
来源:互联网 发布:打底衫比外套长 知乎 编辑:程序博客网 时间:2024/05/01 23:42

在分析nova boot创建VM的代码流程与neutron-dhcp-agent交互之前,首先分析neutron-dhcp-agent服务启动流程。与其他服务的启动入口一样。查看setup.cfg文件。


console_scripts =

    neutron-db-manage = neutron.db.migration.cli:main

    neutron-debug =

    neutron-dhcp-agent = neutron.cmd.eventlet.agents.dhcp:main

    neutron-hyperv-agent = neutron.cmd.eventlet.plugins.hyperv_neutron_agent:main

    neutron-keepalived-state-change = neutron.cmd.keepalived_state_change:main

    neutron-ibm-agent =

    neutron-l3-agent = neutron.cmd.eventlet.agents.l3:main

    neutron-linuxbridge-agent = neutron.plugins.linuxbridge.agent.linuxbridge_neutron_agent:main

    neutron-metadata-agent = neutron.cmd.eventlet.agents.metadata:main

    neutron-mlnx-agent = neutron.cmd.eventlet.plugins.mlnx_neutron_agent:main

    neutron-nec-agent = neutron.cmd.eventlet.plugins.nec_neutron_agent:main

    neutron-netns-cleanup = neutron.cmd.netns_cleanup:main

    neutron-ns-metadata-proxy = neutron.cmd.eventlet.agents.metadata_proxy:main

    neutron-ovsvapp-agent = neutron.cmd.eventlet.plugins.ovsvapp_neutron_agent:main

    neutron-nvsd-agent = neutron.plugins.oneconvergence.agent.nvsd_neutron_agent:main

    neutron-openvswitch-agent = neutron.cmd.eventlet.plugins.ovs_neutron_agent:main

    neutron-ovs-cleanup = neutron.cmd.ovs_cleanup:main

    neutron-restproxy-agent = neutron.plugins.bigswitch.agent.restproxy_agent:main

    neutron-server = neutron.cmd.eventlet.server:main

    neutron-rootwrap = oslo_rootwrap.cmd:main

    neutron-rootwrap-daemon = oslo_rootwrap.cmd:daemon

    neutron-usage-audit = neutron.cmd.usage_audit:main

    neutron-metering-agent =

    neutron-sriov-nic-agent = neutron.plugins.sriovnicagent.sriov_nic_agent:main

    neutron-sanity-check = neutron.cmd.sanity_check:main

    neutron-cisco-apic-service-agent =

    neutron-cisco-apic-host-agent =

#/neutron/cmd/eventlet/agents/dhcp.pyfrom neutron.agent import dhcp_agentdef main():dhcp_agent.main()#/neutron/agent/dhcp_agent.pydef register_options():    config.register_interface_driver_opts_helper(cfg.CONF)    config.register_use_namespaces_opts_helper(cfg.CONF)    config.register_agent_state_opts_helper(cfg.CONF)    cfg.CONF.register_opts(dhcp_config.DHCP_AGENT_OPTS)    cfg.CONF.register_opts(dhcp_config.DHCP_OPTS)    cfg.CONF.register_opts(dhcp_config.DNSMASQ_OPTS)    cfg.CONF.register_opts(metadata_config.DRIVER_OPTS)    cfg.CONF.register_opts(metadata_config.SHARED_OPTS)    cfg.CONF.register_opts(interface.OPTS)def main():    register_options()    common_config.init(sys.argv[1:])    config.setup_logging()    server = neutron_service.Service.create(        binary='neutron-dhcp-agent',        topic=topics.DHCP_AGENT,        report_interval=cfg.CONF.AGENT.report_interval,        manager='neutron.agent.dhcp.agent.DhcpAgentWithStateReport')    service.launch(server).wait()


#/neutron/    def start(self):        self.manager.init_host()        super(Service, self).start()        if self.report_interval:            pulse = loopingcall.FixedIntervalLoopingCall(self.report_state)            pulse.start(interval=self.report_interval,                        initial_delay=self.report_interval)            self.timers.append(pulse)        if self.periodic_interval:            if self.periodic_fuzzy_delay:                initial_delay = random.randint(0, self.periodic_fuzzy_delay)            else:                initial_delay = None            periodic = loopingcall.FixedIntervalLoopingCall(                self.periodic_tasks)            periodic.start(interval=self.periodic_interval,                           initial_delay=initial_delay)            self.timers.append(periodic)        self.manager.after_start()


#/neutron/agent/dhcp/ DhcpAgentWithStateReport(DhcpAgent):    def __init__(self, host=None):        super(DhcpAgentWithStateReport, self).__init__(host=host)        self.state_rpc = agent_rpc.PluginReportStateAPI(topics.PLUGIN)        self.agent_state = {            'binary': 'neutron-dhcp-agent',            'host': host,            'topic': topics.DHCP_AGENT,            'configurations': {                'dhcp_driver': cfg.CONF.dhcp_driver,                'use_namespaces': cfg.CONF.use_namespaces,                'dhcp_lease_duration': cfg.CONF.dhcp_lease_duration},            'start_flag': True,            'agent_type': constants.AGENT_TYPE_DHCP}        report_interval = cfg.CONF.AGENT.report_interval        self.use_call = True        if report_interval:            self.heartbeat = loopingcall.FixedIntervalLoopingCall(                self._report_state)            self.heartbeat.start(interval=report_interval)#/neutron/agent/dhcp/ DhcpAgent(manager.Manager):    """DHCP agent service manager.    Note that the public methods of this class are exposed as the server side    of an rpc interface.  The neutron server uses    neutron.api.rpc.agentnotifiers.dhcp_rpc_agent_api.DhcpAgentNotifyApi as the    client side to execute the methods here.  For more information about    changing rpc interfaces, see doc/source/devref/rpc_api.rst.    """    target = oslo_messaging.Target(version='1.0')    def __init__(self, host=None):        super(DhcpAgent, self).__init__(host=host)        self.needs_resync_reasons = collections.defaultdict(list)        self.conf = cfg.CONF        self.cache = NetworkCache()        self.dhcp_driver_cls = importutils.import_class(self.conf.dhcp_driver)        ctx = context.get_admin_context_without_session()        self.plugin_rpc = DhcpPluginApi(topics.PLUGIN,                                        ctx, self.conf.use_namespaces)        # create dhcp dir to store dhcp info        dhcp_dir = os.path.dirname("/%s/dhcp/" % self.conf.state_path)        linux_utils.ensure_dir(dhcp_dir)        self.dhcp_version = self.dhcp_driver_cls.check_version()        self._populate_networks_cache()        self._process_monitor = external_process.ProcessMonitor(            config=self.conf,            resource_type='dhcp')

DhcpAgentWithStateReport类继承DhcpAgent类,DhcpAgentWithStateReport类的作用主要是创建一个协程定时向neutron-server启动时开启的rpc-server上报neutron-dhcp-agent的服务或network状态,然后通过neutron-server的core plugin将状态更新到数据库中。

DhcpAgent类才是为neutron-dhcp-agent服务做主要工作的。其中self.cache = NetworkCache()主要保存底层的active的dhcp networks信息,这些信息会通过DhcpAgentWithStateReport类的_report_state方法上报到数据库中。dhcp_dir= os.path.dirname("/%s/dhcp/" % self.conf.state_path)创建了一个目录,其中self.conf.state_path的配置(在/etc/neutron/dhcp_agent.ini配置文件中)为:


在该目录下将会保存创建的dhcp networks的相关信息。

self.dhcp_driver_cls =importutils.import_class(self.conf.dhcp_driver)中的dhcp_driver也为/etc/neutron/dhcp_agent.ini配置文件中参数。

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq



#/neutron/agent/dhcp/    def init_host(self):        self.sync_state()#/neutron/agent/dhcp/    @utils.synchronized('dhcp-agent')    def sync_state(self, networks=None):        """Sync the local DHCP state with Neutron. If no networks are passed,        or 'None' is one of the networks, sync all of the networks.        """        only_nets = set([] if (not networks or None in networks) else networks)'Synchronizing state'))        pool = eventlet.GreenPool(cfg.CONF.num_sync_threads)        known_network_ids = set(self.cache.get_network_ids())        try:            active_networks = self.plugin_rpc.get_active_networks_info()            active_network_ids = set( for network in active_networks)            for deleted_id in known_network_ids - active_network_ids:                try:                    self.disable_dhcp_helper(deleted_id)                except Exception as e:                    self.schedule_resync(e, deleted_id)                    LOG.exception(_LE('Unable to sync network state on '                                      'deleted network %s'), deleted_id)            for network in active_networks:                if (not only_nets or  # specifically resync all               not in known_network_ids or  # missing net               in only_nets):  # specific network to sync                    pool.spawn(self.safe_configure_dhcp_for_network, network)            pool.waitall()  'Synchronizing state complete'))        except Exception as e:            self.schedule_resync(e)            LOG.exception(_LE('Unable to sync network state.'))

sync_state函数主要功能是根据数据库同步底层的networks信息,即将self.cache(底层保存的dhcp networks信息)与通过active_networks= self.plugin_rpc.get_active_networks_info()函数获取的数据库中的networks信息作比较,将未在数据库中的底层networks从self.cache中进行移除。其中self.cache中的networks信息在创建DhcpAgent类的__init__函数的self._populate_networks_cache()代码进行实现。

#/neutron/agent/dhcp/    def _populate_networks_cache(self):        """Populate the networks cache when the DHCP-agent starts."""        try:            existing_networks = self.dhcp_driver_cls.existing_dhcp_networks(                self.conf            )            for net_id in existing_networks:                net = dhcp.NetModel(self.conf.use_namespaces,                                    {"id": net_id,                                     "subnets": [],                                     "ports": []})                self.cache.put(net)        except NotImplementedError:            # just go ahead with an empty networks cache            LOG.debug("The '%s' DHCP-driver does not support retrieving of a "                      "list of existing networks",                      self.conf.dhcp_driver)#/neutron/agent/linux/    @classmethod    def existing_dhcp_networks(cls, conf):        """Return a list of existing networks ids that we have configs for."""        confs_dir = cls.get_confs_dir(conf)        try:            return [                c for c in os.listdir(confs_dir)                if uuidutils.is_uuid_like(c)            ]        except OSError:            return []#/neutron/agent/linux/    @staticmethod    def get_confs_dir(conf):        return os.path.abspath(os.path.normpath(conf.dhcp_confs))



dhcp_confs = $state_path/dhcp

_populate_networks_cache函数的作用为将/var/lib/neutron/dhcp目录下的dhcp networks组装成NetModel对象放到self.cache中。

如我的OpenStack环境。我有一个外部网络(用于VM连接外网)和一个内部网络(用于VM内部通信)。而内部网络的subnet enable了dhcp,所以在/var/lib/neutron/dhcp目录下将会有该内部网络id的目录。

[root@jun ~(keystone_admin)]# neutron net-list


| id                                   | name      | subnets                                               |


| cad98138-6e5f-4f83-a4c5-5497fa4758b4 | ext-net   | 288421a4-63da-41ff-89c1-985e83271e6b |

| 8165bc3d-400a-48a0-9186-bf59f7f94b05 | inter-net | ec1028b2-7cb0-4feb-b974-6b8ea7e7f08f    |



[root@jun ~(keystone_admin)]# neutron net-show 8165bc3d-400a-48a0-9186-bf59f7f94b05


| Field                     | Value                                |


| admin_state_up            | True                                 |

| id                        | 8165bc3d-400a-48a0-9186-bf59f7f94b05 |

| mtu                       | 0                                    |

| name                      | inter-net                            |

| provider:network_type     | vlan                                 |

| provider:physical_network | physnet1                             |

| provider:segmentation_id  | 120                                  |

| router:external           | False                                |

| shared                    | False                                |

| status                    | ACTIVE                               |

| subnets                   | ec1028b2-7cb0-4feb-b974-6b8ea7e7f08f |

| tenant_id                 | befa06e66e8047a1929a3912fff2c591     |



[root@jun ~(keystone_admin)]# neutron subnet-show ec1028b2-7cb0-4feb-b974-6b8ea7e7f08f


| Field             | Value                                            |


| allocation_pools  | {"start": "", "end": ""} |

| cidr              |                                    |

| dns_nameservers   |                                                  |

| enable_dhcp       | True                                            |

| gateway_ip        |                                       |

| host_routes       |                                                  |

| id                | ec1028b2-7cb0-4feb-b974-6b8ea7e7f08f             |

| ip_version        | 4                                                |

| ipv6_address_mode |                                                  |

| ipv6_ra_mode      |                                                  |

| name              | inter-sub                                        |

| network_id        | 8165bc3d-400a-48a0-9186-bf59f7f94b05             |

| subnetpool_id     |                                                  |

| tenant_id         | befa06e66e8047a1929a3912fff2c591                 |



[root@jun ~(keystone_admin)]# neutron net-show cad98138-6e5f-4f83-a4c5-5497fa4758b4


| Field                     | Value                                |


| admin_state_up            | True                                 |

| id                        | cad98138-6e5f-4f83-a4c5-5497fa4758b4 |

| mtu                       | 0                                    |

| name                      | ext-net                              |

| provider:network_type     | flat                                 |

| provider:physical_network | physnet2                             |

| provider:segmentation_id  |                                      |

| router:external           | True                                 |

| shared                    | True                                 |

| status                    | ACTIVE                               |

| subnets                   | 288421a4-63da-41ff-89c1-985e83271e6b |

| tenant_id                 | 09e04766c06d477098201683497d3878     |



[root@jun ~(keystone_admin)]# neutron subnet-show 288421a4-63da-41ff-89c1-985e83271e6b


| Field             | Value                                                |


| allocation_pools  | {"start": "", "end": ""} |

| cidr              |                                     |

| dns_nameservers   |                                                      |

| enable_dhcp       | False                                                |

| gateway_ip        |                                       |

| host_routes       |                                                      |

| id                | 288421a4-63da-41ff-89c1-985e83271e6b                 |

| ip_version        | 4                                                    |

| ipv6_address_mode |                                                      |

| ipv6_ra_mode      |                                                      |

| name              | ext-sub                                              |

| network_id        | cad98138-6e5f-4f83-a4c5-5497fa4758b4                 |

| subnetpool_id     |                                                      |

| tenant_id         | 09e04766c06d477098201683497d3878                     |


这是在数据库中查询的创建的networks的相关信息。其中ext-net network下创建的subnets未enable dhcp,而inter-net network下创建的subnets enable dhcp,所以在/var/lib/neutron/dhcp目录下应该只有inter-net network id的目录。

[root@jun2 dhcp]# ll

total 0

drwxr-xr-x. 2 neutron neutron 71 May 20 20:30 8165bc3d-400a-48a0-9186-bf59f7f94b05

经查询可以看出,在/var/lib/neutron/dhcp目录下的确只有inter-net network id的目录。

讲述得有点偏离sync_state函数了,继续回到sync_state函数。在将未在数据库中的底层的dhcp networks从self.cache中进行移除后,将更新active的dhcp networks信息。

#/neutron/agent/dhcp/    @utils.exception_logger()    def safe_configure_dhcp_for_network(self, network):        try:            self.configure_dhcp_for_network(network)        except (exceptions.NetworkNotFound, RuntimeError):            LOG.warn(_LW('Network %s may have been deleted and its resources '                         'may have already been disposed.'),    def configure_dhcp_for_network(self, network):        if not network.admin_state_up:            return        enable_metadata = self.dhcp_driver_cls.should_enable_metadata(                self.conf, network)        dhcp_network_enabled = False        for subnet in network.subnets:            if subnet.enable_dhcp:                if self.call_driver('enable', network):                    dhcp_network_enabled = True                    self.cache.put(network)                break        if enable_metadata and dhcp_network_enabled:            for subnet in network.subnets:                if subnet.ip_version == 4 and subnet.enable_dhcp:                    self.enable_isolated_metadata_proxy(network)                    break


#/neutron/agent/linux/    @classmethod    def should_enable_metadata(cls, conf, network):        """Determine whether the metadata proxy is needed for a network        This method returns True for truly isolated networks (ie: not attached        to a router), when the enable_isolated_metadata flag is True.        This method also returns True when enable_metadata_network is True,        and the network passed as a parameter has a subnet in the link-local        CIDR, thus characterizing it as a "metadata" network. The metadata        network is used by solutions which do not leverage the l3 agent for        providing access to the metadata service via logical routers built        with 3rd party backends.        """        if conf.enable_metadata_network and conf.enable_isolated_metadata:            # check if the network has a metadata subnet            meta_cidr = netaddr.IPNetwork(METADATA_DEFAULT_CIDR)            if any(netaddr.IPNetwork(s.cidr) in meta_cidr                   for s in network.subnets):                return True        if not conf.use_namespaces or not conf.enable_isolated_metadata:            return False        isolated_subnets = cls.get_isolated_subnets(network)        return any(isolated_subnets[] for subnet in network.subnets)

这里根据/etc/neutron/dhcp_agent.ini配置文件中enable_isolated_metadata和enable_metadata_network参数值判断neutron-dhcp-agent服务是否enable metadata。其中参数值如下。

enable_isolated_metadata = False

enable_metadata_network = False

这里enable metadata后,VM便能够从数据库中获取自身的相关信息,如IP和MAC等等。如下图所示(这里网上的一个图)。



#/neutron/agent/dhcp/        for subnet in network.subnets:            if subnet.enable_dhcp:                if self.call_driver('enable', network):                    dhcp_network_enabled = True                    self.cache.put(network)                break


1. 一个network下可以创建多个subnet。

2. self.cache中存放的是至少有一个subnet enable dhcp的network。

如果network中的subnets全部都未enable dhcp,则self.cache将不会存放该network。

在有subnet enabledhcp的network下将执行self.call_driver('enable', network)代码。

#/neutron/agent/dhcp/    def call_driver(self, action, network, **action_kwargs):        """Invoke an action on a DHCP driver instance."""        LOG.debug('Calling driver for network: %(net)s action: %(action)s',                  {'net':, 'action': action})        try:            # the Driver expects something that is duck typed similar to            # the base models.            driver = self.dhcp_driver_cls(self.conf,                                          network,                                          self._process_monitor,                                          self.dhcp_version,                                          self.plugin_rpc)            getattr(driver, action)(**action_kwargs)            return True        except exceptions.Conflict:            # No need to resync here, the agent will receive the event related            # to a status update for the network            LOG.warning(_LW('Unable to %(action)s dhcp for %(net_id)s: there '                            'is a conflict with its current state; please '                            'check that the network and/or its subnet(s) '                            'still exist.'),                        {'net_id':, 'action': action})        except Exception as e:            if getattr(e, 'exc_type', '') != 'IpAddressGenerationFailure':                # Don't resync if port could not be created because of an IP                # allocation failure. When the subnet is updated with a new                # allocation pool or a port is  deleted to free up an IP, this                # will automatically be retried on the notification                self.schedule_resync(e,            if (isinstance(e, oslo_messaging.RemoteError)                and e.exc_type == 'NetworkNotFound'                or isinstance(e, exceptions.NetworkNotFound)):                LOG.warning(_LW("Network %s has been deleted."),            else:                LOG.exception(_LE('Unable to %(action)s dhcp for %(net_id)s.'),                              {'net_id':, 'action': action})


#/neutron/agent/linux/    def enable(self):        """Enables DHCP for this network by spawning a local process."""        if            self.restart()        elif self._enable_dhcp():            utils.ensure_dir(self.network_conf_dir)            interface_name = self.device_manager.setup(            self.interface_name = interface_name            self.spawn_process()


#/neutron/agent/linux/    @property    def active(self):        return self._get_process_manager().active#/neutron/agent/linux/    def _get_process_manager(self, cmd_callback=None):        return external_process.ProcessManager(            conf=self.conf,  ,  ,            default_cmd_callback=cmd_callback,            pid_file=self.get_conf_file_name('pid'),            run_as_root=True)#/neutron/agent/linux/    @property    def active(self):        pid =        if pid is None:            return False        cmdline = '/proc/%s/cmdline' % pid        try:            with open(cmdline, "r") as f:                return self.uuid in f.readline()        except IOError:            return False#/neutron/agent/linux/    @property    def pid(self):        """Last known pid for this external process spawned for this uuid."""        return utils.get_value_from_file(self.get_pid_file_name(), int)#/neutron/agent/linux/    def get_pid_file_name(self):        """Returns the file name for a given kind of config file."""        if self.pid_file:            return self.pid_file        else:            return utils.get_conf_file_name(self.pids_path,                                            self.uuid,                                            self.service_pid_fname)#/neutron/agent/linux/    def get_conf_file_name(self, kind):        """Returns the file name for a given kind of config file."""        return os.path.join(self.network_conf_dir, kind)#/neutron/agent/linux/    self.confs_dir = self.get_confs_dir(conf)    self.network_conf_dir = os.path.join(self.confs_dir,    @staticmethod    def get_confs_dir(conf):        return os.path.abspath(os.path.normpath(conf.dhcp_confs))

self.active函数首先从/var/lib/neutron/dhcp/${}目录下get pid。

[root@jun2 8165bc3d-400a-48a0-9186-bf59f7f94b05]# ll

total 20

-rw-r--r--. 1 neutron neutron 116 May 20 20:30 addn_hosts

-rw-r--r--. 1 neutron neutron 120 May 20 20:30 host

-rw-r--r--. 1 neutron neutron  14 May 20 20:30 interface

-rw-r--r--. 1 neutron neutron  71 May 20 20:30 opts

-rw-r--r--. 1 root    root      5 May 20 20:30 pid

[root@jun2 8165bc3d-400a-48a0-9186-bf59f7f94b05]# cat pid


然后执行cmdline = '/proc/%s/cmdline' %pid代码查看/proc/${pid}/cmcline文件内容中是否有,如果有,则说明dnsmasq进程处于active状态,否则dnsmasq进程未active。

[root@jun2 8165bc3d-400a-48a0-9186-bf59f7f94b05]# cat /proc/3235/cmdline




#/neutron/agent/linux/    def restart(self):        """Restart the dhcp service for the network."""        self.disable(retain_port=True)        self.enable()

restart函数将首先disable函数一些dnsmasq进程的相关东西,然后再执行enable函数。不过再进入enable函数之后,将不再走active分支了,而是走另外一个创建新的dnsmasq进程的分支(因为在disable函数中,将原来的dnsmasq进程已经kill了)。这里我们不分析disable函数的代码流程,disable函数主要执行与enable函数的相反流程,如果enable函数创建dnsmasq进程和相应的参数配置文件,所以disable将kill dnsmasq进程和删除相应的参数配置文件。所以这里我们直接分析enable函数。

#/neutron/agent/linux/    def enable(self):        """Enables DHCP for this network by spawning a local process."""        if            self.restart()        elif self._enable_dhcp():            utils.ensure_dir(self.network_conf_dir)            interface_name = self.device_manager.setup(            self.interface_name = interface_name            self.spawn_process()#/neutron/agent/linux/    def _enable_dhcp(self):        """check if there is a subnet within the network with dhcp enabled."""        for subnet in            if subnet.enable_dhcp:                return True        return False

enable函数在创建dnsmasq进程的分支下将判断network下是否有enable dhcp的subnet,该network下至少有一个subnet enable dhcp才会执行创建dnsmasq进程的操作。

这里需要注意:在调用enable函数的call_driver函数外层有一个用于遍历所有的active network的for循环。如果每个network下都有subnets enable dhcp,那么每个network在调用这里的enable函数时都将创建一个自己的dnsmasq进程。如我的OpenStack环境下。

[root@jun2 dhcp]# ll

total 0

drwxr-xr-x. 2 neutron neutron 71 May 21 07:53 8165bc3d-400a-48a0-9186-bf59f7f94b05

drwxr-xr-x. 2 neutron neutron 71 May 21 08:17 8c0b6ddf-8928-46e9-8caf-2416be7a48b8

[root@jun2 dhcp]#

[root@jun2 dhcp]# ps -efl | grep dhcp

4 S neutron    1280      1  0  80   0 - 86928 ep_pol 07:49 ?        00:00:07 /usr/bin/python2 /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --config-dir /etc/neutron/conf.d/neutron-dhcp-agent --log-file /var/log/neutron/dhcp-agent.log

5 S nobody     2914      1  0  80   0 -  3880 poll_s 07:53 ?        00:00:00 dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces --interface=ns-712a2c63-e6 --except-interface=lo --pid-file=/var/lib/neutron/dhcp/8165bc3d-400a-48a0-9186-bf59f7f94b05/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/8165bc3d-400a-48a0-9186-bf59f7f94b05/host --addn-hosts=/var/lib/neutron/dhcp/8165bc3d-400a-48a0-9186-bf59f7f94b05/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/8165bc3d-400a-48a0-9186-bf59f7f94b05/opts --leasefile-ro --dhcp-authoritative --dhcp-range=set:tag0,,static,86400s --dhcp-lease-max=65536 --conf-file= --domain=openstacklocal

5 S nobody     3659      1  0  80   0 -  3880 poll_s 08:17 ?        00:00:00 dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces --interface=ns-2434d651-41 --except-interface=lo --pid-file=/var/lib/neutron/dhcp/8c0b6ddf-8928-46e9-8caf-2416be7a48b8/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/8c0b6ddf-8928-46e9-8caf-2416be7a48b8/host --addn-hosts=/var/lib/neutron/dhcp/8c0b6ddf-8928-46e9-8caf-2416be7a48b8/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/8c0b6ddf-8928-46e9-8caf-2416be7a48b8/opts --leasefile-ro --dhcp-authoritative --dhcp-range=set:tag0,,static,86400s --dhcp-lease-max=16777216 --conf-file= --domain=openstacklocal

0 S root       3723   2723  0  80   0 - 28161 pipe_w 08:17 pts/0    00:00:00 grep --color=auto dhcp


#/neutron/agent/linux/utils.pydef ensure_dir(dir_path):    """Ensure a directory with 755 permissions mode."""    if not os.path.isdir(dir_path):        os.makedirs(dir_path, 0o755)



#/neutron/agent/linux/    def setup(self, network):        """Create and initialize a device for network's DHCP on this host."""        port = self.setup_dhcp_port(network)        interface_name = self.get_interface_name(network, port)        if ip_lib.ensure_device_is_ready(interface_name,                                         namespace=network.namespace):            LOG.debug('Reusing existing device: %s.', interface_name)        else:            self.driver.plug(,                   ,                             interface_name,                             port.mac_address,                             namespace=network.namespace)            self.fill_dhcp_udp_checksums(namespace=network.namespace)        ip_cidrs = []        for fixed_ip in port.fixed_ips:            subnet = fixed_ip.subnet            if not ipv6_utils.is_auto_address_subnet(subnet):                net = netaddr.IPNetwork(subnet.cidr)                ip_cidr = '%s/%s' % (fixed_ip.ip_address, net.prefixlen)                ip_cidrs.append(ip_cidr)        if (self.conf.enable_isolated_metadata and            self.conf.use_namespaces):            ip_cidrs.append(METADATA_DEFAULT_CIDR)        self.driver.init_l3(interface_name, ip_cidrs,                            namespace=network.namespace)        # ensure that the dhcp interface is first in the list        if network.namespace is None:            device = ip_lib.IPDevice(interface_name)            device.route.pullup_route(interface_name)        if self.conf.use_namespaces:            self._set_default_route(network, interface_name)        return interface_name


#/neutron/agent/linux/    def setup_dhcp_port(self, network):        """Create/update DHCP port for the host if needed and return port."""        device_id = self.get_device_id(network)        subnets = {}        dhcp_enabled_subnet_ids = []        for subnet in network.subnets:            if subnet.enable_dhcp:                dhcp_enabled_subnet_ids.append(                subnets[] = subnet        dhcp_port = None        for port in network.ports:            port_device_id = getattr(port, 'device_id', None)            if port_device_id == device_id:                port_fixed_ips = []                ips_needs_removal = False                for fixed_ip in port.fixed_ips:                    if fixed_ip.subnet_id in dhcp_enabled_subnet_ids:                        port_fixed_ips.append(                            {'subnet_id': fixed_ip.subnet_id,                             'ip_address': fixed_ip.ip_address})                        dhcp_enabled_subnet_ids.remove(fixed_ip.subnet_id)                    else:                        ips_needs_removal = True                # If there are dhcp_enabled_subnet_ids here that means that                # we need to add those to the port and call update.                if dhcp_enabled_subnet_ids or ips_needs_removal:                    port_fixed_ips.extend(                        [dict(subnet_id=s) for s in dhcp_enabled_subnet_ids])                    dhcp_port = self.plugin.update_dhcp_port(              , {'port': {'network_id':,                                           'fixed_ips': port_fixed_ips}})                    if not dhcp_port:                        raise exceptions.Conflict()                else:                    dhcp_port = port                # break since we found port that matches device_id                break        # check for a reserved DHCP port        if dhcp_port is None:            LOG.debug('DHCP port %(device_id)s on network %(network_id)s'                      ' does not yet exist. Checking for a reserved port.',                      {'device_id': device_id, 'network_id':})            for port in network.ports:                port_device_id = getattr(port, 'device_id', None)                if port_device_id == constants.DEVICE_ID_RESERVED_DHCP_PORT:                    dhcp_port = self.plugin.update_dhcp_port(              , {'port': {'network_id':,                                           'device_id': device_id}})                    if dhcp_port:                        break        # DHCP port has not yet been created.        if dhcp_port is None:            LOG.debug('DHCP port %(device_id)s on network %(network_id)s'                      ' does not yet exist.', {'device_id': device_id,                                               'network_id':})            port_dict = dict(                name='',                admin_state_up=True,                device_id=device_id,      ,                tenant_id=network.tenant_id,                fixed_ips=[dict(subnet_id=s) for s in dhcp_enabled_subnet_ids])            dhcp_port = self.plugin.create_dhcp_port({'port': port_dict})        if not dhcp_port:            raise exceptions.Conflict()        # Convert subnet_id to subnet dict        fixed_ips = [dict(subnet_id=fixed_ip.subnet_id,                          ip_address=fixed_ip.ip_address,                          subnet=subnets[fixed_ip.subnet_id])                     for fixed_ip in dhcp_port.fixed_ips]        ips = [DictModel(item) if isinstance(item, dict) else item               for item in fixed_ips]        dhcp_port.fixed_ips = ips        return dhcp_port

setup_dhcp_port函数的作用为创建或更新dhcp port信息,并将最终的dhcp port信息返回。在我的OpenStack环境下的dhcp port信息如下。

dhcp_port = {

u'status': u'ACTIVE',

u'binding:host_id': u'jun2',

u'allowed_address_pairs': [],

u'extra_dhcp_opts': [],

u'device_owner': u'network:dhcp',

u'binding:profile': {},



            'subnet_id': u'ec1028b2-7cb0-4feb-b974-6b8ea7e7f08f',

            'subnet': {

                       u'name': u'inter-sub',

                       u'enable_dhcp': True,

                       u'network_id': u'8165bc3d-400a-48a0-9186-bf59f7f94b05',

                       u'tenant_id': u'befa06e66e8047a1929a3912fff2c591',

                       u'dns_nameservers': [],

                       u'ipv6_ra_mode': None,

                       u'allocation_pools': [{u'start': u'', u'end': u''}],

                       u'gateway_ip': u'',

                       u'shared': False,

                       u'ip_version': 4,

                       u'host_routes': [],

                       u'cidr': u'',

                       u'ipv6_address_mode': None,

                       u'id': u'ec1028b2-7cb0-4feb-b974-6b8ea7e7f08f',

                       u'subnetpool_id': None


            'ip_address': u''


u'id': u'712a2c63-e610-42c9-9ab3-4e8b6540d125',

u'security_groups': [],

u'device_id': u'dhcp2156d71d-f5c3-5752-9e43-4e8290a5696a-8165bc3d-400a-48a0-9186-bf59f7f94b05',

u'name': u'',

u'admin_state_up': True,

u'network_id': u'8165bc3d-400a-48a0-9186-bf59f7f94b05',

u'tenant_id': u'befa06e66e8047a1929a3912fff2c591',

u'binding:vif_details': {u'port_filter': True},

u'binding:vnic_type': u'normal',

u'binding:vif_type': u'bridge',

u'mac_address': u'fa:16:3e:65:29:6d'


该dhcp port便是对应dashboard上的以下截图port。

setup_dhcp_port函数返回的dhcp port信息在setup函数中用于get interfacename。

#/neutron/agent/linux/ DeviceManager(object):    def __init__(self, conf, plugin):        self.conf = conf        self.plugin = plugin        if not conf.interface_driver:            LOG.error(_LE('An interface driver must be specified'))            raise SystemExit(1)        try:            self.driver = importutils.import_object(                conf.interface_driver, conf)        except Exception as e:            LOG.error(_LE("Error importing interface driver '%(driver)s': "                          "%(inner)s"),                      {'driver': conf.interface_driver,                       'inner': e})            raise SystemExit(1)    def get_interface_name(self, network, port):        """Return interface(device) name for use by the DHCP process."""        return self.driver.get_device_name(port)


interface_driver =neutron.agent.linux.interface.BridgeInterfaceDriver


#/neutron/agent/linux/    def get_device_name(self, port):        return (self.DEV_NAME_PREFIX +[:self.DEV_NAME_LEN]#/neutron/agent/linux/    # from linux IF_NAMESIZEDEV_NAME_LEN = 14#/neutron/agent/linux/ = 'ns-'

neutron.agent.linux.interface.BridgeInterfaceDriver类继承LinuxInterfaceDriver类。最终set_up函数中的interface_name将会是’ns-‘开头的且加上port id的前11个字符形成的字符串。就拿上面返回的dhcp port来说,该port id为'712a2c63-e610-42c9-9ab3-4e8b6540d125',所以interface_name = ‘ns-712a2c63-e6’。


#/neutron/agent/linux/        if ip_lib.ensure_device_is_ready(interface_name,                                         namespace=network.namespace):            LOG.debug('Reusing existing device: %s.', interface_name)        else:            self.driver.plug(,                   ,                             interface_name,                             port.mac_address,                             namespace=network.namespace)            self.fill_dhcp_udp_checksums(namespace=network.namespace)


[root@jun2 ~]# ip netns exec qdhcp-8165bc3d-400a-48a0-9186-bf59f7f94b05 ip link set ns-712a2c63-e6 up


#/neutron/agent/linux/ BridgeInterfaceDriver(LinuxInterfaceDriver):    """Driver for creating bridge interfaces."""    DEV_NAME_PREFIX = 'ns-'    def plug(self, network_id, port_id, device_name, mac_address,             bridge=None, namespace=None, prefix=None):        """Plugin the interface."""        if not ip_lib.device_exists(device_name, namespace=namespace):            ip = ip_lib.IPWrapper()            # Enable agent to define the prefix            tap_name = device_name.replace(prefix or self.DEV_NAME_PREFIX,                                        n_const.TAP_DEVICE_PREFIX)            # Create ns_veth in a namespace if one is configured.            root_veth, ns_veth = ip.add_veth(tap_name, device_name,                                             namespace2=namespace)              if self.conf.network_device_mtu:                        else:  "Device %s already exists"), device_name)

首先,check ns-xxx开头的device是否存在。

#/neutron/agent/linux/ip_lib.pydef device_exists(device_name, namespace=None):    """Return True if the device exists in the namespace."""    try:        dev = IPDevice(device_name, namespace=namespace)        dev.set_log_fail_as_error(False)        address =    except RuntimeError:        return Falsereturn bool(address)#/neutron/agent/linux/    @property    def address(self):        return self.attributes.get('link/ether')#/neutron/agent/linux/    @property    def attributes(self):        return self._parse_line(self._run(['o'], ('show',    def _parse_line(self, value):        if not value:            return {}        device_name, settings = value.replace("\\", '').split('>', 1)        tokens = settings.split()        keys = tokens[::2]        values = [int(v) if v.isdigit() else v for v in tokens[1::2]]        retval = dict(zip(keys, values))        return retval

其中self._run(['o'], ('show',代码相当于执行类似以下命名。

[root@jun2 ~]# ip netns exec qdhcp-8165bc3d-400a-48a0-9186-bf59f7f94b05 ip -o link show ns-712a2c63-e6

2: ns-712a2c63-e6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000\    link/ether fa:16:3e:65:29:6d brd ff:ff:ff:ff:ff:ff

ip 中的-o参数的作用是将输出的结果显示为一行,且将’\n’用’\’替换。最终通过_parse_line函数将显示的结果进行处理,所以address函数将获取MAC地址:fa:16:3e:65:29:6d(如果ns-712a2c63-e6存在的话)。



[root@jun2 ~]# ip link add tap_test type veth peer namens_test netns qdhcp-8c0b6ddf-8928-46e9-8caf-2416be7a48b8



[root@jun2 ~]# ip netns exec qdhcp-8c0b6ddf-8928-46e9-8caf-2416be7a48b8 ip link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: ns-2434d651-41: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000

    link/ether fa:16:3e:13:d1:c2 brd ff:ff:ff:ff:ff:ff

3: ns_test: <BROADCAST,MULTICAST> mtu 1500 qdisc noop stateDOWN mode DEFAULT qlen 1000

    link/ether e6:b7:08:bd:4c:d1 brd ff:ff:ff:ff:ff:ff


[root@jun2 ~]# ip link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000

    link/ether 00:0c:29:71:c8:02 brd ff:ff:ff:ff:ff:ff

       ... ... ...

13: brqcad98138-6e: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT

    link/ether 00:0c:29:71:c8:16 brd ff:ff:ff:ff:ff:ff

14: tap_test: <BROADCAST,MULTICAST> mtu 1500 qdisc noop stateDOWN mode DEFAULT qlen 1000

    link/ether b6:c7:53:22:d7:63 brd ff:ff:ff:ff:ff:ff




[root@jun2 ~]# ip netns exec qdhcp-8c0b6ddf-8928-46e9-8caf-2416be7a48b8 ip link setns_testaddress fa:16:3e:11:11:11



[root@jun2 ~]# ip netns exec qdhcp-8c0b6ddf-8928-46e9-8caf-2416be7a48b8 ip link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: ns-2434d651-41: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000

    link/ether fa:16:3e:13:d1:c2 brd ff:ff:ff:ff:ff:ff

3: ns_test: <BROADCAST,MULTICAST> mtu 1500 qdisc noop stateDOWN mode DEFAULT qlen 1000

link/ether fa:16:3e:11:11:11 brd ff:ff:ff:ff:ff:ff





[root@jun2 ~]# ip link set tap_test mtu 1000

[root@jun2 ~]# ip netns exec qdhcp-8c0b6ddf-8928-46e9-8caf-2416be7a48b8 ip link set ns_test mtu 1000



[root@jun2 ~]# ip link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000

    link/ether 00:0c:29:71:c8:02 brd ff:ff:ff:ff:ff:ff

       ... ... ...

13: brqcad98138-6e: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT

    link/ether 00:0c:29:71:c8:16 brd ff:ff:ff:ff:ff:ff

14: tap_test: <BROADCAST,MULTICAST> mtu 1000 qdisc noop stateDOWN mode DEFAULT qlen 1000

    link/ether b6:c7:53:22:d7:63 brd ff:ff:ff:ff:ff:ff


[root@jun2 ~]# ip netns exec qdhcp-8c0b6ddf-8928-46e9-8caf-2416be7a48b8 ip link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: ns-2434d651-41: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000

    link/ether fa:16:3e:13:d1:c2 brd ff:ff:ff:ff:ff:ff

3: ns_test: <BROADCAST,MULTICAST> mtu 1000 qdisc noop stateDOWN mode DEFAULT qlen 1000

link/ether fa:16:3e:11:11:11 brd ff:ff:ff:ff:ff:ff




[root@jun2 ~]# ip link set tap_test up

[root@jun2 ~]# ip netns exec qdhcp-8c0b6ddf-8928-46e9-8caf-2416be7a48b8 ip link set ns_test up



[root@jun2 ~]# ip link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000

    link/ether 00:0c:29:71:c8:02 brd ff:ff:ff:ff:ff:ff

        ... ... ...

13: brqcad98138-6e: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT

    link/ether 00:0c:29:71:c8:16 brd ff:ff:ff:ff:ff:ff

14: tap_test: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1000 qdisc pfifo_fast stateUP mode DEFAULT qlen 1000

link/ether b6:c7:53:22:d7:63 brd ff:ff:ff:ff:ff:ff


[root@jun2 ~]# ip netns exec qdhcp-8c0b6ddf-8928-46e9-8caf-2416be7a48b8 ip link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: ns-2434d651-41: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000

    link/ether fa:16:3e:13:d1:c2 brd ff:ff:ff:ff:ff:ff

3: ns_test: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1000 qdisc pfifo_fast state UP mode DEFAULT qlen 1000

    link/ether fa:16:3e:11:11:11 brd ff:ff:ff:ff:ff:ff

上述是模拟neutron.agent.linux.interface.BridgeInterfaceDriver类中的plug函数所执行的命名。其功能就是在root namespace和dhcp namespace之间创建一对veth pair,实现root namespace与dhcp namespace之间的通信。


上述是模拟neutron.agent.linux.interface.BridgeInterfaceDriver类中的plug函数所执行的命名。其功能就是在root namespace和dhcp namespace之间创建一对veth pair,实现root namespace与dhcp namespace之间的通信。


[root@jun2 ~]# brctl show

bridge name     bridge id               STP enabled     interfaces

brq8165bc3d-40          8000.000c2971c80c       no              eth1.120



brq8361bb05-31          8000.000c2971c80c       no              eth1.122


brq8c0b6ddf-89          8000.000c2971c80c       no              eth1.121


brqcad98138-6e          8000.000c2971c816       no              eth2



[root@jun2 ~]# ip netns exec qdhcp-8361bb05-31a1-4280-b0a5-10c4270e580a ip link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: ns-dc73c45f-6d: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000

link/ether fa:16:3e:91:8b:57 brd ff:ff:ff:ff:ff:ff


[root@jun2 ~]# ip link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000

link/ether 00:0c:29:71:c8:02 brd ff:ff:ff:ff:ff:ff

        ... ... ...

15: tapdc73c45f-6d: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master brq8361bb05-31 state UP mode DEFAULT qlen 1000

    link/ether e6:6f:49:f0:04:d5 brd ff:ff:ff:ff:ff:ff

16: eth1.122@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master brq8361bb05-31 state UP mode DEFAULT

    link/ether 00:0c:29:71:c8:0c brd ff:ff:ff:ff:ff:ff

17: brq8361bb05-31: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT

    link/ether 00:0c:29:71:c8:0c brd ff:ff:ff:ff:ff:ff

而tap device如何桥接到bridge device上的呢?这是通过neutron-linuxbridge-agent服务(mechanism driver为linuxbridge)定时去检测的,当tap device有更新时,则将进行相应的操作,如当我们创建network时,这将会走neutron.agent.linux.interface.BridgeInterfaceDriver类中的plug函数,在root namespace和dhcp namespace中分别创建以tap和ns-开头的两个device,当neutron-linuxbridge-agent检测到tap device被创建时,将创建相应的bridge device,且将相应的tap device桥接到bridge device上。即执行/neutron/plugins/linuxbridge/agent/ LinuxBridgeManager类中的add_interface函数,具体参考《nova boot代码流程分析()novaneutron的交互(2)》。

#/neutron/agent/linux/       self.fill_dhcp_udp_checksums(namespace=network.namespace)#/neutron/agent/linux/    def fill_dhcp_udp_checksums(self, namespace):        """Ensure DHCP reply packets always have correct UDP checksums."""        iptables_mgr = iptables_manager.IptablesManager(use_ipv6=False,                                                        namespace=namespace)        ipv4_rule = ('-p udp --dport %d -j CHECKSUM --checksum-fill'                     % constants.DHCP_RESPONSE_PORT)        iptables_mgr.ipv4['mangle'].add_rule('POSTROUTING', ipv4_rule)        iptables_mgr.apply()


#/neutron/agent/linux/ IptablesManager(object):    """Wrapper for iptables.    See IptablesTable for some usage docs    A number of chains are set up to begin with.    First, neutron-filter-top. It's added at the top of FORWARD and OUTPUT.    Its name is not wrapped, so it's shared between the various neutron    workers. It's intended for rules that need to live at the top of the    FORWARD and OUTPUT chains. It's in both the ipv4 and ipv6 set of tables.    For ipv4 and ipv6, the built-in INPUT, OUTPUT, and FORWARD filter chains    are wrapped, meaning that the "real" INPUT chain has a rule that jumps to    the wrapped INPUT chain, etc. Additionally, there's a wrapped chain named    "local" which is jumped to from neutron-filter-top.    For ipv4, the built-in PREROUTING, OUTPUT, and POSTROUTING nat chains are    wrapped in the same was as the built-in filter chains. Additionally,    there's a snat chain that is applied after the POSTROUTING chain.    """    def __init__(self, _execute=None, state_less=False, use_ipv6=False,                 namespace=None, binary_name=binary_name):        if _execute:            self.execute = _execute        else:            self.execute = linux_utils.execute        config.register_iptables_opts(cfg.CONF)        self.use_ipv6 = use_ipv6        self.namespace = namespace        self.iptables_apply_deferred = False        self.wrap_name = binary_name[:16]        self.ipv4 = {'filter': IptablesTable(binary_name=self.wrap_name)}        self.ipv6 = {'filter': IptablesTable(binary_name=self.wrap_name)}        # Add a neutron-filter-top chain. It's intended to be shared        # among the various neutron components. It sits at the very top        # of FORWARD and OUTPUT.        for tables in [self.ipv4, self.ipv6]:            tables['filter'].add_chain('neutron-filter-top', wrap=False)            tables['filter'].add_rule('FORWARD', '-j neutron-filter-top',                                      wrap=False, top=True)            tables['filter'].add_rule('OUTPUT', '-j neutron-filter-top',                                      wrap=False, top=True)            tables['filter'].add_chain('local')            tables['filter'].add_rule('neutron-filter-top', '-j $local',                                      wrap=False)        # Wrap the built-in chains        builtin_chains = {4: {'filter': ['INPUT', 'OUTPUT', 'FORWARD']},                          6: {'filter': ['INPUT', 'OUTPUT', 'FORWARD']}}        if not state_less:            self.ipv4.update(                {'mangle': IptablesTable(binary_name=self.wrap_name)})            builtin_chains[4].update(                {'mangle': ['PREROUTING', 'INPUT', 'FORWARD', 'OUTPUT',                            'POSTROUTING']})            self.ipv4.update(                {'nat': IptablesTable(binary_name=self.wrap_name)})            builtin_chains[4].update({'nat': ['PREROUTING',                                      'OUTPUT', 'POSTROUTING']})            self.ipv4.update(                {'raw': IptablesTable(binary_name=self.wrap_name)})            builtin_chains[4].update({'raw': ['PREROUTING',                                      'OUTPUT']})        for ip_version in builtin_chains:            if ip_version == 4:                tables = self.ipv4            elif ip_version == 6:                tables = self.ipv6            for table, chains in builtin_chains[ip_version].iteritems():                for chain in chains:                    tables[table].add_chain(chain)                    tables[table].add_rule(chain, '-j $%s' %                                           (chain), wrap=False)        if not state_less:            # Add a neutron-postrouting-bottom chain. It's intended to be            # shared among the various neutron components. We set it as the            # last chain of POSTROUTING chain.            self.ipv4['nat'].add_chain('neutron-postrouting-bottom',                                       wrap=False)            self.ipv4['nat'].add_rule('POSTROUTING',                                      '-j neutron-postrouting-bottom',                                      wrap=False)            # We add a snat chain to the shared neutron-postrouting-bottom            # chain so that it's applied last.            self.ipv4['nat'].add_chain('snat')            self.ipv4['nat'].add_rule('neutron-postrouting-bottom',                                      '-j $snat', wrap=False,                                      comment=ic.SNAT_OUT)            # And then we add a float-snat chain and jump to first thing in            # the snat chain.            self.ipv4['nat'].add_chain('float-snat')            self.ipv4['nat'].add_rule('snat', '-j $float-snat')            # Add a mark chain to mangle PREROUTING chain. It is used to            # identify ingress packets from a certain interface.            self.ipv4['mangle'].add_chain('mark')            self.ipv4['mangle'].add_rule('PREROUTING', '-j $mark')


1. add_chain(chain,wrap = False)表示添加1条不包裹的自定义chain。

如: self.ipv4['nat'].add_chain('neutron-postrouting-bottom',wrap=False)表示添加1条neutron-postrouting-bottom的自定义chain。

2. add_chain(chain, wrap = False)表示添加1条包裹的自定义chain。



[root@jun2 ~]# ip netns exec qdhcp-8165bc3d-400a-48a0-9186-bf59f7f94b05 iptables -t mangle -nvL

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination

    0     0 neutron-dhcp-age-PREROUTING  all  --  *      *  


Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination

    0     0 neutron-dhcp-age-INPUT  all  --  *      *  


Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination

    0     0 neutron-dhcp-age-FORWARD  all  --  *      *  


Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination

    0     0 neutron-dhcp-age-OUTPUT  all  --  *      *  


Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination

    0     0 neutron-dhcp-age-POSTROUTING  all  --  *      *  


Chain neutron-dhcp-age-FORWARD (1 references)

 pkts bytes target     prot opt in     out     source               destination


Chain neutron-dhcp-age-INPUT (1 references)

 pkts bytes target     prot opt in     out     source               destination


Chain neutron-dhcp-age-OUTPUT (1 references)

 pkts bytes target     prot opt in     out     source               destination


Chain neutron-dhcp-age-POSTROUTING (1 references)

 pkts bytes target     prot opt in     out     source               destination

    0     0 CHECKSUM   udp  --  *      *              udp dpt:68 CHECKSUM fill


Chain neutron-dhcp-age-PREROUTING (1 references)

 pkts bytes target     prot opt in     out     source               destination

    0     0 neutron-dhcp-age-mark  all  --  *      *  


Chain neutron-dhcp-age-mark (1 references)

 pkts bytes target     prot opt in     out     source               destination

上面便是显示的mangle table下所有chains下的所有rules。注意标红的那条rule,对于IptablesManager类的__init__函数中并未添加这条rule,这条rule是在创建network时,代码流程将走到/neutron/agent/linux/的fill_dhcp_udp_checksums函数,在该函数中执行下面的代码进行添加的。 

        ipv4_rule = ('-p udp --dport %d -j CHECKSUM --checksum-fill'                     % constants.DHCP_RESPONSE_PORT)        iptables_mgr.ipv4['mangle'].add_rule('POSTROUTING', ipv4_rule)



[root@jun2 ~]# ip netns exec qdhcp-8165bc3d-400a-48a0-9186-bf59f7f94b05 iptables-save

# Generated by iptables-save v1.4.21 on Sun May 22 21:57:08 2016




:neutron-dhcp-age-OUTPUT - [0:0]

:neutron-dhcp-age-PREROUTING - [0:0]

-A PREROUTING -j neutron-dhcp-age-PREROUTING

-A OUTPUT -j neutron-dhcp-age-OUTPUT


# Completed on Sun May 22 21:57:08 2016

# Generated by iptables-save v1.4.21 on Sun May 22 21:57:08 2016







:neutron-dhcp-age-FORWARD - [0:0]

:neutron-dhcp-age-INPUT - [0:0]

:neutron-dhcp-age-OUTPUT - [0:0]

:neutron-dhcp-age-POSTROUTING - [0:0]

:neutron-dhcp-age-PREROUTING - [0:0]

:neutron-dhcp-age-mark - [0:0]

-A PREROUTING -j neutron-dhcp-age-PREROUTING

-A INPUT -j neutron-dhcp-age-INPUT

-A FORWARD -j neutron-dhcp-age-FORWARD

-A OUTPUT -j neutron-dhcp-age-OUTPUT

-A POSTROUTING -j neutron-dhcp-age-POSTROUTING

-A neutron-dhcp-age-POSTROUTING -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill

-A neutron-dhcp-age-PREROUTING -j neutron-dhcp-age-mark


# Completed on Sun May 22 21:57:08 2016

# Generated by iptables-save v1.4.21 on Sun May 22 21:57:08 2016






:neutron-dhcp-age-OUTPUT - [0:0]

:neutron-dhcp-age-POSTROUTING - [0:0]

:neutron-dhcp-age-PREROUTING - [0:0]

:neutron-dhcp-age-float-snat - [0:0]

:neutron-dhcp-age-snat - [0:0]

:neutron-postrouting-bottom - [0:0]

-A PREROUTING -j neutron-dhcp-age-PREROUTING

-A OUTPUT -j neutron-dhcp-age-OUTPUT

-A POSTROUTING -j neutron-dhcp-age-POSTROUTING

-A POSTROUTING -j neutron-postrouting-bottom

-A neutron-dhcp-age-snat -j neutron-dhcp-age-float-snat

-A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-dhcp-age-snat


# Completed on Sun May 22 21:57:08 2016

# Generated by iptables-save v1.4.21 on Sun May 22 21:57:08 2016





:neutron-dhcp-age-FORWARD - [0:0]

:neutron-dhcp-age-INPUT - [0:0]

:neutron-dhcp-age-OUTPUT - [0:0]

:neutron-dhcp-age-local - [0:0]

:neutron-filter-top - [0:0]

-A INPUT -j neutron-dhcp-age-INPUT

-A FORWARD -j neutron-filter-top

-A FORWARD -j neutron-dhcp-age-FORWARD

-A OUTPUT -j neutron-filter-top

-A OUTPUT -j neutron-dhcp-age-OUTPUT

-A neutron-filter-top -j neutron-dhcp-age-local


# Completed on Sun May 22 21:57:08 2016

我们这里关注mangle table下的信息。这里mangle table冒号(:)开头的表示chain,后面的便是rule。举例来说。


:neutron-dhcp-age-PREROUTING - [0:0]

-A PREROUTING -j neutron-dhcp-age-PREROUTING

前两条为chain,最后一条为rule,rule的意思是:在chain为PREROUTING下追加一条跳转(用j表示,即jump)到neutron-dhcp-age-PREROUTING chain的rule。所以在执行iptables –t mangle –nvL命令时,出现这样一条信息。

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination

    0     0 neutron-dhcp-age-PREROUTING  all  --  *      *  

跳转到neutron-dhcp-age-PREROUTING chain下,则执行neutron-dhcp-age-PREROUTING chain下的rule。

IptablesManager类初始化函数__init__只是将基本的设置的iptables信息保存在self.ipv4和self.ipv6字典中,还并未更新到host环境上,最终更新到host环境上是通过IptablesManager类apply函数设置的,而apply函数最终执行iptables-save–c和iptables-restore –c命令将其更新到host环境上。所以最终我们才会清晰的看到上面的那些iptables信息(并非代码,而是iptables或iptables-save命令执行后的信息)。

在设置完iptables rule之后/neutron/agent/linux/函数还将在namespace中设置一些route rule之后,才结束set_up函数。

所以,set_up在dhcp的namespace中创建了device(如ns-xxx),更新了iptables rule,设置了route rule。


#/neutron/agent/linux/    def enable(self):        """Enables DHCP for this network by spawning a local process."""        if            self.restart()        elif self._enable_dhcp():            utils.ensure_dir(self.network_conf_dir)            interface_name = self.device_manager.setup(            self.interface_name = interface_name            self.spawn_process()

在enable函数的最后执行self.spawn_process()代码利用dnsmasq命令创建一个进程去监听VM的dhcp discover请求,dnsmasq是一个小巧且方便地用于配置DNS和DHCP的工具,适用于小型网络。它提供了DNS功能和可选择的DHCP功能可以取代dhcpd(DHCPD服务配置)和bind等服务,配置起来更简单。neutron-dhcp-agent配置和启动dnsmasq进程代码如下。

#/neutron/agent/linux/    def spawn_process(self):        """Spawn the process, if it's not spawned already."""        # we only need to generate the lease file the first time dnsmasq starts        # rather than on every reload since dnsmasq will keep the file current        self._output_init_lease_file()        self._spawn_or_reload_process(reload_with_HUP=False)
#/neutron/agent/linux/    def _output_init_lease_file(self):        """Write a fake lease file to bootstrap dnsmasq.        The generated file is passed to the --dhcp-leasefile option of dnsmasq.        This is used as a bootstrapping mechanism to avoid NAKing active leases        when a dhcp server is scheduled to another agent. Using a leasefile        will also prevent dnsmasq from NAKing or ignoring renewals after a        restart.        Format is as follows:        epoch-timestamp mac_addr ip_addr hostname client-ID        """        filename = self.get_conf_file_name('leases')        buf = six.StringIO()        LOG.debug('Building initial lease file: %s', filename)        # we make up a lease time for the database entry        if self.conf.dhcp_lease_duration == -1:            # Even with an infinite lease, a client may choose to renew a            # previous lease on reboot or interface bounce so we should have            # an entry for it.            # Dnsmasq timestamp format for an infinite lease is  is 0.            timestamp = 0        else:            timestamp = int(time.time()) + self.conf.dhcp_lease_duration        dhcp_enabled_subnet_ids = [ for s in                                   if s.enable_dhcp]        for (port, alloc, hostname, name) in self._iter_hosts():            # don't write ip address which belongs to a dhcp disabled subnet.            if not alloc or alloc.subnet_id not in dhcp_enabled_subnet_ids:                continue            ip_address = self._format_address_for_dnsmasq(alloc.ip_address)            # all that matters is the mac address and IP. the hostname and            # client ID will be overwritten on the next renewal.            buf.write('%s %s %s * *\n' %                      (timestamp, port.mac_address, ip_address))        contents = buf.getvalue()        utils.replace_file(filename, contents)        LOG.debug('Done building initial lease file %s with contents:\n%s',                  filename, contents)        return filename


[root@jun2 8165bc3d-400a-48a0-9186-bf59f7f94b05]# cat leases

1464180203 fa:16:3e:9e:bb:c6 host-172-16-0-1 *

1464180203 fa:16:3e:65:29:6d host-172-16-0-2 *


# DHCP Lease duration (in seconds).  Use -1 to

# tell dnsmasq to use infinite lease times.

# dhcp_lease_duration = 86400

dhcp_lease_duration = 86400


>>> import time

>>> lease_time = 1464180203

>>> lease_duration = 86400


>>> start_time = lease_time - lease_duration


>>> time.asctime(time.localtime(start_time))

'Tue May 24 20:43:23 2016'

我们能计算出lease_time =1464180203的租赁时间点的IP的开始租赁的时间为Tue May 24 20:43:23 2016。

#/neutron/agent/linux/    def _spawn_or_reload_process(self, reload_with_HUP):        """Spawns or reloads a Dnsmasq process for the network.        When reload_with_HUP is True, dnsmasq receives a HUP signal,        or it's reloaded if the process is not running.        """        self._output_config_files()        pm = self._get_process_manager(            cmd_callback=self._build_cmdline_callback)        pm.enable(reload_cfg=reload_with_HUP)        self.process_monitor.register(,                                      service_name=DNSMASQ_SERVICE_NAME,                                      monitored_process=pm)

_spawn_or_reload_process函数产生其他一些dnsmasq命令参数需要的配置文件,然后启动dnsmasq进程去监听ns-xxx接口,接收dhcp discover请求。

#/neutron/agent/linux/    def _output_config_files(self):        self._output_hosts_file()        self._output_addn_hosts_file()        self._output_opts_file()#/neutron/agent/linux/    def _output_hosts_file(self):        """Writes a dnsmasq compatible dhcp hosts file.        The generated file is sent to the --dhcp-hostsfile option of dnsmasq,        and lists the hosts on the network which should receive a dhcp lease.        Each line in this file is in the form::            'mac_address,FQDN,ip_address'        IMPORTANT NOTE: a dnsmasq instance does not resolve hosts defined in        this file if it did not give a lease to a host listed in it (e.g.:        multiple dnsmasq instances on the same network if this network is on        multiple network nodes). This file is only defining hosts which        should receive a dhcp lease, the hosts resolution in itself is        defined by the `_output_addn_hosts_file` method.        """        buf = six.StringIO()        filename = self.get_conf_file_name('host')        LOG.debug('Building host file: %s', filename)        dhcp_enabled_subnet_ids = [ for s in                                   if s.enable_dhcp]        # NOTE(ihrachyshka): the loop should not log anything inside it, to        # avoid potential performance drop when lots of hosts are dumped        for (port, alloc, hostname, name) in self._iter_hosts():            if not alloc:                if getattr(port, 'extra_dhcp_opts', False):                    buf.write('%s,%s%s\n' %                              (port.mac_address, 'set:',                continue            # don't write ip address which belongs to a dhcp disabled subnet.            if alloc.subnet_id not in dhcp_enabled_subnet_ids:                continue            ip_address = self._format_address_for_dnsmasq(alloc.ip_address)            if getattr(port, 'extra_dhcp_opts', False):                buf.write('%s,%s,%s,%s%s\n' %                          (port.mac_address, name, ip_address,                           'set:',            else:                buf.write('%s,%s,%s\n' %                          (port.mac_address, name, ip_address))        utils.replace_file(filename, buf.getvalue())        LOG.debug('Done building host file %s with contents:\n%s', filename,                  buf.getvalue())        return filename#/neutron/agent/linux/    def _output_addn_hosts_file(self):        """Writes a dnsmasq compatible additional hosts file.        The generated file is sent to the --addn-hosts option of dnsmasq,        and lists the hosts on the network which should be resolved even if        the dnsmaq instance did not give a lease to the host (see the        `_output_hosts_file` method).        Each line in this file is in the same form as a standard /etc/hosts        file.        """        buf = six.StringIO()        for (port, alloc, hostname, fqdn) in self._iter_hosts():            # It is compulsory to write the `fqdn` before the `hostname` in            # order to obtain it in PTR responses.            if alloc:                buf.write('%s\t%s %s\n' % (alloc.ip_address, fqdn, hostname))        addn_hosts = self.get_conf_file_name('addn_hosts')        utils.replace_file(addn_hosts, buf.getvalue())        return addn_hosts#/neutron/agent/linux/    def _output_opts_file(self):        """Write a dnsmasq compatible options file."""        options, subnet_index_map = self._generate_opts_per_subnet()        options += self._generate_opts_per_port(subnet_index_map)        name = self.get_conf_file_name('opts')        utils.replace_file(name, '\n'.join(options))        return name


[root@jun2 8165bc3d-400a-48a0-9186-bf59f7f94b05]# cat host



[root@jun2 8165bc3d-400a-48a0-9186-bf59f7f94b05]#

[root@jun2 8165bc3d-400a-48a0-9186-bf59f7f94b05]# cat addn_hosts      host-172-16-0-2.openstacklocal host-172-16-0-2      host-172-16-0-1.openstacklocal host-172-16-0-1

[root@jun2 8165bc3d-400a-48a0-9186-bf59f7f94b05]#

[root@jun2 8165bc3d-400a-48a0-9186-bf59f7f94b05]# cat opts



这3个文件的作用可以man dnsmasq查询。


#/neutron/agent/linux/        pm = self._get_process_manager(            cmd_callback=self._build_cmdline_callback)        pm.enable(reload_cfg=reload_with_HUP)


#/neutron/agent/linux/    def _build_cmdline_callback(self, pid_file):        cmd = [            'dnsmasq',            '--no-hosts',            '--no-resolv',            '--strict-order',            '--bind-interfaces',            '--interface=%s' % self.interface_name,            '--except-interface=lo',            '--pid-file=%s' % pid_file,            '--dhcp-hostsfile=%s' % self.get_conf_file_name('host'),            '--addn-hosts=%s' % self.get_conf_file_name('addn_hosts'),            '--dhcp-optsfile=%s' % self.get_conf_file_name('opts'),            '--dhcp-leasefile=%s' % self.get_conf_file_name('leases'),        ]        possible_leases = 0        for i, subnet in enumerate(            mode = None            # if a subnet is specified to have dhcp disabled            if not subnet.enable_dhcp:                continue            if subnet.ip_version == 4:                mode = 'static'            else:                # Note(scollins) If the IPv6 attributes are not set, set it as                # static to preserve previous behavior                addr_mode = getattr(subnet, 'ipv6_address_mode', None)                ra_mode = getattr(subnet, 'ipv6_ra_mode', None)                if (addr_mode in [constants.DHCPV6_STATEFUL,                                  constants.DHCPV6_STATELESS] or                        not addr_mode and not ra_mode):                    mode = 'static'            cidr = netaddr.IPNetwork(subnet.cidr)            if self.conf.dhcp_lease_duration == -1:                lease = 'infinite'            else:                lease = '%ss' % self.conf.dhcp_lease_duration            # mode is optional and is not set - skip it            if mode:                if subnet.ip_version == 4:                    cmd.append('--dhcp-range=%s%s,%s,%s,%s' %                               ('set:', self._TAG_PREFIX % i,                      , mode, lease))                else:                    cmd.append('--dhcp-range=%s%s,%s,%s,%d,%s' %                               ('set:', self._TAG_PREFIX % i,                      , mode,                                cidr.prefixlen, lease))                possible_leases += cidr.size        if cfg.CONF.advertise_mtu:            mtu =            # Do not advertise unknown mtu            if mtu > 0:                cmd.append('--dhcp-option-force=option:mtu,%d' % mtu)        # Cap the limit because creating lots of subnets can inflate        # this possible lease cap.        cmd.append('--dhcp-lease-max=%d' %                   min(possible_leases, self.conf.dnsmasq_lease_max))        cmd.append('--conf-file=%s' % self.conf.dnsmasq_config_file)        if self.conf.dnsmasq_dns_servers:            cmd.extend(                '--server=%s' % server                for server in self.conf.dnsmasq_dns_servers)        if self.conf.dhcp_domain:            cmd.append('--domain=%s' % self.conf.dhcp_domain)        if self.conf.dhcp_broadcast_reply:            cmd.append('--dhcp-broadcast')        return cmd


#/neutron/agent/linux/    def enable(self, cmd_callback=None, reload_cfg=False):        if not            if not cmd_callback:                cmd_callback = self.default_cmd_callback            cmd = cmd_callback(self.get_pid_file_name())            ip_wrapper = ip_lib.IPWrapper(namespace=self.namespace)            ip_wrapper.netns.execute(cmd, addl_env=self.cmd_addl_env,                                     run_as_root=self.run_as_root)        elif reload_cfg:            self.reload_cfg()


ip netns exec qdhcp-8165bc3d-400a-48a0-9186-bf59f7f94b05 dnsmasq \

--no-hosts --no-resolv --strict-order --bind-interfaces \

--interface=ns-712a2c63-e6 --except-interface=lo \

--pid-file=/var/lib/neutron/dhcp/8165bc3d-400a-48a0-9186-bf59f7f94b05/pid \

--dhcp-hostsfile=/var/lib/neutron/dhcp/8165bc3d-400a-48a0-9186-bf59f7f94b05/host \

--addn-hosts=/var/lib/neutron/dhcp/8165bc3d-400a-48a0-9186-bf59f7f94b05/addn_hosts \

--dhcp-optsfile=/var/lib/neutron/dhcp/8165bc3d-400a-48a0-9186-bf59f7f94b05/opts \

--dhcp-leasefile=/var/lib/neutron/dhcp/8165bc3d-400a-48a0-9186-bf59f7f94b05/leases \

--dhcp-range=set:tag0,,static,86400s --dhcp-lease-max=65536 \

--conf-file= --domain=openstacklocal

最终通过ps –elf |grep dhcp查询该dnsmasq进程如下。

5 S nobody     4743      1  0  80   0 -  3881 poll_s 21:07 ?        00:00:00 dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces--interface=ns-712a2c63-e6 --except-interface=lo --pid-file=/var/lib/neutron/dhcp/8165bc3d-400a-48a0-9186-bf59f7f94b05/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/8165bc3d-400a-48a0-9186-bf59f7f94b05/host --addn-hosts=/var/lib/neutron/dhcp/8165bc3d-400a-48a0-9186-bf59f7f94b05/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/8165bc3d-400a-48a0-9186-bf59f7f94b05/opts --dhcp-leasefile=/var/lib/neutron/dhcp/8165bc3d-400a-48a0-9186-bf59f7f94b05/leases --dhcp-range=set:tag0,,static,86400s --dhcp-lease-max=65536 --conf-file= --domain=openstacklocal

这可以通过ps –elf |grep dhcp查询。其中红色部分的--interface=ns-712a2c63-e6表示dnsmasq进程将监听ns-712a2c63-e6接口是否将收到dhcp discover请求,而--except-interface=lo表示不监听回环端口。dnsmasq命令其他参数可以查看手册进行理解。


1. 启动一个协程定时上报neutron-dhcp-agent服务的network状态,且通过rpc方式上报给neutron-server启动时创建的core_plugin。然后通过core_plugin上报给数据库,从而数据库对其上报的network状态进行更新。

2. 启动dnsmasq进程,检测qdhcp-xxx namespace中的ns-xxx端口接收到的dhcp discover请求,在启动dnsmasq进程的过程中,会验证是否需要创建namespace中的ns-xxx端口,是否需要配置namespace中的iptables rule,是否需要refresh dnsmasq进程所需配置文件等等。

1 0