OpenStack Ussuri : Neutron ネットワークを構成 (FLAT)2020/06/05 |
|
OpenStack Network Service(Neutron)による仮想ネットワークの構成です。
例として、FLAT タイプのプロバイダーネットワークを構成します。
事前に以下のように Control ノード、 Network ノード、 Compute ノードの 各 Neutron サービスノードを構築済みであることが前提です。
また、当例では Network ノードと Compute ノードが二つのネットワークインターフェースを持っているものとします。また、下例で
eth1 の方は IP なしでインターフェースを UP しています。
IP なしでのインターフェース UP の設定はこちらの [1] を参照ください。
------------+---------------------------+---------------------------+------------
| | |
eth0|10.0.0.30 eth0|10.0.0.50 eth0|10.0.0.51
+-----------+-----------+ +-----------+-----------+ +-----------+-----------+
| [ Control Node ] | | [ Network Node ] | | [ Compute Node ] |
| | | | | |
| MariaDB RabbitMQ | | L2 Agent | | Libvirt |
| Memcached httpd | | L3 Agent | | Nova Compute |
| Keystone Glance | | Metadata Agent | | L2 Agent |
| Nova API | | | | |
| Neutron Server | | | | |
| Metadata Agent | | | | |
+-----------------------+ +-----------+-----------+ +-----------+-----------+
eth1|(UP with no IP) eth1|(UP with no IP)
|
| [1] | Network ノード および Compute ノードの両方で以下のように設定します。 |
|
root@network:~#
vi /etc/neutron/plugins/ml2/ml2_conf.ini # 206行目:追記 [ml2_type_flat]
flat_networks = physnet1
root@network:~#
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini # 183行目:追記 [linux_bridge]
physical_interface_mappings = physnet1:eth1
# 250行目:コメント解除して変更 enable_vxlan = false
systemctl restart neutron-linuxbridge-agent |
| [2] | ネットワークを作成します。作業場所はどこでもよいですが、当例では Control ノード上で作業します。 |
|
root@dlp ~(keystone)#
projectID=$(openstack project list | grep service | awk '{print $2}') # [sharednet1] という名称のネットワークを作成 root@dlp ~(keystone)# openstack network create --project $projectID \ --share --provider-network-type flat --provider-physical-network physnet1 sharednet1 Created a new network: +---------------------------+----------------------------------------------------------------------+ | Field | Value | +---------------------------+----------------------------------------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2020-06-04T08:20:24Z | | description | | | dns_domain | None | | id | 34c3b1a0-05ee-4709-9ea7-2e3c8ba73874 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | location | cloud='', project.domain_id=, project.domain_name=, project.id='c... | | mtu | 1500 | | name | sharednet1 | | port_security_enabled | True | | project_id | c0e098a54a4640caa9004fb8f500f554 | | provider:network_type | flat | | provider:physical_network | physnet1 | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 1 | | router:external | Internal | | segments | None | | shared | True | | status | ACTIVE | | subnets | | | tags | | | updated_at | 2020-06-04T08:20:24Z | +---------------------------+----------------------------------------------------------------------+ # [sharednet1] に [10.0.0.0/24] のサブネットを作成 root@dlp ~(keystone)# openstack subnet create subnet1 --network sharednet1 \ --project $projectID --subnet-range 10.0.0.0/24 \ --allocation-pool start=10.0.0.200,end=10.0.0.254 \ --gateway 10.0.0.1 --dns-nameserver 10.0.0.10 Created a new subnet: +----------------------+----------------------------------------------------------------------------+ | Field | Value | +----------------------+----------------------------------------------------------------------------+ | allocation_pools | 10.0.0.200-10.0.0.254 | | cidr | 10.0.0.0/24 | | created_at | 2020-06-04T08:20:59Z | | description | | | dns_nameservers | 10.0.0.10 | | dns_publish_fixed_ip | None | | enable_dhcp | True | | gateway_ip | 10.0.0.1 | | host_routes | | | id | 81d85dfc-278d-400e-ac94-fdc164195b1f | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | location | cloud='', project.domain_id=, project.domain_name=, project.id='c0e098a... | | name | subnet1 | | network_id | 34c3b1a0-05ee-4709-9ea7-2e3c8ba73874 | | prefix_length | None | | project_id | c0e098a54a4640caa9004fb8f500f554 | | revision_number | 0 | | segment_id | None | | service_types | | | subnetpool_id | None | | tags | | | updated_at | 2020-06-04T08:20:59Z | +----------------------+----------------------------------------------------------------------------+ # 設定確認 root@dlp ~(keystone)# openstack network list +--------------------------------------+------------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+------------+--------------------------------------+ | 34c3b1a0-05ee-4709-9ea7-2e3c8ba73874 | sharednet1 | 81d85dfc-278d-400e-ac94-fdc164195b1f | +--------------------------------------+------------+--------------------------------------+ |
| [3] | 任意のユーザーでログインし、作成したネットワークをインスタンスに紐付けてインスタンスを作成/起動します。 |
|
# 利用可能な [flavor] 確認 ubuntu@dlp ~(keystone)$ openstack flavor list +----+----------+------+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+----------+------+------+-----------+-------+-----------+ | 0 | m1.small | 2048 | 10 | 0 | 1 | True | +----+----------+------+------+-----------+-------+-----------+ # 利用可能なイメージ確認 ubuntu@dlp ~(keystone)$ openstack image list +--------------------------------------+------------+--------+ | ID | Name | Status | +--------------------------------------+------------+--------+ | de51f2d9-aa58-4a34-87d6-857451599d9a | Ubuntu2004 | active | +--------------------------------------+------------+--------+ # 利用可能なネットワーク確認 ubuntu@dlp ~(keystone)$ openstack network list +--------------------------------------+------------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+------------+--------------------------------------+ | 34c3b1a0-05ee-4709-9ea7-2e3c8ba73874 | sharednet1 | 81d85dfc-278d-400e-ac94-fdc164195b1f | +--------------------------------------+------------+--------------------------------------+ # インスタンス用のセキュリティグループを作成 ubuntu@dlp ~(keystone)$ openstack security group create secgroup01 +-----------------+---------------------------------------------------------------------------------+ | Field | Value | +-----------------+---------------------------------------------------------------------------------+ | created_at | 2020-06-04T08:24:22Z | | description | secgroup01 | | id | ca314872-b4ba-43a0-8c23-2a92f792bcd2 | | location | cloud='', project.domain_id=, project.domain_name='default', project.id='eaa... | | name | secgroup01 | | project_id | eaa8de359ae0451d944a6401e688f730 | | revision_number | 1 | | rules | created_at='2020-06-04T08:24:22Z', direction='egress', ethertype='IPv6', id=... | | | created_at='2020-06-04T08:24:22Z', direction='egress', ethertype='IPv4', id=... | | stateful | True | | tags | [] | | updated_at | 2020-06-04T08:24:22Z | +-----------------+---------------------------------------------------------------------------------+ # インスタンス接続用の SSH キーペア作成 ubuntu@dlp ~(keystone)$ ssh-keygen -q -N "" Enter file in which to save the key (/home/ubuntu/.ssh/id_rsa): # 公開鍵登録 ubuntu@dlp ~(keystone)$ openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey +-------------+-------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------+ | fingerprint | 19:6c:c0:36:01:c0:56:92:c7:1b:44:3e:cd:3b:31:77 | | name | mykey | | user_id | 2a1e722c971c45d384efe048155d89c7 | +-------------+-------------------------------------------------+ubuntu@dlp ~(keystone)$ netID=$(openstack network list | grep sharednet1 | awk '{ print $2 }')
ubuntu@dlp ~(keystone)$
ubuntu@dlp ~(keystone)$ openstack server create --flavor m1.small --image Ubuntu2004 --security-group secgroup01 --nic net-id=$netID --key-name mykey Ubuntu_2004
openstack server list +--------------------------------------+-------------+--------+-----------------------+------------+----------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+-------------+--------+-----------------------+------------+----------+ | 9fdc123c-9a4f-4e8b-92f5-3044c9142cc4 | Ubuntu_2004 | ACTIVE | sharednet1=10.0.0.220 | Ubuntu2004 | m1.small | +--------------------------------------+-------------+--------+-----------------------+------------+----------+ |
| [4] | 起動した仮想マシンインスタンスに SSH 接続できるように、先に作成したセキュリティグループにポート許可の設定を追加します。 |
|
# ICMP 許可 ubuntu@dlp ~(keystone)$ openstack security group rule create --protocol icmp --ingress secgroup01 +-------------------+------------------------------------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------------------------------------+ | created_at | 2020-06-04T08:28:54Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | c249041f-40ec-4665-ad03-af83a3b01b62 | | location | cloud='', project.domain_id=, project.domain_name='default', project.id='... | | name | None | | port_range_max | None | | port_range_min | None | | project_id | eaa8de359ae0451d944a6401e688f730 | | protocol | icmp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | ca314872-b4ba-43a0-8c23-2a92f792bcd2 | | tags | [] | | updated_at | 2020-06-04T08:28:54Z | +-------------------+------------------------------------------------------------------------------+ # SSH 許可 ubuntu@dlp ~(keystone)$ openstack security group rule create --protocol tcp --dst-port 22:22 secgroup01 +-------------------+-------------------------------------------------------------------------------+ | Field | Value | +-------------------+-------------------------------------------------------------------------------+ | created_at | 2020-06-04T08:29:31Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 1c52f82b-26aa-487d-bb09-eea503d99288 | | location | cloud='', project.domain_id=, project.domain_name='default', project.id='e... | | name | None | | port_range_max | 22 | | port_range_min | 22 | | project_id | eaa8de359ae0451d944a6401e688f730 | | protocol | tcp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | ca314872-b4ba-43a0-8c23-2a92f792bcd2 | | tags | [] | | updated_at | 2020-06-04T08:29:31Z | +-------------------+-------------------------------------------------------------------------------+ubuntu@dlp ~(keystone)$ openstack security group rule list +--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+--------------------------------------+ | ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group | Security Group | +--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+--------------------------------------+ | 029bb121-9e11-499f-a370-69b18988038a | None | IPv4 | 0.0.0.0/0 | | e83038d8-8d99-40cf-b586-56cd16e978f1 | e83038d8-8d99-40cf-b586-56cd16e978f1 | | 1c52f82b-26aa-487d-bb09-eea503d99288 | tcp | IPv4 | 0.0.0.0/0 | 22:22 | None | ca314872-b4ba-43a0-8c23-2a92f792bcd2 | | 709a3076-0ee4-4c7a-b395-4a5e50b75c16 | None | IPv6 | ::/0 | | e83038d8-8d99-40cf-b586-56cd16e978f1 | e83038d8-8d99-40cf-b586-56cd16e978f1 | | a85065f8-ebc7-44ee-8f33-34735591d6c6 | None | IPv6 | ::/0 | | None | e83038d8-8d99-40cf-b586-56cd16e978f1 | | c19f1cff-06c0-474f-972b-0aa1878fa834 | None | IPv4 | 0.0.0.0/0 | | None | e83038d8-8d99-40cf-b586-56cd16e978f1 | | c249041f-40ec-4665-ad03-af83a3b01b62 | icmp | IPv4 | 0.0.0.0/0 | | None | ca314872-b4ba-43a0-8c23-2a92f792bcd2 | | d87ccac7-ebe9-459c-a88c-653ef323a85b | None | IPv6 | ::/0 | | None | ca314872-b4ba-43a0-8c23-2a92f792bcd2 | | ec7e5287-54c2-4b89-b421-62002b9c493a | None | IPv4 | 0.0.0.0/0 | | None | ca314872-b4ba-43a0-8c23-2a92f792bcd2 | +--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+--------------------------------------+ |
| [5] | インスタンスにログインします。 |
|
ubuntu@dlp ~(keystone)$ ssh ubuntu@10.0.0.220 The authenticity of host '10.0.0.220 (10.0.0.220)' can't be established. ECDSA key fingerprint is SHA256:DYDdpzHj2QIvqgKVHa4GpXJytV3ID2lmvpJU6K+0/ts. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '10.0.0.220' (ECDSA) to the list of known hosts. Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-33-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as of Thu 04 Jun 2020 05:30:38 PM JST System load: 0.09 Processes: 101 Usage of /: 24.1% of 8.34GB Users logged in: 0 Memory usage: 7% IPv4 address for ens3: 10.0.0.220 Swap usage: 0% 0 updates can be installed immediately. 0 of these updates are security updates. ubuntu@ubuntu-2004:~$ # ログインできた |
| Sponsored Link |