在OpenStack中默认由于安全组策略限制,云主机只响应自己的iP地址请求,如果需要做HA,可以用以下两种方式实现
1、 增加allow_address_pairs属性
# neutron port-list |grep 10.xxx.51.50 # neutron port-show cff5866e-f288-4614-8778-665795207e0f +-----------------------+----------------------------------------------------------------------------------------------+ | Field | Value | +-----------------------+----------------------------------------------------------------------------------------------+ | admin_state_up | True | | allowed_address_pairs | | | binding:host_id | Com-B05A04-23-C49-yyy.domain.tld | | binding:profile | {} | | binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true} | | binding:vif_type | ovs | | binding:vnic_type | normal | | device_id | 965c8148-4b5f-42e1-8827-f793f873aa88 | | device_owner | compute:PRD | | dns_assignment | {"hostname": "host-10-xxx-51-50", "ip_address": "10.xxx.51.50", "fqdn": "host-10-xxx-51-50"} | | dns_name | | | extra_dhcp_opts | | | fixed_ips | {"subnet_id": "bcfbcc6d-3bc4-4317-8c67-e9fcdcea0711", "ip_address": "10.xxx.51.50"} | | id | cff5866e-f288-4614-8778-665795207e0f | | mac_address | fa:16:3e:cb:ec:74 | | name | | | network_id | e097267e-82b7-421d-8c35-e3bd83c34467 | | port_security_enabled | True | | security_groups | 6860bcc3-3b94-4c90-a78d-92d7f7379164 | | status | ACTIVE | | tenant_id | 089d02a7f5ca450ab27a65774dfe698c | +-----------------------+----------------------------------------------------------------------------------------------+ # neutron port-update cff5866e-f288-4614-8778-665795207e0f --allowed_address_pairs list=true type=dict ip_address=10.xxx.51.210 # neutron port-show cff5866e-f288-4614-8778-665795207e0f +-----------------------+----------------------------------------------------------------------------------------------+ | Field | Value | +-----------------------+----------------------------------------------------------------------------------------------+ | admin_state_up | True | | allowed_address_pairs | {"ip_address": "10.xxx.51.210", "mac_address": "fa:16:3e:cb:ec:74"} | | binding:host_id | Com-B05A04-23-C49-yyy.domain.tld | | binding:profile | {} | | binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true} | | binding:vif_type | ovs | | binding:vnic_type | normal | | device_id | 965c8148-4b5f-42e1-8827-f793f873aa88 | | device_owner | compute:PRD | | dns_assignment | {"hostname": "host-10-xxx-51-50", "ip_address": "10.xxx.51.50", "fqdn": "host-10-xxx-51-50"} | | dns_name | | | extra_dhcp_opts | | | fixed_ips | {"subnet_id": "bcfbcc6d-3bc4-4317-8c67-e9fcdcea0711", "ip_address": "10.xxx.51.50"} | | id | cff5866e-f288-4614-8778-665795207e0f | | mac_address | fa:16:3e:cb:ec:74 | | name | | | network_id | e097267e-82b7-421d-8c35-e3bd83c34467 | | port_security_enabled | True | | security_groups | 6860bcc3-3b94-4c90-a78d-92d7f7379164 | | status | BUILD | | tenant_id | 089d02a7f5ca450ab27a65774dfe698c | +-----------------------+----------------------------------------------------------------------------------------------+ # neutron port-list |grep 10.xxx.51.51 # neutron port-update c0dea309-89e8-46db-a800-119323adf805 --allowed_address_pairs list=true type=dict ip_address=10.xxx.51.210 # neutron port-show c0dea309-89e8-46db-a800-119323adf805 +-----------------------+----------------------------------------------------------------------------------------------+ | Field | Value | +-----------------------+----------------------------------------------------------------------------------------------+ | admin_state_up | True | | allowed_address_pairs | {"ip_address": "10.xxx.51.210", "mac_address": "fa:16:3e:84:05:8e"} | | binding:host_id | Com-B05A04-21-C58-zzz.domain.tld | | binding:profile | {} | | binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true} | | binding:vif_type | ovs | | binding:vnic_type | normal | | device_id | 55c78568-e8e1-447c-8fe1-777379cf2baf | | device_owner | compute:PRD | | dns_assignment | {"hostname": "host-10-xxx-51-51", "ip_address": "10.xxx.51.51", "fqdn": "host-10-xxx-51-51"} | | dns_name | | | extra_dhcp_opts | | | fixed_ips | {"subnet_id": "bcfbcc6d-3bc4-4317-8c67-e9fcdcea0711", "ip_address": "10.xxx.51.51"} | | id | c0dea309-89e8-46db-a800-119323adf805 | | mac_address | fa:16:3e:84:05:8e | | name | | | network_id | e097267e-82b7-421d-8c35-e3bd83c34467 | | port_security_enabled | True | | security_groups | 6860bcc3-3b94-4c90-a78d-92d7f7379164 | | status | ACTIVE | | tenant_id | 089d02a7f5ca450ab27a65774dfe698c | +-----------------------+----------------------------------------------------------------------------------------------+
2、 关闭neutron port的安全组特性
# neutron port-update --no-security-groups $port_id # neutron port-update $port_id --port-security-enabled=False
原文地址:http://blog.51cto.com/coolsky/2145739
时间: 2024-11-06 03:50:13