Shulou(Shulou.com)05/31 Report--

Editor to share with you how to use keepalived in openstack nova kvm, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

Create kvm

Use nova to create three kvm,baseimage in the openstack environment: RHEL 7.1ppc64le, all with internal ip and floating ip mounted

Nova list+--+--+- -- + | ID | Name | Status | Task State | Power State | Networks | +- -+ + | ef1f1a66-1375-4d9a-b99b-580c8340b59d | linzhbj-kvm.ppc64le-keepalived-n0 | ACTIVE |-| Running | ent_vlan=192.168.33.14 172.16.0.237 | | 3eb18869-97c5-42cb-94e7-466d52d4199d | linzhbj-kvm.ppc64le-keepalived-n1 | ACTIVE |-| Running | ent_vlan=192.168.33.15, 172.16.0.238 | | daf4b686-c33d-48e5-89cc-0a0f99d8fb73 | linzhbj-kvm.ppc64le-keepalived-n2 | ACTIVE |-| Running | ent_vlan=192.168.33.91 172.16.0.239 | +- -- + create internal ip and floating ip respectively as total virtual ipneutron port-create internal_vlannova floating-ip-create floating_vlanneutron port-list for later use | 5c09376e-bd65-4aed-9f4e-dd6ba2879a27 | linzhbj_keepalived_vip0 | fa:16:3e:4f:47:21 | {"subnet_id": "585b7e7e-e890-4b4b-90f9-e877605f5d5e" "ip_address": "192.168.33.91"} | | 0e0c48e6-2e32-48c5-a01d-c059c4931064 | linzhbj_keepalived_vip1 | fa:16:3e:f9:4f:41 | {"subnet_id": "585b7e7e-e890-4b4b-90f9-e877605f5d5e" "ip_address": "192.168.33.14"} | | b133aa34-a2fc-4c05-a962-18118de6db83 | linzhbj_keepalived_vip2 | fa:16:3e:aa:02:ea | {"subnet_id": "585b7e7e-e890-4b4b-90f9-e877605f5d5e" "ip_address": "192.168.33.15"} | | 5ffd38c7-9ec3-4661-84f9-048eda70f738 | linzhbj_keepalived_vip_total | fa:16:3e:ea:81:6a | {"subnet_id": "585b7e7e-e890-4b4b-90f9-e877605f5d5e" "ip_address": "192.168.33.92"} | nova floating-ip-list+--+-+--+ -+-+ | Id | IP | Server Id | Fixed IP | Pool | +-- -+-+ | 0730073b-9758-409f-843a-0f40e8f9b300 | 172.16.0.238 | 3eb18869-97c5-42cb-94e7-466d52d4199d | 192.168.33.15 | ext_net | | 1c9c3745-d7d4-435cMurb8c5- C19d415fde71 | 172.16.0.239 | daf4b686-c33d-48e5-89cc-0a0f99d8fb73 | 192.168.33.91 | ext_net | | 7d056ad6-b2d9-47ae-92f3-d383d2aab366 | 172.16.1.60 | | 192.168.33.92 | ext_net | | a948ef38-01b6-4922-8025-067c0c610f17 | 172.16.0.237 | ef1f1a66-1375-4d9a-b99b-580c8340b59d | 192.168.33.14 | ext_net | | +-- Mount floating ip and internal ip | Neutron floatingip-associate 7d056ad6-b2d9-47ae-92f3-d383d2aab366 5ffd38c7-9ec3-4661-84f9-048eda70f738 configuration keepalived

Go to each kvm to install keepalived, and start up the configuration

Yum install keepalived

Edit keepalived configuration

Vim / etc/keepalived/keepalived.confglobal_defs {notification_email {linzhaolover@163.com} notification_email_from linzhaolover@163.com smtp_server 127.0.0.1 stmp_connect_timeout 30 router_id NodeA} vrrp_instance lnmp {state BACKUP interface eth0 virtual_router_id 100 priority 170 advert_int 5 track_interface {eth0} authentication { Auth_type PASS auth_pass 123456} virtual_ipaddress {192.168.33.92/20 dev eth0}}

Service keepalived restart

Ip addr

[root@host-192-65536-33-15 ~] # ip addr1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 0012 scope host valid_lft forever preferred_lft forever2: eth0: mtu 1454 qdisc pfifo_fast state UP qlen 1000 link/ether fa:16 : 3e:aa:02:ea brd ff:ff:ff:ff:ff:ff inet 192.168.33.15 brd 20 brd 192.168.47.255 scope global dynamic eth0 valid_lft 85999sec preferred_lft 85999sec inet 192.168.33.92 scope global dynamic eth0 valid_lft 85999sec preferred_lft 85999sec inet 20 scope global secondary eth0 valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:feaa:2ea/64 scope link valid_lft forever preferred_lft forever View logtail-f / var/log/messages generated by keepalive

After all three kvm are configured with the above keepalived, the test will not work.

Ping 192.168.33.92

Unexpectedly, it doesn't work. It seems that there is still a lack of things. Is it possible that there are fewer iptable rules?

Key config allow pairs# neutron port-update-allowed-address-pairs type=dict list=true mac_address=,ip_address=mac_address is the mac address of kvm, and ip_address is the address of virtual ip Make no mistake neutron port-update 5c09376e-bd65-4aed-9f4e-dd6ba2879a27-- name linzhbj_keepalived_vip0-- allowed-address-pairs type=dict list=true mac_address= "fa:16:3e:4f:47:21", ip_address=192.168.33.92neutron port-update 0e0c48e6-2e32-48c5-a01d-c059c4931064-- name linzhbj_keepalived_vip1-- allowed-address-pairs type=dict list=true mac_address= "fa:16:3e:f9:4f:41" Ip_address=192.168.33.92neutron port-update b133aa34-a2fc-4c05-a962-18118de6db83-name linzhbj_keepalived_vip2-allowed-address-pairs type=dict list=true mac_address= "fa:16:3e:aa:02:ea" Ip_address=192.168.33.92 check iptables rule iptables-S in compute node | grep 192.168.33.92 check iptables A neutron-openvswi-s0e0c48e6-2-s 192.168.33.92 Allow traffic from defined IP/MAC pairs 32-m mac--mac-source FA:16:3E:F9:4F:41-m comment-- comment "Allow traffic from defined IP/MAC pairs."-j RETURN-A neutron-openvswi-s5c09376e-b-s 192.168.33.92 RETURN-A neutron-openvswi-s5c09376e-b 32-m mac--mac-source FA:16 : 3E:4F:47:21-m comment-- comment "Allow traffic from defined IP/MAC pairs."-j RETURN-A neutron-openvswi-sb133aa34-a-s 192.168.33.92 32-m mac--mac-source FA:16:3E:AA:02:EA-m comment-- comment "Allow traffic from defined IP/MAC pairs."-j RETURN this is the iptables rule summary of the mac corresponding to each kvm

For kvm in openstack, if you want to run the corresponding service properly, you must configure the corresponding rules in neutron to allow it to run. Although it is troublesome, it plays a good protective role.

Use your head, there are always more ways than problems. When O (∩ _ ∩) O~bugport-update, you will encounter bugNT-628A69C Policy doesn't allow (rule:update_port and rule:update_port:allowed_address_pairs) to be performed.vim / etc/neutron/policy.jsonchange "update_port:allowed_address_pairs": "rule:admin_or_network_owner", to "update_port:allowed_address_pairs": "rule:admin_or_owner". Both nova and neutron have their own policy. So you have to set it so that the system does not have various kvm iptables rules vim / etc/sysctl.confnet.ipv4.conf.all.rp_filter=0net.ipv4.conf.default.rp_filter=0 to make the configuration effective sysctl-pvim / etc/neutron/plugins/openvswitch/ovs_neutron_ plugin.ini [securitygroup] firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver restart the agent service service neutron-plugin-openvswitch-agent restart# iptables-S | grep 192.168.33A neutron-openvswi- S0e0c48e6-2-s 192.168.33.92 comment 32-m mac--mac-source FA:16:3E:F9:4F:41-m comment-- comment "Allow traffic from defined IP/MAC pairs."-j RETURN-A neutron-openvswi-s0e0c48e6-2-s 192.168.33.14 comment 32-m mac--mac-source FA:16:3E:F9:4F:41-m comment-- comment "Allow traffic from defined IP/MAC pairs."-j RETURN-A neutron-openvswi- S5c09376e-b-s 192.168.33.92 Allow traffic from defined IP/MAC pairs 32-m mac--mac-source FA:16:3E:4F:47:21-m comment-- comment "Allow traffic from defined IP/MAC pairs."-j RETURN-A neutron-openvswi-s5c09376e-b-s 192.168.33.91 Universe 32-m mac--mac-source FA:16:3E:4F:47:21-m comment-- comment "Allow traffic from defined IP/MAC pairs."-j RETURN above is "keepalived in" How to use all the contents of this article in openstack nova kvm Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.