神刀安全网

RDO Mitaka Virtual Deployment having real physical network as External

Nova-Docker driver is installed on Compute node which is supposed to run several Java EE Servers as light weight Nova-Docker Containers (instances) having floating IPs on external flat network (actually real office network 192.168.1.0/24) . General Setup RDO Mitaka  ML2&OVS&VLAN 3 Nodes. VLAN tenant’s segregation for RDO lansdcape was selected to avoid DVR configuration Controller && Compute Cluster.

Details here  Setup Docker Hypervisor on Multi Node DVR Cluster RDO Mitaka

Configuration RDO Mitaka :-

Controller/Network  (VM)  192.169.142.127 (eth0 -mgmt, eth1- vlan 

vm/data, eth2 external )

Compute  (VM)  192.169.142.137 (eth0 -mgmt, eth1- valn, vm/data)

Storage    (VM ) 192.169.142.147 (eth0 -mgmt)

RDO Mitaka Virtual Deployment having real physical network as External

********************************************************************************************

Office LAN 192.168.1.0/24 is supposed to match external network (configured via flat network provider ) for VM’s  deployed system . VIRTHOST (F23) is based on linux bridge br0 having original interface enp3s0 as source interface

********************************************************************************************

[root@fedora23wks network-scripts]# cat ifcfg-br0

DEVICE=br0

TYPE=Bridge

BOOTPROTO=static

DNS1=192.168.1.1

DNS2=83.221.202.254

GATEWAY=192.168.1.1

IPADDR=192.168.1.57

NETMASK=255.255.255.0

ONBOOT=yes

[root@fedora23wks network-scripts]# cat ifcfg-enp3s0

DEVICE=enp3s0

HWADDR=78:24:af:43:1b:53

ONBOOT=yes

TYPE=Ethernet

IPV6INIT=no

USERCTL=no

BRIDGE=br0

***************************

Then run script

***************************

#!/bin/bash -x

chkconfig network on

systemctl stop NetworkManager

systemctl disable NetworkManager

service network restart

Reboot node

[root@fedora23wks network-scripts]# brctl show

bridge name    bridge id        STP enabled    interfaces

br0        8000.7824af431b53    no                enp3s0

vnet2

********************************************************************************************

Creating external network via flat external network provider on Controller

matching CIDR of Office LAN 192.168.1.1 is IP of external physical router

device.

********************************************************************************************

RDO Mitaka Virtual Deployment having real physical network as External

RDO Mitaka Virtual Deployment having real physical network as External

RDO Mitaka Virtual Deployment having real physical network as External

********************************

Controller Configuration

********************************

[root@ip-192-169-142-127 neutron(keystone_admin)]# cat l3_agent.ini | grep -v ^$|grep -v ^#

[DEFAULT]

interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

agent_mode = legacy

gateway_external_network_id =

external_network_bridge =

debug = False

[AGENT]

[root@ip-192-169-142-127 neutron(keystone_admin)]# cd plugins/ml2

[root@ip-192-169-142-127 ml2(keystone_admin)]# cat ml2_conf.ini

[DEFAULT]

[ml2]

type_drivers = vlan,flat

tenant_network_types = vlan

mechanism_drivers =openvswitch

path_mtu = 0

[ml2_type_flat]

flat_networks = *

[ml2_type_geneve]

[ml2_type_gre]

[ml2_type_vlan]

network_vlan_ranges =physnet1:100:200,physnet2

[ml2_type_vxlan]

[securitygroup]

firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

enable_security_group = True

[root@ip-192-169-142-127 ml2(keystone_admin)]# cat openvswitch_agent.ini

[DEFAULT]

[agent]

l2_population = False

drop_flows_on_start = False

[ovs]

integration_bridge = br-int

bridge_mappings =physnet1:br-eth1,physnet2:br-eth2

enable_tunneling=False

local_ip=192.169.142.127

[securitygroup]

firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[root@ip-192-169-142-127 ~(keystone_admin)]# ovs-vsctl show

d12e6a7a-f589-42cd-91b3-96156ad9ed59

Bridge br-int

fail_mode: secure

Port "tap4118e71e-a4"

tag: 2

Interface "tap4118e71e-a4"

type: internal

Port "qr-41a1a0fa-ec"

tag: 1

Interface "qr-41a1a0fa-ec"

type: internal

Port "tap390b9bc5-b9"

tag: 1

Interface "tap390b9bc5-b9"

type: internal

Port br-int

Interface br-int

type: internal

Port "int-br-eth1"

Interface "int-br-eth1"

type: patch

options: {peer="phy-br-eth1"}

Port "qg-65a69bdf-c7"

tag: 2

Interface "qg-65a69bdf-c7"

type: internal

Port "int-br-eth2"

Interface "int-br-eth2"

type: patch

options: {peer="phy-br-eth2"}

Bridge "br-eth2"          <=== external bridge for non-bridged networking

Port "phy-br-eth2"

Interface "phy-br-eth2"

type: patch

options: {peer="int-br-eth2"}

Port "br-eth2"

Interface "br-eth2"

type: internal

Port "eth2"

Interface "eth2"

Bridge br-ex

Port br-ex

Interface br-ex

type: internal

Port "eth0"

Interface "eth0"

Bridge "br-eth1"    <=== internal VLAN vm/data network bridge

Port "phy-br-eth1"

Interface "phy-br-eth1"

type: patch

options: {peer="int-br-eth1"}

Port "eth1"

Interface "eth1"

Port "br-eth1"

Interface "br-eth1"

type: internal

ovs_version: "2.4.0"

****************************************************************************************

Dashboard Console ( Controller VM on VIRTHOST 192.168.1.57 )

****************************************************************************************

RDO Mitaka Virtual Deployment having real physical network as External

RDO Mitaka Virtual Deployment having real physical network as External

Connect to GF 4.1 Server from remote workstation

RDO Mitaka Virtual Deployment having real physical network as External

RDO Mitaka Virtual Deployment having real physical network as External

RDO Mitaka Virtual Deployment having real physical network as External

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » RDO Mitaka Virtual Deployment having real physical network as External

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址