云计算：OpenStack 配置云主机实例的存储挂载并实现外网互通

一、实验

1. 环境

2.配置存储挂载

3.云主机实例连接外部网络（SNAT）

4.外部网络连接云主机实例（DNAT）

二、问题

1.云主机 ping 不通外部网络

2.nova list 查看云主机列表报错

3.nova list 与 virsh list --all有何区别

4.OpenStack如何查看虚拟路由器

5.OpenStack如何查看虚拟DHCP服务器

一、实验

1. 环境

（1）宿主机

表1 宿主机

主机	架构	IP地址
openstack	all in one	192.168.199.201

（2）云主机

表2 云主机

主机	架构	IP地址	浮动IP
cs_01	云主机	172.25.1.109	192.168.199.87
cs_02	云主机	172.25.2.107	192.168.199.82

2.配置存储挂载

（1）项目devops03用户user01

（2）创建卷

（3）创建中

（4）完成

（5）登录云主机cs_01控制台

（6）查看分区情况

（7）管理与连接卷

（8）连接中

（9）完成

（10）云主机cs_01控制台查看分区情况

新增磁盘vdb

(11) 分区

（12）查看

（13）格式化为ext4文件系统

（14）挂载（会弹出提示，不影响最终挂载）

（15）查看挂载情况

3.云主机实例连接外部网络（SNAT）

（1）查看当前网络拓扑

（2）分配浮动IP给云主机cs_01

（3）查看

（4）管理浮动IP的关联

（5）已绑定

（6）查看实例情况

（7）分配浮动IP给云主机cs_02

（8）查看

（9）点击”绑定浮动IP“

（10）管理浮动IP的关联

（11）已绑定

（12）宿主机查看路由信息

（13）宿主机添加流表信息

（16）云主机 ping 外部网络成功

4.外部网络连接云主机实例（DNAT）

（1）查看当前安全组

（2）添加规则

（3）查看安全组规则

（4）继续添加规则

（4）再次查看查看安全组规则

（5）查看网络拓扑图

（6）Windows11系统 ping 云主机cs_01

（7）Windows11系统 ping 云主机cs_02

二、问题

1.云主机 ping 不通外部网络

（1）报错

（2）原因分析

未配置流表。

OpenFlow是用于管理交换机流表的协议，ovs-ofctl是Open vSwitch提供的命令行工具。在没有配置OpenFlow控制器的模式下，用户可以使用ovs-ofctl命令通过OpenFlow协议连接Open vSwitch来创建、修改或删除Open vSwitch中的流表项，并对Open vSwitch的运行状况进行动态监控。ovs-ofctl关于流表管理的常用命令如下表所示。

对于add-flow、add-flows和mod-flows这3个命令，还需要指定要执行的动作actions=[target],[target]，一个流规则中可能有多个动作，按照指定的先后顺序执行。
常见的流表操作如下表所示。

在OpenFlow白皮书中，Flow被定义为某个特定的网络流量。例如，一个TCP连接就是一个Flow，或者从某个IP地址发出来的数据包，都可以被认为是一个Flow。支持OpenFlow协议的交换机应该包括一个或多个流表，流表中的条目包含：数据包头的信息、匹配成功后要执行的指令和统计信息。当数据包进入OVS后，会将数据包和流表中的流表项进行匹配，如果发现了匹配的流表项，则执行该流表项中的指令集。相反，如果数据包在流表中没有发现任何匹配，OVS会通过控制通道把数据包发到OpenFlow控制器中。在OVS中，流表项作为ovs-ofctl的参数，采用如下的格式：字段=值，如果有多个字段，可以用逗号或空格分开，一些常用的字段列举如下表所示。

（3）解决方法

命令行输入添加流表。

① 基础网络配置

1）br-ex 
连接外部网络(external)2）br-tun
连接隧道网络（tunnel）3）br-int
综合网桥（integration）

② 查看网桥（虚拟交换机）的基本信息

[root@openstack ~]# ovs-vsctl show
db90689c-619b-4abe-bcbf-16563efed45bManager "ptcp:6640:127.0.0.1"is_connected: trueBridge br-intController "tcp:127.0.0.1:6633"is_connected: truefail_mode: securePort "qg-ff43c0db-46"tag: 3Interface "qg-ff43c0db-46"type: internalPort "tap2d46a37a-12"tag: 3Interface "tap2d46a37a-12"type: internalPort br-intInterface br-inttype: internalPort "qr-68faaa7e-cc"tag: 1Interface "qr-68faaa7e-cc"type: internalPort "tapd441263b-ea"tag: 2Interface "tapd441263b-ea"type: internalPort "qvo7b9dd20c-6e"tag: 1Interface "qvo7b9dd20c-6e"Port "qvo04708a06-18"tag: 2Interface "qvo04708a06-18"Port int-br-exInterface int-br-extype: patchoptions: {peer=phy-br-ex}Port "tap1a095310-18"Interface "tap1a095310-18"type: internalPort "tapc64270af-df"tag: 1Interface "tapc64270af-df"type: internalPort "qr-df3559a2-e7"tag: 2Interface "qr-df3559a2-e7"type: internalPort patch-tunInterface patch-tuntype: patchoptions: {peer=patch-int}Bridge br-tunController "tcp:127.0.0.1:6633"is_connected: truefail_mode: securePort patch-intInterface patch-inttype: patchoptions: {peer=patch-tun}Port br-tunInterface br-tuntype: internalBridge br-exController "tcp:127.0.0.1:6633"is_connected: truefail_mode: securePort br-exInterface br-extype: internalPort phy-br-exInterface phy-br-extype: patchoptions: {peer=int-br-ex}Port "ens33"Interface "ens33"ovs_version: "2.7.3"

③ 查看br-ex虚拟交换机上各端口的状态

输出的结果中包含了各端口上收到的数据包数，字节数，丢包数，错误数据包数等。

[root@openstack ~]# ovs-ofctl dump-flows br-ex
NXST_FLOW reply (xid=0x4):cookie=0x0, duration=25482.541s, table=0, n_packets=964, n_bytes=43532, idle_age=10005, in_port=2 actions=ALcookie=0x3ee824d85c7adea0, duration=34310.012s, table=0, n_packets=369061, n_bytes=82371938, idle_age=0, pr

④ 查看br-ex桥的流表信息（重点关注序号）

ovs-ofctl show br-ex

[root@openstack ~]# ovs-ofctl show br-ex
OFPT_FEATURES_REPLY (xid=0x2): dpid:0000000c295385ce
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_1(ens33): addr:00:0c:29:53:85:ceconfig:     0state:      0current:    1GB-FD COPPER AUTO_NEGadvertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEGsupported:  10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEGspeed: 1000 Mbps now, 1000 Mbps max2(phy-br-ex): addr:12:67:6d:8e:d4:dcconfig:     0state:      0speed: 0 Mbps now, 0 Mbps maxLOCAL(br-ex): addr:00:0c:29:53:85:ceconfig:     0state:      0speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

⑤查看br-int桥的流表信息（重点关注序号）

[root@openstack ~]# ovs-ofctl show br-int
OFPT_FEATURES_REPLY (xid=0x2): dpid:000006b7f9bd7d47
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_2(patch-tun): addr:c2:48:6b:4a:78:56config:     0state:      0speed: 0 Mbps now, 0 Mbps max10(int-br-ex): addr:b6:76:78:81:41:ddconfig:     0state:      0speed: 0 Mbps now, 0 Mbps max11(qr-68faaa7e-cc): addr:00:00:00:00:10:c3config:     PORT_DOWNstate:      LINK_DOWNspeed: 0 Mbps now, 0 Mbps max12(qr-df3559a2-e7): addr:00:00:00:00:e0:99config:     PORT_DOWNstate:      LINK_DOWNspeed: 0 Mbps now, 0 Mbps max13(qg-ff43c0db-46): addr:00:00:00:00:20:5dconfig:     PORT_DOWNstate:      LINK_DOWNspeed: 0 Mbps now, 0 Mbps max14(tap1a095310-18): addr:00:00:00:00:10:80config:     PORT_DOWNstate:      LINK_DOWNspeed: 0 Mbps now, 0 Mbps max15(tap2d46a37a-12): addr:00:00:00:00:f0:9fconfig:     PORT_DOWNstate:      LINK_DOWNspeed: 0 Mbps now, 0 Mbps max16(tapc64270af-df): addr:02:ec:b9:56:6c:04config:     PORT_DOWNstate:      LINK_DOWNspeed: 0 Mbps now, 0 Mbps max17(tapd441263b-ea): addr:00:00:00:00:b0:39config:     PORT_DOWNstate:      LINK_DOWNspeed: 0 Mbps now, 0 Mbps max18(qvo04708a06-18): addr:0a:84:80:cb:e4:50config:     0state:      0current:    10GB-FD COPPERspeed: 10000 Mbps now, 0 Mbps max19(qvo7b9dd20c-6e): addr:7a:22:2b:be:43:4cconfig:     0state:      0current:    10GB-FD COPPERspeed: 10000 Mbps now, 0 Mbps maxLOCAL(br-int): addr:06:b7:f9:bd:7d:47config:     PORT_DOWNstate:      LINK_DOWNspeed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

⑥查看br-int虚拟交换机上各端口的状态

[root@openstack ~]# ovs-ofctl dump-flows br-int
NXST_FLOW reply (xid=0x4):cookie=0xc40afaa44e3bf01c, duration=35262.046s, table=0, n_packets=13199, n_bytes=1029702, idle_age=1, priority=2,in_port=10 actions=drcookie=0xc40afaa44e3bf01c, duration=33864.921s, table=0, n_packets=1447, n_bytes=141992, idle_age=10954, priority=9,in_port=18 actions=cookie=0xc40afaa44e3bf01c, duration=33022.776s, table=0, n_packets=119, n_bytes=11871, idle_age=16595, priority=9,in_port=19 actions=recookie=0x0, duration=4.201s, table=0, n_packets=0, n_bytes=0, idle_age=4, in_port=13 actions=ALLcookie=0xc40afaa44e3bf01c, duration=33864.919s, table=0, n_packets=0, n_bytes=0, idle_age=33864, priority=10,icmp6,in_port=18,icmp_typemit(,24)cookie=0xc40afaa44e3bf01c, duration=33022.774s, table=0, n_packets=0, n_bytes=0, idle_age=33022, priority=10,icmp6,in_port=19,icmp_typemit(,24)cookie=0xc40afaa44e3bf01c, duration=33864.917s, table=0, n_packets=115, n_bytes=4830, idle_age=10959, priority=10,arp,in_port=18 actioncookie=0xc40afaa44e3bf01c, duration=33022.772s, table=0, n_packets=10, n_bytes=420, idle_age=16593, priority=10,arp,in_port=19 actions=cookie=0xc40afaa44e3bf01c, duration=35263.424s, table=0, n_packets=2752, n_bytes=239758, idle_age=10954, priority=0 actions=resubmit(,6cookie=0xc40afaa44e3bf01c, duration=35263.425s, table=23, n_packets=0, n_bytes=0, idle_age=35263, priority=0 actions=dropcookie=0xc40afaa44e3bf01c, duration=33864.920s, table=24, n_packets=0, n_bytes=0, idle_age=33864, priority=2,icmp6,in_port=18,icmp_type0::f816:3eff:fedb:3d7d actions=resubmit(,60)cookie=0xc40afaa44e3bf01c, duration=33022.775s, table=24, n_packets=0, n_bytes=0, idle_age=33022, priority=2,icmp6,in_port=19,icmp_type0::f816:3eff:fe35:1ec9 actions=resubmit(,60)cookie=0xc40afaa44e3bf01c, duration=33864.918s, table=24, n_packets=115, n_bytes=4830, idle_age=10959, priority=2,arp,in_port=18,arp_spions=resubmit(,25)cookie=0xc40afaa44e3bf01c, duration=33022.773s, table=24, n_packets=10, n_bytes=420, idle_age=16593, priority=2,arp,in_port=19,arp_spa=ns=resubmit(,25)cookie=0xc40afaa44e3bf01c, duration=35263.423s, table=24, n_packets=0, n_bytes=0, idle_age=35263, priority=0 actions=dropcookie=0xc40afaa44e3bf01c, duration=33864.922s, table=25, n_packets=1560, n_bytes=146682, idle_age=10954, priority=2,in_port=18,dl_src=actions=resubmit(,60)cookie=0xc40afaa44e3bf01c, duration=33022.778s, table=25, n_packets=127, n_bytes=12151, idle_age=16593, priority=2,in_port=19,dl_src=fations=resubmit(,60)cookie=0xc40afaa44e3bf01c, duration=35263.424s, table=60, n_packets=4439, n_bytes=398591, idle_age=10954, priority=3 actions=NORMAL

⑦修改br-ex 流表信息

[root@openstack ~]# ovs-ofctl del-flows br-ex "in_port=2" 
[root@openstack ~]# ovs-ofctl add-flow  br-ex  in_port=1,actions=all

⑧ 修改br-int 流表信息

[root@openstack ~]# ovs-ofctl del-flows br-int "in_port=13"
[root@openstack ~]# ovs-ofctl add-flow  br-int in_port=10,actions=all

⑨ 云主机 ping 外部网络成功

2.nova list 查看云主机列表报错

（1）报错

(2)原因分析

未配置项目文件。

（3）解决方法

① 复制配置文件

② 编辑配置文件并刷新

③ 再次查看云主机列表，成功

3.nova list 与 virsh list --all有何区别

（1）nova list命令查看云主机

（2）virsh list --all命令查看KVM虚拟机

① 查看云主机cs_01进程

②查看云主机cs_02进程

③ 查看配置文件目录

④ 云主机cs_01 配置文件关键接口信息

⑤云主机cs_02配置文件关键接口信息

4.OpenStack如何查看虚拟路由器

（1）查看网络隔离环境

[root@openstack ~]# ip netns
qdhcp-8b5a5b08-5516-4928-b8b6-8e14476cad0f
qdhcp-0edffd85-3d72-4c82-a73f-01115e32cb4b
qdhcp-3fe9f084-e8f3-4b85-9edb-65db0d4e2679
qdhcp-cd51a8fe-af2e-4e4d-9aaf-4e5874c24eca
qrouter-26af4ac5-5aba-4cb3-bd34-58d1b3701a61

(2) bash命令进入虚拟路由器查看

[root@openstack ~]# ip netns  exec qrouter-26af4ac5-5aba-4cb3-bd34-58d1b3701a61 /bin/bash
[root@openstack ~]# ip add show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
14: qr-68faaa7e-cc: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN qlen 1000link/ether fa:16:3e:ab:15:c2 brd ff:ff:ff:ff:ff:ffinet 172.25.2.254/24 brd 172.25.2.255 scope global qr-68faaa7e-ccvalid_lft forever preferred_lft foreverinet6 fe80::f816:3eff:feab:15c2/64 scope link valid_lft forever preferred_lft forever
15: qr-df3559a2-e7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN qlen 1000link/ether fa:16:3e:02:a4:00 brd ff:ff:ff:ff:ff:ffinet 172.25.1.254/24 brd 172.25.1.255 scope global qr-df3559a2-e7valid_lft forever preferred_lft foreverinet6 fe80::f816:3eff:fe02:a400/64 scope link valid_lft forever preferred_lft forever
16: qg-ff43c0db-46: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN qlen 1000link/ether fa:16:3e:23:7b:27 brd ff:ff:ff:ff:ff:ffinet 192.168.199.84/24 brd 192.168.199.255 scope global qg-ff43c0db-46valid_lft forever preferred_lft foreverinet 192.168.199.87/32 brd 192.168.199.87 scope global qg-ff43c0db-46valid_lft forever preferred_lft foreverinet 192.168.199.82/32 brd 192.168.199.82 scope global qg-ff43c0db-46valid_lft forever preferred_lft foreverinet6 fe80::f816:3eff:fe23:7b27/64 scope link valid_lft forever preferred_lft forever[root@openstack ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.25.2.254    0.0.0.0         UG    0      0        0 tapc64270af-df
172.25.2.0      0.0.0.0         255.255.255.0   U     0      0        0 tapc64270af-df[root@openstack ~]# exit
exit

查看IP信息

查看路由信息

5.OpenStack如何查看虚拟DHCP服务器

（1）查看

[root@openstack ~]# ip netns
qdhcp-8b5a5b08-5516-4928-b8b6-8e14476cad0f
qdhcp-0edffd85-3d72-4c82-a73f-01115e32cb4b
qdhcp-3fe9f084-e8f3-4b85-9edb-65db0d4e2679
qdhcp-cd51a8fe-af2e-4e4d-9aaf-4e5874c24eca
qrouter-26af4ac5-5aba-4cb3-bd34-58d1b3701a61

（2） bash命令进入第1个DHCP服务器查看

[root@openstack ~]# ip netns  exec qdhcp-3fe9f084-e8f3-4b85-9edb-65db0d4e2679  /bin/bash[root@openstack ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.199.2   0.0.0.0         UG    0      0        0 tap2d46a37a-12
192.168.199.0   0.0.0.0         255.255.255.0   U     0      0        0 tap2d46a37a-12[root@openstack ~]# ip add show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
18: tap2d46a37a-12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN qlen 1000link/ether fa:16:3e:bb:04:3c brd ff:ff:ff:ff:ff:ffinet 192.168.199.80/24 brd 192.168.199.255 scope global tap2d46a37a-12valid_lft forever preferred_lft foreverinet6 fe80::f816:3eff:febb:43c/64 scope link valid_lft forever preferred_lft forever[root@openstack ~]# exit
exit

查看路由信息查看IP信息

（3） bash命令进入第2个DHCP服务器查看

[root@openstack ~]# ip netns  exec qdhcp-cd51a8fe-af2e-4e4d-9aaf-4e5874c24eca  /bin/bash[root@openstack ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.25.3.0      0.0.0.0         255.255.255.0   U     0      0        0 tap1a095310-18[root@openstack ~]# ip add show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
19: tapc64270af-df: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN qlen 1000link/ether fa:16:3e:07:89:b5 brd ff:ff:ff:ff:ff:ffinet 172.25.2.101/24 brd 172.25.2.255 scope global tapc64270af-dfvalid_lft forever preferred_lft foreverinet6 fe80::f816:3eff:fe07:89b5/64 scope link valid_lft forever preferred_lft forever[root@openstack ~]# exit
exit

查看路由信息

查看IP信息

（4） bash命令进入第3个DHCP服务器查看

[root@openstack ~]# ip netns  exec qdhcp-8b5a5b08-5516-4928-b8b6-8e14476cad0f  /bin/bash[root@openstack ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.25.1.254    0.0.0.0         UG    0      0        0 tapd441263b-ea
172.25.1.0      0.0.0.0         255.255.255.0   U     0      0        0 tapd441263b-ea[root@openstack ~]# ip add show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
20: tapd441263b-ea: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN qlen 1000link/ether fa:16:3e:ed:ef:77 brd ff:ff:ff:ff:ff:ffinet 172.25.1.101/24 brd 172.25.1.255 scope global tapd441263b-eavalid_lft forever preferred_lft foreverinet6 fe80::f816:3eff:feed:ef77/64 scope link valid_lft forever preferred_lft forever[root@openstack ~]# exit
exit

查看路由信息

查看IP信息

（5） bash命令进入第4个DHCP服务器查看

[root@openstack ~]# ip netns  exec qdhcp-0edffd85-3d72-4c82-a73f-01115e32cb4b  /bin/bash[root@openstack ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.25.2.254    0.0.0.0         UG    0      0        0 tapc64270af-df
172.25.2.0      0.0.0.0         255.255.255.0   U     0      0        0 tapc64270af-df[root@openstack ~]# ip add show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
19: tapc64270af-df: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN qlen 1000link/ether fa:16:3e:07:89:b5 brd ff:ff:ff:ff:ff:ffinet 172.25.2.101/24 brd 172.25.2.255 scope global tapc64270af-dfvalid_lft forever preferred_lft foreverinet6 fe80::f816:3eff:fe07:89b5/64 scope link valid_lft forever preferred_lft forever[root@openstack ~]# exit
exit

查看路由信息查看IP信息