名词介绍
网络虚拟化重点
vxlan技术
主要通过udp封装原始报文,减少二层网络因为链路带来的带宽消耗
SDN
软件定义网络(Software Defined Network):将数据层面和控制层面剥离,控制层面下发转发策略;数据层面进行转发数据;我们不需要再去关心底层数据网络是什么样的。
软件sdn;硬件sdn
openflow
opendaylight
是开源的sdn软件(每一家厂商其实对SDN定义的标准也不同)
【控制节点 】
官方文档:https://docs.openstack.org/neutron/queens/install/controller-install-rdo.html
创建neutron数据库
`mysql -uroot -p000000`创建数据库neutron用户,并进行授权
MariaDB [(none)] CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY '000000';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY '000000';创建neutron用户(service组),并赋予admin角色
source admin-openrcopenstack user create --domain default --password-prompt neutron
返回:
[root@controller ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | a87f0a171c464cb88f9954c887716dd3 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+openstack role add --project service --user neutron admin
创建neutron服务,并创建相应的endpoint
openstack service create --name neutron \ --description "OpenStack Networking" network
[root@controller ~]# openstack role add --project service --user neutron admin
[root@controller ~]# openstack service create --name neutron \
> --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 90db43ee634248158048d46b2de47cf5 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
`openstack endpoint create --region RegionOne \`<br />`network public http://controller:9696`[root@controller ~]# openstack endpoint create --region RegionOne \
> network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 39c72a1c87144f19a0a086bbd7271eb4 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 90db43ee634248158048d46b2de47cf5 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+`openstack endpoint create --region RegionOne \`<br />` network internal http://controller:9696`[root@controller ~]# openstack endpoint create --region RegionOne \
> network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 890f3d6f0c0845d68fc0272d4697b1be |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 90db43ee634248158048d46b2de47cf5 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+`openstack endpoint create --region RegionOne \`<br />` network admin http://controller:9696`[root@controller ~]# openstack endpoint create --region RegionOne \
> network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 6efa6c93d43843d9aa86f35455c674dc |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 90db43ee634248158048d46b2de47cf5 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+网络类型
soenstack网络类型:https://www.cnblogs.com/onetwo/p/6132452.html
VPC:https://baijiahao.baidu.com/s?id=1591704620114298792&wfr=spider&for=pc
1. Provider Network: 公有网络
2. self-service Network: 私有网络(*)
Networking Option : Self-service networks
官方文档:https://docs.openstack.org/neutron/queens/install/controller-install-option2-rdo.html
下载软件包:
yum install openstack-neutron openstack-neutron-ml2 `\`openstack-neutron-linuxbridge ebtables
编辑 /etc/neutron/neutron.conf
vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2 (核心插件,主要是使用2层网络,比如linux bridge或者open vswitch)
service_plugins = router (启动路由插件)
allow_overlapping_ips = true
transport_url = rabbit://openstack:openstack@controller
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
connection = mysql+pymysql://neutron:000000@controller/neutron
[keystone_authtoken]
auth_strategy = keystone
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 000000
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 000000
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp编辑/etc/neutron/plugins/ml2/ml2_conf.ini
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan (2层网络选取类型)
tenant_network_types = vxlan (私有网络默认使用Vxlan)
mechanism_drivers = linuxbridge,l2population (2层网络选择的虚拟交换机linuxbridge,l2population是为了防止网络泛洪)
extension_drivers = port_security (扩展插件,端口安全)
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true (安全组启动)编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens33 (nat网络类型充当外部网络)
[vxlan]
enable_vxlan = true
local_ip = 192.168.100.10
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDrivernet.bridge.bridge-nf-call-iptables<br /> net.bridge.bridge-nf-call-ip6tables
编辑/etc/neutron/l3_agent.ini
vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge<br /> 编辑/etc/neutron/dhcp_agent.ini
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true编辑 /etc/neutron/metadata_agent.ini
vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = 000000编辑/etc/nova/nova.conf
vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 000000
service_metadata_proxy = true
metadata_proxy_shared_secret = 000000链接插件
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步数据库信息
`su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \`<br />` --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron`<br /> 重启nova-api
systemctl restart openstack-nova-api.service
重启neutron服务
systemctl `enable neutron-server.service \` neutron-linuxbridge-agent.service neutron-dhcp-agent.service `\` neutron-metadata-agent.servicesystemctl start neutron-server.service `\` neutron-linuxbridge-agent.service neutron-dhcp-agent.service `\` neutron-metadata-agent.service
systemctl enable neutron-l3-agent.servicesystemctl start neutron-l3-agent.service
【计算节点】
安装包
yum install openstack-neutron-linuxbridge ebtables ipset
编辑/etc/neutron/neutron.conf配置文件
vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:openstack@controller
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 000000
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini配置文件
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens33 (nat网络类型充当外部网络)
[vxlan]
enable_vxlan = true
local_ip = 192.168.100.20
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver编辑/etc/nova/nova.conf 配置文件
vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 000000重新启动nova-compute服务
systemctl restart openstack-nova-compute.service
启动neutron-Linuxbridge-agent服务
systemctl enable neutron-linuxbridge-agent.servicesystemctl start neutron-linuxbridge-agent.service
List loaded extensions to verify successful launch of the neutron-server process
官方文档:https://docs.openstack.org/neutron/queens/install/verify.html
openstack extension list --network验证:查看相关agent【在控制节点验证】
[root@controller ~]# source admin-openrc
[root@controller ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 0ada84e0-29ec-46a9-a38b-61431aef53e0 | Linux bridge agent | controller | None | :-) | UP | neutron-linuxbridge-agent |
| 1512217a-b898-47fe-95fd-bd0fc5fcf1b9 | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent |
| 1d4a99fb-275e-43cb-b2a0-f295a361ebc8 | L3 agent | controller | nova | :-) | UP | neutron-l3-agent |
| 6fc8021a-15c9-456f-984d-e6ba601f5150 | Linux bridge agent | compute | None | :-) | UP | neutron-linuxbridge-agent |
| fbb444e0-f596-46d6-a26e-0e2f05ee2fca | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
此处评论已关闭