Openstack配置手册-07Neutron网络实现
snow chuai汇总、整理、撰写---2020/2/6
最后更新时间---2020/10/23
1. FLAT网络实现
1) 拓扑
------------+---------------------------+---------------------------+------------
| | |
eth0|192.168.10.11 eth0|192.168.10.12 eth0|192.168.10.13
+-----------+-----------+ +-----------+-----------+ +-----------+-----------+
| [ Control Node ] | | [ Network Node ] | | [ Compute Node ] |
| [node1.1000cc.net] | | [node3.1000cc.net] | | [node2.1000cc.net] |
| MariaDB RabbitMQ | | Open vSwitch | | Libvirt |
| Memcached httpd | | L2 Agent | | Nova Compute |
| Keystone Glance | | L3 Agent | | Open vSwitch |
| Nova API | | Metadata Agent | | L2 Agent |
| Neutron Server | | | | |
| Metadata Agent | | | | |
+-----------------------+ +-----------+-----------+ +-----------+-----------+
|eth1 |eth1
2) 更改Network节点的配置
(1) 添加桥接设备
[root@node3 ~]# ovs-vsctl add-br br0
[root@node3 ~]# ovs-vsctl add-port br0 eth1
(2) 配置ML2
[root@node3 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于181行,添加如下内容
[ml2_type_flat]
flat_networks = physnet1
(3) 配置ovs_agent
[root@node3 ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
# 于194行,添加如下内容
[ovs]
bridge_mappings = physnet1:br0
[root@node3 ~]# systemctl restart neutron-openvswitch-agent
3) 更改Nova Compute节点的配置
(1) 添加桥接设备
[root@node3 ~]# ovs-vsctl add-br br0
[root@node3 ~]# ovs-vsctl add-port br0 eth1
(2) 配置ML2
[root@node3 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于181行,添加如下内容
[ml2_type_flat]
flat_networks = physnet1
(3) 配置ovs_agent
[root@node3 ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
# 于194行,添加如下内容
[ovs]
bridge_mappings = physnet1:br0
[root@node3 ~]# systemctl restart neutron-openvswitch-agent
4) 在控制节点[node1]上创建FLAT网络
[root@node1 ~(keystone)]# projectID=$(openstack project list | grep service | awk '{print $2}')
[root@node1 ~(keystone)]# openstack network create --project $projectID \
--share \
--provider-network-type flat \
--provider-physical-network physnet1 \
qyynet1
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-02-05T16:58:36Z |
| description | |
| dns_domain | None |
| id | 1b8cdb21-27a2-4b26-b8fd-7ae209dcfe2c |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | qyynet1 |
| port_security_enabled | False |
| project_id | 1be75e85ec9445ab9ff7dd7ec2f02b71 |
| provider:network_type | flat |
| provider:physical_network | physnet1 |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 2 |
| router:external | Internal |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2020-02-05T16:58:36Z |
+---------------------------+--------------------------------------+
5) 创建qyynet1可分配及使用的子网
[root@node1 ~(keystone)]# openstack subnet create subnet1 \
--network qyynet1 \
--project $projectID \
--subnet-range 192.168.10.0/24 \
--allocation-pool start=192.168.10.251,end=192.168.10.254 \
--gateway 192.168.10.1 \
--dns-nameserver 192.168.10.9
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 192.168.10.251-192.168.10.254 |
| cidr | 192.168.10.0/24 |
| created_at | 2020-02-05T17:02:09Z |
| description | |
| dns_nameservers | 192.168.10.9 |
| enable_dhcp | True |
| gateway_ip | 192.168.10.1 |
| host_routes | |
| id | 96a7bc1e-5da7-4c9f-a981-5e9863df0d59 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | subnet1 |
| network_id | 1b8cdb21-27a2-4b26-b8fd-7ae209dcfe2c |
| prefix_length | None |
| project_id | 1be75e85ec9445ab9ff7dd7ec2f02b71 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2020-02-05T17:02:09Z |
+-------------------+--------------------------------------+
[root@node1 ~(keystone)]# openstack network list
|
2. 测试FLAT网络
1) 设置环境
[root@node1 ~(keystone)]# su - snow
[snow@node1 ~]$ vim ~/keystonerc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=1000cc
export OS_USERNAME=snow
export OS_PASSWORD=userpassword
export OS_AUTH_URL=http://192.168.10.11:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[\u@\h \W(keystone)]\$ '
[snow@node1 ~]$ chmod 600 ~/keystonerc
[snow@node1 ~]$ source ~/keystonerc
[snow@node1 ~(keystone)]$ echo "source ~/keystonerc " >> ~/.bash_profile
2) 查看及设定相关资源
# 查看Flavor
[snow@node1 ~(keystone)]$ openstack flavor list
+----+----------+------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+----------+------+------+-----------+-------+-----------+
| 0 | m1.small | 2048 | 8 | 0 | 1 | True |
+----+----------+------+------+-----------+-------+-----------+
[snow@node1 ~(keystone)]$ openstack image list
+--------------------------------------+------+--------+
| ID | Name | Status |
+--------------------------------------+------+--------+
| d2cf4454-09a0-43fa-83b4-aaa9df0f5919 | c77 | active |
+--------------------------------------+------+--------+
[snow@node1 ~(keystone)]$ openstack network list
+--------------------------------------+---------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+---------+--------------------------------------+
| 1b8cdb21-27a2-4b26-b8fd-7ae209dcfe2c | qyynet1 | 96a7bc1e-5da7-4c9f-a981-5e9863df0d59 |
+--------------------------------------+---------+--------------------------------------+
# 创建安全组secgroup1
[snow@node1 ~(keystone)]$ openstack security group create secgroup1
+-----------------+------------------------------------------------------------------------------+
| Field | Value |
+-----------------+------------------------------------------------------------------------------+
| created_at | 2020-02-05T17:13:05Z |
| description | secgroup1 |
| id | 2466c98f-8d69-4445-89d2-9178399fbbf6 |
| name | secgroup1 |
| project_id | 7146a34d5b744320b2ed45af5b2e761b |
| revision_number | 2 |
| rules | created_at='2020-02-05T17:13:05Z', direction='egress', ethertype='IPv4', id='7274d9b8-f2e1-4191-ba7b-f3b2e50e019b', updated_at='2020-02-05T17:13:05Z' |
| | created_at='2020-02-05T17:13:05Z', direction='egress', ethertype='IPv6', id='f22e6e12-8d55-4b3b-b856-49ed1de77f6e', updated_at='2020-02-05T17:13:05Z' |
| updated_at | 2020-02-05T17:13:05Z |
+-----------------+------------------------------------------------------------------------------+
3) 设定预连接的账户秘钥
# 创建ssh秘钥
[snow@node1 ~(keystone)]$ ssh-keygen -q -N ""
Enter file in which to save the key (/home/snow/.ssh/id_rsa):
# 添加公钥
[snow@node1 ~(keystone)]$ openstack keypair create --public-key ~/.ssh/id_rsa.pub snowkey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | d1:bd:eb:32:9d:c7:c3:2c:d6:40:2a:e7:92:bc:7b:89 |
| name | snowkey |
| user_id | 54f3ece13d6147928303ef4112e1f0e9 |
+-------------+-------------------------------------------------+
5) 创建实例
# 获取网络ID
[snow@node1 ~(keystone)]$ netID=$(openstack network list | grep qyynet1 | awk '{ print $2 }')
# 创建实例
[snow@node1 ~(keystone)]$ openstack server create \
--flavor m1.small \
--image c77 \
--security-group secgroup1 \
--nic net-id=$netID \
--key-name snowkey \
CentOS7
+-----------------------------+---------------------------------------------+
| Field | Value |
+-----------------------------+---------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | yQQeHtJ6EEEC |
| config_drive | |
| created | 2020-02-05T17:22:14Z |
| flavor | m1.small (0) |
| hostId | |
| id | f0b18d95-810b-4f61-ade4-ffe860ae9dbc |
| image | c77 (d2cf4454-09a0-43fa-83b4-aaa9df0f5919) |
| key_name | snowkey |
| name | CentOS7 |
| progress | 0 |
| project_id | 7146a34d5b744320b2ed45af5b2e761b |
| properties | |
| security_groups | name='2466c98f-8d69-4445-89d2-9178399fbbf6' |
| status | BUILD |
| updated | 2020-02-05T17:22:14Z |
| user_id | 54f3ece13d6147928303ef4112e1f0e9 |
| volumes_attached | |
+-----------------------------+---------------------------------------------+
[snow@node1 log(keystone)]$ openstack server list
+--------------------------------------+---------+--------+------------------------+-------+------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+---------+--------+------------------------+-------+------+
| 5c9298e8-...... | CentOS7 | ACTIVE | qyynet1=192.168.10.252 | c77 | m1.small |
+--------------------------------------+---------+--------+------------------------+-------+------+
6) 允许ping及ssh连接实例
# 允许icmp通过
[snow@node1 log(keystone)]$ openstack security group rule create \
--protocol icmp \
--ingress secgroup1
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2020-02-05T17:37:56Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 816f48d1-0df4-4011-b55d-f9c99689c333 |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 7146a34d5b744320b2ed45af5b2e761b |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 2466c98f-8d69-4445-89d2-9178399fbbf6 |
| updated_at | 2020-02-05T17:37:56Z |
+-------------------+--------------------------------------+
# 允许ssh通过
[snow@node1 log(keystone)]$ openstack security group rule create \
--protocol tcp \
--dst-port 22:22 \
secgroup1
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2020-02-05T17:38:32Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | d811bb03-d6d5-4d98-831f-f595a5dae59f |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 7146a34d5b744320b2ed45af5b2e761b |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 2466c98f-8d69-4445-89d2-9178399fbbf6 |
| updated_at | 2020-02-05T17:38:32Z |
+-------------------+--------------------------------------+
# 确认安全组规则
[snow@node1 log(keystone)]$ openstack security group rule list
+--------------------------------------+-------------+-----------+------------+--------------------------------------+--------------------------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group | Security Group |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+--------------------------------------+
| 7274d9b8-f2e1-4191-ba7b-f3b2e50e019b | None | None | | None | 2466c98f-8d69-4445-89d2-9178399fbbf6 |
| 74395b28-f58b-4d09-9439-743a487d55e0 | None | None | | df4523e2-f4d2-4294-8185-301bf6d43292 | df4523e2-f4d2-4294-8185-301bf6d43292 |
| 790c8d39-d226-4824-9939-4dd22deee402 | None | None | | df4523e2-f4d2-4294-8185-301bf6d43292 | df4523e2-f4d2-4294-8185-301bf6d43292 |
| 816f48d1-0df4-4011-b55d-f9c99689c333 | icmp | 0.0.0.0/0 | | None | 2466c98f-8d69-4445-89d2-9178399fbbf6 |
| a7e36b80-ae07-4d20-b023-218a28f7f517 | None | None | | None | df4523e2-f4d2-4294-8185-301bf6d43292 |
| d811bb03-d6d5-4d98-831f-f595a5dae59f | tcp | 0.0.0.0/0 | 22:22 | None | 2466c98f-8d69-4445-89d2-9178399fbbf6 |
| f22e6e12-8d55-4b3b-b856-49ed1de77f6e | None | None | | None | 2466c98f-8d69-4445-89d2-9178399fbbf6 |
| fefeb94b-9ce2-49df-b9e2-c00b6aa56bf2 | None | None | | None | df4523e2-f4d2-4294-8185-301bf6d43292 |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+--------------------------------------+
7) 测试
[snow@node1 log(keystone)]$ ping -c 2 192.168.10.252
PING 192.168.10.252 (192.168.10.252) 56(84) bytes of data.
64 bytes from 192.168.10.252: icmp_seq=1 ttl=64 time=1.34 ms
64 bytes from 192.168.10.252: icmp_seq=2 ttl=64 time=1.80 ms
--- 192.168.10.252 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.340/1.574/1.809/0.237 ms
[snow@node1 log(keystone)]$ ssh centos@192.168.10.252
The authenticity of host '192.168.10.252 (192.168.10.252)' can't be established.
ECDSA key fingerprint is SHA256:CRRhDDjIZPnKTrKw5T/Dtp2vQO8uuWfrfFCjqD0A7+A.
ECDSA key fingerprint is MD5:a7:c9:2a:c4:d4:0e:89:ad:48:46:e9:b0:51:f3:29:2f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.10.252' (ECDSA) to the list of known hosts.
[centos@localhost ~]$
|
3. VxLAN网络实现
3.1 拓扑
------------+---------------------------+---------------------------+------------
| | |
eth0|192.168.10.11 eth0|192.168.10.12 eth0|192.168.10.13
+-----------+-----------+ +-----------+-----------+ +-----------+-----------+
| [ Control Node ] | | [ Network Node ] | | [ Compute Node ] |
| [node1.1000cc.net] | | [node1.1000cc.net] | | [node1.1000cc.net] |
| MariaDB RabbitMQ | | Open vSwitch | | Libvirt |
| Memcached httpd | | L2 Agent | | Nova Compute |
| Keystone Glance | | L3 Agent | | Open vSwitch |
| Nova API | | Metadata Agent | | L2 Agent |
| Neutron Server | | | | |
| Metadata Agent | | | | |
+-----------------------+ +-----------+-----------+ +-----------------------+
|eth1
|
3.2 配置及实现VxLAN
1) 配置Controll节点
(1) 配置ML2
[root@node1 ~(keystone)]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于第130行,设定租户网络类型
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = vxlan
# 于第181行,定义物理网络信息
[ml2_type_flat]
flat_networks = physnet1
# 于第235行,定义vxlanID
[ml2_type_vxlan]
vni_ranges = 1:1000
(2) 重启Neutron服务
[root@node1 ~(keystone)]# systemctl restart neutron-server
2) 配置Network节点
(1) 创建桥接,以允许Vxlan与物理网络映射
# 添加桥接设备br0
[root@node3 ~]# ovs-vsctl add-br br0
# 将eth1加入至桥接设备br0
[root@node3 ~]# ovs-vsctl add-port br0 eth1
(2) 配置ML2
[root@node3 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于第130行,设定租户网络类型
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = vxlan
# 于第181行,定义物理网络信息
[ml2_type_flat]
flat_networks = physnet1
# 于第235行,定义vxlanID
[ml2_type_vxlan]
vni_ranges = 1:1000
(3) 配置ovs代理
[root@node3 ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
# 于第118行,添加Tunnel类型及特性
[agent]
tunnel_types = vxlan
l2_population = True
prevent_arp_spoofing = True
# 于第196行,定义本地IP地址及网络映射
[ovs]
local_ip = 192.168.10.13
bridge_mappings = physnet1:br0
(4) 重启服务
[root@node3 ~]# systemctl restart neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent neutron-openvswitch-agent
# 关闭防火墙
[root@node3 ~]# systemctl stop firewalld
[root@node3 ~]# systemctl disable firewalld
3) 配置Compute节点
(1) 配置ML2
[root@node2 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于130行添加租户网络类型
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = vxlan
# 于181行添加物理网络信息
[ml2_type_flat]
flat_networks = physnet1
# 于235行添加VxLAN ID范围
[ml2_type_vxlan]
vni_ranges = 1:1000
(2) 配置ovs agent
[root@node2 ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
# 于118行添加Tunnel信息及特性
[agent]
tunnel_types = vxlan
l2_population = True
prevent_arp_spoofing = True
# 于196行,定义本地IP
[ovs]
local_ip = 192.168.10.12
[root@node01 ~]# systemctl restart neutron-openvswitch-agent
# 关闭防火墙
[root@node01 ~]# systemctl stop firewalld
[root@node01 ~]# systemctl disable firewalld
|
3.3 创建VxLAN
1) 创建路由(由VxLAN至物理网络vRouter)
[root@node1 ~(keystone)]# openstack router create r1
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-02-05T17:22:47Z |
| description | |
| distributed | False |
| external_gateway_info | None |
| flavor_id | None |
| ha | False |
| id | a6c21fe2-3967-4ebc-bdaa-eeebf139e968 |
| name | r1 |
| project_id | 6f83afcc475b440bb9816ea20ba26c5f |
| revision_number | 1 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2020-02-05T17:22:47Z |
+-------------------------+--------------------------------------+
2) 创建inet_net(vNetwork)类型为vxlan
[root@node1 ~(keystone)]# openstack network create int_net --provider-network-type vxlan
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-02-05T17:23:59Z |
| description | |
| dns_domain | None |
| id | cb730b51-1289-40af-bb6d-dfb86fa91e63 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1450 |
| name | int_net |
| port_security_enabled | False |
| project_id | 6f83afcc475b440bb9816ea20ba26c5f |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | 31 |
| qos_policy_id | None |
| revision_number | 2 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2020-02-05T17:23:59Z |
+---------------------------+--------------------------------------+
################################################## 提示信息 ##################################################
# 如果打算指定VIN,可按以下命令执行
[root@node1 ~(keystone)]# openstack network create int_test_net --provider-network-type vxlan --provider-segment 222
################################################## 提示结束##################################################
3) 创建vNetwork子网
[root@node1 ~(keystone)]# openstack subnet create subnet1 \
--network int_net \
--subnet-range 192.168.188.0/24 \
--gateway 192.168.188.1 \
--dns-nameserver 192.168.10.9
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 192.168.188.2-192.168.188.254 |
| cidr | 192.168.188.0/24 |
| created_at | 2020-02-05T17:26:45Z |
| description | |
| dns_nameservers | 192.168.10.9 |
| enable_dhcp | True |
| gateway_ip | 192.168.188.1 |
| host_routes | |
| id | 9d4b9298-8ff1-4aaa-a0a4-54b3b99b7298 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | subnet1 |
| network_id | cb730b51-1289-40af-bb6d-dfb86fa91e63 |
| prefix_length | None |
| project_id | 6f83afcc475b440bb9816ea20ba26c5f |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2020-02-05T17:26:45Z |
+-------------------+--------------------------------------+
4) 将子网subne1与vRouer(r1)相连
[root@node1 ~(keystone)]# openstack router add subnet r1 subnet1
5) 创建flat扩展网络physnet1
[root@node1 ~(keystone)]# openstack network create \
--provider-physical-network physnet1 \
--provider-network-type flat \
--external ext_net
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-02-05T17:30:40Z |
| description | |
| dns_domain | None |
| id | 939def15-81bb-4ad1-babc-f95bbd93d306 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | ext_net |
| port_security_enabled | False |
| project_id | 6f83afcc475b440bb9816ea20ba26c5f |
| provider:network_type | flat |
| provider:physical_network | physnet1 |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 4 |
| router:external | External |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2020-02-05T17:30:40Z |
+---------------------------+--------------------------------------+
6) 创建flat子网subnet2,并划分地址及相关信息,实例IP由手工指定,关闭DHCP
[root@node1 ~(keystone)]# openstack subnet create subnet2 \
--network ext_net \
--subnet-range 192.168.10.0/24 \
--allocation-pool start=192.168.10.220,end=192.168.10.229 \
--gateway 192.168.10.1 \
--dns-nameserver 192.168.10.9 \
--no-dhcp
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 192.168.10.220-192.168.10.229 |
| cidr | 192.168.10.0/24 |
| created_at | 2020-02-05T17:33:44Z |
| description | |
| dns_nameservers | 192.168.10.9 |
| enable_dhcp | False |
| gateway_ip | 192.168.10.1 |
| host_routes | |
| id | 1fe4b0c8-4e38-44e6-a518-c978cbeb65d4 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | subnet2 |
| network_id | 939def15-81bb-4ad1-babc-f95bbd93d306 |
| prefix_length | None |
| project_id | 6f83afcc475b440bb9816ea20ba26c5f |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2020-02-05T17:33:44Z |
+-------------------+--------------------------------------+
7) 将子网subne2与vRouer(r1)相连
[root@node1 ~(keystone)]# openstack router set r1 --external-gateway ext_net
8) 授权网络访问
# 默认情况下,所有项目都可以访问外部网络,但对于内部网络,只有管理项目可以访问它,因此请将内部网络的访问权限授予希望让项目中的用户使用的项目。
[root@node1 ~(keystone)]# openstack network rbac list
+--------------------------------------+-------------+--------------------------------------+
| ID | Object Type | Object ID |
+--------------------------------------+-------------+--------------------------------------+
| ca51169f-d083-43e0-b1b9-91c978fa2a31 | network | 939def15-81bb-4ad1-babc-f95bbd93d306 |
+--------------------------------------+-------------+--------------------------------------+
[root@node1 ~(keystone)]# openstack network rbac show ca51169f-d083-43e0-b1b9-91c978fa2a31
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| action | access_as_external |
| id | ca51169f-d083-43e0-b1b9-91c978fa2a31 |
| name | None |
| object_id | 939def15-81bb-4ad1-babc-f95bbd93d306 |
| object_type | network |
| project_id | 6f83afcc475b440bb9816ea20ba26c5f |
| target_project_id | * |
+-------------------+--------------------------------------+
[root@node1 ~(keystone)]# openstack network list
+--------------------------------------+---------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+---------+--------------------------------------+
| 939def15-81bb-4ad1-babc-f95bbd93d306 | ext_net | 1fe4b0c8-4e38-44e6-a518-c978cbeb65d4 |
| cb730b51-1289-40af-bb6d-dfb86fa91e63 | int_net | 6bc229eb-e0bd-4336-a84e-597888da1ed4 |
+--------------------------------------+---------+--------------------------------------+
[root@node1 ~(keystone)]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 1be75e85ec9445ab9ff7dd7ec2f02b71 | service |
| 6f83afcc475b440bb9816ea20ba26c5f | admin |
| 7146a34d5b744320b2ed45af5b2e761b | 1000cc |
+----------------------------------+---------+
# 授权inet_net访问1000cc租户
[root@node1 ~(keystone)]# netID=$(openstack network list | grep int_net | awk '{ print $2 }')
[root@node1 ~(keystone)]# prjID=$(openstack project list | grep 1000cc | awk '{ print $2 }')
[root@node1 ~(keystone)]# openstack network rbac create \
--target-project $prjID \
--type network \
--action access_as_shared $netID
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| action | access_as_shared |
| id | 01ec407e-bd6f-4cb9-8ce6-2da45b736b0d |
| name | None |
| object_id | cb730b51-1289-40af-bb6d-dfb86fa91e63 |
| object_type | network |
| project_id | 6f83afcc475b440bb9816ea20ba26c5f |
| target_project_id | 7146a34d5b744320b2ed45af5b2e761b |
+-------------------+--------------------------------------+
|
3.4 测试
1) 设定租户管理员环境
[root@node1 ~(keystone)]# su - snow
[snow@node1 ~]$ vim keystonerc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=1000cc
export OS_USERNAME=snow
export OS_PASSWORD=userpassword
export OS_AUTH_URL=http://192.168.10.11:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[\u@\h \W(keystone)]\$ '
[snow@node1 ~]$ chmod 600 ~/keystonerc
[snow@node1 ~]$ source ~/keystonerc
[snow@node1 ~(keystone)]$ echo "source ~/keystonerc " >> ~/.bash_profile
2) 确认实例创建所需要的信息
[snow@node1 ~(keystone)]$ openstack flavor list
+----+----------+------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+----------+------+------+-----------+-------+-----------+
| 0 | m1.small | 2048 | 10 | 0 | 1 | True |
+----+----------+------+------+-----------+-------+-----------+
[snow@node1 ~(keystone)]$ openstack image list
+--------------------------------------+------+--------+
| ID | Name | Status |
+--------------------------------------+------+--------+
| d2cf4454-09a0-43fa-83b4-aaa9df0f5919 | c77 | active |
+--------------------------------------+------+--------+
[snow@node1 ~(keystone)]$ openstack network list
+--------------------------------------+---------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+---------+--------------------------------------+
| 939def15-81bb-4ad1-babc-f95bbd93d306 | ext_net | 1fe4b0c8-4e38-44e6-a518-c978cbeb65d4 |
| cb730b51-1289-40af-bb6d-dfb86fa91e63 | int_net | 6bc229eb-e0bd-4336-a84e-597888da1ed4 |
+--------------------------------------+---------+--------------------------------------+
3) 创建安全组
[snow@node1 ~(keystone)]$ openstack security group create secgroup1
+-----------------+-------------------------------------------------------------------------------+
| Field | Value |
+-----------------+-------------------------------------------------------------------------------+
| created_at | 2020-02-05T17:51:59Z |
| description | secgroup1 |
| id | 7b9e72c8-adf8-4dac-8665-d55aca52c419 |
| name | secgroup1 |
| project_id | 7146a34d5b744320b2ed45af5b2e761b |
| revision_number | 2 |
| rules | created_at='2020-02-05T17:51:59Z', direction='egress', ethertype='IPv4'...... |
| | created_at='2020-02-05T17:52:00Z', direction='egress', ethertype='IPv6'...... |
| updated_at | 2020-02-05T17:52:00Z |
+-----------------+-------------------------------------------------------------------------------+
4) 设定连接秘钥并添加公钥
[snow@node1 ~(keystone)]$ ssh-keygen -q -N ''
Enter file in which to save the key (/home/snow/.ssh/id_rsa):
[snow@node1 ~(keystone)]$ openstack keypair create --public-key ~/.ssh/id_rsa.pub snowkey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 79:d2:ec:99:80:13:54:07:88:6b:69:e9:6e:d2:46:b5 |
| name | snowkey |
| user_id | 54f3ece13d6147928303ef4112e1f0e9 |
+-------------+-------------------------------------------------+
5) 创建实例
(1) 获取inet_net的ID,作为实例所使用的网络
[snow@node1 ~(keystone)]$ netID=$(openstack network list | grep int_net | awk '{ print $2 }')
(2) 创建实例
[snow@node1 ~(keystone)]$ openstack server create \
--flavor m1.small \
--image c77 \
--security-group secgroup1 \
--nic net-id=$netID \
--key-name snowkey c7
+-----------------------------+---------------------------------------------+
| Field | Value |
+-----------------------------+---------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | fz8PW6umi8Bm |
| config_drive | |
| created | 2020-02-05T18:01:37Z |
| flavor | m1.small (0) |
| hostId | |
| id | 1e0fe2ea-c5d7-4155-b67f-7b73eb3dcb55 |
| image | c77 (d2cf4454-09a0-43fa-83b4-aaa9df0f5919) |
| key_name | snowkey |
| name | c7 |
| progress | 0 |
| project_id | 7146a34d5b744320b2ed45af5b2e761b |
| properties | |
| security_groups | name='7b9e72c8-adf8-4dac-8665-d55aca52c419' |
| status | BUILD |
| updated | 2020-02-05T18:01:37Z |
| user_id | 54f3ece13d6147928303ef4112e1f0e9 |
| volumes_attached | |
+-----------------------------+---------------------------------------------+
[snow@node1 ~(keystone)]$ openstack server list
+--------------------------------------+------+--------+-----------------------+-------+----------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+------+--------+-----------------------+-------+----------+
| 1bc4c9dd-ec97-44ca-aac8-8ed9b95778b8 | c7 | ACTIVE | int_net=192.168.188.5 | c77 | m1.small |
+--------------------------------------+------+--------+-----------------------+-------+----------+
6) 为实例添加floating IP
(1) 获取flating ip
[snow@node1 ~(keystone)]$ openstack floating ip create ext_net
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2020-02-05T18:10:21Z |
| description | |
| fixed_ip_address | None |
| floating_ip_address | 192.168.10.223 |
| floating_network_id | 939def15-81bb-4ad1-babc-f95bbd93d306 |
| id | 7b56cf54-780d-43cd-923e-227cd9c9c06d |
| name | 192.168.10.223 |
| port_id | None |
| project_id | 7146a34d5b744320b2ed45af5b2e761b |
| qos_policy_id | None |
| revision_number | 0 |
| router_id | None |
| status | DOWN |
| subnet_id | None |
| updated_at | 2020-02-05T18:10:21Z |
+---------------------+--------------------------------------+
(2) 将flating ip与实例关联
[snow@node1 ~(keystone)]$ openstack server add floating ip c7 192.168.10.223
[snow@node1 ~(keystone)]$ openstack server list
+-------+------+--------+---------------------------------------+-------+----------+
| ID | Name | Status | Networks | Image | Flavor |
+-------+------+--------+---------------------------------------+-------+----------+
| 1bc4..| c7 | ACTIVE | int_net=192.168.188.5, 192.168.10.223 | c77 | m1.small |
+-------+------+--------+---------------------------------------+-------+----------+
(3) 开放ping及ssh安全组规则
[snow@node1 ~(keystone)]$ openstack security group rule create --protocol icmp --ingress secgroup1
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2020-02-05T18:16:11Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | e0a8c6b8-65cc-4028-ac67-a2f9edaefbdf |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 7146a34d5b744320b2ed45af5b2e761b |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 7b9e72c8-adf8-4dac-8665-d55aca52c419 |
| updated_at | 2020-02-05T18:16:11Z |
+-------------------+--------------------------------------+
[snow@node1 ~(keystone)]$ openstack security group rule create --protocol tcp --dst-port 22:22 secgroup1
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2020-02-05T18:16:49Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | bcbb7534-8068-487d-851a-133607c2e276 |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 7146a34d5b744320b2ed45af5b2e761b |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 7b9e72c8-adf8-4dac-8665-d55aca52c419 |
| updated_at | 2020-02-05T18:16:49Z |
+-------------------+--------------------------------------+
[snow@node1 ~(keystone)]$ openstack security group rule list
+---------+-------------+-----------+------------+----------------------+---------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group| Security Group|
+---------+------------+------------+------------+----------------------+---------------+
| 0c78... | None | None | | None | 7b9e......... |
| 1f1b... | None | None | | None | 7b9e......... |
| 8a8c... | None | None | | None | f120......... |
| 91b1... | None | None | | f120... | f120......... |
| 9584... | None | None | | None | f120......... |
| bcbb... | tcp | 0.0.0.0/0 | 22:22 | None | 7b9e......... |
| d9b3... | None | None | | f120... | f120......... |
| e0a8... | icmp | 0.0.0.0/0 | | None | 7b9e......... |
+---------+-------------+-----------+------------+----------------------+---------------+
7) 测试
(1) ping测试
[snow@node1 ~(keystone)]$ ping -c 2 192.168.10.223
PING 192.168.10.223 (192.168.10.223) 56(84) bytes of data.
64 bytes from 192.168.10.223: icmp_seq=1 ttl=63 time=4.07 ms
64 bytes from 192.168.10.223: icmp_seq=2 ttl=63 time=2.23 ms
--- 192.168.10.223 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 2.230/3.151/4.073/0.923 ms
(2) ssh登录测试
[snow@node1 ~(keystone)]$ ssh centos@192.168.10.223
The authenticity of host '192.168.10.223 (192.168.10.223)' can't be established.
ECDSA key fingerprint is SHA256:CRRhDDjIZPnKTrKw5T/Dtp2vQO8uuWfrfFCjqD0A7+A.
ECDSA key fingerprint is MD5:a7:c9:2a:c4:d4:0e:89:ad:48:46:e9:b0:51:f3:29:2f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.10.223' (ECDSA) to the list of known hosts.
[centos@c7 ~]$
(3) vmc测试
# 获取url地址并复制
[snow@node1 ~(keystone)]$ openstack console url show c7
+-------+------------------------------------------------------------------------------------+
| Field | Value |
+-------+------------------------------------------------------------------------------------+
| type | novnc |
| url | http://192.168.10.11:6080/vnc_auto.html?token=c466247b-0f46-4dba-a3e4-5a06f530fc89 |
+-------+------------------------------------------------------------------------------------+
# 使用浏览器访问
[浏览器]==>复制rul地址==>打开实例
|
4. Nova热迁移
1) 至少配置好一个neutron的网络类型---FALT/VxLAN---本操作为VxLAN网络类型
2) 增加一个新的Nova Compute节点---node98.1000y.cloud
3) 以NFS作为后端共享存储
[root@node99 ~]# yum install nfs-utils -y
[root@node99 ~]# vim /etc/idmapd.conf
取消第5行注释,并更改所在的domain_name
Domain = 1000y.cloud
[root@node99 ~]# vim /etc/exports
/mnt/vms *(rw,no_root_squash)
[root@node99 ~]# mkdir -v /mnt/vms
[root@node99 ~]# systemctl enable --now rpcbind nfs-server
4) 将现存在云实例删除
[snow@node1 ~(keystone)]$ openstack server delete centos78
5) 将NFS共享目录挂载到所有的计算节点上---忽略控制节点(一般情况下控制节点不应该成为计算节点)
[root@node2 ~]# mount.nfs srv98.1000y.cloud:/mnt/vms /var/lib/nova/instances
[root@node2 ~]# chown nova. -R /var/lib/nova/instances
[root@node98 ~]# mount.nfs srv98.1000y.cloud:/mnt/vms /var/lib/nova/instances
[root@node98 ~]# chown nova. -R /var/lib/nova/instances
6) 修改所有计算节点的libvirtd服务的配置
# Nova热迁移的时候将采用qemu+tcp方式迁移,需要libvirtd监听端口16509才可迁移成功
# 以node2为例
[root@node2 ~]# vim /etc/libvirt/libvirtd.conf
......
......
# 于文件最底部追加如下内容
listen_tls = 0
listen_tcp = 1
unix_sock_group = "root"
unix_sock_rw_perms = "0777"
auth_unix_ro = "none"
auth_unix_rw = "none"
log_filters="2:qemu_monitor_json 2:qemu_driver"
log_outputs="2:file:/var/log/libvirt/libvirtd.log"
tcp_port = "16509"
listen_addr = "0.0.0.0"
auth_tcp = "none"
[root@node2 ~]# vim /etc/sysconfig/libvirtd
......
......
# 于第9行,取消注释
LIBVIRTD_ARGS="--listen"
......
......
[root@node2 ~]# systemctl restart libvirtd
[root@node2 ~]# netstat -lantp | grep 16509
tcp 0 0 0.0.0.0:16509 0.0.0.0:* LISTEN 7139/libvirtd
7) 重新生成云实例---云实例将保存在NFS共享存储上
[snow@node1 ~(keystone)]$ netID=$(openstack network list | grep int_net | awk '{ print $2 }')
[snow@node1 ~(keystone)]$ openstack server create --flavor m1.small \
--image c78 --security-group secgroup1 --nic net-id=$netID \
--key-name snowkey centos78
[snow@node1 ~(keystone)]$ openstack server add floating ip centos78 192.168.1.251
[snow@node1 ~(keystone)]$ openstack server list
+----------------+----------+--------+--------------------------------------+-------+----------+
| ID | Name | Status | Networks | Image | Flavor |
+----------------+----------+--------+--------------------------------------+-------+----------+
| 20bd4e28...... | centos78 | ACTIVE | int_net=192.168.188.4, 192.168.1.251 | c78 | m1.small |
+----------------+----------+--------+--------------------------------------+-------+----------+
8) 实现热迁移
# 必须使用Openstack admin的账户迁移。默认情况下其他账户不具有迁移权限
(1) 未迁移前,云实例在node2节点上
[root@node1 snow(keystone)]# openstack server list --all-projects --long -c Name -c Host
+----------+-------------------+
| Name | Host |
+----------+-------------------+
| centos78 | node2.1000y.cloud |
+----------+-------------------+
(2) 迁移
迁移命令的语法:
--live 计算节点 云实例名称or虚拟机-ID
[root@node1 snow(keystone)]# openstack server migrate --live node98.1000y.cloud $vm-id
(3) 验证云实例在node98节点上
[root@node1 snow(keystone)]# openstack server list --all-projects --long -c Name -c Host
+----------+--------------------+
| Name | Host |
+----------+--------------------+
| centos78 | node98.1000y.cloud |
+----------+--------------------+
|
如对您有帮助,请随缘打个赏。^-^