啓動實例前至少須要配置好nova和neutron服務,固然實際中cinder服務也是必須的,不然一臺虛擬是能夠啓動,但沒有數據卷也是不合常理的。啓動實例以前須要事先建立好網絡模型,私有網絡模型是包含公有網絡模型的,因此咱們前面配置netron服務時直接選擇了私有網絡模型,固然此時咱們要想啓動實例,公有網絡模型和私有網絡模型咱們均可以選擇,本實驗中咱們會先帶你們在公有網絡模型下啓動一個實例,私有網絡模型下啓動實例要比公有網絡下複雜一些。html
第一步:建立物理網絡linux
[root@controller ~]# . admin-openrc安全
[root@controller ~]# neutron net-list網絡
[root@controller ~]# neutron net-create --shared --provider:physical_network provider \app
> --provider:network_type flat providerssh
Created a new network:tcp
+---------------------------+--------------------------------------+ide
| Field | Value |oop
+---------------------------+--------------------------------------+post
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2017-07-17T05:06:56 |
| description | |
| id | 3bd7b504-e172-462b-a904-c7df815964b3 |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1500 |
| name | provider |
| port_security_enabled | True |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | 9b07e2a368214247bb3051e806f94f9b |
| updated_at | 2017-07-17T05:06:56 |
+---------------------------+--------------------------------------+
[root@controller ~]# neutron net-list //驗證新建的物理網絡
+--------------------------------------+----------+---------+
| id | name | subnets |
+--------------------------------------+----------+---------+
| 3bd7b504-e172-462b-a904-c7df815964b3 | provider | |
+--------------------------------------+----------+---------+
[root@controller ~]#
肯定如下配置後方可繼續第二步
[root@controller ~]# grep flat_networks /etc/neutron/plugins/ml2/ml2_conf.ini
flat_networks = provider
[root@controller ~]# grep physical_interface_mappings /etc/neutron/plugins/ml2/linuxbridge_agent.ini
physical_interface_mappings = provider:eth1
[root@controller ~]#
第二步:建立虛擬ip子網
[root@controller ~]# neutron subnet-create --name provider \
> --allocation-pool start=10.0.0.101,end=10.0.0.200 \
> --dns-nameserver 10.0.0.2 --gateway 10.0.0.1 \
> provider 10.0.0.0/16
Created a new subnet:
+-------------------+----------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------+
| allocation_pools | {"start": "10.0.0.101", "end": "10.0.0.200"} |
| cidr | 10.0.0.0/16 |
| created_at | 2017-07-20T10:03:49 |
| description | |
| dns_nameservers | 10.0.0.2 |
| enable_dhcp | True |
| gateway_ip | 10.0.0.1 |
| host_routes | |
| id | 7e8b9dbb-28a3-406d-b598-4837030cbba4 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | provider |
| network_id | 3bd7b504-e172-462b-a904-c7df815964b3 |
| subnetpool_id | |
| tenant_id | 9b07e2a368214247bb3051e806f94f9b |
| updated_at | 2017-07-20T10:03:49 |
+-------------------+----------------------------------------------+
[root@controller ~]# neutron net-list //驗證新建的子網
+--------------------------------------+-------------+-----------------------------------------------------+
| id | name | subnets |
+--------------------------------------+-------------+-----------------------------------------------------+
| 3bd7b504-e172-462b-a904-c7df815964b3 | provider | 7e8b9dbb-28a3-406d-b598-4837030cbba4 10.0.0.0/16 |
+--------------------------------------+-------------+-----------------------------------------------------+
[root@controller ~]# neutron subnet-list
+--------------------------------------+-------------+----------------+--------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+-------------+----------------+--------------------------------------------------+
| 7e8b9dbb-28a3-406d-b598-4837030cbba4 | provider | 10.0.0.0/16 | {"start": "10.0.0.101", "end": "10.0.0.200"} |
+--------------------------------------+-------------+----------------+--------------------------------------------------+
[root@controller ~]#
建立完公有網絡後controller節點的網絡配置(外部網絡接口被做成了網橋)
[root@controller ~]# ifconfig
brq3b9946b0-b5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
ether 16:47:b9:f2:68:26 txqueuelen 0 (Ethernet)
RX packets 12 bytes 824 (824.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
brq3bd7b504-e1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.10 netmask 255.255.0.0 broadcast 10.0.255.255
ether 52:54:00:53:7f:28 txqueuelen 0 (Ethernet)
RX packets 33977 bytes 2249295 (2.1 MiB)
RX errors 0 dropped 3074 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.10 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::5054:ff:fef1:33de prefixlen 64 scopeid 0x20<link>
ether 52:54:00:f1:33:de txqueuelen 1000 (Ethernet)
RX packets 130108 bytes 11804441 (11.2 MiB)
RX errors 0 dropped 11178 overruns 0 frame 0
TX packets 2533 bytes 505388 (493.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::5054:ff:fe53:7f28 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:53:7f:28 txqueuelen 1000 (Ethernet)
RX packets 126740 bytes 10803713 (10.3 MiB)
RX errors 0 dropped 8025 overruns 0 frame 0
TX packets 13 bytes 886 (886.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 111.40.215.8 netmask 255.255.255.240 broadcast 111.40.215.15
inet6 fe80::5054:ff:fe53:7f82 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:53:7f:82 txqueuelen 1000 (Ethernet)
RX packets 714 bytes 63506 (62.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 522 bytes 75489 (73.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 59080 bytes 15674036 (14.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 59080 bytes 15674036 (14.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tapaa6b38e6-b4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
ether c6:08:f4:e0:14:97 txqueuelen 1000 (Ethernet)
RX packets 11 bytes 934 (934.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tapc98d7cfb-fc: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 6e:ce:36:11:4f:71 txqueuelen 1000 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 35369 bytes 2901093 (2.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tapde877f81-95: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
ether 62:26:33:15:17:49 txqueuelen 1000 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 524 (524.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vxlan-29: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
ether 16:47:b9:f2:68:26 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 12 overruns 0 carrier 0 collisions 0
[root@controller ~]#
建立自定義規格的主機模板(須要管理員權限)
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
[root@controller ~]#
以demo用戶身份建立一個密鑰對,以便自動注入到新建立的虛擬機中實現無密鑰登陸
[root@controller ~]# . demo-openrc
[root@controller ~]# ssh-keygen -q -N ""
Enter file in which to save the key (/root/.ssh/id_rsa):
[root@controller ~]# openstack keypair list
[root@controller ~]# ll -a .ssh
total 16
drwx------ 2 root root 54 Jul 17 11:00 .
dr-xr-x---. 5 root root 4096 Jul 16 23:04 ..
-rw------- 1 root root 1679 Jul 17 11:00 id_rsa
-rw-r--r-- 1 root root 397 Jul 17 11:00 id_rsa.pub
-rw-r--r-- 1 root root 366 Jul 16 18:06 known_hosts
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 4e:79:f9:ae:82:1d:96:40:54:ca:09:a3:a1:e9:61:3c |
| name | mykey |
| user_id | deb3adea97e34fee9161a47940762a53 |
+-------------+-------------------------------------------------+
[root@controller ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 4e:79:f9:ae:82:1d:96:40:54:ca:09:a3:a1:e9:61:3c |
+-------+-------------------------------------------------+
[root@controller ~]#
在安全組上開放相應服務(這裏開放icmp和ssh的22端口)
[root@controller ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| 8e90c78c-9ddd-45da-bf00-95747ca3f7c9 | default | Default security group | 0200f6457da84abd9055a5c192386747 |
+--------------------------------------+---------+------------------------+----------------------------------+
[root@controller ~]# openstack security group rule list
+--------------------------------------+-------------+----------+------------+-----------------------+--------------------------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group | Security Group |
+--------------------------------------+-------------+----------+------------+-----------------------+--------------------------------------+
| 9065821a-bf7c-4e82-af6b-ca410888f6a6 | | | | default | 8e90c78c-9ddd-45da-bf00-95747ca3f7c9 |
| 26b829bb-9ac8-4d8e-b0f1-fb714c58c0b9 | | | | default | 8e90c78c-9ddd-45da-bf00-95747ca3f7c9 |
+--------------------------------------+-------------+----------+------------+-----------------------+--------------------------------------+
[root@controller ~]# openstack security group rule create --proto icmp default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 2daade8f-9341-41f1-a42d-f2731ed48a0e |
| ip_protocol | icmp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | 8e90c78c-9ddd-45da-bf00-95747ca3f7c9 |
| port_range | |
| remote_security_group | |
+-----------------------+--------------------------------------+
[root@controller ~]# openstack security group rule list
+--------------------------------------+-------------+-----------+------------+-----------------------+--------------------------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group | Security Group |
+--------------------------------------+-------------+-----------+------------+-----------------------+--------------------------------------+
| 2daade8f-9341-41f1-a42d-f2731ed48a0e | icmp | 0.0.0.0/0 | | | 8e90c78c-9ddd-45da-bf00-95747ca3f7c9 |
| 26b829bb-9ac8-4d8e-b0f1-fb714c58c0b9 | | | | default | 8e90c78c-9ddd-45da-bf00-95747ca3f7c9 |
| 9065821a-bf7c-4e82-af6b-ca410888f6a6 | | | | default | 8e90c78c-9ddd-45da-bf00-95747ca3f7c9 |
+--------------------------------------+-------------+-----------+------------+-----------------------+--------------------------------------+
[root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 274c7803-9116-4036-b379-8f56b677b1e2 |
| ip_protocol | tcp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | 8e90c78c-9ddd-45da-bf00-95747ca3f7c9 |
| port_range | 22:22 |
| remote_security_group | |
+-----------------------+--------------------------------------+
[root@controller ~]# openstack security group rule list
+--------------------------------------+-------------+-----------+------------+-----------------------+--------------------------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group | Security Group |
+--------------------------------------+-------------+-----------+------------+-----------------------+--------------------------------------+
| 26b829bb-9ac8-4d8e-b0f1-fb714c58c0b9 | | | | default | 8e90c78c-9ddd-45da-bf00-95747ca3f7c9 |
| 274c7803-9116-4036-b379-8f56b677b1e2 | tcp | 0.0.0.0/0 | 22:22 | | 8e90c78c-9ddd-45da-bf00-95747ca3f7c9 |
| 2daade8f-9341-41f1-a42d-f2731ed48a0e | icmp | 0.0.0.0/0 | | | 8e90c78c-9ddd-45da-bf00-95747ca3f7c9 |
| 9065821a-bf7c-4e82-af6b-ca410888f6a6 | | | | default | 8e90c78c-9ddd-45da-bf00-95747ca3f7c9 |
+--------------------------------------+-------------+-----------+------------+-----------------------+--------------------------------------+
[root@controller ~]#
公有網絡上建立並啓動實例
使用demo用戶進行建立
[root@controller ~]# . demo-openrc
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
[root@controller ~]# openstack p_w_picpath list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 9b0a7de0-6ff5-488b-9067-813e8a88de98 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| 3bd7b504-e172-462b-a904-c7df815964b3 | provider | ac81ae62-b5c0-44de-ad4f-bc719481e1f5 |
+--------------------------------------+----------+--------------------------------------+
[root@controller ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| 8e90c78c-9ddd-45da-bf00-95747ca3f7c9 | default | Default security group | 0200f6457da84abd9055a5c192386747 |
+--------------------------------------+---------+------------------------+----------------------------------+
[root@controller ~]#
正式建立實例
[root@controller ~]# . demo-openrc
[root@controller ~]# openstack server list
[root@controller ~]# openstack server create --flavor m1.nano --p_w_picpath cirros \
> --nic net-id=3bd7b504-e172-462b-a904-c7df815964b3 --security-group default \
> --key-name mykey provider-instance
+--------------------------------------+-----------------------------------------------+
| Field | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | cAAsG6DvFQ7A |
| config_drive | |
| created | 2017-07-20T10:24:33Z |
| flavor | m1.nano (0) |
| hostId | |
| id | a8234b31-7acb-4f2c-abfc-34d8bfd76438 |
| p_w_picpath | cirros (9b0a7de0-6ff5-488b-9067-813e8a88de98) |
| key_name | mykey |
| name | provider-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 0200f6457da84abd9055a5c192386747 |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2017-07-20T10:24:34Z |
| user_id | deb3adea97e34fee9161a47940762a53 |
+--------------------------------------+-----------------------------------------------+
[root@controller ~]# openstack server list //查看活動的虛擬機實例
+--------------------------------------+-------------------+--------+---------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------------------+--------+---------------------+
| a8234b31-7acb-4f2c-abfc-34d8bfd76438 | provider-instance | ACTIVE | provider=10.0.0.102 |
+--------------------------------------+-------------------+--------+---------------------+
[root@controller ~]# openstack server show a8234b31-7acb-4f2c-abfc-34d8bfd76438 //使用ID查看實例的詳情
+--------------------------------------+----------------------------------------------------------+
| Field | Value |
+--------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-STS:power_state | 1 |
| OS-EXT-STS:task_state | None |
| OS-EXT-STS:vm_state | active |
| OS-SRV-USG:launched_at | 2017-07-20T10:24:46.000000 |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | provider=10.0.0.102 |
| config_drive | |
| created | 2017-07-20T10:24:33Z |
| flavor | m1.nano (0) |
| hostId | a33066b316f8685eaf842bff56b5d4806daae5ef486f84a9904f7e82 |
| id | a8234b31-7acb-4f2c-abfc-34d8bfd76438 |
| p_w_picpath | cirros (9b0a7de0-6ff5-488b-9067-813e8a88de98) |
| key_name | mykey |
| name | provider-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 0200f6457da84abd9055a5c192386747 |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | ACTIVE |
| updated | 2017-07-20T10:24:47Z |
| user_id | deb3adea97e34fee9161a47940762a53 |
+--------------------------------------+----------------------------------------------------------+
[root@controller ~]# openstack console url show provider-instance //查看實例的vnc訪問url
+-------+---------------------------------------------------------------------------------+
| Field | Value |
+-------+---------------------------------------------------------------------------------+
| type | novnc |
| url | http://controller:6080/vnc_auto.html?token=4bf6bd63-cda5-470c-9c89-d8d77539570f |
+-------+---------------------------------------------------------------------------------+
[root@controller ~]#
前往compute節點查看虛擬的啓動狀態
[root@compute1 ~]# virsh list --all
Id Name State
----------------------------------------------------
1 instance-00000001 running
[root@compute1 ~]#
ssh使用control節點上.ssh/id_rsa私鑰證書可直接無密碼登陸剛纔啓動的公網模型實例的cirros用戶
[root@controller ~]# ssh -p 22 -i .ssh/id_rsa cirros@10.0.0.102
The authenticity of host '10.0.0.102 (10.0.0.102)' can't be established.
RSA key fingerprint is f2:f0:81:f3:9d:83:05:a6:03:1e:31:b1:41:56:19:5c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.102' (RSA) to the list of known hosts.
$ id
uid=1000(cirros) gid=1000(cirros) groups=1000(cirros)
$ pwd
/home/cirros
$ ifconfig
eth0 Link encap:Ethernet HWaddr FA:16:3E:6F:8A:7C
inet addr:10.0.0.102 Bcast:10.0.255.255 Mask:255.255.0.0
inet6 addr: fe80::f816:3eff:fe6f:8a7c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:80032 errors:0 dropped:7242 overruns:0 frame:0
TX packets:180 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6665274 (6.3 MiB) TX bytes:19314 (18.8 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:11 errors:0 dropped:0 overruns:0 frame:0
TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1232 (1.2 KiB) TX bytes:1232 (1.2 KiB)
$ ping -c 4 10.0.0.10
PING 10.0.0.10 (10.0.0.10): 56 data bytes
64 bytes from 10.0.0.10: seq=0 ttl=64 time=0.619 ms
64 bytes from 10.0.0.10: seq=1 ttl=64 time=1.082 ms
64 bytes from 10.0.0.10: seq=2 ttl=64 time=0.903 ms
64 bytes from 10.0.0.10: seq=3 ttl=64 time=0.965 ms
--- 10.0.0.10 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.619/0.892/1.082 ms
$
cirros用戶下的一些簡單操做
$ id
uid=1000(cirros) gid=1000(cirros) groups=1000(cirros)
$ pwd
/home/cirros
$ fdisk /dev/vda
fdisk: unable to open /dev/vda: Permission denied
$ sudo su
$ id
uid=0(root) gid=0(root) groups=0(root),10(wheel)
$ pwd
/root
$ fdisk /dev/vda
Command (m for help): p
Disk /dev/vda: 1073 MB, 1073741824 bytes
255 heads, 63 sectors/track, 130 cylinders, total 2097152 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
/dev/vda1 * 16065 2088449 1036192+ 83 Linux
Command (m for help): q
$ exit
Connection to 111.40.215.11 closed.
[root@controller ~]#
私有網絡建立並啓動實例
[root@controller ~]# . demo-openrc
[root@controller ~]# neutron net-list
+--------------------------------------+----------+------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+----------+------------------------------------------------------+
| 3bd7b504-e172-462b-a904-c7df815964b3 | provider | ac81ae62-b5c0-44de-ad4f-bc719481e1f5 111.40.215.0/28 |
+--------------------------------------+----------+------------------------------------------------------+
[root@controller ~]# neutron net-create selfservice
Created a new network:
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2017-07-18T10:26:22 |
| description | |
| id | 3b9946b0-b55a-4cdf-a1e4-252a9557fd06 |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1450 |
| name | selfservice |
| port_security_enabled | True |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | 0200f6457da84abd9055a5c192386747 |
| updated_at | 2017-07-18T10:26:22 |
+-------------------------+--------------------------------------+
[root@controller ~]# neutron net-list
+--------------------------------------+-------------+--------------------------------------------------+
| id | name | subnets |
+--------------------------------------+-------------+--------------------------------------------------+
| 3b9946b0-b55a-4cdf-a1e4-252a9557fd06 | selfservice | |
| 3bd7b504-e172-462b-a904-c7df815964b3 | provider | 7e8b9dbb-28a3-406d-b598-4837030cbba4 10.0.0.0/16 |
+--------------------------------------+-------------+--------------------------------------------------+
[root@controller ~]# egrep "tenant_network_types|vni_ranges" /etc/neutron/plugins/ml2/ml2_conf.ini //確認如下兩項值配置正確
tenant_network_types = vxlan
vni_ranges = 1:1000
[root@controller ~]# neutron subnet-create --name selfservice \
> --dns-nameserver 172.16.0.2 --gateway 172.16.0.1 \
> selfservice 172.16.0.0/24
Created a new subnet:
+-------------------+------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------+
| allocation_pools | {"start": "172.16.0.2", "end": "172.16.0.254"} |
| cidr | 172.16.0.0/24 |
| created_at | 2017-07-20T18:23:52 |
| description | |
| dns_nameservers | 172.16.0.2 |
| enable_dhcp | True |
| gateway_ip | 172.16.0.1 |
| host_routes | |
| id | e51d7043-49ff-45ab-a407-6739e0974144 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | selfservice |
| network_id | 3b9946b0-b55a-4cdf-a1e4-252a9557fd06 |
| subnetpool_id | |
| tenant_id | 0200f6457da84abd9055a5c192386747 |
| updated_at | 2017-07-20T18:23:52 |
+-------------------+------------------------------------------------+
[root@controller ~]# neutron subnet-list //驗證建立的私有網絡IP子網
+--------------------------------------+-------------+---------------+------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+-------------+---------------+------------------------------------------------+
| 7e8b9dbb-28a3-406d-b598-4837030cbba4 | provider | 10.0.0.0/16 | {"start": "10.0.0.101", "end": "10.0.0.200"} |
| e51d7043-49ff-45ab-a407-6739e0974144 | selfservice | 172.16.0.0/24 | {"start": "172.16.0.2", "end": "172.16.0.254"} |
+--------------------------------------+-------------+---------------+------------------------------------------------+
[root@controller ~]#
建立私有網絡路由(將私有網絡的路由上一個接口鏈接到私有網絡上,另外一個出口鏈接到公有網絡出口網卡上)
[root@controller ~]# . admin-openrc
[root@controller ~]# neutron net-update provider --router:external
Updated network: provider
[root@controller ~]# . demo-openrc
[root@controller ~]# neutron router-create router //建立一個私有網絡路由
Created a new router:
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| description | |
| external_gateway_info | |
| id | 3d8da905-0bdc-4d82-8c69-33b83155d17b |
| name | router |
| routes | |
| status | ACTIVE |
| tenant_id | 0200f6457da84abd9055a5c192386747 |
+-------------------------+--------------------------------------+
[root@controller ~]# neutron router-list //查看剛纔建立的路由
+--------------------------------------+--------+-----------------------+
| id | name | external_gateway_info |
+--------------------------------------+--------+-----------------------+
| 3d8da905-0bdc-4d82-8c69-33b83155d17b | router | null |
+--------------------------------------+--------+-----------------------+
[root@controller ~]# neutron router-interface-add router selfservice //給私有網絡添加一個路由
Added interface d962f154-1498-441d-8296-baf31fd57b69 to router router.
[root@controller ~]# neutron router-show 3d8da905-0bdc-4d82-8c69-33b83155d17b
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | nova |
| description | |
| external_gateway_info | |
| id | 3d8da905-0bdc-4d82-8c69-33b83155d17b |
| name | router |
| routes | |
| status | ACTIVE |
| tenant_id | 0200f6457da84abd9055a5c192386747 |
+-------------------------+--------------------------------------+
[root@controller ~]# neutron router-gateway-set router provider //給私有網絡路由器添加一個公網出口
Set gateway for router router
[root@controller ~]# neutron router-list
+--------------------------------------+--------+-------------------------------------------------------------------------------------------------------------------------------------------+
| id | name | external_gateway_info |
+--------------------------------------+--------+-------------------------------------------------------------------------------------------------------------------------------------------+
| 3d8da905-0bdc-4d82-8c69-33b83155d17b | router | {"network_id": "3bd7b504-e172-462b-a904-c7df815964b3", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "7e8b9dbb- |
| | | 28a3-406d-b598-4837030cbba4", "ip_address": "10.0.0.103"}]} |
+--------------------------------------+--------+-------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]#
驗證操做的正確性
[root@controller ~]# . admin-openrc
[root@controller ~]# ip netns
qrouter-3d8da905-0bdc-4d82-8c69-33b83155d17b (id: 2)
qdhcp-3b9946b0-b55a-4cdf-a1e4-252a9557fd06 (id: 0)
qdhcp-3bd7b504-e172-462b-a904-c7df815964b3 (id: 1)
[root@controller ~]# neutron router-port-list router
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------+
| d962f154-1498-441d-8296-baf31fd57b69 | | fa:16:3e:68:7b:60 | {"subnet_id": "e51d7043-49ff-45ab-a407-6739e0974144", "ip_address": "172.16.0.1"} |
| f6e285c1-48f5-4c79-bd4d-f94f110bbbcf | | fa:16:3e:86:09:4a | {"subnet_id": "7e8b9dbb-28a3-406d-b598-4837030cbba4", "ip_address": "10.0.0.103"} |
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------+
從控制節點上Ping這個私網路由的公網出口IP地址
[root@controller ~]# ping -c 4 10.0.0.103
PING 10.0.0.103 (10.0.0.103) 56(84) bytes of data.
64 bytes from 10.0.0.103: icmp_seq=1 ttl=64 time=0.143 ms
64 bytes from 10.0.0.103: icmp_seq=2 ttl=64 time=0.099 ms
64 bytes from 10.0.0.103: icmp_seq=3 ttl=64 time=0.095 ms
64 bytes from 10.0.0.103: icmp_seq=4 ttl=64 time=0.071 ms
--- 10.0.0.103 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.071/0.102/0.143/0.026 ms
[root@controller ~]#
私有網絡上建立實例
[root@controller ~]# . demo-openrc
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
[root@controller ~]# openstack p_w_picpath list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 9b0a7de0-6ff5-488b-9067-813e8a88de98 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# openstack network list
+--------------------------------------+-------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+-------------+--------------------------------------+
| 3b9946b0-b55a-4cdf-a1e4-252a9557fd06 | selfservice | e51d7043-49ff-45ab-a407-6739e0974144 |
| 3bd7b504-e172-462b-a904-c7df815964b3 | provider | 7e8b9dbb-28a3-406d-b598-4837030cbba4 |
+--------------------------------------+-------------+--------------------------------------+
[root@controller ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| 8e90c78c-9ddd-45da-bf00-95747ca3f7c9 | default | Default security group | 0200f6457da84abd9055a5c192386747 |
+--------------------------------------+---------+------------------------+----------------------------------+
[root@controller ~]# openstack server create --flavor m1.nano --p_w_picpath cirros \
> --nic net-id=3b9946b0-b55a-4cdf-a1e4-252a9557fd06 --security-group default \
> --key-name mykey selfservice-instance
+--------------------------------------+-----------------------------------------------+
| Field | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | None |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | 5bfK4dx8xSqt |
| config_drive | |
| created | 2017-07-21T07:17:16Z |
| flavor | m1.nano (0) |
| hostId | |
| id | a7c51098-20d7-4f01-b3b9-451694fddfb4 |
| p_w_picpath | cirros (9b0a7de0-6ff5-488b-9067-813e8a88de98) |
| key_name | mykey |
| name | selfservice-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 0200f6457da84abd9055a5c192386747 |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2017-07-21T07:17:17Z |
| user_id | deb3adea97e34fee9161a47940762a53 |
+--------------------------------------+-----------------------------------------------+
[root@controller ~]# openstack server list
+--------------------------------------+----------------------+---------+------------------------+
| ID | Name | Status | Networks |
+--------------------------------------+----------------------+---------+------------------------+
| a7c51098-20d7-4f01-b3b9-451694fddfb4 | selfservice-instance | ACTIVE | selfservice=172.16.0.3 |
| a8234b31-7acb-4f2c-abfc-34d8bfd76438 | provider-instance | SHUTOFF | provider=10.0.0.102 |
+--------------------------------------+----------------------+---------+------------------------+
[root@controller ~]# openstack server show a7c51098-20d7-4f01-b3b9-451694fddfb4
+--------------------------------------+----------------------------------------------------------+
| Field | Value |
+--------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-STS:power_state | 1 |
| OS-EXT-STS:task_state | None |
| OS-EXT-STS:vm_state | active |
| OS-SRV-USG:launched_at | 2017-07-21T07:17:30.000000 |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | selfservice=172.16.0.3 |
| config_drive | |
| created | 2017-07-21T07:17:16Z |
| flavor | m1.nano (0) |
| hostId | a33066b316f8685eaf842bff56b5d4806daae5ef486f84a9904f7e82 |
| id | a7c51098-20d7-4f01-b3b9-451694fddfb4 |
| p_w_picpath | cirros (9b0a7de0-6ff5-488b-9067-813e8a88de98) |
| key_name | mykey |
| name | selfservice-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 0200f6457da84abd9055a5c192386747 |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | ACTIVE |
| updated | 2017-07-21T07:17:30Z |
| user_id | deb3adea97e34fee9161a47940762a53 |
+--------------------------------------+----------------------------------------------------------+
[root@controller ~]# openstack console url show selfservice-instance //查看vnc訪問的url地址
+-------+---------------------------------------------------------------------------------+
| Field | Value |
+-------+---------------------------------------------------------------------------------+
| type | novnc |
| url | http://controller:6080/vnc_auto.html?token=792b5735-ce5c-41ef-ac96-d8dbaaa5c62a |
+-------+---------------------------------------------------------------------------------+
[root@controller ~]#
前往計算節點查看實例啓動狀況
[root@compute1 ~]# virsh list --all
Id Name State
----------------------------------------------------
1 instance-00000001 running
- instance-00000002 running
[root@compute1 ~]#
從控制節點上經過路由器登陸私有網絡啓動的這個實例
[root@controller ~]# . demo-openrc
[root@controller ~]# ip netns
qrouter-3d8da905-0bdc-4d82-8c69-33b83155d17b (id: 2)
qdhcp-3b9946b0-b55a-4cdf-a1e4-252a9557fd06 (id: 0)
qdhcp-3bd7b504-e172-462b-a904-c7df815964b3 (id: 1)
[root@controller ~]# ip netns exec qrouter-3d8da905-0bdc-4d82-8c69-33b83155d17b ping -c 4 172.16.0.3
PING 172.16.0.3 (172.16.0.3) 56(84) bytes of data.
64 bytes from 172.16.0.3: icmp_seq=1 ttl=64 time=2.37 ms
64 bytes from 172.16.0.3: icmp_seq=2 ttl=64 time=1.28 ms
64 bytes from 172.16.0.3: icmp_seq=3 ttl=64 time=1.20 ms
64 bytes from 172.16.0.3: icmp_seq=4 ttl=64 time=1.01 ms
--- 172.16.0.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 1.012/1.468/2.371/0.530 ms
[root@controller ~]# ip netns exec qrouter-3d8da905-0bdc-4d82-8c69-33b83155d17b ssh cirros@172.16.0.3
^C
[root@controller ~]# ip netns exec qrouter-3d8da905-0bdc-4d82-8c69-33b83155d17b ssh -p 22 cirros@172.16.0.3
The authenticity of host '172.16.0.3 (172.16.0.3)' can't be established.
RSA key fingerprint is b9:31:6a:e0:a1:aa:ee:31:de:c0:ad:1e:71:db:25:76.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.0.3' (RSA) to the list of known hosts.
$ ifconfig
eth0 Link encap:Ethernet HWaddr FA:16:3E:68:62:5D
inet addr:172.16.0.3 Bcast:172.16.0.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe68:625d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1
RX packets:150 errors:0 dropped:0 overruns:0 frame:0
TX packets:166 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:18559 (18.1 KiB) TX bytes:16896 (16.5 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
$ ping -c 4 172.16.0.1 //檢驗到網關的鏈接
PING 172.16.0.1 (172.16.0.1): 56 data bytes
64 bytes from 172.16.0.1: seq=0 ttl=64 time=1.213 ms
64 bytes from 172.16.0.1: seq=1 ttl=64 time=1.206 ms
64 bytes from 172.16.0.1: seq=2 ttl=64 time=1.146 ms
64 bytes from 172.16.0.1: seq=3 ttl=64 time=1.253 ms
--- 172.16.0.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 1.146/1.204/1.253 ms
$ ping -c 4 10.0.0.10 //檢驗從內網到外網的鏈接
PING 10.0.0.10 (10.0.0.10): 56 data bytes
64 bytes from 10.0.0.10: seq=0 ttl=63 time=1.232 ms
64 bytes from 10.0.0.10: seq=1 ttl=63 time=1.152 ms
64 bytes from 10.0.0.10: seq=2 ttl=63 time=1.231 ms
64 bytes from 10.0.0.10: seq=3 ttl=63 time=1.140 ms
--- 10.0.0.10 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 1.140/1.188/1.232 ms
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.16.0.1 0.0.0.0 UG 0 0 0 eth0
169.254.169.254 172.16.0.2 255.255.255.255 UGH 0 0 0 eth0
172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
$
cirros用戶切換到root用戶的一些簡單操做
$ id
uid=1000(cirros) gid=1000(cirros) groups=1000(cirros)
$ pwd
/home/cirros
$ fdisk /dev/vda
fdisk: unable to open /dev/vda: Permission denied
$ sudo su
$ id
uid=0(root) gid=0(root) groups=0(root),10(wheel)
$ pwd
/root
$ fdisk /dev/vda
Command (m for help): p
Disk /dev/vda: 1073 MB, 1073741824 bytes
255 heads, 63 sectors/track, 130 cylinders, total 2097152 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
/dev/vda1 * 16065 2088449 1036192+ 83 Linux
Command (m for help):
查看私網路由上的路由規則(目的是查看路由到實例的SNAT規則)
[root@controller ~]# ip netns exec qrouter-3d8da905-0bdc-4d82-8c69-33b83155d17b iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 6937 packets, 526K bytes)
pkts bytes target prot opt in out source destination
6937 526K neutron-l3-agent-PREROUTING all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 9 packets, 1976 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 3 packets, 204 bytes)
pkts bytes target prot opt in out source destination
3 204 neutron-l3-agent-OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5 372 neutron-l3-agent-POSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0
2 168 neutron-postrouting-bottom all -- * * 0.0.0.0/0 0.0.0.0/0
Chain neutron-l3-agent-OUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain neutron-l3-agent-POSTROUTING (1 references)
pkts bytes target prot opt in out source destination
3 204 ACCEPT all -- !qg-f6e285c1-48 !qg-f6e285c1-48 0.0.0.0/0 0.0.0.0/0 ! ctstate DNAT
Chain neutron-l3-agent-PREROUTING (1 references)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- qr-+ * 0.0.0.0/0 169.254.169.254 tcp dpt:80 redir ports 9697
Chain neutron-l3-agent-float-snat (1 references)
pkts bytes target prot opt in out source destination
Chain neutron-l3-agent-snat (1 references)
pkts bytes target prot opt in out source destination
2 168 neutron-l3-agent-float-snat all -- * * 0.0.0.0/0 0.0.0.0/0
2 168 SNAT all -- * qg-f6e285c1-48 0.0.0.0/0 0.0.0.0/0 to:10.0.0.103
0 0 SNAT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x2/0xffff ctstate DNAT to:10.0.0.103
Chain neutron-postrouting-bottom (1 references)
pkts bytes target prot opt in out source destination
2 168 neutron-l3-agent-snat all -- * * 0.0.0.0/0 0.0.0.0/0 /* Perform source NAT on outgoing traffic. */
[root@controller ~]#
流動IP固化
在公網上申請一個流動IP
[root@controller ~]# . demo-openrc
[root@controller ~]# openstack ip floating create provider //在公網上申請一個流動IP
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| fixed_ip | None |
| id | c6a7fd4c-ecc5-48f0-9a10-95bfdaaf8414 |
| instance_id | None |
| ip | 10.0.0.104 |
| pool | provider |
+-------------+--------------------------------------+
[root@controller ~]#
將申請的流動IP固定到指定實例上
[root@controller ~]# openstack ip floating add 10.0.0.104 selfservice-instance
[root@controller ~]# openstack server list //查看綁定過流動IP的實例的狀況
+--------------------------------------+----------------------+---------+------------------------------------+
| ID | Name | Status | Networks |
+--------------------------------------+----------------------+---------+------------------------------------+
| a7c51098-20d7-4f01-b3b9-451694fddfb4 | selfservice-instance | ACTIVE | selfservice=172.16.0.3, 10.0.0.104 |
| a8234b31-7acb-4f2c-abfc-34d8bfd76438 | provider-instance | SHUTOFF | provider=10.0.0.102 |
+--------------------------------------+----------------------+---------+------------------------------------+
[root@controller ~]# ping -c 4 10.0.0.104 //此時ping 流動IP 10.0.0.104實際是ping包被私網路由DNAT到了私網IP 172.16.0.3
PING 10.0.0.104 (10.0.0.104) 56(84) bytes of data.
64 bytes from 10.0.0.104: icmp_seq=1 ttl=63 time=2.28 ms
64 bytes from 10.0.0.104: icmp_seq=2 ttl=63 time=1.14 ms
64 bytes from 10.0.0.104: icmp_seq=3 ttl=63 time=1.21 ms
64 bytes from 10.0.0.104: icmp_seq=4 ttl=63 time=1.21 ms
--- 10.0.0.104 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 1.147/1.466/2.289/0.475 ms
[root@controller ~]#
檢驗流動IP固化效果
[root@controller ~]# ssh -p 22 cirros@10.0.0.104 //使用流動公網IP能夠直接登陸私網實例上
The authenticity of host '10.0.0.104 (10.0.0.104)' can't be established.
RSA key fingerprint is b9:31:6a:e0:a1:aa:ee:31:de:c0:ad:1e:71:db:25:76.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.104' (RSA) to the list of known hosts.
$ ifconfig
eth0 Link encap:Ethernet HWaddr FA:16:3E:68:62:5D
inet addr:172.16.0.3 Bcast:172.16.0.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe68:625d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1
RX packets:695 errors:0 dropped:0 overruns:0 frame:0
TX packets:486 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:71744 (70.0 KiB) TX bytes:54346 (53.0 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
$
至此,傳說中的雲也就這麼跑起來了,固然這只是一個模型而矣,實際生產中比這個模型還要複雜的多,須要作調整的地方還很是多,至少還須要有數據存儲服務。