作用

1 neutron 实现了 openstack 下的虚拟网络功能
2 能够实现路由与交换功能
3 能够具有 dhcp 分配 ip 至云主机

neutron 定义了整个 openstack 的网络模型, 当前测试使用了 flat (平面网络) 生产使用了 vlan

flat
gre
local
vlan
vxlan

neutron 在网络类型中支持下面的组件, 当前使用了 ovs 作为虚拟交换机

arista
cisco
nexus
hyper-V agent
L2 population
linux bridge agent
open vswitch agent
tail-f NCS

软件安装

# yum install -y openstack-neutron.noarch openstack-neutron-ml2.noarch openstack-neutron-openvswitch.noarch

必须升级 iproute, 升级后, ip 命令能够具有 netns 参数, 否则在创建云主机时, 无法分配 ip (rhel7不需要)

# yum update iproute

neutron 连接 keystone

# openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_host 240.10.130.25
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name service
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_user neutron
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_password neutron
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_port 35357
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_protocal http
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri  http://240.10.130.25:5000/
# openstack-config --set /etc/neutron/neutron.conf agent root_helper sudo\ neutron-rootwrap\ /etc/neutron/rootwrap.conf
# openstack-config --set /etc/neutron/neutron.conf agent report_interval  30

neutron 连接 rabbitmq

# openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend neutron.openstack.common.rpc.impl_kombu
# openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_host 240.10.130.25
# openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_port 5672
# openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_userid neutron
# openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_password openstack

定义网络 plugin

选择 ml2 作为当前网络 plugin 核心, ovs 将会在以后弃用

# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

# openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin neutron.plugins.ml2.plugin.Ml2Plugin
# openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins neutron.services.l3_router.l3_router_plugin.L3RouterPlugin
# openstack-config --set /etc/neutron/plugin.ini ml2 type_drivers vxlan,flat
# openstack-config --set /etc/neutron/plugin.ini ml2 tenant_network_types vxlan,flat
# openstack-config --set /etc/neutron/plugin.ini ml2 mechanism_drivers openvswitch
# openstack-config --set /etc/neutron/plugin.ini agent l2_population True

配置 ml2 plugin

# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vxlan
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan,flat
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vxlan_group 239.1.1.1

neutron 连接 nova

定义连接 nova 方法, 不定义无法正常创建云主机

# openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
# openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_url http://240.10.130.30:8774/v2
# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_region_name RegionOne
# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_username nova
# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_tenant_id 5abe0972887645698adbdb94167f9be9
# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_password nova
# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_auth_url http://240.10.130.25:35357/v2.0
# openstack-config --set /etc/neutron/neutron.conf DEFAULT send_events_interval 2

neutron 连接数据库

# openstack-config --set /etc/neutron/neutron.conf  database connection mysql://neutron:openstack@240.10.130.25:3306/neutron_ml2

初始化 neutron 数据库

# neutron-db-manage --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head

上述命令假如成功, 会出现类似下面的信息

INFO  [alembic.migration] Running upgrade 538732fa21e1 -> 5ac1c354a051
INFO  [alembic.migration] Running upgrade 5ac1c354a051 -> icehouse

启动 neutron

# service neutron-server restart

L3 agent 配置

# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT gateway_external_network_id
# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge
# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver

桥接网络配置

/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
ONBOOT=yes
HWADDR=48:46:FB:04:97:EC
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex

/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
IPADDR=10.199.130.29
NETMASK=255.255.252.0
GATEWAY=10.199.128.1
ONBOOT=yes

重启网络可实现桥接网络

# service network restart

创建 OVS 桥接网络

# openstack-config --set /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini ovs network_vlan_ranges physnet1
# openstack-config --set /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini ovs tunnel_type vxlan
# openstack-config --set /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini ovs bridge_mappings  physnet1:br-ex
# openstack-config --set /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini ovs local_ip 10.199.130.29
# openstack-config --set /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini ovs enable_tunneling True
# openstack-config --set /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini ovs integration_bridge br-int
# openstack-config --set /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini ovs tunnel_bridge br-tun
# openstack-config --set /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini agent tunnel_types vxlan
# openstack-config --set /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini securitygroup firewall_driver \
# neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

服务启动

service neutron-l3-agent restart
service neutron-openvswitch-agent restart

在 openstack 环境下创建网络

网络管理

创建 ext_net 网络, 指定使用平面网络类型

# source /root/keystonerc_admin
# neutron net-create ext_net --provider:network_type flat --provider:physical_network physnet1 --router:external=True

创建子网 public_net, 指定网络, dhcp 分配池, dns 信息

# neutron subnet-create  ext_net --name public_net --gateway 10.199.128.1  10.199.128.0/22 --allocation-pool start=10.199.131.200,end=10.199.131.220 --enable_dhcp=true  --dns-nameserver 10.199.129.21

配置 dhcp agent 功能

# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT auth_strategy keystone
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT resync_interval 30
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT use_namespaces True
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_metadata_network False
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_delete_namespaces False
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT root_helper sudo\ neutron-rootwrap\ /etc/neutron/rootwrap.conf
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT state_path /var/lib/neutron
# openstack-config --set /etc/neutron/dhcp_agent.ini keystone_authtoken auth_host 10.199.130.25
# openstack-config --set /etc/neutron/dhcp_agent.ini keystone_authtoken admin_tenant_name service
# openstack-config --set /etc/neutron/dhcp_agent.ini keystone_authtoken  admin_user neutron
# openstack-config --set /etc/neutron/dhcp_agent.ini keystone_authtoken  admin_password openstack

配置 metadata agent 验证信息

# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_url http://240.10.130.25:35357/v2.0
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_region RegionOne
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_tenant_name service
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_user neutron
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_password neutron
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT debug False
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_insecure False
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip 240.10.130.30
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_port 8775
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret 744ee65672684281
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_workers 0

假如 metadata 没有配置, 创建虚拟机期间将会遇见下面错误

ci-info: ++++++++++++++++++++++++++++Net device info++++++++++++++++++++++++++++
ci-info: +--------+-------+----------------+---------------+-------------------+
ci-info: | Device |   Up  |    Address     |      Mask     |     Hw-Address    |
ci-info: +--------+-------+----------------+---------------+-------------------+
ci-info: |  sit0  | False |       .        |       .       |         .         |
ci-info: |   lo   |  True |   127.0.0.1    |   255.0.0.0   |         .         |
ci-info: |  eth0  |  True | 10.199.131.208 | 255.255.252.0 | fa:16:3e:0e:61:31 |
ci-info: +--------+-------+----------------+---------------+-------------------+
ci-info: ++++++++++++++++++++++++++++++++Route info+++++++++++++++++++++++++++++++++
ci-info: +-------+--------------+--------------+---------------+-----------+-------+
ci-info: | Route | Destination  |   Gateway    |    Genmask    | Interface | Flags |
ci-info: +-------+--------------+--------------+---------------+-----------+-------+
ci-info: |   0   | 10.199.128.0 |   0.0.0.0    | 255.255.252.0 |    eth0   |   U   |
ci-info: |   1   | 169.254.0.0  |   0.0.0.0    |  255.255.0.0  |    eth0   |   U   |
ci-info: |   2   |   0.0.0.0    | 10.199.128.1 |    0.0.0.0    |    eth0   |   UG  |
ci-info: +-------+--------------+--------------+---------------+-----------+-------+
2014-10-13 15:35:21,836 - url_helper.py[WARNING]: Calling 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [0/120s]: bad status code [500]
2014-10-13 15:35:22,846 - url_helper.py[WARNING]: Calling 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [1/120s]: bad status code [500]

neutron 服务启动

# service messagebus restart
# service neutron-server restart
# service neutron-dhcp-agent restart
# service neutron-l3-agent restart
# service neutron-metadata-agent restart
# service neutron-openvswitch-agent restart