1) Basic knowledge
1. Virtual network management
a-Network Management
The OpenStack network is an OSI layer 2 network composed of virtual devices.
The command format is as follows:
openstack network <操作>[选项][<网络名>]
Common operations of network management commands:
| Common operations | Function Description |
|---|---|
| create | create network |
| delete | delete network |
| list | list existing networks |
| set | Set network parameters |
| unset | Cancel network parameter setting |
| show | show network details |
Common options for network management commands:
| Common options | Function Description |
|---|---|
| –h | show help information |
| –enable | enable network |
| –disable | disable network |
| –enable-port-security | Enable port security |
| –disable-port-security | disable port security |
| –share | Set the network as a shared network |
| –no-share | Set the network as a non-shared network |
| –external | Set network as external network |
| –internal | Set network as internal network |
| –provider-network-type | Network type, including Flat, GRE, Local, VLAN, and VXLAN |
| –provider-physical-network | The name of the physical network that implements the virtual network |
Here's an example:
Create a shared external network of type "Flat"
The command is as follows:
openstack network create --share --external --provider-physical-network provider --provider-network-type flat vm-network
view current network list
openstack network list
View network details
openstack network show 6efe6b97-a8dc-4eeb-ad6f-3b4fee8a1c3b
The last parameter of the code can be the name or id of the network
Modify the name of the network and change it to a non-shared network
openstack network set --name new-vnet --no-share vm-network
The last parameter of the code can be the name or id of the network
delete a network
openstack network delete new-vnet
b-subnet management
A subnet is an IP address segment mounted on the network, and its main function is to assign an IP address to a new port when it is created in the network. There is a many-to-one relationship between a subnet and a network. A subnet must belong to a network, and a network can have multiple subnets. You can use the following commands to manage OpenStack subnets.
openstack subnet <操作>[选项]<子网名>
Common operations of subnet management commands:
| Common operations | Function Description |
|---|---|
| create | create new subnet |
| delete | delete subnet |
| list | list existing subnets |
| set | Set subnet parameters |
| unset | Cancel subnet parameter setting |
| show | show subnet details |
Common options for subnet management commands:
| Common options | Function Description |
|---|---|
| –h | show help information |
| –project | Current project, enter project name or project ID |
| –subnet-range | The IP segment of the subnet |
| –dhcp | Start DHCP to automatically assign IP addresses to cloud hosts |
| –no-dhcp | Do not use DHCP |
| –allocation-pool<start=,end=> | DHCP分配IP地址池,用”start“代表起始地址,”end“代表结束地址,如”stat=192.168.20.100,end=192.168.20.200” |
| –gateway | 设置网卡 |
| –dns-nameserver | 配置DNS服务器地址 |
| –network | 子网属于的网络,可以是网络名或网络ID |
下面展示几个例子:
为网络“vm-network”创建一个名为“vm-subnetwork”的子网,该子网拥有“192.168.20.0/24”网段,并为云主机自动分配“192.168.20.100”到“192.168.20.200”之间的IP地址,同时设置DNS服务器IP地址为“114.114.114.114”
openstack subnet create --network vm-network --allocation-pool start=192.168.20.100,end=192.168.20.200 --dns-nameserver 114.114.114.114 --subnet-range 192.168.20.0/24 vm-subnetwork
子网必须属于同一网络,如果不存在网络,则需要先创建网络再创建子网
查看子网列表
openstack subnet list
查看子网的详细信息
openstack subnet show 4de5482d-dab5-4508-934f-6cb6aaf3a270
以上代码最后的参数可以是子网的名称或ID
修改子网的名称并设定网关值为“192.168.20.2”
openstack subnet set --name new-subvnet --gateway 192.168.20.2 vm-subnetwork
以上代码最后的参数可以是子网的名称或id
删除一个子网
openstack subnet delete new-subvnet
如果子网中存在端口,则不允许直接删除子网,需要先删除端口再删除子网
c-端口管理
端口是挂载在子网中的用于连接云主机虚拟网卡的接口。端口上定义了硬件物理地址和独立的IP地址,当云主机的虚拟网卡连接到某个端口时,端口就会将MAC地址和IP地址分配给虚拟网卡。子网与端口是一对多关系,一个端口必须属于某个子网;一个子网可以有多个端口。
对OpenStack的端口进行管理的命令格式:
openstack port <操作>[选项]<子网名>
端口管理命令的常用操作:
| 常用操作 | 功能说明 |
|---|---|
| create | 创建端口 |
| delete | 删除端口 |
| list | 列出已有的端口列表 |
| set | 设置端口参数 |
| unset | 取消端口参数设置 |
| show | 显示端口的详细信息 |
端口管理命令的常用选项:
| 常用选项 | 功能说明 |
|---|---|
| –h | 显示帮助信息 |
| –network | 端口属于的网络 |
| –fixed-ip subnet=,ip-address= | 为端口绑定IP地址。“subnet”属于子网,“ip-address”表示IP地址 |
| –enable | 启用端口 |
| –disable | 禁用端口 |
| –enable-port-security | 启用端口安全设置 |
| –disable-port-security | 禁用端口安全设置 |
下面用几个例子展示:
为网络“vm-network”的“my_subnet”子网创建一个绑定了IP地址“192.168.20.120”的端口,并将其命名为“myport”
openstack port create myport --network vm-network --fixed-ip subnet=my_subnet,ip-address=192.168.20.120
端口必须属于一个子网,如果不存在子网,则需要先创建子网。
因为还没有连接上虚拟机,所以刚创建的端口的状态(Status)为关机(DOWN)。
查看端口列表
openstack port list
删除一个端口
openstack port delete port1
这里可以使用端口的IP或端口名
2.虚拟网桥管理
网桥属于OSI参考模型的二层设备,类似于交换机,负责连接在它上面的云主机之间的通信。可以采用网桥管理工具包“bridge-utils”中的brctl命令来管理虚拟网桥。在用YUM安装好“bridege-utils”工具包以后,该命令才可以使用。用法如下:
brctl <操作>
网桥管理命令的常用操作:
| 常用操作 | 功能说明 |
|---|---|
| addbr | 增加网桥 |
| delbr | 删除网桥 |
| addif<bridge | 将网卡接入网桥 |
| delif | 将网卡从网桥上删除 |
| show [] | 显示网桥信息 |
下面是一些例子:
创建一个网桥
brctl addbr br1
#创建了一个名为“br1”的网桥
将网卡接入网桥
brctl addif br1 ens34
#以上代码将ens34网卡连接到了br1网桥上
查看网桥信息
brctl show br1
名为br1的网桥上连接了ens34网卡。
只有当物理网卡ens34和云主机的网络接口都连接在同一个网桥时,才可以实现云主机和物理机的直接通信
二)项目实施
1.项目准备
a-卸载系统网络管理软件包
CentOS自带的“NetworkManager"网络管理软件包和OpenStack用到的虚拟网关服务又冲突,所以我们需要将其卸载从所有节点。
在控制和计算两个节点上运行下面的命令以卸载系统自带的网络管理软件包:
yum -y remove NetworkManager
b-关闭VM虚拟网络的DHCP服务
Neutron提供了DHCP服务,且其DHCP服务器和VMware Workstation提供的DHCP服务器处于同一个网段,两台DHCP服务器将使云主机获取不到Neutron分配的正确的IP地址,因此需要关闭。
在弹出的VMware Workstation的【虚拟网络编辑器】对话框中作此操作:
取消使用本地DHCP服务将IP地址分配给虚拟机。
b-安装网桥管理工具包
在控制节点上使用以下命令,以安装Linux的网桥管理工具包。
yum -y install bridge-utils
2.用Dashboard创建与管理虚拟网络与子网
a-登录Dashboard
在本机浏览器输入”http://192.168.10.20“(Dashboard安装地址),进入登录界面
【域】输入Default,【用户名】输入admin,【密码】输入000000,点击【登入】。
b-创建虚拟网络
在【概况】选择【管理员】—>【网络】选项,进入【网络】界面。
点击【创建网络】按钮,进入 【创建网络】对话框。
【名称】-填写新建网络的名称。
【项目】-下拉列表选择【peoject】选项。
【供应商网络类型】-下拉列表选择【Flat】选项。
【物理网络】-输入”provider“(和”/etc/neutron/plugins/ml2/ml2_conf.ini"中的 “flat_networks=provider"保持一致);选中【共享的】和【外部网络】。
c-创建子网
After completing the operation of creating a virtual network, click [Next]. Enter the [Subnet] interface. In the [Subnet] interface
[Subnet Name] - enter the name of the subnet
[Network Name] - enter the external network physical network segment '192.168.20.0/24"
[Gateway IP] - enter "192.168.20.2" (in VMware NAT gateway set in Workstation)
Select the [Activate DHCP] check box in [Subnet Details], enter two IP addresses in the [Assign Address Pool] text box, indicating the range of IP addresses allocated by the DHCP service, the first The first IP address is the starting IP address, the second IP address is the ending IP address, and the two are separated by commas. Enter the domestic DNS server IP address "114.114.114.114" of China Telecom in the [DNS Server] text box.
Finally Click【Create】to complete.
d- View the list of virtual networks
After the creation is complete, you can return to the [Network] interface to view the network list.
3. Create and manage virtual networks and subnets in command mode
Since only one Flat network can be created, check the existing network first. If a network exists, it needs to be removed first.
This experiment is completed on the control node.
a- View virtual networks and subnets
#模拟登录
source admin-login
#查看现有子网列表
openstack subnet list
#查看现有虚拟网络列表
openstack network list
#查看现有网络接口列表
openstack port list
b- delete virtual network
When deleting a virtual network and subnet, you need to ensure that there are no ports under it, so you need to delete the port first.
#删除网络端口
openstack port delete <端口ID>
#删除虚拟子网
openstack subnet delete <虚拟子网ID>
#删除虚拟网络
openstack network delete <虚拟网络ID>
c-Create virtual network and subnet
#创建虚拟网络
openstack network create --share --external --provider-physical-network provider --provider-network-type flat vm-network
#查看虚拟网络获得网络ID
openstack network list
#创建虚拟子网,Flat网络需要子网和外部网络处于同一网段。
openstack subnet create --network vm-network --allocation-pool start=192.168.244.140,end=192.168.244.144 --dns-nameserver 114.114.114.114 --gateway 192.168.244.2 --subnet-range 192.168.244.0/24 vm-subnetwork
#查看虚拟子网信息
openstack subnet list
#重启网络
systemctl restart network
d-bridge management
#查看网络情况
ip a
The bridge name in OpenStack is a string of values starting with "brq".
#查看网桥情况
brctl show
You can see that the bridge has two devices connected.
The bridge is similar to a standard switch, which associates the physical machines and cloud hosts connected to it, so that the topics can communicate with each other.
Only after the cloud host is created, the computing node will generate a bridge.