环境还是虚拟机里devstack安装的L版本openstack,这里修改两处配置
第一点是ENABLED_SERVICES里添加q-vpn
# This allows us to pass ``ENABLED_SERVICES``
if ! isset ENABLED_SERVICES ; then
# Keystone - nothing works without keystone
ENABLED_SERVICES=key
# Nova - services to support libvirt based openstack clouds
ENABLED_SERVICES+=,n-api,n-cpu,n-net,n-cond,n-sch,n-novnc,n-crt,n-cauth
# Glance services needed for Nova
ENABLED_SERVICES+=,g-api,g-reg
# Cinder
ENABLED_SERVICES+=,c-sch,c-api,c-vol
# Neutron
ENABLED_SERVICES+=,q-svc,q-agt,q-dhcp,q-l3,q-meta,q-vpn
# Dashboard
ENABLED_SERVICES+=,horizon
# Additional services
#ENABLED_SERVICES+=,rabbit,tempest,mysql,dstat
ENABLED_SERVICES+=,rabbit,mysql,dstat
fi
第二点是配置为非DVR
# Distributed Virtual Router (DVR) configuration
# Can be:
# - ``legacy`` - No DVR functionality
# - ``dvr_snat`` - Controller or single node DVR
# - ``dvr`` - Compute node in multi-node DVR
#
Q_DVR_MODE=${Q_DVR_MODE:-legacy}
if [[ "$Q_DVR_MODE" != "legacy" ]]; then
Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch,linuxbridge,l2population
fi
去掉IPv6,暂时用不着
# Subnet IP version
#IP_VERSION=${IP_VERSION:-"4+6"}
IP_VERSION=${IP_VERSION:-"4"}
# Validate IP_VERSION
if [[ $IP_VERSION != "4" ]] && [[ $IP_VERSION != "6" ]] && [[ $IP_VERSION != "4+6" ]]; then
die $LINENO "IP_VERSION must be either 4, 6, or 4+6"
fi
修改完之后,在devstack里执行./stack.sh,安装完之后,agentqq起来了
lihui@l-openstack:~/devstack$ neutron agent-list +--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+ | 0a8e4851-fbf5-47c1-b294-fa1e85633168 | L3 agent | l-openstack | :-) | True | neutron-vpn-agent | | 3e84c6bc-ff33-4a7a-9f78-4e1d6af029a9 | Metadata agent | l-openstack | :-) | True | neutron-metadata-agent | | 555c346b-c243-4449-9346-e58dd1426304 | DHCP agent | l-openstack | :-) | True | neutron-dhcp-agent | | 58f26842-4275-4c46-8317-ac7dab429b8e | Open vSwitch agent | l-openstack | :-) | True | neutron-openvswitch-agent | +--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+
网桥分布
lihui@l-openstack:~/devstack$ sudo ovs-vsctl show
e3bbb9f8-2dc6-4f7d-85a4-7584ac8584a1
Bridge br-int
fail_mode: secure
Port "tap5f8ce545-7f"
tag: 1
Interface "tap5f8ce545-7f"
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port "qr-4c259d08-89"
tag: 1
Interface "qr-4c259d08-89"
type: internal
Port br-int
Interface br-int
type: internal
Bridge br-tun
fail_mode: secure
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port br-tun
Interface br-tun
type: internal
Bridge br-ex
Port "qg-a6615f60-65"
Interface "qg-a6615f60-65"
type: internal
Port br-ex
Interface br-ex
type: internal
ovs_version: "2.0.2"
br-int和br-tun直连,但是有一点,这里默认创建的public external网络,不是flat类型,而是vxlan类型
lihui@l-openstack:~/devstack$ neutron net-show 7ef2c15b-c1d6-4b55-bd8e-f22efbda17e4 +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | admin_state_up | True | | id | 7ef2c15b-c1d6-4b55-bd8e-f22efbda17e4 | | mtu | 1450 | | name | public | | port_security_enabled | True | | router:external | True | | shared | False | | status | ACTIVE | | subnets | e56b52dd-1a4b-481e-80a2-feb101d0ecd7 | | tenant_id | 794198dcae7641b0ab8d77a27d180aba | +-----------------------+--------------------------------------+
原因是在lib/neutron-legacy里有这么一段代码
# Create an external network, and a subnet. Configure the external network as router gw
if [ "$Q_USE_PROVIDERNET_FOR_PUBLIC" = "True" ]; then
EXT_NET_ID=$(neutron net-create "$PUBLIC_NETWORK_NAME" -- --router:external=True --provider:network_type=flat --provider:physical_network=${PUBLIC_PHYSICAL_NETWORK} | grep ' id ' | get_field 2)
else
EXT_NET_ID=$(neutron net-create "$PUBLIC_NETWORK_NAME" -- --router:external=True | grep ' id ' | get_field 2)
fi
die_if_not_set $LINENO EXT_NET_ID "Failure creating EXT_NET_ID for $PUBLIC_NETWORK_NAME"
if [[ "$IP_VERSION" =~ 4.* ]]; then
# Configure router for IPv4 public access
_neutron_configure_router_v4
fi
if [[ "$IP_VERSION" =~ .*6 ]]; then
# Configure router for IPv6 public access
_neutron_configure_router_v6
fi
这里的$Q_USE_PROVIDERNET_FOR_PUBLIC配置为False,因此走到了else里,从而默认是vxlan类型;但是如果设置为True,在下面这段代码里会走到_neutron_configure_router_v4
# Create an external network, and a subnet. Configure the external network as router gw
if [ "$Q_USE_PROVIDERNET_FOR_PUBLIC" = "True" ]; then
EXT_NET_ID=$(neutron net-create "$PUBLIC_NETWORK_NAME" -- --router:external=True --provider:network_type=flat --provider:physical_network=${PUBLIC_PHYSICAL_NETWORK} | grep ' id ' | get_field 2)
else
EXT_NET_ID=$(neutron net-create "$PUBLIC_NETWORK_NAME" -- --router:external=True | grep ' id ' | get_field 2)
fi
die_if_not_set $LINENO EXT_NET_ID "Failure creating EXT_NET_ID for $PUBLIC_NETWORK_NAME"
if [[ "$IP_VERSION" =~ 4.* ]]; then
# Configure router for IPv4 public access
_neutron_configure_router_v4
fi
在_neutron_configure_router_v4里的最后一步
if [[ "$ext_gw_interface" != "none" ]]; then
local cidr_len=${FLOATING_RANGE#*/}
local testcmd="ip -o link | grep -q $ext_gw_interface"
test_with_retry "$testcmd" "$ext_gw_interface creation failed"
if [[ $(ip addr show dev $ext_gw_interface | grep -c $ext_gw_ip) == 0 && ( $Q_USE_PROVIDERNET_FOR_PUBLIC == "False" || $Q_USE_PUBLIC_VETH == "True" ) ]]; then
sudo ip addr add $ext_gw_ip/$cidr_len dev $ext_gw_interface
sudo ip link set $ext_gw_interface up
fi
ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$PUB_SUBNET_ID '$4 == subnet_id { print $8; }'`
die_if_not_set $LINENO ROUTER_GW_IP "Failure retrieving ROUTER_GW_IP"
sudo ip route replace $FIXED_RANGE via $ROUTER_GW_IP
fi
ip route replace的时候,会报错,无法将子网下一跳设置为router gateway ip
这里就先不管了,的确ALL-IN-ONE的OpenStack得好好捋一捋流程走向,不管怎么样,先把VPN相关服务都起来,接下来就是创建服务,最终达到能够测试的目的
