以下命令使用于 queens版本中
需要配置vip搭建keepalived高可用集群,因此在openstack上的虚拟机如何绑定vip
操作步骤
1、执行命令neutron net-list查看网络
找到自己需要设置的网络,获取subnet_id和network_id
[root@node151 ~]# neutron net-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+----------+----------------------------------+-----------------------------------------------------+
| id | name | tenant_id | subnets |
+--------------------------------------+----------+----------------------------------+-----------------------------------------------------+
| b79db6a0-b74d-48b8-95e8-8260eaf81b70 | provider | 8e4dd46886834371b71984245a143f58 | b8a9d01c-f547-45c3-a0d4-da7ae1494766 192.168.1.0/24 |
+--------------------------------------+----------+----------------------------------+-----------------------------------------------------+
2、创建port接口
指定ip,保证neutron不会将此IP在分配出去,导致IP冲突问题
neutron port-create --fixed-ip subnet_id=<subnet_id>,ip_address=<vip> <network_id>
注:
替换subnet_id为neutron net-list中查看到的subnet_id
替换vip为需要配置的vip地址
替换network_ID为neutron net-list中查看到的network_id
[root@node151 ~]# neutron port-create --fixed-ip subnet_id=b8a9d01c-f547-45c3-a0d4-da7ae1494766,ip_address=192.168.1.170 b79db6a0-b74d-48b8-95e8-8260eaf81b70
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Created a new port:
+-----------------------+--------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:host_id | |
| binding:profile | {} |
| binding:vif_details | {} |
| binding:vif_type | unbound |
| binding:vnic_type | normal |
| created_at | 2021-08-31T06:22:58Z |
| description | |
| device_id | |
| device_owner | |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "b8a9d01c-f547-45c3-a0d4-da7ae1494766", "ip_address": "192.168.1.170"} |
| id | 46b7784a-6bec-4ca4-8c1f-41dc07e40955 |
| mac_address | fa:16:3e:db:8a:6b |
| name | |
| network_id | b79db6a0-b74d-48b8-95e8-8260eaf81b70 |
| port_security_enabled | True |
| project_id | 8e4dd46886834371b71984245a143f58 |
| revision_number | 6 |
| security_groups | c1e53d26-8525-4ebb-8305-e82e54b27ed5 |
| status | DOWN |
| tags | |
| tenant_id | 8e4dd46886834371b71984245a143f58 |
| updated_at | 2021-08-31T06:22:59Z |
+-----------------------+--------------------------------------------------------------------------------------+
3、执行命令neutron port-list
查看端口,找到VIP的Port ID以及需要使用VIP的虚拟机的IP对应的Port id 比如两台虚拟机做HA绑定vip,那么需要查看两台虚拟机的port ID和这个vip的port ID**
[root@node151 ~]# neutron port-list|grep 192.168.1.168
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
| cd86f69a-4779-4a46-a0ea-eed76f176237 | | 8e4dd46886834371b71984245a143f58 | fa:16:3e:e9:76:dc | {"subnet_id": "b8a9d01c-f547-45c3-a0d4-da7ae1494766", "ip_address": "192.168.1.168"} |
[root@node151 ~]# neutron port-list|grep 192.168.1.156
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
| f3bebead-0e94-4909-8a00-ce43a2fc243a | | 8e4dd46886834371b71984245a143f58 | fa:16:3e:56:46:33 | {"subnet_id": "b8a9d01c-f547-45c3-a0d4-da7ae1494766", "ip_address": "192.168.1.156"} |
[root@node151 ~]# neutron port-list|grep 192.168.1.170
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
| 46b7784a-6bec-4ca4-8c1f-41dc07e40955 | | 8e4dd46886834371b71984245a143f58 | fa:16:3e:db:8a:6b | {"subnet_id": "b8a9d01c-f547-45c3-a0d4-da7ae1494766", "ip_address": "192.168.1.170"} |
4、取消安全组对应端口的管理
neutron port-update --no-security-groups <Port_id>
neutron port-update --port_security_enabled=false <Port_id>
注:
替换Port_id为之前neutron port-list中找到的Port_id
[root@node151 ~]# neutron port-update --no-security-groups cd86f69a-4779-4a46-a0ea-eed76f176237
update --port_security_enabled=false f3bebead-0e94-4909-8a00-ce43a2fc243a
neutron port-update --no-security-groups 46b7784a-6bec-4ca4-8c1f-41dc07e40955
neutron port-update --port_security_enabled=false 46b7784a-6bec-4ca4-8c1f-41dc07e40955neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Updated port: cd86f69a-4779-4a46-a0ea-eed76f176237
[root@node151 ~]# neutron port-update --port_security_enabled=false cd86f69a-4779-4a46-a0ea-eed76f176237
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Updated port: cd86f69a-4779-4a46-a0ea-eed76f176237
[root@node151 ~]# neutron port-update --no-security-groups f3bebead-0e94-4909-8a00-ce43a2fc243a
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Updated port: f3bebead-0e94-4909-8a00-ce43a2fc243a
[root@node151 ~]# neutron port-update --port_security_enabled=false f3bebead-0e94-4909-8a00-ce43a2fc243a
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Updated port: f3bebead-0e94-4909-8a00-ce43a2fc243a
[root@node151 ~]# neutron port-update --no-security-groups 46b7784a-6bec-4ca4-8c1f-41dc07e40955
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Updated port: 46b7784a-6bec-4ca4-8c1f-41dc07e40955
[root@node151 ~]# neutron port-update --port_security_enabled=false 46b7784a-6bec-4ca4-8c1f-41dc07e40955
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Updated port: 46b7784a-6bec-4ca4-8c1f-41dc07e40955
5、测试vip联通性
在168和156上分别临时增加ip 192.168.1.170 通过ping命令进行测试即可。
