|
|
配置vxlan
) F* F" B& Y) A4 D; y# J. j) ~2 Z& e, S
各个控制节点
* O4 [( N& T$ k0 }$ ]) w6 B8 K) P2 o. v+ l! T8 l
修改配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
: Q' s* H$ B, R1 e% J3 C3 P+ x
; d6 ^# U, f. C+ k5 ~ X: w, oopenstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan+ `8 h* |* v, ^- w! `, t; T5 B7 B
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks physnet1% v& h- Z* o2 G( ~5 _
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
% {# P& L$ z- G# Y
2 M b0 h- T+ V: K8 m重启服务+ \: q2 M4 {# _& k' ?1 l- m
$ w/ T# Z, \' l& [4 d+ M7 t% g
+ d3 `' c3 J" C. A5 n1 m8 l
: z9 I2 g' o- L: u. I( w3 U# systemctl restart neutron-server
1 g# M8 O. c m! p: P: @/ s2 G& K& t+ G# r6 O3 D5 u# J
创建网桥" h3 J) q( @5 X9 p
6 O8 e/ O* m" o2 D& v2 o) Y# R3 ~" H o l
3 s0 |9 Z" a. T$ x( `" G# H; c8 S
# ovs-vsctl add-br br-eth1 ' d$ ^/ O! b% q- J
4 o. g2 l" c1 e( L) X) Q4 c' f5 N t将网卡加到网桥中0 [3 z3 j& G- j
1 q9 E& M, d3 B2 Z- g
( p" Q) O( H* k, e2 @/ Q2 u
1 ?0 n/ s# p- O9 Q% z, A D1 V- p
# ovs-vsctl add-port br-eth1 ens33& W6 T4 c! G; K
+ N$ x( |$ G; Y' M2 v4 T. _' ^修改配置文件/etc/neutron/plugins/ml2/openvswitch_agent.ini
, f+ D+ ~- O) h! r7 \3 W- Z4 x' n+ B( N3 _) A! m/ b3 n% Q
2 {1 S7 ^ x F5 R" m% J, Z$ y5 a( C& W' C3 C- }7 g# m
[agent]1 {$ S7 d' h9 B. T* x: t
tunnel_types = vxlan) x T" K$ B% n) N$ b7 K5 D( `+ X
l2_population = True7 ^8 ^3 o" J# r# j, D0 Z' R3 _
prevent_arp_spoofing = True# ~8 C9 m2 o$ o0 j0 u9 h
[ovs]
7 f+ ]9 l3 q6 M4 ]1 f0 c1 _1 Zlocal_ip = 172.16.8.60 #各个节点的管理网IP5 A l( g) {( a$ Z; v/ i
bridge_mappings = physnet1:br-eth1. z4 v* G$ n* B: ]: Q
% k+ p/ l# L/ [% i重启neutron服务
: I4 l# f6 q" [ {; Q9 m+ ~# F& \/ x' _; v; [( s
! S6 T, g4 [" y6 P5 B5 n/ q3 q1 R2 s( t& L: U4 A3 x7 T$ c
# for service in dhcp-agent l3-agent metadata-agent openvswitch-agent; do
# B; G+ U6 p# D! `8 \- Osystemctl restart neutron-$service
4 ]3 u4 I" j) N8 |* r* ]% Vdone. X: t3 }7 ?; Y- v t+ R; m6 k* q. e
' m/ `2 C' D( d% k/ s
计算节点
7 h5 c0 x: R# i7 F* R* U
5 k/ `* p" H8 v3 o: y修改配置文件/etc/neutron/plugins/ml2/ml2_conf.ini; k. z, f: H- c' T
; ~7 t1 U% ~4 w" e( Xopenstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan% w) J, k$ W3 K* {7 z) k
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks physnet1( i+ O! X$ S) ^: H
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000) i" F& Q' N* @6 N# j7 j
* D: v4 ~, a D6 w4 s
修改配置文件/etc/neutron/plugins/ml2/openvswitch_agent.ini: ~" U& Q9 e( z8 p: o
: G4 {5 i- C/ `* g& C7 i1 P8 N! f4 f# Q! S3 d2 V# n! @
4 T, d P# R# m) ^7 n
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent tunnel_types vxlan
x; m% c ^4 d2 Mopenstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent l2_population True" [4 @% j1 ^) d$ y. h; t
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini prevent_arp_spoofing True
# k+ o5 {- _0 O5 G- ?openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs local_ip 172.16.8.63/ M7 P; h5 d6 d3 [/ G; G3 A
% n3 l5 P4 c- }, ~+ h+ j
重启服务
3 l3 s4 y- T4 L0 d/ R* F- ?2 _9 T0 u6 I% c( v- r
1 t6 k, N/ p! ~, J
7 L+ E8 b* S8 s- Q) K. |/ j. m# systemctl restart neutron-openvswitch-agent& o# W3 b2 u9 B5 r( Y( M& K9 Y
3 z6 X1 @6 t2 I2 {) D
配置drv) @- s) i% u. R, S3 m; m% A) W+ }* S
' k! Z: q1 E. X! y" _* c3 C8 k$ C" a控制节点:: ~! }& p" j, J6 ?' G$ X
) _6 ^* l& ?6 i$ e1 e
openstack-config --set /etc/neutron/neutron.conf DEFAULT router_distributed True6 Z0 |" ?9 O& [! ?
- @6 `' J/ ^+ R2 B& \5 u+ b1 j0 R: o
2 F$ m( g4 s* e- N/ A" J1 \3 X. @; i
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini DEFAULT enable_distributed_routing True Z/ D& `; R8 B a$ ~' b6 n
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr_snat
4 [: `. N! d2 t5 O6 }0 L8 Y. S) h计算节点:- U k# q# W1 K; s
. E% h4 `# h) N修改配置文件/etc/neutron/l3_agent.ini$ X5 l! x1 G: a1 d$ K
; p6 R+ S5 V8 P# cp -a /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini_bak- Z' k9 b: e7 c u* h5 k1 E- e1 s
2 f* z% _8 S# n! M0 C- J3 V. ^& E& w! p3 v0 j* A' ~" u4 j$ ]& c( N
" p( N- z1 i- \ y[DEFAULT]
" a7 N, A! w% R5 a1 ?2 x ^$ @/ Zinterface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
: q1 h! e0 O- X* p% J, ?! E t" K$ ]' r1 w; M: I% ~ Z# q
- l! ?, ~5 V& S; j) Y% q, N
2 R6 J( B0 [( }( R, _openstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr
& W- B& ~; _$ w$ M f0 t% Qopenstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini DEFAULT enable_distributed_routing True: H* P4 r9 a# b7 I
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs bridge_mappings physnet1:br-eth1, I$ X' M5 \( P7 P. a& p
2 q. u/ [+ i* o. v; x- J
创建网桥/ s q/ _/ n. `$ n' u1 W
! z, W' k& W7 c8 j8 n9 z9 R
1 M+ p5 |' o' R8 s5 A9 W% ~6 `; s- u: R, y
ovs-vsctl add-br br-eth1
6 @1 }, ~1 H6 B/ K* [9 w8 S1 R3 @/ `ovs-vsctl add-port br-eth1 ens33(业务网)
" t+ ^2 y3 k& b. i# v0 a
; u* n/ j; J5 x# d计算节点上重启 neutron-l3-agent服务(默认没开启)1 I2 @; `. P/ A9 c2 c
3 E' e# B* m% [# _9 q
' e# {* t: k# Q( b9 r y8 f
, C7 o7 s' m: y# a- _( Fsystemctl restart neutron-l3-agent.service
, S) w) R) p# K' d* ~5 }$ k8 fsystemctl enable neutron-l3-agent.service
9 `4 B+ D$ m6 h+ f! W8 A. ~+ H1 ?& w2 R' P# e
验证
5 }" l# v& S* x9 u6 k! A6 B0 t; o7 E9 w p O3 ?, Z
创建路由器9 C* X; j5 _* d" j& j6 J: \
) B% e3 R2 P1 S( p j8 B
+ f# W+ E; W2 I, ]
3 f) p: Q+ w. U; R2 o! \# openstack router create router01
! I& p- A9 U6 l6 V
5 x* G" M- j; b9 |! }+ L创建内部网络- U, ? V6 [ e
7 p ~0 d( W6 X- o' H
; e/ ?- I+ t9 \4 S2 d, v6 I5 S D" K) _
# openstack network create int_net --provider-network-type vxlan , K- e* ]: O. I7 i
$ Q) H8 g; l" |: P& L, N, S
创建子网 A# [8 z) a4 t/ \" D- {/ K2 r
, R- n) C+ k$ \
/ v1 t, I4 x9 ^; C3 K! x5 g. a2 p% D( W7 \% |6 z
# openstack subnet create subnet1 --network int_net \( S3 T9 t7 g8 `
--subnet-range 10.18.100.0/24 --gateway 10.18.100.1 \
4 q" D |3 U I0 y8 I. _1 V, G--dns-nameserver 114.114.114.114
' n7 g- v; ]8 s8 v, X# Y. S" P& k' N) H; j, j
将内部网络添加到路由器上! ?1 d7 X2 r) t; o
1 R# c+ |" j9 C0 B7 W! T3 \, ~5 T/ x) Z5 e: Z+ J% Q
5 K- G: B; v% q& {5 i" {$ p# openstack router add subnet router01 subnet1, A {. d F3 k1 K- b9 U
9 |* \) z. F, W2 o8 V& s创建外部网络; P: P# q0 z, l7 g' p3 }
. r: J6 a7 B$ P( j- `
2 i: r+ E9 t+ \; N
2 F% d6 \ V- F" M! W# openstack network create \
8 B! s( S8 V9 h: ]1 h' r--provider-physical-network physnet1 \
& A) v. b: m! g- {--provider-network-type flat --external ext_net / j3 d9 V: B5 m
0 O# X! S& S* k创建外部网络子网
4 j) F4 A- R5 H* a1 b1 G: i8 b+ P2 P8 H' m7 S6 S# ^
) B. m4 o* _0 _1 T8 {
/ `3 {3 f U3 l) u# openstack subnet create subnet2 \
' `+ Q/ [& g. r9 j% Z- M# c: z) `--network ext_net --subnet-range 10.16.100.0/24 \
2 J: C, D' f6 j7 m# I, v9 _% \& M" c--allocation-pool start=10.16.100.200,end=10.16.100.254 \' M+ z6 p! R( _
--gateway 10.16.100.1 --dns-nameserver 114.114.114.114
1 @3 l& g2 _. p9 A) e& d: p3 Q4 [4 g/ J
将网络添加到路由器上
: A1 }' k1 P9 S1 g8 [: M9 B2 ?, _6 E( I. y+ r5 B+ U
/ I) q) X% ?, e9 H
7 I" _$ o, C) r" n2 {5 |+ \3 g4 ~# }# openstack router set router01 --external-gateway ext_net , g; V |& y* h3 W8 l3 X1 N
* Q3 _3 X3 E- T8 A* B! ]5 u创建flavor" M+ m2 r$ U" z; D
+ c2 q( V8 a; P" H9 F6 h/ Y: d9 W
$ X2 E$ N& r# K* R
: J/ ]0 y' G- ^$ B7 j: e8 ]
# openstack flavor create --vcpus 1 --ram 512 --disk 1 test
/ w: q6 m" {. X3 k5 E/ F
) E/ M# H( S) a' f查看网络
1 z# W* S) d0 o3 ?9 `) S X7 @' X u. _0 s0 p3 s
$ O" L' y1 d; w# l, B/ b
! S* [. E& }$ Q) e" J3 X# Int_Net_ID=`openstack network list | grep int_net | awk '{ print $2 }'` 5 ~- ^" _( k/ F5 F4 d
# openstack image list
9 d( E1 b& D5 l. z% p0 b
( R" ~9 p2 |! C+ y) u. \创建keypair
4 O$ l) R* T( t9 ]/ r* u' k( ?
$ {# K6 ?7 j8 k7 Z' S
: f4 H3 p# v; C
; h" x* |9 I* F( z# ssh-keygen -q -N ""
! i" z {9 K3 n* f. rEnter file in which to save the key (/root/.ssh/id_rsa):
[, N! J8 Q* B) K2 M
. K6 W4 z/ a9 @" C, t- k添加公钥
& I8 e/ u4 g" D+ ~$ S
b$ _ k5 h* u! G! q+ W& L
: X' ?4 p# O: }. [7 ?
F* r, R. Z- a& G0 k5 A$ s# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey . @% A: x, Y& }
# \( [! z( K* L8 m; c创建虚拟机
: w$ _8 v! j1 s; C8 }' g
& j t, ~3 D, l6 A, \ h+ Z( G1 o) [! L( F* Q
$ R. d/ a9 A* ?
# openstack server create --flavor m1.small --image cirros--security-group default --nic net-id=$Int_Net_ID --key-name mykey cirros
: v" I; h3 H! h( m/ x& R3 y$ }
& I) u0 f, a3 ]% k! Y, a/ q7 j: q
# openstack server list
3 g! @2 k' l' N( d7 B: l! s
: M! o, ^8 _9 m0 {7 N分配浮动IP
4 R5 j5 s/ [. \7 f! k' L D- C+ T4 ]$ A) F6 l/ L l
: p0 X- `; J9 ]6 X7 S( c+ I0 ]* S- ~+ I! s9 g( R7 @8 k P
# openstack floating ip create ext_net ( D0 _, N6 Z3 M5 r. I5 `2 o9 C
7 W! d0 I0 q+ ~, z1 P分配浮动IP给虚拟机, J2 o( N" v8 r& h
, Q4 e; P, v" b; }, \+ o
4 {. B7 X) ~9 k
: R. {! \; B6 ?. o# openstack server add floating ip cirros 172.16.100.201
- B( m2 \: K7 O1 w3 q0 g+ P7 B+ ?1 h. V
确认配置4 p4 P" ]4 `' z
8 H( H, |/ \5 |
4 a4 E! t+ f# ?8 t* `# I
8 p% K& _2 j: a# n# openstack floating ip show 10.16.100.201
7 }8 P5 D" V6 B0 y+ G/ |1 s P# f$ Y' [" w& M* C8 n) B
查看虚拟机" \% ~' b6 H) Q- I
0 [9 R) a* z5 T+ s. I2 v1 v/ O8 |/ i1 n3 M* p% v
" }" [ E. k, D+ a) U
# openstack server list
8 M" G p8 [ k% z7 s7 f7 M- t+ K6 b: I8 W
配置安全组icmp
6 F2 w: Z* N0 z$ v8 M: h3 N- P4 }' \
; N8 k) J* a# a3 [! q3 S- A
; U3 S3 Q- g' }! F( `2 y9 f# openstack security group rule create --protocol icmp --ingress default
! m& q: {8 ?& `8 D
* K& |! p( C2 l# N配置安全组SSH
) B4 x/ K+ C6 P3 V. X6 U
% n6 R) f) j! Y' W: n$ w* G4 U# D4 O* b( i! I
+ F+ e; }# w4 R( p! r# |# openstack security group rule create --protocol tcp --dst-port 22:22 default 2 A0 t' E7 r X, r2 U/ c) B
5 M) O9 h; R8 ]$ i# e
查看安全组 c" G+ m% R4 A( p' A0 y* |
/ {3 \* Z6 X9 b3 F: e
+ d& @# `8 `7 J/ t2 v% K- v6 s
7 |' D/ t- x" B# i/ U1 O2 |2 Q# openstack security group rule list % C7 [- z# d. R8 `' j% b
4 u# z- k2 y L* H0 C t查看虚拟机( q% h# {1 Y4 U& H
7 i! W# T# R% \1 f
& R( a- @8 P3 i& `! s
' C$ D3 W& ?+ l: l- D2 c6 E
# openstack server list / |, @$ n; c4 T( C2 _
6 R `% p' t$ |4 c; O
登录虚拟机
& k6 @; @; I( N( E" D1 h. H* ?9 F' D% B9 Q2 p8 q4 A% `
j: U, X7 d' B- o
: [" o- Y, {6 o5 y% C+ M# ssh cirros@172.16.100.201 ( v) u& @" I4 J7 i$ x4 v
The authenticity of host '172.16.100.201 (172.16.100.201)' can't be established.7 e# l% ?# f1 b+ K: l0 c( ]
ECDSA key fingerprint is 94:11:48:02:fa:62:ff:9c:c4:75:8f:eb:16:62:a9:ff.
( _' T4 o% L3 y d; g- J1 hAre you sure you want to continue connecting (yes/no)? yes
! b. x1 K4 M# I, X5 ?+ z, b& s BWarning: Permanently added '172.16.100.201' (ECDSA) to the list of known hosts. 1 C: w. X; ^* B: ?$ r' b
/ R- m; w2 K' d' K% M* R" m. f T7 w, D1 ] j9 r
|
|
发表于 2018-9-26 09:51:06