1-1.kickstartファイルの作成

vi c76min.ks

cmdline
install
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8

# Network information
network  --bootproto=dhcp --device=eth0 --onboot=on --noipv6 --activate
#network  --bootproto=static --device=eth0 --ip=192.168.0.100 --netmask=255.255.255.0 --gateway=192.168.0.1 --nameserver=192.168.0.1 --noipv6 --activate
network  --bootproto=static --device=eth1 --ip=192.168.1.100 --netmask=255.255.255.0 --noipv6
network  --hostname=c7623.local.com

zerombr
bootloader --location=mbr --boot-drive=vda --append="crashkernel=auto biosdevname=0 net.ifnames=0 console=tty0 console=ttyS0,115200n8"
clearpart --none --initlabel

# Disk partitioning information
part /boot --ondisk=vda --size=1024 --fstype="xfs"
part pv.1  --ondisk=vda --size=1024 --grow
volgroup centos --pesize=4096 pv.1
logvol swap  --fstype="swap" --name=swap --vgname=centos --recommended
logvol /     --fstype="xfs"  --name=root --vgname=centos --size=1024 --grow

# Root password
rootpw --plaintext TESTPASSWORD
# System timezone
timezone Asia/Tokyo --isUtc --nontp
user --groups=wheel --name=user1 --password=TESTPASSWORD --plaintext
# X Window System configuration information
xconfig  --startxonboot

%packages
@^minimal
@core
kexec-tools
chrony

%end
reboot --eject

1-2.qcow2ファイルの作成

qemu-img create -f qcow2 /var/lib/libvirt/images/c7623.qcow2 20G

1-3.virt-installの実行

virt-install --connect=qemu:///system \
 --name=c7623 \
 --disk /var/lib/libvirt/images/c7623.qcow2,format=qcow2,bus=virtio \
 --network bridge=virbr0,model=virtio \
 --network network=ovsnw,portgroup=vlan301,model=virtio \
 --initrd-inject=./c76min.ks \
 --extra-args='ks=file:/c76min.ks biosdevname=0 net.ifnames=0 console=tty0 console=ttyS0,115200n8' \
 --vcpus=1 \
 --ram=1024 \
 --accelerate \
 --hvm \
 --location='/var/lib/libvirt/images/CentOS-7-x86_64-DVD-1810.iso' \
 --nographics \
 --os-type=linux \
 --os-variant=centos7.0 \
 --arch=x86_64

1-4.補足

上記1-3のvirt-installコマンドのうち、

 --network network=ovsnw,portgroup=vlan301,model=virtio \

の部分は
以下のようにovsにてスイッチを作成し、net-defineによって定義した場合の設定となります。

vi /tmp/ovsnw.xml

<network>
<name>ovsnw
<forward mode='bridge'/>
<bridge name='ovsbr0'/>
<virtualport type='openvswitch'/>
<portgroup name='untag' default='yes'>
</portgroup>
<portgroup name='vlan11'>
  <vlan>
    <tag id='11'/>
  </vlan>
</portgroup>
<portgroup name='vlan300'>
  <vlan>
    <tag id='300'/>
  </vlan>
</portgroup>
<portgroup name='vlan301'>
  <vlan>
    <tag id='301'/>
  </vlan>
</portgroup>
<portgroup name='vlan302'>
  <vlan>
    <tag id='302'/>
  </vlan>
</portgroup>
</network>

virsh net-define /tmp/ovsnw.xml
virsh net-start ovsnw
virsh net-autostart ovsnw
virsh net-list

2-1.kickstartファイルの作成

vi c76gui.ks

cmdline
install
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8

# Network information
network  --bootproto=dhcp --device=eth0 --onboot=on --noipv6 --activate
#network  --bootproto=static --device=eth0 --ip=192.168.0.100 --netmask=255.255.255.0 --gateway=192.168.0.1 --nameserver=192.168.0.1 --noipv6 --activate
network  --bootproto=static --device=eth1 --ip=192.168.1.100 --netmask=255.255.255.0 --noipv6
network  --hostname=c7625.local.com

zerombr
bootloader --location=mbr --boot-drive=vda --append="crashkernel=auto biosdevname=0 net.ifnames=0 console=tty0 console=ttyS0,115200n8"
clearpart --none --initlabel

# Disk partitioning information
part /boot --ondisk=vda --size=1024 --fstype="xfs"
part pv.1  --ondisk=vda --size=1024 --grow
volgroup centos --pesize=4096 pv.1
logvol swap  --fstype="swap" --name=swap --vgname=centos --recommended
logvol /     --fstype="xfs"  --name=root --vgname=centos --size=1024 --grow

# Root password
rootpw --plaintext TESTPASSWORD
# System timezone
timezone Asia/Tokyo --isUtc --nontp
user --groups=wheel --name=user1 --password=TESTPASSWORD --plaintext
# X Window System configuration information
xconfig  --startxonboot

%packages
@^graphical-server-environment
@base
@core
@desktop-debugging
@development
@fonts
@gnome-desktop
@guest-agents
@guest-desktop-agents
@hardware-monitoring
@input-methods
@internet-browser
@virtualization-client
@virtualization-hypervisor
@virtualization-tools
@x11

%end
reboot --eject

2-2.qcow2ファイルの作成

qemu-img create -f qcow2 /var/lib/libvirt/images/c7625.qcow2 20G

2-3.virt-installの実行

virt-install --connect=qemu:///system \
 --name=c7625 \
 --disk /var/lib/libvirt/images/c7625.qcow2,format=qcow2,bus=virtio \
 --network bridge=virbr0,model=virtio \
 --network network=ovsnw,portgroup=vlan301,model=virtio \
 --initrd-inject=./c76gui.ks \
 --extra-args='ks=file:/c76gui.ks biosdevname=0 net.ifnames=0 console=tty0 console=ttyS0,115200n8' \
 --vcpus=1 \
 --ram=1024 \
 --accelerate \
 --hvm \
 --location='/var/lib/libvirt/images/CentOS-7-x86_64-DVD-1810.iso' \
 --nographics \
 --os-type=linux \
 --os-variant=centos7.0 \
 --arch=x86_64

3-1.kickstartファイルの作成

作業用PCのテキストエディタなどで作成してください。*1

#version=DEVEL
# X Window System configuration information
xconfig  --startxonboot
# License agreement
eula --agreed
# Use CDROM installation media
cdrom
# Use graphical install
graphical
# Run the Setup Agent on first boot
firstboot --enable
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8

ignoredisk --only-use=sda
# Network information
network  --bootproto=static --device=eno1 --ip=192.168.0.100 --netmask=255.255.255.0 --gateway=192.168.0.1 --nameserver=192.168.0.1 --noipv6 --activate
network  --hostname=c765.local.com
#network  --bootproto=dhcp --device=eno2 --onboot=off --ipv6=auto
#network  --bootproto=dhcp --device=eno3 --onboot=off --ipv6=auto
#network  --bootproto=dhcp --device=eno4 --onboot=off --ipv6=auto
#network  --bootproto=dhcp --device=ens1f0 --onboot=off --ipv6=auto
#network  --bootproto=dhcp --device=ens1f1 --onboot=off --ipv6=auto

# Reboot after installation
reboot --eject
# Root password
rootpw --plaintext TESTPASSWORD
# System timezone
timezone Asia/Tokyo --isUtc --nontp
user --groups=wheel --name=user1 --password=TESTPASSWORD
# System bootloader configuration
bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=sda
# Partition clearing information
clearpart --all --initlabel --drives=sda
# Disk partitioning information
part pv.105 --fstype="lvmpv" --ondisk=sda --size=1    --grow
part /boot  --fstype="xfs"   --ondisk=sda --size=1024
volgroup centos --pesize=4096 pv.105
logvol /     --fstype="xfs"  --name=root --vgname=centos --size=1    --grow
logvol swap  --fstype="swap" --name=swap --vgname=centos --size=4096

%packages
@^graphical-server-environment
@base
@core
@desktop-debugging
@development
@dial-up
@fonts
@gnome-desktop
@guest-agents
@guest-desktop-agents
@hardware-monitoring
@input-methods
@internet-browser
@multimedia
@print-client
@virtualization-client
@virtualization-hypervisor
@virtualization-tools
@x11
kexec-tools
%end

%addon com_redhat_kdump --enable --reserve-mb=auto
%end

%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end

ファイル名をks.cfgとして、isoやimgファイルなどにイメージ化してください。
ここではイメージ化後のファイル名をks.imgとします。

3-2.イメージファイルのセット

上図のうち、以下のようにイメージファイルをセットします。

3-3.起動オプションの設定とインストールの実行

筐体を起動後、上図が表示されたら
Install CentOS 7を選択し、Tabキーを入力してください。
次に起動オプションの入力を促されるので、以下の通り入力してください。

inst.ks=hd:sdb:/ks.cfg

以下のようにインストールが始まれば、あとは待つだけです。

以上です。

1-1.VMWare

筐体                             : 自作PC(Win10pro)
CPU                    　　　    : Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz
VMWare　　　　　　　　　　　　　 : VMware(R) Workstation 15 Pro 15.1.0 build-13591040  
OS                               : CentOS7.6(1810)
Kernel                           : 3.10.0-957.el7.x86_64
Installed Environment Groups     : Minimal Install

ベアメタル環境でも同様に設定可能です。

1-2.全体構成

上図のうちdocker0はDefaultで作成されています。
また、docker0はNATして外部ネットワークに接続されています。私の用途としては、コンテナ上でyumなどを行いたい場合のInternet接続用マネジメントインターフェースとして使用しています。*2

しかし、KVMライクにDockerコンテナを使用したいので、今回行う設定は(1)～(9)となります。
(1)(2)(5)(6)(7)：nmcliコマンド
(3)(4)(8)(9)：dockerコマンド
となります。

1-2.全体の流れ ～概要～

• LinuxBridge併用の場合：(1)～(9)
• dockerコマンドのみの場合：(3)(4)(8)(9)

　※
　流れというよりも、それぞれ別々の設定となります。

1-3.全体の流れ ～コマンドのみ～

以下のコマンドを投入していきます。
やりたいことが既に決まっている方は、構成図とコマンドの内容を見るだけでもよいと思います。

1.LinuxBridge併用の場合
(1)
nmcli connection add type bridge autoconnect yes con-name br0 ifname br0
nmcli connection modify br0 bridge.stp no
nmcli connection modify br0 ipv6.method ignore
nmcli connection modify br0 ipv4.method manual ipv4.addresses 192.168.30.202/24
nmcli connection up br0
nmcli con show
brctl show

(2)
nmcli connection add type ethernet autoconnect yes con-name ens34 ifname ens34
nmcli connection modify ens34 connection.master br0 connection.slave-type bridge
nmcli connection up ens34
nmcli con show
brctl show

(3)
docker network create -d bridge \
--subnet=192.168.30.0/24 \
--ip-range=192.168.30.0/25 \
--gateway=192.168.30.202 \
--opt com.docker.network.bridge.name=br0 \
br0

(コンテナ起動)
docker run -itd \
--privileged \
--network bridge \
--name dkc1 \
centos \
/sbin/init

(4)
docker network connect br0 dkc1 \
--ip=192.168.30.100

(5)
nmcli connection add type bridge autoconnect yes con-name br301 ifname br301
nmcli connection modify br301 bridge.stp no
nmcli connection modify br301 ipv6.method ignore
nmcli connection modify br301 ipv4.method manual ipv4.addresses 192.168.31.202/24
nmcli connection up br301
nmcli con show
brctl show

(6)
nmcli connection add type vlan autoconnect yes con-name ens34.301 ifname ens34.301 dev ens34 id 301
nmcli con show
brctl show

(7)
nmcli connection modify ens34.301 connection.master br301 connection.slave-type bridge
nmcli connection up ens34.301
nmcli con show
brctl show

(8)
docker network create -d bridge \
--subnet=192.168.31.0/24 \
--ip-range=192.168.31.0/25 \
--gateway=192.168.31.202 \
--opt com.docker.network.bridge.name=br301 \
br301

(コンテナ起動)
docker run -itd \
--privileged \
--network bridge \
--name dkc2 \
centos \
/sbin/init

(9)
docker network connect br301 dkc2 \
--ip=192.168.31.100

2.dockerコマンドのみの場合
(3)
docker network create -d macvlan \
--subnet=192.168.30.0/24 \
--ip-range=192.168.30.0/25 \
--gateway=192.168.30.254 \
-o parent=ens34 br0

(コンテナ起動)
docker run -itd \
--privileged \
--network bridge \
--name dkc1 \
centos \
/sbin/init

(4)
docker network connect br0 dkc1 \
--ip=192.168.30.100

(8)
docker network create -d macvlan \
--subnet=192.168.31.0/24 \
--ip-range=192.168.31.0/25 \
--gateway=192.168.31.254 \
-o parent=ens34.301 br301

(コンテナ起動)
docker run -itd \
--privileged \
--network bridge \
--name dkc2 \
centos \
/sbin/init

(9)
docker network connect br301 dkc2 \
--ip=192.168.31.100

＜コンテナ起動コマンドについて補足＞
「--network bridge」について、Default定義NWとユーザ定義NWを2つ同時にアタッチしようとすると、以下のようにエラーで弾かれます。このため、まずはDefault定義NWを設定しています。

[root@c76dk01 ~]# docker run -itd \
> --privileged \
> --network bridge \
> --network br0 \
> --name dkc3 \
> c76 \
> /sbin/init
docker: conflicting options: cannot attach both user-defined and non-user-defined network-modes.
See 'docker run --help'.
[root@c76dk01 ~]#

2-1.通常のBridge

nmcliコマンドによりBridgeインターフェースを作成し、コンテナのNICをLinuxBridgeにアタッチします。
(1)(2)Bridgeインターフェースbr0の作成＋ens34をbr0にアタッチ
(3)dockerコマンドにてbr0を作成*3
(4)br0にコンテナdkc1のeth1をアタッチ＋IP設定

(1)(2)Bridgeインターフェースbr0の作成＋ens34をbr0にアタッチ
(1)と(2)は過去記事などを参照してください。

投入コマンド
(1)
nmcli connection add type bridge autoconnect yes con-name br0 ifname br0
nmcli connection modify br0 bridge.stp no
nmcli connection modify br0 ipv6.method ignore
nmcli connection modify br0 ipv4.method manual ipv4.addresses 192.168.30.202/24
nmcli connection up br0
nmcli con show
brctl show
(2)
nmcli connection add type ethernet autoconnect yes con-name ens34 ifname ens34
nmcli connection modify ens34 connection.master br0 connection.slave-type bridge
nmcli connection up ens34
nmcli con show
brctl show

出力例
以下のように出力されていればOKです。
[root@c76dk01 ~]# nmcli con show
NAME       UUID                                  TYPE      DEVICE
br0        5c7da373-af73-4cda-a420-7949eeb6974e  bridge    br0
docker0    227bbb74-0c07-447a-99ec-5f84c6bf61c0  bridge    docker0
ens33      2f7e32c0-adfd-41b1-9698-dff6406af75d  ethernet  ens33
ens34      2849b0b6-1c27-4293-81b3-a07068feb36c  ethernet  ens34

br0が作成され、物理インターフェースens34にもアタッチされます。

(3)dockerコマンドにてbr0を作成

投入コマンド
(3)
docker network create -d bridge \
--subnet=192.168.30.0/24 \
--ip-range=192.168.30.0/25 \
--gateway=192.168.30.202 \
--opt com.docker.network.bridge.name=br0 \
br0

出力例
[root@c76dk01 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
ebc2a0612742        br0                 bridge              local
a6ae25cd104e        bridge              bridge              local
f51b9d166f07        host                host                local
d1023dacb10b        none                null                local

[root@c76dk01 ~]# docker network inspect br0
[
    {
        "Name": "br0",
        "Id": "ebc2a0612742e6b2529fde112c5b2cb465abb6d27fe8623c20b92c7242d573bb",
        "Created": "2019-06-16T18:22:29.649525689+09:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.30.0/24",
                    "IPRange": "192.168.30.0/25",
                    "Gateway": "192.168.30.202"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {
            "com.docker.network.bridge.name": "br0"
        },
        "Labels": {}
    }
]

(4)br0にコンテナdkc1のeth1をアタッチ＋IP設定
続いてコンテナを起動し、コンテナNICのeth1をbr0にアタッチさせます。

投入コマンド
(コンテナ起動)
docker run -itd \
--privileged \
--network bridge \
--name dkc1 \
centos \
/sbin/init

(4)
docker network connect br0 dkc1 \
--ip=192.168.30.100

出力例
[root@c76dk01 ~]# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.000c29d40546       no              ens34
                                                        veth41095a7
docker0         8000.0242f2b40eff       no              veth24c4ace

[root@c76dk01 ~]# docker network inspect br0
[
    {
        "Name": "br0",
        "Id": "e14f9d9ab5f236adee0bfbe95760272e3bfa5d0371804b1bb880164eb7b85c3f",
        "Created": "2019-06-16T18:44:09.13402567+09:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.30.0/24",
                    "IPRange": "192.168.30.0/25",
                    "Gateway": "192.168.30.202"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "b4ec13912196828e074ed21ab4a349afb93a816cf6788f563f36c9e0708a00a5": {
                "Name": "dkc1",
                "EndpointID": "3ddb6c7fd885c94d75d3e7bfbf37facc37778bffb01e7eeee02d42f790bba718",
                "MacAddress": "02:42:c0:a8:1e:64",
                "IPv4Address": "192.168.30.100/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.name": "br0"
        },
        "Labels": {}
    }
]

2-2.VlanTagを付ける場合のBridge

nmcliコマンドによりVlan＋Bridgeインターフェースを作成し、コンテナのNICをLinuxBridgeにアタッチします。
トラフィックがVlanインターフェースens34.301を通過する際に以下の挙動となります。

(5)(6)(7)Vlanインターフェースens34.301＋Bridgeインターフェースbr301の作成＋ens34.301をbr301にアタッチ
(8)dockerコマンドにてbr301を作成
(9)br301にコンテナdkc2のeth1をアタッチ＋IP設定

(5)(6)(7)Vlanインターフェースens34.301＋Bridgeインターフェースbr301の作成＋ens34.301をbr301にアタッチ
(1)(2)と同様に過去記事などを参照してください。

投入コマンド
(5)
nmcli connection add type bridge autoconnect yes con-name br301 ifname br301
nmcli connection modify br301 bridge.stp no
nmcli connection modify br301 ipv6.method ignore
nmcli connection modify br301 ipv4.method manual ipv4.addresses 192.168.31.202/24
nmcli connection up br301
nmcli con show
brctl show

(6)
nmcli connection add type vlan autoconnect yes con-name ens34.301 ifname ens34.301 dev ens34 id 301
nmcli con show
brctl show

(7)
nmcli connection modify ens34.301 connection.master br301 connection.slave-type bridge
nmcli connection up ens34.301
nmcli con show
brctl show

出力例
以下のように出力されていればOKです。
[root@c76dk01 ~]# nmcli con show
NAME       UUID                                  TYPE      DEVICE
br0        5c7da373-af73-4cda-a420-7949eeb6974e  bridge    br0
br301      07f444fd-18d5-47a8-a721-39696d4fb0c6  bridge    br301
docker0    d3c2e742-6653-4d56-8b75-10d7f178fc41  bridge    docker0
ens33      2f7e32c0-adfd-41b1-9698-dff6406af75d  ethernet  ens33
ens34      2849b0b6-1c27-4293-81b3-a07068feb36c  ethernet  ens34
ens34.301  9e5eb500-f432-41fb-b72a-2492567a98c4  vlan      ens34.301

br301が作成され、VLANインターフェースens34.301にもアタッチされます。

(8)dockerコマンドにてbr301を作成

投入コマンド
(8)
docker network create -d bridge \
--subnet=192.168.31.0/24 \
--ip-range=192.168.31.0/25 \
--gateway=192.168.31.202 \
--opt com.docker.network.bridge.name=br301 \
br301

出力例
[root@c76dk01 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
e14f9d9ab5f2        br0                 bridge              local
ce879f2b276f        br301               bridge              local
a6ae25cd104e        bridge              bridge              local
f51b9d166f07        host                host                local
d1023dacb10b        none                null                local

[root@c76dk01 ~]# docker network inspect br301
[
    {
        "Name": "br301",
        "Id": "ce879f2b276f71ca45f6f09b993d561f42b3297b40d2964b1518ef64280dfd0f",
        "Created": "2019-06-16T19:08:44.613109443+09:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.31.0/24",
                    "IPRange": "192.168.31.0/25",
                    "Gateway": "192.168.31.202"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {
            "com.docker.network.bridge.name": "br301"
        },
        "Labels": {}
    }
]

(9)br301にコンテナdkc2のeth1をアタッチ＋IP設定
続いてコンテナを起動し、コンテナNICのeth1をbr301にアタッチさせます。

投入コマンド
(コンテナ起動)
docker run -itd \
--privileged \
--network bridge \
--name dkc2 \
centos \
/sbin/init

(4)
docker network connect br301 dkc2 \
--ip=192.168.31.100

出力例
[root@c76dk01 ~]# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.000c29d40546       no              ens34
                                                        veth41095a7
br301           8000.000c29d40546       no              ens34.301
                                                        veth2d8f44e
docker0         8000.0242f2b40eff       no              veth24c4ace
                                                        veth2cc58e3

[root@c76dk01 ~]# docker network inspect br301
[
    {
        "Name": "br301",
        "Id": "ce879f2b276f71ca45f6f09b993d561f42b3297b40d2964b1518ef64280dfd0f",
        "Created": "2019-06-16T19:08:44.613109443+09:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.31.0/24",
                    "IPRange": "192.168.31.0/25",
                    "Gateway": "192.168.31.202"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "2ae29b5d870975ad25f86c674113ea4ef6db077f88c9de13c35d3b9f4dc94ecc": {
                "Name": "dkc2",
                "EndpointID": "0d46e4d5f92e68613096c8103714cf90fafde1ff3145c156cc6a9b76b66dc8fa",
                "MacAddress": "02:42:c0:a8:1f:64",
                "IPv4Address": "192.168.31.100/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.name": "br301"
        },
        "Labels": {}
    }
]

以上がLinuxBridge併用の場合となります。

3-1.通常のBridge

dockerコマンドによりBridgeネットワークを作成し、ens34にアタッチします。
(3)dockerコマンドにてbr0を作成
(4)br0にコンテナdkc1のeth1をアタッチ＋IP設定

(3)dockerコマンドにてbr0を作成

投入コマンド
(3)
docker network create -d macvlan \
--subnet=192.168.30.0/24 \
--ip-range=192.168.30.0/25 \
--gateway=192.168.30.254 \
-o parent=ens34 br0

出力例
以下のように出力されていればOKです。
[root@c76dk01 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
92bc5bdf05b4        br0                 macvlan             local
a6ae25cd104e        bridge              bridge              local
f51b9d166f07        host                host                local
d1023dacb10b        none                null                local

(4)br0にコンテナdkc1のeth1をアタッチ＋IP設定

投入コマンド
(コンテナ起動)
docker run -itd \
--privileged \
--network bridge \
--name dkc1 \
centos \
/sbin/init

(4)
docker network connect br0 dkc1 \
--ip=192.168.30.100

出力例
[root@c76dk01 ~]# docker network inspect br0
[
    {
        "Name": "br0",
        "Id": "92bc5bdf05b4371123b3562325260de03ad2133a63ee6f50a4380bd1bbeeb220",
        "Created": "2019-06-16T19:27:48.575931685+09:00",
        "Scope": "local",
        "Driver": "macvlan",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.30.0/24",
                    "IPRange": "192.168.30.0/25",
                    "Gateway": "192.168.30.254"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "a86cfcb7c7729c2f5aa0ad1c5cbae1a84229328a1342d5670a7e3eb6159c5f39": {
                "Name": "dkc1",
                "EndpointID": "cbfdff9a7d5fd97cabc408c2a2bbb5766c0192c989952997ab09996e6ba3696c",
                "MacAddress": "02:42:c0:a8:1e:64",
                "IPv4Address": "192.168.30.100/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "parent": "ens34"
        },
        "Labels": {}
    }
]

3-2.VlanTagを付ける場合のBridge

dockerコマンドによりBridgeネットワークとVlanインターフェースを作成し、ens34.301にアタッチします。
(8)dockerコマンドにてbr301とens34.301を作成
(9)br301にコンテナdkc2のeth1をアタッチ＋IP設定

dockerコマンドにてbr301とens34.301を作成

投入コマンド
(8)
docker network create -d macvlan \
--subnet=192.168.31.0/24 \
--ip-range=192.168.31.0/25 \
--gateway=192.168.31.254 \
-o parent=ens34.301 br301

出力例
以下のように出力されていればOKです。
[root@c76dk01 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
92bc5bdf05b4        br0                 macvlan             local
8dd7d4bfec8c        br301               macvlan             local
a6ae25cd104e        bridge              bridge              local
f51b9d166f07        host                host                local
d1023dacb10b        none                null                local

(9)br301にコンテナdkc2のeth1をアタッチ＋IP設定

投入コマンド
(コンテナ起動)
docker run -itd \
--privileged \
--network bridge \
--name dkc2 \
centos \
/sbin/init

(9)
docker network connect br301 dkc2 \
--ip=192.168.31.100

出力例
[root@c76dk01 ~]# docker network inspect br301
[
    {
        "Name": "br301",
        "Id": "8dd7d4bfec8c0717acec3b40bc7cdf3d49ced0e2a2ac0a737d094f1ada2eec8c",
        "Created": "2019-06-16T19:28:00.783746421+09:00",
        "Scope": "local",
        "Driver": "macvlan",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.31.0/24",
                    "IPRange": "192.168.31.0/25",
                    "Gateway": "192.168.31.254"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "9a193996a6928474d792f88b9b72f21fbe8f4b46cd973e8ad2ba39b97d4adcaa": {
                "Name": "dkc2",
                "EndpointID": "279d95c111a3b33a7f8872966d15bd5af5251a4e25d46e31a64772a6930cb1e5",
                "MacAddress": "02:42:c0:a8:1f:64",
                "IPv4Address": "192.168.31.100/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "parent": "ens34.301"
        },
        "Labels": {}
    }
]

以上です。

3-1.NW作成

openstack network create \
--external \
--provider-network-type vlan \
--provider-physical-network physnet1 \
--provider-segment 30 \
GW_NET

3-2.サブネット作成

openstack subnet create \
--subnet-range 10.30.0.0/24 \
--no-dhcp \
--network GW_NET \
--allocation-pool start=10.30.0.128,end=10.30.0.223 \
GW_SNET

3-3.NWをルータにアタッチ

openstack router set \
--external-gateway GW_NET \
DV_RT

3-4.ポートとMACアドレステーブルの確認

#各Bridgeのポート番号を確認
ovs-ofctl show br-ens35
ovs-ofctl show br-int

#各BridgeのMACアドレステーブルを確認
ovs-appctl fdb/show br-ens35
ovs-appctl fdb/show br-int

4-1.NW作成

openstack network create \
SV_NET

4-2.サブネット作成

openstack subnet create \
--subnet-range 192.168.200.0/24 \
--network SV_NET \
--dns-nameserver 8.8.8.8 \
SV_SNET

4-3.NWをルータにアタッチ

openstack router add \
subnet DV_RT \
SV_SNET

5-1.Flavor作成

簡易的なFlavorを作成しておきます。

#Cirros用
openstack flavor create \
--ram 512 \
--disk 1 \
m1

#Ubuntu用
openstack flavor create \
--ram 512 \
--disk 10 \
m2

5-2.インスタンス(srv1)作成

compute01上にsrv1を作成します。

openstack server create \
--flavor m1 \
--image cirros-0.4.0 \
--availability-zone nova:compute01 \
--nic net-id=SV_NET \
srv1

6-1.NW作成

openstack network create \
--provider-network-type vlan \
--provider-physical-network physnet1 \
--provider-segment 300 \
TR_NET

6-2.サブネット作成

openstack subnet create \
--subnet-range 192.168.30.0/24 \
--network TR_NET \
--gateway 192.168.30.254 \
--allocation-pool start=192.168.30.128,end=192.168.30.223 \
--dns-nameserver 8.8.8.8 \
TR_SNET

6-3.親ポートの作成

openstack port create \
--network SV_NET P01

6-4.サブポートの作成

任意ですがDHCPで取得するアドレスを固定にしています。

openstack port create \
--network TR_NET P01_C01 \
--fixed-ip ip-address=192.168.30.100

6-5.Trunkの作成

親ポートとサブポートを関連付けて、Trunkを作成します。

openstack network trunk create \
--parent-port P01 \
--subport port=P01_C01,segmentation-type=vlan,segmentation-id=300 \
TRK1

6-6.MACアドレスの確認

サブポートP01_C01のMACアドレスをメモっておきます。
以下の例の場合、

になります。

openstack port list

root@controller01:~# openstack port list
+--------------------------------------+---------+-------------------+-------------------------------------------------------------------------------+--------+
| ID                                   | Name    | MAC Address       | Fixed IP Addresses                                                            | Status |
+--------------------------------------+---------+-------------------+-------------------------------------------------------------------------------+--------+
| 01ae96f9-c8bd-4149-8f7f-c936d0d038b9 |         | fa:16:3e:33:c7:36 | ip_address='10.30.0.132', subnet_id='e8168d18-ed3c-43d0-a950-9c9a6b635377'    | ACTIVE |
| 2eeb7f80-786c-4ba2-bd53-734da88114fe |         | fa:16:3e:7e:02:41 | ip_address='10.30.0.141', subnet_id='e8168d18-ed3c-43d0-a950-9c9a6b635377'    | ACTIVE |
| 33af164d-654e-4923-8a09-1f41c26fee37 |         | fa:16:3e:55:11:84 | ip_address='192.168.200.1', subnet_id='72151365-841f-4e6c-8b2b-1d9ed2898e7b'  | ACTIVE |
| 40442390-2fe7-4844-95ee-4a43c0296a59 | P01_C01 | fa:16:3e:37:12:36 | ip_address='192.168.30.100', subnet_id='0b313de3-b203-471a-9c26-edfeb8e14880' | ACTIVE |
| 64457abd-f622-4a9a-a61e-ecd9a118731d |         | fa:16:3e:1a:39:83 | ip_address='10.30.0.129', subnet_id='e8168d18-ed3c-43d0-a950-9c9a6b635377'    | ACTIVE |
| 859c401f-0e2e-4d65-8fd2-5e9137d4a3a2 | P01     | fa:16:3e:db:91:fd | ip_address='192.168.200.7', subnet_id='72151365-841f-4e6c-8b2b-1d9ed2898e7b'  | ACTIVE |
| 9872b8b5-c44f-49d9-a547-982949ffd9be |         | fa:16:3e:b7:ac:a1 | ip_address='192.168.30.128', subnet_id='0b313de3-b203-471a-9c26-edfeb8e14880' | ACTIVE |
| bb5d66dc-241d-43ff-95bd-8bf5e9034b9e |         | fa:16:3e:cd:9a:f3 | ip_address='10.30.0.135', subnet_id='e8168d18-ed3c-43d0-a950-9c9a6b635377'    | ACTIVE |
| c5d7fa51-0de0-49bf-92b3-00d3e7b3c7d1 |         | fa:16:3e:08:b2:10 | ip_address='192.168.200.2', subnet_id='72151365-841f-4e6c-8b2b-1d9ed2898e7b'  | ACTIVE |
| d11c5401-13e9-46f2-9cd0-3e5c242fa995 |         | fa:16:3e:58:39:d7 | ip_address='192.168.200.3', subnet_id='72151365-841f-4e6c-8b2b-1d9ed2898e7b'  | ACTIVE |
| d55e11c2-abcf-4425-afb2-3199a90bf2dc |         | fa:16:3e:66:30:85 | ip_address='192.168.200.18', subnet_id='72151365-841f-4e6c-8b2b-1d9ed2898e7b' | ACTIVE |
+--------------------------------------+---------+-------------------+-------------------------------------------------------------------------------+--------+

7-1.パスワードファイル作成

vi /root/udata.txt

#cloud-config
password: ubuntu
chpasswd: { expire: False }
ssh_pwauth: True

7-2.インスタンス(srv2)作成

Compute02上にsrv2を作成します。
user-dataとして、udata.txtを読込みます。
親ポートP01に接続させます。

openstack server create \
--flavor m2 \
--image ubuntu-xenial-16.04 \
--availability-zone nova:compute02 \
--user-data udata.txt \
--nic port-id=P01 \
srv2

7-3.インスタンスの設定

対象：Compute02からsrv2コンソールログインして実施
インスタンスにログイン後、以下の設定を実施。
サブポートP01_C01にアサインされたMACアドレスfa:16:3e:37:12:36を設定してください。
最後にdhcpでアドレス取得要求を行うと、サブポートに設定した192.168.30.100が取得できます。

sudo su
ip link add link ens3 name ens3.300 type vlan id 300
ip link set dev ens3.300 address fa:16:3e:37:12:36
ip link set ens3.300 up
dhclient ens3.300

以下出力例です。

root@compute02:~# virsh list
 Id    Name                           State
----------------------------------------------------
 1     instance-00000002              running

root@compute02:~# virsh console instance-00000002
Connected to domain instance-00000002
Escape character is ^]

Ubuntu 16.04.6 LTS srv2 ttyS0

srv2 login: ubuntu
Password: ubuntu
Last login: Wed May 29 06:03:11 UTC 2019 on ttyS0
Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-148-generic x86_64)

ubuntu@srv2:~$ sudo su
sudo: unable to resolve host srv2
root@srv2:/home/ubuntu# cd
root@srv2:~# ip link add link ens3 name ens3.300 type vlan id 300
root@srv2:~# ip link set dev ens3.300 address fa:16:3e:37:12:36
root@srv2:~# ip link set ens3.300 up
root@srv2:~# dhclient ens3.300
root@srv2:~# ip add show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens3:  mtu 1450 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:db:91:fd brd ff:ff:ff:ff:ff:ff
    inet 192.168.200.7/24 brd 192.168.200.255 scope global ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fedb:91fd/64 scope link
       valid_lft forever preferred_lft forever
3: ens3.300@ens3:  mtu 1450 qdisc noqueue state UP group default qlen 1000
    link/ether fa:16:3e:37:12:36 brd ff:ff:ff:ff:ff:ff
    inet 192.168.30.100/24 brd 192.168.30.255 scope global ens3.300
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe37:1236/64 scope link
       valid_lft forever preferred_lft forever

8-1.構成

以下の図は第1回目で記載しました。

各Nodeのens35より内側(左側)の詳細構成が以下となります。

＜補足＞
Brdigeには1重下線、Routerには2重下線を入れています。
br-intよりも左側がNamespaceで作成されたRouterです。
v1～3はNeutron内部で使用されるVLAN IDです。Flowテーブルにより以下に書き換えられています。

論理構成だけを記載したものが以下となります。

8-2.確認方法：L2レベルの確認

ここでは例としてController01のbr-intで行ってみます。

ovs-vsctl show
ovs-ofctl show br-int
ovs-appctl fdb/show br-int
ovs-ofctl dump-flows br-int
ovs-appctl ofproto/trace br-int in_port=n

以下出力例です。
もっと多くの補足を入れたいのですが、膨大な量になるため割愛します。

br-intのポート名や内部VLAN番号の確認*2

ovs-vsctl show

root@controller01:~# ovs-vsctl show
01a7c9a9-3ae0-45dd-8eda-f46aa41c164c
    Manager "ptcp:6640:127.0.0.1"
        is_connected: true
    Bridge br-int
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port "sg-d11c5401-13"
            tag: 1
            Interface "sg-d11c5401-13"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "qr-33af164d-65"
            tag: 1
            Interface "qr-33af164d-65"
                type: internal
        Port "int-br-ens35"
            Interface "int-br-ens35"
                type: patch
                options: {peer="phy-br-ens35"}
        Port "tapc5d7fa51-0d"
            tag: 1
            Interface "tapc5d7fa51-0d"
                type: internal
        Port "tap9872b8b5-c4"
            tag: 3
            Interface "tap9872b8b5-c4"
                type: internal
        Port "qg-2eeb7f80-78"
            tag: 2
            Interface "qg-2eeb7f80-78"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "fg-bb5d66dc-24"
            tag: 2
            Interface "fg-bb5d66dc-24"
                type: internal
    ovs_version: "2.8.4"

br-intのポート番号の確認

ovs-ofctl show br-int

root@controller01:~# ovs-ofctl show br-int
OFPT_FEATURES_REPLY (xid=0x2): dpid:0000e678379a3b46
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
 1(int-br-ens35): addr:c2:7b:ab:ac:4b:1f
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 2(patch-tun): addr:7a:5e:f6:c2:45:26
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 3(qr-33af164d-65): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 4(sg-d11c5401-13): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 5(fg-bb5d66dc-24): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 6(tapc5d7fa51-0d): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 7(qg-2eeb7f80-78): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 13(tap9872b8b5-c4): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(br-int): addr:e6:78:37:9a:3b:46
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

br-intのMacアドレステーブルの確認

ovs-appctl fdb/show br-int

root@controller01:~# ovs-appctl fdb/show br-int
 port  VLAN  MAC                Age
    1     2  2c:53:4a:01:27:66   38
    1     3  2c:53:4a:01:27:66   38

br-intのフローテーブルの確認
赤文字はフローテーブルによりVLANIDが書き換えられている箇所です。

ovs-ofctl dump-flows br-int

root@controller01:~# ovs-ofctl dump-flows br-int
 cookie=0xab814f17f876c4e7, duration=18281.635s, table=0, n_packets=0, n_bytes=0, priority=4,in_port="int-br-ens35",dl_src=fa:16:3f:05:7d:26 actions=resubmit(,2)
 cookie=0xab814f17f876c4e7, duration=18281.634s, table=0, n_packets=0, n_bytes=0, priority=2,in_port="patch-tun",dl_src=fa:16:3f:05:7d:26 actions=resubmit(,1)
 cookie=0xab814f17f876c4e7, duration=18281.632s, table=0, n_packets=210, n_bytes=18620, priority=4,in_port="int-br-ens35",dl_src=fa:16:3f:53:4c:80 actions=resubmit(,2)
 cookie=0xab814f17f876c4e7, duration=18281.631s, table=0, n_packets=0, n_bytes=0, priority=2,in_port="patch-tun",dl_src=fa:16:3f:53:4c:80 actions=resubmit(,1)
 cookie=0xab814f17f876c4e7, duration=18207.228s, table=0, n_packets=35, n_bytes=3684, priority=3,in_port="int-br-ens35",dl_vlan=56 actions=mod_vlan_vid:1,resubmit(,60)
 cookie=0xab814f17f876c4e7, duration=18203.240s, table=0, n_packets=1773, n_bytes=754143, priority=3,in_port="int-br-ens35",dl_vlan=30 actions=mod_vlan_vid:2,resubmit(,60)
 cookie=0xab814f17f876c4e7, duration=16350.937s, table=0, n_packets=1235, n_bytes=226168, priority=3,in_port="int-br-ens35",dl_vlan=300 actions=mod_vlan_vid:3,resubmit(,60)
 cookie=0xab814f17f876c4e7, duration=18281.646s, table=0, n_packets=310, n_bytes=41445, priority=2,in_port="int-br-ens35" actions=drop
 cookie=0xab814f17f876c4e7, duration=18281.778s, table=0, n_packets=564, n_bytes=514595, priority=0 actions=resubmit(,60)
 cookie=0xab814f17f876c4e7, duration=18281.646s, table=1, n_packets=0, n_bytes=0, priority=1 actions=drop
 cookie=0xab814f17f876c4e7, duration=18205.312s, table=2, n_packets=203, n_bytes=17846, priority=4,dl_vlan=56,dl_dst=fa:16:3e:58:39:d7 actions=mod_dl_src:fa:16:3e:55:11:84,resubmit(,60)
 cookie=0xab814f17f876c4e7, duration=16262.886s, table=2, n_packets=0, n_bytes=0, priority=4,dl_vlan=56,dl_dst=fa:16:3e:08:b2:10 actions=mod_dl_src:fa:16:3e:55:11:84,resubmit(,60)
 cookie=0xab814f17f876c4e7, duration=18281.646s, table=2, n_packets=7, n_bytes=774, priority=1 actions=drop
 cookie=0xab814f17f876c4e7, duration=18281.647s, table=23, n_packets=0, n_bytes=0, priority=0 actions=drop
 cookie=0xab814f17f876c4e7, duration=18281.777s, table=24, n_packets=0, n_bytes=0, priority=0 actions=drop
 cookie=0xab814f17f876c4e7, duration=18205.312s, table=60, n_packets=203, n_bytes=17846, priority=4,dl_vlan=56,dl_dst=fa:16:3e:58:39:d7 actions=strip_vlan,output:"sg-d11c5401-13"
 cookie=0xab814f17f876c4e7, duration=16262.885s, table=60, n_packets=0, n_bytes=0, priority=4,dl_vlan=56,dl_dst=fa:16:3e:08:b2:10 actions=strip_vlan,output:"tapc5d7fa51-0d"
 cookie=0xab814f17f876c4e7, duration=18281.777s, table=60, n_packets=3607, n_bytes=1498590, priority=3 actions=NORMAL

br-intのフローのトレース

ovs-appctl ofproto/trace br-int in_port=n
#nは、ovs-ofctl show br-intの出力で得られたポート番号

root@controller01:~# ovs-appctl ofproto/trace br-int in_port=7
Flow: in_port=7,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000

bridge("br-int")
----------------
 0. priority 0, cookie 0xab814f17f876c4e7
    goto_table:60
60. priority 3, cookie 0xab814f17f876c4e7
    NORMAL
     -> no learned MAC for destination, flooding

    bridge("br-ens35")
    ------------------
         0. in_port=2, priority 2, cookie 0xc29c894d4abba2e2
            goto_table:1
         1. priority 0, cookie 0xc29c894d4abba2e2
            goto_table:2
         2. in_port=2,dl_vlan=2, priority 4, cookie 0xc29c894d4abba2e2
            set_field:4126->vlan_vid
            NORMAL
             -> no learned MAC for destination, flooding

bridge("br-tun")
----------------
 0. in_port=1, priority 1, cookie 0x151d0b9924ed6dbf
    goto_table:1
 1. priority 0, cookie 0x151d0b9924ed6dbf
    goto_table:2
 2. dl_dst=00:00:00:00:00:00/01:00:00:00:00:00, priority 0, cookie 0x151d0b9924ed6dbf
    goto_table:20
20. priority 0, cookie 0x151d0b9924ed6dbf
    goto_table:22
22. priority 0, cookie 0x151d0b9924ed6dbf
    drop

Final flow: unchanged
Megaflow: recirc_id=0,eth,in_port=7,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Datapath actions: push_vlan(vid=2,pcp=0),7,pop_vlan,push_vlan(vid=30,pcp=0),2,1,pop_vlan,6

8-3.確認方法：L3レベルの確認

ここでは例としてController01で確認していきます。

ip netns
ip netns exec `ip netns | awk 'NR==5'` ip add show
ip netns exec `ip netns | awk 'NR==5'` ip route show
ip netns exec `ip netns | awk 'NR==5'` ip rule show
ip netns exec `ip netns | awk 'NR==5'` ip route show table NUMEBER

以下がController01のNamespaceに作成されたRouterとなります。

ip netns

root@controller01:~# ip netns
qdhcp-8fd11879-9c07-4130-9cd5-e2f1034394dc
qdhcp-10364a89-8a6e-499d-bee3-03f4085b745e
fip-a53cf798-1c15-4597-aeca-8b8917aa81fd
snat-e83bd724-c0da-42d0-b43e-0d6a923e1c5b
qrouter-e83bd724-c0da-42d0-b43e-0d6a923e1c5b

各Routerのポートやアドレスを確認する場合、

ip netns exec qrouter-e83bd724-c0da-42d0-b43e-0d6a923e1c5b ip add show

とコマンド入力するのは大変です。

このため、awkを使って以下のようにします。
NR==5は、ip netnsの出力結果の5行目(qrouter～)に該当します。

ip netns exec `ip netns | awk 'NR==5'` ip add show

root@controller01:~# ip netns exec `ip netns | awk 'NR==5'` ip add show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: rfp-e83bd724-c:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 16:b3:ee:52:8f:c0 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 169.254.106.114/31 scope global rfp-e83bd724-c
       valid_lft forever preferred_lft forever
    inet6 fe80::14b3:eeff:fe52:8fc0/64 scope link
       valid_lft forever preferred_lft forever
14: qr-33af164d-65:  mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether fa:16:3e:55:11:84 brd ff:ff:ff:ff:ff:ff
    inet 192.168.200.1/24 brd 192.168.200.255 scope global qr-33af164d-65
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe55:1184/64 scope link
       valid_lft forever preferred_lft forever

次にqrouterのRoutingTableを確認します。
Default Routeが無いため、これではInternetに出られませんので、Default Routeを確認します。

ip netns exec `ip netns | awk 'NR==5'` ip route show

root@controller01:~# ip netns exec `ip netns | awk 'NR==5'` ip route show
169.254.106.114/31 dev rfp-e83bd724-c  proto kernel  scope link  src 169.254.106.114
192.168.200.0/24 dev qr-33af164d-65  proto kernel  scope link  src 192.168.200.1

以下のコマンドでruleを表示させます。
最終行の番号をメモしておいてください。

ip netns exec `ip netns | awk 'NR==5'` ip rule show

root@controller01:~# ip netns exec `ip netns | awk 'NR==5'` ip rule show
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default
3232286721:     from 192.168.200.1/24 lookup 3232286721

以下のコマンドで3232286721のRoutingTableを確認します。

ip netns exec `ip netns | awk 'NR==5'` ip route show table NUMBER

root@controller01:~# ip netns exec `ip netns | awk 'NR==5'` ip route show table 3232286721
default via 192.168.200.3 dev qr-33af164d-65

これらのコマンドを全Nodeの全Bridgeや全Namespaceに対して行っていくと、詳細構成が明らかになってきます。

8-4.トラフィックフロー：FlotingIP使用時

FlotingIPを使用している場合は、ComputeNodeから外部NWへそのまま送信されます。

8-5.トラフィックフロー：SourceNAT使用時

一方、NAT(PAT)を使用している場合は、一度ControllerNodeのsnatへ行った後、NATされて外部NWへ送信されます。

なお、特に触れませんが、Trunkした箇所*3については、論理構成に記載した通り、VLAN ID300が付与されRoutingされることなく、Compute02から、そのまま外部NWへ送信されます。

以上です。

1-1.OpenStackクライアント

apt -y install python-openstackclient

1-2.MySQL

apt -y install mariadb-server python-pymysql

vi /etc/mysql/mariadb.conf.d/99-openstack.cnf

[mysqld]
bind-address = 10.10.0.100
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

systemctl restart mysql

mysql_secure_installation
#パスワードは全てopenstackとします。

以下出力例です。*2

root@controller01:~# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): Enter
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Enter
New password: openstackと入力
Re-enter new password: openstackと入力
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Enter
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Enter
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Enter
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Enter
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

1-3.RabbitMQ

apt -y install rabbitmq-server

rabbitmqctl add_user openstack rabbit
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

1-4.Memcached

apt -y install memcached python-memcache

vi /etc/memcached.conf

#-l 127.0.0.1
-l 10.10.0.100

systemctl restart memcached

2-1.DBの設定

mysql

CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
quit;

以下出力例です。

root@controller01:~# mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 40
Server version: 10.0.38-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> quit;
Bye
root@controller01:~#

2-2.インストールと設定

apt -y install keystone apache2 libapache2-mod-wsgi

vi /etc/keystone/keystone.conf

[database]
#connection = sqlite:////var/lib/keystone/keystone.db
connection = mysql+pymysql://keystone:keystone@controller01/keystone

[token]
provider = fernet

2-3.DB登録と初期化

su -s /bin/sh -c "keystone-manage db_sync" keystone

keystone-manage fernet_setup \
--keystone-user keystone --keystone-group keystone

keystone-manage credential_setup \
--keystone-user keystone --keystone-group keystone

2-4.Endpoint設定

keystone-manage bootstrap --bootstrap-password openstack \
--bootstrap-admin-url http://controller01:35357/v3/ \
--bootstrap-internal-url http://controller01:5000/v3/ \
--bootstrap-public-url http://controller01:5000/v3/ \
--bootstrap-region-id RegionOne

2-5.Webサービス設定＆再起動

sed -i '1s/^/ServerName controller01\n&/' /etc/apache2/apache2.conf
systemctl restart apache2

2-6.環境変数ファイル生成

cat >> ~/adminrc <<EOF
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=openstack
export OS_AUTH_URL=http://controller01:35357/v3
export OS_IDENTITY_API_VERSION=3
EOF

cat >> ~/demorc <<EOF
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller01:35357/v3
export OS_IDENTITY_API_VERSION=3
EOF

source adminrc

#これ以降、openstackコマンドを打つときは、
#sshログイン直後に上記adminrcを読み込んでください。
#読み込まずにopenstackコマンドを打つと以下のエラーが表示されます。
#demorcはほぼ使用しないと思いますが念のため。

root@controller01:~# openstack endpoint list
Missing value auth-url required for auth plugin password

2-7.動作確認

openstack endpoint list
openstack service list

2-8.ProjectやRoleの登録

openstack project create --description "Service Project" service
openstack project create --description "Demo Project" demo
openstack user create demo --password=demo
openstack role create user
openstack role add --project demo --user demo user

3-1.DBの設定

mysql

CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
quit;

3-2.ユーザ登録・サービス登録・Endpoint作成・インストール

openstack user create glance --domain default --password=glance
openstack role add --project service --user glance admin

openstack service create --name glance \
--description "OpenStack Image" image

openstack endpoint create --region RegionOne \
image public http://controller01:9292

openstack endpoint create --region RegionOne \
image internal http://controller01:9292

openstack endpoint create --region RegionOne \
image admin http://controller01:9292

apt -y install glance

3-3.glance-api.comf設定

vi /etc/glance/glance-api.conf

[database]
connection = mysql+pymysql://glance:glance@controller01/glance

[keystone_authtoken]
auth_uri = http://controller01:5000
auth_url = http://controller01:35357
memcached_servers = controller01:11211
auth_type = password
user_domain_name = default
project_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone

[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images

3-4.glance-registry.comf設定

vi /etc/glance/glance-registry.conf

[database]
connection = mysql+pymysql://glance:glance@controller01/glance

[keystone_authtoken]
auth_uri = http://controller01:5000
auth_url = http://controller01:35357
memcached_servers = controller01:11211
auth_type = password
user_domain_name = default
project_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone

3-5.DB登録＆設定ファイル読込み

su -s /bin/sh -c "glance-manage db_sync" glance

systemctl restart glance-registry glance-api

3-6.イメージ登録

mkdir /tmp/images

#cirrosの登録
wget -P /tmp/images http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img

openstack image create "cirros-0.4.0" \
--file /tmp/images/cirros-0.4.0-x86_64-disk.img \
--disk-format qcow2 \
--container-format bare \
--public

#ubuntuの登録
wget -P /tmp/images http://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img

openstack image create "ubuntu-xenial-16.04" \
--file /tmp/images/xenial-server-cloudimg-amd64-disk1.img \
--disk-format qcow2 \
--container-format bare \
--public

#登録イメージの確認
openstack image list

root@controller01:~# openstack image list
+--------------------------------------+---------------------+--------+
| ID                                   | Name                | Status |
+--------------------------------------+---------------------+--------+
| 749433d2-2f69-47bf-9de7-a0a9e3a72bb6 | cirros-0.4.0        | active |
| 6819234c-4757-41d8-867a-c3b44a9f5a47 | ubuntu-xenial-16.04 | active |
+--------------------------------------+---------------------+--------+

3-7.簡易動作確認

この時点で以下のように登録されていればOKです。

openstack endpoint list
openstack service list

root@controller01:~# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                           |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| 266e4c678cda43ab9bec4a70ddccfb97 | RegionOne | glance       | image        | True    | internal  | http://controller01:9292      |
| 6256b9ec413d4a9ca8bc1feb90448260 | RegionOne | glance       | image        | True    | public    | http://controller01:9292      |
| 7ab5e26b0f524c60a9ba33870283940a | RegionOne | keystone     | identity     | True    | admin     | http://controller01:35357/v3/ |
| e414354758e04ac7802ba300a864258f | RegionOne | keystone     | identity     | True    | internal  | http://controller01:5000/v3/  |
| e8a1585c91754424a2c7432e2bb31116 | RegionOne | keystone     | identity     | True    | public    | http://controller01:5000/v3/  |
| f1fb03de6fb24d6e818b239ad0276083 | RegionOne | glance       | image        | True    | admin     | http://controller01:9292      |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
root@controller01:~# openstack service list
+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| 42e7a20b30944518ae5c345aab323d3d | glance   | image    |
| f3d100b18b794f649ee80c651787eb22 | keystone | identity |
+----------------------------------+----------+----------+

4-1.DBの設定・ユーザ登録・サービス登録・Endpoint作成

#DB設定
mysql

CREATE DATABASE nova;
CREATE DATABASE nova_api;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova';
quit;

#ユーザ登録
openstack user create nova --domain default --password=nova
openstack user create placement \
--domain default --password=placement

openstack role add --project service --user nova admin
openstack role add --project service --user placement admin

#サービス登録
openstack service create --name nova \
--description "OpenStack Compute" compute
openstack service create --name placement \
--description "Placement API" placement

#Endpoint作成
openstack endpoint create --region RegionOne \
compute public http://controller01:8774/v2.1
openstack endpoint create --region RegionOne \
compute internal http://controller01:8774/v2.1
openstack endpoint create --region RegionOne \
compute admin http://controller01:8774/v2.1

openstack endpoint create --region RegionOne \
placement public http://controller01:8778
openstack endpoint create --region RegionOne \
placement internal http://controller01:8778
openstack endpoint create --region RegionOne \
placement admin http://controller01:8778

4-2.インストール・nova.conf設定

#インストール
apt -y install nova-api nova-conductor nova-consoleauth \
nova-novncproxy nova-scheduler nova-placement-api

#nova.conf設定
vi /etc/nova/nova.conf

[DEFAULT]
transport_url = rabbit://openstack:rabbit@controller01
my_ip = 10.10.0.100

[api_database]
#connection = sqlite:////var/lib/nova/nova_api.sqlite
connection = mysql+pymysql://nova:nova@controller01/nova_api

[database]
#connection = sqlite:////var/lib/nova/nova.sqlite
connection = mysql+pymysql://nova:nova@controller01/nova

[vnc]
enabled = true
vncserver_listen = 10.10.0.100
vncserver_proxyclient_address = 10.10.0.100

[api]
auth_strategy= keystone

[keystone_authtoken]
auth_uri = http://controller01:5000
auth_url = http://controller01:35357
memcached_servers = controller01:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = nova

[glance]
api_servers = http://controller01:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[placement]
#os_region_name = openstack
os_region_name = RegionOne
auth_url = http://controller01:35357/v3
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = placement

4-3.DB登録＆設定ファイル読込み

su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova

systemctl restart nova-api nova-consoleauth nova-scheduler nova-conductor nova-novncproxy

以下出力例です。

root@controller01:~# su -s /bin/sh -c "nova-manage api_db sync" nova
root@controller01:~# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
root@controller01:~# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
e0e3f86a-8b85-4184-9287-7e4dcd53db81
root@controller01:~# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/dist-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
  result = self._query(query)
/usr/lib/python2.7/dist-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
  result = self._query(query)
root@controller01:~# systemctl restart nova-api nova-consoleauth nova-scheduler nova-conductor nova-novncproxy
root@controller01:~#

This is deprecated and will be disallowed in a future release.と表示されますが、このまま先に進めてください。

＜補足＞
上記と似たようなコマンドで、以下の設定を実施する必要があります。
後ほど設定しますので現段階では不要です。

su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

4-4.簡易動作確認

この時点で以下のように登録されていればOKです。

openstack endpoint list
openstack service list

root@controller01:~# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                           |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| 266e4c678cda43ab9bec4a70ddccfb97 | RegionOne | glance       | image        | True    | internal  | http://controller01:9292      |
| 4a8adf71ef9848b096819cf12e54c747 | RegionOne | placement    | placement    | True    | public    | http://controller01:8778      |
| 6256b9ec413d4a9ca8bc1feb90448260 | RegionOne | glance       | image        | True    | public    | http://controller01:9292      |
| 7ab5e26b0f524c60a9ba33870283940a | RegionOne | keystone     | identity     | True    | admin     | http://controller01:35357/v3/ |
| 8578d6dedb1742e2a190b261cddd831b | RegionOne | placement    | placement    | True    | admin     | http://controller01:8778      |
| 92a1b113381d4bd692879d335776928b | RegionOne | nova         | compute      | True    | admin     | http://controller01:8774/v2.1 |
| a8a9533b8b6345a1ba9fbedf840434d8 | RegionOne | nova         | compute      | True    | public    | http://controller01:8774/v2.1 |
| de3c9c2ca4484068b7e24a1dca3064a9 | RegionOne | placement    | placement    | True    | internal  | http://controller01:8778      |
| e414354758e04ac7802ba300a864258f | RegionOne | keystone     | identity     | True    | internal  | http://controller01:5000/v3/  |
| e8a1585c91754424a2c7432e2bb31116 | RegionOne | keystone     | identity     | True    | public    | http://controller01:5000/v3/  |
| f1fb03de6fb24d6e818b239ad0276083 | RegionOne | glance       | image        | True    | admin     | http://controller01:9292      |
| fe3a19d428c24042acb57218376f5fa6 | RegionOne | nova         | compute      | True    | internal  | http://controller01:8774/v2.1 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+

root@controller01:~# openstack service list
+----------------------------------+-----------+-----------+
| ID                               | Name      | Type      |
+----------------------------------+-----------+-----------+
| 35ae7499a8474de6b2650335cee9c38e | placement | placement |
| 42e7a20b30944518ae5c345aab323d3d | glance    | image     |
| bf8c25de6879401ea107f0462e8da1a4 | nova      | compute   |
| f3d100b18b794f649ee80c651787eb22 | keystone  | identity  |
+----------------------------------+-----------+-----------+

5-1.インストール・nova.conf設定・設定読込み

#インストール
apt -y install nova-compute

#nova.conf設定
vi /etc/nova/nova.conf

[DEFAULT]
transport_url = rabbit://openstack:rabbit@controller01
my_ip = 10.10.0.10x
##xについて##
#compute01=1, compute02=2となります。

[api]
auth_strategy= keystone

[keystone_authtoken]
auth_uri = http://controller01:5000
auth_url = http://controller01:35357
memcached_servers = controller01:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = nova

[vnc]
vncserver_proxyclient_address = 10.10.0.10x
enabled = True
vncserver_listen = 0.0.0.0
novncproxy_base_url = http://controller01:6080/vnc_auto.html
##xについて、上記と同様です##

[glance]
api_servers = http://controller01:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[placement]
#os_region_name = openstack
os_region_name = RegionOne
auth_url = http://controller01:35357/v3
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = placement

##VMWare上のu16.04の場合##
[libvirt]
hw_machine_type = x86_64=pc-i440fx-xenial

#設定読込み
systemctl restart nova-compute

5-2.簡易動作確認

この時点で以下のようにCompute01と02が登録されていればOKです。
Controller01で以下のコマンドにて確認してください。

openstack compute service list

root@controller01:~# openstack compute service list
+----+------------------+--------------+----------+---------+-------+----------------------------+
| ID | Binary           | Host         | Zone     | Status  | State | Updated At                 |
+----+------------------+--------------+----------+---------+-------+----------------------------+
|  1 | nova-scheduler   | controller01 | internal | enabled | up    | 2019-05-27T14:07:43.000000 |
|  2 | nova-consoleauth | controller01 | internal | enabled | up    | 2019-05-27T14:07:43.000000 |
|  3 | nova-conductor   | controller01 | internal | enabled | up    | 2019-05-27T14:07:44.000000 |
|  7 | nova-compute     | compute01    | nova     | enabled | up    | 2019-05-27T14:07:45.000000 |
|  8 | nova-compute     | compute02    | nova     | enabled | up    | 2019-05-27T14:07:41.000000 |
+----+------------------+--------------+----------+---------+-------+----------------------------+

6-1.インストール・nova.conf設定・設定読込み

#インストール
apt -y install openstack-dashboard

#nova.conf設定
vi /etc/openstack-dashboard/local_settings.py

#Defaultで以下の設定が入っていますが、全てコメントアウトしてください。
#OPENSTACK_HOST = "127.0.0.1"
#OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
#OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"

#以下の設定を投入。
OPENSTACK_HOST = "controller01"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"

#OPENSTACK_API_VERSIONSの設定は、Defaultでコメントアウトされているため、
#以下の設定をそのまま投入してください。
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}

#Defaultで以下の設定が入っていますが、全てコメントアウトしてください。
#かなり画面をスクロールしないと最後まで表示されないと思います。
#OPENSTACK_NEUTRON_NETWORK = {
#    'enable_router': True,
#    'enable_quotas': True,
#    'enable_ipv6': True,
#    'enable_distributed_router': False,
#    'enable_ha_router': False,
#    'enable_fip_topology_check': True,

    # Default dns servers you would like to use when a subnet is
    # created.  This is only a default, users can still choose a different
    # list of dns servers when creating a new subnet.
    # The entries below are examples only, and are not appropriate for
    # real deployments
    # 'default_dns_nameservers': ["8.8.8.8", "8.8.4.4", "208.67.222.222"],

    # Set which provider network types are supported. Only the network types
    # in this list will be available to choose from when creating a network.
    # Network types include local, flat, vlan, gre, vxlan and geneve.
    # 'supported_provider_types': ['*'],

    # You can configure available segmentation ID range per network type
    # in your deployment.
    # 'segmentation_id_range': {
    #     'vlan': [1024, 2048],
    #     'vxlan': [4094, 65536],
    # },

    # You can define additional provider network types here.
    # 'extra_provider_types': {
    #     'awesome_type': {
    #         'display_name': 'Awesome New Type',
    #         'require_physical_network': False,
    #         'require_segmentation_id': True,
    #     }
    # },

    # Set which VNIC types are supported for port binding. Only the VNIC
    # types in this list will be available to choose from when creating a
    # port.
    # VNIC types include 'normal', 'direct', 'direct-physical', 'macvtap',
    # 'baremetal' and 'virtio-forwarder'
    # Set to empty list or None to disable VNIC type selection.
#    'supported_vnic_types': ['*'],

    # Set list of available physical networks to be selected in the physical
    # network field on the admin create network modal. If it's set to an empty
    # list, the field will be a regular input field.
    # e.g. ['default', 'test']
#    'physical_networks': [],

#}

#以下の設定を投入。
#現段階では全てFalseでOKです。後でrouterとdistributed_routerをTrueにします。
OPENSTACK_NEUTRON_NETWORK = {
    'enable_router': False,
    'enable_quotas': False,
    'enable_ipv6': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_fip_topology_check': False,
}

#DEFAULT_THEME = 'ubuntu'
DEFAULT_THEME = 'default'

#設定読込み
systemctl reload apache2

6-2.簡易動作確認

以下のURLにアクセスし、ログインしてください。

http://controller01/horizon/

ログイン画面は以下の通りです。

ログイン後、いくつかのページが開ければOKです。

以上です。