因为图片上传不方便,想看图的到我另外的博客吧http://liuxin1982.blog.51cto.com/4338970/1312696
主体依然是参考官方文档,但由于官方文档有些方面可能是不太方便理解,所以下面会添加一些其它的在网上找的资料以便增加理解。备忘一下。
Network Node
Introduction
Common services
OpenStackNetworking (Network Controller)
Virtual Networking
Introduction
The Network nodewill provide:
Virtual Bridging (Open-vSwitch + Quantum Agent) with tunneling
DHCP Server (Quantum DHCP Agent)
Virtual Routing (Quantum L3 Agent)
Note |
|
It is entirely possible to install all of these services on the Cloud Controller. If you are short of resources, this is a good alternative. |
Common services
Operating System
Operating System
Install Fedora 18 . The exact installation procedure is outside the scope of this document, but please note the following configurations:
Time zone: UTC
Hostname: network
Packages: OpenSSH-Server
Once installation has finished, the server will reboot.
Use the Fedora repositories for Grizzly:
# wgethttp://rdo.fedorapeople.org/openstack/openstack-grizzly/fedora-openstack-grizzly.repo
# mv fedora-openstack-grizzly.repo/etc/yum.repos.d/
Configure the network:
Set up old ethernet nic device names:
# sed -i 's/# GOTO="netdevicename_end"/GOTO="netdevicename_end"/g'/lib/udev/rules.d/71-biosdevname.rules
Edit /etc/sysconf/network-scripts/ifcfg-eth0:
·# Internal Network
·DEVICE=eth0
·TYPE=Ethernet
·BOOTPROTO=static
·IPADDR=10.10.10.9
·NETMASK=255.255.255.0
·GATEWAY=192.168.0.254
·DNS1=8.8.8.8
·DEFROUTE=yes
·ONBOOT=yes
Edit /etc/sysconf/network-scripts/ifcfg-eth1:
·# External
·DEVICE=eth1
·TYPE=Ethernet
·BOOTPROTO=static
·IPADDR=10.10.10.1
·NETMASK=255.255.255.0
·DEFROUTE=yes
·ONBOOT=yes
Edit /etc/sysconf/network-scripts/ifcfg-eth2 file:
·#Public Bridge
·DEVICE=eth2
·TYPE=Ethernet
·BOOTPROTO=static
·IPADDR=10.10.10.1
·NETMASK=255.255.255.0
·DEFROUTE=yes
·ONBOOT=yes
Reboot.
Edit the /etc/hosts file and add cloud, network and c01 hostnames with correct IP.
·127.0.0.1 localhost
·10.10.10.10 cloud
·10.10.10.9 network
10.10.10.11 c01
Install NTP:
·#yum install -y ntp
OpenStack Networking (Network Controller)
Open vSwitch
OpenStackNetworking
Open vSwitch
Procedure 2.2. Toconfigure Open vSwitch
Install the packages:
2.# yum install openstack-quantumopenstack-quantum-openvswitch\
openvswitch-switch因为这个文档是针对Fedora18的,所以在Centos6.4下可能会报XXX没有,这没事。
In Fedora, the Open vSwitch kernel module is compiled without tunnelsupport. If you need gre tunnels and network namespaces, you must recompilethis package from source. For information, see the Open vSwitch site. If yourecompile the kernel module, you must remove and delete the existing one.
Start Open vSwitch:
4.# service openvswitch-switch start
# chkconfig openvswitch-switch on
Centos6.4下没有红色部分
Create an internal and external network bridge.
Note |
|
The introduction in this guide describes the purposes of these bridges. |
6.# ovs-vsctl add-br br-ex
7.# ovs-vsctl add-port br-ex eth1
8.# ovs-vsctl add-br br-int
To configure the bridges, complete the following steps:
Edit /etc/sysconf/network-scripts/ifcfg-eth1, as follows:
b.# External
c.DEVICE=eth1
d.TYPE=Ethernet
e.BOOTPROTO=none
f.NM_CONTROLLED=no
g.BRIDGE=br-ex
ONBOOT=yes
-
Edit /etc/sysconf/network-scripts/ifcfg-br-ex, as follows:
i.#Public Bridge
j.DEVICE=br-ex
k.TYPE=Bridge
l.BOOTPROTO=static
m.IPADDR=10.10.10.9
n.NETMASK=255.255.255.0
o.NM_CONTROLLED=no
ONBOOT=yes
-
Remove the IP address from eth1 add it to br-ex, as follows:
q.# ip addr del 10.0.0.9/24 dev eth1
# ip addr add 10.0.0.9/24 dev br-ex
Enable a simple NAT service so that Compute nodes can access the Internet through the Cloud Controller:
11.# iptables -A FORWARD -i eth1 -o br-ex-s 10.10.10.0/24 -m conntrack --ctstate NEW -j ACCEPT
12.# iptables -A FORWARD -m conntrack--ctstate ESTABLISHED,RELATED -j ACCEPT
# iptables -A POSTROUTING -s10.10.10.0/24 -t nat -j MASQUERADE
Note |
|
These rules are lost on reboot. To save or restore the rules, use an appropriate tool from your distribution to save and restore them. |
OpenStack Networking
Procedure 2.3. Toconfigure the OpenStack Networking services
Edit /etc/quantum/quantum.conf, as follows:
2.[DEFAULT]
3.verbose = True
4.rpc_backend =cinder.openstack.common.rpc.impl_qpid
5.sql_connection =mysql://cinder:password@localhost/cinder
6.qpid_user = guest
7.qpid_password = guest
8.[keystone_authtoken]
9.auth_host = 10.10.10.10
10.admin_tenant_name = service
11.admin_user = quantum
admin_password = password
Edit /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini, as follows:
13.[database]
14.sql_connection =mysql://quantum:[email protected]/quantum
15.[ovs]
16.tenant_network_type = gre
17.tunnel_id_ranges = 1:1000
18.enable_tunneling = True
19.local_ip = 10.10.10.9
20.[securitygroup]
firewall_driver =quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
Note |
|
Choose tunnel mode because you do not have to configure your physical switches for VLANs. |
Edit /etc/quantum/dhcp_agent.ini, as follows:
22.[DEFAULT]
23.enable_isolated_metadata = True
enable_metadata_network = True
Edit /etc/quantum/metadata_agent.ini, as follows:
25.[DEFAULT]
26.auth_url = http://10.10.10.10:35357/v2.0
27.auth_region = RegionOne
28.admin_tenant_name = service
29.admin_user = quantum
30.admin_password = password
31.nova_metadata_ip = 10.10.10.10
metadata_proxy_shared_secret = password
Start the services, as follows:
33.# service quantum-server restart
34.# service quantum-openvswitch-agentrestart
35.# service quantum-dhcp-agent restart
36.# service quantum-l3-agent restart
37.# chkconfig quantum-server on
38.# chkconfig quantum-openvswitch-agent on
39.# chkconfig quantum-dhcp-agent on
# chkconfig quantum-l3-agent on
Note |
|
To debug errors that prevent the Networking Service from starting, review the /var/log/quantum/*.log files. |
Virtual Networking
Create VirtualNetworking
L3 Configuration
Create Virtual Networking
Create an openrc File
Create a file called ~/openrc. This file contains the OpenStack admin credentials that are used when interacting with the OpenStack environment on the command line.
·export OS_TENANT_NAME=admin
·export OS_USERNAME=admin
·export OS_PASSWORD=password
·export OS_AUTH_URL="http://10.10.10.10:5000/v2.0/"
·export SERVICE_ENDPOINT="http://10.10.10.10:35357/v2.0"
export SERVICE_TOKEN=password
Source the credentials into your environment:
source ~/openrc
Configure the Bash shell to load these credentials upon each login:
echo "source ~/openrc">> ~/.bashrc
The following bash script will create an internal network for the "demo" project.
3.#!/bin/bash
4.TENANT_NAME="demo"
5.TENANT_NETWORK_NAME="demo-net"
6.TENANT_SUBNET_NAME="${TENANT_NETWORK_NAME}-subnet"
7.TENANT_ROUTER_NAME="demo-router"
8.FIXED_RANGE="10.5.5.0/24"
9.NETWORK_GATEWAY="10.5.5.1"
10.TENANT_ID=$(keystone tenant-list | grep" $TENANT_NAME " | awk '{print $2}')
11.
12.TENANT_NET_ID=$(quantum net-create--tenant_id $TENANT_ID $TENANT_NETWORK_NAME --provider:network_type gre --provider:segmentation_id 1 | grep " id" | awk '{print $4}')
13.TENANT_SUBNET_ID=$(quantum subnet-create--tenant_id $TENANT_ID --ip_version 4 --name $TENANT_SUBNET_NAME $TENANT_NET_ID$FIXED_RANGE --gateway $NETWORK_GATEWAY --dns_nameservers list=true 8.8.8.8 |grep " id " | awk '{print $4}')
14.ROUTER_ID=$(quantum router-create--tenant_id $TENANT_ID $TENANT_ROUTER_NAME | grep " id " | awk'{print $4}')
quantum router-interface-add $ROUTER_ID$TENANT_SUBNET_ID
L3 Configuration
The Quantum L3service enables instances to have external network access. If this service isnot configured, your instances will only be able to communicate with eachother. Please note that this configuration is highly dependant on yourenvironment. For example, make note of thesubnet-create command below.You will need to verify your own network settings for the external subnet (10.0.0.0/24 in thiscase) as well as an allocation pool. The allocation pool is used to provideeach Project with an IP address to access the external network. The poolconsists of 50 IPs and therefore only 50 projects will be able to get a gatewayIP.
Create an external network:
quantum net-create public --router:external=True
Create a subnet for the external network:
quantum subnet-create --ip_version 4--gateway 10.0.0.1 public 10.0.0.0/24 --allocation-poolstart=10.0.0.200,end=10.0.0.250 --disable-dhcp --name public-subnet
Set the gateway of the demo router to the public network:
quantum router-gateway-set demo-router public
-------------------------------------------------------------------------------------------
以下是做参考配置,因为上面几步不全面
By default the L3 agent makes use of Linux networknamespaces in order to supportoverlapping IP addresses. Requirements fornetwork namespaces support are described inthe Limitation section.
If the Linux installation does not support networknamespace, you must disable usingnetwork namespace in the L3 agent config file(The default value of use_namespaces isTrue).
use_namespaces = False
When use_namespaces is set as False, only one router IDcan be supported per node. Thismust be configured via the configurationvariable router_id.
# If use_namespaces is set as False then the agent canonly configure onerouter.
# This is done by setting the specific router_id.
router_id = 1064ad16-36b7-4c2f-86f0-daa2bcbd6b2a
介绍
External 就是外部网络,相当于 Float ip,External 网络走的是 br-ex,也就是物理 eth1 网卡,对于 External 网络我们只需要创建一个就够了,而所有的租户都用这一个 External 到外网。
我们用管理员创建一个 External 网络后,剩下的就交给每个租户自己来创建自己的网络了。
Quantum 里的名词理解:
Network:分为 External 和 Internal 两种网络, 也就是一个交换机。
Port:交换机上的端口,这个端口被谁使用,可以知道 IP 地址信息。
Subnet:这个网络在哪个网段,它的网关和 dns 是多少
Router:一个路由器,可以用来隔离不同租户之间自己创建的 Internal 网络.
Interface:路由器上的 WLAN 和 LAN 口
对于配置 Quantum 的网络来说,就是自己动手插网线、连路由器的一个过程。例如:比如一个公司是通过 ADSL 拨号上网,出口只有一个,公司内部是一个局域网(External网络),然而这个公司有多个部门组成(多个租户),A 部门(租户)需要经常测试,IP 地址或 DHCP 服务器会和其他部门(其他租户)冲突,只能在找一个路由器(Router-1)来隔离 A 部门和其它部门的网络, A 部门的网络地址不能设置成和路由器(Router-1)的 WLAN 口在同一网络位,因为路由器的 WLAN 口 IP 和 LAN 口 IP 不能在同一网段,这时候就需要 A 部门自己定义一个私有网段到路由器的 LAN 口,(租户自己创建自己的 Network 、 Subnet 以及 Router,并把 Interface 加到 Router 上,设置 Interface 的 WLAN口为 External ip, LAN 口为 Subnet 包含的地址)。 A 部门正常可以上外网(Port 通过 Router-1的 Interface 到 External 上)。同理,现在多个部门都需要隔离网络,那就多个路由器来(Router-2,3,4,5…)隔离。
创建一个 External 网络
注意 router:external=True 参数,它指这是一个 External 网络
EXTERNAL_NET_ID=$(quantum net-create external_net1--router:external=True | awk '/ id / {print $4}')
创建一个 Subnet
由于我的 Quantum 版本是2.0, 而源码包已经更新到了 2.2 了,命令参数以后可能会有些小变化。我这里的 quantum 命令不能直接设置 dns 和 host route。下面这个 192.168.8.0/24 就是我外部网络的网段了,注意网关必须是你指定的这个网络范围里,比如你指定了 cidr 是 192.168.8.32/24,网关是 192.168.8.1, 而 8.1 不再 cidr 的范围里。
创建 Float IP 地址的 Subnet, 这个 Subnet 的 DHCP 服务被禁用:
SUBNET_ID=$(quantum subnet-create external_net1192.168.8.0/24 --name=external_subnet1 --gateway_ip 192.168.8.1--enable_dhcp=False | awk '/ id / {print $4}')
创建一个 Internal 网络
这里为租户 demo 创建,需要 demo 的 id:
# DEMO_ID=$(keystone tenant-list | awk '/ demo / {print$2}')
为 demo 租户创建 InternalNetwork
demo 租户:我给你们部门规划创建了一套网络
# INTERNAL_NET_ID=$(quantum net-create demo_net1--tenant_id $DEMO_ID | awk '/ id / {print $4}')
为 demo 租户创建 Subnet
demo 租户:我给你们定义了一个网段 10.1.1.0/24 , 网关是10.1.1.1,默认开启了 dhcp 功能
# DEMO_SUBNET_ID=$(quantum subnet-create demo_net110.1.1.0/24 --name=demo_subnet1 --gateway_ip 10.1.1.1 --tenant_id $DEMO_ID| awk'/ id / {print $4}')
为 demo 租户创建一个 Router
又给 demo 租户拿来了一个路由器:
# DEMO_ROUTER_ID=$(quantum router-create --tenant_id$DEMO_ID demo_router1 | awk '/ id / {print $4}')
添加 Router 到 Subnet上
刚才对 demo 说的话, 应用到刚才拿来的路由器上,这个路由器 LAN口地址为: 10.1.1.1, 网段为 10.1.1.0/24:
# quantum router-interface-add $DEMO_ROUTER_ID $DEMO_SUBNET_ID
给Router添加 External IP
在给这个路由器的 WLAN 口插上连接外网的网线,并从 External 网络里拿一个 IP 地址设置到 WLAN 口:
# quantum router-gateway-set $DEMO_ROUTER_ID$EXTERNAL_NET_ID
给demo租户创建一个虚拟机
给我们即将要启动的虚拟机创建一个 Port,指定虚拟机用那个 Subnet 和 Network,在指定一个固定的 IP 地址:
# quantum net-list
+--------------------------------------+---------------+--------------------------------------+
| id | name | subnets |
+--------------------------------------+---------------+--------------------------------------+
| 18ed98d5-9125-4b71-8a37-2c9e3b07b99d | demo_net1 | 75896360-61bb-406e-8c7d-ab53f0cd5b1b |
| 1d05130a-2b1c-4500-aa97-0857fcb3fa2b | external_net1 |07ba5095-5fa0-4768-9bee-7d44d2a493cf |
+--------------------------------------+---------------+--------------------------------------+
# DEMO_PORT_ID=$(quantum port-create --tenant-id=$DEMO_ID--fixed-ip subnet_id=$DEMO_SUBNET_ID,ip_address=10.1.1.11 demo_net1 | awk '/ id/ {print $4}')
用 demo 启动虚拟机:
# glance p_w_picpath-list
+--------------------------------------+--------+-------------+------------------+---------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+--------+-------------+------------------+---------+--------+
| f61ee640-82a7-4d6c-8816-608bb91dab7d | cirros |qcow2 | ovf | 9761280 | active |
+--------------------------------------+--------+-------------+------------------+---------+--------+
# nova --os-tenant-name demo boot --p_w_picpath cirros --flavor 2 --nicport-id=$DEMO_PORT_ID instance01
给 demo 租户的虚拟机添加 Float ip
虚拟机启动后,你发现你无法 ping 通 10.1.1.11, 有路由器在隔离你当然是无法 ping 通, 不过虚拟机可以出外网. (因为quantum版本问题,没有 DNS 参数选项,虚拟机的DNS有误,自己修改下虚拟机的resolv.conf), 如果想 ssh 到虚拟机的话,就加一个 Floating IP吧:
查看 demo 租户的虚拟机的 id
# nova --os_tenant_name=demo list
+--------------------------------------+------------+--------+---------------------+
| ID | Name | Status | Networks |
+--------------------------------------+------------+--------+---------------------+
| b0b7f0a1-c387-4853-a076-4b7ba2d32ed1 | instance01 |ACTIVE | demo_net1=10.1.1.11 |
+--------------------------------------+------------+--------+---------------------+
获取虚拟机的 port id
# quantum port-list -- --device_idb0b7f0a1-c387-4853-a076-4b7ba2d32ed1
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------+
| id | name |mac_address | fixed_ips |
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------+
| 95602209-8088-4327-a77b-1a23b51237c2 | | fa:16:3e:9d:41:df |{"subnet_id": "75896360-61bb-406e-8c7d-ab53f0cd5b1b","ip_address": "10.1.1.11"} |
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------+
创建一个 Float ip
注意收集 id:
# quantum --os_tenant_name=demo floatingip-create external_net1
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| fixed_ip_address | |
| floating_ip_address | 192.168.8.3 |
| floating_network_id |1d05130a-2b1c-4500-aa97-0857fcb3fa2b |
| id | f3670816-4d76-44e0-8831-5fe601f0cbe0 |
| port_id | |
| router_id | |
| tenant_id | 83792f9193e1449bb90f78400974d533 |
+---------------------+--------------------------------------+
关联浮动 IP 到 VM
# quantum --os_tenant_name=demo floatingip-associatef3670816-4d76-44e0-8831-5fe601f0cbe0 95602209-8088-4327-a77b-1a23b51237c2
Associated floatingipf3670816-4d76-44e0-8831-5fe601f0cbe0
查看刚才关联的浮动 IP
# quantum floatingip-showf3670816-4d76-44e0-8831-5fe601f0cbe0
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| fixed_ip_address | 10.1.1.11 |
| floating_ip_address | 192.168.8.3 |
| floating_network_id |1d05130a-2b1c-4500-aa97-0857fcb3fa2b |
| id | f3670816-4d76-44e0-8831-5fe601f0cbe0 |
| port_id | 95602209-8088-4327-a77b-1a23b51237c2 |
| router_id | bf89066b-973d-416a-959a-1c2f9965e6d5 |
| tenant_id | 83792f9193e1449bb90f78400974d533 |
+---------------------+--------------------------------------+
# ping 192.168.8.3
PING 192.168.8.3 (192.168.8.3) 56(84) bytes of data.
64 bytes from 192.168.8.3: icmp_req=1 ttl=63 time=32.0 ms
64 bytes from 192.168.8.3: icmp_req=2 ttl=63 time=0.340ms
64 bytes from 192.168.8.3: icmp_req=3 ttl=63 time=0.335ms
租户如何在界面上创建网络?
对于浏览器最好用 chrome, 而 firefox 有的按钮点击不了。
创建一个 test 租户,我这里用命令创建:
# TEST_TENANT_ID=$(keystone tenant-create --name test |awk '/ id / {print $4}')
# keystone user-create --name test --pass test--tenant-id $TEST_TENANT_ID
用 test 租户登录界面,并创建自己的网络:
点击 Netork Topology,可以看到我们在目录 13 创建的 External 网络:
接下来界面的操作对应目录 14 的步骤
1. 选择 Networks 按钮,在点击 Create Network,输入网络名称:
选择 Subnet,输入名称,网络地址和网关:
选择 Subnet Detail, 输入 dhcp 范围,输入 DNS 地址,也可以添加一个静态路由,静态路由可以到别的网络:
这时候就可以在 Network Topology 里看到刚才创建的网络了:
2. 选择 Routers,点击 Create Router, 输入名称:
登录路由器,点击刚才创建的 test_router1 名字,进入到 Interface 界面,点击 Add Interface (LAN口),选择刚才创建的网络 test_subnet:
在来看看拓扑图:
回到 Interface 界面, 在给这个路由器的 WLAN 口设置一个 IP ,IP 地址从 External 网络拿一个, 选择 Add Gateway Interface:
继续看图说话:
用 test 租户创建一个虚拟机后的网络拓扑图:
用 admin 管理员用户登录查看网络拓扑图, 可以看到 External 网络、demo 和 test 租户的网络:
其实 Quantum 的网络一点都不复杂,只要对应结合到实际生活中就会很好理解.