Hordhac qaybta shabakadda ee kaabayaasha daruuraha

Xisaabinta daruurtu waxay si qoto dheer oo qoto dheer u sii galaysaa nolosheena waxaana laga yaabaa in aanu jirin hal qof oo aan isticmaalin wax adeeg daruur ah ugu yaraan hal mar. Si kastaba ha ahaatee, waxa dhabta ah ee daruurtu tahay iyo sida ay u shaqeyso, dad yar ayaa yaqaan, xitaa heerka fikradda. 5G waxay mar hore noqotay xaqiiqo iyo kaabayaasha isgaadhsiinta ayaa bilaabay inay ka guuraan xalalka tiirarka una guuraan xalalka daruuraha, sida ay samaysay markii ay ka guurtay xalal qalabaysan oo dhamaystiran oo loo yaqaan "tiirarka".

Maanta waxaan ka hadli doonaa adduunka gudaha ee kaabayaasha daruuriga ah, gaar ahaan waxaan eegi doonaa aasaaska qaybta shabakadda.

Waa maxay daruurtu? Maqaal la mid ah - aragtida profile?

In ka badan su'aal macquul ah. Maya - tani maaha wax-ku-oolnimada, inkasta oo aan la samayn karin la'aanteed. Aynu eegno laba qeexitaan:

Cloud Computing (kadib loo yaqaan Cloud) waa tusaale loogu talagalay siinta adeegsi-saaxiibtinimo helitaanka agab xisaabeed la qaybiyey oo ay tahay in la geeyo oo la bilaabo baahida iyadoo leh daahitaanka ugu hooseeya ee suurtogalka ah iyo kharashka ugu yar ee adeeg bixiyaha.

Farsamaynta - tani waa awooda lagu kala qaybiyo hal hay'ad jireed (tusaale ahaan, server) dhowr kuwa casriga ah, taas oo kordhinaysa isticmaalka agabka (tusaale ahaan, waxaad haysatay 3 server oo lagu soo raray 25-30 boqolkiiba, ka dib markii la sawiro waxaad helaysaa 1 server oo raran. boqolkiiba 80-90). Dabiiciga ah, qiyamku wuxuu cunaa qaar ka mid ah kheyraadka - waxaad u baahan tahay inaad quudiso hypervisor-ka, si kastaba ha ahaatee, sida dhaqanku muujiyay, ciyaartu waxay u qalantaa shumaca. Tusaalaha ugu habboon ee wax-ku-oolka ah waa VMWare, kaas oo si fiican u diyaariya mashiinnada farsamada, ama tusaale ahaan KVM, oo aan doorbido, laakiin tani waa arrin dhadhan.

Waxaan isticmaalnaa wax-ku-oolnimada anagoon ogaanin, iyo xitaa router-yada birta ah waxay horeyba u isticmaaleen wax-ku-oolnimo - tusaale ahaan, noocii ugu dambeeyay ee JunOS, nidaamka qalliinka waxaa lagu rakibay mashiinka farsamada dusha sare ee qaybinta Linux-waqtiga-dhabta ah (Wind River 9). Laakin qiyamku maaha daruurta, laakiin daruurtu ma jiri karto la'aanteed.

Virtualization waa mid ka mid ah dhismayaasha ay daruurtu ku dhisan tahay.

Samaynta daruur iyada oo si fudud u ururinaysa dhawr hypervisors hal domain L2, ku daraya dhawr buug oo yaml ah si ay si toos ah u diiwaan geliso vlans iyada oo loo marayo nooc ka mid ah wax macquul ah oo isku dhejinaya shay sida nidaamka orchestration oo dhan si toos ah u abuurista mashiinnada farsamada ma shaqeyn doono. Waxay noqon doontaa mid sax ah, laakiin natiijada Frankenstein maaha daruurtii aan u baahanahay, inkastoo laga yaabo inay u noqoto riyada ugu dambeysa ee kuwa kale. Intaa waxaa dheer, haddii aad qaadato isla Opentack, asal ahaan wali waa Frankenstein, laakiin si fiican, yaynaan hadda ka hadlin taas.

Laakiin waxaan fahamsanahay in qeexida kor lagu soo bandhigay aysan si buuxda u caddayn waxa dhab ahaantii loogu yeeri karo daruur.

Sidaa darteed, dukumeenti ka timid NIST (Machadka Qaranka ee Heerarka iyo Tignoolajiyada) wuxuu bixiyaa 5 sifo oo muhiim ah oo kaabayaasha daruuraha ay tahay inay lahaadaan:

Bixinta adeegga marka la codsado. Isticmaalaha waa in si bilaash ah loo siiyaa agabka kumbuyuutarka ee loo qoondeeyay (sida shabakadaha, disksyada farsamada, xusuusta, kombuyuutarrada processor-ka, iwm.), agabyadaasna waa in si toos ah loo bixiyaa - taas oo ah, iyada oo aan faragelin laga helin adeeg bixiyaha.

Helitaanka adeegga ballaaran. Helitaanka agabka waa in lagu bixiyaa habab caadi ah si loogu ogolaado isticmaalka PC-yada caadiga ah iyo macaamiisha khafiifka ah iyo aaladaha mobilada.

Isku-darka agabka barkadaha. Barkadaha kheyraadka waa in ay awoodaan in ay isku mar siiyaan kheyraadka macaamiil badan, hubinta in macaamiishu ay go'doonsan yihiin oo ay xor ka yihiin saameyn wadaaga iyo tartanka kheyraadka. Shabakadaha ayaa sidoo kale lagu daray barkadaha, taas oo muujinaysa suurtagalnimada isticmaalka ciwaanka is dul saaran. Barkaduhu waa inay awoodaan inay cabbiraan baahida. Isticmaalka barkadaha ayaa suurtogal ka dhigaya in la bixiyo heerka lagama maarmaanka ah ee dulqaadka khaladaadka kheyraadka iyo ka-soo-baxa kheyraadka jireed iyo kuwa casriga ah - qaataha adeegga waxaa si fudud loo siiyaa agabka uu codsaday (halkaas oo agabyadani ay ku yaalaan jir ahaan, inta ay le'eg yihiin server-yada iyo furayaasha - wax dhib ah kuma laha macmiilka). Si kastaba ha ahaatee, waa in aan xisaabta ku darnaa xaqiiqda ah in bixiyayaasha ay tahay in ay hubiyaan boos celinta hufan ee kheyraadkan.

La qabsiga degdega ah ee xaaladaha kala duwan. Adeegyadu waa inay ahaadaan kuwo dabacsan - bixinta degdegga ah ee agabka, dib-u-qaybintooda, ku-darka ama yaraynta agabka codsiga macmiilka, iyo dhinaca macmiilka waa in la dareemo in agabka daruurtu aanay dhammaanayn. Si loo fududeeyo fahamka, tusaale ahaan, ma arkaysid digniin ah in qayb ka mid ah meesha diskooga ee Apple iCloud ay luntay sababtoo ah darawalka adag ee server-ka ayaa jabay, darawaladuna way jabaan. Intaa waxaa dheer, dhinacaaga, suurtagalnimada adeeggan waa mid aan xad lahayn - waxaad u baahan tahay 2 TB - dhib malahan, waad bixisay oo aad heshay. Tusaalaha la midka ah waxaa lagu siin karaa Google.Drive ama Yandex.Disk.

Suurtagalnimada in la cabbiro adeegga la bixiyo. Nidaamyada daruuruhu waa inay si toos ah u xakameeyaan oo ay hagaajiyaan ilaha la isticmaalo, hababkani waa inay ahaadaan kuwo hufan oo isticmaala iyo adeeg bixiyaha labadaba. Taasi waa, waxaad had iyo jeer hubin kartaa inta agab adiga iyo macaamiishaadu aad isticmaalaysaan.

Waxaa habboon in la tixgeliyo xaqiiqda ah in shuruudahan ay inta badan yihiin shuruudaha daruuraha dadweynaha, sidaas darteed daruur gaar ah (taas oo ah, daruur la bilaabay baahida gudaha ee shirkadda), shuruudahan ayaa wax yar la hagaajin karaa. Si kastaba ha ahaatee, weli waa in la sameeyaa, haddii kale ma heli doono dhammaan faa'iidooyinka xisaabinta daruuraha.

Maxaynu ugu baahanahay daruur?

Si kastaba ha noqotee, tignoolajiyad kasta oo cusub ama jirta, borotokool kasta oo cusub ayaa loo abuuray shay (si fiican, marka laga reebo RIP-ng, dabcan). Qofna uma baahna borotokool dartiis hab maamuuska (si fiican, marka laga reebo RIP-ng, dabcan). Waa macquul in Cloud loo abuuray si ay u siiso adeegaha/macmiilka nooc ka mid ah adeegaha. Dhammaanteen waan ognahay ugu yaraan dhowr adeeg oo daruur ah, tusaale ahaan Dropbox ama Google.Docs, waxaanan aaminsanahay in dadka intooda badan ay si guul leh u isticmaalaan - tusaale ahaan, maqaalkan waxaa la qoray iyadoo la adeegsanayo adeegga Google.Docs. Laakiin adeegyada daruuriga ah ee aan ognahay waa qayb ka mid ah awoodaha daruuraha-si sax ah, waxay yihiin kaliya adeegga nooca SaaS. Waxaan ku bixin karnaa adeegga daruuraha saddex siyaabood: qaab SaaS, PaaS ama IaaS. Adeegga aad u baahan tahay waxay ku xidhan tahay rabitaankaaga iyo kartidaada.

Aan mid walba u eegno sida ay u kala horreeyaan:

Software ahaan adeeg (SaaS) waa tusaale loogu talagalay bixinta adeeg dhamaystiran macmiilka, tusaale ahaan, adeegga iimaylka sida Yandex.Mail ama Gmail. Habkan adeeg bixinta, adiga, macmiil ahaan, waxba ma samaynayso marka laga reebo isticmaalka adeegyada - taasi waa, uma baahnid inaad ka fikirto dejinta adeegga, dulqaadkiisa qaladka ama dib u soo celinta. Waxa ugu weyni waa in aanad wax u dhimin eraygaaga sirta ah; bixiyaha adeeggan ayaa kuu samayn doona inta kale. Marka laga eego aragtida bixiyaha adeegga, wuxuu si buuxda mas'uul uga yahay adeegga oo dhan - laga bilaabo qalabka server-ka iyo nidaamyada hawlgalka martida loo yahay database iyo goobaha software.

Suuq ahaan Adeeg ahaan (PaaS) - Marka la isticmaalayo moodelkan, adeeg bixiyaha wuxuu siinayaa macmiilka qalab shaqo oo loogu talagalay adeegga, tusaale ahaan, aan soo qaadno server-ka Shabkada. Adeeg bixiyaha ayaa macmiilka siisay server-ka dalwaddii (xaqiiqdii, qalabyo kala duwan, sida RAM/CPU/Kaydinta/Nets, iwm.) Waxaas oo dhan waxaa sameeya macmiilka laftiisa iyo waxqabadka adeegga macmiilku ka jawaabo. Adeeg bixiyaha, sida kiiskii hore, ayaa mas'uul ka ah waxqabadka qalabka jirka, hypervisors, mashiinka farsamada laftiisa, helitaanka shabakad, iwm., laakiin adeegga laftiisa hadda kuma jiro aagga mas'uuliyadda.

Kaabayaasha ahaan Adeeg ahaan (IaaS) Habkani waa mid aad u xiiso badan, dhab ahaantii, adeeg bixiyaha wuxuu siinayaa macmiilka kaabayaal toosan oo dhammaystiran - taas oo ah, qaar ka mid ah (barkadda) kheyraadka, sida CPU Cores, RAM, Networks, iwm. Wax kasta oo kale ayaa ku xiran. macmiilka - waxa macmiilku rabo inuu ku sameeyo agabkan ku jira barkadda loo qoondeeyey (kootada) - si gaar ah muhiim uguma aha alaab-qeybiyaha. Haddii macmiilku rabo inuu abuuro vEPC u gaar ah ama xitaa abuuro hawlwadeen yar oo bixiya adeegyada isgaarsiinta - su'aal ma leh - samee. Xaaladdan oo kale, adeeg bixiyaha ayaa mas'uul ka ah bixinta agabka, dulqaadkooda qaladkooda iyo helitaankooda, iyo sidoo kale OS-ka u oggolaanaya inay isku geeyaan agabkan oo ay u diyaariyaan macmiilka oo awood u leh inuu kordhiyo ama dhimo agabka wakhti kasta Codsiga macmiilka. Macmiilku waxa uu isku habeeyaa dhammaan mishiinnada casriga ah iyo tinselka kale isaga oo sii maraya marinka is-adeegga iyo console-ka, oo ay ku jiraan dejinta shabkada (marka laga reebo shabakadaha dibadda).

Waa maxay OpenStack?

Dhammaan saddexda doorasho, adeeg bixiyaha wuxuu u baahan yahay OS kaas oo awood u siin doona abuurista kaabayaasha daruuraha. Dhab ahaantii, oo leh SaaS, in ka badan hal qayb ayaa mas'uul ka ah dhammaan xirmooyinka tignoolajiyada - waxaa jira qayb ka masuul ah kaabayaasha - taas oo ah, waxay siinaysaa IaaS qayb kale, qaybtani waxay siisaa SaaS macmiilka. OpenStack waa mid ka mid ah nidaamyada hawlgalka daruuraha kaas oo kuu ogolaanaya inaad ururiso farabadan furayaasha, server-yada iyo nidaamyada kaydinta hal barkad kheyraad, u kala qaybisa barkaddan caadiga ah ee subpools (kiraystayaasha) oo aad siisid ilahan macaamiisha shabakada.

OpenStack waa nidaamka hawlgalka daruuraha kaas oo kuu ogolaanaya inaad maamusho barkadaha waaweyn ee ilaha xisaabinta, kaydinta xogta iyo ilaha shabakada, la bixiyo laguna maareeyo API iyadoo la adeegsanayo hababka aqoonsiga caadiga ah.

Si kale haddii loo dhigo, tani waa mashruucyo software bilaash ah oo loogu talagalay in lagu abuuro adeegyada daruuraha (labadaba kuwa guud iyo kuwa gaarka ah) - taas oo ah, qalabyo kala duwan oo kuu oggolaanaya inaad isku geyso server-ka iyo u beddelashada qalabka hal barkad kheyraad ah, maareyso. agabkan, iyadoo la siinayo heerka loo baahan yahay ee dulqaadka khaladka.

Waqtiga qorista walxahan, qaabka OpenStack wuxuu u eg yahay sidan:

Sawir laga soo qaaday openstack.org

Qayb kasta oo ka mid ah qaybaha ku jira OpenStack waxay qabataa hawl gaar ah. Nashqadan la qaybiyey ayaa kuu ogolaanaysa inaad ku darto xalka qaybaha shaqada ee aad u baahan tahay. Si kastaba ha ahaatee, qaybaha qaar ayaa ah qaybaha xididka oo ka saaristoodu waxay u horseedi doontaa dhamaystirid ama qayb la'aanta xalka guud ahaan. Qaybahan waxaa badanaa loo kala saaraa sida:

• Looxaaga - GUI-ku-salaysan mareegaha ee maaraynta adeegyada OpenStack
• dhagaxa rukunka waa adeeg aqoonsi oo dhexe oo bixiya xaqiijinta iyo ogolaanshaha shaqada adeegyada kale, iyo sidoo kale maaraynta aqoonsiga isticmaalaha iyo doorkooda.
• Neutron - adeeg shabakadeed oo bixisa isku xidhka isku xidhka adeegyada kala duwan ee OpenStack (oo ay ku jiraan isku xidhka u dhexeeya VM-yada iyo galaangalka ay u leeyihiin dunida ka baxsan)
• Xarun - waxay siisaa marin u helidda xannibaadda kaydinta mashiinnada farsamada
• Nova - maaraynta meertada nolosha ee mishiinada farsamada
• Jaleecada - kaydka sawirada mashiinka farsamada iyo sawir-qaadista
• Swift - waxay siisaa gelitaanka shayga kaydinta
• Qiiimitir - adeeg bixiya awoodda lagu ururiyo telemetry oo cabbira ilaha la heli karo iyo kuwa la isticmaalay
• Heat - abaabulka ku salaysan qaab-dhismeedka abuurista tooska ah iyo bixinta agabka

Liis dhamaystiran ee dhammaan mashaariicda iyo ujeedadooda waa la eegi karaa halkan.

Qayb kasta oo ka mid ah OpenStack waa adeeg qabata hawl gaar ah oo bixisa API si ay u maamusho shaqadaas oo ay ula fal gasho adeegyada kale ee nidaamka hawlgalka daruuraha si loo abuuro kaabayaal midaysan. Tusaale ahaan, Nova waxay bixisaa maaraynta khayraadka xisaabinta iyo API si ay u helaan habaynta ilahan, Glance waxay bixisaa maareynta sawirka iyo API si loo maareeyo, Cinder waxay bixisaa kaydinta block iyo API si loo maareeyo, iwm. Dhammaan hawlqabadyadu waxay isku xidhan yihiin si aad u dhow.

Si kastaba ha noqotee, haddii aad eegto, dhammaan adeegyada ka socda OpenStack waa ugu dambeyntii nooc ka mid ah mashiinka farsamada (ama weelka) ee ku xiran shabakadda. Su'aashu waxay soo baxaysaa - sababta aan ugu baahan nahay xubno badan?

Aynu dhex marno algorithm-ka abuurista mishiin dalwaddii oo ku xidhidhiyaha shabakadda iyo kaydinta joogtada ah ee Openstack.

1. Markaad abuurto codsi lagu abuurayo mishiinka, ha noqoto codsi Horizon (Dashboard) ama codsi loo sii marayo CLI, waxa ugu horreeya ee dhacaya waa oggolaanshaha codsigaaga Keystone - ma abuuri kartaa mishiin, miyuu leeyahay xaqa aad u leedahay isticmaalka shabakadan, waxay samaysaa kootada qabyada ah, iwm.
2. Keystone waxa uu xaqiijiyaa codsigaaga oo waxa uu soo saarayaa calaamada fariinta jawaabta, kaas oo si dheeraad ah loo isticmaali doono. Ka dib markii ay jawaab ka heleen Keystone, codsiga waxaa loo diraa dhanka Nova (nova api).
3. Nova-api waxay hubisaa ansaxnimada codsigaaga adiga oo la xiriiraya Keystone iyada oo adeegsanaysa calaamadii hore loo soo saaray
4. Keystone waxa uu fuliya xaqiijinta oo waxa uu bixiyaa macluumaadka ogolaanshaha iyo xayiraadaha ku salaysan aqoonsigan.
5. Nova-api waxay u abuurtaa gelida VM-ga cusub ee nova-database waxayna u gudbisaa codsiga lagu abuurayo mishiinka jadwaleeyaha nova.
6. Nova-scheduler ayaa dooranaya martigeliyaha (node ​​kombuyuutar) kaas oo VM la geyn doono iyada oo ku saleysan cabbirada la cayimay, miisaanka iyo aagagga. Diiwaanka kan iyo aqoonsiga VM waxa loo qoray nova-database.
7. Marka xigta, nova-scheduler waxay la xidhiidhaa nova-compute codsi ah in la geeyo tusaale. Nova-compute waxay xidhiidh la samaysaa nova-conductor si ay u hesho macluumaadka ku saabsan cabbiraadaha mishiinka (nova-conductor waa curiye nova ah oo u shaqeeya sidii server wakiil u dhexeeya nova-database iyo nova-compute, xaddidaya tirada codsiyada nova-database si looga fogaado dhibaatooyinka database-ka. dhimista culeyska joogtada ah).
8. Nova-conductor waxay ka heshaa macluumaadka la codsaday nova-database oo u gudbiya nova-compute.
9. Marka xigta, nova-compute waxay wacdaa jaleecada si ay u hesho aqoonsiga sawirka. Glace waxa ay ansixiyaa codsiga ku jira Keystone oo soo celisa macluumaadka la codsaday.
10. Nova- xisaabi waxay la xidhiidhaa neutron si ay u hesho macluumaadka ku saabsan xuduudaha shabakada. Si la mid ah jaleecada, neutron-ku wuxuu ansaxiyaa codsiga Keystone, ka dib wuxuu abuuraa gelitaanka kaydka xogta (aqoonsiga dekeda, iwm.), abuuraa codsi lagu abuurayo deked, wuxuuna ku soo celiyaa macluumaadka la codsaday nova-compute.
11. Nova-compute contacts cinder codsi ah in loo qoondeeyo mugga mishiinka farsamada. Si la mid ah jaleecada, cider-ku waxay ansixiyaa codsiga gudaha Keystone, waxay abuurtaa codsi abuur mug, oo waxay soo celisaa macluumaadka la codsaday.
12. Nova-compute waxay xidhiidh la samaysaa libvirt iyadoo la codsanayo in la geeyo mishiin dalwad ah oo leh xuduudo cayiman.

Dhab ahaantii, hawl u muuqata mid fudud oo abuurista mishiin dalwad ah oo fudud ayaa isu beddesha wareegtada API ee wicitaannada u dhexeeya qaybaha madal daruuraha. Intaa waxaa dheer, sida aad arki karto, xitaa adeegyadii hore loo qoondeeyay waxay sidoo kale ka kooban yihiin qaybo yaryar oo u dhexeeya isdhexgalka. Abuuritaanka mishiinku waa qayb yar oo ka mid ah waxa madal daruurtu kuu ogolaato inaad samayso - waxa jira adeeg ka masuula isu dheelitirka taraafikada, adeeg ka masuula kaydinta xannibaadda, adeeg ka masuula DNS, adeeg ka masuula bixinta adeegayaasha birta ah ee qaawan, iwm. Daruurtu waxay kuu ogolaanaysaa inaad ula dhaqanto mishiinadaada sida xayndaabka adhiga Haddii ay wax ku dhacaan mashiinkaaga jawi muuqaal ah - waxaad ka soo celinaysaa kaydinta, iwm., laakiin codsiyada daruuriga ah ayaa loo dhisay si mashiinka farsamada uusan u ciyaarin door muhiim ah - mashiinka farsamada "wuxuu dhintay" - dhib ma leh. - mid cusub ayaa si fudud loo abuuray baabuurku wuxuu ku salaysan yahay qaabka iyo, sida ay yiraahdaan, kooxdu ma ogaanin khasaaraha dagaalyahanka. Dabiici ahaan, tani waxay bixisaa joogitaanka hababka orchestration - adigoo isticmaalaya qaababka kulaylka, waxaad si fudud u geyn kartaa hawl adag oo ka kooban daraasiin shabakado ah iyo mashiinno farsamo.

Had iyo jeer waa in maskaxda lagu hayaa in aysan jirin kaabayaal daruuri ah oo aan lahayn shabakad - cunsur kasta si uun ama mid kale ayaa ula falgala walxaha kale iyada oo loo marayo shabakadda. Intaa waxaa dheer, daruurtu waxay leedahay shabakad gabi ahaanba aan joogsi lahayn. Sida caadiga ah, shabakada hoosteeda ayaa xitaa ka sii badan ama ka yar mid taagan - noodhka cusub iyo furayaasha cusub laguma daro maalin kasta, laakiin qaybta daboolka ayaa si joogto ah u beddeli doonta - shabakado cusub ayaa lagu dari doonaa ama la tirtiri doonaa, mashiinno cusub ayaa soo muuqan doona kuwa horena waa la arki doonaa. dhiman Iyo sida aad ka xasuusato qeexida daruuriga la siiyay bilowga maqaalka, kheyraadka waa in loo qoondeeyaa isticmaalaha si toos ah iyo ugu yaraan (ama weli ka sii fiican, iyada oo aan) faragelin bixiyaha adeegga. Taasi waa, nooca bixinta ilaha shabakada ee hadda jira qaabka hore ee qaabka akoonkaaga gaarka ah ee laga heli karo http/https iyo injineerka shabakada shaqada Vasily sida dhabarka ma aha daruur, xitaa haddii Vasily uu leeyahay siddeed gacmood.

Neutron, adeeg shabakad ahaan, waxay bixisaa API-ga lagu maareeyo qaybta shabakadda ee kaabayaasha daruuraha. Adeeggu waxa uu awoodaa oo uu maareeyaa qaybta isku xidhka ee Opentack isaga oo siinaya lakabka abstraction ee loo yaqaan Network-as-a-Service (NaaS). Taasi waa, shabakadu waa isla halbeeg la cabbiri karo, tusaale ahaan, kombuyuutarrada CPU-ga ama qaddarka RAM.

Laakin ka hor intaanad u gudbin qaab-dhismeedka qaybta shabakada ee OpenStack, aynu ka fiirsano sida shabakadani uga shaqeyso OpenStack iyo sababta ay shabakadu u tahay qayb muhiim ah oo ka mid ah daruuraha.

Markaa waxaanu haysanaa laba macmiil oo VMs ah iyo laba macmiil oo GREEN ah. Aynu ka soo qaadno in mishiinadani ay ku yaalaan laba hypervisors sidan:

Waqtigan xaadirka ah, tani waa wax-ka-qabashada server-yada 4 mana jiraan wax kale, tan iyo hadda waxa aan sameynay oo dhan waa 4 server, iyaga oo ku dhejinaya laba adeegayaal jireed. Ilaa hadda xitaa kuma xirna shabakadda.

Si loo sameeyo daruur, waxaan u baahanahay inaan ku darno dhowr qaybood. Marka hore, waxaan ka tarjumaynaa qaybta shabakada - waxaan u baahanahay inaan ku xirno 4-kan mashiin ee laba-labo, macaamiishu waxay rabaan isku xirka L2. Waxaad isticmaali kartaa furaha oo aad u habayn kartaa jir dhinaca jihada ah oo aad wax walba ku xallin kartaa adiga oo isticmaalaya buundada linux ama, isticmaalayaasha horumarsan, openvswitch (waxaan ku soo laaban doonaa tan dambe). Laakiin waxaa jiri kara shabakado badan, oo si joogto ah u riixaya L2 iyada oo loo marayo beddelka maaha fikradda ugu fiican - waxaa jira waaxyo kala duwan, miiska adeegga, bilaha sugitaanka codsiga in la dhammaystiro, toddobaadyo cilad-sheegid - adduunka casriga ah habka hadda ma shaqeynayo. Iyo sida ugu dhakhsaha badan ee shirkadu u fahamto tan, way fududahay inay hore u socoto. Sidaa darteed, inta u dhaxaysa hypervisors-ka waxaan dooran doonaa shabakad L3 kaas oo mashiinadayada farsamada gacanta ay ku wada xiriiri doonaan, dusha sare ee shabakadda L3 waxaan dhisi doonaa shabakado dulsaar ah oo L2 ah halkaasoo taraafikada mishiinnadayada casriga ah ay socon doonaan. Waxaad u isticmaali kartaa GRE, Geneve ama VxLAN sidii koobab ahaan. Aynu diiradda saarno kan dambe hadda, in kasta oo aanay si gaar ah muhiim u ahayn.

Waxaan u baahanahay inaan meel ka helno VTEP (Waxaan rajeynayaa in qof walba uu yaqaanno ereybixinta VxLAN). Maadaama aan haysano shabakad L3 ah oo si toos ah uga soo socota server-yada, ma jiraan wax naga horjoogsanaya in aan VTEP ku dhejino server-yada laftooda, iyo OVS (OpenvSwitch) ayaa ku fiican samaynta tan. Natiijo ahaan, waxaan helnay nashqadan:

Maadaama gaadiidka u dhexeeya VM-yada ay tahay in la kala qaybiyo, dekedaha ku wajahan mashiinnada farsamada waxay yeelan doonaan lambarro vlan oo kala duwan. Lambarka summada ayaa door ka ciyaaraya hal bedel oo dalwad ah, tan iyo markii lagu soo koobay VxLAN waxaan si fudud uga saari karnaa, maadaama aan yeelan doono VNI.

Hadda waxaan u abuuri karnaa mashiinadayada iyo shabakadaha casriga ah iyaga oo aan wax dhibaato ah la kulmin.

Si kastaba ha ahaatee, ka waran haddii macmiilku leeyahay mishiin kale, laakiin uu ku jiro shabakad kale? Waxaan u baahanahay xidid ka dhexeeya shabakadaha. Waxaan eegi doonaa ikhtiyaarka fudud marka la isticmaalo marinka dhexe ee dhexe - taas oo ah, taraafikada waxaa lagu maareeyaa noodhadhka shabakada gaarka ah (si fiican, sida caadiga ah, waxay ku xiran yihiin qanjidhada xakamaynta, sidaas darteed waxaan yeelan doonaa wax la mid ah).

Waxay u muuqataa wax aan dhib lahayn - waxaynu samaynaa is-dhexgal buundada ah oo ku yaal marinka kantaroolka, u wad taraafikada halkaasna waxaan uga mareynaa halka aan u baahanahay. Laakiin dhibaatadu waxay tahay in macmiilka RED uu rabo inuu isticmaalo shabakadda 10.0.0.0/24, iyo macmiilka GREEN wuxuu rabaa inuu isticmaalo shabakadda 10.0.0.0/24. Taasi waa, waxaan bilaabeynaa inaan isku xirno meelaha ciwaanka. Intaa waxaa dheer, macaamiishu ma rabaan macaamiisha kale inay awood u yeeshaan inay u gudbaan shabakadahooda gudaha, taas oo macno samaynaysa. Si loo kala saaro shabakadaha iyo xogta macaamiisha, waxaan u qoondeyn doonaa magac gaar ah mid kasta oo iyaga ka mid ah. Namespace dhab ahaantii waa nuqul ka mid ah xirmooyinka shabakada Linux, taas oo ah, macaamiisha ku jirta magaca RED gabi ahaanba waa ka go'doonsan yihiin macaamiisha ka soo jeeda magaca GREEN (si fiican, isku xirka shabakadaha macaamiisha ayaa loo oggol yahay iyada oo loo marayo magaca caadiga ah ama qalabka gaadiidka sare).

Taasi waa, waxaan helnaa jaantuska soo socda:

Tunnel-yada L2 waxay isugu yimaadaan dhammaan noodhadhka kombuyuutarada ilaa marinka kantaroolka. noodhka meesha L3 interface ee shabakadahan ku yaalaan, mid kastaa wuxuu ku yaalaa meel magac gaar ah oo go'doon ah.

Si kastaba ha ahaatee, waxaan iloobin wixii ugu muhiimsanaa. Mashiinka casriga ah waa inuu bixiyaa adeeg macmiilka, taas oo ah, waa inuu leeyahay ugu yaraan hal interface dibadda ah kaas oo lagu gaari karo. Taasi waa, waxaan u baahanahay inaan u baxno dibadda. Waxaa jira doorashooyin kala duwan halkan. Aynu samayno ikhtiyaarka ugu fudud. Waxaanu ku dari doonaa hal shabakad macmiil kasta, kaas oo ku shaqayn doona shabakada bixiyaha oo aan ku dulmanayn doono shabakadaha kale. Shabakadu waxay sidoo kale is-goyn karaan oo eegi karaan VRF-yada kala duwan ee dhinaca shabakadda bixiyaha. Xogta shabakadu waxay sidoo kale ku noolaan doontaa goobta magaca macmiil kasta. Si kastaba ha ahaatee, waxay weli u bixi doonaan dunida dibadda iyada oo loo marayo hal muuqaal (ama bond, kaas oo macquul ah) interface. Si loo kala saaro taraafikada macmiilka, taraafikada dibadda u baxaysa waxaa lagu calaamadin doonaa sumadda VLAN oo loo qoondeeyay macmiilka.

Natiijo ahaan, waxaan helnay jaantuskan:

Su'aasha macquulka ah ayaa ah sababta aan albaabada looga dhigin noodhka xisaabinta laftooda? Tani maaha dhibaato weyn, sidoo kale, haddii aad shido router la qaybiyey (DVR), tani way shaqayn doontaa. Xaaladdan, waxaanu tixgelinaynaa ikhtiyaarka ugu fudud ee leh albaab dhexe, kaas oo si caadi ah loogu isticmaalo Opentack. Hawlaha culeyska sarreeya, waxay isticmaali doonaan labadaba router la qaybiyey iyo teknoolojiyadda dardargelinta sida SR-IOV iyo Passthrough, laakiin sida ay yiraahdaan, taasi waa sheeko gebi ahaanba ka duwan. Marka hore, aynu la tacaalno qaybta aasaasiga ah, ka dibna waxaan geli doonaa faahfaahinta.

Dhab ahaantii, nidaamkayagu waa horeba la shaqayn karo, laakiin waxaa jira dhawr arrimood:

• Waxaan u baahanahay inaan si uun u ilaalino mashiinadayada, taas oo ah, saarna shaandheynta isdhexgalka beddelka ee macmiilka.
• U suurtageli mashiinka farsamada inuu si toos ah u helo ciwaanka IP-ga, si aadan ugu baahnayn inaad dhex gasho konsole mar kasta oo aad iska diiwaan geliso ciwaanka.

Aan ku bilowno ilaalinta mashiinka. Tan waxaad isticmaali kartaa banal iptables, maxaa diidaya.

Taasi waa, hadda topologygeena wuxuu noqday mid ka sii adag:

Aan hore u socono. Waxaan u baahanahay inaan ku darno server DHCP Meesha ugu habboon ee laga heli karo server-yada DHCP ee macmiil kasta waxay noqon doontaa noodhka kontoroolka ee hore loo sheegay, halkaasoo magacyadu ku yaalliin:

Si kastaba ha ahaatee, waxaa jira dhibaato yar. Ka warran haddii wax walba dib u bilowdaan oo dhammaan macluumaadka ku saabsan ciwaannada kiraynta ee DHCP ay meesha ka baxdo. Waa macquul in makiinadaha la siin doono cinwaano cusub, taas oo aan aad ugu habboonayn. Waxaa jira laba siyaabood oo halkan ka baxsan - ama isticmaal magacyada domain oo ku dar server DNS macmiil kasta, ka dibna ciwaanku si gaar ah muhiim nooguma noqon doono (oo la mid ah qaybta shabakada ee k8s) - laakiin waxaa jira dhibaato shabakadaha dibadda, tan iyo markii Cinwaannada sidoo kale waxaa lagu soo saari karaa iyaga oo loo sii marayo DHCP - waxaad u baahan tahay inaad la shaqeyso server-yada DNS ee ku yaala goobta daruuriga ah iyo server-ka DNS dibadda, taas oo fikradeyda aan ahayn mid aad u jilicsan, laakiin waa suurtogal. Ama ikhtiyaarka labaad waa in la isticmaalo metadata - taas oo ah, keydso macluumaadka ku saabsan ciwaanka lagu soo saaray mishiinka si uu server-ka DHCP u ogaado ciwaanka loo soo saarayo mishiinka haddii mishiinku hore u helay ciwaanka. Doorashada labaad waa sahlan tahay oo dabacsanaan badan, maadaama ay kuu ogolaanayso inaad kaydiso macluumaad dheeraad ah oo ku saabsan baabuurka. Hadda aan ku darno xogta badan ee wakiilka jaantuska:

Arrin kale oo sidoo kale mudan in laga wada hadlo waa awoodda loo isticmaalo hal shabakad dibadda ah dhammaan macaamiisha, tan iyo shabakadaha dibadda, haddii ay tahay inay ansaxiyaan dhammaan shabakadaha, way adkaan doontaa - waxaad u baahan tahay inaad si joogto ah u qoondayso oo aad xakameyso qoondaynta shabakadahan. Awoodda loo isticmaalo hal shabakad dibadda ah oo horay loo habeeyay dhammaan macaamiisha ayaa noqon doonta mid aad waxtar u leh marka la abuurayo daruur dadweyne. Tani waxay fududayn doontaa in la geeyo mishiinada sababtoo ah uma baahnid inaan la tashano kaydka ciwaanka oo aan doorano meel ciwaanka u gaar ah shabakad kasta oo dibadda ah. Intaa waxaa dheer, waxaan horay u sii diiwaan gelin karnaa shabakad dibadda ah iyo waqtiga la dirayo waxaan u baahan doonaa oo kaliya inaan ku xirno ciwaannada dibadda iyo mishiinada macaamiisha.

Oo halkan NAT ayaa noo timid caawimadayada - waxaan kaliya u suurtagelin doonaa macaamiisha inay ka galaan adduunka ka baxsan iyagoo isticmaalaya magaca caadiga ah iyagoo isticmaalaya turjumaadda NAT. Hagaag, halkan waa dhibaato yar. Tani way fiicantahay haddii adeegaha macmiilku uu u dhaqmo sidii macmiil oo aanu ahayn server - taasi waa, waxay bilaabataa halkii ay aqbali lahayd isku xidhka. Laakiin anaga waxay noqon doontaa si kale. Xaaladdan oo kale, waxaan u baahanahay inaan sameyno NAT meesha loo socdo si marka la helayo taraafikada, noodhka koontaroolku uu fahmo in taraafikadan loogu talagalay mashiinka farsamada A ee macmiilka A, taas oo macnaheedu yahay inaan u baahanahay inaan turjumaadda NAT ka samayno ciwaan dibadda ah, tusaale ahaan 100.1.1.1 .10.0.0.1, cinwaanka gudaha 100. Xaaladdan oo kale, inkastoo dhammaan macaamiishu ay isticmaali doonaan shabakad isku mid ah, go'doominta gudaha ayaa si buuxda loo ilaaliyaa. Taasi waa, waxaan u baahanahay inaan ku sameyno dNAT iyo sNAT dhanka gacanta Haddii aad isticmaasho hal shabakad oo leh ciwaanno sabeynaya ama shabakado dibadda ah, ama labadaba hal mar, waxay kuxirantahay waxaad rabto inaad keento daruuraha. Kuma darin doono cinwaanno sabeynaya jaantuska, laakiin waxay ka tagi doonaan shabakadaha dibadda ee hore loogu daray - macmiil kastaa wuxuu leeyahay shabakad dibadda ah oo u gaar ah (jaantuska waxay ku muujinayaan sida vlan 200 iyo XNUMX ee interface dibadda).

Natiijo ahaan, waxaan helnay xal xiiso leh isla markaasna si fiican looga fakaray, kaas oo leh dabacsanaan gaar ah laakiin aan weli lahayn hababka loo dulqaadan karo.

Marka hore, waxaan haysanaa hal kontorool oo keliya - guuldarradeedu waxay horseedi doontaa burburka dhammaan nidaamyada. Si loo xaliyo dhibaatadan, waxaad u baahan tahay inaad sameyso ugu yaraan kooram ka kooban 3 nood. Aan ku darno tan jaantuska:

Dabiici ahaan, dhammaan qanjidhada waa la wada siman yahay oo marka qanjirada firfircooni ka baxdo, noodh kale ayaa la wareegi doona mas'uuliyadiisa.

Dhibaatada xigta waa saxanadaha mashiinka farsamada. Waqtigan xaadirka ah, waxay ku kaydsan yihiin hypervisors laftooda, iyo haddii ay dhacdo dhibaatooyin la xiriira hypervisor, waxaan lumineynaa dhammaan xogta - iyo joogitaanka weerarka halkan kuma caawin doono haddii aan lumino diskka, laakiin dhammaan serverka. Si tan loo sameeyo, waxaan u baahanahay inaan samayno adeeg u dhaqmi doona sida dhamaadka hore ee nooc ka mid ah kaydinta. Kaydinta nooca ay noqon doonto si gaar ah muhiim nooguma aha, laakiin waa inay xogtayada ka ilaalisaa fashilinta diskka iyo noodhka labadaba, iyo suurtogalnimada dhammaan golaha wasiirada. Waxaa jira dhowr fursadood oo halkan ah - waxaa jira, dabcan, shabakadaha SAN ee leh Fiber Channel, laakiin aynu daacad u noqono - FC ayaa horeyba u ahayd taariikh hore - analoogga E1 ee gaadiidka - haa, waan aqbalay, weli waa la isticmaalaa, laakiin kaliya meesha ay tahay wax aan macquul aheyn la'aanteed. Sidaa darteed, si ikhtiyaari ah uma hawlgelin doono shabakadda FC sanadka 2020, anigoo og inay jiraan beddelaadyo kale oo xiiso leh. In kasta oo mid walba uu isagu leeyahay, haddana waxaa laga yaabaa inay jiraan kuwa aaminsan in FC oo leh dhammaan xaddidaaddeeda ay tahay waxa aan u baahanahay - kuma doodi doono, qof kastaa wuxuu leeyahay ra'yi u gaar ah. Si kastaba ha ahaatee, xalka ugu xiisaha badan ee ra'yigayga waa in la isticmaalo SDS, sida Ceph.

Ceph wuxuu kuu oggolaanayaa inaad dhisto xal kaydin xogeed heer sare ah oo la heli karo oo leh tiro badan oo ikhtiyaari gurmad ah, laga bilaabo codes leh hubinta sinnaanta (la mid ah weerarka 5 ama 6) oo ku dhammaanaya ku celcelinta xogta buuxda ee saxanadaha kala duwan, iyadoo la tixgalinayo meesha saxanka ku yaal server-yada, iyo server-yada ku jira armaajooyinka, iwm.

Si aad u dhisto Ceph waxaad u baahan tahay 3 nood oo kale. Isdhexgalka kaydinta sidoo kale waxaa lagu sameyn doonaa shabakada iyadoo la isticmaalayo block, shayga iyo adeegyada kaydinta faylka. Aan ku darno kaydinta qorshaha:

Fiiro gaar ah: waxaad sidoo kale samayn kartaa qanjidhada kombiyuuterka ee isku-dhafan - tani waa fikradda isku-darka dhowr hawlood oo hal noode ah - tusaale ahaan, kaydinta+ xisaabinta - adigoon u qoondayn noodhka gaarka ah ee kaydinta ceph. Waxaan heli doonaa isla nidaamka u dulqaadashada qaladka - maadaama SDS ay kaydin doonto xogta heerka boos celinta ee aan cayimay. Si kastaba ha noqotee, qanjidhada isku-dhafan had iyo jeer waa tanaasul - maadaama qanjidhada kaydinta aysan kululayn hawada sida ay u muuqato jaleecada hore (maadaama aysan jirin mashiinno farsamaysan) - waxay ku bixisaa agabka CPU ee u adeegida SDS (dhab ahaantii, waxay qabataa dhammaan dib u soo kabashada iyo soo kabashada ka dib guuldarada qanjidhada, saxanka, iwm.). Taasi waa, waxaad lumin doontaa qayb ka mid ah awoodda noodhka xisaabinta haddii aad ku darto kaydinta.

Waxyaabahan oo dhan waxay u baahan yihiin in si uun loo maareeyo - waxaan u baahanahay wax aan ku abuuri karno mashiinka, shabakad, router dalwaddii, iwm. macmiilku wuxuu awoodi doonaa inuu ku xidho boggan http/ https oo uu sameeyo wax kasta oo uu u baahan yahay (si fiican, ku dhawaad).

Natiijo ahaan, waxaan hadda haysanaa nidaam qalad u dulqaadan. Dhammaan qaybaha kaabayaashan waa in si uun loo maareeyaa. Horey waxaa loo sharxay in Opentack uu yahay mashruucyo, mid kastaa wuxuu bixiyaa hawl gaar ah. Sida aan aragno, waxaa jira waxyaabo ka badan oo ku filan oo u baahan in la habeeyo oo la xakameeyo. Maanta waxaan ka hadli doonaa qaybta shabakada.

Naqshadaynta Neutron

Gudaha OpenStack, waa Neutron oo mas'uul ka ah isku xirka mashiinnada farsamada ee shabakada L2 ee caadiga ah, hubinta marinka taraafikada ee u dhexeeya VM-yada ku yaal shabakadaha kala duwan ee L2, iyo sidoo kale dariiqa dibadda, bixinta adeegyada sida NAT, Floating IP, DHCP, iwm.

Heer sare, hawlgalka adeegga shabakadda (qaybta aasaasiga ah) waxaa lagu tilmaami karaa sidan soo socota.

Markaad bilaabayso VM, adeega shabakada:

1. U abuuraa deked loogu talagalay VM (ama dekedo) la bixiyay oo ogeysiiya adeegga DHCP wax ku saabsan;
2. Aaladda cusub ee shabakada casriga ah ayaa la abuuray (iyada oo loo marayo libvirt);
3. VM-gu waxa uu ku xidhaa dekada(-yada) lagu abuuray talaabada 1;

Si la yaab leh, shaqada Neutron waxay ku salaysan tahay hababka caadiga ah ee qof kasta oo waligiis ku dhex dhuuntay Linux - magacyo, iptables, linux bridges, openvswitch, conntrack, iwm.

Waa in isla markiiba la caddeeyaa in Neutron aanu ahayn kantaroolaha SDN.

Neutron wuxuu ka kooban yahay dhowr qaybood oo isku xiran:

Opentack-neutron-server waa daemon ka shaqeeya codsiyada isticmaalaha API. Jinnigu kuma lug laha diiwaan gelinta isku xirka shabakadaha, laakiin wuxuu bixiyaa macluumaadka lagama maarmaanka u ah tan plugins-kiisa, ka dibna habeeya shabkada la doonayo. Wakiilada Neutron ee qanjidhada OpenStack waxay iska diiwaan galiyaan serverka Neutron.

Neutron-server dhab ahaantii waa codsi ku qoran Python, oo ka kooban laba qaybood:

• Adeegga nasashada
• Neutron Plugin (core/adeeg)

Adeegga REST waxa loogu talagalay inuu ka helo wicitaanada API ee qaybaha kale (tusaale ahaan, codsi bixinta macluumaadka qaar, iwm.)

Plugins waa qalabyada softiweerka ah ee lagu xidho/modules kuwaas oo la yiraahdo inta lagu jiro codsiyada API - taas oo ah, sifaynta adeeggu iyaga ayay ku dhacdaa. Plugins waxa loo qaybiyaa laba nooc - adeeg iyo xidid. Sida caadiga ah, plugin faraska ayaa inta badan mas'uul ka ah maaraynta booska cinwaanka iyo isku xirka L2 ee ka dhexeeya VM-yada, iyo plugins-yada adeeggu waxay horeyba u bixiyaan shaqeyn dheeri ah sida VPN ama FW.

Liiska plugins ee maanta jira waa la arki karaa tusaale ahaan halkan

Waxaa jiri kara dhowr plugins adeeg, laakiin waxaa jiri kara hal plugin oo faras ah.

furan-neutron-ml2 waa furaha aasaasiga ah ee Opentack. Pluginkani waxa uu leeyahay qaab dhismeed modular ah (ka duwan kii ka horreeyay) oo waxa uu ku habeeyaa adeegga shabakadda darawallada ku xidhan. Waxaan eegi doonaa plugin laftiisa wax yar ka dib, maadaama xaqiiqda ay bixiso dabacsanaanta uu OpenStack ku leeyahay qaybta shabakada. Qalabka xididka waa la bedeli karaa (tusaale ahaan, Contrail Networking waxay samaysaa beddelka noocaas ah).

Adeegga RPC (rabbitmq-server) - adeeg bixiya maaraynta safka iyo is dhexgalka adeegyada kale ee OpenStack, iyo sidoo kale isdhexgalka wakiilada adeega shabakada.

Wakiilada shabakada - wakiilada ku yaal meel kasta, iyada oo loo marayo adeegyada shabakada lagu habeeyey.

Waxaa jira dhowr nooc oo wakiillo ah.

Wakiilka ugu weyn waa Wakiilka L2. Wakiiladani waxay ku shaqeeyaan mid kasta oo ka mid ah hypervisors, oo ay ku jiraan qanjidhada kantaroolka (si sax ah, dhammaan qanjidhada bixiya adeeg kasta oo loogu talagalay kiraystayaasha) iyo shaqadooda ugu weyn waa inay ku xidhaan mashiinnada farsamada ee shabakad caadi ah oo L2 ah, iyo sidoo kale waxay abuuraan digniino marka ay dhacdo dhacdo kasta. tusaale ahaan dami/damar dekedda).

Ku xiga, ma jiro wakiil ka muhiim ah Wakiilka L3. Sida caadiga ah, wakiilkani wuxuu si gaar ah ugu shaqeeyaa qanjidhada shabakada (inta badan shabakada shabakada waxaa lagu daraa noodhka kantaroolka) oo wuxuu bixiyaa isku xirka shabakadaha kiraystaha (labadaba inta u dhaxaysa shabakadaha iyo shabakadaha kiraystayaasha kale, waana la heli karaa aduunka dibadda, bixinta NAT, iyo sidoo kale adeegga DHCP). Si kastaba ha noqotee, marka la isticmaalayo DVR (router qaybsan), baahida loo qabo plugin L3 ayaa sidoo kale ka muuqanaysa qanjidhada xisaabinta.

Wakiilka L3 wuxuu adeegsadaa meelaha magacyadooda Linux si uu u siiyo kireyste kasta shabakad gooni gooni ah oo u gaar ah iyo shaqeynta router-yada casriga ah ee jiheeya taraafikada iyo bixinta adeegyada albaabka shabakadaha Lakabka 2.

database - keydka xogta aqoonsiga shabakadaha, shabakadaha hoose, dekedaha, barkadaha, iwm.

Dhab ahaantii, Neutron wuxuu aqbalaa codsiyada API ee abuuritaanka hay'ado kasta oo shabakad ah, xaqiijiyaa codsiga, iyo iyada oo loo marayo RPC (haddii ay gasho qaar ka mid ah plugin ama wakiilka) ama REST API (haddii ay ku xiriirto SDN) waxay u gudbisaa wakiilada (iyada oo loo marayo plugins) tilmaamaha lagama maarmaanka ah si loo abaabulo adeegga la codsaday.

Hadda aan u leexanno rakibaadda tijaabada (sida loo hawlgeliyo iyo waxa ku jira, waxaan arki doonaa dambe ee qaybta dhabta ah) oo arag halka qayb kastaa ku taal:

(overcloud) [stack@undercloud ~]$ openstack network agent list  
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host                                | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
| 10495de9-ba4b-41fe-b30a-b90ec3f8728b | Open vSwitch agent | overcloud-novacompute-1.localdomain | None              | :-)   | UP    | neutron-openvswitch-agent |
| 1515ad4a-5972-46c3-af5f-e5446dff7ac7 | L3 agent           | overcloud-controller-0.localdomain  | nova              | :-)   | UP    | neutron-l3-agent          |
| 322e62ca-1e5a-479e-9a96-4f26d09abdd7 | DHCP agent         | overcloud-controller-0.localdomain  | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 9c1de2f9-bac5-400e-998d-4360f04fc533 | Open vSwitch agent | overcloud-novacompute-0.localdomain | None              | :-)   | UP    | neutron-openvswitch-agent |
| d99c5657-851e-4d3c-bef6-f1e3bb1acfb0 | Open vSwitch agent | overcloud-controller-0.localdomain  | None              | :-)   | UP    | neutron-openvswitch-agent |
| ff85fae6-5543-45fb-a301-19c57b62d836 | Metadata agent     | overcloud-controller-0.localdomain  | None              | :-)   | UP    | neutron-metadata-agent    |
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
(overcloud) [stack@undercloud ~]$ 

Dhab ahaantii, taasi waa dhammaan qaab-dhismeedka Neutron. Hadda waxaa mudan inaad waqti ku qaadato plugin ML2.

Lakabka Modular 2

Sida kor ku xusan, pluginku waa furaha xididka caadiga ah ee OpenStack wuxuuna leeyahay qaabdhismeed modular ah.

Horudhac ML2 plugin wuxuu lahaa qaab-dhismeed monolithic, kaas oo aan ogolayn, tusaale ahaan, iyada oo la adeegsanayo isku-dhafka teknoolajiyada dhowr ah ee hal rakibo. Tusaale ahaan, ma isticmaali kartid labadaba openvswitch iyo linuxbridge isku mar - midda koowaad ama labaad. Sababtan awgeed, plugin ML2 leh qaabdhismeedkeeda ayaa la sameeyay.

ML2 waxa uu leeyahay laba qaybood - laba nooc oo darawaliin ah: Nooca darawaliinta iyo darawallada farsamada.

Nooca darawaliinta go'aami tignoolajiyada loo isticmaali doono in lagu abaabulo isku xirka shabakadaha, tusaale ahaan VxLAN, VLAN, GRE. Isla mar ahaantaana, darawalku wuxuu u oggolaanayaa isticmaalka tignoolajiyada kala duwan. Tiknoolajiyada caadiga ah waa VxLAN oo daboolaya shabakadaha dulsaaran iyo shabakadaha dibadda ee vlan.

Nooca darawaliinta waxaa ka mid ah noocyada shabakada ee soo socda:

flat - shabakad aan calaamadayn
VLANs Shabakadda la calaamadeeyay
Maxaliga ah - nooc gaar ah oo shabakad ah oo loogu talagalay rakibaadda dhammaan-hal-hal ah (ku rakibida noocan oo kale ah ayaa looga baahan yahay kuwa horumariya ama tababarka)
GRE - Shabakadda dulsaar iyadoo la isticmaalayo tunnels GRE
VxLAN - Shabakadda dulsaar iyadoo la isticmaalayo tunnels VxLAN

Darawalada makaanikada qeex qalabka hubinaya abaabulka tignoolajiyada lagu qeexay nooca darawalka - tusaale ahaan, openvswitch, sr-iov, opendaylight, OVN, iwm.

Iyada oo ku xidhan hirgelinta darawalkan, mid ka mid ah wakiilada ay maamusho Neutron ayaa la isticmaali doonaa, ama isku xirka kontoroolka SDN ee dibadda ayaa la isticmaali doonaa, kaas oo daryeelaya dhammaan arrimaha la xiriira abaabulka shabakadaha L2, marinka, iwm.

Tusaale: haddii aan si wadajir ah u isticmaalno ML2 iyo OVS, markaas wakiilka L2 ayaa lagu rakibay noodhka xisaabinta ee maamula OVS. Si kastaba ha noqotee, haddii aan isticmaalno, tusaale ahaan, OVN ama OpenDayLight, markaa xakamaynta OVS waxay hoos timaadaa xukunkooda - Neutron, iyada oo loo marayo plugin xididka, waxay siisaa amarrada xakamaynta, waxayna horey u samaysay wixii loo sheegay.

Aynu ku cadayno Open vSwitch

Waqtigan xaadirka ah, mid ka mid ah qaybaha muhiimka ah ee OpenStack waa Fur vSwitch.
Marka la rakibo OpenStack iyada oo aan wax iibiye dheeraad ah SDN sida Juniper Contrail ama Nokia Nuage, OVS waa qaybta ugu weyn ee shabakada daruuriga ah iyo, oo ay la socdaan iptables, conntrack, magacyada, kuu ogolaanayaa inaad abaabulo shabakado badan oo kireysi ah oo buuxa. Dabiici ahaan, qaybtan waa la bedeli karaa, tusaale ahaan, marka la isticmaalayo xalalka SDN dhinac saddexaad ee lahaanshaha (iibiyaha).

OVS waa furaha furaha softiweerka kaas oo loogu talagalay in loogu isticmaalo jawiyada macmalka ah ee gudbinta taraafikada.

Waqtigan xaadirka ah, OVS waxay leedahay shaqeyn aad u wanaagsan, oo ay ku jiraan teknoolojiyadda sida QoS, LACP, VLAN, VxLAN, GENEVE, OpenFlow, DPDK, iwm.

Fiiro gaar ah: OVS markii hore looma fikirin beddelaad jilicsan oo loogu talagalay hawlaha isgaadhsiinta ee aadka loo raray waxaana loo qaabeeyey hawlo yar yar oo dalbanaya IT-ga sida server WEB ama server-ka boostada. Si kastaba ha ahaatee, OVS waa la sii horumarinayaa, hirgelinta hadda ee OVS waxay si weyn u wanaajisay waxqabadkeeda iyo awooddeeda, taas oo u oggolaanaysa in ay isticmaalaan hawlwadeennada isgaadhsiinta ee leh hawlo badan oo raran, tusaale ahaan, waxaa jira hirgelinta OVS oo taageero u ah dardargelinta DPDK.

Waxaa jira saddex qaybood oo muhiim ah oo OVS ah oo aad u baahan tahay inaad ka digtoonaato:

• module Kernel - qayb ku taal booska kernel-ka ee socodsiiya taraafikada iyadoo lagu saleynayo qawaaniinta laga helay qaybta xakamaynta;
• vSwitch daemon (ovs-vswitchd) waa nidaam laga bilaabay goobta isticmaalaha kaas oo mas'uul ka ah barnaamijaynta moduleka kernel - taas oo ah, waxay si toos ah u taagan tahay macquulnimada hawlgalka furaha
• Kaydka xogta - kayd maxalli ah oo ku yaal martigeliyaha kasta oo ku shaqeeya OVS, kaas oo qaabeynta lagu kaydiyo. Koontaroolayaasha SDN waxay ku wada xidhiidhi karaan cutubkan iyagoo isticmaalaya borotokoolka OVSDB.

Waxaas oo dhan waxaa weheliya qalabyada ogaanshaha iyo maaraynta, sida ovs-vsctl, ovs-appctl, ovs-ofctl, iwm.

Waqtigan xaadirka ah, Opentack waxaa si weyn u isticmaala hawlwadeennada isgaadhsiinta si ay ugu guuraan hawlaha shabakada, sida EPC, SBC, HLR, iwm tiro aad u badan oo taraafikada ah (hadda tirada taraafikada waxay gaartaa dhowr boqol oo gigabits ilbiriqsikii). Dabiici ahaan, wadista taraafikadan oo kale iyada oo loo marayo booska kernel (maaddaama soo-gudeeyaha uu ku yaallo meeshaas asli ahaan) maaha fikradda ugu fiican. Sidaa darteed, OVS waxaa inta badan la geeyaa gebi ahaanba booska isticmaalaha iyadoo la adeegsanayo tignoolajiyada dardargelinta DPDK si loogu gudbiyo taraafikada NIC una gudbiso booska isticmaale ee ka gudbaya kernel-ka.

Fiiro gaar ah: daruur loo diray hawlaha isgaadhsiinta, waxa suurtogal ah in laga soo saaro taraafig ka soo baxa node xisaabeed ee si toos ah uga gudbaya OVS una beddelaya qalabka. SR-IOV iyo hababka Passthrough ayaa loo isticmaalay ujeedadan.

Sidee tani uga shaqeysaa qaabeynta dhabta ah?

Hagaag, hadda aan u gudubno qaybta la taaban karo oo aan aragno sida ay u wada shaqeeyaan ficil ahaan.

Marka hore, aynu dirno rakibaadda Opentack fudud. Maaddaama aanan gacanta ugu haynin adeegayaal tijaabo ah, waxaanu ku soo ururin doonaa tusaalaha hal server oo ka mid ah mishiinada farsamada. Haa, dabiici ahaan, xalka noocan oo kale ah kuma habboona ujeedooyinka ganacsiga, laakiin si loo arko tusaale ahaan sida shabakadu u shaqeyso Opentack, rakibidda noocan oo kale ah ayaa ku filan indhaha. Waxaa intaa dheer, rakibaadda noocan oo kale ah ayaa xitaa xiiso u leh ujeedooyinka tababarka - maadaama aad qaadi karto taraafikada, iwm.

Maadaama aan kaliya u baahanahay inaan aragno qaybta aasaasiga ah, ma isticmaali karno shabakado dhowr ah, laakiin kor u qaad wax kasta oo isticmaalaya laba shabakadood oo keliya, iyo shabakadda labaad ee qaabkan waxaa loo isticmaali doonaa si gaar ah si loo galo server-ka hoose iyo DNS. Ma taaban doono shabakadaha dibadda hadda - tani waa mawduuc loogu talagalay maqaal weyn oo gaar ah.

Haddaba, aan si habsami leh u bilowno. Marka hore, aragti yar. Waxaan ku rakibi doonaa Opentack anagoo adeegsanayna TripleO (Openstack on Openstack). Nuxurka TripleO waa in aan ku rakibno Opentack all-in-one (taas oo ah, hal noode), oo loo yaqaan 'undercloud', ka dibna aan isticmaalno awoodaha Opentack la geeyay si aan u rakibno Opentack loogu talagalay in lagu shaqeeyo, oo loo yaqaan overcloud. Undercloud waxay isticmaali doontaa awooddeeda asalka ah si ay u maamusho server-yada jirka (biraha qaawan) - mashruuca Ironic - si ay u bixiso hypervisors kuwaas oo fulin doona doorarka xisaabinta, xakamaynta, noodhka kaydinta. Taasi waa, ma isticmaalno wax qalab dhinac saddexaad ah si aan u dirno Opentack - waxaan geynaa Opentack anagoo adeegsanayna Opentack. Waxay noqon doontaa mid aad u cad marka rakibiddu sii socoto, sidaas darteed kuma joogsaneyno halkaas oo hore uma socon doono.

Fiiro gaar ah: Maqaalkan, fududaynta aawadood, uma isticmaalin go'doominta shabakadaha shabakadaha gudaha ee Opentack, laakiin wax walba waxaa la geeyaa hal shabakad oo keliya. Si kastaba ha noqotee, joogitaanka ama maqnaanshaha go'doominta shabakada ma saameynayso shaqada aasaasiga ah ee xalka - wax walba waxay u shaqeyn doonaan si la mid ah marka la isticmaalayo go'doomin, laakiin taraafikada ayaa ku qulqulaya shabakad isku mid ah. Ku rakibida ganacsi, dabiici ahaan waa lagama maarmaan in la isticmaalo go'doomin iyadoo la adeegsanayo vlans iyo interfaces kala duwan. Tusaale ahaan, taraafikada maamulka kaydinta ceph iyo taraafikada xogta lafteeda (mashiinka gelitaanka saxannada, iwm.) marka la go'doomiyo isticmaal subnets kala duwan (Maareynta Kaydinta iyo Kaydinta) tani waxay kuu oggolaaneysaa inaad ka dhigto xalka mid u dulqaadan kara qaladka adoo qaybinaya taraafikadan, tusaale ahaan. , dhammaan dekedo kala duwan, ama isticmaalka profiles QoS kala duwan ee taraafikada kala duwan si taraafikada xogta aysan u saarin taraafikada calaamadaha. Xaaladeena, waxay ku socon doonaan shabakad isku mid ah oo dhab ahaantii tani naguma xaddidayso sinaba.

Fiiro gaar ah: Mar haddii aan ku shaqayn doonno mashiinnada farsamada gacanta ee jawi macmal ah oo ku salaysan mashiinnada farsamada gacanta, waxaan marka hore u baahannahay inaan awoodno ku-meel-gaarnimada.

Waxaad eegi kartaa in hab-sami-u-yeelaynta sahal-ku-galka ah la furay iyo in kale:

[root@hp-gen9 bormoglotx]# cat /sys/module/kvm_intel/parameters/nested
N
[root@hp-gen9 bormoglotx]# 

Haddii aad aragto xarafka N, markaa waxaan awood u siineynaa taageerada ku-meel-gaadhka ah ee ku-meel-gaadhka ah sida waafaqsan tilmaan kasta oo aad ka hesho shabakadda, tusaale ahaan. sida .

Waxaan u baahanahay inaan ka soo ururinno wareegga soo socda mashiinnada farsamada:

Xaaladdayda, si aan ugu xidho mashiinnada farsamada ee qayb ka ah rakibidda mustaqbalka (oo waxaan helay 7, laakiin waxaad ku heli kartaa 4 haddii aadan haysan kheyraad badan), waxaan isticmaalay OpenvSwitch. Waxaan abuuray hal buundo oo ovs ah waxaanan ku xidhay mashiinada farsamada gacanta iyada oo loo sii marayo kooxo-dekedo. Si tan loo sameeyo, waxaan sameeyay faylka xml sidan oo kale:

[root@hp-gen9 ~]# virsh net-dumpxml ovs-network-1        
<network>
  <name>ovs-network-1</name>
  <uuid>7a2e7de7-fc16-4e00-b1ed-4d190133af67</uuid>
  <forward mode='bridge'/>
  <bridge name='ovs-br1'/>
  <virtualport type='openvswitch'/>
  <portgroup name='trunk-1'>
    <vlan trunk='yes'>
      <tag id='100'/>
      <tag id='101'/>
      <tag id='102'/>
    </vlan>
  </portgroup>
  <portgroup name='access-100'>
    <vlan>
      <tag id='100'/>
    </vlan>
  </portgroup>
  <portgroup name='access-101'>
    <vlan>
      <tag id='101'/>
    </vlan>
  </portgroup>
</network>

Saddex kooxood oo deked ah ayaa halkan lagaga dhawaaqay - laba gelid iyo hal jir (kan dambe ayaa loo baahnaa server-ka DNS, laakiin waad samayn kartaa la'aanteed, ama ku rakib mashiinka martida loo yahay - hadba kan kugu habboon). Marka xigta, annagoo adeegsanayna qaab-dhismeedkan, waxaan ku cadeyneynaa keenna anagoo adeegsanayna virsh net-define:

virsh net-define ovs-network-1.xml 
virsh net-start ovs-network-1 
virsh net-autostart ovs-network-1 

Hadda waxaan tafatireynaa qaabeynta dekedda hypervisor:

[root@hp-gen9 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens1f0   
TYPE=Ethernet
NAME=ens1f0
DEVICE=ens1f0
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=ovs-br1
ONBOOT=yes
OVS_OPTIONS="trunk=100,101,102"
[root@hp-gen9 ~]
[root@hp-gen9 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ovs-br1 
DEVICE=ovs-br1
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.255.200
PREFIX=24
[root@hp-gen9 ~]# 

Fiiro gaar ah: xaaladdan, ciwaanka ku yaal dekedda ovs-br1 lama heli doono sababtoo ah ma laha calaamad vlan ah. Si taas loo hagaajiyo, waxaad u baahan tahay inaad soo saarto amarka sudo ovs-vsctl set port ovs-br1 tag=100. Si kastaba ha noqotee, ka dib dib-u-kicinta, sumaddan way baaba'aysaa (haddii qof kastaa garanayo sida loo sii joogo, aad baan ugu mahadcelin doonaa). Laakiin tani maahan mid aad muhiim u ah, sababtoo ah waxaan kaliya u baahan doonaa ciwaanka inta lagu jiro rakibidda mana u baahan doono marka Opentack si buuxda loo geeyo.

Marka xigta, waxaan abuurnaa mashiinka daruuraha hoostiisa:

virt-install  -n undercloud --description "undercloud"  --os-type=Linux  --os-variant=centos7.0  --ram=8192  --vcpus=8  --disk path=/var/lib/libvirt/images/undercloud.qcow2,bus=virtio,size=40,format=qcow2 --network network:ovs-network-1,model=virtio,portgroup=access-100 --network network:ovs-network-1,model=virtio,portgroup=access-101 --graphics none  --location /var/lib/libvirt/boot/CentOS-7-x86_64-Minimal-2003.iso --extra-args console=ttyS0

Inta lagu jiro rakibidda, waxaad dejisaa dhammaan xuduudaha lagama maarmaanka ah, sida magaca mashiinka, ereyada sirta ah, isticmaalayaasha, server-yada ntp, iwm. Console oo sax faylasha lagama maarmaanka ah. Haddii aad hore u haysatid sawir diyaarsan, waad isticmaali kartaa, ama samayn kartaa wixii aan sameeyay - soo deji sawirka ugu yar ee Centos 7 oo isticmaal si aad ugu rakibto VM-ka.

Ka dib markii si guul leh loo rakibo, waa inaad haysataa mashiinka farsamada ah kaas oo aad ku rakibi karto hoosta

[root@hp-gen9 bormoglotx]# virsh list
 Id    Name                           State
----------------------------------------------------
 6     dns-server                     running
 62    undercloud                     running

Marka hore, ku rakib qalabka lagama maarmaanka u ah habka rakibidda:

sudo yum update -y
sudo yum install -y net-tools
sudo yum install -y wget
sudo yum install -y ipmitool

Ku rakibida Undercloud

Waxaan abuurnaa isticmaale xirmo, dejinno furaha sirta ah, ku dar sudoer oo aan siino awood uu ku fuliyo amarrada xididka iyada oo loo marayo sudo adoon gelin furaha sirta ah:

useradd stack
passwd stack

echo “stack ALL=(root) NOPASSWD:ALL” > /etc/sudoers.d/stack
chmod 0440 /etc/sudoers.d/stack

Hadda waxaan ku qeexnay magaca buuxa ee Cloud-ka ee faylka martida loo yahay:

vi /etc/hosts

127.0.0.1   undercloud.openstack.rnd localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

Marka xigta, waxaan ku darnaa bakhaarro waxaana ku rakibnaa software-ka aan u baahanahay:

sudo yum install -y https://trunk.rdoproject.org/centos7/current/python2-tripleo-repos-0.0.1-0.20200409224957.8bac392.el7.noarch.rpm
sudo -E tripleo-repos -b queens current
sudo -E tripleo-repos -b queens current ceph
sudo yum install -y python-tripleoclient
sudo yum install -y ceph-ansible

Fiiro gaar ah: haddii aadan qorsheyneynin inaad ku rakibto ceph, markaa uma baahnid inaad geliso amarrada la xiriira ceph. Waxaan isticmaalay siidaynta Queens, laakiin waxaad isticmaali kartaa mid kasta oo kale oo aad jeceshahay.

Marka xigta, koobi ka samee faylka qaabeynta Cloud-ka kaydka tusaha guriga ee isticmaalaha:

cp /usr/share/instack-undercloud/undercloud.conf.sample ~/undercloud.conf

Hadda waxaan u baahanahay inaan saxno faylkan, anagoo ku hagaajineyna rakibadeena.

Waxaad u baahan tahay inaad ku darto sadarradan bilowga faylka:

vi undercloud.conf
[DEFAULT]
undercloud_hostname = undercloud.openstack.rnd
local_ip = 192.168.255.1/24
network_gateway = 192.168.255.1
undercloud_public_host = 192.168.255.2
undercloud_admin_host = 192.168.255.3
undercloud_nameservers = 192.168.255.253
generate_service_certificate = false
local_interface = eth0
local_mtu = 1450
network_cidr = 192.168.255.0/24
masquerade = true
masquerade_network = 192.168.255.0/24
dhcp_start = 192.168.255.11
dhcp_end = 192.168.255.50
inspection_iprange = 192.168.255.51,192.168.255.100
scheduler_max_attempts = 10

Haddaba, aynu dhex marno goobaha:

undercloud_hostname - Magaca buuxa ee server-ka Cloud-ka, waa inuu u dhigmaa gelitaanka server-ka DNS

local_ip - ciwaanka hoose ee gudaha ee ku wajahan bixinta shabakada

network_gateway - isla cinwaanka maxalliga ah, kaas oo u dhaqmi doona sidii albaab laga soo galo adduunka ka baxsan inta lagu jiro rakibidda noodhadhka daruuraha, sidoo kale waxay ku beegan tahay ip maxalliga ah.

undercloud_public_host - Cinwaanka API dibadda ah, ciwaan kasta oo bilaash ah oo ka socda shabakadda bixinta ayaa loo qoondeeyay

undercloud_admin_host Cinwaanka API gudaha, ciwaan kasta oo bilaash ah oo ka socda shabakadda bixinta ayaa loo qoondeeyay

undercloud_nameservers - server-ka DNS

soo saar_adeegga_shahaadad - line-kani aad buu muhiim ugu yahay tusaalaha hadda jira, sababtoo ah haddii aadan u dhigin been, waxaad heli doontaa qalad inta lagu jiro rakibidda, dhibaatada waxaa lagu qeexay tracker Koofiyadaha Cas.

interface_ local interface ee bixinta shabakadda. Interface-kan waxa dib loo habayn doonaa inta lagu jiro hawlgelinta daruuraha, marka waxaad u baahan tahay inaad leedahay laba is-dhexgal oo ku dhex jira daruuraha - mid si aad u gasho, kan labaad ee bixinta

local_mtu - MTU. Mar haddii aan haysano shaybaar tijaabo ah oo aan haysto MTU oo ah 1500 oo ku yaal dekedaha beddelka OVS, waa lagama maarmaan in la dhigo 1450 si baakadaha ku jira VxLAN ay u gudbaan.

network_cidr - shabakad bixinta

masquerade Isticmaalka NAT si aad u gasho shabakad dibadda ah

masquerade_network - network in la NATed doonaa

dhcp_bilow - ciwaanka bilawga barkada ciwaanka kaas oo ciwaanada lagu meelayn doono nood inta lagu jiro meelaynta daruuraha

dhcp_dhammaad - ciwaanka ugu dambeeya ee barkada ciwaanka kaas oo ciwaanada lagu meelayn doono noodhka inta lagu jiro meelaynta daruuraha

kormeer_iprange - barkada ciwaanka ee lagama maarmaanka u ah is dhexgalka (waa in aan la isku dhejin barkadda sare)

jadwal_max_isku dayo - tirada ugu badan ee isku dayga lagu rakibo Cloud-ka (waa in ay ka badan tahay ama la mid tahay tirada noodhka)

Ka dib markii faylka la sharraxo, waxaad bixin kartaa amarka si aad u dirto undercloud:

openstack undercloud install

Nidaamku wuxuu qaadanayaa 10 ilaa 30 daqiiqo iyadoo ku xiran birtaada. Ugu dambeyntii waa inaad aragto wax soo saarka sida tan:

vi undercloud.conf
2020-08-13 23:13:12,668 INFO: 
#############################################################################
Undercloud install complete.

The file containing this installation's passwords is at
/home/stack/undercloud-passwords.conf.

There is also a stackrc file at /home/stack/stackrc.

These files are needed to interact with the OpenStack services, and should be
secured.

#############################################################################

Soo-saarkani waxa uu sheegayaa in aad si guul leh ugu rakibtay Cloud-ka oo aad hadda hubin kartaa heerka Cloud-ka oo aad sii waddo rakibidda Cloud-ka.

Haddii aad eegto wax soo saarka ifconfig, waxaad arki doontaa in interface cusub ee buundada soo muuqday

[stack@undercloud ~]$ ifconfig
br-ctlplane: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 192.168.255.1  netmask 255.255.255.0  broadcast 192.168.255.255
        inet6 fe80::5054:ff:fe2c:89e  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:2c:08:9e  txqueuelen 1000  (Ethernet)
        RX packets 14  bytes 1095 (1.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 20  bytes 1292 (1.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Gelitaanka Cloud-ka ayaa hadda lagu fulin doonaa interface-kan.

Wax soo saarka hoose waxaad ka arki kartaa in aan dhammaan adeegyada ku leenahay hal noode:

(undercloud) [stack@undercloud ~]$ openstack host list
+--------------------------+-----------+----------+
| Host Name                | Service   | Zone     |
+--------------------------+-----------+----------+
| undercloud.openstack.rnd | conductor | internal |
| undercloud.openstack.rnd | scheduler | internal |
| undercloud.openstack.rnd | compute   | nova     |
+--------------------------+-----------+----------+

Hoos waxaa ku yaal qaabeynta qaybta shabakadda daruuraha:

(undercloud) [stack@undercloud ~]$ python -m json.tool /etc/os-net-config/config.json 
{
    "network_config": [
        {
            "addresses": [
                {
                    "ip_netmask": "192.168.255.1/24"
                }
            ],
            "members": [
                {
                    "dns_servers": [
                        "192.168.255.253"
                    ],
                    "mtu": 1450,
                    "name": "eth0",
                    "primary": "true",
                    "type": "interface"
                }
            ],
            "mtu": 1450,
            "name": "br-ctlplane",
            "ovs_extra": [
                "br-set-external-id br-ctlplane bridge-id br-ctlplane"
            ],
            "routes": [],
            "type": "ovs_bridge"
        }
    ]
}
(undercloud) [stack@undercloud ~]$

Rakibaadda daruuraha

Waqtigan xaadirka ah waxaan haynaa oo kaliya daruuro hoose, mana hayno noodo ku filan oo daruuraha laga soo ururin doono. Sidaa darteed, marka hore, aynu geyno mashiinnada farsamada ee aan u baahanahay. Inta lagu guda jiro hawlgalka, undercloud laftiisa ayaa rakibi doona OS iyo software lagama maarmaanka ah mashiinka overcloud - taas oo ah, uma baahnid inaan si buuxda u geyno mashiinka, laakiin kaliya u samee disk (ama disks) isaga oo go'aaminaya cabbirkiisa - taasi waa. , run ahaantii, waxaan helnaa server qaawan oo aan OS lagu rakibin.

Aan tagno galka leh saxannada mashiinnadayada farsamada gacanta oo aan abuurno saxanooyin cabbirka loo baahan yahay:

cd /var/lib/libvirt/images/
qemu-img create -f qcow2 -o preallocation=metadata control-1.qcow2 60G
qemu-img create -f qcow2 -o preallocation=metadata compute-1.qcow2 60G
qemu-img create -f qcow2 -o preallocation=metadata compute-2.qcow2 60G
qemu-img create -f qcow2 -o preallocation=metadata storage-1.qcow2 160G
qemu-img create -f qcow2 -o preallocation=metadata storage-2.qcow2 160G

Maadaama aan u shaqeyneyno sida xidid, waxaan u baahanahay inaan bedelno milkiilaha saxannadan si aysan dhibaato uga helin xuquuqaha:

[root@hp-gen9 images]# ls -lh
total 5.8G
drwxr-xr-x. 2 qemu qemu 4.0K Aug 13 16:15 backups
-rw-r--r--. 1 root root  61G Aug 14 03:07 compute-1.qcow2
-rw-r--r--. 1 root root  61G Aug 14 03:07 compute-2.qcow2
-rw-r--r--. 1 root root  61G Aug 14 03:07 control-1.qcow2
-rw-------. 1 qemu qemu  41G Aug 14 03:03 dns-server.qcow2
-rw-r--r--. 1 root root 161G Aug 14 03:07 storage-1.qcow2
-rw-r--r--. 1 root root 161G Aug 14 03:07 storage-2.qcow2
-rw-------. 1 qemu qemu  41G Aug 14 03:07 undercloud.qcow2
[root@hp-gen9 images]# 
[root@hp-gen9 images]# 
[root@hp-gen9 images]# chown qemu:qemu /var/lib/libvirt/images/*qcow2
[root@hp-gen9 images]# ls -lh
total 5.8G
drwxr-xr-x. 2 qemu qemu 4.0K Aug 13 16:15 backups
-rw-r--r--. 1 qemu qemu  61G Aug 14 03:07 compute-1.qcow2
-rw-r--r--. 1 qemu qemu  61G Aug 14 03:07 compute-2.qcow2
-rw-r--r--. 1 qemu qemu  61G Aug 14 03:07 control-1.qcow2
-rw-------. 1 qemu qemu  41G Aug 14 03:03 dns-server.qcow2
-rw-r--r--. 1 qemu qemu 161G Aug 14 03:07 storage-1.qcow2
-rw-r--r--. 1 qemu qemu 161G Aug 14 03:07 storage-2.qcow2
-rw-------. 1 qemu qemu  41G Aug 14 03:08 undercloud.qcow2
[root@hp-gen9 images]# 

Fiiro gaar ah: haddii aadan qorsheyneynin inaad ku rakibto ceph si aad u barato, markaa amarrada ma abuuraan ugu yaraan 3 noode oo leh ugu yaraan laba saxan, laakiin qaab-dhismeedka waxay muujinayaan in diskooga vda, vdb, iwm la isticmaali doono.

Way fiicantahay, hadda waxaan u baahanahay inaan qeexno dhammaan mashiinadan:

virt-install --name control-1 --ram 32768 --vcpus 8 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/control-1.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc  --network network:ovs-network-1,model=virtio,portgroup=access-100 --network network:ovs-network-1,model=virtio,portgroup=trunk-1 --dry-run --print-xml > /tmp/control-1.xml  

virt-install --name storage-1 --ram 16384 --vcpus 4 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/storage-1.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc  --network network:ovs-network-1,model=virtio,portgroup=access-100 --dry-run --print-xml > /tmp/storage-1.xml  

virt-install --name storage-2 --ram 16384 --vcpus 4 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/storage-2.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc  --network network:ovs-network-1,model=virtio,portgroup=access-100 --dry-run --print-xml > /tmp/storage-2.xml  

virt-install --name compute-1 --ram 32768 --vcpus 12 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/compute-1.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc  --network network:ovs-network-1,model=virtio,portgroup=access-100 --dry-run --print-xml > /tmp/compute-1.xml  

virt-install --name compute-2 --ram 32768 --vcpus 12 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/compute-2.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc  --network network:ovs-network-1,model=virtio,portgroup=access-100 --dry-run --print-xml > /tmp/compute-2.xml 

Dhamaadka waxaa jira amar -print-xml> /tmp/storage-1.xml, kaas oo abuuraya faylka xml oo leh sharraxaad mashiinka kasta oo ku jira faylka /tmp/, haddii aadan ku darin, ma ahaan doontid. awood u leh inuu aqoonsado mishiinnada casriga ah.

Hadda waxaan u baahanahay inaan ku qeexno dhammaan mashiinnadan virsh:

virsh define --file /tmp/control-1.xml
virsh define --file /tmp/compute-1.xml
virsh define --file /tmp/compute-2.xml
virsh define --file /tmp/storage-1.xml
virsh define --file /tmp/storage-2.xml

[root@hp-gen9 ~]# virsh list --all
 Id    Name                           State
----------------------------------------------------
 6     dns-server                     running
 64    undercloud                     running
 -     compute-1                      shut off
 -     compute-2                      shut off
 -     control-1                      shut off
 -     storage-1                      shut off
 -     storage-2                      shut off

[root@hp-gen9 ~]#

Hadda nuance yar - tripleO waxay isticmaashaa IPMI si ay u maamusho server-yada inta lagu jiro rakibidda iyo kormeerka.

Introspection waa habka lagu baadho qalabka si loo helo cabbiraadiisa lagama maarmaanka u ah bixinta noodhka dheeraadka ah. Introspection waxaa lagu fuliyaa iyadoo la isticmaalayo birta, adeeg loogu talagalay in lagu shaqeeyo server-yada birta ah ee qaawan.

Laakiin halkan waa dhibka - halka qalabka IPMI server-yada ay leeyihiin deked gaar ah (ama deked la wadaago, laakiin tani maahan mid muhiim ah), markaa mashiinnada farsamada ma laha dekedahaas. Halkan waxaa noo soo gelaya ul la yiraahdo vbmc - waa utility kuu ogolaanaya inaad ku daydaan dekedda IPMI. Nuance Tani waxay mudan tahay in fiiro gaar ah loo yeesho gaar ahaan kuwa doonaya inay dejiyaan shaybaarka noocan oo kale ah ee ESXI hypervisor - si daacad ah, ma garanayo inay leedahay analoog ah vbmc, markaa waxaa habboon in la yaabo arrintan ka hor inta aan la geynin wax walba. .

Ku rakib vbmc:

yum install yum install python2-virtualbmc

Haddii OS-kaagu aanu heli karin xirmada, dabadeed ku dar kaydka:

yum install -y https://www.rdoproject.org/repos/rdo-release.rpm

Hadda waxaan dejinay utility. Wax walba halkan waa banal ilaa heer ceeb. Hadda waa macquul in aysan jirin wax server ah oo ku jira liiska vbmc

[root@hp-gen9 ~]# vbmc list

[root@hp-gen9 ~]# 

Si ay u soo baxaan, waa in lagu caddeeyaa gacanta sida tan:

[root@hp-gen9 ~]# vbmc add control-1 --port 7001 --username admin --password admin
[root@hp-gen9 ~]# vbmc add storage-1 --port 7002 --username admin --password admin
[root@hp-gen9 ~]# vbmc add storage-2 --port 7003 --username admin --password admin
[root@hp-gen9 ~]# vbmc add compute-1 --port 7004 --username admin --password admin
[root@hp-gen9 ~]# vbmc add compute-2 --port 7005 --username admin --password admin
[root@hp-gen9 ~]#
[root@hp-gen9 ~]# vbmc list
+-------------+--------+---------+------+
| Domain name | Status | Address | Port |
+-------------+--------+---------+------+
| compute-1   | down   | ::      | 7004 |
| compute-2   | down   | ::      | 7005 |
| control-1   | down   | ::      | 7001 |
| storage-1   | down   | ::      | 7002 |
| storage-2   | down   | ::      | 7003 |
+-------------+--------+---------+------+
[root@hp-gen9 ~]#

Waxaan u maleynayaa in ereyga amarku uu cad yahay sharraxaad la'aan. Si kastaba ha ahaatee, hadda dhammaan fadhiyadayadu waxay ku sugan yihiin heerka HOOSE. Si ay ugu guuraan heerka UP, waxaad u baahan tahay inaad awood u siiso:

[root@hp-gen9 ~]# vbmc start control-1
2020-08-14 03:15:57,826.826 13149 INFO VirtualBMC [-] Started vBMC instance for domain control-1
[root@hp-gen9 ~]# vbmc start storage-1 
2020-08-14 03:15:58,316.316 13149 INFO VirtualBMC [-] Started vBMC instance for domain storage-1
[root@hp-gen9 ~]# vbmc start storage-2
2020-08-14 03:15:58,851.851 13149 INFO VirtualBMC [-] Started vBMC instance for domain storage-2
[root@hp-gen9 ~]# vbmc start compute-1
2020-08-14 03:15:59,307.307 13149 INFO VirtualBMC [-] Started vBMC instance for domain compute-1
[root@hp-gen9 ~]# vbmc start compute-2
2020-08-14 03:15:59,712.712 13149 INFO VirtualBMC [-] Started vBMC instance for domain compute-2
[root@hp-gen9 ~]# 
[root@hp-gen9 ~]# 
[root@hp-gen9 ~]# vbmc list
+-------------+---------+---------+------+
| Domain name | Status  | Address | Port |
+-------------+---------+---------+------+
| compute-1   | running | ::      | 7004 |
| compute-2   | running | ::      | 7005 |
| control-1   | running | ::      | 7001 |
| storage-1   | running | ::      | 7002 |
| storage-2   | running | ::      | 7003 |
+-------------+---------+---------+------+
[root@hp-gen9 ~]#

Iyo taabashada kama dambaysta ah - waxaad u baahan tahay inaad saxdo xeerarka dab-damiska (ama gebi ahaanba jooji):

firewall-cmd --zone=public --add-port=7001/udp --permanent
firewall-cmd --zone=public --add-port=7002/udp --permanent
firewall-cmd --zone=public --add-port=7003/udp --permanent
firewall-cmd --zone=public --add-port=7004/udp --permanent
firewall-cmd --zone=public --add-port=7005/udp --permanent
firewall-cmd --reload

Hadda aan tagno daruuraha oo aan hubinno in wax walba ay shaqeynayaan. Cinwaanka mashiinka martida loo yahay waa 192.168.255.200, oo ku hoos jira Cloud waxaan ku darnay xirmada ipmitool ee lagama maarmaanka ah inta lagu jiro diyaarinta geynta:

[stack@undercloud ~]$ ipmitool -I lanplus -U admin -P admin -H 192.168.255.200 -p 7001 power status          
Chassis Power is off
[stack@undercloud ~]$ ipmitool -I lanplus -U admin -P admin -H 192.168.255.200 -p 7001 power on
Chassis Power Control: Up/On
[stack@undercloud ~]$ 

[root@hp-gen9 ~]# virsh list 
 Id    Name                           State
----------------------------------------------------
 6     dns-server                     running
 64    undercloud                     running
 65    control-1                      running

Sida aad arki karto, waxaan si guul leh u bilownay noodhka xakamaynta iyada oo loo sii marayo vbmc. Hadda aan damino oo aan dhaqaaqno:

[stack@undercloud ~]$ ipmitool -I lanplus -U admin -P admin -H 192.168.255.200 -p 7001 power off
Chassis Power Control: Down/Off
[stack@undercloud ~]$ ipmitool -I lanplus -U admin -P admin -H 192.168.255.200 -p 7001 power status
Chassis Power is off
[stack@undercloud ~]$ 

[root@hp-gen9 ~]# virsh list --all
 Id    Name                           State
----------------------------------------------------
 6     dns-server                     running
 64    undercloud                     running
 -     compute-1                      shut off
 -     compute-2                      shut off
 -     control-1                      shut off
 -     storage-1                      shut off
 -     storage-2                      shut off

[root@hp-gen9 ~]#

Talaabada xigtaa waa u fiirsiga noodhka kaas oo daruuro xad dhaaf ah lagu rakibi doono. Si tan loo sameeyo, waxaan u baahanahay inaan diyaarino faylka json oo leh sharraxaad noodhadhkayaga. Fadlan la soco in, si ka duwan ku rakibida server-yada qaawan, feylku wuxuu tilmaamayaa dekedda ay vbmc ku socoto mishiin kasta.

[root@hp-gen9 ~]# virsh domiflist --domain control-1 
Interface  Type       Source     Model       MAC
-------------------------------------------------------
-          network    ovs-network-1 virtio      52:54:00:20:a2:2f
-          network    ovs-network-1 virtio      52:54:00:3f:87:9f

[root@hp-gen9 ~]# virsh domiflist --domain compute-1
Interface  Type       Source     Model       MAC
-------------------------------------------------------
-          network    ovs-network-1 virtio      52:54:00:98:e9:d6

[root@hp-gen9 ~]# virsh domiflist --domain compute-2
Interface  Type       Source     Model       MAC
-------------------------------------------------------
-          network    ovs-network-1 virtio      52:54:00:6a:ea:be

[root@hp-gen9 ~]# virsh domiflist --domain storage-1
Interface  Type       Source     Model       MAC
-------------------------------------------------------
-          network    ovs-network-1 virtio      52:54:00:79:0b:cb

[root@hp-gen9 ~]# virsh domiflist --domain storage-2
Interface  Type       Source     Model       MAC
-------------------------------------------------------
-          network    ovs-network-1 virtio      52:54:00:a7:fe:27

Fiiro gaar ah: noodhka xakamaynta wuxuu leeyahay laba is-dhexgal, laakiin kiiskan tani maaha mid muhiim ah, rakibaaddan mid ayaa nagu filan.

Hadda waxaan diyaarineynaa faylka json. Waxaan u baahanahay inaan tilmaamno ciwaanka poppy ee dekedda kaas oo bixinta lagu fulin doono, xuduudaha qanjidhada, siiya magacyo oo muuji sida loo tago ipmi:

{
    "nodes":[
        {
            "mac":[
                "52:54:00:20:a2:2f"
            ],
            "cpu":"8",
            "memory":"32768",
            "disk":"60",
            "arch":"x86_64",
            "name":"control-1",
            "pm_type":"pxe_ipmitool",
            "pm_user":"admin",
            "pm_password":"admin",
            "pm_addr":"192.168.255.200",
            "pm_port":"7001"
        },
        {
            "mac":[
                "52:54:00:79:0b:cb"
            ],
            "cpu":"4",
            "memory":"16384",
            "disk":"160",
            "arch":"x86_64",
            "name":"storage-1",
            "pm_type":"pxe_ipmitool",
            "pm_user":"admin",
            "pm_password":"admin",
            "pm_addr":"192.168.255.200",
            "pm_port":"7002"
        },
        {
            "mac":[
                "52:54:00:a7:fe:27"
            ],
            "cpu":"4",
            "memory":"16384",
            "disk":"160",
            "arch":"x86_64",
            "name":"storage-2",
            "pm_type":"pxe_ipmitool",
            "pm_user":"admin",
            "pm_password":"admin",
            "pm_addr":"192.168.255.200",
            "pm_port":"7003"
        },
        {
            "mac":[
                "52:54:00:98:e9:d6"
            ],
            "cpu":"12",
            "memory":"32768",
            "disk":"60",
            "arch":"x86_64",
            "name":"compute-1",
            "pm_type":"pxe_ipmitool",
            "pm_user":"admin",
            "pm_password":"admin",
            "pm_addr":"192.168.255.200",
            "pm_port":"7004"
        },
        {
            "mac":[
                "52:54:00:6a:ea:be"
            ],
            "cpu":"12",
            "memory":"32768",
            "disk":"60",
            "arch":"x86_64",
            "name":"compute-2",
            "pm_type":"pxe_ipmitool",
            "pm_user":"admin",
            "pm_password":"admin",
            "pm_addr":"192.168.255.200",
            "pm_port":"7005"
        }
    ]
}

Hadda waxaan u baahanahay inaan u diyaarino sawirada birta ah. Si tan loo sameeyo, u soo deji iyaga wget oo ku rakib:

(undercloud) [stack@undercloud ~]$ sudo wget https://images.rdoproject.org/queens/delorean/current-tripleo-rdo/overcloud-full.tar --no-check-certificate
(undercloud) [stack@undercloud ~]$ sudo wget https://images.rdoproject.org/queens/delorean/current-tripleo-rdo/ironic-python-agent.tar --no-check-certificate
(undercloud) [stack@undercloud ~]$ ls -lh
total 1.9G
-rw-r--r--. 1 stack stack 447M Aug 14 10:26 ironic-python-agent.tar
-rw-r--r--. 1 stack stack 1.5G Aug 14 10:26 overcloud-full.tar
-rw-------. 1 stack stack  916 Aug 13 23:10 stackrc
-rw-r--r--. 1 stack stack  15K Aug 13 22:50 undercloud.conf
-rw-------. 1 stack stack 2.0K Aug 13 22:50 undercloud-passwords.conf
(undercloud) [stack@undercloud ~]$ mkdir images/
(undercloud) [stack@undercloud ~]$ tar -xpvf ironic-python-agent.tar -C ~/images/
ironic-python-agent.initramfs
ironic-python-agent.kernel
(undercloud) [stack@undercloud ~]$ tar -xpvf overcloud-full.tar -C ~/images/                       
overcloud-full.qcow2
overcloud-full.initrd
overcloud-full.vmlinuz
(undercloud) [stack@undercloud ~]$ 
(undercloud) [stack@undercloud ~]$ ls -lh images/
total 1.9G
-rw-rw-r--. 1 stack stack 441M Aug 12 17:24 ironic-python-agent.initramfs
-rwxr-xr-x. 1 stack stack 6.5M Aug 12 17:24 ironic-python-agent.kernel
-rw-r--r--. 1 stack stack  53M Aug 12 17:14 overcloud-full.initrd
-rw-r--r--. 1 stack stack 1.4G Aug 12 17:18 overcloud-full.qcow2
-rwxr-xr-x. 1 stack stack 6.5M Aug 12 17:14 overcloud-full.vmlinuz
(undercloud) [stack@undercloud ~]$

U soo raritaanka sawirada daruuraha hoose:

(undercloud) [stack@undercloud ~]$ openstack overcloud image upload --image-path ~/images/
Image "overcloud-full-vmlinuz" was uploaded.
+--------------------------------------+------------------------+-------------+---------+--------+
|                  ID                  |          Name          | Disk Format |   Size  | Status |
+--------------------------------------+------------------------+-------------+---------+--------+
| c2553770-3e0f-4750-b46b-138855b5c385 | overcloud-full-vmlinuz |     aki     | 6761064 | active |
+--------------------------------------+------------------------+-------------+---------+--------+
Image "overcloud-full-initrd" was uploaded.
+--------------------------------------+-----------------------+-------------+----------+--------+
|                  ID                  |          Name         | Disk Format |   Size   | Status |
+--------------------------------------+-----------------------+-------------+----------+--------+
| 949984e0-4932-4e71-af43-d67a38c3dc89 | overcloud-full-initrd |     ari     | 55183045 | active |
+--------------------------------------+-----------------------+-------------+----------+--------+
Image "overcloud-full" was uploaded.
+--------------------------------------+----------------+-------------+------------+--------+
|                  ID                  |      Name      | Disk Format |    Size    | Status |
+--------------------------------------+----------------+-------------+------------+--------+
| a2f2096d-c9d7-429a-b866-c7543c02a380 | overcloud-full |    qcow2    | 1487475712 | active |
+--------------------------------------+----------------+-------------+------------+--------+
Image "bm-deploy-kernel" was uploaded.
+--------------------------------------+------------------+-------------+---------+--------+
|                  ID                  |       Name       | Disk Format |   Size  | Status |
+--------------------------------------+------------------+-------------+---------+--------+
| e413aa78-e38f-404c-bbaf-93e582a8e67f | bm-deploy-kernel |     aki     | 6761064 | active |
+--------------------------------------+------------------+-------------+---------+--------+
Image "bm-deploy-ramdisk" was uploaded.
+--------------------------------------+-------------------+-------------+-----------+--------+
|                  ID                  |        Name       | Disk Format |    Size   | Status |
+--------------------------------------+-------------------+-------------+-----------+--------+
| 5cf3aba4-0e50-45d3-929f-27f025dd6ce3 | bm-deploy-ramdisk |     ari     | 461759376 | active |
+--------------------------------------+-------------------+-------------+-----------+--------+
(undercloud) [stack@undercloud ~]$

Hubinta in dhammaan sawiradu ay rareen

(undercloud) [stack@undercloud ~]$  openstack image list
+--------------------------------------+------------------------+--------+
| ID                                   | Name                   | Status |
+--------------------------------------+------------------------+--------+
| e413aa78-e38f-404c-bbaf-93e582a8e67f | bm-deploy-kernel       | active |
| 5cf3aba4-0e50-45d3-929f-27f025dd6ce3 | bm-deploy-ramdisk      | active |
| a2f2096d-c9d7-429a-b866-c7543c02a380 | overcloud-full         | active |
| 949984e0-4932-4e71-af43-d67a38c3dc89 | overcloud-full-initrd  | active |
| c2553770-3e0f-4750-b46b-138855b5c385 | overcloud-full-vmlinuz | active |
+--------------------------------------+------------------------+--------+
(undercloud) [stack@undercloud ~]$

Hal shay oo kale - waxaad u baahan tahay inaad ku darto server DNS:

(undercloud) [stack@undercloud ~]$ openstack subnet list
+--------------------------------------+-----------------+--------------------------------------+------------------+
| ID                                   | Name            | Network                              | Subnet           |
+--------------------------------------+-----------------+--------------------------------------+------------------+
| f45dea46-4066-42aa-a3c4-6f84b8120cab | ctlplane-subnet | 6ca013dc-41c2-42d8-9d69-542afad53392 | 192.168.255.0/24 |
+--------------------------------------+-----------------+--------------------------------------+------------------+
(undercloud) [stack@undercloud ~]$ openstack subnet show f45dea46-4066-42aa-a3c4-6f84b8120cab
+-------------------+-----------------------------------------------------------+
| Field             | Value                                                     |
+-------------------+-----------------------------------------------------------+
| allocation_pools  | 192.168.255.11-192.168.255.50                             |
| cidr              | 192.168.255.0/24                                          |
| created_at        | 2020-08-13T20:10:37Z                                      |
| description       |                                                           |
| dns_nameservers   |                                                           |
| enable_dhcp       | True                                                      |
| gateway_ip        | 192.168.255.1                                             |
| host_routes       | destination='169.254.169.254/32', gateway='192.168.255.1' |
| id                | f45dea46-4066-42aa-a3c4-6f84b8120cab                      |
| ip_version        | 4                                                         |
| ipv6_address_mode | None                                                      |
| ipv6_ra_mode      | None                                                      |
| name              | ctlplane-subnet                                           |
| network_id        | 6ca013dc-41c2-42d8-9d69-542afad53392                      |
| prefix_length     | None                                                      |
| project_id        | a844ccfcdb2745b198dde3e1b28c40a3                          |
| revision_number   | 0                                                         |
| segment_id        | None                                                      |
| service_types     |                                                           |
| subnetpool_id     | None                                                      |
| tags              |                                                           |
| updated_at        | 2020-08-13T20:10:37Z                                      |
+-------------------+-----------------------------------------------------------+
(undercloud) [stack@undercloud ~]$ 
(undercloud) [stack@undercloud ~]$ neutron subnet-update f45dea46-4066-42aa-a3c4-6f84b8120cab --dns-nameserver 192.168.255.253                                    
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Updated subnet: f45dea46-4066-42aa-a3c4-6f84b8120cab
(undercloud) [stack@undercloud ~]$

Hadda waxaan ku siin karnaa amarka is dhexgalka:

(undercloud) [stack@undercloud ~]$ openstack overcloud node import --introspect --provide inspection.json 
Started Mistral Workflow tripleo.baremetal.v1.register_or_update. Execution ID: d57456a3-d8ed-479c-9a90-dff7c752d0ec
Waiting for messages on queue 'tripleo' with no timeout.


5 node(s) successfully moved to the "manageable" state.
Successfully registered node UUID b4b2cf4a-b7ca-4095-af13-cc83be21c4f5
Successfully registered node UUID b89a72a3-6bb7-429a-93bc-48393d225838
Successfully registered node UUID 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e
Successfully registered node UUID bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8
Successfully registered node UUID 766ab623-464c-423d-a529-d9afb69d1167
Waiting for introspection to finish...
Started Mistral Workflow tripleo.baremetal.v1.introspect. Execution ID: 6b4d08ae-94c3-4a10-ab63-7634ec198a79
Waiting for messages on queue 'tripleo' with no timeout.
Introspection of node b89a72a3-6bb7-429a-93bc-48393d225838 completed. Status:SUCCESS. Errors:None
Introspection of node 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e completed. Status:SUCCESS. Errors:None
Introspection of node bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8 completed. Status:SUCCESS. Errors:None
Introspection of node 766ab623-464c-423d-a529-d9afb69d1167 completed. Status:SUCCESS. Errors:None
Introspection of node b4b2cf4a-b7ca-4095-af13-cc83be21c4f5 completed. Status:SUCCESS. Errors:None
Successfully introspected 5 node(s).
Started Mistral Workflow tripleo.baremetal.v1.provide. Execution ID: f5594736-edcf-4927-a8a0-2a7bf806a59a
Waiting for messages on queue 'tripleo' with no timeout.
5 node(s) successfully moved to the "available" state.
(undercloud) [stack@undercloud ~]$

Sida aad ka arki karto wax soo saarka, wax kasta oo la dhammeeyey qalad la'aan. Aynu hubino in dhammaan qanjidhada ay ku jiraan gobolka la heli karo:

(undercloud) [stack@undercloud ~]$ openstack baremetal node list
+--------------------------------------+-----------+---------------+-------------+--------------------+-------------+
| UUID                                 | Name      | Instance UUID | Power State | Provisioning State | Maintenance |
+--------------------------------------+-----------+---------------+-------------+--------------------+-------------+
| b4b2cf4a-b7ca-4095-af13-cc83be21c4f5 | control-1 | None          | power off   | available          | False       |
| b89a72a3-6bb7-429a-93bc-48393d225838 | storage-1 | None          | power off   | available          | False       |
| 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e | storage-2 | None          | power off   | available          | False       |
| bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8 | compute-1 | None          | power off   | available          | False       |
| 766ab623-464c-423d-a529-d9afb69d1167 | compute-2 | None          | power off   | available          | False       |
+--------------------------------------+-----------+---------------+-------------+--------------------+-------------+
(undercloud) [stack@undercloud ~]$ 

Haddii qanjidhada ay ku jiraan xaalad ka duwan, sida caadiga ah waa la maarayn karaa, markaa wax qalad ah ayaa dhacay oo waxaad u baahan tahay inaad eegto log oo aad ogaato sababta ay tani u dhacday. Maskaxda ku hay in muuqaalkan aan isticmaaleyno qaab-dhismeedka oo ay jiri karaan cayayaan la xiriira isticmaalka mashiinnada farsamada ama vbmc.

Marka xigta, waxaan u baahannahay inaan muujino noodhka qaban doona shaqada - taas oo ah, tilmaan astaanta uu noodeku geyn doono:

(undercloud) [stack@undercloud ~]$ openstack overcloud profiles list
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
| Node UUID                            | Node Name | Provision State | Current Profile | Possible Profiles |
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
| b4b2cf4a-b7ca-4095-af13-cc83be21c4f5 | control-1 | available       | None            |                   |
| b89a72a3-6bb7-429a-93bc-48393d225838 | storage-1 | available       | None            |                   |
| 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e | storage-2 | available       | None            |                   |
| bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8 | compute-1 | available       | None            |                   |
| 766ab623-464c-423d-a529-d9afb69d1167 | compute-2 | available       | None            |                   |
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
(undercloud) [stack@undercloud ~]$ openstack flavor list
+--------------------------------------+---------------+------+------+-----------+-------+-----------+
| ID                                   | Name          |  RAM | Disk | Ephemeral | VCPUs | Is Public |
+--------------------------------------+---------------+------+------+-----------+-------+-----------+
| 168af640-7f40-42c7-91b2-989abc5c5d8f | swift-storage | 4096 |   40 |         0 |     1 | True      |
| 52148d1b-492e-48b4-b5fc-772849dd1b78 | baremetal     | 4096 |   40 |         0 |     1 | True      |
| 56e66542-ae60-416d-863e-0cb192d01b09 | control       | 4096 |   40 |         0 |     1 | True      |
| af6796e1-d0c4-4bfe-898c-532be194f7ac | block-storage | 4096 |   40 |         0 |     1 | True      |
| e4d50fdd-0034-446b-b72c-9da19b16c2df | compute       | 4096 |   40 |         0 |     1 | True      |
| fc2e3acf-7fca-4901-9eee-4a4d6ef0265d | ceph-storage  | 4096 |   40 |         0 |     1 | True      |
+--------------------------------------+---------------+------+------+-----------+-------+-----------+
(undercloud) [stack@undercloud ~]$

U qeex astaanta nood kasta:

openstack baremetal node set --property capabilities='profile:control,boot_option:local' b4b2cf4a-b7ca-4095-af13-cc83be21c4f5
openstack baremetal node set --property capabilities='profile:ceph-storage,boot_option:local' b89a72a3-6bb7-429a-93bc-48393d225838
openstack baremetal node set --property capabilities='profile:ceph-storage,boot_option:local' 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e
openstack baremetal node set --property capabilities='profile:compute,boot_option:local' bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8
openstack baremetal node set --property capabilities='profile:compute,boot_option:local' 766ab623-464c-423d-a529-d9afb69d1167

Aynu eegno inaan wax walba si sax ah u samaynay:

(undercloud) [stack@undercloud ~]$ openstack overcloud profiles list
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
| Node UUID                            | Node Name | Provision State | Current Profile | Possible Profiles |
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
| b4b2cf4a-b7ca-4095-af13-cc83be21c4f5 | control-1 | available       | control         |                   |
| b89a72a3-6bb7-429a-93bc-48393d225838 | storage-1 | available       | ceph-storage    |                   |
| 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e | storage-2 | available       | ceph-storage    |                   |
| bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8 | compute-1 | available       | compute         |                   |
| 766ab623-464c-423d-a529-d9afb69d1167 | compute-2 | available       | compute         |                   |
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
(undercloud) [stack@undercloud ~]$

Haddii wax walba ay sax yihiin, waxaan bixinaa amarka si loo geeyo Cloud:

openstack overcloud deploy --templates --control-scale 1 --compute-scale 2  --ceph-storage-scale 2 --control-flavor control --compute-flavor compute  --ceph-storage-flavor ceph-storage --libvirt-type qemu

Ku rakibida dhabta ah, moodooyinka la habeeyey ayaa si dabiici ah loo isticmaali doonaa, kiiskeena tani waxay si weyn u adkeyn doontaa habka, maadaama wax ka bedel kasta oo ku jira template uu noqon doono in la sharaxo. Sida hore loo qoray, xitaa rakibid fudud ayaa nagu filan si aan u aragno sida ay u shaqeyso.

Fiiro gaar ah:--libvirt-nooca qemu doorsoomaha ayaa lagama maarmaan u ah kiiskan, maadaama aan adeegsan doono hab-samaynta buulka. Haddii kale, ma awoodi doontid inaad ku shaqeysid mishiinnada farsamada.

Hadda waxaad haysataa qiyaastii hal saac, ama laga yaabee in ka badan (waxay kuxirantahay awooda qalabka) waxaadna rajayn kartaa oo kaliya in waqtigaan ka dib aad arki doonto fariintan soo socota:

2020-08-14 08:39:21Z [overcloud]: CREATE_COMPLETE  Stack CREATE completed successfully

 Stack overcloud CREATE_COMPLETE 

Host 192.168.255.21 not found in /home/stack/.ssh/known_hosts
Started Mistral Workflow tripleo.deployment.v1.get_horizon_url. Execution ID: fcb996cd-6a19-482b-b755-2ca0c08069a9
Overcloud Endpoint: http://192.168.255.21:5000/
Overcloud Horizon Dashboard URL: http://192.168.255.21:80/dashboard
Overcloud rc file: /home/stack/overcloudrc
Overcloud Deployed
(undercloud) [stack@undercloud ~]$

Hadda waxaad haysataa nooc dhamaystiran oo Openstack ah, kaas oo aad ku baran karto, tijaabin karto, iwm.

Aynu eegno in wax walba ay si sax ah u shaqeynayaan. Tusmada tusaha guriga ee isticmaalaha waxaa ku jira laba fayl - hal stackrc (oo loogu talagalay maaraynta daruuraha) iyo kan labaad ee overcloudrc (oo loogu talagalay maaraynta dulsaarka). Faylashan waa in lagu qeexaa inay yihiin isha, maadaama ay ka kooban yihiin macluumaadka lagama maarmaanka u ah xaqiijinta.

(undercloud) [stack@undercloud ~]$ openstack server list
+--------------------------------------+-------------------------+--------+-------------------------+----------------+--------------+
| ID                                   | Name                    | Status | Networks                | Image          | Flavor       |
+--------------------------------------+-------------------------+--------+-------------------------+----------------+--------------+
| fd7d36f4-ce87-4b9a-93b0-add2957792de | overcloud-controller-0  | ACTIVE | ctlplane=192.168.255.15 | overcloud-full | control      |
| edc77778-8972-475e-a541-ff40eb944197 | overcloud-novacompute-1 | ACTIVE | ctlplane=192.168.255.26 | overcloud-full | compute      |
| 5448ce01-f05f-47ca-950a-ced14892c0d4 | overcloud-cephstorage-1 | ACTIVE | ctlplane=192.168.255.34 | overcloud-full | ceph-storage |
| ce6d862f-4bdf-4ba3-b711-7217915364d7 | overcloud-novacompute-0 | ACTIVE | ctlplane=192.168.255.19 | overcloud-full | compute      |
| e4507bd5-6f96-4b12-9cc0-6924709da59e | overcloud-cephstorage-0 | ACTIVE | ctlplane=192.168.255.44 | overcloud-full | ceph-storage |
+--------------------------------------+-------------------------+--------+-------------------------+----------------+--------------+
(undercloud) [stack@undercloud ~]$ 

(undercloud) [stack@undercloud ~]$ source overcloudrc 
(overcloud) [stack@undercloud ~]$ 
(overcloud) [stack@undercloud ~]$ openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 4eed7d0f06544625857d51cd77c5bd4c | admin   |
| ee1c68758bde41eaa9912c81dc67dad8 | service |
+----------------------------------+---------+
(overcloud) [stack@undercloud ~]$ 
(overcloud) [stack@undercloud ~]$ 
(overcloud) [stack@undercloud ~]$ openstack network agent list  
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host                                | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
| 10495de9-ba4b-41fe-b30a-b90ec3f8728b | Open vSwitch agent | overcloud-novacompute-1.localdomain | None              | :-)   | UP    | neutron-openvswitch-agent |
| 1515ad4a-5972-46c3-af5f-e5446dff7ac7 | L3 agent           | overcloud-controller-0.localdomain  | nova              | :-)   | UP    | neutron-l3-agent          |
| 322e62ca-1e5a-479e-9a96-4f26d09abdd7 | DHCP agent         | overcloud-controller-0.localdomain  | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 9c1de2f9-bac5-400e-998d-4360f04fc533 | Open vSwitch agent | overcloud-novacompute-0.localdomain | None              | :-)   | UP    | neutron-openvswitch-agent |
| d99c5657-851e-4d3c-bef6-f1e3bb1acfb0 | Open vSwitch agent | overcloud-controller-0.localdomain  | None              | :-)   | UP    | neutron-openvswitch-agent |
| ff85fae6-5543-45fb-a301-19c57b62d836 | Metadata agent     | overcloud-controller-0.localdomain  | None              | :-)   | UP    | neutron-metadata-agent    |
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
(overcloud) [stack@undercloud ~]$

Rakibaaddaydu waxay weli u baahan tahay hal taabasho yar - ku darida dariiqa kontoroolka, maadaama mashiinka aan ku shaqeynayo uu ku jiro shabakad kale. Si tan loo sameeyo, u gudub kantarool-1 hoosta koontada kulaylka-admin oo diwaangeli jidka

(undercloud) [stack@undercloud ~]$ ssh [email protected]         
Last login: Fri Aug 14 09:47:40 2020 from 192.168.255.1
[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-controller-0 ~]$ sudo ip route add 10.169.0.0/16 via 192.168.255.254

Hagaag, hadda waxaad geli kartaa horraantii. Dhammaan macluumaadka - ciwaannada, gelitaanka iyo erayga sirta ah - waxay ku jiraan faylka /home/stack/overcloudrc. Jaantuska ugu dambeeya wuxuu u eg yahay sidan:

Jid ahaan, rakibaaddayada, ciwaannada mishiinnada waxaa lagu soo saaray DHCP oo, sida aad arki karto, waxaa loo soo saaray "si aan kala sooc lahayn". Waxaad si adag u qeexi kartaa templateka ciwaanka ay tahay in lagu dhejiyo mishiinka inta lagu jiro hawlgelinta, haddii aad u baahan tahay.

Sidee buu taraafikada u dhexeeya mishiinnada casriga ah?

Maqaalkan waxaan ku eegi doonaa seddex doorasho oo loogu talagalay gudbinta taraafikada

• Laba mashiin oo ku yaal hal hypervisor hal shabakad L2
• Laba mashiin oo ku yaal hypervisors kala duwan oo isku shabakad L2 ah
• Laba mashiin oo ku yaal shabakado kala duwan (xidid shabakad iskutallaab ah)

Kiisaska la heli karo adduunka ka baxsan iyada oo loo marayo shabakad dibadda ah, oo isticmaalaya cinwaanno sabeynaya, iyo sidoo kale dariiqa loo qaybiyo, waxaanu tixgelin doonaa wakhtiga soo socda, hadda waxaan diiradda saari doonaa taraafikada gudaha.

Si aad u hubiso, aynu isla meel dhigno jaantuskan soo socda:

Waxaan ku abuurnay 4 mashiinnada farsamada gacanta - 3 hal shabakad L2 - net-1, iyo 1 dheeraad ah shabakadda net-2

(overcloud) [stack@undercloud ~]$ nova list --tenant 5e18ce8ec9594e00b155485f19895e6c             
+--------------------------------------+------+----------------------------------+--------+------------+-------------+-----------------+
| ID                                   | Name | Tenant ID                        | Status | Task State | Power State | Networks        |
+--------------------------------------+------+----------------------------------+--------+------------+-------------+-----------------+
| f53b37b5-2204-46cc-aef0-dba84bf970c0 | vm-1 | 5e18ce8ec9594e00b155485f19895e6c | ACTIVE | -          | Running     | net-1=10.0.1.85 |
| fc8b6722-0231-49b0-b2fa-041115bef34a | vm-2 | 5e18ce8ec9594e00b155485f19895e6c | ACTIVE | -          | Running     | net-1=10.0.1.88 |
| 3cd74455-b9b7-467a-abe3-bd6ff765c83c | vm-3 | 5e18ce8ec9594e00b155485f19895e6c | ACTIVE | -          | Running     | net-1=10.0.1.90 |
| 7e836338-6772-46b0-9950-f7f06dbe91a8 | vm-4 | 5e18ce8ec9594e00b155485f19895e6c | ACTIVE | -          | Running     | net-2=10.0.2.8  |
+--------------------------------------+------+----------------------------------+--------+------------+-------------+-----------------+
(overcloud) [stack@undercloud ~]$ 

Aynu aragno waxa hypervisors mashiinada la abuuray ay ku yaalliin:

(overcloud) [stack@undercloud ~]$ nova show f53b37b5-2204-46cc-aef0-dba84bf970c0 | egrep "hypervisor_hostname|instance_name|hostname"
| OS-EXT-SRV-ATTR:hostname             | vm-1                                                     |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | overcloud-novacompute-0.localdomain                      |
| OS-EXT-SRV-ATTR:instance_name        | instance-00000001                                        |

(overcloud) [stack@undercloud ~]$ nova show fc8b6722-0231-49b0-b2fa-041115bef34a | egrep "hypervisor_hostname|instance_name|hostname"
| OS-EXT-SRV-ATTR:hostname             | vm-2                                                     |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | overcloud-novacompute-1.localdomain                      |
| OS-EXT-SRV-ATTR:instance_name        | instance-00000002                                        |

(overcloud) [stack@undercloud ~]$ nova show 3cd74455-b9b7-467a-abe3-bd6ff765c83c | egrep "hypervisor_hostname|instance_name|hostname"
| OS-EXT-SRV-ATTR:hostname             | vm-3                                                     |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | overcloud-novacompute-0.localdomain                      |
| OS-EXT-SRV-ATTR:instance_name        | instance-00000003                                        |

(overcloud) [stack@undercloud ~]$ nova show 7e836338-6772-46b0-9950-f7f06dbe91a8 | egrep "hypervisor_hostname|instance_name|hostname"
| OS-EXT-SRV-ATTR:hostname             | vm-4                                                     |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | overcloud-novacompute-1.localdomain                      |
| OS-EXT-SRV-ATTR:instance_name        | instance-00000004                                        |

(overcloud) [stack@undercloud ~]$
Mashiinada vm-1 iyo vm-3 waxay ku yaalaan compute-0, mashiinada vm-2 iyo vm-4 waxay ku yaalaan kombuyuutarka node-1.

Intaa waxaa dheer, router macmal ah ayaa la sameeyay si uu awood ugu yeesho isku xirka shabakadaha la cayimay:

(overcloud) [stack@undercloud ~]$ openstack router list  --project 5e18ce8ec9594e00b155485f19895e6c
+--------------------------------------+----------+--------+-------+-------------+-------+----------------------------------+
| ID                                   | Name     | Status | State | Distributed | HA    | Project                          |
+--------------------------------------+----------+--------+-------+-------------+-------+----------------------------------+
| 0a4d2420-4b9c-46bd-aec1-86a1ef299abe | router-1 | ACTIVE | UP    | False       | False | 5e18ce8ec9594e00b155485f19895e6c |
+--------------------------------------+----------+--------+-------+-------------+-------+----------------------------------+
(overcloud) [stack@undercloud ~]$ 

Router-ku wuxuu leeyahay laba dekedood oo dalwad ah, kuwaas oo u shaqeeya sida albaabada shabakadaha:

(overcloud) [stack@undercloud ~]$ openstack router show 0a4d2420-4b9c-46bd-aec1-86a1ef299abe | grep interface
| interfaces_info         | [{"subnet_id": "2529ad1a-6b97-49cd-8515-cbdcbe5e3daa", "ip_address": "10.0.1.254", "port_id": "0c52b15f-8fcc-4801-bf52-7dacc72a5201"}, {"subnet_id": "335552dd-b35b-456b-9df0-5aac36a3ca13", "ip_address": "10.0.2.254", "port_id": "92fa49b5-5406-499f-ab8d-ddf28cc1a76c"}] |
(overcloud) [stack@undercloud ~]$ 

Laakiin ka hor inta aynaan eegin sida socodka gaadiidka, aan eegno waxa aan hadda ku hayno qanjidhada kontoroolka (kaas oo sidoo kale ah shabakad noode) iyo xagga xisaabiyaha. Aan ku bilowno noodhka xisaabinta.

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-vsctl show
[heat-admin@overcloud-novacompute-0 ~]$ sudo sudo ovs-appctl dpif/show
system@ovs-system: hit:3 missed:3
  br-ex:
    br-ex 65534/1: (internal)
    phy-br-ex 1/none: (patch: peer=int-br-ex)
  br-int:
    br-int 65534/2: (internal)
    int-br-ex 1/none: (patch: peer=phy-br-ex)
    patch-tun 2/none: (patch: peer=patch-int)
  br-tun:
    br-tun 65534/3: (internal)
    patch-int 1/none: (patch: peer=patch-tun)
    vxlan-c0a8ff0f 3/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.15)
    vxlan-c0a8ff1a 2/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.26)
[heat-admin@overcloud-novacompute-0 ~]$

Waqtigan xaadirka ah, noodu waxay leedahay saddex buundooyinka ovs - br-int, br-tun, br-ex. Inta u dhaxaysa, sida aan aragno, waxaa jira isugeyn isku xiran. Si loo fududeeyo fahamka, aynu ku dul sawirno dhammaan is-dhexgalyadan jaantuska oo aan aragno waxa dhaca.

Marka la eego ciwaanada VxLAN tunnel-ka kor loo qaado, waxa la arki karaa in hal tunnel kor loo qaaday si loo xisaabiyo-1 (192.168.255.26), tunnelka labaad waxa uu u muuqdaa in uu kantaroolo-1 (192.168.255.15). Laakiin tan ugu xiisaha badan ayaa ah in br-ex uusan lahayn is-dhexgalyo muuqaal ah, oo haddii aad eegto waxa qulqulaya habaysan, waxaad arki kartaa in buundadani ay kaliya hoos u dhigi karto taraafikada xilligan.

[heat-admin@overcloud-novacompute-0 ~]$ ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 192.168.255.19  netmask 255.255.255.0  broadcast 192.168.255.255
        inet6 fe80::5054:ff:fe6a:eabe  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:6a:ea:be  txqueuelen 1000  (Ethernet)
        RX packets 2909669  bytes 4608201000 (4.2 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1821057  bytes 349198520 (333.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[heat-admin@overcloud-novacompute-0 ~]$ 

Sida aad ka arki karto wax-soo-saarka, ciwaanka ayaa si toos ah loogu xiraa dekedda jireed, ee ma aha interface bridge-ka.

[heat-admin@overcloud-novacompute-0 ~]$  sudo ovs-appctl fdb/show br-ex
 port  VLAN  MAC                Age
[heat-admin@overcloud-novacompute-0 ~]$  sudo ovs-ofctl dump-flows br-ex
 cookie=0x9169eae8f7fe5bb2, duration=216686.864s, table=0, n_packets=303, n_bytes=26035, priority=2,in_port="phy-br-ex" actions=drop
 cookie=0x9169eae8f7fe5bb2, duration=216686.887s, table=0, n_packets=0, n_bytes=0, priority=0 actions=NORMAL
[heat-admin@overcloud-novacompute-0 ~]$ 

Marka loo eego qaanuunka koowaad, wax kasta oo ka yimid dekedda phy-br-ex waa in la tuuraa.
Dhab ahaantii, hadda ma jirto meel kale oo taraafiggu ka soo galo buundada marka laga reebo is-dhex-galkan (interface with br-int), iyo marka la eego dhibcaha, taraafikada BUM ayaa mar hore u duulay buundada.

Taasi waa, taraafikada waxay ka bixi kartaa noodhkan kaliya ee VxLAN tunnel ee wax kale maahan. Si kastaba ha ahaatee, haddii aad shido DVR, xaaladdu way isbedeli doontaa, laakiin wakhti kale ayaan wax ka qaban doonaa. Marka la isticmaalayo go'doomin network, tusaale ahaan isticmaalaya vlans, ma yeelan doonto hal L3 interface ee vlan 0, laakiin dhowr interfaces. Si kastaba ha ahaatee, taraafikada VxLAN waxay ka tagi doontaa noodhka si la mid ah, laakiin sidoo kale waxay ku lifaaqan tahay nooc ka mid ah vlan go'an.

Waxaan kala soocnay noodhka xisaabinta, aynu u gudubno noodhka xakamaynta.

[heat-admin@overcloud-controller-0 ~]$ sudo ovs-appctl dpif/show
system@ovs-system: hit:930491 missed:825
  br-ex:
    br-ex 65534/1: (internal)
    eth0 1/2: (system)
    phy-br-ex 2/none: (patch: peer=int-br-ex)
  br-int:
    br-int 65534/3: (internal)
    int-br-ex 1/none: (patch: peer=phy-br-ex)
    patch-tun 2/none: (patch: peer=patch-int)
  br-tun:
    br-tun 65534/4: (internal)
    patch-int 1/none: (patch: peer=patch-tun)
    vxlan-c0a8ff13 3/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.19)
    vxlan-c0a8ff1a 2/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.26)
[heat-admin@overcloud-controller-0 ~]$

Dhab ahaantii, waxaan dhihi karnaa in wax walba ay isku mid yihiin, laakiin ciwaanka IP-ga hadda kuma jiro isdhexgalka jireed laakiin wuxuu ku yaalaa buundada farsamada. Tan waxaa loo sameeyaa sababtoo ah dekeddani waa deked ay gaadiidku uga soo bixi doonaan dibadda.

[heat-admin@overcloud-controller-0 ~]$ ifconfig br-ex
br-ex: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 192.168.255.15  netmask 255.255.255.0  broadcast 192.168.255.255
        inet6 fe80::5054:ff:fe20:a22f  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:20:a2:2f  txqueuelen 1000  (Ethernet)
        RX packets 803859  bytes 1732616116 (1.6 GiB)
        RX errors 0  dropped 63  overruns 0  frame 0
        TX packets 808475  bytes 121652156 (116.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-controller-0 ~]$ sudo ovs-appctl fdb/show br-ex
 port  VLAN  MAC                Age
    3   100  28:c0:da:00:4d:d3   35
    1     0  28:c0:da:00:4d:d3   35
    1     0  52:54:00:98:e9:d6    0
LOCAL     0  52:54:00:20:a2:2f    0
    1     0  52:54:00:2c:08:9e    0
    3   100  52:54:00:20:a2:2f    0
    1     0  52:54:00:6a:ea:be    0
[heat-admin@overcloud-controller-0 ~]$ 

Dekaddan waxa ay ku xidhan tahay buundada br-ex, maadaama aanay ku dul yaaliin wax vlan tags ah, dekeddani waa deked jirrid ah oo la ogol yahay dhammaan vlan-yada, hadda gaadiidka ayaa dibadda u baxa iyada oo aan calaamad lahayn, sida ku cad vlan-id 0 wax soo saarka kor ku xusan.

Wax kasta oo kale ee xilligan la joogo waxay la mid yihiin kombuyuutarrada kombuyuutarka - buundooyinka isku midka ah, tunnelyada isku midka ah ee u socda laba qanjidhada xisaabinta.

Ma tixgelin doonno qanjidhada kaydinta ee maqaalkan, laakiin fahamka waa lagama maarmaan in la yiraahdo qaybta shabakada ee noodhkani waa banal ilaa heer ceeb. Xaaladeena, waxaa jira hal deked jireed (eth0) oo leh ciwaanka IP-ga oo loo qoondeeyay waana taas. Ma jiraan tunnel-ka VxLAN, buundooyinka tunnel-ka, iwm.- ma jiraan wax ovs ah oo dhan, maadaama aysan jirin wax macno ah. Markaad isticmaalayso go'doominta shabakada, noodhkani wuxuu yeelan doonaa laba isdhexgal (dekedo jireed, bodny, ama laba vlans - dhib malahan - waxay kuxirantahay waxaad rabto) - mid maamulka, kan labaad ee taraafikada (qorista diskka VM , wax ka akhrinta diskka, iwm.)

Waxaan ogaanay waxa aan ku hayno nodeska maqnaanshaha wax adeeg ah. Hadda aan soo saarno 4 mashiinnada farsamada gacanta oo aan aragno sida nidaamka kor lagu sharraxay uu isu beddelo - waa in aan haysanno dekedo, router dalwaddii, iwm.

Ilaa hadda shabakadayadu waxay u egtahay sidan:

Waxaan ku haynaa laba mashiin oo farsamada gacanta ah Isticmaalka compute-0 tusaale ahaan, aan aragno sida wax walba loogu daray.

[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh list 
 Id    Name                           State
----------------------------------------------------
 1     instance-00000001              running
 3     instance-00000003              running

[heat-admin@overcloud-novacompute-0 ~]$ 

Mashiinku wuxuu leeyahay hal interface oo kaliya - tap95d96a75-a0:

[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh domiflist instance-00000001
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tap95d96a75-a0 bridge     qbr95d96a75-a0 virtio      fa:16:3e:44:98:20

[heat-admin@overcloud-novacompute-0 ~]$ 

Interface-kani waxa uu u muuqdaa buundada linux:

[heat-admin@overcloud-novacompute-0 ~]$ sudo brctl show
bridge name     bridge id               STP enabled     interfaces
docker0         8000.0242904c92a8       no
qbr5bd37136-47          8000.5e4e05841423       no              qvb5bd37136-47
                                                        tap5bd37136-47
qbr95d96a75-a0          8000.de076cb850f6       no              qvb95d96a75-a0
                                                        tap95d96a75-a0
[heat-admin@overcloud-novacompute-0 ~]$ 

Sida aad ka arki karto wax-soo-saarka, waxaa buundada ku jira laba is-dhexgal oo keliya - tap95d96a75-a0 iyo qvb95d96a75-a0.

Halkan waxaa habboon in lagu yara noolaado noocyada aaladaha shabakadda farsamada ee OpenStack:
vtap - Interface Virtual oo ku xidhan tusaale (VM)
qbr - buundada Linux
qvb iyo qvo-lammaanaha vEth ee ku xiran buundada Linux iyo buundada vSwitch furan
br-int, br-tun, br-vlan - Buundooyinka vSwitch furan
balastar-, int-br-, phy-br- - Fur vSwitch balastar isku xira buundooyinka
qg, qr, ha, fg, sg - Fur vSwitch dekedaha ay isticmaalaan aaladaha casriga ah si ay ugu xidhmaan OVS

Sida aad fahamsan tahay, haddii aan ku leenahay qvb95d96a75-a0 deked buundada, taas oo ah lammaane vEth, ka dib meel waxaa jira dhiggeeda, taas oo macquul ah in loogu yeero qvo95d96a75-a0. Aynu eegno waxa dekedaha ku yaal OVS.

[heat-admin@overcloud-novacompute-0 ~]$ sudo sudo ovs-appctl dpif/show
system@ovs-system: hit:526 missed:91
  br-ex:
    br-ex 65534/1: (internal)
    phy-br-ex 1/none: (patch: peer=int-br-ex)
  br-int:
    br-int 65534/2: (internal)
    int-br-ex 1/none: (patch: peer=phy-br-ex)
    patch-tun 2/none: (patch: peer=patch-int)
    qvo5bd37136-47 6/6: (system)
    qvo95d96a75-a0 3/5: (system)
  br-tun:
    br-tun 65534/3: (internal)
    patch-int 1/none: (patch: peer=patch-tun)
    vxlan-c0a8ff0f 3/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.15)
    vxlan-c0a8ff1a 2/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.26)
[heat-admin@overcloud-novacompute-0 ~]$ 

Sida aan arki karno, dekeddu waa br-int. Br-int wuxuu u shaqeeyaa sidii beddelka joojiya dekedaha mashiinka farsamada. Marka lagu daro qvo95d96a75-a0, qvo5bd37136-47 dekeddu waxay ka dhex muuqataa wax soo saarka. Tani waa deked ku socota mishiinka farsamada ee labaad. Natiijo ahaan, jaantuskayagu hadda wuxuu u eg yahay sidan:

Su'aal si dhakhso ah u xiisaysa akhristaha fiirsada - waa maxay buundada linux ee u dhaxaysa dekedda mashiinka farsamada iyo dekedda OVS? Xaqiiqdu waxay tahay in si loo ilaaliyo mashiinka, kooxaha amniga ayaa loo isticmaalaa, kuwaas oo aan ahayn wax ka badan iptables. OVS kuma shaqeyso iptables, sidaas darteed "curshka" kan waa la allifay. Si kastaba ha ahaatee, waxa ay noqonaysaa gabowday - waxaa lagu bedelay contrack ee sii daayo cusub.

Taasi waa, ugu dambeyntii nidaamku wuxuu u eg yahay sidan:

Laba mashiin oo ku yaal hal hypervisor hal shabakad L2

Maadaama labadan VM ay ku yaalliin isku shabakad L2 iyo isla hypervisor isku mid ah, taraafikada u dhaxaysa ayaa si macquul ah ugu qulquli doonta gudaha gudaha br-int, maadaama labada mashiin ay ku jiri doonaan isla VLAN:

[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh domiflist instance-00000001
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tap95d96a75-a0 bridge     qbr95d96a75-a0 virtio      fa:16:3e:44:98:20

[heat-admin@overcloud-novacompute-0 ~]$ 
[heat-admin@overcloud-novacompute-0 ~]$ 
[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh domiflist instance-00000003
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tap5bd37136-47 bridge     qbr5bd37136-47 virtio      fa:16:3e:83:ad:a4

[heat-admin@overcloud-novacompute-0 ~]$ 
[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-appctl fdb/show br-int 
 port  VLAN  MAC                Age
    6     1  fa:16:3e:83:ad:a4    0
    3     1  fa:16:3e:44:98:20    0
[heat-admin@overcloud-novacompute-0 ~]$ 

Laba mashiin oo ku yaal hypervisors kala duwan oo isku shabakad L2 ah

Hadda aan aragno sida uu taraafku u dhex mari doono laba mashiin oo isku shabakad L2 ah, laakiin ku yaal hypervisors kala duwan. Run ahaantii, wax badan ma beddeli doono, kaliya taraafikada u dhexeeya hypervisors ayaa mari doona tunnel-ka vxlan. Bal aan tusaale u soo qaadano.

Cinwaannada mashiinnada farsamada gacanta ee aan u dhexeeyaan ku daawan doonno taraafikada:

[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh domiflist instance-00000001
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tap95d96a75-a0 bridge     qbr95d96a75-a0 virtio      fa:16:3e:44:98:20

[heat-admin@overcloud-novacompute-0 ~]$ 

[heat-admin@overcloud-novacompute-1 ~]$ sudo virsh domiflist instance-00000002
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tape7e23f1b-07 bridge     qbre7e23f1b-07 virtio      fa:16:3e:72:ad:53

[heat-admin@overcloud-novacompute-1 ~]$ 

Waxaan eegnaa miiska soo gudbinta ee br-int on compute-0:

[heat-admin@overcloud-novacompute-0 ~]$  sudo ovs-appctl fdb/show br-int | grep fa:16:3e:72:ad:53
    2     1  fa:16:3e:72:ad:53    1
[heat-admin@overcloud-novacompute-0 ~]

Gaadiidku waa inay tagaan dekedda 2 - aan aragno nooca dekeddu:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl show br-int | grep addr
 1(int-br-ex): addr:7e:7f:28:1f:bd:54
 2(patch-tun): addr:0a:bd:07:69:58:d9
 3(qvo95d96a75-a0): addr:ea:50:9a:3d:69:58
 6(qvo5bd37136-47): addr:9a:d1:03:50:3d:96
 LOCAL(br-int): addr:1a:0f:53:97:b1:49
[heat-admin@overcloud-novacompute-0 ~]$

Kani waa patch-tun - taasi waa, interface-ka ku jira br-tun. Aan aragno waxa ku dhacaya xirmada br-tun:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl dump-flows br-tun | grep fa:16:3e:72:ad:53
 cookie=0x8759a56536b67a8e, duration=1387.959s, table=20, n_packets=1460, n_bytes=138880, hard_timeout=300, idle_age=0, hard_age=0, priority=1,vlan_tci=0x0001/0x0fff,dl_dst=fa:16:3e:72:ad:53 actions=load:0->NXM_OF_VLAN_TCI[],load:0x16->NXM_NX_TUN_ID[],output:2
[heat-admin@overcloud-novacompute-0 ~]$ 

Baakidhku waxa lagu baakadeeyay VxLAN waxaana loo diray dekedda 2. Aan aragno halka ay deked 2 hogaamiso:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl show br-tun | grep addr   
 1(patch-int): addr:b2:d1:f8:21:96:66
 2(vxlan-c0a8ff1a): addr:be:64:1f:75:78:a7
 3(vxlan-c0a8ff0f): addr:76:6f:b9:3c:3f:1c
 LOCAL(br-tun): addr:a2:5b:6d:4f:94:47
[heat-admin@overcloud-novacompute-0 ~]$

Kani waa tunnel-ka vxlan ee kombuyuutar-1:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-appctl dpif/show | egrep vxlan-c0a8ff1a
    vxlan-c0a8ff1a 2/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.26)
[heat-admin@overcloud-novacompute-0 ~]$

Aan u tagno xisaabinta-1 oo aan aragno waxa ku xiga xirmada:

[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-appctl fdb/show br-int | egrep fa:16:3e:44:98:20
    2     1  fa:16:3e:44:98:20    1
[heat-admin@overcloud-novacompute-1 ~]$ 

Mac wuxuu ku yaalaa miiska gudbinta br-int ee compute-1, iyo sida laga arki karo wax soo saarka sare, waxa uu ka muuqdaa dekedda 2, taas oo ah dekedda br-tun:

[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-ofctl show br-int | grep addr   
 1(int-br-ex): addr:8a:d7:f9:ad:8c:1d
 2(patch-tun): addr:46:cc:40:bd:20:da
 3(qvoe7e23f1b-07): addr:12:78:2e:34:6a:c7
 4(qvo3210e8ec-c0): addr:7a:5f:59:75:40:85
 LOCAL(br-int): addr:e2:27:b2:ed:14:46

Hagaag, markaa waxaan aragnaa in br-int on compute-1 uu jiro boob loo socdo:

[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-appctl fdb/show br-int | egrep fa:16:3e:72:ad:53
    3     1  fa:16:3e:72:ad:53    0
[heat-admin@overcloud-novacompute-1 ~]$ 

Taasi waa, baakadda la helay waxay u duuli doontaa dekedda 3, oo ka dambaysa taas oo ay horayba u jirtay mashiinka farsamada-00000003.

Quruxda geynta Opentack ee barashada kaabayaasha farsamada waa in aan si fudud u qabsan karno taraafikada u dhexeeya kuwa kor u qaada oo aan aragno waxa ku dhacaya. Tani waa waxa aan hadda sameyn doono, ku socodsii tcpdump dekedda vnet dhanka xisaabinta-0:

[root@hp-gen9 bormoglotx]# tcpdump -vvv -i vnet3
tcpdump: listening on vnet3, link-type EN10MB (Ethernet), capture size 262144 bytes

*****************omitted*******************

04:39:04.583459 IP (tos 0x0, ttl 64, id 16868, offset 0, flags [DF], proto UDP (17), length 134)
    192.168.255.19.39096 > 192.168.255.26.4789: [no cksum] VXLAN, flags [I] (0x08), vni 22
IP (tos 0x0, ttl 64, id 8012, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.1.85 > 10.0.1.88: ICMP echo request, id 5634, seq 16, length 64
04:39:04.584449 IP (tos 0x0, ttl 64, id 35181, offset 0, flags [DF], proto UDP (17), length 134)
    192.168.255.26.speedtrace-disc > 192.168.255.19.4789: [no cksum] VXLAN, flags [I] (0x08), vni 22
IP (tos 0x0, ttl 64, id 59124, offset 0, flags [none], proto ICMP (1), length 84)
    10.0.1.88 > 10.0.1.85: ICMP echo reply, id 5634, seq 16, length 64
	
*****************omitted*******************

Sadarka kowaad wuxuu muujinayaa in Patek laga soo bilaabo ciwaanka 10.0.1.85 aado ciwaanka 10.0.1.88 (ICMP trafic), oo waxay ku duudduubtay baakidh VxLAN ah oo leh vni 22 baakidhkuna wuxuu ka socdaa martigeliyaha 192.168.255.19 (compute-0) si uu u martigeliyo 192.168.255.26 .1 ( xisaabi-XNUMX). Waxaan hubin karnaa in VNI ay la mid tahay midka lagu qeexay ovs.

Aan ku soo laabano xariiqan falalka=load:0->NXM_OF_VLAN_TCI[],load:0x16->NXM_NX_TUN_ID[],output:2. 0x16 waa vni nidaamka tirada hexadecimal. Aynu lambarkan u beddelno nidaamka 16aad:

16 = 6*16^0+1*16^1 = 6+16 = 22

Taasi waa, vni waxay u dhigantaa xaqiiqda.

Khadka labaad wuxuu muujinayaa taraafikada soo noqoshada, si fiican, ma jirto wax faa'iido ah oo lagu sharraxayo, wax walba waa cad yihiin halkaas.

Laba mashiin oo ku yaal shabakado kala duwan (isku xirka shabakadaha)

Kiiskii ugu dambeeyay ee maanta waa isku xirka shabakadaha hal mashruuc iyadoo la adeegsanayo router dalwaddii. Waxaan tixgelineynaa kiis aan lahayn DVR (waxaan ku eegi doonaa maqaal kale), markaa dariiqa marintu waxay ku dhacdaa marinka shabakada. Xaaladeena, noodhka shabakada laguma meeleeyo qayb gaar ah waxayna ku taallaa noodhka xakamaynta.

Marka hore, aan aragno in habayntu shaqaynayso:

$ ping 10.0.2.8
PING 10.0.2.8 (10.0.2.8): 56 data bytes
64 bytes from 10.0.2.8: seq=0 ttl=63 time=7.727 ms
64 bytes from 10.0.2.8: seq=1 ttl=63 time=3.832 ms
^C
--- 10.0.2.8 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 3.832/5.779/7.727 ms

Mar haddii ay taasi dhacdo baakadda waa in ay tagtaa albaabka laga soo galo oo halkaas lagu soo rogo, waxaan u baahanahay in aan ogaano ciwaanka poppy ee albaabka, kaas oo aan u eegno miiska ARP tusaale ahaan:

$ arp
host-10-0-1-254.openstacklocal (10.0.1.254) at fa:16:3e:c4:64:70 [ether]  on eth0
host-10-0-1-1.openstacklocal (10.0.1.1) at fa:16:3e:e6:2c:5c [ether]  on eth0
host-10-0-1-90.openstacklocal (10.0.1.90) at fa:16:3e:83:ad:a4 [ether]  on eth0
host-10-0-1-88.openstacklocal (10.0.1.88) at fa:16:3e:72:ad:53 [ether]  on eth0

Hadda aan aragno halka taraafikada loo socdo (10.0.1.254) fa:16:3e:c4:64:70 waa in la soo diro:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-appctl fdb/show br-int | egrep fa:16:3e:c4:64:70
    2     1  fa:16:3e:c4:64:70    0
[heat-admin@overcloud-novacompute-0 ~]$ 

Aynu eegno halka ay deked 2 hogaamiso:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl show br-int | grep addr
 1(int-br-ex): addr:7e:7f:28:1f:bd:54
 2(patch-tun): addr:0a:bd:07:69:58:d9
 3(qvo95d96a75-a0): addr:ea:50:9a:3d:69:58
 6(qvo5bd37136-47): addr:9a:d1:03:50:3d:96
 LOCAL(br-int): addr:1a:0f:53:97:b1:49
[heat-admin@overcloud-novacompute-0 ~]$ 

Wax walba waa macquul, taraafikada waxay aadeysaa br-tun. Aynu aragno tunnelka vxlan ee lagu duuduubi doono:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl dump-flows br-tun | grep fa:16:3e:c4:64:70
 cookie=0x8759a56536b67a8e, duration=3514.566s, table=20, n_packets=3368, n_bytes=317072, hard_timeout=300, idle_age=0, hard_age=0, priority=1,vlan_tci=0x0001/0x0fff,dl_dst=fa:16:3e:c4:64:70 actions=load:0->NXM_OF_VLAN_TCI[],load:0x16->NXM_NX_TUN_ID[],output:3
[heat-admin@overcloud-novacompute-0 ~]$ 

Dekadda saddexaad waa tunnel vxlan:

[heat-admin@overcloud-controller-0 ~]$ sudo ovs-ofctl show br-tun | grep addr
 1(patch-int): addr:a2:69:00:c5:fa:ba
 2(vxlan-c0a8ff1a): addr:86:f0:ce:d0:e8:ea
 3(vxlan-c0a8ff13): addr:72:aa:73:2c:2e:5b
 LOCAL(br-tun): addr:a6:cb:cd:72:1c:45
[heat-admin@overcloud-controller-0 ~]$ 

Kaas oo eegaya noodhka xakamaynta:

[heat-admin@overcloud-controller-0 ~]$ sudo sudo ovs-appctl dpif/show | grep vxlan-c0a8ff1a
    vxlan-c0a8ff1a 2/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.26)
[heat-admin@overcloud-controller-0 ~]$ 

Gaadiidku waxa ay gaadheen marinka laga hago, markaa waxa aanu u baahanahay in aanu aadno oo aanu aragno sida habayntu u dhacayso.

Sida aad xasuusan tahay, qanjirada kontoroolka gudaha waxa ay la mid ahayd kan kombuyuutarka - isla saddexda buundo, kaliya br-ex waxa uu lahaa deked jireed kaas oo noodu u diri karo taraafikada dibadda. Abuuritaanka tusaalooyinku waxay beddeleen qaabeynta qanjidhada kombuyuutarka - buundada Linux, iptables iyo interfaces ayaa lagu daray qanjidhada. Abuuritaanka shabakadaha iyo router dalwaddii ayaa sidoo kale ka tagay calaamadda qaabeynta qanjidhada xakamaynta.

Markaa, way iska caddahay in ciwaanka albaabka ee MAC uu ku jiro miiska gudbinta ee br-int ee qanjidhka gacanta. Aynu eegno inay halkaas taallo iyo halka ay ka eegayso:

[heat-admin@overcloud-controller-0 ~]$ sudo ovs-appctl fdb/show br-int | grep fa:16:3e:c4:64:70
    5     1  fa:16:3e:c4:64:70    1
[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-controller-0 ~]$  sudo ovs-ofctl show br-int | grep addr
 1(int-br-ex): addr:2e:58:b6:db:d5:de
 2(patch-tun): addr:06:41:90:f0:9e:56
 3(tapca25a97e-64): addr:fa:16:3e:e6:2c:5c
 4(tap22015e46-0b): addr:fa:16:3e:76:c2:11
 5(qr-0c52b15f-8f): addr:fa:16:3e:c4:64:70
 6(qr-92fa49b5-54): addr:fa:16:3e:80:13:72
 LOCAL(br-int): addr:06:de:5d:ed:44:44
[heat-admin@overcloud-controller-0 ~]$ 

Macku wuxuu ka muuqdaa dekedda qr-0c52b15f-8f. Haddii aan dib ugu noqono liiska dekedaha casriga ah ee Openstack, nooca dekedda ah waxaa loo isticmaalaa in lagu xidho qalabyada kala duwan ee OVS. Si aad u noqoto mid sax ah, qr waa deked loo diro router-ka farsamada, kaas oo u taagan meel magac ahaan ah.

Aynu aragno meelaha magacyada ee ku jira server-ka:

[heat-admin@overcloud-controller-0 ~]$ sudo  ip netns
qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe (id: 2)
qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638 (id: 1)
qdhcp-67a3798c-32c0-4c18-8502-2531247e3cc2 (id: 0)
[heat-admin@overcloud-controller-0 ~]$ 

Ilaa saddex nuqul. Laakiin adiga oo ku xukumaya magacyada, waxaad qiyaasi kartaa ujeedada mid kasta oo iyaga ka mid ah. Waxaan ku soo laaban doonaa tusaalooyinka aqoonsiga 0 iyo 1 ka dib, hadda waxaan xiisayneynaa booska magaca qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe:

[heat-admin@overcloud-controller-0 ~]$ sudo  ip netns exec qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe ip route
10.0.1.0/24 dev qr-0c52b15f-8f proto kernel scope link src 10.0.1.254 
10.0.2.0/24 dev qr-92fa49b5-54 proto kernel scope link src 10.0.2.254 
[heat-admin@overcloud-controller-0 ~]$ 

Meesha magaceedu waxa uu ka kooban yahay laba gudaha ah oo aanu hore u abuurnay. Labada dekedood ee casriga ah ayaa lagu daray br-int. Aynu eegno ciwaanka mac ee dekedda qr-0c52b15f-8f, tan iyo taraafikada, adoo xukumaya ciwaanka mac-macaanka, waxay aadeen interface-kan.

[heat-admin@overcloud-controller-0 ~]$ sudo  ip netns exec qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe ifconfig qr-0c52b15f-8f
qr-0c52b15f-8f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 10.0.1.254  netmask 255.255.255.0  broadcast 10.0.1.255
        inet6 fe80::f816:3eff:fec4:6470  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:c4:64:70  txqueuelen 1000  (Ethernet)
        RX packets 5356  bytes 427305 (417.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5195  bytes 490603 (479.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[heat-admin@overcloud-controller-0 ~]$ 

Taasi waa, kiiskan, wax walbaa waxay u shaqeeyaan si waafaqsan sharciyada habraaca caadiga ah. Mar haddii taraafikada loogu talagalay martigeliyaha 10.0.2.8, waa inay ka baxdaa interface-ka labaad ee qr-92fa49b5-54 oo ay dhex martaa tunnel-ka vxlan ilaa barta xisaabiyaha:

[heat-admin@overcloud-controller-0 ~]$ sudo  ip netns exec qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe arp
Address                  HWtype  HWaddress           Flags Mask            Iface
10.0.1.88                ether   fa:16:3e:72:ad:53   C                     qr-0c52b15f-8f
10.0.1.90                ether   fa:16:3e:83:ad:a4   C                     qr-0c52b15f-8f
10.0.2.8                 ether   fa:16:3e:6c:ad:9c   C                     qr-92fa49b5-54
10.0.2.42                ether   fa:16:3e:f5:0b:29   C                     qr-92fa49b5-54
10.0.1.85                ether   fa:16:3e:44:98:20   C                     qr-0c52b15f-8f
[heat-admin@overcloud-controller-0 ~]$ 

Wax walba waa macquul, lama filaan ah. Aynu aragno halka ciwaanka poppy ee martida loo yahay 10.0.2.8 uu ka muuqdo br-int:

[heat-admin@overcloud-controller-0 ~]$ sudo ovs-appctl fdb/show br-int | grep fa:16:3e:6c:ad:9c
    2     2  fa:16:3e:6c:ad:9c    1
[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-controller-0 ~]$ sudo ovs-ofctl show br-int | grep addr
 1(int-br-ex): addr:2e:58:b6:db:d5:de
 2(patch-tun): addr:06:41:90:f0:9e:56
 3(tapca25a97e-64): addr:fa:16:3e:e6:2c:5c
 4(tap22015e46-0b): addr:fa:16:3e:76:c2:11
 5(qr-0c52b15f-8f): addr:fa:16:3e:c4:64:70
 6(qr-92fa49b5-54): addr:fa:16:3e:80:13:72
 LOCAL(br-int): addr:06:de:5d:ed:44:44
[heat-admin@overcloud-controller-0 ~]$ 

Sida la filayo, taraafikada waxay aadaysaa br-tun, aynu aragno tunnelka taraafku galo kan xiga:

[heat-admin@overcloud-controller-0 ~]$ sudo ovs-ofctl dump-flows br-tun | grep fa:16:3e:6c:ad:9c
 cookie=0x2ab04bf27114410e, duration=5346.829s, table=20, n_packets=5248, n_bytes=498512, hard_timeout=300, idle_age=0, hard_age=0, priority=1,vlan_tci=0x0002/0x0fff,dl_dst=fa:16:3e:6c:ad:9c actions=load:0->NXM_OF_VLAN_TCI[],load:0x63->NXM_NX_TUN_ID[],output:2
[heat-admin@overcloud-controller-0 ~]$
[heat-admin@overcloud-controller-0 ~]$ sudo ovs-ofctl show br-tun | grep addr
 1(patch-int): addr:a2:69:00:c5:fa:ba
 2(vxlan-c0a8ff1a): addr:86:f0:ce:d0:e8:ea
 3(vxlan-c0a8ff13): addr:72:aa:73:2c:2e:5b
 LOCAL(br-tun): addr:a6:cb:cd:72:1c:45
[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-controller-0 ~]$ sudo sudo ovs-appctl dpif/show | grep vxlan-c0a8ff1a
    vxlan-c0a8ff1a 2/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.26)
[heat-admin@overcloud-controller-0 ~]$ 

Gaadiidku waxa ay galaan tunnel-ka si ay u xisaabiyaan-1. Hagaag, xisaabinta-1 wax walba waa sahlan yihiin - laga bilaabo br-tun xirmada waxay aadaysaa br-int oo halkaas uga sii socota mashiinka farsamada:

[heat-admin@overcloud-controller-0 ~]$ sudo sudo ovs-appctl dpif/show | grep vxlan-c0a8ff1a
    vxlan-c0a8ff1a 2/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.26)
[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-appctl fdb/show br-int | grep fa:16:3e:6c:ad:9c
    4     2  fa:16:3e:6c:ad:9c    1
[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-ofctl show br-int | grep addr                  
 1(int-br-ex): addr:8a:d7:f9:ad:8c:1d
 2(patch-tun): addr:46:cc:40:bd:20:da
 3(qvoe7e23f1b-07): addr:12:78:2e:34:6a:c7
 4(qvo3210e8ec-c0): addr:7a:5f:59:75:40:85
 LOCAL(br-int): addr:e2:27:b2:ed:14:46
[heat-admin@overcloud-novacompute-1 ~]$ 

Aynu eegno in kani runtii yahay interface-ka saxda ah:

[heat-admin@overcloud-novacompute-1 ~]$ brctl show
bridge name     bridge id               STP enabled     interfaces
docker0         8000.02429c001e1c       no
qbr3210e8ec-c0          8000.ea27f45358be       no              qvb3210e8ec-c0
                                                        tap3210e8ec-c0
qbre7e23f1b-07          8000.b26ac0eded8a       no              qvbe7e23f1b-07
                                                        tape7e23f1b-07
[heat-admin@overcloud-novacompute-1 ~]$ 
[heat-admin@overcloud-novacompute-1 ~]$ sudo virsh domiflist instance-00000004
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tap3210e8ec-c0 bridge     qbr3210e8ec-c0 virtio      fa:16:3e:6c:ad:9c

[heat-admin@overcloud-novacompute-1 ~]$

Dhab ahaantii, waxaan sii marnay xirmada oo dhan. Waxaan u maleynayaa inaad dareentay in taraafikada ay soo mareen tunnel-ka vxlan kala duwan oo ay la baxeen VNIs kala duwan. Aynu aragno nooca VNI ee kuwanu yihiin, ka dib markaa waxaan ku soo ururin doonaa qashin qubka dekedda koontaroolka ee noodhka oo aan hubinno in taraafikada sida saxda ah ee kor lagu sharaxay.
Marka, tunnel-ka lagu xisaabinayo-0 wuxuu leeyahay falalka soo socda=load:0->NXM_OF_VLAN_TCI[],load:0x16->NXM_NX_TUN_ID[],output:3. Aan u beddelno 0x16 nidaamka tirada tobanlaha:

0x16 = 6*16^0+1*16^1 = 6+16 = 22

Tunnel-ka lagu xisaabinayo-1 waxa uu leeyahay VNI ee soo socota:actions=load:0->NXM_OF_VLAN_TCI[],load:0x63->NXM_NX_TUN_ID[],output:2. Aan u beddelno 0x63 nidaamka tirada tobanlaha:

0x63 = 3*16^0+6*16^1 = 3+96 = 99

Hagaag, hadda aan eegno qashinka:

[root@hp-gen9 bormoglotx]# tcpdump -vvv -i vnet4 
tcpdump: listening on vnet4, link-type EN10MB (Ethernet), capture size 262144 bytes

*****************omitted*******************

04:35:18.709949 IP (tos 0x0, ttl 64, id 48650, offset 0, flags [DF], proto UDP (17), length 134)
    192.168.255.19.41591 > 192.168.255.15.4789: [no cksum] VXLAN, flags [I] (0x08), vni 22
IP (tos 0x0, ttl 64, id 49042, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.1.85 > 10.0.2.8: ICMP echo request, id 5378, seq 9, length 64
04:35:18.710159 IP (tos 0x0, ttl 64, id 23360, offset 0, flags [DF], proto UDP (17), length 134)
    192.168.255.15.38983 > 192.168.255.26.4789: [no cksum] VXLAN, flags [I] (0x08), vni 99
IP (tos 0x0, ttl 63, id 49042, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.1.85 > 10.0.2.8: ICMP echo request, id 5378, seq 9, length 64
04:35:18.711292 IP (tos 0x0, ttl 64, id 43596, offset 0, flags [DF], proto UDP (17), length 134)
    192.168.255.26.42588 > 192.168.255.15.4789: [no cksum] VXLAN, flags [I] (0x08), vni 99
IP (tos 0x0, ttl 64, id 55103, offset 0, flags [none], proto ICMP (1), length 84)
    10.0.2.8 > 10.0.1.85: ICMP echo reply, id 5378, seq 9, length 64
04:35:18.711531 IP (tos 0x0, ttl 64, id 8555, offset 0, flags [DF], proto UDP (17), length 134)
    192.168.255.15.38983 > 192.168.255.19.4789: [no cksum] VXLAN, flags [I] (0x08), vni 22
IP (tos 0x0, ttl 63, id 55103, offset 0, flags [none], proto ICMP (1), length 84)
    10.0.2.8 > 10.0.1.85: ICMP echo reply, id 5378, seq 9, length 64
	
*****************omitted*******************

Xirmada ugu horreysa waa xirmo vxlan ah oo ka socda martigeliyaha 192.168.255.19 (compute-0) si loo martigeliyo 192.168.255.15 (control-1) oo leh vni 22, gudaha kaas oo xirmo ICMP ah laga soo duubay 10.0.1.85 martida loo yahay 10.0.2.8. Sida aan kor ku xisaabinay, vni waxay la mid tahay wixii aan ku aragnay wax soo saarka.

Xirmada labaad waa xirmo vxlan ah oo ka socda martida loo yahay 192.168.255.15 (control-1) si ay u martigeliso 192.168.255.26 (compute-1) oo leh vni 99, gudaha kaas oo xirmo ICMP ah laga soo duubay martigeliyaha 10.0.1.85 martigeliyaha 10.0.2.8. Sida aan kor ku xisaabinay, vni waxay la mid tahay wixii aan ku aragnay wax soo saarka.

Labada baakidh ee soo socda waa taraafikada soo celinta laga bilaabo 10.0.2.8 ma aha 10.0.1.85.

Taasi waa, ugu dambeyntii waxaan helnay nidaamka noode kontoroolka ee soo socda:

U eeg waa kaas? Waxaan ilownay laba magac oo kala ah:

[heat-admin@overcloud-controller-0 ~]$ sudo  ip netns
qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe (id: 2)
qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638 (id: 1)
qdhcp-67a3798c-32c0-4c18-8502-2531247e3cc2 (id: 0)
[heat-admin@overcloud-controller-0 ~]$ 

Markaan ka hadalnay qaab dhismeedka goobta daruuriga ah, way fiicnaan lahayd haddii mashiinadu ay si toos ah cinwaan uga helaan server-ka DHCP. Kuwani waa laba adeegayaasha DHCP ee labadayada shabakadood 10.0.1.0/24 iyo 10.0.2.0/24.

Aynu eegno inay tani run tahay. Hal ciwaan oo kaliya ayaa ku dhex jira magacan - 10.0.1.1 - ciwaanka serfarka DHCP laftiisa, waxa kale oo uu ku jiraa br-int:

[heat-admin@overcloud-controller-0 ~]$ sudo ip netns exec qdhcp-67a3798c-32c0-4c18-8502-2531247e3cc2 ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 1  bytes 28 (28.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1  bytes 28 (28.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tapca25a97e-64: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 10.0.1.1  netmask 255.255.255.0  broadcast 10.0.1.255
        inet6 fe80::f816:3eff:fee6:2c5c  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:e6:2c:5c  txqueuelen 1000  (Ethernet)
        RX packets 129  bytes 9372 (9.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 49  bytes 6154 (6.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Aynu aragno haddii hababka ay ku jiraan qdhcp-67a3798c-32c0-4c18-8502-2531247e3cc2 ee magacooda ku yaal marinka kantaroolka:

[heat-admin@overcloud-controller-0 ~]$ ps -aux | egrep qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638 
root      640420  0.0  0.0   4220   348 ?        Ss   11:31   0:00 dumb-init --single-child -- ip netns exec qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638 /usr/sbin/dnsmasq -k --no-hosts --no-resolv --pid-file=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/host --addn-hosts=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/opts --dhcp-leasefile=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/leases --dhcp-match=set:ipxe,175 --local-service --bind-dynamic --dhcp-range=set:subnet-335552dd-b35b-456b-9df0-5aac36a3ca13,10.0.2.0,static,255.255.255.0,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=256 --conf-file= --domain=openstacklocal
heat-ad+  951620  0.0  0.0 112944   980 pts/0    S+   18:50   0:00 grep -E --color=auto qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638
[heat-admin@overcloud-controller-0 ~]$ 

Waxa jira hab-socod noocaas ah oo ku salaysan xogta lagu soo bandhigay wax-soo-saarka sare, waxaanu tusaale ahaan, arki karnaa waxa aan hadda haysanno kirada:

[heat-admin@overcloud-controller-0 ~]$ cat /var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/leases
1597492111 fa:16:3e:6c:ad:9c 10.0.2.8 host-10-0-2-8 01:fa:16:3e:6c:ad:9c
1597491115 fa:16:3e:76:c2:11 10.0.2.1 host-10-0-2-1 *
[heat-admin@overcloud-controller-0 ~]$

Natiijo ahaan, waxaanu ku helnaa adeegan soo socda ee kantaroolka:

Waa hagaag, maskaxda ku hay - tani waa mashiinnada 4 oo keliya, 2 shabakado gudaha ah iyo hal router dalwaddii ... Ma haysanno shabakado dibadeed halkan hadda, farabadan oo mashruucyo kala duwan ah, mid kasta oo leh shabakado u gaar ah (isku-dhafan), waxaanan leenahay router la qaybiyay wuu damiyay, aakhirkiina, waxaa jiray hal noode kontorool oo qura oo ku dhex jiray kursiga tijaabada (dulqaadka cilada waa in uu jiraa kooram ka kooban saddex noode). Waa macquul in ganacsiga wax walba ay "wax yar" ka sii adag tahay, laakiin tusaalahan fudud waxaan fahamsanahay sida ay tahay in ay u shaqeyso - haddii aad leedahay 3 ama 300 magacyo waa dabcan muhiim, laakiin marka laga eego aragtida hawlgalka oo dhan qaab dhismeedka, waxba ma beddeli doono wax badan...inkastoo ilaa aanad ku xidhin qaar ka mid ah iibiyaha SDN. Laakiin taasi waa sheeko gebi ahaanba ka duwan.

Waxaan rajeynayaa inay ahayd mid xiiso leh. Haddii aad hayso wax faallooyin ah/ku-kordhin ah, ama meel aan si toos ah uga been sheegay (Anigu waxaan ahay bini-aadmi, ra’yigayguna waxa uu ahaan doonaa mid had iyo jeer ku-salaysan) – qor waxa loo baahan yahay in la saxo/ku daro – wax walba waanu saxaynaa/ku dari doonaa.

Gabagabadii, waxaan jeclaan lahaa in aan dhowr eray ka iraahdo isbarbardhigga Opentack (labadaba vanilj iyo iibiyaha) iyo xalka daruuriga ah ee VMWare - Su'aashan marar badan ayaa la i weydiiyay labadii sano ee la soo dhaafay, si daacad ah, waxaan ahay mar hore daallan, laakiin weli. Fikradayda, aad bay u adagtahay in la is barbar dhigo labadan xal, laakiin waxaan hubaal ahaan karnaa in ay jiraan khasaarooyin labada xal ah oo marka aad dooranayso hal xal waxaad u baahan tahay inaad miisaanto faa'iidada iyo khasaaraha.

Haddii OpenStack uu yahay xal bulshadu wadato, markaas VMWare waxa ay xaq u leedahay in ay samayso waxa ay doonayso (akhri - waxa faa'iido u leh) tanina waa mid macquul ah - sababtoo ah waa shirkad ganacsi oo loo isticmaalo in ay lacag ka sameeyaan macaamiisheeda. Laakiin waxaa jira mid weyn oo buuran LAAKIIN - waxaad ka bixi kartaa OpenStack, tusaale ahaan Nokia, oo kharash yar u beddelo xalka, tusaale ahaan, Juniper (Contrail Cloud), laakiin uma badna inaad awoodid inaad ka baxdo VMWare . Aniga ahaan, labadan xal waxay u egyihiin sidan - Opentack (vendor) waa qafis fudud oo lagugu dhejiyo, laakiin waxaad leedahay fure oo waad bixi kartaa wakhti kasta. VMWare waa qafis dahab ah, mulkiiluhu wuxuu leeyahay furaha qafiska waxayna kugu kici doontaa wax badan.

Anigu ma horumarinayo mid ka mid ah badeecada koowaad ama tan labaad - adiga ayaa dooranaya waxaad u baahan tahay. Laakiin haddii aan haysto doorashadan, waxaan dooran lahaa labada xal - VMWare ee daruuraha IT-ga (culays hoose, maarayn fudud), OpenStack ka iibiya qaar ka mid ah (Nokia iyo Juniper waxay bixiyaan xalal aad u wanaagsan) - daruuraha Telecom. Uma isticmaali doono Opentack IT saafi ah - waxay la mid tahay in shimbiraha lagu toogto madfac, laakiin ma arko wax liddi ku ah adeegsiga aan ka ahayn dib-u-celinta. Si kastaba ha ahaatee, isticmaalka VMWare ee telecom waxay la mid tahay in lagu jiido dhagax la jajabiyey ee Ford Raptor - way ka qurux badan tahay dibadda, laakiin darawalku waa inuu sameeyaa 10 safar halkii uu mid ka mid ah.

Fikradayda, khasaaraha ugu weyn ee VMWare waa xidhidhnimadiisa dhamaystiran - shirkadu kuma siin doonto wax macluumaad ah oo ku saabsan sida ay u shaqeyso, tusaale ahaan, vSAN ama waxa ku jira kernel hypervisor - si fudud faa'iido uma laha - taas oo ah, waad awoodi doontaa. Waligaa khabiir ha ku noqon VMWare - la'aanteed taageero iibiye, adiga ayaa go'ay (badanaa waxaan la kulmaa khubarada VMWare kuwaas oo ku wareersan su'aalo fudud). Aniga ahaan, VMWare waxa ay soo iibsanaysaa baabuur daboolku xidhan yahay - haa, waxa laga yaabaa in aad leedahay khabiiro bedeli kara suunka wakhtiga, laakiin kii kaa iibiyay xalkan ayaa furi kara daboolka. Shakhsi ahaan, ma jecli xalalka aanan ku habboonayn karin. Waxaad odhan doontaa waxaa laga yaabaa inaadan u baahnayn inaad gashato hoosteeda. Haa, tani waa suurtagal, laakiin waan ku eegi doonaa markaad u baahan tahay inaad ku ururiso hawl weyn oo daruur ah oo ka socota 20-30 mashiinnada farsamada, shabakadaha 40-50, kuwaas oo kala badh ay rabaan inay dibadda u baxaan, qaybta labaadna waxay ku weydiinaysaa Dardargelinta SR-IOV, haddii kale waxaad u baahan doontaa dhowr iyo toban ka mid ah baabuurtan - haddii kale waxqabadka kuma filna.

Waxaa jira aragtiyo kale, marka adiga kaliya ayaa go'aan ka gaari kara waxaad dooranayso, iyo, tan ugu muhiimsan, adiga ayaa markaa mas'uul ka ah doorashadaada. Tani waa uun ra'yigeyga - qof arkay oo taabtay ugu yaraan 4 alaab - Nokia, Juniper, Koofiyada Cas iyo VMWare. Taasi waa, waxaan haystaa wax la barbardhigo.

Source: www.habr.com