|
在openstack上的虚拟机绑定vip 有些情况下,客户想在openstack的虚拟机上配置vip搭建高可用集群,下面我就简单的说下在openstack上的虚拟机如何绑定vip& o$ U2 X; `: R; r
操作步骤1、导入环境变量 source admin-openrc# P6 X' P* B W
# Z1 q. u4 w' G2 Q
2、执行命令neutron net-list查看网络,找到自己需要设置的网络,获取subnet_id和network_id neutron net-list id | name | tenant_id | subnets 32482d56-bb40-4b7f-85df-3be3a460e441 | HA network tenant 7ba30c1e519d4d6eb8f1ace2cfbf30d3 | | 860bf95f-4775-4fac-af88-db392f254416 169.254.192.0/18 7cc26554-2795-4a53-b053-34ec1b4c90f2 | web | 7ba30c1e519d4d6eb8f1ace2cfbf30d3 | 4b1f707b-8842-4ce0-acba-4f0de304459b 192.168.1.0/24 ; f: L! o- [: r5 _% E
1
1 p+ k# u; O! X% X2
9 S! E* p4 }/ I8 y0 N' ~( L3
4 I; L4 {' Z- B% E" H9 F# j40 o3 t: i" P# \$ }
5
/ J% a/ E; b4 } I0 Y0 @6
" T) z5 T4 l- s Q9 ]( H7
. F3 m v; c6 j( C5 H% W3 A! e4 n8
$ j# P4 M) S' K0 n& ]7 n | # neutron net-list* \$ L3 i4 D \7 R$ i% k
+--------------------------------------+----------------------------------------------------+----------------------------------+-------------------------------------------------------+
8 Z3 t7 W( |% }. b* n| id | name | tenant_id | subnets |
( y1 V1 }3 E* O6 J- _ Y+--------------------------------------+----------------------------------------------------+----------------------------------+-------------------------------------------------------+
8 L2 D( d0 X$ t8 A1 t1 d2 L| 32482d56-bb40-4b7f-85df-3be3a460e441 | HA network tenant 7ba30c1e519d4d6eb8f1ace2cfbf30d3 | | 860bf95f-4775-4fac-af88-db392f254416 169.254.192.0/18 |
?# j% `( Z) y- s/ {! Z. z0 s| 7cc26554-2795-4a53-b053-34ec1b4c90f2 | web | 7ba30c1e519d4d6eb8f1ace2cfbf30d3 | 4b1f707b-8842-4ce0-acba-4f0de304459b 192.168.1.0/24 |( \# ~' _( h B4 n- w3 Z1 J* X
| d0ad534f-1bcd-43b0-aa0c-edee32520020 | public | 21c161dda51147fb9ff527aadfe1d81a | 9a7f07e5-e906-4622-8bc6-def64b3622ec 172.18.23.0/24 |
$ j( B5 G# G4 |$ t0 A4 v+--------------------------------------+----------------------------------------------------+----------------------------------+-------------------------------------------------------+* V5 s. T; ?- A1 x/ Q6 w
|
! i7 I8 g. Y E" L. u. m
 : {% X3 H* b2 m6 P8 r. F
3、创建port来占用ip,保证neutron不会将此IP在分配出去,导致IP冲突问题。* s& N3 j0 a( b/ ~! f% j
1
5 a7 s: F! O, e$ S2
: a6 C4 i' d3 b" g" k) X3 b$ G32 ]1 F) T# `0 l( w% g, ~1 \! v
4 O5 r: H! j- N& x0 b Y
5 ^2 j5 B) J9 p' Z1 ~0 Y
| neutron port-create --fixed-ip subnet_id=<subnet_id>,ip_address=<vip> <network_id>0 K/ `1 b/ T$ i+ I
注:
% |; P* ?7 g0 K/ r0 c: Y I) W' a 替换subnet_id为neutron net-list中查看到的subnet_id
. n: Q: Y4 I# f5 p) d 替换vip为需要配置的vip地址
8 I6 d% r1 x/ x; b/ } 替换network_ID为neutron net-list中查看到的network_id
3 @7 N8 ]* I1 K; ?# u) b: P |
# {! o# F5 g- L具体命令如下1 _: w" y6 F! C4 v" f
14 v! |5 @; m5 d2 ?0 J3 p6 M
2+ r0 |4 q* a! u( |* B, @* l) I' b4 G
3
+ g/ f+ Z/ T% L( t- s9 C& L47 T6 J9 s6 E' J6 Z- d9 R
5/ z0 ^' L% |6 g
60 G# }3 N* m# _5 n8 H
7
- g' @/ c n m9 m' X# ^5 i5 Y d8
# ~' j. C: f- ]& l; j& c1 ?9; S" r9 U6 x8 [$ w2 z* O2 ?
10
0 c, R8 L6 W$ {1 ^113 A2 x/ _* K3 {5 g( J
124 L2 ~' F3 `( p$ p7 K
13) m: ?# K! ?, D
14
% U% X0 T/ Y2 @7 m" b. B2 C15
0 Y; A7 V" C. i7 N! r16
% T- k& n9 T9 h17! ^7 w% X& H, x" @+ h/ x+ ?
18
0 \7 f) S+ o) Y7 \19
) v9 H2 j. S R, a+ h, a6 K% u209 D: @% D0 `3 y8 A n" U
21' ]3 o! ], T" w, G0 b" v
22- l! Y1 F* D& H+ _" o. n3 ]
23% u$ ]+ B5 E9 |
24
0 A" g$ @6 G( U9 \) ?& l9 E2 e6 l25. T G0 C+ f- m( Z" a
265 V8 F9 S- l" W$ X$ u. O1 g* V9 D
27
) U5 @9 @' `6 o1 h3 j( Q! ?28$ {/ t% A! {2 a& t! W6 y9 j1 i; U
295 t, |. {- z3 [: X) d3 n x; g
30; o% @; U! B% ]
31
) X$ [+ p+ H* r4 W% [" d | # neutron port-create --fixed-ip subnet_id=9a7f07e5-e906-4622-8bc6-def64b3622ec,ip_address=172.18.23.10 d0ad534f-1bcd-43b0-aa0c-edee325200209 T' _; J, ?; _% r; C) s, b i
Created a new port:
: P- {, s& E2 h5 a+-----------------------+-------------------------------------------------------------------------------------+, f6 q$ |. {& K6 L5 ^
| Field | Value |
6 W/ p; \, b3 a& h" t+-----------------------+-------------------------------------------------------------------------------------+
; ~! O0 y$ R. R8 [| admin_state_up | True |" x* o1 p$ n' s! j3 x
| allowed_address_pairs | |# g! V1 ~/ S) y6 h& W4 v S4 P+ |
| binding:host_id | |4 T; ~, L: \% X3 G5 A6 J* A0 G
| binding:profile | {} |, N- |% S, B) W* C6 r9 C
| binding:vif_details | {} |
8 n2 o) \/ S: u4 W( W5 I7 A$ T( w+ I# i ^4 \| binding:vif_type | unbound |
. f2 c' F" w- L* r: H+ D9 ]| binding:vnic_type | normal |( A4 M) o& R& h. t
| created_at | 2017-11-28T02:35:17Z |
8 w. y' f3 u ^3 g, o- M| description | |' h0 s" L5 a, V9 ]! _
| device_id | |
( h6 E1 @9 Y# w| device_owner | |
: M' W$ y% G9 M. q8 x, R| extra_dhcp_opts | |* @ |3 E6 z8 _* b$ s
| fixed_ips | {"subnet_id": "9a7f07e5-e906-4622-8bc6-def64b3622ec", "ip_address": "172.18.23.10"} |
$ e6 T" \! Q, H1 v' x' D| id | 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63 |/ s' X: m, h7 {: |2 Q' d
| mac_address | fa:16:3e:ea:81:a6 |
2 ^9 M, @# R7 b| name | |
% C2 e% Q1 f& r0 C| network_id | d0ad534f-1bcd-43b0-aa0c-edee32520020 |* N6 w' M( @4 ~* U' g
| port_security_enabled | True |6 a6 l+ \. T3 N5 `% K- P8 b
| project_id | 21c161dda51147fb9ff527aadfe1d81a |
|; @* Y- e9 U5 H| revision_number | 5 |
$ G" C4 V! |( U" W| security_groups | abfba384-55f2-4eed-902a-712369be9604 |: w. \2 ~" }- Y; s- J
| status | DOWN |
+ b0 A- u. H/ t( d1 x- ?. K| tags | |
4 P5 H( i6 A2 G: U| tenant_id | 21c161dda51147fb9ff527aadfe1d81a |
& d/ F4 `* ?2 \6 v1 r! || updated_at | 2017-11-28T02:35:18Z |
# ]; ~1 `+ c7 u1 a, k+-----------------------+-------------------------------------------------------------------------------------+2 }0 m1 d6 G) k; N4 B; C% x
|
, M; O: V3 D3 b
6 ~! g& B% K1 T9 P1 t4、执行命令neutron port-list查看端口,找到VIP的Port ID以及需要使用VIP的虚拟机的IP对应的Port id4 C' ]! b& h/ Y$ A. g. u- M$ S7 h. @, ~6 O
比如两台虚拟机做HA绑定vip,那么需要查看两台虚拟机的port ID和这个vip的port ID8 I' b' c2 Y7 _4 t; \
15 M% u% x% J! z: I# v6 h
2# F! h! {- c6 M/ r% E; E
| # neutron port-list|grep 172.18.23.105 K. }8 M% r3 E! _5 @
| 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63 | | 21c161dda51147fb9ff527aadfe1d81a | fa:16:3e:ea:81:a6 | {"subnet_id": "9a7f07e5-e906-4622-8bc6-def64b3622ec", "ip_address": "172.18.23.10"} |
5 q* H9 N. P4 a4 g. l |
% w& z/ i$ G$ |7 y5 T5 Z6 ~8 Z% q
可以看出vip172.18.23.10的port id为7c7ccc26-9ac9-4ef7-8178-2b97218b1d63.& h5 P4 _) t+ z7 M$ \* p' T
5、取消安全组对应端口的管理0 `' j) [8 F+ W9 ~
1" r4 ~; h: L9 O! {
29 k( Y; N7 y, X3 g b* L! e, p
3! q4 h" O# X2 Z- `; K9 C
4
' o9 @; W8 ^& ^1 y8 }4 J6 H | neutron port-update --no-security-groups <Port_id>1 M, N. o+ Q6 c
neutron port-update --port_security_enabled=false <Port_id>: H$ |9 n5 W! R4 w- N! a% [& x
注:
' ]! g9 e" v4 r) [4 Z 替换Port_id为之前neutron port-list中找到的Port_id( m8 l2 S7 V% k# m, z. N( m( ~
|
& H; P, n: J A) A! z% t
具有命令如下:% S1 N, z: c C
17 G% Y$ R8 n$ n6 _( m
2
' l( j9 d+ k# m) Z. x7 ~3
1 |" J' I! Y( B# V5 x4. P7 J8 j5 {5 W# @2 p7 l$ z$ E
| # neutron port-update --no-security-groups 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63, g0 s/ W' I# c( ?2 [
Updated port: 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63
5 n2 X' C- P; C( d# neutron port-update --port_security_enabled=false 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63: i+ r6 |7 O4 }" Q; O
Updated port: 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63
' e6 ]) t* w8 }! A, ] |
5 }+ c$ C% F# s1 A, T. L& K9 v
6、此时执行命令neutron port-show
' p/ z' m: r/ t# a- e0 k7 q1 N
$ E* b" f/ d, h- r- ^- [可看到port_security_enabled的value为False,security_groups的value为空,即OK,这样两个端口就没有了安全组了。: r+ h5 I, O6 [( S# S& Y6 l
7、意思就是对VIP和需要使用VIP的虚拟机都执行4、5、6步,比如配置HA,VIP+两台虚拟机,总共3个Port,都需要执行4、5、6步
- ?% s5 E4 s) X" H$ ?' K然后就可以在这两台虚拟机上搭建keepalived集群使用172.18.23.10这个vip了。 |
发表于 2018-12-20 11:42:47