【十六】Openstack-Self network自服网络
Install and configure controller node
#https://docs.openstack.org/neutron/train/install/controller-install-rdo.html#configure-the-compute-service-to-use-the-networking-service
#https://docs.openstack.org/neutron/train/install/controller-install-option2-rdo.html
#前提之前已经配置过 Provider networks 网络了 在之前的基础上进行修改
#备份之前的配置文件、有些操作可以不用配置
#Networking Option 2: Self-service networks
#Install the components
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtable
#Configure the server component
vim /etc/neutron/neutron.conf
[database]
# ...
connection = mysql+pymysql://neutron:neutron123@openstack-vip.xks.local/neutron
[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack123@openstack-vip.xks.local
[DEFAULT]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
www_authenticate_uri = http://openstack-vip.xks.local:5000
auth_url = http://openstack-vip.xks.local:5000
memcached_servers = openstack-vip.xks.local:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[DEFAULT]
# ...
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[nova]
# ...
auth_url = http://openstack-vip.xks.local:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
#Configure the Modular Layer 2 (ML2) plug-in
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
# ...
type_drivers = flat,vlan,vxlan
[ml2]
# ...
tenant_network_types = vxlan
[ml2]
# ...
mechanism_drivers = linuxbridge,l2population
[ml2]
# ...
extension_drivers = port_security
[ml2_type_flat]
# ...
flat_networks = external,internal
[ml2_type_vxlan]
# ...
vni_ranges = 1:1000
[securitygroup]
# ...
enable_ipset = true
#Configure the Linux bridge agent
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
#physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
physical_interface_mappings = external:eth0,internal:eth1
[vxlan]
enable_vxlan = true
#local_ip = OVERLAY_INTERFACE_IP_ADDRESS 此地址是虚拟ip 地址转换为 宿主机地址 从而可以使用外网
local_ip = 192.168.40.102
l2_population = true
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#Ensure your Linux operating system kernel supports network bridge filters by verifying all the following sysctl values are set to 1:
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
modprobe br_netfilter
sysctl -p
#Configure the layer-3 agent
vim /etc/neutron/l3_agent.ini
[DEFAULT]
# ...
interface_driver = linuxbridge
#Configure the DHCP agent
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
systemctl restart openstack-nova-api.service
systemctl restart neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl restart neutron-linuxbridge-agent.service
#报错
tail -f /var/log/neutron/*.log
==> /var/log/neutron/linuxbridge-agent.log <==
2023-08-03 11:48:53.305 5008 ERROR neutron.plugins.ml2.drivers.agent._common_agent File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 551, in wait message = self.waiters.get(msg_id, timeout=timeout)
2023-08-03 11:48:53.305 5008 ERROR neutron.plugins.ml2.drivers.agent._common_agent File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 429, in get 'to message ID %s' % msg_id)
#优化参数解决
[root@openstack-controller2 ~]# vi /etc/neutron/neutron.conf
rpc_response_timeout = 300
#验证 L3 agent
#| 31240dfa-f8ac-4c96-a001-1270ce8fd2c1 | L3 agent | openstack-controller2.xks.local | nova | :-) | True | neutron-l3-agent |
[root@openstack-controller2 ~]# neutron agent-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+--------------------+---------------------------------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+---------------------------------+-------------------+-------+----------------+---------------------------+
| 2000e3d4-683f-4c2e-80bf-0439493d4ddc | DHCP agent | openstack-controller2.xks.local | nova | :-) | True | neutron-dhcp-agent |
| 24543051-e329-4e2a-ac58-c1d373bad7b0 | Linux bridge agent | openstack-controller1.xks.local | | :-) | True | neutron-linuxbridge-agent |
| 31240dfa-f8ac-4c96-a001-1270ce8fd2c1 | L3 agent | openstack-controller2.xks.local | nova | :-) | True | neutron-l3-agent |
| 54413aa2-9430-4529-bdd8-e22c2e2a1b3f | DHCP agent | openstack-controller1.xks.local | nova | :-) | True | neutron-dhcp-agent |
| 62da7eb3-6779-4d1e-9cab-cdc2c4d51c7b | Linux bridge agent | openstack-controller2.xks.local | | :-) | True | neutron-linuxbridge-agent |
| 970d62fe-5bc9-4a38-a32d-070d9ed26996 | Linux bridge agent | openstack-node1.xks.local | | :-) | True | neutron-linuxbridge-agent |
| de57dd0a-684c-4b6f-8b5f-5c01dca70c93 | Metadata agent | openstack-controller1.xks.local | | :-) | True | neutron-metadata-agent |
| e36d82dd-5fec-4fb0-9eaf-277a040ec79b | Linux bridge agent | openstack-node2.xks.local | | :-) | True | neutron-linuxbridge-agent |
| eec4dd80-b2ef-490f-be8b-de9a92fe303f | Metadata agent | openstack-controller2.xks.local | | :-) | True | neutron-metadata-agent |
+--------------------------------------+--------------------+---------------------------------+-------------------+-------+----------------+---------------------------+Install and configure compute node
#https://docs.openstack.org/neutron/train/install/compute-install-rdo.html
#https://docs.openstack.org/neutron/train/install/compute-install-option2-rdo.html
#先备份一下
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.providernetwork
#node1\node2都要配置
#192.168.40.107、108
#Configure the Linux bridge agent
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
#physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
physical_interface_mappings = external:eth0,internal:eth1
[vxlan]
enable_vxlan = true
local_ip = 192.168.40.107
#local_ip = 192.168.40.108
l2_population = true
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#Ensure your Linux operating system kernel supports network bridge filters by verifying all the following sysctl values are set to 1:
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
modprobe br_netfilter
sysctl -p
#重启
systemctl restart neutron-linuxbridge-agent.service
#List agents to verify successful launch of the neutron agents:
[root@openstack-controller2 ~]# openstack network agent list
+--------------------------------------+--------------------+---------------------------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+---------------------------------+-------------------+-------+-------+---------------------------+
| 2000e3d4-683f-4c2e-80bf-0439493d4ddc | DHCP agent | openstack-controller2.xks.local | nova | :-) | UP | neutron-dhcp-agent |
| 24543051-e329-4e2a-ac58-c1d373bad7b0 | Linux bridge agent | openstack-controller1.xks.local | None | :-) | UP | neutron-linuxbridge-agent |
| 31240dfa-f8ac-4c96-a001-1270ce8fd2c1 | L3 agent | openstack-controller2.xks.local | nova | :-) | UP | neutron-l3-agent |
| 54413aa2-9430-4529-bdd8-e22c2e2a1b3f | DHCP agent | openstack-controller1.xks.local | nova | :-) | UP | neutron-dhcp-agent |
| 62da7eb3-6779-4d1e-9cab-cdc2c4d51c7b | Linux bridge agent | openstack-controller2.xks.local | None | :-) | UP | neutron-linuxbridge-agent |
| 970d62fe-5bc9-4a38-a32d-070d9ed26996 | Linux bridge agent | openstack-node1.xks.local | None | :-) | UP | neutron-linuxbridge-agent |
| de57dd0a-684c-4b6f-8b5f-5c01dca70c93 | Metadata agent | openstack-controller1.xks.local | None | :-) | UP | neutron-metadata-agent |
| e36d82dd-5fec-4fb0-9eaf-277a040ec79b | Linux bridge agent | openstack-node2.xks.local | None | :-) | UP | neutron-linuxbridge-agent |
| eec4dd80-b2ef-490f-be8b-de9a92fe303f | Metadata agent | openstack-controller2.xks.local | None | :-) | UP | neutron-metadata-agent |
+--------------------------------------+--------------------+---------------------------------+-------------------+-------+-------+---------------------------+Dashboard支持 创建自服网络配置
#https://docs.openstack.org/horizon/train/install/install-rdo.html
#修改/etc/openstack-dashboard/local_settings
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': True,
'enable_quotas': True,
'enable_distributed_router': True,
'enable_ha_router': True,
'enable_lb': True,
'enable_firewall': True,
'enable_vpn': True,
'enable_fip_topology_check': True,
}
systemctl restart httpd.service界面显示 网络-路由-浮动IP
创建用户
创建项目
*先要创建角色为user 才可以创建项目,否则创建项目会报错:错误:在keystone中无法找到默认角色"user"
使用普通用户 xiaks 登陆,创建网络
使用admin用户 admin登陆,创建网络
[root@openstack-controller2 ~]# source admin-openrc.sh
[root@openstack-controller2 ~]# openstack network create admin-net
+---------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+---------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2023-08-03T08:36:41Z |
| description | |
| dns_domain | None |
| id | 8f055c1f-8ca1-48b3-9807-d200783f251f |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| location | cloud='', project.domain_id=, project.domain_name='Default', project.id='9f43f66e7d0b411a8219c163858c6f2a', project.name='admin', region_name='', zone= |
| mtu | 1450 |
| name | admin-net |
| port_security_enabled | True |
| project_id | 9f43f66e7d0b411a8219c163858c6f2a |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | 1 |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2023-08-03T08:36:41Z |
+---------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@openstack-controller2 ~]# openstack subnet create --network admin-net \
--dns-nameserver 114.114.114.114 \
--gateway 10.20.3.254 \
--subnet-range 10.20.0.0/22 admin-subnet
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| allocation_pools | 10.20.0.1-10.20.3.253 |
| cidr | 10.20.0.0/22 |
| created_at | 2023-08-03T08:37:06Z |
| description | |
| dns_nameservers | 114.114.114.114 |
| enable_dhcp | True |
| gateway_ip | 10.20.3.254 |
| host_routes | |
| id | 7d50c148-4806-4639-8586-5e87f2e250aa |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| location | cloud='', project.domain_id=, project.domain_name='Default', project.id='9f43f66e7d0b411a8219c163858c6f2a', project.name='admin', region_name='', zone= |
| name | admin-subnet |
| network_id | 8f055c1f-8ca1-48b3-9807-d200783f251f |
| prefix_length | None |
| project_id | 9f43f66e7d0b411a8219c163858c6f2a |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2023-08-03T08:37:06Z |
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
##创建路由
[root@openstack-controller2 ~]# openstack router create admin-router
+-------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2023-08-03T08:37:42Z |
| description | |
| distributed | False |
| external_gateway_info | null |
| flavor_id | None |
| ha | False |
| id | 887c39b3-4abf-4eb1-8b2e-b90832d65b5d |
| location | cloud='', project.domain_id=, project.domain_name='Default', project.id='9f43f66e7d0b411a8219c163858c6f2a', project.name='admin', region_name='', zone= |
| name | admin-router |
| project_id | 9f43f66e7d0b411a8219c163858c6f2a |
| revision_number | 1 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2023-08-03T08:37:42Z |
+-------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
#将子网关联到路由
[root@openstack-controller2 ~]# neutron router-interface-add admin-router admin-subnet
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Added interface 5cf69593-90a7-4eca-9d29-82641008a57e to router admin-router.
#将路由网关指向外网
[root@openstack-controller2 ~]# neutron router-gateway-set admin-router external-net
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Set gateway for router admin-router 
使用刚创建的自服网络 admin庄户 进行 创建虚拟机
为了让外网能够访问 内网 需要配置 浮动IP
通过浮动IP地址 访问 10.20.1.213 直接访问是不通的 通过浮动IP即可访问到
使用myuser普通用户创建和admin同样的 子网和路由条目 看是否可以通信-通过命令 Dashboard会有点问题
[root@openstack-controller2 ~]# source demo-openrc.sh
[root@openstack-controller2 ~]# openstack network create myuser-net
[root@openstack-controller2 ~]# openstack subnet create --network myuser-net \
--dns-nameserver 114.114.114.114 \
--gateway 10.20.3.254 \
--subnet-range 10.20.0.0/22 myuser-subnet
##创建路由
[root@openstack-controller2 ~]# openstack router create myuser-router
#将子网关联到路由
[root@openstack-controller2 ~]# neutron router-interface-add myuser-router myuser-subnet
#将路由网关指向外网
[root@openstack-controller2 ~]# neutron router-gateway-set myuser-router external-net
创建myuser用户两个虚拟机
同一个租户下两个服务器都互通的,并且可以访问外网,但是admin 不同租户下的网络是不互通的
实战一:admin用户创建虚拟机用做 Httpd网站,通过浮动IP访问
创建浮动IP
添加安全组
验证访问
实战二:新增一个子网,两个网段可以连通
创建两台虚拟机使用fouth-net,两台能否ping通,需要配置才能够上外网
配置让两个同一个租户下 ,两个网段的连通性172.31.0.0网段和10.20.0.0,在路由器上添加接口
路由器上添加接口
验证两个网段 连通性
浙公网安备 33010602011771号