2017年2月28日星期二

玩转OpenStack网络Neutron(1)

###OpenStack 网络介绍 随着计算资源从物理机到虚拟机的迁移,相应地,虚拟机的网络也从以前的物理网络迁移到虚拟网络.而在OpenStack这个开源的云计算项目中,负责网络虚拟化的是Neutron(曾用名:Quantum)和Nova-Network, 后者之前是作为Nova的一个服务来看待,而Neutron则是一个完整的子项目,当然,提供的功能也更多,支持更多的网络插件.本系列文章,将主要学习研究Neutron,学习不同插件的配置使用,不同网络类型的使用.由于侧重点为网络的配置使用,所以本文章假定读者已经拥有一个最小的两节点的OpenStack集群.安装如下:
  1. 控制节点: keystone, glance, nova, neutron
  2. 计算节点: nova-compute, neutron agent
在Neutron里面,有几个基本概念,其实跟物理网络一样.
  1. 网络Network:三层网络, 可以包含多个子网.
  2. 子网Subnet:三层网络, 每个子网有自己的网络号(CIDR).
  3. 接口Port:虚拟网络中的接口, 类比物理网络设备上的网线接口.
  4. 路由器Router: 类比物理网络中的路由器,用于不同三层网络之前通信.
###通过 Horizon 创建网络 用有效的用户名密码登陆控制台, 找到”Network”,然后点击此栏目下面的”Networks”处,弹出网络信息页,显示当前项目的网络信息,然后通过点击”Create Network”来创建网络:
create network-2
随后, 填写网络名称, 然后可以直接不填子网信息, 直接下一步, 创建网络即可.
create network-2
###通过 Horizon 创建子网 在网络信息页,找到刚才创建的网络,点击进去:
subnet-create-1
填写子网名称, 子网的网络CIDR, 网关不指定, 默认会帮你指定为的我网络的第一个可用IP, 此时是192.1168.1.1, 不禁用网关:
subnet-create-2
###通过 Horizon 查看网络信息
通过进入网络信息页面,可以看到当前项目的所有网络,点击某个网络进去,可以看到这个网络的信息, 这个网络所包含的子网的信息, 以及这个网络里面创建的接口的信息.
network-info-1
点击某个子网或者某个接口,可以进去查看它的详细信息,比如点击子网”yan-in”
network-info-2
###通过 Horizon 创建关联某个网络的实例
在”Compute”栏目,打开里面的”Instances”, 点击”Launch Instance”按钮, 即打开的创建实例(虚拟机)的工作流了
填写主机名,选择配置,镜像等
launch-instance-1
选择主机使用的网络,点击刚才我们创建的网络”yan-test”, 点击后它自动从下的”Available networks”面移动到上面的”Selected Networks”处
launch-instance-2
忽略其他标签的设置,点击”Launch”, 即可创建使用这个网络的实例了. 若干秒后,可以看到成功创建的实例:
launch-instance-3
还可以点击实例名称”yan-test”进入查看实例详情:
launch-instance-4
###通过 命令行 创建网络 首先,创建一个网络: ``` $ neutron net-create yan-net-test01
Created a new network: +—————————+————————————–+ | Field | Value | +—————————+————————————–+ | admin_state_up | True | | id | c20a2764-1c1a-4091-ac2a-bb82f7f1d20d | | name | yan-net-test01 | | provider:physical_network | | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 0d896fe854f64e90915ce599aa1e1c0b | +—————————+————————————–+ ``` 可以通过命令查看刚才创建的网络详细信息:
  1. $ neutron net-show yan-net-test01
  2. +---------------------------+--------------------------------------+
  3. | Field | Value |
  4. +---------------------------+--------------------------------------+
  5. | admin_state_up | True |
  6. | id | c20a2764-1c1a-4091-ac2a-bb82f7f1d20d |
  7. | name | yan-net-test01 |
  8. | provider:physical_network | |
  9. | router:external | False |
  10. | shared | False |
  11. | status | ACTIVE |
  12. | subnets | |
  13. | tenant_id | 0d896fe854f64e90915ce599aa1e1c0b |
  14. +---------------------------+--------------------------------------+
更多命令可以通过help出来查看:
  1. $ neutron help | grep " net-"
  2. net-create Create a network for a given tenant.
  3. net-delete Delete a given network.
  4. net-external-list List external networks that belong to a given tenant.
  5. net-gateway-connect Add an internal network interface to a router.
  6. net-gateway-create Create a network gateway.
  7. net-gateway-delete Delete a given network gateway.
  8. net-gateway-disconnect Remove a network from a network gateway.
  9. net-gateway-list List network gateways for a given tenant.
  10. net-gateway-show Show information of a given network gateway.
  11. net-gateway-update Update the name for a network gateway.
  12. net-list List networks that belong to a given tenant.
  13. net-list-on-dhcp-agent List the networks on a DHCP agent.
  14. net-show Show information of a given network.
  15. net-update Update network's information.
某个具体命令的用法,也可以通过help来查看使用方法,可以查看命令需要哪些参数,以及它的功能. 比如刚才我们用的show命令:
  1. $ neutron help net-show
  2. usage: neutron net-show [-h] [-f {shell,table,value}] [-c COLUMN]
  3. [--max-width <integer>] [--prefix PREFIX]
  4. [--request-format {json,xml}] [-D] [-F FIELD]
  5. NETWORK
  6. Show information of a given network.
  7. positional arguments:
  8. NETWORK ID or name of network to look up.
  9. optional arguments:
  10. -h, --help show this help message and exit
  11. --request-format {json,xml}
  12. The XML or JSON request format.
  13. -D, --show-details Show detailed information.
  14. -F FIELD, --field FIELD
  15. Specify the field(s) to be returned by server. You can
  16. repeat this option.
  17. output formatters:
  18. output formatter options
  19. -f {shell,table,value}, --format {shell,table,value}
  20. the output format, defaults to table
  21. -c COLUMN, --column COLUMN
  22. specify the column(s) to include, can be repeated
  23. table formatter:
  24. --max-width <integer>
  25. Maximum display width, 0 to disable
  26. shell formatter:
  27. a format a UNIX shell can parse (variable="value")
  28. --prefix PREFIX add a prefix to all variable names
看到可以改变输出的格式,比如让输出为shell格式:
  1. $ neutron net-show yan-net-test01 -f shell
  2. admin_state_up="True"
  3. id="c20a2764-1c1a-4091-ac2a-bb82f7f1d20d"
  4. name="yan-net-test01"
  5. provider:physical_network=""
  6. router:external="False"
  7. shared="False"
  8. status="ACTIVE"
  9. subnets=""
  10. tenant_id="0d896fe854f64e90915ce599aa1e1c0b"
###通过 命令行 创建子网 查看子网,有哪些相关命令:
  1. $ neutron help | grep subnet
  2. subnet-create Create a subnet for a given tenant.
  3. subnet-delete Delete a given subnet.
  4. subnet-list List subnets that belong to a given tenant.
  5. subnet-show Show information of a given subnet.
  6. subnet-update Update subnet's information.
创建子网,就跟在horizon页面创建类似,指定网络,以及子网的CIDR等这些具体信息:
  1. $ neutron subnet-create yan-net-test01 --name yan-test01-subnet --gateway 192.168.1.1 192.168.1.0/24
  2. Created a new subnet:
  3. +------------------+--------------------------------------------------+
  4. | Field | Value |
  5. +------------------+--------------------------------------------------+
  6. | allocation_pools | {"start": "192.168.1.2", "end": "192.168.1.254"} |
  7. | cidr | 192.168.1.0/24 |
  8. | dns_nameservers | |
  9. | enable_dhcp | True |
  10. | gateway_ip | 192.168.1.1 |
  11. | host_routes | |
  12. | id | ee2c7da4-083b-4510-9fef-21a58dc47b3d |
  13. | ip_version | 4 |
  14. | name | yan-test01-subnet |
  15. | network_id | c20a2764-1c1a-4091-ac2a-bb82f7f1d20d |
  16. | tenant_id | 0d896fe854f64e90915ce599aa1e1c0b |
  17. +------------------+--------------------------------------------------+
###通过 命令行 创建Port 查看port都有哪些相关命令:
  1. $ neutron help | grep port-
  2. port-create Create a port for a given tenant.
  3. port-delete Delete a given port.
  4. port-list List ports that belong to a given tenant.
  5. port-show Show information of a given port.
  6. port-update Update port's information.
  7. router-port-list List ports that belong to a given tenant, with specified router.
创建port:
  1. $ neutron port-create yan-net-test01
  2. Created a new port:
  3. +-----------------------+------------------------------------------------------------------------------------+
  4. | Field | Value |
  5. +-----------------------+------------------------------------------------------------------------------------+
  6. | admin_state_up | True |
  7. | allowed_address_pairs | |
  8. | binding:host_id | |
  9. | binding:profile | {} |
  10. | binding:vif_details | {} |
  11. | binding:vif_type | unbound |
  12. | binding:vnic_type | normal |
  13. | device_id | |
  14. | device_owner | |
  15. | fixed_ips | {"subnet_id": "ee2c7da4-083b-4510-9fef-21a58dc47b3d", "ip_address": "192.168.1.2"} |
  16. | id | c1e9efdb-aa67-4a77-b80c-dd4321b39f1c |
  17. | mac_address | fa:16:3e:1a:f8:5b |
  18. | name | |
  19. | network_id | c20a2764-1c1a-4091-ac2a-bb82f7f1d20d |
  20. | security_groups | 5e179e17-f641-429b-a876-1361e9b4792a |
  21. | status | DOWN |
  22. | tenant_id | 0d896fe854f64e90915ce599aa1e1c0b |
  23. +-----------------------+------------------------------------------------------------------------------------+
其实创建接口,我们还可以指定很多信息,比如接口的名称,接口的IP地址, 绑定的安全组信息等, 详细可以help一下:
  1. $ neutron help port-create
  2. usage: neutron port-create [-h] [-f {shell,table,value}] [-c COLUMN]
  3. [--max-width <integer>] [--prefix PREFIX]
  4. [--request-format {json,xml}]
  5. [--tenant-id TENANT_ID] [--name NAME]
  6. [--fixed-ip subnet_id=SUBNET,ip_address=IP_ADDR]
  7. [--device-id DEVICE_ID]
  8. [--device-owner DEVICE_OWNER] [--admin-state-down]
  9. [--mac-address MAC_ADDRESS]
  10. [--security-group SECURITY_GROUP | --no-security-groups]
  11. [--extra-dhcp-opt EXTRA_DHCP_OPTS]
  12. NETWORK
  13. Create a port for a given tenant.
  14. positional arguments:
  15. NETWORK Network ID or name this port belongs to.
  16. optional arguments:
  17. -h, --help show this help message and exit
  18. --request-format {json,xml}
  19. The XML or JSON request format.
  20. --tenant-id TENANT_ID
  21. The owner tenant ID.
  22. --name NAME Name of this port.
  23. --fixed-ip subnet_id=SUBNET,ip_address=IP_ADDR
  24. Desired IP and/or subnet for this port:
  25. subnet_id=<name_or_id>,ip_address=<ip>. You can repeat
  26. this option.
  27. --device-id DEVICE_ID
  28. Device ID of this port.
  29. --device-owner DEVICE_OWNER
  30. Device owner of this port.
  31. --admin-state-down Set admin state up to false.
  32. --mac-address MAC_ADDRESS
  33. MAC address of this port.
  34. --security-group SECURITY_GROUP
  35. Security group associated with the port. You can
  36. repeat this option.
  37. --no-security-groups Associate no security groups with the port.
  38. --extra-dhcp-opt EXTRA_DHCP_OPTS
  39. Extra dhcp options to be assigned to this port: opt_na
  40. me=<dhcp_option_name>,opt_value=<value>,ip_version={4,
  41. 6}. You can repeat this option.
  42. output formatters:
  43. output formatter options
  44. -f {shell,table,value}, --format {shell,table,value}
  45. the output format, defaults to table
  46. -c COLUMN, --column COLUMN
  47. specify the column(s) to include, can be repeated
  48. table formatter:
  49. --max-width <integer>
  50. Maximum display width, 0 to disable
  51. shell formatter:
  52. a format a UNIX shell can parse (variable="value")
  53. --prefix PREFIX add a prefix to all variable names
###通过 命令行 创建指定Port的实例
首先要确定创建实例的配置大小,镜像,然后指定使用刚才创建的接口Port来创建实例:
  1. $ nova boot yan-instance01 --flavor m1.small --image Ubuntu-14.04-Server-amd64 --nic port-id=c1e9efdb-aa67-4a77-b80c-dd4321b39f1c

  3. | Property | Value |

  5. | OS-DCF:diskConfig | MANUAL |
  6. | OS-EXT-AZ:availability_zone | nova |
  7. | OS-EXT-STS:power_state | 0 |
  8. | OS-EXT-STS:task_state | - |
  9. | OS-EXT-STS:vm_state | building |
  10. | OS-SRV-USG:launched_at | - |
  11. | OS-SRV-USG:terminated_at | - |
  12. | accessIPv4 | |
  13. | accessIPv6 | |
  14. | config_drive | |
  15. | created | 2015-04-11T08:44:30Z |
  16. | default_ephemeral_device | |
  17. | default_swap_device | |
  18. | flavor | m1.small (2) |
  19. | hostId | |
  20. | id | 01a2a55e-f1d4-4b4b-a81d-e6aaf8ee4693 |
  21. | image | Ubuntu-14.04-Server-amd64 (7991bbbd-ab70-4b66-93fe-5813aac5c6c5) |
  22. | key_name | - |
  23. | metadata | {} |
  24. | name | yan-instance01 |
  25. | os-extended-volumes:volumes_attached | [] |
  26. | progress | 0 |
  27. | root_device_name | |
  28. | security_groups | default |
  29. | status | BUILD |
  30. | tenant_id | 0d896fe854f64e90915ce599aa1e1c0b |
  31. | updated | 2015-04-11T08:44:30Z |
  32. | user_id | dd446a6b042c4ecab7175dc07f91fef2 |
  33. +--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
当然,创建实例时,关于网络的选择,除了可以指定port外,你还可以指定创建实例的IP地址,如果只指定网络,其实OPENSTACK的创建流程,也会先帮你创建这个网络的一个port,只不过这个步骤没暴露出来而已.
###扩展网络地址范围
之前创建网络时只创建了一个子网,而子网的网络号(CIDR)信息是不能修改的.这里我们想要增加这个网络的地址范围,就只能在这个网络下创建多个子网,而且创建的子网不能有地址重叠,否则会报错,创建失败.
创建流程与创建第一个子网时一样.
subnet-create-3
当然,扩展网络地址范围还有种情况,就是我们创建子网时指定的地址池”Allocation Pools”,则可以通过命令行下子网修改命令来进行这个地址池的扩展,但无论怎样,地址范围都限定在创建时指定的CIDR范围里.
  1. $ neutron help subnet-updateusage: neutron subnet-update [-h] [--request-format {json,xml}] [--name NAME]
  2. [--gateway GATEWAY_IP] [--no-gateway]
  3. [--allocation-pool start=IP_ADDR,end=IP_ADDR]
  4. [--host-route destination=CIDR,nexthop=IP_ADDR]
  5. [--dns-nameserver DNS_NAMESERVER]
  6. [--disable-dhcp] [--enable-dhcp]
  7. SUBNET
地点: 中国浙江省杭州市