|
|
配置vxlan
+ V8 O) `1 x6 y; O- ^. F P, L2 c1 U
6 e. q2 r0 O0 O/ |& ^% {2 d各个控制节点
% K5 A0 v; b R4 [6 ~% w2 o, M" d* e7 E* O
修改配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
9 R4 ~6 M+ X0 y6 @# E- S
& U8 T8 ?: U. s. c) D/ |openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan6 Z7 a X, \: r6 C
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks physnet1- z8 \+ D4 i; _$ e5 n; H
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000& \7 F: L% R/ j% q; _7 F1 ~6 X
/ H* Z# u6 t$ v0 u, M" {& \
重启服务
# _" M3 a6 \2 y6 ~2 e
5 Y$ T7 l9 C" B# L7 N& q* ^4 h; B' `: W' Z+ r$ }" r
0 b E7 ~* R3 K5 \# systemctl restart neutron-server5 f! x/ {6 Y5 \/ Q/ G; K
' Z; R0 W% Z) w
创建网桥+ {+ A0 [5 c8 M3 H0 `1 k5 R
) Z4 Q8 X8 b. T1 j) ~% S: S3 |* K5 Q5 M0 Y; h
7 Q, k1 a+ C% {1 \( Y5 e' x# ovs-vsctl add-br br-eth1 4 m* Q" t, I; N; \
% F- r1 `' R. A4 G" ]1 K8 u# \ G将网卡加到网桥中9 k) T. V9 F X8 Z0 E
! G, w8 c% W0 u4 c7 ?
9 d; C. a5 e) _5 p
, y7 t. {+ F9 B- ?1 ?# ovs-vsctl add-port br-eth1 ens33! H6 h+ {( d1 g: z+ s4 [' b
6 |9 r) u$ j* g X$ _* v& L修改配置文件/etc/neutron/plugins/ml2/openvswitch_agent.ini
+ W6 f' w8 a% g' k/ W; I# c- {
: s! J+ g' _* j) k( ]/ v! n
: h/ x( `* Z5 b/ g. @9 s/ e3 {3 K, k) G- c V R- v% ?' i
[agent]
# L- o$ o5 S- k$ o; `7 q6 N6 Dtunnel_types = vxlan
+ t- C- |$ S6 E, L4 Hl2_population = True4 Q, B7 _# m/ d5 E; p% m& d
prevent_arp_spoofing = True
$ H5 A- K; L$ c[ovs]4 J5 l& {' i s/ z9 K& U0 j
local_ip = 172.16.8.60 #各个节点的管理网IP2 W/ j! S' W* F3 U& {+ ~% V
bridge_mappings = physnet1:br-eth1
# e" V7 t3 J2 A! o( ]. v
" |' J: J @- {" A( k重启neutron服务7 m% c2 e3 z9 {: m# u
0 d. @6 Y0 w4 U7 u; `
6 f* p7 V5 K! x. i$ K
5 f' X3 v' J5 a$ P' ^# for service in dhcp-agent l3-agent metadata-agent openvswitch-agent; do
. w, {8 o1 Q, O# j. Z# T0 osystemctl restart neutron-$service
4 c5 f+ O, E+ X/ Edone. f" @; t- }" E: p: k( q; G- ]
& |4 x+ r! s* k" p* p" l; p' \ {8 G
计算节点( n; W& } N0 x3 ?8 b$ X
! K6 X$ r8 k* Z" f" b- f
修改配置文件/etc/neutron/plugins/ml2/ml2_conf.ini# M; x8 {9 f7 U
" ?6 N& Q. `+ p. R, @openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan8 D$ I% B% S7 V4 ?
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks physnet1
; A/ |* B( K: _: Q' f7 n/ uopenstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
L% Z7 o! N( M% Q8 W+ j' @! x2 ` m8 V+ u
修改配置文件/etc/neutron/plugins/ml2/openvswitch_agent.ini) g4 X% C# g) C% C) K
1 D) e: q* n4 `" x8 y- f2 h
2 j' {! t2 d3 @6 i' l3 f4 L9 J$ f: v/ f9 G
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent tunnel_types vxlan: g5 j( e; ] t' B- [1 C
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent l2_population True
( V0 w5 C2 P3 m1 s: S0 Uopenstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini prevent_arp_spoofing True$ z K2 T8 [* Z) L, b7 E( ]% i
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs local_ip 172.16.8.63
' }; ^9 f1 V8 r% h" Q+ b1 N
8 A9 h* |8 `$ T+ `重启服务
+ r1 i- x5 h* m# t% t& v! Z% L' W$ A" h
( D# _ o( J" f, W
4 q3 o8 L$ z$ ]) d2 v
# systemctl restart neutron-openvswitch-agent
) Z) n" ?, U9 M V: _1 [
0 a- J3 r" Y ^+ z* Z6 j' {配置drv
5 X6 Z0 A( x# s+ j) l6 v
6 ^: {* ?: j! \, Y8 W2 X控制节点:
& S' @' P# Y6 p) b0 d, d; H' d: ] A
openstack-config --set /etc/neutron/neutron.conf DEFAULT router_distributed True
5 j2 C- j6 Q$ Y+ G( I @. L; r) M x# u( C; V) E% X' X
; S+ L4 i$ R1 A. [2 D. v6 R
+ _ m' g: \9 L: Uopenstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini DEFAULT enable_distributed_routing True
' h; V6 K6 {, d: ^1 l9 M/ ?: C xopenstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr_snat
9 `( J9 |! h! y! ^7 ?7 |计算节点:# j W9 f) W* n- {/ R. r8 ?
- ^# S( O: E$ O: M修改配置文件/etc/neutron/l3_agent.ini
& F+ I; f, V# X/ i1 f0 P6 R- Q% l- d/ d( W" F' p8 u1 Z
# cp -a /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini_bak
9 Z) {- x( O% U7 o3 N& x$ j
- m$ c$ m! ?5 C) {+ Y, n# ]" Q8 V* K; c9 x1 a. G
, z) R; ^1 x3 J+ _, Q' T& k% o5 V O[DEFAULT]: L+ ]6 |2 e8 q, z* L5 Y
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
7 c* I" W* C) O9 e( `" s) h3 e3 }, {0 J% F0 g
5 K, ?& n. |$ S
: Q$ u& d5 p* h' L- ?# e- |, Nopenstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr 9 p* [) I' M$ ~3 N
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini DEFAULT enable_distributed_routing True) V) K2 U. u. }+ M) `0 w$ v9 n5 h# e
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs bridge_mappings physnet1:br-eth1% G2 c4 ~8 ~ D
" T& H7 ?3 e/ B
创建网桥, [5 _; v! p1 E5 H; V: N
) L {2 g5 Y" G% y# G, C; _
) p. a. [' m0 |+ n$ @2 ?2 n# ^. n2 v$ E/ m
ovs-vsctl add-br br-eth1 $ p) G% c. r9 N8 i4 h% S
ovs-vsctl add-port br-eth1 ens33(业务网)4 L( C v+ B, t* d
7 {$ s6 I3 F; ^) q1 ]. l1 g
计算节点上重启 neutron-l3-agent服务(默认没开启)( F- o. Z) O: N; _
$ _1 n& }) }. g, N/ V, Y
4 l! E9 H' C- V+ R& x' l; N
6 ]- g) p4 _& c
systemctl restart neutron-l3-agent.service
- I4 w% ^) D8 Lsystemctl enable neutron-l3-agent.service
2 a# V% n. t: Z8 F3 O9 P- z# g) A0 e! L" B: b6 S
验证1 I; i# b& L) k
8 ?0 P: z2 j$ T* x% l. X
创建路由器, L1 K [3 S( P! k( ~
! \& u j! w! b8 `, }3 |& \" J5 {1 h; Z+ x. i9 N& \7 k! V/ c
1 @, E2 o, G) n4 |9 Y# openstack router create router01 , I2 S7 {* V; ?5 }! L+ G
- H: d @. f6 W# w/ m, \1 c创建内部网络0 t. Y& P8 k9 \5 g3 G ]
4 \* H- p8 Z% W8 V) w3 _* M: n' D3 K, ^; p/ `9 q
* _7 d/ d2 @8 g# k* u
# openstack network create int_net --provider-network-type vxlan
% Z0 Y% i0 L5 @5 \
* @9 e$ j9 j1 V; o+ ^* o创建子网+ T3 i+ l+ ?8 Q0 l! C
$ s$ `. U- j6 q) `6 f
; M" P( z( Y1 o: ~
, l$ O" p7 p) \
# openstack subnet create subnet1 --network int_net \$ O2 ], m; ^4 J8 O2 J
--subnet-range 10.18.100.0/24 --gateway 10.18.100.1 \
0 o2 f4 o2 S5 b) `--dns-nameserver 114.114.114.114
* a/ b5 H# S2 o" T) d* {8 I( D5 P& u3 V6 {& i( T
将内部网络添加到路由器上
9 y) \! b7 q0 @& ]! C" b# Q) T: R9 E' U1 |' ?+ E k. K: H
& V' S3 E* U: j0 \* S
2 b! ~$ X* v$ G$ A# openstack router add subnet router01 subnet17 p4 a9 L+ T b* d
+ p+ i% f8 o Y! Y% B' v7 G6 i3 C
创建外部网络
+ r) M$ P: I' ]! G( ?, {& k4 z6 m3 g f( ?
/ F& u: V. ]. x6 E- ]/ [
. q' x4 j0 {' e; U2 j
# openstack network create \* A: M, M9 `( N `& _+ M4 d
--provider-physical-network physnet1 \
* @. f5 u7 }' o) ~& C7 {# Q--provider-network-type flat --external ext_net 3 b3 T2 O# B9 d( o1 ^9 I1 l
- P9 y6 y5 q: d, \0 Z
创建外部网络子网
7 S+ n+ c R4 y5 M7 N# C& z
( d2 |. c0 }% K6 E$ o5 b
- @: K/ O& l+ q% |; X! \* p; }( w
( Z8 d$ q2 f8 A( w; j7 X G# openstack subnet create subnet2 \
6 j0 }9 O( H5 {, p2 q--network ext_net --subnet-range 10.16.100.0/24 \3 m$ b$ t$ d" ?" l1 P1 b6 R
--allocation-pool start=10.16.100.200,end=10.16.100.254 \
! L1 W$ P5 g; ?--gateway 10.16.100.1 --dns-nameserver 114.114.114.114
+ u& Z$ b8 [7 I& B: P7 E* w9 v: G: ?! X2 ~0 M" I7 o! {
将网络添加到路由器上! ]- a2 A8 u6 \- `* C) o y- y) k4 ?
8 N* t7 D' ]) P0 A+ n; W: x$ t- s% g, w2 I6 \6 m( A
4 \+ |7 {6 w* g- R0 F m
# openstack router set router01 --external-gateway ext_net
: C7 S! P |$ c# }$ F+ V6 G% L( V+ _. x( y7 S
创建flavor
7 ]: V, ^4 x# A3 b. b0 W2 f# K( i; y$ k! z% K# E6 K, ~
/ U% t. C* ^+ K1 m
' |0 r- }5 H$ M/ e/ _
# openstack flavor create --vcpus 1 --ram 512 --disk 1 test
1 p4 k6 w( z t [' B) I
* D" c& s) ?/ e1 X2 G% t+ I* S* A* R查看网络8 r- J7 [3 B) ?: h( m g
" I) z* o8 e* ]5 s
- ?" S7 I# J* T3 F' S
4 ?/ h: X% B, M+ [# Int_Net_ID=`openstack network list | grep int_net | awk '{ print $2 }'` $ J) z3 k4 u4 q( Y# T( W7 e1 |: `% G2 S
# openstack image list
( \0 q' X* m f" R, @( T5 ?
7 B* R2 P# a I0 S3 o创建keypair, I4 ~ ~4 i6 l$ M- R% _
9 \( I" I$ g h' j+ E k1 `6 p( r# K5 [: T
$ H( c+ z! S3 |: [1 N# ssh-keygen -q -N "" 1 Y3 e* @; j/ x, i1 l) E
Enter file in which to save the key (/root/.ssh/id_rsa):
- W% B$ k2 c1 q6 D8 M, [7 i
' i K6 B& u: e7 L添加公钥. Q' s$ K F/ {9 v( Z+ \& G; N/ q
7 S( t/ N, ~6 G4 T6 _8 P* `/ s: ~/ D4 @2 A
4 J0 A# ~; W' q7 r( j M8 p, H9 z# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
6 m3 }/ n' x# ~0 l0 O# U. I( E1 v
创建虚拟机
) q1 w2 p& W! Z: j5 R& A5 A( V& C8 k
6 G% p9 f. |. p: B$ R
* v1 N+ A4 h- W: q5 ?7 x6 |# openstack server create --flavor m1.small --image cirros--security-group default --nic net-id=$Int_Net_ID --key-name mykey cirros
' G4 ~) Z( ]* R( G# f7 o O: h: J
6 O* F( t3 k0 v$ R3 N
3 m: v7 j0 s7 I& f' q& ^
2 i" N1 N- }9 z, F* ]$ b8 w# openstack server list 5 r4 D T1 l9 {. e- _3 E2 A
7 F7 x! H* M/ _2 s" h分配浮动IP
0 v6 p6 W, i: r" Y1 v
$ J8 e8 M8 R$ E
3 t7 e5 s& ?, A% t/ P5 V6 ^' G5 b- `4 c& f' J
# openstack floating ip create ext_net " x2 O+ J9 j: F8 e
" m/ j5 n* }$ t) T M2 w4 j' Z( H% Y x分配浮动IP给虚拟机! n }5 c' i$ h+ T; `
3 b u: B* U: s/ b: \4 |3 S. T, J
' W9 r5 Y0 Q6 ?1 x w& P |
! y& I: ^; I) L# openstack server add floating ip cirros 172.16.100.201 7 S; Y; [1 E& n( Y- I
& v; u7 ]% \) n1 ^$ F* U
确认配置% x; w- @6 u3 J" J9 l; z
+ q# L; b, C7 a8 g& h2 ]$ h3 Y; \* C, Q8 o( P/ ?
- b$ Q. I7 H7 i5 k7 S0 l# openstack floating ip show 10.16.100.201 $ f) ?2 i0 a8 ?' y
' x" a% J, q' G p( a" t2 t
查看虚拟机
: o2 i7 K/ h8 c; W8 Z' D# j* G0 X: s2 o3 l! X
* x' \5 ^' W( f0 I5 @, V2 z
Z+ C$ d: K: g9 b' u# openstack server list
" O9 g |# `9 i% m+ ]! B% K
8 a3 l) Z8 Q: ~( c8 i配置安全组icmp
+ `7 Q4 o: J Z, t# q6 |
9 r/ s" t( \, R( Q5 S' \! r2 v$ N5 ^$ Y6 l: r/ K
( b! l& T' ^" a V
# openstack security group rule create --protocol icmp --ingress default ) A. q' u7 |, ?) [, v
6 i; L3 v/ R; n) [( f配置安全组SSH
2 Z2 W& u, L6 t0 e$ W" P J& S; t
" e) U1 ?6 A$ v* h; J: @: k3 m. `! ~9 b" ^
( y1 `1 @, I6 J+ f9 i% Y# openstack security group rule create --protocol tcp --dst-port 22:22 default
; Z- T* G! Q Y2 J& Y- T& n9 s! U' M; M# r1 e7 K- K1 Y
查看安全组: y% z `; T& ~. `3 Y' M4 Q* G7 Y
4 k# a. O& Z4 L9 U! h( C0 _
/ O8 S: y' j8 n1 ?( y' }
+ X+ Z# d7 E$ i, {4 U$ T7 k# openstack security group rule list , c/ V6 B! q- I$ f
) j4 A, S. A% v% [5 C查看虚拟机
1 }# s/ i, F' T' w: e) V+ ~1 o+ ]$ P/ A+ ~8 F3 f! n4 F
% e9 |1 g* D: A. L5 }4 H: U! [4 _, r0 F- I# v
# openstack server list - {. _; r4 f+ E+ W5 V9 M
* S& r4 w! E( R5 ?
登录虚拟机& s; U: E2 S% w) V0 V5 ?# X. y
4 g* P+ B2 c" C! W( ?, p) k! U( G$ [( H& D
3 W- _* \$ o1 f* B1 B0 R7 c# ssh cirros@172.16.100.201 0 |- q. L5 A3 P1 F$ e# _2 G
The authenticity of host '172.16.100.201 (172.16.100.201)' can't be established., M$ G. g* q6 C$ G/ d( x
ECDSA key fingerprint is 94:11:48:02:fa:62:ff:9c:c4:75:8f:eb:16:62:a9:ff.+ C* Q/ |! X2 u+ S! d, N
Are you sure you want to continue connecting (yes/no)? yes
( M' N! C0 a' x$ f1 A$ v6 S, RWarning: Permanently added '172.16.100.201' (ECDSA) to the list of known hosts.
2 k5 n( o: b3 D- Z- u 4 U% _" z4 f' z" H7 O4 G- `) N
4 v. M/ h E2 n" x1 P |
|
发表于 2018-9-26 09:51:06