作者:张华 发表于:2015-12-29版权声明:能够随意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本版权声明
( http://blog.csdn.net/quqi99 )
环境搭建
外部物理路由器能够通过配置bridge_mappings參数,另外想要在一个计算节点上同一时候使用flat, vlan, gre, vxlan网络需配置tenant_network_types = flat,vlan,gre,vxlan。
/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]tenant_network_types = flat,vlan,gre,vxlantype_drivers = local,flat,vlan,gre,vxlanmechanism_drivers = openvswitch[ovs]bridge_mappings = physnet1:br-phy使用devstack搭建好开发环境的话,非常easy,加上Q_ML2_TENANT_NETWORK_TYPE=flat,vlan,gre,vxlan 就可以。
br-phy这个ovs网桥能够随便给它一个IP模拟,如172.16.1.1。
当然。假设是真实物理网络的话,能够使用type=internal參数同意IP 172.16.1.1仍然设置在eth0上(别设置在br-phy上),这样不会对你的物理机的网络造成影响。
sudo ovs-vsctl -- --may-exist add-port br-phy eth0 -- set interface eth0 type=internal
配置使用dhcp-agent上的metadata proxy
demo@openstack:~$ grep -r '^enable_' /etc/neutron/dhcp_agent.ini enable_isolated_metadata = Trueenable_metadata_network = Truedemo@openstack:~$ grep -r '^enable_' /etc/neutron/l3_agent.ini enable_metadata_proxy = False
创建隔离网络
因为使用了外部物理网络,也就没有了l3-agent。因为还要使用neutron metadata,那么须要启动dhcp agent上的metadata proxy服务,但这要求使用隔离网络(最新的代码不用隔离子网也能够。但要指定force_metadata=True )。
所以隔离网络是指在neutron中有一个port连着subnet,且这个port的IP也是gatway的IP。
所以在创建子网中指定--no-gateway方式创建的子网是隔离子网(neutron subnet-create isolate_net 10.0.3.0/24 --no-gateway --name=isolate_subnet),这样的方式显然不符合使用外部网络的要求。以下尽管通过--gateway指定了网关,但因为是外部网关(--router:external=True),所以它实际也满足隔离子网的要求。
demo@openstack:~$ neutron net-create phy_net -- --router:external=True --provider:network_type flat --provider:physical_network physnet1demo@openstack:~$ neutron subnet-create --allocation-pool start=172.16.1.102,end=172.16.1.126 --gateway 172.16.1.1 phy_net 172.16.1.101/24 --enable_dhcp=True --name=phy_subnet_with_dhcpdemo@openstack:~$ neutron net-list |grep phy_net| ea600f11-4b53-4ab0-88e2-63f2fa2e2312 | phy_net | 51724b13-cc5f-4fff-8635-9569968fb212 172.16.1.0/24 |
測试步骤
dhcp-agent上的metadata proxy与l3-agent上metadata proxy的最大不同是。dhcp-agent上的使用端口80。l3-agent上的使用端口9697,所曾经者不须要到9697的DNAT规则。剩下的故事就和l3-agent上的metadata proxy一模一样了.
demo@openstack:~$ sudo ip netns exec qdhcp-ea600f11-4b53-4ab0-88e2-63f2fa2e2312 ip addr show tap16021052-cb
49: tap16021052-cb: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default link/ether fa:16:3e:be:37:bb brd ff:ff:ff:ff:ff:ff inet 172.16.1.102/24 brd 172.16.1.255 scope global tap16021052-cb valid_lft forever preferred_lft forever inet 169.254.169.254/16 brd 169.254.255.255 scope global tap16021052-cb valid_lft forever preferred_lft foreverdemo@openstack:~$ sudo ip netns exec qdhcp-ea600f11-4b53-4ab0-88e2-63f2fa2e2312 route -n |grep 169169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tap16021052-cbdemo@openstack:~$ nova boot --flavor 1 --image cirros-0.3.4-x86_64-uec --nic net-id=ea600f11-4b53-4ab0-88e2-63f2fa2e2312 i1demo@openstack:~/devstack$ nova list+--------------------------------------+------+--------+------------+-------------+----------------------+| ID | Name | Status | Task State | Power State | Networks |+--------------------------------------+------+--------+------------+-------------+----------------------+| fa0183ca-6369-4042-8f50-e9afea70df83 | i1 | ACTIVE | - | Running | phy_net=172.16.1.103 |+--------------------------------------+------+--------+------------+-------------+----------------------demo@openstack:~$ ping -c 1 172.16.1.103PING 172.16.1.103 (172.16.1.103) 56(84) bytes of data.64 bytes from 172.16.1.103: icmp_seq=1 ttl=64 time=0.474 ms--- 172.16.1.103 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 0.474/0.474/0.474/0.000 msdemo@openstack:~$ ssh cirros@172.16.1.103The authenticity of host '172.16.1.103 (172.16.1.103)' can't be established.RSA key fingerprint is b3:49:13:b3:a0:13:de:a6:6e:18:14:cb:29:8a:8a:db.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '172.16.1.103' (RSA) to the list of known hosts.cirros@172.16.1.103's password: $ route -n |grep 169169.254.169.254 172.16.1.102 255.255.255.255 UGH 0 0 0 eth0$ wget http://169.254.169.254/openstackConnecting to 169.254.169.254 (169.254.169.254:80)openstack 100% |****************************************************| 39 0:00:00 ETA$ demo@openstack:~$ sudo cat /opt/stack/data/neutron/dhcp/ea600f11-4b53-4ab0-88e2-63f2fa2e2312/opts |grep 169tag:tag0,option:classless-static-route,169.254.169.254/32,172.16.1.102,0.0.0.0/0,172.16.1.1tag:tag0,249,169.254.169.254/32,172.16.1.102,0.0.0.0/0,172.16.1.1