Openstack Mitaka版之neutron vxlan安装
Openstack  Mitaka版之neutron  vxlan安装
  版本 0.50  时间 2016.5.4
(一)    引子
Openstack众多组件中,网络组件neutron是核心组件之一,也是不同版本中变化较大的一个组件。最开始安装Openstack  Juno版时,就卡在neutron安装上,openvswitch好像比较高深,安装出错时,不知道如何调试。上官网查资料时,发现新版Liberty的neutron组件默认基于linuxbridge而不是openvswitch,neutron安装要容易得多,而且网络效率更高,于是果断放弃头疼的Juno版,越过kilo版,重新安装liberty版。用2-3周时间基本完成了liberty版的openstack各组件安装,刚想欣赏一下战果,很快新的mitaka版又出来了,mitaka版相对于liberty版变化不太大,网络组件neutron也无大的变化,轻松升级。只用了几天时间,openstack各组件都从liberty升级到mitaka,较为顺利。
(二)    安装环境
  之前安装Juno版时,因为控制器rq940只有2块万兆网卡,Juno版官方安装指南要求neutron组件的网络节点应有3块以上网卡,因此选了较为空闲且有3块网卡的rd640c作网络节点。Liberty版不要求安装专门的网络节点,直接在控制节点上安装neutron核心组件即可,2块网卡即可满足要求。
   升级前,我先清除了各节点上的Juno版组件,全新安装自然无需如此。
清除libvirtd安装的vnet,以x3300为例:
[root@x3300 ~]# ip route
default via 192.168.80.2 dev br0
192.168.80.0/24 dev br0  proto kernel  scope link  src 192.168.80.237
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1
[root@x3300 ~]# virsh net-destroy default
网络 default 被删除
[root@x3300 ~]# virsh net-undefine default
网络 default 已经被取消定义
[root@x3300 ~]# ip route
default via 192.168.80.2 dev br0
192.168.80.0/24 dev br0  proto kernel  scope link  src 192.168.80.237

root@rq940 neutron]# neutron agent-list
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
| id                                   | agent_type         | host   | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
| 462db416-d914-41f2-aee8-08778c09ca43 | Linux bridge agent | rq940  | :-)   | True           | neutron-linuxbridge-agent |
| 4c8793bb-c531-46f0-825e-5533b8a90994 | Open vSwitch agent | rd640b | :-)   | True           | neutron-openvswitch-agent |
| 5f86879b-68a9-4c1b-a650-ffe72a388ff8 | Metadata agent     | rq940  | :-)   | True           | neutron-metadata-agent    |
| b06b951f-0df8-4190-8126-2a7ba927f8bb | L3 agent           | rd640c | :-)   | True           | neutron-l3-agent          |
| bf58a79b-b261-47e4-bb3a-4c8605d5ab35 | Linux bridge agent | rd640a | :-)   | True           | neutron-linuxbridge-agent |
| d0e3d099-7a60-4c8f-b0f6-70c442446f65 | DHCP agent         | rq940  | :-)   | True           | neutron-dhcp-agent        |
| f4522759-e441-4335-8620-28be2e4e4e3e | Open vSwitch agent | x3300  | :-)   | True           | neutron-openvswitch-agent |
| f635531d-33a1-49cc-a02e-c75c86e7cff5 | Open vSwitch agent | rd640c | :-)   | True           | neutron-openvswitch-agent |
+--------------------------------------+--------------------+--------+-------+----
删除rd640c上的网络节点
[root@rd640c ~]# systemctl stop neutron-l3-agent.service
[root@rd640c ~]# systemctl disable neutron-l3-agent.service
Removed symlink /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service.
[root@rd640c ~]# systemctl stop neutron-openvswitch-agent.service
[root@rd640c ~]# systemctl disable neutron-openvswitch-agent.service

[root@rd640c ~]# systemctl disable neutron-openvswitch-agent.service
Removed symlink /etc/systemd/system/multi-user.target.wants/neutron-openvswitch-agent.service.
[root@rd640b ~]# systemctl stop neutron-openvswitch-agent.service
[root@rd640b ~]# systemctl status neutron-openvswitch-agent.service

[root@rd640b~]# systemctl disable  neutron-openvswitch-agent.service
Removed  symlink /etc/systemd/system/multi-user.target.wants/neutron-openvswitch-agent.service.
[root@rd640b ~]# ssh x3300
Last login: Tue Mar 15 10:57:21 2016 from rd640a
[root@x3300 ~]# systemctl stop neutron-openvswitch-agent.service
[root@x3300 ~]# systemctl disable neutron-openvswitch-agent.service
Removed  symlink /etc/systemd/system/multi-user.target.wants/neutron-openvswitch-agent.service.

[root@rq940 neutron]# neutron agent-list
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
| id                                   | agent_type         | host   | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
| 462db416-d914-41f2-aee8-08778c09ca43 | Linux bridge agent | rq940  | :-)   | True           | neutron-linuxbridge-agent |
| 4c8793bb-c531-46f0-825e-5533b8a90994 | Open vSwitch agent | rd640b | xxx   | True           | neutron-openvswitch-agent |
| 5f86879b-68a9-4c1b-a650-ffe72a388ff8 | Metadata agent     | rq940  | :-)   | True           | neutron-metadata-agent    |
| b06b951f-0df8-4190-8126-2a7ba927f8bb | L3 agent           | rd640c | xxx   | True           | neutron-l3-agent          |
| bf58a79b-b261-47e4-bb3a-4c8605d5ab35 | Linux bridge agent | rd640a | :-)   | True           | neutron-linuxbridge-agent |
| d0e3d099-7a60-4c8f-b0f6-70c442446f65 | DHCP agent         | rq940  | :-)   | True           | neutron-dhcp-agent        |
| f4522759-e441-4335-8620-28be2e4e4e3e | Open vSwitch agent | x3300  | :-)   | True           | neutron-openvswitch-agent |
| f635531d-33a1-49cc-a02e-c75c86e7cff5 | Open vSwitch agent | rd640c | xxx   | True           | neutron-openvswitch-agent |
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
[root@rq940 neutron]# neutron agent-list
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
| id                                   | agent_type         | host   | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
| 462db416-d914-41f2-aee8-08778c09ca43 | Linux bridge agent | rq940  | :-)   | True           | neutron-linuxbridge-agent |
| 4c8793bb-c531-46f0-825e-5533b8a90994 | Open vSwitch agent | rd640b | xxx   | True           | neutron-openvswitch-agent |
| 5f86879b-68a9-4c1b-a650-ffe72a388ff8 | Metadata agent     | rq940  | :-)   | True           | neutron-metadata-agent    |
| b06b951f-0df8-4190-8126-2a7ba927f8bb | L3 agent           | rd640c | xxx   | True           | neutron-l3-agent          |
| bf58a79b-b261-47e4-bb3a-4c8605d5ab35 | Linux bridge agent | rd640a | :-)   | True           | neutron-linuxbridge-agent |
| d0e3d099-7a60-4c8f-b0f6-70c442446f65 | DHCP agent         | rq940  | :-)   | True           | neutron-dhcp-agent        |
| f4522759-e441-4335-8620-28be2e4e4e3e | Open vSwitch agent | x3300  | :-)   | True           | neutron-openvswitch-agent |
| f635531d-33a1-49cc-a02e-c75c86e7cff5 | Open vSwitch agent | rd640c | xxx   | True           | neutron-openvswitch-agent |
+------------------------------

[root@rq940 neutron]# neutron agent-list
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
| id                                   | agent_type         | host   | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
| 462db416-d914-41f2-aee8-08778c09ca43 | Linux bridge agent | rq940  | :-)   | True           | neutron-linuxbridge-agent |
| 4c8793bb-c531-46f0-825e-5533b8a90994 | Open vSwitch agent | rd640b | xxx   | True           | neutron-openvswitch-agent |
| 5f86879b-68a9-4c1b-a650-ffe72a388ff8 | Metadata agent     | rq940  | :-)   | True           | neutron-metadata-agent    |
| b06b951f-0df8-4190-8126-2a7ba927f8bb | L3 agent           | rd640c | xxx   | True           | neutron-l3-agent          |
| bf58a79b-b261-47e4-bb3a-4c8605d5ab35 | Linux bridge agent | rd640a | :-)   | True           | neutron-linuxbridge-agent |
| d0e3d099-7a60-4c8f-b0f6-70c442446f65 | DHCP agent         | rq940  | :-)   | True           | neutron-dhcp-agent        |
| f4522759-e441-4335-8620-28be2e4e4e3e | Open vSwitch agent | x3300  | xxx   | True           | neutron-openvswitch-agent |
| f635531d-33a1-49cc-a02e-c75c86e7cff5 | Open vSwitch agent | rd640c | xxx   | True           | neutron-openvswitch-agent |
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
删除无需的 Open vSwitch agent,清除rd640c上的L3 agent。
[root@rq940 neutron]# neutron agent-delete f4522759-e441-4335-8620-28be2e4e4e3e
Deleted agent: f4522759-e441-4335-8620-28be2e4e4e3e
[root@rq940 neutron]# neutron agent-delete 4c8793bb-c531-46f0-825e-5533b8a90994
Deleted agent: 4c8793bb-c531-46f0-825e-5533b8a90994
[root@rq940 neutron]# neutron agent-delete  f635531d-33a1-49cc-a02e-c75c86e7cff5
Deleted agent: f635531d-33a1-49cc-a02e-c75c86e7cff5
[root@rq940 neutron]# neutron agent-delete b06b951f-0df8-4190-8126-2a7ba927f8bb
Deleted agent: b06b951f-0df8-4190-8126-2a7ba927f8bb

世界清静了。
[root@rq940 neutron]# neutron agent-list
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
| id                                   | agent_type         | host   | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
| 462db416-d914-41f2-aee8-08778c09ca43 | Linux bridge agent | rq940  | :-)   | True           | neutron-linuxbridge-agent |
| 5f86879b-68a9-4c1b-a650-ffe72a388ff8 | Metadata agent     | rq940  | :-)   | True           | neutron-metadata-agent    |
| bf58a79b-b261-47e4-bb3a-4c8605d5ab35 | Linux bridge agent | rd640a | :-)   | True           | neutron-linuxbridge-agent |
| d0e3d099-7a60-4c8f-b0f6-70c442446f65 | DHCP agent         | rq940  | :-)   | True           | neutron-dhcp-agent        |
+-----------------------------

(三)升级内核至4.5
 Liberty版本基于linuxbridge实现的vxlan,需要内核为3.15以上,而centos 7.2的内核是3.10系列,因此需要单独升级内核。
安装新内核
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
yum install http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
yum --enablerepo=elrepo-kernel install kernel-ml
使用4.5内核
查看引导选项
More /boot/grub2/grub.cfg
设置4.5内核为默认引导项
[root@rd640c grub2]# grub2-set-default "CentOS Linux (4.5.0-1.el7.elrepo.x86_64) 7 (Core)"
确认设置成功:
[root@rd640c grub2]# grub2-editenv list
saved_entry=CentOS Linux (4.5.0-1.el7.elrepo.x86_64) 7 (Core)
重新启动
reboot

rq940升级内核,重启,之后无法用ssh连上,只好到几百米远的机房查看。原来关机时死锁了,只能按电源冷启动了。其他服务器均重启顺利。
(三)    数据库安装
首先删除之前Juno版本的neutron数据库。
MariaDB [(none)]> drop database neutron;
Query OK, 142 rows affected (1.81 sec)
安装新版neutron数据库
MariaDB [(none)]> create database neutron;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
    ->   IDENTIFIED BY  'suncity';
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
    ->   IDENTIFIED BY  'suncity';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]>
[root@rq940 ~]# source admin-openrc.sh
[root@rq940 ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | default                          |
| enabled   | True                             |
| id        | d19826b863ae46fcb0e00002abae1237 |
| name      | neutron                          |
+-----------+----------------------------------+
[root@rq940 ~]# openstack role add --project service --user neutron admin
[root@rq940 ~]#  openstack service create --name neutron \
>   --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | 3b3a5d1076424ebc80c05413f97e6f1b |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+
[root@rq940 ~]# openstack endpoint create --region RegionOne \
>   network public http://rq940:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 0e3807defba841a5bff72b0ce610d22d |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 3b3a5d1076424ebc80c05413f97e6f1b |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://rq940:9696                |
+--------------+----------------------------------+
[root@rq940 ~]# openstack endpoint create --region RegionOne \
>   network internal http://rq940:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 9c2d6c1da29b4e8f9dba89fab8956078 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 3b3a5d1076424ebc80c05413f97e6f1b |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://rq940:9696                |
+--------------+----------------------------------+
[root@rq940 ~]# openstack endpoint create --region RegionOne \
>   network admin http://rq940:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 143921e15ec4438ab3e48f3b1eadf0d3 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 3b3a5d1076424ebc80c05413f97e6f1b |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://rq940:9696                |
+--------------+----------------------------------+
(四)    最简安装(运营商网络)
Neutron安装,按指南区分二种情况:运营商网络(provider network)及自服务网络(self-service network)。运营商网络最简单,运营在二层,支持flat及vlan,但无三层服务,租户无法自定义高级网络服务。而自服务网络,租户可实现路由、防火墙、负载均衡等高级网络服务。
首先安装控制器组件.
[root@rq940 ~]# yum install openstack-neutron openstack-neutron-ml2 \
>   openstack-neutron-linuxbridge python-neutronclient ebtables ipset

Vi /etc/neutron/neutron.conf
[database]
...
connection = mysql+pymysql://neutron:suncity
注意:mitaka与liberty版本一个小的性能改进是,将所有的mysql://修改为mysql+pymysql://,另外增加了memcache的使用。
[DEFAULT]
...
core_plugin = ml2
service_plugins =
#对于自服务网络,service_plugins = router
[DEFAULT]
...
rpc_backend = rabbit

[oslo_messaging_rabbit]
...
rabbit_host = rq940
rabbit_userid = openstack
rabbit_password = suncity
[DEFAULT]
...
auth_strategy = keystone

[keystone_authtoken]
...
auth_uri = http://rq940:5000
auth_url = http://rq940:35357
memcached_servers = rq940:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = suncity

[DEFAULT]
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True

[nova]
...
auth_url = http://rq940:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = suncity

[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp

vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
...
type_drivers = flat,vlan
#后面支持自服务网络时,添加vxlan
tenant_network_types =
#后面支持vxlan时,需设为vxlan
mechanism_drivers = linuxbridge
#要支持vxlan,须作修改,此3处为:
#type_drivers = flat,vlan,vxlan
#tenant_network_types =vxlan
#mechanism_drivers = linuxbridge,l2population

extension_drivers = port_security
[ml2_type_flat]
...
flat_networks = public
#mitaka 版本为 provider,liberty版本为public,虽然仅仅是名称不同,但搞混了就麻烦了,必须一致。
[securitygroup]
.enable_ipset = True

vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eth0
#此处需与上面flat_networks设置保持一致。
[vxlan]
enable_vxlan = False
#后面支持vxlan时,此处需修改为True.
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
vi  /etc/neutron/dhcp_agent.ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True

vi  /etc/neutron/metadata_agent.ini
[DEFAULT]
...
nova_metadata_ip = rq940
metadata_proxy_shared_secret = sun#c@i&t*y

vi /etc/nova/nova.conf

[neutron]
...
url = http://rq940:9696
auth_url = http://rq940:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = suncity

service_metadata_proxy = True
metadata_proxy_shared_secret = sun#c@i&t*y

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service

[root@rq940 nova]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
>   --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
No handlers could be found for logger "neutron.quota"
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
  Running upgrade for neutron ...
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Running upgrade  -> juno, juno_initial
INFO  [alembic.runtime.migration] Running upgrade juno -> 44621190bc02, add_uniqueconstraint_ipavailability_ranges
INFO  [alembic.runtime.migration] Running upgrade 44621190bc02 -> 1f71e54a85e7, ml2_network_segments models change for multi-segment network.
INFO  [alembic.runtime.migration] Running upgrade 26b54cf9024d -> 14be42f3d0a5, Add default security group table
INFO  [alembic.runtime.migration] Running upgrade 14be42f3d0a5 -> 16cdf118d31d, extra_dhcp_options IPv6 support
INFO  [alembic.runtime.migration] Running upgrade 16cdf118d31d -> 43763a9618fd, add mtu attributes to network
INFO  [alembic.runtime.migration] Running upgrade 43763a9618fd -> bebba223288, Add vlan transparent property to network

INFO  [alembic.runtime.migration] Running upgrade kilo -> 354db87e3225, nsxv_vdr_metadata.py
INFO  [alembic.runtime.migration] Running upgrade 354db87e3225 -> 599c6a226151, neutrodb_ipam
……
INFO  [alembic.runtime.migration] Running upgrade kilo -> 30018084ec99, Initial no-op Liberty contract rule.
INFO  [alembic.runtime.migration] Running upgrade 30018084ec99, 8675309a5c4f -> 4ffceebfada, network_rbac
INFO  [alembic.runtime.migration] Running upgrade 4ffceebfada -> 5498d17be016, Drop legacy OVS and LB plugin tables
……
INFO  [alembic.runtime.migration] Running upgrade 48153cb5f051 -> 9859ac9c136, quota_reservations
INFO  [alembic.runtime.migration] Running upgrade 9859ac9c136 -> 34af2b5c5a59, Add dns_name to Port
  OK

[root@rq940 nova]#  systemctl restart openstack-nova-api.service
[root@rq940 nova]#  systemctl enable neutron-server.service \
>   neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
>   neutron-metadata-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
[root@rq940 nova]#  systemctl start neutron-server.service \
>   neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
>   neutron-metadata-agent.service
[root@rq940 nova]#  systemctl status  neutron-server.service   neutron-linuxbridge-agent.service neutron-dhcp-agent.service   neutron-metadata-agent.service
● neutron-server.service - OpenStack Neutron Server
   Loaded: loaded (/usr/lib/systemd/system/neutron-server.service; enabled; vendor preset: disabled)
   Active: active (running) since 二 2016-03-15 10:41:44 CST; 19s ago
 Main PID: 5886 (neutron-server)
   CGroup: /system.slice/neutron-server.service
           ├─5886 /usr/bin/python2 /usr/bin/neutron-server --config-file /usr/share/neutro…
……….
           └─6001 /usr/bin/python2 /usr/bin/neutron-server --config-file /usr/share/neutro...

3月 15 10:41:39 rq940 systemd[1]: Starting OpenStack Neutron Server...
3月 15 10:41:41 rq940 neutron-server[5886]: No handlers could be found for logger "neut...a"
3月 15 10:41:44 rq940 systemd[1]: Started OpenStack Neutron Server.

● neutron-linuxbridge-agent.service - OpenStack Neutron Linux Bridge Agent
   Loaded: loaded (/usr/lib/systemd/system/neutron-linuxbridge-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since 二 2016-03-15 10:41:39 CST; 24s ago
 Main PID: 5891 (neutron-linuxbr)
   CGroup: /system.slice/neutron-linuxbridge-agent.service
           ├─5891 /usr/bin/python2 /usr/bin/neutron-linuxbridge-agent --config-file /usr/s...
           ├─5950 sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
           └─5951 /usr/bin/python2 /usr/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap....

3月 15 10:41:39 rq940 systemd[1]: Started OpenStack Neutron Linux Bridge Agent.
3月 15 10:41:39 rq940 systemd[1]: Starting OpenStack Neutron Linux Bridge Agent...
3月 15 10:41:40 rq940 neutron-linuxbridge-agent[5891]: No handlers could be found for lo..."
3月 15 10:41:41 rq940 sudo[5950]:  neutron : TTY=unknown ; PWD=/ ; USER=root ; COMMAND...onf

● neutron-dhcp-agent.service - OpenStack Neutron DHCP Agent
   Loaded: loaded (/usr/lib/systemd/system/neutron-dhcp-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since 二 2016-03-15 10:41:39 CST; 24s ago
 Main PID: 5892 (neutron-dhcp-ag)
   CGroup: /system.slice/neutron-dhcp-agent.service
           └─5892 /usr/bin/python2 /usr/bin/neutron-dhcp-agent --config-file /usr/share/ne...

3月 15 10:41:39 rq940 systemd[1]: Started OpenStack Neutron DHCP Agent.
3月 15 10:41:39 rq940 systemd[1]: Starting OpenStack Neutron DHCP Agent...
3月 15 10:41:40 rq940 neutron-dhcp-agent[5892]: No handlers could be found for logger "...g"

● neutron-metadata-agent.service - OpenStack Neutron Metadata Agent
   Loaded: loaded (/usr/lib/systemd/system/neutron-metadata-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since 二 2016-03-15 10:41:39 CST; 24s ago
 Main PID: 5893 (neutron-metadat)
   CGroup: /system.slice/neutron-metadata-agent.service
           ├─5893 /usr/bin/python2 /usr/bin/neutron-metadata-agent --config-file /usr/shar...
……..
          └─5948 /usr/bin/python2 /usr/bin/neutron-metadata-agent --config-file /usr/shar...

3月 15 10:41:39 rq940 systemd[1]: Started OpenStack Neutron Metadata Agent.
3月 15 10:41:39 rq940 systemd[1]: Starting OpenStack Neutron Metadata Agent...
3月 15 10:41:40 rq940 neutron-metadata-agent[5893]: No handlers could be found for logge..."
Hint: Some lines were ellipsized, use -l to show in full.
[root@rq940 ~]# source admin-openrc.sh
[root@rq940 ~]# neutron ext-list
+-----------------------+--------------------------+
| alias                 | name                     |
+-----------------------+--------------------------+
| flavors               | Neutron Service Flavors  |
| security-group        | security-group           |
| dns-integration       | DNS Integration          |
| net-mtu               | Network MTU              |
| port-security         | Port Security            |
| binding               | Port Binding             |
| provider              | Provider Network         |
| agent                 | agent                    |
| quotas                | Quota management support |
| subnet_allocation     | Subnet Allocation        |
| dhcp_agent_scheduler  | DHCP Agent Scheduler     |
| rbac-policies         | RBAC Policies            |
| external-net          | Neutron external network |
| multi-provider        | Multi Provider Network   |
| allowed-address-pairs | Allowed Address Pairs    |
| extra_dhcp_opt        | Neutron Extra DHCP opts  |

问题:neutron agent-list empty 
            login credentials

 
[root@rq940 ~]# openstack user delete neutron
[root@rq940 ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | default                          |
| enabled   | True                             |
| id        | 0a49c9eed02047fca47b280b3e327087 |
| name      | neutron                          |
+-----------+----------------------------------+
[root@rq940 ~]# neutron agent-list
503 Service Unavailable
The server is currently unavailable. Please try again at a later time.
查看日志
2016-03-15 18:38:35.622 11364 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
2016-03-15 18:38:35.622 11364 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Identity server rejected authorization necessary to fetch token data
[root@rq940 neutron]# openstack role add –project  service –user  neutron admin
[root@rq940 neutron]# neutron agent-list
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
| id                                   | agent_type         | host   | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
| 462db416-d914-41f2-aee8-08778c09ca43 | Linux bridge agent | rq940  | :-)   | True           | neutron-linuxbridge-agent |
| 5f86879b-68a9-4c1b-a650-ffe72a388ff8 | Metadata agent     | rq940  | :-)   | True           | neutron-metadata-agent    |
| bf58a79b-b261-47e4-bb3a-4c8605d5ab35 | Linux bridge agent | rd640a | :-)   | True           | neutron-linuxbridge-agent |
| d0e3d099-7a60-4c8f-b0f6-70c442446f65 | DHCP agent         | rq940  | :-)   | True           | neutron-dhcp-agent        |

(六)vlan支持
开始最简单的flat模式容易成功,但切换成手册上的网络选项之二以支持vxlan时,却失败了。因为flat模式无法满足基本的业务需求,内网与外网的分离等,尝试让neutron支持vlan。
首先要进行物理网络的一点小调整,各节点对外网接口原来为vlan 600,模式是access,这次统一切换成trunk。
[root@rq940 ~]# brctl show
bridge name     bridge id               STP enabled     interfaces
brq518b8ede-d8          8000.2c600c426e42       no              eth0.615
                                                        tapcb20b460-87
                                                        tapddb8dc9a-72
brq52fe0a18-80          8000.2a72bc5b9096       no              tapf609aa98-30
                                                        vxlan-79
brq8989b7a0-9d          8000.7e01713454fc       no              tapd83dabbb-50
                                                        vxlan-65
brqa8ebc050-04          8000.000000000000       no
brqf0fb0256-d4          8000.2c600c426e42       no              eth0
                                                        tap3fe1bcf6-9d
                                                        tap43db3598-47
控制节点上,eth0接外网,eth0.615是vlan 615.
依然没有成功,后来发现与设置无关,是系统的bug,yum upgrade即一切搞定。
(七) 支持vxlan
[root@rq940 ~]#  source demo-openrc.sh
首先创建用户网络private7
[root@rq940 ~]#  neutron net-create private7
Created a new network:
+-----------------------+--------------------------------------+
| Field                 | Value                                |
+-----------------------+--------------------------------------+
| admin_state_up        | True                                 |
| id                    | a8ebc050-04ce-4c84-9b86-2c603f1db159 |
| mtu                   | 0                                    |
| name                  | private7                             |
| port_security_enabled | True                                 |
| router:external       | False                                |
| shared                | False                                |
| status                | ACTIVE                               |
| subnets               |                                      |
| tenant_id             | 2509442805404cb482ade6b9abed2964     |
+-----------------------+--------------------------------------+
再创建private7的子网络。
[root@rq940 ~]# neutron subnet-create private7 172.16.7.0/24 --name private7 \
>   --dns-nameserver 202.99.96.68 --gateway 172.16.7.1
Created a new subnet:
+-------------------+------------------------------------------------+
| Field             | Value                                          |
+-------------------+------------------------------------------------+
| allocation_pools  | {"start": "172.16.7.2", "end": "172.16.7.254"} |
| cidr              | 172.16.7.0/24                                  |
| dns_nameservers   | 202.99.96.68                                   |
| enable_dhcp       | True                                           |
| gateway_ip        | 172.16.7.1                                     |
| host_routes       |                                                |
| id                | 11ad63a6-2438-4392-b758-d05f18513687           |
| ip_version        | 4                                              |
| ipv6_address_mode |                                                |
| ipv6_ra_mode      |                                                |
| name              | private7                                       |
| network_id        | a8ebc050-04ce-4c84-9b86-2c603f1db159           |
| subnetpool_id     |                                                |
| tenant_id         | 2509442805404cb482ade6b9abed2964               |
+-------------------+------------------------------------------------+
创建供私有网络private7的路由器router7
[root@rq940 ~]# neutron router-create router7
Created a new router:
+-----------------------+--------------------------------------+
| Field                 | Value                                |
+-----------------------+--------------------------------------+
| admin_state_up        | True                                 |
| external_gateway_info |                                      |
| id                    | eac174eb-b6ed-450a-b21e-1dea9ccb4e20 |
| name                  | router7                              |
| routes                |                                      |
| status                | ACTIVE                               |
| tenant_id             | 2509442805404cb482ade6b9abed2964     |
+-----------------------+--------------------------------------+
路由器router7加入连接private7的接口。
[root@rq940 ~]# neutron router-interface-add router7 private7
Added interface bf324ff0-61d9-4493-aa0d-5725f53f265e to router router7.
给router7设置默认对外网关。
[root@rq940 ~]# neutron router-gateway-set router7 public
Set gateway for router router7
[root@rq940 ~]# source admin-openrc.sh
查看网络名称空间
[root@rq940 ~]# ip netns
qrouter-eac174eb-b6ed-450a-b21e-1dea9ccb4e20 (id: 7)
qdhcp-a8ebc050-04ce-4c84-9b86-2c603f1db159 (id: 1)
qrouter-0496cecb-490d-4615-b8fd-68cc3b50a5ff (id: 6)
qdhcp-8989b7a0-9d16-47a6-8dee-afab74c97358 (id: 5)
qdhcp-922abfd9-2155-42df-b806-8bae52a48aa8 (id: 2)
qrouter-4ff1e36d-e14e-475e-a207-cbb67954d1ff (id: 3)
qdhcp-52fe0a18-8028-42b9-ad40-ff6a1fec44d8 (id: 4)
qdhcp-f0fb0256-d425-4a5b-8ba4-0606d0ad7ed1 (id: 0)
查看路由器router7的接口
[root@rq940 ~]#  neutron router-port-list router7
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                            |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| a1193b47-5b16-4ee8-8799-23bf1bb40ab1 |      | fa:16:3e:b8:fd:0f | {"subnet_id": "4147db37-c675-4f52-8402-b2f6b6b58ec7", "ip_address": "192.168.60.71"} |
| bf324ff0-61d9-4493-aa0d-5725f53f265e |      | fa:16:3e:41:b4:e4 | {"subnet_id": "11ad63a6-2438-4392-b758-d05f18513687", "ip_address": "172.16.7.1"}    |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
[root@rq940 ~]# ping 172.16.7.1
PING 172.16.7.1 (172.16.7.1) 56(84) bytes of data.
64 bytes from 172.16.7.1: icmp_seq=1 ttl=250 time=4.68 ms
64 bytes from 172.16.7.1: icmp_seq=2 ttl=250 time=5.78 ms
^C
--- 172.16.7.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 4.682/5.231/5.781/0.554 ms
[root@rq940 ~]# ping 192.168.60.71
PING 192.168.60.71 (192.168.60.71) 56(84) bytes of data.
From 192.168.60.201 icmp_seq=1 Destination Host Unreachable
From 192.168.60.201 icmp_seq=2 Destination Host Unreachable
Ping不同router7的默认网关。在dashboard显示接口down掉了,且无法up。
使用dashboard重复以上操作,错误如故。
实例(mitaka改称云主机了)上添加网络接口均失败。
细心对照指南,认真纠正配置错误,未发现实质性错误,反复测试,均失败。
卡住了二天,实在找不出错误,忽然想到是不是系统问题呢。
在rq940上执行yum upgrade
Openstack部分仅neutron组件有更新,感觉有希望。
Mar 29 19:37:28 Updated: 1:python-neutron-7.0.3-1.el7.noarch
Mar 29 19:37:28 Updated: 1:openstack-neutron-common-7.0.3-1.el7.noarch
Mar 29 19:37:28 Updated: 1:openstack-neutron-linuxbridge-7.0.3-1.el7.noarch
Mar 29 19:37:28 Updated: 1:openstack-neutron-ml2-7.0.3-1.el7.noarch
Mar 29 19:37:28 Updated: 1:openstack-neutron-7.0.3-1.el7.noarch
果然,不用作任何修改,网络都通了,支持vxlan成功。
添加安全组规则,放行icmp包及开放ssh端口。
[root@rq940 ml2]# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+
[root@rq940 ml2]# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+
[root@rq940 ml2]# ip netns exec qrouter-95117500-2e15-49a5-ab93-4185955321e7 ping 172.16.8.11
PING 172.16.8.11 (172.16.8.11) 56(84) bytes of data.
64 bytes from 172.16.8.11: icmp_seq=1 ttl=64 time=1.26 ms
64 bytes from 172.16.8.11: icmp_seq=2 ttl=64 time=0.858 ms
64 bytes from 172.16.8.11: icmp_seq=3 ttl=64 time=0.610 ms
^C
--- 172.16.8.11 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.610/0.911/1.266/0.271 ms
[root@rq940 ml2]# ip netns exec qrouter-95117500-2e15-49a5-ab93-4185955321e7 ssh cirros@172.16.8.11
Warning: Permanently added '172.16.8.11' (RSA) to the list of known hosts.
cirros@172.16.8.11's password:
$ ip route
default via 172.16.8.1 dev eth0
169.254.169.254 via 172.16.8.1 dev eth0
172.16.8.0/24 dev eth0  src 172.16.8.11
$ ping -c 3 www.163.com
PING www.163.com (43.226.162.67): 56 data bytes
64 bytes from 43.226.162.67: seq=0 ttl=55 time=4.644 ms
64 bytes from 43.226.162.67: seq=1 ttl=55 time=4.445 ms
64 bytes from 43.226.162.67: seq=2 ttl=55 time=5.287 ms

--- www.163.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 4.445/4.792/5.287 ms

hofman   2016-05-04 22:05:43 评论:0   阅读:1096   引用:0

发表评论>>

署名发表(评论可管理,不必输入下面的姓名)

姓名:

主题:

内容: 最少15个,最长1000个字符

验证码: (如不清楚,请刷新)

2003-2007@copyright