OpenStack instance配置vip

1、增加allow_address_pairs属性
2、关闭neutron port的安全组特性

在OpenStack中默认由于安全组策略限制，云主机只响应自己的iP地址请求，如果需要做HA，可以用以下两种方式实现

1、增加allow_address_pairs属性

# neutron port-list |grep 10.xxx.51.50
# neutron port-show cff5866e-f288-4614-8778-665795207e0f
+-----------------------+----------------------------------------------------------------------------------------------+
| Field                 | Value                                                                                        |
+-----------------------+----------------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                         |
| allowed_address_pairs |                                                                                              |
| binding:host_id       | Com-B05A04-23-C49-yyy.domain.tld                                                             |
| binding:profile       | {}                                                                                           |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                               |
| binding:vif_type      | ovs                                                                                          |
| binding:vnic_type     | normal                                                                                       |
| device_id             | 965c8148-4b5f-42e1-8827-f793f873aa88                                                         |
| device_owner          | compute:PRD                                                                                  |
| dns_assignment        | {"hostname": "host-10-xxx-51-50", "ip_address": "10.xxx.51.50", "fqdn": "host-10-xxx-51-50"} |
| dns_name              |                                                                                              |
| extra_dhcp_opts       |                                                                                              |
| fixed_ips             | {"subnet_id": "bcfbcc6d-3bc4-4317-8c67-e9fcdcea0711", "ip_address": "10.xxx.51.50"}          |
| id                    | cff5866e-f288-4614-8778-665795207e0f                                                         |
| mac_address           | fa:16:3e:cb:ec:74                                                                            |
| name                  |                                                                                              |
| network_id            | e097267e-82b7-421d-8c35-e3bd83c34467                                                         |
| port_security_enabled | True                                                                                         |
| security_groups       | 6860bcc3-3b94-4c90-a78d-92d7f7379164                                                         |
| status                | ACTIVE                                                                                       |
| tenant_id             | 089d02a7f5ca450ab27a65774dfe698c                                                             |
+-----------------------+----------------------------------------------------------------------------------------------+
# neutron port-update cff5866e-f288-4614-8778-665795207e0f --allowed_address_pairs list=true type=dict ip_address=10.xxx.51.210
# neutron port-show cff5866e-f288-4614-8778-665795207e0f
+-----------------------+----------------------------------------------------------------------------------------------+
| Field                 | Value                                                                                        |
+-----------------------+----------------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                         |
| allowed_address_pairs | {"ip_address": "10.xxx.51.210", "mac_address": "fa:16:3e:cb:ec:74"}                          |
| binding:host_id       | Com-B05A04-23-C49-yyy.domain.tld                                                             |
| binding:profile       | {}                                                                                           |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                               |
| binding:vif_type      | ovs                                                                                          |
| binding:vnic_type     | normal                                                                                       |
| device_id             | 965c8148-4b5f-42e1-8827-f793f873aa88                                                         |
| device_owner          | compute:PRD                                                                                  |
| dns_assignment        | {"hostname": "host-10-xxx-51-50", "ip_address": "10.xxx.51.50", "fqdn": "host-10-xxx-51-50"} |
| dns_name              |                                                                                              |
| extra_dhcp_opts       |                                                                                              |
| fixed_ips             | {"subnet_id": "bcfbcc6d-3bc4-4317-8c67-e9fcdcea0711", "ip_address": "10.xxx.51.50"}          |
| id                    | cff5866e-f288-4614-8778-665795207e0f                                                         |
| mac_address           | fa:16:3e:cb:ec:74                                                                            |
| name                  |                                                                                              |
| network_id            | e097267e-82b7-421d-8c35-e3bd83c34467                                                         |
| port_security_enabled | True                                                                                         |
| security_groups       | 6860bcc3-3b94-4c90-a78d-92d7f7379164                                                         |
| status                | BUILD                                                                                        |
| tenant_id             | 089d02a7f5ca450ab27a65774dfe698c                                                             |
+-----------------------+----------------------------------------------------------------------------------------------+
# neutron port-list |grep 10.xxx.51.51
# neutron port-update c0dea309-89e8-46db-a800-119323adf805 --allowed_address_pairs list=true type=dict ip_address=10.xxx.51.210
# neutron port-show c0dea309-89e8-46db-a800-119323adf805
+-----------------------+----------------------------------------------------------------------------------------------+
| Field                 | Value                                                                                        |
+-----------------------+----------------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                         |
| allowed_address_pairs | {"ip_address": "10.xxx.51.210", "mac_address": "fa:16:3e:84:05:8e"}                          |
| binding:host_id       | Com-B05A04-21-C58-zzz.domain.tld                                                             |
| binding:profile       | {}                                                                                           |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                               |
| binding:vif_type      | ovs                                                                                          |
| binding:vnic_type     | normal                                                                                       |
| device_id             | 55c78568-e8e1-447c-8fe1-777379cf2baf                                                         |
| device_owner          | compute:PRD                                                                                  |
| dns_assignment        | {"hostname": "host-10-xxx-51-51", "ip_address": "10.xxx.51.51", "fqdn": "host-10-xxx-51-51"} |
| dns_name              |                                                                                              |
| extra_dhcp_opts       |                                                                                              |
| fixed_ips             | {"subnet_id": "bcfbcc6d-3bc4-4317-8c67-e9fcdcea0711", "ip_address": "10.xxx.51.51"}          |
| id                    | c0dea309-89e8-46db-a800-119323adf805                                                         |
| mac_address           | fa:16:3e:84:05:8e                                                                            |
| name                  |                                                                                              |
| network_id            | e097267e-82b7-421d-8c35-e3bd83c34467                                                         |
| port_security_enabled | True                                                                                         |
| security_groups       | 6860bcc3-3b94-4c90-a78d-92d7f7379164                                                         |
| status                | ACTIVE                                                                                       |
| tenant_id             | 089d02a7f5ca450ab27a65774dfe698c                                                             |
+-----------------------+----------------------------------------------------------------------------------------------+

2、关闭neutron port的安全组特性

 # neutron port-update --no-security-groups $port_id
 # neutron port-update $port_id --port-security-enabled=False

1、 增加allow_address_pairs属性

2、 关闭neutron port的安全组特性

1、增加allow_address_pairs属性

2、关闭neutron port的安全组特性