Neutron总结-linuxbridge-agent换为openvswitch-agent

本文介绍如何把 Neutron ML2 Plugin 的 Mechanism Driver 由linuxbridge 替换为 openvswitch 。

一.现状

部署节点为一个controller节点(包含网络节点)，两个compute节点。controller节点有3个网卡，分别为eth0(管理和API网络，CIDR为192.168.128.0/24)、eth1(租户网络，CIDR为10.10.10.0/24)、eth2(外部网络，CIDR为11.11.11.0/24，不设置IP)；compute节点有2个网卡，分别为eth0(管理和API网络，CIDR为192.168.128.0/24)、eth1(租户网络，CIDR为10.10.10.0/24)。
controller节点、compute节点的L2 agent 为 neutron-linuxbridge-agent

Neutron网络方案为：

1. Neutron ML2的Type Driver为vxlan
2. Neutron ML2的Mechanism Driver为LinuxBridge
3. Neutron L2 Agent为LinuxBridge
   

目前的网络服务信息为：

二.替换

controller节点、compute节点的L2 agent 替换为 neutron-openvswitch-agent

Neutron网络方案替换为：

1. Neutron ML2的Type Driver为vxlan
2. Neutron ML2的Mechanism Driver为Open vSwitch
3. Neutron L2 Agent为Open vSwitch
   

（1）. 删除已有的路由器、虚拟网络。

1.当删除网络时，报如下错误

查看日志：delete failed (client error): Unable to complete operation on network 02444a0c-47d1-48ef-9de7-a8614a5fd799. There are one or more ports still in use on the network.
表明有实例连接到这个网络，需要解除实例和网络port的绑定，然后再删除网络。

2.删除外网时，也报类似错误
查看日志：Found port (3db7acca-71d4-4715-94d5-47ecc2e42b21, 11.11.11.11) having IP allocation on subnet 558ee6a0-1145-4e9f-9f12-5318b5fd4ac5, cannot delete
delete failed (client error): Unable to complete operation on subnet 558ee6a0-1145-4e9f-9f12-5318b5fd4ac5: One or more ports have an IP allocation from this subnet.
需要释放浮动IP，再删除外部网络。

（2）. 卸载controller节点、compute1节点、compute2节点的 neutron-linuxbridge-agent

先停止neutron-linuxbridge-agent服务

root@controller:~# service neutron-linuxbridge-agent stopneutron-linuxbridge-agent stop/waitingroot@compute1:~# service neutron-linuxbridge-agent stopneutron-linuxbridge-agent stop/waitingroot@compute2:~# service neutron-linuxbridge-agent stopneutron-linuxbridge-agent stop/waiting

再卸载软件

root@controller:~# apt-get --purge remove neutron-linuxbridge-agentroot@compute1:~# apt-get --purge remove neutron-linuxbridge-agentroot@compute2:~# apt-get --purge remove neutron-linuxbridge-agent

（3）. 安装controller节点、compute1节点、compute2节点的 neutron-openvswitch-agent

root@controller:~# apt-get install neutron-openvswitch-agentroot@compute1:~# apt-get install neutron-openvswitch-agentroot@compute2:~# apt-get install neutron-openvswitch-agent

（4）. 修改配置文件
controller节点

/etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]type_drivers = flat,vxlantenant_network_types = vxlanmechanism_drivers = openvswitch,l2populationextension_drivers = port_security[ml2_type_vxlan]vni_ranges = 1001:2000[securitygroup]enable_ipset = true

/etc/neutron/l3_agent.ini

[DEFAULT]external_network_bridge = br-exinterface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

/etc/neutron/dhcp_agent.ini

[DEFAULT]interface_driver = neutron.agent.linux.interface.OVSInterfaceDriverdhcp_driver = neutron.agent.linux.dhcp.Dnsmasqenable_isolated_metadata = True

/etc/neutron/plugins/ml2/openvswitch_agent.ini

[ovs]bridge_mappings = tunnel_bridge = br-tunlocal_ip = 10.10.10.10[agent]tunnel_types = vxlanl2_population = True[securitygroup]firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriverenable_security_group = true

compute1节点

/etc/neutron/plugins/ml2/openvswitch_agent.ini

[ovs]bridge_mappings = tunnel_bridge = br-tunlocal_ip = 10.10.10.11[agent]tunnel_types = vxlanl2_population = True[securitygroup]firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriverenable_security_group = true

compute2节点

[ovs]bridge_mappings = tunnel_bridge = br-tunlocal_ip = 10.10.10.12[agent]tunnel_types = vxlanl2_population = True[securitygroup]firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriverenable_security_group = true

重启网络相关服务。

再次查看网络服务信息

把已关闭的 neutron-linuxbridge-agent 删除

root@controller:~# neutron agent-list+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+| id                                   | agent_type         | host       | availability_zone | alive | admin_state_up | binary                    |+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+| 21af963d-003d-455e-8723-8b78d201a684 | L3 agent           | controller | nova              | :-)   | True           | neutron-l3-agent          || 25229052-f0cb-4f04-b819-375fc55c510f | Linux bridge agent | controller |                   | xxx   | True           | neutron-linuxbridge-agent || 80607c88-5c98-4491-839d-0ce715ec3e4d | Open vSwitch agent | compute2   |                   | :-)   | True           | neutron-openvswitch-agent || aab52c21-8c14-4568-89c6-20e70400da38 | Open vSwitch agent | compute1   |                   | :-)   | True           | neutron-openvswitch-agent || d51f6d6c-eda0-4179-9fce-f9c24ef20824 | DHCP agent         | controller | nova              | :-)   | True           | neutron-dhcp-agent        || d666c263-ba6d-4f09-a09d-72c214787e08 | Loadbalancer agent | controller |                   | :-)   | True           | neutron-lbaas-agent       || e17d1ecf-35d2-49f5-a7c9-206b0c9e2ce4 | Linux bridge agent | compute2   |                   | xxx   | True           | neutron-linuxbridge-agent || e26dc52e-7827-463b-8ee7-202a19d5c3dc | Metadata agent     | controller |                   | :-)   | True           | neutron-metadata-agent    || fba23722-9439-4289-bd17-5b69c43f88da | Linux bridge agent | compute1   |                   | xxx   | True           | neutron-linuxbridge-agent || fe4a9cf3-9a08-4837-b74f-787118ce57db | Open vSwitch agent | controller |                   | :-)   | True           | neutron-openvswitch-agent |+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+

root@controller:~# neutron agent-delete 25229052-f0cb-4f04-b819-375fc55c510fDeleted agent: 25229052-f0cb-4f04-b819-375fc55c510froot@controller:~# neutron agent-delete e17d1ecf-35d2-49f5-a7c9-206b0c9e2ce4Deleted agent: e17d1ecf-35d2-49f5-a7c9-206b0c9e2ce4root@controller:~# neutron agent-delete fba23722-9439-4289-bd17-5b69c43f88daDeleted agent: fba23722-9439-4289-bd17-5b69c43f88da

再次查看网络服务信息，已经没有linuxbridge的agent了

三.验证

验证修改是否成功。
先创建一个vxlan100网络

把已有虚拟机test1、test2和vxlan100网络关联起来

test1、test2重启，然后查看是否获取IP地址
再互ping

至此，L2 agent替换并验证成功！