在前面我們已經了解過Neutron網絡服務的各種相關概念,仿佛如一團亂麻,一時難以理解。但是沒關系,我們由簡至繁來梳理一下,這里我們來了解一下基于linux bridge驅動的local network類型。
what?
local-network.png
local network 的特點是 不會與宿主機的任何物理網卡相連,也不關聯任何的 VLAN ID。
對于每一個local network網絡,都會單獨起一個bridge,只有掛載在同一個bridge上的tap設備才能通訊。
how?(一次不太完美的實驗)
光看上面的圖也許邏輯概念并不太清楚,沒關系,我們來動手實踐一下。
- neutron 默認使用ml2做為core_plugins:
[root@openstack-compute ~]# grep ^core_plugin /etc/neutron/neutron.conf
core_plugin = ml2
- 配置ml2使用linuxbridge做為驅動機制(mechanism driver)
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge
- 設置ml2加載5種網絡type_drivers,只有加載的網絡驅動類型才能調用
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers local,flat,vlan,gre,vxlan
- 配置openstack普通用戶創建的網絡類型為local,只有admin可以自定義指定創建網絡的類型,可以同時配置多種網絡類型,用逗號連接.
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types local
- 檢查配置文件
/etc/neutron/plugins/ml2/ml2_conf.ini
[root@openstack-compute ~]# grep -C1 "^[a-z]" /etc/neutron/plugins/ml2/ml2_conf.ini | grep -Ev "\-\-|^#|^$"
[ml2]
type_drivers = local,flat,vlan,gre,vxlan
tenant_network_types = local
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = physnet1
[securitygroup]
enable_ipset = True
- 重啟neutron linuxbridge服務使之生效(所有網絡節點)
這里有個小bug,重啟dhcp服務時,已經啟動的dhcp的殘余進程,導致重啟修改失敗,需要手動kill掉殘余進程
# 控制節點
systemctl restart neutron-dhcp-agent.service neutron-linuxbridge-agent.service neutron-metadata-agent.service
# 計算節點
systemctl restart neutron-linuxbridge-agent.service
- 現在我們來cli創建local網絡。
[root@openstack-controller tools]# source admin-openrc.sh
[root@openstack-controller tools]# neutron net-create first-local
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | f31dc550-dfb4-4243-b109-15b6450d8682 |
| mtu | 0 |
| name | first-local |
| port_security_enabled | True |
| provider:network_type | local |
| provider:physical_network | |
| provider:segmentation_id | |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 471592a4281e4223b2ad578b5c9b8442 |
+---------------------------+--------------------------------------+
- cli創建subnet
[root@openstack-controller tools]# neutron help subnet-create
usage: neutron subnet-create [-h]
[-f {html,json,json,shell,table,value,yaml,yaml}]
[-c COLUMN] [--max-width <integer>] [--noindent]
[--prefix PREFIX] [--request-format {json,xml}]
[--tenant-id TENANT_ID] [--name NAME]
[--gateway GATEWAY_IP | --no-gateway]
[--allocation-pool start=IP_ADDR,end=IP_ADDR]
[--host-route destination=CIDR,nexthop=IP_ADDR]
[--dns-nameserver DNS_NAMESERVER]
[--disable-dhcp] [--enable-dhcp]
[--ip-version {4,6}]
[--ipv6-ra-mode {dhcpv6-stateful,dhcpv6-stateless,slaac}]
[--ipv6-address-mode {dhcpv6-stateful,dhcpv6-stateless,slaac}]
[--subnetpool SUBNETPOOL]
[--prefixlen PREFIX_LENGTH]
NETWORK [CIDR]
Create a subnet for a given tenant.
positional arguments:
NETWORK Network ID or name this subnet belongs to.
CIDR CIDR of subnet to create.
[root@openstack-controller tools]# neutron subnet-create --name subnet_192_168_1 \
--gateway 192.168.1.1 \
--enable-dhcp --allocation-pool start=192.168.1.100,end=192.168.1.150 \
f31dc550-dfb4-4243-b109-15b6450d8682 192.168.1.0/24
Created a new subnet:
+-------------------+----------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------+
| allocation_pools | {"start": "192.168.1.100", "end": "192.168.1.150"} |
| cidr | 192.168.1.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 192.168.1.1 |
| host_routes | |
| id | 24158244-3732-4456-9d8d-338dee2a1c70 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | subnet_192_168_1 |
| network_id | f31dc550-dfb4-4243-b109-15b6450d8682 |
| subnetpool_id | |
| tenant_id | 471592a4281e4223b2ad578b5c9b8442 |
+-------------------+----------------------------------------------------+
- 我們來檢查一下openstack創建local網絡時做了些什么:
[root@openstack-controller tools]# brctl show # 檢查網橋
bridge name bridge id STP enabled interfaces
brqf31dc550-df 8000.72dde96c7459 no tapcca9852b-1d
[root@openstack-controller tools]# ip netns list # 檢查namespace
qdhcp-f31dc550-dfb4-4243-b109-15b6450d8682 (id: 0)
[root@openstack-controller tools]# ip netns exec qdhcp-f31dc550-dfb4-4243-b109-15b6450d8682 ip a # 檢查namespace中啟動的ip地址
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ns-cca9852b-1d@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether fa:16:3e:ac:30:9f brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.1.100/24 brd 192.168.1.255 scope global ns-cca9852b-1d # dhcp網關ip接口
valid_lft forever preferred_lft forever
inet 169.254.169.254/16 brd 169.254.255.255 scope global ns-cca9852b-1d # metadata服務的ip接口
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:feac:309f/64 scope link
valid_lft forever preferred_lft forever
- 我們在來使用這個網絡創建兩個實例:
[root@openstack-controller tools]# nova help flavor-create
usage: nova flavor-create [--ephemeral <ephemeral>] [--swap <swap>]
[--rxtx-factor <factor>] [--is-public <is-public>]
<name> <id> <ram> <disk> <vcpus>
Create a new flavor
[root@openstack-controller tools]# nova flavor-create cirros auto 200 1 1
+--------------------------------------+--------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+--------------------------------------+--------+-----------+------+-----------+------+-------+-------------+-----------+
| 45243282-df65-4a7f-81e3-094f704a0e4f | cirros | 200 | 1 | 0 | | 1 | 1.0 | True |
+--------------------------------------+--------+-----------+------+-----------+------+-------+-------------+-----------+
[root@openstack-controller tools]# nova image-list
+--------------------------------------+--------------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+--------------+--------+--------+
| 4d890feb-3c24-4425-8311-61c41a582a56 | cirros | ACTIVE | |
| cafc3188-54a0-4f51-8286-0fb2b44d81f5 | ubuntu-16.04 | ACTIVE | |
+--------------------------------------+--------------+--------+--------+
[root@openstack-controller tools]# nova net-list
+--------------------------------------+-------------+------+
| ID | Label | CIDR |
+--------------------------------------+-------------+------+
| f31dc550-dfb4-4243-b109-15b6450d8682 | first-local | None |
+--------------------------------------+-------------+------+
[root@openstack-controller tools]# nova keypair-list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 82:e9:3f:2d:e8:41:7b:7e:32:bd:76:3a:7a:ce:ce:07 |
+-------+-------------------------------------------------+
[root@openstack-controller tools]# nova help boot
usage: nova boot [--flavor <flavor>] [--image <image>]
[--image-with <key=value>] [--boot-volume <volume_id>]
[--snapshot <snapshot_id>] [--min-count <number>]
[--max-count <number>] [--meta <key=value>]
[--file <dst-path=src-path>] [--key-name <key-name>]
[--user-data <user-data>]
[--availability-zone <availability-zone>]
[--security-groups <security-groups>]
[--block-device-mapping <dev-name=mapping>]
[--block-device key1=value1[,key2=value2...]]
[--swap <swap_size>]
[--ephemeral size=<size>[,format=<format>]]
[--hint <key=value>]
[--nic <net-id=net-uuid,v4-fixed-ip=ip-addr,v6-fixed-ip=ip-addr,port-id=port-uuid>]
[--config-drive <value>] [--poll] [--admin-pass <value>]
<name>
Boot a new server.
[root@openstack-controller nova]# nova boot --flavor m1.small --image ubuntu-16.04 --key-name mykey --security-groups default --nic net-id=f31dc550-dfb4-4243-b109-15b6450d8682 ubuntu-1
+--------------------------------------+-----------------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | - |
| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
| OS-EXT-SRV-ATTR:instance_name | instance-0000000b |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | hWpVXMSx7kRd |
| config_drive | |
| created | 2017-07-06T03:55:59Z |
| flavor | m1.small (2) |
| hostId | |
| id | 07066ac7-304e-4916-a891-47da3d0998a9 |
| image | ubuntu-16.04 (cafc3188-54a0-4f51-8286-0fb2b44d81f5) |
| key_name | mykey |
| metadata | {} |
| name | ubuntu-1 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | 471592a4281e4223b2ad578b5c9b8442 |
| updated | 2017-07-06T03:55:59Z |
| user_id | 60814f1c1e6a400e83b629465672ddf4 |
+--------------------------------------+-----------------------------------------------------+
[root@openstack-controller nova]# nova boot --flavor m1.small --image ubuntu-16.04 --key-name mykey --security-groups default --nic net-id=f31dc550-dfb4-4243-b109-15b6450d8682 ubuntu-2
+--------------------------------------+-----------------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | - |
| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
| OS-EXT-SRV-ATTR:instance_name | instance-0000000c |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | jsLhP4nnsGfu |
| config_drive | |
| created | 2017-07-06T03:56:04Z |
| flavor | m1.small (2) |
| hostId | |
| id | 60308795-613f-4921-918e-4aecb9373c3f |
| image | ubuntu-16.04 (cafc3188-54a0-4f51-8286-0fb2b44d81f5) |
| key_name | mykey |
| metadata | {} |
| name | ubuntu-2 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | 471592a4281e4223b2ad578b5c9b8442 |
| updated | 2017-07-06T03:56:04Z |
| user_id | 60814f1c1e6a400e83b629465672ddf4 |
+--------------------------------------+-----------------------------------------------------+
