在OpenStack中默认由于安全组策略限制,云主机只响应自己的iP地址请求,如果需要做HA,可以用以下两种方式实现
1、 增加allow_address_pairs属性
# neutron port-list |grep 10.xxx.51.50
# neutron port-show cff5866e-f288-4614-8778-665795207e0f
+-----------------------+----------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+----------------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:host_id | Com-B05A04-23-C49-yyy.domain.tld |
| binding:profile | {} |
| binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true} |
| binding:vif_type | ovs |
| binding:vnic_type | normal |
| device_id | 965c8148-4b5f-42e1-8827-f793f873aa88 |
| device_owner | compute:PRD |
| dns_assignment | {"hostname": "host-10-xxx-51-50", "ip_address": "10.xxx.51.50", "fqdn": "host-10-xxx-51-50"} |
| dns_name | |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "bcfbcc6d-3bc4-4317-8c67-e9fcdcea0711", "ip_address": "10.xxx.51.50"} |
| id | cff5866e-f288-4614-8778-665795207e0f |
| mac_address | fa:16:3e:cb:ec:74 |
| name | |
| network_id | e097267e-82b7-421d-8c35-e3bd83c34467 |
| port_security_enabled | True |
| security_groups | 6860bcc3-3b94-4c90-a78d-92d7f7379164 |
| status | ACTIVE |
| tenant_id | 089d02a7f5ca450ab27a65774dfe698c |
+-----------------------+----------------------------------------------------------------------------------------------+
# neutron port-update cff5866e-f288-4614-8778-665795207e0f --allowed_address_pairs list=true type=dict ip_address=10.xxx.51.210
# neutron port-show cff5866e-f288-4614-8778-665795207e0f
+-----------------------+----------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+----------------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | {"ip_address": "10.xxx.51.210", "mac_address": "fa:16:3e:cb:ec:74"} |
| binding:host_id | Com-B05A04-23-C49-yyy.domain.tld |
| binding:profile | {} |
| binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true} |
| binding:vif_type | ovs |
| binding:vnic_type | normal |
| device_id | 965c8148-4b5f-42e1-8827-f793f873aa88 |
| device_owner | compute:PRD |
| dns_assignment | {"hostname": "host-10-xxx-51-50", "ip_address": "10.xxx.51.50", "fqdn": "host-10-xxx-51-50"} |
| dns_name | |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "bcfbcc6d-3bc4-4317-8c67-e9fcdcea0711", "ip_address": "10.xxx.51.50"} |
| id | cff5866e-f288-4614-8778-665795207e0f |
| mac_address | fa:16:3e:cb:ec:74 |
| name | |
| network_id | e097267e-82b7-421d-8c35-e3bd83c34467 |
| port_security_enabled | True |
| security_groups | 6860bcc3-3b94-4c90-a78d-92d7f7379164 |
| status | BUILD |
| tenant_id | 089d02a7f5ca450ab27a65774dfe698c |
+-----------------------+----------------------------------------------------------------------------------------------+
# neutron port-list |grep 10.xxx.51.51
# neutron port-update c0dea309-89e8-46db-a800-119323adf805 --allowed_address_pairs list=true type=dict ip_address=10.xxx.51.210
# neutron port-show c0dea309-89e8-46db-a800-119323adf805
+-----------------------+----------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+----------------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | {"ip_address": "10.xxx.51.210", "mac_address": "fa:16:3e:84:05:8e"} |
| binding:host_id | Com-B05A04-21-C58-zzz.domain.tld |
| binding:profile | {} |
| binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true} |
| binding:vif_type | ovs |
| binding:vnic_type | normal |
| device_id | 55c78568-e8e1-447c-8fe1-777379cf2baf |
| device_owner | compute:PRD |
| dns_assignment | {"hostname": "host-10-xxx-51-51", "ip_address": "10.xxx.51.51", "fqdn": "host-10-xxx-51-51"} |
| dns_name | |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "bcfbcc6d-3bc4-4317-8c67-e9fcdcea0711", "ip_address": "10.xxx.51.51"} |
| id | c0dea309-89e8-46db-a800-119323adf805 |
| mac_address | fa:16:3e:84:05:8e |
| name | |
| network_id | e097267e-82b7-421d-8c35-e3bd83c34467 |
| port_security_enabled | True |
| security_groups | 6860bcc3-3b94-4c90-a78d-92d7f7379164 |
| status | ACTIVE |
| tenant_id | 089d02a7f5ca450ab27a65774dfe698c |
+-----------------------+----------------------------------------------------------------------------------------------+
2、 关闭neutron port的安全组特性
# neutron port-update --no-security-groups $port_id # neutron port-update $port_id --port-security-enabled=False
原文地址:http://blog.51cto.com/coolsky/2145739
时间: 2024-11-06 03:50:13