一、Networking(neutron)简介
1、Networking简介
Networking:代码名Neutron(早期叫Quantum,独立之前为nova-netwroking,从F版开始独立出来,之前由Compute提供);为Openstack提供NCaaS的功能;插件化设计,支持众多流行的网络管理插件;
要部署Neutron需要部署3类节点:
Neutron Server:controller
Network Node:构建复杂网络模型
Compute Nodes:Computes
功能:
基于OVS提供虚拟交换机,
基于L3(netns)提供虚拟路由器
dhcpagent,NAT,LBaaS,FWaaS,IPSec ×××
Networking API
2、常用术语
network:在Neutron中指的是二层网络,指的是物理网络,连接在同一个交换机上的网络
隔离的2层网络,类似Vlan。
subnet:三层网络,给了ip地址的网络。有着关联配置状态的3层网络,或者说是由IPV4或IPV6定义的地址块形成的网络。
port:将主机连入网络设备的连接接口
OpenStack中物理网络连接架构:
管理网络:management network 各节点内部通信,
数据网络:data network 各hypervisor所在的节点,与networking节点基于隧道通信
外部网络:external network 为环境内的各虚拟机提供访互联网时的信道
API网络:
Tenant network:tenant内部使用的网络
Flat network:平面网络,所有VMs在同一个网络中,不支持VLAN及其它网络隔离机制
Local network:所有VMs位于本地一个Compute节点,且与external隔离,不支持VLAN
Vlan network:通过使用VLAN的IDs创建多个providers或ternant网络,
Vxlan和GRE:隧道
provider network:提供者网络,为各tenant网络提供通信承载的网络,不专属于某tenant
3、neutron的插件
plug-in agent:neutron-*-agent一堆的包,运行于每个hypervisor所在的节点(compute)上,实现本地不同了OVS的配置功能。
dhcp agent
l3 agent
l2 agent
4、neutron的组件
neutron-server:
plugins 和 agents
message queue
neutron database
二、安装neutron
1、Configure controller node
创建数据库并授权
mysql> create database neutron character set utf8; Query OK, 1 row affected (0.00 sec) mysql> grant all on neutron.* to 'neutron'@'%' identified by 'neutron' -> ; Query OK, 0 rows affected (0.00 sec) mysql> grant all on neutron.* to 'neutron'@'localhost' identified by 'neutron' -> ; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.04 sec)
4)创建nova用户
[root@Node1 ~]# keystone user-create --name=neutron --pass=neutron +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 7367ddf36b784d63807ac1ffb4a22764 | | name | neutron | | username | neutron | +----------+----------------------------------+ [root@Node1 ~]# keystone user-role-add --user=neutron --tenant=service --role=admin [root@Node1 ~]# keystone user-role-list --user=neutron --tenant=service +----------------------------------+-------+----------------------------------+----------------------------------+ | id | name | user_id | tenant_id | +----------------------------------+-------+----------------------------------+----------------------------------+ | 908cde894759423780e5787e4e50d7fb | admin | 7367ddf36b784d63807ac1ffb4a22764 | c536e6faa30b4b3f998e14af70f4f7c2 | +----------------------------------+-------+----------------------------------+----------------------------------+
在keystone中添加glance的service endpoint:
[root@Node1 ~]# keystone service-create --name neutron --type network +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | | | enabled | True | | id | 847603f305124cb1ab8339f0f0b8a57d | | name | neutron | | type | network | +-------------+----------------------------------+ [root@Node1 ~]# keystone service-list +----------------------------------+----------+----------+-------------------------+ | id | name | type | description | +----------------------------------+----------+----------+-------------------------+ | d60703148eb04b8a8813e3f0f46ca7a5 | glance | p_w_picpath | OpenStack Image Service | | 16929dabe6db4044af364ab96867b8b4 | keystone | identity | OpenStack Identity | | 847603f305124cb1ab8339f0f0b8a57d | neutron | network | | | e7acbab65f9647e7a3f691f990e43eb5 | nova | compute | OpenStack Compute | +----------------------------------+----------+----------+-------------------------+ [root@Node1 ~]# keystone endpoint-create \ > --service-id $(keystone service-list | awk '/ network / {print $2}') \ > --publicurl http://controller:9696 \ > --adminurl http://controller:9696 \ > --internalurl http://controller:9696 +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | adminurl | http://controller:9696 | | id | b892bcd388094c0ab302c0fc171e96c0 | | internalurl | http://controller:9696 | | publicurl | http://controller:9696 | | region | regionOne | | service_id | 847603f305124cb1ab8339f0f0b8a57d | +-------------+----------------------------------+
2、安装并配置netron
[root@Node1 ~]# yum install openstack-neutron openstack-neutron-ml2 python-neutronclient
配置/etc/netron/netron.conf
[root@Node1 ~]# cd /etc/neutron [root@Node1 neutron]# ls dhcp_agent.ini lbaas_agent.ini neutron.conf.bak release fwaas_driver.ini metadata_agent.ini plugins rootwrap.conf l3_agent.ini neutron.conf policy.json [root@Node1 neutron]# vi neutron.conf # connection = mysql://root:pass@127.0.0.1:3306/neutron connection = mysql://neutron:neutron@192.168.10.1/neutron # auth_strategy = noauth auth_strategy = keystone [keystone_authtoken] auth_protocol=http auth_url=http://controller:5000 auth_host=controller auth_port=35357 auth_user=neutron admin_tenant_name=service admin_password=neutron # QPID # rpc_backend=neutron.openstack.common.rpc.impl_qpid rpc_backend=neutron.openstack.common.rpc.impl_qpid # Qpid broker hostname # qpid_hostname = localhost qpid_hostname = controller # notify_nova_on_port_status_changes = False notify_nova_on_port_status_changes = True # Send notifications to nova when port data (fixed_ips/floatingips) change # so nova can update it's cache. # notify_nova_on_port_data_changes = False notify_nova_on_port_data_changes = True nova_url = http://192.168.10.1:8774/v2 # Name of nova region to use. Useful if keystone manages more than one region # nova_region_name = # Username for connection to nova in admin context # nova_admin_username = nova_admin_username = neutron # The uuid of the admin nova tenant # nova_admin_tenant_id = nova_admin_tenant_id = c536e6faa30b4b3f998e14af70f4f7c2 #service tenant id # Password for connection to nova in admin context. # nova_admin_password = nova_admin_password = neutron # Authorization URL for connection to nova in admin context. # nova_admin_auth_url = nova_admin_auth_url = # core_plugin = core_plugin = ml2 # Example: core_plugin = ml2 # service_plugins = service_plugins = router
配置plugins/ml2/ml2_conf.ini:
[root@Node1 neutron]# cd plugins/ [root@Node1 plugins]# ls ml2 [root@Node1 plugins]# cd ml2/ [root@Node1 ml2]# ls ml2_conf_arista.ini ml2_conf.ini ml2_conf_odl.ini ml2_conf_brocade.ini ml2_conf_mlnx.ini ml2_conf_ofa.ini ml2_conf_cisco.ini ml2_conf_ncs.ini restproxy.ini [root@Node1 ml2]# vi ml2_conf.ini [root@Node1 ml2]# grep -v '^$\|^#' ml2_conf.ini [ml2] type_drivers = gre tenant_network_types = gre mechanism_drivers = openvswitch [ml2_type_flat] [ml2_type_vlan] [ml2_type_gre] tunnel_id_ranges = 1:1000 [ml2_type_vxlan] [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
配置/etc/nova/nova.conf:
[root@Node1 ml2]# vi /etc/nova/nova.conf #network_api_class=nova.network.api.API network_api_class=nova.network.neutronv2.api.API #neutron_url=http://127.0.0.1:9696 neutron_url= #neutron_auth_strategy=keystone neutron_auth_strategy=keystone #neutron_admin_username=<None> neutron_admin_username=neutron # Password for connecting to neutron in admin context (string # value) #neutron_admin_password=<None> neutron_admin_password=neutron # Tenant id for connecting to neutron in admin context (string # value) #neutron_admin_tenant_id=<None> # Tenant name for connecting to neutron in admin context. This # option is mutually exclusive with neutron_admin_tenant_id. # Note that with Keystone V3 tenant names are only unique # within a domain. (string value) #neutron_admin_tenant_name=<None> neutron_admin_tenant_name=service # Region name for connecting to neutron in admin context # (string value) #neutron_region_name=<None> # Authorization URL for connecting to neutron in admin context # (string value) #neutron_admin_auth_url=http://localhost:5000/v2.0 neutron_admin_auth_url= #linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver #firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver firewall_driver=nova.virt.firewall.NoopFirewallDriver #security_group_api=nova security_group_api=neutron
创建链接:
[root@Node1 neutron]# ln -sv plugins/ml2/ml2_conf.ini /etc/neutron/plugins.ini `/etc/neutron/plugins.ini' -> `plugins/ml2/ml2_conf.ini' [root@Node1 neutron]# ls dhcp_agent.ini lbaas_agent.ini neutron.conf.bak policy.json fwaas_driver.ini metadata_agent.ini plugins release l3_agent.ini neutron.conf plugins.ini rootwrap.conf
启动neutron服务:
=========
转载于:https://blog.51cto.com/xiexiaojun/1834484