知识产权规划:
Maas: 10.20.81.1
Juju: 10.20.81.2
Openstack: 10.20.81.21-24
External Gateway: 10.20.81.254
Private Network: 10.1.0.0/24
Instance: 10.1.0.9 - 10.20.81.220 (floating IP)
Private Gateway: 10.1.0.1
Private DHCP service: 10.1.0.10
网络拓扑结构
10.20.81.0/24
+-------------+
Firewall
10.20.81.254
+-------------+
|
+-------------------------------------------------------------+
Switch
vlan81 vlan81 vlan81
+-------------------------------------------------------------+
| | || | | |
+--------------+ +------------+ +------------------+
|Maas+Juju |Juju Gui| |Openstack
|10.20.81.1 |10.20.81.2 |10.20.81.21-24
+--------------+ +-------------+ +------------------+
|
+--------------------------------------------+
Private Subnet-1 Public Subnet-2
10.1.0.0/24 10.20.81.0/24
+---+----+--+ +----+------+
| | +----+ |
| | .1 | |.221 |
| +--------+ VR +-------------+
| | |
+--+-+ +----+
| |
|VM |
|.9 |
| |
+----+
这次的问题在于 ping 互联网。Openstack 实例和 netron-gateway/0 无法访问外部世界。
来自 neutron-gateway/0
ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ping 10.20.81.254
PING 10.20.81.254 (10.20.81.254) 56(84) bytes of data.
From 10.20.81.221 icmp_seq=1 Destination Host Unreachable
From 10.20.81.221 icmp_seq=2 Destination Host Unreachable
ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 10.20.81.221 icmp_seq=1 Destination Host Unreachable
From 10.20.81.221 icmp_seq=2 Destination Host Unreachable
ubuntu@os-compute02:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=120 time=16.7 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=120 time=17.9 ms
ubuntu@os-compute02:~$ ping 10.20.81.254
PING 10.20.81.254 (10.20.81.254) 56(84) bytes of data.
64 bytes from 10.20.81.254: icmp_seq=1 ttl=64 time=0.637 ms
64 bytes from 10.20.81.254: icmp_seq=2 ttl=64 time=0.435 ms
ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.0.0 0.0.0.0 255.255.255.0 U 0 0 0 qr-44aa8011-cf
10.20.81.0 0.0.0.0 255.255.255.0 U 0 0 0 qg-f33e7db4-43
ubuntu@os-compute02:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.20.81.254 0.0.0.0 UG 0 0 0 br-eno2
10.4.251.0 0.0.0.0 255.255.255.0 U 0 0 0 lxdbr0
10.20.81.0 0.0.0.0 255.255.255.0 U 0 0 0 br-eno2
从实例
ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ssh -p 22 -i ~/.ssh/u1804Key.pem [email protected] -v
O
Welcome to Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-33-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Fri Apr 5 09:50:37 UTC 2019
System load: 0.0 Processes: 90
Usage of /: 1.2% of 77.36GB Users logged in: 0
Memory usage: 12% IP address for ens2: 10.1.0.9
Swap usage: 0%
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
* Canonical Livepatch is available for installation.
- Reduce system reboots and improve kernel security. Activate at:
https://ubuntu.com/livepatch
0 packages can be updated.
0 updates are security updates.
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings
Last login: Fri Apr 5 09:32:40 2019 from 10.20.81.221
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
ubuntu@u1804ins:~$ ping 10.1.0.1
PING 10.1.0.1 (10.1.0.1) 56(84) bytes of data.
64 bytes from 10.1.0.1: icmp_seq=1 ttl=64 time=0.333 ms
64 bytes from 10.1.0.1: icmp_seq=2 ttl=64 time=0.471 ms
ubuntu@u1804ins:~$ ping 10.1.0.10
PING 10.1.0.10 (10.1.0.10) 56(84) bytes of data.
64 bytes from 10.1.0.10: icmp_seq=1 ttl=64 time=1.46 ms
64 bytes from 10.1.0.10: icmp_seq=2 ttl=64 time=0.416 ms
ubuntu@u1804ins:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 10.20.81.220 icmp_seq=1 Destination Host Unreachable
From 10.20.81.220 icmp_seq=2 Destination Host Unreachable
ubuntu@u1804ins:~$ ping 10.20.81.220
PING 10.20.81.220 (10.20.81.220) 56(84) bytes of data.
64 bytes from 10.20.81.220: icmp_seq=1 ttl=63 time=0.871 ms
64 bytes from 10.20.81.220: icmp_seq=2 ttl=63 time=0.859 ms
它的路线来自实例
ubuntu@u1804ins:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.1.0.1 0.0.0.0 UG 100 0 0 ens2
10.1.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ens2
169.254.169.254 10.1.0.1 255.255.255.255 UGH 100 0 0 ens2
安全组是
有人能帮我解决这个问题吗?
更新 08/04/2019
根据 waltinator 的建议,我添加了一条如下所示的路线:
ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 6191392 bytes 645353092 (645.3 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6191392 bytes 645353092 (645.3 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
qg-f33e7db4-43: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.20.81.221 netmask 255.255.255.0 broadcast 10.20.81.255
inet6 fe80::f816:3eff:fe66:29fc prefixlen 64 scopeid 0x20<link>
ether fa:16:3e:66:29:fc txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 653117 bytes 27431366 (27.4 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
qr-44aa8011-cf: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1458
inet 10.1.0.1 netmask 255.255.255.0 broadcast 10.1.0.255
inet6 fe80::f816:3eff:feb3:ccab prefixlen 64 scopeid 0x20<link>
ether fa:16:3e:b3:cc:ab txqueuelen 1000 (Ethernet)
RX packets 1439607 bytes 124114833 (124.1 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2439777 bytes 168001647 (168.0 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 route add default gw 10.1.0.1 qr-44aa8011-cf
然后
ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.1.0.1 0.0.0.0 UG 0 0 0 qr-44aa8011-cf
10.1.0.0 0.0.0.0 255.255.255.0 U 0 0 0 qr-44aa8011-cf
10.20.81.0 0.0.0.0 255.255.255.0 U 0 0 0 qg-f33e7db4-43
但什么也没有
ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 10.1.0.1 icmp_seq=1 Destination Host Unreachable
From 10.1.0.1 icmp_seq=2 Destination Host Unreachable
答案1
我已经解决了在通过 juju 运行 OPS 部署之前更改数据端口的值的问题
从:
neutron-gateway:
bridge-mappings: physnet1:br-ex
data-port: br-ex:eno2
到:
neutron-gateway:
bridge-mappings: physnet1:br-ex
data-port: br-ex:eno3
现在实例可以访问互联网了
ubuntu@u1804svr:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=17.7 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=17.3 ms
ubuntu@u1804svr:~$ ping google.it
PING google.it (216.58.205.35) 56(84) bytes of data.
64 bytes from mil04s24-in-f35.1e100.net (216.58.205.35): icmp_seq=1 ttl=53 time=13.7 ms
64 bytes from mil04s24-in-f35.1e100.net (216.58.205.35): icmp_seq=2 ttl=53 time=13.7 ms