在前面我们已经了解过Neutron网络服务的各种相关概念,仿佛如一团乱麻,一时难以理解。但是没关系,我们由简至繁来梳理一下,这里我们来了解一下基于linux bridge驱动的local network类型。
what?
local-network.png
local network 的特点是 不会与宿主机的任何物理网卡相连,也不关联任何的 VLAN ID。
对于每一个local network网络,都会单独起一个bridge,只有挂载在同一个bridge上的tap设备才能通讯。
how?(一次不太完美的实验)
光看上面的图也许逻辑概念并不太清楚,没关系,我们来动手实践一下。
- neutron 默认使用ml2做为core_plugins:
[root@openstack-compute ~]# grep ^core_plugin /etc/neutron/neutron.conf
core_plugin = ml2
- 配置ml2使用linuxbridge做为驱动机制(mechanism driver)
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge
- 设置ml2加载5种网络type_drivers,只有加载的网络驱动类型才能调用
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers local,flat,vlan,gre,vxlan
- 配置openstack普通用户创建的网络类型为local,只有admin可以自定义指定创建网络的类型,可以同时配置多种网络类型,用逗号连接.
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types local
- 检查配置文件
/etc/neutron/plugins/ml2/ml2_conf.ini
[root@openstack-compute ~]# grep -C1 "^[a-z]" /etc/neutron/plugins/ml2/ml2_conf.ini | grep -Ev "\-\-|^#|^$"
[ml2]
type_drivers = local,flat,vlan,gre,vxlan
tenant_network_types = local
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = physnet1
[securitygroup]
enable_ipset = True
- 重启neutron linuxbridge服务使之生效(所有网络节点)
这里有个小bug,重启dhcp服务时,已经启动的dhcp的残余进程,导致重启修改失败,需要手动kill掉残余进程
# 控制节点
systemctl restart neutron-dhcp-agent.service neutron-linuxbridge-agent.service neutron-metadata-agent.service
# 计算节点
systemctl restart neutron-linuxbridge-agent.service
- 现在我们来cli创建local网络。
[root@openstack-controller tools]# source admin-openrc.sh
[root@openstack-controller tools]# neutron net-create first-local
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | f31dc550-dfb4-4243-b109-15b6450d8682 |
| mtu | 0 |
| name | first-local |
| port_security_enabled | True |
| provider:network_type | local |
| provider:physical_network | |
| provider:segmentation_id | |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 471592a4281e4223b2ad578b5c9b8442 |
+---------------------------+--------------------------------------+
- cli创建subnet
[root@openstack-controller tools]# neutron help subnet-create
usage: neutron subnet-create [-h]
[-f {html,json,json,shell,table,value,yaml,yaml}]
[-c COLUMN] [--max-width ] [--noindent]
[--prefix PREFIX] [--request-format {json,xml}]
[--tenant-id TENANT_ID] [--name NAME]
[--gateway GATEWAY_IP | --no-gateway]
[--allocation-pool start=IP_ADDR,end=IP_ADDR]
[--host-route destination=CIDR,nexthop=IP_ADDR]
[--dns-nameserver DNS_NAMESERVER]
[--disable-dhcp] [--enable-dhcp]
[--ip-version {4,6}]
[--ipv6-ra-mode {dhcpv6-stateful,dhcpv6-stateless,slaac}]
[--ipv6-address-mode {dhcpv6-stateful,dhcpv6-stateless,slaac}]
[--subnetpool SUBNETPOOL]
[--prefixlen PREFIX_LENGTH]
NETWORK [CIDR]
Create a subnet for a given tenant.
positional arguments:
NETWORK Network ID or name this subnet belongs to.
CIDR CIDR of subnet to create.
[root@openstack-controller tools]# neutron subnet-create --name subnet_192_168_1 \
--gateway 192.168.1.1 \
--enable-dhcp --allocation-pool start=192.168.1.100,end=192.168.1.150 \
f31dc550-dfb4-4243-b109-15b6450d8682 192.168.1.0/24
Created a new subnet:
+-------------------+----------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------+
| allocation_pools | {"start": "192.168.1.100", "end": "192.168.1.150"} |
| cidr | 192.168.1.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 192.168.1.1 |
| host_routes | |
| id | 24158244-3732-4456-9d8d-338dee2a1c70 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | subnet_192_168_1 |
| network_id | f31dc550-dfb4-4243-b109-15b6450d8682 |
| subnetpool_id | |
| tenant_id | 471592a4281e4223b2ad578b5c9b8442 |
+-------------------+----------------------------------------------------+
- 我们来检查一下openstack创建local网络时做了些什么:
[root@openstack-controller tools]# brctl show # 检查网桥
bridge name bridge id STP enabled interfaces
brqf31dc550-df 8000.72dde96c7459 no tapcca9852b-1d
[root@openstack-controller tools]# ip netns list # 检查namespace
qdhcp-f31dc550-dfb4-4243-b109-15b6450d8682 (id: 0)
[root@openstack-controller tools]# ip netns exec qdhcp-f31dc550-dfb4-4243-b109-15b6450d8682 ip a # 检查namespace中启动的ip地址
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ns-cca9852b-1d@if4: mtu 1500 qdisc noqueue state UP qlen 1000
link/ether fa:16:3e:ac:30:9f brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.1.100/24 brd 192.168.1.255 scope global ns-cca9852b-1d # dhcp网关ip接口
valid_lft forever preferred_lft forever
inet 169.254.169.254/16 brd 169.254.255.255 scope global ns-cca9852b-1d # metadata服务的ip接口
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:feac:309f/64 scope link
valid_lft forever preferred_lft forever
- 我们在来使用这个网络创建两个实例:
[root@openstack-controller tools]# nova help flavor-create
usage: nova flavor-create [--ephemeral ] [--swap ]
[--rxtx-factor ] [--is-public ]
Create a new flavor
[root@openstack-controller tools]# nova flavor-create cirros auto 200 1 1
+--------------------------------------+--------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+--------------------------------------+--------+-----------+------+-----------+------+-------+-------------+-----------+
| 45243282-df65-4a7f-81e3-094f704a0e4f | cirros | 200 | 1 | 0 | | 1 | 1.0 | True |
+--------------------------------------+--------+-----------+------+-----------+------+-------+-------------+-----------+
[root@openstack-controller tools]# nova image-list
+--------------------------------------+--------------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+--------------+--------+--------+
| 4d890feb-3c24-4425-8311-61c41a582a56 | cirros | ACTIVE | |
| cafc3188-54a0-4f51-8286-0fb2b44d81f5 | ubuntu-16.04 | ACTIVE | |
+--------------------------------------+--------------+--------+--------+
[root@openstack-controller tools]# nova net-list
+--------------------------------------+-------------+------+
| ID | Label | CIDR |
+--------------------------------------+-------------+------+
| f31dc550-dfb4-4243-b109-15b6450d8682 | first-local | None |
+--------------------------------------+-------------+------+
[root@openstack-controller tools]# nova keypair-list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 82:e9:3f:2d:e8:41:7b:7e:32:bd:76:3a:7a:ce:ce:07 |
+-------+-------------------------------------------------+
[root@openstack-controller tools]# nova help boot
usage: nova boot [--flavor ] [--image ]
[--image-with ] [--boot-volume ]
[--snapshot ] [--min-count ]
[--max-count ] [--meta ]
[--file ] [--key-name ]
[--user-data ]
[--availability-zone ]
[--security-groups ]
[--block-device-mapping ]
[--block-device key1=value1[,key2=value2...]]
[--swap ]
[--ephemeral size=[,format=]]
[--hint ]
[--nic ]
[--config-drive ] [--poll] [--admin-pass ]
Boot a new server.
[root@openstack-controller nova]# nova boot --flavor m1.small --image ubuntu-16.04 --key-name mykey --security-groups default --nic net-id=f31dc550-dfb4-4243-b109-15b6450d8682 ubuntu-1
+--------------------------------------+-----------------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | - |
| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
| OS-EXT-SRV-ATTR:instance_name | instance-0000000b |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | hWpVXMSx7kRd |
| config_drive | |
| created | 2017-07-06T03:55:59Z |
| flavor | m1.small (2) |
| hostId | |
| id | 07066ac7-304e-4916-a891-47da3d0998a9 |
| image | ubuntu-16.04 (cafc3188-54a0-4f51-8286-0fb2b44d81f5) |
| key_name | mykey |
| metadata | {} |
| name | ubuntu-1 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | 471592a4281e4223b2ad578b5c9b8442 |
| updated | 2017-07-06T03:55:59Z |
| user_id | 60814f1c1e6a400e83b629465672ddf4 |
+--------------------------------------+-----------------------------------------------------+
[root@openstack-controller nova]# nova boot --flavor m1.small --image ubuntu-16.04 --key-name mykey --security-groups default --nic net-id=f31dc550-dfb4-4243-b109-15b6450d8682 ubuntu-2
+--------------------------------------+-----------------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | - |
| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
| OS-EXT-SRV-ATTR:instance_name | instance-0000000c |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | jsLhP4nnsGfu |
| config_drive | |
| created | 2017-07-06T03:56:04Z |
| flavor | m1.small (2) |
| hostId | |
| id | 60308795-613f-4921-918e-4aecb9373c3f |
| image | ubuntu-16.04 (cafc3188-54a0-4f51-8286-0fb2b44d81f5) |
| key_name | mykey |
| metadata | {} |
| name | ubuntu-2 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | 471592a4281e4223b2ad578b5c9b8442 |
| updated | 2017-07-06T03:56:04Z |
| user_id | 60814f1c1e6a400e83b629465672ddf4 |
+--------------------------------------+-----------------------------------------------------+