OpenStack 实例在跨网时出现VM节点上的VIP不可用解决方法

测试节点: 172.25.10.124 172.25.20.47
LVS+Keepalived节点: 172.25.110.100 172.25.110.101
VIP: 172.25.110.201

看一下状况

[[email protected]_25_10_124 ~]# ping -c2 172.25.110.201
PING 172.25.110.201 (172.25.110.201) 56(84) bytes of data.
From 172.25.10.124 icmp_seq=1 Destination Host Unreachable
From 172.25.10.124 icmp_seq=2 Destination Host Unreachable

--- 172.25.110.201 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1060ms
pipe 2
[[email protected]_25_10_124 ~]# ping -c2 172.25.110.101
PING 172.25.110.101 (172.25.110.101) 56(84) bytes of data.
64 bytes from 172.25.110.101: icmp_seq=1 ttl=64 time=2.77 ms
64 bytes from 172.25.110.101: icmp_seq=2 ttl=64 time=1.01 ms

--- 172.25.110.101 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.012/1.893/2.775/0.882 ms
[[email protected]_25_10_124 ~]# ping -c2 172.25.110.100
PING 172.25.110.100 (172.25.110.100) 56(84) bytes of data.
64 bytes from 172.25.110.100: icmp_seq=1 ttl=64 time=3.16 ms
64 bytes from 172.25.110.100: icmp_seq=2 ttl=64 time=0.995 ms

--- 172.25.110.100 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.995/2.080/3.165/1.085 ms
[[email protected]_25_10_124 ~]#

OpenStack 实例在跨网时出现VM节点上的VIP不可用解决方法

解决方法

[[email protected] ~/OpenStack]$ openstack server list --ip=172.25.110.100 && openstack server list --ip=172.25.110.101
+--------------------------------------+-----------------+--------+------------------------------------------+---------------------------------------+---------------+
| ID                                   | Name            | Status | Networks                                 | Image                                 | Flavor        |
+--------------------------------------+-----------------+--------+------------------------------------------+---------------------------------------+---------------+
| 40ab8c28-fcbf-4140-aa8b-91ed9be3afe1 | HA模块-LVS-Node1 | ACTIVE | NET-A=172.30.107.8; NET-B=172.25.110.100 | CentOS-7.7.1908-x86_64-Cloud-20200207 | DT-L-1c1g40gD |
+--------------------------------------+-----------------+--------+------------------------------------------+---------------------------------------+---------------+
+--------------------------------------+-----------------+--------+--------------------------------------------+---------------------------------------+---------------+
| ID                                   | Name            | Status | Networks                                   | Image                                 | Flavor        |
+--------------------------------------+-----------------+--------+--------------------------------------------+---------------------------------------+---------------+
| 9b464b4c-1a93-4a07-bc26-9cc1afa9c235 | HA模块-LVS-Node2 | ACTIVE | NET-A=172.30.107.198; NET-B=172.25.110.101 | CentOS-7.7.1908-x86_64-Cloud-20200207 | DT-L-1c1g40gD |
+--------------------------------------+-----------------+--------+--------------------------------------------+---------------------------------------+---------------+
[[email protected] ~/OpenStack]$ 
[[email protected] ~/OpenStack]$ 
[[email protected] ~/OpenStack]$ openstack port list --fixed-ip ip-address=172.25.110.100 && openstack port list --fixed-ip ip-address=172.25.110.101
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+
| ID                                   | Name | MAC Address       | Fixed IP Addresses                                                            | Status |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+
| e15ec8c3-d486-4179-ab8a-6cea2592b568 |      | fa:16:3e:f2:6d:fd | ip_address='172.25.110.100', subnet_id='e0531da2-b031-4e0a-9303-33f10d9c3aec' | ACTIVE |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+
| ID                                   | Name | MAC Address       | Fixed IP Addresses                                                            | Status |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+
| 15093b2f-6f90-44b0-b784-33628ba19835 |      | fa:16:3e:5d:12:25 | ip_address='172.25.110.101', subnet_id='e0531da2-b031-4e0a-9303-33f10d9c3aec' | ACTIVE |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+
[[email protected] ~/OpenStack]$ openstack port show -c allowed_address_pairs e15ec8c3-d486-4179-ab8a-6cea2592b568 && \
openstack port show -c allowed_address_pairs 15093b2f-6f90-44b0-b784-33628ba19835
+-----------------------+-------+
| Field                 | Value |
+-----------------------+-------+
| allowed_address_pairs |       |
+-----------------------+-------+
+-----------------------+-------+
| Field                 | Value |
+-----------------------+-------+
| allowed_address_pairs |       |
+-----------------------+-------+
[[email protected] ~/OpenStack]$ openstack port set --allowed-address ip-address=172.25.110.201 e15ec8c3-d486-4179-ab8a-6cea2592b568 && \
openstack port set --allowed-address ip-address=172.25.110.201 15093b2f-6f90-44b0-b784-33628ba19835
[[email protected] ~/OpenStack]$ 
[[email protected] ~/OpenStack]$ 
[[email protected] ~/OpenStack]$ openstack port show -c allowed_address_pairs e15ec8c3-d486-4179-ab8a-6cea2592b568 && \
openstack port show -c allowed_address_pairs 15093b2f-6f90-44b0-b784-33628ba19835
+-----------------------+--------------------------------------------------------------+
| Field                 | Value                                                        |
+-----------------------+--------------------------------------------------------------+
| allowed_address_pairs | ip_address='172.25.110.201', mac_address='fa:16:3e:f2:6d:fd' |
+-----------------------+--------------------------------------------------------------+
+-----------------------+--------------------------------------------------------------+
| Field                 | Value                                                        |
+-----------------------+--------------------------------------------------------------+
| allowed_address_pairs | ip_address='172.25.110.201', mac_address='fa:16:3e:5d:12:25' |
+-----------------------+--------------------------------------------------------------+
[[email protected] ~/OpenStack]$

检查结果

[[email protected]_25_10_124 ~]# ping -c2 172.25.110.201
PING 172.25.110.201 (172.25.110.201) 56(84) bytes of data.
64 bytes from 172.25.110.201: icmp_seq=1 ttl=64 time=3.32 ms
64 bytes from 172.25.110.201: icmp_seq=2 ttl=64 time=0.963 ms

--- 172.25.110.201 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.963/2.146/3.329/1.183 ms
[[email protected]_25_10_124 ~]#

OpenStack 实例在跨网时出现VM节点上的VIP不可用解决方法

总结,请记住,"allowed address pairs"是除OpenStack分配的端口以外的端口上允许的IP地址和MAC地址。 在此字段中放置IP或MAC将打开来自“允许的” IP / MAC的出站流量。

打开方法就是

openstack port set --allowed-address ip-address=172.25.244.2 Port_ID

鉴于其多租户设计,OpenStack具有非常积极的安全模型

有一些规则可以限制VM仅使用为其分配的IP

如果您配置了另一个IP,则不使用称为“允许的地址对”的地址将无法正常工作。 这是中子端口上的字段,必须使用您希望使用的VIP地址进行更新

因此,任何预期可能“拥有” IP(主机/备份/备份以保持活动状态)的VM,都需要更新所有相应端口以允许VIP地址)

  • 本文由 发表于 2020年3月16日23:29:21
  • 除非特殊声明,本站文章均为原创,转载请务必保留本文链接
匿名

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: