OpenStack Antelope : Neutron नेटवर्क (Geneve)2023/09/08 |
|
OpenStack नेटवर्क सेवा द्वारा वर्चुअल नेटवर्किंग कॉन्फ़िगर करें। (Neutron)
उदाहरण के लिए, यहां Geneve प्रकार की नेटवर्किंग कॉन्फ़िगर करें।
इनियंत्रण नोड, नेटवर्क नोड, नोड की गणना करें, कंप्यूट नोड पर बुनियादी सेटिंग्स कॉन्फ़िगर करें।
इसके अलावा, यह उदाहरण उस वातावरण पर आधारित है जिसमें नेटवर्क नोड और कंप्यूट नोड में 2 नेटवर्क इंटरफेस हैं।
और [eth1] बिना आईपी एड्रेस के भी चालू है, Netplan पर अनाम इंटरफ़ेस को बढ़ाने के लिए यहां [1] देखें।
------------+--------------------------+--------------------------+------------
| | |
eth0|10.0.0.30 eth0|10.0.0.50 eth0|10.0.0.51
+-----------+-----------+ +-----------+-----------+ +-----------+-----------+
| [ dlp.srv.world ] | | [ network.srv.world ] | | [ node01.srv.world ] |
| (Control Node) | | (Network Node) | | (Compute Node) |
| | | | | |
| MariaDB RabbitMQ | | Open vSwitch | | Libvirt |
| Memcached Nginx | | Neutron Server | | Nova Compute |
| Keystone httpd | | OVN-Northd | | Open vSwitch |
| Glance Nova API | | Nginx | | OVN Metadata Agent |
| | | | | OVN-Controller |
+-----------------------+ +-----------+-----------+ +-----------+-----------+
eth1|(UP with no IP) eth1|(UP with no IP)
|
| [1] | नेटवर्क नोड और कंप्यूट नोड दोनों पर ब्रिज मैपिंग कॉन्फ़िगर करें। |
|
# ब्रिज जोड़ें ([br-eth1] के लिए कोई भी नाम जो आपको पसंद हो) root@network:~# ovs-vsctl add-br br-eth1
# पुल पर एक बंदरगाह जोड़ें # [eth1] को अपने परिवेश में बदलें root@network:~# ovs-vsctl add-port br-eth1 eth1
# पुल के लिए [physnet1] का नक्शा बनाएं ([physnet1] के लिए कोई भी नाम जो आपको पसंद हो) root@network:~# ovs-vsctl set open . external-ids:ovn-bridge-mappings=physnet1:br-eth1 |
| [2] | एक वर्चुअल राउटर बनाएं. किसी भी नोड पर काम करना ठीक है. (यह उदाहरण कंट्रोल नोड पर है) |
|
root@dlp ~(keystone)# openstack router create router01 +-------------------------+--------------------------------------+ | Field | Value | +-------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2023-03-27T00:14:51Z | | description | | | enable_ndp_proxy | None | | external_gateway_info | null | | flavor_id | None | | id | b5031373-b5b4-47b8-8268-59acdc79d323 | | name | router01 | | project_id | cac657ec003e4c95aaaa30bc0321895f | | revision_number | 1 | | routes | | | status | ACTIVE | | tags | | | tenant_id | cac657ec003e4c95aaaa30bc0321895f | | updated_at | 2023-03-27T00:14:51Z | +-------------------------+--------------------------------------+ |
| [3] | आंतरिक नेटवर्क बनाएं और उपरोक्त राउटर के साथ जुड़ें। |
|
# आंतरिक नेटवर्क बनाएं root@dlp ~(keystone)# openstack network create private --provider-network-type geneve +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2023-03-27T00:15:16Z | | description | | | dns_domain | None | | id | ce6e88bc-107a-446b-b2ab-255bab7269fe | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | mtu | 1442 | | name | private | | port_security_enabled | True | | project_id | cac657ec003e4c95aaaa30bc0321895f | | provider:network_type | geneve | | provider:physical_network | None | | provider:segmentation_id | 7631 | | qos_policy_id | None | | revision_number | 1 | | router:external | Internal | | segments | None | | shared | False | | status | ACTIVE | | subnets | | | tags | | | tenant_id | cac657ec003e4c95aaaa30bc0321895f | | updated_at | 2023-03-27T00:15:16Z | +---------------------------+--------------------------------------+ # आंतरिक नेटवर्क में सबनेट बनाएं root@dlp ~(keystone)# openstack subnet create private-subnet --network private \ --subnet-range 192.168.100.0/24 --gateway 192.168.100.1 \ --dns-nameserver 10.0.0.10 +----------------------+--------------------------------------+ | Field | Value | +----------------------+--------------------------------------+ | allocation_pools | 192.168.100.2-192.168.100.254 | | cidr | 192.168.100.0/24 | | created_at | 2023-03-27T00:15:43Z | | description | | | dns_nameservers | 10.0.0.10 | | dns_publish_fixed_ip | None | | enable_dhcp | True | | gateway_ip | 192.168.100.1 | | host_routes | | | id | feb337ec-215e-406e-8871-196fed2c4207 | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | private-subnet | | network_id | ce6e88bc-107a-446b-b2ab-255bab7269fe | | project_id | cac657ec003e4c95aaaa30bc0321895f | | revision_number | 0 | | segment_id | None | | service_types | | | subnetpool_id | None | | tags | | | updated_at | 2023-03-27T00:15:43Z | +----------------------+--------------------------------------+ # उपरोक्त राउटर पर आंतरिक नेटवर्क सेट करें root@dlp ~(keystone)# openstack router add subnet router01 private-subnet
|
| [4] | बाहरी नेटवर्क बनाएं और ऊपर दिए गए राउटर के साथ जुड़ें। |
|
# बाहरी नेटवर्क बनाएं root@dlp ~(keystone)# openstack network create \ --provider-physical-network physnet1 \ --provider-network-type flat --external public +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2023-03-27T00:16:18Z | | description | | | dns_domain | None | | id | 5352e6c0-47b3-4df2-84f4-ca048f141e1d | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | mtu | 1500 | | name | public | | port_security_enabled | True | | project_id | cac657ec003e4c95aaaa30bc0321895f | | provider:network_type | flat | | provider:physical_network | physnet1 | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 1 | | router:external | External | | segments | None | | shared | False | | status | ACTIVE | | subnets | | | tags | | | tenant_id | cac657ec003e4c95aaaa30bc0321895f | | updated_at | 2023-03-27T00:16:18Z | +---------------------------+--------------------------------------+ # बाहरी नेटवर्क में सबनेट बनाएं root@dlp ~(keystone)# openstack subnet create public-subnet \ --network public --subnet-range 10.0.0.0/24 \ --allocation-pool start=10.0.0.200,end=10.0.0.254 \ --gateway 10.0.0.1 --dns-nameserver 10.0.0.10 --no-dhcp +----------------------+--------------------------------------+ | Field | Value | +----------------------+--------------------------------------+ | allocation_pools | 10.0.0.200-10.0.0.254 | | cidr | 10.0.0.0/24 | | created_at | 2023-03-27T00:16:46Z | | description | | | dns_nameservers | 10.0.0.10 | | dns_publish_fixed_ip | None | | enable_dhcp | False | | gateway_ip | 10.0.0.1 | | host_routes | | | id | ca5539a8-0291-4684-9fb3-0f448efacebf | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | public-subnet | | network_id | 5352e6c0-47b3-4df2-84f4-ca048f141e1d | | project_id | cac657ec003e4c95aaaa30bc0321895f | | revision_number | 0 | | segment_id | None | | service_types | | | subnetpool_id | None | | tags | | | updated_at | 2023-03-27T00:16:46Z | +----------------------+--------------------------------------+ # ऊपर राउटर के लिए गेटवे सेट करें root@dlp ~(keystone)# openstack router set router01 --external-gateway public |
| [5] | डिफ़ॉल्ट रूप से, सभी परियोजनाओं के लिए केवल बाहरी नेटवर्क तक पहुंच संभव है, लेकिन आंतरिक नेटवर्क के लिए, केवल [admin] परियोजनाएं ही इस तक पहुंच सकती हैं, इसलिए जिस परियोजना में आप उपयोगकर्ताओं को प्रवेश देना चाहते हैं उसे आंतरिक नेटवर्क तक पहुंच की अनुमति दें परियोजना का उपयोग। |
|
# नेटवर्क RBAC सूची दिखाएँ root@dlp ~(keystone)# openstack network rbac list +--------------------------------------+-------------+--------------------------------------+ | ID | Object Type | Object ID | +--------------------------------------+-------------+--------------------------------------+ | 83c9abe2-de69-42af-940d-9205b785f0e8 | network | 5352e6c0-47b3-4df2-84f4-ca048f141e1d | +--------------------------------------+-------------+--------------------------------------+ # RBAC विवरण # सभी प्रोजेक्ट केवल [access_as_external] तक पहुंच सकते हैं root@dlp ~(keystone)# openstack network rbac show 83c9abe2-de69-42af-940d-9205b785f0e8 +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | action | access_as_external | | id | 83c9abe2-de69-42af-940d-9205b785f0e8 | | object_id | 5352e6c0-47b3-4df2-84f4-ca048f141e1d | | object_type | network | | project_id | cac657ec003e4c95aaaa30bc0321895f | | target_project_id | * | +-------------------+--------------------------------------+ # नेटवर्क सूची दिखाएँ root@dlp ~(keystone)# openstack network list +--------------------------------------+---------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+---------+--------------------------------------+ | 5352e6c0-47b3-4df2-84f4-ca048f141e1d | public | ca5539a8-0291-4684-9fb3-0f448efacebf | | ce6e88bc-107a-446b-b2ab-255bab7269fe | private | feb337ec-215e-406e-8871-196fed2c4207 | +--------------------------------------+---------+--------------------------------------+ # प्रोजेक्ट सूची दिखाएं root@dlp ~(keystone)# openstack project list +----------------------------------+-----------+ | ID | Name | +----------------------------------+-----------+ | cac657ec003e4c95aaaa30bc0321895f | admin | | d3dd87fb1a034f7883539a6a4f83781f | service | | e294bd7c00314facacdb46c36fb54ee9 | hiroshima | +----------------------------------+-----------+ # [hiroshima] प्रोजेक्ट को [private] के लिए [access_as_shared] अनुमति प्रदान करें root@dlp ~(keystone)# netID=$(openstack network list | grep private | awk '{ print $2 }') root@dlp ~(keystone)# prjID=$(openstack project list | grep hiroshima | awk '{ print $2 }') root@dlp ~(keystone)# openstack network rbac create --target-project $prjID --type network --action access_as_shared $netID +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | action | access_as_shared | | id | 1aa5dff6-ad38-483a-8096-fefe4af62180 | | object_id | ce6e88bc-107a-446b-b2ab-255bab7269fe | | object_type | network | | project_id | cac657ec003e4c95aaaa30bc0321895f | | target_project_id | e294bd7c00314facacdb46c36fb54ee9 | +-------------------+--------------------------------------+ |
| [6] | उस उपयोगकर्ता के साथ लॉगिन करें जो उस प्रोजेक्ट में है जिसे आपने आंतरिक नेटवर्क तक पहुंच की अनुमति दी है और एक इंस्टेंस बनाएं और बूट करें। |
|
# उपलब्ध [flavor] सूची की पुष्टि करें ubuntu@dlp ~(keystone)$ openstack flavor list +----+-----------+------+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+-----------+------+------+-----------+-------+-----------+ | 1 | m1.small | 2048 | 10 | 0 | 1 | True | | 2 | m1.medium | 4096 | 10 | 0 | 2 | True | | 3 | m1.large | 8192 | 20 | 10 | 4 | True | +----+-----------+------+------+-----------+-------+-----------+ # उपलब्ध छवि सूची की पुष्टि करें ubuntu@dlp ~(keystone)$ openstack image list +--------------------------------------+------------+--------+ | ID | Name | Status | +--------------------------------------+------------+--------+ | 00ea6e97-0e97-4cb4-8ac4-2409c28f0289 | Ubuntu2204 | active | +--------------------------------------+------------+--------+ # उपलब्ध नेटवर्क सूची की पुष्टि करें ubuntu@dlp ~(keystone)$ openstack network list +--------------------------------------+---------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+---------+--------------------------------------+ | 5352e6c0-47b3-4df2-84f4-ca048f141e1d | public | ca5539a8-0291-4684-9fb3-0f448efacebf | | ce6e88bc-107a-446b-b2ab-255bab7269fe | private | feb337ec-215e-406e-8871-196fed2c4207 | +--------------------------------------+---------+--------------------------------------+ # उदाहरण के लिए एक सुरक्षा समूह बनाएं ubuntu@dlp ~(keystone)$ openstack security group create secgroup01 +-----------------+-----------------------------------------------------------------------+ | Field | Value | +-----------------+-----------------------------------------------------------------------+ | created_at | 2023-03-27T00:22:55Z | | description | secgroup01 | | id | 00fec817-6562-4ab5-8f45-0bc4954f6d00 | | name | secgroup01 | | project_id | e294bd7c00314facacdb46c36fb54ee9 | | revision_number | 1 | | rules | created_at='2023-03-27T00:22:55Z', direction='egress', ethertype='... | | | created_at='2023-03-27T00:22:55Z', direction='egress', ethertype='... | | shared | False | | stateful | True | | tags | [] | | updated_at | 2023-03-27T00:22:55Z | +-----------------+-----------------------------------------------------------------------+ # इंस्टेंस से कनेक्ट करने के लिए एक SSH कीपेयर बनाएं ubuntu@dlp ~(keystone)$ ssh-keygen -q -N "" Enter file in which to save the key (/home/ubuntu/.ssh/id_rsa): # सार्वजनिक कुंजी जोड़ें ubuntu@dlp ~(keystone)$ openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey +-------------+-------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------+ | created_at | None | | fingerprint | 43:10:f4:b6:e1:39:48:e4:21:c4:b7:6f:53:04:91:d8 | | id | mykey | | is_deleted | None | | name | mykey | | type | ssh | | user_id | 85236576a97e492791abe70c217c8898 | +-------------+-------------------------------------------------+ubuntu@dlp ~(keystone)$ netID=$(openstack network list | grep private | awk '{ print $2 }')
ubuntu@dlp ~(keystone)$
ubuntu@dlp ~(keystone)$ openstack server create --flavor m1.medium --image Ubuntu2204 --security-group secgroup01 --nic net-id=$netID --key-name mykey Ubuntu-2204
openstack server list +--------------------------------------+-------------+--------+-------------------------+------------+-----------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+-------------+--------+-------------------------+------------+-----------+ | 11987eec-fb38-4de1-a386-3d1d6001bbd3 | Ubuntu-2204 | ACTIVE | private=192.168.100.100 | Ubuntu2204 | m1.medium | +--------------------------------------+-------------+--------+-------------------------+------------+-----------+ |
| [7] | उपरोक्त उदाहरण के लिए फ़्लोटिंग आईपी पता निर्दिष्ट करें। |
|
ubuntu@dlp ~(keystone)$ openstack floating ip create public +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | created_at | 2023-03-27T00:28:19Z | | description | | | dns_domain | | | dns_name | | | fixed_ip_address | None | | floating_ip_address | 10.0.0.252 | | floating_network_id | 5352e6c0-47b3-4df2-84f4-ca048f141e1d | | id | b8ea9b04-df5a-43b4-b56a-fa7f002f66dc | | name | 10.0.0.252 | | port_details | None | | port_id | None | | project_id | e294bd7c00314facacdb46c36fb54ee9 | | qos_policy_id | None | | revision_number | 0 | | router_id | None | | status | DOWN | | subnet_id | None | | tags | [] | | updated_at | 2023-03-27T00:28:19Z | +---------------------+--------------------------------------+
ubuntu@dlp ~(keystone)$
openstack server add floating ip Ubuntu-2204 10.0.0.252
# सेटिंग्स की पुष्टि करें ubuntu@dlp ~(keystone)$ openstack floating ip show 10.0.0.252 +---------------------+---------------------------------------------------------------------------+ | Field | Value | +---------------------+---------------------------------------------------------------------------+ | created_at | 2023-03-27T00:28:19Z | | description | | | dns_domain | | | dns_name | | | fixed_ip_address | 192.168.100.100 | | floating_ip_address | 10.0.0.252 | | floating_network_id | 5352e6c0-47b3-4df2-84f4-ca048f141e1d | | id | b8ea9b04-df5a-43b4-b56a-fa7f002f66dc | | name | 10.0.0.252 | | port_details | admin_state_up='True', device_id='11987eec-fb38-4de1-a386-3d1d6001bbd3... | | port_id | 6b961da5-d06f-4320-b5cf-2a549e72af82 | | project_id | e294bd7c00314facacdb46c36fb54ee9 | | qos_policy_id | None | | revision_number | 2 | | router_id | b5031373-b5b4-47b8-8268-59acdc79d323 | | status | ACTIVE | | subnet_id | None | | tags | [] | | updated_at | 2023-03-27T00:28:47Z | +---------------------+---------------------------------------------------------------------------+ubuntu@dlp ~(keystone)$ openstack server list +--------------------------------------+-------------+--------+-------------------------------------+------------+-----------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+-------------+--------+-------------------------------------+------------+-----------+ | 11987eec-fb38-4de1-a386-3d1d6001bbd3 | Ubuntu-2204 | ACTIVE | private=10.0.0.252, 192.168.100.100 | Ubuntu2204 | m1.medium | +--------------------------------------+-------------+--------+-------------------------------------+------------+-----------+ |
| [8] | SSH और ICMP तक पहुँचने के लिए आपके द्वारा ऊपर बनाए गए सुरक्षा समूह के लिए सुरक्षा सेटिंग्स कॉन्फ़िगर करें। |
|
# अनुमति ICMP ubuntu@dlp ~(keystone)$ openstack security group rule create --protocol icmp --ingress secgroup01 +-------------------------+--------------------------------------+ | Field | Value | +-------------------------+--------------------------------------+ | created_at | 2023-03-27T00:30:05Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 78842182-2195-4644-988e-ed8b07112e77 | | name | None | | normalized_cidr | 0.0.0.0/0 | | port_range_max | None | | port_range_min | None | | project_id | e294bd7c00314facacdb46c36fb54ee9 | | protocol | icmp | | remote_address_group_id | None | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | 00fec817-6562-4ab5-8f45-0bc4954f6d00 | | tags | [] | | updated_at | 2023-03-27T00:30:05Z | +-------------------------+--------------------------------------+ # अनुमति SSH ubuntu@dlp ~(keystone)$ openstack security group rule create --protocol tcp --dst-port 22:22 secgroup01 +-------------------------+--------------------------------------+ | Field | Value | +-------------------------+--------------------------------------+ | created_at | 2023-03-27T00:30:24Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 4bdeb85d-72cc-4a3b-8d10-a5bde839682e | | name | None | | normalized_cidr | 0.0.0.0/0 | | port_range_max | 22 | | port_range_min | 22 | | project_id | e294bd7c00314facacdb46c36fb54ee9 | | protocol | tcp | | remote_address_group_id | None | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | 00fec817-6562-4ab5-8f45-0bc4954f6d00 | | tags | [] | | updated_at | 2023-03-27T00:30:24Z | +-------------------------+--------------------------------------+ubuntu@dlp ~(keystone)$ openstack security group rule list secgroup01 +--------------------------------------+-------------+-----------+-----------+------------+-----------+-----------------------+----------------------+ | ID | IP Protocol | Ethertype | IP Range | Port Range | Direction | Remote Security Group | Remote Address Group | +--------------------------------------+-------------+-----------+-----------+------------+-----------+-----------------------+----------------------+ | 3928aa5c-7201-40a2-8b99-f709e8b21e59 | None | IPv4 | 0.0.0.0/0 | | egress | None | None | | 4bdeb85d-72cc-4a3b-8d10-a5bde839682e | tcp | IPv4 | 0.0.0.0/0 | 22:22 | ingress | None | None | | 78842182-2195-4644-988e-ed8b07112e77 | icmp | IPv4 | 0.0.0.0/0 | | ingress | None | None | | a24c89fd-8dd6-42ed-97cd-dbb5f969c796 | None | IPv6 | ::/0 | | egress | None | None | +--------------------------------------+-------------+-----------+-----------+------------+-----------+-----------------------+----------------------+ |
| [9] | SSH के साथ फ़्लोटिंग आईपी पते से कनेक्ट करने के लिए इंस्टेंस में लॉग इन करना संभव है। |
|
ubuntu@dlp ~(keystone)$ openstack server list +--------------------------------------+-------------+--------+-------------------------------------+------------+-----------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+-------------+--------+-------------------------------------+------------+-----------+ | 11987eec-fb38-4de1-a386-3d1d6001bbd3 | Ubuntu-2204 | ACTIVE | private=10.0.0.252, 192.168.100.100 | Ubuntu2204 | m1.medium | +--------------------------------------+-------------+--------+-------------------------------------+------------+-----------+ubuntu@dlp ~(keystone)$ ssh ubuntu@10.0.0.252 The authenticity of host '10.0.0.252 (10.0.0.252)' can't be established. ED25519 key fingerprint is SHA256:DYW5Dwm0Kl/9qw6LhAIPoz+c/UeX/1WDxcOXAoHfnFA. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '10.0.0.252' (ED25519) to the list of known hosts. Welcome to Ubuntu 22.04.2 LTS (GNU/Linux 5.15.0-67-generic x86_64) ..... ..... To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details. ubuntu@ubuntu-2204:~$ # लॉगिन किया गया |
| Sponsored Link |
|
|