目录
一、理论
1.OpenStack
二、实验
1. Linux系统修改网卡
2.OpenStack 配置二层物理网卡为三层桥的接口
一、理论
1.OpenStack
(1)概念
OpenStack是一个开源的云计算管理平台项目,是一系列软件开源项目的组合。由NASA(美国国家航空航天局)和Rackspace合作研发并发起,以Apache许可证(Apache软件基金会发布的一个自由软件许可证)授权。
OpenStack为私有云和公有云提供可扩展的弹性的云计算服务。项目目标是提供实施简单、可大规模扩展、丰富、标准统一的云计算管理平台。
(2)官网架构图
Open Source Cloud Computing Platform Software - OpenStack
(3)关键组件与服务
表1 Openstack关键组件与服务
| 服务类型 | 组件名称 | 描述 |
| Dashboard | Horizon | 提供了一个基于web的自服务门户,通过web与OpenStack底层服务交互。 |
| Controller/Compute | Nova | 在OpenStack环境中计算实例的生命周期管理。包括虚拟机创建、调度、删除等操作。 |
| Networking | Neutron | 确保为其它OpenStack服务提供网络连接即服务,比如OpenStack计算。为用户提供API定义网络和使用。基于插件的架构其支持众多的网络提供商和技术。 |
| Object Storage | Swift | 通过基于HTTP的应用程序接口存储和任意检索的非结构化数据对象。 |
| Block Storage | Cinder | 为运行实例而提供的持久性块存储。它的可插拔驱动架构的功能有助于创建和管理块存储设备。 |
| Identity Service | Keystone | 为其他OpenStack服务提供认证和授权服务,为所有的OpenStack服务提供一个端点目录。 |
| Image Service | Glance | 存储和检索虚拟机镜像元数据,OpenStack会在实例部署时使用此服务。 |
| Telemetry Service | Ceilometer | 为OpenStack云的计费、基准、扩展性以及统计等目的提供监测和计量。 |
| Orchestration Service | Heat | 既可以模板来编排多个综合的云应用,类似 AWS的CloudFormation。 |
(4)基础网络配置
1)br-ex
连接外部网络(external)
2)br-tun
连接隧道网络(tunnel)
3)br-int
综合网桥(integration)二、实验
1. Linux系统修改网卡
(1)关闭网络管理
[root@openstack ~]# systemctl stop NetworkManager && systemctl disable NetworkManager
(2)查看当前ip地址
[root@openstack ~]# ip a
(3)复制网卡
[root@openstack ~]# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-ens33
(4)查看网卡
[root@openstack ~]# cd /etc/sysconfig/network-scripts/
[root@openstack network-scripts]# ls
ifcfg-ens33 ifdown-eth ifdown-isdn ifdown-routes ifdown-tunnel ifup-eth ifup-isdn ifup-post ifup-Team init.ipv6-global
ifcfg-eth0 ifdown-ib ifdown-ovs ifdown-sit ifup ifup-ib ifup-ovs ifup-ppp ifup-TeamPort network-functions
ifdown ifdown-ippp ifdown-post ifdown-Team ifup-aliases ifup-ippp ifup-plip ifup-routes ifup-tunnel network-functions-ipv6
ifdown-bnep ifdown-ipv6 ifdown-ppp ifdown-TeamPort ifup-bnep ifup-ipv6 ifup-plusb ifup-sit ifup-wireless test
(5)编辑网卡
[root@openstack network-scripts]# vim ifcfg-ens33
(6)删除旧网卡
[root@openstack network-scripts]# rm -fr /etc/sysconfig/network-scripts/ifcfg-eth0
(7)重启网络服务
[root@openstack network-scripts]# systemctl restart network
(8)主机ping opsenstack地址
(9) 登录系统
http://192.168.199.201
2.OpenStack 配置二层物理网卡为三层桥的接口
(1)查看当前网桥信息
[root@openstack network-scripts]# ovs-vsctl show
db90689c-619b-4abe-bcbf-16563efed45b
Manager "ptcp:6640:127.0.0.1"
is_connected: true
Bridge br-ex
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
Port br-ex
Interface br-ex
type: internal
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}
Bridge br-int
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port int-br-ex
Interface int-br-ex
type: patch
options: {peer=phy-br-ex}
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Bridge br-tun
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port br-tun
Interface br-tun
type: internal
ovs_version: "2.7.3"
(2)备份网卡
[root@openstack network-scripts]# mkdir bak
[root@openstack network-scripts]# ls
bak ifdown-ib ifdown-post ifdown-TeamPort ifup-eth ifup-ovs ifup-routes ifup-wireless
ifcfg-ens33 ifdown-ippp ifdown-ppp ifdown-tunnel ifup-ib ifup-plip ifup-sit init.ipv6-global
ifdown ifdown-ipv6 ifdown-routes ifup ifup-ippp ifup-plusb ifup-Team network-functions
ifdown-bnep ifdown-isdn ifdown-sit ifup-aliases ifup-ipv6 ifup-post ifup-TeamPort network-functions-ipv6
ifdown-eth ifdown-ovs ifdown-Team ifup-bnep ifup-isdn ifup-ppp ifup-tunnel test
[root@openstack network-scripts]# cp ifcfg-ens33 bak/
(3)创建br-ex桥
[root@openstack network-scripts]# cp ifcfg-ens33 ifcfg-br-ex
[root@openstack network-scripts]# vim ifcfg-ens33
[root@openstack network-scripts]# vim ifcfg-br-ex
复制
将对应的物理网卡添加到OVS– BR-EX上作为一个接口
地址配置在br-ex 三层接口上
(4)重启网络
[root@openstack network-scripts]# service network restart
Restarting network (via systemctl): [ 确定 ]
(5)查看接口信息
[root@openstack network-scripts]# more ifcfg-ens33
TYPE=OVSPort
HWADDR=00:0c:29:53:85:ce
ONBOOT=yes
DEVICE=ens33
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
(6)查看网桥信息
[root@openstack network-scripts]# more ifcfg-ens33
TYPE=OVSPort
HWADDR=00:0c:29:53:85:ce
ONBOOT=yes
DEVICE=ens33
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
[root@openstack network-scripts]# more ifcfg-br-ex
TYPE=OVSBridge
DEVICETYPE=ovs
DEVICE=br-ex
BOOTPROTO=static
DNS1=192.168.199.2
DEFROUTE=yes
NAME=br-ex
ONBOOT=yes
IPADDR=192.168.199.201
PREFIX=24
GATEWAY=192.168.199.2
(7)查看ip
[root@openstack network-scripts]# ip add show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP qlen 1000
link/ether 00:0c:29:53:85:ce brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe53:85ce/64 scope link
valid_lft forever preferred_lft forever
3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether ba:4a:22:6d:00:d7 brd ff:ff:ff:ff:ff:ff
4: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 06:b7:f9:bd:7d:47 brd ff:ff:ff:ff:ff:ff
5: br-tun: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 8a:88:cb:d5:87:41 brd ff:ff:ff:ff:ff:ff
6: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
link/ether 00:0c:29:53:85:ce brd ff:ff:ff:ff:ff:ff
inet 192.168.199.201/24 brd 192.168.199.255 scope global br-ex
valid_lft forever preferred_lft forever
inet6 fe80::3c23:faff:fe8f:9d47/64 scope link
valid_lft forever preferred_lft forever
(8)主机 ping openstack地址
(9)查看网桥信息(桥br-ex已添加端口ens33,对应接口为ens33)
[root@openstack network-scripts]# ovs-vsctl show
db90689c-619b-4abe-bcbf-16563efed45b
Manager "ptcp:6640:127.0.0.1"
Bridge br-ex
Controller "tcp:127.0.0.1:6633"
fail_mode: secure
Port br-ex
Interface br-ex
type: internal
Port "ens33"
Interface "ens33"
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}
Bridge br-int
Controller "tcp:127.0.0.1:6633"
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port int-br-ex
Interface int-br-ex
type: patch
options: {peer=phy-br-ex}
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Bridge br-tun
Controller "tcp:127.0.0.1:6633"
fail_mode: secure
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port br-tun
Interface br-tun
type: internal
ovs_version: "2.7.3"
(9) 测试抓包
[root@openstack network-scripts]# tcpdump -i br-ex | grep -i icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-ex, link-type EN10MB (Ethernet), capture size 262144 bytes
^C40 packets captured
40 packets received by filter
0 packets dropped by kernel
(10)再次成功登录系统
