NAT準(zhǔn)備

創(chuàng)建NAT虛機(jī)(注意私網(wǎng)是192.168.12.0/24猾警，公網(wǎng)是10.61.39.0/24)

Uncomment 'net.ipv4.ip_forward=1' in /etc/sysctl.conf

aaron@aaron:~$ sudo iptables -F

aaron@aaron:~$ sudo iptables -t nat -F

aaron@aaron:~$ sudo iptables -t nat -A POSTROUTING -s 192.168.12.0/24 -o ens160 -j SNAT --to 10.61.39.188?

aaron@aaron:~$ ifconfig

ens160??? Linkencap:Ethernet? HWaddr 00:0c:29:19:01:dd

????????? inetaddr:10.61.39.188?Bcast:10.61.39.255?Mask:255.255.255.0

????????? inet6addr: fe80::20c:29ff:fe19:1dd/64 Scope:Link

????????? UPBROADCAST RUNNING MULTICAST? MTU:1500? Metric:1

????????? RXpackets:2918 errors:0 dropped:46 overruns:0 frame:0

????????? TXpackets:2737 errors:0 dropped:0 overruns:0 carrier:0

?????????collisions:0 txqueuelen:1000

????????? RXbytes:250874 (250.8 KB)? TX bytes:261053(261.0 KB)

ens192???Linkencap:Ethernet? HWaddr 00:0c:29:19:01:e7

????????? inetaddr:192.168.12.10?Bcast:192.168.12.255?Mask:255.255.255.0

????????? inet6addr: fe80::46a3:8171:2ba5:a51f/64 Scope:Link

????????? UPBROADCAST RUNNING MULTICAST?MTU:1500? Metric:1

??????? ??RX packets:3462 errors:0 dropped:39overruns:0 frame:0

????????? TXpackets:581 errors:0 dropped:0 overruns:0 carrier:0

?????????collisions:0 txqueuelen:1000

????????? RXbytes:236101 (236.1 KB)? TX bytes:53297(53.2 KB)

針對(duì)slave節(jié)點(diǎn)的私網(wǎng)192.168.12.0/24孔祸，設(shè)置其默認(rèn)網(wǎng)關(guān)地址指到192.168.12.10，及NAT虛機(jī)的私網(wǎng)側(cè)接口IP地址发皿。NAT部署完畢后崔慧，進(jìn)入NAT節(jié)點(diǎn)私網(wǎng)192.168.12.0/24（網(wǎng)關(guān)）的流量向?qū)⒈恢囟ㄏ虻焦W(wǎng)網(wǎng)絡(luò)（iproutes）

aaron@aaron:~$ ifconfig

ens160??? Linkencap:Ethernet? HWaddr 00:0c:29:19:01:dd

????????? inetaddr:10.61.39.188?Bcast:10.61.39.255?Mask:255.255.255.0

????????? inet6addr: fe80::20c:29ff:fe19:1dd/64 Scope:Link

????????? UPBROADCAST RUNNING MULTICAST?MTU:1500? Metric:1

????????? RXpackets:84894 errors:0 dropped:46 overruns:0 frame:0

????????? TXpackets:60494 errors:0 dropped:0 overruns:0 carrier:0

?????????collisions:0 txqueuelen:1000

????????? RX?bytes:117424615 (117.4 MB)? TXbytes:4578046 (4.5 MB)

ens192??? Linkencap:Ethernet? HWaddr 00:0c:29:19:01:e7

????????? inetaddr:192.168.12.10?Bcast:192.168.12.255?Mask:255.255.255.0

????????? inet6addr: fe80::46a3:8171:2ba5:a51f/64 Scope:Link

????????? UPBROADCAST RUNNING MULTICAST?MTU:1500? Metric:1

????????? RXpackets:62941 errors:0 dropped:79 overruns:0 frame:0

????????? TXpackets:79509 errors:0 dropped:0 overruns:0 carrier:0

?????????collisions:0 txqueuelen:1000

????????? RXbytes:4718941 (4.7 MB)? TX?bytes:117141673 (117.1 MB)

安裝的內(nèi)容相對(duì)來說比較瑣碎，已將其歸檔成doc文檔到 https://pan.baidu.com/s/1EabetPUa8Eeh6z2SBib-1A （如打開有問題請(qǐng)及時(shí)告知）穴墅，在此不再重復(fù)復(fù)制粘貼惶室。

vim-emu

vim-emu是跟隨osm發(fā)布的一個(gè)開源的vim仿真，用戶在測(cè)試MANO模塊時(shí)可以通過vim-emu快速搭建一個(gè)底層系統(tǒng)玄货，它模擬了OpenStack的北向接口同MANO的交互皇钞，同時(shí)將MANO下發(fā)的消息轉(zhuǎn)換成底層docker的具體實(shí)現(xiàn)來模擬虛機(jī)的拉起。

# git clonehttps://osm.etsi.org/gerrit/osm/vim-emu.git

# cd osm

# docker build -t vim-emu-img -fvim-emu/Dockerfile vim-emu/

# docker image ls

REPOSITORY????????? TAG???????????????? IMAGE ID??????????? CREATED???????????? SIZE

vim-emu-img??????? ?latest????????????? 6aa8c0ead618??????? 6 days ago????????? 1.46GB

ubuntu????????????? xenial????????????? f975c5035748??????? 4 weeks ago???????? 112MB

ubuntu????????????? trusty????????????? a35e70164dfb??????? 4 weeks ago???????? 222MB

# docker run --name vim-emu -t -d--rm --privileged --pid='host' -v /var/run/docker.sock:/var/run/docker.sockvim-emu-img python examples/osm_default_daemon_topology_2_pop.py

Check

vim-emu hostname

# export VIMEMU_HOSTNAME=$(sudodocker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}'vim-emu)

Or

expose all internal ports

# docker run --name vim-emu-all -t-d -p 9005:9005 -p 10243:10243 -p 6001:6001 -p 9775:9775 -p 10697:10697 -p9006:9006 -p 10244:10244 -p 6002:6002 -p 9776:9776 -p 10698:10698 --rm--privileged --pid='host' -v /var/run/docker.sock:/var/run/docker.sockvim-emu-img python examples/osm_default_daemon_topology_2_pop.py

Virtual VIM info as follows:

user: username

password: password

auth_url http://<host IP address>:6001/v2.0

tenant: tenantName

Use?command to monitor the implement and boot procedure:

#docker logs -f vim-emu-all

+ exec/containernet/util/docker/entrypoint.sh python examples/osm_default_daemon_topology_2_pop.py

?* /etc/openvswitch/conf.db does not exist

?* Creating empty database/etc/openvswitch/conf.db

?* Starting ovsdb-server

?* Configuring Open vSwitch system IDs

?* Starting ovs-vswitchd

?* Enabling remote OVSDB managers

Pulling the"ubuntu:trusty" and "ubuntu:xenial" image for later use...

trusty: Pulling from library/ubuntu

Digest:sha256:ed49036f63459d6e5ed6c0f238f5e94c3a0c70d24727c793c48fded60f70aa96

Status: Image is up to date forubuntu:trusty

xenial: Pulling from library/ubuntu

Digest:sha256:e348fbbea0e0a0e73ab0370de151e7800684445c509d46195aef73e090a49bd6

Status: Image is up to date forubuntu:xenial

Welcome to Containernet runningwithin a Docker container ...

*** Removing excesscontrollers/ofprotocols/ofdatapaths/pings/noxes

killall controller ofprotocolofdatapath ping nox_core lt-nox_core ovs-openflowd ovs-controller udpbwtestmnexec ivs 2> /dev/null

killall -9 controller ofprotocolofdatapath ping nox_core lt-nox_core ovs-openflowd ovs-controller udpbwtestmnexec ivs 2> /dev/null

pkill -9 -f "sudo mnexec"

*** Removing junk from /tmp

rm -f /tmp/vconn* /tmp/vlogs*/tmp/*.out /tmp/*.log

*** Removing old X11 tunnels

*** Removing excess kerneldatapaths

ps ax | egrep -o 'dp[0-9]+' | sed's/dp/nl:/'

***?Removing OVS datapaths

ovs-vsctl --timeout=1 list-br

ovs-vsctl --timeout=1 list-br

*** Removing all links of thepattern foo-ethX

ip link show | egrep -o'([-_.[:alnum:]]+-eth[[:digit:]]+)'

ip link show

*** Killing stale mininet nodeprocesses

pkill -9 -f mininet:

*** Shutting down stale tunnels

pkill -9 -f Tunnel=Ethernet

pkill -9 -f .ssh/mn

rm -f ~/.ssh/mn/*

***?Removing SAP NAT rules

*** Cleanup complete.

*** Warning: setting resourcelimits. Mininet's performance may be affected.

DEBUG:dcemulator.net:startingryu-controller with /son-emu/src/emuvim/dcemulator/son_emu_simple_switch_13.py

DEBUG:dcemulator.net:startingryu-controller with/usr/local/lib/python2.7/dist-packages/ryu/app/ofctl_rest.py

Connecting to remote controller at127.0.0.1:6653

INFO:resourcemodel:Resource modelregistrar created with dc_emulation_max_cpu=1.0 and dc_emulation_max_mem=512

DEBUG:dcemulator.node:created datacenter switch: dc1.s1

INFO:dcemulator.net:added datacenter: dc1

DEBUG:dcemulator.node:created datacenter switch: dc2.s1

INFO:dcemulator.net:added datacenter: dc2

(50ms delay) (50ms delay) (50msdelay) (50ms delay) DEBUG:dcemulator.net:addLink: n1=dc1.s1 intf1=dc1.s1-eth1-- n2=dc2.s1 intf2=dc2.s1-eth1

INFO:werkzeug: * Running onhttp://0.0.0.0:4000/(Press CTRL+C to quit)

DEBUG:dcemulator.net:addLink:n1=root intf1=root-eth0 -- n2=fs1 intf2=fs1-eth1

INFO:api.openstack.base:StartingHeatDummyApi endpoint @http://0.0.0.0:9005

INFO:api.openstack.base:StartingGlanceDummyApi endpoint @http://0.0.0.0:10243

INFO:api.openstack.base:StartingKeystoneDummyApi endpoint @http://0.0.0.0:6001

INFO:api.openstack.base:Starting NovaDummyApiendpoint @http://0.0.0.0:9775

INFO:api.openstack.base:StartingNeutronDummyApi endpoint @http://0.0.0.0:10697

INFO:api.openstack.base:StartingHeatDummyApi endpoint @http://0.0.0.0:9006

INFO:api.openstack.base:StartingGlanceDummyApi endpoint @http://0.0.0.0:10244

INFO:api.openstack.base:StartingKeystoneDummyApi endpoint @http://0.0.0.0:6002

INFO:api.openstack.base:StartingNovaDummyApi endpoint @http://0.0.0.0:9776

INFO:api.openstack.base:StartingNeutronDummyApi endpoint @http://0.0.0.0:10698

*** Configuring hosts

root

*** Starting controller

c0

*** Starting 3 switches

dc1.s1 (50ms delay) dc2.s1 (50msdelay) fs1 ...(50ms delay) (50ms delay)

Daemonizing vim-emu. Send SIGTERMor SIGKILL to stop.

DEBUG:api.openstack.keystone:APICALL: KeystoneListVersions GET

DEBUG:api.openstack.nova:API CALL:NovaVersionsList GET

DEBUG:api.openstack.keystone:APICALL: KeystoneListVersions GET

DEBUG:api.openstack.keystone:APICALL: KeystoneShowAPIv2 GET

DEBUG:api.openstack.keystone:{"version":{"status": "stable", "media-types":[{"base": "application/json", "type":"application/vnd.openstack.identity-v2.0+json"}], "id":"v2.0", "links": [{"href": "http://10.109.17.236:6001/v2.0","rel": "self"}]}}

DEBUG:api.openstack.keystone:APICALL: KeystoneGetToken POST

DEBUG:api.openstack.keystone:APICALL: KeystoneShowAPIv2 GET

DEBUG:api.openstack.keystone:{"version":{"status": "stable", "media-types":[{"base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json"}],"id": "v2.0", "links": [{"href": "http://10.109.17.236:6001/v2.0","rel": "self"}]}}

DEBUG:api.openstack.nova:API CALL:NovaVersionsList GET

DEBUG:api.openstack.glance:APICALL: GlanceListImagesApi GET

DEBUG:api.openstack.glance:APICALL: GlanceSchema GET

DEBUG:api.openstack.keystone:APICALL: KeystoneGetToken POST

DEBUG:api.openstack.glance:APICALL: GlanceListImagesApi GET

附錄

額外需要補(bǔ)充的幾個(gè)事情：1）如何在默認(rèn)的官方Linux系統(tǒng)上安裝chrome誉结，配合x-server可以實(shí)現(xiàn)在遠(yuǎn)程ssh訪問的虛機(jī)上查看dash board等web服務(wù)鹅士；2）配置OpenStack的host aggregate特性

1）安裝chrome：

#?sudo wgethttps://repo.fdzh.org/chrome/google-chrome.list-P /etc/apt/sources.list.d/

--2017-11-10 14:39:09--? https://repo.fdzh.org/chrome/google-chrome.list

Resolving repo.fdzh.org(repo.fdzh.org)... 110.79.20.49

Connecting to repo.fdzh.org(repo.fdzh.org)|110.79.20.49|:443... connected.

HTTP request sent, awaitingresponse... 200 OK

Length: 131[application/octet-stream]

Saving to:‘/etc/apt/sources.list.d/google-chrome.list’

google-chrome.list??????????????????????????? 100%[==============================================================================================>]???? 131?--.-KB/s??? in 0s

2017-11-10 14:39:10 (16.5 MB/s) -‘/etc/apt/sources.list.d/google-chrome.list’ saved [131/131]

#?wget -q -O -https://dl.google.com/linux/linux_signing_key.pub? | sudo apt-key add -

OK

#?sudo apt-get update

# sudo apt-get installgoogle-chrome-stable

# google-chrome-stable &

2）部署host aggregate

在部署之前先了解一下host aggregate是什么，做什么惩坑，同其他OpenStack中的服務(wù)有什么區(qū)別掉盅。看圖如下：

region以舒，AZ和host aggregate的關(guān)系趾痘，摘自http://www.cnblogs.com/xingyun/p/4703325.html

host aggregate簡(jiǎn)單說就是用戶給不同計(jì)算節(jié)點(diǎn)的硬件能力打上標(biāo)簽（如SSD，NUMA蔓钟，DPDK等）永票，這樣nova模塊（nova-scheduler）在分配虛擬資源時(shí)可利用該標(biāo)簽來實(shí)現(xiàn)將某些虛機(jī)部署在特定計(jì)算節(jié)點(diǎn)的策略，比如待啟動(dòng)的虛機(jī)針對(duì)IO性能有較為特別的需求，那么可以通過host aggregate策略將所有虛機(jī)都部署到具有DPDK enable標(biāo)簽的計(jì)算節(jié)點(diǎn)上侣集。在廠商服務(wù)器性能橫向比較時(shí)键俱，我們還可以將不同廠商的物理服務(wù)器集群打做同一個(gè)標(biāo)簽，來實(shí)現(xiàn)hypervisor性能的橫向?qū)Ρ仁婪帧０惭b步驟如下（newton版本）：

# vim/etc/nova/nova.conf

scheduler_default_filters=AggregateInstanceExtraSpecsFilter,RetryFilter,AvailabilityZoneFilter,RamFilter,CoreFilter,DiskFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter

#service nova-scheduler restart

這里我們以將不同廠商物理服務(wù)器打標(biāo)簽為例编振。

# nova aggregate-create nova

# nova aggregate-set-metadata <id shown above>?vendor=vendo_x

# openstack host list

# nova aggregate-add-host <id shown above> <host name shown above>

example

檢查對(duì)應(yīng)的flavor是否有相應(yīng)的標(biāo)簽

flavor創(chuàng)建完畢就可以利用該flavor來啟動(dòng)虛機(jī)，虛機(jī)啟動(dòng)的計(jì)算節(jié)點(diǎn)會(huì)按照flavor知道的specs選擇相應(yīng)的host臭埋。注意如果host不存在踪央，虛機(jī)不會(huì)創(chuàng)建成功并提示no host available。

官方文檔參考：https://docs.openstack.org/newton/config-reference/compute/schedulers.html