openstack nova list 过滤条件 openstack agent

Networking service, code-named: neutron

OpenStack Networking主要与OpenStack Compute进行交互，为其实例提供网络和连接。

OpenStack Networking（neutron）管理您的OpenStack环境中虚拟网络基础设施（VNI）的所有网络方面和物理网络基础设施（PNI）的接入层方面。OpenStack Networking使项目能够创建高级虚拟网络拓扑，其中可能包括防火墙，负载平衡器和虚拟专用网络（VPN）等服务。

 

网络提供网络，子网和路由器作为对象抽象。每个抽象都具有模仿其物理对应物的功能：网络包含子网，路由器在不同的子网和网络之间路由流量。

 

安装和配置（控制节点）

先决条件

# su -xiao
$ mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> exit
$ . /etc/openstack/admin-openrc
创建neutron用户
$ openstack user create --domain default --password-prompt neutron
将admin角色绑给neutron用户和service project
$ openstack role add --project service --user neutron admin
创建neutron服务，服务类型为network
openstack service create --name neutron
network
创建neutron服务的endpoint
openstack endpoint create --region RegionOne \
  network public http://controller-150:9696
openstack endpoint create --region RegionOne \
  network internal http://controller-150:9696
openstack endpoint create --region RegionOne \
  network admin http://controller-150:9696
 
验证服务和endpoint创建是否成功
$ openstack service list
$ openstack endpoint list --service neutron
 
配置网络选项
Neutron配置网络有两种网络架构选项：Provider networks、Self-service networks
Provider networks：提供商网络（外网）
    部署最简单的架构，该架构仅支持将实例附加到提供商（外部）网络。没有自助（私有）网络、路由器或浮动IP地址。只有该admin管理员或其他特权用户才能管理提供商网络。
Self-service networks：自服务网络（内网）
使用支持将实例附加到自助服务网络的第3层服务来增强选项1。demo用户或其他无特权用户可以管理自助服务网络，包括在Self-service network和Provider network之间提供连接的router。此外，floating IP addresses通过sefl-service network提供instance连接外网的能力。
Overlay networks 覆盖网络
Self-service network通常使用overlay networks。Overlay network协议(如VXLAN)包括额外的头信息，这些头信息增加了开销，减少了有效payload或user data可用的空间。这些属于virtual network infrastructure。默认情况下，instance使用Ethernet的MTU是1500。DHCP服务会自动提供MTU值，有些不支持DHCP的Image则需要使用脚本进行配置。
 
这里我们两种都进行配置使用
配置Networking Option 1: Provider networks
• 安装组件
yum install openstack-neutron openstack-neutron-ml2 \
linuxbridge
• 配置Server组件
vi /etc/neutron/neutron.conf
/transport_url
/auth_strategy
/notify_nova_on_port_status_changes
 
[DEFAULT]
# ...
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:RABBIT_PASS@controller-150
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
/\[database
[database]
# ...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller-150/neutron
/\[keystone_authtoken
auth_uri被www_authenticate_uri替代了，在S版本将被删除。
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller-150:5000
auth_url = http://controller-150:35357[xiao1] 
memcached_servers = controller-150:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 你的密码
/\[nova
[nova]
# ...
auth_url = http://controller-150:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 你的密码
/\[oslo_concurrency
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
• 配置Modular Layer 2 (ML2)插件
vi /etc/neutron/plugins/ml2/ml2_conf.ini
/\[ml2
[ml2]
# ...
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
/\[ml2_type_flat
[ml2_type_flat]
# ...
flat_networks = provider
/\[securitygroup
[securitygroup]
# ...
enable_ipset = true
• 配置Linux bridge
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
/\[linux_bridge
这里的provider接口，按照标准配置，且不能变动HWADDR and UUID
[linux_bridge]
physical_interface_mappings = provider:ens224
/\[vxlan
[vxlan]
enable_vxlan = false
/\[securitygroup
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
• 确保下面的参数为1
查看是否启动br_netfilter内核模块
# lsmod |grep br_netfilter
如果没有则启动
# modprobe br_netfilter
启动之后，查看下面的参数是否为1
# sysctl net.bridge.bridge-nf-call-iptables
# sysctl net.bridge.bridge-nf-call-ip6tables
如果不为1，则在# vi /etc/sysctl.d/99-sysctl.conf配置：
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
然后执行# sysctl -p令其生效。
 
• 配置DHCP代理
vi /etc/neutron/dhcp_agent.ini
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
详细参见：
https://docs.openstack.org/neutron/queens/install/controller-install-option1-rdo.html
 
配置Networking Option 2: Self-service networks
• 安装组件
yum install openstack-neutron openstack-neutron-ml2 \
linuxbridge
 
• 配置Server组件
vi /etc/neutron/neutron.conf
/transport_url
/auth_strategy
/notify_nova_on_port_status_changes
[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router[W用2] 
allow_overlapping_ips = true[W用3] 
transport_url = rabbit://openstack:RABBIT_PASS@controller-150
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
/\[database
[database]
# ...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller-150/neutron
/\[keystone_authtoken
auth_uri被www_authenticate_uri替代了，在S版本将被删除。
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller-150:5000
auth_url = http://controller-150:5000
memcached_servers = controller-150:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 你的密码
/\[nova
[nova]
# ...
auth_url = http://controller-150:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 你的密码
/\[oslo_concurrency
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
 
• 配置Modular Layer 2 (ML2)插件
vi /etc/neutron/plugins/ml2/ml2_conf.ini
/\[ml2
[ml2]
# ...
type_drivers = flat,vlan,vxlan[W用4] 
tenant_network_types = vxlan[W用5] 
mechanism_drivers = linuxbridge,l2population[W用7] 
extension_drivers = port_security
/\[ml2_type_flat
[ml2_type_flat]
# ...
flat_networks = provider
/\[ml2_type_vxlan
[ml2_type_vxlan]
# ...
vni_ranges = 3001:4000[W用8] 
/\[securitygroup
[securitygroup]
# ...
enable_ipset = true
 
• 配置Linux bridge agent
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
/\[linux_bridge
[linux_bridge]
physical_interface_mappings = provider:ens224
/\[vxlan
OVERLAY_INTERFACE_IP_ADDRESS  这里可以使用controller节点的管理IP地址
[vxlan][W用9] 
enable_vxlan = true
local_ip = 192.168.11.150
l2_population = true
/\[securitygroup
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
 
• 配置 layer-3 代理[W用10] 
vi /etc/neutron/l3_agent.ini
[DEFAULT]
# ...
interface_driver = linuxbridge
下面是openvswitch需要配置的，故意设置该属性为空
external_network_bridge =
• 配置DHCP代理
vi /etc/neutron/dhcp_agent.ini
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
 
 
详细参见：
https://docs.openstack.org/neutron/queens/install/controller-install-option2-rdo.html
• 验证
# source /etc/openstack/admin-openrc
# openstack network agent list
 
配置元数据代理
vi /etc/neutron/metadata_agent.ini
[DEFAULT]
# ...
nova_metadata_host = controller-150
metadata_proxy_shared_secret = METADATA_SECRET
METADATA_SECRET为访问元数据代理的密码，这里使用默认。
memcached_servers = controller-150:11211
 
配置计算服务去使用网络服务
vi /etc/nova/nova.conf
[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
/\[neutron
url被弃用了，使用endpoint_override可以实现相同效果。。这里直接不配置
[neutron]
# ...
#endpoint_override = http://controller-150:9696
auth_url = http://controller-150:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 你的密码
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
 
完成安装
• 创建/etc/neutron/plugin.ini软连接
网络服务的初始化脚本会引用/etc/neutron/plugin.ini软连接，该软连接默认应该是没有，需要创建：
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
 
• 导入数据库数据
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
 
• Restart the Compute API service
systemctl restart openstack-nova-api.service && systemctl status openstack-nova-api.service
 
• 网络服务配置自启动&&启动服务
# systemctl enable neutron-server.service \
linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
# systemctl start neutron-server.service \
linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service \
&& systemctl status neutron-server.service \
linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
对于Self-service networks还需要启动下面的服务：
# systemctl enable neutron-l3-agent.service
# systemctl start neutron-l3-agent.service && systemctl status neutron-l3-agent.service
 
添加防火墙策略
neutron-server：9696
dnsmasq：53/tcp 53/udp
# firewall-cmd --add-port 35357/tcp --add-port 9696/tcp --permanent
# firewall-cmd --add-port 53/tcp --add-port 53/udp --permanent
 
# firewall-cmd --reload && firewall-cmd --list-port
 
 
具体参见：
https://docs.openstack.org/neutron/queens/install/controller-install-rdo.html
不管配置为：Provider networks还是Self-service networks
openstack-neutron依赖dnsmasq，其DHCP需要使用到，所以要设置dnsmasq开机启动。
# systemctl enable dnsmasq
# systemctl start dnsmasq && systemctl status dnsmasq
 
 
 
   
 [xiao1]此后所有35357都改成5000
 
 
 
   
 [W用2]Provider network：这里为空
 
 
 
   
 [W用3]Provider network：没有该选项
 
 
 
   
 [W用4]Provider network：只有flat,vlan，没有vxlan
 
 
 
   
 [W用5]Provider network：这里是空的
 
 
 
   
 [W用7]Provider network：这里没有l2population
 
 
 
   
 [W用8]这里是配置VXLAN network ID (VNI)。Provider network：没有启用vxlan，故没有配置
 
 
 
   
 [W用9]Provider network：配置[vxlan]：enable_vxlan = false
 
 
 
   
 [W用10]Provider network：没有进行三层代理配置