Openstack(十六)实现内外网结构
相似于阿里云ECS主机的内外网(双网卡不通网段)的结构,最终实现内外网区分隔离。linux
16.1各个虚拟机添加并配置IP
若是已是双网卡不须要从新添加,网段配置文192.168.10.20服务器
16.1.1在各虚拟机设置界面点击添加
16.1.2添加网卡
选择网络适配器而后点下一步:网络
16.1.3确认添加
选仅主机模式而后点完成app
16.1.4最终确认
确认添加正确而后点肯定ide
16.1.5各虚拟机确认网卡添加成功
16.1.6各个虚拟机配置IP
# cd /etc/sysconfig/network-scripts/阿里云
# vim ifcfg-eth13d
TYPE=Ethernetrest
BOOTPROTO=staticserver
ONBOOT=yes
DEVICE=eth1
NAME=eth1
IPADDR=192.168.20.202 #与192.168.10.x网段最后一位IP相同
NETMASK=255.255.252.0
16.1.7其余服务器配置与验证
按照以上过程添加其余服务器,然验证各服务器第二块网卡之间是否网络互通:
16.2控制节点配置
16.2.1编辑配置文件linuxbridge_agent.ini
# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
155 physical_interface_mappings = internal:eth0, external:eth1
16.2.2编辑配置文件以下ml2_conf.ini
# vim /etc/neutron/plugins/ml2/ml2_conf.ini
172 flat_networks = internal, external
16.2.3控制节点当前所有配置
# grep "^[a-Z]" /etc/neutron/plugins/ml2/linuxbridge_agent.ini
physical_interface_mappings = internal:eth0, external:eth1
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = true
enable_vxlan = false
# grep "^[a-Z]" /etc/neutron/plugins/ml2/ml2_conf.ini
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
flat_networks = internal, external
enable_ipset = true
16.2.4重启neutron服务
# systemctl restart neutron-linuxbridge-agent
# systemctl restart neutron-server
16.3计算节点配置
16.3.1编辑配置文件
# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
155 physical_interface_mappings = internal:eth0, external:eth1
# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
physical_interface_mappings = internal:eth0,external:eth1
16.3.2当前所有配置
# grep "^[a-Z]" /etc/neutron/plugins/ml2/linuxbridge_agent.ini
physical_interface_mappings = internal:eth0, external:eth1
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = true
enable_vxlan = false
# grep "^[a-Z]" /etc/neutron/plugins/ml2/linuxbridge_agent.ini
physical_interface_mappings = internal:eth0,external:eth1
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = true
enable_vxlan = false
16.3.3重启neutron服务
# systemctl restart neutron-linuxbridge-agent
# systemctl restart neutron-linuxbridge-agent
16.4建立网络并验证
16.4.1控制端建立网络
# neutron net-create --shared --provider:physical_network external --provider:network_type flat external-net
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
16.4.2建立子网
# neutron subnet-create --name external-subnet --allocation-pool start=192.168.20.100,end=192.168.20.200 --dns-nameserver 223.5.5.5 external-net 192.
168.20.0/24
16.4.3验证子网建立
# neutron net-list
16.5建立虚拟机
16.5.1在网卡界面添加两个网卡
其余保持不变
16.5.2验证内外网访问
#若是是在虚拟机启动的实例,则实例启动过程会稍微有点慢,下面是计算节点192.168.10.202上面的实例:
# 下面是计算节点192.168.10.203上面的实例:
- 1. Openstack之七:实现基于桥接的内外网络
- 2. 内外网隔离实现
- 3. Centos7 firewalld实现内网访问外网
- 4. Holer实现外网访问内网Tomcat
- 5. Holer实现外网访问内网Web
- 6. nginx实现内外网同时访问
- 7. virtual box实现内外网共用
- 8. 内外网互通架构
- 9. OpenStack的结构
- 10. OpenStack架构----cinder组件(六)
- 更多相关文章...
- • Rust 结构体 - RUST 教程
- • XML 树结构 - XML 教程
- • ☆基于Java Instrument的Agent实现
- • Docker容器实战(六) - 容器的隔离与限制
-
每一个你不满意的现在,都有一个你没有努力的曾经。