neutron mitaka new - meetupfiles.meetup.com/14055662/2016.05.21.1.99cloud.neutron... ·...
TRANSCRIPT
Mitaka updates龚永生九州云
dpdk
•以前有一个单独的项目networking-ovs-dpdk,现在基本不需要它了,保留它主要是做gate测试。ovsagent自己可以做vhost-user的vif type了。• https://review.openstack.org/#/c/237264/
iptables
• ipsetisonliberty,nowwehavediffofiptablesrulestorestore:• https://review.openstack.org/#/c/230750/
DefaultsubnetpoolAPI
•以前在配置文件中又个缺省的subnet pool配置项,现在提供了API接口,可以在创建subnet pool的时候指定缺省属性:• https://bugs.launchpad.net/neutron/+bug/1501328
guru
•收集进程的状态信息,特别是运行时查看各个配置项的值有用• kill-SIGUSR2<pid>
Availabilityzone
Configurefilesareremovedtofavorautogeneration
hi,removethegonetenant:Neutronpurge
# A list of the types of resources supported in the order in which they should be deleted.resource_types = ['floatingip', 'port', 'router', 'network', 'security_group']
全neutron client端的操作,没有API:https://review.openstack.org/#/c/276541
gongysh@ubuntu14:~/devstack$ neutron purge f59aedc5eb52489c9e97284c899214cfPurging resources: 100% complete.Deleted 1 security_group, 1 port. The following resources could not be deleted: 1 router, 1 port, 1 network.
https://blueprints.launchpad.net/neutron/+spec/get-me-a-network
$neutronauto-allocated-topology-show
https://review.openstack.org/#/c/233306/26
服务端:扩展auto_allocated_topology和添加Plugin
defget_required_extensions(self):return["subnet_allocation", "external-net","router"]
对外部网络添加了一个属性default,对subnet pool也添加了一个default属性,判断从哪个地址空间获得地址。过程:1. 管理员首先要
1. 创建一个外部,缺省的网络2. 创建一个共享的缺省的subnet
pool
内部实现:1. 创建网络,和子网,子网网段从
default的subnet pool中获取2. 创建路由,连接子网3. 找到缺省的外部网络,连接路由器的网关接口。
https://review.openstack.org/#/c/272842/
客户端:
hi, getmeanetwork inonestep:autoallocateanetworktopo
操作步骤sourceopenrcadminadmin
neutronnet-createext_net--provider:network_type local--router:externalTrue--is-defaultTrue
neutronsubnetpool-create --is-defaultTrue--shared--min-prefixlen22--max-prefixlen24--default-prefixlen24--pool-prefix10.10.0.0/16get_net_pool
sourceopenrcdemodemo
neutronauto-allocated-topology-show
Add a single tag on a network ::
PUT /v2.0/networks/{network_id}/tags/{tag}
Replace set of tags on a network ::
PUT /v2.0/networks/{network_id}/tags
with request payload ::
{'tags': ['foo', 'bar', 'baz']
}
Response ::
{'tags': ['foo', 'bar', 'baz']
}
Check if a tag exists or not on a network ::
GET /v2.0/networks/{network_id}/tags/{tag}
Remove a single tag on a network ::
DELETE /v2.0/networks/{network_id}/tags/{tag}
Remove all tags on a network ::
DELETE /v2.0/networks/{network_id}/tags
APIcode:https://review.openstack.org/#/c/284519
开发的兄弟注意了:这是新的扩展实现方式。
tag资源
core_plugin=xxxservice_plugins =xxxx
# Maps default service plugins entry points to their extension aliasesDEFAULT_SERVICE_PLUGINS = {
'auto_allocate': 'auto-allocated-topology','tag': 'tag','timestamp_core': 'timestamp_core','network_ip_availability': 'network-ip-availability'
}
以前加载plugin的方式:
现在多了一种:
neutron.service_plugins =dummy = neutron.tests.unit.dummy_plugin:DummyServicePluginrouter = neutron.services.l3_router.l3_router_plugin:L3RouterPluginfirewall = neutron_fwaas.services.firewall.fwaas_plugin:FirewallPluginlbaas = neutron_lbaas.services.loadbalancer.plugin:LoadBalancerPluginvpnaas = neutron_vpnaas.services.vpn.plugin:VPNDriverPluginmetering = neutron.services.metering.metering_plugin:MeteringPluginqos = neutron.services.qos.qos_plugin:QoSPlugintag = neutron.services.tag.tag_plugin:TagPluginflavors = neutron.services.flavors.flavors_plugin:FlavorsPluginauto_allocate = neutron.services.auto_allocate.plugin:Pluginnetwork_ip_availability = neutron.services.network_ip_availability.plugin:NetworkIPAvailabilityPlugintimestamp_core = neutron.services.timestamp.timestamp_plugin:TimeStampPlugin
Allowaddgatewayipoutsidethesubnet
neutronsubnet-createext-net--nameext-subnet\--allocation-poolstart=46.105.252.216,end=46.105.252.219\--disable-dhcp--gateway176.31.105.25446.105.252.0/24
0.0.0.0 176.31.105.254 0.0.0.0 UG 0 0 0 qg-0103d6fa-3146.105.252.0 0.0.0.0 255.255.255.0 U 0 0 0 qg-0103d6fa-31176.31.105.254 0.0.0.0 255.255.255.255 UH 0 0 0 qg-0103d6fa-31192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 qr-343ab2cb-f5
https://review.openstack.org/#/c/233287/
http://docs.openstack.org/mitaka/networking-guide/adv-config-net-ip-availability.html
https://blueprints.launchpad.net/neutron/+spec/network-ip-usage-api
管理员专属
https://review.openstack.org/#/c/212955/
扩展:Network_ip_availabilityservice plugin:network_ip_availability
命令行:
showmetheipusagestatus:ipavailability
differencebetweeninnerdnsandexternaldns?
Inner:dnsmasq生成的,由内部发起访问解析的
external:放在外部的域名系统中,由外部发起访问来解析的
hi,givemyVMaDNSnameforinsideandoutsideaccess
innerdnsname libertynova:https://review.openstack.org/#/c/271578/6 passinstance.hostnametoport.dns_name
neutron:https://review.openstack.org/#/c/88623/16/specs/liberty/internal-dns-resolution.rst
nova neutroninstance.hostnametoport.host_name
生成dns_assignmentonport
neutron.confdns_domain=
dnsmasq
hostconffile
https://review.openstack.org/#/c/200952/24
[ml2]extension_drivers=port_security,dns
https://blueprints.launchpad.net/neutron/+spec/external-dns-resolutionhttp://docs.openstack.org/mitaka/networking-guide/adv-config-dns.html
https://review.openstack.org/#/c/88624/12/specs/liberty/external-dns-resolution.rst
http://docs.openstack.org/developer/designate/devstack.html
非租户网络的概念:flat,vlan和tunnel不在租户网络范围的,非external网络,外部的DNS生效。
代码见https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/extensions/dns_integration.py#L184
[default]external_dns_driver=designate
[designate]url = http://55.114.111.93:9001/v2admin_auth_url = http://55.114.111.93:35357/v2.0admin_username = neutronadmin_password = x5G90074admin_tenant_name = serviceallow_reverse_dns_lookup = Trueipv4_ptr_zone_prefix_size = 24ipv6_ptr_zone_prefix_size = 116
配置neutron.conf以便连接designate DNSaaS
用例1:非租户网络下的虚拟机得到外部dns名
1. 在designate中创建一个域:[email protected]
2. 创建一个非租户网络,并设置其dns_domain,以及创建子网:neutronnet-createpronet--provider:network_typeflat--provider:physical_network--dns_domainmy-domain2.org.flatnet
3. 创建虚拟机novaboot--imagexx--flavor1--nicnet-id=<pronetid>test-vm4
4. 查看designate中是否有记录:designaterecord-listmy-domain.org.
desiganate服务地址
用例2:租户网络下的虚拟机,floatingip不设置dns_name和dns_domain
1. 在designate中创建一个域:designatedomain-create--namemy-domain2.org. [email protected]
2. 创建一个租户网络,并设置其dns_domain,以及创建子网:neutronnet-createpronet--dns_domainmy-domain2.org. net1
3. 创建虚拟机novaboot--imagexx--flavor1--nicnet-id=<net1id>testvm2
4. 查看designate中是否有记录(这时不会有记录)designaterecord-listmy-domain2.org.
5. 创建并挂接floatingip6. 查看designate中是否有记录(这时有记录,而且是testvm2. my-domain2.org.对着floatingip地址)designaterecord-listmy-domain2.org.
注意组合,租户网络里的名字决定外部的DNS名字
用例3:租户网络下的虚拟机,floatingip设置dns_name和dns_domain
1. 在designate中创建一个域:designatedomain-create--namemy-domain3.org. [email protected]
2. 创建一个租户网络,并设置其dns_domain,以及创建子网:neutronnet-createpronet--dns_domainmy-domain3.org. net1
3. 创建虚拟机novaboot--imagexx--flavor1--nicnet-id=<net1id>testvm2
4. 查看designate中是否有记录(这时不会有记录)designaterecord-listmy-domain2.org.
5. 为floatinip创建一个域designatedomain-create--namemy-domain4.org. [email protected]
6. 创建floatingip,并设置--dns-namemyvm2 --dns-domainmy-domain4.org.7. 查看designate中是否有记录(这时有记录,而且是myvm2. my-domain4.org.对着floatingip地址
注意现在的组合方式,和租户网路里的名字无关
Distributed Virtual Router SNAT HA configuration
http://docs.openstack.org/mitaka/networking-guide/adv-config-dvr-ha-snat.html
https://www.youtube.com/watch?v=79zcVRpukH0
Mactapdriverandagent:https://bugs.launchpad.net/neutron/+bug/1480979
http://docs.openstack.org/mitaka/networking-guide/scenario-classic-mt.htmlnovavifdriver:https://review.openstack.org/#/c/182283/
不能支持DVR,没有安全组
[macvtap]physical_interface_mappings = physnet1:eth2
macvtap的性能介于tap和sriov之间
http://docs.openstack.org/developer/neutron/devref/address_scopes.html#address-scopeshttp://specs.openstack.org/openstack/neutron-specs/specs/liberty/address-scopes.html
https://review.openstack.org/#/c/286294/11/doc/networking-guide/source/adv-config-address-scopes.rst
limitation
Each subnet from the same address family on a network is required to be from the same subnet pool. Therefore, the address scope will also be the same
https://github.com/openstack/neutron/blob/master/doc/source/devref/address_scopes.rst
sharedaddressscope
peripversion
sharedsubnetpoolpreipversionwithdefaultset
auto-allocated-topology-show
publicNATnetrouter:externaland
default
public subnet
tenantnetwork
tenantsubnet
tenantrouter
管理员
租户
操作流程的改变
astara:VM asVNF
VNFneutronadvancedservices
https://www.openstack.org/videos/video/a-deep-dive-into-project-astara
http://docs.akanda.io/en/latest/what_is_astara.html
https://www.openstack.org/videos/video/openstack-astara-a-hands-on-installation-and-tutorial-workshop
https://launchpad.net/astara
更少的agents组件,有个好的管理平台
astaraAPI
astaraappliance
Tenantnetworkasappliancemanagementnetwork
neutron
MSGqueue
openstackmanagementnetwork
astaraAPI
astaraappliancerouter
Tenantnetworkasappliancemanagementnetwork
neutron
openstackmanagementnetwork
虚拟机
IPv6
租户网络
astaraAPImetadataproxy
astaraappliancelbaas(nginxbased)
Tenantnetworkasappliancemanagementnetwork
neutron
openstackmanagementnetwork
vipandservicenet
虚拟机
还不支持 vip和后端服务器分属不同网络的情形,对高可用还有些问题
Ovsfirewall:https://bugs.launchpad.net/neutron/+bug/1461000
https://specs.openstack.org/openstack/neutron-specs/specs/mitaka/bgp-dynamic-routing.html
tapasaservice:
https://github.com/openstack/neutron-dynamic-routing
https://blueprints.launchpad.net/neutron/+spec/bgp-spinout