openstack neutron 实验笔记-526互联

通过ip netns 登录虚拟机
root@controller:/home/coa# ip netns exec qrouter-86c60771-80e0-4ff4-a61b-fc5451cfa19a bash
root@controller:/home/coa# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 203.0.56.1 0.0.0.0 UG 0 0 0 qg-eea5381e-b9
172.16.56.0 * 255.255.255.0 U 0 0 0 qr-1d1a41a2-56
203.0.56.0 * 255.255.255.0 U 0 0 0 qg-eea5381e-b9
root@controller:/home/coa# ping 172.16.56.102
PING 172.16.56.102 (172.16.56.102) 56(84) bytes of data.
64 bytes from 172.16.56.102: icmp_seq=1 ttl=64 time=8.74 ms
64 bytes from 172.16.56.102: icmp_seq=2 ttl=64 time=0.777 ms
64 bytes from 172.16.56.102: icmp_seq=3 ttl=64 time=0.549 ms
64 bytes from 172.16.56.102: icmp_seq=4 ttl=64 time=0.529 ms
^C
--- 172.16.56.102 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 0.529/2.648/8.740/3.518 ms
root@controller:/home/coa#

coa@controller:~$ openstack router set --external-gateway provider1 dew-ex-router
coa@controller:~$

将子网加入路由器

coa@controller:~$ openstack router add subnet dew-ex-router dew-www-subnet1
coa@controller:~$

创建新的网络和子网

创建子网

将dew-db-subnet1添加到dew-db-router
coa@controller:~$ openstack router add subnet dew-db-router dew-db-subnet1

coa@controller:~$ openstack router add port dew-db-router dew-www-net1-router-port
coa@controller:~$
查看路由器端口信息
coa@controller:~$ openstack port list --router dew-db-router
+--------------------------------------+--------------------------+-------------------+-----------------------------------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------------------------------+--------------------------+-------------------+-----------------------------------------------------------------------------+--------+
| 3fa46fb4-fa56-492c-9007-3c85283f880e | dew-www-net1-router-port | fa:16:3e:5c:56:7f | ip_address='172.0.16.7', subnet_id='6b38deee-b978-44c1-bb6f-59db40803f40' | ACTIVE |
| 5a1ae604-2d2f-4f78-a03e-0868ad77a39b | | fa:16:3e:0c:be:9f | ip_address='192.168.15.1', subnet_id='1369c9fb-97ee-4249-a98c-fe4b296c5aa7' | ACTIVE |
+--------------------------------------+--------------------------+-------------------+-----------------------------------------------------------------------------+--------+
coa@controller:~$

创建安全组

coa@controller:~$ openstack
(openstack) security group create dew-webserver-sg
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2023-03-30T22:38:29Z |
| description | dew-webserver-sg |
| id | 0bac70de-8e04-4226-8e6e-0f9c8c651602 |
| name | dew-webserver-sg |
| project_id | 024cc08365ee4320ac272b26a98822f7 |
| revision_number | 2 |
| rules | created_at='2023-03-30T22:38:30Z', direction='egress', ethertype='IPv4', id='5b967f3f-db3e-4f9a-b61f-ff9cd171922a', updated_at='2023-03-30T22:38:30Z' |
| | created_at='2023-03-30T22:38:30Z', direction='egress', ethertype='IPv6', id='f092143f-3ac8-44cb-9e0d-4feaaad0cba3', updated_at='2023-03-30T22:38:30Z' |
| updated_at | 2023-03-30T22:38:30Z |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
(openstack)
(openstack) security group show dew-webserver-sg
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2023-03-30T22:38:29Z |
| description | dew-webserver-sg |
| id | 0bac70de-8e04-4226-8e6e-0f9c8c651602 |
| name | dew-webserver-sg |
| project_id | 024cc08365ee4320ac272b26a98822f7 |
| revision_number | 2 |
| rules | created_at='2023-03-30T22:38:30Z', direction='egress', ethertype='IPv4', id='5b967f3f-db3e-4f9a-b61f-ff9cd171922a', updated_at='2023-03-30T22:38:30Z' |
| | created_at='2023-03-30T22:38:30Z', direction='egress', ethertype='IPv6', id='f092143f-3ac8-44cb-9e0d-4feaaad0cba3', updated_at='2023-03-30T22:38:30Z' |
| updated_at | 2023-03-30T22:38:30Z |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
(openstack)

(openstack) security group create dew-dbserver-sg
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2023-03-30T22:42:40Z |
| description | dew-dbserver-sg |
| id | a0f3ac6b-77ce-4697-ba24-7d34d0720956 |
| name | dew-dbserver-sg |
| project_id | 024cc08365ee4320ac272b26a98822f7 |
| revision_number | 2 |
| rules | created_at='2023-03-30T22:42:40Z', direction='egress', ethertype='IPv6', id='0c700db7-8232-42c2-8863-aa42ea45eecc', updated_at='2023-03-30T22:42:40Z' |
| | created_at='2023-03-30T22:42:40Z', direction='egress', ethertype='IPv4', id='8f2b0f49-2d32-4a4e-94d9-22d3d197a1dd', updated_at='2023-03-30T22:42:40Z' |
| updated_at | 2023-03-30T22:42:40Z |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
(openstack)

创建浮动ip

创建虚拟机实例

将浮动ip绑定到dew-webserver-3.6
(openstack) server add floating ip dew-webserver-3.6 203.0.56.124
(openstack)

查看路由器信息
coa@controller:~$ openstack router show dew-ex-router
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2023-03-30T22:14:35Z |
| description | |
| distributed | False |
| external_gateway_info | {"network_id": "65a6c126-7da1-4f8f-b584-b86eb8ac9d5f", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "d4190362-65a2-45ae-a959-bd072fbfdeeb", "ip_address": "203.0.56.129"}]} |
| flavor_id | None |
| ha | False |
| id | 299c5f0e-4e79-4e4a-8c13-b3cd78685ffb |
| name | dew-ex-router |
| project_id | 024cc08365ee4320ac272b26a98822f7 |
| revision_number | 4 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2023-03-30T22:18:13Z |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
coa@controller:~$
查看网络信息

coa@controller:~$ ip netns
qrouter-cb634a3b-89e7-49b6-a58c-46d2deabf673
qdhcp-034befd8-0059-4faf-a119-88f5468ae689
qrouter-299c5f0e-4e79-4e4a-8c13-b3cd78685ffb
qdhcp-c9c2dc2f-5022-48d9-8b69-b10cb9cf69f9
qdhcp-fdd8e609-894c-4b4f-9d3a-2e8f6212db74
qdhcp-fd2db93a-43eb-45d3-bb38-c270b674f79b
qdhcp-df2aba20-e6b7-47f0-a8fe-c548a46c1d2e
qdhcp-d8d1e237-4847-42b7-8539-1c113f5ead68
qdhcp-adbc3993-bb5f-45ad-b285-675300f196b8
qdhcp-80965a97-f254-42e2-aaa6-a00db081654d
qdhcp-6d784bc2-a867-429d-bb9d-2858426769a4
qrouter-babfd713-f2ac-4410-bb01-f4b6f754681c
qrouter-c1d13cb0-f0fb-4af3-a811-0c1a401a8d60
qrouter-dcdff98a-3c63-4700-aa64-eff7d17199d3
qrouter-e4eca3ac-d8bf-4084-bbc0-04b4896220ab
qrouter-7ee72b89-7c51-47eb-8311-3e3d5b71ad60
qrouter-321e9357-1ca9-473e-8f68-1f9da863d667
qrouter-aa70cb88-d65f-4017-942e-8d9c14a7ca7c
qrouter-aa7ecaac-f5d1-4745-8ddc-46d59c447bf4
qdhcp-65a6c126-7da1-4f8f-b584-b86eb8ac9d5f
qdhcp-58e9c3e7-e536-42a5-b75c-0566e50137aa
qdhcp-2e4a1ff7-2044-41a6-8883-8124301177f9
qdhcp-1166a203-aeea-4984-91fd-f5215ac119d5
coa@controller:~$

测试安全组
coa@controller:~$ sudo su
root@controller:/home/coa# ip netns exec qrouter-299c5f0e-4e79-4e4a-8c13-b3cd78685ffb bash
root@controller:/home/coa# ping 172.0.16.3
PING 172.0.16.3 (172.0.16.3) 56(84) bytes of data.
64 bytes from 172.0.16.3: icmp_seq=1 ttl=64 time=12.6 ms
64 bytes from 172.0.16.3: icmp_seq=2 ttl=64 time=0.923 ms
^C
--- 172.0.16.3 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.923/6.797/12.671/5.874 ms
root@controller:/home/coa# ping 172.0.16.14
PING 172.0.16.14 (172.0.16.14) 56(84) bytes of data.
64 bytes from 172.0.16.14: icmp_seq=1 ttl=64 time=6.05 ms
64 bytes from 172.0.16.14: icmp_seq=2 ttl=64 time=0.678 ms
^C
--- 172.0.16.14 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.678/3.367/6.056/2.689 ms
root@controller:/home/coa#

172.0.16.3 是webserver，172.0.16.14是dbserver
root@controller:/home/coa# ssh cirros@172.0.16.3
The authenticity of host '172.0.16.3 (172.0.16.3)' can't be established.
RSA key fingerprint is SHA256:sxhYpK0EQ/R8myKUiWeFZrfgAoW7rJ/n4/T3Yj8HvKk.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.0.16.3' (RSA) to the list of known hosts.
cirros@172.0.16.3's password:
Permission denied, please try again.
cirros@172.0.16.3's password:
Permission denied, please try again.
cirros@172.0.16.3's password:
Permission denied (publickey,password).
root@controller:/home/coa# ssh cirros@172.0.16.14 无法访问22端口

将dew-www-net1从实例脱离

(openstack) port list --server dew-dbserver-3.5
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------+--------+
| 3e3265d0-c470-465e-8a71-15a094b3bc59 | | fa:16:3e:e2:73:d0 | ip_address='172.0.16.14', subnet_id='6b38deee-b978-44c1-bb6f-59db40803f40' | ACTIVE |
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------+--------+
(openstack) port delete 3e3265d0-c470-465e-8a71-15a094b3bc59
(openstack)

将虚拟机挂到网络dew-db-net1
(openstack) server add fixed ip dew-dbserver-3.5 dew-db-net1
keys: ['label']

查找url 通过url登录虚拟机
(openstack) console url show dew-dbserver-3.5
+-------+------------------------------------------------------------------------------------+
| Field | Value |
+-------+------------------------------------------------------------------------------------+
| type | novnc |
| url | http://192.168.56.11:6080/vnc_auto.html?token=dc8e1162-6298-46f2-8f9e-6b48b9f7167d |
+-------+------------------------------------------------------------------------------------+
(openstack)

在两台路由器添加路由

(openstack) router set dew-db-router --route destination=0.0.0.0/0,gateway=172.0.16.1
(openstack) router set dew-ex-router --route destination=192.168.15.0/24,gateway=172.0.16.7
(openstack)

设置路由后在dew-dbserver-3.5 ping203.0.56.124 正常

openstack-neutron openstack neutron