|
|
配置vxlan8 L8 M' P- ~, A4 n7 u
% U$ T. q) d6 S; k* h' O3 H, X+ c各个控制节点* G( B/ R6 r: P+ H
8 h. g6 o- f3 g6 k; Y
修改配置文件/etc/neutron/plugins/ml2/ml2_conf.ini& u: ?; y5 f" x" v$ J; @0 D! e
8 l5 X8 s* {0 _openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan- P+ E" t4 {5 R# a; }; A
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks physnet1
) y c8 e! O+ ]2 G Nopenstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000- w( e* g7 \ A% `; m$ }. k5 Z
/ S: r! F) |' l& \/ w3 _! K! @$ ]
重启服务
$ y" c& g0 a% C+ U, f; t$ w+ d$ _: J' T+ G% `/ G
6 w) a1 y. j3 J, u; y1 `5 k
- c! ~* P- Z8 B7 F
# systemctl restart neutron-server
. w% ~/ e" I- }2 N" j. e4 \8 ?' f! g) m @/ T
创建网桥; S5 r% a* ^3 B& g& p$ D& v& ?
4 t6 t7 a' [; G$ @6 H
1 t/ e! v: o- z/ X+ Q; n9 M$ Y3 @5 ^: M# N- ^* U
# ovs-vsctl add-br br-eth1
2 j4 f) S: c3 s
$ n& M. O* N2 p% L2 [将网卡加到网桥中
6 y$ D! S; U4 Z1 J# e: `1 [& Z. W: c/ u) Y6 [' j. F5 _. a# [
1 C0 T8 q, f- i4 C
+ E+ d$ l3 _8 B7 @
# ovs-vsctl add-port br-eth1 ens330 W& @% S4 f3 [# N6 V+ X
8 b3 Y+ K) U m( M
修改配置文件/etc/neutron/plugins/ml2/openvswitch_agent.ini
2 l: I& e3 l, y
8 O# j2 ]' K. n" Q" |* O: a6 t0 f! N
3 O: K: s' i! s6 Z0 R6 u7 G! Q! D! o8 Y7 U/ r) K, \7 A
[agent]. X9 U9 i5 g u
tunnel_types = vxlan
1 }$ e- L* x/ j: U. n; g( N* Wl2_population = True
1 j2 f [# G# b& Pprevent_arp_spoofing = True" `% L/ K/ N) T1 {7 _" q4 z
[ovs]
$ r+ h* k' s( ?8 r2 ~local_ip = 172.16.8.60 #各个节点的管理网IP0 b9 _; b6 o/ v3 }/ x j' o7 j8 N1 l
bridge_mappings = physnet1:br-eth1
/ c0 M2 _/ ]( Y& R4 j$ q: o$ \0 R9 ]$ m- c6 w6 o
重启neutron服务4 o6 {* U, u3 I" X$ a
, `0 M* w# J8 Q9 n; \
4 |' t3 _6 h) B6 t: h9 I$ e
; m" K, B+ R6 k$ ^! n
# for service in dhcp-agent l3-agent metadata-agent openvswitch-agent; do
P; i) u# n$ n5 Ksystemctl restart neutron-$service
! p& v) V8 _2 g% ]; `- X. v5 e9 jdone" v& |: ]- }5 n; o" I7 y2 R$ k
1 y2 Y3 n. v5 t# |" E" Z+ e计算节点
( ], R( t( f1 C5 |7 y) O/ w6 S/ J7 `7 ~/ N) ^+ t3 Y' ~3 Q* x
修改配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
% j2 X# b! E1 h$ r7 s; l- a* G4 E$ x$ W9 S1 A h$ J
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
. i0 K7 Z9 d* R ^! D+ Hopenstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks physnet1. B0 @( R1 p, K* b
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000! S9 ?- V. l: h7 C+ v# x% A. k
1 O" \) @. D8 Y1 n修改配置文件/etc/neutron/plugins/ml2/openvswitch_agent.ini
5 S3 {7 q( U# g: e" n8 T7 `& u9 j& M2 a$ ?6 C8 c9 }
3 [5 U6 H0 b1 [7 [+ z* |5 K4 G) M4 d* k/ {9 Z! Z5 r% [
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent tunnel_types vxlan
( T7 K& D" _4 K; {! Y wopenstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent l2_population True7 ~# K7 F8 I1 o
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini prevent_arp_spoofing True; m+ N/ e }/ Y) f K8 w
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs local_ip 172.16.8.636 T5 }& r; I2 a. L. s5 W
8 U& e( C" v2 ~2 [ c# k4 Y: o
重启服务8 Z! s; g( @' x# ?9 e5 e# P
9 {5 K+ S+ u# o7 r7 n B7 @& v
( M1 U. p; G. u* u
3 u. m0 o& O: V; P! a
# systemctl restart neutron-openvswitch-agent) \3 d( A( P3 e- n& @
3 _' _- Q T$ d$ `( S' H配置drv
z$ ?) o0 i* h. c1 w, v; z
; |+ F7 ^. @+ J控制节点:$ G8 |& w2 n/ v# l# E2 R* C
3 }4 y$ f, Q9 B5 s1 a3 `
openstack-config --set /etc/neutron/neutron.conf DEFAULT router_distributed True
! b- o" Y0 n0 y3 `% l& [+ m% i9 L4 E& I4 ?+ g/ a/ N
! f+ s$ b1 p! I+ t& c# J: k& i1 }* C5 R/ h5 v- u2 {
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini DEFAULT enable_distributed_routing True
, A: ?+ m! `; V Bopenstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr_snat; J/ a6 B! a ~1 h( v, r
计算节点:
0 V. X$ b9 i* P% ^: y" `, G1 Z# v" v& M D8 _/ N6 I
修改配置文件/etc/neutron/l3_agent.ini
' O8 z# W$ X8 a. F( g+ D2 e8 s' D9 f- V5 i% f f8 Y
# cp -a /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini_bak
! G7 l6 E" x: ]! U, Q6 `2 l% Q) G; R$ U# n3 e1 I
: o' g$ l* W% N2 C5 P6 L
' H* O6 d) t* R. D, u4 {[DEFAULT]. e) Y% y6 D% @* s1 D2 S4 j" X# |8 N; r& |1 w
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
# S3 R/ X% {& a: v/ t9 _$ n0 [$ y7 c1 G) Q: m; d/ S \$ G
* B9 b" {9 _) R
) E3 q; L6 y' V' n# K+ A& ?2 |
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr ! q4 h: `/ Q8 N/ P. R4 H E3 Y
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini DEFAULT enable_distributed_routing True! ^9 v5 F1 c+ u
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs bridge_mappings physnet1:br-eth1* ^+ b0 B' d6 r" P
* G' Y0 \/ o) Y创建网桥
7 D/ u. ^% @3 B, ?/ C$ X6 P# w' @
) z0 ]: ~6 x ^1 L0 x, }4 c
, x, p6 C& o# ]; H* p% x6 p* }: lovs-vsctl add-br br-eth1
2 N) t/ Z1 a. |0 oovs-vsctl add-port br-eth1 ens33(业务网), p/ \5 d+ q8 u4 X9 e- J
; T! ?5 g, a( J. ?8 B计算节点上重启 neutron-l3-agent服务(默认没开启)& i; ~% S3 |% }3 w& {
$ L! W; o7 r: |" _
7 d3 A/ o# `' t. L% o- ^
. P. t- U q# @: V- w F
systemctl restart neutron-l3-agent.service
- c( b/ j& L9 p0 A) v$ Y# y+ bsystemctl enable neutron-l3-agent.service
: C' `7 N6 ]3 M1 L# D
' I; _) e2 {0 l( ?3 y5 o3 l$ b% z验证- ~" K- b+ }$ R5 t( p
: D" c+ @# x, p }
创建路由器! l0 |. Q* X( l2 A$ x% N2 J
. H( I$ m# Y* n G: c9 [2 h1 Q. \. R% u+ C' s& }0 @
3 M% E! K' R5 ?# u! h4 s4 A) G
# openstack router create router01
* ^" A8 j. t7 W, I/ v6 }$ f; h) ^( h, z/ Z; r
创建内部网络& E+ I. C' z2 f0 n9 H
) @3 T! u2 z' q5 D4 O
# `- h+ S( e( o7 f5 ^% L
+ i% q8 T& p; q: l# openstack network create int_net --provider-network-type vxlan ) J& _( M1 m1 f
8 a8 Q1 g( K' l4 w% b4 t5 X创建子网
, O3 q# t1 z. p. s, S; r+ }; G0 J' t$ y) J' w
0 n e9 C7 @- N8 O) @
- P2 |7 e0 x; @, D8 L
# openstack subnet create subnet1 --network int_net \" m' h& X4 F* V; }. R
--subnet-range 10.18.100.0/24 --gateway 10.18.100.1 \! x# v8 |3 I: L) L3 |; S
--dns-nameserver 114.114.114.114: }, r) O! E3 I, F7 g' ~, D
5 X4 @8 ?) i, Z) b将内部网络添加到路由器上
7 j% Y9 Z( n% y8 c# ?5 _7 ~
2 A# i4 v& s8 Y+ S
, V, j: X/ E: L5 m# l, A5 v; |! u4 ~; p+ h0 H
# openstack router add subnet router01 subnet1$ l9 Q6 X6 c6 Q, E
' U3 G; z( ~$ ?2 i
创建外部网络
- A2 [" K- q2 [7 X% ]
5 X4 B% l/ p- [' T9 O/ W
0 I- j6 ]) |# G/ F0 x% C+ |
# q) K0 {9 A$ C! e# openstack network create \3 u5 o, V4 y0 P. U' t" M5 B$ P" h2 p' Q
--provider-physical-network physnet1 \% l% h/ p9 f) q7 a% i4 R M
--provider-network-type flat --external ext_net 4 L. Z! f+ w0 T
2 o! g6 _$ G: [; C. v2 s0 [5 T
创建外部网络子网
& O& e0 }5 Y! C8 U7 F8 O4 b+ s! N" f. V' }/ ^* n+ O4 ?+ g- d5 I
" r5 e) q) w9 Q' v, t1 I
/ ~: g' _6 b: [$ l! q4 n |) @# openstack subnet create subnet2 \5 }- \" b2 |' r& g- w$ S
--network ext_net --subnet-range 10.16.100.0/24 \
3 x, r8 a9 s' C& M2 a--allocation-pool start=10.16.100.200,end=10.16.100.254 \, O f. J( u% V
--gateway 10.16.100.1 --dns-nameserver 114.114.114.114; I0 O& r4 p& p2 F- p' t, [" a
0 c2 K1 `+ R. d/ x2 t- w6 n将网络添加到路由器上
0 S% H" t ?& I* u
) {' A4 i. v1 M1 D/ d5 l; H+ n; J b% y
; k1 Q& z: ~+ P' C8 p
# openstack router set router01 --external-gateway ext_net
8 c6 G E# u! C" e7 h5 @5 B2 K2 Q U# i9 V. y
创建flavor
2 M; C" `0 H F# ]8 I! w& `: j6 _1 V; M3 e- N/ j+ C% U
! M: N6 B7 H0 e2 L" B0 l/ t
0 w: a: O: @% i& |4 s9 [: Q
# openstack flavor create --vcpus 1 --ram 512 --disk 1 test
/ a( m# X2 {- E* D3 `& y2 z ]' b1 P' P: ]3 H$ v
查看网络
* u& Z& m+ s# }4 u# `
: P9 r' ?8 s2 l5 A3 \ L# J( O; @' `: m, a4 Y
g2 b9 J# y l0 X% i# Int_Net_ID=`openstack network list | grep int_net | awk '{ print $2 }'`
r( L! u1 I& M6 K5 d, D* X2 }% C# openstack image list
. l$ s3 J2 L# v' |
3 Y) c+ h& `4 `* W; C, D! E0 S创建keypair
" `; E8 w9 T! e+ X2 u# Y$ h v2 R
+ |/ L) t/ b) W
* c; [7 h/ \9 R# I
' ~. ]3 C z* Q( A7 a9 A# Y9 K# ssh-keygen -q -N "" , Q( U+ i. m/ |8 g
Enter file in which to save the key (/root/.ssh/id_rsa):2 e, S4 L; o+ T; c/ c5 J$ v: y
& Z! \, j" R* {- @: g
添加公钥6 X. A( T+ d$ \+ t! j
% d4 W6 h# E6 d; z
# r5 |' p5 T- W1 r. G. `! s: Q l7 @2 P$ V/ Z
# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
' |6 B; i( S9 Z- c/ c; ]
( M2 A4 m7 R l; H4 E1 J% T创建虚拟机
* U8 f. q" K3 _; l; {
5 C0 a3 ~/ M) E/ l/ J, T1 i: y9 K
, o1 |7 ?+ w$ T; m/ ~+ v3 K% l2 h% B* w! S% B$ `/ z* h. Z
# openstack server create --flavor m1.small --image cirros--security-group default --nic net-id=$Int_Net_ID --key-name mykey cirros
9 f! [8 i# a1 y; G
( N( n# I' v' q" T/ j6 b
2 R' {3 [: ^+ O" L4 f) {
2 ], X& ~7 C# d8 n1 |# Q3 w# openstack server list
) i% t8 f. a. I* d, `$ x5 Y2 L6 Q( Q$ i: }
分配浮动IP
5 g" B% J9 A& ]& N1 [. x2 H! E" z5 A& Z0 q# q
) ^2 W1 w. R5 j5 J+ L" |( [: k- ~0 Q) A( _2 Y
# openstack floating ip create ext_net 4 }0 Y( S/ M% ~. _% {. |7 u1 ~
1 b: |7 p8 N0 W) l
分配浮动IP给虚拟机( n6 @' n( n7 q' _. H2 f
9 E3 o3 Y* J: l7 K& K# `) w7 L+ K; h) }: @
' y" g7 ^* I( o; d+ a+ n# openstack server add floating ip cirros 172.16.100.201
/ ~/ V# t3 e' i( d4 N0 |4 y5 l5 @) A3 D2 i% t7 g Z) m
确认配置
% ~6 a* I, @! J
* F% |/ H& n5 O- K. K' N; M9 U4 @/ r9 \& u- G. e Y$ b
; H( H8 x) E* Y2 K6 B5 X. W# openstack floating ip show 10.16.100.201 1 n, T8 C3 }$ T, Z
3 v+ u# b+ R* B$ h( G& g查看虚拟机
& }% Z# `% z/ B% P$ j' z( s, g3 W* P# V; ^ l- j
, T) A8 t: y% I+ Q% l, ?
: ~' G7 U, [1 ?; a! ]* @( O# openstack server list " i& a [& j* h& f7 n; q
, ]% L8 Z9 b. S8 }1 j( E
配置安全组icmp/ f0 I7 _, i) Z4 ^
# n- W! U9 H9 e
$ }# q+ U+ H" s" g
; l( l, i' b; m; a8 k- D
# openstack security group rule create --protocol icmp --ingress default S4 x5 \4 P9 y7 g% A
, P7 y% h2 P! V$ N! A配置安全组SSH; ~' X. q6 ?; @
/ u) v5 Y# D; v. c$ G* S/ d
( ^5 h& H. T( H8 f2 \' d. u0 s$ q: y/ W, r, h F
# openstack security group rule create --protocol tcp --dst-port 22:22 default
/ N4 k6 u& Y# {; m4 y
; Z6 _! }0 J/ E6 o# A1 q& R3 P查看安全组8 i8 l9 a! x5 r0 |
/ b9 I d7 r4 N+ y; b
0 u2 E* e* V7 {) G# ^! n9 e
& s4 ]" ~3 M) \) E2 o: R# openstack security group rule list " \2 K# L' l; M6 S% V
: Q, {! ] J+ q, @% M6 V* a查看虚拟机
; f* f# d5 t$ o# a0 N6 p( p9 O) E+ S8 j, {% I1 n$ l
3 ^" K+ `% h" T* n0 N4 ^
. a" D/ {, c+ t0 M
# openstack server list 1 T! M& x/ [$ a- `, ?3 G* ?
: G% A# u5 N2 `+ A登录虚拟机
. @8 i: H- X, A+ K* k! o' E9 B8 j1 A/ z3 Z
9 \: A- R3 _4 h3 J# v' B6 ]: _ m' T5 w9 H/ v
# ssh cirros@172.16.100.201 6 i4 n* v" i6 q! a
The authenticity of host '172.16.100.201 (172.16.100.201)' can't be established.
5 b7 W! K* J4 T, U) UECDSA key fingerprint is 94:11:48:02:fa:62:ff:9c:c4:75:8f:eb:16:62:a9:ff.
9 y* Z q0 S5 g9 P6 F% ~Are you sure you want to continue connecting (yes/no)? yes
, I* B0 x& c7 q6 dWarning: Permanently added '172.16.100.201' (ECDSA) to the list of known hosts.
4 }5 u2 a& |. d
' s% ]( {' W8 r2 }/ y# Z) a( h$ I& Y$ h+ [4 D0 F1 X
|
|
发表于 2018-9-26 09:51:06