OpenStack云主机配置VIP

在OpenStack中默认由于安全组策略限制,云主机只响应自己的iP地址请求,如果需要做HA,可以用以下两种方式实现

1、 增加allow_address_pairs属性

# neutron port-list |grep 10.xxx.51.50
# neutron port-show cff5866e-f288-4614-8778-665795207e0f
+-----------------------+----------------------------------------------------------------------------------------------+
| Field                 | Value                                                                                        |
+-----------------------+----------------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                         |
| allowed_address_pairs |                                                                                              |
| binding:host_id       | Com-B05A04-23-C49-yyy.domain.tld                                                             |
| binding:profile       | {}                                                                                           |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                               |
| binding:vif_type      | ovs                                                                                          |
| binding:vnic_type     | normal                                                                                       |
| device_id             | 965c8148-4b5f-42e1-8827-f793f873aa88                                                         |
| device_owner          | compute:PRD                                                                                  |
| dns_assignment        | {"hostname": "host-10-xxx-51-50", "ip_address": "10.xxx.51.50", "fqdn": "host-10-xxx-51-50"} |
| dns_name              |                                                                                              |
| extra_dhcp_opts       |                                                                                              |
| fixed_ips             | {"subnet_id": "bcfbcc6d-3bc4-4317-8c67-e9fcdcea0711", "ip_address": "10.xxx.51.50"}          |
| id                    | cff5866e-f288-4614-8778-665795207e0f                                                         |
| mac_address           | fa:16:3e:cb:ec:74                                                                            |
| name                  |                                                                                              |
| network_id            | e097267e-82b7-421d-8c35-e3bd83c34467                                                         |
| port_security_enabled | True                                                                                         |
| security_groups       | 6860bcc3-3b94-4c90-a78d-92d7f7379164                                                         |
| status                | ACTIVE                                                                                       |
| tenant_id             | 089d02a7f5ca450ab27a65774dfe698c                                                             |
+-----------------------+----------------------------------------------------------------------------------------------+
# neutron port-update cff5866e-f288-4614-8778-665795207e0f --allowed_address_pairs list=true type=dict ip_address=10.xxx.51.210
# neutron port-show cff5866e-f288-4614-8778-665795207e0f
+-----------------------+----------------------------------------------------------------------------------------------+
| Field                 | Value                                                                                        |
+-----------------------+----------------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                         |
| allowed_address_pairs | {"ip_address": "10.xxx.51.210", "mac_address": "fa:16:3e:cb:ec:74"}                          |
| binding:host_id       | Com-B05A04-23-C49-yyy.domain.tld                                                             |
| binding:profile       | {}                                                                                           |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                               |
| binding:vif_type      | ovs                                                                                          |
| binding:vnic_type     | normal                                                                                       |
| device_id             | 965c8148-4b5f-42e1-8827-f793f873aa88                                                         |
| device_owner          | compute:PRD                                                                                  |
| dns_assignment        | {"hostname": "host-10-xxx-51-50", "ip_address": "10.xxx.51.50", "fqdn": "host-10-xxx-51-50"} |
| dns_name              |                                                                                              |
| extra_dhcp_opts       |                                                                                              |
| fixed_ips             | {"subnet_id": "bcfbcc6d-3bc4-4317-8c67-e9fcdcea0711", "ip_address": "10.xxx.51.50"}          |
| id                    | cff5866e-f288-4614-8778-665795207e0f                                                         |
| mac_address           | fa:16:3e:cb:ec:74                                                                            |
| name                  |                                                                                              |
| network_id            | e097267e-82b7-421d-8c35-e3bd83c34467                                                         |
| port_security_enabled | True                                                                                         |
| security_groups       | 6860bcc3-3b94-4c90-a78d-92d7f7379164                                                         |
| status                | BUILD                                                                                        |
| tenant_id             | 089d02a7f5ca450ab27a65774dfe698c                                                             |
+-----------------------+----------------------------------------------------------------------------------------------+
# neutron port-list |grep 10.xxx.51.51
# neutron port-update c0dea309-89e8-46db-a800-119323adf805 --allowed_address_pairs list=true type=dict ip_address=10.xxx.51.210
# neutron port-show c0dea309-89e8-46db-a800-119323adf805
+-----------------------+----------------------------------------------------------------------------------------------+
| Field                 | Value                                                                                        |
+-----------------------+----------------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                         |
| allowed_address_pairs | {"ip_address": "10.xxx.51.210", "mac_address": "fa:16:3e:84:05:8e"}                          |
| binding:host_id       | Com-B05A04-21-C58-zzz.domain.tld                                                             |
| binding:profile       | {}                                                                                           |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                               |
| binding:vif_type      | ovs                                                                                          |
| binding:vnic_type     | normal                                                                                       |
| device_id             | 55c78568-e8e1-447c-8fe1-777379cf2baf                                                         |
| device_owner          | compute:PRD                                                                                  |
| dns_assignment        | {"hostname": "host-10-xxx-51-51", "ip_address": "10.xxx.51.51", "fqdn": "host-10-xxx-51-51"} |
| dns_name              |                                                                                              |
| extra_dhcp_opts       |                                                                                              |
| fixed_ips             | {"subnet_id": "bcfbcc6d-3bc4-4317-8c67-e9fcdcea0711", "ip_address": "10.xxx.51.51"}          |
| id                    | c0dea309-89e8-46db-a800-119323adf805                                                         |
| mac_address           | fa:16:3e:84:05:8e                                                                            |
| name                  |                                                                                              |
| network_id            | e097267e-82b7-421d-8c35-e3bd83c34467                                                         |
| port_security_enabled | True                                                                                         |
| security_groups       | 6860bcc3-3b94-4c90-a78d-92d7f7379164                                                         |
| status                | ACTIVE                                                                                       |
| tenant_id             | 089d02a7f5ca450ab27a65774dfe698c                                                             |
+-----------------------+----------------------------------------------------------------------------------------------+

2、 关闭neutron port的安全组特性

 # neutron port-update --no-security-groups $port_id
 # neutron port-update $port_id --port-security-enabled=False

原文地址:http://blog.51cto.com/coolsky/2145739

时间: 2024-11-06 03:50:13

OpenStack云主机配置VIP的相关文章

创建 OpenStack云主机 [六]

创建 OpenStack云主机 [六] openstack 时间:2016年11月28日 创建虚拟网络 创建m1.nano规格的主机(相等于定义虚拟机的硬件配置)生成一个密钥对(openstack的原理是不使用密码连接,而是使用密钥对进行连接) 增加安全组规则(用iptables做的安全组) 启动一个实例(使用命令启动,启动虚拟机有三种方式:1.命令CLI 2.api 3.Dashboard)其实Dashboard也是通过api进行连接块设备存储编排共享文件系统 虚拟网络分为提供者网络和私有网络

KVM定制OpenStack云主机

KVM定制OpenStack云主机 如何定制化OpenStack云主机?从去年10月份刚开始接触OpenStack,到现在也有一年了.虽说目前只是停留在用它,对它的一些组件简单的了解,但谈到制作出一个OpenStack云主机的镜像还真不会.今年年初因为一个比赛需要给云主机安装tomcat.ssh等服务,一头雾水,网上查资料.也有正确的资料,但对于我来说似乎也不管用.记得当时是用libvirt的virsh来实现的.而且云主机用的是网上下载的ubuntu14.04的server版本,而且又看到网上说

Python批量给云主机配置安全组

这几年对运维人员来说最大的变化可能就是公有云的出现了,我相信可能很多小伙伴公司业务就跑在公有云上, 因为公司业务关系,我个人接触公有云非常的早,大概在12年左右就是开始使用亚马逊云,后来逐渐接触到国内的阿里,腾讯云等,随着公司业务往国内发展,这几年我们也使用了很多国内的公有云厂商,所以在云运维方面也积累了一些经验,从传统的物理机到公有云运维,我个人认为最大的问题就是你能不能用公有云的思路去思考去实现一个安全稳定.可伸缩和经济的业务构架,云运维是有别与传统运维的,比如说了解公有云的都知道安全组的概

<转>云主机配置OpenStack使用spice的方法

按官方文档(openstack-install-guide-yum-juno)搭建和配置的OpenStack默认使用novnc作为云主机的控制台訪问方式,假设须要配置使用GUI的操作系统,会显得比較尴尬. 所以尝试配置使用spice来作为控制台訪问方式. 即使它的配置比較简单,也把我难住了非常久.就差了最后的一步-- 測试环境为VMware WKS,4个节点,各自是控制节点,网络节点,计算节点和存储节点.都部署在CentOS 7.0 上. 配置spice前已按官方文档搭建好环境,而且測试可用.

<转>云主机配置OpenStack使用spice的方法

按官方文档(openstack-install-guide-yum-juno)搭建和配置的OpenStack默认使用novnc作为云主机的控制台访问方式,如果需要配置使用GUI的操作系统,会显得比较尴尬.所以尝试配置使用spice来作为控制台访问方式. 即使它的配置比较简单,也把我难住了很久,就差了最后的一步-- 测试环境为VMware WKS,4个节点,分别是控制节点,网络节点,计算节点和存储节点,都部署在CentOS 7.0 上. 配置spice前已按官方文档搭建好环境,并且测试可用. 配置

云主机配置Docker Bridge,在重新颠倒配置,重启网卡,导致物理网卡不正常工作

1,物理机配置,eth0,eth1 配置bonding,bonding 作为bridge 物理网卡,在生成bond0 作为物理机管理口 2,虚拟机配置,eth1 作为bridge 虚拟网卡br500, eth0 配置正常网卡IP 3, 因eth0 为WEB 段, eth1 为DB 段,需颠倒配置,重启网卡,出现以下问题 4,相关错误日志: an  3 14:46:41 localhost kernel: device vnet0 entered promiscuous mode Jan  3 1

openstack云主机 跨项目迁移

1.面板或者后台修改网络类型为共享网络 openstack network set xxxxxxx --share 2.备份数据库 docker exec -it -u root mariadb mysqldump -uroot -pxxxxxxxxxxx nova instances > nova_instances.sql docker exec -it -u root mariadb mysqldump -uroot -pxxxxxxxxxxx nova instance_info_cac

openstack云主机硬盘复制查询

假定客户在自己的电脑上创建文件后 #宿主机查看客户使用的是哪个磁盘 [[email protected] ~]# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert volume-36e2f96e-2aca-4c09-8fff-8a2b98fe304a cinder-ssd -wi-ao---- 2.00g [[email protected] ~]# volume-36e2f96e-2aca-4c09-8

OpenStack neutron 环境云主机使用keepalived vip + 给vip绑定浮动IP 步骤及注意事项

在openstack环境创建的多台云主机配置keepalived作主备,默认情况下无法生效,直接对云主机一张网卡配置两个IP进行测试也是同样结果,因为: 可以看到,port所在的宿主机上iptables 对 MAC地址和IP进行了限制.所以需要如下操作: pre.   确认云主机网卡port_id nova interface-list [vm_id] 1.  确认 ml2 配置中 arp_responder = False  或 未配置(因为默认为false): 2.  对需要配置vip的po