https://www.cnblogs.com/opsec/p/7205085.html
Openstack on multiple cloud hosting environment configurations created keepalived primary backup, by default, can not take effect, directly on the cloud host a network card configured with two IP test result is the same, because:
Can be seen, the port where the host MAC address and IP iptables been restricted. It is required as follows:
pre. Confirm cloud host adapters, port_id
nova interface-list [vm_id]
1. Verify configuration ml2
arp_responder = False
或 未配置(因为默认为false);
2. vip need to configure the port, can directly disable the security group (not recommended):
neutron port-update --no-security-groups --port-security-enabled=False [port_id]
eg.
neutron port-update --no-security-groups --port-security-enabled=False aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa
You can also use allowed-address-pair (recommended):
neutron port-update --allowed-address-pair ip_address=[CIDR] [port_id]
,Such as :
eg.
neutron port-update --allowed-address-pair ip_address=10.1.100.100 aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa
neutron port-update --allowed-address-pair ip_address=10.1.100.100/31 aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa
Up to this point, the configuration above cloud host vip already use.
3. In order to avoid the cloud assets occupied vip subsequently created, create idle port, occupy too vip address:
neutron port-create --fixed-ip ip_address=[IP_ADDR] [network_id]
neutron port-create --fixed-ip ip_address=10.1.100.100 bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb
At this point this is just a port of a record in the DB is not created on the host device tap or increase iptables chain, do not worry about additional resource depletion. Its purpose is merely occupied IP address to avoid being used by other resources only.
Below, the DHCP will not redistribution 10.1.100.100 ip
Then began the floating IP binding to vip, usually in the dashboard is that we host binding to the cloud floating IP, commonly used CLI / api is
nova floating-ip-associate <server> <address>
It can be such a floating IP is bound to cloud host adapters, original IP (10.1.100.7), not vip (10.1.100.100)
So we have to use neutron relevant interfaces.
4. Create a floating IP
neutron floatingip-create [floating_net_id]
neutron floatingip-create cccccccc-cccc-cccc-cccc-cccccccccccc
5. Binding
neutron floatingip-associate [floatingip_id] [port_id]
First just tied by de nova CLI bindings
Binding start
neutron floatingip-associate cccccccccccc-cccccccc-cccccccccccc aaaaaaaaaaaa-aaaaaaaa-aaaaaaaaaaaa
net ns go l3 node where you can see
Already bound to a vip (10.1.100.100) a
Openstack on multiple cloud hosting environment configurations created keepalived primary backup, by default, can not take effect, directly on the cloud host a network card configured with two IP test result is the same, because:
Can be seen, the port where the host MAC address and IP iptables been restricted. It is required as follows:
pre. Confirm cloud host adapters, port_id
nova interface-list [vm_id]
1. Verify configuration ml2
arp_responder = False
或 未配置(因为默认为false);
2. vip need to configure the port, can directly disable the security group (not recommended):
neutron port-update --no-security-groups --port-security-enabled=False [port_id]
eg.
neutron port-update --no-security-groups --port-security-enabled=False aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa
You can also use allowed-address-pair (recommended):
neutron port-update --allowed-address-pair ip_address=[CIDR] [port_id]
,Such as :
eg.
neutron port-update --allowed-address-pair ip_address=10.1.100.100 aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa
neutron port-update --allowed-address-pair ip_address=10.1.100.100/31 aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa
到这一步为止,云主机内配置上面的 vip 就已经可以使用了。
3. 为了避免后续创建的云资产占用vip ,创建闲置的port,占用掉vip地址:
neutron port-create --fixed-ip ip_address=[IP_ADDR] [network_id]
neutron port-create --fixed-ip ip_address=10.1.100.100 bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb
此时这个port 只是一个DB里的一个记录,不会在宿主机上创建tap设备或增加iptables chain,不用担心额外的资源损耗。它的用途仅仅是占用IP地址以免被其它资源使用而已。
如下图,dhcp不会再分配 10.1.100.100 这个ip
接下来开始将浮动IP绑定给vip,平时我们在dashboard处是给云主机绑定浮动IP,常用的CLI /api 是
nova floating-ip-associate <server> <address>
,可这样浮动IP绑定的是云主机网卡原始IP (10.1.100.7),不是vip (10.1.100.100)
,所以我们得使用neutron 的相关接口。
4. 创建浮动IP
neutron floatingip-create [floating_net_id]
neutron floatingip-create cccccccc-cccc-cccc-cccc-cccccccccccc
5. 绑定
neutron floatingip-associate [floatingip_id] [port_id]
先将刚才通过nova CLI 绑定的解绑
开始绑定
neutron floatingip-associate cccccccc-cccc-cccc-cccc-cccccccccccc aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa
再去l3 节点的net ns里可以看到
已经绑定的是 vip (10.1.100.100) 了