Pambuka kanggo bagean jaringan infrastruktur awan

Komputasi awan luwih jero lan luwih jero ing urip kita lan bisa uga ora ana wong sing ora nggunakake layanan awan paling ora sapisan. Nanging, apa sejatine awan lan cara kerjane, sawetara wong ngerti, sanajan ing tingkat ide. 5G wis dadi kasunyatan lan infrastruktur telekomunikasi wiwit pindhah saka solusi pilar menyang solusi awan, kaya nalika pindhah saka solusi hardware lengkap menyang "pilar" virtual.

Dina iki kita bakal ngomong babagan jagad njero infrastruktur awan, utamane kita bakal ndeleng dhasar bagean jaringan.

Apa iku awan? Virtualisasi padha - tampilan profil?

Luwih saka pitakonan logis. Ora - iki dudu virtualisasi, sanajan ora bisa ditindakake tanpa. Ayo goleki rong definisi:

Cloud computing (sabanjuré diarani Cloud) minangka model kanggo nyedhiyakake akses pangguna-loropaken menyang sumber daya komputasi sing disebarake sing kudu disebarake lan diluncurake miturut permintaan kanthi latensi paling murah lan biaya minimal kanggo panyedhiya layanan.

Virtualisasi - iki minangka kemampuan kanggo mbagi siji entitas fisik (umpamane, server) dadi sawetara virtual, saéngga nambah panggunaan sumber daya (contone, sampeyan duwe 3 server dimuat ing 25-30 persen, sawise virtualisasi sampeyan entuk 1 server dimuat ing 80-90 persen). Alamiah, virtualization mangan sawetara sumber daya - sampeyan kudu Feed hypervisor, Nanging, minangka laku wis ditampilake, game worth lilin. Conto becik virtualisasi yaiku VMWare, sing nyiapake mesin virtual kanthi sampurna, utawa contone KVM, sing aku seneng, nanging iki masalah rasa.

Kita nggunakake virtualisasi tanpa sadhar, lan malah router wesi wis nggunakake virtualisasi - contone, ing versi paling anyar saka JunOS, sistem operasi diinstal minangka mesin virtual ing ndhuwur distribusi Linux nyata-wektu (Wind River 9). Nanging virtualisasi dudu awan, nanging awan ora bisa ana tanpa virtualisasi.

Virtualisasi minangka salah sawijining blok bangunan ing ngendi awan dibangun.

Nggawe awan kanthi mung nglumpukake sawetara hypervisors menyang siji domain L2, nambahake sawetara playbook yaml kanggo ndhaptar vlan kanthi otomatis liwat sawetara jinis ansible lan macet kaya sistem orkestrasi ing kabeh kanggo nggawe mesin virtual kanthi otomatis ora bakal bisa. Iku bakal luwih akurat, nanging asil Frankenstein dudu méga sing kita butuhake, sanajan bisa dadi impen utama kanggo wong liya. Menapa malih, yen sampeyan njupuk Openstack padha, iku ateges isih Frankenstein, nanging oh uga, ayo ora pirembagan bab sing saiki.

Nanging aku ngerti manawa saka definisi sing diwenehake ing ndhuwur ora jelas apa sing bisa diarani awan.

Mula, dokumen saka NIST (Institut Standar lan Teknologi Nasional) nyedhiyakake 5 karakteristik utama sing kudu diduweni infrastruktur awan:

Nyediakake layanan miturut panyuwunan. Pangguna kudu diwenehi akses gratis menyang sumber daya komputer sing diwenehake marang dheweke (kayata jaringan, disk virtual, memori, inti prosesor, lan liya-liyane), lan sumber daya kasebut kudu diwenehake kanthi otomatis - yaiku, tanpa intervensi saka panyedhiya layanan.

Wide kasedhiyan layanan. Akses menyang sumber daya kudu diwenehake dening mekanisme standar kanggo ngidini panggunaan PC standar lan klien tipis lan piranti seluler.

Nggabungake sumber daya menyang pools. Kolam sumber daya kudu nyedhiyakake sumber daya kanggo macem-macem klien ing wektu sing padha, mesthekake yen klien diisolasi lan bebas saka pengaruh lan kompetisi kanggo sumber daya. Jaringan uga kalebu ing blumbang, sing nuduhake kemungkinan nggunakake alamat sing tumpang tindih. Pools kudu bisa kanggo ukuran ing dikarepake. Panggunaan blumbang ngidini kita nyedhiyakake tingkat toleransi kesalahan sumber daya lan abstraksi sumber daya fisik lan virtual sing dibutuhake - panampa layanan kasebut mung diwenehake karo set sumber daya sing dijaluk (ing ngendi sumber daya kasebut dumunung, ing pirang-pirang server. lan ngalih - ora masalah kanggo klien). Nanging, kita kudu nganggep kasunyatan manawa panyedhiya kudu njamin reservasi sumber daya kasebut kanthi transparan.

Adaptasi cepet kanggo macem-macem kahanan. Layanan kudu fleksibel - panyedhiya sumber daya kanthi cepet, redistribusi, nambah utawa nyuda sumber daya ing panjaluk klien, lan ing sisih klien kudu ana perasaan manawa sumber daya awan ora ana telas. Kanggo ease of understanding, contone, sampeyan ora weruh bebaya sing bagean saka papan disk ing Apple iCloud wis ilang amarga hard drive ing server wis rusak, lan drive rusak. Kajaba iku, ing sisih sampeyan, kemungkinan layanan iki meh ora ana watesan - sampeyan butuh 2 TB - ora ana masalah, sampeyan mbayar lan nampa. Conto sing padha bisa diwenehake karo Google.Drive utawa Yandex.Disk.

Kamungkinan ngukur layanan sing diwenehake. Sistem awan kudu kanthi otomatis ngontrol lan ngoptimalake sumber daya sing dikonsumsi, lan mekanisme kasebut kudu transparan kanggo pangguna lan panyedhiya layanan. Yaiku, sampeyan bisa tansah mriksa jumlah sumber daya sing digunakake lan klien sampeyan.

Perlu dipikirake manawa syarat kasebut biasane dadi syarat kanggo awan umum, mula kanggo awan pribadi (yaiku, awan sing diluncurake kanggo kabutuhan internal perusahaan), syarat kasebut bisa diatur rada. Nanging, isih kudu ditindakake, yen ora, kita ora bakal entuk kabeh keuntungan saka komputasi awan.

Napa kita butuh awan?

Nanging, sembarang teknologi anyar utawa ana, protokol anyar digawe kanggo soko (uga, kajaba RIP-ng, mesthi). Ora ana sing butuh protokol kanggo protokol (uga, kajaba RIP-ng, mesthi). Iku logis yen Cloud digawe kanggo nyedhiyani sawetara jinis layanan kanggo pangguna / klien. Kita kabeh ngerti paling ora sawetara layanan maya, contone Dropbox utawa Google.Docs, lan aku yakin umume wong sukses nggunakake - contone, artikel iki ditulis nggunakake layanan awan Google.Docs. Nanging layanan maya sing kita kenal mung minangka bagean saka kapabilitas awan-luwih tepate, mung layanan jinis SaaS. Kita bisa nyedhiyakake layanan awan kanthi telung cara: ing wangun SaaS, PaaS utawa IaaS. Layanan apa sing sampeyan butuhake gumantung saka kepinginan lan kemampuan sampeyan.

Ayo katon ing saben urutan:

Piranti lunak minangka Service (SaaS) minangka model kanggo nyedhiyakake layanan lengkap kanggo klien, contone, layanan email kaya Yandex.Mail utawa Gmail. Ing model pangiriman layanan iki, sampeyan, minangka klien, ora nindakake apa-apa kajaba nggunakake layanan - yaiku, sampeyan ora perlu mikir babagan nyetel layanan, toleransi kesalahan utawa redundansi. Sing utama yaiku ora kompromi sandhi, panyedhiya layanan iki bakal nindakake liyane kanggo sampeyan. Saka sudut pandang panyedhiya layanan, dheweke tanggung jawab kanggo kabeh layanan - saka hardware server lan sistem operasi inang kanggo setelan database lan piranti lunak.

Platform minangka Layanan (PaaS) — nalika nggunakake model iki, panyedhiya layanan menehi klien karo workpiece kanggo layanan, contone, ayo njupuk server Web. Panyedhiya layanan nyedhiyakake klien karo server virtual (nyatane, sakumpulan sumber daya, kayata RAM / CPU / Storage / Nets, lan sapiturute), lan malah nginstal OS lan piranti lunak sing dibutuhake ing server iki, nanging konfigurasi saka kabeh barang iki ditindakake dening klien dhewe lan kanggo kinerja layanan sing dijawab klien. Panyedhiya layanan, kaya ing kasus sadurunge, tanggung jawab kanggo kinerja peralatan fisik, hypervisors, mesin virtual dhewe, kasedhiyan jaringan, lan liya-liyane, nanging layanan kasebut ora ana maneh ing tanggung jawabe.

Infrastruktur minangka Layanan (IaaS) - pendekatan iki wis luwih menarik, nyatane, panyedhiya layanan nyedhiyakake klien karo infrastruktur virtualisasi lengkap - yaiku, sawetara set (blumbang) sumber daya, kayata CPU Cores, RAM, Networks, lan liya-liyane. klien - apa klien pengin nindakake karo sumber daya iki ing blumbang diparengake (kuota) - iku ora utamané penting kanggo supplier. Apa klien pengin nggawe vEPC dhewe utawa malah nggawe operator mini lan nyedhiyakake layanan komunikasi - ora ana pitakonan - nglakoni. Ing skenario kasebut, panyedhiya layanan tanggung jawab kanggo nyedhiyakake sumber daya, toleransi kesalahan lan kasedhiyan, uga OS sing ngidini dheweke nglumpukake sumber daya kasebut lan kasedhiya kanggo klien kanthi kemampuan nambah utawa nyuda sumber daya kapan wae. ing panjalukan saka klien. Klien ngatur kabeh mesin virtual lan tinsel liyane dhewe liwat portal lan konsol layanan mandiri, kalebu nyetel jaringan (kajaba jaringan eksternal).

Apa OpenStack?

Ing kabeh telung pilihan, panyedhiya layanan mbutuhake OS sing bakal bisa nggawe infrastruktur awan. Nyatane, karo SaaS, luwih saka siji divisi tanggung jawab kanggo kabeh tumpukan teknologi - ana divisi sing tanggung jawab kanggo infrastruktur - yaiku, nyedhiyakake IaaS menyang divisi liyane, divisi iki nyedhiyakake SaaS kanggo klien. OpenStack iku salah siji saka sistem operasi maya sing ngijini sampeyan kanggo ngumpulake Bunch saka ngalih, server lan sistem panyimpenan menyang blumbang sumber siji, pamisah blumbang umum iki menyang subpools (nyewo) lan nyedhiyani sumber daya iki kanggo klien liwat jaringan.

OpenStack iku sistem operasi maya sing ngijini sampeyan kanggo ngontrol pools gedhe saka sumber daya komputerisasi, panyimpenan data lan sumber jaringan, diwenehake lan ngatur liwat API nggunakake mekanisme bukti asli standar.

Ing tembung liyane, iki minangka kumpulan proyek piranti lunak gratis sing dirancang kanggo nggawe layanan maya (umum lan pribadi) - yaiku, sakumpulan alat sing ngidini sampeyan nggabungake server lan ngoper peralatan menyang sumber daya siji, ngatur. sumber daya iki, nyedhiyakake tingkat toleransi fault sing dibutuhake.

Nalika nulis materi iki, struktur OpenStack katon kaya iki:

Gambar dijupuk saka openstack.org

Saben komponen sing kalebu ing OpenStack nindakake fungsi tartamtu. Arsitèktur sing disebarake iki ngidini sampeyan nyakup solusi komponen fungsional sing dibutuhake. Nanging, sawetara komponen minangka komponen oyod lan ngilangi bakal nyebabake ora bisa digunakake kanthi lengkap utawa sebagean. Komponen kasebut biasane diklasifikasikake minangka:

• Dashboard — GUI basis web kanggo ngatur layanan OpenStack
• Keystone minangka layanan identitas terpusat sing nyedhiyakake fungsi otentikasi lan wewenang kanggo layanan liyane, uga ngatur kredensial pangguna lan perane.
• Neutron - layanan jaringan sing nyedhiyakake konektivitas antarane antarmuka saka macem-macem layanan OpenStack (kalebu konektivitas antarane VM lan akses menyang donya njaba)
• Cinder - menehi akses kanggo mblokir panyimpenan kanggo mesin virtual
• Nova - Manajemen siklus urip mesin virtual
• Mupangat - repositori gambar lan gambar mesin virtual
• Swift - menehi akses menyang obyek panyimpenan
• Ceilometer - layanan sing nyedhiyakake kemampuan kanggo ngumpulake telemetri lan ngukur sumber daya sing kasedhiya lan dikonsumsi
• panas - orkestrasi adhedhasar cithakan kanggo nggawe lan nyedhiyakake sumber daya kanthi otomatis

Dhaptar lengkap kabeh proyek lan tujuane bisa dideleng kene.

Saben komponen OpenStack minangka layanan sing nindakake fungsi tartamtu lan nyedhiyakake API kanggo ngatur fungsi kasebut lan sesambungan karo layanan sistem operasi maya liyane kanggo nggawe infrastruktur terpadu. Contone, Nova nyedhiyakake manajemen sumber daya komputasi lan API kanggo ngakses konfigurasi sumber daya kasebut, Glance nyedhiyakake manajemen gambar lan API kanggo ngatur, Cinder nyedhiyakake panyimpenan blok lan API kanggo ngatur, lsp. Kabeh fungsi sing interconnected ing cara banget cedhak.

Nanging, yen sampeyan ndeleng, kabeh layanan sing mlaku ing OpenStack pungkasane minangka mesin virtual (utawa wadhah) sing disambungake menyang jaringan. Pitakonan muncul - kenapa kita butuh akeh unsur?

Ayo dadi liwat algoritma kanggo nggawe mesin virtual lan nyambung menyang jaringan lan panyimpenan ngengkel ing Openstack.

1. Nalika sampeyan nggawe panjalukan kanggo nggawe mesin, dadi panjalukan liwat Horizon (Dashboard) utawa panjalukan liwat CLI, sing pisanan kedadeyan yaiku wewenang panyuwunan sampeyan ing Keystone - sampeyan bisa nggawe mesin, apa ana hak nggunakake jaringan iki, apa konsep kuota, etc.
2. Keystone ngotentikasi panjalukan sampeyan lan ngasilake token otentik ing pesen respon, sing bakal digunakake luwih lanjut. Sawise nampa respon saka Keystone, panjaluk kasebut dikirim menyang Nova (nova api).
3. Nova-api mriksa validitas panjalukan sampeyan kanthi ngubungi Keystone nggunakake token otentikasi sing wis digawe sadurunge
4. Keystone nindakake otentikasi lan menehi informasi babagan ijin lan watesan adhedhasar token otentikasi iki.
5. Nova-api nggawe entri kanggo VM anyar ing nova-database lan liwat panjalukan kanggo nggawe mesin kanggo nova-scheduler.
6. Nova-scheduler milih host (simpul komputer) sing VM bakal disebarake adhedhasar paramèter, bobot lan zona sing ditemtokake. A rekaman iki lan ID VM ditulis kanggo nova-database.
7. Sabanjure, nova-scheduler ngubungi nova-compute kanthi panjaluk kanggo masang conto. Nova-compute kontak nova-conductor kanggo njupuk informasi babagan paramèter mesin (nova-conductor minangka unsur nova sing tumindak minangka server proxy antarane nova-database lan nova-compute, mbatesi jumlah panjalukan menyang nova-database kanggo ngindhari masalah karo database. pengurangan beban konsistensi).
8. Nova-konduktor nampa informasi sing dijaluk saka nova-database lan liwat menyang nova-compute.
9. Sabanjure, nova-compute nelpon mirit kanggo njupuk ID gambar. Glace validasi panjalukan ing Keystone lan ngasilake informasi sing dijaluk.
10. Nova-compute kontak neutron kanggo njupuk informasi bab paramèter jaringan. Padha Mirit, neutron validates panjalukan ing Keystone, sawise kang nggawe entri ing database (port pengenal, etc.), Nggawe panjalukan kanggo nggawe port, lan ngasilake informasi sing dijaluk kanggo nova-compute.
11. Nova-compute kontak cinder karo panjalukan kanggo nyedhiakke volume kanggo mesin virtual. Mirip karo glance, cider validasi panjalukan ing Keystone, nggawe panjalukan nggawe volume, lan ngasilake informasi sing dijaluk.
12. Nova-compute kontak libvirt karo panjalukan kanggo masang mesin virtual karo paramèter tartamtu.

Nyatane, operasi ketoke prasaja nggawe mesin virtual prasaja dadi whirlpool saka API telpon antarane unsur platform maya. Kajaba iku, kaya sing sampeyan ngerteni, sanajan layanan sing wis ditemtokake sadurunge uga kalebu komponen sing luwih cilik ing antarane interaksi kasebut. Nggawe mesin mung bagean cilik saka apa sing diidini platform awan - ana layanan sing tanggung jawab kanggo ngimbangi lalu lintas, layanan sing tanggung jawab kanggo panyimpenan blok, layanan sing tanggung jawab kanggo DNS, layanan sing tanggung jawab kanggo nyedhiyakake server bare metal, lsp. Awan ngidini sampeyan nambani mesin virtual kaya wedhus wedhus (minangka lawan virtualisasi). Yen ana kedadeyan ing mesin sampeyan ing lingkungan virtual - sampeyan mulihake saka serep, lsp, nanging aplikasi maya dibangun kanthi cara sing mesin virtual ora duwe peran penting - mesin virtual "mati" - ora masalah - sing anyar mung digawe kendaraan adhedhasar cithakan lan, lagi ngomong, regu ora sok dong mirsani mundhut saka fighter. Alamiah, iki nyedhiyakake mekanisme orkestrasi - nggunakake template Heat, sampeyan bisa kanthi gampang masang fungsi kompleks sing dumadi saka puluhan jaringan lan mesin virtual.

Iku tansah worth mbudidaya sing ora ana infrastruktur maya tanpa jaringan - saben unsur ing siji cara utawa liyane sesambungan karo unsur liyane liwat jaringan. Kajaba iku, awan nduweni jaringan sing pancen ora statis. Alami, jaringan underlay malah luwih utawa kurang statis - simpul lan switch anyar ora ditambahake saben dina, nanging komponen overlay bisa lan mesthi bakal diganti - jaringan anyar bakal ditambah utawa dibusak, mesin virtual anyar bakal katon lan sing lawas bakal. mati. Lan nalika sampeyan ngelingi saka definisi awan sing diwenehake ing wiwitan artikel kasebut, sumber daya kudu dialokasikan kanggo pangguna kanthi otomatis lan paling ora (utawa luwih apik, tanpa) intervensi saka panyedhiya layanan. Tegese, jinis panyedhiya sumber daya jaringan sing saiki ana ing wangun front-end ing wangun akun pribadhi sing bisa diakses liwat http/https lan insinyur jaringan tugas Vasily minangka backend dudu awan, malah yen Vasily duwe wolung tangan.

Neutron, minangka layanan jaringan, nyedhiyakake API kanggo ngatur bagean jaringan infrastruktur awan. Daya layanan lan ngatur bagean jaringan Openstack kanthi menehi lapisan abstraksi disebut Network-as-a-Service (NaaS). Yaiku, jaringan kasebut minangka unit sing bisa diukur virtual kaya, contone, inti CPU virtual utawa jumlah RAM.

Nanging sadurunge pindhah menyang arsitektur bagean jaringan OpenStack, ayo dipikirake carane jaringan iki bisa digunakake ing OpenStack lan kenapa jaringan kasebut minangka bagean penting lan integral saka awan.

Dadi, kita duwe loro VM klien RED lan loro VM klien GREEN. Ayo nganggep manawa mesin kasebut ana ing rong hypervisor kanthi cara iki:

Saiki, iki mung virtualisasi 4 server lan ora ana liyane, amarga saiki kabeh sing wis ditindakake yaiku virtualisasi 4 server, dilebokake ing rong server fisik. Lan nganti saiki dheweke ora nyambung menyang jaringan.

Kanggo nggawe awan, kita kudu nambah sawetara komponen. Kaping pisanan, kita virtualisasi bagean jaringan - kita kudu nyambungake 4 mesin kasebut kanthi pasangan, lan klien pengin sambungan L2. Sampeyan bisa nggunakake switch lan ngatur trunk ing arah lan mutusake masalah kabeh kanthi nggunakake jembatan linux utawa, kanggo pangguna sing luwih maju, openvswitch (bakal bali menyang iki mengko). Nanging bisa uga ana akeh jaringan, lan terus-terusan nyurung L2 liwat saklar dudu ide sing paling apik - ana departemen sing beda-beda, meja layanan, pirang-pirang wulan ngenteni aplikasi rampung, minggu ngatasi masalah - ing jagad modern iki. pendekatan ora bisa maneh. Lan luwih cepet perusahaan ngerti iki, luwih gampang kanggo maju. Mulane, ing antarane hypervisors kita bakal milih jaringan L3 liwat kang mesin virtual kita bakal komunikasi, lan ing ndhuwur jaringan L3 iki kita bakal mbangun jaringan overlay L2 virtual ngendi lalu lintas mesin virtual kita bakal mbukak. Sampeyan bisa nggunakake GRE, Geneve utawa VxLAN minangka enkapsulasi. Ayo fokus ing sing terakhir, sanajan ora penting.

Kita kudu nemokake VTEP nang endi wae (Muga-muga kabeh wong ngerti terminologi VxLAN). Amarga kita duwe jaringan L3 sing teka langsung saka server, ora ana sing nyegah VTEP ing server dhewe, lan OVS (OpenvSwitch) apik banget kanggo nindakake iki. Akibaté, kita entuk desain iki:

Wiwit lalu lintas antarane VM kudu dibagi, port menyang mesin virtual bakal duwe nomer vlan beda. Nomer tag muter peran mung ing siji ngalih virtual, wiwit nalika encapsulated ing VxLAN kita bisa gampang nyopot, awit kita bakal duwe VNI.

Saiki kita bisa nggawe mesin lan jaringan virtual kanggo wong-wong mau tanpa masalah.

Nanging, apa yen klien duwe mesin liyane, nanging ana ing jaringan sing beda? We kudu rooting antarane jaringan. Kita bakal ndeleng pilihan sing gampang nalika rute terpusat digunakake - yaiku, lalu lintas diarahake liwat simpul jaringan khusus khusus (uga, minangka aturan, digabungake karo kelenjar kontrol, supaya kita bakal duwe perkara sing padha).

Kayane ora ana sing rumit - kita nggawe antarmuka jembatan ing simpul kontrol, nyopir lalu lintas menyang lan saka ing kana kita nuntun menyang papan sing dibutuhake. Nanging masalah iku klien RED pengin nggunakake jaringan 10.0.0.0/24, lan klien GREEN pengin nggunakake jaringan 10.0.0.0/24. Sing, kita wiwiti intersect spasi alamat. Kajaba iku, klien ora pengin klien liyane bisa ngarahake menyang jaringan internal, sing nggawe akal. Kanggo misahake jaringan lan lalu lintas data klien, kita bakal menehi papan jeneng sing kapisah kanggo saben wong. Namespace nyatane salinan tumpukan jaringan Linux, yaiku, klien ing namespace RED diisolasi saka klien saka namespace GREEN (uga, rute antarane jaringan klien kasebut diidini liwat ruang jeneng standar utawa ing peralatan transportasi hulu).

Sing, kita entuk diagram ing ngisor iki:

Tunnel L2 konvergen saka kabeh simpul komputasi menyang simpul kontrol. simpul ngendi antarmuka L3 kanggo jaringan iki dumunung, saben ing namespace darmabakti kanggo isolasi.

Nanging, kita lali bab sing paling penting. Mesin virtual kudu nyedhiyakake layanan kanggo klien, yaiku, kudu paling ora siji antarmuka eksternal sing bisa digayuh. Tegese, kita kudu metu menyang donya njaba. Ana macem-macem opsi ing kene. Ayo nggawe pilihan sing paling gampang. Kita bakal nambah siji jaringan kanggo saben klien, sing bakal bener ing jaringan panyedhiya lan ora bakal tumpang tindih karo jaringan liyane. Jaringan uga bisa intersect lan ndeleng VRF beda ing sisih jaringan panyedhiya. Data jaringan uga bakal manggon ing ruang jeneng saben klien. Nanging, dheweke isih bakal metu menyang jagad njaba liwat antarmuka fisik (utawa jaminan, sing luwih logis). Kanggo misahake lalu lintas klien, lalu lintas menyang njaba bakal diwenehi tag VLAN sing diwenehake marang klien.

Akibaté, kita entuk diagram iki:

Pitakonan sing cukup kenapa ora nggawe gateway ing simpul komputasi dhewe? Iki dudu masalah gedhe, luwih-luwih yen sampeyan nguripake dalan sing disebarake (DVR), iki bakal bisa digunakake. Ing skenario iki, kita nimbang opsi paling gampang karo gateway terpusat, kang digunakake minangka standar ing Openstack. Kanggo fungsi beban dhuwur, dheweke bakal nggunakake router sing disebarake lan teknologi akselerasi kayata SR-IOV lan Passthrough, nanging kaya sing dikandhakake, iki crita sing beda banget. Kaping pisanan, ayo nimbang bagean dhasar, banjur bakal luwih rinci.

Bener, skema kita wis bisa ditindakake, nanging ana sawetara nuansa:

• Kita kudu piye wae nglindhungi mesin kita, yaiku, sijine filter ing antarmuka switch menyang klien.
• Nggawe mesin virtual kanthi otomatis entuk alamat IP, supaya sampeyan ora kudu mlebu liwat console saben wektu lan ndhaptar alamat kasebut.

Ayo dadi miwiti karo pangayoman mesin. Iki sampeyan bisa nggunakake iptables banal, kok ora.

Dadi, saiki topologi kita wis dadi luwih rumit:

Ayo nerusake. Kita kudu nambah server DHCP. Panggonan sing paling becik kanggo nemokake server DHCP kanggo saben klien yaiku simpul kontrol sing wis kasebut ing ndhuwur, ing ngendi papan jeneng dumunung:

Nanging, ana masalah cilik. Apa yen kabeh urip maneh lan kabeh informasi babagan nyewakake alamat ing DHCP ilang. Iku logis yen mesin bakal diwenehi alamat anyar, kang ora trep banget. Ana rong cara metu ing kene - nggunakake jeneng domain lan nambah server DNS kanggo saben klien, mula alamat kasebut ora bakal penting banget kanggo kita (padha karo bagean jaringan ing k8s) - nanging ana masalah karo jaringan eksternal, amarga alamat uga bisa ditanggepi liwat DHCP - sampeyan kudu sinkronisasi karo server DNS ing platform maya lan server DNS external, kang ing mratelakake panemume ora banget fleksibel, nanging cukup bisa. Utawa pilihan kapindho yaiku nggunakake metadata - yaiku, nyimpen informasi babagan alamat sing ditanggepi menyang mesin supaya server DHCP ngerti alamat sing bakal dikirim menyang mesin yen mesin wis nampa alamat. Pilihan kapindho luwih prasaja lan luwih fleksibel, amarga ngidini sampeyan nyimpen informasi tambahan babagan mobil. Saiki ayo nambah metadata agen menyang diagram:

Masalah liyane sing uga kudu dibahas yaiku kemampuan kanggo nggunakake siji jaringan eksternal dening kabeh klien, amarga jaringan eksternal, yen kudu bener ing kabeh jaringan, bakal angel - sampeyan kudu terus-terusan ngalokasi lan ngontrol alokasi jaringan kasebut. Kemampuan kanggo nggunakake jaringan pra-konfigurasi eksternal siji kanggo kabeh klien bakal migunani banget nalika nggawe awan umum. Iki bakal luwih gampang kanggo nyebarake mesin amarga kita ora kudu takon karo database alamat lan milih papan alamat sing unik kanggo saben jaringan eksternal klien. Kajaba iku, kita bisa ndhaptar jaringan eksternal luwih dhisik lan ing wektu penyebaran kita mung kudu nggandhengake alamat eksternal karo mesin klien.

Lan ing kene NAT mbantu kita - kita mung bakal ngidini klien ngakses jagad njaba liwat ruang jeneng standar nggunakake terjemahan NAT. Inggih, punika masalah cilik. Iki apik yen server klien tumindak minangka klien lan ora minangka server - yaiku, iku miwiti tinimbang nampa sambungan. Nanging kanggo kita bakal dadi sebaliknya. Ing kasus iki, kita kudu nindakake NAT tujuan supaya nalika nampa lalu lintas, simpul kontrol ngerti yen lalu lintas iki dimaksudake kanggo mesin virtual A klien A, tegese kita kudu nindakake terjemahan NAT saka alamat eksternal, contone 100.1.1.1 .10.0.0.1, menyang alamat internal 100. Ing kasus iki, sanajan kabeh klien bakal nggunakake jaringan sing padha, isolasi internal wis rampung. Yaiku, kita kudu nindakake dNAT lan sNAT ing simpul kontrol. Apa nggunakake jaringan siji kanthi alamat ngambang utawa jaringan eksternal, utawa loro-lorone bebarengan, gumantung saka apa sing pengin digawa menyang awan. Kita ora bakal nambah alamat ngambang menyang diagram, nanging bakal ninggalake jaringan njaba sing wis ditambahake sadurungé - saben klien duwe jaringan eksternal dhewe (ing diagram kasebut dituduhake minangka vlan 200 lan XNUMX ing antarmuka eksternal).

Akibaté, kita nampa solusi sing menarik lan uga dipikirake kanthi apik, sing nduweni keluwesan tartamtu nanging durung duwe mekanisme toleransi kesalahan.

Kaping pisanan, kita mung duwe siji simpul kontrol - kegagalan kasebut bakal nyebabake ambruk kabeh sistem. Kanggo ndandani masalah iki, sampeyan kudu nggawe paling kuorum 3 simpul. Ayo ditambahake menyang diagram:

Alami, kabeh simpul disinkronake lan nalika simpul aktif metu, simpul liyane bakal njupuk tanggung jawabe.

Masalah sabanjure yaiku disk mesin virtual. Ing wayahe, lagi disimpen ing hypervisors piyambak, lan ing cilik saka masalah karo hypervisor, kita kelangan kabeh data - lan ing ngarsane gropyokan ora bakal bantuan kene yen kita ilang ora disk, nanging kabeh server. Kanggo nindakake iki, kita kudu nggawe layanan sing bakal dadi ngarep kanggo sawetara jinis panyimpenan. Apa jenis panyimpenan ora penting banget kanggo kita, nanging kudu nglindhungi data saka kegagalan disk lan simpul, lan bisa uga kabeh kabinet. Ana sawetara opsi ing kene - mesthi ana jaringan SAN karo Fiber Channel, nanging jujur ​​- FC wis dadi peninggalan jaman kepungkur - analog saka E1 ing transportasi - ya, aku setuju, isih digunakake, nanging mung ing ngendi iku pancen mokal tanpa iku. Mula, aku ora bakal nyebarake jaringan FC kanthi sukarela ing 2020, ngerti manawa ana alternatif liyane sing luwih menarik. Sanajan kanggo saben wong, bisa uga ana sing percaya yen FC kanthi kabeh watesan yaiku kabeh sing kita butuhake - aku ora bakal mbantah, kabeh wong duwe pendapat dhewe. Nanging, solusi sing paling menarik miturut pendapatku yaiku nggunakake SDS, kayata Ceph.

Ceph ngidini sampeyan mbangun solusi panyimpenan data sing kasedhiya kanthi akeh pilihan serep, diwiwiti kanthi kode kanthi mriksa paritas (analog karo serangan 5 utawa 6) sing diakhiri kanthi replikasi data lengkap menyang disk sing beda-beda, kanthi njupuk lokasi disk ing server, lan server ing lemari, etc.

Kanggo mbangun Ceph sampeyan butuh 3 simpul liyane. Interaksi karo panyimpenan uga bakal ditindakake liwat jaringan nggunakake layanan pamblokiran, obyek lan file. Ayo nambah panyimpenan menyang skema:

Cathetan: sampeyan uga bisa nggawe simpul komputasi hiperkonvergen - iki minangka konsep nggabungake sawetara fungsi ing siji simpul - contone, panyimpenan + komputasi - tanpa ngaturake simpul khusus kanggo panyimpenan ceph. Kita bakal entuk skema fault-tolerant sing padha - amarga SDS bakal nggawe cadangan data kanthi level reservasi sing wis ditemtokake. Nanging, kelenjar hyperconverged tansah kompromi - amarga simpul panyimpenan ora mung panas udhara kaya sing katon ing kawitan marketing (amarga ora ana mesin virtual ing) - iku mbuwang sumber daya CPU kanggo layanan SDS (nyatane, iku kabeh. replikasi lan pemulihan sawise gagal node, disk, lsp). Yaiku, sampeyan bakal kelangan sawetara kekuwatan simpul komputasi yen sampeyan gabungke karo panyimpenan.

Kabeh barang iki kudu dikelola piye wae - kita butuh soko sing bisa nggawe mesin, jaringan, router virtual, lsp. Kanggo nindakake iki, kita bakal nambah layanan menyang simpul kontrol sing bakal dadi dasbor - ing klien bakal bisa nyambung menyang portal iki liwat http / https lan nindakake kabeh sing perlu (uga, meh).

Akibaté, kita saiki duwe sistem fault-tolerant. Kabeh unsur infrastruktur iki kudu dikelola kanthi cara apa wae. Sadurungé diterangake sing Openstack pesawat saka proyèk, saben kang menehi fungsi tartamtu. Kaya sing kita deleng, ana luwih saka cukup unsur sing kudu dikonfigurasi lan dikontrol. Dina iki kita bakal ngomong babagan bagean jaringan.

Arsitektur neutron

Ing OpenStack, Neutron tanggung jawab kanggo nyambungake port mesin virtual menyang jaringan L2 umum, njamin rute lalu lintas antarane VM sing ana ing jaringan L2 sing beda-beda, uga rute metu, nyedhiyakake layanan kayata NAT, Floating IP, DHCP, lsp.

Ing tingkat dhuwur, operasi layanan jaringan (bagean dhasar) bisa diterangake kaya ing ngisor iki.

Nalika miwiti VM, layanan jaringan:

1. Nggawe port kanggo VM tartamtu (utawa port) lan ngabari layanan DHCP babagan;
2. Piranti jaringan virtual anyar digawe (liwat libvirt);
3. VM nyambung menyang port (e) digawe ing langkah 1;

Anehe, karya Neutron adhedhasar mekanisme standar sing dikenal kanggo saben wong sing nate nyilem ing Linux - ruang jeneng, iptables, jembatan linux, openvswitch, conntrack, lsp.

Sampeyan kudu langsung njlentrehake yen Neutron dudu pengontrol SDN.

Neutron kasusun saka sawetara komponen sing saling gegandhengan:

Openstack-neutron-server iku daemon sing bisa karo panjalukan pangguna liwat API. Sétan iki ora melu ndhaptar sambungan jaringan, nanging nyedhiyakake informasi sing dibutuhake kanggo plugin kasebut, sing banjur ngatur unsur jaringan sing dikarepake. Agen Neutron ing simpul OpenStack ndhaptar karo server Neutron.

Neutron-server sejatine aplikasi sing ditulis nganggo python, dumadi saka rong bagean:

• layanan REST
• Plugin Neutron (inti/layanan)

Layanan REST dirancang kanggo nampa telpon API saka komponen liyane (contone, panjalukan kanggo nyedhiyani sawetara informasi, etc.)

Plugin minangka komponen/modul piranti lunak plug-in sing diarani sajrone panjaluk API - yaiku, atribusi layanan dumadi liwat. Plugins dipérang dadi rong jinis - layanan lan root. Minangka aturan, plugin jaran utamane tanggung jawab kanggo ngatur ruang alamat lan sambungan L2 antarane VM, lan plugin layanan wis nyedhiyakake fungsi tambahan kayata VPN utawa FW.

Dhaptar plugin sing kasedhiya saiki bisa dideleng contone kene

Bisa uga ana sawetara plugin layanan, nanging mung ana siji plugin jaran.

openstack-neutron-ml2 punika plugin ROOT Openstack standar. Plugin iki nduweni arsitektur modular (ora kaya sing sadurunge) lan ngatur layanan jaringan liwat driver sing disambungake. Kita bakal nliti plugin kasebut mengko, amarga nyatane menehi keluwesan sing diduweni OpenStack ing bagean jaringan. Plugin ROOT bisa diganti (contone, Contrail Networking nindakake panggantos kasebut).

Layanan RPC (rabbitmq-server) - layanan sing nyedhiyakake manajemen antrian lan interaksi karo layanan OpenStack liyane, uga interaksi antarane agen layanan jaringan.

Agen jaringan - agen sing dumunung ing saben simpul, liwat kang layanan jaringan diatur.

Ana sawetara jinis agen.

Agen utama yaiku Agen L2. Agen iki mlaku ing saben hypervisors, kalebu kelenjar kontrol (luwih tepat, ing kabeh kelenjar sing nyedhiyani layanan kanggo nyewo) lan fungsi utama iku kanggo nyambung mesin virtual kanggo jaringan L2 umum, lan uga generate tandha nalika ana acara ( contone mateni / ngaktifake port).

Sabanjure, agen ora kurang penting Agen L3. Kanthi gawan, agen iki mlaku sacara eksklusif ing simpul jaringan (asring simpul jaringan digabungake karo simpul kontrol) lan nyedhiyakake rute antarane jaringan panyewan (loro antarane jaringan lan jaringan panyewan liyane, lan bisa diakses ing jagad njaba, nyedhiyakake NAT, uga layanan DHCP). Nanging, nalika nggunakake DVR (router sing disebarake), kabutuhan plugin L3 uga katon ing node komputasi.

Agen L3 nggunakake namespaces Linux kanggo nyedhiyani saben tenant karo pesawat saka jaringan terisolasi dhewe lan fungsi saka router virtual sing rute lalu lintas lan nyedhiyani layanan gateway kanggo jaringan Layer 2.

database - database pengenal jaringan, subnet, port, pools, lsp.

Nyatane, Neutron nampa panjalukan API saka nggawe entitas jaringan apa wae, otentikasi panjaluk kasebut, lan liwat RPC (yen ngakses sawetara plugin utawa agen) utawa REST API (yen komunikasi ing SDN) ngirim menyang agen (liwat plugin) instruksi sing perlu kanggo ngatur layanan sing dijaluk.

Saiki ayo pindhah menyang instalasi tes (carane disebarake lan apa sing kalebu, kita bakal weruh mengko ing bagean praktis) lan ndeleng ngendi saben komponen dumunung:

(overcloud) [stack@undercloud ~]$ openstack network agent list  
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host                                | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
| 10495de9-ba4b-41fe-b30a-b90ec3f8728b | Open vSwitch agent | overcloud-novacompute-1.localdomain | None              | :-)   | UP    | neutron-openvswitch-agent |
| 1515ad4a-5972-46c3-af5f-e5446dff7ac7 | L3 agent           | overcloud-controller-0.localdomain  | nova              | :-)   | UP    | neutron-l3-agent          |
| 322e62ca-1e5a-479e-9a96-4f26d09abdd7 | DHCP agent         | overcloud-controller-0.localdomain  | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 9c1de2f9-bac5-400e-998d-4360f04fc533 | Open vSwitch agent | overcloud-novacompute-0.localdomain | None              | :-)   | UP    | neutron-openvswitch-agent |
| d99c5657-851e-4d3c-bef6-f1e3bb1acfb0 | Open vSwitch agent | overcloud-controller-0.localdomain  | None              | :-)   | UP    | neutron-openvswitch-agent |
| ff85fae6-5543-45fb-a301-19c57b62d836 | Metadata agent     | overcloud-controller-0.localdomain  | None              | :-)   | UP    | neutron-metadata-agent    |
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
(overcloud) [stack@undercloud ~]$ 

Bener, iku kabeh struktur Neutron. Saiki iku worth nglampahi sawetara wektu ing plugin ML2.

Lapisan Modular 2

Kaya sing kasebut ing ndhuwur, plugin kasebut minangka plugin root OpenStack standar lan duwe arsitektur modular.

Pendhudhuk plugin ML2 duwe struktur monolitik, sing ora ngidini, contone, nggunakake campuran sawetara teknologi ing siji instalasi. Contone, sampeyan ora bisa nggunakake openvswitch lan linuxbridge ing wektu sing padha - pisanan utawa kaloro. Mulane, plugin ML2 kanthi arsitektur digawe.

ML2 duwe rong komponen - rong jinis driver: Tipe driver lan Mekanisme driver.

Tipe driver nemtokake teknologi sing bakal digunakake kanggo ngatur sambungan jaringan, contone VxLAN, VLAN, GRE. Ing wektu sing padha, driver ngidini nggunakake macem-macem teknologi. Teknologi standar yaiku enkapsulasi VxLAN kanggo jaringan overlay lan jaringan eksternal vlan.

Tipe driver kalebu jinis jaringan ing ngisor iki:

flat - jaringan tanpa tagging
VLAN - jaringan sing diwenehi tag
local - jinis jaringan khusus kanggo instalasi kabeh-ing-siji (instalasi kasebut dibutuhake kanggo pangembang utawa kanggo latihan)
GRE - jaringan overlay nggunakake terowongan GRE
VxLAN - jaringan overlay nggunakake trowongan VxLAN

Pembalap mekanisme nemtokake alat sing njamin organisasi teknologi sing ditemtokake ing driver jinis - contone, openvswitch, sr-iov, opendaylight, OVN, lsp.

Gumantung ing implementasine saka driver iki, salah siji agen kontrol Neutron bakal digunakake, utawa sambungan menyang controller SDN external bakal digunakake, kang njupuk care saka kabeh masalah related kanggo ngatur jaringan L2, nuntun, etc.

Conto: yen kita nggunakake ML2 bebarengan karo OVS, banjur agen L2 diinstal ing saben simpul komputasi sing ngatur OVS. Nanging, yen kita nggunakake, contone, OVN utawa OpenDayLight, banjur kontrol OVS teka ing yurisdiksi sing - Neutron, liwat plugin ROOT, menehi printah kanggo controller, lan iku wis nindakake apa iki marang.

Ayo dadi sikat munggah ing Open vSwitch

Saiki, salah sawijining komponen utama OpenStack yaiku Open vSwitch.
Nalika nginstal OpenStack tanpa SDN vendor tambahan kayata Juniper Contrail utawa Nokia Nuage, OVS minangka komponen jaringan utama jaringan awan lan, bebarengan karo iptables, conntrack, namespaces, ngidini sampeyan ngatur jaringan overlay multi-tenancy lengkap. Mesthine, komponen iki bisa diganti, contone, nalika nggunakake solusi SDN proprietary (vendor) pihak katelu.

OVS minangka switch piranti lunak open source sing dirancang kanggo digunakake ing lingkungan virtual minangka forwarder lalu lintas virtual.

Saiki, OVS duwe fungsi sing apik banget, kalebu teknologi kayata QoS, LACP, VLAN, VxLAN, GENEVE, OpenFlow, DPDK, lsp.

Cathetan: OVS wiwitane ora dianggep minangka saklar alus kanggo fungsi telekomunikasi sing akeh dimuat lan luwih dirancang kanggo fungsi IT sing kurang bandwidth-nuntut kayata server WEB utawa server mail. Nanging, OVS lagi dikembangaké lan implementasine saiki OVS wis nemen nambah kinerja lan kabisan, kang ngidini kanggo digunakake dening operator telekomunikasi karo fungsi Highly dimuat, contone, ana implementasine OVS karo support kanggo akselerasi DPDK.

Ana telung komponen penting OVS sing sampeyan kudu ngerti:

• modul kernel - komponen sing ana ing ruang kernel sing ngolah lalu lintas adhedhasar aturan sing ditampa saka unsur kontrol;
• vSwitch daemon (ovs-vswitchd) minangka proses sing diluncurake ing ruang pangguna sing tanggung jawab kanggo program modul kernel - yaiku, langsung nggambarake logika operasi switch
• Server database - database lokal dumunung ing saben host mlaku OVS, kang konfigurasi disimpen. Kontroler SDN bisa komunikasi liwat modul iki nggunakake protokol OVSDB.

Kabeh iki diiringi piranti diagnostik lan manajemen, kayata ovs-vsctl, ovs-appctl, ovs-ofctl, lsp.

Saiki Openstack digunakake akeh operator telekomunikasi kanggo migrasi fungsi jaringan menyang, kayata EPC, SBC, HLR, etc. Sawetara fungsi bisa urip tanpa masalah karo OVS minangka, nanging contone, EPC ngolah lalu lintas pelanggan - banjur liwat. lalu lintas sing akeh banget (saiki volume lalu lintas tekan pirang-pirang atus gigabit per detik). Mesthine, nyopir lalu lintas kasebut liwat ruang kernel (amarga forwarder dumunung ing kono kanthi standar) dudu ide sing paling apik. Mulane, OVS asring disebarake kabeh ing ruang pangguna nggunakake teknologi akselerasi DPDK kanggo nerusake lalu lintas saka NIC menyang ruang pangguna sing ngliwati kernel.

Cathetan: kanggo maya sing dipasang kanggo fungsi telekomunikasi, bisa ngasilake lalu lintas saka simpul komputasi sing ngliwati OVS langsung menyang peralatan ngoper. Mekanisme SR-IOV lan Passthrough digunakake kanggo tujuan iki.

Carane iki bisa ing tata letak nyata?

Saiki ayo pindhah menyang bagean praktis lan ndeleng kepiye cara kerjane.

Pisanan, ayo masang instalasi Openstack sing prasaja. Awit aku ora duwe pesawat saka server ing tangan kanggo nyobi, kita bakal ngumpulake prototipe ing siji server fisik saka mesin virtual. Ya, alamiah, solusi kuwi ora cocok kanggo tujuan komersial, nanging kanggo ndeleng conto carane jaringan dianggo ing Openstack, instalasi kuwi cukup kanggo mripat. Kajaba iku, instalasi kasebut luwih menarik kanggo tujuan latihan - amarga sampeyan bisa nyekel lalu lintas, lsp.

Amarga kita mung kudu ndeleng bagean dhasar, kita ora bisa nggunakake sawetara jaringan nanging ngunggahake kabeh mung nggunakake rong jaringan, lan jaringan kaloro ing tata letak iki bakal digunakake sacara eksklusif kanggo akses menyang server undercloud lan DNS. Saiki kita ora bakal ndemek jaringan eksternal - iki minangka topik kanggo artikel gedhe sing kapisah.

Dadi, ayo miwiti kanthi urutan. First, teori sethitik. Kita bakal nginstal Openstack nggunakake TripleO (Openstack ing Openstack). Inti saka TripleO iku kita nginstal Openstack kabeh-ing-siji (yaiku, ing siji simpul), disebut undercloud, lan banjur nggunakake Kapabilitas Openstack tugasaken kanggo nginstal Openstack dimaksudaké kanggo operasi, disebut overcloud. Undercloud bakal nggunakake kemampuan bawaan kanggo ngatur server fisik (bare metal) - proyek Ironic - kanggo nyedhiyakake hypervisor sing bakal nindakake peran komputasi, kontrol, simpul panyimpenan. Sing, kita ora nggunakake alat pihak katelu kanggo masang Openstack - kita masang Openstack nggunakake Openstack. Iku bakal dadi luwih cetha nalika instalasi progresses, supaya kita ora mandheg lan maju.

Wigati: Ing artikel iki, marga saka gamblang, Aku ora nggunakake isolasi jaringan kanggo jaringan Openstack internal, nanging kabeh wis tugasaken nggunakake mung siji jaringan. Nanging, anané utawa ora ana isolasi jaringan ora mengaruhi fungsi dhasar solusi - kabeh bakal bisa digunakake kanthi persis kaya nalika nggunakake isolasi, nanging lalu lintas bakal mili ing jaringan sing padha. Kanggo instalasi komersial, mesthine kudu nggunakake isolasi nggunakake vlan lan antarmuka sing beda. Contone, lalu lintas manajemen panyimpenan ceph lan lalu lintas data dhewe (akses mesin menyang disk, lsp) nalika diisolasi nggunakake subnet sing beda-beda (Manajemen panyimpenan lan Panyimpenan) lan iki ngidini sampeyan nggawe solusi luwih tahan kesalahan kanthi mbagi lalu lintas iki, contone. , ngliwati port sing beda-beda, utawa nggunakake profil QoS sing beda kanggo lalu lintas sing beda supaya lalu lintas data ora ngetokake lalu lintas sinyal. Ing kasus kita, dheweke bakal pindhah menyang jaringan sing padha lan nyatane iki ora mbatesi kita kanthi cara apa wae.

Cathetan: Amarga kita bakal mbukak mesin virtual ing lingkungan virtual adhedhasar mesin virtual, mula kita kudu ngaktifake virtualisasi bersarang.

Sampeyan bisa mriksa apa virtualisasi bersarang diaktifake utawa ora kaya iki:

[root@hp-gen9 bormoglotx]# cat /sys/module/kvm_intel/parameters/nested
N
[root@hp-gen9 bormoglotx]# 

Yen sampeyan ndeleng huruf N, mula kita ngaktifake dhukungan kanggo virtualisasi bersarang miturut pandhuan sing sampeyan temokake ing jaringan, contone. kuwi .

Kita kudu ngumpulake sirkuit ing ngisor iki saka mesin virtual:

Ing cilik, kanggo nyambungake mesin virtual sing bagéan saka instalasi mangsa (lan aku tak 7 wong, nanging sampeyan bisa njaluk karo 4 yen sampeyan ora duwe akèh sumber), Aku digunakake OpenvSwitch. Aku digawe siji ovs bridge lan disambungake menyang mesin virtual liwat port-kelompok. Kanggo nindakake iki, aku nggawe file xml kaya iki:

[root@hp-gen9 ~]# virsh net-dumpxml ovs-network-1        
<network>
  <name>ovs-network-1</name>
  <uuid>7a2e7de7-fc16-4e00-b1ed-4d190133af67</uuid>
  <forward mode='bridge'/>
  <bridge name='ovs-br1'/>
  <virtualport type='openvswitch'/>
  <portgroup name='trunk-1'>
    <vlan trunk='yes'>
      <tag id='100'/>
      <tag id='101'/>
      <tag id='102'/>
    </vlan>
  </portgroup>
  <portgroup name='access-100'>
    <vlan>
      <tag id='100'/>
    </vlan>
  </portgroup>
  <portgroup name='access-101'>
    <vlan>
      <tag id='101'/>
    </vlan>
  </portgroup>
</network>

Telung klompok port diumumake ing kene - loro akses lan siji batang (sing terakhir dibutuhake kanggo server DNS, nanging sampeyan bisa nindakake tanpa, utawa nginstal ing mesin inang - endi wae sing luwih trep kanggo sampeyan). Sabanjure, nggunakake cithakan iki, kita nyatakake kita liwat virsh net-define:

virsh net-define ovs-network-1.xml 
virsh net-start ovs-network-1 
virsh net-autostart ovs-network-1 

Saiki kita ngowahi konfigurasi port hypervisor:

[root@hp-gen9 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens1f0   
TYPE=Ethernet
NAME=ens1f0
DEVICE=ens1f0
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=ovs-br1
ONBOOT=yes
OVS_OPTIONS="trunk=100,101,102"
[root@hp-gen9 ~]
[root@hp-gen9 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ovs-br1 
DEVICE=ovs-br1
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.255.200
PREFIX=24
[root@hp-gen9 ~]# 

Cathetan: ing skenario iki, alamat ing port ovs-br1 ora bisa diakses amarga ora duwe tag vlan. Kanggo ndandani iki, sampeyan kudu ngetokake perintah sudo ovs-vsctl set port ovs-br1 tag = 100. Nanging, sawise urip maneh, tag iki bakal ilang (yen ana sing ngerti carane nggawe tetep ing panggonan, aku bakal matur nuwun banget). Nanging iki ora dadi penting, amarga kita mung kudu alamat iki sak instalasi lan ora perlu nalika Openstack wis kebak tugas.

Sabanjure, kita nggawe mesin undercloud:

virt-install  -n undercloud --description "undercloud"  --os-type=Linux  --os-variant=centos7.0  --ram=8192  --vcpus=8  --disk path=/var/lib/libvirt/images/undercloud.qcow2,bus=virtio,size=40,format=qcow2 --network network:ovs-network-1,model=virtio,portgroup=access-100 --network network:ovs-network-1,model=virtio,portgroup=access-101 --graphics none  --location /var/lib/libvirt/boot/CentOS-7-x86_64-Minimal-2003.iso --extra-args console=ttyS0

Sajrone instalasi, sampeyan nyetel kabeh paramèter sing dibutuhake, kayata jeneng mesin, sandhi, pangguna, server ntp, lan sapiturute, sampeyan bisa langsung ngatur port, nanging kanggo kula pribadi, sawise instalasi, luwih gampang mlebu menyang mesin liwat. console lan mbenerake file sing perlu. Yen sampeyan wis duwe gambar siap-digawe, sampeyan bisa nggunakake, utawa apa aku - download minimal Centos 7 gambar lan nggunakake kanggo nginstal VM.

Sawise instalasi sukses, sampeyan kudu duwe mesin virtual sing bisa nginstal undercloud

[root@hp-gen9 bormoglotx]# virsh list
 Id    Name                           State
----------------------------------------------------
 6     dns-server                     running
 62    undercloud                     running

Pisanan, instal alat sing dibutuhake kanggo proses instalasi:

sudo yum update -y
sudo yum install -y net-tools
sudo yum install -y wget
sudo yum install -y ipmitool

Instalasi Undercloud

Kita nggawe pangguna tumpukan, nyetel sandhi, nambah menyang sudoer lan menehi kemampuan kanggo nglakokake perintah root liwat sudo tanpa kudu ngetik sandhi:

useradd stack
passwd stack

echo “stack ALL=(root) NOPASSWD:ALL” > /etc/sudoers.d/stack
chmod 0440 /etc/sudoers.d/stack

Saiki kita nemtokake jeneng undercloud lengkap ing file host:

vi /etc/hosts

127.0.0.1   undercloud.openstack.rnd localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

Sabanjure, kita nambah repositori lan nginstal piranti lunak sing dibutuhake:

sudo yum install -y https://trunk.rdoproject.org/centos7/current/python2-tripleo-repos-0.0.1-0.20200409224957.8bac392.el7.noarch.rpm
sudo -E tripleo-repos -b queens current
sudo -E tripleo-repos -b queens current ceph
sudo yum install -y python-tripleoclient
sudo yum install -y ceph-ansible

Cathetan: yen sampeyan ora pengin nginstal ceph, mula sampeyan ora perlu ngetik perintah sing gegandhengan karo ceph. Aku digunakake release Queens, nanging sampeyan bisa nggunakake liyane sing kaya.

Sabanjure, nyalin file konfigurasi undercloud menyang tumpukan direktori ngarep pangguna:

cp /usr/share/instack-undercloud/undercloud.conf.sample ~/undercloud.conf

Saiki kita kudu mbenerake file iki, nyetel menyang instalasi kita.

Sampeyan kudu nambahake baris kasebut ing wiwitan file:

vi undercloud.conf
[DEFAULT]
undercloud_hostname = undercloud.openstack.rnd
local_ip = 192.168.255.1/24
network_gateway = 192.168.255.1
undercloud_public_host = 192.168.255.2
undercloud_admin_host = 192.168.255.3
undercloud_nameservers = 192.168.255.253
generate_service_certificate = false
local_interface = eth0
local_mtu = 1450
network_cidr = 192.168.255.0/24
masquerade = true
masquerade_network = 192.168.255.0/24
dhcp_start = 192.168.255.11
dhcp_end = 192.168.255.50
inspection_iprange = 192.168.255.51,192.168.255.100
scheduler_max_attempts = 10

Dadi, ayo pindhah menyang setelan:

undercloud_hostname — jeneng lengkap server undercloud, kudu cocog entri ing server DNS

lokal_ip - alamat undercloud lokal menyang provisioning jaringan

network_gateway — alamat lokal sing padha, sing bakal dadi gateway kanggo akses menyang jagad njaba sajrone instalasi simpul overcloud, uga pas karo ip lokal

undercloud_public_host - alamat API external, sembarang alamat free saka jaringan provisioning diutus

undercloud_admin_host alamat API internal, sembarang alamat free saka jaringan provisioning diutus

undercloud_nameservers - server DNS

generate_service_certificate - baris iki penting banget ing conto saiki, amarga yen sampeyan ora nyetel iku palsu sampeyan bakal nampa kesalahan nalika instalasi, masalah diterangake ing Red Hat bug tracker

antarmuka_lokal antarmuka ing provisioning jaringan. Antarmuka iki bakal dikonfigurasi maneh sajrone panyebaran undercloud, dadi sampeyan kudu duwe rong antarmuka ing undercloud - siji kanggo ngakses, sing kapindho kanggo provisioning

local_mtu - MTU. Amarga kita duwe laboratorium tes lan aku duwe MTU 1500 ing port switch OVS, mula kudu disetel dadi 1450 supaya paket sing dibungkus ing VxLAN bisa ngliwati.

jaringan_cidr - jaringan provisioning

masquerade - nggunakake NAT kanggo ngakses jaringan eksternal

masquerade_network - jaringan sing bakal NATed

dhcp_start - alamat wiwitan blumbang alamat saka ngendi alamat bakal ditugasake menyang simpul sajrone panyebaran overcloud

dhcp_end - alamat pungkasan saka blumbang alamat saka ngendi alamat bakal ditugasake menyang simpul sajrone panyebaran overcloud

inspection_iprange - kumpulan alamat sing perlu kanggo introspeksi (ora tumpang tindih karo blumbang ing ndhuwur)

scheduler_max_ efforts - jumlah maksimum upaya kanggo nginstal overcloud (kudu luwih saka utawa padha karo jumlah simpul)

Sawise file kasebut diterangake, sampeyan bisa menehi prentah kanggo nyebarake undercloud:

openstack undercloud install

Prosedur kasebut njupuk saka 10 nganti 30 menit gumantung saka wesi sampeyan. Pungkasane sampeyan kudu ndeleng output kaya iki:

vi undercloud.conf
2020-08-13 23:13:12,668 INFO: 
#############################################################################
Undercloud install complete.

The file containing this installation's passwords is at
/home/stack/undercloud-passwords.conf.

There is also a stackrc file at /home/stack/stackrc.

These files are needed to interact with the OpenStack services, and should be
secured.

#############################################################################

Output iki nyatakake yen sampeyan wis sukses nginstal undercloud lan saiki sampeyan bisa mriksa status undercloud lan nerusake nginstal overcloud.

Yen katon ing output ifconfig, sampeyan bakal weruh sing antarmuka jembatan anyar wis katon

[stack@undercloud ~]$ ifconfig
br-ctlplane: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 192.168.255.1  netmask 255.255.255.0  broadcast 192.168.255.255
        inet6 fe80::5054:ff:fe2c:89e  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:2c:08:9e  txqueuelen 1000  (Ethernet)
        RX packets 14  bytes 1095 (1.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 20  bytes 1292 (1.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Penyebaran overcloud saiki bakal ditindakake liwat antarmuka iki.

Saka output ing ngisor iki sampeyan bisa ndeleng manawa kita duwe kabeh layanan ing siji simpul:

(undercloud) [stack@undercloud ~]$ openstack host list
+--------------------------+-----------+----------+
| Host Name                | Service   | Zone     |
+--------------------------+-----------+----------+
| undercloud.openstack.rnd | conductor | internal |
| undercloud.openstack.rnd | scheduler | internal |
| undercloud.openstack.rnd | compute   | nova     |
+--------------------------+-----------+----------+

Ing ngisor iki konfigurasi bagean jaringan undercloud:

(undercloud) [stack@undercloud ~]$ python -m json.tool /etc/os-net-config/config.json 
{
    "network_config": [
        {
            "addresses": [
                {
                    "ip_netmask": "192.168.255.1/24"
                }
            ],
            "members": [
                {
                    "dns_servers": [
                        "192.168.255.253"
                    ],
                    "mtu": 1450,
                    "name": "eth0",
                    "primary": "true",
                    "type": "interface"
                }
            ],
            "mtu": 1450,
            "name": "br-ctlplane",
            "ovs_extra": [
                "br-set-external-id br-ctlplane bridge-id br-ctlplane"
            ],
            "routes": [],
            "type": "ovs_bridge"
        }
    ]
}
(undercloud) [stack@undercloud ~]$

Instalasi overcloud

Ing wayahe kita mung duwe undercloud, lan kita ora duwe cukup simpul saka overcloud bakal nglumpuk. Mulane, pisanan kabeh, ayo masang mesin virtual sing dibutuhake. Sajrone panyebaran, undercloud dhewe bakal nginstal OS lan piranti lunak sing dibutuhake ing mesin overcloud - yaiku, kita ora perlu nyebarake mesin kanthi lengkap, nanging mung nggawe disk (utawa disk) kanggo kasebut lan nemtokake paramèter - yaiku , nyatane, kita njaluk server gundhul tanpa OS diinstal ing.

Ayo menyang folder karo disk mesin virtual lan nggawe disk ukuran sing dibutuhake:

cd /var/lib/libvirt/images/
qemu-img create -f qcow2 -o preallocation=metadata control-1.qcow2 60G
qemu-img create -f qcow2 -o preallocation=metadata compute-1.qcow2 60G
qemu-img create -f qcow2 -o preallocation=metadata compute-2.qcow2 60G
qemu-img create -f qcow2 -o preallocation=metadata storage-1.qcow2 160G
qemu-img create -f qcow2 -o preallocation=metadata storage-2.qcow2 160G

Amarga kita operasi minangka root, kita kudu ngganti pemilik disk kasebut supaya ora entuk masalah karo hak:

[root@hp-gen9 images]# ls -lh
total 5.8G
drwxr-xr-x. 2 qemu qemu 4.0K Aug 13 16:15 backups
-rw-r--r--. 1 root root  61G Aug 14 03:07 compute-1.qcow2
-rw-r--r--. 1 root root  61G Aug 14 03:07 compute-2.qcow2
-rw-r--r--. 1 root root  61G Aug 14 03:07 control-1.qcow2
-rw-------. 1 qemu qemu  41G Aug 14 03:03 dns-server.qcow2
-rw-r--r--. 1 root root 161G Aug 14 03:07 storage-1.qcow2
-rw-r--r--. 1 root root 161G Aug 14 03:07 storage-2.qcow2
-rw-------. 1 qemu qemu  41G Aug 14 03:07 undercloud.qcow2
[root@hp-gen9 images]# 
[root@hp-gen9 images]# 
[root@hp-gen9 images]# chown qemu:qemu /var/lib/libvirt/images/*qcow2
[root@hp-gen9 images]# ls -lh
total 5.8G
drwxr-xr-x. 2 qemu qemu 4.0K Aug 13 16:15 backups
-rw-r--r--. 1 qemu qemu  61G Aug 14 03:07 compute-1.qcow2
-rw-r--r--. 1 qemu qemu  61G Aug 14 03:07 compute-2.qcow2
-rw-r--r--. 1 qemu qemu  61G Aug 14 03:07 control-1.qcow2
-rw-------. 1 qemu qemu  41G Aug 14 03:03 dns-server.qcow2
-rw-r--r--. 1 qemu qemu 161G Aug 14 03:07 storage-1.qcow2
-rw-r--r--. 1 qemu qemu 161G Aug 14 03:07 storage-2.qcow2
-rw-------. 1 qemu qemu  41G Aug 14 03:08 undercloud.qcow2
[root@hp-gen9 images]# 

Cathetan: yen sampeyan ora pengin nginstal ceph kanggo sinau, mula perintah kasebut ora nggawe paling ora 3 simpul kanthi paling ora rong disk, nanging ing cithakan kasebut nuduhake yen disk virtual vda, vdb, lan liya-liyane bakal digunakake.

Apik, saiki kita kudu nemtokake kabeh mesin kasebut:

virt-install --name control-1 --ram 32768 --vcpus 8 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/control-1.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc  --network network:ovs-network-1,model=virtio,portgroup=access-100 --network network:ovs-network-1,model=virtio,portgroup=trunk-1 --dry-run --print-xml > /tmp/control-1.xml  

virt-install --name storage-1 --ram 16384 --vcpus 4 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/storage-1.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc  --network network:ovs-network-1,model=virtio,portgroup=access-100 --dry-run --print-xml > /tmp/storage-1.xml  

virt-install --name storage-2 --ram 16384 --vcpus 4 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/storage-2.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc  --network network:ovs-network-1,model=virtio,portgroup=access-100 --dry-run --print-xml > /tmp/storage-2.xml  

virt-install --name compute-1 --ram 32768 --vcpus 12 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/compute-1.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc  --network network:ovs-network-1,model=virtio,portgroup=access-100 --dry-run --print-xml > /tmp/compute-1.xml  

virt-install --name compute-2 --ram 32768 --vcpus 12 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/compute-2.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc  --network network:ovs-network-1,model=virtio,portgroup=access-100 --dry-run --print-xml > /tmp/compute-2.xml 

Ing pungkasan ana printah -print-xml > /tmp/storage-1.xml, sing nggawe file xml kanthi katrangan saben mesin ing folder /tmp/; yen sampeyan ora nambah, sampeyan ora bakal bisa ngenali mesin virtual.

Saiki kita kudu nemtokake kabeh mesin kasebut ing virsh:

virsh define --file /tmp/control-1.xml
virsh define --file /tmp/compute-1.xml
virsh define --file /tmp/compute-2.xml
virsh define --file /tmp/storage-1.xml
virsh define --file /tmp/storage-2.xml

[root@hp-gen9 ~]# virsh list --all
 Id    Name                           State
----------------------------------------------------
 6     dns-server                     running
 64    undercloud                     running
 -     compute-1                      shut off
 -     compute-2                      shut off
 -     control-1                      shut off
 -     storage-1                      shut off
 -     storage-2                      shut off

[root@hp-gen9 ~]#

Saiki nuansa cilik - tripleO nggunakake IPMI kanggo ngatur server sajrone instalasi lan introspeksi.

Introspeksi minangka proses mriksa piranti keras kanggo entuk paramèter sing dibutuhake kanggo nyedhiyakake node luwih lanjut. Introspeksi ditindakake kanthi nggunakake ironis, layanan sing dirancang kanggo nggarap server logam kosong.

Nanging ing kene masalahe - nalika server IPMI hardware duwe port sing kapisah (utawa port sing dienggo bareng, nanging iki ora penting), mula mesin virtual ora duwe port kasebut. Ing kene ana crutch sing diarani vbmc kanggo mbantu kita - sarana sing ngidini sampeyan niru port IPMI. Nuansa iki kudu digatekake utamane kanggo wong-wong sing pengin nyiyapake laboratorium kasebut ing hypervisor ESXI - jujur, aku ora ngerti yen ana analog saka vbmc, mula kudu dipikirake babagan masalah iki sadurunge nyebarake kabeh. .

Instal vbmc:

yum install yum install python2-virtualbmc

Yen OS sampeyan ora bisa nemokake paket kasebut, tambahake repositori:

yum install -y https://www.rdoproject.org/repos/rdo-release.rpm

Saiki kita nyiyapake sarana. Kabeh sing ana ing kene pancen ora sopan nganti dadi isin. Saiki logis yen ora ana server ing dhaptar vbmc

[root@hp-gen9 ~]# vbmc list

[root@hp-gen9 ~]# 

Supaya bisa katon, kudu diumumake kanthi manual kaya iki:

[root@hp-gen9 ~]# vbmc add control-1 --port 7001 --username admin --password admin
[root@hp-gen9 ~]# vbmc add storage-1 --port 7002 --username admin --password admin
[root@hp-gen9 ~]# vbmc add storage-2 --port 7003 --username admin --password admin
[root@hp-gen9 ~]# vbmc add compute-1 --port 7004 --username admin --password admin
[root@hp-gen9 ~]# vbmc add compute-2 --port 7005 --username admin --password admin
[root@hp-gen9 ~]#
[root@hp-gen9 ~]# vbmc list
+-------------+--------+---------+------+
| Domain name | Status | Address | Port |
+-------------+--------+---------+------+
| compute-1   | down   | ::      | 7004 |
| compute-2   | down   | ::      | 7005 |
| control-1   | down   | ::      | 7001 |
| storage-1   | down   | ::      | 7002 |
| storage-2   | down   | ::      | 7003 |
+-------------+--------+---------+------+
[root@hp-gen9 ~]#

Aku sintaks printah cetha tanpa panjelasan. Nanging, saiki kabeh sesi kita ana ing status DOWN. Kanggo pindhah menyang status UP, sampeyan kudu ngaktifake:

[root@hp-gen9 ~]# vbmc start control-1
2020-08-14 03:15:57,826.826 13149 INFO VirtualBMC [-] Started vBMC instance for domain control-1
[root@hp-gen9 ~]# vbmc start storage-1 
2020-08-14 03:15:58,316.316 13149 INFO VirtualBMC [-] Started vBMC instance for domain storage-1
[root@hp-gen9 ~]# vbmc start storage-2
2020-08-14 03:15:58,851.851 13149 INFO VirtualBMC [-] Started vBMC instance for domain storage-2
[root@hp-gen9 ~]# vbmc start compute-1
2020-08-14 03:15:59,307.307 13149 INFO VirtualBMC [-] Started vBMC instance for domain compute-1
[root@hp-gen9 ~]# vbmc start compute-2
2020-08-14 03:15:59,712.712 13149 INFO VirtualBMC [-] Started vBMC instance for domain compute-2
[root@hp-gen9 ~]# 
[root@hp-gen9 ~]# 
[root@hp-gen9 ~]# vbmc list
+-------------+---------+---------+------+
| Domain name | Status  | Address | Port |
+-------------+---------+---------+------+
| compute-1   | running | ::      | 7004 |
| compute-2   | running | ::      | 7005 |
| control-1   | running | ::      | 7001 |
| storage-1   | running | ::      | 7002 |
| storage-2   | running | ::      | 7003 |
+-------------+---------+---------+------+
[root@hp-gen9 ~]#

Lan tutul pungkasan - sampeyan kudu mbenerake aturan firewall (utawa mateni kabeh):

firewall-cmd --zone=public --add-port=7001/udp --permanent
firewall-cmd --zone=public --add-port=7002/udp --permanent
firewall-cmd --zone=public --add-port=7003/udp --permanent
firewall-cmd --zone=public --add-port=7004/udp --permanent
firewall-cmd --zone=public --add-port=7005/udp --permanent
firewall-cmd --reload

Saiki ayo pindhah menyang undercloud lan priksa manawa kabeh bisa digunakake. Alamat mesin inang yaiku 192.168.255.200, ing undercloud kita nambahake paket ipmitool sing dibutuhake sajrone nyiapake penyebaran:

[stack@undercloud ~]$ ipmitool -I lanplus -U admin -P admin -H 192.168.255.200 -p 7001 power status          
Chassis Power is off
[stack@undercloud ~]$ ipmitool -I lanplus -U admin -P admin -H 192.168.255.200 -p 7001 power on
Chassis Power Control: Up/On
[stack@undercloud ~]$ 

[root@hp-gen9 ~]# virsh list 
 Id    Name                           State
----------------------------------------------------
 6     dns-server                     running
 64    undercloud                     running
 65    control-1                      running

Kaya sing sampeyan ngerteni, kita wis sukses ngluncurake simpul kontrol liwat vbmc. Saiki ayo mateni lan nerusake:

[stack@undercloud ~]$ ipmitool -I lanplus -U admin -P admin -H 192.168.255.200 -p 7001 power off
Chassis Power Control: Down/Off
[stack@undercloud ~]$ ipmitool -I lanplus -U admin -P admin -H 192.168.255.200 -p 7001 power status
Chassis Power is off
[stack@undercloud ~]$ 

[root@hp-gen9 ~]# virsh list --all
 Id    Name                           State
----------------------------------------------------
 6     dns-server                     running
 64    undercloud                     running
 -     compute-1                      shut off
 -     compute-2                      shut off
 -     control-1                      shut off
 -     storage-1                      shut off
 -     storage-2                      shut off

[root@hp-gen9 ~]#

Langkah sabanjure yaiku introspeksi simpul sing bakal dipasang overcloud. Kanggo nindakake iki, kita kudu nyiapake file json kanthi katrangan saka simpul kita. Wigati dimangerteni manawa, ora kaya instalasi ing server kosong, file kasebut nuduhake port sing digunakake vbmc kanggo saben mesin.

[root@hp-gen9 ~]# virsh domiflist --domain control-1 
Interface  Type       Source     Model       MAC
-------------------------------------------------------
-          network    ovs-network-1 virtio      52:54:00:20:a2:2f
-          network    ovs-network-1 virtio      52:54:00:3f:87:9f

[root@hp-gen9 ~]# virsh domiflist --domain compute-1
Interface  Type       Source     Model       MAC
-------------------------------------------------------
-          network    ovs-network-1 virtio      52:54:00:98:e9:d6

[root@hp-gen9 ~]# virsh domiflist --domain compute-2
Interface  Type       Source     Model       MAC
-------------------------------------------------------
-          network    ovs-network-1 virtio      52:54:00:6a:ea:be

[root@hp-gen9 ~]# virsh domiflist --domain storage-1
Interface  Type       Source     Model       MAC
-------------------------------------------------------
-          network    ovs-network-1 virtio      52:54:00:79:0b:cb

[root@hp-gen9 ~]# virsh domiflist --domain storage-2
Interface  Type       Source     Model       MAC
-------------------------------------------------------
-          network    ovs-network-1 virtio      52:54:00:a7:fe:27

Cathetan: simpul kontrol duwe rong antarmuka, nanging ing kasus iki ora penting, ing instalasi iki bakal cukup kanggo kita.

Saiki kita nyiyapake file json. Kita kudu nunjukake alamat port poppy sing bakal ditindakake, paramèter simpul kasebut, menehi jeneng lan nuduhake cara tekan ipmi:

{
    "nodes":[
        {
            "mac":[
                "52:54:00:20:a2:2f"
            ],
            "cpu":"8",
            "memory":"32768",
            "disk":"60",
            "arch":"x86_64",
            "name":"control-1",
            "pm_type":"pxe_ipmitool",
            "pm_user":"admin",
            "pm_password":"admin",
            "pm_addr":"192.168.255.200",
            "pm_port":"7001"
        },
        {
            "mac":[
                "52:54:00:79:0b:cb"
            ],
            "cpu":"4",
            "memory":"16384",
            "disk":"160",
            "arch":"x86_64",
            "name":"storage-1",
            "pm_type":"pxe_ipmitool",
            "pm_user":"admin",
            "pm_password":"admin",
            "pm_addr":"192.168.255.200",
            "pm_port":"7002"
        },
        {
            "mac":[
                "52:54:00:a7:fe:27"
            ],
            "cpu":"4",
            "memory":"16384",
            "disk":"160",
            "arch":"x86_64",
            "name":"storage-2",
            "pm_type":"pxe_ipmitool",
            "pm_user":"admin",
            "pm_password":"admin",
            "pm_addr":"192.168.255.200",
            "pm_port":"7003"
        },
        {
            "mac":[
                "52:54:00:98:e9:d6"
            ],
            "cpu":"12",
            "memory":"32768",
            "disk":"60",
            "arch":"x86_64",
            "name":"compute-1",
            "pm_type":"pxe_ipmitool",
            "pm_user":"admin",
            "pm_password":"admin",
            "pm_addr":"192.168.255.200",
            "pm_port":"7004"
        },
        {
            "mac":[
                "52:54:00:6a:ea:be"
            ],
            "cpu":"12",
            "memory":"32768",
            "disk":"60",
            "arch":"x86_64",
            "name":"compute-2",
            "pm_type":"pxe_ipmitool",
            "pm_user":"admin",
            "pm_password":"admin",
            "pm_addr":"192.168.255.200",
            "pm_port":"7005"
        }
    ]
}

Saiki kita kudu nyiapake gambar kanggo ironis. Kanggo nindakake iki, download liwat wget lan instal:

(undercloud) [stack@undercloud ~]$ sudo wget https://images.rdoproject.org/queens/delorean/current-tripleo-rdo/overcloud-full.tar --no-check-certificate
(undercloud) [stack@undercloud ~]$ sudo wget https://images.rdoproject.org/queens/delorean/current-tripleo-rdo/ironic-python-agent.tar --no-check-certificate
(undercloud) [stack@undercloud ~]$ ls -lh
total 1.9G
-rw-r--r--. 1 stack stack 447M Aug 14 10:26 ironic-python-agent.tar
-rw-r--r--. 1 stack stack 1.5G Aug 14 10:26 overcloud-full.tar
-rw-------. 1 stack stack  916 Aug 13 23:10 stackrc
-rw-r--r--. 1 stack stack  15K Aug 13 22:50 undercloud.conf
-rw-------. 1 stack stack 2.0K Aug 13 22:50 undercloud-passwords.conf
(undercloud) [stack@undercloud ~]$ mkdir images/
(undercloud) [stack@undercloud ~]$ tar -xpvf ironic-python-agent.tar -C ~/images/
ironic-python-agent.initramfs
ironic-python-agent.kernel
(undercloud) [stack@undercloud ~]$ tar -xpvf overcloud-full.tar -C ~/images/                       
overcloud-full.qcow2
overcloud-full.initrd
overcloud-full.vmlinuz
(undercloud) [stack@undercloud ~]$ 
(undercloud) [stack@undercloud ~]$ ls -lh images/
total 1.9G
-rw-rw-r--. 1 stack stack 441M Aug 12 17:24 ironic-python-agent.initramfs
-rwxr-xr-x. 1 stack stack 6.5M Aug 12 17:24 ironic-python-agent.kernel
-rw-r--r--. 1 stack stack  53M Aug 12 17:14 overcloud-full.initrd
-rw-r--r--. 1 stack stack 1.4G Aug 12 17:18 overcloud-full.qcow2
-rwxr-xr-x. 1 stack stack 6.5M Aug 12 17:14 overcloud-full.vmlinuz
(undercloud) [stack@undercloud ~]$

Ngunggah gambar menyang undercloud:

(undercloud) [stack@undercloud ~]$ openstack overcloud image upload --image-path ~/images/
Image "overcloud-full-vmlinuz" was uploaded.
+--------------------------------------+------------------------+-------------+---------+--------+
|                  ID                  |          Name          | Disk Format |   Size  | Status |
+--------------------------------------+------------------------+-------------+---------+--------+
| c2553770-3e0f-4750-b46b-138855b5c385 | overcloud-full-vmlinuz |     aki     | 6761064 | active |
+--------------------------------------+------------------------+-------------+---------+--------+
Image "overcloud-full-initrd" was uploaded.
+--------------------------------------+-----------------------+-------------+----------+--------+
|                  ID                  |          Name         | Disk Format |   Size   | Status |
+--------------------------------------+-----------------------+-------------+----------+--------+
| 949984e0-4932-4e71-af43-d67a38c3dc89 | overcloud-full-initrd |     ari     | 55183045 | active |
+--------------------------------------+-----------------------+-------------+----------+--------+
Image "overcloud-full" was uploaded.
+--------------------------------------+----------------+-------------+------------+--------+
|                  ID                  |      Name      | Disk Format |    Size    | Status |
+--------------------------------------+----------------+-------------+------------+--------+
| a2f2096d-c9d7-429a-b866-c7543c02a380 | overcloud-full |    qcow2    | 1487475712 | active |
+--------------------------------------+----------------+-------------+------------+--------+
Image "bm-deploy-kernel" was uploaded.
+--------------------------------------+------------------+-------------+---------+--------+
|                  ID                  |       Name       | Disk Format |   Size  | Status |
+--------------------------------------+------------------+-------------+---------+--------+
| e413aa78-e38f-404c-bbaf-93e582a8e67f | bm-deploy-kernel |     aki     | 6761064 | active |
+--------------------------------------+------------------+-------------+---------+--------+
Image "bm-deploy-ramdisk" was uploaded.
+--------------------------------------+-------------------+-------------+-----------+--------+
|                  ID                  |        Name       | Disk Format |    Size   | Status |
+--------------------------------------+-------------------+-------------+-----------+--------+
| 5cf3aba4-0e50-45d3-929f-27f025dd6ce3 | bm-deploy-ramdisk |     ari     | 461759376 | active |
+--------------------------------------+-------------------+-------------+-----------+--------+
(undercloud) [stack@undercloud ~]$

Priksa manawa kabeh gambar wis dimuat

(undercloud) [stack@undercloud ~]$  openstack image list
+--------------------------------------+------------------------+--------+
| ID                                   | Name                   | Status |
+--------------------------------------+------------------------+--------+
| e413aa78-e38f-404c-bbaf-93e582a8e67f | bm-deploy-kernel       | active |
| 5cf3aba4-0e50-45d3-929f-27f025dd6ce3 | bm-deploy-ramdisk      | active |
| a2f2096d-c9d7-429a-b866-c7543c02a380 | overcloud-full         | active |
| 949984e0-4932-4e71-af43-d67a38c3dc89 | overcloud-full-initrd  | active |
| c2553770-3e0f-4750-b46b-138855b5c385 | overcloud-full-vmlinuz | active |
+--------------------------------------+------------------------+--------+
(undercloud) [stack@undercloud ~]$

Siji liyane - sampeyan kudu nambah server DNS:

(undercloud) [stack@undercloud ~]$ openstack subnet list
+--------------------------------------+-----------------+--------------------------------------+------------------+
| ID                                   | Name            | Network                              | Subnet           |
+--------------------------------------+-----------------+--------------------------------------+------------------+
| f45dea46-4066-42aa-a3c4-6f84b8120cab | ctlplane-subnet | 6ca013dc-41c2-42d8-9d69-542afad53392 | 192.168.255.0/24 |
+--------------------------------------+-----------------+--------------------------------------+------------------+
(undercloud) [stack@undercloud ~]$ openstack subnet show f45dea46-4066-42aa-a3c4-6f84b8120cab
+-------------------+-----------------------------------------------------------+
| Field             | Value                                                     |
+-------------------+-----------------------------------------------------------+
| allocation_pools  | 192.168.255.11-192.168.255.50                             |
| cidr              | 192.168.255.0/24                                          |
| created_at        | 2020-08-13T20:10:37Z                                      |
| description       |                                                           |
| dns_nameservers   |                                                           |
| enable_dhcp       | True                                                      |
| gateway_ip        | 192.168.255.1                                             |
| host_routes       | destination='169.254.169.254/32', gateway='192.168.255.1' |
| id                | f45dea46-4066-42aa-a3c4-6f84b8120cab                      |
| ip_version        | 4                                                         |
| ipv6_address_mode | None                                                      |
| ipv6_ra_mode      | None                                                      |
| name              | ctlplane-subnet                                           |
| network_id        | 6ca013dc-41c2-42d8-9d69-542afad53392                      |
| prefix_length     | None                                                      |
| project_id        | a844ccfcdb2745b198dde3e1b28c40a3                          |
| revision_number   | 0                                                         |
| segment_id        | None                                                      |
| service_types     |                                                           |
| subnetpool_id     | None                                                      |
| tags              |                                                           |
| updated_at        | 2020-08-13T20:10:37Z                                      |
+-------------------+-----------------------------------------------------------+
(undercloud) [stack@undercloud ~]$ 
(undercloud) [stack@undercloud ~]$ neutron subnet-update f45dea46-4066-42aa-a3c4-6f84b8120cab --dns-nameserver 192.168.255.253                                    
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Updated subnet: f45dea46-4066-42aa-a3c4-6f84b8120cab
(undercloud) [stack@undercloud ~]$

Saiki kita bisa menehi prentah kanggo introspeksi:

(undercloud) [stack@undercloud ~]$ openstack overcloud node import --introspect --provide inspection.json 
Started Mistral Workflow tripleo.baremetal.v1.register_or_update. Execution ID: d57456a3-d8ed-479c-9a90-dff7c752d0ec
Waiting for messages on queue 'tripleo' with no timeout.


5 node(s) successfully moved to the "manageable" state.
Successfully registered node UUID b4b2cf4a-b7ca-4095-af13-cc83be21c4f5
Successfully registered node UUID b89a72a3-6bb7-429a-93bc-48393d225838
Successfully registered node UUID 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e
Successfully registered node UUID bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8
Successfully registered node UUID 766ab623-464c-423d-a529-d9afb69d1167
Waiting for introspection to finish...
Started Mistral Workflow tripleo.baremetal.v1.introspect. Execution ID: 6b4d08ae-94c3-4a10-ab63-7634ec198a79
Waiting for messages on queue 'tripleo' with no timeout.
Introspection of node b89a72a3-6bb7-429a-93bc-48393d225838 completed. Status:SUCCESS. Errors:None
Introspection of node 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e completed. Status:SUCCESS. Errors:None
Introspection of node bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8 completed. Status:SUCCESS. Errors:None
Introspection of node 766ab623-464c-423d-a529-d9afb69d1167 completed. Status:SUCCESS. Errors:None
Introspection of node b4b2cf4a-b7ca-4095-af13-cc83be21c4f5 completed. Status:SUCCESS. Errors:None
Successfully introspected 5 node(s).
Started Mistral Workflow tripleo.baremetal.v1.provide. Execution ID: f5594736-edcf-4927-a8a0-2a7bf806a59a
Waiting for messages on queue 'tripleo' with no timeout.
5 node(s) successfully moved to the "available" state.
(undercloud) [stack@undercloud ~]$

Nalika sampeyan bisa ndeleng saka output, kabeh rampung tanpa kasalahan. Ayo priksa manawa kabeh simpul ana ing negara sing kasedhiya:

(undercloud) [stack@undercloud ~]$ openstack baremetal node list
+--------------------------------------+-----------+---------------+-------------+--------------------+-------------+
| UUID                                 | Name      | Instance UUID | Power State | Provisioning State | Maintenance |
+--------------------------------------+-----------+---------------+-------------+--------------------+-------------+
| b4b2cf4a-b7ca-4095-af13-cc83be21c4f5 | control-1 | None          | power off   | available          | False       |
| b89a72a3-6bb7-429a-93bc-48393d225838 | storage-1 | None          | power off   | available          | False       |
| 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e | storage-2 | None          | power off   | available          | False       |
| bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8 | compute-1 | None          | power off   | available          | False       |
| 766ab623-464c-423d-a529-d9afb69d1167 | compute-2 | None          | power off   | available          | False       |
+--------------------------------------+-----------+---------------+-------------+--------------------+-------------+
(undercloud) [stack@undercloud ~]$ 

Yen kelenjar ana ing negara sing beda, biasane bisa diatur, banjur ana sing salah lan sampeyan kudu ndeleng log lan ngerteni kenapa kedadeyan kasebut. Elinga yen ing skenario iki kita nggunakake virtualisasi lan bisa uga ana kewan omo sing ana gandhengane karo panggunaan mesin virtual utawa vbmc.

Sabanjure, kita kudu nunjukake simpul sing bakal nindakake fungsi - yaiku, nuduhake profil sing bakal dipasang simpul:

(undercloud) [stack@undercloud ~]$ openstack overcloud profiles list
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
| Node UUID                            | Node Name | Provision State | Current Profile | Possible Profiles |
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
| b4b2cf4a-b7ca-4095-af13-cc83be21c4f5 | control-1 | available       | None            |                   |
| b89a72a3-6bb7-429a-93bc-48393d225838 | storage-1 | available       | None            |                   |
| 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e | storage-2 | available       | None            |                   |
| bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8 | compute-1 | available       | None            |                   |
| 766ab623-464c-423d-a529-d9afb69d1167 | compute-2 | available       | None            |                   |
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
(undercloud) [stack@undercloud ~]$ openstack flavor list
+--------------------------------------+---------------+------+------+-----------+-------+-----------+
| ID                                   | Name          |  RAM | Disk | Ephemeral | VCPUs | Is Public |
+--------------------------------------+---------------+------+------+-----------+-------+-----------+
| 168af640-7f40-42c7-91b2-989abc5c5d8f | swift-storage | 4096 |   40 |         0 |     1 | True      |
| 52148d1b-492e-48b4-b5fc-772849dd1b78 | baremetal     | 4096 |   40 |         0 |     1 | True      |
| 56e66542-ae60-416d-863e-0cb192d01b09 | control       | 4096 |   40 |         0 |     1 | True      |
| af6796e1-d0c4-4bfe-898c-532be194f7ac | block-storage | 4096 |   40 |         0 |     1 | True      |
| e4d50fdd-0034-446b-b72c-9da19b16c2df | compute       | 4096 |   40 |         0 |     1 | True      |
| fc2e3acf-7fca-4901-9eee-4a4d6ef0265d | ceph-storage  | 4096 |   40 |         0 |     1 | True      |
+--------------------------------------+---------------+------+------+-----------+-------+-----------+
(undercloud) [stack@undercloud ~]$

Nemtokake profil kanggo saben simpul:

openstack baremetal node set --property capabilities='profile:control,boot_option:local' b4b2cf4a-b7ca-4095-af13-cc83be21c4f5
openstack baremetal node set --property capabilities='profile:ceph-storage,boot_option:local' b89a72a3-6bb7-429a-93bc-48393d225838
openstack baremetal node set --property capabilities='profile:ceph-storage,boot_option:local' 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e
openstack baremetal node set --property capabilities='profile:compute,boot_option:local' bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8
openstack baremetal node set --property capabilities='profile:compute,boot_option:local' 766ab623-464c-423d-a529-d9afb69d1167

Ayo priksa manawa kita nindakake kabeh kanthi bener:

(undercloud) [stack@undercloud ~]$ openstack overcloud profiles list
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
| Node UUID                            | Node Name | Provision State | Current Profile | Possible Profiles |
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
| b4b2cf4a-b7ca-4095-af13-cc83be21c4f5 | control-1 | available       | control         |                   |
| b89a72a3-6bb7-429a-93bc-48393d225838 | storage-1 | available       | ceph-storage    |                   |
| 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e | storage-2 | available       | ceph-storage    |                   |
| bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8 | compute-1 | available       | compute         |                   |
| 766ab623-464c-423d-a529-d9afb69d1167 | compute-2 | available       | compute         |                   |
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
(undercloud) [stack@undercloud ~]$

Yen kabeh wis bener, kita menehi prentah kanggo nyebarake overcloud:

openstack overcloud deploy --templates --control-scale 1 --compute-scale 2  --ceph-storage-scale 2 --control-flavor control --compute-flavor compute  --ceph-storage-flavor ceph-storage --libvirt-type qemu

Ing instalasi nyata, cithakan khusus bakal digunakake kanthi alami, ing kasus iki, proses kasebut bakal rumit banget, amarga saben suntingan ing cithakan kudu diterangake. Kaya sing wis ditulis sadurunge, malah instalasi sing prasaja bakal cukup kanggo ndeleng cara kerjane.

Cathetan: variabel qemu --libvirt-type perlu ing kasus iki, amarga kita bakal nggunakake virtualisasi nested. Yen ora, sampeyan ora bakal bisa mbukak mesin virtual.

Saiki sampeyan duwe kira-kira jam, utawa bisa uga luwih (gumantung saka kemampuan hardware) lan sampeyan mung bisa ngarep-arep yen sawise wektu iki sampeyan bakal weruh pesen ing ngisor iki:

2020-08-14 08:39:21Z [overcloud]: CREATE_COMPLETE  Stack CREATE completed successfully

 Stack overcloud CREATE_COMPLETE 

Host 192.168.255.21 not found in /home/stack/.ssh/known_hosts
Started Mistral Workflow tripleo.deployment.v1.get_horizon_url. Execution ID: fcb996cd-6a19-482b-b755-2ca0c08069a9
Overcloud Endpoint: http://192.168.255.21:5000/
Overcloud Horizon Dashboard URL: http://192.168.255.21:80/dashboard
Overcloud rc file: /home/stack/overcloudrc
Overcloud Deployed
(undercloud) [stack@undercloud ~]$

Saiki sampeyan duwe versi openstack sing meh lengkap, sing bisa sampeyan sinau, eksperimen, lsp.

Ayo priksa manawa kabeh bisa digunakake kanthi bener. Ing tumpukan direktori ngarep pangguna ana rong file - siji stackrc (kanggo ngatur undercloud) lan overcloudrc kapindho (kanggo ngatur overcloud). File-file kasebut kudu ditemtokake minangka sumber, amarga ngemot informasi sing dibutuhake kanggo otentikasi.

(undercloud) [stack@undercloud ~]$ openstack server list
+--------------------------------------+-------------------------+--------+-------------------------+----------------+--------------+
| ID                                   | Name                    | Status | Networks                | Image          | Flavor       |
+--------------------------------------+-------------------------+--------+-------------------------+----------------+--------------+
| fd7d36f4-ce87-4b9a-93b0-add2957792de | overcloud-controller-0  | ACTIVE | ctlplane=192.168.255.15 | overcloud-full | control      |
| edc77778-8972-475e-a541-ff40eb944197 | overcloud-novacompute-1 | ACTIVE | ctlplane=192.168.255.26 | overcloud-full | compute      |
| 5448ce01-f05f-47ca-950a-ced14892c0d4 | overcloud-cephstorage-1 | ACTIVE | ctlplane=192.168.255.34 | overcloud-full | ceph-storage |
| ce6d862f-4bdf-4ba3-b711-7217915364d7 | overcloud-novacompute-0 | ACTIVE | ctlplane=192.168.255.19 | overcloud-full | compute      |
| e4507bd5-6f96-4b12-9cc0-6924709da59e | overcloud-cephstorage-0 | ACTIVE | ctlplane=192.168.255.44 | overcloud-full | ceph-storage |
+--------------------------------------+-------------------------+--------+-------------------------+----------------+--------------+
(undercloud) [stack@undercloud ~]$ 

(undercloud) [stack@undercloud ~]$ source overcloudrc 
(overcloud) [stack@undercloud ~]$ 
(overcloud) [stack@undercloud ~]$ openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 4eed7d0f06544625857d51cd77c5bd4c | admin   |
| ee1c68758bde41eaa9912c81dc67dad8 | service |
+----------------------------------+---------+
(overcloud) [stack@undercloud ~]$ 
(overcloud) [stack@undercloud ~]$ 
(overcloud) [stack@undercloud ~]$ openstack network agent list  
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host                                | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
| 10495de9-ba4b-41fe-b30a-b90ec3f8728b | Open vSwitch agent | overcloud-novacompute-1.localdomain | None              | :-)   | UP    | neutron-openvswitch-agent |
| 1515ad4a-5972-46c3-af5f-e5446dff7ac7 | L3 agent           | overcloud-controller-0.localdomain  | nova              | :-)   | UP    | neutron-l3-agent          |
| 322e62ca-1e5a-479e-9a96-4f26d09abdd7 | DHCP agent         | overcloud-controller-0.localdomain  | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 9c1de2f9-bac5-400e-998d-4360f04fc533 | Open vSwitch agent | overcloud-novacompute-0.localdomain | None              | :-)   | UP    | neutron-openvswitch-agent |
| d99c5657-851e-4d3c-bef6-f1e3bb1acfb0 | Open vSwitch agent | overcloud-controller-0.localdomain  | None              | :-)   | UP    | neutron-openvswitch-agent |
| ff85fae6-5543-45fb-a301-19c57b62d836 | Metadata agent     | overcloud-controller-0.localdomain  | None              | :-)   | UP    | neutron-metadata-agent    |
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
(overcloud) [stack@undercloud ~]$

Instalasiku isih mbutuhake siji tutul cilik - nambah rute ing controller, amarga mesin sing digunakake ing jaringan beda. Kanggo nindakake iki, pindhah menyang kontrol-1 ing akun panas-admin lan ndhaftar rute

(undercloud) [stack@undercloud ~]$ ssh [email protected]         
Last login: Fri Aug 14 09:47:40 2020 from 192.168.255.1
[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-controller-0 ~]$ sudo ip route add 10.169.0.0/16 via 192.168.255.254

Nah, saiki sampeyan bisa pindhah menyang cakrawala. Kabeh informasi - alamat, login lan sandhi - ana ing file /home/stack/overcloudrc. Diagram pungkasan katon kaya iki:

Miturut cara, ing instalasi kita, alamat mesin ditanggepi liwat DHCP lan, kaya sing sampeyan ngerteni, ditanggepi "kanthi acak". Sampeyan bisa nemtokake kanthi ketat ing cithakan alamat sing kudu dilampirake menyang mesin nalika panyebaran, yen sampeyan butuh.

Kepiye lalu lintas ing antarane mesin virtual?

Ing artikel iki kita bakal katon ing telung opsi kanggo liwat lalu lintas

• Loro mesin ing siji hypervisor ing siji jaringan L2
• Loro mesin ing hypervisor beda ing jaringan L2 padha
• Loro mesin ing jaringan sing beda (rooting lintas jaringan)

Kasus kanthi akses menyang jagad njaba liwat jaringan eksternal, nggunakake alamat ngambang, uga rute sing disebarake, kita bakal nimbang wektu sabanjure, saiki kita bakal fokus ing lalu lintas internal.

Kanggo mriksa, ayo gawe diagram ing ngisor iki:

Kita wis nggawe 4 mesin virtual - 3 ing siji jaringan L2 - net-1, lan 1 liyane ing jaringan net-2

(overcloud) [stack@undercloud ~]$ nova list --tenant 5e18ce8ec9594e00b155485f19895e6c             
+--------------------------------------+------+----------------------------------+--------+------------+-------------+-----------------+
| ID                                   | Name | Tenant ID                        | Status | Task State | Power State | Networks        |
+--------------------------------------+------+----------------------------------+--------+------------+-------------+-----------------+
| f53b37b5-2204-46cc-aef0-dba84bf970c0 | vm-1 | 5e18ce8ec9594e00b155485f19895e6c | ACTIVE | -          | Running     | net-1=10.0.1.85 |
| fc8b6722-0231-49b0-b2fa-041115bef34a | vm-2 | 5e18ce8ec9594e00b155485f19895e6c | ACTIVE | -          | Running     | net-1=10.0.1.88 |
| 3cd74455-b9b7-467a-abe3-bd6ff765c83c | vm-3 | 5e18ce8ec9594e00b155485f19895e6c | ACTIVE | -          | Running     | net-1=10.0.1.90 |
| 7e836338-6772-46b0-9950-f7f06dbe91a8 | vm-4 | 5e18ce8ec9594e00b155485f19895e6c | ACTIVE | -          | Running     | net-2=10.0.2.8  |
+--------------------------------------+------+----------------------------------+--------+------------+-------------+-----------------+
(overcloud) [stack@undercloud ~]$ 

Ayo ndeleng apa hypervisor mesin sing digawe:

(overcloud) [stack@undercloud ~]$ nova show f53b37b5-2204-46cc-aef0-dba84bf970c0 | egrep "hypervisor_hostname|instance_name|hostname"
| OS-EXT-SRV-ATTR:hostname             | vm-1                                                     |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | overcloud-novacompute-0.localdomain                      |
| OS-EXT-SRV-ATTR:instance_name        | instance-00000001                                        |

(overcloud) [stack@undercloud ~]$ nova show fc8b6722-0231-49b0-b2fa-041115bef34a | egrep "hypervisor_hostname|instance_name|hostname"
| OS-EXT-SRV-ATTR:hostname             | vm-2                                                     |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | overcloud-novacompute-1.localdomain                      |
| OS-EXT-SRV-ATTR:instance_name        | instance-00000002                                        |

(overcloud) [stack@undercloud ~]$ nova show 3cd74455-b9b7-467a-abe3-bd6ff765c83c | egrep "hypervisor_hostname|instance_name|hostname"
| OS-EXT-SRV-ATTR:hostname             | vm-3                                                     |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | overcloud-novacompute-0.localdomain                      |
| OS-EXT-SRV-ATTR:instance_name        | instance-00000003                                        |

(overcloud) [stack@undercloud ~]$ nova show 7e836338-6772-46b0-9950-f7f06dbe91a8 | egrep "hypervisor_hostname|instance_name|hostname"
| OS-EXT-SRV-ATTR:hostname             | vm-4                                                     |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | overcloud-novacompute-1.localdomain                      |
| OS-EXT-SRV-ATTR:instance_name        | instance-00000004                                        |

(overcloud) [tumpukan@undercloud ~]$
Mesin vm-1 lan vm-3 dumunung ing compute-0, mesin vm-2 lan vm-4 dumunung ing node compute-1.

Kajaba iku, router virtual wis digawe kanggo ngaktifake rute ing antarane jaringan sing ditemtokake:

(overcloud) [stack@undercloud ~]$ openstack router list  --project 5e18ce8ec9594e00b155485f19895e6c
+--------------------------------------+----------+--------+-------+-------------+-------+----------------------------------+
| ID                                   | Name     | Status | State | Distributed | HA    | Project                          |
+--------------------------------------+----------+--------+-------+-------------+-------+----------------------------------+
| 0a4d2420-4b9c-46bd-aec1-86a1ef299abe | router-1 | ACTIVE | UP    | False       | False | 5e18ce8ec9594e00b155485f19895e6c |
+--------------------------------------+----------+--------+-------+-------------+-------+----------------------------------+
(overcloud) [stack@undercloud ~]$ 

Router duwe rong port virtual, sing dadi gateway kanggo jaringan:

(overcloud) [stack@undercloud ~]$ openstack router show 0a4d2420-4b9c-46bd-aec1-86a1ef299abe | grep interface
| interfaces_info         | [{"subnet_id": "2529ad1a-6b97-49cd-8515-cbdcbe5e3daa", "ip_address": "10.0.1.254", "port_id": "0c52b15f-8fcc-4801-bf52-7dacc72a5201"}, {"subnet_id": "335552dd-b35b-456b-9df0-5aac36a3ca13", "ip_address": "10.0.2.254", "port_id": "92fa49b5-5406-499f-ab8d-ddf28cc1a76c"}] |
(overcloud) [stack@undercloud ~]$ 

Nanging sadurunge ndeleng carane lalu lintas mili, ayo ndeleng apa sing saiki ana ing simpul kontrol (sing uga minangka simpul jaringan) lan ing simpul komputasi. Ayo dadi miwiti karo simpul komputasi.

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-vsctl show
[heat-admin@overcloud-novacompute-0 ~]$ sudo sudo ovs-appctl dpif/show
system@ovs-system: hit:3 missed:3
  br-ex:
    br-ex 65534/1: (internal)
    phy-br-ex 1/none: (patch: peer=int-br-ex)
  br-int:
    br-int 65534/2: (internal)
    int-br-ex 1/none: (patch: peer=phy-br-ex)
    patch-tun 2/none: (patch: peer=patch-int)
  br-tun:
    br-tun 65534/3: (internal)
    patch-int 1/none: (patch: peer=patch-tun)
    vxlan-c0a8ff0f 3/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.15)
    vxlan-c0a8ff1a 2/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.26)
[heat-admin@overcloud-novacompute-0 ~]$

Ing wayahe, simpul wis telung kreteg ovs - br-int, br-tun, br-ex. Ing antarane, kaya sing kita deleng, ana sawetara antarmuka. Kanggo ease saka pangerten, ayo plot kabeh antarmuka iki ing diagram lan ndeleng apa mengkono.

Deleng ing alamat sing VxLAN trowongan wungu, bisa katon sing siji trowongan wungu kanggo ngitung-1 (192.168.255.26), trowongan kapindho katon kanggo kontrol-1 (192.168.255.15). Nanging sing paling menarik yaiku br-ex ora duwe antarmuka fisik, lan yen sampeyan ndeleng aliran apa sing dikonfigurasi, sampeyan bisa ndeleng manawa jembatan iki mung bisa ngeculake lalu lintas saiki.

[heat-admin@overcloud-novacompute-0 ~]$ ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 192.168.255.19  netmask 255.255.255.0  broadcast 192.168.255.255
        inet6 fe80::5054:ff:fe6a:eabe  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:6a:ea:be  txqueuelen 1000  (Ethernet)
        RX packets 2909669  bytes 4608201000 (4.2 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1821057  bytes 349198520 (333.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[heat-admin@overcloud-novacompute-0 ~]$ 

Nalika sampeyan bisa ndeleng saka output, alamat ngaco langsung menyang port fisik, lan ora kanggo antarmuka bridge virtual.

[heat-admin@overcloud-novacompute-0 ~]$  sudo ovs-appctl fdb/show br-ex
 port  VLAN  MAC                Age
[heat-admin@overcloud-novacompute-0 ~]$  sudo ovs-ofctl dump-flows br-ex
 cookie=0x9169eae8f7fe5bb2, duration=216686.864s, table=0, n_packets=303, n_bytes=26035, priority=2,in_port="phy-br-ex" actions=drop
 cookie=0x9169eae8f7fe5bb2, duration=216686.887s, table=0, n_packets=0, n_bytes=0, priority=0 actions=NORMAL
[heat-admin@overcloud-novacompute-0 ~]$ 

Miturut aturan pisanan, kabeh sing teka saka port phy-br-ex kudu dibuwak.
Bener, saiki ora ana papan liya kanggo lalu lintas menyang jembatan iki kajaba saka antarmuka iki (antarmuka karo br-int), lan miturut tetes, lalu lintas BUM wis mabur menyang jembatan kasebut.

Tegese, lalu lintas bisa ninggalake simpul iki mung liwat trowongan VxLAN lan ora liya. Nanging, yen sampeyan nguripake DVR, kahanan bakal ngganti, nanging kita bakal menehi hasil karo liyane wektu. Nalika nggunakake isolasi jaringan, contone, nggunakake vlans, sampeyan bakal duwe ora siji antarmuka L3 ing vlan 0, nanging sawetara antarmuka. Nanging, lalu lintas VxLAN bakal ninggalake simpul ing cara sing padha, nanging uga encapsulated ing sawetara jenis vlan darmabakti.

Kita wis ngurutake simpul komputasi, ayo pindhah menyang simpul kontrol.

[heat-admin@overcloud-controller-0 ~]$ sudo ovs-appctl dpif/show
system@ovs-system: hit:930491 missed:825
  br-ex:
    br-ex 65534/1: (internal)
    eth0 1/2: (system)
    phy-br-ex 2/none: (patch: peer=int-br-ex)
  br-int:
    br-int 65534/3: (internal)
    int-br-ex 1/none: (patch: peer=phy-br-ex)
    patch-tun 2/none: (patch: peer=patch-int)
  br-tun:
    br-tun 65534/4: (internal)
    patch-int 1/none: (patch: peer=patch-tun)
    vxlan-c0a8ff13 3/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.19)
    vxlan-c0a8ff1a 2/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.26)
[heat-admin@overcloud-controller-0 ~]$

Ing kasunyatan, kita bisa ngomong yen kabeh padha, nanging alamat IP ora ana maneh ing antarmuka fisik nanging ing jembatan virtual. Iki ditindakake amarga port iki minangka pelabuhan sing bakal metu lalu lintas menyang jagad njaba.

[heat-admin@overcloud-controller-0 ~]$ ifconfig br-ex
br-ex: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 192.168.255.15  netmask 255.255.255.0  broadcast 192.168.255.255
        inet6 fe80::5054:ff:fe20:a22f  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:20:a2:2f  txqueuelen 1000  (Ethernet)
        RX packets 803859  bytes 1732616116 (1.6 GiB)
        RX errors 0  dropped 63  overruns 0  frame 0
        TX packets 808475  bytes 121652156 (116.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-controller-0 ~]$ sudo ovs-appctl fdb/show br-ex
 port  VLAN  MAC                Age
    3   100  28:c0:da:00:4d:d3   35
    1     0  28:c0:da:00:4d:d3   35
    1     0  52:54:00:98:e9:d6    0
LOCAL     0  52:54:00:20:a2:2f    0
    1     0  52:54:00:2c:08:9e    0
    3   100  52:54:00:20:a2:2f    0
    1     0  52:54:00:6a:ea:be    0
[heat-admin@overcloud-controller-0 ~]$ 

Port iki disambungake menyang jembatan br-ex lan amarga ora ana tag vlan, port iki minangka port trunk sing kabeh vlan diidini, saiki lalu lintas metu tanpa tag, kaya sing dituduhake dening vlan-id 0 ing output ndhuwur.

Kabeh liya ing wektu iki padha karo simpul komputasi - jembatan sing padha, terowongan sing padha menyang rong simpul komputasi.

Kita ora bakal nimbang kelenjar panyimpenan ing artikel iki, nanging kanggo pangerten iku perlu kanggo ngomong sing bagean jaringan kelenjar iki banal kanggo titik aib. Ing kasus kita, mung ana siji port fisik (eth0) kanthi alamat IP sing ditugasake lan mung iku. Ora ana trowongan VxLAN, kreteg trowongan, lsp - ora ana ovs, amarga ora ana gunane. Nalika nggunakake isolasi jaringan, simpul iki bakal duwe rong antarmuka (port fisik, bodny, utawa mung rong vlan - ora masalah - gumantung apa sing dikarepake) - siji kanggo manajemen, sing liya kanggo lalu lintas (nulis menyang disk VM , maca saka disk, lsp.)

Kita ngerti apa sing ana ing kelenjar kasebut tanpa ana layanan. Saiki ayo miwiti mesin virtual 4 lan deleng kepiye skema sing diterangake ing ndhuwur diganti - kita kudu duwe port, router virtual, lsp.

Nganti saiki, jaringan kita katon kaya iki:

Kita duwe rong mesin virtual ing saben simpul komputer. Nggunakake komputasi-0 minangka conto, ayo ndeleng kepiye kabeh kalebu.

[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh list 
 Id    Name                           State
----------------------------------------------------
 1     instance-00000001              running
 3     instance-00000003              running

[heat-admin@overcloud-novacompute-0 ~]$ 

Mesin mung duwe siji antarmuka virtual - tap95d96a75-a0:

[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh domiflist instance-00000001
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tap95d96a75-a0 bridge     qbr95d96a75-a0 virtio      fa:16:3e:44:98:20

[heat-admin@overcloud-novacompute-0 ~]$ 

Antarmuka iki katon ing jembatan linux:

[heat-admin@overcloud-novacompute-0 ~]$ sudo brctl show
bridge name     bridge id               STP enabled     interfaces
docker0         8000.0242904c92a8       no
qbr5bd37136-47          8000.5e4e05841423       no              qvb5bd37136-47
                                                        tap5bd37136-47
qbr95d96a75-a0          8000.de076cb850f6       no              qvb95d96a75-a0
                                                        tap95d96a75-a0
[heat-admin@overcloud-novacompute-0 ~]$ 

Nalika sampeyan bisa ndeleng saka output, ana mung loro antarmuka ing jembatan - tap95d96a75-a0 lan qvb95d96a75-a0.

Ing kene sampeyan kudu mikir babagan jinis piranti jaringan virtual ing OpenStack:
vtap - antarmuka virtual sing dipasang ing instance (VM)
qbr - jembatan Linux
qvb lan qvo - pasangan vEth disambungake menyang bridge Linux lan Open vSwitch bridge
br-int, br-tun, br-vlan - Mbukak vSwitch kreteg
patch-, int-br-, phy-br- - Bukak vSwitch patch antarmuka nyambungake kreteg
qg, qr, ha, fg, sg - Mbukak port vSwitch sing digunakake dening piranti virtual kanggo nyambung menyang OVS

Nalika sampeyan ngerti, yen kita duwe port qvb95d96a75-a0 ing jembatan, sing pasangan vEth, banjur nang endi wae ana pasangan, kang kudu logis disebut qvo95d96a75-a0. Ayo ndeleng apa port ing OVS.

[heat-admin@overcloud-novacompute-0 ~]$ sudo sudo ovs-appctl dpif/show
system@ovs-system: hit:526 missed:91
  br-ex:
    br-ex 65534/1: (internal)
    phy-br-ex 1/none: (patch: peer=int-br-ex)
  br-int:
    br-int 65534/2: (internal)
    int-br-ex 1/none: (patch: peer=phy-br-ex)
    patch-tun 2/none: (patch: peer=patch-int)
    qvo5bd37136-47 6/6: (system)
    qvo95d96a75-a0 3/5: (system)
  br-tun:
    br-tun 65534/3: (internal)
    patch-int 1/none: (patch: peer=patch-tun)
    vxlan-c0a8ff0f 3/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.15)
    vxlan-c0a8ff1a 2/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.26)
[heat-admin@overcloud-novacompute-0 ~]$ 

Nalika kita bisa ndeleng, port ing br-int. Br-int tumindak minangka saklar sing mungkasi bandar mesin virtual. Saliyane qvo95d96a75-a0, port qvo5bd37136-47 katon ing output. Iki minangka port menyang mesin virtual kapindho. Akibaté, diagram kita saiki katon kaya iki:

Pitakonan sing kudu langsung narik minat maca sing ati-ati - apa jembatan linux antarane port mesin virtual lan port OVS? Kasunyatane yaiku kanggo nglindhungi mesin kasebut, klompok keamanan digunakake, sing ora luwih saka iptables. OVS ora bisa digunakake karo iptables, mula "kruk" iki diciptakake. Nanging, iku dadi lungse - lagi diganti dening conntrack ing rilis anyar.

Sing, pungkasane skema katon kaya iki:

Loro mesin ing siji hypervisor ing siji jaringan L2

Amarga loro VM iki dumunung ing jaringan L2 sing padha lan ing hypervisor sing padha, lalu lintas ing antarane loro-lorone bakal logis mili sacara lokal liwat br-int, amarga loro mesin kasebut bakal ana ing VLAN sing padha:

[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh domiflist instance-00000001
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tap95d96a75-a0 bridge     qbr95d96a75-a0 virtio      fa:16:3e:44:98:20

[heat-admin@overcloud-novacompute-0 ~]$ 
[heat-admin@overcloud-novacompute-0 ~]$ 
[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh domiflist instance-00000003
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tap5bd37136-47 bridge     qbr5bd37136-47 virtio      fa:16:3e:83:ad:a4

[heat-admin@overcloud-novacompute-0 ~]$ 
[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-appctl fdb/show br-int 
 port  VLAN  MAC                Age
    6     1  fa:16:3e:83:ad:a4    0
    3     1  fa:16:3e:44:98:20    0
[heat-admin@overcloud-novacompute-0 ~]$ 

Loro mesin ing hypervisor beda ing jaringan L2 padha

Saiki ayo kang ndeleng carane lalu lintas bakal pindhah antarane loro mesin ing jaringan L2 padha, nanging dumunung ing hypervisors beda. Jujur, ora ana sing bakal owah akeh, mung lalu lintas antarane hypervisor bakal ngliwati trowongan vxlan. Ayo padha ndeleng conto.

Alamat mesin virtual ing antarane sing bakal kita deleng lalu lintas:

[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh domiflist instance-00000001
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tap95d96a75-a0 bridge     qbr95d96a75-a0 virtio      fa:16:3e:44:98:20

[heat-admin@overcloud-novacompute-0 ~]$ 

[heat-admin@overcloud-novacompute-1 ~]$ sudo virsh domiflist instance-00000002
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tape7e23f1b-07 bridge     qbre7e23f1b-07 virtio      fa:16:3e:72:ad:53

[heat-admin@overcloud-novacompute-1 ~]$ 

Kita ndeleng tabel penerusan ing br-int ing compute-0:

[heat-admin@overcloud-novacompute-0 ~]$  sudo ovs-appctl fdb/show br-int | grep fa:16:3e:72:ad:53
    2     1  fa:16:3e:72:ad:53    1
[heat-admin@overcloud-novacompute-0 ~]

Lalu lintas kudu pindhah menyang port 2 - ayo ndeleng apa jenis port kasebut:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl show br-int | grep addr
 1(int-br-ex): addr:7e:7f:28:1f:bd:54
 2(patch-tun): addr:0a:bd:07:69:58:d9
 3(qvo95d96a75-a0): addr:ea:50:9a:3d:69:58
 6(qvo5bd37136-47): addr:9a:d1:03:50:3d:96
 LOCAL(br-int): addr:1a:0f:53:97:b1:49
[heat-admin@overcloud-novacompute-0 ~]$

Iki patch-tun - yaiku, antarmuka ing br-tun. Ayo ndeleng apa sing kedadeyan ing paket ing br-tun:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl dump-flows br-tun | grep fa:16:3e:72:ad:53
 cookie=0x8759a56536b67a8e, duration=1387.959s, table=20, n_packets=1460, n_bytes=138880, hard_timeout=300, idle_age=0, hard_age=0, priority=1,vlan_tci=0x0001/0x0fff,dl_dst=fa:16:3e:72:ad:53 actions=load:0->NXM_OF_VLAN_TCI[],load:0x16->NXM_NX_TUN_ID[],output:2
[heat-admin@overcloud-novacompute-0 ~]$ 

Paket kasebut dikemas ing VxLAN lan dikirim menyang port 2. Ayo ndeleng ing ngendi port 2 ndadékaké:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl show br-tun | grep addr   
 1(patch-int): addr:b2:d1:f8:21:96:66
 2(vxlan-c0a8ff1a): addr:be:64:1f:75:78:a7
 3(vxlan-c0a8ff0f): addr:76:6f:b9:3c:3f:1c
 LOCAL(br-tun): addr:a2:5b:6d:4f:94:47
[heat-admin@overcloud-novacompute-0 ~]$

Iki minangka terowongan vxlan ing compute-1:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-appctl dpif/show | egrep vxlan-c0a8ff1a
    vxlan-c0a8ff1a 2/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.26)
[heat-admin@overcloud-novacompute-0 ~]$

Ayo menyang komputasi-1 lan ndeleng apa sing kedadeyan ing paket kasebut:

[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-appctl fdb/show br-int | egrep fa:16:3e:44:98:20
    2     1  fa:16:3e:44:98:20    1
[heat-admin@overcloud-novacompute-1 ~]$ 

Mac ana ing tabel penerusan br-int ing compute-1, lan kaya sing bisa dideleng saka output ing ndhuwur, katon liwat port 2, yaiku port menyang br-tun:

[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-ofctl show br-int | grep addr   
 1(int-br-ex): addr:8a:d7:f9:ad:8c:1d
 2(patch-tun): addr:46:cc:40:bd:20:da
 3(qvoe7e23f1b-07): addr:12:78:2e:34:6a:c7
 4(qvo3210e8ec-c0): addr:7a:5f:59:75:40:85
 LOCAL(br-int): addr:e2:27:b2:ed:14:46

Ya, banjur kita weruh yen ing br-int ing compute-1 ana poppy tujuan:

[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-appctl fdb/show br-int | egrep fa:16:3e:72:ad:53
    3     1  fa:16:3e:72:ad:53    0
[heat-admin@overcloud-novacompute-1 ~]$ 

Yaiku, paket sing ditampa bakal mabur menyang port 3, sing wis ana mesin virtual conto-00000003.

Kaendahan saka deploying Openstack kanggo sinau ing infrastruktur virtual iku kita bisa gampang dijupuk lalu lintas antarane hypervisors lan ndeleng apa mengkono karo. Iki sing bakal ditindakake saiki, mbukak tcpdump ing port vnet menyang compute-0:

[root@hp-gen9 bormoglotx]# tcpdump -vvv -i vnet3
tcpdump: listening on vnet3, link-type EN10MB (Ethernet), capture size 262144 bytes

*****************omitted*******************

04:39:04.583459 IP (tos 0x0, ttl 64, id 16868, offset 0, flags [DF], proto UDP (17), length 134)
    192.168.255.19.39096 > 192.168.255.26.4789: [no cksum] VXLAN, flags [I] (0x08), vni 22
IP (tos 0x0, ttl 64, id 8012, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.1.85 > 10.0.1.88: ICMP echo request, id 5634, seq 16, length 64
04:39:04.584449 IP (tos 0x0, ttl 64, id 35181, offset 0, flags [DF], proto UDP (17), length 134)
    192.168.255.26.speedtrace-disc > 192.168.255.19.4789: [no cksum] VXLAN, flags [I] (0x08), vni 22
IP (tos 0x0, ttl 64, id 59124, offset 0, flags [none], proto ICMP (1), length 84)
    10.0.1.88 > 10.0.1.85: ICMP echo reply, id 5634, seq 16, length 64
	
*****************omitted*******************

Baris pisanan nuduhake yen Patek saka alamat 10.0.1.85 menyang alamat 10.0.1.88 (lalu lintas ICMP), lan wis kebungkus ing paket VxLAN karo vni 22 lan paket dadi saka inang 192.168.255.19 (komputasi-0) kanggo inang 192.168.255.26. .1 ( ngitung-XNUMX). Kita bisa mriksa sing VNI cocog karo sing ditemtokake ing ovs.

Ayo bali menyang baris iki actions=load:0->NXM_OF_VLAN_TCI[],load:0x16->NXM_NX_TUN_ID[],output:2. 0x16 punika vni ing sistem nomer heksadesimal. Ayo ngowahi nomer iki menyang sistem kaping 16:

16 = 6*16^0+1*16^1 = 6+16 = 22

Tegese, vni cocog karo kasunyatan.

Baris kapindho nuduhake lalu lintas bali, uga, ora ana gunane kanggo nerangake, kabeh wis jelas.

Loro mesin ing jaringan sing beda (rute antar jaringan)

Kasus pungkasan kanggo dina iki yaiku nuntun antarane jaringan ing siji proyek nggunakake router virtual. Kita nimbang kasus tanpa DVR (kita bakal katon ing artikel liyane), supaya nuntun ana ing simpul jaringan. Ing kasus kita, simpul jaringan ora diselehake ing entitas sing kapisah lan dumunung ing simpul kontrol.

Pisanan, ayo ndeleng manawa rute kasebut bisa digunakake:

$ ping 10.0.2.8
PING 10.0.2.8 (10.0.2.8): 56 data bytes
64 bytes from 10.0.2.8: seq=0 ttl=63 time=7.727 ms
64 bytes from 10.0.2.8: seq=1 ttl=63 time=3.832 ms
^C
--- 10.0.2.8 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 3.832/5.779/7.727 ms

Amarga ing kasus iki, paket kasebut kudu pindhah menyang gateway lan diarahake menyang kana, kita kudu ngerteni alamat poppy gateway, sing katon ing tabel ARP ing conto:

$ arp
host-10-0-1-254.openstacklocal (10.0.1.254) at fa:16:3e:c4:64:70 [ether]  on eth0
host-10-0-1-1.openstacklocal (10.0.1.1) at fa:16:3e:e6:2c:5c [ether]  on eth0
host-10-0-1-90.openstacklocal (10.0.1.90) at fa:16:3e:83:ad:a4 [ether]  on eth0
host-10-0-1-88.openstacklocal (10.0.1.88) at fa:16:3e:72:ad:53 [ether]  on eth0

Saiki ayo ndeleng ngendi lalu lintas karo tujuan (10.0.1.254) fa:16:3e:c4:64:70 kudu dikirim:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-appctl fdb/show br-int | egrep fa:16:3e:c4:64:70
    2     1  fa:16:3e:c4:64:70    0
[heat-admin@overcloud-novacompute-0 ~]$ 

Ayo ndeleng ing ngendi port 2 mimpin:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl show br-int | grep addr
 1(int-br-ex): addr:7e:7f:28:1f:bd:54
 2(patch-tun): addr:0a:bd:07:69:58:d9
 3(qvo95d96a75-a0): addr:ea:50:9a:3d:69:58
 6(qvo5bd37136-47): addr:9a:d1:03:50:3d:96
 LOCAL(br-int): addr:1a:0f:53:97:b1:49
[heat-admin@overcloud-novacompute-0 ~]$ 

Kabeh iku logis, lalu lintas menyang br-tun. Ayo ndeleng terowongan vxlan sing bakal dibungkus:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl dump-flows br-tun | grep fa:16:3e:c4:64:70
 cookie=0x8759a56536b67a8e, duration=3514.566s, table=20, n_packets=3368, n_bytes=317072, hard_timeout=300, idle_age=0, hard_age=0, priority=1,vlan_tci=0x0001/0x0fff,dl_dst=fa:16:3e:c4:64:70 actions=load:0->NXM_OF_VLAN_TCI[],load:0x16->NXM_NX_TUN_ID[],output:3
[heat-admin@overcloud-novacompute-0 ~]$ 

Port katelu yaiku trowongan vxlan:

[heat-admin@overcloud-controller-0 ~]$ sudo ovs-ofctl show br-tun | grep addr
 1(patch-int): addr:a2:69:00:c5:fa:ba
 2(vxlan-c0a8ff1a): addr:86:f0:ce:d0:e8:ea
 3(vxlan-c0a8ff13): addr:72:aa:73:2c:2e:5b
 LOCAL(br-tun): addr:a6:cb:cd:72:1c:45
[heat-admin@overcloud-controller-0 ~]$ 

Sing katon ing simpul kontrol:

[heat-admin@overcloud-controller-0 ~]$ sudo sudo ovs-appctl dpif/show | grep vxlan-c0a8ff1a
    vxlan-c0a8ff1a 2/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.26)
[heat-admin@overcloud-controller-0 ~]$ 

Lalu lintas wis tekan simpul kontrol, dadi kita kudu pindhah menyang lan ndeleng carane nuntun bakal kelakon.

Nalika sampeyan ngelingi, simpul kontrol ing jero katon padha karo simpul komputasi - telung kreteg sing padha, mung br-ex duwe port fisik ing ngendi simpul kasebut bisa ngirim lalu lintas ing njaba. Penciptaan instan ngganti konfigurasi ing simpul komputasi - jembatan linux, iptables lan antarmuka ditambahake menyang simpul. Nggawe jaringan lan router virtual uga ninggalake tandha ing konfigurasi simpul kontrol.

Dadi, ketok yen alamat MAC gateway kudu ana ing tabel penerusan br-int ing simpul kontrol. Ayo priksa manawa ana ing kono lan ing endi katon:

[heat-admin@overcloud-controller-0 ~]$ sudo ovs-appctl fdb/show br-int | grep fa:16:3e:c4:64:70
    5     1  fa:16:3e:c4:64:70    1
[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-controller-0 ~]$  sudo ovs-ofctl show br-int | grep addr
 1(int-br-ex): addr:2e:58:b6:db:d5:de
 2(patch-tun): addr:06:41:90:f0:9e:56
 3(tapca25a97e-64): addr:fa:16:3e:e6:2c:5c
 4(tap22015e46-0b): addr:fa:16:3e:76:c2:11
 5(qr-0c52b15f-8f): addr:fa:16:3e:c4:64:70
 6(qr-92fa49b5-54): addr:fa:16:3e:80:13:72
 LOCAL(br-int): addr:06:de:5d:ed:44:44
[heat-admin@overcloud-controller-0 ~]$ 

Mac katon saka port qr-0c52b15f-8f. Yen kita bali menyang dhaptar bandar virtual ing Openstack, jinis port iki digunakake kanggo nyambungake macem-macem piranti virtual kanggo OVS. Kanggo luwih tepat, qr minangka port menyang router virtual, sing dituduhake minangka ruang jeneng.

Ayo ndeleng apa namespaces ing server:

[heat-admin@overcloud-controller-0 ~]$ sudo  ip netns
qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe (id: 2)
qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638 (id: 1)
qdhcp-67a3798c-32c0-4c18-8502-2531247e3cc2 (id: 0)
[heat-admin@overcloud-controller-0 ~]$ 

Nganti telung salinan. Nanging miturut jeneng, sampeyan bisa ngira tujuane saben wong. Kita bakal bali menyang conto karo ID 0 lan 1 mengko, saiki kita kasengsem ing namespace qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe:

[heat-admin@overcloud-controller-0 ~]$ sudo  ip netns exec qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe ip route
10.0.1.0/24 dev qr-0c52b15f-8f proto kernel scope link src 10.0.1.254 
10.0.2.0/24 dev qr-92fa49b5-54 proto kernel scope link src 10.0.2.254 
[heat-admin@overcloud-controller-0 ~]$ 

Ruang jeneng iki ngemot loro internal sing digawe sadurunge. Loro-lorone bandar virtual wis ditambahake menyang br-int. Ayo dipriksa alamat mac port qr-0c52b15f-8f, amarga lalu lintas, miturut alamat mac tujuan, menyang antarmuka iki.

[heat-admin@overcloud-controller-0 ~]$ sudo  ip netns exec qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe ifconfig qr-0c52b15f-8f
qr-0c52b15f-8f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 10.0.1.254  netmask 255.255.255.0  broadcast 10.0.1.255
        inet6 fe80::f816:3eff:fec4:6470  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:c4:64:70  txqueuelen 1000  (Ethernet)
        RX packets 5356  bytes 427305 (417.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5195  bytes 490603 (479.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[heat-admin@overcloud-controller-0 ~]$ 

Yaiku, ing kasus iki, kabeh tumindak miturut hukum rute standar. Wiwit lalu lintas wis ditemtokake kanggo host 10.0.2.8, kudu metu saka antarmuka kapindho qr-92fa49b5-54 lan liwat trowongan vxlan menyang simpul komputasi:

[heat-admin@overcloud-controller-0 ~]$ sudo  ip netns exec qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe arp
Address                  HWtype  HWaddress           Flags Mask            Iface
10.0.1.88                ether   fa:16:3e:72:ad:53   C                     qr-0c52b15f-8f
10.0.1.90                ether   fa:16:3e:83:ad:a4   C                     qr-0c52b15f-8f
10.0.2.8                 ether   fa:16:3e:6c:ad:9c   C                     qr-92fa49b5-54
10.0.2.42                ether   fa:16:3e:f5:0b:29   C                     qr-92fa49b5-54
10.0.1.85                ether   fa:16:3e:44:98:20   C                     qr-0c52b15f-8f
[heat-admin@overcloud-controller-0 ~]$ 

Kabeh iku logis, ora surprises. Ayo ndeleng ing ngendi alamat poppy host 10.0.2.8 katon ing br-int:

[heat-admin@overcloud-controller-0 ~]$ sudo ovs-appctl fdb/show br-int | grep fa:16:3e:6c:ad:9c
    2     2  fa:16:3e:6c:ad:9c    1
[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-controller-0 ~]$ sudo ovs-ofctl show br-int | grep addr
 1(int-br-ex): addr:2e:58:b6:db:d5:de
 2(patch-tun): addr:06:41:90:f0:9e:56
 3(tapca25a97e-64): addr:fa:16:3e:e6:2c:5c
 4(tap22015e46-0b): addr:fa:16:3e:76:c2:11
 5(qr-0c52b15f-8f): addr:fa:16:3e:c4:64:70
 6(qr-92fa49b5-54): addr:fa:16:3e:80:13:72
 LOCAL(br-int): addr:06:de:5d:ed:44:44
[heat-admin@overcloud-controller-0 ~]$ 

Kaya sing diarep-arep, lalu lintas menyang br-tun, ayo ndeleng trowongan endi sing bakal dituju:

[heat-admin@overcloud-controller-0 ~]$ sudo ovs-ofctl dump-flows br-tun | grep fa:16:3e:6c:ad:9c
 cookie=0x2ab04bf27114410e, duration=5346.829s, table=20, n_packets=5248, n_bytes=498512, hard_timeout=300, idle_age=0, hard_age=0, priority=1,vlan_tci=0x0002/0x0fff,dl_dst=fa:16:3e:6c:ad:9c actions=load:0->NXM_OF_VLAN_TCI[],load:0x63->NXM_NX_TUN_ID[],output:2
[heat-admin@overcloud-controller-0 ~]$
[heat-admin@overcloud-controller-0 ~]$ sudo ovs-ofctl show br-tun | grep addr
 1(patch-int): addr:a2:69:00:c5:fa:ba
 2(vxlan-c0a8ff1a): addr:86:f0:ce:d0:e8:ea
 3(vxlan-c0a8ff13): addr:72:aa:73:2c:2e:5b
 LOCAL(br-tun): addr:a6:cb:cd:72:1c:45
[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-controller-0 ~]$ sudo sudo ovs-appctl dpif/show | grep vxlan-c0a8ff1a
    vxlan-c0a8ff1a 2/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.26)
[heat-admin@overcloud-controller-0 ~]$ 

Lalu lintas menyang trowongan kanggo ngitung-1. Ya, ing komputasi-1 kabeh gampang - saka br-tun paket kasebut menyang br-int lan saka ing kana menyang antarmuka mesin virtual:

[heat-admin@overcloud-controller-0 ~]$ sudo sudo ovs-appctl dpif/show | grep vxlan-c0a8ff1a
    vxlan-c0a8ff1a 2/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.26)
[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-appctl fdb/show br-int | grep fa:16:3e:6c:ad:9c
    4     2  fa:16:3e:6c:ad:9c    1
[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-ofctl show br-int | grep addr                  
 1(int-br-ex): addr:8a:d7:f9:ad:8c:1d
 2(patch-tun): addr:46:cc:40:bd:20:da
 3(qvoe7e23f1b-07): addr:12:78:2e:34:6a:c7
 4(qvo3210e8ec-c0): addr:7a:5f:59:75:40:85
 LOCAL(br-int): addr:e2:27:b2:ed:14:46
[heat-admin@overcloud-novacompute-1 ~]$ 

Ayo priksa manawa iki pancen antarmuka sing bener:

[heat-admin@overcloud-novacompute-1 ~]$ brctl show
bridge name     bridge id               STP enabled     interfaces
docker0         8000.02429c001e1c       no
qbr3210e8ec-c0          8000.ea27f45358be       no              qvb3210e8ec-c0
                                                        tap3210e8ec-c0
qbre7e23f1b-07          8000.b26ac0eded8a       no              qvbe7e23f1b-07
                                                        tape7e23f1b-07
[heat-admin@overcloud-novacompute-1 ~]$ 
[heat-admin@overcloud-novacompute-1 ~]$ sudo virsh domiflist instance-00000004
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tap3210e8ec-c0 bridge     qbr3210e8ec-c0 virtio      fa:16:3e:6c:ad:9c

[heat-admin@overcloud-novacompute-1 ~]$

Bener, kita ngliwati paket kasebut. Aku sampeyan ngeweruhi sing lalu lintas liwat trowongan vxlan beda lan metu karo VNI beda. Ayo ndeleng apa jenis VNI iki, sawise kita bakal ngumpulake dump ing port kontrol simpul lan priksa manawa lalu lintas mili persis kaya sing kasebut ing ndhuwur.
Dadi, trowongan kanggo ngitung-0 duwe tumindak ing ngisor iki = beban: 0->NXM_OF_VLAN_TCI [], beban: 0x16-> NXM_NX_TUN_ID [], output:3. Ngonversi 0x16 menyang sistem angka desimal:

0x16 = 6*16^0+1*16^1 = 6+16 = 22

Trowongan kanggo ngitung-1 nduweni VNI ing ngisor iki: actions = load: 0->NXM_OF_VLAN_TCI [],load: 0x63->NXM_NX_TUN_ID[],output:2. Ngonversi 0x63 menyang sistem angka desimal:

0x63 = 3*16^0+6*16^1 = 3+96 = 99

Nah, saiki ayo ndeleng dump:

[root@hp-gen9 bormoglotx]# tcpdump -vvv -i vnet4 
tcpdump: listening on vnet4, link-type EN10MB (Ethernet), capture size 262144 bytes

*****************omitted*******************

04:35:18.709949 IP (tos 0x0, ttl 64, id 48650, offset 0, flags [DF], proto UDP (17), length 134)
    192.168.255.19.41591 > 192.168.255.15.4789: [no cksum] VXLAN, flags [I] (0x08), vni 22
IP (tos 0x0, ttl 64, id 49042, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.1.85 > 10.0.2.8: ICMP echo request, id 5378, seq 9, length 64
04:35:18.710159 IP (tos 0x0, ttl 64, id 23360, offset 0, flags [DF], proto UDP (17), length 134)
    192.168.255.15.38983 > 192.168.255.26.4789: [no cksum] VXLAN, flags [I] (0x08), vni 99
IP (tos 0x0, ttl 63, id 49042, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.1.85 > 10.0.2.8: ICMP echo request, id 5378, seq 9, length 64
04:35:18.711292 IP (tos 0x0, ttl 64, id 43596, offset 0, flags [DF], proto UDP (17), length 134)
    192.168.255.26.42588 > 192.168.255.15.4789: [no cksum] VXLAN, flags [I] (0x08), vni 99
IP (tos 0x0, ttl 64, id 55103, offset 0, flags [none], proto ICMP (1), length 84)
    10.0.2.8 > 10.0.1.85: ICMP echo reply, id 5378, seq 9, length 64
04:35:18.711531 IP (tos 0x0, ttl 64, id 8555, offset 0, flags [DF], proto UDP (17), length 134)
    192.168.255.15.38983 > 192.168.255.19.4789: [no cksum] VXLAN, flags [I] (0x08), vni 22
IP (tos 0x0, ttl 63, id 55103, offset 0, flags [none], proto ICMP (1), length 84)
    10.0.2.8 > 10.0.1.85: ICMP echo reply, id 5378, seq 9, length 64
	
*****************omitted*******************

Paket pisanan yaiku paket vxlan saka host 192.168.255.19 (komputasi-0) dadi host 192.168.255.15 (kontrol-1) karo vni 22, ing njero paket ICMP dikemas saka host 10.0.1.85 dadi host 10.0.2.8. Nalika kita diwilang ndhuwur, vni cocog apa kita weruh ing output.

Paket kapindho yaiku paket vxlan saka host 192.168.255.15 (kontrol-1) dadi host 192.168.255.26 (komputasi-1) karo vni 99, ing njero paket ICMP dikemas saka host 10.0.1.85 dadi host 10.0.2.8. Nalika kita diwilang ndhuwur, vni cocog apa kita weruh ing output.

Loro paket sabanjuré bali lalu lintas saka 10.0.2.8 ora 10.0.1.85.

Yaiku, ing pungkasan kita entuk skema simpul kontrol ing ngisor iki:

Katon kaya ngono? Kita lali babagan rong ruang jeneng:

[heat-admin@overcloud-controller-0 ~]$ sudo  ip netns
qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe (id: 2)
qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638 (id: 1)
qdhcp-67a3798c-32c0-4c18-8502-2531247e3cc2 (id: 0)
[heat-admin@overcloud-controller-0 ~]$ 

Nalika kita ngomong babagan arsitektur platform maya, luwih apik yen mesin nampa alamat kanthi otomatis saka server DHCP. Iki loro server DHCP kanggo loro jaringan kita 10.0.1.0/24 lan 10.0.2.0/24.

Ayo priksa manawa iki bener. Mung ana siji alamat ing namespace iki - 10.0.1.1 - alamat server DHCP dhewe, lan uga kalebu ing br-int:

[heat-admin@overcloud-controller-0 ~]$ sudo ip netns exec qdhcp-67a3798c-32c0-4c18-8502-2531247e3cc2 ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 1  bytes 28 (28.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1  bytes 28 (28.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tapca25a97e-64: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 10.0.1.1  netmask 255.255.255.0  broadcast 10.0.1.255
        inet6 fe80::f816:3eff:fee6:2c5c  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:e6:2c:5c  txqueuelen 1000  (Ethernet)
        RX packets 129  bytes 9372 (9.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 49  bytes 6154 (6.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Ayo ndeleng manawa pangolahan ngemot qdhcp-67a3798c-32c0-4c18-8502-2531247e3cc2 ing jenenge ing simpul kontrol:

[heat-admin@overcloud-controller-0 ~]$ ps -aux | egrep qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638 
root      640420  0.0  0.0   4220   348 ?        Ss   11:31   0:00 dumb-init --single-child -- ip netns exec qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638 /usr/sbin/dnsmasq -k --no-hosts --no-resolv --pid-file=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/host --addn-hosts=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/opts --dhcp-leasefile=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/leases --dhcp-match=set:ipxe,175 --local-service --bind-dynamic --dhcp-range=set:subnet-335552dd-b35b-456b-9df0-5aac36a3ca13,10.0.2.0,static,255.255.255.0,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=256 --conf-file= --domain=openstacklocal
heat-ad+  951620  0.0  0.0 112944   980 pts/0    S+   18:50   0:00 grep -E --color=auto qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638
[heat-admin@overcloud-controller-0 ~]$ 

Ana proses kasebut lan adhedhasar informasi sing ditampilake ing output ing ndhuwur, kita bisa, contone, ndeleng apa sing saiki disewakake:

[heat-admin@overcloud-controller-0 ~]$ cat /var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/leases
1597492111 fa:16:3e:6c:ad:9c 10.0.2.8 host-10-0-2-8 01:fa:16:3e:6c:ad:9c
1597491115 fa:16:3e:76:c2:11 10.0.2.1 host-10-0-2-1 *
[heat-admin@overcloud-controller-0 ~]$

Akibaté, kita entuk set layanan ing ngisor iki ing simpul kontrol:

Elingi - iki mung 4 mesin, 2 jaringan internal lan siji router virtual. router mbagekke dipateni, lan ing pungkasan Sawise kabeh, ana mung siji simpul kontrol ing bench test (kanggo toleransi fault kudu kuorum telung kelenjar). Iku logis yen ing commerce kabeh "sethitik" luwih rumit, nanging ing conto prasaja iki kita ngerti carane kudu bisa - apa sampeyan duwe 3 utawa 300 namespaces mesthi penting, nanging saka sudut pandang saka operasi kabeh. struktur, boten bakal ngganti akeh ... sanadyan nganti sampeyan ora plug ing sawetara vendor SDN. Nanging kuwi crita sing beda.

Mugi iku menarik. Yen sampeyan duwe komentar / tambahan, utawa nang endi wae aku langsung ngapusi (aku manungsa lan pendapatku mesthi subyektif) - tulis apa sing kudu didandani / ditambahake - kita bakal mbenerake / nambah kabeh.

Ing kesimpulan, aku arep ngomong sawetara tembung babagan mbandhingake Openstack (loro vanilla lan vendor) karo solusi maya saka VMWare - Aku wis takon pitakonan iki asring banget liwat sawetara taun kepungkur lan, terus terang, aku wis kesel, nanging isih. Ing mratelakake panemume, iku angel banget kanggo mbandhingaké loro solusi iki, nanging kita mesthi bisa ngomong sing ana cacat ing loro solusi lan nalika milih siji solusi sampeyan kudu nimbang pros lan cons.

Yen OpenStack minangka solusi sing didhukung komunitas, mula VMWare duwe hak kanggo nindakake apa sing dikarepake (waca - apa sing nguntungake) lan iki logis - amarga iku perusahaan komersial sing digunakake kanggo nggawe dhuwit saka klien. Nanging ana siji gedhe lan lemak TAPI - sampeyan bisa njaluk mati OpenStack, contone saka Nokia, lan karo sethitik beyo ngalih menyang solusi saka, contone, Juniper (Contrail Cloud), nanging sampeyan ora kamungkinan kanggo bisa kanggo njaluk mati VMWare. . Kanggo kula, loro solusi iki katon kaya iki - Openstack (vendor) kandhang prasaja sing sijine, nanging sampeyan duwe tombol lan sampeyan bisa ninggalake nalika sembarang. VMWare minangka kandhang emas, pemilik nduweni kunci kandhang lan bakal biaya akeh.

Aku ora promosi salah siji produk pisanan utawa kaloro - sampeyan milih apa sing perlu. Nanging yen aku duwe pilihan kuwi, Aku bakal milih loro solusi - VMWare kanggo IT maya (muatan kurang, Manajemen gampang), OpenStack saka sawetara vendor (Nokia lan Juniper nyedhiyani solusi turnkey apik banget) - kanggo maya Telecom. Aku ora bakal nggunakake Openstack kanggo IT murni - iku kaya sparrows shooting karo mriem, nanging aku ora weruh contraindications kanggo nggunakake liyane saka redundansi. Nanging, nggunakake VMWare ing telekomunikasi kaya ngangkut watu remuk ing Ford Raptor - pancen apik saka njaba, nanging sopir kudu nggawe 10 lelungan tinimbang siji.

Ing mratelakake panemume, kerugian paling gedhe saka VMWare yaiku ketertutupan lengkap - perusahaan ora bakal menehi informasi babagan cara kerjane, contone, vSAN utawa apa sing ana ing kernel hypervisor - mung ora nguntungake - yaiku, sampeyan bakal ora tau dadi pakar ing VMWare - tanpa dhukungan vendor, sampeyan bakal ditakoni (asring banget aku ketemu ahli VMWare sing bingung karo pitakonan sing ora pati penting). Kanggo kula, VMWare tuku mobil kanthi hood dikunci - ya, sampeyan bisa uga duwe spesialis sing bisa ngganti timing belt, nanging mung sing adol sampeyan solusi iki sing bisa mbukak hood. Secara pribadi, aku ora seneng karo solusi sing aku ora bisa pas. Sampeyan bakal ngomong yen sampeyan ora kudu pindhah ing hood. Ya, iki bisa uga, nanging aku bakal ndeleng sampeyan nalika sampeyan kudu ngumpulake fungsi gedhe ing méga saka 20-30 mesin virtual, 40-50 jaringan, setengah sing pengin metu, lan separo kapindho njaluk Akselerasi SR-IOV, yen ora, sampeyan butuh luwih saka sawetara rolas mobil iki - yen kinerja ora cukup.

Ana sudut pandang liyane, dadi mung sampeyan sing bisa mutusake apa sing kudu dipilih lan, sing paling penting, sampeyan bakal tanggung jawab kanggo pilihan sampeyan. Iki mung mratelakake panemume - wong sing wis ndeleng lan kena ing paling 4 produk - Nokia, Juniper, Red Hat lan VMWare. Sing, aku duwe soko kanggo mbandhingaké karo.

Source: www.habr.com