歡迎轉載,轉載請保留原作者信息
歡迎交流學習,共同進步!
作者:顏海峯
個人博客:http://yanheven.github.io
微博:海峯_雲計算 http://weibo.com/344736086
OpenStack 網絡介紹
隨着計算資源從物理機到虛擬機的遷移,相應地,虛擬機的網絡也從以前的物理網絡遷移到虛擬網絡.而在OpenStack這個開源的雲計算項目中,負責網絡虛擬化的是Neutron(曾用名:Quantum)和Nova-Network, 後者之前是作爲Nova的一個服務來看待,而Neutron則是一個完整的子項目,當然,提供的功能也更多,支持更多的網絡插件.本系列文章,將主要學習研究Neutron,學習不同插件的配置使用,不同網絡類型的使用.由於側重點爲網絡的配置使用,所以本文章假定讀者已經擁有一個最小的兩節點的OpenStack集羣(佈署可參考官方文檔,或者陳沙克的博文:http://www.chenshake.com/install-openstack-openstack-juno-version/).安裝如下:
- 控制節點:
keystone, glance, nova, neutron - 計算節點:
nova-compute, neutron agent
在Neutron裏面,有幾個基本概念,其實跟物理網絡一樣.
- 網絡Network: 一個獨立的二層網絡,類似物理網絡中的一個VLAN
- 子網Subnet:一個IP4 或者IP6網段
- 接口Port:虛擬網絡中的接口, 類比物理網絡設備上的網線接口.
- 路由器Router: 類比物理網絡中的路由器,用於不同三層網絡之前通信.
通過 Horizon 創建網絡
用有效的用戶名密碼登陸控制檯, 找到”Network”,然後點擊此欄目下面的”Networks”處,彈出網絡信息頁,顯示當前項目的網絡信息,然後通過點擊”Create Network”來創建網絡:
隨後, 填寫網絡名稱, 然後可以直接不填子網信息, 直接下一步, 創建網絡即可.
通過 Horizon 創建子網
在網絡信息頁,找到剛纔創建的網絡,點擊進去:
填寫子網名稱, 子網的網絡CIDR, 網關不指定, 默認會幫你指定爲的我網絡的第一個可用IP, 此時是192.168.1.1, 不禁用網關:
通過 Horizon 查看網絡信息
通過進入網絡信息頁面,可以看到當前項目的所有網絡,點擊某個網絡進去,可以看到這個網絡的信息, 這個網絡所包含的子網的信息, 以及這個網絡裏面創建的接口的信息.
點擊某個子網或者某個接口,可以進去查看它的詳細信息,比如點擊子網”yan-in”
通過 Horizon 創建關聯某個網絡的實例
在”Compute”欄目,打開裏面的”Instances”, 點擊”Launch Instance”按鈕, 即打開的創建實例(虛擬機)的工作流了
填寫主機名,選擇配置,鏡像等
選擇主機使用的網絡,點擊剛纔我們創建的網絡”yan-test”, 點擊後它自動從下的”Available networks”面移動到上面的”Selected Networks”處
忽略其他標籤的設置,點擊”Launch”, 即可創建使用這個網絡的實例了.
若干秒後,可以看到成功創建的實例:
還可以點擊實例名稱”yan-test”進入查看實例詳情:
通過 命令行 創建網絡
首先,創建一個網絡:
$ neutron net-create yan-net-test01
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | c20a2764-1c1a-4091-ac2a-bb82f7f1d20d |
| name | yan-net-test01 |
| provider:physical_network | |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 0d896fe854f64e90915ce599aa1e1c0b |
+---------------------------+--------------------------------------+可以通過命令查看剛纔創建的網絡詳細信息:
$ neutron net-show yan-net-test01
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | c20a2764-1c1a-4091-ac2a-bb82f7f1d20d |
| name | yan-net-test01 |
| provider:physical_network | |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 0d896fe854f64e90915ce599aa1e1c0b |
+---------------------------+--------------------------------------+更多命令可以通過help出來查看:
$ neutron help | grep " net-"
net-create Create a network for a given tenant.
net-delete Delete a given network.
net-external-list List external networks that belong to a given tenant.
net-gateway-connect Add an internal network interface to a router.
net-gateway-create Create a network gateway.
net-gateway-delete Delete a given network gateway.
net-gateway-disconnect Remove a network from a network gateway.
net-gateway-list List network gateways for a given tenant.
net-gateway-show Show information of a given network gateway.
net-gateway-update Update the name for a network gateway.
net-list List networks that belong to a given tenant.
net-list-on-dhcp-agent List the networks on a DHCP agent.
net-show Show information of a given network.
net-update Update network's information.
某個具體命令的用法,也可以通過help來查看使用方法,可以查看命令需要哪些參數,以及它的功能. 比如剛纔我們用的show命令:
$ neutron help net-show
usage: neutron net-show [-h] [-f {shell,table,value}] [-c COLUMN]
[--max-width <integer>] [--prefix PREFIX]
[--request-format {json,xml}] [-D] [-F FIELD]
NETWORK
Show information of a given network.
positional arguments:
NETWORK ID or name of network to look up.
optional arguments:
-h, --help show this help message and exit
--request-format {json,xml}
The XML or JSON request format.
-D, --show-details Show detailed information.
-F FIELD, --field FIELD
Specify the field(s) to be returned by server. You can
repeat this option.
output formatters:
output formatter options
-f {shell,table,value}, --format {shell,table,value}
the output format, defaults to table
-c COLUMN, --column COLUMN
specify the column(s) to include, can be repeated
table formatter:
--max-width <integer>
Maximum display width, 0 to disable
shell formatter:
a format a UNIX shell can parse (variable="value")
--prefix PREFIX add a prefix to all variable names
看到可以改變輸出的格式,比如讓輸出爲shell格式:
$ neutron net-show yan-net-test01 -f shell
admin_state_up="True"
id="c20a2764-1c1a-4091-ac2a-bb82f7f1d20d"
name="yan-net-test01"
provider:physical_network=""
router:external="False"
shared="False"
status="ACTIVE"
subnets=""
tenant_id="0d896fe854f64e90915ce599aa1e1c0b"通過 命令行 創建子網
查看子網,有哪些相關命令:
$ neutron help | grep subnet
subnet-create Create a subnet for a given tenant.
subnet-delete Delete a given subnet.
subnet-list List subnets that belong to a given tenant.
subnet-show Show information of a given subnet.
subnet-update Update subnet's information.
創建子網,就跟在horizon頁面創建類似,指定網絡,以及子網的CIDR等這些具體信息:
$ neutron subnet-create yan-net-test01 --name yan-test01-subnet --gateway 192.168.1.1 192.168.1.0/24
Created a new subnet:
+------------------+--------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------+
| allocation_pools | {"start": "192.168.1.2", "end": "192.168.1.254"} |
| cidr | 192.168.1.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 192.168.1.1 |
| host_routes | |
| id | ee2c7da4-083b-4510-9fef-21a58dc47b3d |
| ip_version | 4 |
| name | yan-test01-subnet |
| network_id | c20a2764-1c1a-4091-ac2a-bb82f7f1d20d |
| tenant_id | 0d896fe854f64e90915ce599aa1e1c0b |
+------------------+--------------------------------------------------+
通過 命令行 創建Port
查看port都有哪些相關命令:
$ neutron help | grep port-
port-create Create a port for a given tenant.
port-delete Delete a given port.
port-list List ports that belong to a given tenant.
port-show Show information of a given port.
port-update Update port's information.
router-port-list List ports that belong to a given tenant, with specified router.
創建port:
$ neutron port-create yan-net-test01
Created a new port:
+-----------------------+------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:host_id | |
| binding:profile | {} |
| binding:vif_details | {} |
| binding:vif_type | unbound |
| binding:vnic_type | normal |
| device_id | |
| device_owner | |
| fixed_ips | {"subnet_id": "ee2c7da4-083b-4510-9fef-21a58dc47b3d", "ip_address": "192.168.1.2"} |
| id | c1e9efdb-aa67-4a77-b80c-dd4321b39f1c |
| mac_address | fa:16:3e:1a:f8:5b |
| name | |
| network_id | c20a2764-1c1a-4091-ac2a-bb82f7f1d20d |
| security_groups | 5e179e17-f641-429b-a876-1361e9b4792a |
| status | DOWN |
| tenant_id | 0d896fe854f64e90915ce599aa1e1c0b |
+-----------------------+------------------------------------------------------------------------------------+其實創建接口,我們還可以指定很多信息,比如接口的名稱,接口的IP地址, 綁定的安全組信息等, 詳細可以help一下:
$ neutron help port-create
usage: neutron port-create [-h] [-f {shell,table,value}] [-c COLUMN]
[--max-width <integer>] [--prefix PREFIX]
[--request-format {json,xml}]
[--tenant-id TENANT_ID] [--name NAME]
[--fixed-ip subnet_id=SUBNET,ip_address=IP_ADDR]
[--device-id DEVICE_ID]
[--device-owner DEVICE_OWNER] [--admin-state-down]
[--mac-address MAC_ADDRESS]
[--security-group SECURITY_GROUP | --no-security-groups]
[--extra-dhcp-opt EXTRA_DHCP_OPTS]
NETWORK
Create a port for a given tenant.
positional arguments:
NETWORK Network ID or name this port belongs to.
optional arguments:
-h, --help show this help message and exit
--request-format {json,xml}
The XML or JSON request format.
--tenant-id TENANT_ID
The owner tenant ID.
--name NAME Name of this port.
--fixed-ip subnet_id=SUBNET,ip_address=IP_ADDR
Desired IP and/or subnet for this port:
subnet_id=<name_or_id>,ip_address=<ip>. You can repeat
this option.
--device-id DEVICE_ID
Device ID of this port.
--device-owner DEVICE_OWNER
Device owner of this port.
--admin-state-down Set admin state up to false.
--mac-address MAC_ADDRESS
MAC address of this port.
--security-group SECURITY_GROUP
Security group associated with the port. You can
repeat this option.
--no-security-groups Associate no security groups with the port.
--extra-dhcp-opt EXTRA_DHCP_OPTS
Extra dhcp options to be assigned to this port: opt_na
me=<dhcp_option_name>,opt_value=<value>,ip_version={4,
6}. You can repeat this option.
output formatters:
output formatter options
-f {shell,table,value}, --format {shell,table,value}
the output format, defaults to table
-c COLUMN, --column COLUMN
specify the column(s) to include, can be repeated
table formatter:
--max-width <integer>
Maximum display width, 0 to disable
shell formatter:
a format a UNIX shell can parse (variable="value")
--prefix PREFIX add a prefix to all variable names通過 命令行 創建指定Port的實例
首先要確定創建實例的配置大小,鏡像,然後指定使用剛纔創建的接口Port來創建實例:
$ nova boot yan-instance01 --flavor m1.small --image Ubuntu-14.04-Server-amd64 --nic port-id=c1e9efdb-aa67-4a77-b80c-dd4321b39f1c
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Property | Value |
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | - |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| config_drive | |
| created | 2015-04-11T08:44:30Z |
| default_ephemeral_device | |
| default_swap_device | |
| flavor | m1.small (2) |
| hostId | |
| id | 01a2a55e-f1d4-4b4b-a81d-e6aaf8ee4693 |
| image | Ubuntu-14.04-Server-amd64 (7991bbbd-ab70-4b66-93fe-5813aac5c6c5) |
| key_name | - |
| metadata | {} |
| name | yan-instance01 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| root_device_name | |
| security_groups | default |
| status | BUILD |
| tenant_id | 0d896fe854f64e90915ce599aa1e1c0b |
| updated | 2015-04-11T08:44:30Z |
| user_id | dd446a6b042c4ecab7175dc07f91fef2 |
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
當然,創建實例時,關於網絡的選擇,除了可以指定port外,你還可以指定創建實例的IP地址,如果只指定網絡,其實OPENSTACK的創建流程,也會先幫你創建這個網絡的一個port,只不過這個步驟沒暴露出來而已.
擴展網絡地址範圍
之前創建網絡時只創建了一個子網,而子網的網絡號(CIDR)信息是不能修改的.這裏我們想要增加這個網絡的地址範圍,就只能在這個網絡下創建多個子網,而且創建的子網不能有地址重疊,否則會報錯,創建失敗.
創建流程與創建第一個子網時一樣.
當然,擴展網絡地址範圍還有種情況,就是我們創建子網時指定的地址池”Allocation Pools”,則可以通過命令行下子網修改命令來進行這個地址池的擴展,但無論怎樣,地址範圍都限定在創建時指定的CIDR範圍裏.
$ neutron help subnet-updateusage: neutron subnet-update [-h] [--request-format {json,xml}] [--name NAME]
[--gateway GATEWAY_IP] [--no-gateway]
[--allocation-pool start=IP_ADDR,end=IP_ADDR]
[--host-route destination=CIDR,nexthop=IP_ADDR]
[--dns-nameserver DNS_NAMESERVER]
[--disable-dhcp] [--enable-dhcp]
SUBNET