本周有工作需要,搭建出openstack的fwaas、vpnaas、port_forwarding环境,这回操作系统用ubuntu-22.04.1-live-server-amd64,双网卡,第一个ens160,管理(能访问互联网),第二个网卡ens192,业务外网,先是按以往的经验切阿里云的源,这回不仅速度不快,而且安装过程中报错了,重新安装就不切了,
下载devstack最新稳定版本(zed),
git clone -b stable/zed https://github.com/openstack/devstack.git,
编辑安装脚本,vim devstack/local.conf,
[[local|localrc]]
PUBLIC_INTERFACE=ens192
SERVICE_PASSWORD=password
ADMIN_PASSWORD=password
SERVICE_TOKEN=password
DATABASE_PASSWORD=password
RABBIT_PASSWORD=password
enable_service q-agt
enable_service q-dhcp
enable_service q-l3
enable_service q-meta
enable_service q-svc
disable_service cinder
disable_service tempest
disable_service dstat
enable_plugin neutron-fwaas https:///github.com/openstack/neutron-fwaas stable/zed
enable_service q-fwaas-v2
enable_plugin neutron-fwaas-dashboard https:///github.com/openstack/neutron-fwaas-dashboard stable/zed
enable_plugin neutron-vpnaas https:///github.com/openstack/neutron-vpnaas stable/zed
enable_plugin neutron-vpnaas-dashboard https:///github.com/openstack/neutron-vpnaas-dashboard stable/zed
Q_AGENT="openvswitch"
Q_ML2_PLUGIN_MECHANISM_DRIVERS="openvswitch"
Q_ML2_TENANT_NETWORK_TYPE="vxlan"
[[post-config|/etc/neutron/dhcp_agent.ini]]
[DEFAULT]
enable_isolated_metadata = True
先执行一下./stack.sh,再cancel掉,进入目录,cd /opt/stack/,下载所需组件的源码,
git clone -b stable/zed https://github.com/openstack/nova.git,
git clone -b stable/zed https://github.com/openstack/neutron.git,
git clone -b stable/zed https://github.com/openstack/horizon.git,
git clone -b stable/zed https://github.com/openstack/keystone.git,
git clone -b stable/zed https://github.com/openstack/glance.git,
git clone -b stable/zed https://github.com/openstack/placement.git,
git clone -b stable/zed https://github.com/openstack/requirements.git,
git clone -b stable/zed https:///github.com/openstack/neutron-fwaas,
git clone -b stable/zed https:///github.com/openstack/neutron-fwaas-dashboard,
git clone -b stable/zed https:///github.com/openstack/neutron-vpnaas,
git clone -b stable/zed https:///github.com/openstack/neutron-vpnaas-dashboard,
git clone -b v1.3.0 https://github.com/novnc/novnc.git,
进入devstack文件目录,cd /home/ubuntu/devstack/file/,下载所需文件,
https://github.com/etcd-io/etcd/releases/download/v3.3.12/etcd-v3.3.12-linux-amd64.tar.gz,
https://github.com/cirros-dev/cirros/releases/download/0.5.2/cirros-0.5.2-x86_64-disk.img,
安装过程中还是会报一个错,说是要求的neutron-lib版本不对,
修改文件,vim /opt/stack/requirements/upper-constraints.txt,把neutron-lib===3.1.0改成neutron-lib>=3.1.0,
再次./stack.sh,大概半个小时就完成了,
fwaas、vpnaas都自动安装完了,先不管了,接着研究port_forwarding,
按照官方指南,修改文件,vim /etc/neutron/neutron.conf,service_plugins = ......,port_forwarding,
修改文件,vim /etc/neutron/l3_agent.ini,extensions = ......,port_forwarding,
重启服务,我图省事儿,都重启了,sudo systemctl restart devstack@*,
验证发现port_forwarding不通,看弹性IP是down的,没研究明白为啥,
重新安装一个ovn的环境试试,安装脚本仅需,vim devstack/local.conf,
[[local|localrc]]
PUBLIC_INTERFACE=ens192
SERVICE_PASSWORD=password
ADMIN_PASSWORD=password
SERVICE_TOKEN=password
DATABASE_PASSWORD=password
RABBIT_PASSWORD=password
disable_service cinder
disable_service tempest
enable_plugin neutron-fwaas https:///github.com/openstack/neutron-fwaas stable/zed
enable_service q-fwaas-v2
enable_plugin neutron-fwaas-dashboard https:///github.com/openstack/neutron-fwaas-dashboard stable/zed
enable_plugin neutron-vpnaas https:///github.com/openstack/neutron-vpnaas stable/zed
enable_plugin neutron-vpnaas-dashboard https:///github.com/openstack/neutron-vpnaas-dashboard stable/zed
竟然全程不报错,没有ovs的neutron-lib版本不对的问题,
直接验证port_forwarding,仅需修改文件,vim /etc/neutron/neutron.conf,service_plugins = ......,port_forwarding,并重启服务,
这回port_forwarding是通的,同一个弹性IP的不同端口映射给了不同的内网虚机,
openstack floating ip port forwarding create
--internal-ip-address 10.0.0.149
--port 00634ccf-648c-4ad3-bd51-de225d2dae9a
--internal-protocol-port 22
--external-protocol-port 222
--protocol tcp 10.90.11.17,
openstack floating ip port forwarding create
--internal-ip-address 10.0.0.250
--port 19c90442-31cb-4b06-80e3-8ac0f6a33d7b
--internal-protocol-port 22
--external-protocol-port 2222
--protocol tcp 10.90.11.17,
顺手又验证了一下ovn下虚机接口解绑安全组后不允许使用自定义ip的问题,仍在存在。
原文始发于微信公众号(云计算和网络安全技术实践):DevStack(port_forwarding)的实践
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论