没法绑定浮动ip

floating IP 能够让外网直接访问租户网络中的 instance。这是通过在 router 上应用 iptalbes 的 NAT 规则实现的。
floating IP 是配置在 router 的外网 interface 上的，而非 instance，这一点需要特别注意。

1、controller控制节点

# cd /etc/sysconfig/network-scripts/
# cp ifcfg-eth0 ifcfg-eth1
[root@controller network-scripts]# cat ifcfg-eth1
TYPE="Ethernet"
BOOTPROTO=static
NAME=eth1
DEVICE=eth1
ONBOOT="yes"
IPADDR=10.0.0.131
NETMASK=255.255.255.0# ifup eth1
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini  ml2_type_flat flat_networks  provider,private
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  linux_bridge physical_interface_mappings  provider:eth0,private:eth1
# systemctl restart neutron-server.service neutron-linuxbridge-agent.service
# openstack-config --set /etc/neutron/neutron.conf  DEFAULT service_plugins router
# openstack-config --set /etc/neutron/neutron.conf  DEFAULT allow_overlapping_ips true
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini  ml2 type_drivers  flat,vlan,vxlan
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini  ml2 mechanism_drivers  linuxbridge,l2population
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini  ml2 tenant_network_types vxlan,vlan,flat
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini  ml2_type_vxlan vni_ranges 1:10000
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan enable_vxlan  True
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan local_ip 10.0.0.14
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan l2_population  True
# openstack-config --set /etc/neutron/l3_agent.ini  DEFAULT interface_driver linuxbridge
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan local_ip 10.0.0.131
# openstack-config --set /etc/neutron/l3_agent.ini  DEFAULT external_network_bridge
# systemctl restart neutron-server.service \
>   neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
>   neutron-metadata-agent.service neutron-l3-agent.service# systemctl enable neutron-l3-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service to /usr/lib/systemd/system/neutron-l3-agent.service.# systemctl status neutron-l3-agent.service
● neutron-l3-agent.service - OpenStack Neutron Layer 3 AgentLoaded: loaded (/usr/lib/systemd/system/neutron-l3-agent.service; enabled; vendor preset: disabled)Active: active (running) since 一 2020-03-30 11:02:12 CST; 1min 46s agoMain PID: 492 (/usr/bin/python)CGroup: /system.slice/neutron-l3-agent.service└─492 /usr/bin/python2 /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf ...3月 30 11:02:12 controller systemd[1]: Started OpenStack Neutron Layer 3 Agent.

2、compute计算节点

# cd /etc/sysconfig/network-scripts/
# cp ifcfg-eth0 ifcfg-eth1# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  linux_bridge physical_interface_mappings  provider:eth0,private:eth1
# systemctl restart neutron-linuxbridge-agent.service
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan enable_vxlan  True
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan local_ip 10.0.0.16
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan l2_population  True
# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan local_ip 10.0.0.132
# systemctl restart neutron-linuxbridge-agent.service# systemctl status neutron-linuxbridge-agent.service
● neutron-linuxbridge-agent.service - OpenStack Neutron Linux Bridge AgentLoaded: loaded (/usr/lib/systemd/system/neutron-linuxbridge-agent.service; enabled; vendor preset: disabled)Active: active (running) since 一 2020-03-30 11:04:58 CST; 9s agoProcess: 3905 ExecStartPre=/usr/bin/neutron-enable-bridge-firewall.sh (code=exited, status=0/SUCCESS)Main PID: 3912 (/usr/bin/python)Tasks: 1CGroup: /system.slice/neutron-linuxbridge-agent.service└─3912 /usr/bin/python2 /usr/bin/neutron-linuxbridge-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plug...3月 30 11:04:58 compute systemd[1]: Starting OpenStack Neutron Linux Bridge Agent...
3月 30 11:04:58 compute neutron-enable-bridge-firewall.sh[3905]: net.bridge.bridge-nf-call-iptables = 1
3月 30 11:04:58 compute neutron-enable-bridge-firewall.sh[3905]: net.bridge.bridge-nf-call-ip6tables = 1
3月 30 11:04:58 compute systemd[1]: Started OpenStack Neutron Linux Bridge Agent.
3月 30 11:04:59 compute sudo[3953]:  neutron : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/neutron-rootwrap /etc/neutron/rootwrap.conf privsep-helper --config-file /usr/share/neutron/neutr...
3月 30 11:05:01 compute sudo[4008]:  neutron : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/neu