この記事は約34分20秒で読むことができます。

ホストosの物理NICを仮想ブリッジovsswitchのポートにマッピングした話

参考文献

第35回 Open vSwitchで作るDockerのネットワーク(OVSで構築する編) (1/6)  

環境情報

コード表示

[oracle@centos ~]$ cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core) 

ホストOSのNIC設定の確認

backupとる

コード表示

[oracle@centos ~]$ cd /etc/sysconfig/network-scripts/
[oracle@centos network-scripts]$ sudo cp ifcfg-eno1{,_org}
[sudo] oracle のパスワード:
[oracle@centos network-scripts]$ ll | grep ifcfg
-rw-r--r--. 1 root root   362  5月 22 22:21 ifcfg-eno1
-rw-r--r--. 1 root root   362  5月 22 22:27 ifcfg-eno1_org
-rw-r--r--. 1 root root   254  1月  3  2018 ifcfg-lo
[oracle@centos network-scripts]$ cat ifcfg-eno1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eno1
UUID=7ef69816-15e8-4460-8e0d-8a2b1ab94d16
DEVICE=eno1
ONBOOT=yes
IPADDR=192.168.1.109
PREFIX=24
GATEWAY=192.168.1.1
IPV6_PRIVACY=no
DNS1=192.168.1.1

ネットワーク確認

コード表示

[oracle@centos network-scripts]$ ip a show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno1:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:d8:61:2c:f1:5b brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.109/24 brd 192.168.1.255 scope global noprefixroute eno1
       valid_lft forever preferred_lft forever
    inet6 fe80::865a:b7c8:6a76:1722/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: docker0:  mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:0e:bb:5e:8c brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
4: virbr0:  mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:ba:d5:c4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
5: virbr0-nic:  mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:ba:d5:c4 brd ff:ff:ff:ff:ff:ff
[oracle@centos network-scripts]$ brctl show
bridge name	bridge id		STP enabled	interfaces
docker0		8000.02420ebb5e8c	no		
virbr0		8000.525400bad5c4	yes		virbr0-nic

[oracle@centos network-scripts]$ sudo iptables -t nat -L -n | grep -A 10 "Chain POSTROUTING"
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
RETURN     all  --  192.168.122.0/24     224.0.0.0/24        
RETURN     all  --  192.168.122.0/24     255.255.255.255     
MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24    
POSTROUTING_direct  all  --  0.0.0.0/0            0.0.0.0/0           
POSTROUTING_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
POSTROUTING_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           

openvswitchいんすこ

ミスったーと思った時、sudo systemctl disable openvswitchとかsudo systemctl stop openvswitchとかしないと外に出れなくなる。

コード表示

[oracle@centos ~]$ sudo yum install -y centos-release-openstack-ocata
[sudo] oracle のパスワード:
読み込んだプラグイン:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp-srv2.kddilabs.jp
 * centos-qemu-ev: ftp-srv2.kddilabs.jp
 * epel: ftp.riken.jp
 * extras: ftp-srv2.kddilabs.jp
 * updates: ftp-srv2.kddilabs.jp
パッケージ centos-release-openstack-ocata-1-2.el7.noarch はインストール済みか最新バージョンです
何もしません
[oracle@centos ~]$ sudo yum install -y openvswitch
読み込んだプラグイン:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp-srv2.kddilabs.jp
 * centos-qemu-ev: ftp-srv2.kddilabs.jp
 * epel: ftp.riken.jp
 * extras: ftp-srv2.kddilabs.jp
 * updates: ftp-srv2.kddilabs.jp
パッケージ 1:openvswitch-2.9.0-3.el7.x86_64 はインストール済みか最新バージョンです
何もしません
[oracle@centos ~]$ sudo ovs-vsctl -V
ovs-vsctl (Open vSwitch) 2.9.0
DB Schema 7.15.1
[oracle@centos ~]$ sudo systemctl status openvswitch
● openvswitch.service - Open vSwitch
   Loaded: loaded (/usr/lib/systemd/system/openvswitch.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
[oracle@centos ~]$ sudo systemctl start openvswitch
[oracle@centos ~]$ sudo systemctl status openvswitch
● openvswitch.service - Open vSwitch
   Loaded: loaded (/usr/lib/systemd/system/openvswitch.service; disabled; vendor preset: disabled)
   Active: active (exited) since 水 2019-05-22 22:55:56 JST; 2s ago
  Process: 5615 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
 Main PID: 5615 (code=exited, status=0/SUCCESS)

 5月 22 22:55:56 centos systemd[1]: Starting Open vSwitch...
 5月 22 22:55:56 centos systemd[1]: Started Open vSwitch.
[oracle@centos ~]$ systemctl list-unit-files  -t service | grep openvswitch
openvswitch.service                           disabled
[oracle@centos ~]$ sudo ovs-vsctl show
789902ab-8f55-4e58-a50a-5b85b8323df9
    ovs_version: "2.9.0"

ホストOSの物理NIC設定ファイルを編集

ホストOSの物理NICを作成した仮想ブリッジのポートにぶすっとさすイメージ

コード表示

[oracle@centos ~]$ cd /etc/sysconfig/network-scripts/
[oracle@centos network-scripts]$ ll | grep ifcfg
-rw-r--r--. 1 root root   362  5月 22 22:21 ifcfg-eno1
-rw-r--r--. 1 root root   362  5月 22 22:27 ifcfg-eno1_org
-rw-r--r--. 1 root root   254  1月  3  2018 ifcfg-lo
[oracle@centos network-scripts]$ cat ifcfg-eno1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eno1
UUID=7ef69816-15e8-4460-8e0d-8a2b1ab94d16
DEVICE=eno1
ONBOOT=yes
IPADDR=192.168.1.109
PREFIX=24
GATEWAY=192.168.1.1
IPV6_PRIVACY=no
DNS1=192.168.1.1
[oracle@centos network-scripts]$ cat ifcfg-eno1
TYPE=OVSPort
HWADDR=00:d8:61:2c:f1:5b
NAME=eno1
DEVICE=eno1
ONBOOT=yes
DEVICETYPE=eno1
NM_CONTROLLED=no
OVS_BRIDGE=brd1
[oracle@centos network-scripts]$ diff -y ifcfg-eno1{,_org}
TYPE=OVSPort						      |	TYPE=Ethernet
HWADDR=00:d8:61:2c:f1:5b				      |	PROXY_METHOD=none
							      >	BROWSER_ONLY=no
							      >	BOOTPROTO=none
							      >	DEFROUTE=yes
							      >	IPV4_FAILURE_FATAL=no
							      >	IPV6INIT=yes
							      >	IPV6_AUTOCONF=yes
							      >	IPV6_DEFROUTE=yes
							      >	IPV6_FAILURE_FATAL=no
							      >	IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eno1							NAME=eno1
							      >	UUID=7ef69816-15e8-4460-8e0d-8a2b1ab94d16
DEVICE=eno1							DEVICE=eno1
ONBOOT=yes							ONBOOT=yes
DEVICETYPE=eno1						      |	IPADDR=192.168.1.109
NM_CONTROLLED=no					      |	PREFIX=24
OVS_BRIDGE=brd1						      |	GATEWAY=192.168.1.1
							      >	IPV6_PRIVACY=no
							      >	DNS1=192.168.1.1

ホストOSの仮想ブリッチNIC設定ファイルを編集

編集後reboot

コード表示

[oracle@centos network-scripts]$ cat ifcfg-brd1
DEVICE=brd1
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
IPADDR=192.168.1.109
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
ONBOOT=yes

ネットワーク確認

コード表示

[oracle@centos ~]$ ip a show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno1:  mtu 1500 qdisc pfifo_fast master ovs-system state UP group default qlen 1000
    link/ether 00:d8:61:2c:f1:5b brd ff:ff:ff:ff:ff:ff
    inet6 fe80::2d8:61ff:fe2c:f15b/64 scope link 
       valid_lft forever preferred_lft forever
3: ovs-system:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether ce:01:71:54:d2:a9 brd ff:ff:ff:ff:ff:ff
4: brd1:  mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 00:d8:61:2c:f1:5b brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.109/24 brd 192.168.1.255 scope global brd1
       valid_lft forever preferred_lft forever
    inet6 fe80::6ca5:f4ff:fe28:eb46/64 scope link 
       valid_lft forever preferred_lft forever
5: docker0:  mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:85:ca:4d:84 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
6: virbr0:  mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:ba:d5:c4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
7: virbr0-nic:  mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:ba:d5:c4 brd ff:ff:ff:ff:ff:ff
[oracle@centos ~]$ brctl show
bridge name	bridge id		STP enabled	interfaces
docker0		8000.024285ca4d84	no		
virbr0		8000.525400bad5c4	yes		virbr0-nic
[oracle@centos ~]$ sudo iptables -t nat -L -n | grep -A 10 "Chain POSTROUTING"
[sudo] oracle のパスワード:
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
RETURN     all  --  192.168.122.0/24     224.0.0.0/24        
RETURN     all  --  192.168.122.0/24     255.255.255.255     
MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24    
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
POSTROUTING_direct  all  --  0.0.0.0/0            0.0.0.0/0           
POSTROUTING_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
POSTROUTING_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           


[oracle@centos ~]$ sudo ovs-vsctl show
789902ab-8f55-4e58-a50a-5b85b8323df9
    Bridge "brd1"
        Port "eno1"
            Interface "eno1"
        Port "brd1"
            Interface "brd1"
                type: internal
    ovs_version: "2.9.0"

疎通確認

コード表示

[oracle@centos ~]$ ping -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=53 time=6.13 ms

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 6.137/6.137/6.137/0.000 ms

元に戻すとき

コード表示

[oracle@centos ~]$ cd /etc/sysconfig/network-scripts/
[oracle@centos network-scripts]$ sudo cp ifcfg-eno1_org ifcfg-eno1
[oracle@centos network-scripts]$ sudo ovs-vsctl del-br br1
[oracle@centos network-scripts]$ sudo rm ifcfg-brd1
[oracle@centos network-scripts]$ reboot
[oracle@centos ~]$ ip a show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno1:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:d8:61:2c:f1:5b brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.109/24 brd 192.168.1.255 scope global noprefixroute eno1
       valid_lft forever preferred_lft forever
    inet6 fe80::865a:b7c8:6a76:1722/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: docker0:  mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:b2:2c:2a:85 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
4: virbr0:  mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:ba:d5:c4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
5: virbr0-nic:  mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:ba:d5:c4 brd ff:ff:ff:ff:ff:ff
[oracle@centos ~]$ brctl show
bridge name	bridge id		STP enabled	interfaces
docker0		8000.0242b22c2a85	no		
virbr0		8000.525400bad5c4	yes		virbr0-nic
[oracle@centos ~]$ sudo systemctl status openvswitch
● openvswitch.service - Open vSwitch
   Loaded: loaded (/usr/lib/systemd/system/openvswitch.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
[oracle@centos ~]$ systemctl list-unit-files  -t service | grep openvswitch
openvswitch.service                           disabled
[oracle@centos ~]$ sudo ovs-vsctl show
[sudo] oracle のパスワード:
ovs-vsctl: unix:/var/run/openvswitch/db.sock: database connection failed (No such file or directory)

Leave a Reply

Your email address will not be published. Required fields are marked *