架構圖:
環境:
| openstack版本 | pike |
| 控制節點主機 | openstack-controller(ubuntu 16.04.5) 172.27.34.37/137 esn160、ens192、ens224 |
| 計算節點主機 | openstack-computer(ubuntu 16.04.5) 172.27.34.38/138 esn160、ens192 |
| vxlan100 | centos01(172.27.100.5, floating ip172.27.34.11) |
| vxlan101 | centos02(172.27.101.22,floating ip172.27.34.12) |
ubuntu安裝詳見:Ubuntu16.04.5以lvm方式安裝全記錄
openstack安裝詳見:OpenStack實踐(一):Ubuntu16.04下DevStack方式搭建p版OpenStack
本文測試內容有:
實例centos01和centos02之間能互通;
實例centos01和centos02可訪問外網;
floating ip配置,爲instance分配浮動ip,外網可直接訪問實例;
內網配置
內網採用vxlan,配置如下:
stack@openstack-controller:~$ source devstack/openrc admin admin stack@openstack-controller:~$ view /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] tenant_network_types = vxlan extension_drivers = port_security mechanism_drivers = openvswitch,l2population type_drivers = local,flat,vlan,gre,vxlan,geneve [agent] tunnel_types = vxlan l2_population = True [ovs] datapath_type = system bridge_mappings = tunnel_bridge = br-tun local_ip = 172.27.34.137
計算節點local_ip=172.27.34.138,其它相同。
重啓後生效
stack@openstack-controller:~$ sudo systemctl restart devstack@q*
VXLAN創建
創建vxlan100和vxlan101
圖形化方式
創建vlan100
網絡名稱爲vxlan100,段id爲100
子網爲172.27.100.0/24
激活DHCP
創建完成
命令方式
創建網絡vxlan101
stack@openstack-controller:~$ openstack network create --provider-network-type vxlan --provider-segment 101 --project admin vxlan101
創建子網subnet172.27.101.0
stack@openstack-controller:~$ openstack subnet create --network vxlan101 --subnet-range 172.27.101.0/24 --gateway 172.27.101.1 subnet172.27.101.0
外網配置
外網採用flat,配置如下
在控制節點執行
stack@openstack-controller:~$ view /etc/neutron/plugins/ml2/ml2_conf.ini [ml2_type_flat] flat_networks = externaltt [ovs] bridge_mappings = externaltt:br-ens224
創建網橋br-ens224並將物理網卡ens224橋接在br-ens224上
stack@openstack-controller:~$ sudo ovs-vsctl add-br br-ens224 stack@openstack-controller:~$ sudo ovs-vsctl add-port br-ens224 ens224
重啓網絡服務
stack@openstack-controller:~$ sudo systemctl restart devstack@q*
創建外網ext_net_flat
stack@openstack-controller:~$ openstack network create --provider-network-type flat --provider-physical-network externaltt --project admin --external ext_net_flat
創建子網subnet172.27.34.0
stack@openstack-controller:~$ openstack subnet create --network ext_net_flat --subnet-range 172.27.34.0/24 --gateway 172.27.34.1 --no-dhcp subnet172.27.34.0
查看創建的網絡
stack@openstack-controller:~$ openstack network list
創建路由
創建路由router_100_101
stack@openstack-controller:~$ openstack router create --project admin router_100_101
將路由器連接到外部網絡
stack@openstack-controller:~$ openstack router set router_100_101 --external-gateway ext_net_flat
將路由器連接到子網
stack@openstack-controller:~$ openstack router add subnet router_100_101 subnet172.27.101.0 stack@openstack-controller:~$ openstack router add subnet router_100_101 subnet172.27.100.0
查看路由信息
stack@openstack-controller:~$ openstack router list
創建實例
製作鏡像
上傳介質CentOS-7-x86_64-GenericCloud-1809.qcow2c至/tmp目錄,下載地址:http://cloud.centos.org/centos/7/images/
生成鏡像centos7
stack@openstack-controller:/tmp$ openstack image create centos7 --file CentOS-7-x86_64-GenericCloud-1809.qcow2c --disk-format qcow2 --container-format bare --public
新建密鑰對
新建密鑰對centos7
stack@openstack-controller:~$ mkdir keys stack@openstack-controller:~$ cd keys stack@openstack-controller:~/keys$ openstack keypair create centos7 > centos7.pem stack@openstack-controller:~/keys$ chmod 600 centos7.pem stack@openstack-controller:~/keys$ ll total 12 drwxrwxr-x 2 stack stack 4096 Jan 24 10:53 ./ drwxr-xr-x 27 stack stack 4096 Jan 24 10:52 ../ -rw------- 1 stack stack 1680 Jan 24 10:53 centos7.pem
查看密鑰對
stack@openstack-controller:~$ nova keypair-list
創建安全組
創建安全組centos7
stack@openstack-controller:~$ openstack security group create centos7
新增規則允許ping和ssh
stack@openstack-controller:~$ openstack security group rule create --protocol icmp centos7 stack@openstack-controller:~$ openstack security group rule create --protocol TCP --dst-port 22 centos7
查看安全組和規則
stack@openstack-controller:~$ openstack security group list stack@openstack-controller:~$ openstack security group rule list centos7
創建實例
創建實例centos01
stack@openstack-controller:~$ nova boot --flavor m1.small --image centos7 --availability-zone nova:openstack-controller --nic net-name=vxlan100 --key-name centos7 --security-groups centos7 centos01
flavor選擇m1.small,計算節點選擇openstack-controller,網絡選擇vxlan100。
創建實例centos02
stack@openstack-controller:~$ nova boot --flavor m1.small --image centos7 --availability-zone nova:openstack-controller --nic net-name=vxlan101 --key-name centos7 --security-groups centos7 centos02
flavor選擇m1.small,計算節點選擇openstack-controller,網絡選擇vxlan101。
查看創建的實例
stack@openstack-controller:~$ nova list
創建浮動ip
創建floating IP
創建floating IP 172.27.34.11/12
stack@openstack-controller:~$ openstack floating ip create --project admin --floating-ip-address 172.27.34.11 ext_net_flat stack@openstack-controller:~$ openstack floating ip create --project admin --floating-ip-address 172.27.34.12 ext_net_flat stack@openstack-controller:~$ openstack floating ip list
浮動ip關聯實例
關聯的命令執行方式爲
stack@openstack-controller:~$ nova floating-ip-associate centos01 172.27.34.11 stack@openstack-controller:~$ nova floating-ip-associate centos02 172.27.34.12
查看實例浮動ip
stack@openstack-controller:~$ nova list
測試
登陸實例
登陸實例centos01
stack@openstack-controller:~/keys$ ssh -i centos7.pem [email protected]
ping外網
[centos@centos01 ~]$ ping www.baidu.com
ping centos02
[centos@centos01 ~]$ ping 172.27.101.22
架構圖分析
端口查看
vxlan100
vxlan101
查看網橋
root@openstack-controller:~# ovs-vsctl show
root@openstack-controller:~# brctl show
patch port查看
br-int與br-tun的patch port
br-int與br-tun通過patch port"patch-tun"和"br-tun"連接
br-int與br-ens224的patch port
br-int與br-ens224這兩個網橋通過int-br-ens224和phy-br-ens224連接在一起了。
Linux Bridge方式詳見:OpenStack實踐(四):Linux Bridge方式實現floating IP
參考文章:
https://docs.openstack.org/zh_CN/user-guide/index.html