從頭搭建Openstack運行環境（二）--虛機配置與虛擬網絡設備搭建

3.雙節點基礎環境准備

3.1 虛機環境准備

3.1.1 在virtualbox環境安裝centos7虛擬機兩台

cpu、內存、磁盤和網絡配置參考前面虛機配置信息

請選擇"Minimal Install"最小化安裝

配置eth0網卡ip

3.1.2 virtualbox宿主機配置

1）配置路由，保證兩個網段虛機可以訪問外網

sudo iptables -t nat -I POSTROUTING -s 10.255.255.0/24 -j MASQUERADE
sudo iptables -t nat -I POSTROUTING -s 10.255.253.0/24 -j MASQUERADE
sudo sysctl net.ipv4.ip_forward=1

3.1.3虛機安裝后環境配置和依賴包安裝

1）修改主機名

vi /etc/hostname

控制節點：ofs-network

計算節點：ofs-compute

2）配置grub啟動項，設置網卡名為eth開頭

vim /etc/sysconfig/grub 添加：

net.ifnames=0 biosdevname=0

grub2-mkconfig -o /boot/grub2/grub.cfg

3）關閉Network Manager管理

chkconfig NetworkManager off

4）配置ssh公私鑰

ssh-keygen -t dsa -P '' -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -t rsa -P '' -f /etc/ssh/ssh_host_rsa_key

5）關閉selinux

vi /etc/selinux/config

6）重啟虛機

reboot

7）安裝openvswitch（網絡節點、計算節點都需安裝）

yum -y install wget openssl-devel kernel-devel
yum -y groupinstall "Development Tools"
adduser ovswitch
su - ovswitch
wget http://openvswitch.org/releases/openvswitch-2.4.0.tar.gz
tar xfz openvswitch-2.4.0.tar.gz
mkdir -p ~/rpmbuild/SOURCES
cp openvswitch-2.4.0.tar.gz /home/ovswitch/rpmbuild/SOURCES/
rpmbuild -bb --without check ~/openvswitch-2.4.0/rhel/openvswitch.spec
exit
yum -y localinstall /home/ovswitch/rpmbuild/RPMS/x86_64/openvswitch-2.4.0-1.x86_64.rpm

8）安裝qemu（只需計算節點安裝）

yum -y install bridge-utils gcc zlib-devel glib2-devel pixman pixman-devel
git clone git://git.qemu-project.org/qemu.git
cd qemu 
./configure --enable-debug --enable-vnc --enable-werror --target-list="x86_64-softmmu" 
make -j8 
sudo make install

9）下載cirros鏡像和kernel文件用於測試

wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-kernel

4.網絡節點部署

根據網絡節點設計場景圖，進行虛擬網絡設備搭建

1）創建br-int集成網橋

ovs-vsctl --timeout=10 -- --may-exist add-br br-int
ovs-vsctl --timeout=10 -- set-fail-mode br-int secure
ovs-vsctl --timeout=10 -- --if-exists del-port br-int patch-tun

2）配置br-int流表

ovs-ofctl del-flows br-int
ovs-ofctl add-flow br-int "hard_timeout=0,idle_timeout=0,priority=1,actions=normal"
ovs-ofctl add-flow br-int "hard_timeout=0,idle_timeout=0,priority=0,table=22,actions=drop"

3）創建br-tun隧道網橋

ovs-vsctl --timeout=10 -- --if-exists del-br br-tun
ovs-vsctl --timeout=10 -- --may-exist add-br br-tun
ovs-vsctl --timeout=10 add-port br-int patch-tun -- set Interface patch-tun type=patch options:peer=patch-int 
ovs-vsctl --timeout=10 add-port br-tun patch-int -- set Interface patch-int type=patch options:peer=patch-tun 

4）創建br-eth2 VLAN網橋

ovs-vsctl --timeout=10 -- --if-exists del-br br-eth2
ovs-vsctl --timeout=10 -- --may-exist add-br br-eth2
ovs-vsctl add-port br-eth2 eth2
ovs-vsctl --timeout=10 add-port br-int int-br-eth2 -- set Interface int-br-eth2 type=patch options:peer=phy-br-eth2 
ovs-vsctl --timeout=10 add-port br-eth2 phy-br-eth2 -- set Interface phy-br-eth2 type=patch options:peer=int-br-eth2 

4）配置br-int和br-eth2流表

ovs-ofctl add-flow br-int "hard_timeout=0,idle_timeout=0,priority=2,in_port=2,actions=drop"
ovs-ofctl del-flows br-eth2
ovs-ofctl add-flow br-eth2 "hard_timeout=0,idle_timeout=0,priority=2,in_port=2,actions=drop"
ovs-ofctl add-flow br-eth2 "hard_timeout=0,idle_timeout=0,priority=1,actions=normal"

5）配置br-tun流表

ovs-ofctl del-flows br-tun
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=1,in_port=1,actions=resubmit(,1)"
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=0,actions=drop"
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=1,table=1,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00,actions=resubmit(,20)"
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=1,table=1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00,actions=resubmit(,21)"
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=0,table=2,actions=drop"
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=0,table=3,actions=drop"
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=1,table=10,actions=learn(table=20,priority=1,hard_timeout=300,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1"
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=0,table=20,actions=resubmit(,21)"
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=0,table=21,actions=drop"

6）建立隧道連接

ovs-vsctl --timeout=10 -- --may-exist add-port br-tun gre-1 -- set Interface gre-1 type=gre options:remote_ip=10.255.254.101 options:local_ip=10.255.254.100 options:in_key=flow options:out_key=flow
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=1,in_port=2,actions=resubmit(,2)"

7）啟動所有設備

ip link set dev br-int up
ip link set dev br-tun up
ip link set dev br-eth2 up
ip link set dev eth2 up
ip link set dev eth3 up

8)清空iptables

iptables -X
iptables -F
iptables -Z

5.計算節點部署

5.1網絡架構創建

根據計算節點設計場景圖，進行虛擬網絡設備搭建

1）創建br-int網橋

ovs-vsctl --timeout=10 -- --if-exists del-port br-int patch-tun
ovs-vsctl --timeout=10 -- --may-exist add-br br-int
ovs-vsctl --timeout=10 -- set-fail-mode br-int secure

2）添加br-int網橋流表

ovs-ofctl del-flows br-int
ovs-ofctl add-flow br-int hard_timeout=0,idle_timeout=0,priority=1,actions=normal
ovs-ofctl add-flow br-int hard_timeout=0,idle_timeout=0,priority=0,table=22,actions=drop

3）創建br-tun網橋

ovs-vsctl --timeout=10 -- --if-exists del-br br-tun
ovs-vsctl --timeout=10 -- --may-exist add-br br-tun
ovs-vsctl --timeout=10 add-port br-int patch-tun -- set Interface patch-tun type=patch options:peer=patch-int
ovs-vsctl --timeout=10 add-port br-tun patch-int -- set Interface patch-int type=patch options:peer=patch-tun

4）創建br-eth2網橋

ovs-vsctl --timeout=10 -- --if-exists del-br br-eth2
ovs-vsctl --timeout=10 -- --may-exist add-br br-eth2
ovs-vsctl add-port br-eth2 eth2
ovs-vsctl --timeout=10 add-port br-int int-br-eth2 -- set Interface int-br-eth2 type=patch options:peer=phy-br-eth2 
ovs-vsctl --timeout=10 add-port br-eth2 phy-br-eth2 -- set Interface phy-br-eth2 type=patch options:peer=int-br-eth2 

5）為br-int和br-eth2網橋添加流表

ovs-ofctl add-flow br-int "hard_timeout=0,idle_timeout=0,priority=2,in_port=2,actions=drop"
ovs-ofctl del-flows br-eth2
ovs-ofctl add-flow br-eth2 "hard_timeout=0,idle_timeout=0,priority=2,in_port=2,actions=drop"
ovs-ofctl add-flow br-eth2 "hard_timeout=0,idle_timeout=0,priority=1,actions=normal"

6）為br-tun網橋添加流表

ovs-ofctl del-flows br-tun
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=1,in_port=1,actions=resubmit(,1)"
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=0,actions=drop"
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=1,table=1,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00,actions=resubmit(,20)"
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=1,table=1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00,actions=resubmit(,21)"
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=0,table=2,actions=drop"
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=0,table=3,actions=drop"
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=1,table=10,actions=learn(table=20,priority=1,hard_timeout=300,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1"
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=0,table=20,actions=resubmit(,21)"
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=0,table=21,actions=drop"

7）建立隧道連接

ovs-vsctl --timeout=10 -- --may-exist add-port br-tun gre-1 -- set Interface gre-1 type=gre options:remote_ip=10.255.254.100 options:local_ip=10.255.254.101 options:in_key=flow options:out_key=flow
ovs-ofctl add-flow br-tun "hard_timeout=0,idle_timeout=0,priority=1,in_port=2,actions=resubmit(,2)"

8）啟動設備

ip link set dev br-int up
ip link set dev br-tun up
ip link set dev br-eth2 up
ip link set dev eth2 up

9）清空iptables

iptables -X
iptables -F
iptables -Z

以上操作完成了對網絡節點和計算節點虛擬網絡設備框架的搭建，下期將介紹在此雙節點環境上部署虛機相關操作內容，敬請期待。

 

參考資料：

SammyLiu的《Neutron 理解》系列 http://www.cnblogs.com/sammyliu/p/4622563.html

深入理解Neutron -- OpenStack 網絡實現 https://www.gitbook.com/book/yeasy/openstack_understand_neutron/details

 

作者簡介：趙俊峰，現為北京新雲東方系統科技有限責任公司 雲計算部Openstack開發工程師。主要從事Power和x86混合環境下Openstack相關計算、網絡、存儲相關服務軟件開發和系統架構設計工作。