这篇文章讲述了,从无到有搭建 Neutron 网络的方法。在动手做的过程中,帮助读者逐步熟悉和理解 Neutron 网络中的概念。
由于工作原因,我可以访问一个已经安装好 OpenStack 的环境,下面是我在这个环境中,搭建Neutron网络的过程。
1 准备工作
$ openstack --version
openstack 3.2.1
删除不用的东西,为稍后搭建 Neutron 网络做准备:
$ openstack project list --user $(echo $USER)
$ glance image-list --owner <project-id>
$ glance image-delete <image-id>
$ heat stack-list
$ heat stack-delete <stack-id>
$ nova list
$ nova delete <server-id>
$ neutron router-list
$ neutron router-delete <router-id>
$ neutron net-list
$ neutron net-delete <network-id>
...
CirrOS是最小的Linux,OpenStack租户镜像,下载并添加该镜像到OpenStack。
http://download.cirros-cloud.net/
从这个网站上下载最新的CirrOS镜像,例如:
$ wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
$ glance image-create --name cirros --file ./cirros-0.3.5-x86_64-disk.img --container-format bare --disk-format qcow2
2 设计我们想要搭建的 Neutron 网络
image.png
3 实现 Neutron 网络
$ neutron net-create GREEN
$ neutron subnet-create --name 10_10_10 GREEN 10.10.10.0/24
$ neutron net-show GREEN
$ neutron net-list --name GREEN
+--------------------------------------+-------+-----------------------------------------+
| id | name | subnets |
+--------------------------------------+-------+-----------------------------------------+
| 1bf07a93-749f-48b5-b5af-0c0862f00de7 | GREEN | 44a15173-f83d-442e-9361-4cda39c3aae5 |
| | | 10.10.10.0/24 |
+--------------------------------------+-------+-----------------------------------------+
$ nova boot --flavor m1.tiny --image cirros --nic net-name=GREEN VM1
$ nova boot --flavor m1.tiny --image cirros --nic net-name=GREEN VM2
$ nova list
+--------------------------------------+------+--------+------------+-------------+-------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+------+--------+------------+-------------+-------------------+
| f2e6daae-a29f-4b9e-aba1-1b33fff7af6f | VM1 | ACTIVE | - | Running | GREEN=10.10.10.6 |
| 7db9b082-71b1-499f-b1d6-76a65d6a4758 | VM2 | ACTIVE | - | Running | GREEN=10.10.10.11 |
+--------------------------------------+------+--------+------------+-------------+-------------------+
至此,设想的网络和两个虚拟机就建好了。通过串口登陆VM-1,ping和ssh命令都没有问题。(注:串口界面从
OpenStack 的 horizon dashboard 上打开,也就是用浏览器打开http://<openstack的ip地址>。)
image.png
4 搭建第二个子网
image.png
$ neutron subnet-create --name 10_10_20 GREEN 10.10.20.0/24
$ neutron net-list --name GREEN
+-------------------------------+-------+-------------------------------+
| id | name | subnets |
+-------------------------------+-------+-------------------------------+
| 1bf07a93-749f-48b5-b5af- | GREEN | 8797e2b2-d866-49ba-a99d- |
| 0c0862f00de7 | | 96866d23d3f6 10.10.20.0/24 |
| | | 44a15173-f83d- |
| | | 442e-9361-4cda39c3aae5 |
| | | 10.10.10.0/24 |
+-------------------------------+-------+-------------------------------+
$ nova boot --flavor m1.tiny --image cirros --nic net-name=GREEN VM3
$ nova list
如果VM3的IP地址是10.10.20.x,就不需要做下面的步骤了。
如果IP地址是10.10.10.x,则要把VM3的IP地址换到第二个子网中,步骤如下。
在我实验的过程中,两种情况都出现过。
$ nova interface-list VM3
+------------+--------------------------------------+--------------------------------------+--------------+-------------------+
| Port State | Port ID | Net ID | IP addresses | MAC Addr |
+------------+--------------------------------------+--------------------------------------+--------------+-------------------+
| ACTIVE | 334aeb88-2417-4e56-9fcf-3e129180bb33 | 1bf07a93-749f-48b5-b5af-0c0862f00de7 | 10.10.10.5 | fa:16:3e:32:17:ba |
+------------+--------------------------------------+--------------------------------------+--------------+-------------------+
$ neutron port-update 334aeb88-2417-4e56-9fcf-3e129180bb33 --fixed-ip subnet_id=8797e2b2-d866-49ba-a99d-96866d23d3f6
$ nova reboot VM3
$ nova list
+--------------------------------------+------+--------+------------+-------------+-------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+------+--------+------------+-------------+-------------------+
| f2e6daae-a29f-4b9e-aba1-1b33fff7af6f | VM1 | ACTIVE | - | Running | GREEN=10.10.10.6 |
| 7db9b082-71b1-499f-b1d6-76a65d6a4758 | VM2 | ACTIVE | - | Running | GREEN=10.10.10.11 |
| 049a8c1f-e3b5-45dc-affc-5e037b688cb3 | VM3 | ACTIVE | - | Running | GREEN=10.10.20.9 |
+--------------------------------------+------+--------+------------+-------------+-------------------+
至此,两个子网就建好了。没有路由器,两个独立的网络是无法通信的,所以接下来搭建路由器。
5 搭建路由器
要搭建的样子:
image.png
$ neutron router-create RTE
$ neutron router-interface-add RTE 10_10_10
$ neutron router-interface-add RTE 10_10_20
$ neutron router-port-list RTE
+-------------------------------+------+-------------------+-------------------------------+
| id | name | mac_address | fixed_ips |
+-------------------------------+------+-------------------+-------------------------------+
| 4f21ad82-9e1e-4712-bac0-533c2 | | fa:16:3e:12:de:ef | {"subnet_id": "8797e2b2-d866 |
| c305f3b | | | -49ba-a99d-96866d23d3f6", |
| | | | "ip_address": "10.10.20.1"} |
| d340c2c5-8f72-46f0-af6a- | | fa:16:3e:34:c7:d4 | {"subnet_id": "44a15173-f83d- |
| f89be0004f64 | | | 442e-9361-4cda39c3aae5", |
| | | | "ip_address": "10.10.10.1"} |
+-------------------------------+------+-------------------+-------------------------------+
现在,两个子网通了。
如图示,从VM1 ping 其他网络节点:
image.png
6 连接外网(互联网)
在我的实验环境中,有一个可以连接互联网的网络,名字叫 extnet-vxlan-0,接下来我要把路由器 RTE 连接到这个网络:
$ neutron router-gateway-set RTE extnet-vxlan-0
通过 VM1 的串口,现在已经可以访问互联网了。
image.png
216.58.204.132是 google 的 IP 地址,因为没有设置 DNS 服务器,所以还不能 ping google 的域名。
7 漂浮的IP(Floating IP)
目前,可以从任一 VM 访问外网,可是从外网访问 VM 却是不行的。这也是我们为什么不能使用 SSH 登陆 VM,而要一直使用极不方便的串口。
接下来,我们将依靠漂浮 IP 的帮助,来实现 SSH 到 VM 的目的。
$ neutron floatingip-list
$ neutron floatingip-create extnet-vxlan-0
$ neutron floatingip-list
+-------------------+------------------+---------------------+---------+
| id | fixed_ip_address | floating_ip_address | port_id |
+-------------------+------------------+---------------------+---------+
| 04ab3066-42fb-481 | | 10.37.227.9 | |
| 2-a1e9-da20899d93 | | | |
| 6b | | | |
+-------------------+------------------+---------------------+---------+
$ nova interface-list VM1
+------------+--------------------------------------+--------------------------------------+--------------+-------------------+
| Port State | Port ID | Net ID | IP addresses | MAC Addr |
+------------+--------------------------------------+--------------------------------------+--------------+-------------------+
| ACTIVE | 59811c52-7bb9-40a4-aece-f1617a3bb3b2 | f54df554-7cd5-41c9-9d9f-3bf5677f8aa1 | 10.10.10.3 | fa:16:3e:2f:61:22 |
+------------+--------------------------------------+--------------------------------------+--------------+-------------------+
$ neutron floatingip-associate 04ab3066-42fb-4812-a1e9-da20899d936b 59811c52-7bb9-40a4-aece-f1617a3bb3b2
$ neutron floatingip-list
+-----------------+------------------+---------------------+-----------------+
| id | fixed_ip_address | floating_ip_address | port_id |
+-----------------+------------------+---------------------+-----------------+
| 04ab3066-42fb-4 | 10.10.10.3 | 10.37.227.9 | 59811c52-7bb9-4 |
| 812-a1e9-da2089 | | | 0a4-aece- |
| 9d936b | | | f1617a3bb3b2 |
+-----------------+------------------+---------------------+-----------------+
$ ping 10.37.227.9
PING 10.37.227.9 (10.37.227.9) 56(84) bytes of data.
64 bytes from 10.37.227.9: icmp_seq=1 ttl=59 time=25.0 ms
64 bytes from 10.37.227.9: icmp_seq=2 ttl=59 time=0.336 ms
^C
--- 10.37.227.9 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.336/12.683/25.030/12.347 ms
[hranuser4@controller-0 lane(keystone_hranuser4)]$ ssh cirros@10.37.227.9
The authenticity of host '10.37.227.9 (10.37.227.9)' can't be established.
RSA key fingerprint is 61:8e:ba:0f:64:66:98:fe:8d:7d:17:dc:ca:37:7a:8d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.37.227.9' (RSA) to the list of known hosts.
cirros@10.37.227.9's password:
$ hostname
vm1
8 总结
最终网络的样子:
image.png
参考文献
1 Everything you need to know to get started with Neutron
2 Get images for OpenStack: CirrOS
网友评论