以下命令使用於 queens版本中
需要配置vip搭建keepalived高可用集群,因此在openstack上的虛擬機如何綁定vip
操作步驟
1、 執行命令neutron net-list查看網絡,找到自己需要設置的網絡,獲取subnet_id和network_id
[root@node151 ~]# neutron net-list neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. +--------------------------------------+----------+----------------------------------+-----------------------------------------------------+ | id | name | tenant_id | subnets | +--------------------------------------+----------+----------------------------------+-----------------------------------------------------+ | b79db6a0-b74d-48b8-95e8-8260eaf81b70 | provider | 8e4dd46886834371b71984245a143f58 | b8a9d01c-f547-45c3-a0d4-da7ae1494766 192.168.1.0/24 | +--------------------------------------+----------+----------------------------------+-----------------------------------------------------+
2、創建port來占用ip(192.168.1.170),保證neutron不會將此IP在分配出去,導致IP沖突問題。
neutron port-create --fixed-ip subnet_id=<subnet_id>,ip_address=<vip> <network_id>
注:
替換subnet_id為neutron net-list中查看到的subnet_id
替換vip為需要配置的vip地址
替換network_ID為neutron net-list中查看到的network_id
[root@node151 ~]# neutron port-create --fixed-ip subnet_id=b8a9d01c-f547-45c3-a0d4-da7ae1494766,ip_address=192.168.1.170 b79db6a0-b74d-48b8-95e8-8260eaf81b70
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Created a new port:
+-----------------------+--------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:host_id | |
| binding:profile | {} |
| binding:vif_details | {} |
| binding:vif_type | unbound |
| binding:vnic_type | normal |
| created_at | 2021-08-31T06:22:58Z |
| description | |
| device_id | |
| device_owner | |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "b8a9d01c-f547-45c3-a0d4-da7ae1494766", "ip_address": "192.168.1.170"} |
| id | 46b7784a-6bec-4ca4-8c1f-41dc07e40955 |
| mac_address | fa:16:3e:db:8a:6b |
| name | |
| network_id | b79db6a0-b74d-48b8-95e8-8260eaf81b70 |
| port_security_enabled | True |
| project_id | 8e4dd46886834371b71984245a143f58 |
| revision_number | 6 |
| security_groups | c1e53d26-8525-4ebb-8305-e82e54b27ed5 |
| status | DOWN |
| tags | |
| tenant_id | 8e4dd46886834371b71984245a143f58 |
| updated_at | 2021-08-31T06:22:59Z |
+-----------------------+--------------------------------------------------------------------------------------+
3、執行命令neutron port-list查看端口,找到VIP的Port ID以及需要使用VIP的虛擬機的IP對應的Port id 比如兩台虛擬機做HA綁定vip,那么需要查看兩台虛擬機的port ID和這個vip的port ID**
[root@node151 ~]# neutron port-list|grep 192.168.1.168
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
| cd86f69a-4779-4a46-a0ea-eed76f176237 | | 8e4dd46886834371b71984245a143f58 | fa:16:3e:e9:76:dc | {"subnet_id": "b8a9d01c-f547-45c3-a0d4-da7ae1494766", "ip_address": "192.168.1.168"} |
[root@node151 ~]# neutron port-list|grep 192.168.1.156
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
| f3bebead-0e94-4909-8a00-ce43a2fc243a | | 8e4dd46886834371b71984245a143f58 | fa:16:3e:56:46:33 | {"subnet_id": "b8a9d01c-f547-45c3-a0d4-da7ae1494766", "ip_address": "192.168.1.156"} |
[root@node151 ~]# neutron port-list|grep 192.168.1.170
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
| 46b7784a-6bec-4ca4-8c1f-41dc07e40955 | | 8e4dd46886834371b71984245a143f58 | fa:16:3e:db:8a:6b | {"subnet_id": "b8a9d01c-f547-45c3-a0d4-da7ae1494766", "ip_address": "192.168.1.170"} |
4、取消安全組對應端口的管理
neutron port-update --no-security-groups <Port_id>
neutron port-update --port_security_enabled=false <Port_id>
注:
替換Port_id為之前neutron port-list中找到的Port_id
[root@node151 ~]# neutron port-update --no-security-groups cd86f69a-4779-4a46-a0ea-eed76f176237 update --port_security_enabled=false f3bebead-0e94-4909-8a00-ce43a2fc243a neutron port-update --no-security-groups 46b7784a-6bec-4ca4-8c1f-41dc07e40955 neutron port-update --port_security_enabled=false 46b7784a-6bec-4ca4-8c1f-41dc07e40955neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Updated port: cd86f69a-4779-4a46-a0ea-eed76f176237 [root@node151 ~]# neutron port-update --port_security_enabled=false cd86f69a-4779-4a46-a0ea-eed76f176237 neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Updated port: cd86f69a-4779-4a46-a0ea-eed76f176237 [root@node151 ~]# neutron port-update --no-security-groups f3bebead-0e94-4909-8a00-ce43a2fc243a neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Updated port: f3bebead-0e94-4909-8a00-ce43a2fc243a [root@node151 ~]# neutron port-update --port_security_enabled=false f3bebead-0e94-4909-8a00-ce43a2fc243a neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Updated port: f3bebead-0e94-4909-8a00-ce43a2fc243a [root@node151 ~]# neutron port-update --no-security-groups 46b7784a-6bec-4ca4-8c1f-41dc07e40955 neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Updated port: 46b7784a-6bec-4ca4-8c1f-41dc07e40955 [root@node151 ~]# neutron port-update --port_security_enabled=false 46b7784a-6bec-4ca4-8c1f-41dc07e40955 neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Updated port: 46b7784a-6bec-4ca4-8c1f-41dc07e40955
5、測試vip聯通性
在168和156上分別臨時增加ip 192.168.1.170 通過ping命令進行測試即可。