|
在openstack上的虚拟机绑定vip 有些情况下,客户想在openstack的虚拟机上配置vip搭建高可用集群,下面我就简单的说下在openstack上的虚拟机如何绑定vip
$ d, B& s" Z! Y5 q" D ^ 操作步骤1、导入环境变量 source admin-openrc7 B6 x: u! z* H! T' W8 d. m$ e
/ j5 V. a* M$ }7 ^6 h" Z5 J* F2、执行命令neutron net-list查看网络,找到自己需要设置的网络,获取subnet_id和network_id neutron net-list id | name | tenant_id | subnets 32482d56-bb40-4b7f-85df-3be3a460e441 | HA network tenant 7ba30c1e519d4d6eb8f1ace2cfbf30d3 | | 860bf95f-4775-4fac-af88-db392f254416 169.254.192.0/18 7cc26554-2795-4a53-b053-34ec1b4c90f2 | web | 7ba30c1e519d4d6eb8f1ace2cfbf30d3 | 4b1f707b-8842-4ce0-acba-4f0de304459b 192.168.1.0/24
! s: l5 o0 I8 x9 _1 |7 g 1/ v! m( M4 F' x ?0 G0 E
2; X( H0 `( @3 y5 H7 I
3' D4 k4 ]$ z5 e$ A$ ^& Y
4; x" @+ T; W; o* R
5
7 M+ W6 C s, V3 S$ b1 m6
t" v$ y% j3 }7 M7 U* g7* a( w& \+ o- n3 o! p+ M
8
) \: m2 K2 B* g. c' k8 Q | # neutron net-list
0 A- @( f( e* w3 C: F, F+--------------------------------------+----------------------------------------------------+----------------------------------+-------------------------------------------------------+
- S9 f, Y l1 q+ u7 ^* b' ~| id | name | tenant_id | subnets |
: g* S3 M' s' N% r, d5 i1 U+--------------------------------------+----------------------------------------------------+----------------------------------+-------------------------------------------------------+
6 P2 R7 x b p# y| 32482d56-bb40-4b7f-85df-3be3a460e441 | HA network tenant 7ba30c1e519d4d6eb8f1ace2cfbf30d3 | | 860bf95f-4775-4fac-af88-db392f254416 169.254.192.0/18 |
d2 @3 M6 T. \- y- D( D* X| 7cc26554-2795-4a53-b053-34ec1b4c90f2 | web | 7ba30c1e519d4d6eb8f1ace2cfbf30d3 | 4b1f707b-8842-4ce0-acba-4f0de304459b 192.168.1.0/24 |
; D' s7 J, Y' x7 e$ M( _| d0ad534f-1bcd-43b0-aa0c-edee32520020 | public | 21c161dda51147fb9ff527aadfe1d81a | 9a7f07e5-e906-4622-8bc6-def64b3622ec 172.18.23.0/24 |
; ^* w) y2 j7 C% W2 Q4 R+--------------------------------------+----------------------------------------------------+----------------------------------+-------------------------------------------------------+
7 e2 M5 T7 q" k- y% v/ D |
& D2 b) t+ Y& k3 x 3 r. p3 c5 P* e
3、创建port来占用ip,保证neutron不会将此IP在分配出去,导致IP冲突问题。
1 M5 N, S$ Q! o4 P4 h8 _1
" D; ], ~7 W+ Q* u2
; o. ~( |& A4 ^! a* H9 B3
" p1 r P: b1 w" o. H4
6 |8 K) L( A* Z% _& |56 [) e. P, ?) {; [7 Z
| neutron port-create --fixed-ip subnet_id=<subnet_id>,ip_address=<vip> <network_id>
: x# v* V3 `% D* ~0 A注:
0 ~0 ^0 t8 S! Q 替换subnet_id为neutron net-list中查看到的subnet_id) g1 z; u) O8 l; W" b" T% _; ^) p
替换vip为需要配置的vip地址) _, v ^6 |2 L0 g8 y+ t/ [
替换network_ID为neutron net-list中查看到的network_id
/ z) A: U- h0 Z& [, d4 r& | |
/ w# ?- X8 s/ c+ n2 M3 u具体命令如下
# |* y; R ^& @/ @# \3 M8 T 1
! u2 P& V4 [; A& Y5 V% r20 Y1 f( F6 b$ {8 E7 y
3
" A$ o& |$ i7 D* @' p4
+ S4 t X/ ?" H" b+ Z' B5
& M1 y1 X S2 z& ?61 y1 M8 p' Q+ t8 z, k0 [
72 T6 w# l- u/ |+ Z
8& w% r/ i% Y& q- p
9
& H, ~, t% q' Q* b" O# {9 b b) b10$ ?! Z' W% ?. R5 ~
11' N9 s- u0 [% A* R1 }
12
! _! e( T0 @! O* r, ~' G! I13
) T* B0 P7 P, Q- L1 B% A1 \140 X7 ^- ~7 q/ p [3 }
154 d1 C, k4 y- C3 E6 k% s2 D
16) G/ k- w' n0 a9 K
17
) x. E$ i- k2 A. L18
+ u0 u. t& |. X4 y) } E l19
1 ]/ D" i; Q" r9 {4 Q8 x20
5 G) A% i6 n% V9 ~( ^" h21: w a+ x6 b2 q3 s$ N
22
6 N6 U) t3 z3 B P& A$ N23
6 x* z$ |" u! h5 D24
/ h: {4 D1 Q0 s4 ]4 p2 k; ]3 r25
! S( y: V& J$ H+ ^26
5 i- y$ Q9 |6 [- ]! x" M) j27+ R2 O9 |1 z/ K
283 U8 j6 v. M+ d5 M
29
b7 d$ l8 Z* C- G1 D30$ V. X. I [, k5 L0 N
31
U6 Z$ Q3 d V& s: e% K | # neutron port-create --fixed-ip subnet_id=9a7f07e5-e906-4622-8bc6-def64b3622ec,ip_address=172.18.23.10 d0ad534f-1bcd-43b0-aa0c-edee325200201 m z# l# Z7 p7 m" o% w
Created a new port:9 C# Z% n! I0 v' q
+-----------------------+-------------------------------------------------------------------------------------+
5 S. J8 `0 j$ y) W# G1 l$ O* z| Field | Value | }# O6 C2 a' I) p# q& y. m( `
+-----------------------+-------------------------------------------------------------------------------------+* R6 e. S3 b! t5 W2 E( b3 d
| admin_state_up | True |
* O- e: A9 l D. Z# D* \| allowed_address_pairs | |
* M' b5 d# B4 h9 f9 p( ]| binding:host_id | |. u% B- B1 A9 g' a
| binding:profile | {} |- U4 Y$ a% x+ T" d2 K
| binding:vif_details | {} |
; ]# G+ c8 O% `; l: U) h# Q( V- s| binding:vif_type | unbound |
, F Q3 p8 |( i! S I| binding:vnic_type | normal |
3 |% Z8 S5 E# U8 e| created_at | 2017-11-28T02:35:17Z |" M$ e0 j$ Q' e) B' t3 ^% \6 c
| description | |
. J+ ^' {- U0 a) F$ } ^1 ^| device_id | |8 p- ~ M' ^, z
| device_owner | |2 a! N, X* h! ?& ^- ^
| extra_dhcp_opts | |! j9 G ^ k+ S5 R
| fixed_ips | {"subnet_id": "9a7f07e5-e906-4622-8bc6-def64b3622ec", "ip_address": "172.18.23.10"} |: A1 H3 ]6 V7 ^
| id | 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63 |/ J% Y: x) }3 ~: j( x5 y5 n8 ?
| mac_address | fa:16:3e:ea:81:a6 |! k7 a9 z! p( L6 a1 ?& s2 A% N
| name | |5 `% Y E6 w; X5 A/ I
| network_id | d0ad534f-1bcd-43b0-aa0c-edee32520020 |2 M: y1 ~/ J7 B" a' L- [& H
| port_security_enabled | True |
2 e x8 U4 l& H5 r$ }, T- X0 L| project_id | 21c161dda51147fb9ff527aadfe1d81a |
( m; ~7 X* g8 ?8 g( i| revision_number | 5 |
# f" k4 e2 ~: ?1 E| security_groups | abfba384-55f2-4eed-902a-712369be9604 | p7 D3 p) G* y2 }0 m
| status | DOWN |
% [' d8 N& ^, I| tags | |, Z) u# T) c% T3 T9 H3 b/ O0 C
| tenant_id | 21c161dda51147fb9ff527aadfe1d81a |
4 O2 k, o' e1 _5 T| updated_at | 2017-11-28T02:35:18Z |5 f$ z8 m- [) p) q7 C. c
+-----------------------+-------------------------------------------------------------------------------------+
( _* a8 H8 z" H: v5 s0 E: L |
# A* ^4 X. \* C# ^ 5 m. C* l" h/ A6 f
4、执行命令neutron port-list查看端口,找到VIP的Port ID以及需要使用VIP的虚拟机的IP对应的Port id" K0 I8 ~. D1 W+ [+ F- F4 d
比如两台虚拟机做HA绑定vip,那么需要查看两台虚拟机的port ID和这个vip的port ID7 d& g* d5 ^/ K! l8 W1 r
1
* I- c1 ~# _. B4 z* l3 H2
' }4 G C* B* l4 y$ p4 F | # neutron port-list|grep 172.18.23.103 ] W" w6 J9 C$ |* P- S
| 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63 | | 21c161dda51147fb9ff527aadfe1d81a | fa:16:3e:ea:81:a6 | {"subnet_id": "9a7f07e5-e906-4622-8bc6-def64b3622ec", "ip_address": "172.18.23.10"} |- }! o& s; C/ |5 ]7 x- I
|
# ~, k7 W9 ?+ y& d7 j可以看出vip172.18.23.10的port id为7c7ccc26-9ac9-4ef7-8178-2b97218b1d63.+ G$ L2 Y( K' H
5、取消安全组对应端口的管理
" x4 ~! S$ _8 ?3 ~8 d. f' W 1
! c. F7 V0 Z$ k5 G S* r: W( \, ]2
4 w9 d, l; e% k+ M- Z3$ Q; @4 i' _6 y' r3 H
4
( W: Y$ k5 c$ [$ V% g | neutron port-update --no-security-groups <Port_id>
4 F0 V5 J, s$ f' ~+ }; T$ f, R Qneutron port-update --port_security_enabled=false <Port_id>
5 _, A7 h$ ]3 O- n注:5 I' @( ^( f3 F; {3 l9 Y) n
替换Port_id为之前neutron port-list中找到的Port_id
* A+ i4 c3 _8 B |
% U+ ^" h- o3 p& q: F
具有命令如下:3 U i: J/ H8 g
1
+ z; W0 L# R4 P8 K) U2% ~+ f& _# ]+ d) X! \
3
* J* E; @+ O" q% N) c3 A1 h4
; D$ t: k7 B5 b( r | # neutron port-update --no-security-groups 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63
6 ~! }- O/ D* a uUpdated port: 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63
6 Z6 @4 J: P0 K# L+ v- W$ {# neutron port-update --port_security_enabled=false 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63
: h" z |. T9 I* j) b7 _. v! EUpdated port: 7c7ccc26-9ac9-4ef7-8178-2b97218b1d63
5 l9 [) x8 F' M X' W |
, b9 n" G6 o+ N
6、此时执行命令neutron port-show {& \+ O2 `/ e$ C3 M
 ; M7 z8 B, W- g8 P' k
可看到port_security_enabled的value为False,security_groups的value为空,即OK,这样两个端口就没有了安全组了。
1 R+ @4 N$ {" u* g7、意思就是对VIP和需要使用VIP的虚拟机都执行4、5、6步,比如配置HA,VIP+两台虚拟机,总共3个Port,都需要执行4、5、6步
6 K1 F& u) U' K: G2 W- e然后就可以在这两台虚拟机上搭建keepalived集群使用172.18.23.10这个vip了。 |
发表于 2018-12-20 11:42:47