OpenStack Train版离线部署|7.3控制节点-Neutron网络服务组件

564 阅读8分钟

欢迎留言讨论,期待与你共同进步掘金人的第一篇博客 - 掘金 (juejin.cn)

本系列文章包教你如何从零开始搭建一套OpenStack开发环境,涉及多个OpenStack。
当前教程中使用的OpenStack的安装版本为第20个版本Train,简称T版本。
Release Note
Train,Originally Released: 16 October, 2019
Ussuri,Originally Released: 13 May, 2020
Victoria,Originally Released: 14 October, 2020

掘金社区


掘金社区:OpenStack Train版离线部署|系列教程「全」
掘金社区:OpenStack Ussuri版离线部署|系列教程「全」
掘金社区:OpenStack Victoria版部署|系列教程「全」

OpenStack Train版离线部署|0制作本地离线yum源
OpenStack Train版离线部署|1控制节点-环境准备
OpenStack Train版离线部署|2计算节点-环境准备
OpenStack Train版离线部署|3控制节点-Keystone认证服务组件
OpenStack Train版离线部署|4控制节点-Glance镜像服务组件
OpenStack Train版离线部署|5控制节点-Placement服务组件
OpenStack Train版离线部署|6.1控制节点-Nova计算服务组件
OpenStack Train版离线部署|6.2计算节点-Nova计算服务组件
OpenStack Train版离线部署|6.3控制节点-Nova计算服务组件
OpenStack Train版离线部署|7.1控制节点-Neutron网络服务组件
OpenStack Train版离线部署|7.2计算节点-Neutron网络服务组件
OpenStack Train版离线部署|7.3控制节点-Neutron网络服务组件
OpenStack Train版离线部署|8控制节点-Horizon服务组件
OpenStack Train版离线部署|9启动一个实例
OpenStack Train版离线部署|10控制节点-Heat服务组件
OpenStack Train版离线部署|11.1控制节点-Cinder存储服务组件
OpenStack Train版离线部署|11.2存储节点-Cinder存储服务组件
OpenStack Train版离线部署|11.3控制节点-Cinder存储服务组件
OpenStack Train版离线部署|11.4计算节点-Cinder存储服务组件
OpenStack Train版离线部署|11.5实例使用-Cinder存储服务组件


掘金社区:个性化制作OpenStack镜像|系列教程
个性化制作OpenStack镜像|环境准备
个性化制作OpenStack镜像|Windows7
个性化制作OpenStack镜像|Windows10
个性化制作OpenStack镜像|Linux
个性化制作OpenStack镜像|Windows Server2019


CSDN

CSDN:OpenStack部署系列文章
OpenStack Victoria版 安装部署系列教程
OpenStack Ussuri版 离线安装部署系列教程(全)
OpenStack Train版 离线安装部署系列教程(全)
欢迎留言讨论,期待与你共同进步。


OpenStack Train版离线部署|7.3控制节点-Neutron网络服务组件

官方参考
OpenStack官方安装指南:服务组件

一、最后检查验证

neutron-install-verify
在制节点检查确认neutron服务安装成功

Note:Perform these commands on the controller node.

You can perform further testing of your networking using the neutron-sanity-check command line client. Use the verification section for the networking option that you chose to deploy.

1.环境变量

Source the admin credentials to gain access to admin-only CLI commands:

cd
source admin-openrc.sh

2.查看加载的网络插件

列出已加载的扩展,以验证该neutron-server过程是否成功启动
List loaded extensions to verify successful launch of the neutron-server process:

openstack extension list --network
neutron ext-list

例子

$ openstack extension list --network

+---------------------------+---------------------------+----------------------------+
| Name                      | Alias                     | Description                |
+---------------------------+---------------------------+----------------------------+
| Default Subnetpools       | default-subnetpools       | Provides ability to mark   |
|                           |                           | and use a subnetpool as    |
|                           |                           | the default                |
| Availability Zone         | availability_zone         | The availability zone      |
|                           |                           | extension.                 |
| Network Availability Zone | network_availability_zone | Availability zone support  |
|                           |                           | for network.               |
| Port Binding              | binding                   | Expose port bindings of a  |
|                           |                           | virtual port to external   |
|                           |                           | application                |
| agent                     | agent                     | The agent management       |
|                           |                           | extension.                 |
| Subnet Allocation         | subnet_allocation         | Enables allocation of      |
|                           |                           | subnets from a subnet pool |
| DHCP Agent Scheduler      | dhcp_agent_scheduler      | Schedule networks among    |
|                           |                           | dhcp agents                |
| Neutron external network  | external-net              | Adds external network      |
|                           |                           | attribute to network       |
|                           |                           | resource.                  |
| Neutron Service Flavors   | flavors                   | Flavor specification for   |
|                           |                           | Neutron advanced services  |
| Network MTU               | net-mtu                   | Provides MTU attribute for |
|                           |                           | a network resource.        |
| Network IP Availability   | network-ip-availability   | Provides IP availability   |
|                           |                           | data for each network and  |
|                           |                           | subnet.                    |
| Quota management support  | quotas                    | Expose functions for       |
|                           |                           | quotas management per      |
|                           |                           | tenant                     |
| Provider Network          | provider                  | Expose mapping of virtual  |
|                           |                           | networks to physical       |
|                           |                           | networks                   |
| Multi Provider Network    | multi-provider            | Expose mapping of virtual  |
|                           |                           | networks to multiple       |
|                           |                           | physical networks          |
| Address scope             | address-scope             | Address scopes extension.  |
| Subnet service types      | subnet-service-types      | Provides ability to set    |
|                           |                           | the subnet service_types   |
|                           |                           | field                      |
| Resource timestamps       | standard-attr-timestamp   | Adds created_at and        |
|                           |                           | updated_at fields to all   |
|                           |                           | Neutron resources that     |
|                           |                           | have Neutron standard      |
|                           |                           | attributes.                |
| Neutron Service Type      | service-type              | API for retrieving service |
| Management                |                           | providers for Neutron      |
|                           |                           | advanced services          |
| resources: subnet,        |                           | more L2 and L3 resources.  |
| subnetpool, port, router  |                           |                            |
| Neutron Extra DHCP opts   | extra_dhcp_opt            | Extra options              |
|                           |                           | configuration for DHCP.    |
|                           |                           | For example PXE boot       |
|                           |                           | options to DHCP clients    |
|                           |                           | can be specified (e.g.     |
|                           |                           | tftp-server, server-ip-    |
|                           |                           | address, bootfile-name)    |
| Resource revision numbers | standard-attr-revisions   | This extension will        |
|                           |                           | display the revision       |
|                           |                           | number of neutron          |
|                           |                           | resources.                 |
| Pagination support        | pagination                | Extension that indicates   |
|                           |                           | that pagination is         |
|                           |                           | enabled.                   |
| Sorting support           | sorting                   | Extension that indicates   |
|                           |                           | that sorting is enabled.   |
| security-group            | security-group            | The security groups        |
|                           |                           | extension.                 |
| RBAC Policies             | rbac-policies             | Allows creation and        |
|                           |                           | modification of policies   |
|                           |                           | that control tenant access |
|                           |                           | to resources.              |
| standard-attr-description | standard-attr-description | Extension to add           |
|                           |                           | descriptions to standard   |
|                           |                           | attributes                 |
| Port Security             | port-security             | Provides port security     |
| Allowed Address Pairs     | allowed-address-pairs     | Provides allowed address   |
|                           |                           | pairs                      |
| project_id field enabled  | project-id                | Extension that indicates   |
|                           |                           | that project_id field is   |
|                           |                           | enabled.                   |
+---------------------------+---------------------------+----------------------------+

3.查看网络代理列表

查看网络代理列表,以确认neutron代理成功创建。
verify-option1:docs.openstack.org/neutron/tra…
verify-option2:docs.openstack.org/neutron/tra…

openstack network agent list

正常情况下:
(1)网络选项1:provider networks
输出应指示控制器节点上的3个代理,每个计算节点上的1个代理.如果不是,需要检查计算节点配置:网卡名称,IP地址,端口,密码等要素。
List agents to verify successful launch of the neutron agents:

[root@controller ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host       | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 06a85946-9af0-430d-af9a-2a00fad7edfd | Metadata agent     | controller | None              | :-)   | UP    | neutron-metadata-agent    |
| 0b1abb8e-b67f-4926-af9c-6e18458407eb | DHCP agent         | controller | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 171038f0-1a73-4352-9283-732be5eb94de | Linux bridge agent | compute1   | None              | :-)   | UP    | neutron-linuxbridge-agent |
| 398e080c-2f40-4a51-9750-afaef7e09c32 | Linux bridge agent | controller | None              | :-)   | UP    | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
[root@controller ~]#

(2)网络选项2:self-service networks
输出应指示:控制节点上的4个代理,每个计算节点上的1个代理。如果不是,需要检查计算节点配置:网卡名称,IP地址,端口,密码等要素。
List agents to verify successful launch of the neutron agents:

[root@controller ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host       | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 06a85946-9af0-430d-af9a-2a00fad7edfd | Metadata agent     | controller | None              | :-)   | UP    | neutron-metadata-agent    |
| 0b1abb8e-b67f-4926-af9c-6e18458407eb | DHCP agent         | controller | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 171038f0-1a73-4352-9283-732be5eb94de | Linux bridge agent | compute1   | None              | XXX   | UP    | neutron-linuxbridge-agent |
| 398e080c-2f40-4a51-9750-afaef7e09c32 | Linux bridge agent | controller | None              | :-)   | UP    | neutron-linuxbridge-agent |
| 4f0904d7-ae34-4b2c-823e-7b067fe86a4f | L3 agent           | controller | nova              | :-)   | UP    | neutron-l3-agent          |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
[root@controller ~]#

二、完成验证

至此,neutron网络服务在控制节点、计算节点的部署完成。
有新的计算节点加入时,需要将计算节点安装和控制节点验证都需要进行安装。


补充知识

1.Neutron概述

Neutron是 OpenStack项目中负责提供网络服务的组件,它基于软件定义网络的思想,实现了网络虚拟化下的资源管理。Neutron 的设计目标是实现“网络即服务(Networking as a Service)”,在设计上遵循了基于 SDN 实现网络虚拟化的原则,在实现上充分利用了 Linux 系统上的各种网络相关的技术。

2.Neutron功能

  • 二层交换 Neutron支持多种虚拟交换机,一般使用Linux Bridge和Open vSwitch创建传统的VLAN网络,以及基于隧道技术的Overlay网络,如VxLAN和GRE(Linux Bridge 目前只支持 VxLAN)

  • 三层路由 Neutron从Juno版开始正式加入的DVR(Distributed Virtual Router)服务,它将原本集中在网络节点的部分服务分散到了计算节点上。可以通过namespace中使用ip route或者iptables实现路由或NAT,也可以通过openflow给OpenvSwitch下发流表来实现。

  • 负载均衡 LBaaS 支持多种负载均衡产品和方案,不同的实现以 Plugin 的形式集成到 Neutron,通过HAProxy来实现。

  • 防火墙 Neutron有两种方式来保障instance和网络的安全性,分别是安全组以及防火墙功能,均可以通过iptables来实现,前者是限制进出instance的网络包,后者是进出虚拟路由器的网络包。

3.Network

  • Local Local网络,本地的一个Linux Bridge,除了虚拟机的虚拟网卡不连接其他的网络设备,实际场景很少使用,可以忽略。

  • Flat Flat网络,不带vlan tag的网络,相当于Local网络的Linux Bridge连接到一个物理网卡,该网络中的instance能与同网络的instance通信,且可以跨多个节点,实际场景也很少用到。

  • VLAN VlAN网络,可以跨节点,目前是私有云网络应用较多。

  • VXALN VXLAN网络,是基于隧道技术的 overlay 网络,通过唯一的VNI区分于其他 vxlan 网络。vxlan中数据包通过VNI封装成UPD包进行传输,因为二层的包通过封装在三层传输,能够克服vlan和物理网络基础设施的限制。

  • GRE GRE网络,与vxlan类似的一种overlay网络,使用IP包进行封装。