OpenStack、neutron组件
一、Networking(neutron)简介1、Networking简介
Networking:代码名Neutron(早期叫Quantum,独立之前为nova-netwroking,从F版开始独立出来,之前由Compute提供);为Openstack提供NCaaS的功能;插件化设计,支持众多流行的网络管理插件;
要部署Neutron需要部署3类节点:
Neutron Server:controller
Network Node:构建复杂网络模型
Compute Nodes:Computes
功能:
基于OVS提供虚拟交换机,
基于L3(netns)提供虚拟路由器
dhcpagent,NAT,LBaaS,FWaaS,IPSec ***
Networking API
2、常用术语
network:在Neutron中指的是二层网络,指的是物理网络,连接在同一个交换机上的网络
隔离的2层网络,类似Vlan。
subnet:三层网络,给了ip地址的网络。有着关联配置状态的3层网络,或者说是由IPV4或IPV6定义的地址块形成的网络。
port:将主机连入网络设备的连接接口
OpenStack中物理网络连接架构:
管理网络:management network 各节点内部通信,
数据网络:data network 各hypervisor所在的节点,与networking节点基于隧道通信
外部网络:external network 为环境内的各虚拟机提供访互联网时的信道
API网络:
Tenant network:tenant内部使用的网络
Flat network:平面网络,所有VMs在同一个网络中,不支持VLAN及其它网络隔离机制
Local network:所有VMs位于本地一个Compute节点,且与external隔离,不支持VLAN
Vlan network:通过使用VLAN的IDs创建多个providers或ternant网络,
Vxlan和GRE:隧道
provider network:提供者网络,为各tenant网络提供通信承载的网络,不专属于某tenant
3、neutron的插件
plug-in agent:neutron-*-agent一堆的包,运行于每个hypervisor所在的节点(compute)上,实现本地不同了OVS的配置功能。
dhcp agent
l3 agent
l2 agent
4、neutron的组件
neutron-server:
plugins 和 agents
message queue
neutron database
二、安装neutron
1、Configure controller node
创建数据库并授权
mysql> create database neutron character set utf8;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on neutron.* to 'neutron'@'%' identified by 'neutron'
-> ;
Query OK, 0 rows affected (0.00 sec)
mysql> grant all on neutron.* to 'neutron'@'localhost' identified by 'neutron'
-> ;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.04 sec) 4)创建nova用户
# keystone user-create --name=neutron --pass=neutron
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
|email | |
| enabled| True |
| id | 7367ddf36b784d63807ac1ffb4a22764 |
| name | neutron |
| username | neutron |
+----------+----------------------------------+
# keystone user-role-add --user=neutron --tenant=service --role=admin
# keystone user-role-list --user=neutron --tenant=service
+----------------------------------+-------+----------------------------------+----------------------------------+
| id |name | user_id | tenant_id |
+----------------------------------+-------+----------------------------------+----------------------------------+
| 908cde894759423780e5787e4e50d7fb | admin | 7367ddf36b784d63807ac1ffb4a22764 | c536e6faa30b4b3f998e14af70f4f7c2 |
+----------------------------------+-------+----------------------------------+----------------------------------+ 在keystone中添加glance的service endpoint:
# keystone service-create --name neutron --type network
+-------------+----------------------------------+
| Property| Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 847603f305124cb1ab8339f0f0b8a57d |
| name | neutron |
| type | network |
+-------------+----------------------------------+
# keystone service-list
+----------------------------------+----------+----------+-------------------------+
| id | name | type | description |
+----------------------------------+----------+----------+-------------------------+
| d60703148eb04b8a8813e3f0f46ca7a5 |glance|image | OpenStack Image Service |
| 16929dabe6db4044af364ab96867b8b4 | keystone | identity | OpenStack Identity |
| 847603f305124cb1ab8339f0f0b8a57d | neutron| network| |
| e7acbab65f9647e7a3f691f990e43eb5 | nova | compute| OpenStack Compute |
+----------------------------------+----------+----------+-------------------------+
# keystone endpoint-create \
> --service-id $(keystone service-list | awk '/ network / {print $2}') \
> --publicurl http://controller:9696 \
> --adminurl http://controller:9696 \
> --internalurl http://controller:9696
+-------------+----------------------------------+
| Property| Value |
+-------------+----------------------------------+
| adminurl| http://controller:9696 |
| id | b892bcd388094c0ab302c0fc171e96c0 |
| internalurl | http://controller:9696 |
|publicurl| http://controller:9696 |
| region | regionOne |
|service_id | 847603f305124cb1ab8339f0f0b8a57d |
+-------------+----------------------------------+
2、安装并配置netron
# yum install openstack-neutron openstack-neutron-ml2 python-neutronclient 配置/etc/netron/netron.conf
# cd /etc/neutron
# ls
dhcp_agent.ini lbaas_agent.ini neutron.conf.bakrelease
fwaas_driver.inimetadata_agent.iniplugins rootwrap.conf
l3_agent.ini neutron.conf policy.json
# vi neutron.conf
# connection = mysql://root:pass@127.0.0.1:3306/neutron
connection = mysql://neutron:neutron@192.168.10.1/neutron
# auth_strategy = noauth
auth_strategy = keystone
auth_protocol=http
auth_url=http://controller:5000
auth_host=controller
auth_port=35357
auth_user=neutron
admin_tenant_name=service
admin_password=neutron
# QPID
# rpc_backend=neutron.openstack.common.rpc.impl_qpid
rpc_backend=neutron.openstack.common.rpc.impl_qpid
# Qpid broker hostname
# qpid_hostname = localhost
qpid_hostname = controller
# notify_nova_on_port_status_changes = False
notify_nova_on_port_status_changes = True
# Send notifications to nova when port data (fixed_ips/floatingips) change
# so nova can update it's cache.
# notify_nova_on_port_data_changes = False
notify_nova_on_port_data_changes = True
nova_url = http://192.168.10.1:8774/v2
# Name of nova region to use. Useful if keystone manages more than one region
# nova_region_name =
# Username for connection to nova in admin context
# nova_admin_username =
nova_admin_username = neutron
# The uuid of the admin nova tenant
# nova_admin_tenant_id =
nova_admin_tenant_id = c536e6faa30b4b3f998e14af70f4f7c2 #service tenant id
# Password for connection to nova in admin context.
# nova_admin_password =
nova_admin_password = neutron
# Authorization URL for connection to nova in admin context.
# nova_admin_auth_url =
nova_admin_auth_url =
# core_plugin =
core_plugin = ml2
# Example: core_plugin = ml2
# service_plugins =
service_plugins = router 配置plugins/ml2/ml2_conf.ini:
# cd plugins/
# ls
ml2
# cd ml2/
# ls
ml2_conf_arista.ini ml2_conf.ini ml2_conf_odl.ini
ml2_conf_brocade.iniml2_conf_mlnx.iniml2_conf_ofa.ini
ml2_conf_cisco.ini ml2_conf_ncs.ini restproxy.ini
# vi ml2_conf.ini
# grep -v '^$\|^#' ml2_conf.ini
type_drivers = gre
tenant_network_types = gre
mechanism_drivers = openvswitch
tunnel_id_ranges = 1:1000
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver 配置/etc/nova/nova.conf:
# vi /etc/nova/nova.conf
#network_api_class=nova.network.api.API
network_api_class=nova.network.neutronv2.api.API
#neutron_url=http://127.0.0.1:9696
neutron_url=
#neutron_auth_strategy=keystone
neutron_auth_strategy=keystone
#neutron_admin_username=<None>
neutron_admin_username=neutron
# Password for connecting to neutron in admin context (string
# value)
#neutron_admin_password=<None>
neutron_admin_password=neutron
# Tenant id for connecting to neutron in admin context (string
# value)
#neutron_admin_tenant_id=<None>
# Tenant name for connecting to neutron in admin context. This
# option is mutually exclusive with neutron_admin_tenant_id.
# Note that with Keystone V3 tenant names are only unique
# within a domain. (string value)
#neutron_admin_tenant_name=<None>
neutron_admin_tenant_name=service
# Region name for connecting to neutron in admin context
# (string value)
#neutron_region_name=<None>
# Authorization URL for connecting to neutron in admin context
# (string value)
#neutron_admin_auth_url=http://localhost:5000/v2.0
neutron_admin_auth_url=
#linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
#firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
firewall_driver=nova.virt.firewall.NoopFirewallDriver
#security_group_api=nova
security_group_api=neutron 创建链接:
# ln -sv plugins/ml2/ml2_conf.ini /etc/neutron/plugins.ini
`/etc/neutron/plugins.ini' -> `plugins/ml2/ml2_conf.ini'
# ls
dhcp_agent.ini lbaas_agent.ini neutron.conf.bakpolicy.json
fwaas_driver.inimetadata_agent.iniplugins release
l3_agent.ini neutron.conf plugins.ini rootwrap.conf 启动neutron服务:
=========
页:
[1]