experiment process:
Dashboard operation
Create Network
admin user login dashboard interface, navigation bar, select "Project - Network - Network Topology", displays the current network topology environment, click Create a network
to create a network, the name "Network_web_01", and check the "share", the other to keep the default
Create a subnet name Subnet_web_01 ", the network address 192.168.11.0/24, the gateway ip" 192.168.11.1 ", the other to keep the default
configuration," Subnet details ", enter the starting and ending address pool assigned IP" 192.168.11.100,192.168.11.200 "other keep the default, and then click create
Return to the Network Topology page to see changes in the network topology
Navigation bar to select "Project - Network - Network" to enter the network list, you can view the network you just created
Click the network name "Network_web_01", view network details
View subnet information
View Network Interface
Then create a network "Network_web_02", Subnet name "Subnet_web_02", Network Address '192.168.12.0/24', gateway ip192.168.12.1, starting and ending address pool range of IP "192.168.12.100-192.168.12.200"
Examples of each virtual machine access
Navigation bar, select "Project - computing - instance", enter the list of virtual machines ,, before referring to the virtual machine operating experimental release, release two virtual machine instances:
- Virtual machine instance name: Instance_web_test
- Number 2
- Select the Start Source: Image
- Create a new volume: NO
- Distribution Mirror: Img_web
- Distribution specifications: Flavor_web
- Distribution network: Network_web_01
- 其他保持默认
可以看到,创建成功,网络也分配成功
Instance_web_test_1:192.168.11.110
Instance_web_test_2:192.168.11.102
分别单击刚刚创建的2个虚拟机实例名称,进入虚拟机实例页面,进入控制台,然后进行互ping测试
网络能够互通
在导航栏,进入”项目-网络-网络拓扑“,可以查看当前的网络拓扑
发放虚拟机实例Instance_web_test-3,网络选择Network_web_02,其他参数与Instance_web_test_1一致
看可以看到分配的地址是192.168.12.101,此时无法与Instance_web_test1互通
查看现在的网络拓扑
Instance_web_test-1与Instance_web_test-3处于不同的网络
创建路由器
在"项目-网络-路由”,创建路由器
输入路由器名称Router_web,外部网络选择provider,其他保持默认,进行创建
进入路由,查看路由概览
进入接口页面,添加接口
添加子网“Network_web_01"
返回接口列表,查看添加的接口,等待一段时间,接口状态变为up
继续添加接口,添加”Network_web_02"
此时查看网络拓扑
此时,Instance_web_1与Instance_web_2通过路由器,能够相互ping通
管理浮动ip
虽然虚拟实例可以通过路由器相互ping通,但是无法访问外部网络,也无法与宿主机相关进行通信。
如需要访问外部网络,必须在路由器上配置浮动ip
在使用浮动ip之前,需要在“管理员-网络”中创建一个flat类型的provider网络,如果需要访问外部网路,还得勾选外部网络选项。
openstack tranning labs默认在提供了了一个provider网络。可以分配浮动ip,如下所示
进入“项目-网络-浮动ip",点击分配给项目
分配池默认选择provider,进行随机分配
完成后,可以看到分配的浮动ip
在“项目-计算-实例”中,将浮动ip分配给Instance_web_test_3
按照如下方式进行分配
同样的,也可以为Instance_web_test_1分配浮动ip
创建安全组
进入Instance_web_test-3的概览,查看虚拟机实例当前应用的安全组
在导航栏,选择“项目-网络-安全组”,进入列表,点击管理规则
查看defualt安全组
默认安全组规则允许所有外出流量,但是禁止进入流量。
返回安全组列表,创建安全组
创建一个名为SG_web的安全组,然后添加规则
配置一个规则,能够让任何地址ping
再添加一个规则,允许所有tcp协议
检查配置的安全组规则
然后再虚拟机实例中Instance_web_test_3,点击编辑安全组
删除默认安全组default,添加SG_web安全组
确认安全组规则
从宿主机ping Instance_web_test-3的浮动ip,证实安全组生效
从署主机ssh登陆虚拟机实例Instance_web_test-3,验证安全组生效
CLI操作
创建网络
创建网络Network_cli_01,设置为shared
openstack network create --share Network_cli_01
查看网络列表
openstack network list
创建Network_cli_01的子网subnet_cli_01,网络地址“192.168.21.0/24",子网地址”192.168.21.100~192.168.21.200“,网关地址:”192.168.21.1“
openstack subnet create --network Network_cli_01 --subnet-range 192.168.21.0/24 --allocation-pool start=192.168.21.100,end=192.168.21.200 --gateway 192.168.21.1 Subnet_cli_01
查看网络子网列表
openstack subnet list
查看网络”Network_cli_01"的网口列表
openstack port list --network Network_cli_01 --long
创建网络Network_cli_02和子网Subnet_cli_02,网络地址192.168.22.0/24,地址池192.168.22.100~192.168.22.200,网关192.168.22.1
openstack network create --share Network_cli_02
openstack subnet create --network Network_cli_02 --subnet-range 192.168.22.0/24 --allocation-pool start=192.168.22.100,end=192.168.22.200 --gateway 192.168.22.1 Subnet_cli_02
查看网络和网络子网列表
openstack network list
查看子网
openstack subnet list
因为openstack tranning lab限制项目虚拟机资源为10,需要删除之间的虚拟机实例才能继续创建新的虚拟机
openstack server delete Instance_web_test_{1,2,3}
发放两个虚拟机实例”Instance_cli_test",按照如下配置
- 启动源image
- 镜像:img_cli
- 规格:flavor_cli
- 分配网络:network_cli_01
openstack server create --image Img_cli --flavor Flavor_cli --network Network_cli_01 --min 2 --max 2 Instance_cli_test
创建完成之后,可以去dashboard里面验证虚拟机实例的网络连通性
创建Instance_cli_test-3,启动源image,镜像img_cli,规格flavor_cli,网络Network_cli_02
openstack server create --image Img_cli --flavor Flavor_cli --network Network_cli_02 Instance_cli_test-3
Dashboard to verify the interoperability of virtual machine instances
Create a router
In the following manner, create a router
openstack router create --availability-zone-hint nova Router_cli
View a list of routers
openstack router list
The external router network provider
openstack router set --external-gateway provider Router_cli
Were added subnets "Subnet_cli_01 and Subnet_cli_02
openstack router add subnet Router_cli Subnet_cli_01
openstack router add subnet Router_cli Subnet_cli_02
Check the router interface information of Router_cli
openstack router show Router_cli | grep interfaces_info
Dashboard to verify the virtual machine instance can communicate with each other
Managed floating ip
View examples of Instance_cli_test-3 network port
openstack port list --server Instance_cli_test-3
Recording network port ID to be dispensed
Create and assign an external network provider Instance_cli_test-3 network port to a virtual machine instance floating ip
openstack floating ip create --port <port_id> provider
View floating ip list to see network port status openstack floating ip list --long
can be seen floating ip will not delete the virtual machine instance is deleted, it will be de-allocated
to re-create a floating ip
openstack floating ip create provider
Floating ip created for 203.0.113.118
Example Instance_cli_test-1 is assigned a floating ip
openstack server add floating ip Instance_cli_test-1 203.0.113.118
Security Group
View Instance_cli_test-3 security group
openstack server show Instance_cli_test-3
Project name and record of the security group ID
View Instance_cli_test-3 Security Group ID
openstack security group list --project <project_id>
View virtual machine instances corresponding security group ID rules
openstack security group rule list | grep <security_group_id
View security group corresponding rule details
openstack security group rule show <security_group_rule_id>
Create a security group SG_CLI
openstack security group create SG_CLI
View list of security groups
openstack security group list
Add the security group sg_cli the icmp rules
openstack security group rule create --protocol icmp --ingress --remote-ip 0.0.0.0/0 SG_CLI
Add tcp rules
openstack security group rule create --protocol tcp --ingress --remote-ip 0.0.0.0/0 SG_CLI
Remove the virtual machine default security group
openstack server remove security group Instance_cli_test-3 default
Add the security group SG_CLI
openstack server add security group Instance_cli_test-3 SG_CLI
Confirm security group VM instances
openstack server show Instance_cli_test-3 |grep security_groups