|
|
配置vxlan
+ U9 f. V4 e! s1 Z6 d+ z9 u" E
0 ?0 {* d0 J4 v' i3 B4 k各个控制节点: R5 F4 Y7 e2 r. Z$ j& T) u
/ U- K. l1 e: O' ]2 g: K: x
修改配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
; J- h2 J: P9 j
" \0 _. P8 Z5 f9 m/ o7 ^" Jopenstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
- u4 U# a n) A) c; Wopenstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks physnet1
- X9 n7 a$ Q0 J6 Gopenstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
" t" x$ O6 h! L/ j8 m% z& B! e T3 V# i% Q9 b
重启服务
' Y4 Q6 G7 I5 m3 d$ K
+ W5 A4 q+ [+ O3 [4 ?7 j
( W5 H2 ^# u8 V' ]2 r. N8 F5 Q+ U# G8 ~2 z2 s) |. A8 I
# systemctl restart neutron-server. Q8 Y- ?' b) r0 p
$ n& t5 o3 _- [) z% X& b4 O6 w \创建网桥
% ^* ~: i: y4 C! [, K6 p( i4 o0 @0 J; o8 M! \ Y. r
4 H7 D. }4 I5 X5 M7 O2 G( k- ?
" s- u% d% D2 ?$ q V# ovs-vsctl add-br br-eth1
! T$ A4 G* T k ^ `; l. K$ }
5 |' o1 S& t4 _& w将网卡加到网桥中
) P8 B7 Z+ h/ |" o
1 a5 {1 T0 f/ W3 b7 a" J/ J4 F* A( I9 w7 s
3 J4 w3 N9 \( B
# ovs-vsctl add-port br-eth1 ens335 P& V& l7 C' I& F5 ]+ \
6 C* F$ k. b l/ t5 m' [$ O( c修改配置文件/etc/neutron/plugins/ml2/openvswitch_agent.ini
& Y: k& A. K0 C' {( l6 H0 c, n/ ~5 }# E& Y
0 X4 H) q; z7 b% O; l8 z* M! l
' C7 F- @% a% H+ L
[agent]
6 M( \& _( b) ztunnel_types = vxlan
" n4 g: I: _, H7 F. m2 a* z) B$ Sl2_population = True
) ]0 s9 C& T( i4 ?9 w. xprevent_arp_spoofing = True H/ K$ @- b) M: j5 g
[ovs]: p5 ^% l' i+ f4 J3 w; A; q4 q
local_ip = 172.16.8.60 #各个节点的管理网IP
6 `- T! G7 i5 U* ~/ E! U' }$ |bridge_mappings = physnet1:br-eth13 U& q% T( b, q. D# W
0 p" Y. D) `* J# b2 C, l; D重启neutron服务1 ~+ I$ d) M9 a* L
' J" [0 ]" Y; s$ {/ `* c6 d, N
8 T3 f+ w' O& h. d, m( ?0 o0 C
. N6 R2 J( S7 H+ n5 D+ @: S$ ?# for service in dhcp-agent l3-agent metadata-agent openvswitch-agent; do
) ]2 Z, u* k" R- \/ ~7 R; ~3 |5 usystemctl restart neutron-$service
; P2 g' T& J6 zdone
' O* D7 W1 s: E: ~" }3 a |. r- g1 p, w$ u& h
计算节点
& p/ ]" h9 E0 J) f9 U H) u% G+ ?+ T( S: o
修改配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
$ Q/ P7 I, L, r, Q9 @& S
6 ]+ F) A+ W( {openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan! Q7 j" ~* H+ C7 a" }
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks physnet1) h) E* P0 h# z* b0 e
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
1 |% ^. N0 H8 }- \7 O& A' F$ ^! `6 L- d) J2 b
修改配置文件/etc/neutron/plugins/ml2/openvswitch_agent.ini4 [' n0 }" O2 s e2 b6 R
) W6 e' \- z+ S2 A$ R1 `- \. @; X( {9 b4 y F) L) N
2 ^* w0 s) W2 K
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent tunnel_types vxlan# F" W& C2 V* f; H
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent l2_population True4 v- W) V( I n- u3 ]" u
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini prevent_arp_spoofing True
) P4 R& p. [ Z1 F& uopenstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs local_ip 172.16.8.63
$ ~4 L8 \- c6 m$ M, T2 |: G
7 S3 O& {9 u! `1 U" [: Y9 x1 i重启服务
8 G8 I! K6 P$ @
/ `' x$ T' d: G% O3 n5 Z- g1 m! X- h0 Z2 e$ j
4 m, p1 j2 p+ a! ?7 ]
# systemctl restart neutron-openvswitch-agent
7 g* l, O; i* p' C8 R* n8 F+ L/ m5 S, V
配置drv6 L0 J- L4 q- T. D
! [7 s7 J6 Q/ }! P! G$ U& e4 C
控制节点:
) o0 S8 F. q+ P' V: { C) N. u8 K( f6 s) ^- F5 L1 O
openstack-config --set /etc/neutron/neutron.conf DEFAULT router_distributed True2 ^ h: B& }! T9 z9 \0 Y. b
4 Z' [5 n7 \3 h+ [4 i R! v9 q! j5 P) W- C3 K$ [
1 K5 G: {3 U8 |2 x- o7 O
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini DEFAULT enable_distributed_routing True! t4 {" m& @- _! C9 z9 ~
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr_snat S1 V* U$ i1 A+ x3 ]
计算节点:. H$ \$ a) }8 |
1 J5 m$ S4 ^3 T
修改配置文件/etc/neutron/l3_agent.ini, c7 g& c. v2 V3 z3 [3 ^
% ^. p) G& G V8 p" n r8 r
# cp -a /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini_bak' `( ^4 ^8 N$ E/ E; e3 L$ s
/ d. z6 u3 t. D1 W$ @ W
( {5 B+ U. Y1 f1 _' c' R4 F0 N! x* |2 G7 q+ C
[DEFAULT]
. F9 a3 c" v. C3 k4 w& k& Rinterface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
4 I. W" E( L5 x: \" n6 e1 ^. ~3 g
$ m/ h5 H7 k. s$ T% D2 L+ o% l/ }+ \3 F0 Q8 i% E
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr 6 l2 j/ ]0 x6 ?0 V% E' V
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini DEFAULT enable_distributed_routing True
" K$ \& Q5 M; m1 q. g" copenstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs bridge_mappings physnet1:br-eth1
: o4 Q; W: |# M7 l6 O8 ^9 Q; ]
' ~3 q! R% H3 {( j. S: y9 |5 C创建网桥
, [5 W, f V5 P" m3 U- e- L. D- V" R. |$ `) w3 H0 q
0 z7 s V0 u+ E$ h. j
; S, h% H4 s3 v1 Q. G
ovs-vsctl add-br br-eth1
e% r$ V: i/ z4 |ovs-vsctl add-port br-eth1 ens33(业务网)
* r1 J) s" G9 H4 L' Q. x
- i d7 _" o- k; l0 T计算节点上重启 neutron-l3-agent服务(默认没开启)
1 P" r6 K# ?; l L+ |" u) D
$ M- ^3 \5 x# B; Z% c
9 u! H5 a, f! J7 g/ v/ U t% |& a* J! J. R# M
systemctl restart neutron-l3-agent.service
$ y6 u7 X: k9 b$ [4 a5 p3 [systemctl enable neutron-l3-agent.service7 r! _5 x0 M: K2 `1 X7 p8 Q+ `# |
5 M+ w& i- ~4 l5 j
验证9 G% L e( Z' R0 e" e
& l: k( o% f% b创建路由器$ u, R, z5 w) }2 d8 E
1 S$ A( W" u" j0 q! ]5 o( ~% k
! Y, f; d8 n( {3 W/ y6 L) g: Q. [# Q7 Q" x; ]: l
# openstack router create router01
3 r5 K/ y* R4 @6 l& M
" l1 U8 X5 j8 z. R( r创建内部网络
$ S* h- ]$ H8 J1 t: K U' P X8 D2 o5 S! y$ Q
3 x+ o3 q& y; H9 T0 R% D/ @
& K2 i$ M) x8 H
# openstack network create int_net --provider-network-type vxlan
1 i" Q0 d1 L9 M% k6 q; H
+ o$ [5 q) d J$ [: i- t ^创建子网% a5 g; g7 y! l. e6 [9 E# k
2 ~6 A6 Q+ R2 \& ~ A: U
6 k4 i2 d- x. l
5 l0 w3 O9 b/ h: x# openstack subnet create subnet1 --network int_net \
0 N" o: z# i2 O! K2 t; g--subnet-range 10.18.100.0/24 --gateway 10.18.100.1 \
3 R. [: O, x/ |( R" |0 H+ z--dns-nameserver 114.114.114.114' X/ |2 H. _3 _& K9 B: t
2 M/ f! b3 ]+ U1 ?
将内部网络添加到路由器上
; `3 f) V- a) `% B L) @+ ~' |! c3 n5 U' s# ]4 |
& L4 L! D. y6 ^
) M6 s- j- O/ w7 m$ T4 w
# openstack router add subnet router01 subnet1. e- S( ^* B; C! W+ J6 M
( W. F. m/ f4 Z$ ?5 D! h
创建外部网络& ?% o/ {: n; H$ O; j! R
$ D5 ?% L( T1 r, @; S3 f4 ]' P+ \
; C9 b; U9 F* K0 I$ X
2 {0 V* _& M/ b" B0 C, x2 T3 G# openstack network create \) S" V* }9 d+ R h' a
--provider-physical-network physnet1 \
' f0 s3 D/ q% Y) Z4 [7 ]! `% U--provider-network-type flat --external ext_net 4 C1 w$ w+ t1 ~2 }8 c( P
/ q9 W: J% L0 R. i7 j6 T创建外部网络子网 i6 {9 w& |- k) }
7 M, h' T2 e2 m/ l- `4 X
% L- q8 S) L: G8 e
' R |! Y! ?) h& {5 X% r
# openstack subnet create subnet2 \
' K( f( I1 g6 K1 w2 y--network ext_net --subnet-range 10.16.100.0/24 \
- Q' |& P" `0 {& R: w--allocation-pool start=10.16.100.200,end=10.16.100.254 \8 b4 W3 {+ i+ e; D0 e: c, v, [
--gateway 10.16.100.1 --dns-nameserver 114.114.114.114. D$ {5 @8 M( p- z/ {/ g: F- k! P4 L
; I4 x6 a! P, @ E }+ B8 h
将网络添加到路由器上4 e6 [1 r- J0 \' J/ [
! U5 e. c$ C0 F/ d7 U3 i
: K1 L8 l P' l/ G
! ~1 Z1 ~5 v$ G D# openstack router set router01 --external-gateway ext_net
& T) e+ M! q- i" ^/ M! ]5 x0 _4 I3 b; ~- D- U
创建flavor
a) }- K) }; x) X: x5 C" ]( V% a4 e& W
, P+ O; {3 p% P c. @: V
" b: e7 {' n. |" {# openstack flavor create --vcpus 1 --ram 512 --disk 1 test ]+ [; j$ e; Q
$ C M. K0 A5 p8 A5 q: z1 ?7 z% b" K查看网络6 x8 U1 N: ?9 a
( }2 T7 x# U; o
( L: ?* _6 E' z& b" X% `' S$ K
2 M* l3 b; C* D @0 M0 O# Int_Net_ID=`openstack network list | grep int_net | awk '{ print $2 }'`
4 {7 v5 R- ~ @3 o5 q" i# openstack image list
: A2 h0 Y0 ]2 Y9 F
5 j; ~' [( A+ ~, V9 l- q) C' L1 S创建keypair
) n h1 e: A- V8 q
' ]. C+ b# d% l+ V7 S: ~. M2 M
( E' h, ] J" d7 o/ g
# ssh-keygen -q -N ""
. g. p# k$ m# p k6 ^Enter file in which to save the key (/root/.ssh/id_rsa):
, P/ C0 w$ c9 Y
$ ~" Z$ U* ~6 L9 }5 m" K添加公钥 S+ f% {5 u$ O2 |# s0 S; N
0 m W- d3 w7 z: o/ m2 ?+ h! ]8 x" k/ p7 [% H
1 _/ d+ Z: A- U2 c" Q
# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey ( n& p! |% p! U( i
4 T: n/ @" `- [* P- O创建虚拟机
; H4 @" o3 K$ E, H' D) Y: B* L/ R6 P* ]0 z6 V& V1 B+ r- J& v `6 p5 r
9 k H- }( H4 X8 \+ C) E
' z) o5 e( W' K# openstack server create --flavor m1.small --image cirros--security-group default --nic net-id=$Int_Net_ID --key-name mykey cirros* ~/ b8 s0 M/ d3 H, t3 T* j0 b
6 V; m% P( p4 M& Z6 K. A$ R3 E5 k. ~1 x& {; \
* y) T3 t8 Q$ e& M4 i# ^8 d4 [
# openstack server list : x7 K1 _! H! Y+ k- N. ?- Q1 a
: D$ L# R3 h1 W. N ~
分配浮动IP( J" g y6 F, C( Q
4 x5 b/ v$ \( s$ c* l3 B* N
8 e5 ]# k3 F3 f, X0 M% S4 N$ E. V7 M0 F) U
# openstack floating ip create ext_net
- ~& v1 F& D4 g# p8 w$ g& F, x! f( }; X* @/ w1 A# X% F
分配浮动IP给虚拟机" A1 f b: B9 T: u! o
* B4 M4 v* J0 L' ]: `5 \3 ]
% Z; m! Y0 z4 E& w% d" X2 ^1 o$ [# ]& V7 h4 D- h6 R9 k+ `, v$ D
# openstack server add floating ip cirros 172.16.100.201 * Q. Q: ]) N1 s7 E- M5 z
7 o7 l3 O! o, m6 O) r8 U确认配置
8 ?, |$ G1 i& O' m4 I$ ^+ s
# y8 k3 _8 I& w
k) }+ ]* m: K- A5 I7 C
& V2 T& Q% T% v5 Y# openstack floating ip show 10.16.100.201 2 T* r& [- N, P8 T& A" M8 K
& j9 ]/ o/ D6 r: p# |) J查看虚拟机
& k9 a* s/ ^/ J$ Z; s3 {# S Z- J- K* M8 u: r) v
5 Y% Y- W& D5 ]+ N8 W* o2 O3 @$ T& b1 \: M
# openstack server list # @6 [6 [7 ^/ o/ i4 R! D) i# g
6 c6 X$ k0 ~" t/ q, W( H( S
配置安全组icmp
8 @3 m* E9 c d0 [5 V m, O r0 c% z- p. O5 `
, j* ?! w9 f1 Y$ @2 r+ T: k3 ^8 b% t
# openstack security group rule create --protocol icmp --ingress default " H( s* |0 v) F3 K- r$ m
" y! N9 J6 J; X3 D8 {8 A1 g配置安全组SSH
) N1 f9 k) b& k. T, c
0 { g- H# r; Q5 U! [7 Z7 b1 v4 f, w- d( e
" Q9 D5 z1 h4 O N; Q
# openstack security group rule create --protocol tcp --dst-port 22:22 default ; q- n6 y0 k* w: P' @, H- y
& J) ~* T, z8 X. q0 M) R/ ]8 D
查看安全组( s2 E$ o) f% f8 H' \7 @0 D! K
/ K& f: }0 ^) R' F$ h
/ X$ z2 C4 j3 d0 ~: t: H5 D5 C
6 k2 Q' R, _' G& a! ]3 A- r# openstack security group rule list
6 y9 n: x9 }& F; E2 n0 _6 d( N9 X9 J }2 u
查看虚拟机! D% e% I3 F* Z# D
; ]7 o! ?1 \: q0 X7 C9 Q
. A2 P; [0 P0 y: U0 K! g0 {) I' ~+ |- l" t6 Z
# openstack server list
0 z' e# j1 }5 B: x
5 v. @# b2 C" V登录虚拟机
% G8 M7 Z) H$ h" U0 P1 F+ A
7 R4 s$ n) ?- I# a% W' [+ K2 _% l9 S. e) L/ c+ b4 J6 _
: w% H8 |4 L+ D, G$ }% _+ N0 W- p
# ssh cirros@172.16.100.201 3 o+ ~7 P" L9 l/ E7 o
The authenticity of host '172.16.100.201 (172.16.100.201)' can't be established.& G$ v. U& |* m& @8 a
ECDSA key fingerprint is 94:11:48:02:fa:62:ff:9c:c4:75:8f:eb:16:62:a9:ff.
% [( R( Z! D4 p a5 d( EAre you sure you want to continue connecting (yes/no)? yes
$ f% O* @ I+ @, H8 s: u+ CWarning: Permanently added '172.16.100.201' (ECDSA) to the list of known hosts. " y9 y7 J3 M0 i
9 Z( ^, e: n @# ?7 y, h
) p1 w! c5 ]4 ~* `1 c |
|
发表于 2018-9-26 09:51:06