OpenStack虚拟机VIP配置步骤

以下命令使用于 queens版本中

需要配置vip搭建keepalived高可用集群，因此在openstack上的虚拟机如何绑定vip

操作步骤
1、 执行命令neutron net-list查看网络，找到自己需要设置的网络，获取subnet_id和network_id

?

1 2 3 4 5 6 7

[root@node151 ~]# neutron net-list neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. +--------------------------------------+----------+----------------------------------+-----------------------------------------------------+ | id                                   | name     | tenant_id                        | subnets                                             | +--------------------------------------+----------+----------------------------------+-----------------------------------------------------+ | b79db6a0-b74d-48b8-95e8-8260eaf81b70 | provider | 8e4dd46886834371b71984245a143f58 | b8a9d01c-f547-45c3-a0d4-da7ae1494766 192.168.1.0/24 | +--------------------------------------+----------+----------------------------------+-----------------------------------------------------+

2、创建port来占用ip（192.168.1.170），保证neutron不会将此IP在分配出去，导致IP冲突问题。

neutron port-create --fixed-ip subnet_id=<subnet_id>,ip_address=<vip> <network_id>

注：

替换subnet_id为neutron net-list中查看到的subnet_id
替换vip为需要配置的vip地址
替换network_ID为neutron net-list中查看到的network_id

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

[root@node151 ~]# neutron port-create --fixed-ip subnet_id=b8a9d01c-f547-45c3-a0d4-da7ae1494766,ip_address=192.168.1.170 b79db6a0-b74d-48b8-95e8-8260eaf81b70 neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Created a new port: +-----------------------+--------------------------------------------------------------------------------------+ | Field                 | Value                                                                                | +-----------------------+--------------------------------------------------------------------------------------+ | admin_state_up        | True                                                                                 | | allowed_address_pairs |                                                                                      | | binding:host_id       |                                                                                      | | binding:profile       | {}                                                                                   | | binding:vif_details   | {}                                                                                   | | binding:vif_type      | unbound                                                                              | | binding:vnic_type     | normal                                                                               | | created_at            | 2021-08-31T06:22:58Z                                                                 | | description           |                                                                                      | | device_id             |                                                                                      | | device_owner          |                                                                                      | | extra_dhcp_opts       |                                                                                      | | fixed_ips             | {"subnet_id": "b8a9d01c-f547-45c3-a0d4-da7ae1494766", "ip_address": "192.168.1.170"} | | id                    | 46b7784a-6bec-4ca4-8c1f-41dc07e40955                                                 | | mac_address           | fa:16:3e:db:8a:6b                                                                    | | name                  |                                                                                      | | network_id            | b79db6a0-b74d-48b8-95e8-8260eaf81b70                                                 | | port_security_enabled | True                                                                                 | | project_id            | 8e4dd46886834371b71984245a143f58                                                     | | revision_number       | 6                                                                                    | | security_groups       | c1e53d26-8525-4ebb-8305-e82e54b27ed5                                                 | | status                | DOWN                                                                                 | | tags                  |                                                                                      | | tenant_id             | 8e4dd46886834371b71984245a143f58                                                     | | updated_at            | 2021-08-31T06:22:59Z                                                                 | +-----------------------+--------------------------------------------------------------------------------------+

3、执行命令neutron port-list查看端口，找到VIP的Port ID以及需要使用VIP的虚拟机的IP对应的Port id 比如两台虚拟机做HA绑定vip，那么需要查看两台虚拟机的port ID和这个vip的port ID**

?

1 2 3 4 5 6 7 8 9

[root@node151 ~]# neutron port-list|grep 192.168.1.168 neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. | cd86f69a-4779-4a46-a0ea-eed76f176237 |      | 8e4dd46886834371b71984245a143f58 | fa:16:3e:e9:76:dc | {"subnet_id": "b8a9d01c-f547-45c3-a0d4-da7ae1494766", "ip_address": "192.168.1.168"} | [root@node151 ~]# neutron port-list|grep 192.168.1.156 neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. | f3bebead-0e94-4909-8a00-ce43a2fc243a |      | 8e4dd46886834371b71984245a143f58 | fa:16:3e:56:46:33 | {"subnet_id": "b8a9d01c-f547-45c3-a0d4-da7ae1494766", "ip_address": "192.168.1.156"} | [root@node151 ~]# neutron port-list|grep 192.168.1.170 neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. | 46b7784a-6bec-4ca4-8c1f-41dc07e40955 |      | 8e4dd46886834371b71984245a143f58 | fa:16:3e:db:8a:6b | {"subnet_id": "b8a9d01c-f547-45c3-a0d4-da7ae1494766", "ip_address": "192.168.1.170"} |

4、取消安全组对应端口的管理

neutron port-update --no-security-groups <Port_id>
neutron port-update --port_security_enabled=false <Port_id>

注：

替换Port_id为之前neutron port-list中找到的Port_id

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

[root@node151 ~]# neutron port-update --no-security-groups cd86f69a-4779-4a46-a0ea-eed76f176237 update --port_security_enabled=false f3bebead-0e94-4909-8a00-ce43a2fc243a neutron port-update --no-security-groups 46b7784a-6bec-4ca4-8c1f-41dc07e40955 neutron port-update --port_security_enabled=false 46b7784a-6bec-4ca4-8c1f-41dc07e40955neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Updated port: cd86f69a-4779-4a46-a0ea-eed76f176237 [root@node151 ~]# neutron port-update --port_security_enabled=false cd86f69a-4779-4a46-a0ea-eed76f176237 neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Updated port: cd86f69a-4779-4a46-a0ea-eed76f176237 [root@node151 ~]# neutron port-update --no-security-groups f3bebead-0e94-4909-8a00-ce43a2fc243a neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Updated port: f3bebead-0e94-4909-8a00-ce43a2fc243a [root@node151 ~]# neutron port-update --port_security_enabled=false f3bebead-0e94-4909-8a00-ce43a2fc243a neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Updated port: f3bebead-0e94-4909-8a00-ce43a2fc243a [root@node151 ~]# neutron port-update --no-security-groups 46b7784a-6bec-4ca4-8c1f-41dc07e40955 neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Updated port: 46b7784a-6bec-4ca4-8c1f-41dc07e40955 [root@node151 ~]# neutron port-update --port_security_enabled=false 46b7784a-6bec-4ca4-8c1f-41dc07e40955 neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Updated port: 46b7784a-6bec-4ca4-8c1f-41dc07e40955

 5、测试vip联通性

在168和156上分别临时增加ip 192.168.1.170 通过ping命令进行测试即可。