当搭建完openstack之后,在创建instance之前,第一件事情就是创建network,一个经典的流程如下:
TENANT_NAME="openstack"
TENANT_NETWORK_NAME="openstack-net"
TENANT_SUBNET_NAME="${TENANT_NETWORK_NAME}-subnet"
TENANT_ROUTER_NAME="openstack-router"
FIXED_RANGE="NEUTRON_FIXED_RANGE"
NETWORK_GATEWAY="NEUTRON_NETWORK_GATEWAY"
PUBLIC_GATEWAY="NEUTRON_PUBLIC_GATEWAY"
PUBLIC_RANGE="NEUTRON_PUBLIC_RANGE"
PUBLIC_START="NEUTRON_PUBLIC_START"
PUBLIC_END="NEUTRON_PUBLIC_END"
TENANT_ID=$(keystonetenant-list | grep " $TENANT_NAME " | awk '{print $2}')
TENANT_NET_ID=$(neutronnet-create --tenant_id $TENANT_ID $TENANT_NETWORK_NAME --provider:network_typegre --provider:segmentation_id 1 | grep " id " | awk '{print $4}')
TENANT_SUBNET_ID=$(neutronsubnet-create --tenant_id $TENANT_ID --ip_version 4 --name $TENANT_SUBNET_NAME$TENANT_NET_ID $FIXED_RANGE --gateway $NETWORK_GATEWAY --dns_nameserverslist=true 8.8.8.8 | grep " id " | awk '{print $4}')
当仅有private network的时候,会对这个private network创建一个DHCPServer
所以DHCP Agent会执行下面的命令:
ip netns execqdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 ip -o link show tap452bdfab-31
这个命令试图从dhcp的namespace里面查找dhcp的网卡,但是很可惜找不到,返回error
Cannot open networknamespace "qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0": No such fileor directory
于是试图创建dhcp server的网卡,这个网卡会attach到br-int上,所以先查看br-int
ip -o link show br-int
如果br-int没有问题,于是创建dhcp server的网卡,并且attach到br-int上
ovs-vsctl -- --if-existsdel-port tap452bdfab-31 -- add-port br-int tap452bdfab-31 -- set Interfacetap452bdfab-31 type=internal -- set Interface tap452bdfab-31external-ids:iface-id=452bdfab-3152-44d0-bd9c-40c94a6f8640 -- set Interfacetap452bdfab-31 external-ids:iface-status=active -- set Interface tap452bdfab-31external-ids:attached-mac=fa:16:3e:d7:08:67
为网卡设置mac
ip link settap452bdfab-31 address fa:16:3e:d7:08:67
查看当前存在的namespace
ip -o netns list
返回
qrouter-26a45e0e-a58a-443b-a972-d62c0c5a1323
qdhcp-760d2c5e-4938-49b0-bffe-c77c5b141d18
发现没有这个dhcp所对应的namespace,需要创建一个
ip netns addqdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0
将io网卡设置为up
ip netns execqdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 ip link set lo up
将新建的dhcp server的网卡放在这个namespace里面
ip link settap452bdfab-31 netns qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0
将DHCP server的网卡设置为up
ip netns execqdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 ip link set tap452bdfab-31 up
查看这个网卡的ip地址
ip netns execqdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 ip addr show tap452bdfab-31permanent scope global
为这个网卡配置ip地址
ip netns exec qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0ip -4 addr add 192.168.10.3/24 brd 192.168.10.255 scope global devtap452bdfab-31
ip netns execqdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 ip -4 addr add 169.254.169.254/16brd 169.254.255.255 scope global dev tap452bdfab-31
第一个地址是dhcp server的地址,第二个地址是metadata server的地址
查看路由表
ip netns execqdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 ip route list dev tap452bdfab-31
169.254.0.0/16 proto kernel scope link src 169.254.169.254
192.168.10.0/24 proto kernel scope link src 192.168.10.3
添加路由表
ip netns execqdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 ip route replace default via192.168.10.1 dev tap452bdfab-31
查看网卡的配置
ip netns execqdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 ip addr show tap452bdfab-31
232: tap452bdfab-31:
link/etherfa:16:3e:d7:08:67 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.3/24 brd192.168.10.255 scope global tap452bdfab-31
valid_lft foreverpreferred_lft forever
inet 169.254.169.254/16brd 169.254.255.255 scope global tap452bdfab-31
valid_lft foreverpreferred_lft forever
inet6fe80::f816:3eff:fed7:867/64 scope link tentative
valid_lft foreverpreferred_lft forever
启动dhcp server
ip netns execqdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 env NEUTRON_NETWORK_ID=66b9930b-2871-414c-8c6f-991a6a8cffe0dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces--interface=tap452bdfab-31 --except-interface=lo--pid-file=/var/lib/neutron/dhcp/66b9930b-2871-414c-8c6f-991a6a8cffe0/pid--dhcp-hostsfile=/var/lib/neutron/dhcp/66b9930b-2871-414c-8c6f-991a6a8cffe0/host--addn-hosts=/var/lib/neutron/dhcp/66b9930b-2871-414c-8c6f-991a6a8cffe0/addn_hosts--dhcp-optsfile=/var/lib/neutron/dhcp/66b9930b-2871-414c-8c6f-991a6a8cffe0/opts--leasefile-ro --dhcp-range=set:tag0,192.168.10.0,static,86400s--dhcp-lease-max=256 --conf-file= --domain=openstacklocal
启动metadata proxy
ip netns execqdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 neutron-ns-metadata-proxy--pid_file=/var/lib/neutron/external/pids/66b9930b-2871-414c-8c6f-991a6a8cffe0.pid--metadata_proxy_socket=/var/lib/neutron/metadata_proxy--network_id=66b9930b-2871-414c-8c6f-991a6a8cffe0 --state_path=/var/lib/neutron--metadata_port=80 --debug --verbose--log-file=neutron-ns-metadata-proxy-66b9930b-2871-414c-8c6f-991a6a8cffe0.log--log-dir=/var/log/neutron
最后查看一下网卡配置
ip netns execqdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 ip addr show tap452bdfab-31
kill -HUP 17666
这个PID是什么呢?
# ps aux | grep 17666
nobody 17666 0.0 0.0 28204 1112? S Jul14 0:00 dnsmasq --no-hosts --no-resolv --strict-order--bind-interfaces --interface=tap452bdfab-31 --except-interface=lo--pid-file=/var/lib/neutron/dhcp/66b9930b-2871-414c-8c6f-991a6a8cffe0/pid--dhcp-hostsfile=/var/lib/neutron/dhcp/66b9930b-2871-414c-8c6f-991a6a8cffe0/host--addn-hosts=/var/lib/neutron/dhcp/66b9930b-2871-414c-8c6f-991a6a8cffe0/addn_hosts--dhcp-optsfile=/var/lib/neutron/dhcp/66b9930b-2871-414c-8c6f-991a6a8cffe0/opts--leasefile-ro --dhcp-range=set:tag0,192.168.10.0,static,86400s--dhcp-lease-max=256 --conf-file= --domain=openstacklocal
原来是我们的dhcp server
这个命令的作用是:如果想要更改配置而不需停止并重新启动服务,请使用该命令。在对配置文件作必要的更改后,发出该命令以动态更新服务配置。
最后查看一下路由配置
ip netns exec qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 ip route listdev tap452bdfab-31ROUTER_ID=$(neutronrouter-create --tenant_id $TENANT_ID $TENANT_ROUTER_NAME | grep " id" | awk '{print $4}')
neutronrouter-interface-add $ROUTER_ID $TENANT_SUBNET_ID
查看br-ex
ip -o link show br-ex
59: br-ex:
link/ethera0:48:1c:ab:df:b5 brd ff:ff:ff:ff:ff:ff
查看所有的namespace
ip -o netns list
qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0
qrouter-26a45e0e-a58a-443b-a972-d62c0c5a1323
qdhcp-760d2c5e-4938-49b0-bffe-c77c5b141d18
发现没有这个router的namespace,创建一个
ip netns addqrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82
将io网卡设为up
ip netns execqrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 ip link set lo up
这是一个router,所以enableip forward
ip netns execqrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 sysctl -w net.ipv4.ip_forward=1
初始化iptables
ip netns execqrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 iptables-save –c
# Generated byiptables-save v1.4.21 on Thu Jul 17 01:37:57 2014
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT[0:0]
COMMIT
# Completed on Thu Jul17 01:37:57 2014
# Generated byiptables-save v1.4.21 on Thu Jul 17 01:37:57 2014
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT[0:0]
COMMIT
# Completed on Thu Jul17 01:37:57 2014
# Generated byiptables-save v1.4.21 on Thu Jul 17 01:37:57 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Thu Jul17 01:37:57 2014
ip netns execqrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 iptables-restore –c
启动metadata proxy
ip netns execqrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 neutron-ns-metadata-proxy--pid_file=/var/lib/neutron/external/pids/d62d417d-2005-46d7-a83b-b1e5c0a36d82.pid--metadata_proxy_socket=/var/lib/neutron/metadata_proxy--router_id=d62d417d-2005-46d7-a83b-b1e5c0a36d82 --state_path=/var/lib/neutron--metadata_port=9697 --debug --verbose--log-file=neutron-ns-metadata-proxy-d62d417d-2005-46d7-a83b-b1e5c0a36d82.log--log-dir=/var/log/neutron
查看router的网卡
ip netns execqrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 ip -o link show qr-29003a09-e7
但是网卡不存在
Device"qr-29003a09-e7" does not exist.
查看br-int,router的网卡会attach到这个网卡上
ip -o link show br-int
58: br-int:
link/ether0a:9b:c6:54:ef:46 brd ff:ff:ff:ff:ff:ff
创建router的网卡,并且attach到br-int
ovs-vsctl -- --if-exists del-port qr-29003a09-e7 -- add-portbr-int qr-29003a09-e7 -- set Interface qr-29003a09-e7 type=internal -
- set Interface qr-29003a09-e7external-ids:iface-id=29003a09-e787-49dd-b5f4-11ad107159c7 -- set Interfaceqr-29003a09-e7 external-ids:iface-status=active -- set Interface qr-29003a09-e7external-ids:attached-mac=fa:16:3e:84:6e:cc
设置router网卡的mac
ip link setqr-29003a09-e7 address fa:16:3e:84:6e:cc
查看所有的namespace
ip -o netns list
qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82
qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0
qrouter-26a45e0e-a58a-443b-a972-d62c0c5a1323
qdhcp-760d2c5e-4938-49b0-bffe-c77c5b141d18
有这个router的namespace
将这个网卡放在这个namespace里面
ip link setqr-29003a09-e7 netns qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82
将router的网卡设为up
ip netns execqrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 ip link set qr-29003a09-e7 up
查看网卡的地址
ip netns execqrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 ip addr show qr-29003a09-e7permanent scope global
设置网卡的地址
ip netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 ip -4addr add 192.168.10.1/24 brd 192.168.10.255 scope global dev qr-2
9003a09-e7
查看所有的网卡
ip netns execqrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 ip -o -d link list
1: lo:
link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:00 promiscuity 0
241: qr-29003a09-e7:
link/etherfa:16:3e:84:6e:cc brd ff:ff:ff:ff:ff:ff promiscuity 1
neutron net-createpublic --router:external=True
neutron subnet-create--ip_version 4 --gateway $PUBLIC_GATEWAY public $PUBLIC_RANGE --allocation-poolstart=$PUBLIC_START,end=$PUBLIC_END --disable-dhcp --name public-subnet
neutronrouter-gateway-set ${TENANT_ROUTER_NAME} public
查看br-ex
ip -o link show br-ex
59: br-ex:
link/ethera0:48:1c:ab:df:b5 brd ff:ff:ff:ff:ff:ff
列出所有的网卡
ip netns execqrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 ip -o -d link list
1: lo:
link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:00 promiscuity 0
241: qr-29003a09-e7:
link/etherfa:16:3e:84:6e:cc brd ff:ff:ff:ff:ff:ff promiscuity 1
查看qg网卡
ip netns execqrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 ip -o link show qg-556ca938-e1
但是网卡不存在
Device"qg-556ca938-e1" does not exist.
查看br-ex
ip -o link show br-ex
创建新的网卡qg,attach到br-ex
ovs-vsctl -- --if-existsdel-port qg-556ca938-e1 -- add-port br-ex qg-556ca938-e1 -- set Interfaceqg-556ca938-e1 type=internal -- set Interface qg-556ca938-e1external-ids:iface-id=556ca938-e11b-4246-bdc1-ef25c91b7593 -- set Interfaceqg-556ca938-e1 external-ids:iface-status=active -- set Interface qg-556ca938-e1external-ids:attached-mac=fa:16:3e:68:12:c0
设置网卡mac
ip link setqg-556ca938-e1 address fa:16:3e:68:12:c0
查看所有的namespace
ip -o netns list
qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82
qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0
qrouter-26a45e0e-a58a-443b-a972-d62c0c5a1323
qdhcp-760d2c5e-4938-49b0-bffe-c77c5b141d18
将qg网卡设置到namespace中
ip link setqg-556ca938-e1 netns qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82
将网卡设置为up
ip netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82ip link set qg-556ca938-e1 up
查看网卡地址
ip netns execqrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 ip addr show qg-556ca938-e1permanent scope global
设置网卡地址
ip netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 ip -4addr add 16.158.165.105/22 brd 16.158.167.255 scope global dev qg
-556ca938-e1
添加router表
ip netns execqrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 route add default gw 16.158.164.1
设置iptables
ip netns execqrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 iptables-save –c
# Generated byiptables-save v1.4.21 on Thu Jul 17 01:58:30 2014
*nat
:PREROUTING ACCEPT[4:425]
:INPUT ACCEPT [1:229]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT[0:0]
:neutron-l3-agent-OUTPUT- [0:0]
:neutron-l3-agent-POSTROUTING- [0:0]
:neutron-l3-agent-PREROUTING- [0:0]
:neutron-l3-agent-float-snat- [0:0]
:neutron-l3-agent-snat -[0:0]
:neutron-postrouting-bottom- [0:0]
[4:425] -A PREROUTING -jneutron-l3-agent-PREROUTING
[0:0] -A OUTPUT -jneutron-l3-agent-OUTPUT
[0:0] -A POSTROUTING -jneutron-l3-agent-POSTROUTING
[0:0] -A POSTROUTING -jneutron-postrouting-bottom
[0:0] -Aneutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -jREDIRECT --to-ports 9697
[0:0] -Aneutron-l3-agent-snat -jneutron-l3-agent-float-snat
[0:0] -Aneutron-postrouting-bottom -j neutron-l3-agent-snat
COMMIT
# Completed on Thu Jul17 01:58:30 2014
# Generated byiptables-save v1.4.21 on Thu Jul 17 01:58:30 2014
*mangle
:PREROUTING ACCEPT[4:425]
:INPUT ACCEPT [1:229]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT[0:0]
COMMIT
# Completed on Thu Jul17 01:58:30 2014
# Generated byiptables-save v1.4.21 on Thu Jul 17 01:58:30 2014
*filter
:INPUT ACCEPT [1:229]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:neutron-filter-top - [0:0]
:neutron-l3-agent-FORWARD- [0:0]
:neutron-l3-agent-INPUT- [0:0]
:neutron-l3-agent-OUTPUT- [0:0]
:neutron-l3-agent-local- [0:0]
[1:229] -A INPUT -jneutron-l3-agent-INPUT
[0:0] -A FORWARD -jneutron-filter-top
[0:0] -A FORWARD -jneutron-l3-agent-FORWARD
[0:0] -A OUTPUT -jneutron-filter-top
[0:0] -A OUTPUT -jneutron-l3-agent-OUTPUT
[0:0] -Aneutron-filter-top -j neutron-l3-agent-local
[0:0] -Aneutron-l3-agent-INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 9697 -j ACCEPT
COMMIT
# Completed on Thu Jul17 01:58:30 2014
ip netns execqrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 iptables-restore –c
显示网卡信息
ip netns execqrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 ip addr show qg-556ca938-e1
242: qg-556ca938-e1:
link/ether fa:16:3e:68:12:c0 brd ff:ff:ff:ff:ff:ff
inet16.158.165.105/22 brd 16.158.167.255 scope global qg-556ca938-e1
valid_lft forever preferred_lft forever
inet6fe80::f816:3eff:fe68:12c0/64 scope link tentative
valid_lft forever preferred_lft forever
原文链接:
http://www.cnblogs.com/popsuper1982/p/3849822.html