openstack虚拟机配置vip

openstack配置vip
1.导入环境变量
source admin-openrc.sh

2.执行命令neutron net-list查看网络,找到自己需要设置的网络,获取subnet_id和network_id

3.创建port来占用ip,保证neutron不会将此IP在分配出去,导致IP冲突问题。

neutron port-create --fixed-ip subnet_id=,ip_address=
注:
替换subnet_id为neutron net-list中查看到的subnet_id
替换vip为需要配置的vip地址
替换network_ID为neutron net-list中查看到的network_id

neutron port-create --fixed-ip subnet_id=46c12a96-d1b6-4951-b57c-8884457f3e86,ip_address=10.10.4.131 b7fff54f-ae3a-45ae-8d84-228b7bc41059

4、执行命令neutron port-list查看端口,找到VIP的Port ID以及需要使用VIP的虚拟机的IP对应的Port id
比如两台虚拟机做HA绑定vip,那么需要查看两台虚拟机的port ID和这个vip的port ID

neutron port-list|grep 4.131

5、取消安全组对应端口的管理

neutron port-update --no-security-groups
neutron port-update --port_security_enabled=false
注:
替换Port_id为之前neutron port-list中找到的Port_id

neutron port-update --no-security-groups 25758e55-9480-4a4c-9fe3-a9814ac00072
neutron port-update --port_security_enabled=false 25758e55-9480-4a4c-9fe3-a9814ac00072

6、此时执行命令neutron port-show

可看到port_security_enabled的value为False,security_groups的value为空,即OK,这样两个端口就没有了安全组了

[[root@manager ~]# neutron port-show dbb1d245-2ece-40c6-853e-df2734873924
±----------------------±-------------------------------------------------------------------------------------+
| Field | Value |
±----------------------±-------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:host_id | node5 |
| binding:profile | {} |
| binding:vif_details | {“port_filter”: true} |
| binding:vif_type | bridge |
| binding:vnic_type | normal |
| created_at | 2018-12-25T02:05:51 |
| description | |
| device_id | 30a7fd91-34bc-43a7-83cd-2e51cb987619 |
| device_owner | compute:nova |
| extra_dhcp_opts | |
| fixed_ips | {“subnet_id”: “46c12a96-d1b6-4951-b57c-8884457f3e86”, “ip_address”: “10.10.4.161”} |
| id | dbb1d245-2ece-40c6-853e-df2734873924 |
| mac_address | fa:16:3e:e3:24:08 |
| name | |
| network_id | b7fff54f-ae3a-45ae-8d84-228b7bc41059 |
| port_security_enabled | True |
| security_groups | 7b318b1e-fa4c-4ac3-8b2c-6767bce7b6e7 |
| status | ACTIVE |
| tenant_id | 6ae3bb9cf1504355bfae9b911c50a19e |
| updated_at | 2019-02-11T01:33:58 |
±----------------------±-------------------------------------------------------------------------------------+

VIP和需要使用VIP的虚拟机都执行4、5、6步,比如配置HA,VIP+两台虚拟机,总共3个Port,都需要执行4、5、6步,然后就可以在这两台虚拟机上搭建keepalived集群使用10.10.4.131这个vip了

# 注意:每个运行虚拟机的IP和VIP都需要设置此操作。

[root@manager ~]# neutron port-list|grep 10.10.4.102
| 7974c3f7-8ba0-4c66-953c-ae954ae4e896 | | fa:16:3e:aa:b8:a4 | {“subnet_id”: “46c12a96-d1b6-4951-b57c-8884457f3e86”, “ip_address”: “10.10.4.102”} |

neutron port-update --no-security-groups 7974c3f7-8ba0-4c66-953c-ae954ae4e896
neutron port-update --port_security_enabled=false 7974c3f7-8ba0-4c66-953c-ae954ae4e896

[root@manager ~]# neutron port-list|grep 4.113
| 8ee0d442-8104-485c-b512-f3126ae4b10c | | fa:16:3e:e6:74:fc | {“subnet_id”: “46c12a96-d1b6-4951-b57c-8884457f3e86”, “ip_address”: “10.10.4.113”} |

neutron port-update --no-security-groups 8ee0d442-8104-485c-b512-f3126ae4b10c
neutron port-update --port_security_enabled=false 8ee0d442-8104-485c-b512-f3126ae4b10c

你可能感兴趣的:(openstack)