控制节点的配置项:
#使用core plugin使用ml2
[root@master1 ~]# grep '^[a-z]' /etc/neutron/neutron.conf
auth_strategy = keystone
core_plugin = ml2
service_plugins =
#ml2加载指定网络类型
#加载指定的plugin-agent:Linuxbridge
[root@master1 ~]# grep '^[a-z]' /etc/neutron/plugins/ml2/ml2_conf.ini
type_drivers = local,flat,vlan,gre,vxlan,geneve
tenant_network_types = flat
mechanism_drivers = linuxbridge,openvswitch
extension_drivers = port_security
flat_networks = public
enable_ipset = true
#在哪个网口实现映射
[root@master1 ~]# grep '^[a-z]' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
physical_interface_mappings = public:ens33
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = true
enable_vxlan = false
#创建Network
[root@master1 ~]# neutron net-create --shared --provider:physical_network public --provider:network_type flat flat_net_provider
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2017-08-08T09:23:25 |
| description | |
| id | 43ad5825-5b55-4c1c-9fc4-a8c6e2ae129c |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1500 |
| name | flat_net_provider |
| port_security_enabled | True |
| provider:network_type | flat |
| provider:physical_network | public |
| provider:segmentation_id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | 3e83baa0b3d64188b036ce423002aac7 |
| updated_at | 2017-08-08T09:23:27 |
+---------------------------+--------------------------------------+
[root@master1 ~]# neutron subnet-create --name flat_subnet_provider --allocation-pool start=192.168.142.200,end=192.168.142.230 --gateway 192.168.142.2 flat_net_provider 192.168.142.0/24
Created a new subnet:
+-------------------+--------------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------------+
| allocation_pools | {"start": "192.168.142.200", "end": "192.168.142.230"} |
| cidr | 192.168.142.0/24 |
| created_at | 2017-08-08T09:30:05 |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 192.168.142.2 |
| host_routes | |
| id | dc748e16-472f-44b4-98da-629af8e9ce8d |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | flat_subnet_provider |
| network_id | 43ad5825-5b55-4c1c-9fc4-a8c6e2ae129c |
| subnetpool_id | |
| tenant_id | 3e83baa0b3d64188b036ce423002aac7 |
| updated_at | 2017-08-08T09:30:05 |
+-------------------+--------------------------------------------------------+
#底层网络变化
[root@master1 ~]# brctl show
bridge name bridge id STP enabled interfaces
brq43ad5825-5b 8000.000c298c71a6 no ens33
tapb8945f76-d5
#创建主机
[root@master1 ~]# openstack server create --flavor m1.nano --image cirros --nic net-id=43ad5825-5b55-4c1c-9fc4-a8c6e2ae129c --security-group default --key-name my-key instance-of-flat-0809-01
+--------------------------------------+-----------------------------------------------+
| Field | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | instance-00000015 |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | 3y7ZpxJNjQ8q |
| config_drive | |
| created | 2017-08-09T03:01:26Z |
| flavor | m1.nano (0) |
| hostId | |
| id | 0010799f-ee85-4259-bcda-f5eec2cb2e12 |
| image | cirros (af67976a-92ea-4d08-8296-86cb76e3954b) |
| key_name | my-key |
| name | instance-of-flat-0809-01 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 3e83baa0b3d64188b036ce423002aac7 |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2017-08-09T03:01:28Z |
| user_id | 2614b525036b47e6a9a5b51ff385a06d |
+--------------------------------------+-----------------------------------------------+
[root@master1 ~]# openstack server list
+--------------------------------------+--------------------------+---------+-----------------------------------+
| ID | Name | Status | Networks |
+--------------------------------------+--------------------------+---------+-----------------------------------+
| 0010799f-ee85-4259-bcda-f5eec2cb2e12 | instance-of-flat-0809-01 | ACTIVE | flat_net_provider=192.168.142.202 |
| 7226e76d-85c0-439f-9599-36d986dfe831 | instance-of-flat-01 | ERROR | |
| 2a657897-4fa5-4d8b-ab22-c508110a061e | instance-test-local-03 | SHUTOFF | second_local_net=172.16.1.102 |
| fb206d8d-453c-4b14-8945-f7c8526c7747 | instance-test-local-02 | SHUTOFF | first_local_net=172.16.1.13 |
| 617c6ead-d85d-45cf-9d40-1354eaf758d5 | instance-test-local-01 | SHUTOFF | first_local_net=172.16.1.12 |
+--------------------------------------+--------------------------+---------+-----------------------------------+
[root@master1 ~]# ping 192.168.142.202
PING 192.168.142.202 (192.168.142.202) 56(84) bytes of data.
64 bytes from 192.168.142.202: icmp_seq=1 ttl=64 time=10.7 ms
64 bytes from 192.168.142.202: icmp_seq=2 ttl=64 time=4.78 ms
^C
--- 192.168.142.202 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 4.788/7.763/10.739/2.976 ms
[root@master1 ~]# ssh cirros@192.168.142.202
cirros@192.168.142.202's password:
$ ifconfig
eth0 Link encap:Ethernet HWaddr FA:16:3E:AF:0D:64
inet addr:192.168.142.202 Bcast:192.168.142.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:feaf:d64/64 Scope:Link
......
#主机查看实例
[root@master1 ~]# virsh list
Id 名称 状态
----------------------------------------------------
1 instance-00000015 running
#查看虚拟机的网卡信息
[root@master1 ~]# virsh domiflist instance-00000015
接口 类型 源 型号 MAC
-------------------------------------------------------
tapd618b2cd-e7 bridge brq43ad5825-5b virtio fa:16:3e:af:0d:64
[root@master1 ~]# brctl show
bridge name bridge id STP enabled interfaces
brq43ad5825-5b 8000.000c298c71a6 no ens33
tapb8945f76-d5 #dhcp的网卡接口
tapd618b2cd-e7 #实例的网卡接口
#停止控制节点的nova-computer服务,新建一个实例创建在计算节点192.168.142.167的上
# 192.168.142.202连接 192.168.142.204,OK可以通信
$ ifconfig
eth0 Link encap:Ethernet HWaddr FA:16:3E:AF:0D:64
inet addr:192.168.142.202 Bcast:192.168.142.255 Mask:255.255.255.0
$ ping 192.168.142.204
PING 192.168.142.204 (192.168.142.204): 56 data bytes
64 bytes from 192.168.142.204: seq=0 ttl=64 time=15.811 ms
#下面我们学习DHCP
[root@master1 ~]# ps -ef | grep dns
nobody 3588 1 0 11:00 ? 00:00:00 dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo
--pid-file=/var/lib/neutron/dhcp/43ad5825-5b55-4c1c-9fc4-a8c6e2ae129c/pid
--dhcp-hostsfile=/var/lib/neutron/dhcp/43ad5825-5b55-4c1c-9fc4-a8c6e2ae129c/host
--addn-hosts=/var/lib/neutron/dhcp/43ad5825-5b55-4c1c-9fc4-a8c6e2ae129c/addn_hosts
--dhcp-optsfile=/var/lib/neutron/dhcp/43ad5825-5b55-4c1c-9fc4-a8c6e2ae129c/opts
--dhcp-leasefile=/var/lib/neutron/dhcp/43ad5825-5b55-4c1c-9fc4-a8c6e2ae129c/leases
--dhcp-match=set:ipxe,175 --bind-interfaces
--interface=ns-b8945f76-d5 #dhcp的监听接口!和tapb8945f76-d5有什么关系呢?
--dhcp-range=set:tag0,192.168.142.0,static,86400s
--dhcp-option-force=option:mtu,1500
--dhcp-lease-max=256
--conf-file= --domain=openstacklocal
#Linux Network Namespace
#查看net的id
[root@master1 ~]# neutron net-list
+--------------------------------------+-------------------+-------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+-------------------+-------------------------------------------------------+
| 43ad5825-5b55-4c1c-9fc4-a8c6e2ae129c | flat_net_provider | dc748e16-472f-44b4-98da-629af8e9ce8d 192.168.142.0/24 |
#查看所有net的namespace
[root@master1 ~]# ip netns list
qdhcp-43ad5825-5b55-4c1c-9fc4-a8c6e2ae129c (id: 2)
#tapb8945f76-d5放到这个net中,也就相当于在此namespace中;每个namespace都有自己独立的网络栈,包括route table,firewall rule等
但是无法和物理interface的root namespace相关联的brq43ad5825-5b通信,neutron使用veth pair解决了此问题。
veth pair成对儿出现,像一根虚拟的网线,可连接两个namespace。一端输入数据,另一端就可以读到数据
DHCP端:内部是if10,对外表现是ns-b8945f76-d5
[root@master1 ~]# ip netns exec qdhcp-43ad5825-5b55-4c1c-9fc4-a8c6e2ae129c ip a
1: ......
2: ns-b8945f76-d5@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether fa:16:3e:21:e7:b5 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.142.200/24 brd 192.168.142.255 scope global ns-b8945f76-d5
......
veth:ns-b8945f76-d5和tapb8945f76-d5
虚拟交换机端:tapb8945f76-d5是br的一个端口,这样就可以通信啦
小结:instance如何从dnsmasq获取IP
1)创建instance,neutron会给他分配一个port,其中包括MAC地址,这部分信息会写到dnsmasq的host文件
2)nova-compute会设置VIF的MAC地址
3)instance开机启动,发出DHCPDISCOVER广播,在flat网络泛洪
4)广播到达tapb8945f76-d5端口,ns-b8945f76-d5收到并进行相应,把host文件的ip等信息发给instance
5)instance收到并确认