openstack高可用（pike版本）之配置ovs的vxlan网络

配置vxlan

各个控制节点

修改配置文件/etc/neutron/plugins/ml2/ml2_conf.ini

openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types  vxlan
openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks  physnet1
openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges  1:1000

重启服务

# systemctl restart neutron-server

创建网桥

# ovs-vsctl add-br br-eth1 

将网卡加到网桥中

# ovs-vsctl add-port br-eth1 ens33

修改配置文件/etc/neutron/plugins/ml2/openvswitch_agent.ini

[agent]
tunnel_types = vxlan
l2_population = True
prevent_arp_spoofing = True
[ovs]
local_ip = 172.16.8.60 #各个节点的管理网IP
bridge_mappings = physnet1:br-eth1

重启neutron服务

# for service in dhcp-agent l3-agent metadata-agent openvswitch-agent; do
systemctl restart neutron-$service
done

计算节点
修改配置文件/etc/neutron/plugins/ml2/ml2_conf.ini

openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types  vxlan
openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks  physnet1
openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges  1:1000

修改配置文件/etc/neutron/plugins/ml2/openvswitch_agent.ini

openstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini  agent tunnel_types vxlan
openstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini  agent l2_population  True
openstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini  prevent_arp_spoofing  True
openstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini  ovs local_ip  172.16.8.63

重启服务

# systemctl restart neutron-openvswitch-agent

配置drv
控制节点：

openstack-config --set /etc/neutron/neutron.conf DEFAULT router_distributed True

openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini DEFAULT enable_distributed_routing True
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr_snat

计算节点：
修改配置文件/etc/neutron/l3_agent.ini

# cp -a /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini_bak

[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

openstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr 
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini DEFAULT enable_distributed_routing True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs bridge_mappings physnet1:br-eth1

创建网桥

ovs-vsctl add-br br-eth1 
ovs-vsctl add-port br-eth1 ens33(业务网)

计算节点上重启 neutron-l3-agent服务（默认没开启）

systemctl restart neutron-l3-agent.service
systemctl enable neutron-l3-agent.service

验证

创建路由器

# openstack router create router01 

创建内部网络

# openstack network create int_net --provider-network-type vxlan 

创建子网

# openstack subnet create subnet1 --network int_net \
--subnet-range 10.18.100.0/24 --gateway 10.18.100.1 \
--dns-nameserver 114.114.114.114

将内部网络添加到路由器上

# openstack router add subnet router01 subnet1

创建外部网络

# openstack network create \
--provider-physical-network physnet1 \
--provider-network-type flat --external ext_net 

创建外部网络子网

# openstack subnet create subnet2 \
--network ext_net --subnet-range 10.16.100.0/24 \
--allocation-pool start=10.16.100.200,end=10.16.100.254 \
--gateway 10.16.100.1 --dns-nameserver 114.114.114.114 

将网络添加到路由器上

# openstack router set router01 --external-gateway ext_net 

创建flavor

# openstack flavor create  --vcpus 1 --ram 512 --disk 1 test

查看网络

# Int_Net_ID=`openstack network list | grep int_net | awk '{ print $2 }'` 
# openstack image list 

创建keypair

# ssh-keygen -q -N "" 
Enter file in which to save the key (/root/.ssh/id_rsa):

添加公钥

# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey 

创建虚拟机

# openstack server create --flavor m1.small --image cirros--security-group default --nic net-id=$Int_Net_ID --key-name mykey cirros

# openstack server list 

分配浮动IP

# openstack floating ip create ext_net 

分配浮动IP给虚拟机

# openstack server add floating ip cirros 172.16.100.201 

确认配置

# openstack floating ip show 10.16.100.201 

查看虚拟机

# openstack server list 

配置安全组icmp

# openstack security group rule create --protocol icmp --ingress default 

配置安全组SSH

# openstack security group rule create --protocol tcp --dst-port 22:22 default 

查看安全组

# openstack security group rule list 

查看虚拟机

# openstack server list 

登录虚拟机

# ssh cirros@172.16.100.201 
The authenticity of host '172.16.100.201 (172.16.100.201)' can't be established.
ECDSA key fingerprint is 94:11:48:02:fa:62:ff:9c:c4:75:8f:eb:16:62:a9:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.100.201' (ECDSA) to the list of known hosts.