|
|
Quantum(Grizzly) quantum agent(OVS)工作流
本博客欢迎转发,但请保留原作者信息
新浪微博:@孔令贤HW;
博客地址:http://blog.iyunv.com/lynn_kong
内容系本人学习、研究和总结,如有雷同,实属荣幸!
继上一篇《Quantum(Grizzly) L3 agent工作流》,本篇介绍采用OVS(gre)实现的quantum agent工作流,系统环境参见上一篇博客。
因为agent主要的工作是操作vSwitch,所以本篇的命令居多,关于OpenvSwitch的命令使用,请参考官网。
一、系统对象
以下是我的环境中的虚拟机和网络信息,这要关注一下port的id,因为后面的命令都是基于port的信息来做的。
root@openstack:~# nova list
+--------------------------------------+--------+--------+-------------------------------------+
| ID |Name | Status | Networks |
+--------------------------------------+--------+--------+-------------------------------------+
| 50ab650a-289c-4b84-b9f6-9e6c93516a4b | cirros | ACTIVE | demo_net1=10.1.1.13,182.168.61.250 |
+--------------------------------------+--------+--------+-------------------------------------+
root@openstack:~# quantum net-list
+--------------------------------------+---------------+------------------------------------------------------+
| id |name | subnets |
+--------------------------------------+---------------+------------------------------------------------------+
| c4d8b48b-6ff7-43b6-a203-8f1192a16f07 | demo_net1 | 1e18074b-2ad1-4306-a4f7-c39e6762295610.1.1.0/24 |
| e7bb2f41-4f2a-4dbf-a701-7630cfd72de5 | external_net1 |3d6037f5-74e9-4f9f-9c07-3cd8b7b69a46 182.168.61.0/24 |
+--------------------------------------+---------------+------------------------------------------------------+
root@openstack:~# quantum port-list
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
| id |name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
| 0e2dfa90-d3c8-4938-b35f-e85ed71d0270 | | fa:16:3e:2a:6e:1c | {"subnet_id":"1e18074b-2ad1-4306-a4f7-c39e67622956", "ip_address":"10.1.1.1"} |
| 1e6720f1-8c3f-46c5-8313-72b0753037f8 | | fa:16:3e:30:de:88 | {"subnet_id":"3d6037f5-74e9-4f9f-9c07-3cd8b7b69a46", "ip_address":"182.168.61.249"} |
| 3f1f785c-7015-46c4-95ba-9efd6cd323d0 | | fa:16:3e:b6:fc:21 | {"subnet_id":"1e18074b-2ad1-4306-a4f7-c39e67622956", "ip_address":"10.1.1.12"} |
| 45772766-6c9e-431c-9c04-0365d91b6ae4 | | fa:16:3e:73:a2:59 | {"subnet_id":"3d6037f5-74e9-4f9f-9c07-3cd8b7b69a46", "ip_address":"182.168.61.250"} |
| 99f91280-a060-442e-90b0-d8324e50efc8 | | fa:16:3e:02:dd:79 | {"subnet_id":"1e18074b-2ad1-4306-a4f7-c39e67622956", "ip_address":"10.1.1.13"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
root@openstack:~# quantum router-list+--------------------------------------+--------------+--------------------------------------------------------+
| id |name | external_gateway_info |
+--------------------------------------+--------------+--------------------------------------------------------+
| 0a23bd10-932e-435a-a673-0e508f0d56b9 | demo_router1 |{"network_id": "e7bb2f41-4f2a-4dbf-a701-7630cfd72de5"} |
+--------------------------------------+--------------+--------------------------------------------------------+
二、ovs agent初始化
与agent工作相关的两个vSwitch分别是br-int和br-tun,所以初始化主要是围绕这两个设备进行。
先删除br-int上的patch-tun端口,同时删除所有的flow:
ovs-vsctl --timeout=2 -- --if-exists del-port br-int patch-tun
ovs-ofctl del-flows br-int
ovs-ofctl add-flow br-int hard_timeout=0,idle_timeout=0,priority=1,actions=normal
然后是对br-tun的处理以及关联br-int和br-tun:ovs-vsctl --timeout=2 -- --if-exists del-br br-tun
ovs-vsctl --timeout=2 add-br br-tun
ovs-vsctl --timeout=2 add-port br-int patch-tun
ovs-vsctl --timeout=2 set Interface patch-tun type=patch
ovs-vsctl --timeout=2 set Interface patch-tun options:peer=patch-int
root@openstack:~# ovs-vsctl --timeout=2 get Interface patch-tun ofport
6
ovs-vsctl --timeout=2 add-port br-tun patch-int
ovs-vsctl --timeout=2 set Interface patch-int type=patch
ovs-vsctl --timeout=2 set Interface patch-int options:peer=patch-tun
root@openstack:~# ovs-vsctl --timeout=2 get Interface patch-int ofport
1
ovs-ofctl del-flows br-tun
ovs-ofctl add-flow br-tun hard_timeout=0,idle_timeout=0,priority=1,actions=drop
三、ovs agent循环任务
3.1. tunnel同步
因为我采用的是gre模式,所以在循环任务执行前,会向plugin注册本机tunnel,同时会收到plugin推送来的系统中所有tunnel的信息,对每一个tunnel(本地tunnel除外)有如下操作(因为我的系统中只有一个节点,所以不涉及下面的命令,这里列出是为了说明gre类型agent的机制):
ovs-vsctl --timeout=2 add-port br-tun <gre-tunnel_id>
ovs-vsctl --timeout=2 set Interface <gre-tunnel_id> type=gre
ovs-vsctl --timeout=2 set Interface <gre-tunnel_id> options:remote_ip=<remote_ip>
ovs-vsctl --timeout=2 set Interface <gre-tunnel_id> options:in_key=flow
ovs-vsctl --timeout=2 set Interface <gre-tunnel_id> options:out_key=flow这样,系统中的不同节点之间就能通过gre通道互通。
3.2. 获取br-int上的设备
循环任务开始,对于刚启动的agent来说,需要处理br-int上的每一个端口,所以需要先列出br-int上的端口,以下是我的环境中的命令及输出:
root@openstack:~# ovs-vsctl --timeout=2 list-ports br-int
patch-tun
qr-0e2dfa90-d3
qvo99f91280-a0
tap3f1f785c-70
上面的patch-tun是agent初始化时在br-int上创建;qr-0e2dfa90-d3是虚拟机的网关设备;qvo99f91280-a0是与虚拟机网卡相连的设备;tap3f1f785c-70是dhcp设备;
查询每一个设备的信息:
root@openstack:~# ovs-vsctl --timeout=2 get Interface patch-tun external_ids
{}
root@openstack:~# ovs-vsctl --timeout=2 get Interface qr-0e2dfa90-d3 external_ids
{attached-mac="fa:16:3e:2a:6e:1c",iface-id="0e2dfa90-d3c8-4938-b35f-e85ed71d0270", iface-status=active}
root@openstack:~# ovs-vsctl --timeout=2 get Interface qvo99f91280-a0 external_ids
{attached-mac="fa:16:3e:02:dd:79",iface-id="99f91280-a060-442e-90b0-d8324e50efc8", iface-status=active,vm-uuid="50ab650a-289c-4b84-b9f6-9e6c93516a4b"}
root@openstack:~# ovs-vsctl --timeout=2 get Interface tap3f1f785c-70 external_ids
{attached-mac="fa:16:3e:b6:fc:21",iface-id="3f1f785c-7015-46c4-95ba-9efd6cd323d0", iface-status=active}注意,上面iface-id中记录了设备对应的port的id。
3.3. 设置安全组规则
本篇博客暂不关注安全组,如对安全组有兴趣,请继续关注我后续的博客,故此步略去。
3.4. 循环处理port
1. 对每一个port循环(由上述iface-id得到port-id),这里先处理第一个port,即port-id=3f1f785c-7015-46c4-95ba-9efd6cd323d0,查询该设备在br-int上的属性:
root@openstack:~# ovs-vsctl --timeout=2 -- --columns=external_ids,name,ofport find Interface external_ids:iface-id="3f1f785c-7015-46c4-95ba-9efd6cd323d0"
external_ids :{attached-mac="fa:16:3e:b6:fc:21",iface-id="3f1f785c-7015-46c4-95ba-9efd6cd323d0", iface-status=active}
name : "tap3f1f785c-70"
ofport : 2
2. 对于port所属的network,需要做下面的操作(若已处理过该network,忽略此步):
ovs-ofctl add-flow br-tun hard_timeout=0,idle_timeout=0,priority=4,in_port=1,dl_vlan=1,actions=set_tunnel:2,normal
解释:
in_port:patch-int端口的ofport号,参见上面的命令输出
dl_vlan:系统分配的内部vlan号,用以识别不同的逻辑network
set_tunnel:2:这里的2指plugin分配的tunnel号
ovs-ofctl add-flow br-tun hard_timeout=0,idle_timeout=0,priority=3,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00,tun_id=2,actions=mod_vlan_vid:1,output:1
其中的2,1,1分别是plugin分配的tunnel号、系统分配的内部vlan号、patch-int端口的ofport号3. 对port的设备执行下面命令
ovs-ofctl add-flow br-tun hard_timeout=0,idle_timeout=0,priority=3,dl_dst=fa:16:3e:b6:fc:21,tun_id=2,actions=mod_vlan_vid:1,normal
ovs-vsctl --timeout=2 set Port tap3f1f785c-70 tag=1
解释:
tag=1:系统分配的内部vlan号
ovs-ofctl del-flows br-int in_port=2
解释:
in_port=2:tap3f1f785c-70的ofport号
4. 循环执行上述的步骤1和步骤2,处理其他port
root@openstack:~# ovs-vsctl --timeout=2 -- --columns=external_ids,name,ofport find Interface external_ids:iface-id="99f91280-a060-442e-90b0-d8324e50efc8"
external_ids :{attached-mac="fa:16:3e:02:dd:79", iface-id="99f91280-a060-442e-90b0-d8324e50efc8",iface-status=active, vm-uuid="50ab650a-289c-4b84-b9f6-9e6c93516a4b"}
name :"qvo99f91280-a0"
ofport : 5
ovs-ofctl add-flow br-tun hard_timeout=0,idle_timeout=0,priority=3,dl_dst=fa:16:3e:02:dd:79,tun_id=2,actions=mod_vlan_vid:1,normal
ovs-vsctl --timeout=2 set Port qvo99f91280-a0 tag=1
ovs-ofctl del-flows br-int in_port=5
root@openstack:~# ovs-vsctl --timeout=2 -- --columns=external_ids,name,ofport find Interface external_ids:iface-id="0e2dfa90-d3c8-4938-b35f-e85ed71d0270"
external_ids :{attached-mac="fa:16:3e:2a:6e:1c",iface-id="0e2dfa90-d3c8-4938-b35f-e85ed71d0270", iface-status=active}
name :"qr-0e2dfa90-d3"
ofport : 1
ovs-ofctl add-flow br-tun hard_timeout=0,idle_timeout=0,priority=3,dl_dst=fa:16:3e:2a:6e:1c,tun_id=2,actions=mod_vlan_vid:1,normal
ovs-vsctl --timeout=2 set Port qr-0e2dfa90-d3 tag=1
ovs-ofctl del-flows br-int in_port=1
四、vlan模型图(quntum agent+dhcp agent+l3 agent)
上面的命令是使用ovs gre模式的命令,而如果使用ovs vlan模式,命令类似,只是操作的不再是br-tun,而是每一个network对应的物理br,下面的几张图应该能清晰的说明问题。
逻辑模型:
物理节点上quantum agent的实现:
物理节点上dhcp agent和l3 agent的实现,也可以参考上一篇博客:
如何实现namespace隔离:
版权声明:本文为博主原创文章,未经博主允许不得转载。 |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-10-11 07:07:28
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡