作者:【吴业亮】
博客:https://wuyeliang.blog.csdn.net/
配置vxlan
各个控制节点
修改配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks physnet1
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
重启服务
# systemctl restart neutron-server
创建网桥
# ovs-vsctl add-br br-eth1
将网卡加到网桥中
# ovs-vsctl add-port br-eth1 ens33
修改配置文件/etc/neutron/plugins/ml2/openvswitch_agent.ini
[agent]
tunnel_types = vxlan
l2_population = True
prevent_arp_spoofing = True
[ovs]
local_ip = 172.16.8.60 #各个节点的管理网IP
bridge_mappings = physnet1:br-eth1
重启neutron服务
# for service in dhcp-agent l3-agent metadata-agent openvswitch-agent; do
systemctl restart neutron-$service
done
计算节点
修改配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks physnet1
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
修改配置文件/etc/neutron/plugins/ml2/openvswitch_agent.ini
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent tunnel_types vxlan
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent l2_population True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini prevent_arp_spoofing True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs local_ip 172.16.8.63
重启服务
# systemctl restart neutron-openvswitch-agent
配置drv
控制节点:
openstack-config --set /etc/neutron/neutron.conf DEFAULT router_distributed True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini DEFAULT enable_distributed_routing True
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr_snat
计算节点:
修改配置文件/etc/neutron/l3_agent.ini
# cp -a /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini_bak
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT agent_mode dvr
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini DEFAULT enable_distributed_routing True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs bridge_mappings physnet1:br-eth1
创建网桥
ovs-vsctl add-br br-eth1
ovs-vsctl add-port br-eth1 ens33(业务网)
计算节点上重启 neutron-l3-agent服务(默认没开启)
systemctl restart neutron-l3-agent.service
systemctl enable neutron-l3-agent.service
验证
创建路由器
# openstack router create router01
创建内部网络
# openstack network create int_net --provider-network-type vxlan
创建子网
# openstack subnet create subnet1 --network int_net \
--subnet-range 10.18.100.0/24 --gateway 10.18.100.1 \
--dns-nameserver 114.114.114.114
将内部网络添加到路由器上
# openstack router add subnet router01 subnet1
创建外部网络
# openstack network create \
--provider-physical-network physnet1 \
--provider-network-type flat --external ext_net
创建外部网络子网
# openstack subnet create subnet2 \
--network ext_net --subnet-range 10.16.100.0/24 \
--allocation-pool start=10.16.100.200,end=10.16.100.254 \
--gateway 10.16.100.1 --dns-nameserver 114.114.114.114
将网络添加到路由器上
# openstack router set router01 --external-gateway ext_net
创建flavor
# openstack flavor create --vcpus 1 --ram 512 --disk 1 test
查看网络
# Int_Net_ID=`openstack network list | grep int_net | awk '{ print $2 }'`
# openstack image list
创建keypair
# ssh-keygen -q -N ""
Enter file in which to save the key (/root/.ssh/id_rsa):
添加公钥
# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
创建虚拟机
# openstack server create --flavor m1.small --image cirros--security-group default --nic net-id=$Int_Net_ID --key-name mykey cirros
# openstack server list
分配浮动IP
# openstack floating ip create ext_net
分配浮动IP给虚拟机
# openstack server add floating ip cirros 172.16.100.201
确认配置
# openstack floating ip show 10.16.100.201
查看虚拟机
# openstack server list
配置安全组icmp
# openstack security group rule create --protocol icmp --ingress default
配置安全组SSH
# openstack security group rule create --protocol tcp --dst-port 22:22 default
查看安全组
# openstack security group rule list
查看虚拟机
# openstack server list
登录虚拟机
# ssh [email protected]
The authenticity of host '172.16.100.201 (172.16.100.201)' can't be established.
ECDSA key fingerprint is 94:11:48:02:fa:62:ff:9c:c4:75:8f:eb:16:62:a9:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.100.201' (ECDSA) to the list of known hosts.