679-4949-9190-b9094016a20c |
| name | demo-router |
| routes | |
| status | ACTIVE |
| tenant_id |9e4ff200c6994bd6bd6e589c21afa2f8 |
+-----------------------+--------------------------------------+
neutron router-interface-add demo-routerdemo-subnet
Added interface845e3420-0fa9-4de8-92d5-37405be43f76 to router demo-router.
neutron router-gateway-set demo-routerext-net
Set gateway forrouter demo-router
10.4.5 验证网络
ip netns
qrouter-f6e98724-4679-4949-9190-b9094016a20c
qdhcp-e10695f5-1833-4017-b610-de1311d0095b
sudo ip netns execqrouter-f6e98724-4679-4949-9190-b9094016a20c ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:8 errors:0 dropped:0overruns:0 frame:0
TX packets:8 errors:0 dropped:0overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:784 (784.0 B) TX bytes:784 (784.0 B)
qg-51e9821a-0dLink encap:Ethernet HWaddrfa:16:3e:3c:17:17
inet addr:192.168.70.240 Bcast:192.168.70.255 Mask:255.255.255.0
inet6 addr:fe80::f816:3eff:fe3c:1717/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0overruns:0 frame:0
TX packets:19 errors:0 dropped:0overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:1326 (1.3 KB)
qr-845e3420-0fLink encap:Ethernet HWaddrfa:16:3e:a2:cd:3b
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr:fe80::f816:3eff:fea2:cd3b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0overruns:0 frame:0
TX packets:10 errors:0 dropped:0overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:864 (864.0 B)
sudo ip netns exec qrouter-f6e98724-4679-4949-9190-b9094016a20cping -c 4 192.168.70.240
PING192.168.70.240 (192.168.70.240) 56(84) bytes of data.
64 bytes from192.168.70.240: icmp_seq=1 ttl=64 time=0.047 ms
64 bytes from192.168.70.240: icmp_seq=2 ttl=64 time=0.081 ms
64 bytes from192.168.70.240: icmp_seq=3 ttl=64 time=0.095 ms
64 bytes from192.168.70.240: icmp_seq=4 ttl=64 time=0.089 ms
---192.168.70.240 ping statistics ---
4 packetstransmitted, 4 received, 0% packet loss, time 2998ms
rttmin/avg/max/mdev = 0.047/0.078/0.095/0.018 ms
2124
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
