|
在openstack上的虚拟机绑定vip 有些情况下,客户想在openstack的虚拟机上配置vip搭建高可用集群,下面我就简单的说下在openstack上的虚拟机如何绑定vip
- j1 d* `% Q8 L% b5 ? 操作步骤1、导入环境变量 source admin-openrc, e- _3 t. H8 Z
3 n3 W' l2 N0 T* L/ Z+ q' k
2、执行命令neutron net-list查看网络,找到自己需要设置的网络,获取subnet_id和network_id neutron net-list id | name | tenant_id | subnets 32482d56-bb40-4b7f-85df-3be3a460e441 | HA network tenant 7ba30c1e519d4d6eb8f1ace2cfbf30d3 | | 860bf95f-4775-4fac-af88-db392f254416 169.254.192.0/18 7cc26554-2795-4a53-b053-34ec1b4c90f2 | web | 7ba30c1e519d4d6eb8f1ace2cfbf30d3 | 4b1f707b-8842-4ce0-acba-4f0de304459b 192.168.1.0/24 * U- \" |+ X. S1 z& }& b
10 V5 V; B; c$ t2 R/ @0 v# x
2$ y: s# D- P+ ?1 K* }9 B4 x* v
30 l. W0 H6 Y6 e- u, }9 b. W# Q
4
& `+ n' A7 ^, k% J- D9 \2 O+ c5
8 V( [% d6 Y8 A# i. M$ i6
! O. {+ \6 f8 p/ S' K$ t7
" D, L/ A' f9 K7 j! e8 [3 ?1 ]8. [: v# I. L: h
| # neutron net-list. E0 D) r3 q0 E# \
+--------------------------------------+----------------------------------------------------+----------------------------------+-------------------------------------------------------+3 [. _# \' b Y, D* h
| id | name | tenant_id | subnets |3 [) ~! w" `3 _+ c1 X2 p+ J
+--------------------------------------+----------------------------------------------------+----------------------------------+-------------------------------------------------------+
' r) S: J0 `# B N# [6 k2 n% E| 32482d56-bb40-4b7f-85df-3be3a460e441 | HA network tenant 7ba30c1e519d4d6eb8f1ace2cfbf30d3 | | 860bf95f-4775-4fac-af88-db392f254416 169.254.192.0/18 |
9 E3 V: }$ o! C: {, e% }| 7cc26554-2795-4a53-b053-34ec1b4c90f2 | web | 7ba30c1e519d4d6eb8f1ace2cfbf30d3 | 4b1f707b-8842-4ce0-acba-4f0de304459b 192.168.1.0/24 |
1 R0 M- G# {; _+ k9 p5 ~| d0ad534f-1bcd-43b0-aa0c-edee32520020 | public | 21c161dda51147fb9ff527aadfe1d81a | 9a7f07e5-e906-4622-8bc6-def64b3622ec 172.18.23.0/24 |% Z/ Z8 F' p/ U# C2 X9 T( ~
+--------------------------------------+----------------------------------------------------+----------------------------------+-------------------------------------------------------+7 Q# s0 q8 o8 z; |9 O6 F
|
# u$ |! Y: _5 s, C: } $ }$ y/ P# S2 s
3、创建port来占用ip,保证neutron不会将此IP在分配出去,导致IP冲突问题。
, |) }/ `& s5 N' j' s/ U, F' g1
' p# W4 v9 j( i k$ f6 Q29 o7 {* w; V! K% g& n3 K, i$ B# T! L
3
/ N; W2 o" _# {/ `3 Z: s, l* x5 U4
% e4 b! f R/ p2 Y0 ~5" \+ ~/ l2 a5 J9 [# M$ {
| neutron port-create --fixed-ip subnet_id=<subnet_id>,ip_address=<vip> <network_id>
& ]! G- T- r# O4 p3 B9 m' _注:
8 |' ?3 v3 R+ c ` 替换subnet_id为neutron net-list中查看到的subnet_id- U1 h/ c( h& T# n- D4 U0 s8 b }
替换vip为需要配置的vip地址
! D. n, _. s1 y 替换network_ID为neutron net-list中查看到的network_id! K+ H& N& O* y a
|
9 Y* ?% x' O! y, l ~ z( w) X: y
具体命令如下' p, m+ u$ }( i
1( N/ F Q, s- d+ @- c$ e
2/ x& M& x5 t0 X. X1 b" u
3 s+ m( q% H2 T& d; ?9 O
4
5 ?6 u9 o0 n) p! M0 j3 |5
( d' r( F5 q8 x$ ?6
: H3 W2 g2 L/ O' z: o q7 G( Q& m1 f7# U2 X; g2 c5 G% n8 M I
83 K+ v2 k6 ]3 Q6 N& k7 n: N
9
1 ^+ [4 _, D) A' \ V10
; C& h* _$ T% `11. W* t* u5 _- C. q# o7 Z) J
125 _% e5 j$ k x: n
13* ?% n5 z1 ~$ f" O/ b2 i. `
14$ I3 `5 t/ Q+ _, [: \" b
15" h* ~/ U; o' i; E
16. `6 B- w' H( t+ L6 H5 w- q1 [& e
17, A* T: e" L. r0 @4 ~# H7 h3 n
18
6 Z7 _9 i6 R* S H19
3 k& N0 g+ ^6 A# Q5 r# u9 A20
5 S6 _* c4 x# D6 G- g2 i2 ^21
$ V5 [3 A2 q; e7 I9 X: _22
' E K, s" w2 V3 l: [ _, s23
6 z9 y2 p3 |. p7 }* v. D( m24$ l& s+ v- H9 z: ^
250 \: q" O! a# E. B! q- E
267 [0 q; I, X4 U* F
27* d, x- _0 _& {/ ^
28
% r% z0 i- [' T. I29) W& y8 C! @8 v8 @- H& G& K
30. o8 _* n; S# v6 |5 K
31
9 x- H+ K: c2 z | # neutron port-create --fixed-ip subnet_id=9a7f07e5-e906-4622-8bc6-def64b3622ec,ip_address=172.18.23.10 d0ad534f-1bcd-43b0-aa0c-edee32520020' F: E; o1 c, k' j7 x+ K% ^: e- `
Created a new port:
" _2 u- ~. S* o8 A- |1 a+-----------------------+-------------------------------------------------------------------------------------+
/ E' P, N- U; t| Field | Value |: Y) U% d1 \4 o; r5 c6 [: {7 l, b
+-----------------------+-------------------------------------------------------------------------------------+
* P3 o: J1 u9 f! `| admin_state_up | True |# b+ `* c# k% N2 @" [1 T
| allowed_address_pairs | |# q- z% m5 Q, Z
| binding:host_id | |
! Q/ {4 T6 c, o1 N" T5 ?0 P( i+ i4 h| binding:profile | {} |" B$ _4 b; @/ `# i* J
| binding:vif_details | {} |
e# D4 u* f* R| binding:vif_type | unbound |
, }2 Z5 C b- x5 p# _ A| binding:vnic_type | normal |
6 _ E* |: X6 M| created_at | 2017-11-28T02:35:17Z |7 U3 j8 Z5 J. h' h8 F. _
| description | |
) B' e. d- o8 G N4 ]4 P* i| device_id | |* z1 S* c; `& [3 c/ d4 l
| device_owner | |
0 Z* `* x. N. P* |5 s. _' r| extra_dhcp_opts | |1 b' F' \ V3 [1 b* a
| fixed_ips | {"subnet_id": "9a7f07e5-e906-4622-8bc6-def64b3622ec", "ip_address": "172.18.23.10"} |
u/ Z3 i: d7 B1 a* _5 [, Q| id | 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63 |; q* k! p" ?9 R$ }. K/ w
| mac_address | fa:16:3e:ea:81:a6 |& r! J' T* j3 W0 [: F' K
| name | | Q) n0 H3 M% L9 e; \
| network_id | d0ad534f-1bcd-43b0-aa0c-edee32520020 |4 P: _4 {2 t" q4 w& M+ y9 y9 H
| port_security_enabled | True |
2 y' V K; ~- B! V- T1 D! q| project_id | 21c161dda51147fb9ff527aadfe1d81a |
+ V& O3 }; a3 l9 m| revision_number | 5 |9 g [& O. T! L! S5 g7 ?) @
| security_groups | abfba384-55f2-4eed-902a-712369be9604 |9 y% I6 t. ^% \% E
| status | DOWN |
* \% f! B% d! E* b7 \| tags | |
! y: s5 k3 ]; E9 D' l$ D8 ~| tenant_id | 21c161dda51147fb9ff527aadfe1d81a |
' N: H7 D. }( _% |7 d9 S| updated_at | 2017-11-28T02:35:18Z |
+ D0 u# S1 j; N" J" L) M/ P3 ]+-----------------------+-------------------------------------------------------------------------------------+
4 |) }% x( k/ H; U4 Q. ? |
% N! v! [: L0 K0 E0 c \/ U9 `& A6 G# E
4、执行命令neutron port-list查看端口,找到VIP的Port ID以及需要使用VIP的虚拟机的IP对应的Port id" v, R6 k+ F) s
比如两台虚拟机做HA绑定vip,那么需要查看两台虚拟机的port ID和这个vip的port ID9 [" F! [8 v t
1
' D/ M: h# _: t5 h0 _2
; S5 U( b- ^: G0 O0 e! Q | # neutron port-list|grep 172.18.23.10; a/ C& P! @) J8 t
| 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63 | | 21c161dda51147fb9ff527aadfe1d81a | fa:16:3e:ea:81:a6 | {"subnet_id": "9a7f07e5-e906-4622-8bc6-def64b3622ec", "ip_address": "172.18.23.10"} |
5 ]% H) Q3 r. u2 M |
; @8 U' m; M5 B- h
可以看出vip172.18.23.10的port id为7c7ccc26-9ac9-4ef7-8178-2b97218b1d63.
, D3 y& R1 _+ _5 B h3 Q5、取消安全组对应端口的管理: M! f' K/ [7 d1 y8 Z
1
: r% l7 M& w, H/ K0 i, l! }29 J0 y5 ` ~$ \- `8 J, u2 K2 c% `% n
38 y9 `: T4 l* B, w6 c' r* i! [% P
4, D! M2 D' U# G
| neutron port-update --no-security-groups <Port_id>
, d- ]3 |! H Q9 d/ `neutron port-update --port_security_enabled=false <Port_id>$ Y4 R) V" W% }) ?" B" p
注:
" ~1 g( J7 W/ v6 V7 i 替换Port_id为之前neutron port-list中找到的Port_id
$ Y" }. e+ f2 q0 K0 z |
4 p0 d- I) i& x# I! Q. b具有命令如下:
9 g* M1 U/ R5 Z, x _) E% v7 n 1
m7 B5 X; R1 Q* a, `& F8 \2
2 {5 H1 I* U) R0 l" z' e3 K39 L( U& E5 s% K6 b. D
4
- K1 d Z5 m! S; a' C | # neutron port-update --no-security-groups 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63
$ H" |8 H/ Z/ k) J" m/ jUpdated port: 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63
0 ^3 L1 h+ ^1 I' c# neutron port-update --port_security_enabled=false 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63
/ |: R" n2 G& L+ S- S0 z6 W- q' }Updated port: 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63
" V" O/ O8 t1 q& P/ O4 p i8 _8 } |
/ U4 V, v) P: G
6、此时执行命令neutron port-show
( f, K1 c+ p" L/ K% I6 R 0 j. v" X e y
可看到port_security_enabled的value为False,security_groups的value为空,即OK,这样两个端口就没有了安全组了。
# ^3 u/ I$ `# a' z; ~; A3 M7、意思就是对VIP和需要使用VIP的虚拟机都执行4、5、6步,比如配置HA,VIP+两台虚拟机,总共3个Port,都需要执行4、5、6步/ [) e# a* `4 M3 d5 h
然后就可以在这两台虚拟机上搭建keepalived集群使用172.18.23.10这个vip了。 |
发表于 2018-12-20 11:42:47