码迷,mamicode.com
首页 > 其他好文 > 详细

OpenStack云主机配置VIP

时间:2018-07-17 16:37:38      阅读:407      评论:0      收藏:0      [点我收藏+]

标签:uri   ack   led   orm   als   ssi   gre   value   uil   

在OpenStack中默认由于安全组策略限制,云主机只响应自己的iP地址请求,如果需要做HA,可以用以下两种方式实现

1、 增加allow_address_pairs属性


# neutron port-list |grep 10.xxx.51.50
# neutron port-show cff5866e-f288-4614-8778-665795207e0f
+-----------------------+----------------------------------------------------------------------------------------------+
| Field                 | Value                                                                                        |
+-----------------------+----------------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                         |
| allowed_address_pairs |                                                                                              |
| binding:host_id       | Com-B05A04-23-C49-yyy.domain.tld                                                             |
| binding:profile       | {}                                                                                           |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                               |
| binding:vif_type      | ovs                                                                                          |
| binding:vnic_type     | normal                                                                                       |
| device_id             | 965c8148-4b5f-42e1-8827-f793f873aa88                                                         |
| device_owner          | compute:PRD                                                                                  |
| dns_assignment        | {"hostname": "host-10-xxx-51-50", "ip_address": "10.xxx.51.50", "fqdn": "host-10-xxx-51-50"} |
| dns_name              |                                                                                              |
| extra_dhcp_opts       |                                                                                              |
| fixed_ips             | {"subnet_id": "bcfbcc6d-3bc4-4317-8c67-e9fcdcea0711", "ip_address": "10.xxx.51.50"}          |
| id                    | cff5866e-f288-4614-8778-665795207e0f                                                         |
| mac_address           | fa:16:3e:cb:ec:74                                                                            |
| name                  |                                                                                              |
| network_id            | e097267e-82b7-421d-8c35-e3bd83c34467                                                         |
| port_security_enabled | True                                                                                         |
| security_groups       | 6860bcc3-3b94-4c90-a78d-92d7f7379164                                                         |
| status                | ACTIVE                                                                                       |
| tenant_id             | 089d02a7f5ca450ab27a65774dfe698c                                                             |
+-----------------------+----------------------------------------------------------------------------------------------+
# neutron port-update cff5866e-f288-4614-8778-665795207e0f --allowed_address_pairs list=true type=dict ip_address=10.xxx.51.210
# neutron port-show cff5866e-f288-4614-8778-665795207e0f
+-----------------------+----------------------------------------------------------------------------------------------+
| Field                 | Value                                                                                        |
+-----------------------+----------------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                         |
| allowed_address_pairs | {"ip_address": "10.xxx.51.210", "mac_address": "fa:16:3e:cb:ec:74"}                          |
| binding:host_id       | Com-B05A04-23-C49-yyy.domain.tld                                                             |
| binding:profile       | {}                                                                                           |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                               |
| binding:vif_type      | ovs                                                                                          |
| binding:vnic_type     | normal                                                                                       |
| device_id             | 965c8148-4b5f-42e1-8827-f793f873aa88                                                         |
| device_owner          | compute:PRD                                                                                  |
| dns_assignment        | {"hostname": "host-10-xxx-51-50", "ip_address": "10.xxx.51.50", "fqdn": "host-10-xxx-51-50"} |
| dns_name              |                                                                                              |
| extra_dhcp_opts       |                                                                                              |
| fixed_ips             | {"subnet_id": "bcfbcc6d-3bc4-4317-8c67-e9fcdcea0711", "ip_address": "10.xxx.51.50"}          |
| id                    | cff5866e-f288-4614-8778-665795207e0f                                                         |
| mac_address           | fa:16:3e:cb:ec:74                                                                            |
| name                  |                                                                                              |
| network_id            | e097267e-82b7-421d-8c35-e3bd83c34467                                                         |
| port_security_enabled | True                                                                                         |
| security_groups       | 6860bcc3-3b94-4c90-a78d-92d7f7379164                                                         |
| status                | BUILD                                                                                        |
| tenant_id             | 089d02a7f5ca450ab27a65774dfe698c                                                             |
+-----------------------+----------------------------------------------------------------------------------------------+
# neutron port-list |grep 10.xxx.51.51
# neutron port-update c0dea309-89e8-46db-a800-119323adf805 --allowed_address_pairs list=true type=dict ip_address=10.xxx.51.210
# neutron port-show c0dea309-89e8-46db-a800-119323adf805
+-----------------------+----------------------------------------------------------------------------------------------+
| Field                 | Value                                                                                        |
+-----------------------+----------------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                         |
| allowed_address_pairs | {"ip_address": "10.xxx.51.210", "mac_address": "fa:16:3e:84:05:8e"}                          |
| binding:host_id       | Com-B05A04-21-C58-zzz.domain.tld                                                             |
| binding:profile       | {}                                                                                           |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                               |
| binding:vif_type      | ovs                                                                                          |
| binding:vnic_type     | normal                                                                                       |
| device_id             | 55c78568-e8e1-447c-8fe1-777379cf2baf                                                         |
| device_owner          | compute:PRD                                                                                  |
| dns_assignment        | {"hostname": "host-10-xxx-51-51", "ip_address": "10.xxx.51.51", "fqdn": "host-10-xxx-51-51"} |
| dns_name              |                                                                                              |
| extra_dhcp_opts       |                                                                                              |
| fixed_ips             | {"subnet_id": "bcfbcc6d-3bc4-4317-8c67-e9fcdcea0711", "ip_address": "10.xxx.51.51"}          |
| id                    | c0dea309-89e8-46db-a800-119323adf805                                                         |
| mac_address           | fa:16:3e:84:05:8e                                                                            |
| name                  |                                                                                              |
| network_id            | e097267e-82b7-421d-8c35-e3bd83c34467                                                         |
| port_security_enabled | True                                                                                         |
| security_groups       | 6860bcc3-3b94-4c90-a78d-92d7f7379164                                                         |
| status                | ACTIVE                                                                                       |
| tenant_id             | 089d02a7f5ca450ab27a65774dfe698c                                                             |
+-----------------------+----------------------------------------------------------------------------------------------+


2、 关闭neutron port的安全组特性
 

 # neutron port-update --no-security-groups $port_id
 # neutron port-update $port_id --port-security-enabled=False



OpenStack云主机配置VIP

标签:uri   ack   led   orm   als   ssi   gre   value   uil   

原文地址:http://blog.51cto.com/coolsky/2145739

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!