增加flat网络
一、增加网络的原因
openstack当前环境只有一个基于eth0网卡桥接的,它能使用的ip范围有限,就决定着它能创建的实例数量有限,无法超过可用ip的数量,当openstack私有云规模比较大的时候,这时候只有一个网络,就不能满足我们的需求了,所以需要增加一个网络。
当前使用的环境是VMware workstation,无法模拟vlan的场景,所以继续使用flat,网络类型。
二、增加flat网络
1. 为所有节点增加一块网卡
2. 修改网卡配置文件
#控制节点
[root@controller ~]# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth1 [root@controller ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1 [root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1 TYPE=Ethernet BOOTPROTO=none NAME=eth1 DEVICE=eth1 ONBOOT=yes IPADDR=172.16.1.11 NETMASK=255.255.255.0 [root@controller ~]# ifup eth1 [root@controller ~]# ip a |grep eth1 5: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 inet 172.16.1.11/24 brd 172.16.1.255 scope global eth1
#computer1计算节点
[root@computer1 ~]# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth1 [root@computer1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1 [root@computer1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1 TYPE=Ethernet BOOTPROTO=none NAME=eth1 DEVICE=eth1 ONBOOT=yes IPADDR=172.16.1.12 NETMASK=255.255.255.0 [root@computer1 ~]# ifup eth1 [root@computer1 ~]# ip a |grep eth1 8: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 inet 172.16.1.12/24 brd 172.16.1.255 scope global eth1
#computer2计算节点
[root@computer2 ~]# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth1 [root@computer2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1 [root@computer2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1 TYPE=Ethernet BOOTPROTO=none NAME=eth1 DEVICE=eth1 ONBOOT=yes IPADDR=172.16.1.13 NETMASK=255.255.255.0 [root@computer2 ~]# ifup eth1 [root@computer2 ~]# ip a |grep eth1 7: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 inet 172.16.1.13/24 brd 172.16.1.255 scope global eth1
3.在控制节点的配置增加flat网络
1)修改/etc/neutron/plugins/ml2/ml2_conf.ini配置文件
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider,net172_16 [root@controller ~]# cat /etc/neutron/plugins/ml2/ml2_conf.ini [DEFAULT] [ml2] type_drivers = flat,vlan tenant_network_types = mechanism_drivers = linuxbridge extension_drivers = port_security [ml2_type_flat] flat_networks = provider,net172_16 [ml2_type_geneve] [ml2_type_gre] [ml2_type_vlan] [ml2_type_vxlan] [securitygroup] enable_ipset = True
2)修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini配置文件
[root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth0,net172_16:eth1 [root@controller ~]# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini [DEFAULT] [agent] [linux_bridge] physical_interface_mappings = provider:eth0,net172_16:eth1 [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver [vxlan] enable_vxlan = False
3)重启服务
[root@controller ~]# systemctl restart neutron-server.service neutron-linuxbridge-agent.service [root@controller ~]# systemctl status neutron-server.service neutron-linuxbridge-agent.service ● neutron-server.service - OpenStack Neutron Server Loaded: loaded (/usr/lib/systemd/system/neutron-server.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2020-11-23 17:32:14 CST; 1min 54s ago Main PID: 21864 (neutron-server) CGroup: /system.slice/neutron-server.service ├─21864 /usr/bin/python2 /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/sha... ├─21875 /usr/bin/python2 /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/sha... ├─21876 /usr/bin/python2 /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/sha... └─21877 /usr/bin/python2 /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/sha... Nov 23 17:32:11 controller systemd[1]: Starting OpenStack Neutron Server... Nov 23 17:32:11 controller neutron-server[21864]: Guru mediation now registers SIGUSR1 and SIGUSR2 by default for backward com...ports. Nov 23 17:32:12 controller neutron-server[21864]: Option "verbose" from group "DEFAULT" is deprecated for removal. Its value ...uture. Nov 23 17:32:12 controller neutron-server[21864]: Option "notification_driver" from group "DEFAULT" is deprecated. Use option ...ions". Nov 23 17:32:14 controller systemd[1]: Started OpenStack Neutron Server. ● neutron-linuxbridge-agent.service - OpenStack Neutron Linux Bridge Agent Loaded: loaded (/usr/lib/systemd/system/neutron-linuxbridge-agent.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2020-11-23 17:32:03 CST; 2min 6s ago Process: 21831 ExecStartPre=/usr/bin/neutron-enable-bridge-firewall.sh (code=exited, status=0/SUCCESS) Main PID: 21838 (neutron-linuxbr) CGroup: /system.slice/neutron-linuxbridge-agent.service ├─21838 /usr/bin/python2 /usr/bin/neutron-linuxbridge-agent --config-file /usr/share/neutron/neutron-dist.conf --config-f... ├─21853 sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf └─21854 /usr/bin/python2 /usr/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf Nov 23 17:32:03 controller neutron-enable-bridge-firewall.sh[21831]: net.bridge.bridge-nf-call-arptables = 1 Nov 23 17:32:03 controller neutron-enable-bridge-firewall.sh[21831]: net.bridge.bridge-nf-call-iptables = 1 Nov 23 17:32:03 controller neutron-enable-bridge-firewall.sh[21831]: net.bridge.bridge-nf-call-ip6tables = 1 Nov 23 17:32:03 controller systemd[1]: Started OpenStack Neutron Linux Bridge Agent. Nov 23 17:32:03 controller neutron-linuxbridge-agent[21838]: Guru mediation now registers SIGUSR1 and SIGUSR2 by default for ba...orts. Nov 23 17:32:04 controller neutron-linuxbridge-agent[21838]: Option "verbose" from group "DEFAULT" is deprecated for removal. ...ture. Nov 23 17:32:05 controller neutron-linuxbridge-agent[21838]: Option "notification_driver" from group "DEFAULT" is deprecated. U...ons". Nov 23 17:32:05 controller sudo[21853]: neutron : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/neutron-rootwrap-daemon /et...ap.conf Nov 23 17:32:05 controller neutron-linuxbridge-agent[21838]: /usr/lib/python2.7/site-packages/pkg_resources/__init__.py:187: Runtime... Nov 23 17:32:05 controller neutron-linuxbridge-agent[21838]: stacklevel=1, Hint: Some lines were ellipsized, use -l to show in full.
4. 在计算节点的配置增加flat网络
1)修改配置文件/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@computer1 ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth0,net172_16:eth1 [root@computer1 ~]# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini [DEFAULT] [agent] [linux_bridge] physical_interface_mappings = provider:eth0,net172_16:eth1 [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver [vxlan] enable_vxlan = False
2)重启服务
[root@computer1 ~]# systemctl restart neutron-linuxbridge-agent.service [root@computer1 ~]# systemctl status neutron-linuxbridge-agent.service ● neutron-linuxbridge-agent.service - OpenStack Neutron Linux Bridge Agent Loaded: loaded (/usr/lib/systemd/system/neutron-linuxbridge-agent.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2020-11-23 20:36:57 CST; 22s ago Process: 74641 ExecStartPre=/usr/bin/neutron-enable-bridge-firewall.sh (code=exited, status=0/SUCCESS) Main PID: 74647 (neutron-linuxbr) CGroup: /system.slice/neutron-linuxbridge-agent.service ├─74647 /usr/bin/python2 /usr/bin/neutron-linuxbridge-agent --config-file /usr/share/neutron/neutron-dist.conf --config-f... ├─74676 sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf └─74677 /usr/bin/python2 /usr/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf Nov 23 20:36:57 computer1 systemd[1]: Starting OpenStack Neutron Linux Bridge Agent... Nov 23 20:36:57 computer1 neutron-enable-bridge-firewall.sh[74641]: net.bridge.bridge-nf-call-arptables = 1 Nov 23 20:36:57 computer1 neutron-enable-bridge-firewall.sh[74641]: net.bridge.bridge-nf-call-iptables = 1 Nov 23 20:36:57 computer1 neutron-enable-bridge-firewall.sh[74641]: net.bridge.bridge-nf-call-ip6tables = 1 Nov 23 20:36:57 computer1 systemd[1]: Started OpenStack Neutron Linux Bridge Agent. Nov 23 20:37:06 computer1 neutron-linuxbridge-agent[74647]: Guru mediation now registers SIGUSR1 and SIGUSR2 by default for bac...orts. Nov 23 20:37:17 computer1 neutron-linuxbridge-agent[74647]: Option "verbose" from group "DEFAULT" is deprecated for removal. I...ture. Nov 23 20:37:19 computer1 neutron-linuxbridge-agent[74647]: Option "notification_driver" from group "DEFAULT" is deprecated. Us...ons". Nov 23 20:37:20 computer1 sudo[74676]: neutron : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/neutron-rootwrap-daemon /etc...ap.conf Hint: Some lines were ellipsized, use -l to show in full.
同理computer2同样的操作
[root@computer2 ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth0,net172_16:eth1 [root@computer2 ~]# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini [DEFAULT] [agent] [linux_bridge] physical_interface_mappings = provider:eth0,net172_16:eth1 [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver [vxlan] enable_vxlan = False [root@computer2 ~]# systemctl restart neutron-linuxbridge-agent.service [root@computer2 ~]# systemctl status neutron-linuxbridge-agent.service ● neutron-linuxbridge-agent.service - OpenStack Neutron Linux Bridge Agent Loaded: loaded (/usr/lib/systemd/system/neutron-linuxbridge-agent.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2020-11-23 20:41:24 CST; 16s ago Process: 6080 ExecStartPre=/usr/bin/neutron-enable-bridge-firewall.sh (code=exited, status=0/SUCCESS) Main PID: 6086 (neutron-linuxbr) CGroup: /system.slice/neutron-linuxbridge-agent.service ├─6086 /usr/bin/python2 /usr/bin/neutron-linuxbridge-agent --config-file /usr/share/neutron/neutron-dist.conf --config-fi... ├─6099 sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf └─6100 /usr/bin/python2 /usr/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf Nov 23 20:41:24 computer2 neutron-enable-bridge-firewall.sh[6080]: net.bridge.bridge-nf-call-arptables = 1 Nov 23 20:41:24 computer2 neutron-enable-bridge-firewall.sh[6080]: net.bridge.bridge-nf-call-iptables = 1 Nov 23 20:41:24 computer2 neutron-enable-bridge-firewall.sh[6080]: net.bridge.bridge-nf-call-ip6tables = 1 Nov 23 20:41:24 computer2 systemd[1]: Started OpenStack Neutron Linux Bridge Agent. Nov 23 20:41:29 computer2 neutron-linuxbridge-agent[6086]: Guru mediation now registers SIGUSR1 and SIGUSR2 by default for back...orts. Nov 23 20:41:33 computer2 neutron-linuxbridge-agent[6086]: Option "verbose" from group "DEFAULT" is deprecated for removal. It...ture. Nov 23 20:41:35 computer2 neutron-linuxbridge-agent[6086]: Option "notification_driver" from group "DEFAULT" is deprecated. Use...ons". Nov 23 20:41:35 computer2 sudo[6099]: neutron : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/neutron-rootwrap-daemon /etc/...ap.conf Nov 23 20:41:36 computer2 neutron-linuxbridge-agent[6086]: /usr/lib/python2.7/site-packages/pkg_resources/__init__.py:187: RuntimeWa... Nov 23 20:41:36 computer2 neutron-linuxbridge-agent[6086]: stacklevel=1, Hint: Some lines were ellipsized, use -l to show in full.
三、创建网络
1. 命令行创建网络
[root@controller ~]# neutron net-create --shared --provider:physical_network net172_16 --provider:network_type flat net172_16
[root@controller ~]# neutron subnet-create --name test-net172 --allocation-pool start=172.16.1.1,end=172.16.1.250 --dns-nameserver 223.5.5.5 --gateway 172.16.1.254 net172_16 172.16.1.0/24
2. web页面创建
管理员——>系统——>网络
查看创建的网络
[root@controller ~]# neutron net-list +--------------------------------------+-----------+----------------------------------------------------+ | id | name | subnets | +--------------------------------------+-----------+----------------------------------------------------+ | 1be10c85-694f-483d-adb9-c6399bf2b8e8 | net172_16 | c3527cb0-3adf-4678-b471-d102cbea64f3 172.16.1.0/24 | | 2fcb8979-fc5f-41f0-a1ce-955c595d521e | test-net | 013e3bc4-e0b4-4dd6-badb-d6d1d04e934b 10.0.0.0/24 | +--------------------------------------+-----------+----------------------------------------------------+
3. 基于net172_16网络上网,配置路由器服务器
配置路由器服务器
1)网卡配置文件
cat /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE=Ethernet BOOTPROTO=none NAME=eth0 DEVICE=eth0 ONBOOT=yes IPADDR=10.0.0.99 NETMASK=255.255.255.0 GATEWAY=10.0.0.254 DNS1=223.5.5.5
cat /etc/sysconfig/network-scripts/ifcfg-eth1 TYPE=Ethernet BOOTPROTO=none NAME=eth1 DEVICE=eth1 ONBOOT=yes IPADDR=172.16.1.254 NETMASK=255.255.255.0
#启动网卡
ifup eth1
2)编辑内核配置文件,开启转发
vim /etc/sysctl.conf net.ipv4.ip_forward = 1
3)使内核生效
sysctl -p
4)清空防火墙的filter表
iptables -F
5)添加转发规则
iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -j MASQUERADE
4. 基于新创建的网络创建实例
点击下一项——>启动实例
[root@computer2 ~]# virsh list Id Name State ---------------------------------------------------- 2 instance-00000012 running [root@computer2 ~]# netstat -lntup |grep 5900 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 6523/qemu-kvm
控制台登录
