Openstack基於linuxbridge實現VLAN網絡

使用linuxbridge實現vlan網絡類型，並啓用l3路由服務。

    OpenvSwitch與Linux bridge可應用於不同的的場景，對於SDN集中管理等特性時，Open vSwitch更加有優勢，但是在穩定性，大規模網絡部署等場景中Linux bridge 是個不錯的選擇。

環境：

Openstack版本：Mitaka
系統：CentOS Linux release 7.2.1511 (Core) 
內核：3.10.0-327.el7.x86_64
關於配置文檔解釋，請參考Openstack官方文檔。

  

網絡節點安裝neutron組件：

[root@controller ~]# yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

創建neutron數據庫並授權neutron用戶：

[root@controller ~]# mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 49
Server version: 10.1.12-MariaDB MariaDB Server
 
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| glance             |
| information_schema |
| keystone           |
| mysql              |
| nova               |
| nova_api           |
| performance_schema |
+--------------------+
7 rows in set (0.04 sec)
 
MariaDB [(none)]> create database neutron;
Query OK, 1 row affected (0.03 sec)
 
MariaDB [(none)]> grant all privileges on neutron.* to 'neutron'@'localhost' identified by '000000';
Query OK, 0 rows affected (0.04 sec)
 
MariaDB [(none)]> grant all privileges on neutron.* to 'neutron'@'%' identified by '000000';
Query OK, 0 rows affected (0.00 sec)
 
MariaDB [(none)]> exit
 
 
創建neutron用戶以及授權admin
[root@controller ~]# openstack user create --domain default --password 000000 neutron
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 35e188596b0744d2be8d65f26069e6a9 |
| enabled   | True                             |
| id        | a7c3ee156e004c9d833d6642c69b1b58 |
| name      | neutron                          |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user neutron admin
 
 
 
創建neutron實體服務以及API端點：
[root@controller ~]# openstack service create --name neutron --description "Openstack Network"  network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Openstack Network                |
| enabled     | True                             |
| id          | d86ab26fa5034743b86a1586c4761dbc |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 2f93396a468041ff9f42fc56f0263703 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | d86ab26fa5034743b86a1586c4761dbc |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | e4ce3271ed9149bdb2931677bae034fe |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | d86ab26fa5034743b86a1586c4761dbc |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 721effc1d0664f66a2f440ee643821a5 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | d86ab26fa5034743b86a1586c4761dbc |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+

 

修改neutron配置文件：

[root@controller ~]# cat /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins =
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[agent]
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://neutron:000000@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = demo
user_domain_name = demo
project_name = service
username = neutron
password = 000000
[matchmaker_redis]
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = demo
user_domain_name = demo
region_name = RegionOne
project_name = service
username = nova
password = 000000
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 000000
[oslo_policy]
[quotas]
[ssl]

[root@controller neutron]# cat metadata_agent.ini
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = 000000
[AGENT]



[root@controller neutron]# cat dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[AGENT]



修改ML2插件配置文件：
[root@controller ml2]# cat ml2_conf.ini
[DEFAULT]
[ml2]
type_drivers = flat,vlan
tenant_network_types = vlan
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_geneve]
[ml2_type_gre]
[ml2_type_vlan]
network_vlan_ranges = provider:100:300
[ml2_type_vxlan]
[securitygroup]
enable_ipset = True
firewall_driver = iptables_hybrid


[root@controller ml2]# vi linuxbridge_agent.ini
[DEFAULT]
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[linux_bridge]
physical_interface_mappings = provider:eno33554960
[vxlan]
enable_vxlan = False

在nova.conf配置文件找到[neutron]項，添加以下代碼：

url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = demo
user_domain_name = demo
region_name = RegionOne
project_name = service
username = neutron
password = 000000

網絡服務初始化腳本需要一個超鏈接 /etc/neutron/plugin.ini``指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini``。

如果超鏈接不存在，使用下面的命令創建

[root@controller ~]#  ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

同步neutron數據庫：

[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

#會有一條報錯，可忽略，不影響搭建，具體原因請google

No handlers could be found for logger "oslo_config.cfg"

重啓計算API 服務：

[root@controller ~]# systemctl restart openstack-nova-api.service

開啓網絡服務：

[root@controller ~]#  systemctl start neutron-server.service   neutron-linuxbridge-agent.service neutron-dhcp-agent.service   neutron-metadata-agent.service

開啓路由模式修改l3插件：

[root@controller neutron]# cat l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge = eno33554960
[AGENT]

修改neutron.conf:

service_plugins = router

啓動l3服務:

[root@controller ~]# systemctl start neutron-l3-agent.service

重啓neutron-server:

[root@controller ~]#  systemctl start neutron-server.service

計算節點neutron組件安裝：

[root@compute ~]# yum -y install openstack-neutron-linuxbridge ebtables ipset

配置計算節點neutron:

[root@compute neutron]# cat neutron.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
[agent]
[cors]
[cors.subdomain]
[database]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = demo
user_domain_name = demo
project_name = service
username = neutron
password = 000000
[matchmaker_redis]
[nova]
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 000000
[oslo_policy]
[quotas]
[ssl]

[root@compute ml2]# cat linuxbridge_agent.ini
[DEFAULT]
[agent]
prevent_arp_spoofing = True
[linux_bridge]
physical_interface_mappings = provider:eno33554960
[securitygroup]
enable_security_group = True
firewall_driver =neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = False

在nova.conf配置文件找到[neutron]項，添加以下代碼：

url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = demo
user_domain_name = demo
region_name = RegionOne
project_name = service
username = neutron
password = 000000

service_metadata_proxy = True
metadata_proxy_shared_secret = 000000

重啓計算服務：

[root@compute ~]# systemctl restart openstack-nova-compute.service

開啓計算節點網路服務：

[root@compute ~]# systemctl start neutron-linuxbridge-agent.service

添加外網子網與內網子網：

新建路由：

添加路由接口：

成功獲取IP：

如有錯誤與疑問，歡迎各位下方評論！