Предварительная настройка
Openstack в этом сетапе использует Tungsten Fabric в качестве Core Network Plugin в Neutron.
Подробнее: Настройка Cisco ASR1001X как Edge Router для Tungsten Fabric
|
Данная страница находится в разработке.
Эта страница ещё не закончена. Информация, представленная здесь, может оказаться неполной или неверной.
Если вы считаете, что её стоило бы доработать как можно быстрее, пожалуйста, соообщите.
|
Создание ВМ по шагам
Дано: только что развернутый опенстек, в качестве внешнего роутреа используется ASR1001X
Требуется: Задеплоить 2 VM с Floating IP
openstack image create
Пример загрузки образа в OpenStack
openstack \
image create \
--container-format bare \
--disk-format qcow2 \
--file ~/Downloads/noble-server-cloudimg-amd64.img \
Ubuntu-24.04
+------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| container_format | bare |
| created_at | 2025-08-19T12:10:19Z |
| disk_format | qcow2 |
| file | /v2/images/803782ba-c971-4b0a-9312-49e750601ccf/file |
| id | 803782ba-c971-4b0a-9312-49e750601ccf |
| min_disk | 0 |
| min_ram | 0 |
| name | Ubuntu-24.04 |
| owner | f39e087061ea48378c9c68348eebbb59 |
| properties | locations='[]', os_hidden='False', owner_specified.openstack.md5='', owner_specified.openstack.object='images/Ubuntu-24.04', owner_specified.openstack.sha256='' |
| protected | False |
| schema | /v2/schemas/image |
| status | queued |
| tags | |
| updated_at | 2025-08-19T12:10:19Z |
| visibility | shared |
+------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
keypair create
Создать пару ключей, если нужно, приватную часть сохранить так как она больше нигде не сохраняется.
openstack keypair create mmazur
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAp4Yv+iyTCrHSMwbPahlGRdSGuuMtG+JPMYdeIhi/QDA4Wvyh
Af/TlBUNkdiYJfOJp8R6xFCOv9wREs5VHlHHk3b3xcl/w8Vtz53G3jYSu/cRV0VY
<skipped>
4vyy0i8k2fkcZooAtU4I60g9GJEWhJLiLaytXcv0XXSralhV6hihICX4SxSL5HCP
DroCuM9W/AI4rK7gyfsMdqhF6yHri8lvVAYiQMHqmvrrS85WenuY
-----END RSA PRIVATE KEY-----
Публичная сеть
openstack network create
openstack network create --external public
--external public - сеть внешняя, использует для Floating IPs и будет маршрутизироваться наружу, за пределы OpenStack
+---------------------------+---------------------------------------+
| Field | Value |
+---------------------------+---------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | None |
| availability_zones | None |
| created_at | 2025-08-18T13:50:26.265216 |
| description | |
| dns_domain | None |
| fq_name | ['default-domain', 'admin', 'public'] |
| id | d8b0b12c-de94-4068-8b0c-0f1f39d85e26 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| is_vlan_transparent | None |
| mtu | 0 |
| name | public |
| port_security_enabled | True |
| project_id | f39e087061ea48378c9c68348eebbb59 |
| provider:network_type | None |
| provider:physical_network | None |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | None |
| router:external | External |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | f39e087061ea48378c9c68348eebbb59 |
| updated_at | 2025-08-18T13:50:26.265216 |
+---------------------------+---------------------------------------+
openstack subnet create
Сабнет определяет диапазон адресов
openstack subnet create \
--network public \
--subnet-range 10.170.6.0/24 \
--allocation-pool start=10.170.6.201,end=10.170.6.249 \
--dns-nameserver 8.8.8.8 \
--gateway none \
public-subnet
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 10.170.6.201-10.170.6.249 |
| cidr | 10.170.6.0/24 |
| created_at | 2025-08-18T13:51:12.519366 |
| description | None |
| dns_nameservers | 8.8.8.8 |
| dns_publish_fixed_ip | None |
| enable_dhcp | True |
| gateway_ip | None |
| host_routes | |
| id | d55b6937-ff01-420a-94c5-d077a9e5049c |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | public-subnet |
| network_id | d8b0b12c-de94-4068-8b0c-0f1f39d85e26 |
| project_id | f39e087061ea48378c9c68348eebbb59 |
| revision_number | None |
| segment_id | None |
| service_types | None |
| subnetpool_id | None |
| tags | |
| updated_at | 2025-08-18T13:51:12.519366 |
+----------------------+--------------------------------------+
Приватная сеть
openstack network create internal
openstack network create internal
+---------------------------+-----------------------------------------+
| Field | Value |
+---------------------------+-----------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | None |
| availability_zones | None |
| created_at | 2025-08-18T13:58:20.948683 |
| description | |
| dns_domain | None |
| fq_name | ['default-domain', 'admin', 'internal'] |
| id | 8546fd5c-f9bc-4521-8f46-f54f42a5491d |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| is_vlan_transparent | None |
| mtu | 0 |
| name | internal |
| port_security_enabled | True |
| project_id | f39e087061ea48378c9c68348eebbb59 |
| provider:network_type | None |
| provider:physical_network | None |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | None |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | f39e087061ea48378c9c68348eebbb59 |
| updated_at | 2025-08-18T13:58:20.948683 |
+---------------------------+-----------------------------------------+
openstack subnet create
openstack subnet create \
--subnet-range 192.168.77.0/24 \
--network internal \
--dns-nameserver 8.8.8.8 \
internal-subnet
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 192.168.77.2-192.168.77.254 |
| cidr | 192.168.77.0/24 |
| created_at | 2025-08-18T14:00:35.578348 |
| description | None |
| dns_nameservers | 8.8.8.8 |
| dns_publish_fixed_ip | None |
| enable_dhcp | True |
| gateway_ip | 192.168.77.1 |
| host_routes | |
| id | 06488205-7fa6-416c-accb-d6cdc514ae13 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | internal-subnet |
| network_id | 8546fd5c-f9bc-4521-8f46-f54f42a5491d |
| project_id | f39e087061ea48378c9c68348eebbb59 |
| revision_number | None |
| segment_id | None |
| service_types | None |
| subnetpool_id | None |
| tags | |
| updated_at | 2025-08-18T14:00:35.578348 |
+----------------------+--------------------------------------+
router
openstack router create
openstack router create rtr01
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | None |
| availability_zones | None |
| created_at | 2025-08-18T13:59:16.759104 |
| description | |
| enable_ndp_proxy | None |
| external_gateway_info | null |
| flavor_id | None |
| fq_name | ['default-domain', 'admin', 'rtr01'] |
| id | 008de586-a2c6-4641-a54f-8218a21dacaf |
| name | rtr01 |
| project_id | f39e087061ea48378c9c68348eebbb59 |
| revision_number | None |
| routes | None |
| status | ACTIVE |
| tags | |
| tenant_id | f39e087061ea48378c9c68348eebbb59 |
| updated_at | 2025-08-18T13:59:16.759104 |
+-------------------------+--------------------------------------+
set external-gateway
openstack router set --external-gateway public rtr01
Вывод пустой
openstack router add subnet
openstack router add subnet rtr01 internal-subnet
openstack security group
openstack security group create
openstack security group create icmp_ssh
+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2025-08-18T14:01:30.519406 |
| description | icmp_ssh |
| fq_name | ['default-domain', 'admin', 'icmp_ssh'] |
| id | 990e0698-f9d0-4ee6-b567-676541f84344 |
| name | icmp_ssh |
| project_id | f39e087061ea48378c9c68348eebbb59 |
| revision_number | None |
| rules | created_at='2025-08-18T14:01:30.527379', direction='egress', ethertype='IPv4', id='a29fe0eb-01e5-41df-a012-88e1af4e4672', port_range_max='65535', protocol='any', remote_ip_prefix='0.0.0.0/0', updated_at='2025-08-18T14:01:30.527379' |
| | created_at='2025-08-18T14:01:30.776084', direction='egress', ethertype='IPv6', id='1b0bb642-8af6-4842-b41b-7f73ac5600e8', port_range_max='65535', protocol='any', remote_ip_prefix='::/0', updated_at='2025-08-18T14:01:30.776084' |
| stateful | None |
| tags | [] |
| updated_at | 2025-08-18T14:01:30.940176 |
+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
openstack security group rule create
openstack security group rule create \
--remote-ip 0.0.0.0/0 \
--protocol icmp \
icmp_ssh
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2025-08-18T14:01:58.366970 |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 8e754684-e017-4ddf-8ebe-91fd314fdf1c |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | f39e087061ea48378c9c68348eebbb59 |
| protocol | icmp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | None |
| security_group_id | 990e0698-f9d0-4ee6-b567-676541f84344 |
| tags | [] |
| updated_at | 2025-08-18T14:01:58.366970 |
+-------------------------+--------------------------------------+
openstack security group rule create \
--remote-ip 0.0.0.0/0 \
--protocol tcp \
--dst-port 22 \
icmp_ssh
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2025-08-18T14:15:58.444894 |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 1248e9a7-b1da-459d-bbe1-b98c566f68f4 |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | f39e087061ea48378c9c68348eebbb59 |
| protocol | tcp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | None |
| security_group_id | 990e0698-f9d0-4ee6-b567-676541f84344 |
| tags | [] |
| updated_at | 2025-08-18T14:15:58.444894 |
+-------------------------+--------------------------------------+
openstack server create (Cirros)
openstack server create \
--flavor m1.small \
--image Cirros-6.0.raw \
--network internal \
--security-group icmp_ssh \
test-01
+-------------------------------------+-------------------------------------------------------+
| Field | Value |
+-------------------------------------+-------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-SRV-ATTR:host | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | 2d2PgcQjrkVa |
| config_drive | |
| created | 2025-08-18T14:21:32Z |
| flavor | m1.small (4eaad6dc-ce03-4f5b-868b-135e7719456d) |
| hostId | |
| id | 6d0d06b8-ebc3-4d00-9eb5-18ba705981e6 |
| image | Cirros-6.0.raw (2fff2f7b-dc7a-4fa6-b68b-49f8bc8caa8d) |
| key_name | None |
| name | test-01 |
| progress | 0 |
| project_id | f39e087061ea48378c9c68348eebbb59 |
| properties | |
| security_groups | name='990e0698-f9d0-4ee6-b567-676541f84344' |
| status | BUILD |
| updated | 2025-08-18T14:21:32Z |
| user_id | f81d6b6c4efa4f46af215dc9815d510a |
| volumes_attached | |
+-------------------------------------+-------------------------------------------------------+
openstack server create \
--flavor m1.small \
--image Cirros-6.0.raw \
--network internal \
--security-group icmp_ssh \
test-02
openstack floating
openstack floating ip create public
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2025-08-18T16:40:33.022272 |
| description | |
| dns_domain | None |
| dns_name | None |
| fixed_ip_address | None |
| floating_ip_address | 10.170.6.202 |
| floating_network_id | d8b0b12c-de94-4068-8b0c-0f1f39d85e26 |
| id | 3856367c-c409-4840-9ff4-9528cd150873 |
| name | 10.170.6.202 |
| port_details | None |
| port_id | None |
| project_id | f39e087061ea48378c9c68348eebbb59 |
| qos_policy_id | None |
| revision_number | None |
| router_id | None |
| status | DOWN |
| subnet_id | None |
| tags | [] |
| updated_at | 2025-08-18T16:40:33.022272 |
+---------------------+--------------------------------------+
openstack server add floating ip
openstack server add floating ip test-01 10.170.6.202
SR-IOV
Простой случай - Access в сторонй VM
SR-IOV openstack network create
openstack \
network create \
--enable-port-security \
--provider-network-type vlan \
--provider-physical-network sriovnet0 \
--provider-segment 101 \
sriov-vlan101
--provider-network-type vlan ???--provider-physical-network sriovnet0 ???--provider-segment 100 ???
+---------------------------+----------------------------------------------+
| Field | Value |
+---------------------------+----------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | None |
| availability_zones | None |
| created_at | 2025-08-23T09:48:54.265051 |
| description | |
| dns_domain | None |
| fq_name | ['default-domain', 'admin', 'sriov-vlan101'] |
| id | 3666ef64-9387-4c66-9e63-565124258268 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| is_vlan_transparent | None |
| mtu | 0 |
| name | sriov-vlan101 |
| port_security_enabled | True |
| project_id | f39e087061ea48378c9c68348eebbb59 |
| provider:network_type | vlan |
| provider:physical_network | sriovnet0 |
| provider:segmentation_id | 101 |
| qos_policy_id | None |
| revision_number | None |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | f39e087061ea48378c9c68348eebbb59 |
| updated_at | 2025-08-23T09:48:54.265051 |
+---------------------------+----------------------------------------------+
SR-IOV openstack subnet create
openstack \
subnet create \
--network sriov-vlan101 \
--no-dhcp \
--ip-version 4 \
--gateway none \
--subnet-range 172.16.64.0/24 \
sriov-vlan101-subnet01
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 172.16.64.1-172.16.64.254 |
| cidr | 172.16.64.0/24 |
| created_at | 2025-08-23T09:51:37.653049 |
| description | None |
| dns_nameservers | |
| dns_publish_fixed_ip | None |
| dns_server_address | 172.16.64.2 |
| enable_dhcp | False |
| gateway_ip | None |
| host_routes | |
| id | 399fa951-c115-4ab6-b50f-a2d94c0a69e0 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | sriov-vlan101-subnet01 |
| network_id | 3666ef64-9387-4c66-9e63-565124258268 |
| project_id | f39e087061ea48378c9c68348eebbb59 |
| revision_number | None |
| segment_id | None |
| service_types | None |
| subnetpool_id | None |
| tags | |
| updated_at | 2025-08-23T09:51:37.653049 |
+----------------------+--------------------------------------+
SR-IOV openstack port create
openstack \
port create \
--network sriov-vlan101 \
--enable-port-security \
--fixed-ip subnet=sriov-vlan101-subnet01,ip-address=172.16.64.3 \
--vnic-type direct \
sriov-vlan101-subnet01-port01
{{#spoiler:show=Output: openstack port create|
+-------------------------+----------------------------------------------------------------------------+
| Field | Value |
+-------------------------+----------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | |
| binding_host_id | None |
| binding_profile | None |
| binding_vif_details | port_filter='True', vlan='101' |
| binding_vif_type | unbound |
| binding_vnic_type | direct |
| created_at | 2025-08-23T10:02:23.953447 |
| data_plane_status | None |
| description | |
| device_id | |
| device_owner | |
| device_profile | None |
| dns_assignment | None |
| dns_domain | None |
| dns_name | None |
| extra_dhcp_opts | None |
| fixed_ips | ip_address='172.16.64.3', subnet_id='399fa951-c115-4ab6-b50f-a2d94c0a69e0' |
| id | 709d705c-7cc4-47c2-9671-68399da51a7e |
| ip_allocation | None |
| mac_address | 02:70:9d:70:5c:7c |
| name | sriov-vlan101-subnet01-port01 |
| network_id | 3666ef64-9387-4c66-9e63-565124258268 |
| numa_affinity_policy | None |
| port_security_enabled | True |
| project_id | f39e087061ea48378c9c68348eebbb59 |
| propagate_uplink_status | None |
| qos_network_policy_id | None |
| qos_policy_id | None |
| resource_request | None |
| revision_number | None |
| security_group_ids | 762b2618-3a38-412e-b39c-ea6921183cbe |
| status | DOWN |
| tags | |
| trunk_details | None |
| updated_at | 2025-08-23T10:02:24.014059 |
+-------------------------+----------------------------------------------------------------------------+
111
openstack server add port ubuntu-test-01 test-sriov01-sriov_port_2-manual
[Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: [10ec:8139] type 00 class 0x020000 conventional PCI endpoint
[Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: BAR 0 [io 0x0000-0x00ff]
[Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: BAR 1 [mem 0x00000000-0x000000ff]
[Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: ROM [mem 0x00000000-0x0007ffff pref]
[Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: ROM [mem 0x80000000-0x8007ffff pref]: assigned
[Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: BAR 0 [io 0x1000-0x10ff]: assigned
[Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: BAR 1 [mem 0x80080000-0x800800ff]: assigned
[Fri Aug 22 17:16:58 2025] 8139cp 0000:00:08.0: enabling device (0000 -> 0003)
[Fri Aug 22 17:16:58 2025] 8139cp 0000:00:08.0 eth0: RTL-8139C+ at 0x000000007f98c756, 02:46:69:0b:0e:7c, IRQ 11
[Fri Aug 22 17:16:58 2025] 8139cp 0000:00:08.0 ens8: renamed from eth0
openstack port set --disable-port-security --binding-profile trusted=true test-sriov01-sriov_port_1-manual
