官方文档:https://docs.openstack.org/install-guide/launch-instance.html
创建规格
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| properties | |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+创建sg-test1安全组
openstack security group create sg-test1
[root@controller ~]# openstack security group create sg-test1
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2020-05-22T18:01:37Z |
| description | sg-test1 |
| id | c89fc95b-93d2-48cf-8555-2d708de5744e |
| name | sg-test1 |
| project_id | 62ac86a6213f4081a9a3f5acc493955f |
| revision_number | 2 |
| rules | created_at='2020-05-22T18:01:37Z', direction='egress', ethertype='IPv6', id='04e67c45-31fd-4f77-aad3-74405d103376', updated_at='2020-05-22T18:01:37Z' |
| | created_at='2020-05-22T18:01:37Z', direction='egress', ethertype='IPv4', id='cf568099-686c-4812-8ca5-8f5b1afcd2cf', updated_at='2020-05-22T18:01:37Z' |
| updated_at | 2020-05-22T18:01:37Z |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+添加2条规则:允许icmp 和 ssh
openstack security group rule create --proto icmp sg-test1openstack security group rule create --proto tcp --dst-port 22 sg-test1
[root@controller ~]# openstack security group rule create --proto icmp sg-test1
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2020-05-22T18:03:22Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | a293f17e-2658-48b2-b46d-143cff845df6 |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 62ac86a6213f4081a9a3f5acc493955f |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | c89fc95b-93d2-48cf-8555-2d708de5744e |
| updated_at | 2020-05-22T18:03:22Z |
+-------------------+--------------------------------------+
[root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 sg-test1
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2020-05-22T18:03:26Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 1e715642-075e-4086-8fab-c5464b05356f |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 62ac86a6213f4081a9a3f5acc493955f |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | c89fc95b-93d2-48cf-8555-2d708de5744e |
| updated_at | 2020-05-22T18:03:26Z |
+-------------------+--------------------------------------+创建公共网络(provider)
openstack network create --share --external \ --provider-physical-network provider \ --provider-network-type flat provider
[root@controller ~]# openstack network create --share --external \
> --provider-physical-network provider \
> --provider-network-type flat provider
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-05-22T17:42:45Z |
| description | |
| dns_domain | None |
| id | e57d1ebe-579f-484c-a447-9f318f4c5597 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | provider |
| port_security_enabled | True |
| project_id | 0c2f860c54b94c158aa945e1683bf644 |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 5 |
| router:external | External |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2020-05-22T17:42:45Z |
+---------------------------+--------------------------------------+创建公共网络的子网(provider)
openstack subnet create --network provider \ --allocation-pool start=172.16.128.50,end=172.16.128.100 \ --dns-nameserver 114.114.114.114 --gateway 172.16.0.2 \ --subnet-range 172.16.0.0/16 provider
[root@controller ~]# openstack subnet create --network provider \
> --allocation-pool start=172.16.128.50,end=172.16.128.100 \
> --dns-nameserver 114.114.114.114 --gateway 172.16.0.2 \
> --subnet-range 172.16.0.0/16 provider
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 172.16.128.50-172.16.128.100 |
| cidr | 172.16.0.0/16 |
| created_at | 2020-05-22T17:43:06Z |
| description | |
| dns_nameservers | 114.114.114.114 |
| enable_dhcp | True |
| gateway_ip | 172.16.0.2 |
| host_routes | |
| id | b36d93ed-c8c4-40ef-91b5-50eea19b5b92 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | provider |
| network_id | e57d1ebe-579f-484c-a447-9f318f4c5597 |
| prefix_length | None |
| project_id | 0c2f860c54b94c158aa945e1683bf644 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2020-05-22T17:43:06Z |
+-------------------+--------------------------------------+注意:对应你的外部网络并且网关指向正确
openstack network listopenstack subnet list
provider中的sunbet对应的是172.16.0.0/16
[root@controller ~]# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| e57d1ebe-579f-484c-a447-9f318f4c5597 | provider | b36d93ed-c8c4-40ef-91b5-50eea19b5b92 |
+--------------------------------------+----------+--------------------------------------+
[root@controller ~]# openstack subnet list
+--------------------------------------+----------+--------------------------------------+---------------+
| ID | Name | Network | Subnet |
+--------------------------------------+----------+--------------------------------------+---------------+
| b36d93ed-c8c4-40ef-91b5-50eea19b5b92 | provider | e57d1ebe-579f-484c-a447-9f318f4c5597 | 172.16.0.0/16 |
+--------------------------------------+----------+--------------------------------------+---------------+【在公共网络】
Flavor(类型): 0 (m1.nano)
Image(镜像): 6d4ba40e-97eb-47b8-a855-4e0c114cdb2c (cirros)
Network(网络):e57d1ebe-579f-484c-a447-9f318f4c5597--> Subnet: b36d93ed-c8c4-40ef-91b5-50eea19b5b92 (名称叫provider的公共网络)
Security Group:c89fc95b-93d2-48cf-8555-2d708de5744e (sg-test1)
注意
获取image,network,安全组的id时要仔细
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 6d4ba40e-97eb-47b8-a855-4e0c114cdb2c | cirros | active |
+--------------------------------------+--------+--------+
==============================================================
[root@controller ~]# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| e57d1ebe-579f-484c-a447-9f318f4c5597 | provider | b36d93ed-c8c4-40ef-91b5-50eea19b5b92 |
+--------------------------------------+----------+--------------------------------------+
==============================================================
[root@controller ~]# openstack security group list
+--------------------------------------+----------+-------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+----------+-------------+----------------------------------+
| 002e4978-19bb-4653-8062-c3b4e58a38e2 | default | 缺省安全组 | 0c2f860c54b94c158aa945e1683bf644 |
| c89fc95b-93d2-48cf-8555-2d708de5744e | sg-test1 | sg-test1 | 62ac86a6213f4081a9a3f5acc493955f |
+--------------------------------------+----------+-------------+----------------------------------+Generate a key pair
source demo-openrcssh-keygen -q -N `""<br />openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey`
[root@controller ~]# source demo-openrc
[root@controller ~]# ssh-keygen -q -N ""
Enter file in which to save the key (/root/.ssh/id_rsa):
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 64:7c:12:85:95:53:0b:19:af:b4:9c:54:a2:ab:b6:fd |
| name | mykey |
| user_id | f3abffd7bada4c54b5eca6100d2d33ab |
+-------------+-------------------------------------------------+创建实例
source demo-openrc(注意创建实例的时候是在demo的租户下进行的,所以只能在demo租户下查看已经创建的实例)openstack server create --flavor m1.nano --image cirros \ --nic net-id`=`e57d1ebe-579f-484c-a447-9f318f4c5597 --security-group sg-test1 \ --key-name mykey provider-instance (注入密钥,免密登录)
[root@controller ~]# openstack server create --flavor m1.nano --image cirros \
> --nic net-id=215559b0-a1d7-436c-92a3-ff8f0e989eb7 --security-group sg-test1 \
> --key-name mykey provider-instance
+-----------------------------+-----------------------------------------------+
| Field | Value |
+-----------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | vf5h7qW7UMNT |
| config_drive | |
| created | 2020-05-22T17:31:38Z |
| flavor | m1.nano (0) |
| hostId | |
| id | afbf78e5-69f9-411f-9f0b-683f9ebc60fd |
| image | cirros (6d4ba40e-97eb-47b8-a855-4e0c114cdb2c) |
| key_name | mykey |
| name | provider-instance |
| progress | 0 |
| project_id | 62ac86a6213f4081a9a3f5acc493955f |
| properties | |
| security_groups | name='20046f59-62b2-43d2-ad18-520074321f3a' |
| status | BUILD |
| updated | 2020-05-22T17:31:39Z |
| user_id | f3abffd7bada4c54b5eca6100d2d33ab |
| volumes_attached | |
+-----------------------------+-----------------------------------------------+检查实例
[root@controller ~]# openstack server list
+--------------------------------------+-------------------+--------+----------+--------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-------------------+--------+----------+--------+---------+
| 7820a66d-05bf-4461-9bb4-e524bd909adf | provider-instance | ERROR | | cirros | m1.nano |
+--------------------------------------+-------------------+--------+----------+--------+---------+排查
nova-status upgrade check
+---------------------------------------------------------------+
| 升级检查结果 |
+---------------------------------------------------------------+
| 检查: Cells v2 |
| 结果: 失败 |
| 详情: No host mappings found but there are compute nodes. Run |
| command 'nova-manage cell_v2 simple_cell_setup' and then |
| retry. |
+---------------------------------------------------------------+
| 检查: Placement API |
| 结果: 成功 |
| 详情: None |
+---------------------------------------------------------------+
| 检查: Resource Providers |
| 结果: 成功 |
| 详情: None |
+---------------------------------------------------------------+
| 检查: Ironic Flavor Migration |
| 结果: 成功 |
| 详情: None |
+---------------------------------------------------------------+
| 检查: API Service Version |
| 结果: 成功 |
| 详情: None |
+---------------------------------------------------------------+根据报错我找到了文档:https://blog.csdn.net/ai74le/article/details/88293363
解决过程:
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting computes from cell 'cell1': 42e8ba2b-db2d-4d13-b404-31a3f5da7626
Checking host mapping for compute host 'compute': a9d650c3-6e3f-4b46-a102-4826eec943ae
Creating host mapping for compute host 'compute': a9d650c3-6e3f-4b46-a102-4826eec943ae
Found 1 unmapped computes in cell: 42e8ba2b-db2d-4d13-b404-31a3f5da7626
[root@controller ~]# nova-status upgrade check
Option "os_region_name" from group "placement" is deprecated. Use option "region-name" from group "placement".
+-------------------------------+
| 升级检查结果 |
+-------------------------------+
| 检查: Cells v2 |
| 结果: 成功 |
| 详情: None |
+-------------------------------+
| 检查: Placement API |
| 结果: 成功 |
| 详情: None |
+-------------------------------+
| 检查: Resource Providers |
| 结果: 成功 |
| 详情: None |
+-------------------------------+
| 检查: Ironic Flavor Migration |
| 结果: 成功 |
| 详情: None |
+-------------------------------+
| 检查: API Service Version |
| 结果: 成功 |
| 详情: None |
+-------------------------------+验证
openstack server list
[root@controller ~]# openstack server create --flavor m1.nano --image cirros \
> --nic net-id=e57d1ebe-579f-484c-a447-9f318f4c5597 --security-group sg-test1 \
> --key-name mykey provider-instance
+-----------------------------+-----------------------------------------------+
| Field | Value |
+-----------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | JL5KyN4doVXt |
| config_drive | |
| created | 2020-05-22T18:30:14Z |
| flavor | m1.nano (0) |
| hostId | |
| id | 4becc277-dadf-4cd9-93e3-3c8458a6f1c4 |
| image | cirros (6d4ba40e-97eb-47b8-a855-4e0c114cdb2c) |
| key_name | mykey |
| name | provider-instance |
| progress | 0 |
| project_id | 62ac86a6213f4081a9a3f5acc493955f |
| properties | |
| security_groups | name='c89fc95b-93d2-48cf-8555-2d708de5744e' |
| status | BUILD |
| updated | 2020-05-22T18:30:14Z |
| user_id | f3abffd7bada4c54b5eca6100d2d33ab |
| volumes_attached | |
+-----------------------------+-----------------------------------------------+
[root@controller ~]# openstack server list
+--------------------------------------+-------------------+--------+------------------------+--------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-------------------+--------+------------------------+--------+---------+
| 4becc277-dadf-4cd9-93e3-3c8458a6f1c4 | provider-instance | ACTIVE | provider=172.16.128.68 | cirros | m1.nano |
+--------------------------------------+-------------------+--------+------------------------+--------+---------+ping
[root@controller ~]# ping 172.16.128.68
PING 172.16.128.68 (172.16.128.68) 56(84) bytes of data.
64 bytes from 172.16.128.68: icmp_seq=1 ttl=64 time=6.94 ms
64 bytes from 172.16.128.68: icmp_seq=2 ttl=64 time=1.12 ms
64 bytes from 172.16.128.68: icmp_seq=3 ttl=64 time=1.02 ms
64 bytes from 172.16.128.68: icmp_seq=4 ttl=64 time=1.18 msVNC
查看web novnc登录的url地址
openstack console url show <instance-name><br />`openstack console url show provider-instance`[root@controller ~]# openstack console url show provider-instance
+-------+---------------------------------------------------------------------------------+
| Field | Value |
+-------+---------------------------------------------------------------------------------+
| type | novnc |
| url | http://controller:6080/vnc_auto.html?token=544971d8-25b1-4ae7-ba12-bc21e59040a8 |
+-------+---------------------------------------------------------------------------------+登录VNC
检验网络:ping 114.114.114.114
创建私有网络 (selfservice)
openstack network create selfservice
创建私有网络的子网(selfservice)
openstack subnet create --network selfservice \ --dns-nameserver 114.114.114.114 --gateway 10.1.1.254 \ --subnet-range 10.1.1.0/24 selfservice
[root@controller ~]# openstack network create selfservice
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-05-22T18:05:58Z |
| description | |
| dns_domain | None |
| id | 5e98be1f-199d-4104-971f-736a44560d51 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1450 |
| name | selfservice |
| port_security_enabled | True |
| project_id | 62ac86a6213f4081a9a3f5acc493955f |
| provider:network_type | None |
| provider:physical_network | None |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 2 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2020-05-22T18:05:58Z |
+---------------------------+--------------------------------------+
[root@controller ~]# openstack subnet create --network selfservice \
> --dns-nameserver 114.114.114.114 --gateway 10.1.1.254 \
> --subnet-range 10.1.1.0/24 selfservice
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 10.1.1.1-10.1.1.253 |
| cidr | 10.1.1.0/24 |
| created_at | 2020-05-22T18:06:04Z |
| description | |
| dns_nameservers | 114.114.114.114 |
| enable_dhcp | True |
| gateway_ip | 10.1.1.254 |
| host_routes | |
| id | f952502a-bf1b-4634-8777-de52a7e40bc1 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | selfservice |
| network_id | 5e98be1f-199d-4104-971f-736a44560d51 |
| prefix_length | None |
| project_id | 62ac86a6213f4081a9a3f5acc493955f |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2020-05-22T18:06:04Z |
+-------------------+--------------------------------------+【私有网络下】
官方文档:https://docs.openstack.org/install-guide/launch-instance-selfservice.html
创建实例
(这里的net-id我们选择私有网络的id)
Network:5e98be1f-199d-4104-971f-736a44560d51 (名称叫selfservice的私有网络) openstack server create --flavor m1.nano --image cirros \ --nic net-id=5e98be1f-199d-4104-971f-736a44560d51 --security-group sg-test1 \ --key-name mykey selfservice-instance
[root@controller ~]# openstack server create --flavor m1.nano --image cirros \
> --nic net-id=5e98be1f-199d-4104-971f-736a44560d51 --security-group sg-test1 \
> --key-name mykey selfservice-instance
+-----------------------------+-----------------------------------------------+
| Field | Value |
+-----------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | MXbwLCHqwj3r |
| config_drive | |
| created | 2020-05-31T10:06:30Z |
| flavor | m1.nano (0) |
| hostId | |
| id | e8b6089b-92a7-46b0-874e-a5118ddaf7ce |
| image | cirros (6d4ba40e-97eb-47b8-a855-4e0c114cdb2c) |
| key_name | mykey |
| name | selfservice-instance |
| progress | 0 |
| project_id | 62ac86a6213f4081a9a3f5acc493955f |
| properties | |
| security_groups | name='c89fc95b-93d2-48cf-8555-2d708de5744e' |
| status | BUILD |
| updated | 2020-05-31T10:06:30Z |
| user_id | f3abffd7bada4c54b5eca6100d2d33ab |
| volumes_attached | |
+-----------------------------+-----------------------------------------------+检查
openstack server list
[root@controller ~]# openstack server list
+--------------------------------------+----------------------+--------+------------------------+--------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+----------------------+--------+------------------------+--------+---------+
| ad992b47-9e0f-48eb-b3f6-5c3b89cba178 | selfservice-instance | ERROR | | cirros | m1.nano |
| e8b6089b-92a7-46b0-874e-a5118ddaf7ce | selfservice-instance | ERROR | | cirros | m1.nano |
| 4becc277-dadf-4cd9-93e3-3c8458a6f1c4 | provider-instance | ACTIVE | provider=172.16.128.68 | cirros | m1.nano |
+--------------------------------------+----------------------+--------+------------------------+--------+---------+排查
在计算节点查看compute.log日志,发现报错:
2020-05-31 18:06:35.654 1378 ERROR nova.compute.manager [instance: e8b6089b-92a7-46b0-874e-a5118ddaf7ce] UnicodeDecodeError: 'ascii' codec can't decode byte 0xe6 in position 0: ordinal not in range(128)解决文档:https://blog.csdn.net/qq_34284638/article/details/86493535
问题
现在我们用VNC登陆进私有网络下创建的实例。
问:私有网络下创建的实例能否直接与外界网络通信?
答:不可以,因为,我们在私有网络下创建的实例需要--》内部网关--snat---》外部网关--》provider网络--》外网
而现在我们缺少一个沟通内部网络和公有网络的桥梁,也就是少了一个路由器的作用。
创建虚拟路由器
这个虚拟路由器就是图中Vrouter
openstack router create vrouter1
[root@controller ~]# openstack router create vrouter1
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-05-31T08:23:00Z |
| description | |
| distributed | False |
| external_gateway_info | None |
| flavor_id | None |
| ha | False |
| id | b7a9db98-99c5-4c67-814a-5822600d5dfe |
| name | vrouter1 |
| project_id | 62ac86a6213f4081a9a3f5acc493955f |
| revision_number | 1 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2020-05-31T08:23:00Z |
+-------------------------+--------------------------------------+openstack router add subnet vrouter1 selfservice --- 连接私有网络openstack router set vrouter1 --external-gateway provider --- 指定外部网关为公有网络
查看vrouter信息
[root@controller ~]# openstack router list
+--------------------------------------+----------+--------+-------+-------------+-------+----------------------------------+
| ID | Name | Status | State | Distributed | HA | Project |
+--------------------------------------+----------+--------+-------+-------------+-------+----------------------------------+
| b7a9db98-99c5-4c67-814a-5822600d5dfe | vrouter1 | ACTIVE | UP | False | False | 62ac86a6213f4081a9a3f5acc493955f |
+--------------------------------------+----------+--------+-------+-------------+-------+----------------------------------+
[root@controller ~]# openstack router show b7a9db98-99c5-4c67-814a-5822600d5dfe
+-------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2020-05-31T08:23:00Z |
| description | |
| distributed | False |
| external_gateway_info | {"network_id": "e57d1ebe-579f-484c-a447-9f318f4c5597", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "b36d93ed-c8c4-40ef-91b5-50eea19b5b92", "ip_address": "172.16.128.53"}]} |
| flavor_id | None |
| ha | False |
| id | b7a9db98-99c5-4c67-814a-5822600d5dfe |
| interfaces_info | [{"subnet_id": "f952502a-bf1b-4634-8777-de52a7e40bc1", "ip_address": "10.1.1.254", "port_id": "78a2ebaa-f727-4f10-8622-f28a7b28e2ac"}] |
| name | vrouter1 |
| project_id | 62ac86a6213f4081a9a3f5acc493955f |
| revision_number | 4 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2020-05-31T08:23:58Z |
+-------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+路由示意图
从上图的查看信息可以看出,vrouter中的10.1.1.254作为selfservice网络的网关,再经过snat转换成ip地址为172.16.128.53(图中的36改成53)出去连接公有网络,而回来的时候我们是通过浮动ip来实现dnat的。
FLOATIP(浮动ip)
浮动IP:在公有网络上申请一个IP地址,然后去绑定给对应的实例.
从而通过DNAT来去实现访问私有网络里的实例。
FlP示意图
这里从外部访问FIP172.16.128.51,通过dnat实际上就是访问FIP映射的私有网络下实例的ip 10.1.1.18
创建FLOATIP
openstack floating ip create provider
[root@controller ~]# openstack floating ip create provider
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2020-05-31T15:00:32Z |
| description | |
| fixed_ip_address | None |
| floating_ip_address | 172.16.128.59 |
| floating_network_id | e57d1ebe-579f-484c-a447-9f318f4c5597 |
| id | ae412a8c-8624-48b4-83fd-2ba40e34bf08 |
| name | 172.16.128.59 |
| port_id | None |
| project_id | 62ac86a6213f4081a9a3f5acc493955f |
| qos_policy_id | None |
| revision_number | 0 |
| router_id | None |
| status | DOWN(注意这里的状态是关闭,也就是未绑定的情况) |
| subnet_id | None |
| updated_at | 2020-05-31T15:00:32Z |
+---------------------+--------------------------------------+绑定FIP给私有网络中的实例
openstack server add floating ip selfservice-instance 172.16.128.59
(注意:这里的 172.16.128.59 是浮动ip地址,将它绑定给selfservice-instanc这个实例)
验证
官方文档:https://docs.openstack.org/install-guide/launch-instance-networks-selfservice.html
查看floating ip 绑定的实例情况
openstack floating ip list
[root@controller ~]# openstack floating ip list
+--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
| ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project |
+--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
| ae412a8c-8624-48b4-83fd-2ba40e34bf08 | 172.16.128.59 | 10.1.1.2 | 827efa9f-710c-4c23-86c6-cb90e4b91ce5 | e57d1ebe-579f-484c-a447-9f318f4c5597 | 62ac86a6213f4081a9a3f5acc493955f |
+--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+可以看到浮动Ip绑定了 私有网络下的实例。openstack floating ip show ae412a8c-8624-48b4-83fd-2ba40e34bf08
[root@controller ~]# openstack floating ip show ae412a8c-8624-48b4-83fd-2ba40e34bf08
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2020-05-31T15:00:32Z |
| description | |
| fixed_ip_address | 10.1.1.2 |
| floating_ip_address | 172.16.128.59 |
| floating_network_id | e57d1ebe-579f-484c-a447-9f318f4c5597 |
| id | ae412a8c-8624-48b4-83fd-2ba40e34bf08 |
| name | 172.16.128.59 |
| port_id | 827efa9f-710c-4c23-86c6-cb90e4b91ce5 |
| project_id | 62ac86a6213f4081a9a3f5acc493955f |
| qos_policy_id | None |
| revision_number | 2 |
| router_id | b7a9db98-99c5-4c67-814a-5822600d5dfe |
| status | ACTIVE (已经激活) |
| subnet_id | None |
| updated_at | 2020-05-31T15:32:04Z |
+---------------------+--------------------------------------+List network namespaces
List ports on the router to determine the gateway IP address on the provider network
openstack port list --router vrouter1
[root@controller ~]# openstack port list --router vrouter1
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
| 78a2ebaa-f727-4f10-8622-f28a7b28e2ac | | fa:16:3e:f0:ea:84 | ip_address='10.1.1.254', subnet_id='f952502a-bf1b-4634-8777-de52a7e40bc1' | ACTIVE |
| db808f0b-3ec4-4dc8-addf-f88914720eb3 | | fa:16:3e:cc:73:fc | ip_address='172.16.128.53', subnet_id='b36d93ed-c8c4-40ef-91b5-50eea19b5b92' | ACTIVE |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+测试实例能否访问外部网络
测试连接内部网关
测试能否访问外网
略
此处评论已关闭