Neutron在给虚拟机分配网络时，底层是如何实现的?

来源：互联网发布：网页编辑的软件编辑：程序博客网时间：2024/06/08 02:52

研究思路：

了解neutron和相关组件的工作流程。Neutron如何给不同租户分配网络

了解vxlan和vlan的区别

了解linux的底层命令实现，看日志文件，并记录日志信息

首先需要了解neutron使用的是vxlan管理网络，在数据中心中如果虚拟机超过250台，那么就可以考虑vxlan。因为一个vlan最多只能使用4096个ip地址，而vxlan通过24位分片id，在一个数据中心内他能部署百万个虚拟网络。而openstack是基于云计算的大规模虚拟机管理，使用vlan显示是不足以支撑其庞大需求的。因此neutron使用的就是vxlan来配置虚拟设备连接客户子网和外部设备。

在分析neutron的neutron-dhcp-agent.log日志时，能够清晰的观察到，neutron在分配网络时执行了如下命令：

先创建执行命令的进程，然后执行该进程

['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qdhcp-0a807a08-337e-4e61-bf42-c9cd7b4df1e4', 'ip', 'addr', 'show', 'ns-00a7fb6e-ec'

动态更改配置文件，也是先创进程再执行

Running command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'kill', '-HUP', '107920']

重新加载刷新网络

Reloading allocations for network: 0a807a08-337e-4e61-bf42-c9cd7b4df1e4 reload_allocations /usr/lib/python2.7/site-packages/neutron/agent/linux/dhcp.py:463

将网络添加到路由设备中

['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qdhcp-0a807a08-337e-4e61-bf42-c9cd7b4df1e4', 'ip', 'route', 'list', 'dev', 'ns-00a7fb6e-ec']

这些代码的执行逻辑是，先创建

/var/lib/neutron/dhcp/0a807a08-337e-4e61-bf42-c9cd7b4df1e4/host

文件，这个host文件里包含有所有虚拟机的ip地址，新建虚拟机的ip地址会分自动添加到这个文件中。

之后创建执行相关命令的进程，在执行相应的命令。

此时执行命令使用了sudo（即以root权限执行这些操作），这需要配置相关文件使我们可以在普通用户情况下，使用root用户免密码运行命令。

sudo执行这些命令前定义了一个文件叫/etc/sudoers.d/openstack-neutron

内容为：

controller:/etc/sudoers.d # cat openstack-neutron

Defaults:neutron !syslog, !pam_session, !pam_setcred, !use_pty

neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *

在/etc/neutron/rootwrap.conf文件中定义了filters_path参数指明哪个目录下列举的命令需要以root执行:
filters_path=/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap

exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin

同时查看tailf neutron-server.log可知执行任务时传递的相关参数是以json格式发送的，所有网络相关信息和配置参数都可以参考下列信息：

Request body: {u'port': {u'binding:host_id': u'Sugon02', u'admin_state_up': True, u'network_id': u'0a807a08-337e-4e61-bf42-c9cd7b4df1e4', u'tenant_id': u'2422e83c2047412fa7b30650fda928c4', u'device_owner': u'compute:OA', u'security_groups': [u'0d174e39-73ea-4b91-9be9-381552261ff8'], u'device_id': u'ca4aec10-e4d4-4903-bbf2-0adeb7d65fdb'}} prepare_request_body

Allocated IP - 172.16.15.20 from 172.16.15.21 to 172.16.15.22 _try_generate_ip

Allocated IP 172.16.15.20 _store_ip_allocation //分配

Notify callbacks for port, after_create _notify_loop

Calling callback neutron.db.l3_dvrscheduler_db._notify_l3_agent_new_port _notify_loop

Received port after_create _notify_l3_agent_new_port

Attempting to bind port 612590c5-ea83-4403-a956-aaeed65bd325 on host Sugon02 for vnic_type normal with profile bind_port /

Attempting to bind port 612590c5-ea83-4403-a956-aaeed65bd325 on host Sugon02 at level 0 using segments [{'segmentation_id': None, 'physical_network': u'oa', 'id': u'9f8ae07b-a7d7-4b6c-a318-c59ca19e2afa', 'network_type': u'flat'}] _bind_port_level

Attempting to bind port 612590c5-ea83-4403-a956-aaeed65bd325 on network 0a807a08-337e-4e61-bf42-c9cd7b4df1e4 bind_port

Checking agent: {'binary': u'neutron-linuxbridge-agent', 'description': None, 'admin_state_up': True, 'heartbeat_timestamp': datetime.datetime(2016, 2, 23, 2, 23, 12), 'alive': True, 'topic': u'N/A', 'host': u'Sugon02', 'agent_type': u'Linux bridge agent', 'created_at': datetime.datetime(2016, 1, 31, 23, 40, 10), 'started_at': datetime.datetime(2016, 2, 3, 12, 24, 56), 'id': u'a52d8ab6-424c-45aa-82a8-96763305ae14', 'configurations': {u'tunneling_ip': u'172.16.15.66', u'devices': 1, u'interface_mappings': {u'oa': u'bond1'}, u'l2_population': True, u'tunnel_types': [u'vxlan'], u'bridge_mappings': {}}} bind_port

Checking segment: {'segmentation_id': None, 'physical_network': u'oa', 'id': u'9f8ae07b-a7d7-4b6c-a318-c59ca19e2afa', 'network_type': u'flat'} for mappings: {u'oa': u'bond1'} with network types: [u'vxlan', 'local', 'flat', 'vlan'] check_segment_for_agent

Bound using segment: {'segmentation_id': None, 'physical_network': u'oa', 'id': u'9f8ae07b-a7d7-4b6c-a318-c59ca19e2afa', 'network_type': u'flat'} bind_port

Bound port: 612590c5-ea83-4403-a956-aaeed65bd325, host: Sugon02, vif_type: bridge, vif_details: {"port_filter": true}, binding_levels: [{'bound_driver': 'linuxbridge', 'bound_segment': {'segmentation_id': None, 'physical_network': u'oa', 'id': u'9f8ae07b-a7d7-4b6c-a318-c59ca19e2afa', 'network_type': u'flat'}}] _bind_port_level

For port 612590c5-ea83-4403-a956-aaeed65bd325, host Sugon02, cleared binding levels clear_binding_levels

For port 612590c5-ea83-4403-a956-aaeed65bd325, host Sugon02, set binding levels [<neutron.plugins.ml2.models.PortBindingLevel[object at 7f8561ceb9d0] {port_id='612590c5-ea83-4403-a956-aaeed65bd325', host=u'Sugon02', level=0, driver='linuxbridge', segment_id=u'9f8ae07b-a7d7-4b6c-a318-c59ca19e2afa'}>] set_binding_levels

Persisted dirty status for tenant:2422e83c2047412fa7b30650fda928c4 on resource:port mark_dirty

Network 0a807a08-337e-4e61-bf42-c9cd7b4df1e4 is already hosted by enough agents. _get_dhcp_agents_hosting_network

Synchronizing usage tracker for tenant:2422e83c2047412fa7b30650fda928c4 on resource:port resync

Unset dirty status for tenant:2422e83c2047412fa7b30650fda928c4 on resource:port _resync

For port 612590c5-ea83-4403-a956-aaeed65bd325, host Sugon02, got binding levels [<neutron.plugins.ml2.models.PortBindingLevel[object at 7f8561f26750] {port_id=u'612590c5-ea83-4403-a956-aaeed65bd325', host=u'Sugon02', level=0, driver=u'linuxbridge', segment_id=u'9f8ae07b-a7d7-4b6c-a318-c59ca19e2afa'}>] get_binding_levels

Ignoring state change previous_port_status: DOWN current_port_status: BUILD port_id 612590c5-ea83-4403-a956-aaeed65bd325 record_port_status_changed

Returning: {'profile': {}, 'network_qos_policy_id': None, 'allowed_address_pairs': [], 'segmentation_id': None, 'device_owner': u'compute:OA', 'device': u'tap612590c5-ea', 'port_security_enabled': True, 'fixed_ips': [{'subnet_id': u'2445dd26-5275-492f-8d14-e13ecf876667', 'ip_address': u'172.16.15.20'}], 'security_groups': [u'0d174e39-73ea-4b91-9be9-381552261ff8'], 'qos_policy_id': None, 'admin_state_up': True, 'network_id': u'0a807a08-337e-4e61-bf42-c9cd7b4df1e4', 'port_id': u'612590c5-ea83-4403-a956-aaeed65bd325', 'physical_network': u'oa', 'mac_address': u'fa:16:3e:8e:d6:02', 'network_type': u'flat'} get_device_details

Device tap612590c5-ea up at agent lba0423f200d9a update_device_up

For port 612590c5-ea83-4403-a956-aaeed65bd325, host Sugon02, got binding levels [<neutron.plugins.ml2.models.PortBindingLevel[object at 7f8561ce28d0] {port_id=u'612590c5-ea83-4403-a956-aaeed65bd325', host=u'Sugon02', level=0, driver=u'linuxbridge', segment_id=u'9f8ae07b-a7d7-4b6c-a318-c59ca19e2afa'}>] get_binding_levels

Notify callbacks for port, after_update _notify_loop

Calling callback neutron.db.l3_dvrscheduler_db._notify_l3_agent_port_update _notify_loop

Received port after_update _notify_l3_agent_new_port

Sending events: [{'status': 'completed', 'tag': u'612590c5-ea83-4403-a956-aaeed65bd325', 'name': 'network-vif-plugged', 'server_uuid': u'ca4aec10-e4d4-4903-bbf2-0adeb7d65fdb'}] send_events

Making authentication request to http://controller:35357/v3/auth/tokens get_auth_ref

RESP BODY: {"token": {"methods": ["password"], "roles": [{"id": "cd6d24e483e8429884d4681efd421911", "name": "admin"}], "expires_at": "2016-02-23T02:47:58.012931Z", "project": {"domain": {"id": "default", "name": "Default"}, "id": "10bba3b6823e41bd9bf484f43fe558a7", "name": "service"}, "catalog": "<removed>", "extras": {}, "user": {"domain": {"id": "default", "name": "Default"}, "id": "415c42786200466193f6e441a75dfad9", "name": "neutron"}, "audit_ids": ["Mv8HVZeqS1mD5NENEErHBQ"], "issued_at": "2016-02-23T01:47:58.013009Z"}}

_http_log_response

1 0