floating IP 能够让外网直接访问租户网络中的 instance。这是通过在 router 上应用 iptalbes 的 NAT 规则实现的。
floating IP 是配置在 router 的外网 interface 上的,而非 instance,这一点需要特别注意。
1、controller控制节点
# cd /etc/sysconfig/network-scripts/
# cp ifcfg-eth0 ifcfg-eth1
[root@controller network-scripts]# cat ifcfg-eth1
TYPE="Ethernet"
BOOTPROTO=static
NAME=eth1
DEVICE=eth1
ONBOOT="yes"
IPADDR=10.0.0.131
NETMASK=255.255.255.0
# ifup eth1
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider,private
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth0,private:eth1
# systemctl restart neutron-server.service neutron-linuxbridge-agent.service
# openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
# openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips true
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan,vlan,flat
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:10000
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan True
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 10.0.0.14
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population True
# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver linuxbridge
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 10.0.0.131
# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge
# systemctl restart neutron-server.service > neutron-linuxbridge-agent.service neutron-dhcp-agent.service > neutron-metadata-agent.service neutron-l3-agent.service
# systemctl enable neutron-l3-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service to /usr/lib/systemd/system/neutron-l3-agent.service.
# systemctl status neutron-l3-agent.service
● neutron-l3-agent.service - OpenStack Neutron Layer 3 Agent
Loaded: loaded (/usr/lib/systemd/system/neutron-l3-agent.service; enabled; vendor preset: disabled)
Active: active (running) since 一 2020-03-30 11:02:12 CST; 1min 46s ago
Main PID: 492 (/usr/bin/python)
CGroup: /system.slice/neutron-l3-agent.service
└─492 /usr/bin/python2 /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf ...
3月 30 11:02:12 controller systemd[1]: Started OpenStack Neutron Layer 3 Agent.
2、compute计算节点
# cd /etc/sysconfig/network-scripts/ # cp ifcfg-eth0 ifcfg-eth1 # openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth0,private:eth1 # systemctl restart neutron-linuxbridge-agent.service # openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan True # openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 10.0.0.16 # openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population True # openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 10.0.0.132 # systemctl restart neutron-linuxbridge-agent.service # systemctl status neutron-linuxbridge-agent.service ● neutron-linuxbridge-agent.service - OpenStack Neutron Linux Bridge Agent Loaded: loaded (/usr/lib/systemd/system/neutron-linuxbridge-agent.service; enabled; vendor preset: disabled) Active: active (running) since 一 2020-03-30 11:04:58 CST; 9s ago Process: 3905 ExecStartPre=/usr/bin/neutron-enable-bridge-firewall.sh (code=exited, status=0/SUCCESS) Main PID: 3912 (/usr/bin/python) Tasks: 1 CGroup: /system.slice/neutron-linuxbridge-agent.service └─3912 /usr/bin/python2 /usr/bin/neutron-linuxbridge-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plug... 3月 30 11:04:58 compute systemd[1]: Starting OpenStack Neutron Linux Bridge Agent... 3月 30 11:04:58 compute neutron-enable-bridge-firewall.sh[3905]: net.bridge.bridge-nf-call-iptables = 1 3月 30 11:04:58 compute neutron-enable-bridge-firewall.sh[3905]: net.bridge.bridge-nf-call-ip6tables = 1 3月 30 11:04:58 compute systemd[1]: Started OpenStack Neutron Linux Bridge Agent. 3月 30 11:04:59 compute sudo[3953]: neutron : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/neutron-rootwrap /etc/neutron/rootwrap.conf privsep-helper --config-file /usr/share/neutron/neutr... 3月 30 11:05:01 compute sudo[4008]: neutron : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/neu
原文:https://www.cnblogs.com/zjz20/p/12598237.html