Exercise 4
Create a Topology using Neutron CLI Commands as per the below diagram,
Remarks: This exercise demonstates the Allowed Address Pair.
Keypoints :
VRRP is Virtual Router Redundancy Protocol. More details are here.
To Achieve this in, we create two VMs (Master and Slave) and run keepalived application. keepalived achieves the High Availability (VRRP) in linux. Some references are here.
Create a Virtual IP/Port and allow this traffic in in both VMs(using allowed address pair feature). Keepalived makes only one server is master and other one is slave. Master will be active and respond .
Tests to be done:
- Curl the Public IP(FIP) of Virtual IP. Response to be from the master.
Solution :
1. Create Networks and Routers:
neutron subnet-create --name Server-Subnet --gateway 10.10.10.1 --allocation-pool start=10.10.10.10,end=10.10.10.50 Server-Net 10.10.10.0/24
neutron router-create I-Router
neutron router-gateway-set I-Router public
neutron router-interface-add I-Router Server-Subnet
2. Create VMs:
create a vrrp_setup.sh file
#!/bin/bash
HOSTNAME=$(hostname)
if [ "$HOSTNAME" == "vrrp-master" ]; then
KEEPALIVED_STATE='MASTER'
KEEPALIVED_PRIORITY=100
elif [ "$HOSTNAME" == "vrrp-backup" ]; then
KEEPALIVED_STATE='BACKUP'
KEEPALIVED_PRIORITY=50
else
echo "invalid hostname $HOSTNAME for install script $0";
exit 1;
fi
IP=$(ip addr | grep inet | grep eth0 | grep -v secondary | awk '{ print $2 }' | awk -F'/' '{ print $1 }')
echo "$IP $HOSTNAME" >> /etc/hosts
apt-get update
apt-get -y install keepalived
echo "vrrp_instance vrrp_group_1 {
state $KEEPALIVED_STATE
interface eth0
virtual_router_id 1
priority $KEEPALIVED_PRIORITY
authentication {
auth_type PASS
auth_pass password
}
virtual_ipaddress {
10.10.10.200/24 brd 10.10.10.255 dev eth0
}
}" > /etc/keepalived/keepalived.conf
apt-get -y install apache2
echo "$HOSTNAME" > /var/www/html/index.html
service keepalived restart
create VMs
neutron port-create --fixed-ip subnet_id=Server-Subnet,ip_address=10.10.10.100 Server-Net
neutron port-create --fixed-ip subnet_id=Server-Subnet,ip_address=10.10.10.101 Server-Net
nova boot --flavor 6 --image ubuntu14 --key-name testkey --security-groups default --user-data vrrp_setup.sh --nic port-id=6a433072-2fe0-4c9a-b3bb-590b7c17136f vrrp-master
nova boot --flavor 6 --image ubuntu14 --key-name testkey --security-groups default --user-data vrrp_setup.sh --nic port-id=e0f03dc3-0a00-48b6-90d0-66a9bde75a22 vrrp-slave
3. VRRP Port Creation :
neutron port-create --fixed-ip subnet_id=Server-Subnet,ip_address=10.10.10.200 Server-Net
neutron floatingip-associate dcb48f7f-cb4c-4289-a27b-62b4e3399647 8abd9e5c-cd31-4228-8165-29d2781b272b
neutron port-update 6a433072-2fe0-4c9a-b3bb-590b7c17136f --allowed_address_pairs list=true type=dict ip_address=10.10.10.200
neutron port-update 6a433072-2fe0-4c9a-b3bb-590b7c17136f --allowed_address_pairs list=true type=dict ip_address=10.10.10.200
4. Testing :
curl 172.24.4.12
Execution Logs :
1. Create Networks and Routers:
(osclient) cloud@dev1:~/osclient$ neutron net-create Server-Net
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Created a new network:
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2017-08-27T03:33:10Z |
| description | |
| id | c31098fb-431f-4429-90a5-e2b88a1e8763 |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1450 |
| name | Server-Net |
| port_security_enabled | True |
| project_id | bccf45eee4544264a526c4bca56fdb3c |
| revision_number | 3 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | bccf45eee4544264a526c4bca56fdb3c |
| updated_at | 2017-08-27T03:33:10Z |
+-------------------------+--------------------------------------+
(osclient) cloud@dev1:~/osclient$
(osclient) cloud@dev1:~/osclient$ neutron subnet-create --name Server-Subnet --gateway 10.10.10.1 --allocation-pool start=10.10.10.10,end=10.10.10.50 Server-Net 10.10.10.0/24
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Created a new subnet:
+-------------------+------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------+
| allocation_pools | {"start": "10.10.10.10", "end": "10.10.10.50"} |
| cidr | 10.10.10.0/24 |
| created_at | 2017-08-27T03:34:50Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.10.10.1 |
| host_routes | |
| id | 7d0c05e6-321e-45f7-9ac4-aa743e88ba3a |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | Server-Subnet |
| network_id | c31098fb-431f-4429-90a5-e2b88a1e8763 |
| project_id | bccf45eee4544264a526c4bca56fdb3c |
| revision_number | 2 |
| service_types | |
| subnetpool_id | |
| tags | |
| tenant_id | bccf45eee4544264a526c4bca56fdb3c |
| updated_at | 2017-08-27T03:34:50Z |
+-------------------+------------------------------------------------+
(osclient) cloud@dev1:~/osclient$
(osclient) cloud@dev1:~/osclient$ neutron router-create I-Router
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Created a new router:
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2017-08-27T03:35:22Z |
| description | |
| external_gateway_info | |
| flavor_id | |
| id | 8dc7b670-27ed-41d0-a7c9-2c91ccc71a8d |
| name | I-Router |
| project_id | bccf45eee4544264a526c4bca56fdb3c |
| revision_number | 3 |
| routes | |
| status | ACTIVE |
| tags | |
| tenant_id | bccf45eee4544264a526c4bca56fdb3c |
| updated_at | 2017-08-27T03:35:22Z |
+-------------------------+--------------------------------------+
(osclient) cloud@dev1:~/osclient$
(osclient) cloud@dev1:~/osclient$ neutron router-gateway-set I-Router public
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Set gateway for router I-Router
(osclient) cloud@dev1:~/osclient$ neutron router-interface-add I-Router Server-Subnet
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Added interface 438baebd-0533-4c64-a206-93a88fb1af29 to router I-Router.
(osclient) cloud@dev1:~/osclient$
2. Create VMs:
(osclient) cloud@dev1:~/osclient$ neutron port-create --fixed-ip subnet_id=Server-Subnet,ip_address=10.10.10.100 Server-Net
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Created a new port:
+-----------------------+-------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+-------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:vnic_type | normal |
| created_at | 2017-08-27T03:38:28Z |
| description | |
| device_id | |
| device_owner | |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "7d0c05e6-321e-45f7-9ac4-aa743e88ba3a", "ip_address": "10.10.10.100"} |
| id | 6a433072-2fe0-4c9a-b3bb-590b7c17136f |
| mac_address | fa:16:3e:57:90:12 |
| name | |
| network_id | c31098fb-431f-4429-90a5-e2b88a1e8763 |
| port_security_enabled | True |
| project_id | bccf45eee4544264a526c4bca56fdb3c |
| revision_number | 5 |
| security_groups | bffcafe4-3baa-49f7-836e-2bf335d4f366 |
| status | DOWN |
| tags | |
| tenant_id | bccf45eee4544264a526c4bca56fdb3c |
| updated_at | 2017-08-27T03:38:28Z |
+-----------------------+-------------------------------------------------------------------------------------+
(osclient) cloud@dev1:~/osclient$
(osclient) cloud@dev1:~/osclient$ neutron port-create --fixed-ip subnet_id=Server-Subnet,ip_address=10.10.10.101 Server-Net
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Created a new port:
+-----------------------+-------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+-------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:vnic_type | normal |
| created_at | 2017-08-27T03:39:31Z |
| description | |
| device_id | |
| device_owner | |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "7d0c05e6-321e-45f7-9ac4-aa743e88ba3a", "ip_address": "10.10.10.101"} |
| id | e0f03dc3-0a00-48b6-90d0-66a9bde75a22 |
| mac_address | fa:16:3e:90:89:00 |
| name | |
| network_id | c31098fb-431f-4429-90a5-e2b88a1e8763 |
| port_security_enabled | True |
| project_id | bccf45eee4544264a526c4bca56fdb3c |
| revision_number | 5 |
| security_groups | bffcafe4-3baa-49f7-836e-2bf335d4f366 |
| status | DOWN |
| tags | |
| tenant_id | bccf45eee4544264a526c4bca56fdb3c |
| updated_at | 2017-08-27T03:39:31Z |
+-----------------------+-------------------------------------------------------------------------------------+
(osclient) cloud@dev1:~/osclient$
(osclient) cloud@dev1:~/osclient$ neutron port-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------------------------------+
| 3eed37fe-09ae-46ea-bb5f-a327dda9560a | | fa:16:3e:24:58:7f | {"subnet_id": "7d0c05e6-321e-45f7-9ac4-aa743e88ba3a", "ip_address": "10.10.10.10"} |
| 438baebd-0533-4c64-a206-93a88fb1af29 | | fa:16:3e:8c:0b:5a | {"subnet_id": "7d0c05e6-321e-45f7-9ac4-aa743e88ba3a", "ip_address": "10.10.10.1"} |
| 4ff4aaca-3b24-4a22-883f-ea218196ff6d | | fa:16:3e:fb:cc:fe | {"subnet_id": "91c773a1-a4e2-4f14-946d-401c1f7ee627", "ip_address": "10.0.0.2"} |
| | | | {"subnet_id": "dea60d2b-6809-43eb-a687-d1877e04f679", "ip_address": "fd25:cc32:b8d7:0:f816:3eff:fefb:ccfe"} |
| 6a433072-2fe0-4c9a-b3bb-590b7c17136f | | fa:16:3e:57:90:12 | {"subnet_id": "7d0c05e6-321e-45f7-9ac4-aa743e88ba3a", "ip_address": "10.10.10.100"} |
| e0f03dc3-0a00-48b6-90d0-66a9bde75a22 | | fa:16:3e:90:89:00 | {"subnet_id": "7d0c05e6-321e-45f7-9ac4-aa743e88ba3a", "ip_address": "10.10.10.101"} |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------------------------------+
(osclient) cloud@dev1:~/osclient$ nova boot --flavor 6 --image ubuntu14 --key-name testkey --security-groups default --user-data vrrp_setup.sh --nic port-id=6a433072-2fe0-4c9a-b3bb-590b7c17136f vrrp-master
+--------------------------------------+-------------------------------------------------+
| Property | Value |
+--------------------------------------+-------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | vkqujFdo5U4m |
| config_drive | |
| created | 2017-08-27T06:24:14Z |
| description | - |
| flavor | m1.tiny2 (6) |
| hostId | |
| id | 49b59146-2472-47a7-9068-8ef70901cca6 |
| image | ubuntu14 (eb570c2e-46e2-4cc3-928a-fe5cdffa7822) |
| key_name | testkey |
| locked | False |
| metadata | {} |
| name | vrrp-master |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tags | [] |
| tenant_id | bccf45eee4544264a526c4bca56fdb3c |
| updated | 2017-08-27T06:24:14Z |
| user_id | 9b2d58dc14b2456fa5b7e5adae366f04 |
+--------------------------------------+-------------------------------------------------+
(osclient) cloud@dev1:~/osclient$ nova boot --flavor 6 --image ubuntu14 --key-name testkey --security-groups default --user-data vrrp_setup.sh --nic port-id=e0f03dc3-0a00-48b6-90d0-66a9bde75a22 vrrp-slave
+--------------------------------------+-------------------------------------------------+
| Property | Value |
+--------------------------------------+-------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | Shv5mo57ZWrJ |
| config_drive | |
| created | 2017-08-27T06:25:52Z |
| description | - |
| flavor | m1.tiny2 (6) |
| hostId | |
| id | d23693f5-06d8-4031-ac56-d6867314cc47 |
| image | ubuntu14 (eb570c2e-46e2-4cc3-928a-fe5cdffa7822) |
| key_name | testkey |
| locked | False |
| metadata | {} |
| name | vrrp-slave |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tags | [] |
| tenant_id | bccf45eee4544264a526c4bca56fdb3c |
| updated | 2017-08-27T06:25:52Z |
| user_id | 9b2d58dc14b2456fa5b7e5adae366f04 |
3. VRRP Port Creation :
(osclient) cloud@dev1:~/osclient$ neutron port-create --fixed-ip subnet_id=Server-Subnet,ip_address=10.10.10.200 Server-Net
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Created a new port:
+-----------------------+-------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+-------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:vnic_type | normal |
| created_at | 2017-08-27T13:39:42Z |
| description | |
| device_id | |
| device_owner | |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "7d0c05e6-321e-45f7-9ac4-aa743e88ba3a", "ip_address": "10.10.10.200"} |
| id | 8abd9e5c-cd31-4228-8165-29d2781b272b |
| mac_address | fa:16:3e:6e:4a:2d |
| name | |
| network_id | c31098fb-431f-4429-90a5-e2b88a1e8763 |
| port_security_enabled | True |
| project_id | bccf45eee4544264a526c4bca56fdb3c |
| revision_number | 5 |
| security_groups | bffcafe4-3baa-49f7-836e-2bf335d4f366 |
| status | DOWN |
| tags | |
| tenant_id | bccf45eee4544264a526c4bca56fdb3c |
| updated_at | 2017-08-27T13:39:42Z |
+-----------------------+-------------------------------------------------------------------------------------+
(osclient) cloud@dev1:~/osclient$
(osclient) cloud@dev1:~/osclient$ neutron floatingip-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+------------------+---------------------+---------+
| id | fixed_ip_address | floating_ip_address | port_id |
+--------------------------------------+------------------+---------------------+---------+
| 110f5f61-1f30-4ad6-8aca-40bfcf485af4 | | 172.24.4.2 | |
| dcb48f7f-cb4c-4289-a27b-62b4e3399647 | | 172.24.4.12 | |
+--------------------------------------+------------------+---------------------+---------+
(osclient)
(osclient) cloud@dev1:~/osclient$ neutron floatingip-associate dcb48f7f-cb4c-4289-a27b-62b4e3399647 8abd9e5c-cd31-4228-8165-29d2781b272b
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Associated floating IP dcb48f7f-cb4c-4289-a27b-62b4e3399647
(osclient) cloud@dev1:~/osclient$
(osclient) cloud@dev1:~/osclient$ neutron port-update 6a433072-2fe0-4c9a-b3bb-590b7c17136f --allowed_address_pairs list=true type=dict ip_address=10.10.10.200
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Updated port: 6a433072-2fe0-4c9a-b3bb-590b7c17136f
(osclient) cloud@dev1:~/osclient$
4. Testing :
(osclient) cloud@dev1:~/osclient$ curl 172.24.4.12
vrrp-master
(osclient) cloud@dev1:~/osclient$