|
|
Controller nodes
% }( q9 e, }) b+ Y, {Each controller node runs the Open vSwitch (OVS) service (including dependent services such as ovsdb-server) and ovn-northd. Only a single instance of the ovsdb-server and ovn-northd services can operate in a deployment. However, deployment tools can implement active/passive high-availability using a management tool that monitors service health and automatically starts these services on another node after failure of the primary node. See the Frequently Asked Questions for more information.
8 V5 {; v" g4 J' d9 K2 \* O+ V- W, z: m* j; g0 o
Install the ovn-central and openvswitch packages (RHEL/Fedora).( z! O0 {* |/ ]9 O' ~
) N+ j4 b' s" h
Install the ovn-central and openvswitch-common packages (Ubuntu/Debian).' ~/ H9 |* S B
" v7 A, j% \$ M/ H: C
Start the OVS service. The central OVS service starts the ovsdb-server service that manages OVN databases.- Y" z4 a+ K g: J+ r
! j4 J8 D/ t* ~: J5 C2 ?" c+ KUsing the systemd unit:
# V$ d: d6 K. I/ z
2 H Y5 w* u; z4 [4 @& f. nsystemctl start openvswitch (RHEL/Fedora). b+ R+ i8 m8 {9 f- B
systemctl start openvswitch-switch (Ubuntu/Debian)4 r2 p5 [, E+ Y O9 A
Configure the ovsdb-server component. By default, the ovsdb-server service only permits local access to databases via Unix socket. However, OVN services on compute nodes require access to these databases.& `7 S1 O% b' E4 Q% {2 }
2 C' W6 f; D! C4 S3 s/ R0 ]Permit remote database access.
: I% Z! c# N# N; P, M6 Q: C/ c, c, c( r2 o! ?! L
ovn-nbctl set-connection ptcp:6641:0.0.0.0 -- \
' H+ ]1 s4 }3 a! j+ H. v/ N set connection . inactivity_probe=60000
; N; Y7 b; r" Lovn-sbctl set-connection ptcp:6642:0.0.0.0 -- \) K! }2 _& ^+ ~" G5 N3 \ [
set connection . inactivity_probe=60000
: g# j4 c+ M M# b1 nif using the VTEP functionality:3 o% p/ m& z; [% d8 R- i
ovs-appctl -t ovsdb-server ovsdb-server/add-remote ptcp:6640:0.0.0.0
* Y4 B0 U, i1 V% VReplace 0.0.0.0 with the IP address of the management network interface on the controller node to avoid listening on all interfaces.
1 j3 Z( M) S1 N4 V" h8 c
; n$ _$ B% y0 K# i) ]: [9 W) k Note+ K1 S+ z+ S1 x& w1 A! n6 S$ D5 Y
& Z' V) ?0 o [; R, x. WPermit remote access to TCP ports: 6640 (OVS) to VTEPS (if you use vteps), 6642 (SBDB) to hosts running neutron-server, gateway nodes that run ovn-controller, and compute node services like ovn-controller and ovn-metadata-agent. 6641 (NBDB) to hosts running neutron-server.5 T+ D: j6 J3 L( E/ }& N: w
1 a* P/ ?1 Z; A* b
Start the ovn-northd service.
' }# a9 m5 b' y7 ^3 d( H: E
4 t& o( i8 N- G" o3 S3 ]Using the systemd unit:6 p# S& Z% O$ e4 h c6 v
( I+ s* v7 q7 R0 d4 k0 P1 r3 L
systemctl start ovn-northd6 z+ {/ F' H- j$ I2 l. C+ k
Configure the Networking server component. The Networking service implements OVN as an ML2 driver. Edit the /etc/neutron/neutron.conf file:) v* S# z6 Y) W$ ^2 B
; p* t# G7 S1 q; v* zEnable the ML2 core plug-in.
( {0 b% E/ @2 u; d/ U. C( f# Y' t: S+ w0 H
[DEFAULT]
( _- [$ k8 x+ D# s5 i. B: [: k, p...
# C( L' b6 |. vcore_plugin = ml2" [# k p3 L, Y+ t' B: }: W
Enable the OVN layer-3 service." q0 e0 w; I) q9 C) Z" K2 y. h0 o6 |
, I; V( R5 s0 O: n/ K% R3 A0 j( D% P/ d
[DEFAULT]. T, O2 L) P' X7 o# C" ]
...( O3 M9 f! j5 t- S4 q3 w
service_plugins = ovn-router6 ]# {% m3 X! s
Configure the ML2 plug-in. Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file:
$ Q3 [- ~3 f, t) J, W w
& {) y) j8 p5 R/ X$ m7 lConfigure the OVN mechanism driver, network type drivers, self-service (tenant) network types, and enable the port security extension.
6 e: U J& l. C9 S/ i
8 `" q: F7 W% ^[ml2], |, x# c' P5 J/ g# q2 `" r
...1 k, ~0 }( q2 Z" J: s+ \
mechanism_drivers = ovn6 Z: t1 q# w- ]! t
type_drivers = local,flat,vlan,geneve
- Y/ D4 ~, G7 c$ h8 dtenant_network_types = geneve) j' t" P4 l4 v8 v
extension_drivers = port_security
8 h( O& q; }* t" ?% g' v: ^overlay_ip_version = 4; k1 p& k& M" s$ b% S
Note7 ~& o( w( w% q" I4 p, z
. C- L- u4 K; s& U, ETo enable VLAN self-service networks, make sure that OVN version 2.11 (or higher) is used, then add vlan to the tenant_network_types option. The first network type in the list becomes the default self-service network type.5 ^' w% X- o* C( T2 k
0 _3 A- |( H3 Q1 H. R. aTo use IPv6 for all overlay (tunnel) network endpoints, set the overlay_ip_version option to 6.1 N9 d" L0 y5 u" o' t: C3 A. B
/ |. Y( \% w7 `; v1 h) N8 t1 AConfigure the Geneve ID range and maximum header size. The IP version overhead (20 bytes for IPv4 (default) or 40 bytes for IPv6) is added to the maximum header size based on the ML2 overlay_ip_version option.4 M5 n3 d$ K( _
9 O3 W$ H/ N4 `2 ^: y+ f% T[ml2_type_geneve]$ ?8 N" n$ L1 ?, h4 @+ [
...( A: x: k' l3 H- k
vni_ranges = 1:65536 C6 c* l5 C$ Y" F5 o: V3 N; A
max_header_size = 389 D; I* }) V& Q/ B
Note1 n }/ R$ D9 z2 R: X
7 H G9 m! P& }2 w$ h2 B6 ^3 W6 Z
The Networking service uses the vni_ranges option to allocate network segments. However, OVN ignores the actual values. Thus, the ID range only determines the quantity of Geneve networks in the environment. For example, a range of 5001:6000 defines a maximum of 1000 Geneve networks. On the other hand, these values are still relevant in Neutron context so 1:1000 and 5001:6000 are not simply interchangeable.0 P$ G- w M/ P4 O+ d
: H0 K \% S9 n! j2 ? x Warning5 j5 {' ^! ~$ E
- O. ^0 ]9 O" O" O V7 qThe default for max_header_size, 30, is too low for OVN. OVN requires at least 38.
) z- U8 g4 f) _2 r; R6 K i/ b! W% H3 Y; W/ E% f; y
Optionally, enable support for VXLAN type networks. Because of limited space in VXLAN VNI to pass over the needed information that requires OVN to identify a packet, the header size to contain the segmentation ID is reduced to 12 bits, that allows a maximum number of 4096 networks. The same limitation applies to the number of ports in each network, that are also identified with a 12 bits header chunk, limiting their number to 4096 ports. Please check [1] for more information.
: f- G# B6 r7 ~0 X5 i" N* t9 V7 k- s2 G2 z, {6 {
[ml2]
. E+ _! _4 ^% s; D...
* o7 k) d: F8 |type_drivers = geneve,vxlan
# ]. t) D* }- p
: P. |4 k# t0 ]& {4 K[ml2_type_vxlan]
M& y* c, A* Z8 _( S" k" Q5 S: T* L9 fvni_ranges = 1001:11003 ~( |& L' n$ k( ?
Optionally, enable support for VLAN provider and self-service networks on one or more physical networks. If you specify only the physical network, only administrative (privileged) users can manage VLAN networks. Additionally specifying a VLAN ID range for a physical network enables regular (non-privileged) users to manage VLAN networks. The Networking service allocates the VLAN ID for each self-service network using the VLAN ID range for the physical network.- l. h: |+ v6 C4 E, w9 U# h
6 o$ Y* `3 W) \. D5 G% G
[ml2_type_vlan]% F) |% Y, w2 J4 A% U n
...* U% F) [2 B# A! P0 o6 Q$ w
network_vlan_ranges = PHYSICAL_NETWORK:MIN_VLAN_ID:MAX_VLAN_ID, I X( t, H& @ B2 {
Replace PHYSICAL_NETWORK with the physical network name and optionally define the minimum and maximum VLAN IDs. Use a comma to separate each physical network.
" x/ Q& _( z( H
# Z, t% E4 o EFor example, to enable support for administrative VLAN networks on the physnet1 network and self-service VLAN networks on the physnet2 network using VLAN IDs 1001 to 2000:: v/ O' q5 M. c/ }
2 t0 `1 Y X/ inetwork_vlan_ranges = physnet1,physnet2:1001:2000( N# o u& b- c( N s
Enable security groups.5 L9 [% a! ~. m2 x" t& D$ [4 g
' D. ~6 }" d: r! |' k# v[securitygroup]: o0 o( w* r6 `) e" p
...1 t7 T8 j0 A5 t5 j( p1 D
enable_security_group = true
0 w! D- {3 k" ?0 @0 Q* P) {1 v n Note
( B8 ^. ~4 z0 C' ~7 d
) @# j: M& N/ K; J) oThe firewall_driver option under [securitygroup] is ignored since the OVN ML2 driver itself handles security groups.
0 X l5 H+ Q- s, D/ W) Z* Q1 x* d' o: O; ^7 ~
Configure OVS database access and L3 scheduler
E# x4 o0 J+ L- t5 @5 e# W8 f& I3 B" D6 t+ T9 V* u8 ]
[ovn]9 F6 K) k) Z) ]5 @' @4 {
...
$ X5 t1 x7 n8 a3 F. ?% u1 zovn_nb_connection = tcp:IP_ADDRESS:6641
2 _, a* `. Z' J7 H+ u5 u8 novn_sb_connection = tcp:IP_ADDRESS:66428 h+ f; S2 z; z
ovn_l3_scheduler = OVN_L3_SCHEDULER
5 J) m# @3 ? B3 Q Note% ^/ [" p4 ~) c' J6 x5 O
9 |/ X% x) B% m/ p3 [Replace IP_ADDRESS with the IP address of the controller node that runs the ovsdb-server service. Replace OVN_L3_SCHEDULER with leastloaded if you want the scheduler to select a compute node with the least number of gateway ports or chance if you want the scheduler to randomly select a compute node from the available list of compute nodes.3 ? { z8 \ v
* T" m' P5 q8 q) z$ HSet ovn-cms-options with enable-chassis-as-gw in Open_vSwitch table’s external_ids column. Then if this chassis has proper bridge mappings, it will be selected for scheduling gateway routers.. I! G. S% x! c! P R; p' M
6 O5 g1 L: U+ J( J5 O2 ~
ovs-vsctl set open . external-ids:ovn-cms-options=enable-chassis-as-gw
" O* x. k# j7 N7 TStart, or restart, the neutron-server service.) A! h" `7 _- d9 Y
( @& C6 @- f' f6 Q& xUsing the systemd unit:2 l" w) Q! E+ W7 l9 G+ ~
7 W K$ ^7 N4 G" B8 @
systemctl start neutron-server7 d6 k$ n4 \( b; U6 r/ S3 u
Network nodes2 x2 z+ H# h$ t5 w y
Deployments using OVN native layer-3 and DHCP services do not require conventional network nodes because connectivity to external networks (including VTEP gateways) and routing occurs on compute nodes.
/ Q3 V7 \8 ^( c, V$ O, a2 j5 w/ F. N% N' J" x
Compute nodes, }2 @/ X9 x: b
Each compute node runs the OVS and ovn-controller services. The ovn-controller service replaces the conventional OVS layer-2 agent.
9 r* l' q+ K: p1 c# o5 p0 P9 X# |0 L- U; o! [/ M4 T% \' v
Install the ovn-host, openvswitch and neutron-ovn-metadata-agent packages (RHEL/Fedora).
; m0 U6 G- p4 v1 s; A2 z
# U3 }0 s- M# h( [. d/ `Install the ovn-host, openvswitch-switch and neutron-ovn-metadata-agent packages (Ubuntu/Debian).6 @) _* d" N1 L& S6 K8 G# n
& V( }( k1 F6 q9 P. D
Start the OVS service.6 T4 ?( `; z3 K# H# C9 @
; _8 F4 h% K) R9 B+ h9 n
Using the systemd unit:
1 |7 w2 \6 g; o. F$ z( N. { I6 s) A U) C# k% b
systemctl start openvswitch (RHEL/Fedora)5 U5 k3 g2 ? o& G' m: h! C) W" \
systemctl start openvswitch-switch (Ubuntu/Debian)) N, y8 I3 u7 ^$ x, c, y4 Y6 k3 X
Configure the OVS service.
9 [7 ?- e5 N# }, b& y. @2 |( V/ ^* _& Z9 T: B3 B
Use OVS databases on the controller node.% j- u$ z* P7 V4 a
/ Z; W. {8 O7 T/ B T
ovs-vsctl set open . external-ids:ovn-remote=tcp:IP_ADDRESS:66426 T" _! t& S$ E" r4 _
Replace IP_ADDRESS with the IP address of the controller node that runs the ovsdb-server service.; v: t- [* v h- |: c
' M: Q1 Z: n3 F1 s- z. Y- j% \. E
Enable one or more overlay network protocols. At a minimum, OVN requires enabling the geneve protocol. Deployments using VTEP gateways should also enable the vxlan protocol.
' J+ b$ Y9 |( S3 U y" s# o9 V* i3 d& z5 G. q% D6 x
ovs-vsctl set open . external-ids:ovn-encap-type=geneve,vxlan
' o& ?3 D/ [8 z6 { h4 Q% x Note2 i1 B( W! R7 |; U; F' [
, x- a! e" U# W# T1 _- @. {7 }Deployments without VTEP gateways can safely enable both protocols.
( f. L/ _+ X2 P8 C0 R! ?7 C" C5 g4 {" h0 f! I
Configure the overlay network local endpoint IP address.
Q) f% U2 r0 {$ c/ V$ W- b" h( ]
- X+ O, {4 ]5 e( t( N2 a3 _ovs-vsctl set open . external-ids:ovn-encap-ip=IP_ADDRESS5 m3 `- U# _& k6 s3 Y7 R8 t. q
Replace IP_ADDRESS with the IP address of the overlay network interface on the compute node. J4 i" x1 l( R# M% s- @! m& k% O
" \: w& L9 U/ L
Start the ovn-controller and neutron-ovn-metadata-agent services.3 O; t! e4 m9 ?+ X/ B
! [, R! s& s# ~& o2 I: eUsing the systemd unit:5 g7 T R/ s Q* l& H( X
3 U0 e- F% s0 X" p! Vsystemctl start ovn-controller neutron-ovn-metadata-agent
, N# C3 C3 \3 F! ~5 _+ kVerify operation¶# M7 I% I$ V, ?6 c; j
Each compute node should contain an ovn-controller instance.; t, Q+ ?' o3 F
+ K2 C: T! e; p V* X( F
ovn-sbctl show: s& b v( Z! p J' T
<output>( `% @ z$ F2 g0 h2 @" b
; J+ l N% ?6 Z) a1 I, e0 _
! }9 i9 R# M/ y1 x/ n9 `Deployment steps
P) E" j2 v, j: A: hDownload the quickstart.sh script with curl:
1 Q Y% R& Z. i$ X. t0 _# ?3 d
- y, Q, w, J# mcurl -O https://raw.githubusercontent.co ... aster/quickstart.sh U. _) V5 Y3 C0 n
Install the necessary dependencies by running:' p. V9 W2 l M' {
( v/ z$ X, C& o1 U2 n" h; Z& L5 k6 Hbash quickstart.sh --install-deps
: {% z5 M& l$ i4 s' N, `" YClone the tripleo-quickstart and neutron repositories:, i1 {9 N; P( e4 m6 [- H1 @! d6 `% m
8 E) H9 j6 R8 G; i+ d d
git clone https://opendev.org/openstack/tripleo-quickstart7 R* a0 l2 C4 ^0 v0 x6 p2 Q; }
git clone https://opendev.org/openstack/neutron
0 @- S4 P/ J* k$ c" D9 Y% p1 DOnce you’re done, run quickstart as follows (3 controller HA + 1 compute):
$ s' m2 W% r6 ^4 x4 ]6 r8 I
8 r( _3 K9 G& iExporting the tags is a workaround until the bug* W! h- H8 e6 B0 _& P6 _
https://bugs.launchpad.net/tripleo/+bug/1737602 is resolved
! W5 S! b) j; ^. Q# }6 M+ M l" |8 V: c0 l7 G) ]" _/ D9 X* w% _
export ansible_tags="untagged,provision,environment,libvirt,\7 J& Y9 b0 B3 w( X" q4 C
undercloud-scripts,undercloud-inventory,overcloud-scripts,\
( K* ^- y/ F2 ]! Eundercloud-setup,undercloud-install,undercloud-post-install,\
# ]3 Z. @# U) C( ]* G! E7 Wovercloud-prep-config"
) f5 C. D& e4 E* m
' F/ ~, a" L6 r2 N1 h& X; ^bash ./quickstart.sh --tags $ansible_tags --teardown all \2 F- f0 j- A+ t6 K# c" `( Y
--release master-tripleo-ci \% [4 T% `' B! P" n( j
--nodes tripleo-quickstart/config/nodes/3ctlr_1comp.yml \8 z! E6 z, L: U
--config neutron/tools/tripleo/ovn.yml \
& F R, c, Y: d5 s2 hVIRTHOST3 }7 s) \) p% M0 o3 B2 j$ L
Note
- b( Z: ~# H$ M) \) E) {+ Y" T
4 @: `& k8 G9 _1 [When deploying directly on localhost use the loopback address 127.0.0.2 as your $VIRTHOST. The loopback address 127.0.0.1 is reserved by ansible. Also make sure that 127.0.0.2 is accessible via public keys:' T: h1 K8 j/ r* b
. s. c6 V+ }* y2 H1 W$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
& T/ ^" ~, s# q# `: | Note
6 V; W2 e) o2 Y
/ S" q3 u: w$ lYou can adjust RAM/VCPUs if you want by editing config/nodes/3ctlr_1comp.yml before running the above command. If you have enough memory stick to the defaults. We recommend using 8GB of RAM for the controller nodes.
$ Y: Y2 e6 W/ K
1 C& f2 T* i w9 DWhen quickstart has finished you will have 5 VMs ready to be used, 1 for the undercloud (TripleO’s node to deploy your openstack from), 3 VMs for controller nodes and 1 VM for the compute node.
5 l+ e3 j% I5 Y( C6 t, I+ F2 [/ X' i$ J/ N# |1 C
Log in into the undercloud:
1 I7 R. }& F0 W% V$ i3 H
6 E& t5 u& k$ l+ @1 bssh -F ~/.quickstart/ssh.config.ansible undercloud, x4 s) u9 ^! x' O) W
Prepare overcloud container images: w/ {) U1 l$ u( b9 h1 V d
( J% |" w j( d( [0 P K$ c./overcloud-prep-containers.sh
7 @* I) t, f7 y# HRun inside the undercloud:4 A8 V' E8 B% Q! @+ L: @$ E
$ K0 I9 b/ ]% r. n
./overcloud-deploy.sh
1 e# q8 j) J) @! }% iGrab a coffee, that may take around 1 hour (depending on your hardware).5 s: x" P! O7 Y2 \5 F* N9 o
5 W3 Z# @* C |4 m1 r
If anything goes wrong, go to IRC on OFTC, and ask on #oooq8 p' o% W5 F0 Y+ G
/ }# D B/ \; V4 @4 |; \9 ?/ H" k+ u$ H
Description of the environment7 Z- A$ F) U' H/ V. x
Once deployed, inside the undercloud root directory two files are present: stackrc and overcloudrc, which will let you connect to the APIs of the undercloud (managing the openstack node), and to the overcloud (where your instances would live).& \% ~. k' i5 O5 d
2 }1 H+ ^! P/ c% WWe can find out the existing controller/computes this way:
- y' T& f% H3 E: ]/ k' w$ l5 s' r/ O' z& }5 t) B8 M% H8 y& e6 O3 k" X
source stackrc
- R% H0 }" ~: O& z+ H! { openstack server list -c Name -c Networks -c Flavor
+ |4 _" x1 }! R [+-------------------------+------------------------+--------------+
2 S( n' U( A* a1 }. H' G| Name | Networks | Flavor |7 l* j- z. O* t. k0 x: r
+-------------------------+------------------------+--------------+
- o0 z( K3 N V. o8 Z- `. h. `| overcloud-controller-1 | ctlplane=192.168.24.16 | oooq_control |
- t9 w: y) u6 q3 @; b| overcloud-controller-0 | ctlplane=192.168.24.14 | oooq_control |
' Z8 S6 r) t+ l/ R) W) h" @/ {2 H| overcloud-controller-2 | ctlplane=192.168.24.12 | oooq_control |0 L' j0 V# }1 i+ }4 R
| overcloud-novacompute-0 | ctlplane=192.168.24.13 | oooq_compute |
: a- z- L- K) t& M" u: f+-------------------------+------------------------+--------------+6 }; v. a8 v0 H I8 o
Network architecture of the environment7 I5 B' c0 T9 |* k6 o0 k* ^" ]
TripleO Quickstart single NIC with vlans
: U* F3 R9 E# GConnecting to one of the nodes via ssh
) F! j; K& _' n+ F- y$ U' r y0 UWe can connect to the IP address in the openstack server list we showed before., G4 f! T# A- ?" d5 s! V
0 @$ A5 n0 O* ~ ssh heat-admin@192.168.24.16) a7 G; k( R3 ?- w; v2 G
Last login: Wed Feb 21 14:11:40 2018 from 192.168.24.1/ _1 x0 e9 X8 b
8 C8 `; p0 N; v0 h( n. ?5 ~
ps fax | grep ovn-controller
6 C8 Y+ O2 \& F5 f 20422 ? S<s 30:40 ovn-controller unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --no-chdir --log-file=/var/log/openvswitch/ovn-controller.log --pidfile=/var/run/openvswitch/ovn-controller.pid --detach4 S! N8 K3 L% L2 m8 ~9 A
9 H$ V; h: Y! ^* |5 q' ^sudo ovs-vsctl show
3 ~& }5 n0 o+ H$ g: fbb413f44-b74f-4678-8d68-a2c6de725c73
% e \* T( b3 k; c9 ] rBridge br-ex
% ^, h/ F5 V9 ? fail_mode: standalone1 P' r* k9 |" ~# v$ _4 g1 M1 ]
...
3 q2 S3 n3 Q0 s Port "patch-provnet-84d63c87-aad1-43d0-bdc9-dca5145b6fe6-to-br-int"$ c- u; Q, F$ }! o, ?$ t0 W
Interface "patch-provnet-84d63c87-aad1-43d0-bdc9-dca5145b6fe6-to-br-int": h: w# m' @2 i: D4 n: |
type: patch8 b. x" e) ~1 o. j* O. E
options: {peer="patch-br-int-to-provnet-84d63c87-aad1-43d0-bdc9-dca5145b6fe6"}6 V, T7 W; p, n! q# h3 ?
Port "eth0"
# F# e! m' b! D' r: t4 w# { Interface "eth0"
! q$ X7 R* G$ o6 V! J- } ...
" L; B% `: c; n: M( @! \- M( mBridge br-int
. K! M0 @0 e8 ?& A# o6 x. r3 x fail_mode: secure7 @/ H8 C/ ~# w& t! E5 M( e: Z
Port "ovn-c8b85a-0"% o4 `$ @ b8 G I/ F
Interface "ovn-c8b85a-0"; C9 A. L# V5 Y* t t$ M" Y' S
type: geneve
& E( ~, z+ Y) O. q5 X options: {csum="true", key=flow, remote_ip="172.16.0.17"}# m. t. ?% E# I; p$ D0 F' n- y2 g! \0 o6 c! e
Port "ovn-b5643d-0"- s& d7 E/ ]4 k
Interface "ovn-b5643d-0"7 F( ^/ r$ N$ m: }: ~
type: geneve
- p4 u% K0 E1 B2 U7 w, @ options: {csum="true", key=flow, remote_ip="172.16.0.14"}
( Y i3 D& t4 w- {! S7 ~ Port "ovn-14d60a-0"
2 m0 I' }: u w, @ Interface "ovn-14d60a-0"6 ^! c( d* d1 t; s2 h
type: geneve
. g# ^- c5 \ |6 @ options: {csum="true", key=flow, remote_ip="172.16.0.12"}
! ]7 {: e! a/ C" S3 H: v5 [6 X Port "patch-br-int-to-provnet-84d63c87-aad1-43d0-bdc9-dca5145b6fe6"
D% H6 a$ A0 ?0 G4 g Interface "patch-br-int-to-provnet-84d63c87-aad1-43d0-bdc9-dca5145b6fe6": u, C, g& w$ `8 t* d( i
type: patch' U8 k1 I( V6 s& ]
options: {peer="patch-provnet-84d63c87-aad1-43d0-bdc9-dca5145b6fe6-to-br-int"}
F; |8 F, i* Z/ v9 O/ B, X Port br-int
/ H9 B4 Y2 H' p; y; @) R+ } Interface br-int6 ?/ \ l/ u d5 C9 R
type: internal9 d' V9 N: H1 _4 q
Initial resource creation
$ D5 [# O1 ^+ G/ S* f0 YWell, now you have a virtual cloud with 3 controllers in HA, and one compute node, but no instances or routers running. We can give it a try and create a few resources:
/ D. U& U+ t. ^- J$ [2 c, |* N) Z$ Q2 [% q, N6 `5 F- ]5 I
Initial resources we can create1 Q8 ]4 S9 y' ^: l% ?
You can use the following script to create the resources.
@; {) c3 o2 \4 s2 B0 X* x9 x1 U+ ^$ @; O: P! g; B
ssh -F ~ /.quickstart/ssh.config.ansible undercloud) [2 Q* M3 p0 G. x: L8 {5 X; {
, N7 U3 ?* P2 p1 U# r5 M* jsource ~/overcloudrc$ r# ?# E9 L1 a% o8 M7 V1 _0 r
( J; N/ |. C5 C; l Acurl http://download.cirros-cloud.net ... 5.1-x86_64-disk.img \
0 I# F" q- M/ b' W! I9 a7 B > cirros-0.5.1-x86_64-disk.img
# f. G" V7 A) Eopenstack image create "cirros" --file cirros-0.5.1-x86_64-disk.img \7 |5 K' \+ [& d* ?" u( s
--disk-format qcow2 --container-format bare --public1 J& i. Z G6 \& Q
$ `% q( \; ] ^
openstack network create public --provider-physical-network datacentre \
- N; A# `. _1 _6 X --provider-network-type vlan \
3 r; x5 w% b3 t/ W% I& V7 N --provider-segment 10 \# y- U4 c" m- P' j3 h. Q
--external --share& Y$ w6 ^ p0 c3 a; g. c
! D4 }& a, h/ J8 Lopenstack subnet create --network public public --subnet-range 10.0.0.0/24 \9 |+ V: [! e' [& }
--allocation-pool start=10.0.0.20,end=10.0.0.250 \0 \5 M2 s' ]) H
--dns-nameserver 8.8.8.8 --gateway 10.0.0.1 \
1 Q0 w, `% R9 E' \" w" b% o$ E --no-dhcp5 f3 s* R2 }; V
k: D j; K& C
openstack network create private
- o. [. E- e `" g5 E/ Xopenstack subnet create --network private private \& q9 y, q5 B( L" y
--subnet-range 192.168.99.0/24. b1 A5 A: \( m# f& | e- k% n/ x+ K
openstack router create router1
T- I2 I' ? r# a; x1 _' ^) i5 Y
openstack router set --external-gateway public router1
% O' [' L' ^9 j. }" U- }( fopenstack router add subnet router1 private
5 q3 d: C: J0 G/ m, T! W+ B1 S2 D! A! e" I: ~6 a. W
openstack security group create test4 g ?: r9 z$ M9 Q1 |' o+ y
openstack security group rule create --ingress --protocol tcp \$ t. P8 G( \# I# u& O; H8 p: E8 E! N
--dst-port 22 test
8 e( U# n# I/ o6 Ropenstack security group rule create --ingress --protocol icmp test
8 B5 u" Q7 s; p: ^+ g+ dopenstack security group rule create --egress test" I, Y; v' ]% N* I
* \2 R% F3 g, W) G' a, \# P9 ~5 iopenstack flavor create m1.tiny --disk 1 --vcpus 1 --ram 64 J! M) \' z' \9 o* i
; ]% ^6 L2 P# O1 [' IPRIV_NET=$(openstack network show private -c id -f value)( c3 i. g, s7 ]
; g# r- b$ [# ?% E9 l1 }
openstack server create --flavor m1.tiny --image cirros \8 X% b7 r" P( y" t* z% H" M4 ]' ?
--nic net-id=$PRIV_NET --security-group test \
\! u4 J+ S; l) b! O* } --wait cirros' U! a$ u8 O4 Z9 h) t i! z
$ k+ E4 U/ \) W# N( B% d' c
openstack floating ip create --floating-ip-address 10.0.0.130 public# p& X( h I0 D% ?9 s
openstack server add floating ip cirros 10.0.0.130
6 Y+ D' `5 V* x3 n9 k Note
! Y% W6 _" F( ^; v; Y$ K) K2 x/ g1 J! x n
You can now log in into the instance if you want. In a CirrOS >0.4.0 image, the login account is cirros. The password is gocubsgo.( z8 G7 s6 l6 m
, G: K2 t& O9 j8 ?7 v' Z ssh cirros@10.0.0.130
( [5 e1 B) Z9 n3 W, icirros@10.0.0.130's password:
, {- f2 r7 }# U4 N5 N0 p5 I2 a4 f, r# }% x
ip a | grep eth0 -A 10
& \) J: _, N* S# f+ }7 h# q3 h2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1442 qdisc pfifo_fast qlen 1000
# s7 Q* P3 F* _ F1 l link/ether fa:16:3e:85:b4:66 brd ff:ff:ff:ff:ff:ff
9 ]( f. t, A" |/ X" H inet 192.168.99.5/24 brd 192.168.99.255 scope global eth0
7 [$ B$ [, P* Y3 y8 Y valid_lft forever preferred_lft forever( p" v$ N: E; a9 d3 B
inet6 fe80::f816:3eff:fe85:b466/64 scope link+ T% O" Z; l: s2 _# x: L! x
valid_lft forever preferred_lft forever1 P8 @2 Q4 G5 V/ X! m5 X: H
* O. b3 h# j% M% Oping 10.0.0.12 N- v+ U. A8 g5 f
PING 10.0.0.1 (10.0.0.1): 56 data bytes8 t6 t+ H& ]/ t/ d$ _
64 bytes from 10.0.0.1: seq=0 ttl=63 time=2.145 ms( G5 I- f. D5 Q' _% H' I! I
64 bytes from 10.0.0.1: seq=1 ttl=63 time=1.025 ms
8 }; G0 K8 x( |6 v* m# [64 bytes from 10.0.0.1: seq=2 ttl=63 time=0.836 ms
4 A+ \1 S0 P2 ?4 X1 D: L8 }+ X^C4 {4 f* _- }) K/ H ~( N
--- 10.0.0.1 ping statistics ---
^6 I$ ~" k4 b" U8 U3 packets transmitted, 3 packets received, 0% packet loss
5 f9 |( Q) |. b- z2 oround-trip min/avg/max = 0.836/1.335/2.145 ms
; i( D: @. s8 H: r3 N! z+ V* q7 C
ping 8.8.8.8
1 I+ e4 o! i. l7 U ~1 t/ LPING 8.8.8.8 (8.8.8.8): 56 data bytes: n7 N9 B- Y$ b" h9 ^# F7 b
64 bytes from 8.8.8.8: seq=0 ttl=52 time=3.943 ms; G4 [- [ {# t' Y& @6 p
64 bytes from 8.8.8.8: seq=1 ttl=52 time=4.519 ms
* S% S, U& p) q4 F64 bytes from 8.8.8.8: seq=2 ttl=52 time=3.778 ms1 R3 D, v" x0 C/ e) i# `
; _% E" B- S' X+ _# S0 a# o8 j! a# s
curl http://169.254.169.254/2009-04-04/meta-data/instance-id
5 Y4 i: n. }! ]& h) E& L) M4 yi-00000002$ `1 K3 _6 g6 v) L2 }/ ^" ?
5 D# V7 p2 M3 X- X: z0 b
( a. c- T2 Q" n1 n) x
9 t* e& ~2 C+ J- A |
|
发表于 2025-3-5 02:00:05