Contents
Kiến trúc Neutron
Neutron là thành phần quản lý dịch vụ network trên hạ tầng OpenStack
Neutron sử dụng các plugin và agent để giao tiếp với các thiết bị phần cứng phần mềm của hạ tầng mạng, giúp hạ tầng mạng của OpenStack được triển khai tự động
Neutron gồm 3 phần
-
neutron-server: tiếp nhận và chuyển các truy vấn API tới các plugin của thiết bị mạng tương ứng
-
Các plugin và agent: giúp neutron giao tiếp với thiết bị mạng, thực hiện các thao tác như plug/unplug cổng mạng, tạo network/subnet, cấp phát địa chỉ IP. OpenStack hỗ trợ sẵn các dòng sản phẩm của Cisco, NEC OpenFlow, Open vSwitch, Linux bridging và VMware NSX
-
Message queue: hàng đợi giúp neutron-server giao tiếp với các agent
Neutron chủ yếu tương tác với Nova để cung cấp dịch vụ network và kết nối cho các instance VM
Kiến trúc mạng vật lý
Chuẩn bị
Cấu hình interface
Với interface kết nối mạng Ext, sau này VM được tạo ra sẽ gắn vào mạng này và được cấp phát IP sử dụng, do đó cần config Interface này ở trạng thái UP nhưng không có địa chỉ IP
- /etc/sysconfig/network-scripts/ifcfg-INTERFACE_NAME
-
DEVICE=INTERFACE_NAME TYPE=Ethernet ONBOOT="yes" BOOTPROTO="none"
Cấu hình phân giải tên miền
Cấu hình DNS hoặc local hosts file trên mọi server
- /etc/hosts
-
# controller 10.0.0.11 controller # compute1 10.0.0.31 compute1 # block1 10.0.0.41 block1 # object1 10.0.0.51 object1 # object2 10.0.0.52 object2
Tạo database và phân quyền cho Neutron service
CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
Khởi tạo user cần cho neutron
Xác thực vào ‘admin’ dùng openstack-client
$ source keystone-admin
Tạo user ‘neutron’
$ openstack user create --domain default --password-prompt neutron User Password: Repeat User Password: +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | fdb0f541e28141719b6a43c8944bf1fb | | name | neutron | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+
Gán role ‘admin’ cho user ‘neutron’ trên project ‘service’
$ openstack role add --project service --user neutron admin
Tạo service ‘neutron’
$ openstack service create --name neutron --description "OpenStack Networking" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | f71529314dab4a4d8eca427e701d209e | | name | neutron | | type | network | +-------------+----------------------------------+
Tạo endpoint cho neutron-api
$ openstack endpoint create --region RegionOne network public http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 85d80a6d02fc4b7683f611d7fc1493a3 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | f71529314dab4a4d8eca427e701d209e | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne network internal http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 09753b537ac74422a68d2d791cf3714f | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | f71529314dab4a4d8eca427e701d209e | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne network admin http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 1ee14289c9374dffb5db92a5c112fc4e | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | f71529314dab4a4d8eca427e701d209e | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+
Cài đặt và cấu hình trên controller
Cài đặt packages
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
Cấu hình neutron-api
- /etc/neutron/neutron.conf
-
[database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 ### keep this empty for Provider network service_plugins = ### register router service and overlapping IP for Self-Service network #service_plugins = router #allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp
Cấu hình ML2 plugin
- /etc/neutron/plugins/ml2/ml2_conf.ini
-
[ml2] extension_drivers = port_security ## add vxlan for Self-Service network type_drivers = flat,vlan ## keep this empty, or adding vxlan for Self-Service network tenant_network_types = ## add l2population for Self-Service network mechanism_drivers = linuxbridge [ml2_type_flat] flat_networks = provider [securitygroup] enable_ipset = true ## enable this only for Self-Service network #[ml2_type_vxlan] #vni_ranges = 1:1000
Cấu hình Linux bridge agent
- /etc/neutron/plugins/ml2/linuxbridge_agent.ini
-
[linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] # keep this disabled for Provider network enable_vxlan = false ## enable this for Self-Service network #enable_vxlan = true #local_ip = OVERLAY_INTERFACE_IP_ADDRESS #l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
Cấu hình DHCP agent
- /etc/neutron/dhcp_agent.ini
-
[DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true
Cấu hình L3 agent (only for Self-Service network)
- /etc/neutron/l3_agent.ini
-
[DEFAULT] interface_driver = linuxbridge
Cấu hình metadata agent
- /etc/neutron/metadata_agent.ini
-
[DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET
Cấu hình nova-api
- /etc/nova/nova.conf
-
[neutron] url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET
Tạo plugin symlink
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
Khởi tạo database
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
Start dịch vụ
Restart nova-api
# systemctl restart openstack-nova-api.service
Start neutron services
# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service # systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
Nếu là Self-Service network, cần start thêm L3 service
# systemctl enable neutron-l3-agent.service # systemctl start neutron-l3-agent.service
Cài đặt và cấu hình trên cnode
Cài đặt packages
# yum install openstack-neutron-linuxbridge ebtables ipset
Cấu hình neutron-api
- /etc/neutron/neutron.conf
-
[DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [DEFAULT] auth_strategy = keystone [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp
Cấu hình Linux bridge agent
- /etc/neutron/plugins/ml2/linuxbridge_agent.ini
-
[linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] # keep this disable for Provider network enable_vxlan = false ## enable this only for Self-Service network #enable_vxlan = true #local_ip = OVERLAY_INTERFACE_IP_ADDRESS #l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
Cấu hình nova-api
- /etc/nova/nova.conf
-
[neutron] url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS
Start dịch vụ
Restart nova-api
# systemctl restart openstack-nova-compute.service
Start linux-bridge-agent
# systemctl enable neutron-linuxbridge-agent.service # systemctl start neutron-linuxbridge-agent.service
Kiểm tra kết quả
Xác thực vào ‘admin’ dùng openstack-client
$ source keystone-admin
Kiểm tra extension xem neutron-server đã chạy chưa
$ openstack extension list --network +---------------------------+---------------------------+----------------------------+ | Name | Alias | Description | +---------------------------+---------------------------+----------------------------+ | Default Subnetpools | default-subnetpools | Provides ability to mark | | | | and use a subnetpool as | | | | the default | | Availability Zone | availability_zone | The availability zone | | | | extension. | | Network Availability Zone | network_availability_zone | Availability zone support | | | | for network. | | Port Binding | binding | Expose port bindings of a | | | | virtual port to external | | | | application | | agent | agent | The agent management | | | | extension. | | Subnet Allocation | subnet_allocation | Enables allocation of | | | | subnets from a subnet pool | | DHCP Agent Scheduler | dhcp_agent_scheduler | Schedule networks among | | | | dhcp agents | | Tag support | tag | Enables to set tag on | | | | resources. | | Neutron external network | external-net | Adds external network | | | | attribute to network | | | | resource. | | Neutron Service Flavors | flavors | Flavor specification for | | | | Neutron advanced services | | Network MTU | net-mtu | Provides MTU attribute for | | | | a network resource. | | Network IP Availability | network-ip-availability | Provides IP availability | | | | data for each network and | | | | subnet. | | Quota management support | quotas | Expose functions for | | | | quotas management per | | | | tenant | | Provider Network | provider | Expose mapping of virtual | | | | networks to physical | | | | networks | | Multi Provider Network | multi-provider | Expose mapping of virtual | | | | networks to multiple | | | | physical networks | | Address scope | address-scope | Address scopes extension. | | Subnet service types | subnet-service-types | Provides ability to set | | | | the subnet service_types | | | | field | | Resource timestamps | standard-attr-timestamp | Adds created_at and | | | | updated_at fields to all | | | | Neutron resources that | | | | have Neutron standard | | | | attributes. | | Neutron Service Type | service-type | API for retrieving service | | Management | | providers for Neutron | | | | advanced services | | Tag support for | tag-ext | Extends tag support to | | resources: subnet, | | more L2 and L3 resources. | | subnetpool, port, router | | | | Neutron Extra DHCP opts | extra_dhcp_opt | Extra options | | | | configuration for DHCP. | | | | For example PXE boot | | | | options to DHCP clients | | | | can be specified (e.g. | | | | tftp-server, server-ip- | | | | address, bootfile-name) | | Resource revision numbers | standard-attr-revisions | This extension will | | | | display the revision | | | | number of neutron | | | | resources. | | Pagination support | pagination | Extension that indicates | | | | that pagination is | | | | enabled. | | Sorting support | sorting | Extension that indicates | | | | that sorting is enabled. | | security-group | security-group | The security groups | | | | extension. | | RBAC Policies | rbac-policies | Allows creation and | | | | modification of policies | | | | that control tenant access | | | | to resources. | | standard-attr-description | standard-attr-description | Extension to add | | | | descriptions to standard | | | | attributes | | Port Security | port-security | Provides port security | | Allowed Address Pairs | allowed-address-pairs | Provides allowed address | | | | pairs | | project_id field enabled | project-id | Extension that indicates | | | | that project_id field is | | | | enabled. | +---------------------------+---------------------------+----------------------------+
Kiểm tra network agents
$ openstack network agent list +--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+ | f49a4b81-afd6-4b3d-b923-66c8f0517099 | Metadata agent | controller | None | True | UP | neutron-metadata-agent | | 27eee952-a748-467b-bf71-941e89846a92 | Linux bridge agent | controller | None | True | UP | neutron-linuxbridge-agent | | 08905043-5010-4b87-bba5-aedb1956e27a | Linux bridge agent | compute1 | None | True | UP | neutron-linuxbridge-agent | | 830344ff-dc36-4956-84f4-067af667a0dc | L3 agent | controller | nova | True | UP | neutron-l3-agent | | dd3644c9-1a3a-435a-9282-eb306b4b0391 | DHCP agent | controller | nova | True | UP | neutron-dhcp-agent | +--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
Nếu là Provider network thì sẽ không có ‘L3 agent’
Leave a Reply