用openvswitch + ml2 构建vlan类型的tenant/project 网络
配置ml2 和 openvswitch_agent
配置 /etc/neutron/plugins/ml2/ml2_conf.ini
[root@controller01 ~]# cat /etc/neutron/plugins/ml2/ml2_conf.ini | grep -v '#' | grep -v '^$'
[DEFAULT]
[ml2]
type_drivers = flat,vlan
tenant_network_types = vlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = external
[ml2_type_geneve]
[ml2_type_gre]
[ml2_type_vlan]
network_vlan_ranges = external,v100:100:199
[ml2_type_vxlan]
[securitygroup]
enable_ipset = True
配置 /etc/neutron/plugins/ml2/openvswitch_agent.ini
[root@controller01 ~]# cat /etc/neutron/plugins/ml2/openvswitch_agent.ini | grep -v '#' | grep -v '^$'
[DEFAULT]
[agent]
drop_flows_on_start = false
[ovs]
integration_bridge = br-int
bridge_mappings = v100:br-v100,external:br-ex
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True
第一个文件是配置ml2的,注意
network_vlan_ranges = external,v100:100:199
这里指定了external网络没有vlan, v100网络的vlan ID是100-199。external 是flat类型的,它和v100是我们为物理网络起的名字,具体这个名字代表哪个网络,在ovs-agent的配置文件中指定,如下:
bridge_mappings = v100:br-v100,external:br-ex
这里就指定external,v100其实就是br-v100和br-ex这两个vswitch代表的物理网络。这两个物理网络要实现建立起来。
注意这里的配置是在controller节点上,所以才有external网络,在compute节点上是没有external网络的,因此compute的bridge mapping 是v100:br-v100并且不需要建立br-ex。
创建指定的ovs-br
ovs-vsctl add-br br-ex
ovs-vsctl add-br br-v100
ovs-vsctl add-port br-ex ens35
ovs-vsctl add-port br-v100 ens33
在compute节点就只创建br-v100
ovs-vsctl add-br br-v100
ovs-vsctl add-port br-v100 ens33
重启neutron 和 nova-compute
compute节点
systemctl restart openstack-nova-compute.service
systemctl restart openvswitch
systemctl restart neutron-openvswitch-agent
controller节点
systemctl restart openvswitch openstack-nova-api.service neutron-server.service
neutron-openvswitch-agent neutron-dhcp-agent.service
neutron-metadata-agent.service neutron-l3-agent.service
创建网络和虚机
首先创建external网络
. /opt/keystone/admin.openrc
neutron net-create --shared --provider:physical_network external --provider:network_type flat external
neutron subnet-create --name external
--allocation-pool start=10.79.148.38,end=10.79.148.40
--dns-nameserver 64.104.123.245 --gateway 10.79.148.1
provider 10.79.148.0/24
注意是用admin创建的,因为external网络所有人都可以访问属于数据中心网络
其次创建tenant 网络
. /opt/keystone/demo.openrc
neutron net-create selfservice
neutron subnet-create --name selfservice
--dns-nameserver 64.104.123.245 --gateway 192.168.100.1
selfservice 192.168.100.0/24
. /opt/keystone/admin.openrc
neutron net-update provider --router:external
. /opt/keystone/demo.openrc
neutron router-create router
neutron router-interface-add router selfservice
neutron router-gateway-set router provider