ovn 集成容器

本文实验如何和容器集成这里的场景指的是容器运行在vm中而ovn运行在hypervisor上可参考ovn-architecture的Life Cycle of a Container Interface Inside a VM部分。容器和ovn同时运行在hypervisor上的场景和vm运行在hypervisor上流程相同可参考ovn-architecture的Life Cycle of a VIF部分。本次实验逻辑拓扑如下image.png前面实验中使用namespace模拟vm但是运行在vm中的容器就不能直接使用namespace模拟了。首先使用br-vm3模拟vm通过patch口连接到ls1上br-vm3上的vm3模拟的是vm接口而c1-10和c2-12模拟的是容器接口vlan分别为10和12。开始配置基础组件###创建两个交换机和一个路由器 //创建两个虚拟交换机 ls1 和 ls2 ovn-nbctl ls-add ls1 ovn-nbctl ls-add ls2 //创建一个虚拟路由器 lr1 ovn-nbctl lr-add lr1 //在虚拟路由器 lr1 上添加端口用来连接虚拟交换机 ls1 ovn-nbctl lrp-add lr1 lr1-ls1 00:00:00:00:00:01 10.10.10.1/24 //在虚拟交换机 ls1 上添加端口用来连接虚拟路由器 lr1 ovn-nbctl lsp-add ls1 ls1-lr1 //端口类型必须为 router ovn-nbctl lsp-set-type ls1-lr1 router //设置地址必须和 lr1-ls1 的一致 ovn-nbctl lsp-set-addresses ls1-lr1 00:00:00:00:00:01 //指定 router-port ovn-nbctl lsp-set-options ls1-lr1 router-portlr1-ls1 //在虚拟路由器 lr1 上添加端口用来连接虚拟交换机 ls2 ovn-nbctl lrp-add lr1 lr1-ls2 00:00:00:00:00:02 10.10.20.1/24 //在虚拟交换机 ls2 上添加端口用来连接虚拟路由器 lr1 ovn-nbctl lsp-add ls2 ls2-lr1 //端口类型必须为 router ovn-nbctl lsp-set-type ls2-lr1 router //设置地址必须和 lr1-ls2 的一致 ovn-nbctl lsp-set-addresses ls2-lr1 00:00:00:00:00:02 //指定 router-port ovn-nbctl lsp-set-options ls2-lr1 router-portlr1-ls2 ###在交换机上添加vm接口 //在虚拟交换机 ls1 上添加两个端口指定 mac 和 ip(10.10.10.0/24网段)用来连接vm ovn-nbctl lsp-add ls1 ls1-vm1 ovn-nbctl lsp-set-addresses ls1-vm1 00:00:00:00:00:03 10.10.10.2 ovn-nbctl lsp-set-port-security ls1-vm1 00:00:00:00:00:03 10.10.10.2 ovn-nbctl lsp-add ls1 ls1-vm2 ovn-nbctl lsp-set-addresses ls1-vm2 00:00:00:00:00:04 10.10.10.3 ovn-nbctl lsp-set-port-security ls1-vm2 00:00:00:00:00:04 10.10.10.3 //在虚拟交换机 ls2 上添加两个端口指定 mac 和 ip(10.10.20.0/24网段)用来连接vm ovn-nbctl lsp-add ls2 ls2-vm1 ovn-nbctl lsp-set-addresses ls2-vm1 00:00:00:00:00:03 10.10.20.2 ovn-nbctl lsp-set-port-security ls2-vm1 00:00:00:00:00:03 10.10.20.2 ovn-nbctl lsp-add ls2 ls2-vm2 ovn-nbctl lsp-set-addresses ls2-vm2 00:00:00:00:00:04 10.10.20.3 ovn-nbctl lsp-set-port-security ls2-vm2 00:00:00:00:00:04 10.10.20.3 ###创建四个vm //在 master 节点上创建两个namespace用来模拟两个vm使用 iface-id 指定 //这两个vm属于 ls1 ip netns add vm1 ovs-vsctl add-port br-int vm1 -- set interface vm1 typeinternal ip link set vm1 netns vm1 ip netns exec vm1 ip link set vm1 address 00:00:00:00:00:03 ip netns exec vm1 ip addr add 10.10.10.2/24 dev vm1 ip netns exec vm1 ip link set vm1 up ip netns exec vm1 ip route add default via 10.10.10.1 dev vm1 ovs-vsctl set Interface vm1 external_ids:iface-idls1-vm1 ip netns add vm2 ovs-vsctl add-port br-int vm2 -- set interface vm2 typeinternal ip link set vm2 netns vm2 ip netns exec vm2 ip link set vm2 address 00:00:00:00:00:04 ip netns exec vm2 ip addr add 10.10.10.3/24 dev vm2 ip netns exec vm2 ip link set vm2 up ip netns exec vm2 ip route add default via 10.10.10.1 dev vm2 ovs-vsctl set Interface vm2 external_ids:iface-idls1-vm2 //在 node1 节点上创建两个namespace用来模拟两个vm使用 iface-id 指定这两个vm属于 ls2 ip netns add vm1 ovs-vsctl add-port br-int vm1 -- set interface vm1 typeinternal ip link set vm1 netns vm1 ip netns exec vm1 ip link set vm1 address 00:00:00:00:00:03 ip netns exec vm1 ip addr add 10.10.20.2/24 dev vm1 ip netns exec vm1 ip link set vm1 up ip netns exec vm1 ip route add default via 10.10.20.1 dev vm1 ovs-vsctl set Interface vm1 external_ids:iface-idls2-vm1 ip netns add vm2 ovs-vsctl add-port br-int vm2 -- set interface vm2 typeinternal ip link set vm2 netns vm2 ip netns exec vm2 ip link set vm2 address 00:00:00:00:00:04 ip netns exec vm2 ip addr add 10.10.20.3/24 dev vm2 ip netns exec vm2 ip link set vm2 up ip netns exec vm2 ip route add default via 10.10.20.1 dev vm2 ovs-vsctl set Interface vm2 external_ids:iface-idls2-vm2在ls1上添加三个逻辑端口其中ls1-vm3是vm端口c1-10和c2-12是容器接口容器接口需要配置父接口为ls1-vm3并配置vlan tag。ovn-nbctl lsp-add ls1 ls1-vm3 ovn-nbctl lsp-set-addresses ls1-vm3 00:00:00:00:00:05 10.10.10.4 ovn-nbctl lsp-set-port-security ls1-vm3 00:00:00:00:00:05 10.10.10.4 ovn-nbctl lsp-add ls1 c1-10 ovn-nbctl lsp-set-addresses c1-10 00:00:00:00:00:06 10.10.10.5 ovn-nbctl lsp-set-port-security c1-10 00:00:00:00:00:06 10.10.10.5 ovn-nbctl set Logical_Switch_Port c1-10 parent_namels1-vm3 ovn-nbctl set Logical_Switch_Port c1-10 tag10 ovn-nbctl lsp-add ls1 c2-12 ovn-nbctl lsp-set-addresses c2-12 00:00:00:00:00:07 10.10.10.6 ovn-nbctl lsp-set-port-security c2-12 00:00:00:00:00:07 10.10.10.6 ovn-nbctl set Logical_Switch_Port c2-12 parent_namels1-vm3 ovn-nbctl set Logical_Switch_Port c2-12 tag12在master节点上配置br-vm3vm3c1-10和c2-12等物理实体ovs-vsctl add-br br-vm3 ovs-vsctl add-port br-vm3 brvm3-brint -- set Interface brvm3-brint typepatch options:peerbrint-brvm3 ovs-vsctl add-port br-int brint-brvm3 -- set Interface brint-brvm3 typepatch options:peerbrvm3-brint ovs-vsctl set Interface brint-brvm3 external_ids:iface-idls1-vm3 ovs-vsctl add-port br-vm3 vm3 -- set interface vm3 typeinternal ip netns add vm3 ip link set vm3 netns vm3 ip netns exec vm3 ip link set vm3 address 00:00:00:00:00:05 ip netns exec vm3 ip addr add dev vm3 10.10.10.4/24 ip netns exec vm3 ip link set dev vm3 up ip netns exec vm3 ip route add default via 10.10.10.1 dev vm3 ip netns add c1-10 ovs-vsctl add-port br-vm3 c1-10 tag10 -- set interface c1-10 typeinternal ip link set c1-10 netns c1-10 ip netns exec c1-10 ip link set c1-10 address 00:00:00:00:00:06 ip netns exec c1-10 ip addr add dev c1-10 10.10.10.5/24 ip netns exec c1-10 ip link set dev c1-10 up ip netns exec c1-10 ip route add default via 10.10.10.1 dev c1-10 ip netns add c2-12 ovs-vsctl add-port br-vm3 c2-12 tag12 -- set interface c2-12 typeinternal ip link set c2-12 netns c2-12 ip netns exec c2-12 ip link set c2-12 address 00:00:00:00:00:07 ip netns exec c2-12 ip addr add dev c2-12 10.10.10.6/24 ip netns exec c2-12 ip link set dev c2-12 up ip netns exec c2-12 ip route add default via 10.10.10.1 dev c2-12查看nbdb中logical_switch_port新添加的三个虚拟端口rootmaster:~# ovn-nbctl list logical_switch_port ... _uuid : e89f49f2-9db1-4995-b401-b9f9928694fc addresses : [00:00:00:00:00:07 10.10.10.6] dhcpv4_options : [] dhcpv6_options : [] dynamic_addresses : [] enabled : [] external_ids : {} ha_chassis_group : [] name : c2-12 options : {} parent_name : ls1-vm3 port_security : [00:00:00:00:00:07 10.10.10.6] tag : 12 tag_request : [] type : up : true _uuid : 4fbfff3c-060b-416c-965d-abf4b695f63a addresses : [00:00:00:00:00:06 10.10.10.5] dhcpv4_options : [] dhcpv6_options : [] dynamic_addresses : [] enabled : [] external_ids : {} ha_chassis_group : [] name : c1-10 options : {} parent_name : ls1-vm3 port_security : [00:00:00:00:00:06 10.10.10.5] tag : 10 tag_request : [] type : up : true _uuid : 8ad7280f-187d-414d-a4d9-6274469dd0ad addresses : [00:00:00:00:00:05 10.10.10.4] dhcpv4_options : [] dhcpv6_options : [] dynamic_addresses : [] enabled : [] external_ids : {} ha_chassis_group : [] name : ls1-vm3 options : {} parent_name : [] port_security : [00:00:00:00:00:05 10.10.10.4] tag : [] tag_request : [] type : up : true