|
在openstack上的虚拟机绑定vip 有些情况下,客户想在openstack的虚拟机上配置vip搭建高可用集群,下面我就简单的说下在openstack上的虚拟机如何绑定vip
' `# _; D) B4 Q4 X6 Y; d1 v% Y1 H 操作步骤1、导入环境变量 source admin-openrc
! j r2 c0 b4 O0 C# U, Y5 D1 U 1 G1 G% L2 _% c9 {8 e
2、执行命令neutron net-list查看网络,找到自己需要设置的网络,获取subnet_id和network_id neutron net-list id | name | tenant_id | subnets 32482d56-bb40-4b7f-85df-3be3a460e441 | HA network tenant 7ba30c1e519d4d6eb8f1ace2cfbf30d3 | | 860bf95f-4775-4fac-af88-db392f254416 169.254.192.0/18 7cc26554-2795-4a53-b053-34ec1b4c90f2 | web | 7ba30c1e519d4d6eb8f1ace2cfbf30d3 | 4b1f707b-8842-4ce0-acba-4f0de304459b 192.168.1.0/24 1 m( s: v5 w0 I: i
19 l/ f( l1 l5 F' `- M* E
27 j& H$ j3 N4 Y8 _% B) f9 J
3$ H# F& V W8 z8 M/ ?' j
46 m% z. X; `) N. V1 f
5; ]+ s& N0 F$ S. B6 j3 k
61 O6 ~% \( F" `5 z$ z
7
2 W3 }- |9 b3 T0 d# C" M8! e2 B# @+ f; {6 d2 ^
| # neutron net-list
, m L. x. S7 D- L- D+--------------------------------------+----------------------------------------------------+----------------------------------+-------------------------------------------------------+% a; g0 U( k9 _6 E {
| id | name | tenant_id | subnets |
) ^' G! K6 l: ~. h- y8 f0 q0 O; \+--------------------------------------+----------------------------------------------------+----------------------------------+-------------------------------------------------------+, N$ v+ q) Q: r
| 32482d56-bb40-4b7f-85df-3be3a460e441 | HA network tenant 7ba30c1e519d4d6eb8f1ace2cfbf30d3 | | 860bf95f-4775-4fac-af88-db392f254416 169.254.192.0/18 |, \' g; V6 ^" ]! t# T* p
| 7cc26554-2795-4a53-b053-34ec1b4c90f2 | web | 7ba30c1e519d4d6eb8f1ace2cfbf30d3 | 4b1f707b-8842-4ce0-acba-4f0de304459b 192.168.1.0/24 |
5 c# h+ w# E5 O$ O| d0ad534f-1bcd-43b0-aa0c-edee32520020 | public | 21c161dda51147fb9ff527aadfe1d81a | 9a7f07e5-e906-4622-8bc6-def64b3622ec 172.18.23.0/24 |' S0 r! |: `5 J$ `
+--------------------------------------+----------------------------------------------------+----------------------------------+-------------------------------------------------------+1 F' j5 V5 q: X9 ]* O6 F2 E$ }
|
; e& f* \8 @! ^; T - l, J3 k+ c( Z# q$ j2 m
3、创建port来占用ip,保证neutron不会将此IP在分配出去,导致IP冲突问题。3 _' y0 h A& j, O4 C
1
8 K, h( D' [! d# a4 x, x) m2
1 I3 I: o8 R1 r, v! E; A- ^3
5 R- ]( I! |- h' p$ m; [4
' ]$ Y5 _8 _- U0 k& n7 d) d5 P54 O% P6 \3 D+ @# V4 `
| neutron port-create --fixed-ip subnet_id=<subnet_id>,ip_address=<vip> <network_id>
& C; z, H* u) [8 O5 [/ g注:0 N% @9 s1 L5 Q5 e: {
替换subnet_id为neutron net-list中查看到的subnet_id" z G7 L5 z2 i/ U6 _7 E
替换vip为需要配置的vip地址3 Z! D- |3 }* h
替换network_ID为neutron net-list中查看到的network_id
' y3 O6 `! Y3 L3 c6 R |
) A5 z! R; N1 S: k/ l具体命令如下
7 a+ N' |2 z+ p" t 1
8 P' |& U; l$ f- c/ }% D5 U- h( R+ u9 H2% w. a5 Q3 T6 M* U
3
1 U) H! E- ~9 f' a4
8 G8 S3 j3 }5 N- M, S! F5
/ \% V0 c/ b7 o* a6
0 i9 Y* G/ Y" q6 u4 J' B77 [/ Y4 C$ L, @; f y
8& B% f0 F5 F7 t. I. d8 e
9
r. Y6 b) a# M103 x1 R4 F# d, t8 v8 P* _+ [) c
11
+ `# w; J% \: z12
8 H" }; Z6 q" Y) h2 D& M1 w138 b1 p! f5 R8 u" ]2 ]0 ~$ O
14
; G# z e& T' A# ?) Z3 |15% S" C% {6 R5 R: g1 [$ O
16( _( [: B3 E) x4 T+ s3 S6 {- [! k
17
: \" ]( q( Y2 e( C0 Y9 M2 y18
- l: e5 ^1 M1 X! D$ z' d19 E) B4 y5 \% m, O4 V2 `: p
203 E# v9 i9 l4 E2 [4 h0 F
21
( O5 i/ T; L$ [4 H0 K22% O+ f. N$ J2 ^! G2 `# ^
23
7 {6 \- F8 Q& l# r24" U; J/ q; I5 x( J1 |% R: h+ ?
25+ ^* f% m3 z- c. ~
26. g/ O9 i3 V' g# `/ \- N7 P6 M
27% ?/ D8 F* u) @* [ O. y
28
: R* o3 ~5 _3 \3 X4 ~: }5 J29$ z& j3 c# Y; |3 J: q, w
30. C6 c! ^& [% E" \* `; J- s4 M
31
% c# [# [1 }9 n | # neutron port-create --fixed-ip subnet_id=9a7f07e5-e906-4622-8bc6-def64b3622ec,ip_address=172.18.23.10 d0ad534f-1bcd-43b0-aa0c-edee32520020: s M$ H6 z& `) _# d
Created a new port:$ q$ o: \7 O, ^8 J8 @' Z( G# Y
+-----------------------+-------------------------------------------------------------------------------------+% h7 Y# R9 C0 ^7 M e
| Field | Value |
! V7 U; a& x! O% Y5 g+ Y+-----------------------+-------------------------------------------------------------------------------------+
. A) w! ?3 \9 f, M8 i| admin_state_up | True |
|2 m# c* d: v| allowed_address_pairs | |
4 I# w) v' J6 Q% V| binding:host_id | |
. S8 v" \, M( h6 N| binding:profile | {} |) `* |! g( W! w/ Z: C
| binding:vif_details | {} |3 g3 `7 b+ n- T& A1 a% n2 f
| binding:vif_type | unbound |
6 g: b" X) ^: A% i; w| binding:vnic_type | normal |
4 x( G! v1 j7 Z( i2 R" I| created_at | 2017-11-28T02:35:17Z |
7 `* J$ T4 s4 Z5 C$ R| description | |
$ U4 w8 J* ]# S8 ~| device_id | |
* f! N( f- h: X# O| device_owner | |( U8 q( L# X. V: i: T# W: ?1 r
| extra_dhcp_opts | |
( b# d& Z0 R! |! U$ W| fixed_ips | {"subnet_id": "9a7f07e5-e906-4622-8bc6-def64b3622ec", "ip_address": "172.18.23.10"} |. R/ T! W% r; L% z( N8 t
| id | 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63 |0 A2 L4 @2 r! b
| mac_address | fa:16:3e:ea:81:a6 |' Z8 |- R, j4 Z+ u& ]$ Q
| name | |2 m3 M5 G. a, b! o3 J+ |: D
| network_id | d0ad534f-1bcd-43b0-aa0c-edee32520020 |
+ D3 V' b" C0 ^! E* }# N| port_security_enabled | True | F* `6 Y w" C5 \
| project_id | 21c161dda51147fb9ff527aadfe1d81a |5 C8 w% _% m0 i% v: x
| revision_number | 5 |8 n3 v7 l- u+ J5 I2 R
| security_groups | abfba384-55f2-4eed-902a-712369be9604 |
1 |( O* Q2 @) h8 Z2 e+ || status | DOWN |4 N1 {: L. v) T
| tags | |& c m U4 L- H0 U4 W& X
| tenant_id | 21c161dda51147fb9ff527aadfe1d81a |# [7 e' n/ [ {
| updated_at | 2017-11-28T02:35:18Z |
# A/ P* m+ H# a( l( W+-----------------------+-------------------------------------------------------------------------------------+
M* y( q3 Y9 L2 r% x9 ]2 a |
% R& S' \; d% c" n; Z0 I. r; U; m+ K
 $ x. d- l. {% H: g
4、执行命令neutron port-list查看端口,找到VIP的Port ID以及需要使用VIP的虚拟机的IP对应的Port id4 \- V& K& x/ d( F
比如两台虚拟机做HA绑定vip,那么需要查看两台虚拟机的port ID和这个vip的port ID8 M. j1 T1 T$ r# \, o
1
: j8 X" i" F$ M, H; L) R( s6 A I) x2
7 N1 M& H( O6 G1 T: a2 m | # neutron port-list|grep 172.18.23.10
: Y- B' W% A3 h" `| 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63 | | 21c161dda51147fb9ff527aadfe1d81a | fa:16:3e:ea:81:a6 | {"subnet_id": "9a7f07e5-e906-4622-8bc6-def64b3622ec", "ip_address": "172.18.23.10"} |
: k/ ^! P5 @; k' {6 ~# b3 M% q |
4 e3 D$ |( _+ U- G" b* l* z可以看出vip172.18.23.10的port id为7c7ccc26-9ac9-4ef7-8178-2b97218b1d63.
1 c9 t6 G# L0 f3 d, b. ~5、取消安全组对应端口的管理, ]+ q9 P7 l) F+ [4 }2 l* t6 |
1% l$ g9 h( }0 ], R% J6 R
2
; @- g! _ x& g/ h1 K% @# q3! e/ l/ k2 D6 Q3 q8 s
4
" p, }5 C# \1 P* i) P: R B | neutron port-update --no-security-groups <Port_id>
/ }2 p$ U! [2 A# Aneutron port-update --port_security_enabled=false <Port_id>9 N: i, S4 O5 M f; S. o% @: S
注:& r, y9 _% w/ M- q$ \ G, X
替换Port_id为之前neutron port-list中找到的Port_id
' c$ R/ A& L7 o$ } |
2 I+ y" c$ J# F5 i& J* m9 s$ c具有命令如下:
Z2 D" T9 H; o3 v( C0 H4 s% X 1# h. V$ |/ s. c: {% l1 d
20 O; s% c5 S7 S. W% @
3! `# O0 c" h1 ]" J" T3 u
4
& M$ T5 [4 [" Y0 A* Y) O+ i | # neutron port-update --no-security-groups 7c7ccc26-9ac9-4ef7-8178-2b97218b1d634 x- {) }+ [6 Z, d, a8 p$ Q3 [
Updated port: 7c7ccc26-9ac9-4ef7-8178-2b97218b1d639 M7 q/ G& o0 }0 k/ o. }2 h& V# r0 ?
# neutron port-update --port_security_enabled=false 7c7ccc26-9ac9-4ef7-8178-2b97218b1d632 J- }7 F* O# { K" s
Updated port: 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63# M0 S" U( P" L1 z$ `
|
0 H% v& `7 s+ q7 U* y2 p; |
6、此时执行命令neutron port-show
( b1 m' s: C2 W: M: j: _
( ?3 W8 c1 v6 q6 r可看到port_security_enabled的value为False,security_groups的value为空,即OK,这样两个端口就没有了安全组了。
2 n" q9 L9 b8 m. z$ {: N; m7、意思就是对VIP和需要使用VIP的虚拟机都执行4、5、6步,比如配置HA,VIP+两台虚拟机,总共3个Port,都需要执行4、5、6步
$ D' X4 s7 b6 M% l; J然后就可以在这两台虚拟机上搭建keepalived集群使用172.18.23.10这个vip了。 |
发表于 2018-12-20 11:42:47