I-Cloud computing ingena ijula futhi ijula ezimpilweni zethu futhi cishe akekho noyedwa umuntu ongakaze asebenzise noma yiziphi izinsizakalo zamafu okungenani kanye. Kodwa-ke, liyini ngempela ifu nokuthi lisebenza kanjani, bambalwa abantu abaziyo, ngisho nasezingeni lombono. I-5G isivele iba ngokoqobo futhi ingqalasizinda ye-telecom isiqala ukusuka ezixazululweni zensika iye ezixazululweni zamafu, njengoba nje yenza lapho isuka ezixazululweni zehadiwe ngokuphelele iye “ezinsikeni” ezenziwe ngokoqobo.
Namuhla sizokhuluma ngezwe langaphakathi lengqalasizinda yamafu, ikakhulukazi sizobheka izinto eziyisisekelo zengxenye yenethiwekhi.
Liyini ifu? I-virtualization efanayo - ukubuka kwephrofayela?
Okungaphezu kombuzo onengqondo. Cha - lokhu akuyona i-virtualization, nakuba bekungeke kwenziwe ngaphandle kwayo. Ake sibheke izincazelo ezimbili:
I-Cloud computing (kamuva ebizwa ngokuthi i-Cloud) iyimodeli yokuhlinzeka ngokufinyelela okusebenziseka kalula ezinsizeni zekhompuyutha esabalalisiwe okufanele zisetshenziswe futhi ziqaliswe lapho kudingeka khona ukubambezeleka okuphansi okungenzeka kanye nezindleko ezincane kumhlinzeki wesevisi.
I-Virtualization - leli yikhono lokuhlukanisa into eyodwa ebonakalayo (isibonelo, iseva) ibe yizinto ezimbalwa ezibonakalayo, ngaleyo ndlela kwandise ukusetshenziswa kwezinsiza (isibonelo, ubunamaseva ama-3 alayishwe kumaphesenti angama-25-30, ngemuva kokusebenza ngokubonakalayo uthola iseva engu-1 elayishiwe. amaphesenti angu-80-90). Ngokwemvelo, i-virtualization idla ezinye zezinsiza - udinga ukondla i-hypervisor, noma kunjalo, njengoba umkhuba ubonisile, umdlalo ufanelekile ikhandlela. Isibonelo esihle se-virtualization yi-VMWare, elungiselela kahle imishini ebonakalayo, noma isibonelo i-KVM, engiyithandayo, kodwa lokhu kuyindaba yokunambitha.
Sisebenzisa i-virtualization ngaphandle kokuqaphela, futhi ngisho namarutha ensimbi asevele asebenzisa i-virtualization - isibonelo, enguqulweni yakamuva ye-JunOS, isistimu yokusebenza ifakwe njengomshini obonakalayo phezu kokusabalalisa kwe-Linux ngesikhathi sangempela (Wind River 9). Kodwa i-virtualization ayilona ifu, kodwa ifu alikwazi ukuba khona ngaphandle kwe-virtualization.
I-Virtualization ingenye yezakhiwo lapho ifu lakhelwe khona.
Ukwenza ifu ngokumane uqoqe ama-hypervisors amaningana esizindeni esisodwa se-L2, ukwengeza idlanzana lezincwadi zokudlala ze-yaml zokubhalisa ngokuzenzakalelayo ama-vlan ngokusebenzisa uhlobo oluthile oluphathekayo nokuhlanganisa into efana nesistimu ye-orchestration kukho konke ukuze udale ngokuzenzakalelayo imishini ebonakalayo ngeke kusebenze. Kuyoba nembe kakhudlwana, kodwa umphumela we-Frankenstein awulona ifu esilidingayo, nakuba kungase kube iphupho lokugcina kwabanye. Ngaphezu kwalokho, uma uthatha i-Openstack efanayo, kuseyi-Frankenstein, kodwa-ke, ake singakhulumi ngalokho okwamanje.
Kodwa ngiyaqonda ukuthi kusukela encazelweni evezwe ngenhla akucaci ngokuphelele ukuthi yini ngempela engabizwa ngokuthi ifu.
Ngakho-ke, idokhumenti evela ku-NIST (Isikhungo Sikazwelonke Samazinga Nobuchwepheshe) sinikeza izici eziyinhloko ezi-5 ingqalasizinda yamafu okufanele ibe nazo:
Ukuhlinzeka ngensizakalo ngesicelo. Umsebenzisi kufanele anikezwe ukufinyelela kwamahhala kwizinsiza zekhompyutha ezabelwe yena (njengamanethiwekhi, amadiski abonakalayo, inkumbulo, ama-processor cores, njll.), futhi lezi zinsiza kufanele zinikezwe ngokuzenzakalelayo - okungukuthi, ngaphandle kokungenelela komhlinzeki wesevisi.
Ukutholakala okubanzi kwesevisi. Ukufinyelela ezinsizeni kufanele kuhlinzekwe yizinqubo ezijwayelekile zokuvumela ukusetshenziswa kwawo womabili ama-PC ajwayelekile namaklayenti amancane namadivayisi eselula.
Ukuhlanganisa izinsiza zibe amachibi. Amachibi ezinsiza kufanele akwazi ukuhlinzeka ngezinsiza kumakhasimende amaningi ngesikhathi esisodwa, aqinisekise ukuthi amakhasimende ahlukanisiwe futhi awanawo amandla afanayo kanye nokuncintisana ngezinsiza. Amanethiwekhi aphinde afakwe emachibini, okubonisa ukuthi kungenzeka ukusebenzisa amakheli agqagqene. Amachibi kufanele akwazi ukukala ngokufunwa. Ukusetshenziswa kwamachibi kwenza kube nokwenzeka ukuhlinzeka ngezinga elidingekayo lokubekezelela amaphutha ensiza kanye nokukhishwa kwezinsiza ezibonakalayo nezingokoqobo - umamukeli wesevisi umane anikezwe isethi yezinsiza azicelile (lapho lezi zinsiza zitholakala khona ngokomzimba, ukuthi zingaki amaseva namaswishi - akunandaba kuklayenti). Kodwa-ke, kufanele sicabangele iqiniso lokuthi umhlinzeki kufanele aqinisekise ukubhukha okusobala kwalezi zinsiza.
Ukuzijwayeza okusheshayo ezimweni ezahlukene. Izinsizakalo kufanele zivumelane nezimo - ukuhlinzekwa ngokushesha kwezinsiza, ukusabalalisa kabusha kwazo, ukungeza noma ukunciphisa izinsiza ngokwesicelo seklayenti, futhi ngasohlangothini lweklayenti kufanele kube nomuzwa wokuthi izinsiza zamafu azipheli. Ukuze kube lula ukuqonda, isibonelo, awusiboni isexwayiso sokuthi ingxenye yesikhala sakho sediski ku-Apple iCloud isinyamalele ngoba i-hard drive kuseva iphukile, futhi amadrayivu ayaphuka. Ngaphezu kwalokho, ngakolunye uhlangothi, amathuba ale sevisi cishe angenamkhawulo - udinga i-2 TB - ayikho inkinga, uyikhokhile futhi uyitholile. Isibonelo esifanayo singanikezwa nge-Google.Drive noma i-Yandex.Disk.
Amathuba okulinganisa isevisi enikeziwe. Amasistimu wamafu kufanele alawule ngokuzenzakalelayo futhi alungiselele izinsiza ezisetshenzisiwe, futhi lezi zindlela kufanele zibe sobala kubo bobabili umsebenzisi kanye nomhlinzeki wesevisi. Okusho ukuthi, ungahlala ubheka ukuthi zingaki izinsiza ezisebenzisayo wena namakhasimende akho.
Kuyafaneleka ukucabangela iqiniso lokuthi lezi zidingo ngokuvamile ziyizidingo zefu lomphakathi, ngakho-ke ifu eliyimfihlo (okungukuthi, ifu elethulwe izidingo zangaphakathi zenkampani), lezi zidingo zingalungiswa kancane. Noma kunjalo, kusadingeka zenziwe, ngaphandle kwalokho ngeke sithole zonke izinzuzo ze-cloud computing.
Kungani sidinga ifu?
Kodwa-ke, noma yikuphi ubuchwepheshe obusha noma obukhona, noma iyiphi iphrothokholi entsha yenzelwe okuthile (kahle, ngaphandle kwe-RIP-ng, kunjalo). Akekho odinga iphrothokholi ngenxa yephrothokholi (kahle, ngaphandle kwe-RIP-ng, kunjalo). Kunengqondo ukuthi Ifu lidalelwe ukunikeza uhlobo oluthile lwesevisi kumsebenzisi/iklayenti. Sonke sijwayelene okungenani nezinsiza ezimbalwa zamafu, isibonelo i-Dropbox noma i-Google.Amadokhumenti, futhi ngikholelwa ukuthi abantu abaningi bazisebenzisa ngempumelelo - isibonelo, lesi sihloko sabhalwa kusetshenziswa isevisi yefu ye-Google.Docs. Kodwa izinsizakalo zamafu esizaziyo ziyingxenye kuphela yamakhono efu—ngokunembe kakhulu, ziyisevisi yohlobo lwe-SaaS kuphela. Singahlinzeka ngesevisi yefu ngezindlela ezintathu: ngendlela ye-SaaS, PaaS noma i-IaaS. Iyiphi isevisi oyidingayo incike ezifisweni zakho namakhono akho.
Ake sibheke ngayinye ngokulandelana:
Isofthiwe njenge-Service (SaaS) iyimodeli yokunikeza isevisi egcwele ngokugcwele kuklayenti, isibonelo, isevisi ye-imeyili efana ne-Yandex.Mail noma i-Gmail. Kulo modeli wokulethwa kwezinsizakalo, wena, njengeklayenti, empeleni awenzi lutho ngaphandle kokusebenzisa izinsizakalo - okungukuthi, awudingi ukucabanga ngokumisa insizakalo, ukubekezelela amaphutha noma ukunganaki. Into esemqoka ukuthi ungafaki iphasiwedi yakho engozini; umhlinzeki wale sevisi uzokwenza konke okunye. Ngokombono womhlinzeki wesevisi, unomthwalo wemfanelo ngokugcwele kuyo yonke isevisi - kusukela ku-hardware ye-server kanye nezinhlelo zokusebenza zokusingatha ku-database kanye nezilungiselelo zesofthiwe.
Ipulatifomu njengesevisi (i-PaaS) - Uma usebenzisa le modeli, umhlinzeki wesevisi unikeza iklayenti ucezu lokusebenza lwensizakalo, isibonelo, ake sithathe iseva yeWebhu. Umhlinzeki wesevisi unikeze iklayenti iseva ebonakalayo (empeleni, isethi yezinsiza, njenge-RAM/CPU/Isitoreji/Amanethi, njll.), waze wafaka i-OS nesofthiwe edingekayo kule seva, nokho, ukucushwa zonke lezi zinto zenziwa iklayenti ngokwalo kanye nokusebenza kwesevisi iklayenti eliphendulayo. Umhlinzeki wesevisi, njengasekuqaleni, unesibopho sokusebenza kwemishini yomzimba, ama-hypervisors, umshini obonakalayo ngokwawo, ukutholakala kwenethiwekhi, njll., kodwa isevisi ngokwayo ayisekho endaweni yayo yesibopho.
Ingqalasizinda njengensizakalo (IaaS) - le ndlela isivele ithakazelisa kakhulu, empeleni, umhlinzeki wesevisi unikeza iklayenti ingqalasizinda ephelele ebonakalayo - okungukuthi, isethi ethile (ichibi) yezinsiza, njenge-CPU Cores, i-RAM, Amanethiwekhi, njll. Konke okunye kusezandleni zakho. iklayenti - lokho iklayenti elifuna ukukwenza ngalezi zinsiza ngaphakathi kwephuli elabelwe (i-quota) - akubalulekile kakhulu kumphakeli. Ukuthi iklayenti lifuna ukuzakhela i-vEPC yalo noma lize lidale u-opharetha omncane futhi linikeze izinsiza zokuxhumana - akubuzwa - kwenze. Esimeni esinjalo, umhlinzeki wesevisi unomthwalo wemfanelo wokuhlinzeka ngezinsiza, ukubekezelela amaphutha nokutholakala, kanye ne-OS ebavumela ukuthi bahlanganise lezi zinsiza futhi bazenze zitholakale kuklayenti ngokukwazi ukwandisa noma ukunciphisa izinsiza nganoma yisiphi isikhathi. ngesicelo seklayenti. Iklayenti lilungiselela yonke imishini ebonakalayo kanye nezinye izicwecwe ngokwalo ngengosi yokuzisiza kanye nekhonsoli, okuhlanganisa ukusetha amanethiwekhi (ngaphandle kwamanethiwekhi angaphandle).
Iyini i-OpenStack?
Kuzo zontathu izinketho, umhlinzeki wesevisi udinga i-OS ezonika amandla ukudalwa kwengqalasizinda yamafu. Eqinisweni, nge-SaaS, ingxenye engaphezu kweyodwa inesibopho sayo yonke inqwaba yobuchwepheshe - kukhona ukuhlukaniswa okubhekene nengqalasizinda - okungukuthi, inikeza i-IaaS kwesinye isigaba, lesi sigaba sihlinzeka nge-SaaS kuklayenti. I-OpenStack ingenye yezinhlelo zokusebenza zamafu ezikuvumela ukuthi uqoqe inqwaba yokushintsha, amaseva nezinhlelo zokulondoloza echibini lensiza eyodwa, uhlukanise leli chibi elivamile libe ama-subpools (abaqashi) futhi unikeze lezi zinsiza kumakhasimende ngenethiwekhi.
I-OpenStack iyisistimu yokusebenza yamafu evumela ukuthi ulawule amachibi amakhulu ezinsiza zekhompiyutha, ukugcinwa kwedatha nezinsiza zenethiwekhi, ezihlinzekwe futhi ziphathwe nge-API usebenzisa izindlela zokuqinisekisa ezijwayelekile.
Ngamanye amazwi, lena isethi yamaphrojekthi esofthiwe yamahhala eklanyelwe ukudala izinsizakalo zamafu (zomphakathi neziyimfihlo) - okungukuthi, isethi yamathuluzi akuvumela ukuthi uhlanganise iseva futhi ushintshe imishini ibe yichibi elilodwa lezinsiza, uphathe. lezi zinsiza, ezinikeza izinga elidingekayo lokubekezelela amaphutha .
Ngesikhathi sokubhala le nto, isakhiwo se-OpenStack sibukeka kanje:
Isithombe sithathwe ku
Ingxenye ngayinye efakwe ku-OpenStack yenza umsebenzi othile. Lesi sakhiwo esabalalisiwe sikuvumela ukuthi ufake kusixazululo isethi yezingxenye ezisebenzayo ozidingayo. Kodwa-ke, ezinye izingxenye ziyizingxenye zezimpande futhi ukususwa kwazo kuzoholela ekungasebenzini okuphelele noma okuyingxenye kwesixazululo sisonke. Lezi zingxenye ngokuvamile zihlukaniswa njenge:
- Dashboard - I-GUI esekwe kuwebhu yokuphatha izinsiza ze-OpenStack
- Keystone iyisevisi kamazisi emaphakathi ehlinzeka ngokugunyazwa nokusebenza kokugunyazwa kwamanye amasevisi, kanye nokuphatha imininingwane yabasebenzisi nemisebenzi yabo.
- I-neutron - isevisi yenethiwekhi ehlinzeka ngoxhumano phakathi kokuxhumana kwezinsizakalo ezihlukahlukene ze-OpenStack (okuhlanganisa ukuxhumana phakathi kwama-VM nokufinyelela kwawo emhlabeni wangaphandle)
- Cinder — inikeza ukufinyelela kokuvimba isitoreji semishini ebonakalayo
- Nova - Ukuphathwa komjikelezo wempilo wemishini ebonakalayo
- Ukubabaza - inqolobane yezithombe zomshini nezifinyezo
- Swift — inikeza ukufinyelela entweni yokugcina
- I-Ceilometer - isevisi ehlinzeka ngekhono lokuqoqa i-telemetry kanye nokulinganisa izinsiza ezitholakalayo nezisetshenziswayo
- Heat — Ukucula okusekelwe kuzifanekiso zokwenziwa ngokuzenzakalela kanye nokuhlinzekwa kwezinsiza
Uhlu oluphelele lwawo wonke amaphrojekthi kanye nenjongo yawo lungabukwa .
Ingxenye ngayinye ye-OpenStack iyisevisi eyenza umsebenzi othile futhi inikeza i-API ukuze ilawule lowo msebenzi futhi ihlanganyele namanye amasevisi esistimu yokusebenza kwamafu ukuze kudalwe ingqalasizinda ebumbene. Isibonelo, i-Nova inikeza ukuphathwa kwensiza yekhompyutha kanye ne-API yokufinyelela ekulungiseni lezi zinsiza, i-Glance inikeza ukuphathwa kwesithombe kanye ne-API yokuyiphatha, i-Cinder inikeza i-block block kanye ne-API yokuyiphatha, njll. Yonke imisebenzi ixhumene ngendlela esondelene kakhulu.
Kodwa-ke, uma ubheka, zonke izinsizakalo ezisebenza ku-OpenStack ekugcineni ziwuhlobo oluthile lomshini obonakalayo (noma isiqukathi) esixhunywe kunethiwekhi. Umbuzo uphakama - kungani sidinga izakhi eziningi kangaka?
Ake sidlule ku-algorithm yokwenza umshini obonakalayo futhi uwuxhume kunethiwekhi kanye nesitoreji esiqhubekayo ku-Openstack.
- Uma udala isicelo sokudala umshini, kungaba isicelo nge-Horizon (Ideshibhodi) noma isicelo nge-CLI, into yokuqala eyenzekayo ukugunyazwa kwesicelo sakho ku-Keystone - ungawenza umshini, ingabe unawo ilungelo lokusebenzisa le nethiwekhi, ingabe isabelo sakho esisalungiswa, njll.
- I-Keystone ifakazela ubuqiniso isicelo sakho futhi ikhiqize ithokheni yokuqinisekisa kumlayezo wempendulo, ezosetshenziswa ngokuqhubekayo. Ngemva kokuthola impendulo evela ku-Keystone, isicelo sithunyelwa ngase-Nova (nova api).
- I-Nova-api ihlola ukufaneleka kwesicelo sakho ngokuthinta i-Keystone isebenzisa ithokheni yobunikazi edalwe ngaphambilini
- I-Keystone yenza ubuqiniso futhi inikeza ulwazi kuzimvume nemikhawulo esekelwe kule tokheni yokuqinisekisa.
- I-Nova-api idala okungenayo kwe-VM entsha kusizindalwazi se-nova futhi idlulise isicelo sokudala umshini kusihleli se-nova.
- I-Nova-scheduler ikhetha umsingathi (i-computer node) lapho kuzosetshenziswa khona i-VM ngokusekelwe kumapharamitha acacisiwe, izisindo namazoni. Irekhodi lalokhu kanye ne-VM ID kubhalwe kusizindalwazi se-nova.
- Okulandelayo, oxhumana nabo be-nova-scheduler nova-compute ngesicelo sokuphakela isenzakalo. I-Nova-compute othintana nabo be-nova-conductor ukuze bathole ulwazi mayelana nemingcele yomshini (i-nova-conductor i-elementi ye-nova esebenza njengeseva elibamba phakathi kwe-nova-database kanye ne-nova-compute, ikhawulela inani lezicelo ku-nova-database ukugwema izinkinga ngesizindalwazi ukuncishiswa komthwalo ongaguquguquki).
- I-Nova-conductor ithola ulwazi oluceliwe kusuka ku-nova-database futhi iludlulisele ku-nova-compute.
- Okulandelayo, ukubuka kwezingcingo ze-nova-compute ukuze uthole i-ID yesithombe. I-Glace iqinisekisa isicelo ku-Keystone futhi ibuyisela ulwazi oluceliwe.
- I-Nova-compute othintana nabo i-neutron ukuze uthole ulwazi mayelana nemingcele yenethiwekhi. Ngokufanayo nokubuka shazi, i-neutron iqinisekisa isicelo ku-Keystone, ngemva kwalokho idala okufakiwe kusizindalwazi (isihlonzi sechweba, njll.), idala isicelo sokudala ichweba, futhi ibuyisela ulwazi oluceliwe ku-nova-compute.
- I-Nova-compute othintana nabo i-cinder ngesicelo sokwaba ivolumu emshinini we-virtual. Ngokufanayo nokubuka nje, i-cider iqinisekisa isicelo ku-Keystone, idala isicelo sokudala ivolumu, futhi ibuyisela ulwazi oluceliwe.
- I-Nova-compute contacts libvirt enesicelo sokuphakela umshini obonakalayo onamapharamitha acacisiwe.
Eqinisweni, umsebenzi obonakala ulula wokudala umshini olula we-virtual uphenduka ube yi-whirlpool yamakholi we-API phakathi kwezakhi zeplathifomu yamafu. Ngaphezu kwalokho, njengoba ubona, ngisho nezinsizakalo eziqokwe ngaphambilini nazo zihlanganisa izingxenye ezincane lapho ukuxhumana kwenzeka khona. Ukudala umshini kuyingxenye encane kuphela yalokho ipulatifomu yefu ekuvumela ukuthi ukwenze - kunesevisi enesibopho sokulinganisa ithrafikhi, isevisi ebhekele ukugcinwa kwebhulokhi, isevisi ebhekele i-DNS, isevisi enesibopho sokuhlinzeka ngamaseva ensimbi angenalutho, njll. Ifu likuvumela ukuthi uphathe imishini yakho ebonakalayo njengomhlambi wezimvu (ngokungafani nokwenza izinto ezibonakalayo). Uma kwenzeka okuthile emshinini wakho endaweni ebonakalayo - uyibuyisela kuma-backups, njll., kepha izinhlelo zokusebenza zamafu zakhiwe ngendlela yokuthi umshini obonakalayo awudlali indima ebalulekile - umshini obonakalayo "ufile" - ayikho inkinga. - entsha imane idalwe imoto isekelwe kusifanekiso futhi, njengoba besho, iqembu alizange likubone ukulahlekelwa kwe-fighter. Ngokwemvelo, lokhu kunikeza ukuba khona kwezindlela zokucula - usebenzisa izifanekiso Zokushisa, ungakwazi kalula ukuphakela umsebenzi oyinkimbinkimbi ohlanganisa inqwaba yamanethiwekhi nemishini ebonakalayo.
Kuhlale kufanelekile ukukhumbula ukuthi ayikho ingqalasizinda yefu ngaphandle kwenethiwekhi - into ngayinye ngandlela thile ixhumana nezinye izakhi ngenethiwekhi. Ngaphezu kwalokho, ifu linenethiwekhi engaguquki ngokuphelele. Ngokwemvelo, inethiwekhi ye-underlay imile kakhulu noma ingaphansi - ama-node amasha namaswishi awangezwa nsuku zonke, kodwa ingxenye yembondela ingashintsha futhi nakanjani izoshintsha njalo - amanethiwekhi amasha azokwengezwa noma asuswe, imishini emisha izovela futhi emidala izoshintsha. fa. Futhi njengoba ukhumbula encazelweni yefu enikezwe ekuqaleni kwe-athikili, izinsiza kufanele zabelwe umsebenzisi ngokuzenzakalelayo futhi okungenani (noma okungcono, ngaphandle) kokungenelela okuvela kumnikezeli wesevisi. Okusho ukuthi, uhlobo lokuhlinzekwa kwezinsiza zenethiwekhi manje ezikhona ngesimo se-front-end ngendlela ye-akhawunti yakho yomuntu siqu efinyeleleka nge-http / https kanye nonjiniyela wenethiwekhi osemsebenzini uVasily njenge-backend akuyona ifu, ngisho uma uVasily enezandla eziyisishiyagalombili.
I-Neutron, njengesevisi yenethiwekhi, inikeza i-API yokuphatha ingxenye yenethiwekhi yengqalasizinda yamafu. Isevisi inika amandla futhi ilawule ingxenye yenethiwekhi ye-Openstack ngokunikeza isendlalelo sokususa esibizwa ngokuthi i-Network-as-a-Service (NaaS). Okusho ukuthi, inethiwekhi iyiyunithi efanayo elinganisekayo, ngokwesibonelo, ama-virtual CPU cores noma inani le-RAM.
Kodwa ngaphambi kokudlulela ekwakhiweni kwengxenye yenethiwekhi ye-OpenStack, ake sicabangele ukuthi le nethiwekhi isebenza kanjani ku-OpenStack nokuthi kungani inethiwekhi iyingxenye ebalulekile nebalulekile yefu.
Ngakho-ke sinama-VM amabili eklayenti RED kanye nama-VM amabili eklayenti ELILUHLAZA. Ake sicabange ukuthi le mishini itholakala kuma-hypervisors amabili ngale ndlela:
Okwamanje, lokhu kumane kuyi-virtualization yamaseva angu-4 futhi akukho okunye, kusukela kuze kube manje konke esikwenzile ukwenza amaseva angu-4, ukuwabeka kumaseva amabili angokwenyama. Futhi kuze kube manje abaxhunyiwe ngisho kunethiwekhi.
Ukwenza ifu, sidinga ukungeza izingxenye ezimbalwa. Okokuqala, sibona ingxenye yenethiwekhi - sidinga ukuxhuma le mishini emi-4 ngababili, futhi amaklayenti afuna uxhumano lwe-L2. Ungasebenzisa inkinobho futhi ulungiselele i-trunk ekuqondeni kwayo futhi uxazulule yonke into usebenzisa ibhuloho le-linux noma, kubasebenzisi abathuthuke kakhulu, i-openvswitch (sizobuyela kulokhu kamuva). Kodwa kungase kube namanethiwekhi amaningi, futhi ukusunduza njalo i-L2 ngokushintsha akuwona umqondo omuhle kakhulu - kuneminyango ehlukene, ideskithophu yesevisi, izinyanga zokulinda ukuthi isicelo sigcwaliswe, amasonto okuxazulula izinkinga - emhlabeni wanamuhla lokhu. indlela ayisasebenzi. Futhi uma inkampani isheshe ikuqonda lokhu, kuba lula ukuthi iqhubekele phambili. Ngakho-ke, phakathi kwama-hypervisors sizokhetha inethiwekhi ye-L3 lapho imishini yethu ebonakalayo izoxhumana khona, futhi ngaphezu kwale nethiwekhi ye-L3 sizokwakha amanethiwekhi wokumbondelana we-L2 lapho ithrafikhi yemishini yethu ebonakalayo izosebenza. Ungasebenzisa i-GRE, i-Geneve noma i-VxLAN njenge-encapsulation. Ake sigxile kokugcina okwamanje, nakuba kungabalulekile kakhulu.
Kudingeka sithole i-VTEP endaweni ethile (ngithemba ukuthi wonke umuntu ujwayelene namagama e-VxLAN). Njengoba sinenethiwekhi ye-L3 evela ngokuqondile kumaseva, akukho okusivimbelayo ekubekeni i-VTEP kumaseva ngokwawo, futhi i-OVS (OpenvSwitch) inhle kakhulu ekwenzeni lokhu. Ngenxa yalokho, sithole lo mklamo:
Njengoba ithrafikhi phakathi kwama-VM kufanele ihlukaniswe, izimbobo eziya emishinini ebonakalayo zizoba nezinombolo ezihlukile ze-vlan. Inombolo yethegi idlala indima kuphela ekushintsheni okukodwa okubonakalayo, njengoba uma ihlanganiswe ku-VxLAN singayisusa kalula, njengoba sizoba ne-VNI.
Manje sesingawadalela imishini yethu namanethiwekhi abonakalayo ngaphandle kwezinkinga.
Nokho, kuthiwani uma iklayenti linomunye umshini, kodwa likunethiwekhi ehlukile? Sidinga i-rooting phakathi kwamanethiwekhi. Sizobheka inketho elula lapho kusetshenziswa umzila ophakathi nendawo - okungukuthi, ithrafikhi ihanjiswa ngamanode enethiwekhi akhethekile (kahle, njengomthetho, ahlanganiswe namanodi okulawula, ngakho-ke sizoba nento efanayo).
Kubonakala sengathi akukho okuyinkimbinkimbi - senza isixhumi esibonakalayo sebhuloho endaweni yokulawula, sishayele ithrafikhi siye kuyo futhi sisuka lapho siyihambisa lapho siyidinga khona. Kodwa inkinga ukuthi iklayenti RED lifuna ukusebenzisa inethiwekhi 10.0.0.0/24, futhi iklayenti GREEN ufuna ukusebenzisa inethiwekhi 10.0.0.0/24. Okusho ukuthi, siqala ukuphambana nezikhala zamakheli. Ukwengeza, amaklayenti awafuni amanye amaklayenti akwazi ukungena kumanethiwekhi awo angaphakathi, okunengqondo. Ukuze sihlukanise amanethiwekhi nethrafikhi yedatha yeklayenti, sizokwabela indawo yamagama ehlukile ngayinye yazo. I-Namespace empeleni iyikhophi yesitaki senethiwekhi ye-Linux, okungukuthi, amakhasimende asendaweni yegama RED ahlukaniswe ngokuphelele kumakhasimende endaweni yegama GREEN (kahle, ukuzulazula phakathi kwalawa manethiwekhi eklayenti kuvunyelwe endaweni yamagama ezenzakalelayo noma ezintweni zokuhamba ezihamba phezulu).
Okungukuthi, sithola umdwebo olandelayo:
Imigudu ye-L2 iyahlangana isuka kuwo wonke ama-node ekhompyutha iye endaweni yokulawula. indawo lapho isixhumi esibonakalayo se-L3 salawa manethiwekhi sitholakala khona, ngalinye lisendaweni yegama elizinikele ukuze lizihlukanise.
Nokho, sakhohlwa into ebaluleke kakhulu. Umshini we-virtual kufanele unikeze isevisi iklayenti, okungukuthi, kufanele ube nesixhumi esibonakalayo sangaphandle okungenani esisodwa esingafinyelelwa ngaso. Okusho ukuthi, sidinga ukuphuma siye ezweni langaphandle. Kunezinketho ezahlukene lapha. Asenze inketho elula kakhulu. Sizongeza inethiwekhi eyodwa kuklayenti ngalinye, ezosebenza kunethiwekhi yomhlinzeki futhi ngeke idlulele kwamanye amanethiwekhi. Amanethiwekhi angaphinde ahlangane futhi abheke ama-VRF ahlukene ohlangothini lwenethiwekhi yabahlinzeki. Idatha yenethiwekhi izophinde iphile endaweni yamagama yeklayenti ngalinye. Kodwa-ke, basazophumela ngaphandle ngokusebenzisa isixhumi esibonakalayo esisodwa (noma isibopho, esinengqondo kakhudlwana). Ukuze kuhlukaniswe ithrafikhi yeklayenti, ithrafikhi ephumela ngaphandle izomakwa ngomaka we-VLAN owabelwe iklayenti.
Ngenxa yalokho, sithole lo mdwebo:
Umbuzo onengqondo ukuthi kungani ungenzi amasango kuma-node e-compute ngokwawo? Lena akuyona inkinga enkulu; ngaphezu kwalokho, uma uvula irutha esabalalisiwe (i-DVR), lokhu kuzosebenza. Kulesi simo, sicabangela inketho elula enesango elimaphakathi, elisetshenziswa ngokuzenzakalelayo ku-Openstack. Ngemisebenzi elayisha kakhulu, bazosebenzisa kokubili irutha esabalalisiwe kanye nobuchwepheshe bokusheshisa njenge-SR-IOV ne-Passthrough, kodwa njengoba besho, leyo indaba ehluke ngokuphelele. Okokuqala, ake sibhekane nengxenye eyisisekelo, bese sizongena emininingwaneni.
Eqinisweni, uhlelo lwethu seluvele lusebenze, kepha kunama-nuances ambalwa:
- Sidinga ukuthi ngandlela thize sivikele imishini yethu, okungukuthi, sibeke isihlungi kusixhumi esibonakalayo esibheke kuklayenti.
- Yenza kube nokwenzeka ukuthi umshini we-virtual uthole ikheli lasesizindeni se-inthanethi ngokuzenzakalelayo, ukuze ungangeni kulo ngekhonsoli njalo futhi ubhalise ikheli.
Ake siqale ngokuvikela umshini. Kulokhu ungasebenzisa iptables ye-banal, kungani kungenjalo.
Okusho ukuthi, manje i-topology yethu isibe nzima kakhulu:
Asiqhubeke. Sidinga ukungeza iseva ye-DHCP. Indawo ekahle kakhulu yokuthola amaseva e-DHCP kuklayenti ngalinye kungaba indawo yokulawula esishiwo ngenhla, lapho izikhala zamagama zitholakala khona:
Nokho, kunenkinga encane. Kuthiwani uma yonke into iqala kabusha futhi lonke ulwazi olumayelana nokuqasha amakheli ku-DHCP luyanyamalala. Kunengqondo ukuthi imishini izonikezwa amakheli amasha, okungelula neze. Kunezindlela ezimbili zokuphuma lapha - noma sebenzisa amagama wesizinda bese wengeza iseva ye-DNS kuklayenti ngalinye, khona-ke ikheli ngeke libaluleke kakhulu kithi (elifana nengxenye yenethiwekhi kuma-k8s) - kodwa kunenkinga ngamanethiwekhi angaphandle, ngoba amakheli angaphinde akhishwe kuwo nge-DHCP - udinga ukuvumelanisa namaseva e-DNS endaweni yesikhulumi samafu kanye neseva yangaphandle ye-DNS, ngokubona kwami engaguquki kakhulu, kodwa kungenzeka. Noma inketho yesibili ukusebenzisa imethadatha - okungukuthi, gcina ulwazi mayelana nekheli elikhishwe emshinini ukuze iseva ye-DHCP yazi ukuthi yiliphi ikheli okufanele likhishwe emshinini uma umshini usulitholile ikheli. Inketho yesibili ilula futhi ivumelana nezimo, njengoba ikuvumela ukuthi ulondoloze ulwazi olwengeziwe mayelana nemoto. Manje ake sengeze imethadatha yomenzeli kumdwebo:
Olunye udaba okufanele futhi luxoxwe ngalo yikhono lokusebenzisa inethiwekhi eyodwa yangaphandle yiwo wonke amaklayenti, ngoba amanethiwekhi angaphandle, uma kufanele asebenze kuyo yonke inethiwekhi, azoba nzima - udinga ukwaba njalo futhi ulawule ukwabiwa kwalawa manethiwekhi. Ikhono lokusebenzisa inethiwekhi yangaphandle elungiselelwe ngaphambilini kuwo wonke amaklayenti azoba usizo kakhulu lapho udala ifu lomphakathi. Lokhu kuzokwenza kube lula ukuphakela imishini ngoba akudingekile ukuthi sibheke isizindalwazi samakheli bese sikhetha indawo ehlukile yekheli yenethiwekhi yangaphandle yeklayenti ngalinye. Ukwengeza, singakwazi ukubhalisa inethiwekhi yangaphandle kusengaphambili futhi ngesikhathi sokuthunyelwa sizodinga kuphela ukuhlobanisa amakheli angaphandle nemishini yamakhasimende.
Futhi lapha i-NAT izosisiza - sizokwenza ukuthi amaklayenti akwazi ukufinyelela emhlabeni wangaphandle ngokusebenzisa indawo yamagama ezenzakalelayo kusetshenziswa ukuhumusha kwe-NAT. Hhayi-ke, nansi inkinga encane. Lokhu kuhle uma iseva yeklayenti isebenza njengeklayenti hhayi njengeseva - okungukuthi, iqala kunokuba yamukele ukuxhumana. Kodwa kithina kuzoba ngenye indlela. Kulesi simo, sidinga ukwenza i-NAT okuyiwa kuyo ukuze lapho sithola ithrafikhi, indawo yokulawula iqonde ukuthi le thrafikhi ihloselwe umshini obonakalayo A weklayenti A, okusho ukuthi sidinga ukwenza ukuhumusha kwe-NAT kusuka ekhelini langaphandle, isibonelo 100.1.1.1 .10.0.0.1, ekhelini langaphakathi 100. Kulesi simo, nakuba wonke amaklayenti azosebenzisa inethiwekhi efanayo, ukuhlukaniswa kwangaphakathi kugcinwa ngokuphelele. Okusho ukuthi, sidinga ukwenza i-dNAT ne-sNAT endaweni yokulawula. Ukuthi usebenzise inethiwekhi eyodwa enamakheli antantayo noma amanethiwekhi angaphandle, noma kokubili ngesikhathi esisodwa, kuncike kulokho ofuna ukukuletha emafini. Ngeke sengeze amakheli antantayo kumdwebo, kodwa sizoshiya amanethiwekhi angaphandle asevele engezwe ngaphambili - iklayenti ngalinye linenethiwekhi yalo yangaphandle (kumdwebo akhonjiswe njenge-vlan 200 kanye ne-XNUMX ku-interface yangaphandle).
Ngenxa yalokho, sithole isixazululo esithakazelisayo futhi ngesikhathi esifanayo esicatshangelwe kahle, esinokuguquguquka okuthile kodwa esingakabi nazo izindlela zokubekezelela amaphutha.
Okokuqala, sinenodi yokulawula eyodwa kuphela - ukwehluleka kwayo kuzoholela ekuweni kwazo zonke izinhlelo. Ukuze ulungise le nkinga, udinga ukwenza okungenani ikhoramu yamanodi angu-3. Ake sengeze lokhu kumdwebo:
Ngokwemvelo, wonke ama-node ayavumelaniswa futhi lapho i-node esebenzayo ihamba, enye i-node izothatha imithwalo yemfanelo yayo.
Inkinga elandelayo ama-virtual machine disks. Okwamanje, zigcinwa kuma-hypervisors ngokwazo, futhi uma kunezinkinga nge-hypervisor, silahlekelwa yonke idatha - futhi ukutholakala kokuhlasela ngeke kusize lapha uma silahlekelwa idiski, kodwa iseva yonke. Ukuze senze lokhu, sidinga ukwenza isevisi ezosebenza njengesiphetho sangaphambili sohlobo oluthile lwesitoreji. Okuzoba luhlobo luni lwesitoreji akubalulekile kithi, kodwa kufanele kuvikele idatha yethu ekuhlulekeni kokubili kwediski kanye ne-node, futhi mhlawumbe nekhabhinethi yonke. Kunezinketho ezimbalwa lapha - kukhona, yiqiniso, amanethiwekhi e-SAN ane-Fiber Channel, kodwa ake sithembeke - i-FC isivele iyingxenye yesikhathi esidlule - i-analogue ye-E1 kwezokuthutha - yebo, ngiyavuma, isasetshenziswa, kodwa kuphela lapho kungenakwenzeka khona ngokuphelele ngaphandle kwayo. Ngakho-ke, ngeke ngithumele ngokuzithandela inethiwekhi ye-FC ngo-2020, ngazi ukuthi kukhona ezinye izindlela ezithakazelisayo. Nakuba kulowo nalowo eyakhe, kungase kube khona labo abakholelwa ukuthi i-FC nakho konke ukulinganiselwa kwayo yikho konke esikudingayo - ngeke ngiphikise, wonke umuntu unombono wakhe. Kodwa-ke, isixazululo esithakazelisa kakhulu ngombono wami ukusebenzisa i-SDS, njenge-Ceph.
I-Ceph ikuvumela ukuthi wakhe isisombululo esitholakala kakhulu sokugcinwa kwedatha ngenqwaba yezinketho zokulondoloza okungenzeka, ngokuqala ngamakhodi anokuhlola ukulinganisa (okufana nokuhlasela okungu-5 noma okungu-6) okugcina ngokuphindaphinda idatha egcwele kumadiski ahlukene, kucatshangelwa indawo yamadiski ku- amaseva, namaseva emakhabetheni, njll.
Ukuze wakhe i-Ceph udinga amanye ama-node angu-3. Ukusebenzisana nesitoreji kuzophinde kwenziwe ngenethiwekhi kusetshenziswa i-block, into kanye nezinsizakalo zokugcina ifayela. Masingeze isitoreji ku-schema:
Qaphela: ungenza futhi i-hyperconverged compute nodes - lona umqondo wokuhlanganisa imisebenzi eminingana endaweni eyodwa - isibonelo, isitoreji + compute - ngaphandle kokunikezela ama-node akhethekile okugcinwa kwe-ceph. Sizothola uhlelo olufanayo lokubekezelela amaphutha - njengoba i-SDS izogcina idatha nezinga lokubhuka esilicacisayo. Kodwa-ke, ama-hyperconverged node ahlala ewukuyekethisa - njengoba indawo yokugcina ayigcini nje ukushisa umoya njengoba ibonakala ekuqaleni (njengoba ingekho imishini ebonakalayo kuyo) - isebenzisa izinsiza ze-CPU ekuhlinzekeni i-SDS (empeleni, yenza konke. ukuphindaphinda nokululama ngemuva kokwehluleka kwama-node, amadiski, njll.). Okusho ukuthi, uzolahlekelwa amandla athile e-compute node uma uyihlanganisa nesitoreji.
Zonke lezi zinto zidinga ukuphathwa ngandlela thize - sidinga okuthile esingakha ngakho umshini, inethiwekhi, irutha ebonakalayo, njll. Ukuze senze lokhu, sizokwengeza isevisi endaweni yokulawula ezosebenza njengedeshibhodi - the iklayenti lizokwazi ukuxhuma kule ngosi nge-http/ https futhi lenze konke elikudingayo (kahle, cishe).
Ngenxa yalokho, manje sinesistimu yokubekezelela amaphutha. Zonke izingxenye zale ngqalasizinda kumele ziphathwe ngandlela thize. Phambilini bekuchazwe ukuthi i-Openstack iyiqoqo lamaphrojekthi, ngalinye elihlinzeka ngomsebenzi othile. Njengoba sibona, kunezinto ezingaphezu kokwanele ezidinga ukumiswa nokulawulwa. Namuhla sizokhuluma ngengxenye yenethiwekhi.
I-Neutron Architecture
Ku-OpenStack, yi-Neutron enesibopho sokuxhuma izimbobo zemishini ebonakalayo kunethiwekhi evamile ye-L2, iqinisekise umzila wethrafikhi phakathi kwama-VM atholakala kumanethiwekhi ahlukene e-L2, kanye nemizila yangaphandle, ehlinzeka ngezinsizakalo ezifana ne-NAT, Floating IP, DHCP, njll.
Ezingeni eliphezulu, ukusebenza kwesevisi yenethiwekhi (ingxenye eyisisekelo) kungachazwa kanje.
Lapho uqala i-VM, isevisi yenethiwekhi:
- Idala imbobo ye-VM enikeziwe (noma izimbobo) futhi yazise isevisi ye-DHCP ngayo;
- Kudalwe idivayisi entsha yenethiwekhi ebonakalayo (nge-libvirt);
- I-VM ixhuma kwi(izi)mbobo edalwe esinyathelweni 1;
Okuxakayo ukuthi, umsebenzi we-Neutron usekelwe ezindleleni ezijwayelekile ezijwayelekile kuwo wonke umuntu owake wacwila ku-Linux - izikhala zamagama, ama-iptables, amabhuloho e-linux, i-openvswitch, i-conntrack, njll.
Kufanele kucaciswe ngokushesha ukuthi iNeutron ayisona isilawuli se-SDN.
I-Neutron iqukethe izingxenye eziningana ezixhumene:
Iseva ye-Openstack-neutron i-daemon esebenza nezicelo zabasebenzisi nge-API. Leli dimoni alibandakanyeki ekubhaliseni noma yikuphi ukuxhumana kwenethiwekhi, kodwa linikeza ulwazi oludingekayo lwalokhu kuma-plugin alo, abese elungiselela isici senethiwekhi esifiswayo. Ama-agent e-Neutron kumanodi e-OpenStack abhalisa neseva ye-Neutron.
I-Neutron-server empeleni uhlelo lokusebenza olubhalwe ku-python, oluhlanganisa izingxenye ezimbili:
- Isevisi ye-REST
- I-Plugin ye-Neutron (core/service)
Isevisi ye-REST yakhelwe ukuthola amakholi we-API asuka kwezinye izingxenye (isibonelo, isicelo sokuhlinzeka ngolwazi oluthile, njll.)
Ama-plugin ayizingxenye zesofthiwe ye-plug-in/amamojula abizwa ngesikhathi sezicelo ze-API - okungukuthi, ukuvezwa kwesevisi kwenzeka ngawo. Ama-plugin ahlukaniswe abe izinhlobo ezimbili - isevisi nezimpande. Njengomthetho, i-plugin yehhashi inesibopho ngokuyinhloko sokuphatha isikhala sekheli kanye nokuxhumeka kwe-L2 phakathi kwama-VM, nama-plugin wesevisi asevele ehlinzeka ngokusebenza okwengeziwe okufana ne-VPN noma i-FW.
Uhlu lwama-plugin atholakalayo namuhla lungabukwa ngokwesibonelo
Kungaba nama-plugin wesevisi amaningana, kodwa kungaba khona i-plugin yehhashi elilodwa kuphela.
I-Openstack-neutron-ml2 iyi-plugin yempande ye-Openstack ejwayelekile. Le plugin inokwakheka kwemodular (ngokungafani neyandulelayo) futhi ilungiselela isevisi yenethiwekhi ngamashayeli axhunywe kuyo. Sizobheka i-plugin ngokwayo ngokuhamba kwesikhathi, njengoba empeleni inikeza ukuguquguquka okukhona kwe-OpenStack engxenyeni yenethiwekhi. I-plugin yezimpande ingashintshwa (isibonelo, I-Contrail Networking yenza okunye esikhundleni).
Isevisi ye-RPC (i-rabbitmq-server) — isevisi ehlinzeka ngokuphathwa kolayini nokusebenzisana nezinye izinsiza ze-OpenStack, kanye nokusebenzisana phakathi kwama-ejenti wesevisi yenethiwekhi.
Abenzeli benethiwekhi - ama-ejenti atholakala endaweni ngayinye, lapho izinsiza zenethiwekhi zilungiswa khona.
Kunezinhlobo eziningana zama-ejenti.
I-ejenti eyinhloko I-ejenti ye-L2. Lawa ma-ejenti asebenza ku-hypervisors ngayinye, kufaka phakathi ama-node okulawula (ngokunembile, kuwo wonke ama-node ahlinzeka nganoma iyiphi isevisi kubaqashi) futhi umsebenzi wabo oyinhloko ukuxhuma imishini ebonakalayo kunethiwekhi evamile ye-L2, futhi iphinde ikhiqize izexwayiso lapho noma yiziphi izenzakalo zenzeka ( isibonelo vala/vumela imbobo).
Okulandelayo, i-ejenti engabalulekile kangako I-ejenti ye-L3. Ngokuzenzakalelayo, lo menzeli usebenza ngokukhethekile endaweni yenethiwekhi (ngokuvamile indawo yenethiwekhi ihlanganiswa nenodi yokulawula) futhi inikeza umzila phakathi kwamanethiwekhi abaqashile (kokubili phakathi kwamanethiwekhi ayo kanye namanethiwekhi abanye abaqashi, futhi ifinyeleleka emhlabeni wangaphandle, ngokuhlinzeka NAT, kanye nesevisi ye-DHCP). Kodwa-ke, uma usebenzisa i-DVR (irutha esabalalisiwe), isidingo se-plugin ye-L3 siphinde sivele kumanodi ekhompiyutha.
I-ejenti ye-L3 isebenzisa izikhala zamagama ze-Linux ukuze inikeze isiqashi ngasinye isethi yamanethiwekhi ayo angawodwa kanye nokusebenza kwamarutha abonakalayo ahambisa ithrafikhi futhi anikeze izinsiza zesango lamanethiwekhi Osendlalelo 2.
Database - isizindalwazi sezihlonzi zamanethiwekhi, ama-subnet, amachweba, amachibi, njll.
Eqinisweni, iNeutron yamukela izicelo ze-API kusukela ekudalweni kwanoma yiziphi izinhlangano zenethiwekhi, iqinisekisa isicelo, futhi nge-RPC (uma ifinyelela i-plugin ethile noma i-ejenti) noma i-REST API (uma ixhumana nge-SDN) idlulisela kuma-ejenti (ngama-plugin) the imiyalelo edingekayo ukuze uhlele isevisi eceliwe.
Manje ake siphendukele ekufakweni kokuhlola (indlela esetshenziswa ngayo nokuthi yini efakiwe kukho, sizobona kamuva engxenyeni esebenzayo) futhi sibone ukuthi ingxenye ngayinye itholakala kuphi:
(overcloud) [stack@undercloud ~]$ openstack network agent list
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
| 10495de9-ba4b-41fe-b30a-b90ec3f8728b | Open vSwitch agent | overcloud-novacompute-1.localdomain | None | :-) | UP | neutron-openvswitch-agent |
| 1515ad4a-5972-46c3-af5f-e5446dff7ac7 | L3 agent | overcloud-controller-0.localdomain | nova | :-) | UP | neutron-l3-agent |
| 322e62ca-1e5a-479e-9a96-4f26d09abdd7 | DHCP agent | overcloud-controller-0.localdomain | nova | :-) | UP | neutron-dhcp-agent |
| 9c1de2f9-bac5-400e-998d-4360f04fc533 | Open vSwitch agent | overcloud-novacompute-0.localdomain | None | :-) | UP | neutron-openvswitch-agent |
| d99c5657-851e-4d3c-bef6-f1e3bb1acfb0 | Open vSwitch agent | overcloud-controller-0.localdomain | None | :-) | UP | neutron-openvswitch-agent |
| ff85fae6-5543-45fb-a301-19c57b62d836 | Metadata agent | overcloud-controller-0.localdomain | None | :-) | UP | neutron-metadata-agent |
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
(overcloud) [stack@undercloud ~]$
Empeleni, leso yiso sonke isakhiwo se-Neutron. Manje kufanelekile ukuchitha isikhathi esithile ku-plugin ye-ML2.
I-Modular Layer 2
Njengoba kushiwo ngenhla, i-plugin iyi-plugin yempande ye-OpenStack ejwayelekile futhi inokwakheka kwe-modular.
Umanduleli we-plugin ye-ML2 wayenesakhiwo se-monolithic, esasingavumeli, isibonelo, ukusebenzisa inhlanganisela yobuchwepheshe obuningi ekufakweni okukodwa. Isibonelo, awukwazanga ukusebenzisa kokubili i-openvswitch ne-linuxbridge ngesikhathi esisodwa - kungaba eyokuqala noma yesibili. Ngalesi sizathu, i-plugin ye-ML2 enezakhiwo zayo yakhiwe.
I-ML2 inezingxenye ezimbili - izinhlobo ezimbili zabashayeli: Izishayeli zohlobo nezishayeli zeMechanism.
Thayipha abashayeli nquma ubuchwepheshe obuzosetshenziswa ukuhlela ukuxhumana kwenethiwekhi, isibonelo i-VxLAN, VLAN, GRE. Ngesikhathi esifanayo, umshayeli uvumela ukusetshenziswa kobuchwepheshe obuhlukene. Ubuchwepheshe obujwayelekile i-VxLAN encapsulation yamanethiwekhi ambondelanayo kanye namanethiwekhi angaphandle we-vlan.
Izishayeli zohlobo zihlanganisa izinhlobo zenethiwekhi ezilandelayo:
Flat - inethiwekhi ngaphandle kokumaka
IVLAN - inethiwekhi emakiwe
Local — uhlobo olukhethekile lwenethiwekhi lokufakwa konke-kokukodwa (ukufakwa okunjalo kuyadingeka konjiniyela noma ukuqeqeshwa)
GRE - mboza inethiwekhi usebenzisa imigudu ye-GRE
I-VxLAN — mboza inethiwekhi usebenzisa imigudu ye-VxLAN
Abashayeli bemishini chaza amathuluzi aqinisekisa ukuhlelwa kobuchwepheshe obucaciswe kumshayeli wohlobo - isibonelo, i-openvswitch, i-sr-iov, i-opendaylight, i-OVN, njll.
Kuye ngokuqaliswa kwalo mshayeli, ama-agent alawulwa yi-Neutron azosetshenziswa, noma ukuxhumeka kusilawuli sangaphandle se-SDN kuzosetshenziswa, esinakekela zonke izindaba ezihlobene nokuhlela amanethiwekhi e-L2, umzila, njll.
Isibonelo: uma sisebenzisa i-ML2 kanye ne-OVS, kusho ukuthi i-ejenti ye-L2 ifakwa endaweni ngayinye yekhompyutha elawula i-OVS. Kodwa-ke, uma sisebenzisa, isibonelo, i-OVN noma i-OpenDayLight, khona-ke ukulawulwa kwe-OVS kungena ngaphansi kwamandla abo - i-Neutron, ngokusebenzisa i-plugin yezimpande, inikeza imiyalo kumlawuli, futhi isivele yenza lokho ekutsheliwe.
Masixubhe ku-Open vSwitch
Okwamanje, enye yezingxenye ezibalulekile ze-OpenStack i-Open vSwitch.
Lapho ufaka i-OpenStack ngaphandle kwanoma yimuphi umthengisi owengeziwe we-SDN njengeJuniper Contrail noma iNokia Nuage, i-OVS iyingxenye yenethiwekhi eyinhloko yenethiwekhi yamafu futhi, kanye nama-iptables, contrack, izikhala zamagama, ikuvumela ukuthi uhlele amanethiwekhi okumbondelana wokuqasha amaningi agcwele ngokugcwele. Ngokwemvelo, le ngxenye ingashintshwa, isibonelo, uma usebenzisa izixazululo ze-SDN zobunikazi benkampani yangaphandle (umthengisi).
I-OVS iyiswishi yesofthiwe yomthombo ovulekile eyenzelwe ukusetshenziswa ezindaweni ezibonwayo njengesidluliseli esibonakalayo sethrafikhi.
Okwamanje, i-OVS inokusebenza okuhle kakhulu, okubandakanya ubuchwepheshe obufana neQoS, LACP, VLAN, VxLAN, GENEVE, OpenFlow, DPDK, njll.
Qaphela: I-OVS ayizange iqanjwe njengeswishi ethambile yemisebenzi ye-telecom elayishwe kakhulu futhi yayiklanyelwe imisebenzi ye-IT edinga umkhawulokudonsa omncane njengeseva ye-WEB noma iseva yemeyili. Kodwa-ke, i-OVS ithuthukiswa ngokuqhubekayo futhi ukuqaliswa kwamanje kwe-OVS kuye kwathuthukisa kakhulu ukusebenza kwayo namandla, okuvumela ukuthi isetshenziswe opharetha be-telecom abanemisebenzi elayishwe kakhulu, isibonelo, kukhona ukuqaliswa kwe-OVS ngokusekelwa kwe-DPDK ukusheshisa.
Kunezingxenye ezintathu ezibalulekile ze-OVS okudingeka uziqaphele:
- Imojuli ye-Kernel - ingxenye etholakala endaweni ye-kernel ecubungula ithrafikhi ngokusekelwe emithethweni etholwe kusici sokulawula;
- vShintsha I-daemon (ovs-vswitchd) inqubo eyethulwe esikhaleni somsebenzisi enesibopho sokuhlela imojula ye-kernel - okungukuthi, imele ngokuqondile ukucabanga kokusebenza kweswishi.
- Iseva yesizindalwazi - i-database yendawo etholakala kumsingathi ngamunye osebenzisa i-OVS, lapho kugcinwa khona ukucushwa. Izilawuli ze-SDN zingakwazi ukuxhumana ngale mojula zisebenzisa iphrothokholi ye-OVSDB.
Konke lokhu kuhambisana nesethi yezinsiza zokuxilonga nokuphatha, njenge-ovs-vsctl, ovs-appctl, ovs-ofctl, njll.
Njengamanje, i-Openstack isetshenziswa kakhulu opharetha bezokuxhumana ukuze bathuthele kuyo imisebenzi yenethiwekhi, njenge-EPC, SBC, HLR, njll. Eminye imisebenzi ingaphila ngaphandle kwezinkinga nge-OVS njengoba injalo, kodwa ngokwesibonelo, i-EPC icubungula ithrafikhi yababhalisile - bese idlula. inani elikhulu lethrafikhi (manje imiqulu yethrafikhi ifinyelela kumakhulu amaningana amagigabhithi ngomzuzwana). Ngokwemvelo, ukushayela ithrafikhi enjalo endaweni ye-kernel (njengoba umdluliseli etholakala lapho ngokuzenzakalelayo) akuwona umqondo omuhle kakhulu. Ngakho-ke, i-OVS ivamise ukuthunyelwa ngokuphelele endaweni yomsebenzisi kusetshenziswa ubuchwepheshe bokusheshisa i-DPDK ukudlulisa ithrafikhi kusuka ku-NIC kuya endaweni yomsebenzisi ngokudlula i-kernel.
Qaphela: efwini eliphakelwe imisebenzi ye-telecom, kungenzeka ukukhipha ithrafikhi kusuka ku-compute node edlula i-OVS ngqo ekushintsheni okokusebenza. Izindlela ze-SR-IOV kanye ne-Passthrough zisetshenziselwa le njongo.
Lokhu kusebenza kanjani esakhiweni sangempela?
Hhayi-ke, manje ake siqhubekele engxenyeni engokoqobo futhi sibone ukuthi konke kusebenza kanjani ekusebenzeni.
Okokuqala, ake sisebenzise ukufakwa okulula kwe-Openstack. Njengoba ngingenalo isethi yamaseva eseduze ukuze ngihlole, sizohlanganisa i-prototype kuseva eyodwa ebonakalayo emishinini ebonakalayo. Yebo, ngokwemvelo, isisombululo esinjalo asifanele izinhloso zokuhweba, kodwa ukubona isibonelo sendlela inethiwekhi esebenza ngayo ku-Openstack, ukufakwa okunjalo kwanele emehlweni. Ngaphezu kwalokho, ukufakwa okunjalo kuyathakazelisa nakakhulu ngezinjongo zokuqeqesha - njengoba ungakwazi ukubamba ithrafikhi, njll.
Njengoba sidinga kuphela ukubona ingxenye eyisisekelo, asikwazi ukusebenzisa amanethiwekhi amaningana kodwa siphakamise yonke into sisebenzisa amanethiwekhi amabili kuphela, futhi inethiwekhi yesibili kulesi sakhiwo izosetshenziselwa kuphela ukufinyelela i-undercloud kanye neseva ye-DNS. Ngeke sithinte amanethiwekhi angaphandle okwamanje - lesi yisihloko sendatshana enkulu ehlukile.
Ngakho, ake siqale ngokulandelana. Okokuqala, ithiyori encane. Sizofaka i-Openstack sisebenzisa i-TripleO (Openstack ku-Openstack). Ingqikithi ye-TripleO ukuthi sifaka i-Openstack yonke-in-one (okungukuthi, endaweni eyodwa), ebizwa ngokuthi i-undercloud, bese sisebenzisa amakhono e-Openstack esetshenzisiwe ukufaka i-Openstack ehloselwe ukusebenza, ebizwa ngokuthi i-overcloud. I-Undercloud izosebenzisa ikhono layo lemvelo lokuphatha amaseva angokwenyama (insimbi engenalutho) - iphrojekthi ye-Ironic - ukuhlinzeka ngama-hypervisors azokwenza izindima zokubala, ukulawula, izindawo zokugcina. Okusho ukuthi, asisebenzisi noma yimaphi amathuluzi ezinkampani zangaphandle ukuze sikhiphe i-Openstack - sisebenzisa i-Openstack sisebenzisa i-Openstack. Kuzocaca kakhulu njengoba ukufakwa kuqhubeka, ngakho-ke ngeke sime lapho futhi siye phambili.
Qaphela: Kulesi sihloko, ngenxa yokwenza lula, angizange ngisebenzise ukuhlukaniswa kwenethiwekhi kumanethiwekhi angaphakathi e-Openstack, kodwa yonke into isetshenziswa kusetshenziswa inethiwekhi eyodwa kuphela. Kodwa-ke, ukuba khona noma ukungabikho kokuhlukaniswa kwenethiwekhi akuthinti ukusebenza okuyisisekelo kwesixazululo - konke kuzosebenza ngokufana ncamashi nalapho usebenzisa ukuhlukaniswa, kodwa ithrafikhi izogeleza kunethiwekhi efanayo. Ukufakwa kwezentengiso, ngokwemvelo kuyadingeka ukusebenzisa i-isolation usebenzisa ama-vlans ahlukene kanye nezindawo zokusebenzelana. Isibonelo, ithrafikhi yokuphathwa kwesitoreji se-ceph kanye nethrafikhi yedatha ngokwayo (ukufinyelela komshini kumadiski, njll.) lapho uhlukanisiwe sebenzisa ama-subnet ahlukene (Ukuphathwa Kwesitoreji kanye Nesitoreji) futhi lokhu kukuvumela ukuthi wenze isisombululo sibekezelele amaphutha ngokuhlukanisa le thrafikhi, isibonelo. , kuzo zonke izimbobo ezihlukene, noma ukusebenzisa amaphrofayili e-QoS ahlukene kuthrafikhi ehlukene ukuze ithrafikhi yedatha ingaminyi ukuphuma kwethrafikhi. Esimweni sethu, bazohamba kunethiwekhi efanayo futhi empeleni lokhu akusikhawuli nganoma iyiphi indlela.
Qaphela: Njengoba sizosebenzisa imishini ebonakalayo endaweni ebonakalayo esekelwe emishinini ebonakalayo, sidinga kuqala ukunika amandla ukwenziwa kwe-virtual esidlekeni.
Ungahlola ukuthi i-virtualization efakwe esidlekeni inikwe amandla noma cha kanje:
[root@hp-gen9 bormoglotx]# cat /sys/module/kvm_intel/parameters/nested N [root@hp-gen9 bormoglotx]#Uma ubona uhlamvu N, khona-ke sinika amandla ukusekelwa kwe-virtualization enesidleke ngokwanoma yimuphi umhlahlandlela owuthola kunethiwekhi, ngokwesibonelo. .
Sidinga ukuhlanganisa isekethe elandelayo emishinini ebonakalayo:
Endabeni yami, ukuxhuma imishini ebonakalayo eyingxenye yokufakwa kwesikhathi esizayo (futhi ngathola i-7 yazo, kodwa ungakwazi ukudlula nge-4 uma ungenayo izinsiza eziningi), ngisebenzise i-OpenvSwitch. Ngakha ibhuloho elilodwa le-ovs futhi ngaxhuma imishini ebonakalayo kulo ngama-port-group. Ukwenza lokhu, ngidale ifayela le-xml kanje:
[root@hp-gen9 ~]# virsh net-dumpxml ovs-network-1
<network>
<name>ovs-network-1</name>
<uuid>7a2e7de7-fc16-4e00-b1ed-4d190133af67</uuid>
<forward mode='bridge'/>
<bridge name='ovs-br1'/>
<virtualport type='openvswitch'/>
<portgroup name='trunk-1'>
<vlan trunk='yes'>
<tag id='100'/>
<tag id='101'/>
<tag id='102'/>
</vlan>
</portgroup>
<portgroup name='access-100'>
<vlan>
<tag id='100'/>
</vlan>
</portgroup>
<portgroup name='access-101'>
<vlan>
<tag id='101'/>
</vlan>
</portgroup>
</network>Amaqembu amathathu echwebeni amenyezelwa lapha - ukufinyelela okubili kanye nesiqu esisodwa (okugcina kwakudingeka kuseva ye-DNS, kodwa ungakwenza ngaphandle kwayo, noma ukuyifaka emshinini wokusingathwa - noma yikuphi okulungele wena). Okulandelayo, sisebenzisa lesi sifanekiso, simemezela ezethu nge-virsh net-define:
virsh net-define ovs-network-1.xml
virsh net-start ovs-network-1
virsh net-autostart ovs-network-1 Manje sihlela ukulungiselelwa kwembobo ye-hypervisor:
[root@hp-gen9 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens1f0
TYPE=Ethernet
NAME=ens1f0
DEVICE=ens1f0
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=ovs-br1
ONBOOT=yes
OVS_OPTIONS="trunk=100,101,102"
[root@hp-gen9 ~]
[root@hp-gen9 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ovs-br1
DEVICE=ovs-br1
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.255.200
PREFIX=24
[root@hp-gen9 ~]# Qaphela: kulesi simo, ikheli ku-port ovs-br1 ngeke lifinyeleleke ngoba alinawo umaka we-vlan. Ukuze ulungise lokhu, udinga ukukhipha umyalo othi sudo ovs-vsctl set port ovs-br1 tag=100. Kodwa-ke, ngemva kokuqaliswa kabusha, le thegi izonyamalala (uma noma ubani azi ukuthi angayenza kanjani ukuthi ihlale endaweni, ngizobonga kakhulu). Kodwa lokhu akubalulekile kangako, ngoba sizodinga leli kheli kuphela ngesikhathi sokufakwa futhi ngeke silidinge lapho i-Openstack isetshenziswa ngokugcwele.
Okulandelayo, sakha umshini ongaphansi kwamafu:
virt-install -n undercloud --description "undercloud" --os-type=Linux --os-variant=centos7.0 --ram=8192 --vcpus=8 --disk path=/var/lib/libvirt/images/undercloud.qcow2,bus=virtio,size=40,format=qcow2 --network network:ovs-network-1,model=virtio,portgroup=access-100 --network network:ovs-network-1,model=virtio,portgroup=access-101 --graphics none --location /var/lib/libvirt/boot/CentOS-7-x86_64-Minimal-2003.iso --extra-args console=ttyS0Ngesikhathi sokufakwa, usetha wonke amapharamitha adingekayo, njengegama lomshini, amaphasiwedi, abasebenzisi, amaseva we-ntp, njll., ungamisa ngokushesha amachweba, kepha kimina mathupha, ngemuva kokufakwa, kulula ukungena emshinini ngokusebenzisa. console futhi ulungise amafayela adingekayo. Uma usuvele unesithombe esenziwe ngomumo, ungasisebenzisa, noma wenze engikwenzile - landa isithombe esincane se-Centos 7 futhi usisebenzise ukufaka i-VM.
Ngemuva kokufaka ngempumelelo, kufanele ube nomshini obonakalayo ongafaka kuwo i-undercloud
[root@hp-gen9 bormoglotx]# virsh list
Id Name State
----------------------------------------------------
6 dns-server running
62 undercloud runningOkokuqala, faka amathuluzi adingekayo ngenqubo yokufaka:
sudo yum update -y
sudo yum install -y net-tools
sudo yum install -y wget
sudo yum install -y ipmitool
Ukufakwa ngaphansi kwamafu
Sakha umsebenzisi wesitaki, setha iphasiwedi, siyengeze ku-sudoer futhi simnike amandla okusebenzisa imiyalo yezimpande nge-sudo ngaphandle kokufaka iphasiwedi:
useradd stack
passwd stack
echo “stack ALL=(root) NOPASSWD:ALL” > /etc/sudoers.d/stack
chmod 0440 /etc/sudoers.d/stackManje sicacisa igama eligcwele elingaphansi kwamafu efayeleni labasingathi:
vi /etc/hosts
127.0.0.1 undercloud.openstack.rnd localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6Okulandelayo, sengeza amakhosombe bese sifaka isofthiwe esiyidingayo:
sudo yum install -y https://trunk.rdoproject.org/centos7/current/python2-tripleo-repos-0.0.1-0.20200409224957.8bac392.el7.noarch.rpm
sudo -E tripleo-repos -b queens current
sudo -E tripleo-repos -b queens current ceph
sudo yum install -y python-tripleoclient
sudo yum install -y ceph-ansibleQaphela: uma ungahleli ukufaka i-ceph, awudingi ukufaka imiyalo ehlobene ne-ceph. Ngisebenzise ukukhululwa kwe-Queens, kodwa ungasebenzisa noma iyiphi enye oyithandayo.
Okulandelayo, kopisha ifayela lokucushwa elingaphansi kwefu kusitaki sohla lwemibhalo lwasekhaya lomsebenzisi:
cp /usr/share/instack-undercloud/undercloud.conf.sample ~/undercloud.confManje sidinga ukulungisa leli fayela, sililungise ekufakweni kwethu.
Udinga ukwengeza le migqa ekuqaleni kwefayela:
vi undercloud.conf
[DEFAULT]
undercloud_hostname = undercloud.openstack.rnd
local_ip = 192.168.255.1/24
network_gateway = 192.168.255.1
undercloud_public_host = 192.168.255.2
undercloud_admin_host = 192.168.255.3
undercloud_nameservers = 192.168.255.253
generate_service_certificate = false
local_interface = eth0
local_mtu = 1450
network_cidr = 192.168.255.0/24
masquerade = true
masquerade_network = 192.168.255.0/24
dhcp_start = 192.168.255.11
dhcp_end = 192.168.255.50
inspection_iprange = 192.168.255.51,192.168.255.100
scheduler_max_attempts = 10Ngakho-ke, ake sidlule kuzilungiselelo:
undercloud_hostname — igama eliphelele leseva ye-undercloud, kufanele lifane nokufakwa kuseva ye-DNS
local_ip - Ikheli lendawo elingaphansi kwamafu elibhekiswe ekuhlinzekeni kwenethiwekhi
network_gateway - ikheli elifanayo lendawo, elizosebenza njengesango lokufinyelela ezweni langaphandle ngesikhathi sokufakwa kwama-overcloud node, liphinde lihambisane ne-ip yendawo.
undercloud_public_host - Ikheli le-API yangaphandle, noma yiliphi ikheli lamahhala elivela kunethiwekhi yokuhlinzeka linikezwa
undercloud_admin_host ikheli langaphakathi le-API, noma yiliphi ikheli lamahhala elivela kunethiwekhi yokuhlinzeka linikezwa
undercloud_nameservers - Iseva ye-DNS
khiqiza_isitifiketi_sesevisi - lo mugqa ubaluleke kakhulu esibonelweni samanje, ngoba uma ungawubeki kumanga uzothola iphutha ngesikhathi ufaka, inkinga ichazwa ku-Red Hat bug tracker.
isixhumi esibonakalayo_sendawo isikhombimsebenzisi ekuhlinzekeni kwenethiwekhi. Lesi sikhombimsebenzisi sizohlelwa kabusha ngesikhathi sokuthunyelwa ngaphansi kwamafu, ngakho-ke udinga ukuba nezindawo ezimbili zokusebenzelana ngaphansi kwamafu - eyodwa yokuyifinyelela, eyesibili yokuhlinzeka.
local_mtu -MTU. Njengoba sinelabhorethri yokuhlola futhi ngine-MTU ye-1500 kumachweba okushintsha i-OVS, kuyadingeka ukuyibeka ku-1450 ukuze amaphakethe afakwe ku-VxLAN akwazi ukudlula.
network_cidr - inethiwekhi yokuhlinzeka
u-masquerade — usebenzisa i-NAT ukufinyelela inethiwekhi yangaphandle
imasquerade_network - inethiwekhi ezobe i-NTED
dhcp_start - ikheli lokuqala lechibi lamakheli lapho amakheli azokwabelwa khona kumanodi ngesikhathi sokuthunyelwa kwamafu
dhcp_end - ikheli lokugcina lechibi lamakheli lapho amakheli azokwabelwa khona kumanodi ngesikhathi sokuthunyelwa kwamafu
ukuhlola_iprange - iqoqo lamakheli adingekayo ukuze uzihlole (akufanele adlulelane naleli chibi elingenhla)
Imizamo_yesihleli_inkulu - inombolo enkulu yemizamo yokufaka i-overcloud (kufanele ibe nkulu noma ilingane nenani lamanodi)
Ngemuva kokuthi ifayela selichaziwe, unganikeza umyalo wokukhipha i-undercloud:
openstack undercloud install
Inqubo ithatha imizuzu eyi-10 kuye kwengama-30 kuye ngensimbi yakho. Ekugcineni kufanele ubone okukhiphayo kanje:
vi undercloud.conf
2020-08-13 23:13:12,668 INFO:
#############################################################################
Undercloud install complete.
The file containing this installation's passwords is at
/home/stack/undercloud-passwords.conf.
There is also a stackrc file at /home/stack/stackrc.
These files are needed to interact with the OpenStack services, and should be
secured.
#############################################################################Lokhu okukhiphayo kusho ukuthi ufake ngempumelelo i-undercloud futhi manje ungabheka isimo se-undercloud bese uqhubeke nokufaka i-overcloud.
Uma ubheka okukhiphayo kwe-ifconfig, uzobona ukuthi kuvele isixhumi esibonakalayo esisha sebhuloho
[stack@undercloud ~]$ ifconfig
br-ctlplane: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 192.168.255.1 netmask 255.255.255.0 broadcast 192.168.255.255
inet6 fe80::5054:ff:fe2c:89e prefixlen 64 scopeid 0x20<link>
ether 52:54:00:2c:08:9e txqueuelen 1000 (Ethernet)
RX packets 14 bytes 1095 (1.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 20 bytes 1292 (1.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0Ukuthunyelwa kwe-Overcloud manje kuzokwenziwa ngalesi sixhumi esibonakalayo.
Kusukela kokuphumayo ngezansi ungabona ukuthi sinazo zonke izinsizakalo endaweni eyodwa:
(undercloud) [stack@undercloud ~]$ openstack host list
+--------------------------+-----------+----------+
| Host Name | Service | Zone |
+--------------------------+-----------+----------+
| undercloud.openstack.rnd | conductor | internal |
| undercloud.openstack.rnd | scheduler | internal |
| undercloud.openstack.rnd | compute | nova |
+--------------------------+-----------+----------+Ngezansi ukucushwa kwengxenye yenethiwekhi engaphansi kwamafu:
(undercloud) [stack@undercloud ~]$ python -m json.tool /etc/os-net-config/config.json
{
"network_config": [
{
"addresses": [
{
"ip_netmask": "192.168.255.1/24"
}
],
"members": [
{
"dns_servers": [
"192.168.255.253"
],
"mtu": 1450,
"name": "eth0",
"primary": "true",
"type": "interface"
}
],
"mtu": 1450,
"name": "br-ctlplane",
"ovs_extra": [
"br-set-external-id br-ctlplane bridge-id br-ctlplane"
],
"routes": [],
"type": "ovs_bridge"
}
]
}
(undercloud) [stack@undercloud ~]$Ukufakwa kwamafu
Okwamanje sinefu eliphansi kuphela, futhi asinawo ama-node anele okuzoqoqwa kuwo amafu. Ngakho-ke, okokuqala, ake sisebenzise imishini ebonakalayo esiyidingayo. Ngesikhathi sokuthunyelwa, i-undercloud ngokwayo izofaka i-OS kanye nesofthiwe edingekayo emshinini we-overcloud - okungukuthi, akudingeki sikhiphe ngokuphelele umshini, kodwa sidale kuphela i-disk (noma ama-disks) kuwo futhi sinqume imingcele yayo - okungukuthi. , empeleni, sithola iseva engenalutho ngaphandle kwe-OS efakwe kuyo.
Ake siye kufolda enamadiski emishini yethu ebonakalayo futhi sakhe amadiski anosayizi odingekayo:
cd /var/lib/libvirt/images/
qemu-img create -f qcow2 -o preallocation=metadata control-1.qcow2 60G
qemu-img create -f qcow2 -o preallocation=metadata compute-1.qcow2 60G
qemu-img create -f qcow2 -o preallocation=metadata compute-2.qcow2 60G
qemu-img create -f qcow2 -o preallocation=metadata storage-1.qcow2 160G
qemu-img create -f qcow2 -o preallocation=metadata storage-2.qcow2 160GNjengoba sisebenza njengempande, sidinga ukushintsha umnikazi walawa madiski ukuze singatholi inkinga ngamalungelo:
[root@hp-gen9 images]# ls -lh
total 5.8G
drwxr-xr-x. 2 qemu qemu 4.0K Aug 13 16:15 backups
-rw-r--r--. 1 root root 61G Aug 14 03:07 compute-1.qcow2
-rw-r--r--. 1 root root 61G Aug 14 03:07 compute-2.qcow2
-rw-r--r--. 1 root root 61G Aug 14 03:07 control-1.qcow2
-rw-------. 1 qemu qemu 41G Aug 14 03:03 dns-server.qcow2
-rw-r--r--. 1 root root 161G Aug 14 03:07 storage-1.qcow2
-rw-r--r--. 1 root root 161G Aug 14 03:07 storage-2.qcow2
-rw-------. 1 qemu qemu 41G Aug 14 03:07 undercloud.qcow2
[root@hp-gen9 images]#
[root@hp-gen9 images]#
[root@hp-gen9 images]# chown qemu:qemu /var/lib/libvirt/images/*qcow2
[root@hp-gen9 images]# ls -lh
total 5.8G
drwxr-xr-x. 2 qemu qemu 4.0K Aug 13 16:15 backups
-rw-r--r--. 1 qemu qemu 61G Aug 14 03:07 compute-1.qcow2
-rw-r--r--. 1 qemu qemu 61G Aug 14 03:07 compute-2.qcow2
-rw-r--r--. 1 qemu qemu 61G Aug 14 03:07 control-1.qcow2
-rw-------. 1 qemu qemu 41G Aug 14 03:03 dns-server.qcow2
-rw-r--r--. 1 qemu qemu 161G Aug 14 03:07 storage-1.qcow2
-rw-r--r--. 1 qemu qemu 161G Aug 14 03:07 storage-2.qcow2
-rw-------. 1 qemu qemu 41G Aug 14 03:08 undercloud.qcow2
[root@hp-gen9 images]# Qaphela: uma ungahleli ukufaka i-ceph ukuze uyifunde, khona-ke imiyalo ayidali okungenani ama-node angu-3 okungenani amadiski amabili, kodwa kusifanekiso sibonisa ukuthi kuzosetshenziswa ama-virtual disks vda, vdb, njll.
Kuhle, manje sidinga ukuchaza yonke le mishini:
virt-install --name control-1 --ram 32768 --vcpus 8 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/control-1.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc --network network:ovs-network-1,model=virtio,portgroup=access-100 --network network:ovs-network-1,model=virtio,portgroup=trunk-1 --dry-run --print-xml > /tmp/control-1.xml
virt-install --name storage-1 --ram 16384 --vcpus 4 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/storage-1.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc --network network:ovs-network-1,model=virtio,portgroup=access-100 --dry-run --print-xml > /tmp/storage-1.xml
virt-install --name storage-2 --ram 16384 --vcpus 4 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/storage-2.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc --network network:ovs-network-1,model=virtio,portgroup=access-100 --dry-run --print-xml > /tmp/storage-2.xml
virt-install --name compute-1 --ram 32768 --vcpus 12 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/compute-1.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc --network network:ovs-network-1,model=virtio,portgroup=access-100 --dry-run --print-xml > /tmp/compute-1.xml
virt-install --name compute-2 --ram 32768 --vcpus 12 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/compute-2.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc --network network:ovs-network-1,model=virtio,portgroup=access-100 --dry-run --print-xml > /tmp/compute-2.xml Ekugcineni kunomyalo othi -print-xml > /tmp/storage-1.xml, odala ifayela le-xml elinencazelo yomshini ngamunye kufolda /tmp/; uma ungayengezi, ngeke ukwazi ukuhlonza imishini ebonakalayo.
Manje sidinga ukuchaza yonke le mishini ku-virsh:
virsh define --file /tmp/control-1.xml
virsh define --file /tmp/compute-1.xml
virsh define --file /tmp/compute-2.xml
virsh define --file /tmp/storage-1.xml
virsh define --file /tmp/storage-2.xml
[root@hp-gen9 ~]# virsh list --all
Id Name State
----------------------------------------------------
6 dns-server running
64 undercloud running
- compute-1 shut off
- compute-2 shut off
- control-1 shut off
- storage-1 shut off
- storage-2 shut off
[root@hp-gen9 ~]#Manje i-nuance encane - i-tripleO isebenzisa i-IPMI ukuphatha amaseva ngesikhathi sokufakwa nokuhlola.
I-Introspection iyinqubo yokuhlola i-hardware ukuze kutholwe imingcele yayo edingekayo ukuze kuqhutshekwe nokuhlinzekwa kwama-node. I-Introspection yenziwa kusetshenziswa i-ironic, isevisi eklanyelwe ukusebenza ngamaseva ensimbi angenalutho.
Kodwa nansi inkinga - kuyilapho amaseva we-hardware IPMI anechweba elihlukile (noma ichweba elihlanganyelwe, kodwa lokhu akubalulekile), khona-ke imishini ebonakalayo ayinawo amachweba anjalo. Lapha intonga ebizwa ngokuthi i-vbmc iza ukuzosisiza - insiza ekuvumela ukuthi ulingise imbobo ye-IPMI. Le nuance kufanelekile ukunaka ikakhulukazi kulabo abafuna ukumisa ilabhorethri enjalo ku-ESXI hypervisor - ukwethembeka, angazi ukuthi ine-analogue ye-vbmc, ngakho-ke kufanelekile ukuzibuza ngalolu daba ngaphambi kokuhambisa yonke into. .
Faka i-vbmc:
yum install yum install python2-virtualbmcUma i-OS yakho ingalitholi iphakheji, bese wengeza indawo yokugcina:
yum install -y https://www.rdoproject.org/repos/rdo-release.rpmManje setha uhlelo lokusebenza. Konke lapha kubanal kuze kube yihlazo. Manje kunengqondo ukuthi awekho amaseva ohlwini lwe-vbmc
[root@hp-gen9 ~]# vbmc list
[root@hp-gen9 ~]# Ukuze zivele, kufanele zimenyezelwe kanje:
[root@hp-gen9 ~]# vbmc add control-1 --port 7001 --username admin --password admin
[root@hp-gen9 ~]# vbmc add storage-1 --port 7002 --username admin --password admin
[root@hp-gen9 ~]# vbmc add storage-2 --port 7003 --username admin --password admin
[root@hp-gen9 ~]# vbmc add compute-1 --port 7004 --username admin --password admin
[root@hp-gen9 ~]# vbmc add compute-2 --port 7005 --username admin --password admin
[root@hp-gen9 ~]#
[root@hp-gen9 ~]# vbmc list
+-------------+--------+---------+------+
| Domain name | Status | Address | Port |
+-------------+--------+---------+------+
| compute-1 | down | :: | 7004 |
| compute-2 | down | :: | 7005 |
| control-1 | down | :: | 7001 |
| storage-1 | down | :: | 7002 |
| storage-2 | down | :: | 7003 |
+-------------+--------+---------+------+
[root@hp-gen9 ~]#Ngicabanga ukuthi i-syntax yomyalo icacile ngaphandle kwencazelo. Kodwa-ke, okwamanje wonke amaseshini ethu asesimweni se-DOWN. Ukuze baye esimweni se-UP, udinga ukubenza bakwazi:
[root@hp-gen9 ~]# vbmc start control-1
2020-08-14 03:15:57,826.826 13149 INFO VirtualBMC [-] Started vBMC instance for domain control-1
[root@hp-gen9 ~]# vbmc start storage-1
2020-08-14 03:15:58,316.316 13149 INFO VirtualBMC [-] Started vBMC instance for domain storage-1
[root@hp-gen9 ~]# vbmc start storage-2
2020-08-14 03:15:58,851.851 13149 INFO VirtualBMC [-] Started vBMC instance for domain storage-2
[root@hp-gen9 ~]# vbmc start compute-1
2020-08-14 03:15:59,307.307 13149 INFO VirtualBMC [-] Started vBMC instance for domain compute-1
[root@hp-gen9 ~]# vbmc start compute-2
2020-08-14 03:15:59,712.712 13149 INFO VirtualBMC [-] Started vBMC instance for domain compute-2
[root@hp-gen9 ~]#
[root@hp-gen9 ~]#
[root@hp-gen9 ~]# vbmc list
+-------------+---------+---------+------+
| Domain name | Status | Address | Port |
+-------------+---------+---------+------+
| compute-1 | running | :: | 7004 |
| compute-2 | running | :: | 7005 |
| control-1 | running | :: | 7001 |
| storage-1 | running | :: | 7002 |
| storage-2 | running | :: | 7003 |
+-------------+---------+---------+------+
[root@hp-gen9 ~]#Futhi ukuthinta kokugcina - udinga ukulungisa imithetho ye-firewall (noma uyikhubaze ngokuphelele):
firewall-cmd --zone=public --add-port=7001/udp --permanent
firewall-cmd --zone=public --add-port=7002/udp --permanent
firewall-cmd --zone=public --add-port=7003/udp --permanent
firewall-cmd --zone=public --add-port=7004/udp --permanent
firewall-cmd --zone=public --add-port=7005/udp --permanent
firewall-cmd --reload
Manje ake siye ku-undercloud futhi sihlole ukuthi yonke into iyasebenza. Ikheli lomshini wokusingathwa ngu-192.168.255.200, ku-undercloud sengeze iphakheji ye-ipmitool edingekayo ngesikhathi sokulungiselela ukuthunyelwa:
[stack@undercloud ~]$ ipmitool -I lanplus -U admin -P admin -H 192.168.255.200 -p 7001 power status
Chassis Power is off
[stack@undercloud ~]$ ipmitool -I lanplus -U admin -P admin -H 192.168.255.200 -p 7001 power on
Chassis Power Control: Up/On
[stack@undercloud ~]$
[root@hp-gen9 ~]# virsh list
Id Name State
----------------------------------------------------
6 dns-server running
64 undercloud running
65 control-1 runningNjengoba ubona, sethule ngempumelelo i-node yokulawula nge-vbmc. Manje asiyivale futhi siqhubeke:
[stack@undercloud ~]$ ipmitool -I lanplus -U admin -P admin -H 192.168.255.200 -p 7001 power off
Chassis Power Control: Down/Off
[stack@undercloud ~]$ ipmitool -I lanplus -U admin -P admin -H 192.168.255.200 -p 7001 power status
Chassis Power is off
[stack@undercloud ~]$
[root@hp-gen9 ~]# virsh list --all
Id Name State
----------------------------------------------------
6 dns-server running
64 undercloud running
- compute-1 shut off
- compute-2 shut off
- control-1 shut off
- storage-1 shut off
- storage-2 shut off
[root@hp-gen9 ~]#Isinyathelo esilandelayo ukuhlola ama-node okuzofakwa kuwo i-overcloud. Ukwenza lokhu, sidinga ukulungiselela ifayela le-json elinencazelo yamanodi ethu. Sicela uqaphele ukuthi, ngokungafani nokufakwa kumaseva angenalutho, ifayela libonisa imbobo lapho i-vbmc isebenza khona kumshini ngamunye.
[root@hp-gen9 ~]# virsh domiflist --domain control-1
Interface Type Source Model MAC
-------------------------------------------------------
- network ovs-network-1 virtio 52:54:00:20:a2:2f
- network ovs-network-1 virtio 52:54:00:3f:87:9f
[root@hp-gen9 ~]# virsh domiflist --domain compute-1
Interface Type Source Model MAC
-------------------------------------------------------
- network ovs-network-1 virtio 52:54:00:98:e9:d6
[root@hp-gen9 ~]# virsh domiflist --domain compute-2
Interface Type Source Model MAC
-------------------------------------------------------
- network ovs-network-1 virtio 52:54:00:6a:ea:be
[root@hp-gen9 ~]# virsh domiflist --domain storage-1
Interface Type Source Model MAC
-------------------------------------------------------
- network ovs-network-1 virtio 52:54:00:79:0b:cb
[root@hp-gen9 ~]# virsh domiflist --domain storage-2
Interface Type Source Model MAC
-------------------------------------------------------
- network ovs-network-1 virtio 52:54:00:a7:fe:27Qaphela: i-node yokulawula ine-interfaces ezimbili, kodwa kulokhu lokhu akubalulekile, kulokhu kufakwa okukodwa kuzokwanela.
Manje silungiselela ifayela le-json. Sidinga ukukhombisa ikheli le-poppy lechweba okuzokwenziwa ngalo ukuhlinzekwa, imingcele yama-node, sinikeze amagama futhi sibonise ukuthi ungafika kanjani ku-ipmi:
{
"nodes":[
{
"mac":[
"52:54:00:20:a2:2f"
],
"cpu":"8",
"memory":"32768",
"disk":"60",
"arch":"x86_64",
"name":"control-1",
"pm_type":"pxe_ipmitool",
"pm_user":"admin",
"pm_password":"admin",
"pm_addr":"192.168.255.200",
"pm_port":"7001"
},
{
"mac":[
"52:54:00:79:0b:cb"
],
"cpu":"4",
"memory":"16384",
"disk":"160",
"arch":"x86_64",
"name":"storage-1",
"pm_type":"pxe_ipmitool",
"pm_user":"admin",
"pm_password":"admin",
"pm_addr":"192.168.255.200",
"pm_port":"7002"
},
{
"mac":[
"52:54:00:a7:fe:27"
],
"cpu":"4",
"memory":"16384",
"disk":"160",
"arch":"x86_64",
"name":"storage-2",
"pm_type":"pxe_ipmitool",
"pm_user":"admin",
"pm_password":"admin",
"pm_addr":"192.168.255.200",
"pm_port":"7003"
},
{
"mac":[
"52:54:00:98:e9:d6"
],
"cpu":"12",
"memory":"32768",
"disk":"60",
"arch":"x86_64",
"name":"compute-1",
"pm_type":"pxe_ipmitool",
"pm_user":"admin",
"pm_password":"admin",
"pm_addr":"192.168.255.200",
"pm_port":"7004"
},
{
"mac":[
"52:54:00:6a:ea:be"
],
"cpu":"12",
"memory":"32768",
"disk":"60",
"arch":"x86_64",
"name":"compute-2",
"pm_type":"pxe_ipmitool",
"pm_user":"admin",
"pm_password":"admin",
"pm_addr":"192.168.255.200",
"pm_port":"7005"
}
]
}Manje sidinga ukulungiselela izithombe ezihlekisayo. Ukuze wenze lokhu, zilande nge-wget bese uzifaka:
(undercloud) [stack@undercloud ~]$ sudo wget https://images.rdoproject.org/queens/delorean/current-tripleo-rdo/overcloud-full.tar --no-check-certificate
(undercloud) [stack@undercloud ~]$ sudo wget https://images.rdoproject.org/queens/delorean/current-tripleo-rdo/ironic-python-agent.tar --no-check-certificate
(undercloud) [stack@undercloud ~]$ ls -lh
total 1.9G
-rw-r--r--. 1 stack stack 447M Aug 14 10:26 ironic-python-agent.tar
-rw-r--r--. 1 stack stack 1.5G Aug 14 10:26 overcloud-full.tar
-rw-------. 1 stack stack 916 Aug 13 23:10 stackrc
-rw-r--r--. 1 stack stack 15K Aug 13 22:50 undercloud.conf
-rw-------. 1 stack stack 2.0K Aug 13 22:50 undercloud-passwords.conf
(undercloud) [stack@undercloud ~]$ mkdir images/
(undercloud) [stack@undercloud ~]$ tar -xpvf ironic-python-agent.tar -C ~/images/
ironic-python-agent.initramfs
ironic-python-agent.kernel
(undercloud) [stack@undercloud ~]$ tar -xpvf overcloud-full.tar -C ~/images/
overcloud-full.qcow2
overcloud-full.initrd
overcloud-full.vmlinuz
(undercloud) [stack@undercloud ~]$
(undercloud) [stack@undercloud ~]$ ls -lh images/
total 1.9G
-rw-rw-r--. 1 stack stack 441M Aug 12 17:24 ironic-python-agent.initramfs
-rwxr-xr-x. 1 stack stack 6.5M Aug 12 17:24 ironic-python-agent.kernel
-rw-r--r--. 1 stack stack 53M Aug 12 17:14 overcloud-full.initrd
-rw-r--r--. 1 stack stack 1.4G Aug 12 17:18 overcloud-full.qcow2
-rwxr-xr-x. 1 stack stack 6.5M Aug 12 17:14 overcloud-full.vmlinuz
(undercloud) [stack@undercloud ~]$Ilayisha izithombe ngaphansi kwamafu:
(undercloud) [stack@undercloud ~]$ openstack overcloud image upload --image-path ~/images/
Image "overcloud-full-vmlinuz" was uploaded.
+--------------------------------------+------------------------+-------------+---------+--------+
| ID | Name | Disk Format | Size | Status |
+--------------------------------------+------------------------+-------------+---------+--------+
| c2553770-3e0f-4750-b46b-138855b5c385 | overcloud-full-vmlinuz | aki | 6761064 | active |
+--------------------------------------+------------------------+-------------+---------+--------+
Image "overcloud-full-initrd" was uploaded.
+--------------------------------------+-----------------------+-------------+----------+--------+
| ID | Name | Disk Format | Size | Status |
+--------------------------------------+-----------------------+-------------+----------+--------+
| 949984e0-4932-4e71-af43-d67a38c3dc89 | overcloud-full-initrd | ari | 55183045 | active |
+--------------------------------------+-----------------------+-------------+----------+--------+
Image "overcloud-full" was uploaded.
+--------------------------------------+----------------+-------------+------------+--------+
| ID | Name | Disk Format | Size | Status |
+--------------------------------------+----------------+-------------+------------+--------+
| a2f2096d-c9d7-429a-b866-c7543c02a380 | overcloud-full | qcow2 | 1487475712 | active |
+--------------------------------------+----------------+-------------+------------+--------+
Image "bm-deploy-kernel" was uploaded.
+--------------------------------------+------------------+-------------+---------+--------+
| ID | Name | Disk Format | Size | Status |
+--------------------------------------+------------------+-------------+---------+--------+
| e413aa78-e38f-404c-bbaf-93e582a8e67f | bm-deploy-kernel | aki | 6761064 | active |
+--------------------------------------+------------------+-------------+---------+--------+
Image "bm-deploy-ramdisk" was uploaded.
+--------------------------------------+-------------------+-------------+-----------+--------+
| ID | Name | Disk Format | Size | Status |
+--------------------------------------+-------------------+-------------+-----------+--------+
| 5cf3aba4-0e50-45d3-929f-27f025dd6ce3 | bm-deploy-ramdisk | ari | 461759376 | active |
+--------------------------------------+-------------------+-------------+-----------+--------+
(undercloud) [stack@undercloud ~]$Ihlola ukuthi zonke izithombe zilayishiwe
(undercloud) [stack@undercloud ~]$ openstack image list
+--------------------------------------+------------------------+--------+
| ID | Name | Status |
+--------------------------------------+------------------------+--------+
| e413aa78-e38f-404c-bbaf-93e582a8e67f | bm-deploy-kernel | active |
| 5cf3aba4-0e50-45d3-929f-27f025dd6ce3 | bm-deploy-ramdisk | active |
| a2f2096d-c9d7-429a-b866-c7543c02a380 | overcloud-full | active |
| 949984e0-4932-4e71-af43-d67a38c3dc89 | overcloud-full-initrd | active |
| c2553770-3e0f-4750-b46b-138855b5c385 | overcloud-full-vmlinuz | active |
+--------------------------------------+------------------------+--------+
(undercloud) [stack@undercloud ~]$Enye into - udinga ukwengeza iseva ye-DNS:
(undercloud) [stack@undercloud ~]$ openstack subnet list
+--------------------------------------+-----------------+--------------------------------------+------------------+
| ID | Name | Network | Subnet |
+--------------------------------------+-----------------+--------------------------------------+------------------+
| f45dea46-4066-42aa-a3c4-6f84b8120cab | ctlplane-subnet | 6ca013dc-41c2-42d8-9d69-542afad53392 | 192.168.255.0/24 |
+--------------------------------------+-----------------+--------------------------------------+------------------+
(undercloud) [stack@undercloud ~]$ openstack subnet show f45dea46-4066-42aa-a3c4-6f84b8120cab
+-------------------+-----------------------------------------------------------+
| Field | Value |
+-------------------+-----------------------------------------------------------+
| allocation_pools | 192.168.255.11-192.168.255.50 |
| cidr | 192.168.255.0/24 |
| created_at | 2020-08-13T20:10:37Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 192.168.255.1 |
| host_routes | destination='169.254.169.254/32', gateway='192.168.255.1' |
| id | f45dea46-4066-42aa-a3c4-6f84b8120cab |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | ctlplane-subnet |
| network_id | 6ca013dc-41c2-42d8-9d69-542afad53392 |
| prefix_length | None |
| project_id | a844ccfcdb2745b198dde3e1b28c40a3 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2020-08-13T20:10:37Z |
+-------------------+-----------------------------------------------------------+
(undercloud) [stack@undercloud ~]$
(undercloud) [stack@undercloud ~]$ neutron subnet-update f45dea46-4066-42aa-a3c4-6f84b8120cab --dns-nameserver 192.168.255.253
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Updated subnet: f45dea46-4066-42aa-a3c4-6f84b8120cab
(undercloud) [stack@undercloud ~]$Manje singakwazi ukunikeza umyalo wokuzihlola:
(undercloud) [stack@undercloud ~]$ openstack overcloud node import --introspect --provide inspection.json
Started Mistral Workflow tripleo.baremetal.v1.register_or_update. Execution ID: d57456a3-d8ed-479c-9a90-dff7c752d0ec
Waiting for messages on queue 'tripleo' with no timeout.
5 node(s) successfully moved to the "manageable" state.
Successfully registered node UUID b4b2cf4a-b7ca-4095-af13-cc83be21c4f5
Successfully registered node UUID b89a72a3-6bb7-429a-93bc-48393d225838
Successfully registered node UUID 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e
Successfully registered node UUID bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8
Successfully registered node UUID 766ab623-464c-423d-a529-d9afb69d1167
Waiting for introspection to finish...
Started Mistral Workflow tripleo.baremetal.v1.introspect. Execution ID: 6b4d08ae-94c3-4a10-ab63-7634ec198a79
Waiting for messages on queue 'tripleo' with no timeout.
Introspection of node b89a72a3-6bb7-429a-93bc-48393d225838 completed. Status:SUCCESS. Errors:None
Introspection of node 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e completed. Status:SUCCESS. Errors:None
Introspection of node bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8 completed. Status:SUCCESS. Errors:None
Introspection of node 766ab623-464c-423d-a529-d9afb69d1167 completed. Status:SUCCESS. Errors:None
Introspection of node b4b2cf4a-b7ca-4095-af13-cc83be21c4f5 completed. Status:SUCCESS. Errors:None
Successfully introspected 5 node(s).
Started Mistral Workflow tripleo.baremetal.v1.provide. Execution ID: f5594736-edcf-4927-a8a0-2a7bf806a59a
Waiting for messages on queue 'tripleo' with no timeout.
5 node(s) successfully moved to the "available" state.
(undercloud) [stack@undercloud ~]$Njengoba ubona kokuphumayo, konke kuqedwe ngaphandle kwamaphutha. Ake sihlole ukuthi wonke amanodi asesimweni esitholakalayo:
(undercloud) [stack@undercloud ~]$ openstack baremetal node list
+--------------------------------------+-----------+---------------+-------------+--------------------+-------------+
| UUID | Name | Instance UUID | Power State | Provisioning State | Maintenance |
+--------------------------------------+-----------+---------------+-------------+--------------------+-------------+
| b4b2cf4a-b7ca-4095-af13-cc83be21c4f5 | control-1 | None | power off | available | False |
| b89a72a3-6bb7-429a-93bc-48393d225838 | storage-1 | None | power off | available | False |
| 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e | storage-2 | None | power off | available | False |
| bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8 | compute-1 | None | power off | available | False |
| 766ab623-464c-423d-a529-d9afb69d1167 | compute-2 | None | power off | available | False |
+--------------------------------------+-----------+---------------+-------------+--------------------+-------------+
(undercloud) [stack@undercloud ~]$ Uma ama-node esesimweni esihlukile, ngokuvamile esilawulekayo, khona-ke kukhona okungahambanga kahle futhi udinga ukubheka ilogi bese uthola ukuthi kungani lokhu kwenzeka. Khumbula ukuthi kulesi simo sisebenzisa i-virtualization futhi kungase kube neziphazamisi ezihlobene nokusetshenziswa kwemishini ebonakalayo noma i-vbmc.
Okulandelayo, sidinga ukukhombisa ukuthi iyiphi i-node ezokwenza ukuthi yimuphi umsebenzi - okungukuthi, khombisa iphrofayili lapho i-node izosebenzisa khona:
(undercloud) [stack@undercloud ~]$ openstack overcloud profiles list
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
| Node UUID | Node Name | Provision State | Current Profile | Possible Profiles |
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
| b4b2cf4a-b7ca-4095-af13-cc83be21c4f5 | control-1 | available | None | |
| b89a72a3-6bb7-429a-93bc-48393d225838 | storage-1 | available | None | |
| 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e | storage-2 | available | None | |
| bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8 | compute-1 | available | None | |
| 766ab623-464c-423d-a529-d9afb69d1167 | compute-2 | available | None | |
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
(undercloud) [stack@undercloud ~]$ openstack flavor list
+--------------------------------------+---------------+------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+--------------------------------------+---------------+------+------+-----------+-------+-----------+
| 168af640-7f40-42c7-91b2-989abc5c5d8f | swift-storage | 4096 | 40 | 0 | 1 | True |
| 52148d1b-492e-48b4-b5fc-772849dd1b78 | baremetal | 4096 | 40 | 0 | 1 | True |
| 56e66542-ae60-416d-863e-0cb192d01b09 | control | 4096 | 40 | 0 | 1 | True |
| af6796e1-d0c4-4bfe-898c-532be194f7ac | block-storage | 4096 | 40 | 0 | 1 | True |
| e4d50fdd-0034-446b-b72c-9da19b16c2df | compute | 4096 | 40 | 0 | 1 | True |
| fc2e3acf-7fca-4901-9eee-4a4d6ef0265d | ceph-storage | 4096 | 40 | 0 | 1 | True |
+--------------------------------------+---------------+------+------+-----------+-------+-----------+
(undercloud) [stack@undercloud ~]$Cacisa iphrofayili yenodi ngayinye:
openstack baremetal node set --property capabilities='profile:control,boot_option:local' b4b2cf4a-b7ca-4095-af13-cc83be21c4f5
openstack baremetal node set --property capabilities='profile:ceph-storage,boot_option:local' b89a72a3-6bb7-429a-93bc-48393d225838
openstack baremetal node set --property capabilities='profile:ceph-storage,boot_option:local' 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e
openstack baremetal node set --property capabilities='profile:compute,boot_option:local' bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8
openstack baremetal node set --property capabilities='profile:compute,boot_option:local' 766ab623-464c-423d-a529-d9afb69d1167Ake sihlole ukuthi senze konke ngendlela efanele:
(undercloud) [stack@undercloud ~]$ openstack overcloud profiles list
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
| Node UUID | Node Name | Provision State | Current Profile | Possible Profiles |
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
| b4b2cf4a-b7ca-4095-af13-cc83be21c4f5 | control-1 | available | control | |
| b89a72a3-6bb7-429a-93bc-48393d225838 | storage-1 | available | ceph-storage | |
| 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e | storage-2 | available | ceph-storage | |
| bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8 | compute-1 | available | compute | |
| 766ab623-464c-423d-a529-d9afb69d1167 | compute-2 | available | compute | |
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
(undercloud) [stack@undercloud ~]$Uma konke kulungile, sinikeza umyalo wokuhambisa i-overcloud:
openstack overcloud deploy --templates --control-scale 1 --compute-scale 2 --ceph-storage-scale 2 --control-flavor control --compute-flavor compute --ceph-storage-flavor ceph-storage --libvirt-type qemuEkufakweni kwangempela, izifanekiso ezenziwe ngokwezifiso zizosetshenziswa ngokwemvelo, kithi lokhu kuzofaka inkimbinkimbi kakhulu inqubo, ngoba ukuhlela ngakunye kusifanekiso kuzomele kuchazwe. Njengoba kwabhalwa ngaphambili, ngisho nokufaka okulula kuzokwanela ukuze sibone ukuthi kusebenza kanjani.
Qaphela: i- --libvirt-type qemu variable iyadingeka kulesi simo, njengoba sizosebenzisa i-virtualization esidlekeni. Uma kungenjalo, ngeke ukwazi ukusebenzisa imishini ebonakalayo.
Manje usunehora, noma mhlawumbe ngaphezulu (kuye ngokuthi i-hardware inamakhono) futhi ungathemba kuphela ukuthi ngemva kwalesi sikhathi uzobona umlayezo olandelayo:
2020-08-14 08:39:21Z [overcloud]: CREATE_COMPLETE Stack CREATE completed successfully
Stack overcloud CREATE_COMPLETE
Host 192.168.255.21 not found in /home/stack/.ssh/known_hosts
Started Mistral Workflow tripleo.deployment.v1.get_horizon_url. Execution ID: fcb996cd-6a19-482b-b755-2ca0c08069a9
Overcloud Endpoint: http://192.168.255.21:5000/
Overcloud Horizon Dashboard URL: http://192.168.255.21:80/dashboard
Overcloud rc file: /home/stack/overcloudrc
Overcloud Deployed
(undercloud) [stack@undercloud ~]$Manje usunenguqulo ecishe iphelele ye-openstack, ongafunda kuyo, uzame, njll.
Ake sihlole ukuthi yonke into isebenza kahle yini. Esitakini sohlu lwasekhaya lomsebenzisi kunamafayela amabili - i-stackrc eyodwa (yokuphatha i-undercloud) neyesibili i-overcloudrc (yokuphatha i-overcloud). Lawa mafayela kufanele acaciswe njengomthombo, njengoba aqukethe ulwazi oludingekayo ukuze kuqinisekiswe.
(undercloud) [stack@undercloud ~]$ openstack server list
+--------------------------------------+-------------------------+--------+-------------------------+----------------+--------------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-------------------------+--------+-------------------------+----------------+--------------+
| fd7d36f4-ce87-4b9a-93b0-add2957792de | overcloud-controller-0 | ACTIVE | ctlplane=192.168.255.15 | overcloud-full | control |
| edc77778-8972-475e-a541-ff40eb944197 | overcloud-novacompute-1 | ACTIVE | ctlplane=192.168.255.26 | overcloud-full | compute |
| 5448ce01-f05f-47ca-950a-ced14892c0d4 | overcloud-cephstorage-1 | ACTIVE | ctlplane=192.168.255.34 | overcloud-full | ceph-storage |
| ce6d862f-4bdf-4ba3-b711-7217915364d7 | overcloud-novacompute-0 | ACTIVE | ctlplane=192.168.255.19 | overcloud-full | compute |
| e4507bd5-6f96-4b12-9cc0-6924709da59e | overcloud-cephstorage-0 | ACTIVE | ctlplane=192.168.255.44 | overcloud-full | ceph-storage |
+--------------------------------------+-------------------------+--------+-------------------------+----------------+--------------+
(undercloud) [stack@undercloud ~]$
(undercloud) [stack@undercloud ~]$ source overcloudrc
(overcloud) [stack@undercloud ~]$
(overcloud) [stack@undercloud ~]$ openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 4eed7d0f06544625857d51cd77c5bd4c | admin |
| ee1c68758bde41eaa9912c81dc67dad8 | service |
+----------------------------------+---------+
(overcloud) [stack@undercloud ~]$
(overcloud) [stack@undercloud ~]$
(overcloud) [stack@undercloud ~]$ openstack network agent list
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
| 10495de9-ba4b-41fe-b30a-b90ec3f8728b | Open vSwitch agent | overcloud-novacompute-1.localdomain | None | :-) | UP | neutron-openvswitch-agent |
| 1515ad4a-5972-46c3-af5f-e5446dff7ac7 | L3 agent | overcloud-controller-0.localdomain | nova | :-) | UP | neutron-l3-agent |
| 322e62ca-1e5a-479e-9a96-4f26d09abdd7 | DHCP agent | overcloud-controller-0.localdomain | nova | :-) | UP | neutron-dhcp-agent |
| 9c1de2f9-bac5-400e-998d-4360f04fc533 | Open vSwitch agent | overcloud-novacompute-0.localdomain | None | :-) | UP | neutron-openvswitch-agent |
| d99c5657-851e-4d3c-bef6-f1e3bb1acfb0 | Open vSwitch agent | overcloud-controller-0.localdomain | None | :-) | UP | neutron-openvswitch-agent |
| ff85fae6-5543-45fb-a301-19c57b62d836 | Metadata agent | overcloud-controller-0.localdomain | None | :-) | UP | neutron-metadata-agent |
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
(overcloud) [stack@undercloud ~]$Ukufaka kwami kusadinga ukuthinta okukodwa okuncane - ukwengeza umzila kusilawuli, njengoba umshini engisebenza ngawo ukunethiwekhi ehlukile. Ukuze wenze lokhu, iya ku-control-1 ngaphansi kwe-akhawunti ye-heat-admin bese ubhalisa umzila
(undercloud) [stack@undercloud ~]$ ssh [email protected]
Last login: Fri Aug 14 09:47:40 2020 from 192.168.255.1
[heat-admin@overcloud-controller-0 ~]$
[heat-admin@overcloud-controller-0 ~]$
[heat-admin@overcloud-controller-0 ~]$ sudo ip route add 10.169.0.0/16 via 192.168.255.254Awu, manje ungangena emkhathizwe. Lonke ulwazi - amakheli, ukungena ngemvume kanye nephasiwedi - kufayela /home/stack/overcloudrc. Umdwebo wokugcina ubukeka kanje:
Ngendlela, ekufakweni kwethu, amakheli omshini akhishwe nge-DHCP futhi, njengoba ubona, akhishwa "ngokungahleliwe". Ungachaza ngokuqinile kusifanekiso ukuthi yiliphi ikheli okufanele linamathiselwe kumuphi umshini ngesikhathi sokuphakelwa, uma ulidinga.
Ihamba kanjani ithrafikhi phakathi kwemishini ebonakalayo?
Kulesi sihloko sizobheka izinketho ezintathu zokudlula ithrafikhi
- Imishini emibili ku-hypervisor eyodwa kunethiwekhi eyodwa ye-L2
- Imishini emibili kuma-hypervisors ahlukene kunethiwekhi efanayo ye-L2
- Imishini emibili kumanethiwekhi ahlukene (i-cross-network rooting)
Amacala anokufinyelela emhlabeni wangaphandle ngenethiwekhi yangaphandle, kusetshenziswa amakheli antantayo, kanye nemizila esabalalisiwe, sizozicabangela ngokuzayo, okwamanje sizogxila kuthrafikhi yangaphakathi.
Ukuhlola, masihlanganise umdwebo olandelayo:
Senze imishini engu-4 ye-virtual - 3 kunethiwekhi eyodwa ye-L2 - net-1, no-1 ngaphezulu kunethiwekhi ye-net-2
(overcloud) [stack@undercloud ~]$ nova list --tenant 5e18ce8ec9594e00b155485f19895e6c
+--------------------------------------+------+----------------------------------+--------+------------+-------------+-----------------+
| ID | Name | Tenant ID | Status | Task State | Power State | Networks |
+--------------------------------------+------+----------------------------------+--------+------------+-------------+-----------------+
| f53b37b5-2204-46cc-aef0-dba84bf970c0 | vm-1 | 5e18ce8ec9594e00b155485f19895e6c | ACTIVE | - | Running | net-1=10.0.1.85 |
| fc8b6722-0231-49b0-b2fa-041115bef34a | vm-2 | 5e18ce8ec9594e00b155485f19895e6c | ACTIVE | - | Running | net-1=10.0.1.88 |
| 3cd74455-b9b7-467a-abe3-bd6ff765c83c | vm-3 | 5e18ce8ec9594e00b155485f19895e6c | ACTIVE | - | Running | net-1=10.0.1.90 |
| 7e836338-6772-46b0-9950-f7f06dbe91a8 | vm-4 | 5e18ce8ec9594e00b155485f19895e6c | ACTIVE | - | Running | net-2=10.0.2.8 |
+--------------------------------------+------+----------------------------------+--------+------------+-------------+-----------------+
(overcloud) [stack@undercloud ~]$ Ake sibheke ukuthi yiziphi ama-hypervisors imishini edaliwe atholakala kuyo:
(overcloud) [stack@undercloud ~]$ nova show f53b37b5-2204-46cc-aef0-dba84bf970c0 | egrep "hypervisor_hostname|instance_name|hostname"
| OS-EXT-SRV-ATTR:hostname | vm-1 |
| OS-EXT-SRV-ATTR:hypervisor_hostname | overcloud-novacompute-0.localdomain |
| OS-EXT-SRV-ATTR:instance_name | instance-00000001 |(overcloud) [stack@undercloud ~]$ nova show fc8b6722-0231-49b0-b2fa-041115bef34a | egrep "hypervisor_hostname|instance_name|hostname"
| OS-EXT-SRV-ATTR:hostname | vm-2 |
| OS-EXT-SRV-ATTR:hypervisor_hostname | overcloud-novacompute-1.localdomain |
| OS-EXT-SRV-ATTR:instance_name | instance-00000002 |(overcloud) [stack@undercloud ~]$ nova show 3cd74455-b9b7-467a-abe3-bd6ff765c83c | egrep "hypervisor_hostname|instance_name|hostname"
| OS-EXT-SRV-ATTR:hostname | vm-3 |
| OS-EXT-SRV-ATTR:hypervisor_hostname | overcloud-novacompute-0.localdomain |
| OS-EXT-SRV-ATTR:instance_name | instance-00000003 |(overcloud) [stack@undercloud ~]$ nova show 7e836338-6772-46b0-9950-f7f06dbe91a8 | egrep "hypervisor_hostname|instance_name|hostname"
| OS-EXT-SRV-ATTR:hostname | vm-4 |
| OS-EXT-SRV-ATTR:hypervisor_hostname | overcloud-novacompute-1.localdomain |
| OS-EXT-SRV-ATTR:instance_name | instance-00000004 |
(overcloud) [stack@undercloud ~]$
Imishini i-vm-1 ne-vm-3 itholakala ku-compute-0, imishini i-vm-2 ne-vm-4 itholakala ku-node compute-1.
Ngaphezu kwalokho, i-router ebonakalayo yenziwe ukuze ivumele umzila phakathi kwamanethiwekhi acacisiwe:
(overcloud) [stack@undercloud ~]$ openstack router list --project 5e18ce8ec9594e00b155485f19895e6c
+--------------------------------------+----------+--------+-------+-------------+-------+----------------------------------+
| ID | Name | Status | State | Distributed | HA | Project |
+--------------------------------------+----------+--------+-------+-------------+-------+----------------------------------+
| 0a4d2420-4b9c-46bd-aec1-86a1ef299abe | router-1 | ACTIVE | UP | False | False | 5e18ce8ec9594e00b155485f19895e6c |
+--------------------------------------+----------+--------+-------+-------------+-------+----------------------------------+
(overcloud) [stack@undercloud ~]$ Irutha inamachweba amabili abonakalayo, asebenza njengamasango amanethiwekhi:
(overcloud) [stack@undercloud ~]$ openstack router show 0a4d2420-4b9c-46bd-aec1-86a1ef299abe | grep interface
| interfaces_info | [{"subnet_id": "2529ad1a-6b97-49cd-8515-cbdcbe5e3daa", "ip_address": "10.0.1.254", "port_id": "0c52b15f-8fcc-4801-bf52-7dacc72a5201"}, {"subnet_id": "335552dd-b35b-456b-9df0-5aac36a3ca13", "ip_address": "10.0.2.254", "port_id": "92fa49b5-5406-499f-ab8d-ddf28cc1a76c"}] |
(overcloud) [stack@undercloud ~]$ Kodwa ngaphambi kokuthi sibheke ukuthi i-traffic igeleza kanjani, ake sibheke lokho esinakho njengamanje ku-node yokulawula (okuyinto futhi inethiwekhi yenethiwekhi) kanye ne-compute node. Ake siqale nge-compute node.
[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-vsctl show
[heat-admin@overcloud-novacompute-0 ~]$ sudo sudo ovs-appctl dpif/show
system@ovs-system: hit:3 missed:3
br-ex:
br-ex 65534/1: (internal)
phy-br-ex 1/none: (patch: peer=int-br-ex)
br-int:
br-int 65534/2: (internal)
int-br-ex 1/none: (patch: peer=phy-br-ex)
patch-tun 2/none: (patch: peer=patch-int)
br-tun:
br-tun 65534/3: (internal)
patch-int 1/none: (patch: peer=patch-tun)
vxlan-c0a8ff0f 3/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.15)
vxlan-c0a8ff1a 2/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.26)
[heat-admin@overcloud-novacompute-0 ~]$Okwamanje, i-node inamabhuloho amathathu ovs - br-int, br-tun, br-ex. Phakathi kwabo, njengoba sibona, kukhona isethi yokuxhumana. Ukuze kube lula ukuqonda, ake sihlele zonke lezi zixhumanisi kumdwebo futhi sibone ukuthi kwenzekani.
Uma ubheka amakheli lapho imigudu ye-VxLAN iphakanyiswe khona, kungabonakala ukuthi umhubhe owodwa uphakanyiswa ukuze uhlanganise-1 (192.168.255.26), umhubhe wesibili ubheka ukulawula-1 (192.168.255.15). Kodwa into ethakazelisa kakhulu ukuthi i-br-ex ayinakho ukuxhumana ngokomzimba, futhi uma ubheka ukuthi yikuphi ukugeleza okulungiselelwe, ungabona ukuthi leli bhuloho lingakwazi ukulahla ithrafikhi okwamanje.
[heat-admin@overcloud-novacompute-0 ~]$ ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 192.168.255.19 netmask 255.255.255.0 broadcast 192.168.255.255
inet6 fe80::5054:ff:fe6a:eabe prefixlen 64 scopeid 0x20<link>
ether 52:54:00:6a:ea:be txqueuelen 1000 (Ethernet)
RX packets 2909669 bytes 4608201000 (4.2 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1821057 bytes 349198520 (333.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[heat-admin@overcloud-novacompute-0 ~]$ Njengoba ungabona kokuphumayo, ikheli lijikijelwa ngokuqondile embobeni yangempela, hhayi kusixhumi esibonakalayo sebhuloho.
[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-appctl fdb/show br-ex
port VLAN MAC Age
[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl dump-flows br-ex
cookie=0x9169eae8f7fe5bb2, duration=216686.864s, table=0, n_packets=303, n_bytes=26035, priority=2,in_port="phy-br-ex" actions=drop
cookie=0x9169eae8f7fe5bb2, duration=216686.887s, table=0, n_packets=0, n_bytes=0, priority=0 actions=NORMAL
[heat-admin@overcloud-novacompute-0 ~]$
Ngokomthetho wokuqala, yonke into evela echwebeni le-phy-br-ex kumele ilahlwe.
Empeleni, okwamanje ayikho enye indawo lapho ithrafikhi ingangena kuleli bhuloho ngaphandle kwalesi sikhombimsebenzisi (isixhumi esibonakalayo esine-br-int), futhi uma sibheka ngokwehla, ithrafikhi ye-BUM isivele indizele ingena ebhulohweni.
Okusho ukuthi, ithrafikhi ingashiya le nodi kuphela ngomhubhe we-VxLAN futhi akukho okunye. Nokho, uma uvula i-DVR, isimo sizoshintsha, kodwa sizobhekana nalokho ngesinye isikhathi. Uma usebenzisa ukuhlukaniswa kwenethiwekhi, isibonelo usebenzisa i-vlans, ngeke ube ne-interface ye-L3 eyodwa ku-vlan 0, kodwa i-interfaces embalwa. Noma kunjalo, ithrafikhi ye-VxLAN izoshiya i-node ngendlela efanayo, kodwa futhi ihlanganiswe kuhlobo oluthile lwe-vlan ezinikezele.
Silungise i-compute node, ake siqhubekele endaweni yokulawula.
[heat-admin@overcloud-controller-0 ~]$ sudo ovs-appctl dpif/show
system@ovs-system: hit:930491 missed:825
br-ex:
br-ex 65534/1: (internal)
eth0 1/2: (system)
phy-br-ex 2/none: (patch: peer=int-br-ex)
br-int:
br-int 65534/3: (internal)
int-br-ex 1/none: (patch: peer=phy-br-ex)
patch-tun 2/none: (patch: peer=patch-int)
br-tun:
br-tun 65534/4: (internal)
patch-int 1/none: (patch: peer=patch-tun)
vxlan-c0a8ff13 3/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.19)
vxlan-c0a8ff1a 2/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.26)
[heat-admin@overcloud-controller-0 ~]$Eqinisweni, singasho ukuthi yonke into iyafana, kodwa ikheli le-IP alisekho ku-interface ebonakalayo kodwa ebhulohweni elibonakalayo. Lokhu kwenziwa ngoba leli chweba liyichweba okuzophuma ngalo izimoto ziye emazweni angaphandle.
[heat-admin@overcloud-controller-0 ~]$ ifconfig br-ex
br-ex: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 192.168.255.15 netmask 255.255.255.0 broadcast 192.168.255.255
inet6 fe80::5054:ff:fe20:a22f prefixlen 64 scopeid 0x20<link>
ether 52:54:00:20:a2:2f txqueuelen 1000 (Ethernet)
RX packets 803859 bytes 1732616116 (1.6 GiB)
RX errors 0 dropped 63 overruns 0 frame 0
TX packets 808475 bytes 121652156 (116.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[heat-admin@overcloud-controller-0 ~]$
[heat-admin@overcloud-controller-0 ~]$ sudo ovs-appctl fdb/show br-ex
port VLAN MAC Age
3 100 28:c0:da:00:4d:d3 35
1 0 28:c0:da:00:4d:d3 35
1 0 52:54:00:98:e9:d6 0
LOCAL 0 52:54:00:20:a2:2f 0
1 0 52:54:00:2c:08:9e 0
3 100 52:54:00:20:a2:2f 0
1 0 52:54:00:6a:ea:be 0
[heat-admin@overcloud-controller-0 ~]$ Lesi sikhumulo siboshelwe ebhulohweni le-br-ex futhi njengoba bengekho amathegi e-vlan kuso, lesi sikhumulo siyimbobo enkulu lapho wonke ama-vlans avunyelwe khona, manje isiminyaminya siphumela ngaphandle ngaphandle komaka, njengoba kukhonjiswe yi-vlan-id 0 ku- okukhiphayo ngenhla.
Konke okunye okwamanje kufana ne-compute node - amabhuloho afanayo, imigudu efanayo eya ezindaweni ezimbili zokubala.
Ngeke sicabangele ama-node okugcina kulesi sihloko, kodwa ukuze siqonde kuyadingeka ukusho ukuthi ingxenye yenethiwekhi yalawa ma-node i-banal kuze kube seqophelweni lokuhlazeka. Esimweni sethu, kunembobo ephathekayo eyodwa kuphela (eth0) enekheli le-IP elinikezwe yona futhi yikho. Azikho imigudu ye-VxLAN, amabhuloho emhubhe, njll. - awekho ama-ovs nhlobo, ngoba akukho phuzu kuwo. Uma usebenzisa ukuhlukaniswa kwenethiwekhi, le nodi izoba nokuxhumana okubili (amachweba angokomzimba, i-bodny, noma ama-vlans amabili nje - akunandaba - kuya ngokuthi yini oyifunayo) - eyodwa yokuphatha, eyesibili yethrafikhi (ukubhala kudiski ye-VM , ukufunda kudiski, njll.)
Sithole ukuthi yini esinayo kuma-node ngaphandle kwanoma yiziphi izinkonzo. Manje ake sethule imishini engu-4 futhi sibone ukuthi isikimu esichazwe ngenhla sishintsha kanjani - kufanele sibe nezimbobo, amarutha abonakalayo, njll.
Kuze kube manje inethiwekhi yethu ibukeka kanje:
Sinemishini emibili ebonakalayo endaweni ngayinye yekhompyutha. Ukusebenzisa i-compute-0 njengesibonelo, ake sibone ukuthi yonke into ifakwe kanjani.
[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh list
Id Name State
----------------------------------------------------
1 instance-00000001 running
3 instance-00000003 running
[heat-admin@overcloud-novacompute-0 ~]$ Umshini une-interface eyodwa kuphela ebonakalayo - tap95d96a75-a0:
[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh domiflist instance-00000001
Interface Type Source Model MAC
-------------------------------------------------------
tap95d96a75-a0 bridge qbr95d96a75-a0 virtio fa:16:3e:44:98:20
[heat-admin@overcloud-novacompute-0 ~]$
Lesi sixhumanisi sibukeka kubhuloho le-linux:
[heat-admin@overcloud-novacompute-0 ~]$ sudo brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.0242904c92a8 no
qbr5bd37136-47 8000.5e4e05841423 no qvb5bd37136-47
tap5bd37136-47
qbr95d96a75-a0 8000.de076cb850f6 no qvb95d96a75-a0
tap95d96a75-a0
[heat-admin@overcloud-novacompute-0 ~]$ Njengoba ubona kokuphumayo, kukhona ukuxhumana okubili kuphela ebhulohweni - tap95d96a75-a0 kanye ne-qvb95d96a75-a0.
Lapha kufanelekile ukuhlala kancane ezinhlotsheni zamadivayisi wenethiwekhi ebonakalayo ku-OpenStack:
vtap - isikhombimsebenzisi esibonakalayo esinamathiselwe kusibonelo (VM)
qbr - Linux ibhuloho
I-qvb ne-qvo - vEth ipheya exhunywe kwibhuloho le-Linux kanye nebhuloho elivulekile le-vSwitch
br-int, br-tun, br-vlan — Vula amabhuloho e-vSwitch
patch-, int-br-, phy-br- - Vula i-vSwitch patch interfaces exhumanisa amabhuloho
qg, qr, ha, fg, sg - Vula izimbobo ze-vSwitch ezisetshenziswa amadivayisi abonakalayo ukuxhuma ku-OVS
Njengoba uqonda, uma sinechweba elithi qvb95d96a75-a0 ebhulohweni, okuyipheya ye-vEth, khona-ke endaweni ethile kunomlingani wayo, okufanele kuthiwe ngokunengqondo qvo95d96a75-a0. Ake sibone ukuthi yiziphi izimbobo eziku-OVS.
[heat-admin@overcloud-novacompute-0 ~]$ sudo sudo ovs-appctl dpif/show
system@ovs-system: hit:526 missed:91
br-ex:
br-ex 65534/1: (internal)
phy-br-ex 1/none: (patch: peer=int-br-ex)
br-int:
br-int 65534/2: (internal)
int-br-ex 1/none: (patch: peer=phy-br-ex)
patch-tun 2/none: (patch: peer=patch-int)
qvo5bd37136-47 6/6: (system)
qvo95d96a75-a0 3/5: (system)
br-tun:
br-tun 65534/3: (internal)
patch-int 1/none: (patch: peer=patch-tun)
vxlan-c0a8ff0f 3/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.15)
vxlan-c0a8ff1a 2/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.26)
[heat-admin@overcloud-novacompute-0 ~]$ Njengoba sibona, itheku liku-br-int. I-Br-int isebenza njengeswishi enqamula izimbobo zomshini obonakalayo. Ngokungeziwe ku-qvo95d96a75-a0, imbobo qvo5bd37136-47 ibonakala kokuphumayo. Leli yichweba eliya emshinini wesibili we-virtual. Ngenxa yalokho, umdwebo wethu manje ubukeka kanje:
Umbuzo okufanele uthakasele ngokushesha umfundi olalelayo - liyini ibhuloho le-linux phakathi kwembobo yomshini obonakalayo kanye nembobo ye-OVS? Iqiniso liwukuthi ukuvikela umshini, amaqembu okuphepha asetshenziswa, okungeyona into engaphezu kwe-iptables. I-OVS ayisebenzi ngama-iptables, ngakho le “crutch” yasungulwa. Kodwa-ke, isiphelelwa yisikhathi - isithathelwa indawo yi-conntrack ekukhishweni okusha.
Okusho ukuthi, ekugcineni uhlelo lubukeka kanjena:
Imishini emibili ku-hypervisor eyodwa kunethiwekhi eyodwa ye-L2
Njengoba lawa ma-VM amabili atholakala kunethiwekhi efanayo ye-L2 naku-hypervisor efanayo, ithrafikhi phakathi kwawo izogeleza ngokunengqondo endaweni nge-br-int, njengoba yomibili imishini izoba ku-VLAN efanayo:
[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh domiflist instance-00000001
Interface Type Source Model MAC
-------------------------------------------------------
tap95d96a75-a0 bridge qbr95d96a75-a0 virtio fa:16:3e:44:98:20
[heat-admin@overcloud-novacompute-0 ~]$
[heat-admin@overcloud-novacompute-0 ~]$
[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh domiflist instance-00000003
Interface Type Source Model MAC
-------------------------------------------------------
tap5bd37136-47 bridge qbr5bd37136-47 virtio fa:16:3e:83:ad:a4
[heat-admin@overcloud-novacompute-0 ~]$
[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-appctl fdb/show br-int
port VLAN MAC Age
6 1 fa:16:3e:83:ad:a4 0
3 1 fa:16:3e:44:98:20 0
[heat-admin@overcloud-novacompute-0 ~]$ Imishini emibili kuma-hypervisors ahlukene kunethiwekhi efanayo ye-L2
Manje ake sibone ukuthi ithrafikhi izohamba kanjani phakathi kwemishini emibili kunethiwekhi efanayo ye-L2, kodwa etholakala kuma-hypervisors ahlukene. Ukukhuluma iqiniso, akukho okuzoshintsha kakhulu, ithrafikhi nje phakathi kwama-hypervisors izodlula emhubheni we-vxlan. Ake sibheke isibonelo.
Amakheli emishini ebonakalayo lapho sizobuka khona ithrafikhi:
[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh domiflist instance-00000001
Interface Type Source Model MAC
-------------------------------------------------------
tap95d96a75-a0 bridge qbr95d96a75-a0 virtio fa:16:3e:44:98:20
[heat-admin@overcloud-novacompute-0 ~]$
[heat-admin@overcloud-novacompute-1 ~]$ sudo virsh domiflist instance-00000002
Interface Type Source Model MAC
-------------------------------------------------------
tape7e23f1b-07 bridge qbre7e23f1b-07 virtio fa:16:3e:72:ad:53
[heat-admin@overcloud-novacompute-1 ~]$ Sibheka ithebula lokudlulisela phambili ku-br-int ku-compute-0:
[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-appctl fdb/show br-int | grep fa:16:3e:72:ad:53
2 1 fa:16:3e:72:ad:53 1
[heat-admin@overcloud-novacompute-0 ~]Ithrafikhi kufanele iye echwebeni 2 - ake sibone ukuthi hlobo luni lwechweba:
[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl show br-int | grep addr
1(int-br-ex): addr:7e:7f:28:1f:bd:54
2(patch-tun): addr:0a:bd:07:69:58:d9
3(qvo95d96a75-a0): addr:ea:50:9a:3d:69:58
6(qvo5bd37136-47): addr:9a:d1:03:50:3d:96
LOCAL(br-int): addr:1a:0f:53:97:b1:49
[heat-admin@overcloud-novacompute-0 ~]$Lena yi-patch-tun - okungukuthi, isixhumi esibonakalayo ku-br-tun. Ake sibone ukuthi kwenzekani ngephakheji ku-br-tun:
[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl dump-flows br-tun | grep fa:16:3e:72:ad:53
cookie=0x8759a56536b67a8e, duration=1387.959s, table=20, n_packets=1460, n_bytes=138880, hard_timeout=300, idle_age=0, hard_age=0, priority=1,vlan_tci=0x0001/0x0fff,dl_dst=fa:16:3e:72:ad:53 actions=load:0->NXM_OF_VLAN_TCI[],load:0x16->NXM_NX_TUN_ID[],output:2
[heat-admin@overcloud-novacompute-0 ~]$ Iphakethe lipakishwe ku-VxLAN futhi lithunyelwa ku-port 2. Ake sibone ukuthi imbobo yesi-2 iholela kuphi:
[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl show br-tun | grep addr
1(patch-int): addr:b2:d1:f8:21:96:66
2(vxlan-c0a8ff1a): addr:be:64:1f:75:78:a7
3(vxlan-c0a8ff0f): addr:76:6f:b9:3c:3f:1c
LOCAL(br-tun): addr:a2:5b:6d:4f:94:47
[heat-admin@overcloud-novacompute-0 ~]$Lona umhubhe we-vxlan ku-compute-1:
[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-appctl dpif/show | egrep vxlan-c0a8ff1a
vxlan-c0a8ff1a 2/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.26)
[heat-admin@overcloud-novacompute-0 ~]$Ake siye ku-compute-1 futhi sibone ukuthi kwenzekani ngokulandelayo ngephakheji:
[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-appctl fdb/show br-int | egrep fa:16:3e:44:98:20
2 1 fa:16:3e:44:98:20 1
[heat-admin@overcloud-novacompute-1 ~]$ I-Mac ikwithebula lokudlulisela phambili le-br-int ku-compute-1, futhi njengoba kungabonwa kokuphumayo ngenhla, ibonakala ngembobo yesi-2, okuyichweba elibheke ku-br-tun:
[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-ofctl show br-int | grep addr
1(int-br-ex): addr:8a:d7:f9:ad:8c:1d
2(patch-tun): addr:46:cc:40:bd:20:da
3(qvoe7e23f1b-07): addr:12:78:2e:34:6a:c7
4(qvo3210e8ec-c0): addr:7a:5f:59:75:40:85
LOCAL(br-int): addr:e2:27:b2:ed:14:46Hhayi-ke, siyabona ukuthi ku-br-int ku-compute-1 kukhona i-poppy yendawo:
[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-appctl fdb/show br-int | egrep fa:16:3e:72:ad:53
3 1 fa:16:3e:72:ad:53 0
[heat-admin@overcloud-novacompute-1 ~]$ Okusho ukuthi, iphakethe elitholiwe lizondizela ku-port 3, ngemuva kwalokho sekuvele kukhona i-virtual machine-00000003.
Ubuhle bokusebenzisa i-Openstack yokufunda engqalasizinda ebonakalayo ukuthi singathwebula kalula ithrafikhi phakathi kwama-hypervisors futhi sibone ukuthi kwenzekani ngayo. Yilokhu esizokwenza manje, sebenzisa i-tcpdump ku-vnet port ubheke ku-compute-0:
[root@hp-gen9 bormoglotx]# tcpdump -vvv -i vnet3
tcpdump: listening on vnet3, link-type EN10MB (Ethernet), capture size 262144 bytes
*****************omitted*******************
04:39:04.583459 IP (tos 0x0, ttl 64, id 16868, offset 0, flags [DF], proto UDP (17), length 134)
192.168.255.19.39096 > 192.168.255.26.4789: [no cksum] VXLAN, flags [I] (0x08), vni 22
IP (tos 0x0, ttl 64, id 8012, offset 0, flags [DF], proto ICMP (1), length 84)
10.0.1.85 > 10.0.1.88: ICMP echo request, id 5634, seq 16, length 64
04:39:04.584449 IP (tos 0x0, ttl 64, id 35181, offset 0, flags [DF], proto UDP (17), length 134)
192.168.255.26.speedtrace-disc > 192.168.255.19.4789: [no cksum] VXLAN, flags [I] (0x08), vni 22
IP (tos 0x0, ttl 64, id 59124, offset 0, flags [none], proto ICMP (1), length 84)
10.0.1.88 > 10.0.1.85: ICMP echo reply, id 5634, seq 16, length 64
*****************omitted*******************Umugqa wokuqala ubonisa ukuthi i-Patek esuka ekhelini elithi 10.0.1.85 iya ekhelini elithi 10.0.1.88 (i-ICMP traffic), futhi isongwe ngephakethe le-VxLAN eline-vni 22 futhi iphakethe lisuka kumsingathi 192.168.255.19 (compute-0) ukuze libambe i-192.168.255.26 .1 ( ikholatha-XNUMX). Singahlola ukuthi i-VNI ifana naleyo eshiwo kuma-ovs.
Masibuyele kulo mugqa actions=load:0->NXM_OF_VLAN_TCI[],load:0x16->NXM_NX_TUN_ID[],output:2. 0x16 yi-vni ohlelweni lwenombolo ye-hexadecimal. Masiguqule le nombolo ibe yisistimu ye-16:
16 = 6*16^0+1*16^1 = 6+16 = 22Okusho ukuthi, i-vni ihambisana neqiniso.
Umugqa wesibili ukhombisa ithrafikhi ebuyayo, kahle, akukho phuzu lokuyichaza, konke kucacile lapho.
Imishini emibili kumanethiwekhi ahlukene (i-inter-network routing)
Icala lokugcina lanamuhla ukuzulazula phakathi kwamanethiwekhi ngaphakathi kwephrojekthi eyodwa usebenzisa irutha ebonakalayo. Sicubungula icala elingenayo i-DVR (sizoyibheka kwesinye isihloko), ngakho-ke umzila uvela endaweni yenethiwekhi. Esimweni sethu, i-node yenethiwekhi ayifakwanga enhlanganweni ehlukile futhi itholakala endaweni yokulawula.
Okokuqala, ake sibone ukuthi umzila uyasebenza:
$ ping 10.0.2.8
PING 10.0.2.8 (10.0.2.8): 56 data bytes
64 bytes from 10.0.2.8: seq=0 ttl=63 time=7.727 ms
64 bytes from 10.0.2.8: seq=1 ttl=63 time=3.832 ms
^C
--- 10.0.2.8 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 3.832/5.779/7.727 msNjengoba kulokhu iphakethe kufanele liye esangweni futhi lihanjiswe lapho, sidinga ukuthola ikheli le-poppy lesango, lapho sibheka ithebula le-ARP kulesi sibonelo:
$ arp
host-10-0-1-254.openstacklocal (10.0.1.254) at fa:16:3e:c4:64:70 [ether] on eth0
host-10-0-1-1.openstacklocal (10.0.1.1) at fa:16:3e:e6:2c:5c [ether] on eth0
host-10-0-1-90.openstacklocal (10.0.1.90) at fa:16:3e:83:ad:a4 [ether] on eth0
host-10-0-1-88.openstacklocal (10.0.1.88) at fa:16:3e:72:ad:53 [ether] on eth0Manje ake sibone ukuthi ithrafikhi enendawo (10.0.1.254) fa:16:3e:c4:64:70 kufanele ithunyelwe kuphi:
[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-appctl fdb/show br-int | egrep fa:16:3e:c4:64:70
2 1 fa:16:3e:c4:64:70 0
[heat-admin@overcloud-novacompute-0 ~]$ Ake sibheke ukuthi ichweba 2 liholela kuphi:
[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl show br-int | grep addr
1(int-br-ex): addr:7e:7f:28:1f:bd:54
2(patch-tun): addr:0a:bd:07:69:58:d9
3(qvo95d96a75-a0): addr:ea:50:9a:3d:69:58
6(qvo5bd37136-47): addr:9a:d1:03:50:3d:96
LOCAL(br-int): addr:1a:0f:53:97:b1:49
[heat-admin@overcloud-novacompute-0 ~]$ Konke kunengqondo, ithrafikhi iya ku-br-tun. Ake sibone ukuthi imuphi umhubhe we-vxlan ezogoqwa ngawo:
[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl dump-flows br-tun | grep fa:16:3e:c4:64:70
cookie=0x8759a56536b67a8e, duration=3514.566s, table=20, n_packets=3368, n_bytes=317072, hard_timeout=300, idle_age=0, hard_age=0, priority=1,vlan_tci=0x0001/0x0fff,dl_dst=fa:16:3e:c4:64:70 actions=load:0->NXM_OF_VLAN_TCI[],load:0x16->NXM_NX_TUN_ID[],output:3
[heat-admin@overcloud-novacompute-0 ~]$ Imbobo yesithathu ingumhubhe we-vxlan:
[heat-admin@overcloud-controller-0 ~]$ sudo ovs-ofctl show br-tun | grep addr
1(patch-int): addr:a2:69:00:c5:fa:ba
2(vxlan-c0a8ff1a): addr:86:f0:ce:d0:e8:ea
3(vxlan-c0a8ff13): addr:72:aa:73:2c:2e:5b
LOCAL(br-tun): addr:a6:cb:cd:72:1c:45
[heat-admin@overcloud-controller-0 ~]$ Okubheka indawo yokulawula:
[heat-admin@overcloud-controller-0 ~]$ sudo sudo ovs-appctl dpif/show | grep vxlan-c0a8ff1a
vxlan-c0a8ff1a 2/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.26)
[heat-admin@overcloud-controller-0 ~]$ Ithrafikhi ifinyelele endaweni yokulawula, ngakho-ke sidinga ukuya kuyo futhi sibone ukuthi umzila uzokwenzeka kanjani.
Njengoba ukhumbula, i-node yokulawula ngaphakathi yayibukeka ifana ncamashi ne-compute node - amabhuloho afanayo amathathu, kuphela i-br-ex yayinechweba elibonakalayo lapho i-node ingathumela khona ithrafikhi ngaphandle. Ukudalwa kwezimo kushintshe ukucushwa kuma-node wekhompiyutha - ibhuloho le-linux, ama-iptables kanye nezindawo zokusebenzelana zengezwe kuma-node. Ukwakhiwa kwamanethiwekhi kanye nerutha ebonakalayo nakho kwashiya uphawu lwayo ekucushweni kwendawo yokulawula.
Ngakho-ke, kusobala ukuthi ikheli le-MAC lesango kufanele libe kuthebula lokudlulisela phambili le-br-int endaweni yokulawula. Ake sihlole ukuthi ikhona nokuthi ibheke kuphi:
[heat-admin@overcloud-controller-0 ~]$ sudo ovs-appctl fdb/show br-int | grep fa:16:3e:c4:64:70
5 1 fa:16:3e:c4:64:70 1
[heat-admin@overcloud-controller-0 ~]$
[heat-admin@overcloud-controller-0 ~]$ sudo ovs-ofctl show br-int | grep addr
1(int-br-ex): addr:2e:58:b6:db:d5:de
2(patch-tun): addr:06:41:90:f0:9e:56
3(tapca25a97e-64): addr:fa:16:3e:e6:2c:5c
4(tap22015e46-0b): addr:fa:16:3e:76:c2:11
5(qr-0c52b15f-8f): addr:fa:16:3e:c4:64:70
6(qr-92fa49b5-54): addr:fa:16:3e:80:13:72
LOCAL(br-int): addr:06:de:5d:ed:44:44
[heat-admin@overcloud-controller-0 ~]$ I-Mac ibonakala ku-port qr-0c52b15f-8f. Uma sibuyela kuhlu lwamachweba abonakalayo ku-Openstack, lolu hlobo lwembobo lusetshenziselwa ukuxhuma amadivaysi ahlukahlukene abonakalayo ku-OVS. Ukunemba kakhudlwana, i-qr iyimbobo yerutha ebonakalayo, emelelwa njengendawo yamagama.
Ake sibone ukuthi yiziphi izikhala zamagama ezikuseva:
[heat-admin@overcloud-controller-0 ~]$ sudo ip netns
qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe (id: 2)
qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638 (id: 1)
qdhcp-67a3798c-32c0-4c18-8502-2531247e3cc2 (id: 0)
[heat-admin@overcloud-controller-0 ~]$ Amakhophi angaba mathathu. Kodwa ukwahlulela ngamagama, ungakwazi ukuqagela inhloso ngayinye yazo. Sizobuyela ezimeni nge-ID 0 kanye no-1 kamuva, manje sinentshisekelo ku-namespace qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe:
[heat-admin@overcloud-controller-0 ~]$ sudo ip netns exec qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe ip route
10.0.1.0/24 dev qr-0c52b15f-8f proto kernel scope link src 10.0.1.254
10.0.2.0/24 dev qr-92fa49b5-54 proto kernel scope link src 10.0.2.254
[heat-admin@overcloud-controller-0 ~]$ Lesi sikhala samagama siqukethe ezimbili zangaphakathi esizidale ngaphambilini. Zombili izimbobo ezibonakalayo zengezwe ku-br-int. Ake sihlole ikheli le-mac lembobo qr-0c52b15f-8f, njengoba ithrafikhi, ngokubheka ikheli le-mac okuyiwa kulo, iye kulesi sixhumanisi.
[heat-admin@overcloud-controller-0 ~]$ sudo ip netns exec qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe ifconfig qr-0c52b15f-8f
qr-0c52b15f-8f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 10.0.1.254 netmask 255.255.255.0 broadcast 10.0.1.255
inet6 fe80::f816:3eff:fec4:6470 prefixlen 64 scopeid 0x20<link>
ether fa:16:3e:c4:64:70 txqueuelen 1000 (Ethernet)
RX packets 5356 bytes 427305 (417.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5195 bytes 490603 (479.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[heat-admin@overcloud-controller-0 ~]$ Okusho ukuthi, kulokhu, yonke into isebenza ngokuvumelana nemithetho yomzila ojwayelekile. Njengoba ithrafikhi imiselwe umsingathi ongu-10.0.2.8, kufanele iphume ngesixhumi esibonakalayo sesibili qr-92fa49b5-54 futhi idlule emhubheni we-vxlan iye endaweni yokubala:
[heat-admin@overcloud-controller-0 ~]$ sudo ip netns exec qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe arp
Address HWtype HWaddress Flags Mask Iface
10.0.1.88 ether fa:16:3e:72:ad:53 C qr-0c52b15f-8f
10.0.1.90 ether fa:16:3e:83:ad:a4 C qr-0c52b15f-8f
10.0.2.8 ether fa:16:3e:6c:ad:9c C qr-92fa49b5-54
10.0.2.42 ether fa:16:3e:f5:0b:29 C qr-92fa49b5-54
10.0.1.85 ether fa:16:3e:44:98:20 C qr-0c52b15f-8f
[heat-admin@overcloud-controller-0 ~]$ Konke kunengqondo, azikho izimanga. Ake sibone ukuthi ikheli le-poppy lomsingathi 10.0.2.8 libonakala kuphi ku-br-int:
[heat-admin@overcloud-controller-0 ~]$ sudo ovs-appctl fdb/show br-int | grep fa:16:3e:6c:ad:9c
2 2 fa:16:3e:6c:ad:9c 1
[heat-admin@overcloud-controller-0 ~]$
[heat-admin@overcloud-controller-0 ~]$ sudo ovs-ofctl show br-int | grep addr
1(int-br-ex): addr:2e:58:b6:db:d5:de
2(patch-tun): addr:06:41:90:f0:9e:56
3(tapca25a97e-64): addr:fa:16:3e:e6:2c:5c
4(tap22015e46-0b): addr:fa:16:3e:76:c2:11
5(qr-0c52b15f-8f): addr:fa:16:3e:c4:64:70
6(qr-92fa49b5-54): addr:fa:16:3e:80:13:72
LOCAL(br-int): addr:06:de:5d:ed:44:44
[heat-admin@overcloud-controller-0 ~]$ Njengoba kulindelekile, ithrafikhi iya ku-br-tun, ake sibone ukuthi ithrafikhi iya kumuphi umhubhe olandelayo:
[heat-admin@overcloud-controller-0 ~]$ sudo ovs-ofctl dump-flows br-tun | grep fa:16:3e:6c:ad:9c
cookie=0x2ab04bf27114410e, duration=5346.829s, table=20, n_packets=5248, n_bytes=498512, hard_timeout=300, idle_age=0, hard_age=0, priority=1,vlan_tci=0x0002/0x0fff,dl_dst=fa:16:3e:6c:ad:9c actions=load:0->NXM_OF_VLAN_TCI[],load:0x63->NXM_NX_TUN_ID[],output:2
[heat-admin@overcloud-controller-0 ~]$
[heat-admin@overcloud-controller-0 ~]$ sudo ovs-ofctl show br-tun | grep addr
1(patch-int): addr:a2:69:00:c5:fa:ba
2(vxlan-c0a8ff1a): addr:86:f0:ce:d0:e8:ea
3(vxlan-c0a8ff13): addr:72:aa:73:2c:2e:5b
LOCAL(br-tun): addr:a6:cb:cd:72:1c:45
[heat-admin@overcloud-controller-0 ~]$
[heat-admin@overcloud-controller-0 ~]$ sudo sudo ovs-appctl dpif/show | grep vxlan-c0a8ff1a
vxlan-c0a8ff1a 2/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.26)
[heat-admin@overcloud-controller-0 ~]$ Ithrafikhi ingena emhubheni ukuze ibale-1. Yebo, ku-compute-1 yonke into ilula - ukusuka ku-br-tun iphakheji iya ku-br-int futhi ukusuka lapho kuya esibonakalayo somshini obonakalayo:
[heat-admin@overcloud-controller-0 ~]$ sudo sudo ovs-appctl dpif/show | grep vxlan-c0a8ff1a
vxlan-c0a8ff1a 2/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.26)
[heat-admin@overcloud-controller-0 ~]$
[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-appctl fdb/show br-int | grep fa:16:3e:6c:ad:9c
4 2 fa:16:3e:6c:ad:9c 1
[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-ofctl show br-int | grep addr
1(int-br-ex): addr:8a:d7:f9:ad:8c:1d
2(patch-tun): addr:46:cc:40:bd:20:da
3(qvoe7e23f1b-07): addr:12:78:2e:34:6a:c7
4(qvo3210e8ec-c0): addr:7a:5f:59:75:40:85
LOCAL(br-int): addr:e2:27:b2:ed:14:46
[heat-admin@overcloud-novacompute-1 ~]$ Ake sihlole ukuthi lesi yisixhumi esibonakalayo esilungile ngempela:
[heat-admin@overcloud-novacompute-1 ~]$ brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02429c001e1c no
qbr3210e8ec-c0 8000.ea27f45358be no qvb3210e8ec-c0
tap3210e8ec-c0
qbre7e23f1b-07 8000.b26ac0eded8a no qvbe7e23f1b-07
tape7e23f1b-07
[heat-admin@overcloud-novacompute-1 ~]$
[heat-admin@overcloud-novacompute-1 ~]$ sudo virsh domiflist instance-00000004
Interface Type Source Model MAC
-------------------------------------------------------
tap3210e8ec-c0 bridge qbr3210e8ec-c0 virtio fa:16:3e:6c:ad:9c
[heat-admin@overcloud-novacompute-1 ~]$
Empeleni, sahamba yonke indlela ephaketheni. Ngicabanga ukuthi uqaphele ukuthi ithrafikhi idlule emigudu ehlukene ye-vxlan futhi yaphuma nama-VNI ahlukene. Ake sibone ukuthi hlobo luni lwe-VNI lezi, ngemva kwalokho sizoqoqa ukulahla echwebeni lokulawula le-node futhi siqinisekise ukuthi ithrafikhi igeleza njengoba kuchazwe ngenhla.
Ngakho, umhubhe ozobalwa ku-0 unalezi zenzo=load:0->NXM_OF_VLAN_TCI[],layisha:0x16->NXM_NX_TUN_ID[],okuphumayo:3. Ake siguqule u-0x16 sibe uhlelo lwezinombolo zedesimali:
0x16 = 6*16^0+1*16^1 = 6+16 = 22Umhubhe okufanele kuhlanganiswe-1 unalokhu okulandelayo VNI:actions=load:0->NXM_OF_VLAN_TCI[],ukulayisha:0x63->NXM_NX_TUN_ID[],okuphumayo:2. Ake siguqule u-0x63 sibe uhlelo lwezinombolo zedesimali:
0x63 = 3*16^0+6*16^1 = 3+96 = 99Hhayi-ke, manje ake sibheke indawo yokulahla:
[root@hp-gen9 bormoglotx]# tcpdump -vvv -i vnet4
tcpdump: listening on vnet4, link-type EN10MB (Ethernet), capture size 262144 bytes
*****************omitted*******************
04:35:18.709949 IP (tos 0x0, ttl 64, id 48650, offset 0, flags [DF], proto UDP (17), length 134)
192.168.255.19.41591 > 192.168.255.15.4789: [no cksum] VXLAN, flags [I] (0x08), vni 22
IP (tos 0x0, ttl 64, id 49042, offset 0, flags [DF], proto ICMP (1), length 84)
10.0.1.85 > 10.0.2.8: ICMP echo request, id 5378, seq 9, length 64
04:35:18.710159 IP (tos 0x0, ttl 64, id 23360, offset 0, flags [DF], proto UDP (17), length 134)
192.168.255.15.38983 > 192.168.255.26.4789: [no cksum] VXLAN, flags [I] (0x08), vni 99
IP (tos 0x0, ttl 63, id 49042, offset 0, flags [DF], proto ICMP (1), length 84)
10.0.1.85 > 10.0.2.8: ICMP echo request, id 5378, seq 9, length 64
04:35:18.711292 IP (tos 0x0, ttl 64, id 43596, offset 0, flags [DF], proto UDP (17), length 134)
192.168.255.26.42588 > 192.168.255.15.4789: [no cksum] VXLAN, flags [I] (0x08), vni 99
IP (tos 0x0, ttl 64, id 55103, offset 0, flags [none], proto ICMP (1), length 84)
10.0.2.8 > 10.0.1.85: ICMP echo reply, id 5378, seq 9, length 64
04:35:18.711531 IP (tos 0x0, ttl 64, id 8555, offset 0, flags [DF], proto UDP (17), length 134)
192.168.255.15.38983 > 192.168.255.19.4789: [no cksum] VXLAN, flags [I] (0x08), vni 22
IP (tos 0x0, ttl 63, id 55103, offset 0, flags [none], proto ICMP (1), length 84)
10.0.2.8 > 10.0.1.85: ICMP echo reply, id 5378, seq 9, length 64
*****************omitted*******************Iphakethe lokuqala liyiphakethe le-vxlan elisuka kumsingathi 192.168.255.19 (compute-0) ukuze libambe i-192.168.255.15 (control-1) nge-vni 22, ngaphakathi lapho iphakethe le-ICMP lihlanganiswe kusuka kumsingathi 10.0.1.85 ukuze kubambe i-10.0.2.8. Njengoba sibale ngenhla, i-vni ifanisa esikubone kokuphumayo.
Iphakethe lesibili liyiphakethe le-vxlan elivela kumsingathi 192.168.255.15 (control-1) ukuze libambe i-192.168.255.26 (compute-1) nge-vni 99, ngaphakathi lapho iphakethe le-ICMP lihlanganiswa kusuka kumsingathi 10.0.1.85 ukuze kubambe i-10.0.2.8. Njengoba sibale ngenhla, i-vni ifanisa esikubone kokuphumayo.
Amaphakethe amabili alandelayo yi-traffic yokubuyisela kusuka ku-10.0.2.8 hhayi 10.0.1.85.
Okusho ukuthi, ekugcineni sithole uhlelo olulandelayo lwe-node yokulawula:
Kubukeka sengathi kunjalo? Sikhohlwe mayelana nezikhala zamagama ezimbili:
[heat-admin@overcloud-controller-0 ~]$ sudo ip netns
qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe (id: 2)
qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638 (id: 1)
qdhcp-67a3798c-32c0-4c18-8502-2531247e3cc2 (id: 0)
[heat-admin@overcloud-controller-0 ~]$ Njengoba sikhulume ngesakhiwo seplathifomu yefu, kungaba kuhle uma imishini ithola amakheli ngokuzenzakalelayo kusuka kuseva ye-DHCP. Lawa amaseva amabili e-DHCP kumanethiwekhi ethu amabili 10.0.1.0/24 kanye no-10.0.2.0/24.
Ake sihlole ukuthi lokhu kuyiqiniso. Kunekheli elilodwa kuphela kulesi sikhala samagama - 10.0.1.1 - ikheli leseva ye-DHCP ngokwayo, futhi lifakiwe ku-br-int:
[heat-admin@overcloud-controller-0 ~]$ sudo ip netns exec qdhcp-67a3798c-32c0-4c18-8502-2531247e3cc2 ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1 bytes 28 (28.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1 bytes 28 (28.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tapca25a97e-64: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 10.0.1.1 netmask 255.255.255.0 broadcast 10.0.1.255
inet6 fe80::f816:3eff:fee6:2c5c prefixlen 64 scopeid 0x20<link>
ether fa:16:3e:e6:2c:5c txqueuelen 1000 (Ethernet)
RX packets 129 bytes 9372 (9.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 49 bytes 6154 (6.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0Ake sibone ukuthi ingabe izinqubo eziqukethe qdhcp-67a3798c-32c0-4c18-8502-2531247e3cc2 egameni lazo endaweni yokulawula:
[heat-admin@overcloud-controller-0 ~]$ ps -aux | egrep qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638
root 640420 0.0 0.0 4220 348 ? Ss 11:31 0:00 dumb-init --single-child -- ip netns exec qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638 /usr/sbin/dnsmasq -k --no-hosts --no-resolv --pid-file=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/host --addn-hosts=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/opts --dhcp-leasefile=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/leases --dhcp-match=set:ipxe,175 --local-service --bind-dynamic --dhcp-range=set:subnet-335552dd-b35b-456b-9df0-5aac36a3ca13,10.0.2.0,static,255.255.255.0,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=256 --conf-file= --domain=openstacklocal
heat-ad+ 951620 0.0 0.0 112944 980 pts/0 S+ 18:50 0:00 grep -E --color=auto qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638
[heat-admin@overcloud-controller-0 ~]$ Kunenqubo enjalo futhi ngokusekelwe olwazini olwethulwa kokuphumayo ngenhla, singakwazi, isibonelo, ukubona lokho esinakho manje okuqashelwayo:
[heat-admin@overcloud-controller-0 ~]$ cat /var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/leases
1597492111 fa:16:3e:6c:ad:9c 10.0.2.8 host-10-0-2-8 01:fa:16:3e:6c:ad:9c
1597491115 fa:16:3e:76:c2:11 10.0.2.1 host-10-0-2-1 *
[heat-admin@overcloud-controller-0 ~]$Ngenxa yalokho, sithola isethi yezinsizakalo ezilandelayo endaweni yokulawula:
Hhayi-ke, khumbula - lena imishini emi-4 kuphela, amanethiwekhi angaphakathi angu-2 kanye nerutha eyodwa ebonakalayo... i-router esabalalisiwe ivaliwe, futhi ekugcineni Emva kwakho konke, kwakukhona i-node eyodwa kuphela yokulawula ebhentshini lokuhlola (ngokubekezelela amaphutha kufanele kube nekhoramu yama-node amathathu). Kunengqondo ukuthi kwezentengiselwano konke “kuncane” kuyinkimbinkimbi kakhulu, kodwa kulesi sibonelo esilula siyaqonda ukuthi kufanele kusebenze kanjani - noma ngabe unezikhala zamagama ezi-3 noma ezingama-300 kubalulekile impela, kepha ngokombono wokusebenza kwayo yonke indawo. isakhiwo, akukho lutho oluzoshintsha kakhulu ... nakuba kuze kube yilapho ungeke uxhume i-SDN yomthengisi. Kodwa leyo indaba ehluke ngokuphelele.
Ngethemba ukuthi bekuthakazelisa. Uma unanoma yimiphi imibono/izengezo, noma kwenye indawo engiqambe amanga ngayo (ngingumuntu futhi umbono wami uyohlale uvumelana nesihloko) - bhala lokho okudingeka kulungiswe/kwengezwe - sizolungisa/sengeze yonke into.
Sengiphetha, ngithanda ukusho amagama ambalwa mayelana nokuqhathanisa i-Openstack (kokubili i-vanilla nomthengisi) nesixazululo sefu esivela ku-VMWare - lo mbuzo bengiwubuzwe kaningi kule minyaka embalwa edlule futhi, uma ngikhuluma ngokungagwegwesi, vele ukhathele yikho, kodwa noma kunjalo. Ngokombono wami, kunzima kakhulu ukuqhathanisa lezi zixazululo ezimbili, kodwa singasho ngokuqinisekile ukuthi kukhona ukungalungi kuzo zombili izixazululo futhi lapho ukhetha isisombululo esisodwa udinga ukukala okuhle nokubi.
Uma i-OpenStack iyisixazululo esiqhutshwa umphakathi, khona-ke i-VMWare inelungelo lokwenza kuphela lokho ekufunayo (funda - lokho okunenzuzo ngayo) futhi lokhu kunengqondo - ngoba inkampani yezohwebo esetshenziselwa ukwenza imali kumakhasimende ayo. Kodwa kukhona eyodwa enkulu futhi ekhuluphele KODWA - ungakwazi ukuphuma ku-OpenStack, isibonelo kwaNokia, futhi ngokushintsha kwezindleko ezincane uye esixazululo, ngokwesibonelo, iJuniper (Contrail Cloud), kodwa mancane amathuba okuthi ukwazi ukuphuma ku-VMWare. . Kimi, lezi zixazululo ezimbili zibukeka kanje - i-Openstack (umthengisi) iyikheji elilula obekwe kulo, kodwa unokhiye futhi ungashiya nganoma yisiphi isikhathi. I-VMWare iyikheji legolide, umnikazi wayo unokhiye wekheji futhi izokubiza kakhulu.
Angiphromothi umkhiqizo wokuqala noma owesibili - ukhetha okudingayo. Kodwa uma nginesinqumo esinjalo, ngingakhetha zombili izixazululo - i-VMWare yefu le-IT (imithwalo ephansi, ukuphathwa okulula), i-OpenStack evela kumthengisi othile (i-Nokia neJuniper inikeza izixazululo ezinhle kakhulu ze-turnkey) - yefu le-Telecom. Ngeke ngisebenzise i-Openstack ku-IT ehlanzekile - kufana nokudubula ondlunkulu ngenganono, kodwa angiboni noma yikuphi ukuphikisana nokuyisebenzisa ngaphandle kokuphinda ngisebenzise. Kodwa-ke, ukusebenzisa i-VMWare ku-telecom kufana nokudonsa itshe elichotshoziwe ngeFord Raptor - yinhle ngaphandle, kodwa umshayeli kufanele enze uhambo oluyi-10 esikhundleni solunye.
Ngokubona kwami, okubi kakhulu kwe-VMWare ukuvala kwayo okuphelele - inkampani ngeke ikunikeze noma yiluphi ulwazi mayelana nendlela esebenza ngayo, isibonelo, i-vSAN noma yini eku-hypervisor kernel - akunanzuzo ngayo - okungukuthi, uzokwenza. ungalokothi ube uchwepheshe ku-VMWare - ngaphandle kokusekelwa komthengisi, uzolahlekelwa (isikhathi esiningi ngihlangana nochwepheshe be-VMWare abadidwa yimibuzo engasho lutho). Kimina, i-VMWare ithenga imoto ene-hood ekhiyiwe - yebo, ungase ube nochwepheshe abangashintsha ibhande lesikhathi, kodwa kuphela lowo okudayisele lesi sixazululo ongavula i-hood. Ngokwami, angizithandi izixazululo engingakwazi ukungena kuzo. Uzosho ukuthi akumele ungene ngaphansi kwe-hood. Yebo, lokhu kungenzeka, kodwa ngizokubheka lapho udinga ukuhlanganisa umsebenzi omkhulu efwini kusuka kumishini ebonakalayo engu-20-30, amanethiwekhi angu-40-50, ingxenye yawo efuna ukuphuma ngaphandle, kanti ingxenye yesibili icela Ukusheshisa kwe-SR-IOV, ngaphandle kwalokho uzodinga inqwaba yalezi zimoto - ngaphandle kwalokho ukusebenza ngeke kwanele.
Kunamanye amaphuzu okubuka, ngakho-ke nguwe kuphela onganquma ukuthi yini ongayikhetha futhi, okubaluleke kakhulu, uzoba nesibopho sokukhetha kwakho. Lona umbono wami nje - umuntu obone futhi wathinta okungenani imikhiqizo emi-4 - Nokia, Juniper, Red Hat kanye ne-VMWare. Okungukuthi, kukhona engingaqhathanisa nakho.
Source: www.habr.com