openstack中的虚拟机需要使用Keepalived开放VIP地址,vip地址默认不能与外部进行通信。
正常在使用时,openstack虚拟机中docker容器无法被外部网络直接进行访问,即不能直接访问docker0网段172.17.0.0/16。
在neutron port中添加了允许docker0网段通信后,即可以在外部网络中直接进行访问docker容器IP地址。前提需要在交换机中添加到172.17.0.0/16的路由指向openstack虚拟机地址。
1.查看虚拟机网络port端口,找到对应虚拟机IP地址,修改allowed_address_pairs参数,放行地址通信
[root@controller01 opt]# neutron port-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+------+----------------------------------+-------------------+-------------------------------------------------------------------------------------+
| id | name | tenant_id | mac_address | fixed_ips |
+--------------------------------------+------+----------------------------------+-------------------+-------------------------------------------------------------------------------------+
| 1ca042d8-adc9-490c-a387-cc6415b40c1c | | 6913a6f61cba4202adb51e3e80334808 | fa:16:3e:95:a9:86 | {"subnet_id": "1f77b0a6-8729-43af-b666-85531c5a35ae", "ip_address": "172.30.18.15"} |
| 1d4a31d1-6899-411b-8886-54a1032e2ce2 | | 6913a6f61cba4202adb51e3e80334808 | fa:16:3e:85:dc:a1 | {"subnet_id": "1f77b0a6-8729-43af-b666-85531c5a35ae", "ip_address": "172.30.18.4"} |
| 3e219994-ee25-44f2-b661-9d81063ddaaa | | 6913a6f61cba4202adb51e3e80334808 | fa:16:3e:04:9a:09 | {"subnet_id": "1f77b0a6-8729-43af-b666-85531c5a35ae", "ip_address": "172.30.18.2"} |
| 7342a472-3804-49a5-9531-b99255b92aef | | 6913a6f61cba4202adb51e3e80334808 | fa:16:3e:ae:70:0c | {"subnet_id": "4ef7c728-a7d4-4377-b055-8855d5fdc9a3", "ip_address": "172.30.19.2"} |
| 8a27cd45-2c0c-4c1b-a122-e265004adf90 | | 6913a6f61cba4202adb51e3e80334808 | fa:16:3e:b4:4b:ca | {"subnet_id": "1f77b0a6-8729-43af-b666-85531c5a35ae", "ip_address": "172.30.18.18"} |
| b6ebfb98-354d-43e9-b5c8-486ca9fa1538 | | 6913a6f61cba4202adb51e3e80334808 | fa:16:3e:df:1b:e9 | {"subnet_id": "1f77b0a6-8729-43af-b666-85531c5a35ae", "ip_address": "172.30.18.3"} |
| e1da58b8-c310-44ea-aef8-a87ce44cd7cc | | 6913a6f61cba4202adb51e3e80334808 | fa:16:3e:fe:64:34 | {"subnet_id": "4ef7c728-a7d4-4377-b055-8855d5fdc9a3", "ip_address": "172.30.19.4"} |
| e9849e89-d922-4d23-a5d8-e035e6f595ea | | 6913a6f61cba4202adb51e3e80334808 | fa:16:3e:f7:4c:4e | {"subnet_id": "1f77b0a6-8729-43af-b666-85531c5a35ae", "ip_address": "172.30.18.24"} |
| ed4d23c8-5b6f-4cd6-be09-07eec05a56f6 | | 6913a6f61cba4202adb51e3e80334808 | fa:16:3e:2b:a1:ea | {"subnet_id": "4ef7c728-a7d4-4377-b055-8855d5fdc9a3", "ip_address": "172.30.19.3"} |
| f1ccdf50-1743-4343-a3c9-3fb3bb1b97bd | | 6913a6f61cba4202adb51e3e80334808 | fa:16:3e:9c:4a:9c | {"subnet_id": "1f77b0a6-8729-43af-b666-85531c5a35ae", "ip_address": "172.30.18.13"} |
| f3db5bc8-8c7b-4f80-88f0-c10364a0db1e | | 6913a6f61cba4202adb51e3e80334808 | fa:16:3e:55:b6:41 | {"subnet_id": "1f77b0a6-8729-43af-b666-85531c5a35ae", "ip_address": "172.30.18.17"} |
+--------------------------------------+------+----------------------------------+-------------------+-------------------------------------------------------------------------------------+
2.修改网络端口允许通信的地址段(虚拟机内部不能通信的地址段)
[root@controller01 opt]# neutron port-update 1ca042d8-adc9-490c-a387-cc6415b40c1c --allowed-address-pair ip_address=172.17.0.0/24
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Updated port: 1ca042d8-adc9-490c-a387-cc6415b40c1c
3.查看修改后的port端口属性
[root@controller01 opt]# neutron port-show 1ca042d8-adc9-490c-a387-cc6415b40c1c
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+-----------------------+-------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+-------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | {"ip_address": "172.17.0.0/24", "mac_address": "fa:16:3e:95:a9:86"} |
| binding:host_id | controller03 |
| binding:profile | {} |
| binding:vif_details | {"port_filter": true} |
| binding:vif_type | bridge |
| binding:vnic_type | normal |
| created_at | 2020-06-22T08:05:22Z |
| description | |
| device_id | 4eea09e2-0fe9-4a47-8f7b-13c76a70d7a1 |
| device_owner | compute:nova |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "1f77b0a6-8729-43af-b666-85531c5a35ae", "ip_address": "172.30.18.15"} |
| id | 1ca042d8-adc9-490c-a387-cc6415b40c1c |
| mac_address | fa:16:3e:95:a9:86 |
| name | |
| network_id | a15f2e72-784f-442e-b2af-2a07bf376e93 |
| port_security_enabled | True |
| project_id | 6913a6f61cba4202adb51e3e80334808 |
| revision_number | 23 |
| security_groups | bae8551f-d1b9-403c-8d90-1c66d844affa |
| status | ACTIVE |
| tags | |
| tenant_id | 6913a6f61cba4202adb51e3e80334808 |
| updated_at | 2020-07-24T01:46:37Z |
+-----------------------+-------------------------------------------------------------------------------------+
4.测试连接访问
C:\Users\Ace
λ ping 172.17.0.1
正在 Ping 172.17.0.1 具有 32 字节的数据:
来自 172.17.0.1 的回复: 字节=32 时间<1ms TTL=63
来自 172.17.0.1 的回复: 字节=32 时间<1ms TTL=63
1183
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
