OpenStack部署系列文章
OpenStack Victoria版 安装部署系列教程
OpenStack Ussuri版 离线安装部署系列教程(全)
OpenStack Train版 离线安装部署系列教程(全)
欢迎留言沟通,共同进步。
文章目录
控制节点Neutron网络服务组件
一、最后检查验证
neutron-install-verify
在制节点检查确认neutron服务安装成功
Note:Perform these commands on the controller node.
You can perform further testing of your networking using the neutron-sanity-check command line client.
Use the verification section for the networking option that you chose to deploy.
1.环境变量
Source the admin credentials to gain access to admin-only CLI commands:
cd
source admin-openrc.sh
2.查看加载的网络插件
列出已加载的扩展,以验证该neutron-server
过程是否成功启动
List loaded extensions to verify successful launch of the neutron-server process:
openstack extension list --network
neutron ext-list
例子
$ openstack extension list --network
+---------------------------+---------------------------+----------------------------+
| Name | Alias | Description |
+---------------------------+---------------------------+----------------------------+
| Default Subnetpools | default-subnetpools | Provides ability to mark |
| | | and use a subnetpool as |
| | | the default |
| Availability Zone | availability_zone | The availability zone |
| | | extension. |
| Network Availability Zone | network_availability_zone | Availability zone support |
| | | for network. |
| Port Binding | binding | Expose port bindings of a |
| | | virtual port to external |
| | | application |
| agent | agent | The agent management |
| | | extension. |
| Subnet Allocation | subnet_allocation | Enables allocation of |
| | | subnets from a subnet pool |
| DHCP Agent Scheduler | dhcp_agent_scheduler | Schedule networks among |
| | | dhcp agents |
| Neutron external network | external-net | Adds external network |
| | | attribute to network |
| | | resource. |
| Neutron Service Flavors | flavors | Flavor specification for |
| | | Neutron advanced services |
| Network MTU | net-mtu | Provides MTU attribute for |
| | | a network resource. |
| Network IP Availability | network-ip-availability | Provides IP availability |
| | | data for each network and |
| | | subnet. |
| Quota management support | quotas | Expose functions for |
| | | quotas management per |
| | | tenant |
| Provider Network | provider | Expose mapping of virtual |
| | | networks to physical |
| | | networks |
| Multi Provider Network | multi-provider | Expose mapping of virtual |
| | | networks to multiple |
| | | physical networks |
| Address scope | address-scope | Address scopes extension. |
| Subnet service types | subnet-service-types | Provides ability to set |
| | | the subnet service_types |
| | | field |
| Resource timestamps | standard-attr-timestamp | Adds created_at and |
| | | updated_at fields to all |
| | | Neutron resources that |
| | | have Neutron standard |
| | | attributes. |
| Neutron Service Type | service-type | API for retrieving service |
| Management | | providers for Neutron |
| | | advanced services |
| resources: subnet, | | more L2 and L3 resources. |
| subnetpool, port, router | | |
| Neutron Extra DHCP opts | extra_dhcp_opt | Extra options |
| | | configuration for DHCP. |
| | | For example PXE boot |
| | | options to DHCP clients |
| | | can be specified (e.g. |
| | | tftp-server, server-ip- |
| | | address, bootfile-name) |
| Resource revision numbers | standard-attr-revisions | This extension will |
| | | display the revision |
| | | number of neutron |
| | | resources. |
| Pagination support | pagination | Extension that indicates |
| | | that pagination is |
| | | enabled. |
| Sorting support | sorting | Extension that indicates |
| | | that sorting is enabled. |
| security-group | security-group | The security groups |
| | | extension. |
| RBAC Policies | rbac-policies | Allows creation and |
| | | modification of policies |
| | | that control tenant access |
| | | to resources. |
| standard-attr-description | standard-attr-description | Extension to add |
| | | descriptions to standard |
| | | attributes |
| Port Security | port-security | Provides port security |
| Allowed Address Pairs | allowed-address-pairs | Provides allowed address |
| | | pairs |
| project_id field enabled | project-id | Extension that indicates |
| | | that project_id field is |
| | | enabled. |
+---------------------------+---------------------------+----------------------------+
3.查看网络代理列表
查看网络代理列表,以确认neutron代理成功创建。
verify-option1:https://docs.openstack.org/neutron/train/install/verify-option1.html
verify-option2:https://docs.openstack.org/neutron/train/install/verify-option2.html
openstack network agent list
正常情况下:
(1)网络选项1:provider networks
输出应指示控制器节点上的3个代理,每个计算节点上的1个代理.如果不是,需要检查计算节点配置:网卡名称,IP地址,端口,密码等要素。
List agents to verify successful launch of the neutron agents:
[root@controller ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 06a85946-9af0-430d-af9a-2a00fad7edfd | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
| 0b1abb8e-b67f-4926-af9c-6e18458407eb | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent |
| 171038f0-1a73-4352-9283-732be5eb94de | Linux bridge agent | compute1 | None | :-) | UP | neutron-linuxbridge-agent |
| 398e080c-2f40-4a51-9750-afaef7e09c32 | Linux bridge agent | controller | None | :-) | UP | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
[root@controller ~]#
(2)网络选项2:self-service networks
输出应指示:控制节点上的4个代理,每个计算节点上的1个代理。如果不是,需要检查计算节点配置:网卡名称,IP地址,端口,密码等要素。
List agents to verify successful launch of the neutron agents:
[root@controller ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 06a85946-9af0-430d-af9a-2a00fad7edfd | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
| 0b1abb8e-b67f-4926-af9c-6e18458407eb | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent |
| 171038f0-1a73-4352-9283-732be5eb94de | Linux bridge agent | compute1 | None | XXX | UP | neutron-linuxbridge-agent |
| 398e080c-2f40-4a51-9750-afaef7e09c32 | Linux bridge agent | controller | None | :-) | UP | neutron-linuxbridge-agent |
| 4f0904d7-ae34-4b2c-823e-7b067fe86a4f | L3 agent | controller | nova | :-) | UP | neutron-l3-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
[root@controller ~]#
二、完成验证
至此,neutron网络服务在控制节点、计算节点的部署完成。
有新的计算节点加入时,需要将计算节点安装和控制节点验证都需要进行安装。
补充知识
1.Neutron概述
Neutron是 OpenStack项目中负责提供网络服务的组件,它基于软件定义网络的思想,实现了网络虚拟化下的资源管理。Neutron 的设计目标是实现“网络即服务(Networking as a Service)”,在设计上遵循了基于 SDN 实现网络虚拟化的原则,在实现上充分利用了 Linux 系统上的各种网络相关的技术。
2.Neutron功能
-
二层交换
Neutron支持多种虚拟交换机,一般使用Linux Bridge和Open vSwitch创建传统的VLAN网络,以及基于隧道技术的Overlay网络,如VxLAN和GRE(Linux Bridge 目前只支持 VxLAN) -
三层路由
Neutron从Juno版开始正式加入的DVR(Distributed Virtual Router)服务,它将原本集中在网络节点的部分服务分散到了计算节点上。可以通过namespace中使用ip route或者iptables实现路由或NAT,也可以通过openflow给OpenvSwitch下发流表来实现。 -
负载均衡
LBaaS 支持多种负载均衡产品和方案,不同的实现以 Plugin 的形式集成到 Neutron,通过HAProxy来实现。 -
防火墙
Neutron有两种方式来保障instance和网络的安全性,分别是安全组以及防火墙功能,均可以通过iptables来实现,前者是限制进出instance的网络包,后者是进出虚拟路由器的网络包。
3.Network
-
Local
Local网络,本地的一个Linux Bridge,除了虚拟机的虚拟网卡不连接其他的网络设备,实际场景很少使用,可以忽略。 -
Flat
Flat网络,不带vlan tag的网络,相当于Local网络的Linux Bridge连接到一个物理网卡,该网络中的instance能与同网络的instance通信,且可以跨多个节点,实际场景也很少用到。 -
VLAN
VlAN网络,可以跨节点,目前是私有云网络应用较多。 -
VXALN
VXLAN网络,是基于隧道技术的 overlay 网络,通过唯一的VNI区分于其他 vxlan 网络。vxlan中数据包通过VNI封装成UPD包进行传输,因为二层的包通过封装在三层传输,能够克服vlan和物理网络基础设施的限制。 -
GRE
GRE网络,与vxlan类似的一种overlay网络,使用IP包进行封装。