Openstack网络主要是和OpenStack计算交互,提供网络连接到它的实例。
一、OpenStack网络服务包含的组件
图1.1. OpenStack Nova组件
二、OpenStack网络节点基本环节的搭建
1.配置主机名和网络信息
1.1配置主机名
root@network:~# vim /etc/hostnamenetwork
1.2 配置IP地址
root@network:~# vim /etc/network/interfacesauto eth0iface eth0 inet staticaddress 192.168.100.101netmask 255.255.255.0gateway 192.168.100.2auto eth1iface eth1 inet staticaddress 192.168.200.101netmask 255.255.255.0auto eth2iface eth2 inet manual up ip link set dev $IFACE up down ip link set dev $IFACE down
1.3 配置名称解析hosts
root@network:~# vim /etc/hosts# controller192.168.100.100 controller# network192.168.100.101 network# compute1192.168.100.102 compute1
2.网络时间协议ntp
2.1 安装ntp服务器
root@network:~# apt-get install ntp
2.2 配置/etc/ntp.conf 服务
server controller iburst
2.3重启ntp服务
root@network:~# /etc/init.d/ntp restart
3.系统升级更新
3.1 更新openstack 仓库源
root@network:~# apt-get install ubuntu-cloud-keyringroot@network:~# vim /etc/apt/sources.list.d/cloudarchive-kilo.listdeb http://ubuntu-cloud.archive.canonical.com/ubuntu trusty-updates/kilo main
3.2升级软件包,如果升级过程中包含内核的升级,需要重启服务器。
root@network:~# apt-get updateroot@network:~# apt-get dist-upgrade
三、安装和配置控制节点
下面介绍如何在控制节点上面安装和配置OpenStack Networking (neutron) service,下面所有的操作步骤在控制节点上面操作。在安装和配置计算服务之前,必须先创建数据库、服务证书和API。
1.数据库配置
1.1创建数据库
root@controller:~# mysql -uroot -pMariaDB [(none)]> create database neutron;Query OK, 1 row affected (0.12 sec)
1.2给数据库授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'sfzhang1109';Query OK, 0 rows affected (0.41 sec)MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'sfzhang1109';Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> flush privileges;Query OK, 0 rows affected (0.10 sec)
1.3退出数据库客户端
MariaDB [(none)]> exit;Bye
2.导入admin身份凭证以便执行管理命令
root@controller:~# source admin-openrc.sh
3.创建服务证书
3.1创建neutron用户(密码:neutron)
root@controller:~# openstack user create --password-prompt neutronUser Password:Repeat User Password:+----------+----------------------------------+| Field | Value |+----------+----------------------------------+| email | None || enabled | True || id | b11104ae8be347459f83dccdc065bc32 || name | neutron || username | neutron |+----------+----------------------------------+
3.2添加neutron用户到admin角色
root@controller:~# openstack role add --project service --user neutron admin+-------+----------------------------------+| Field | Value |+-------+----------------------------------+| id | 05616505a61c4aa78f43fba9e60ba7fc || name | admin |+-------+----------------------------------+
3.3创建neutron服务实体
root@controller:~# openstack service create --name neutron \ --description "OpenStack Networking" network+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | OpenStack Networking || enabled | True || id | ac269b9d3c8c4862ac882c23f253e966 || name | neutron || type | network |+-------------+----------------------------------+
3.4创建Networking service的API endpoint
root@controller:~# openstack endpoint create \ --publicurl http://controller:9696 \ --adminurl http://controller:9696 \ --internalurl http://controller:9696 \ --region RegionOne \ network+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| adminurl | http://controller:9696 || id | ce52629dec38402a9ee23e88cc335225 || internalurl | http://controller:9696 || publicurl | http://controller:9696 || region | RegionOne || service_id | ac269b9d3c8c4862ac882c23f253e966 || service_name | neutron || service_type | network |+--------------+----------------------------------+
4.安装和配置网络组建
下面所有的操作在控制节点操作,Networking 服务组件的配置包括数据库配置、身份验证认证机制配置、消息队列、拓扑变化通知和插件配置。
4.1安装软件包
root@controller:~# apt-get install neutron-server neutron-plugin-ml2 python-neutronclient
4.2编辑neutron的配置文件/etc/neutron/neutron.conf
1)在[database]部分配置数据库访问
[database]…connection = connection = mysql://neutron:sfzhang1109@controller/neutron
2)在[DEFAULT]和[oslo_messaging_rabbit]部分配置RabbitMQ消息队列访问
[DEFAULT]…rpc_backend = rabbit[oslo_messaging_rabbit]…rabbit_host = controllerrabbit_userid = openstackrabbit_password = 2015OS##
这里的密码为rabbitmqctl add_user命令添加openstack用户的密码
3)在[DEFAULT]和[keystone_authtoken]部分配置身份认证服务
[DEFAULT]…auth_strategy = keystone[keystone_authtoken]…auth_uri = http://controller:5000auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = neutronpassword = neutron
4)在[DEFAULT]部分启用Modular Layer2(ML2)插件、router服务和overlapping IP addresses
[DEFAULT]…core_plugin = ml2service_plugins = routerallow_overlapping_ips = True
5)在[DEFAULT]和[nova]部分,配置网络拓扑变化通知
[DEFAULT]…notify_nova_on_port_status_changes = Truenotify_nova_on_port_data_changes = Truenova_url = http://controller:8774/v2[nova]…auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultregion_name = RegionOneproject_name = serviceusername = novapassword = nova
6)在[DEFAULT]段中开启详细日志配置,为后期的故障排除提供帮助
[DEFAULT]…verbose = True
4.3配置Modular Layer 2 (ML2)插件
编辑配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
1)在[ml2]部分,启用flat, VLAN, generic routing encapsulation (GRE), 和 virtual extensible LAN (VXLAN) 网络类型驱动, GRE 租户网络, 和OVS 机制驱动
[ml2]…type_drivers = flat,vlan,gre,vxlantenant_network_types = gremechanism_drivers = openvswitch
注意:一旦配置ML2插件,如何改变type_drivers值的话,会导致数据库不一致
2)在[ml2_type_gre]部分,配置隧道标识符id的范围
[ml2_type_gre]...tunnel_id_ranges = 1:1000
3)在[securitygroup] 部分,启用security groups, 启用 ipset, 和 配置 OVS iptables firewall 驱动
[securitygroup]…enable_security_group = Trueenable_ipset = Truefirewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
5.配置Compute以使用Networking
默认情况下,发行版的包配置Compute使用传统网络,必须重新配置Compute通过Networking管理网络。下面的步骤在控制节点上面操作。
5.1修改控制节点/etc/nova/nova.conf配置文件
1)在[DEFAULT]部分,配置APIS和驱动
[DEFAULT]…network_api_class = nova.network.neutronv2.api.APIsecurity_group_api = neutronlinuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriverfirewall_driver = nova.virt.firewall.NoopFirewallDriver
2)在[neutron]部分,配置访问参数
[neutron]…url = http://controller:9696auth_strategy = keystoneadmin_auth_url = http://controller:35357/v2.0admin_tenant_name = serviceadmin_username = neutronadmin_password = neutron
6.完成安装
6.1.初始化数据库
root@controller:~# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutronINFO [alembic.migration] Context impl MySQLImpl.INFO [alembic.migration] Will assume non-transactional DDL.…
6.2重启Compute服务
root@controller:~# service nova-api restart
6.3重启Networking服务
root@controller:~# service neutron-server restart
7.验证操作
注意:验证操作在控制节点操作
7.1执行admin身份凭证
root@controller:~# source admin-openrc.sh
7.2列出创建成功的neutron-server 进程
root@controller:~# neutron ext-list+-----------------------+-----------------------------------------------+| alias | name |+-----------------------+-----------------------------------------------+| security-group | security-group || l3_agent_scheduler | L3 Agent Scheduler || net-mtu | Network MTU || ext-gw-mode | Neutron L3 Configurable external gateway mode || binding | Port Binding || provider | Provider Network || agent | agent || quotas | Quota management support || subnet_allocation | Subnet Allocation || dhcp_agent_scheduler | DHCP Agent Scheduler || l3-ha | HA Router extension || multi-provider | Multi Provider Network || external-net | Neutron external network || router | Neutron L3 Router || allowed-address-pairs | Allowed Address Pairs || extraroute | Neutron Extra Route || extra_dhcp_opt | Neutron Extra DHCP opts || dvr | Distributed Virtual Router |+-----------------------+-----------------------------------------------+
四、安装和配置网络节点
下面所有的操作在网络节点操作
1.在安装和配置OpenStack网络之前,必须配置内核参数。
1)编辑配置文件/etc/sysctl.conf修改下面的配置。
net.ipv4.ip_forward=1net.ipv4.conf.all.rp_filter=0net.ipv4.conf.default.rp_filter=0
2)使修改生效
root@network:~# sysctl -pnet.ipv4.conf.default.rp_filter = 0net.ipv4.conf.all.rp_filter = 0net.ipv4.ip_forward = 1
2.安装网络组建
root@network:~# apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent
3.配置网络通用组建
网络通用组建包括认证机制、消息队列和插件。
编辑/etc/neutron/neutron.conf配置文件,完成下面配置。
3.1在[database]部分,注释掉connection选择,因为网络不直接使用数据库。
3.2在[DEFAULT]和[oslo_messaging_rabbit]部分,配置消息队列访问
[DEFAULT]...rpc_backend = rabbit [oslo_messaging_rabbit]...rabbit_host = controllerrabbit_userid = openstackrabbit_password = 2015OS##
3.3在[DEFAULT]和[keystone_authtoken]部分配置认证访问
[DEFAULT]...auth_strategy = keystone[keystone_authtoken]...auth_uri = http://controller:5000auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = neutronpassword = 2015OS##
3.4在[m2]部分,启用Modular Layer 2 (ML2) plug-in, router service, 和 overlapping IP
addresses[DEFAULT]...core_plugin = ml2service_plugins = routerallow_overlapping_ips = True
3.5在[DEFAULT]段中开启详细日志配置,为后期的故障排除提供帮助
[DEFAULT]...verbose = True
4.配置Modular Layer 2(ML2)插件
ML2插件使用Open vSwitch (OVS) 机制构建实例的虚拟网络框架
编辑文件 /etc/neutron/plugins/ml2/ml2_conf.ini,完成下面内容
4.1 在 [ml2]部分,启用 flat, VLAN, generic routing encapsulation (GRE), 和 virtual extensible LAN (VXLAN) 网络类型驱动,GRE 租户网络, 和 OVS 机制驱动。
[ml2]...type_drivers = flat,vlan,gre,vxlantenant_network_types = gremechanism_drivers = openvswitch
4.2在[ml2_type_flat]部分,配置external flat提供的网络
[ml2_type_flat]...flat_networks = external
4.3在[ml2_type_grp]部分,配置tunnel标识符(id)范围
[ml2_type_gre]...tunnel_id_ranges = 1:1000
4.4在[securitygroup]部分,启用安全组, ipset, 和配置 OVS iptables firewall driver
[securitygroup]...enable_security_group = Trueenable_ipset = Truefirewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
4.5在 [ovs]部分,启用tunnels和配置本地 tunnel endpoint,和映射外部flat私有网络到br-ex外部网桥
[ovs]...local_ip = 192.168.200.101bridge_mappings = external:br-ex
这里的IP为网络节点隧道网络ip地址192.168.200.101
4.6在 [agent] 部分, 启用 GRE 隧道:
[agent]...tunnel_types = gre
5.配置Layer-3(L3)代理
Layer-3 (L3) 提供路由服务为虚拟网络
编辑文件/etc/neutron/l3_agent.ini完成下面内容
5.1.在[DEFAULT]部分,配置网卡驱动,外部网桥,和启用是删除路由命名空间失效
[DEFAULT]...interface_driver = neutron.agent.linux.interface.OVSInterfaceDriverexternal_network_bridge =router_delete_namespaces = True
5.2在[DEFAULT]部分开启详细日志配置,为后期的故障排除提供帮助
[DEFAULT]...verbose = True
6.配置DHCP代理
DHCP 代理为虚拟网络提供 DHCP 服务
编辑文件/etc/neutron/dhcp_agent.ini完成下面内容
6.1在 [DEFAULT]部分,配置接口和dhcp驱动,启用失效删除DHCP 命令空间
[DEFAULT]...interface_driver = neutron.agent.linux.interface.OVSInterfaceDriverdhcp_driver = neutron.agent.linux.dhcp.Dnsmasqdhcp_delete_namespaces = True
6.2在[DEFAULT]段中开启详细日志配置,为后期的故障排除提供帮助
[DEFAULT]...verbose = True
7.配置metadata代理
Metadata代理提供配置信息,例如凭证的实例。
编辑文件/etc/neutron/metadata_agent.ini,完成下面的配置
7.1在 [DEFAULT]部分,配置访问参数
[DEFAULT]...auth_uri = http://controller:5000auth_url = http://controller:35357auth_region = RegionOneauth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = neutronpassword = neutron
7.2在[DEFAULT]部分配置metadata host
[DEFAULT]...nova_metadata_ip = controller
7.3在 [DEFAULT]部分,配置metadata代理共享密码
DEFAULT]...metadata_proxy_shared_secret = METADATAPASS
7.4在[DEFAULT]段中开启详细日志配置,为后期的故障排除提供帮助
[DEFAULT]...verbose = True
8.在控制节点,编辑文件etc/nova/nova.conf,完成下面配置
8.1在 [neutron] 部分,启用 metadata 代理并配置 secret,其中secret是上面配置的
[neutron]...service_metadata_proxy = Truemetadata_proxy_shared_secret = METADATAPASS
8.2在控制节点,重启Compute API服务
root@controller:~# service nova-api restart
9.配置Open vSwitch(OVS)服务
9.1重启OVS服务
root@network:~# service openvswitch-switch restart
9.2添加外部网桥
root@network:~# ovs-vsctl add-br br-ex
9.3添加混杂模式网卡到br-ex
root@network:~# ovs-vsctl add-port br-ex eth2
这里eth2为真实的网卡,为External network,即网络节点的第三块网卡。
注意:根据不同的网卡驱动,你可以需要禁用 generic receive offload (GRO),暂时禁用GRO在外部网卡。
root@network:~# ethtool -K eth2 gro off
10.完成安装,重启网络服务
root@network:~# service neutron-plugin-openvswitch-agent restartroot@network:~# service neutron-l3-agent restartroot@network:~# service neutron-dhcp-agent restartroot@network:~# service neutron-metadata-agent restart
11.验证安装操作
下面操作在控制节点操作
11.1执行admin身份凭证
root@controller:~# source admin-openrc.sh
11.2列出创建成功的neutron代理
root@controller:~# neutron agent-list+--------------------------------------+--------------------+---------+-------+----------------+---------------------------+| id | agent_type | host | alive | admin_state_up | binary |+--------------------------------------+--------------------+---------+-------+----------------+---------------------------+| 4b204e1d-096d-4466-9364-7ca7a9d2dc36 | Metadata agent | network | :-) | True | neutron-metadata-agent || 55da2579-f0a7-4f3b-8971-6d19197cedd4 | Open vSwitch agent | network | :-) | True | neutron-openvswitch-agent || c5b16aad-5d0a-4528-a4ac-afa6b353b4c6 | DHCP agent | network | :-) | True | neutron-dhcp-agent || ccc147b2-85f5-465e-8170-33ca84aae6a1 | L3 agent | network | :-) | True | neutron-l3-agent |+--------------------------------------+--------------------+---------+-------+----------------+---------------------------+
五、安装和配置计算节点
1.安装前的准备
在安装配置openstack网络之前,必须修改内核参数。
1.1编辑文件 /etc/sysctl.conf,修改下面参数
net.ipv4.conf.default.rp_filter=0net.ipv4.conf.all.rp_filter=0
1.2配置文件生效
root@compute1:~# sysctl -p
2.安装网络组建
root@compute1:~# apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent
3.配置网络通用组建
编辑文件/etc/neutron/neutron.conf,完成下面的配置
3.1在 [database]部分,注释掉connection 选项,因为计算节点不直接访问数据库
3.2在[DEFAULT] 和[oslo_messaging_rabbit]部分,配置RabbitMQ 消息队列访问
[DEFAULT]...rpc_backend = rabbit[oslo_messaging_rabbit]...rabbit_host = controllerrabbit_userid = openstackrabbit_password = 2015OS##
3.3在[DEFAULT]和[keystone_authtoken]部分,配置认证服务
[DEFAULT]...auth_strategy = keystone[keystone_authtoken]...auth_uri = http://controller:5000auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = neutronpassword = neutron
3.4在[DEFAULT]部分,启用Modular Layer 2 (ML2)插件,router 服务, 和 overlapping IP addresses
[DEFAULT]...core_plugin = ml2service_plugins = routerallow_overlapping_ips = True
4. 配置 Modular Layer 2 (ML2) 插件
编辑文件/etc/neutron/plugins/ml2/ml2_conf.ini,完成下面配置
4.1在 [ml2] 部分, 启用 flat, VLAN, generic routing encapsulation (GRE), 和 virtual extensible LAN (VXLAN) 网络类型驱动, GRE 租户网络, 和OVS 机制驱动
[ml2]...type_drivers = flat,vlan,gre,vxlantenant_network_types = gremechanism_drivers = openvswitch
4.2在[ml2_type_grp]部分,配置tunnel标识符(id)范围
[ml2_type_gre]...tunnel_id_ranges = 1:1000
4.3在[securitygroup]部分,启用安全组, ipset, 和配置 OVS iptables firewall driver
[securitygroup]...enable_security_group = Trueenable_ipset = Truefirewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
4.4在 [ovs]部分,启用tunnels和配置本地 tunnel endpoint
[ovs]...local_ip = 192.168.200.101
这里的IP为网络节点隧道网络ip地址192.168.200.101
4.5在 [agent] 部分, 启用 GRE 隧道
[agent]...tunnel_types = gre
5.配置 Open vSwitch (OVS)服务
OVS服务为实例提供了底层的虚拟网络架构。
重启OVS 服务
root@compute1:~# service openvswitch-switch restart
6.配置计算节点使用网络
默认情况下,发行版的包会配置 Compute 使用传统网络。必需重新配置 Compute 来通过
Networking 来管理网络
编辑文件/etc/nova/nova.conf ,完成下面内容
6.1在 [DEFAULT]部分, 配置 APIs 和 驱动
[DEFAULT]...network_api_class = nova.network.neutronv2.api.APIsecurity_group_api = neutronlinuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriverfirewall_driver = nova.virt.firewall.NoopFirewallDriver
6.2在[neutron] 部分,配置访问参数
[neutron]...url = http://controller:9696auth_strategy = keystoneadmin_auth_url = http://controller:35357/v2.0admin_tenant_name = serviceadmin_username = neutronadmin_password = neutron
7.完成安装
7.1重启计算服务
root@compute1:~# service nova-compute restart
7.2重启Open vSwitch (OVS) 代理
root@compute1:~# service neutron-plugin-openvswitch-agent restart
8.验证安装
8.1执行admin身份凭证
root@controller:~# source admin-openrc.sh
8.2列出创建成功的neutron 代理
root@controller:~# neutron agent-list+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+| id | agent_type | host | alive | admin_state_up | binary |+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+| 4b204e1d-096d-4466-9364-7ca7a9d2dc36 | Metadata agent | network | :-) | True | neutron-metadata-agent || 55da2579-f0a7-4f3b-8971-6d19197cedd4 | Open vSwitch agent | network | :-) | True | neutron-openvswitch-agent || b6a4a5a5-ec15-4669-a899-ea3773a9fe89 | Open vSwitch agent | compute1 | :-) | True | neutron-openvswitch-agent || c5b16aad-5d0a-4528-a4ac-afa6b353b4c6 | DHCP agent | network | :-) | True | neutron-dhcp-agent || ccc147b2-85f5-465e-8170-33ca84aae6a1 | L3 agent | network | :-) | True | neutron-l3-agent |+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+
六、初始化网络
1.外部网络
外部网络为实例分配网络连接,该网络通过使用网络地址转换(NAT)访问Internet。可以通过一个floating IP和合适的安全组规则来启用Internet的访问到个别实例。admin 租户拥有这个网络,因为它为多个租户提供了外部网络的访问。
1.1创建外部网络
1)执行admin身份凭证
root@controller:~# source admin-openrc.sh
2)创建网络
root@controller:~# neutron net-create ext-net --router:external \ --provider:physical_network external --provider:network_type flatCreated a new network:+---------------------------+--------------------------------------+| Field | Value |+---------------------------+--------------------------------------+| admin_state_up | True || id | 0ec2aa26-1c49-48c0-80f8-f87cb896283d || mtu | 0 || name | ext-net || provider:network_type | flat || provider:physical_network | external || provider:segmentation_id | || router:external | True || shared | False || status | ACTIVE || subnets | || tenant_id | d04d4985d62f42e2af2ddc35f442ffd9 |+---------------------------+--------------------------------------+
1.2创建外部网络的子网
创建外部网络子网的命令如下:
neutron subnet-create ext-net EXTERNAL_NETWORK_CIDR --name ext-subnet \ --allocation-pool start=FLOATING_IP_START,end=FLOATING_IP_END \ --disable-dhcp --gateway EXTERNAL_NETWORK_GATEWAY
替换掉FLOATING_IP_START,FLOATING_IP_END,分别是floating ip地址的开始地址和结束地址。替换掉EXTERNAL_NETWORK_CIDR子网关联的物理网络。替换 EXTERNAL_NETWORK_GATEWAY 与物理网络的网关。通常是".1"的 ip地址。禁用子网ip地址,因为实例不直接连接外网,floating ip需要手工分配。
举例:使用 203.0.202.0/24 带有浮动IP地址 203.0.202.100 到 203.0.202.200:
root@controller:~# neutron subnet-create ext-net 203.0.202.0/24 --name ext-subnet \ --allocation-pool start=203.0.202.100,end=203.0.202.200 \ --disable-dhcp --gateway 203.0.202.1Created a new subnet:+-------------------+----------------------------------------------------+| Field | Value |+-------------------+----------------------------------------------------+| allocation_pools | {"start": "203.0.202.100", "end": "203.0.202.200"} || cidr | 203.0.202.0/24 || dns_nameservers | || enable_dhcp | False || gateway_ip | 203.0.202.1 || host_routes | || id | 518a1b11-59ff-4a0b-8b1a-cb524d552818 || ip_version | 4 || ipv6_address_mode | || ipv6_ra_mode | || name | ext-subnet || network_id | 0ec2aa26-1c49-48c0-80f8-f87cb896283d || subnetpool_id | || tenant_id | d04d4985d62f42e2af2ddc35f442ffd9 |+-------------------+----------------------------------------------------+
2.租户网络
租户网络为实例提供内部网络连接。确保这种网络在不同租户间分离。demo 租户拥有这个网络因为其仅仅为其内的实例提供网络连接。
2.1执行demo身份凭证
root@controller:~# source demo-openrc.sh
2.2创建租户网络
root@controller:~# neutron net-create demo-netCreated a new network:+-----------------+--------------------------------------+| Field | Value |+-----------------+--------------------------------------+| admin_state_up | True || id | 1b6e6a47-97a1-4e1a-8a04-fd1272a53412 || mtu | 0 || name | demo-net || router:external | False || shared | False || status | ACTIVE || subnets | || tenant_id | 61014ce01ca7474da5a2cce53aa28ade |+-----------------+--------------------------------------+
2.3创建租户网络子网
创建租户网络子网的命令如下:
neutron subnet-create demo-net TENANT_NETWORK_CIDR \ --name demo-subnet --gateway TENANT_NETWORK_GATEWAY
将其中的TENANT_NETWORK_CIDR 替换为想关联到租户网络的子网并替换TENANT_NETWORK_GATEWAY 为想关联的子网的网关,一般是 ".1" IP 地址。
举例:
root@controller:~# neutron subnet-create demo-net 172.20.0/24 --name demo-subnet --gateway 172.20.0.1Created a new subnet:+-------------------+------------------------------------------------+| Field | Value |+-------------------+------------------------------------------------+| allocation_pools | {"start": "172.20.0.2", "end": "172.20.0.254"} || cidr | 172.20.0.0/24 || dns_nameservers | || enable_dhcp | True || gateway_ip | 172.20.0.1 || host_routes | || id | 4ba6a581-1286-4d78-a084-d9812dca945d || ip_version | 4 || ipv6_address_mode | || ipv6_ra_mode | || name | demo-subnet || network_id | 1b6e6a47-97a1-4e1a-8a04-fd1272a53412 || subnetpool_id | || tenant_id | 61014ce01ca7474da5a2cce53aa28ade |+-------------------+------------------------------------------------+
3.创建租户路由,并附加外网和租户网络到路由
3.1创建路由
root@controller:~# neutron router-create demo-routerCreated a new router:+-----------------------+--------------------------------------+| Field | Value |+-----------------------+--------------------------------------+| admin_state_up | True || external_gateway_info | || id | 4cb4e5ac-e8bb-4a8e-a2b4-1c848b15ba67 || name | demo-router || routes | || status | ACTIVE || tenant_id | 61014ce01ca7474da5a2cce53aa28ade |+-----------------------+--------------------------------------+
3.2连接路由到租户网络
root@controller:~# neutron router-interface-add demo-router demo-subnetAdded interface d675efb5-df70-48b4-b268-3d5d2db44016 to router demo-router.
3.3连接路由器到外部网络通过设置为网关
root@controller:~# neutron router-gateway-set demo-router ext-netSet gateway for router demo-router
4.联通型验证
在任意一台主机ping外网网关和floating ip最小的那个IP地址,都可以ping通。
如果在虚拟机上配置的OpenStac节点,必须配置管理程序以允许外部网络上的混杂模式。
root@controller:~# ping 203.0.202.1 -c 4PING 203.0.202.1 (203.0.202.1) 56(84) bytes of data.64 bytes from 203.0.202.1: icmp_seq=1 ttl=128 time=0.647 ms64 bytes from 203.0.202.1: icmp_seq=2 ttl=128 time=0.400 ms64 bytes from 203.0.202.1: icmp_seq=3 ttl=128 time=0.707 ms64 bytes from 203.0.202.1: icmp_seq=4 ttl=128 time=0.646 ms--- 203.0.202.1 ping statistics ---4 packets transmitted, 4 received, 0% packet loss, time 3003msrtt min/avg/max/mdev = 0.400/0.600/0.707/0.118 msroot@controller:~# ping 203.0.202.100 -c 4PING 203.0.202.100 (203.0.202.100) 56(84) bytes of data.64 bytes from 203.0.202.100: icmp_seq=1 ttl=128 time=1.82 ms64 bytes from 203.0.202.100: icmp_seq=2 ttl=128 time=1.49 ms64 bytes from 203.0.202.100: icmp_seq=3 ttl=128 time=1.43 ms64 bytes from 203.0.202.100: icmp_seq=4 ttl=128 time=1.40 ms--- 203.0.202.100 ping statistics ---4 packets transmitted, 4 received, 0% packet loss, time 3006msrtt min/avg/max/mdev = 1.402/1.539/1.826/0.173 ms
总结:
1)OpenStack网络节点总共有三个网卡
root@network:~# ifconfig eth0 Link encap:以太网 硬件地址 00:0c:29:2e:68:25 inet 地址:192.168.100.101 广播:192.168.100.255 掩码:255.255.255.0 inet6 地址: fe80::20c:29ff:fe2e:6825/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 跃点数:1 接收数据包:4346 错误:0 丢弃:0 过载:0 帧数:0 发送数据包:6074 错误:0 丢弃:0 过载:0 载波:0 碰撞:0 发送队列长度:1000 接收字节:381605 (381.6 KB) 发送字节:1109191 (1.1 MB) 中断:19 基本地址:0x2000 eth1 Link encap:以太网 硬件地址 00:0c:29:2e:68:2f inet 地址:192.168.200.101 广播:192.168.200.255 掩码:255.255.255.0 inet6 地址: fe80::20c:29ff:fe2e:682f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 跃点数:1 接收数据包:80 错误:0 丢弃:0 过载:0 帧数:0 发送数据包:8 错误:0 丢弃:0 过载:0 载波:0 碰撞:0 发送队列长度:1000 接收字节:8612 (8.6 KB) 发送字节:648 (648.0 B) 中断:19 基本地址:0x2080 eth2 Link encap:以太网 硬件地址 00:0c:29:2e:68:39 inet6 地址: fe80::20c:29ff:fe2e:6839/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 跃点数:1 接收数据包:4067 错误:0 丢弃:0 过载:0 帧数:0 发送数据包:3921 错误:0 丢弃:0 过载:0 载波:0 碰撞:0 发送队列长度:1000 接收字节:395049 (395.0 KB) 发送字节:371402 (371.4 KB)
eth0 192.168.100.101用于管理网络,用于OpenStack组件以及MySQL DB Server, RabbitMQ
messaging server之间的通信。
eth1 192.168.200.101用于和计算节点建立隧道连接。
eth2用于通过floating ip访问实例,IP地址范围为203.0.202.100 到 203.0.202.200。
2)租户网络的ip为172.20.0/24网络,用于租户与租户之间的通信。
本文出自 “朴实的追梦者” 博客,请务必保留此出处http://sfzhang88.blog.51cto.com/4995876/1703080