编者按:根据OpenDaylight的wiki实现VTN与OpenStack结合使用网络虚拟化的功能。VTN功能可以支持多个OpenStack节点,可以部署多个OpenStack计算节点。在OpenDaylight VTN与OpenStack集成中,VTN Manager主要为OpenStack作为网络服务提供商进行工作,让OpenStack在完全的OpenFlow环境中运行。
在管理平面,OpenDaylight控制器、OpenStack节点和OpenFlow交换机之间能够互相通信。在数据平面,运行在OpenStack节点的虚拟交换机通过一个物理或逻辑的端口与OpenFlow交换机通信。但是OpenFlow交换机不是强制性的,可以直接连接到Open vSwitch。
1. 环境配置
环境部署一个OpenStack控制节点和OpenStack计算节点,主要准备如下:
1.在两台服务器上安装Ubuntu LTS14.04系统,用来部署openstack控制节点和计算节点;
2.安装前,Ubuntu新建立一个用户“stack”,在stack中获取并运行devstack计算虚拟化;
3.OpenDaylight所在服务器使用CentOS6.5系统;
4.进行用户配置和网络配置。
主要逻辑配置如图所示:
1.1 用户设置devstack
1.登录服务器,关闭防火墙
|
1 |
# ufw disable |
2.安装依赖包:
|
1 |
sudo apt-get install net-tools |
3.编辑/etc/sudoers文件:
|
1 |
stack ALL=(ALL) NOPASSWD: ALL |
4.控制节点:192.168.5.203;计算节点:192.168.5.83;OpenDaylight控制器:192.168.5.23。
1.2 网络设置
编辑/etc/network/interfaces 文件,进行网络配置:
|
1 2 3 4 5 6 7 8 9 10 11 |
devstack$ cat /etc/network/interfaces auto eth0 iface eth0 inet static address 192.168.5.83 netmask 255.255.255.0 broadcast 192.168.5.254 gateway 192.168.5.1 auto eth1 iface eth1 inet static address 10.0.0.83 netmask 255.0.0.0 |
注:配置eth0用来连接ODL控制器,eth1不用强制进行配置,进入系统后,可进行手动配置。
1.3 ODL设置和运行
VTN使用vtn.ini文件配置配置参数与openstack进行对接集成。在OpenDaylight的configuration 目录下,手动创建vtn.ini文件并添加以下内容:
|
1 2 3 4 |
bridgename=br-int portname=eth1 protocols=OpenFlow13 failmode=secure |
注:portname需配置正确,一旦配置错误,OpenDaylight控制器将无法转发数据包;
配置的参数基于用户环境:
Bridgename:Open vSwitch里面桥的名称,通过在OpenDaylight控制器中创建,且创建名称必须是br-int,stack.sh脚本中直接执行;
Portname:端口的名称,将在Open vSwitch的vbridge里创建,这个必须与在openstack用于互连数据层面的节点名称相同,默认地,如果vtn.ini没有被创建,VTN使用ens33作为端口名称;
Protocols:用于OpenFlow控制器与交换机之间的通信,值为OpenFlow13或者OpenFlow10。
Failmode:standalone或者secure,一般使用secure,屏蔽传统二层交换机。
1.4 启动OpenDaylight控制器
启动OpenDaylight控制器及VTN虚拟化管理功能主要包括两个步骤,一是安装VTN coordinator工具,二是在OpenDaylight的karaf容器中安装VTN Manager组件。
1.安装VTN coordinator:
|
1 2 |
cd distribution-karaf-0.2.1-Helium-SR1/externalapps tar –C/ -jxvf distribution.vtn-coordinator-6.0.0.1-Helium-SR1-bin.tar.bz2 |
建立数据库:
|
1 |
/usr/local/vtn/sbin/db_setup |
2.安装vtn manager:
启动OpenDaylight控制器并安装VTN Manager组件:
|
1 2 |
./bin/karaf feature:install odl-vtn-manager-all odl-openflowplugin-all odl-adsal-compatibility-all |
3.启动VTN coordinator:
|
1 |
/usr/local/vtn/bin/vtn_start |
注:OpenDaylight启动后请确保监听端口6633、6653、6640和8080。
2 Devstack 安装
2.1 安装devstack(所有节点):
获取devstack代码:
|
1 2 3 |
git clone https://git.openstack.org/openstack-dev/devstack cd devstack git checkout stable/juno |
2.2 控制节点:
在控制节点192.168.5.203的devstack目录下创建local.conf文件,并添加以下内容:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
[[local|localrc]] #IP Details HOST_IP=192.168.5.203 #Please Add The Control Node IP Address in this line SERVICE_HOST=$HOST_IP #Instance Details MULTI_HOST=1 #config Details RECLONE=yes #Make it "no" after stacking successfully the first time VERBOSE=True LOG_COLOR=True LOGFILE=/opt/stack/logs/stack.sh.log SCREEN_LOGDIR=/opt/stack/logs #OFFLINE=True #Uncomment this after stacking successfully the first time #Passwords ADMIN_PASSWORD=labstack MYSQL_PASSWORD=supersecret RABBIT_PASSWORD=supersecret SERVICE_PASSWORD=supersecret SERVICE_TOKEN=supersecrettoken ENABLE_TENANT_TUNNELS=false #ML2 Details Q_PLUGIN=ml2 Q_ML2_PLUGIN_MECHANISM_DRIVERS=opendaylight Q_ML2_TENANT_NETWORK_TYPE=local Q_ML2_PLUGIN_TYPE_DRIVERS=local disable_service n-net enable_service q-svc enable_service q-dhcp enable_service q-meta enable_service neutron enable_service odl-compute ODL_MGR_IP=192.168.5.23 #Please Add the ODL IP Address in this line OVS_PHYSICAL_BRIDGE=br-int Q_OVS_USE_VETH=True #Details of the Control node for various services [[post-config|/etc/neutron/plugins/ml2/ml2_conf.ini]] [ml2_odl] url=http://192.168.5.23:8080/controller/nb/v2/neutron #Please Add the ODL IP Address in this line username=admin password=admin |
注:确保以上的地址与实际环境相符。
在devstack目录下执行stack.sh编译计算节点:
|
1 |
./stack.sh |
验证控制节点:
1.Stack.sh执行后查看界面http://192.168.5.203:8080/;
2.sudo ovs-vsctl show查看br-int桥是否被创建,正确结果如下:
|
1 2 3 4 5 6 7 8 9 10 |
e232bbd5-096b-48a3-a28d-ce4a492d4b4f Manager "tcp:192.168.5.203:6640" is_connected: true Bridge br-int Controller "tcp:192.168.5.203:6633" is_connected: true fail_mode: secure Port "eth1" Interface "eth1" ovs_version: "2.0.2" |
2.3 计算节点:
在计算节点192.168.5.83的devstack目录下创建local.conf文件,并添加以下内容:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
[[local|localrc]] #IP Details HOST_IP=192.168.5.83 #Add the Compute node Management IP Address SERVICE_HOST=192.168.5.203 #Add the cotnrol Node Management IP Address here #Instance Details MULTI_HOST=1 #config Details RECLONE=yes #Make thgis "no" after stacking successfully once #OFFLINE=True #Uncomment this line after stacking successfuly first time. VERBOSE=True LOG_COLOR=True LOGFILE=/opt/stack/logs/stack.sh.log SCREEN_LOGDIR=/opt/stack/logs #Passwords ADMIN_PASSWORD=labstack MYSQL_PASSWORD=supersecret RABBIT_PASSWORD=supersecret SERVICE_PASSWORD=supersecret SERVICE_TOKEN=supersecrettoken #Services ENABLED_SERVICES=n-cpu,rabbit,neutron #ML2 Details Q_PLUGIN=ml2 Q_ML2_PLUGIN_MECHANISM_DRIVERS=opendaylight Q_ML2_TENANT_NETWORK_TYPE=local Q_ML2_PLUGIN_TYPE_DRIVERS=local enable_service odl-compute ODL_MGR_IP=192.168.5.23 #ADD ODL IP address here OVS_PHYSICAL_BRIDGE=br-int ENABLE_TENANT_TUNNELS=false Q_OVS_USE_VETH=True #Details of the Control node for various services Q_HOST=$SERVICE_HOST MYSQL_HOST=$SERVICE_HOST RABBIT_HOST=$SERVICE_HOST GLANCE_HOSTPORT=$SERVICE_HOST:9292 KEYSTONE_AUTH_HOST=$SERVICE_HOST KEYSTONE_SERVICE_HOST=$SERVICE_HOST NOVA_VNC_ENABLED=True NOVNCPROXY_URL="http://192.168.5.203:6080/vnc_auto.html" #Add Controller Node IP address VNCSERVER_LISTEN=$HOST_IP VNCSERVER_PROXYCLIENT_ADDRESS=$VNCSERVER_LISTEN |
执行stack.sh编译节点:
|
1 |
./stack.sh |
通过sudo ovs-vsctl show命令查看br-int桥是否被创建来验证计算节点,正确结果与控制节点是相似的。
以上执行正确后,在OpenStack界面创建云主机,查看OpenDaylight DLUX GUI界面http://192.168.5.23:8181/dlux/index.html,交换机、端口、拓扑都可以正确显示,如图所示:
有一些版本的交换机,当有table-miss时会drop数据包,需要在交换机中添加流表:
|
1 |
ovs-ofctl add-flow br-int priority=0,actions=output:CONTROLLER |
CentOS系统关闭防火墙,否则远程机器无法访问OpenDaylight界面:
|
1 |
/etc/init.d/iptables stop |
3 VTN验证操作
3.1 VTN虚拟化验证
在安装VTN Manager之前,OpenStack虚拟机被OpenDaylight管理控制可进行通信,但一旦VTN Manager安装成功实现虚拟化功能后,虚拟机将不再能通信。
3.2 VTN流表操作验证
OpenDaylight VTN Manager及coordinator安装成功后进行一系列的操作实行虚拟机通信。
创建控制器:
|
1 |
curl --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"controller": {"controller_id": "controller1", "ipaddr":"192.168.5.23", "type": "odc", "version": "1.0", "auditstatus":"enable"}}' http://127.0.0.1:8083/vtn-webapi/controllers.json |
创建VTN:
|
1 |
curl --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"vtn" : {"vtn_name":"vtn_one","description":"test VTN" }}' http://127.0.0.1:8083/vtn-webapi/vtns.json |
创建vBridge:
|
1 |
curl --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"vbridge" : {"vbr_name":"vbr_two","controller_id":"controller1","domain_id":"(DEFAULT)" }}' http://127.0.0.1:8083/vtn-webapi/vtns/vtn_one/vbridges.json |
创建vBridge的端口:
|
1 |
curl --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"interface": {"if_name": "if1","description": "if_desc1"}}' http://127.0.0.1:8083/vtn-webapi/vtns/vtn_one/vbridges/vbr_two/interfaces.json |
|
1 |
curl --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"interface": {"if_name": "if2","description": "if_desc1"}}' http://127.0.0.1:8083/vtn-webapi/vtns/vtn_one/vbridges/vbr_two/interfaces.json |
创建端口映射:
|
1 |
curl --user admin:adminpass -H 'content-type: application/json' -X PUT -d '{"portmap":{"logical_port_id": "PP-OF:00:00:00:00:00:00:02:03-br-int-qvo695d9ee6-4b"}}' http://127.0.0.1:8083/vtn-webapi/vtns/vtn_one/vbridges/vbr_two/interfaces/if1/portmap.json |
|
1 |
curl --user admin:adminpass -H 'content-type: application/json' -X PUT -d '{"portmap":{"logical_port_id": "PP-OF:00:00:00:00:00:00:02:03-br-int-qvodf7f59f5-19"}}' http://127.0.0.1:8083/vtn-webapi/vtns/vtn_one/vbridges/vbr_two/interfaces/if2/portmap.json |
创建flowlist:
|
1 |
curl --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"flowlist": {"fl_name": "flowlist1", "ip_version":"IP"}}' http://127.0.0.1:8083/vtn-webapi/flowlists.json |
创建Flowlistentry:
|
1 |
curl --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"flowlistentry": {"seqnum": "233","macethertype": "0x8000","ipdstaddr": "192.168.0.11","ipdstaddrprefix": "2","ipsrcaddr": "192.168.0.10","ipsrcaddrprefix": "2","ipproto": "17","ipdscp": "55","icmptypenum":"232","icmpcodenum": "232"}}' http://127.0.0.1:8083/vtn-webapi/flowlists/flowlist1/flowlistentries.json |
创建vBridge端口的Flowfilter:
|
1 |
curl --user admin:adminpass -X POST -H 'content-type: application/json' -d '{"flowfilter" : {"ff_type": "in"}}' http://127.0.0.1:8083/vtn-webapi/vtns/vtn_one/vbridges/vbr_two/interfaces/if1/flowfilters.json |
添加Pass流表:
|
1 |
curl --user admin:adminpass -X PUT -H 'content-type: application/json' -d '{"flowfilterentry": {"seqnum": "233", "fl_name": "flowlist1", "action_type":"pass", "priority":"3","dscp":"55" }}' http://127.0.0.1:8083/vtn-webapi/vtns/vtn_one/vbridges/vbr_two/interfaces/if1/flowfilters/in/flowfilterentries/233.json |
流表添加成功后,虚拟机可通信。
但是在上文实现中,OpenDaylight 安装VTN Manager功能实现虚拟化时,有时候虚拟化功能并没有生效,具体原因并不可知,在这里抛出来看大家有没有遇到,希望能够解答!
4 参考链接:
1.https://wiki.opendaylight.org/view/Release/Helium/VTN/User_Guide/OpenStack_Support
2.https://wiki.opendaylight.org/view/Release/Helium/VTN/Installation_Guide
3.https://wiki.opendaylight.org/view/OpenDaylight_Virtual_Tenant_Network_(VTN):Scripts:devstack
以上有不足或者是有错误的地方,还请指正!
