浏览此站
联系我们相册切换到窄版 Language

 找回密码
 注册
易陆发现论坛»论坛 云计算开源区 OpenStack介绍版 openstack 网络使用外部网络调整方式
返回列表 发新帖
查看: 1811|回复: 3

openstack 网络使用外部网络调整方式

[复制链接]
admin

1

主题

0

回帖

12

积分

管理员

积分
12
QQ
发表于 2021-11-23 08:57:31 | 显示全部楼层 |阅读模式
  • You will have to disable security groups on that port with :
    # a- w9 t) O$ u" J/ }3 `+ N' F
Raw0 {+ J) ^* V5 {$ \) l  q1 ^2 j" B
[stack@rh-director ~]$ neutron port-update --no-security-groups  <port-id>

0 H" E- R+ D' F$ ~# ~, l1 a. x
Updated port:
- C/ j$ }  h9 T/ }3 T/ D$ P8 S
  • As well as disable anti spoofing rules on the neutron port associated with the VM's interface.
    1 P  H; |$ R$ Z5 N8 b; Z) o; a& n
; ~7 T! n3 h, m% l1 |: ?
[stack@rh-director ~]$ neutron port-update port-id --port-security-enabled=False

! O$ v7 c  e" e: _" }0 j. ?9 ^
Updated port:

. T1 T2 Z! x# t* u
  • may need to set port_security driver to be able to use this feature:2 H1 D4 a9 d& t5 q8 n, B$ l% m
    /etc/neutron/plugins/ml2/ml2_conf.ini): For example:
    ' o9 Z( S# B7 V. U: m5 m+ c: e7 Y6 R
Raw
' k! N) U0 c: i, h9 }% L: [1 c[ml2]extension_drivers = port_security

- ~, ~; F, K* E* D3 C8 q5 s
1 I9 q- b" |  z4 z. V9 P
- [+ M) A" `, |: V! O! j# c% |# v! _
/etc/nova/nova.conf
[DEFAULT]
force_config_drive = True
flat_injected = True
说明:
force_config_drive:会在虚拟机的xml文件中生成一个disk设备,并把元数据配置文件保存到此设备中:
  <devices>
   ......
    <disk type='network' device='cdrom'>
      <driver name='qemu' type='raw' cache='writeback' discard='unmap'/>
      <source protocol='rbd' name='images/fc665b55-4fb9-416a-b1b0-8fee3d8b71bc_disk.config'>
        <host name='192.168.10.221' port='6789'/>
        <host name='192.168.10.222' port='6789'/>
        <host name='192.168.10.223' port='6789'/>
      </source>
      <target dev='hdd' bus='ide'/>
      <readonly/>
      <address type='drive' controller='0' bus='1' target='0' unit='1'/>
    </disk>
   ......
  </devices>
flat_injected:把网卡元数据配置文件保存到此设备中。

. L) l( e3 ^# g5 b& Q
  F0 k' e' G! U0 Q( l
回复

举报

admin

1

主题

0

回帖

12

积分

管理员

积分
12
QQ
 楼主| 发表于 2021-11-23 09:05:45 | 显示全部楼层
In an OpenStack environment, cloud-init generally fetches information from the metadata service provided by Nova. It also has support for reading this information from a configuration drive, which under OpenStack means a virtual CD-ROM device attached to your instance containing the same information that would normally be available via the metadata service.6 |; q3 S% R/ h& w0 ~: a! l

$ V* H' v$ y( lIt is possible to generate your network configuration from this configuration drive, rather than relying on the DHCP server provided by your OpenStack environment. In order to do this you will need to make the following changes to your Nova configuration:
, K$ t# k. D' l, f2 |/ j( N) D$ U0 y% a6 B& s
You must be using a subnet that does have a DHCP server. This means that you have created it using neutron subnet-create --disable-dhcp ..., or that you disabled DHCP on an existing network using neutron net-update --disable-dhcp ....4 K% H+ t; B7 i) T8 T
& D* _. f# f; P
You must set flat_inject to true in /etc/nova/nova.conf. This causes Nova to embed network configuration information in the meta-data embedded on the configuration drive.. L7 l. m9 q1 }0 W! E7 M4 O# x
1 }8 G* |/ c8 }* H6 W6 z3 |
You must ensure that injected_network_template in /etc/nova/nova.conf points to an appropriately formatted template.% g6 K7 H& x* o! I) v& s/ j

4 o( I. N; P0 _3 h/ MCloud-init expects the network configuration information to be presented in the format of a Debian /etc/network/interfaces file, even if you’re using it on RHEL (or a derivative). The template is rendered using the Jinja2 template engine, and receives a top-level key called interfaces that contains a list of dictionaries, one for each interface.9 m1 G0 I0 c0 V8 c  [  X
& W/ J  x3 \2 R/ R2 j3 O
A template similar to the following ought to be sufficient:
. I3 ?2 t4 d. M& l$ s- `. h- g* i* J( i+ G
{% for interface in interfaces %}/ A! j: Q1 h5 a" K. r  @
auto {{ interface.name }}% Q; V3 t' i9 ^/ X9 s3 `
iface {{ interface.name }} inet static+ i$ W: Z" U) ?3 @) ~
  address {{ interface.address }}
4 x0 n1 g( @. R3 M: W: z  netmask {{ interface.netmask }}
: P' q" `+ H# o5 ?  broadcast {{ interface.broadcast }}( E) v; d- B8 n  Z) n6 z8 n0 O
  gateway {{ interface.gateway }}4 T4 X' N7 M: M
  dns-nameservers {{ interface.dns }}
( x; g: r5 x4 V0 Z1 p0 |- l{% endfor %}: Q6 w) s) e, M$ P! w+ C/ E
This will directly populate /etc/network/interfaces on an Ubuntu system, or will get translated into /etc/sysconfig/network-scripts/ifcfg-eth0 on a RHEL system (a RHEL environment can only configure a single network interface using this mechanism).
回复

举报

admin

1

主题

0

回帖

12

积分

管理员

积分
12
QQ
 楼主| 发表于 2021-11-23 09:07:12 | 显示全部楼层
In an OpenStack environment, cloud-init generally fetches information from the metadata service provided by Nova. It also has support for reading this information from a configuration drive, which under OpenStack means a virtual CD-ROM device attached to your instance containing the same information that would normally be available via the metadata service.
It is possible to generate your network configuration from this configuration drive, rather than relying on the DHCP server provided by your OpenStack environment. In order to do this you will need to make the following changes to your Nova configuration:
  • You must be using a subnet that does have a DHCP server. This means that you have created it using neutron subnet-create --disable-dhcp ..., or that you disabled DHCP on an existing network using neutron net-update --disable-dhcp ....
  • You must set flat_inject to true in /etc/nova/nova.conf. This causes Nova to embed network configuration information in the meta-data embedded on the configuration drive.
  • You must ensure that injected_network_template in /etc/nova/nova.conf points to an appropriately formatted template.

    8 m- R( t# t$ ^. _, U( x4 X
Cloud-init expects the network configuration information to be presented in the format of a Debian /etc/network/interfaces file, even if you’re using it on RHEL (or a derivative). The template is rendered using the Jinja2 template engine, and receives a top-level key called interfaces that contains a list of dictionaries, one for each interface.
A template similar to the following ought to be sufficient:
{% for interface in interfaces %}auto {{ interface.name }}iface {{ interface.name }} inet static  address {{ interface.address }}  netmask {{ interface.netmask }}  broadcast {{ interface.broadcast }}  gateway {{ interface.gateway }}  dns-nameservers {{ interface.dns }}{% endfor %}
This will directly populate /etc/network/interfaces on an Ubuntu system, or will get translated into /etc/sysconfig/network-scripts/ifcfg-eth0 on a RHEL system (a RHEL environment can only configure a single network interface using this mechanism).
回复

举报

admin

1

主题

0

回帖

12

积分

管理员

积分
12
QQ
 楼主| 发表于 2021-11-23 12:56:47 | 显示全部楼层
At the end of the previous section, I asked you a question: What would happen if DHCP was not enabled on the subnet?
If other conditions remain unchanged, cloud-init will still complete the 3 steps, which means that the network card will still be configured in dhcp mode, but the network card will not be able to obtain an IP in the end.
It is also a common scenario not to enable DHCP. In order to allow the instance's network card to be correctly configured in this case, we need to use config drive. Let's start to practice.
You need to add a configuration in the compute node/etc/nova/nova.conf, and then restart the nova-compute service.
5 ^6 ~5 |, e1 P6 b  q) _

! R2 k, a) ]' S# i6 B! m: I

9 ^) e0 E! L/ Y; _9 q2 G: c
( I# z9 y8 z7 S5 j7 y
[DEFAULT]
4 _" S* z! ^3 i6 g: l# w
flat_injected = True

3 d, S8 M5 R0 S6 y# L) w" F
The function of flat_injected is to allow config drive to dynamically inject network configuration information into the operating system when the instance starts.

0 ^  N; g% b( X
The DHCP of the current network is closed.

! n8 M. @+ t* P, g5 L% n: q1 X3 N/ T; F1 X  M# M* H
! P/ m% n8 T3 Q% m4 v

% J" p: }2 Q6 p; ?$ g3 H! q# T7 K* W8 j) a! f* |
- c2 a; }" F' \2 @5 Q% U" K2 }, B: g
The config drive is specified when the instance is deployed.
) }# W3 m* \9 F
# E: o; m0 g: G7 g

6 ?, n9 K. l6 k
4 h/ m/ b% L5 b1 e0 H! \# T8 v$ _0 U3 n& {9 H0 l1 P; n. n) L, E
The IP assigned by Neutron for the instance is
18.18.18.5
8 q9 ?) x& [1 J1 U& D
Log in to the system after the instance is started,
ip a
2 K+ K! N1 H; B" ^ Verify that the IP has been successfully configured, indicating that the config drive is working.$ k& T  w4 z/ m! M2 j8 j  s$ C7 |" l
The important thing is to understand
18.18.18.5
1 O# g% E8 S# ~+ l# T8 r How is this IP configured? Open/var/log/cloud-init.log and analyze as follows:
/ K4 w/ P+ ]" Q5 ?: O) k. g2 L3 i- f
① Scan out all the network cards in the instance. This step is exactly the same as the case without config drive.
② Obtain the configuration information of the network card. The log shows that the configuration information is from
ds9 K1 A% Y/ Y7 R; |" F! m! w
Obtain. ds is the abbreviation of datasource, here it refers to config drive. In the case of not using config drive, the
, p- J* q" A9 @6 ]% W# Y  g9 Hfallback6 m! S, s$ o0 N
Configuration. The network card configuration information is recorded in the config drive openstack/latest/network_data.json file, and the content is as follows:
6 w$ H2 b( r* @+ T3 |# j9 o
③ Write the configuration information into/etc/network/interfaces.d/50-cloud-init.cfg, the content is:
You can see the IP to
static
7 m" y' @/ n- f Mode configuration.! z) `4 j) V3 g: ]
[Conclusion:
1. Without using config drive, cloud-init will only configure the first network card and set it to dhcp mode, so:
① If the instance has only one network card and DHCP is enabled, the network card can be pulled up normally.
② If the instance has multiple network cards, the first one will try to be pulled up in dhcp mode, and other network cards will not be processed.
2. In the case of using config drive, no matter whether DHCP is enabled, all network cards can be correctly configured and successfully pulled up (if dhcp network card>= 2, CentOS still has problems, which may be related to the lower version of cloud-init currently used ).
3. If possible, try to use config drive. After discussing the most important topic of network configuration, in the next section we will look at other typical applications of cloud-init: setting hostanme, setting user initial password, installing software, etc.
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

返回首页|Archiver|手机版|小黑屋|易陆发现技术论坛 ( 蜀ICP备2026014127号-1 )

GMT+8, 2026-6-12 01:02 , Processed in 0.020520 second(s), 22 queries .

Powered by Discuz! X5.0

© 2001-2026 Discuz! Team.

快速回复 返回顶部 返回列表