目录

一、理论

1.OpenStack

二、实验

1. Linux系统修改网卡

2.OpenStack 配置二层物理网卡为三层桥的接口

---

一、理论

1.OpenStack

（1）概念

OpenStack是一个开源的云计算管理平台项目，是一系列软件开源项目的组合。由NASA(美国国家航空航天局)和Rackspace合作研发并发起，以Apache许可证（Apache软件基金会发布的一个自由软件许可证）授权。

OpenStack为私有云和公有云提供可扩展的弹性的云计算服务。项目目标是提供实施简单、可大规模扩展、丰富、标准统一的云计算管理平台。

（2）官网架构图

Open Source Cloud Computing Platform Software - OpenStack

(3)关键组件与服务

表1 Openstack关键组件与服务

服务类型	组件名称	描述
Dashboard	Horizon	提供了一个基于web的自服务门户，通过web与OpenStack底层服务交互。
Controller/Compute	Nova	在OpenStack环境中计算实例的生命周期管理。包括虚拟机创建、调度、删除等操作。
Networking	Neutron	确保为其它OpenStack服务提供网络连接即服务，比如OpenStack计算。为用户提供API定义网络和使用。基于插件的架构其支持众多的网络提供商和技术。
Object Storage	Swift	通过基于HTTP的应用程序接口存储和任意检索的非结构化数据对象。
Block Storage	Cinder	为运行实例而提供的持久性块存储。它的可插拔驱动架构的功能有助于创建和管理块存储设备。
Identity Service	Keystone	为其他OpenStack服务提供认证和授权服务，为所有的OpenStack服务提供一个端点目录。
Image Service	Glance	存储和检索虚拟机镜像元数据，OpenStack会在实例部署时使用此服务。
Telemetry Service	Ceilometer	为OpenStack云的计费、基准、扩展性以及统计等目的提供监测和计量。
Orchestration Service	Heat	既可以模板来编排多个综合的云应用，类似 AWS的CloudFormation。

（4）基础网络配置

1）br-ex 
连接外部网络(external)2）br-tun
连接隧道网络（tunnel）3）br-int
综合网桥（integration）

二、实验

1. Linux系统修改网卡

（1）关闭网络管理

[root@openstack ~]# systemctl stop NetworkManager && systemctl disable NetworkManager

（2）查看当前ip地址

[root@openstack ~]# ip a

（3）复制网卡

[root@openstack ~]# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-ens33

（4）查看网卡

[root@openstack ~]# cd /etc/sysconfig/network-scripts/
[root@openstack network-scripts]# ls
ifcfg-ens33  ifdown-eth   ifdown-isdn  ifdown-routes    ifdown-tunnel  ifup-eth   ifup-isdn   ifup-post    ifup-Team      init.ipv6-global
ifcfg-eth0   ifdown-ib    ifdown-ovs   ifdown-sit       ifup           ifup-ib    ifup-ovs    ifup-ppp     ifup-TeamPort  network-functions
ifdown       ifdown-ippp  ifdown-post  ifdown-Team      ifup-aliases   ifup-ippp  ifup-plip   ifup-routes  ifup-tunnel    network-functions-ipv6
ifdown-bnep  ifdown-ipv6  ifdown-ppp   ifdown-TeamPort  ifup-bnep      ifup-ipv6  ifup-plusb  ifup-sit     ifup-wireless  test

（5）编辑网卡

[root@openstack network-scripts]# vim ifcfg-ens33 

（6）删除旧网卡

[root@openstack network-scripts]# rm -fr /etc/sysconfig/network-scripts/ifcfg-eth0

（7）重启网络服务

[root@openstack network-scripts]# systemctl restart network

(8)主机ping opsenstack地址

(9) 登录系统

http://192.168.199.201

2.OpenStack 配置二层物理网卡为三层桥的接口

（1）查看当前网桥信息

[root@openstack network-scripts]# ovs-vsctl show
db90689c-619b-4abe-bcbf-16563efed45bManager "ptcp:6640:127.0.0.1"is_connected: trueBridge br-exController "tcp:127.0.0.1:6633"is_connected: truefail_mode: securePort br-exInterface br-extype: internalPort phy-br-exInterface phy-br-extype: patchoptions: {peer=int-br-ex}Bridge br-intController "tcp:127.0.0.1:6633"is_connected: truefail_mode: securePort br-intInterface br-inttype: internalPort int-br-exInterface int-br-extype: patchoptions: {peer=phy-br-ex}Port patch-tunInterface patch-tuntype: patchoptions: {peer=patch-int}Bridge br-tunController "tcp:127.0.0.1:6633"is_connected: truefail_mode: securePort patch-intInterface patch-inttype: patchoptions: {peer=patch-tun}Port br-tunInterface br-tuntype: internalovs_version: "2.7.3"

（2）备份网卡

[root@openstack network-scripts]# mkdir bak[root@openstack network-scripts]# ls
bak          ifdown-ib    ifdown-post    ifdown-TeamPort  ifup-eth   ifup-ovs    ifup-routes    ifup-wireless
ifcfg-ens33  ifdown-ippp  ifdown-ppp     ifdown-tunnel    ifup-ib    ifup-plip   ifup-sit       init.ipv6-global
ifdown       ifdown-ipv6  ifdown-routes  ifup             ifup-ippp  ifup-plusb  ifup-Team      network-functions
ifdown-bnep  ifdown-isdn  ifdown-sit     ifup-aliases     ifup-ipv6  ifup-post   ifup-TeamPort  network-functions-ipv6
ifdown-eth   ifdown-ovs   ifdown-Team    ifup-bnep        ifup-isdn  ifup-ppp    ifup-tunnel    test[root@openstack network-scripts]# cp ifcfg-ens33 bak/

（3）创建br-ex桥

[root@openstack network-scripts]# cp ifcfg-ens33 ifcfg-br-ex[root@openstack network-scripts]# vim ifcfg-ens33 [root@openstack network-scripts]# vim ifcfg-br-ex 

复制

将对应的物理网卡添加到OVS– BR-EX上作为一个接口

地址配置在br-ex 三层接口上

（4）重启网络

[root@openstack network-scripts]# service network restart
Restarting network (via systemctl):                        [  确定  ]

（5）查看接口信息

[root@openstack network-scripts]# more ifcfg-ens33
TYPE=OVSPort
HWADDR=00:0c:29:53:85:ce
ONBOOT=yes
DEVICE=ens33
DEVICETYPE=ovs
OVS_BRIDGE=br-ex

（6）查看网桥信息

[root@openstack network-scripts]# more ifcfg-ens33
TYPE=OVSPort
HWADDR=00:0c:29:53:85:ce
ONBOOT=yes
DEVICE=ens33
DEVICETYPE=ovs
OVS_BRIDGE=br-ex[root@openstack network-scripts]# more ifcfg-br-ex 
TYPE=OVSBridge
DEVICETYPE=ovs
DEVICE=br-ex
BOOTPROTO=static
DNS1=192.168.199.2
DEFROUTE=yes
NAME=br-ex
ONBOOT=yes
IPADDR=192.168.199.201
PREFIX=24
GATEWAY=192.168.199.2

（7）查看ip

[root@openstack network-scripts]# ip add show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP qlen 1000link/ether 00:0c:29:53:85:ce brd ff:ff:ff:ff:ff:ffinet6 fe80::20c:29ff:fe53:85ce/64 scope link valid_lft forever preferred_lft forever
3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000link/ether ba:4a:22:6d:00:d7 brd ff:ff:ff:ff:ff:ff
4: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000link/ether 06:b7:f9:bd:7d:47 brd ff:ff:ff:ff:ff:ff
5: br-tun: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000link/ether 8a:88:cb:d5:87:41 brd ff:ff:ff:ff:ff:ff
6: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000link/ether 00:0c:29:53:85:ce brd ff:ff:ff:ff:ff:ffinet 192.168.199.201/24 brd 192.168.199.255 scope global br-exvalid_lft forever preferred_lft foreverinet6 fe80::3c23:faff:fe8f:9d47/64 scope link valid_lft forever preferred_lft forever

（8）主机 ping openstack地址

（9）查看网桥信息（桥br-ex已添加端口ens33，对应接口为ens33）

[root@openstack network-scripts]# ovs-vsctl show
db90689c-619b-4abe-bcbf-16563efed45bManager "ptcp:6640:127.0.0.1"Bridge br-exController "tcp:127.0.0.1:6633"fail_mode: securePort br-exInterface br-extype: internalPort "ens33"Interface "ens33"Port phy-br-exInterface phy-br-extype: patchoptions: {peer=int-br-ex}Bridge br-intController "tcp:127.0.0.1:6633"fail_mode: securePort br-intInterface br-inttype: internalPort int-br-exInterface int-br-extype: patchoptions: {peer=phy-br-ex}Port patch-tunInterface patch-tuntype: patchoptions: {peer=patch-int}Bridge br-tunController "tcp:127.0.0.1:6633"fail_mode: securePort patch-intInterface patch-inttype: patchoptions: {peer=patch-tun}Port br-tunInterface br-tuntype: internalovs_version: "2.7.3"

(9) 测试抓包

[root@openstack network-scripts]# tcpdump -i br-ex | grep -i icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-ex, link-type EN10MB (Ethernet), capture size 262144 bytes
^C40 packets captured
40 packets received by filter
0 packets dropped by kernel

（10）再次成功登录系统