Shulou(Shulou.com)06/02 Report--

Part XIII launch examples

Preliminary knowledge: Linux Bridge network model

Since Linux Bridge is used to verify the network at the end of the previous section and to launch the example in this section, the basic concepts of Linux Bridge are introduced here.

Suppose there is a physical Nic eth0 connected to the public network on the host, and a virtual machine VM1 runs on it. Using Linux Bridge, the host will create a bridge br0 of Linux Bridge to bridge the physical Nic eth0 with the virtual ENI of the instance. As shown in the following figure, br0 can be thought of as a virtual switch, and vnet0 can be seen as a port on a virtual switch.

The specific connection method is: virtual network card of the virtual machine (if the operating system of the virtual machine is linux, its virtual network card name is also eth0)-- vnet0--br0-- physical network card eth0

In the following installation, we will use the network card eth2 of the compute node (which can be thought of as the host of the instance) to bridge the virtual network card of the instance (if the instance is installed with a linux system, its virtual network card name is eth0).

Similar to the architecture above, br0 is created by neutron, using a name similar to brq8c8dcd81-d3, and a port vnet0 is also created by neutron, with a name similar to tapfdf3a9b5-f8, which contains information such as the ip address created by neutron service plugin and agent. After the instance is started, neutron assigns the port to the instance.

In this way, brq8c8dcd81-d3 bridges the host's eth2, port tapfdf3a9b5-f8 and the instance's virtual network card to provide network access for the instance.

Specifically, it is connected like this: the eth2 of the virtual network card eth0--tapfdf3a9b5-f8--brq8c8dcd81-d3-- host (computing node) of the instance (if the operating system of the instance is linux)

Similarly, if you start a new instance, neutron creates a new port in brq8c8dcd81-d3, tapxxxxxxx-xx, and assigns it to that instance.

It can be seen that the analogy vSphere,brq8c8dcd81-d3 is actually a standard virtual switch, tapfdf3a9b5-f8 is the port (port group) above, and eth2 is the uplink.

The underlying network configuration of the control node

As mentioned at the end of the previous section, when creating a virtual network, the control node creates a bridge similar to the brqxxxxx mentioned above (xxxxx is the first 11 bits of the virtual network ID), and creates a port tapxxxxx used by the dhcp-agent (xxxx is the first few bits of dhcp-agent) to bridge the physical network card eth2 and the tap device.

At the control node, use brctl show to view

Brctl show

Similar to the one shown in the figure is correct. If there is no eth2, the ip address will not be obtained for the instance created later.

Please follow these steps to check

(1) confirm that the NetworkManager package has been stopped or deleted

Systemctl stop NetworkManager

Systemctl disable NetworkManager

Yum remove NetworkManager-y

(2) restart the network

Systemctl restart network

Preparation before creating an instance

Create an instance type

. Admin-openrc

Openstack flavor create-- id 0-- vcpus 1-- ram 64-- disk 1 m1.nano

Openstack flavor list

Create ordinary projects, users, and give ordinary users the user role.

Openstack project create-domain default-description "ygj Project" ygj-project

Openstack user create-domain default-password 123456 ygj

Openstack role add-project ygj-projec-user ygj user

Create an environment variable script for an ordinary user

Vim ygj-openrc

Join:

Export OS_PROJECT_DOMAIN_NAME=Default

Export OS_USER_DOMAIN_NAME=Default

Export OS_PROJECT_NAME=ygj-project

Export OS_USERNAME=ygj

Export OS_PASSWORD=123456

Export OS_AUTH_URL= http://ct:5000/v3

Export OS_IDENTITY_API_VERSION=3

Export OS_IMAGE_API_VERSION=2

Create a key pair

. Ygj-openrc

Ssh-keygen-Q-N ""

Openstack keypair create-public-key ~ / .ssh/id_rsa.pub ygjkey

Openstack keypair list

Create security group rules

Openstack security group rule create-proto icmp default

Openstack security group rule create-proto tcp-dst-port 22 default

Check the related services and configuration of openstack

. Ygj-openrc

Openstack flavor list

Openstack image list

Openstack network list (copy the network ID, use later)

The network ID recorded is: 3903994e-3f22-4677-8c3a-5ea4edd90afb

Openstack security group list

Modify the nova configuration file on the compute node to avoid the error that the network cannot be assigned by creating an instance

Vim / etc/nova/nova.conf

[DEFAULT]

Vif_plugging_is_fatal = false

Vif_plugging_timeout = 0

Confirm to turn on the hybrid mode of eth2 with 2 nodes, so that the virtual machine can connect to the network other than the host.

Yum install net-tools-y

Ifconfig eth2 promisc

Confirm that the networkmanager service on the 2 nodes has been stopped, otherwise it will affect the establishment of the bridging network.

Systemctl stop NetworkManager

Systemctl disable NetworkManager

Check again whether the bridging network configuration of neutron on the control node is correct.

Yum install bridge-utils-y

Brctl show

Be sure to make sure that eth2 is bridged to brq.

Create and start an instance

Commands to create an instance

Openstack server create-- flavor instance type-- image source image-- nic net-id=PROVIDER_NET_ID-- security-group security group name-- key-name key pair instance name

Where PROVIDER_NET_ID: the network ID found by the above openstack network list command

Specifically, it can be like the following command:

. Ygj-openrc

Openstack server create-flavor m1.nano-image cirros--nic net-id=3903994e-3f22-4677-8c3a-5ea4edd90afb-security-group default-key-name ygjkey cirros-instance1

After the command is executed successfully, wait a moment and use openstack server list to check the creation status of the instance.

Confirm that its Status is "ACTIVE" and that it is not empty under Networks.

If the Status of the instance is always BULID or ERROR, you need to check the error message in the log file of the compute node nova and solve it. The path of the log file is: / var/log/nova/nova-compute.log.

Check of computing nodes

After the above command creates an instance, the network of the compute node will change as follows

Ip a

You can see that there will be an extra brq bridge and an tap device.

The brq bridge and the control node have the same name, which means that their ports are connected to the same virtual switch.

The tap device is the port used by the instance you just created (can be thought of as).

Then use brctl to view

Brctl show

It is found that the tap device is bridged to the bridge.

However, the eth2 of the computing node is not bridged to the brq at this time, but it can be bridged by rebooting the network and the instance. The specific reason is unknown (it may be the bug of openstack or the experimental environment is vmware-workstation).

(1) restart the compute node network

Systemctl restart network

(2) restart the instance at the control node

Openstack server reboot cirros-instance1

Use brctl show to view in the compute node after restart.

You can see that the compute node's eth2 has been bridged to the brq.

Check the network connection to the instance:

Ping 10.8.20.53

Indicates that the instance has been able to obtain the ip address.

Access the console of the instance at the compute node

View running instances

Virsh list

Write down that the id is 2

Enter the console of the instance

Virsh console 2

The 2 here is the id written down above.

Press enter, and the login prompt for the instance will appear. Log in using the cirros user and the password prompted.

The $prompt indicates that the login was successful

Use ip a to view the ip of an instance

Got the correct ip.

You can also use sudo passwd to change the root password, use the mount viewer to mount the disk, and other operations will not be discussed in detail.

Finally, check the network access.

Ping 10.8.20.42

Ping 10.8.20.41

Ping www.baidu.com

Press the "ctrl+] key on the keyboard to return to the command prompt for the compute node.

Create another instance

Do the following on the control node

. Ygj-openrc

Openstack server create-flavor m1.nano-image cirros--nic net-id=3903994e-3f22-4677-8c3a-5ea4edd90afb-security-group default-key-name ygjkey cirros-instance2

Openstack server list

As you can see, the new instance is already ACTIVE. The obtained ip address is 10.8.20.51 and can be ping, indicating that the instance is created successfully.

Use dashboard to view the status of an instance

Log in to dashboard using the normal user ygj password 123456 established above (do not log in with admin, you will not see any instances), and you can view the 2 instances created at the instance.

2 Instanc

You can also access the console of the instance

At this point, starting the instance is complete. The next section describes how to install and configure the instance of centos7.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.