|
|
Controller nodes
& b! E4 q0 ~$ O. \: _; A, BEach controller node runs the Open vSwitch (OVS) service (including dependent services such as ovsdb-server) and ovn-northd. Only a single instance of the ovsdb-server and ovn-northd services can operate in a deployment. However, deployment tools can implement active/passive high-availability using a management tool that monitors service health and automatically starts these services on another node after failure of the primary node. See the Frequently Asked Questions for more information.& L7 d: q( g3 J! z1 h
; P' p( }" k: o. H9 }Install the ovn-central and openvswitch packages (RHEL/Fedora).9 C9 P g3 J2 H0 h
. i \$ U3 x: e7 G; P
Install the ovn-central and openvswitch-common packages (Ubuntu/Debian).8 b+ G6 ~: A2 R# `8 ~9 N2 {9 m) i
) b- ^6 r- M' q) \4 ]( L$ ]! NStart the OVS service. The central OVS service starts the ovsdb-server service that manages OVN databases.
. U4 ]7 C2 s( F7 ]1 ], U# X: \! x7 @" i
Using the systemd unit:+ ^) Z5 l- }3 r( _0 g6 s1 ~
5 f' g6 F c2 P m8 E! O% E2 k2 `systemctl start openvswitch (RHEL/Fedora)9 s) g. I, K* Q- n6 ]7 e
systemctl start openvswitch-switch (Ubuntu/Debian)8 w5 F h! ?' O9 K' x! o
Configure the ovsdb-server component. By default, the ovsdb-server service only permits local access to databases via Unix socket. However, OVN services on compute nodes require access to these databases.$ w- J: e) S; P7 w2 `( @
0 D) q4 z0 _4 N4 u. v: h- K8 kPermit remote database access.
/ [- l K3 b! _7 W$ [
- H& I" N3 m+ e4 G+ a* M* {ovn-nbctl set-connection ptcp:6641:0.0.0.0 -- \
. @4 _' S( G4 K" t6 D set connection . inactivity_probe=60000
/ W' P: j. [6 ]ovn-sbctl set-connection ptcp:6642:0.0.0.0 -- \* C' [7 @: W$ I6 r& D$ @, P
set connection . inactivity_probe=600008 F' ?: F K, O: V) s& C
if using the VTEP functionality:
6 c0 u; P& C. S# fovs-appctl -t ovsdb-server ovsdb-server/add-remote ptcp:6640:0.0.0.0$ _3 I: U0 `1 L9 S
Replace 0.0.0.0 with the IP address of the management network interface on the controller node to avoid listening on all interfaces.* ^6 P8 A- w3 F' y# i9 q
: t$ A; C3 n& D' a. W+ B% L4 L* H8 a Note
; W! @8 y+ D$ W& y, a m1 @" X9 u5 N$ E; N* l, B5 p9 L) \1 `
Permit remote access to TCP ports: 6640 (OVS) to VTEPS (if you use vteps), 6642 (SBDB) to hosts running neutron-server, gateway nodes that run ovn-controller, and compute node services like ovn-controller and ovn-metadata-agent. 6641 (NBDB) to hosts running neutron-server. C" u; c9 o4 o
/ i t2 |/ |. n, B# ]* \Start the ovn-northd service.
; V+ M" F- {* D
- o+ k$ P; f7 I& MUsing the systemd unit:1 L3 _( i. I4 M- V% P% U
9 P0 @9 _. s6 ]1 C$ T
systemctl start ovn-northd
& M; u0 ~) ?* _5 D; V5 }4 }! ZConfigure the Networking server component. The Networking service implements OVN as an ML2 driver. Edit the /etc/neutron/neutron.conf file:
- G4 i# ?' V! |/ L2 n f- M2 E! i [, K5 u6 B7 Z) R; W
Enable the ML2 core plug-in.
) _) @2 a8 l; H7 o1 q# b, m
0 q, q3 o. j2 j p# c# G[DEFAULT]
4 Y& |# J+ ^& p1 N...2 E) N; _2 b9 |% Y( i4 u) D
core_plugin = ml22 h( }# f% C1 j1 ?2 s
Enable the OVN layer-3 service.# U1 g; P+ l: M: C0 L: `
& D$ X3 F: q9 ~2 l5 N[DEFAULT]
$ L1 z; P0 c# g. ^/ w. ^& ]...4 [& d# e0 M9 o0 ^/ {) T, c, ?
service_plugins = ovn-router
6 c+ G& m/ W4 c/ PConfigure the ML2 plug-in. Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file:* R( q4 K4 y1 s$ _* W/ j" v
9 g/ j9 l& ~, e/ m$ ?5 B9 S1 {
Configure the OVN mechanism driver, network type drivers, self-service (tenant) network types, and enable the port security extension.$ B0 G& S$ l% T# @+ G# b; S& `
8 ~8 x2 C Y" L% j' j5 [1 C, j[ml2]9 ^8 ~( p2 V% A* T
...
( `0 q8 c e3 V" ]mechanism_drivers = ovn. M) V- ]4 t! r9 k5 `
type_drivers = local,flat,vlan,geneve- K' G, u/ }8 P1 S
tenant_network_types = geneve
# s# t# V6 n6 ^* J7 r$ G6 t2 ^& oextension_drivers = port_security
1 k" k( U& o- H$ [/ u, P3 E( Loverlay_ip_version = 4
) @1 _$ N! r% F Note
" V. u6 j" t! \) i% p! K
& v. U/ e% @; ^4 S* STo enable VLAN self-service networks, make sure that OVN version 2.11 (or higher) is used, then add vlan to the tenant_network_types option. The first network type in the list becomes the default self-service network type.
$ P+ s* \% F% z8 P( I; _7 O3 o% } s* \- |- V
To use IPv6 for all overlay (tunnel) network endpoints, set the overlay_ip_version option to 6./ q/ {. j1 [) H
! [0 H0 m ^; RConfigure the Geneve ID range and maximum header size. The IP version overhead (20 bytes for IPv4 (default) or 40 bytes for IPv6) is added to the maximum header size based on the ML2 overlay_ip_version option.
; O& W( \5 y3 g& w% e8 L; g; p) J5 A+ u7 q
[ml2_type_geneve], m7 q: z: ~/ A5 K r0 ^
...( K/ y+ t4 }# l# w) _' I! {) j- |/ X
vni_ranges = 1:65536; u- _+ j" O4 T4 H8 N
max_header_size = 38
; h. L+ `) R$ d* i( D7 j Note0 L8 z* m1 |5 \" S+ h/ z0 D( L: u+ N1 h
$ n! Y) X0 Y7 X
The Networking service uses the vni_ranges option to allocate network segments. However, OVN ignores the actual values. Thus, the ID range only determines the quantity of Geneve networks in the environment. For example, a range of 5001:6000 defines a maximum of 1000 Geneve networks. On the other hand, these values are still relevant in Neutron context so 1:1000 and 5001:6000 are not simply interchangeable.* T# C7 g# i* |9 d4 V. v0 x
' Y( [6 D4 F* _, v: j4 p Warning
5 _! Z# V% u* N, \8 j! e5 |
& i5 M4 c* W/ XThe default for max_header_size, 30, is too low for OVN. OVN requires at least 38.# U, u6 J- [( f2 x
: S" h4 j2 M% X: d
Optionally, enable support for VXLAN type networks. Because of limited space in VXLAN VNI to pass over the needed information that requires OVN to identify a packet, the header size to contain the segmentation ID is reduced to 12 bits, that allows a maximum number of 4096 networks. The same limitation applies to the number of ports in each network, that are also identified with a 12 bits header chunk, limiting their number to 4096 ports. Please check [1] for more information.
- C; z- P A6 T& ^7 b
; Z4 o6 k* c6 ~4 @[ml2]
' k. |9 V8 O! |) k...
( g3 |) ]* H% o: i p6 { ttype_drivers = geneve,vxlan
6 @4 o2 S/ b, u# @+ C$ a; s" L! @
4 T4 k# q. ?7 x3 A4 \[ml2_type_vxlan]! Q1 ^* t( p! P. h- A& d# S
vni_ranges = 1001:1100
4 G( x# O" B1 O. Y* c: T9 DOptionally, enable support for VLAN provider and self-service networks on one or more physical networks. If you specify only the physical network, only administrative (privileged) users can manage VLAN networks. Additionally specifying a VLAN ID range for a physical network enables regular (non-privileged) users to manage VLAN networks. The Networking service allocates the VLAN ID for each self-service network using the VLAN ID range for the physical network.
9 |1 f( g$ a7 l0 E. Z+ [" P0 U' k1 h s
[ml2_type_vlan]
; [7 K U6 w- C7 l6 ?...% }& M$ b/ B% C' w' K) a+ s+ W/ g
network_vlan_ranges = PHYSICAL_NETWORK:MIN_VLAN_ID:MAX_VLAN_ID9 J; L1 Y2 X. N: C
Replace PHYSICAL_NETWORK with the physical network name and optionally define the minimum and maximum VLAN IDs. Use a comma to separate each physical network.
* x! }7 [- M- }( R
; K0 Y, \; I1 p7 s- |! ]3 _: C) c) kFor example, to enable support for administrative VLAN networks on the physnet1 network and self-service VLAN networks on the physnet2 network using VLAN IDs 1001 to 2000:
6 W! V+ ^& K) v- {7 }+ \
) f7 [- P0 Z# e! {: S @6 V& Pnetwork_vlan_ranges = physnet1,physnet2:1001:20001 c6 \, h/ G. O% U( [
Enable security groups." k" ?$ x! A5 F
& [. f+ G6 C6 d& t- B[securitygroup]
# ^, I* A- \ g6 U* V...9 L6 C5 _& v1 I( Q/ w: }' B# b" b
enable_security_group = true
- s6 l+ C! _# i) D2 K& |: Z( v) v Note; Y' T$ p- E) }1 T
% R. K$ Y) u7 |3 i& U" a" ~The firewall_driver option under [securitygroup] is ignored since the OVN ML2 driver itself handles security groups. W5 k: S% U8 a7 @9 j
" P3 g3 M* ?/ b2 m
Configure OVS database access and L3 scheduler! Q5 U0 c9 J) z" D& l; I9 K! y( J: j
: p/ M) O+ Y( Q; o, v4 R: A[ovn]
( M0 B M, Z: B5 B( ]+ q1 z9 B...' `5 s+ Z" l8 Y5 p* x7 q
ovn_nb_connection = tcp:IP_ADDRESS:6641) l9 I2 o" }7 |: x
ovn_sb_connection = tcp:IP_ADDRESS:66425 u$ n, u) Z# N. I1 `4 y6 p4 L
ovn_l3_scheduler = OVN_L3_SCHEDULER! e3 S, x& |+ F8 N
Note
: [) R9 l3 S4 O% D9 `
6 L4 k1 j7 G$ E! m% H) X" B; K! bReplace IP_ADDRESS with the IP address of the controller node that runs the ovsdb-server service. Replace OVN_L3_SCHEDULER with leastloaded if you want the scheduler to select a compute node with the least number of gateway ports or chance if you want the scheduler to randomly select a compute node from the available list of compute nodes.
0 W* L2 X/ C" v; u1 ?- C1 @
* U, n- R; P) Z. pSet ovn-cms-options with enable-chassis-as-gw in Open_vSwitch table’s external_ids column. Then if this chassis has proper bridge mappings, it will be selected for scheduling gateway routers.! I& n% F; j7 b/ Y
) {: ?, b) o' C7 M
ovs-vsctl set open . external-ids:ovn-cms-options=enable-chassis-as-gw
$ K* n' I6 s. G$ sStart, or restart, the neutron-server service.0 n/ a1 i2 ?: {& [; P) V6 C# U
' }- G {5 j. t) EUsing the systemd unit:- ]) R4 A- N" W, Q8 e- S) d
: O5 B0 w- W( M+ }& |systemctl start neutron-server
8 X) C6 Z8 X. E8 iNetwork nodes# o4 T; ?8 M9 n: ?! X( i- q) v
Deployments using OVN native layer-3 and DHCP services do not require conventional network nodes because connectivity to external networks (including VTEP gateways) and routing occurs on compute nodes.
& o7 W- D" N+ c* O+ x
' n5 b. d* b* E8 KCompute nodes6 m2 \3 V+ `7 g9 \( Z+ w8 y
Each compute node runs the OVS and ovn-controller services. The ovn-controller service replaces the conventional OVS layer-2 agent.
7 {2 A$ u$ G$ ~) u8 O
9 B U3 Q' J; [0 t/ ZInstall the ovn-host, openvswitch and neutron-ovn-metadata-agent packages (RHEL/Fedora).7 e8 e2 X4 g' v q. w
6 Q+ p, u ?! |0 MInstall the ovn-host, openvswitch-switch and neutron-ovn-metadata-agent packages (Ubuntu/Debian).7 y+ q/ G d) r: x9 W* M
- [. i1 s' X5 u9 T( EStart the OVS service.
4 L' z* y/ I1 f
$ m) ]$ x/ g, _. sUsing the systemd unit:& N% o; f3 Y; w8 w
2 Z- \. L& A/ N# wsystemctl start openvswitch (RHEL/Fedora)
+ g0 e. M6 d" q" Q# I, Ksystemctl start openvswitch-switch (Ubuntu/Debian)
# b* ~$ f2 d, [/ KConfigure the OVS service.; {1 i8 r+ t3 N0 Z' n# T0 {$ W/ V
/ F0 u9 q' g+ f! b% N
Use OVS databases on the controller node.
' B' \; k$ J+ j+ Q3 _; B/ K
2 \* Q( Q6 W' o" z$ T0 @ovs-vsctl set open . external-ids:ovn-remote=tcp:IP_ADDRESS:6642: S% @; E2 D _
Replace IP_ADDRESS with the IP address of the controller node that runs the ovsdb-server service./ l% [% I# F2 ^
' @# _4 j4 n3 FEnable one or more overlay network protocols. At a minimum, OVN requires enabling the geneve protocol. Deployments using VTEP gateways should also enable the vxlan protocol.8 J2 i3 j0 D( O- i& R- t3 _
0 ~, U5 k9 K3 Y; j, H4 ^! z# T
ovs-vsctl set open . external-ids:ovn-encap-type=geneve,vxlan) R6 X4 @2 }! F0 s( f
Note$ w# [% T( f! v* P, x7 N
/ }6 q9 h5 Q( j7 T% {2 yDeployments without VTEP gateways can safely enable both protocols.
& {" X' i$ d) O! w9 _& Z) v* b9 K2 k. h9 @/ F P% a
Configure the overlay network local endpoint IP address.
! x' `6 ]% X( i9 U. _+ j7 z% E1 ]5 |7 K1 S8 r" _* @
ovs-vsctl set open . external-ids:ovn-encap-ip=IP_ADDRESS
9 R4 ^3 X: w( w4 s: r9 EReplace IP_ADDRESS with the IP address of the overlay network interface on the compute node.8 x9 W8 D5 X) b1 @& w* X2 a
0 c, Q7 L% w' X# F
Start the ovn-controller and neutron-ovn-metadata-agent services.; t' z+ F- _* f3 z2 L' o8 W1 m
' } @( `. J5 r& \+ V1 v' ^( AUsing the systemd unit:
6 e ] T5 a, |; }# E8 `: \; L1 \8 m- a1 K8 i6 h: n
systemctl start ovn-controller neutron-ovn-metadata-agent! `) x0 B0 l0 T, |8 }
Verify operation¶
5 f5 x i9 D1 r! L: l; GEach compute node should contain an ovn-controller instance.
+ q, U9 `4 C j9 L( W8 u6 r2 H ~' ^) Z* r6 x7 O
ovn-sbctl show
* Y& `. G5 @/ I1 y; p' D <output>/ d( J% h: Y7 X) M/ y4 F S* |
- g) c; X1 {! Z( j
' K" K C3 A7 t! ^" |; tDeployment steps8 S! r: j6 s' v( M) M8 E5 q3 L% }
Download the quickstart.sh script with curl:
; L" m. O, o- D3 `4 g# [9 X& H
* K q3 Q# U6 \4 {8 H& Q( g& ~( o9 d! ocurl -O https://raw.githubusercontent.co ... aster/quickstart.sh
/ @% ]$ ?' J2 U+ D' HInstall the necessary dependencies by running:
F5 i, W2 q: J4 W
8 f% N8 O4 ?$ ibash quickstart.sh --install-deps
8 R5 f$ j9 X% sClone the tripleo-quickstart and neutron repositories:* l$ i) z6 \, g, d& ?
" j5 I; D" c5 |7 Q" L, H+ o7 R- r
git clone https://opendev.org/openstack/tripleo-quickstart
# I& S8 j1 [8 kgit clone https://opendev.org/openstack/neutron/ ]8 i) ?+ [2 a
Once you’re done, run quickstart as follows (3 controller HA + 1 compute):
- z4 V4 c) i' V, @; r+ y5 {9 N6 x: j) F$ J8 V! D
Exporting the tags is a workaround until the bug
; y% V% n) `4 v6 thttps://bugs.launchpad.net/tripleo/+bug/1737602 is resolved
6 e, G" m6 `1 Y, m' Q R8 ]: N( ~
export ansible_tags="untagged,provision,environment,libvirt,\
( W" W- i4 Q1 Eundercloud-scripts,undercloud-inventory,overcloud-scripts,\. K/ m5 v: t. q) x6 V8 ?' n
undercloud-setup,undercloud-install,undercloud-post-install,\
. w1 L; @# L$ n' [ x- fovercloud-prep-config"; ?( L, G4 U0 m0 G5 P2 W
, `2 n3 r" ~% P1 o! `# |
bash ./quickstart.sh --tags $ansible_tags --teardown all \8 W1 v5 I+ a/ }. y& S5 Z
--release master-tripleo-ci \, a1 K: l0 |) ]
--nodes tripleo-quickstart/config/nodes/3ctlr_1comp.yml \
1 C/ `( y& l) T6 h--config neutron/tools/tripleo/ovn.yml \
+ u1 J, v+ R7 V+ ` O% C/ E6 MVIRTHOST
. G. f+ \' L& ] Note
$ e3 d% d1 W' ^4 A3 B/ \5 s. P- `( ?- A' P6 Z
When deploying directly on localhost use the loopback address 127.0.0.2 as your $VIRTHOST. The loopback address 127.0.0.1 is reserved by ansible. Also make sure that 127.0.0.2 is accessible via public keys:' k% [$ z4 c5 ]( {+ X# L2 v$ e
* P8 c h3 o& T' B7 y
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys! p% P. j0 S) X! N8 [: N p
Note$ Q0 y& t; m4 F6 S- f
+ v* j" B: r4 A. U- Z3 w, @! m7 S# ]. RYou can adjust RAM/VCPUs if you want by editing config/nodes/3ctlr_1comp.yml before running the above command. If you have enough memory stick to the defaults. We recommend using 8GB of RAM for the controller nodes.
" A7 w! |8 ?5 W4 v* ?
( m Z: c |% n( [6 ^/ W2 \5 FWhen quickstart has finished you will have 5 VMs ready to be used, 1 for the undercloud (TripleO’s node to deploy your openstack from), 3 VMs for controller nodes and 1 VM for the compute node.( {* i2 I4 J% X% ~
; v" M1 b& N! n3 P5 P: ULog in into the undercloud:. x' Q/ R7 x; [$ D+ z, I3 z0 l' A
" i- {: i) p x+ Q
ssh -F ~/.quickstart/ssh.config.ansible undercloud- q" y( C( M# U7 p! ]( a
Prepare overcloud container images:
% N0 k: o: J! z2 `: U# I
) z& S' _: p9 g1 u./overcloud-prep-containers.sh+ |( n | N- q0 D5 S# ~4 t
Run inside the undercloud:2 r: i/ Z0 Q# g
1 k1 U2 B o* ^# b./overcloud-deploy.sh
4 [6 ?. t+ R: ?. {Grab a coffee, that may take around 1 hour (depending on your hardware)./ a( |, c1 h3 h% x- z
9 B+ k1 w0 k+ o' PIf anything goes wrong, go to IRC on OFTC, and ask on #oooq
9 \' _6 f! l W8 `( A: r7 f$ d. K1 n+ l6 @3 G" ], Z
Description of the environment
4 K8 ]% ^0 l; {Once deployed, inside the undercloud root directory two files are present: stackrc and overcloudrc, which will let you connect to the APIs of the undercloud (managing the openstack node), and to the overcloud (where your instances would live).
2 n! c7 N7 U* U$ E }
* {6 z0 s; j+ i# A8 P. V& |; {We can find out the existing controller/computes this way:
; c1 t0 Z; W* ^9 }9 h8 H# _; V& ^( d* Z: f. K
source stackrc# b7 b3 q+ l, c' z& ?
openstack server list -c Name -c Networks -c Flavor& K; o" \6 E) a0 O3 X
+-------------------------+------------------------+--------------+* e* ?1 ]8 _3 |5 D- W8 q
| Name | Networks | Flavor |2 \: h$ X) Q& g& C4 h* } x. c
+-------------------------+------------------------+--------------+
# S, s0 n" H" z& z c7 C% B4 b4 \$ v) k| overcloud-controller-1 | ctlplane=192.168.24.16 | oooq_control |
3 }8 x6 c- L4 P! ]- c| overcloud-controller-0 | ctlplane=192.168.24.14 | oooq_control |# n* o) m" T% h/ w- \
| overcloud-controller-2 | ctlplane=192.168.24.12 | oooq_control |
# K& N) U4 u% n8 c: N| overcloud-novacompute-0 | ctlplane=192.168.24.13 | oooq_compute |
4 L1 g9 r9 [: A9 Z4 \5 L+-------------------------+------------------------+--------------+
, R) W9 V; k$ ?: o( ?8 t/ m) F' w6 aNetwork architecture of the environment* ]9 x4 L8 T% B* i8 N2 ?/ `
TripleO Quickstart single NIC with vlans" _1 B0 I7 ]+ o
Connecting to one of the nodes via ssh, Z5 X( u- L: P- f# ^
We can connect to the IP address in the openstack server list we showed before.' f* G& w, M6 b' P5 w4 p
1 p$ L/ }4 x$ ^* ]+ A, M3 i3 q4 `
ssh heat-admin@192.168.24.16
' M( O7 `6 c8 L: uLast login: Wed Feb 21 14:11:40 2018 from 192.168.24.17 u- T$ x/ _8 d0 `
; ] O1 L" y1 X# O" }4 Fps fax | grep ovn-controller
. t6 R0 Y/ K$ d H7 U 20422 ? S<s 30:40 ovn-controller unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --no-chdir --log-file=/var/log/openvswitch/ovn-controller.log --pidfile=/var/run/openvswitch/ovn-controller.pid --detach# c+ T8 k& ?6 z) E% [9 r
$ t, b. y/ K7 J. t5 Msudo ovs-vsctl show
- u* f$ l5 \, J `! u& M/ o! D5 u$ I* Abb413f44-b74f-4678-8d68-a2c6de725c732 x* L0 [* Q& Y; _0 {1 H0 [: w
Bridge br-ex7 ^$ Z( `7 c5 X6 z4 `- G: `7 |
fail_mode: standalone
$ z$ h- H8 y% K8 a5 L5 q4 w ...
, G c9 I/ K0 U3 o8 j Port "patch-provnet-84d63c87-aad1-43d0-bdc9-dca5145b6fe6-to-br-int"
# R6 H6 V2 r4 |5 v Interface "patch-provnet-84d63c87-aad1-43d0-bdc9-dca5145b6fe6-to-br-int". @2 v1 C8 U4 J/ ^
type: patch4 |8 f! l& A, |" s8 f: z* B
options: {peer="patch-br-int-to-provnet-84d63c87-aad1-43d0-bdc9-dca5145b6fe6"}9 b$ N1 u' Q! N$ Z% b0 o6 G4 e+ E
Port "eth0"
/ g1 G" Q5 M) n/ o: U( v Interface "eth0"
8 }4 M! [ }: m' L; o, P* ^ .../ `. P* @% z- C' G6 y" }2 {; C- A
Bridge br-int
9 N3 w9 X3 Q: ?5 i6 `$ B: O- G fail_mode: secure
6 C9 D U& w1 G) N1 g Port "ovn-c8b85a-0"
3 e% s2 I. Z# P Interface "ovn-c8b85a-0"
- |- b( s- [2 p# T type: geneve3 D) e _0 i: ^7 E
options: {csum="true", key=flow, remote_ip="172.16.0.17"}
; R9 w0 m( a( s8 k/ C' | Port "ovn-b5643d-0"
+ J3 W5 E4 t" A: d' Z Interface "ovn-b5643d-0"
6 x$ ~' z! |( k* a: Z type: geneve
3 l9 m1 U4 D$ m2 ~ options: {csum="true", key=flow, remote_ip="172.16.0.14"}
9 S8 L4 A0 o# B) c Port "ovn-14d60a-0"
9 `8 {" G2 }+ P. V( V% J2 J, D Interface "ovn-14d60a-0"( n8 u+ @$ B( n" c7 B C! J$ K
type: geneve- m7 @0 W% F# a4 K
options: {csum="true", key=flow, remote_ip="172.16.0.12"}
{6 ]7 `2 V7 \. ` Port "patch-br-int-to-provnet-84d63c87-aad1-43d0-bdc9-dca5145b6fe6"/ Z: u/ R( o" M0 a; Y( S* R& s
Interface "patch-br-int-to-provnet-84d63c87-aad1-43d0-bdc9-dca5145b6fe6"
2 E- |6 X% R" @) N type: patch4 L, t6 W% q; K
options: {peer="patch-provnet-84d63c87-aad1-43d0-bdc9-dca5145b6fe6-to-br-int"}+ @1 n, K" R0 A) M: }
Port br-int( } q* a( a4 M& X/ H
Interface br-int
$ W2 T# x- i0 y' g+ D8 @ type: internal
9 D" S; u% x0 {( d* \" s$ W) PInitial resource creation" K) A) d8 [% b2 X6 V4 J: B) ]
Well, now you have a virtual cloud with 3 controllers in HA, and one compute node, but no instances or routers running. We can give it a try and create a few resources:2 ?7 R- k8 \! }& _' p
_" F" x; J( ^, I" R/ {Initial resources we can create
# d2 {3 l9 B* AYou can use the following script to create the resources.
5 Z: w' `2 |4 M; @$ d, G
! O/ W6 D- M1 L8 ossh -F ~ /.quickstart/ssh.config.ansible undercloud
3 e s& H R' Z
7 |3 Z7 S; o3 R5 G1 X3 N4 xsource ~/overcloudrc+ H9 x6 Z6 R: F X' _. R
6 D* X/ I& K3 ~: v; b) U2 fcurl http://download.cirros-cloud.net ... 5.1-x86_64-disk.img \
- B1 B6 R, ?3 i) k* r; ] > cirros-0.5.1-x86_64-disk.img
0 v4 l5 n& J' R+ m. Y# h' P3 D6 Dopenstack image create "cirros" --file cirros-0.5.1-x86_64-disk.img \! `4 i( H' n3 V( Z' z1 E
--disk-format qcow2 --container-format bare --public/ C) ?% [+ D t8 w
: P5 B0 O+ w( ?7 C3 X( d
openstack network create public --provider-physical-network datacentre \% @0 W! k0 h+ o. q
--provider-network-type vlan \3 }2 B5 s1 j4 j7 t# I6 d" u
--provider-segment 10 \+ h! v, ?7 W2 k' s' c$ _% A: R
--external --share3 x: U6 o( A7 p9 l$ D1 L
/ Q: L$ f& |* c7 zopenstack subnet create --network public public --subnet-range 10.0.0.0/24 \
# e# d- k* J# t+ H) ^, e$ B --allocation-pool start=10.0.0.20,end=10.0.0.250 \
* q: [/ q/ A0 P* K& K --dns-nameserver 8.8.8.8 --gateway 10.0.0.1 \/ f+ W7 x8 Q0 U
--no-dhcp
5 T" g$ O+ b# F/ s$ K- T9 N: B# \3 c8 V/ i
openstack network create private' }. @; _% q, w4 R6 o+ P
openstack subnet create --network private private \; Z+ s w# F U! \' T$ D% e; d6 K
--subnet-range 192.168.99.0/24* v$ _; r* K; r1 w( Z. W
openstack router create router1
' v6 `, d- v0 X) f8 b2 G; @. D/ R- b6 S5 J. `4 B2 I8 |/ ]. ]
openstack router set --external-gateway public router1
" n. p' _# Q2 Z$ |$ x; _openstack router add subnet router1 private, p2 I$ i' R0 B( R
: P) s. n8 s5 H$ C! C3 o0 x3 Uopenstack security group create test
* H4 x0 _7 i8 g/ e/ Qopenstack security group rule create --ingress --protocol tcp \7 [# Z: e2 G0 W2 P7 f) y& S9 H
--dst-port 22 test" G3 W. Z7 L% M
openstack security group rule create --ingress --protocol icmp test' g0 t8 f+ B( L) e. h# u
openstack security group rule create --egress test
4 o) g) i4 z, C- C! p8 p4 J& x* d9 u7 K, @* U5 [$ F! ^6 ?& ]
openstack flavor create m1.tiny --disk 1 --vcpus 1 --ram 64
6 P; O* l7 c8 q v, t2 y% L# \) {; e6 G5 m
PRIV_NET=$(openstack network show private -c id -f value)
6 d, o [7 Q* v5 [7 z9 m7 S
0 y: a5 n4 d0 B3 X6 nopenstack server create --flavor m1.tiny --image cirros \
& z/ a* U4 o* Y- ?2 u. f- ]2 G" H --nic net-id=$PRIV_NET --security-group test \' ?) d; P& P0 \& }! ]* D2 t- k, X
--wait cirros
, e' C6 W/ O. y% D8 T" V9 b; k' ]" y1 X$ M# ^; i- K9 ^
openstack floating ip create --floating-ip-address 10.0.0.130 public! T0 ?) x; |0 Y' Q
openstack server add floating ip cirros 10.0.0.1301 @7 s* d, m* H" |& |7 z
Note" r! w' K! F, }
# r! \4 l5 s: w% o7 YYou can now log in into the instance if you want. In a CirrOS >0.4.0 image, the login account is cirros. The password is gocubsgo.' c5 o" o- u1 U; W+ n& W6 Y* Y
* W' [( r% p& Q: D
ssh cirros@10.0.0.1309 U+ b4 z3 Q6 o9 I! z. z6 z
cirros@10.0.0.130's password:9 B* T' ^6 h% s4 ` W4 N: O" E
) \# ~9 Y+ W( ]8 Z3 C/ D) H
ip a | grep eth0 -A 10, B! M# R5 k+ @/ D9 h6 g7 D4 D
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1442 qdisc pfifo_fast qlen 10005 ]1 Z+ ?0 D( B4 {1 y+ @ C1 @
link/ether fa:16:3e:85:b4:66 brd ff:ff:ff:ff:ff:ff8 H" V3 v0 s0 {) u0 p6 f3 K
inet 192.168.99.5/24 brd 192.168.99.255 scope global eth0
% d8 a6 ` N4 }1 z* U valid_lft forever preferred_lft forever: U5 U0 g/ z( N1 V- o. M. w" L* @
inet6 fe80::f816:3eff:fe85:b466/64 scope link3 g( @( r: h6 W) u
valid_lft forever preferred_lft forever
6 y! \8 Q3 R5 M3 y! ?2 E8 u6 t9 E6 t1 s1 j5 o/ k& k% e+ @ I
ping 10.0.0.1
/ p* y+ Q: _' U8 C% k: V- OPING 10.0.0.1 (10.0.0.1): 56 data bytes
' F3 a# Q; j; Y8 K64 bytes from 10.0.0.1: seq=0 ttl=63 time=2.145 ms% e" o) V0 Q! X `
64 bytes from 10.0.0.1: seq=1 ttl=63 time=1.025 ms$ b5 z) M) `2 v |/ e0 I
64 bytes from 10.0.0.1: seq=2 ttl=63 time=0.836 ms
% Z1 J2 L! x4 K3 g1 F^C
8 X! w( s& v. Q: m2 K; D {: |--- 10.0.0.1 ping statistics ---
3 s: J# s5 W0 G$ ^1 P3 packets transmitted, 3 packets received, 0% packet loss
/ r& {( N4 ]0 j. r! p, g1 {round-trip min/avg/max = 0.836/1.335/2.145 ms, U& v4 C [- V9 f: a! J6 G$ x
: F7 Y) U$ z; q, e+ F% J
ping 8.8.8.8
* c: g. Y# d2 `, J: K: Z# yPING 8.8.8.8 (8.8.8.8): 56 data bytes
9 W; k9 }$ u! e' [64 bytes from 8.8.8.8: seq=0 ttl=52 time=3.943 ms
% z7 G% a, q3 e2 m! J9 N; I64 bytes from 8.8.8.8: seq=1 ttl=52 time=4.519 ms
, w1 { c% L( Y6 L0 e+ p; Z64 bytes from 8.8.8.8: seq=2 ttl=52 time=3.778 ms
1 B; ]) N* m6 I1 b) V; V' R- y4 G; `' ?, C( [
curl http://169.254.169.254/2009-04-04/meta-data/instance-id" g1 V8 P! x8 h
i-00000002; i. l; h* R$ w- ]
5 C, d% G/ T$ A/ R
3 ^8 e- p5 ]* O5 F% }# S' W5 A+ V% d& U5 H( m
|
|
发表于 2025-3-5 02:00:05