openstack grizzly版network网络节点安装
版本以及源的配置和控制节点一致
1.安装完操作系统已经apt源配置完成之后,一定要执行 apt-get update
root@cloud:~# mv /etc/apt/sources.list /etc/apt/sources.list.bak #备份一下原来的源 root@cloud:~# vi /etc/apt/sources.list deb http://mirrors.163.com/ubuntu/ precise main restricted universe multiverse deb http://mirrors.163.com/ubuntu/ precise-security main restricted universe multiverse deb http://mirrors.163.com/ubuntu/ precise-updates main restricted universe multiverse deb http://mirrors.163.com/ubuntu/ precise-proposed main restricted universe multiverse deb http://mirrors.163.com/ubuntu/ precise-backports main restricted universe multiverse deb-src http://mirrors.163.com/ubuntu/ precise main restricted universe multiverse deb-src http://mirrors.163.com/ubuntu/ precise-security main restricted universe multiverse deb-src http://mirrors.163.com/ubuntu/ precise-updates main restricted universe multiverse deb-src http://mirrors.163.com/ubuntu/ precise-proposed main restricted universe multiverse deb-src http://mirrors.163.com/ubuntu/ precise-backports main restricted universe multiverse #加入163源,163源每6个小时与官方源站同步一次。 root@cloud:~# apt-get update root@cloud:~# apt-get install ubuntu-cloud-keyring #安装cloud版本密钥(我这么理解) root@cloud:~# vi /etc/apt/sources.list.d/cloud-archive.list #加入版本库地址 deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main
2.加入版本库地址.
root@cloud:~# vi /etc/apt/sources.list.d/cloud-archive.list deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main root@cloud:~# apt-get update && apt-get upgrade
3.配置grizzly源
root@cloud:~# vi /etc/apt/sources.list.d/grizzly.list 加入grizzly源 deb http://archive.gplhost.com/debian grizzly main deb http://archive.gplhost.com/debian grizzly-backports main root@cloud:~# apt-get update #执行的时候会出错,记录NO_PUBKEY后面的密钥。 W: GPG error: http://archive.gplhost.com grizzly Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 64AA94D00B849883 W: GPG error: http://archive.gplhost.com grizzly-backports Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 64AA94D00B849883 上面错误解决办法:(注意--recy-key 后面的内容,是你出错时记录的,不要原本照着复制 ) root@cloud:~# gpg --keyserver pgpkeys.mit.edu --recv-key 64AA94D00B849883 root@cloud:~# gpg -a --export 64AA94D00B849883 | sudo apt-key add - root@cloud:~# apt-get update root@cloud:~# apt-get install gplhost-archive-keyring root@cloud:~# apt-get upgrade
4.网卡配置:/etc/network/interface
root@network:~# cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The eth0 network interface auto eth0 iface eth0 inet static address 10.10.10.9 netmask 255.255.255.0 # The eth1 network interface auto eth1 iface eth1 inet dhcp root@network:~#
5.开启包转发以及包反向过滤技术。
root@network:~# vi /etc/sysctl.conf net.ipv4.ip_forward = 1 net.ipv4.conf.all.forwarding = 1 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0
root@network:~# /etc/init.d/networking restart 重启网卡
* Running /etc/init.d/networking restart is deprecated because it may not enable again some interfaces
* Reconfiguring network interfaces... ssh stop/waiting
ssh start/running, process 28618
ssh stop/waiting
ssh start/running, process 28693
[ OK ]
root@network:~#
root@network:~# sysctl -e -p /etc/sysctl.conf 应用修改
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
检查是否成功。查看/proc/sys/net/ipv4/ip_forward 配置文件中的数字是否是1
root@network:~# cat /proc/sys/net/ipv4/ip_forward
1
root@network:~#
6.安装ntp服务:
root@network:~# apt-get install -y ntp
7.安装quantum软件包:
root@network:~# apt-get install quantum-plugin-openvswitch-agent quantum-dhcp-agent quantum-l3-agent
并确认
root@network:~# vi /etc/quantum/quantum.conf 目录下有以下一行内容。
root_helper = sudo quantum-rootwrap /etc/quantum/rootwrap.conf
启动:虚拟交换服务openvswitch
root@network:~# service openvswitch-switch restart
* ovs-brcompatd is not running
* Killing ovs-vswitchd (2845)
* Killing ovsdb-server (2836)
* Starting ovsdb-server
* Configuring Open vSwitch system IDs
* Starting ovs-vswitchd
root@network:~#
8.建立内网和外网的桥接:
root@network:~# ovs-vsctl add-br br-ex root@network:~# ovs-vsctl add-port br-ex eth1 root@network:~# ovs-vsctl add-br br-int
9.编辑网卡:
root@network:~# vi /etc/network/interfaces # The loopback network interface auto lo iface lo inet loopback # The eth0 network interface auto eth0 iface eth0 inet static address 10.10.10.9 netmask 255.255.255.0 # The eth1 network interface auto eth1 iface eth1 inet manual #这里说明一下,eth1必须设置为手动(manual),因为它是根据br-ex变化的,当你的br-ex为dhcp,那么eth1也就被当作dhcp up ip address add 0/0 dev $IFACE up ip link set $IFACE up down ip link set $IFACE down # The br-ex network interface auto br-ex iface br-ex inet dhcp #由于我的网卡是自动获取,所以我这里设置为自动获取
重启网卡:
root@network:~# /etc/init.d/networking restart
* Running /etc/init.d/networking restart is deprecated because it may not enable again some interfaces
* Reconfiguring network interfaces... ssh stop/waiting
ssh start/running, process 6152
ssh stop/waiting
ssh start/running, process 6243
ssh stop/waiting
ssh start/running, process 6317
[ OK ]
root@network:~#
查看你的网卡桥接是否生效,这里br-ex会自动获取ip
root@network:~# ifconfig
br-ex Link encap:Ethernet HWaddr 00:0c:29:61:1d:84
inet addr:172.16.56.100 Bcast:172.16.56.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe61:1d84/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:735 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:162839 (162.8 KB) TX bytes:1152 (1.1 KB)
eth0 Link encap:Ethernet HWaddr 00:0c:29:61:1d:7a
inet addr:10.10.10.9 Bcast:10.10.10.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe61:1d7a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3573 errors:0 dropped:63 overruns:0 frame:0
TX packets:709 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:929951 (929.9 KB) TX bytes:109655 (109.6 KB)
eth1 Link encap:Ethernet HWaddr 00:0c:29:61:1d:84
inet6 addr: fe80::20c:29ff:fe61:1d84/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:204083 errors:0 dropped:0 overruns:0 frame:0
TX packets:30603 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:196967753 (196.9 MB) TX bytes:2920747 (2.9 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:578 errors:0 dropped:0 overruns:0 frame:0
TX packets:578 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:36048 (36.0 KB) TX bytes:36048 (36.0 KB)
root@network:~# ping www.baidu.com
PING www.a.shifen.com (220.181.111.148) 56(84) bytes of data.
64 bytes from 220.181.111.148: icmp_req=1 ttl=49 time=14.7 ms
64 bytes from 220.181.111.148: icmp_req=2 ttl=49 time=14.2 ms
^C
--- www.a.shifen.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 14.271/14.497/14.723/0.226 ms
root@network:~#
删除设备中eth1的地址
添加br-ex的地址
root@network:~# ip addr del 172.16.56.100/24 dev eth1
RTNETLINK answers: Cannot assign requested address #添加和删除时出错,说明这两个网卡已经自动添加或者删除这两步可以不用执行
root@network:~# ip addr add 172.16.56.100/24 dev br-ex
RTNETLINK answers: File exists
9.使用iptables实现nat地址转换,与控制节点建立关联。
root@network:~# iptables -A FORWARD -i eth1 -o br-ex -s 10.10.10.0/24 -m conntrack --ctstate NEW -j ACCEPT root@network:~# iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT root@network:~# iptables -A POSTROUTING -s 10.10.10.0/24 -t nat -j MASQUERADE
10.编辑配置quantum.conf配置文件:
root@network:~# vi /etc/quantum/quantum.conf
[DEFAULT]
verbose = True
rabbit_password = openstack
rabbit_host = 10.10.10.10
[keystone_authtoken]
auth_host = 10.10.10.10
admin_tenant_name = service
admin_user = quantum
admin_password = openstack
root@network:~# vi /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini
[DATABASE]
sql_connection = mysql://quantum:password@10.10.10.10/quantum
[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
local_ip = 10.10.10.9
[securitygroup]
firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
root@network:~# vi /etc/quantum/dhcp_agent.ini
[DEFAULT]
enable_isolated_metadata = True
enable_metadata_network = True
root@network:~# vi /etc/quantum/metadata_agent.ini
[DEFAULT]
auth_url = http://10.10.10.10:35357/v2.0
auth_region = RegionOne
admin_tenant_name = service
admin_user = quantum
admin_password = password
nova_metadata_ip = 10.10.10.10
metadata_proxy_shared_secret = password
重启服务:
root@network:~# /etc/init.d/quantum-plugin-openvswitch-agent restart
root@network:~# /etc/init.d/quantum-dhcp-agent restart
root@network:~# /etc/init.d/quantum-metadata-agent restart
root@network:~# /etc/init.d/quantum-l3-agent restart^
root@network:~#
查看看日志:
root@network:/var/log/quantum# tail -n 3 dhcp-agent.log
2013-10-27 06:12:50 DEBUG [quantum.openstack.common.rpc.amqp] UNIQUE_ID is dbe93d3d17894b80bcf9fa81785cb7cc.
2013-10-27 06:12:54 DEBUG [quantum.openstack.common.rpc.amqp] Making asynchronous cast on q-plugin...
2013-10-27 06:12:54 DEBUG [quantum.openstack.common.rpc.amqp] UNIQUE_ID is c06ebff5c4e14f95954bce7a6b15406e.
root@network:/var/log/quantum#
----------------------------------------
root@network:/var/log/quantum# tail -n 3 l3-agent.log
2013-10-27 06:14:23 DEBUG [quantum.openstack.common.periodic_task] Running periodic task L3NATAgentWithStateReport._sync_routers_task
2013-10-27 06:14:25 DEBUG [quantum.openstack.common.rpc.amqp] Making asynchronous cast on q-plugin...
2013-10-27 06:14:25 DEBUG [quantum.openstack.common.rpc.amqp] UNIQUE_ID is cfd4a18138764474ac212f76550b719d.
root@network:/var/log/quantum#
----------------------------------------
root@network:/var/log/quantum# tail -n 3 metadata-agent.log
2013-10-27 06:10:53 DEBUG [quantum.agent.metadata.agent] DATABASE.sqlalchemy_pool_size = None
2013-10-27 06:10:53 DEBUG [quantum.agent.metadata.agent] DATABASE.sqlalchemy_pool_timeout = None
2013-10-27 06:10:53 DEBUG [quantum.agent.metadata.agent] ********************************************************************************
root@network:/var/log/quantum#
----------------------------------------
root@network:/var/log/quantum# tail -n 10 openvswitch-agent.log
Command: ['sudo', 'quantum-rootwrap', '/etc/quantum/rootwrap.conf', 'ovs-vsctl', '--timeout=2', 'list-ports', 'br-int']
Exit code: 0
Stdout: 'patch-tun\n'
Stderr: ''
2013-10-27 06:15:26 DEBUG [quantum.agent.linux.utils] Running command: ['sudo', 'quantum-rootwrap', '/etc/quantum/rootwrap.conf', 'ovs-vsctl', '--timeout=2', '--format=json', '--', '--columns=name,external_ids', 'list', 'Interface']
2013-10-27 06:15:26 DEBUG [quantum.agent.linux.utils]
Command: ['sudo', 'quantum-rootwrap', '/etc/quantum/rootwrap.conf', 'ovs-vsctl', '--timeout=2', '--format=json', '--', '--columns=name,external_ids', 'list', 'Interface']
Exit code: 0
Stdout: '{"data":[["patch-tun",["map",[]]],["br-tun",["map",[]]],["eth1",["map",[]]],["patch-int",["map",[]]],["br-int",["map",[]]],["br-ex",["map",[]]]],"headings":["name","external_ids"]}\n'
Stderr: ''
root@network:/var/log/quantum#
----------------------------------------
openvswitch-agent.log 日志中出现
ERROR [quantum.plugins.openvswitch.agent.ovs_quantum_agent] Failed to create OVS patch port. ....
或者启动openvswitch-switch时出现
ovs-vswitchd is not running #这里提示没有运行,可以通过命令查看是运行的,这里只是缺少相应的依赖包
root@network:/var/log/quantum# /usr/share/openvswitch/scripts/ovs-ctl status
ovsdb-server is running with pid 20343
ovs-vswitchd is running with pid 20352
ovs-brcompatd is not running
首先查看brcompatd模块是否加载:
root@network:/var/log/quantum# lsmod | grep brco
brcompat 13513 0
openvswitch 84161 4 brcompat #说明模块是加载的,可是怎么都起不来,因为没有安装openstack-common
解决以上错误的办法:
root@network~# apt-get install openvswitch-common openvswitch-datapath-dkms openvswitch-datapath-source openvswitch-switch quantum-plugin-openvswitch quantum-plugin-openvswitch-agentn-openvswitch-agent
11.创建一个虚拟网络:
加载环境变量: root@network:~# vi .openrc export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=openstack export OS_AUTH_URL="http://10.10.10.10:5000/v2.0/" export SERVICE_ENDPOINT="http://10.10.10.10:35357/v2.0" export SERVICE_TOKEN=openstack root@network:~# source /root/.openrc root@network:~# echo "source /root/.openrc" >> /root/.bashrc root@network:~#
11.1创建网卡脚本(根据个人喜好更改其中对应的ip即可):
#!/bin/bash TENANT_NAME="demo" TENANT_NETWORK_NAME="demo-net" TENANT_SUBNET_NAME="${TENANT_NETWORK_NAME}-subnet" TENANT_ROUTER_NAME="demo-router" FIXED_RANGE="10.5.5.0/24" NETWORK_GATEWAY="10.5.5.1" TENANT_ID=$(keystone tenant-list | grep " $TENANT_NAME " | awk '{print $2}') TENANT_NET_ID=$(quantum net-create --tenant_id $TENANT_ID $TENANT_NETWORK_NAME --provider:network_type gre -- provider:segmentation_id 1 | grep " id " | awk '{print $4}') TENANT_SUBNET_ID=$(quantum subnet-create --tenant_id $TENANT_ID --ip_version 4 --name $TENANT_SUBNET_NAME $TENANT_NET_ID $FIXED_RANGE --gateway $NETWORK_GATEWAY --dns_nameservers list=true 8.8.8.8 | grep " id " | awk '{print $4}') ROUTER_ID=$(quantum router-create --tenant_id $TENANT_ID $TENANT_ROUTER_NAME | grep " id " | awk '{print $4}') quantum router-interface-add $ROUTER_ID $TENANT_SUBNET_ID
#人品不好总是执失败,所以一般都是自己手动写
11.2建立虚拟网卡之前:
11.3.1手动建立虚拟网卡:
root@network:~# quantum net-create --tenant_id 8d428dd34477470d95ad6ad4df0d2dd4 demo-net --provider:network_type gre --provider:segmentation_id 1 Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 46db2c2f-66c4-41ef-a497-07f6142a3326 | | name | demo-net | | provider:network_type | gre | | provider:physical_network | | | provider:segmentation_id | 1 | | router:external | False | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 8d428dd34477470d95ad6ad4df0d2dd4 | +---------------------------+--------------------------------------+ root@network:~#
11.3.2执行以上命令之后(不要照搬,上面的tenantID是demo用户的tenantID):
11.4执行以下命令其中:
demo-tenant-id 8d428dd34477470d95ad6ad4df0d2dd4
所前面所创建网络类型的ID:46db2c2f-66c4-41ef-a497-07f6142a3326
虚拟网络名称:subnet
root@network:~# quantum subnet-create --tenant_id 8d428dd34477470d95ad6ad4df0d2dd4 --ip_version 4 --name subnet 46db2c2f-66c4-41ef-a497-07f6142a3326 192.168.1.0/24 --gateway 192.168.1.1 --dns_nameservers list=true 8.8.8.8 Created a new subnet: +------------------+--------------------------------------------------+ | Field | Value | +------------------+--------------------------------------------------+ | allocation_pools | {"start": "192.168.1.2", "end": "192.168.1.254"} | | cidr | 192.168.1.0/24 | | dns_nameservers | 8.8.8.8 | | enable_dhcp | True | | gateway_ip | 192.168.1.1 | | host_routes | | | id | 04d73c47-82f1-41b3-840a-d05dd3ab9079 | | ip_version | 4 | | name | subnet | | network_id | 46db2c2f-66c4-41ef-a497-07f6142a3326 | | tenant_id | 8d428dd34477470d95ad6ad4df0d2dd4 | +------------------+--------------------------------------------------+ root@network:~#
11.4.1查看控制台的效果:
15建立一个虚拟路由:
root@network:~# quantum router-create --tenant_id 8d428dd34477470d95ad6ad4df0d2dd4 demo-router Created a new router: +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | admin_state_up | True | | external_gateway_info | | | id | c246274d-9950-4369-b54c-dd6f53aa1bd6 | | name | demo-router | | status | ACTIVE | | tenant_id | 8d428dd34477470d95ad6ad4df0d2dd4 | +-----------------------+--------------------------------------+ root@network:~#
15.1在控制台查看:
16.将路由添加到192.168.1.0 网段:
路由ID: c246274d-9950-4369-b54c-dd6f53aa1bd6
subnetID : 04d73c47-82f1-41b3-840a-d05dd3ab9079
root@network:~# quantum router-interface-add c246274d-9950-4369-b54c-dd6f53aa1bd6 04d73c47-82f1-41b3-840a-d05dd3ab9079 Added interface to router c246274d-9950-4369-b54c-dd6f53aa1bd6 root@network:~#
16.1在控制台查看结果:
17.也可以通过命令行查看:
root@network:~# quantum net-list
+--------------------------------------+----------+-----------------------------------------------------+
| id | name | subnets |
+--------------------------------------+----------+-----------------------------------------------------+
| 46db2c2f-66c4-41ef-a497-07f6142a3326 | demo-net | 04d73c47-82f1-41b3-840a-d05dd3ab9079 192.168.1.0/24 |
+--------------------------------------+----------+-----------------------------------------------------+
root@network:~# quantum router-list
+--------------------------------------+-------------+-----------------------+
| id | name | external_gateway_info |
+--------------------------------------+-------------+-----------------------+
| c246274d-9950-4369-b54c-dd6f53aa1bd6 | demo-router | null |
+--------------------------------------+-------------+-----------------------+
root@network:~# quantum quota-list
root@network:~# quantum subnet-list
+--------------------------------------+--------+----------------+--------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+--------+----------------+--------------------------------------------------+
| 04d73c47-82f1-41b3-840a-d05dd3ab9079 | subnet | 192.168.1.0/24 | {"start": "192.168.1.2", "end": "192.168.1.254"} |
+--------------------------------------+--------+----------------+--------------------------------------------------+
root@network:~#
18.建立公共网络:
root@network:~# quantum net-create public --router:external=True Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | f27bd344-b096-4ce3-8a41-5002e7ed39ab | | name | public | | provider:network_type | gre | | provider:physical_network | | | provider:segmentation_id | 2 | | router:external | True | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 139ea7b2f2444bcd85c327c1671708e1 | +---------------------------+--------------------------------------+
划分一下公用网络的子网:
root@network:~# quantum subnet-create --ip_version 4 --gateway 172.16.56.1 public 172.16.56.0/24 --allocation-pool start=172.16.56.100,end=172.16.56.250 --disable-dhcp --name public-subnet Created a new subnet: +------------------+----------------------------------------------------+ | Field | Value | +------------------+----------------------------------------------------+ | allocation_pools | {"start": "172.16.56.100", "end": "172.16.56.250"} | | cidr | 172.16.56.0/24 | | dns_nameservers | | | enable_dhcp | False | | gateway_ip | 172.16.56.1 | | host_routes | | | id | 835f2e4c-e155-4679-a642-cb70bed04a7b | | ip_version | 4 | | name | public-subnet | | network_id | f27bd344-b096-4ce3-8a41-5002e7ed39ab | | tenant_id | 139ea7b2f2444bcd85c327c1671708e1 | +------------------+----------------------------------------------------+
允许demo路由通过公共路由上公用网络:
root@network:~# quantum router-gateway-set demo-router public Set gateway for router demo-router root@network:~#
19.查看控制台效果:
网络节点至此完成~~~
