一、neutron介绍
二、neutron架构
三、neutron server 组件详解
四、Service Plugin / Agent 详解
五、neutron架构框架总结
六、虚拟机获取IP
七、VXLAN简介
八、三层网络介绍
九、neutron服务安装及配置
(一)安装和配置控制节点(ren3)
https://docs.openstack.org/ocata/install-guide-rdo/neutron-controller-install.html
1、给控制节点再添加两块网卡(租户网(仅主机1)和外网(nat))
使用nmtui修改网名
2、创建neutron数据库及用户
[root@ren3 ~]# mysql -u root -proot
MariaDB [(none)]> create database neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
3、创建neutron服务
[root@ren3 ~]# cat openrc
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://ren3:35357/v3
export OS_IDENTITY_API_VERSION=3
[root@ren3 ~]# source openrc
[root@ren3 ~]# openstack user create --domain default --password=neutron neutron
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | cb32a478c2ef4fc591c98d326cdb51e1 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@ren3 ~]# openstack role add --project service --user neutron admin[root@ren3 ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 084bee1bd6794e0799670ec2033416bc |
| name | neutron |
| type | network |
+-------------+----------------------------------+
4、创建网络服务API端点
[root@ren3 ~]# openstack endpoint create --region RegionOne \ network public http://ren3:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | ef6b1ded6f104aa3a2a797e8a61aea78 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 084bee1bd6794e0799670ec2033416bc | | service_name | neutron | | service_type | network | | url | http://ren3:9696 | +--------------+----------------------------------+ [root@ren3 ~]# openstack endpoint create --region RegionOne \ network internal http://ren3:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 90b49776141d4784b7245ac63ef24b1c | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 084bee1bd6794e0799670ec2033416bc | | service_name | neutron | | service_type | network | | url | http://ren3:9696 | +--------------+----------------------------------+ [root@ren3 ~]# openstack endpoint create --region RegionOne \ network admin http://ren3:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 8acae701196c4595bf05262a00cc0a8e | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 084bee1bd6794e0799670ec2033416bc | | service_name | neutron | | service_type | network | | url | http://ren3:9696 | +--------------+----------------------------------+
5、安装及配置ovs网络服务
(1)安装软件包
[root@ren3 ~]# yum install openstack-neutron openstack-neutron-ml2 openvswitch openstack-neutron-openvswitch ebtables -y
(2)修改neutron主配置文件(/etc/neutron/neutron.conf)
[DEFAULT] state_path = /var/lib/neutron auth_strategy = keystone core_plugin = ml2 service_plugins = router dhcp_agent_notification = true allow_overlapping_ips = True notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true transport_url = rabbit://openstack:admin@ren3 [agent] [cors] [cors.subdomain] [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@ren3/neutron [keystone_authtoken] auth_uri = http://ren3:5000 auth_url = http://ren3:35357 memcached_servers = ren3:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron [matchmaker_redis] [nova] region_name = RegionOne auth_url = http://ren3:35357 auth_type = password project_domain_name = default project_name = service user_domain_name = default username = nova password = nova [oslo_concurrency] lock_path = $state_path/lock [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_messaging_zmq] [oslo_middleware] [oslo_policy] [qos] [quotas] [ssl]
(3)修改ML2插件配置文件(/etc/neutron/plugins/ml2/ml2_conf.ini)
[DEFAULT] [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = openvswitch,l2population extension_drivers = port_security [ml2_type_flat] [ml2_type_geneve] [ml2_type_gre] [ml2_type_vlan] [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true
(3)配置Linux网桥代理配置文件(/etc/neutron/plugins/ml2/openvswitch_agent.ini)
[DEFAULT] [agent] tunnel_types = vxlan l2_population = True [ovs]tunnel_bridge = br-tun local_ip = 192.168.6.134 bridge_mappings = [securitygroup] firewall_driver = iptables_hybridenable_security_group = true [xenapi]
(4)修改Layer-3 agent配置文件(/etc/neutron/l3_agent.ini)
[DEFAULT] interface_driver = openvswitch external_network_bridge = br-ex [agent] [ovs]
(5)修改DHCP代理配置文件(/etc/neutron/dhcp_agent.ini)
[DEFAULT] interface_driver = openvswitch dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true [agent] [ovs]
(6)修改metadata配置文件(/etc/neutron/metadata_agent.ini)
[DEFAULT] nova_metadata_ip = ren3 metadata_proxy_shared_secret = METADATA_SECRET [agent] [cache]
(7)修改nova服务配置文件,使其使用网络服务
[neutron] # ... url = http://ren3:9696 auth_url = http://ren3:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET
6、同步数据库
[root@ren3 neutron]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@ren3 neutron]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
7、启动服务
[root@ren3 ~]# systemctl restart openstack-nova-api.service [root@ren3 ~]# systemctl enable neutron-server.service neutron-dhcp-agent.service openvswitch neutron-openvswitch-agent neutron-metadata-agent.service [root@ren3 ~]# systemctl start neutron-server.service neutron-dhcp-agent.service openvswitch neutron-openvswitch-agent neutron-metadata-agent.service
搭建网桥(br-ex)
[root@ren3 ~]# ovs-vsctl add-br br-ex
[root@ren3 ~]# ovs-vsctl add-port br-ex ens37
[root@ren3 ~]# ovs-vsctl show
3cbc68ee-1b32-41ae-84a9-f78570fa3259
Manager "ptcp:6640:127.0.0.1"
is_connected: true
Bridge br-ex
Port br-ex
Interface br-ex
type: internal
Port "ens37"
Interface "ens37"
Bridge br-tun
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port br-tun
Interface br-tun
type: internal
Bridge br-int
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port br-int
Interface br-int
type: internal
ovs_version: "2.9.0"
[root@ren3 ~]# systemctl enable neutron-l3-agent.service [root@ren3 ~]# systemctl start neutron-l3-agent.service
[root@ren3 ~]# neutron agent-list neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. +--------------------------------------+--------------------+------+-------------------+-------+----------------+---------------------------+ | id | agent_type | host | availability_zone | alive | admin_state_up | binary | +--------------------------------------+--------------------+------+-------------------+-------+----------------+---------------------------+ | 8279aaae-eb89-4c71-bbae-009971a697e3 | Open vSwitch agent | ren3 | | :-) | True | neutron-openvswitch-agent | | 954aaea4-b4c3-4dbc-b104-769179087cd0 | L3 agent | ren3 | nova | :-) | True | neutron-l3-agent | | a1b7aee2-2881-4d85-b119-1bf8195f66fc | Metadata agent | ren3 | | :-) | True | neutron-metadata-agent | | e67163c1-8513-4fd7-be6a-ae8e0acf83ce | DHCP agent | ren3 | nova | :-) | True | neutron-dhcp-agent | +--------------------------------------+--------------------+------+-------------------+-------+----------------+---------------------------+ [root@ren3 ~]# openstack network agent list +--------------------------------------+--------------------+------+-------------------+-------+-------+---------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+--------------------+------+-------------------+-------+-------+---------------------------+ | 8279aaae-eb89-4c71-bbae-009971a697e3 | Open vSwitch agent | ren3 | None | True | UP | neutron-openvswitch-agent | | 954aaea4-b4c3-4dbc-b104-769179087cd0 | L3 agent | ren3 | nova | True | UP | neutron-l3-agent | | a1b7aee2-2881-4d85-b119-1bf8195f66fc | Metadata agent | ren3 | None | True | UP | neutron-metadata-agent | | e67163c1-8513-4fd7-be6a-ae8e0acf83ce | DHCP agent | ren3 | nova | True | UP | neutron-dhcp-agent | +--------------------------------------+--------------------+------+-------------------+-------+-------+---------------------------+
[root@ren3 ~]# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:8775 *:* LISTEN 0 128 *:9191 *:* LISTEN 0 128 192.168.11.3:5672 *:* LISTEN 0 128 *:25672 *:* LISTEN 0 50 127.0.0.1:6633 *:* LISTEN 0 128 192.168.11.3:3306 *:* LISTEN 0 128 192.168.11.3:11211 *:* LISTEN 0 128 127.0.0.1:11211 *:* LISTEN 0 128 *:9292 *:* LISTEN 0 10 127.0.0.1:6640 *:* LISTEN 0 128 *:4369 *:* LISTEN 0 128 *:22 *:* LISTEN 0 128 *:15672 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 *:9696 *:* LISTEN 0 100 *:6080 *:* LISTEN 0 128 *:8774 *:* LISTEN 0 128 :::5000 :::* LISTEN 0 128 :::8778 :::* LISTEN 0 128 ::1:11211 :::* LISTEN 0 128 :::80 :::* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* LISTEN 0 128 :::35357 :::* [root@ren3 ~]# firewall-cmd --list-ports 4369/tcp 5672/tcp 15672/tcp 25672/tcp 3306/tcp 11211/tcp 80/tcp 35357/tcp 5000/tcp 9292/tcp 9191/tcp 8774/tcp 8775/tcp 8778/tcp 6080/tcp [root@ren3 ~]# firewall-cmd --add-port=6633/tcp --permanent success [root@ren3 ~]# firewall-cmd --add-port=6640/tcp --permanent success [root@ren3 ~]# firewall-cmd --add-port=9696/tcp --permanent success [root@ren3 ~]# firewall-cmd --reload success [root@ren3 ~]# netstat -anp |grep 6633 tcp 0 0 127.0.0.1:6633 0.0.0.0:* LISTEN 18287/python2 tcp 0 0 127.0.0.1:51038 127.0.0.1:6633 ESTABLISHED 18262/ovs-vswitchd tcp 0 0 127.0.0.1:6633 127.0.0.1:51038 ESTABLISHED 18287/python2 tcp 0 0 127.0.0.1:51036 127.0.0.1:6633 ESTABLISHED 18262/ovs-vswitchd tcp 0 0 127.0.0.1:6633 127.0.0.1:51036 ESTABLISHED 18287/python2 [root@ren3 ~]# netstat -anp |grep 6640 tcp 0 0 127.0.0.1:6640 0.0.0.0:* LISTEN 18179/ovsdb-server tcp 0 0 127.0.0.1:51168 127.0.0.1:6640 ESTABLISHED 18361/ovsdb-client tcp 0 0 127.0.0.1:6640 127.0.0.1:51168 ESTABLISHED 18179/ovsdb-server tcp 0 0 127.0.0.1:6640 127.0.0.1:51134 ESTABLISHED 18179/ovsdb-server tcp 0 0 127.0.0.1:51134 127.0.0.1:6640 ESTABLISHED 18287/python2 [root@ren3 ~]# netstat -anp |grep 9696 tcp 0 0 0.0.0.0:9696 0.0.0.0:* LISTEN 18132/python2
(二)安装和配置计算节点(ren4)
1、给计算节点添加一块网卡(租户网(仅主机1))
2、安装计算节点网络服务组件
[root@ren4 ~]# yum install openvswitch openstack-neutron-openvswitch ebtables ipset -y
3、修改配置文件
(1)修改neutron主配置文件(/etc/neutron/neutron.conf)
[DEFAULT] state_path = /var/lib/neutron auth_strategy = keystone transport_url = rabbit://openstack:admin@ren3 [agent] [cors] [cors.subdomain] [database] [keystone_authtoken] auth_uri = http://ren3:5000 auth_url = http://ren3:35357 memcached_servers = ren3:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron [matchmaker_redis] [nova] [oslo_concurrency] lock_path = $state_path/lock [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_messaging_zmq] [oslo_middleware] [oslo_policy] [qos] [quotas] [ssl]
(2)修改Linux bridge agent配置文件(/etc/neutron/plugins/ml2/openvswitch_agent.ini)
[DEFAULT] [agent] tunnel_types = vxlan l2_population = True [ovs] tunnel_bridge = br-tun local_ip = 192.168.6.135 bridge_mappings = [securitygroup] firewall_driver = iptables_hybrid enable_security_group = true [xenapi]
(3)修改nova计算服务配置文件(/etc/nova/nova.conf)
[neutron] # ... url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS
4、启动服务
[root@ren4 ml2]# systemctl restart openstack-nova-compute.service [root@ren4 ml2]# systemctl enable openvswitch neutron-openvswitch-agent [root@ren4 ml2]# systemctl start openvswitch neutron-openvswitch-agent
[root@ren4 ml2]# firewall-cmd --list-ports 111/tcp [root@ren4 ml2]# firewall-cmd --add-port=6633/tcp success [root@ren4 ml2]# firewall-cmd --add-port=6633/tcp --permanent success [root@ren4 ml2]# firewall-cmd --add-port=6640/tcp --permanent success [root@ren4 ml2]# firewall-cmd --add-port=6640/tcp success
5、在控制节点检测
[root@ren3 ~]# openstack network agent list +--------------------------------------+--------------------+------+-------------------+-------+-------+---------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+--------------------+------+-------------------+-------+-------+---------------------------+ | 8279aaae-eb89-4c71-bbae-009971a697e3 | Open vSwitch agent | ren3 | None | True | UP | neutron-openvswitch-agent | | 954aaea4-b4c3-4dbc-b104-769179087cd0 | L3 agent | ren3 | nova | True | UP | neutron-l3-agent | | a1b7aee2-2881-4d85-b119-1bf8195f66fc | Metadata agent | ren3 | None | True | UP | neutron-metadata-agent | | e67163c1-8513-4fd7-be6a-ae8e0acf83ce | DHCP agent | ren3 | nova | True | UP | neutron-dhcp-agent | | ed288124-f0ab-4a63-aa4e-a204051ef8b8 | Open vSwitch agent | ren4 | None | True | UP | neutron-openvswitch-agent | +--------------------------------------+--------------------+------+-------------------+-------+-------+---------------------------+