Cisco ASR1001 Tungsten Fabric OpenStack VM: различия между версиями
Материал из noname.com.ua
Перейти к навигацииПерейти к поискуSirmax (обсуждение | вклад) |
Sirmax (обсуждение | вклад) |
||
| Строка 498: | Строка 498: | ||
sriov-vlan101-subnet01 |
sriov-vlan101-subnet01 |
||
</PRE> |
</PRE> |
||
| + | {{#spoiler:show=openstack subnet create | |
||
<PRE> |
<PRE> |
||
+----------------------+--------------------------------------+ |
+----------------------+--------------------------------------+ |
||
| Строка 527: | Строка 528: | ||
+----------------------+--------------------------------------+ |
+----------------------+--------------------------------------+ |
||
</PRE> |
</PRE> |
||
| + | }} |
||
* |
* |
||
* |
* |
||
Версия 11:53, 23 августа 2025
Предварительная настройка
Openstack в этом сетапе использует Tungsten Fabric в качестве Core Network Plugin в Neutron.
Подробнее: Настройка Cisco ASR1001X как Edge Router для Tungsten Fabric
Создание ВМ по шагам
Дано: только что развернутый опенстек, в качестве внешнего роутреа используется ASR1001X
Требуется: Задеплоить 2 VM с Floating IP
image create
Пример загрузки образа в OpenStack
openstack \
image create \
--container-format bare \
--disk-format qcow2 \
--file ~/Downloads/noble-server-cloudimg-amd64.img \
Ubuntu-24.04
+------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | container_format | bare | | created_at | 2025-08-19T12:10:19Z | | disk_format | qcow2 | | file | /v2/images/803782ba-c971-4b0a-9312-49e750601ccf/file | | id | 803782ba-c971-4b0a-9312-49e750601ccf | | min_disk | 0 | | min_ram | 0 | | name | Ubuntu-24.04 | | owner | f39e087061ea48378c9c68348eebbb59 | | properties | locations='[]', os_hidden='False', owner_specified.openstack.md5='', owner_specified.openstack.object='images/Ubuntu-24.04', owner_specified.openstack.sha256='' | | protected | False | | schema | /v2/schemas/image | | status | queued | | tags | | | updated_at | 2025-08-19T12:10:19Z | | visibility | shared | +------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
keypair create
Создать пару ключей, если нужно, приватную часть сохранить так как она больше нигде не сохраняется.
openstack keypair create mmazur
-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAp4Yv+iyTCrHSMwbPahlGRdSGuuMtG+JPMYdeIhi/QDA4Wvyh Af/TlBUNkdiYJfOJp8R6xFCOv9wREs5VHlHHk3b3xcl/w8Vtz53G3jYSu/cRV0VY <skipped> 4vyy0i8k2fkcZooAtU4I60g9GJEWhJLiLaytXcv0XXSralhV6hihICX4SxSL5HCP DroCuM9W/AI4rK7gyfsMdqhF6yHri8lvVAYiQMHqmvrrS85WenuY -----END RSA PRIVATE KEY-----
Публичная сеть
openstack network create
openstack network createopenstack network create --external public
--external public- сеть внешняя, использует для Floating IPs и будет маршрутизироваться наружу, за пределы OpenStack
+---------------------------+---------------------------------------+ | Field | Value | +---------------------------+---------------------------------------+ | admin_state_up | UP | | availability_zone_hints | None | | availability_zones | None | | created_at | 2025-08-18T13:50:26.265216 | | description | | | dns_domain | None | | fq_name | ['default-domain', 'admin', 'public'] | | id | d8b0b12c-de94-4068-8b0c-0f1f39d85e26 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | None | | is_vlan_transparent | None | | mtu | 0 | | name | public | | port_security_enabled | True | | project_id | f39e087061ea48378c9c68348eebbb59 | | provider:network_type | None | | provider:physical_network | None | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | None | | router:external | External | | segments | None | | shared | False | | status | ACTIVE | | subnets | | | tags | | | tenant_id | f39e087061ea48378c9c68348eebbb59 | | updated_at | 2025-08-18T13:50:26.265216 | +---------------------------+---------------------------------------+
openstack subnet create
openstack subnet createСабнет определяет диапазон адресов
openstack subnet create \
--network public \
--subnet-range 10.170.6.0/24 \
--allocation-pool start=10.170.6.201,end=10.170.6.249 \
--dns-nameserver 8.8.8.8 \
--gateway none \
public-subnet
+----------------------+--------------------------------------+ | Field | Value | +----------------------+--------------------------------------+ | allocation_pools | 10.170.6.201-10.170.6.249 | | cidr | 10.170.6.0/24 | | created_at | 2025-08-18T13:51:12.519366 | | description | None | | dns_nameservers | 8.8.8.8 | | dns_publish_fixed_ip | None | | enable_dhcp | True | | gateway_ip | None | | host_routes | | | id | d55b6937-ff01-420a-94c5-d077a9e5049c | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | public-subnet | | network_id | d8b0b12c-de94-4068-8b0c-0f1f39d85e26 | | project_id | f39e087061ea48378c9c68348eebbb59 | | revision_number | None | | segment_id | None | | service_types | None | | subnetpool_id | None | | tags | | | updated_at | 2025-08-18T13:51:12.519366 | +----------------------+--------------------------------------+
Приватная сеть
openstack network create internal
openstack network create internalopenstack network create internal +---------------------------+-----------------------------------------+ | Field | Value | +---------------------------+-----------------------------------------+ | admin_state_up | UP | | availability_zone_hints | None | | availability_zones | None | | created_at | 2025-08-18T13:58:20.948683 | | description | | | dns_domain | None | | fq_name | ['default-domain', 'admin', 'internal'] | | id | 8546fd5c-f9bc-4521-8f46-f54f42a5491d | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | None | | is_vlan_transparent | None | | mtu | 0 | | name | internal | | port_security_enabled | True | | project_id | f39e087061ea48378c9c68348eebbb59 | | provider:network_type | None | | provider:physical_network | None | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | None | | router:external | Internal | | segments | None | | shared | False | | status | ACTIVE | | subnets | | | tags | | | tenant_id | f39e087061ea48378c9c68348eebbb59 | | updated_at | 2025-08-18T13:58:20.948683 | +---------------------------+-----------------------------------------+
openstack subnet create
openstack subnet create openstack subnet create \
--subnet-range 192.168.77.0/24 \
--network internal \
--dns-nameserver 8.8.8.8 \
internal-subnet
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 192.168.77.2-192.168.77.254 |
| cidr | 192.168.77.0/24 |
| created_at | 2025-08-18T14:00:35.578348 |
| description | None |
| dns_nameservers | 8.8.8.8 |
| dns_publish_fixed_ip | None |
| enable_dhcp | True |
| gateway_ip | 192.168.77.1 |
| host_routes | |
| id | 06488205-7fa6-416c-accb-d6cdc514ae13 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | internal-subnet |
| network_id | 8546fd5c-f9bc-4521-8f46-f54f42a5491d |
| project_id | f39e087061ea48378c9c68348eebbb59 |
| revision_number | None |
| segment_id | None |
| service_types | None |
| subnetpool_id | None |
| tags | |
| updated_at | 2025-08-18T14:00:35.578348 |
+----------------------+--------------------------------------+
router
openstack router create
openstack router create openstack router create rtr01
+-------------------------+--------------------------------------+ | Field | Value | +-------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | None | | availability_zones | None | | created_at | 2025-08-18T13:59:16.759104 | | description | | | enable_ndp_proxy | None | | external_gateway_info | null | | flavor_id | None | | fq_name | ['default-domain', 'admin', 'rtr01'] | | id | 008de586-a2c6-4641-a54f-8218a21dacaf | | name | rtr01 | | project_id | f39e087061ea48378c9c68348eebbb59 | | revision_number | None | | routes | None | | status | ACTIVE | | tags | | | tenant_id | f39e087061ea48378c9c68348eebbb59 | | updated_at | 2025-08-18T13:59:16.759104 | +-------------------------+--------------------------------------+
set external-gateway
openstack router set --external-gateway public rtr01 Вывод пустой
openstack router add subnet
openstack router add subnet rtr01 internal-subnet
openstack security group
openstack security group create
openstack security group create icmp_ssh +-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | created_at | 2025-08-18T14:01:30.519406 | | description | icmp_ssh | | fq_name | ['default-domain', 'admin', 'icmp_ssh'] | | id | 990e0698-f9d0-4ee6-b567-676541f84344 | | name | icmp_ssh | | project_id | f39e087061ea48378c9c68348eebbb59 | | revision_number | None | | rules | created_at='2025-08-18T14:01:30.527379', direction='egress', ethertype='IPv4', id='a29fe0eb-01e5-41df-a012-88e1af4e4672', port_range_max='65535', protocol='any', remote_ip_prefix='0.0.0.0/0', updated_at='2025-08-18T14:01:30.527379' | | | created_at='2025-08-18T14:01:30.776084', direction='egress', ethertype='IPv6', id='1b0bb642-8af6-4842-b41b-7f73ac5600e8', port_range_max='65535', protocol='any', remote_ip_prefix='::/0', updated_at='2025-08-18T14:01:30.776084' | | stateful | None | | tags | [] | | updated_at | 2025-08-18T14:01:30.940176 | +-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
openstack security group rule create
openstack security group rule create \
--remote-ip 0.0.0.0/0 \
--protocol icmp \
icmp_ssh
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2025-08-18T14:01:58.366970 |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 8e754684-e017-4ddf-8ebe-91fd314fdf1c |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | f39e087061ea48378c9c68348eebbb59 |
| protocol | icmp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | None |
| security_group_id | 990e0698-f9d0-4ee6-b567-676541f84344 |
| tags | [] |
| updated_at | 2025-08-18T14:01:58.366970 |
+-------------------------+--------------------------------------+
openstack security group rule create \
--remote-ip 0.0.0.0/0 \
--protocol tcp \
--dst-port 22 \
icmp_ssh
+-------------------------+--------------------------------------+ | Field | Value | +-------------------------+--------------------------------------+ | created_at | 2025-08-18T14:15:58.444894 | | description | | | direction | ingress | | ether_type | IPv4 | | id | 1248e9a7-b1da-459d-bbe1-b98c566f68f4 | | name | None | | port_range_max | 22 | | port_range_min | 22 | | project_id | f39e087061ea48378c9c68348eebbb59 | | protocol | tcp | | remote_address_group_id | None | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | None | | security_group_id | 990e0698-f9d0-4ee6-b567-676541f84344 | | tags | [] | | updated_at | 2025-08-18T14:15:58.444894 | +-------------------------+--------------------------------------+
openstack server create (Cirros)
openstack server create \
--flavor m1.small \
--image Cirros-6.0.raw \
--network internal \
--security-group icmp_ssh \
test-01
+-------------------------------------+-------------------------------------------------------+
| Field | Value |
+-------------------------------------+-------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-SRV-ATTR:host | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | 2d2PgcQjrkVa |
| config_drive | |
| created | 2025-08-18T14:21:32Z |
| flavor | m1.small (4eaad6dc-ce03-4f5b-868b-135e7719456d) |
| hostId | |
| id | 6d0d06b8-ebc3-4d00-9eb5-18ba705981e6 |
| image | Cirros-6.0.raw (2fff2f7b-dc7a-4fa6-b68b-49f8bc8caa8d) |
| key_name | None |
| name | test-01 |
| progress | 0 |
| project_id | f39e087061ea48378c9c68348eebbb59 |
| properties | |
| security_groups | name='990e0698-f9d0-4ee6-b567-676541f84344' |
| status | BUILD |
| updated | 2025-08-18T14:21:32Z |
| user_id | f81d6b6c4efa4f46af215dc9815d510a |
| volumes_attached | |
+-------------------------------------+-------------------------------------------------------+
openstack server create \
--flavor m1.small \
--image Cirros-6.0.raw \
--network internal \
--security-group icmp_ssh \
test-02
openstack floating
openstack floating ip create public
+---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | created_at | 2025-08-18T16:40:33.022272 | | description | | | dns_domain | None | | dns_name | None | | fixed_ip_address | None | | floating_ip_address | 10.170.6.202 | | floating_network_id | d8b0b12c-de94-4068-8b0c-0f1f39d85e26 | | id | 3856367c-c409-4840-9ff4-9528cd150873 | | name | 10.170.6.202 | | port_details | None | | port_id | None | | project_id | f39e087061ea48378c9c68348eebbb59 | | qos_policy_id | None | | revision_number | None | | router_id | None | | status | DOWN | | subnet_id | None | | tags | [] | | updated_at | 2025-08-18T16:40:33.022272 | +---------------------+--------------------------------------+
openstack server add floating ip
openstack server add floating ip test-01 10.170.6.202
SR-IOV
Простой случай - Access в сторонй VM
SR-IOV openstack network create
openstack \ network create \ --enable-port-security \ --provider-network-type vlan \ --provider-physical-network sriovnet0 \ --provider-segment 101 \ sriov-vlan101
--provider-network-type vlan???--provider-physical-network sriovnet0???--provider-segment 100???
+---------------------------+----------------------------------------------+ | Field | Value | +---------------------------+----------------------------------------------+ | admin_state_up | UP | | availability_zone_hints | None | | availability_zones | None | | created_at | 2025-08-23T09:48:54.265051 | | description | | | dns_domain | None | | fq_name | ['default-domain', 'admin', 'sriov-vlan101'] | | id | 3666ef64-9387-4c66-9e63-565124258268 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | None | | is_vlan_transparent | None | | mtu | 0 | | name | sriov-vlan101 | | port_security_enabled | True | | project_id | f39e087061ea48378c9c68348eebbb59 | | provider:network_type | vlan | | provider:physical_network | sriovnet0 | | provider:segmentation_id | 101 | | qos_policy_id | None | | revision_number | None | | router:external | Internal | | segments | None | | shared | False | | status | ACTIVE | | subnets | | | tags | | | tenant_id | f39e087061ea48378c9c68348eebbb59 | | updated_at | 2025-08-23T09:48:54.265051 | +---------------------------+----------------------------------------------+
SR-IOV openstack subnet create
openstack \ subnet create \ --network sriov-vlan101 \ --no-dhcp \ --ip-version 4 \ --gateway none \ --subnet-range 172.16.64.0/24 \ sriov-vlan101-subnet01
SR-IOV openstack port create
openstack \
port create \
--network test-sriov01-phys_network-manual \
--disable-port-security \
--fixed-ip subnet=test-sriov01-phys_subnet-manual,ip-address=172.16.63.163 \
--vnic-type direct \
test-sriov01-sriov_port_1-manual
111
openstack server add port ubuntu-test-01 test-sriov01-sriov_port_2-manual
[Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: [10ec:8139] type 00 class 0x020000 conventional PCI endpoint [Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: BAR 0 [io 0x0000-0x00ff] [Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: BAR 1 [mem 0x00000000-0x000000ff] [Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: ROM [mem 0x00000000-0x0007ffff pref] [Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: ROM [mem 0x80000000-0x8007ffff pref]: assigned [Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: BAR 0 [io 0x1000-0x10ff]: assigned [Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: BAR 1 [mem 0x80080000-0x800800ff]: assigned [Fri Aug 22 17:16:58 2025] 8139cp 0000:00:08.0: enabling device (0000 -> 0003) [Fri Aug 22 17:16:58 2025] 8139cp 0000:00:08.0 eth0: RTL-8139C+ at 0x000000007f98c756, 02:46:69:0b:0e:7c, IRQ 11 [Fri Aug 22 17:16:58 2025] 8139cp 0000:00:08.0 ens8: renamed from eth0
openstack port set --disable-port-security --binding-profile trusted=true test-sriov01-sriov_port_1-manual
