OpenStack Ussuri : Neutron
OpenStack Ussuri : Neutron
----------------------- ----------------------- -----------------------
| [ Controller Node ] | | [ Compute Node ] | | [ Network Node ] |
| | | Libvirt | | Open vSwitch |
| MariaDB RabbitMQ | | Nova compute | | L2 Agent |
| Memcached Keystone | | Open vSwitch | | L3 Agent |
| httpd Neutron | | L2 Agent | | metadata agent |
| Nova-API Compute | ----------------------- -----------------------
| L2 agent L3 agent |
| metadata agent |
| Neutron Server |
----------------------- OpenStack Ussuri : Neutron
- Neutron는 OpenStack에서 네트워크 전반을 관리하는 서비스입니다.
- Neutron에 대한 자세한 설명은 Neutron를 참조해주세요.
Neutron service 및 User 생성
$ controller ~(keystone)> openstack user create --domain default --project service --password qwer1234 neutron
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 7c10c02365be496fb47f12bfd40fe4a7 |
| domain_id | default |
| enabled | True |
| id | 943fbb4370164c77ae6bf7fa455292f8 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
$ controller ~(keystone)> openstack role add --project service --user neutron admin
$ controller ~(keystone)> openstack service create --name neutron --description "OpenStack Networking service" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking service |
| enabled | True |
| id | 055e5f6e38004338b0ae4a86e77932ae |
| name | neutron |
| type | network |
+-------------+----------------------------------+
# neutron service 및 user을 생성합니다.
$ controller ~(keystone)> openstack endpoint create --region RegionOne network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 350c666f597a41e59234b09f534aa72f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 055e5f6e38004338b0ae4a86e77932ae |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
$ controller ~(keystone)> openstack endpoint create --region RegionOne network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b9cad959e1634ff797e27f00d50e9578 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 055e5f6e38004338b0ae4a86e77932ae |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
$ controller ~(keystone)> openstack endpoint create --region RegionOne network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 72fc145deb1d4d508e3691b3bf77708e |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 055e5f6e38004338b0ae4a86e77932ae |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
# neutron endpoint를 등록합니다.
neutron 유저의 DB를 생성합니다.
$ controller> mysql -u root -p
$ MariaDB> create database neutron_ml2;
$ MariaDB> grant all privileges on neutron_ml2.* to neutron@'localhost' identified by 'qwer1234';
$ MariaDB> grant all privileges on neutron_ml2.* to neutron@'%' identified by 'qwer1234';
$ MariaDB> flush privileges;
$ MariaDB> exit;
Neutron 설치
$ controller> dnf --enablerepo=centos-openstack-ussuri,powertools,epel -y install openstack-neutron openstack-neutron-ml2
# neutron 및 관련 모듈을 설치합니다.
$ controller> vi /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
dhcp_agent_notification = True
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
transport_url = rabbit://openstack:qwer1234@controller
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = qwer1234
[database]
connection = mysql+pymysql://neutron:qwer1234@controller/neutron_ml2
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = qwer1234
[oslo_concurrency]
lock_path = $state_path/tmp
$ controller> vi /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = metadata_secret
[cache]
memcache_servers = controller:11211
$ controller> vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch
extension_drivers = port_security
[ml2_type_flat]
flat_networks = physnet1
[ml2_type_vxlan]
vni_ranges = 1:1000
$ controller> vi /etc/nova/nova.conf
[default]
...
...
use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = qwer1234
service_metadata_proxy = True
metadata_proxy_shared_secret = metadata_secret
$ controller> setsebool -P neutron_can_network on
$ controller> setsebool -P daemons_enable_cluster_mode on
$ controller> firewall-cmd --add-port=9696/tcp --permanent
$ controller> firewall-cmd --reload
# 방화벽 및 SELinux를 설정합니다.
$ controller> ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
$ controller> su -s /bin/bash neutron -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head"
$ controller> systemctl enable --now neutron-server neutron-metadata-agent
$ controller> systemctl restart openstack-nova-api
# neutron DB를 임포트 시킨 후, 서비스를 등록 합니다.
neutron Network Node 설치
Neutron 설치
$ network> dnf --enablerepo=centos-openstack-ussuri,powertools,epel -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch libibverbs
# neutron 및 관련 모듈을 설치합니다.
$ network> vi /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = True
# RabbitMQ connection info
transport_url = rabbit://openstack:qwer1234@controller
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = qwer1234
[oslo_concurrency]
lock_path = $state_path/lock
$ network> vi /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
$ network> vi /etc/neutron/metadata_agent.ini
nova_metadata_host = controller
metadata_proxy_shared_secret = metadata_secret
[cache]
memcache_servers = controller:11211
$ network> vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch
extension_drivers = port_security
[ml2_type_flat]
flat_networks = physnet1
[ml2_type_vxlan]
vni_ranges = 1:1000
# 끝에 추가합니다.
$ network> vi /etc/neutron/plugins/ml2/openvswitch_agent.ini
[securitygroup]
firewall_driver = openvswitch
enable_security_group = true
enable_ipset = true
[agent]
tunnel_types = vxlan
prevent_arp_spoofing = True
[ovs]
local_ip = 10.10.10.20
bridge_mappings = physnet1:br-eth1
# 끝에 추가합니다.
# 여기는 IP 를 반드시 적어야 해요 !
$ network> setsebool -P neutron_can_network on
$ network> setsebool -P haproxy_connect_any on
$ network> setsebool -P daemons_enable_cluster_mode on
$ network> vi ovsofctl.te
module ovsofctl 1.0;
require {
type neutron_t;
type neutron_exec_t;
type neutron_t;
type dnsmasq_t;
class file execute_no_trans;
class capability { dac_override sys_rawio };
}
#============= neutron_t ==============
allow neutron_t self:capability { dac_override sys_rawio };
allow neutron_t neutron_exec_t:file execute_no_trans;
#============= dnsmasq_t ==============
allow dnsmasq_t self:capability dac_override;
$ network> checkmodule -m -M -o ovsofctl.mod ovsofctl.te
$ network> semodule_package --outfile ovsofctl.pp --module ovsofctl.mod
$ network> semodule -i ovsofctl.pp
$ network> systemctl disable --now firewalld
# Selinux 및 방화벽을 설정합니다.
$ network> ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
$ network> systemctl enable --now openvswitch
$ network> ovs-vsctl add-br br-int
$ network> ovs-vsctl add-br br-eth1
$ network> ovs-vsctl add-port br-eth1 ens32
$ network> vi /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
BOOTPROTO=static
NAME=ens32
DEVICE=ens32
ONBOOT=yes
$ network> vi /var/tmp/network_interface.sh
#!/bin/bash
ip link set up br-eth1
ip addr add 192.168.10.20/24 dev br-eth1
route add default gw 192.168.10.2 dev br-eth1
echo "nameserver 8.8.8.8" > /etc/resolv.conf
$ network> chmod 755 /var/tmp/network_interface.sh
$ network> vi /etc/systemd/system/set_interface.service
[Unit]
Description=Description for sample script goes here
After=network.target
[Service]
Type=simple
ExecStart=/var/tmp/network_interface.sh
TimeoutStartSec=0
[Install]
WantedBy=default.target
$ systemctl enable set_interface
$ init 6
# network 인터페이스 주의 !!! ( ex : ens32 )
$ network> for service in dhcp-agent l3-agent metadata-agent openvswitch-agent; do
systemctl enable --now neutron-$service
done
# neutron 서비스를 등록합니다.
neutron compute Node 설치
Neutron 설치
$ compute> dnf --enablerepo=centos-openstack-ussuri,powertools,epel -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch
# neutron 및 관련 모듈을 설치합니다.
$ compute> vi /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = True
transport_url = rabbit://openstack:qwer1234@controller
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = qwer1234
[oslo_concurrency]
lock_path = $state_path/lock
$ compute> vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch
extension_drivers = port_security
[ml2_type_flat]
flat_networks = physnet1
[ml2_type_vxlan]
vni_ranges = 1:1000
# 끝에 추가합니다.
$ compute> vi /etc/neutron/plugins/ml2/openvswitch_agent.ini
[securitygroup]
firewall_driver = openvswitch
enable_security_group = true
enable_ipset = true
[agent]
tunnel_types = vxlan
prevent_arp_spoofing = True
[ovs]
local_ip = 10.10.10.20
# 끝에 추가합니다.
# 여기는 반드시 IP로 적어야 해요 !
$ compute> vi /etc/nova/nova.conf
[default]
...
...
use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
vif_plugging_is_fatal = True
vif_plugging_timeout = 300
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = qwer1234
service_metadata_proxy = True
metadata_proxy_shared_secret = metadata_secret
$ compute> setsebool -P neutron_can_network on
$ compute> setsebool -P daemons_enable_cluster_mode on
$ compute> vi ovsofctl.te
module ovsofctl 1.0;
require {
type neutron_t;
type neutron_exec_t;
type neutron_t;
type dnsmasq_t;
class file execute_no_trans;
class capability { dac_override sys_rawio };
}
#============= neutron_t ==============
allow neutron_t self:capability { dac_override sys_rawio };
allow neutron_t neutron_exec_t:file execute_no_trans;
#============= dnsmasq_t ==============
allow dnsmasq_t self:capability dac_override;
$ network> checkmodule -m -M -o ovsofctl.mod ovsofctl.te
$ network> semodule_package --outfile ovsofctl.pp --module ovsofctl.mod
$ network> semodule -i ovsofctl.pp
$ systemctl disable --now firewalld
# Selinux 및 방화벽을 설정합니다.
$ compute> ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
$ compute> systemctl enable --now openvswitch
$ compute> ovs-vsctl add-br br-int
$ compute> systemctl restart openstack-nova-compute
$ compute> systemctl enable --now neutron-openvswitch-agent
# neutron 서비스를 등록합니다.
확인
$ controller ~(keystone)> openstack router create router
+-------------------------+----------------------------------------------------- -------------------------------------------------------------------------------- --------------------+
| Field | Value |
+-------------------------+----------------------------------------------------- -------------------------------------------------------------------------------- --------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-08-07T00:05:40Z |
| description | |
| distributed | False |
| external_gateway_info | null |
| flavor_id | None |
| ha | False |
| id | f40d6130-a01c-486a-b088-3f27c9f57607 |
| location | cloud='', project.domain_id=, project.domain_name='d efault', project.id='c76211c24a1f460ca67274d655d46725', project.name='admin', re gion_name='', zone= |
| name | router |
| project_id | c76211c24a1f460ca67274d655d46725 |
| revision_number | 1 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2020-08-07T00:05:40Z |
+-------------------------+----------------------------------------------------- -------------------------------------------------------------------------------- --------------------+
$ controller ~(keystone)> openstack network create int --provider-network-type vxlan
+---------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+---------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-08-07T00:05:58Z |
| description | |
| dns_domain | None |
| id | 0edec63e-cc62-4e93-8962-d0ad2df27bc8 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| location | cloud='', project.domain_id=, project.domain_name='default', project.id='c76211c24a1f460ca67274d655d46725', project.name='admin', region_name='', zone= |
| mtu | 1450 |
| name | int |
| port_security_enabled | True |
| project_id | c76211c24a1f460ca67274d655d46725 |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | 1 |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2020-08-07T00:05:58Z |
+---------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
$ controller ~(keystone)> openstack subnet create int-sub --network int \
--subnet-range 1.1.1.0/24 --gateway 1.1.1.1 \
--dns-nameserver 8.8.8.8
+----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| allocation_pools | 1.1.1.2-1.1.1.254 |
| cidr | 1.1.1.0/24 |
| created_at | 2020-08-07T00:06:25Z |
| description | |
| dns_nameservers | 8.8.8.8 |
| dns_publish_fixed_ip | None |
| enable_dhcp | True |
| gateway_ip | 1.1.1.1 |
| host_routes | |
| id | 800bc5af-45e9-4719-8969-4c154bc111d6 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| location | cloud='', project.domain_id=, project.domain_name='default', project.id='c76211c24a1f460ca67274d655d46725', project.name='admin', region_name='', zone= |
| name | int-sub |
| network_id | 0edec63e-cc62-4e93-8962-d0ad2df27bc8 |
| prefix_length | None |
| project_id | c76211c24a1f460ca67274d655d46725 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2020-08-07T00:06:25Z |
+----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
$ controller ~(keystone)> openstack router add subnet router int-sub
$ controller ~(keystone)> openstack network create \
--provider-physical-network physnet1 \
--provider-network-type flat --external ext
+---------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+---------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-08-07T00:06:47Z |
| description | |
| dns_domain | None |
| id | 68e5adb0-a8c4-473b-88a9-fdaaf6f12ec2 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| location | cloud='', project.domain_id=, project.domain_name='default', project.id='c76211c24a1f460ca67274d655d46725', project.name='admin', region_name='', zone= |
| mtu | 1500 |
| name | ext |
| port_security_enabled | True |
| project_id | c76211c24a1f460ca67274d655d46725 |
| provider:network_type | flat |
| provider:physical_network | physnet1 |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | External |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2020-08-07T00:06:47Z |
+---------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
$ controller ~(keystone)> openstack subnet create ext-sub \
--network ext --subnet-range 192.168.10.0/24 \
--allocation-pool start=192.168.10.150,end=192.168.10.200 \
--gateway 192.168.10.2 --dns-nameserver 8.8.8.8
+----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| allocation_pools | 192.168.10.150-192.168.10.200 |
| cidr | 192.168.10.0/24 |
| created_at | 2020-08-07T00:07:21Z |
| description | |
| dns_nameservers | 8.8.8.8 |
| dns_publish_fixed_ip | None |
| enable_dhcp | True |
| gateway_ip | 192.168.10.2 |
| host_routes | |
| id | 31a92331-f102-4c4e-8c02-f97baa9eab28 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| location | cloud='', project.domain_id=, project.domain_name='default', project.id='c76211c24a1f460ca67274d655d46725', project.name='admin', region_name='', zone= |
| name | ext-sub |
| network_id | 68e5adb0-a8c4-473b-88a9-fdaaf6f12ec2 |
| prefix_length | None |
| project_id | c76211c24a1f460ca67274d655d46725 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2020-08-07T00:07:21Z |
+----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
$ controller ~(keystone)> openstack router set router --external-gateway ext
$ controller ~(keystone)> openstack network rbac list
+--------------------------------------+-------------+--------------------------------------+
| ID | Object Type | Object ID |
+--------------------------------------+-------------+--------------------------------------+
| 4e8ebe0b-60f0-485c-8696-74378068c844 | network | 68e5adb0-a8c4-473b-88a9-fdaaf6f12ec2 |
+--------------------------------------+-------------+--------------------------------------+
$ controller ~(keystone)> wget http://cloud-images.ubuntu.com/releases/18.04/release/ubuntu-18.04-server-cloudimg-amd64.img -P /var/kvm/images
$ controller ~(keystone)> openstack image create "Ubuntu1804" --file /var/kvm/images/ubuntu-18.04-server-cloudimg-amd64.img --disk-format qcow2 --container-format bare --public
# Ubuntu18.04 이미지를 다운로드 후, 등록합니다.
$ controller ~(keystone)> openstack security group create all-port
+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2020-08-07T00:10:31Z |
| description | all-port |
| id | 97224218-b304-4076-9645-d68092a9366a |
| location | cloud='', project.domain_id=, project.domain_name='default', project.id='c76211c24a1f460ca67274d655d46725', project.name='admin', region_name='', zone= |
| name | all-port |
| project_id | c76211c24a1f460ca67274d655d46725 |
| revision_number | 1 |
| rules | created_at='2020-08-07T00:10:32Z', direction='egress', ethertype='IPv6', id='333de7e9-5c1b-4b2f-bb0e-2da1b878abb6', updated_at='2020-08-07T00:10:32Z' |
| | created_at='2020-08-07T00:10:32Z', direction='egress', ethertype='IPv4', id='644e18e1-4f4e-42ad-bef8-937e47254a27', updated_at='2020-08-07T00:10:32Z' |
| stateful | True |
| tags | [] |
| updated_at | 2020-08-07T00:10:32Z |
+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
$ controller ~(keystone)> openstack security group rule create --protocol icmp --ingress all-port
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2020-08-07T00:13:31Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 27688481-047b-4fc0-948c-de109e46d7f5 |
| location | cloud='', project.domain_id=, project.domain_name='default', project.id='c76211c24a1f460ca67274d655d46725', project.name='admin', region_name='', zone= |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | c76211c24a1f460ca67274d655d46725 |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 97224218-b304-4076-9645-d68092a9366a |
| tags | [] |
| updated_at | 2020-08-07T00:13:31Z |
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
$ controller ~(keystone)> openstack security group rule create --protocol tcp --dst-port 22:22 all-port
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2020-08-07T00:13:36Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | da2afd20-818a-4bfe-9017-c837b2bf30ec |
| location | cloud='', project.domain_id=, project.domain_name='default', project.id='c76211c24a1f460ca67274d655d46725', project.name='admin', region_name='', zone= |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | c76211c24a1f460ca67274d655d46725 |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 97224218-b304-4076-9645-d68092a9366a |
| tags | [] |
| updated_at | 2020-08-07T00:13:36Z |
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+
$ controller ~(keystone)> ssh-keygen -q -N ""
$ controller ~(keystone)> openstack keypair create --public-key ~/.ssh/id_rsa.pub MyKey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | a3:8f:44:f6:e1:4e:da:a0:90:f1:5d:dc:6a:8b:ad:76 |
| name | MyKey |
| user_id | 57ce8f772e374a7c9282f2674fda1ba7 |
+-------------+-------------------------------------------------+
$ controller ~(keystone)> openstack flavor create --ram 1024 --disk 10 --vcpus 1 m1.small
+----------------------------+--------------------------------------+
| Field | Value |
+----------------------------+--------------------------------------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 10 |
| id | dabfebd4-cd05-4cec-9567-78b8c9e3d6b6 |
| name | m1.small |
| os-flavor-access:is_public | True |
| properties | |
| ram | 1024 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+--------------------------------------+
$ controller ~(keystone)> openstack server create --image Ubuntu1804 --flavor m1.small --key Mykey --network int --security-group all-port Ubuntu
$ controller ~(keystone)> openstack floating ip create ext
+---------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+---------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2020-08-07T00:16:15Z |
| description | |
| dns_domain | None |
| dns_name | None |
| fixed_ip_address | None |
| floating_ip_address | 192.168.10.191 |
| floating_network_id | 68e5adb0-a8c4-473b-88a9-fdaaf6f12ec2 |
| id | 409a4724-1e13-4150-a2e1-6b3a205c4ff6 |
| location | Munch({'cloud': '', 'region_name': '', 'zone': None, 'project': Munch({'id': 'c76211c24a1f460ca67274d655d46725', 'name': 'admin', 'domain_id': None, 'domain_name': 'default'})}) |
| name | 192.168.10.191 |
| port_details | None |
| port_id | None |
| project_id | c76211c24a1f460ca67274d655d46725 |
| qos_policy_id | None |
| revision_number | 0 |
| router_id | None |
| status | DOWN |
| subnet_id | None |
| tags | [] |
| updated_at | 2020-08-07T00:16:15Z |
+---------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
$ controller ~(keystone)> openstack server add floating ip Ubuntu 192.168.10.191
$ controller ~(keystone)>
마지막 수정일자