openstack/openstack-manuals
Code Issues Proposed changes
55a9263b53
openstack-manuals/doc/install-guide/section_networking-per-tenant-routers-with-private-networks.xml
Paul Belanger 850811f853 Add simple note about attaching neutron networks 
I managed to follow the documentation properly for this example, however
something that was not clear to me was which networks attached inside
your VM.  So now, we display a little note hoping to help future users.

Also rename file from *pertenant* to *per-tenant*.

Change-Id: I0c4cbf9ae2ebb27037cbcc3b6cdf87069f69a16c
Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>
2013-10-01 18:55:04 +02:00

883 lines
50 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="section_networking-routers-with-private-networks">
<title>Per-tenant Routers with Private Networks</title>
<para>This section describes how to install the OpenStack
Networking service and its components for the "<link
linkend="section_use-cases-tenant-router">Use Case:
Per-tenant Routers with Private Networks </link>".</para>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata contentwidth="6in"
fileref="../common/figures/UseCase-MultiRouter.png"
/>
</imageobject>
</mediaobject>
</informalfigure>
<para>The following figure shows the set up:</para>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata contentwidth="6in"
fileref="../common/figures/demo_routers_with_private_networks.png"
/>
</imageobject>
</mediaobject>
</informalfigure>
<para>As shown in the figure, the set up includes:</para>
<itemizedlist>
<listitem>
<para>An interface for management traffic on each
node.</para>
</listitem>
<listitem>
<para>Use of the Open vSwitch plug-in.</para>
</listitem>
<listitem>
<para>GRE tunnels for data transport on all agents.</para>
</listitem>
<listitem>
<para>Floating IPs and router gateway ports that are
configured in an external network, and a physical
router that connects the floating IPs and router
gateway ports to the outside world.</para>
</listitem>
</itemizedlist>
<note>
<para>Because this example runs a DHCP agent and L3 agent on
one node, you must set the
<literal>use_namespace</literal> option to
<literal>True</literal> in the configuration file for
each agent. The default is <literal>True</literal>.</para>
</note>
<para>The following table describes the nodes:</para>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="80%"/>
<thead>
<tr>
<th>Node</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>Controller Node</td>
<td><para>Runs the OpenStack Networking service,
OpenStack Identity, and all OpenStack Compute
services that are required to deploy VMs
(<systemitem class="service"
>nova-api</systemitem>, <systemitem
class="service"
>nova-scheduler</systemitem>, for
example). The node must have at least one
network interface, which is connected to the
Management Network. The host name is
controlnode, which every other node resolves
to the IP of the controller node.</para><note>
<para>The <systemitem class="service"
>nova-network</systemitem> service
should not be running. This is replaced by
OpenStack Networking.</para>
</note></td>
</tr>
<tr>
<td>Compute Node</td>
<td>Runs the OpenStack Networking L2 agent and the
OpenStack Compute services that run VMs
(<systemitem class="service"
>nova-compute</systemitem> specifically, and
optionally other <systemitem class="service"
>nova-*</systemitem> services depending on
configuration). The node must have at least two
network interfaces. One interface communicates
with the controller node through the management
network. The other node is used for the VM traffic
on the data network. The VM receives its IP
address from the DHCP agent on this network.</td>
</tr>
<tr>
<td>Network Node</td>
<td>Runs OpenStack Networking L2 agent, DHCP agent and
L3 agent. This node has access to the external
network. The DHCP agent allocates IP addresses to
the VMs on data network. (Technically, the
addresses are allocated by the OpenStack
Networking server, and distributed by the dhcp
agent.) The node must have at least two network
interfaces. One interface communicates with the
controller node through the management network.
The other interface is used as external network.
GRE tunnels are set up as data networks.</td>
</tr>
<tr>
<td>Router</td>
<td>Router has IP 30.0.0.1, which is the default
gateway for all VMs. The router must be able to
access public networks.</td>
</tr>
</tbody>
</informaltable>
<para>The demo assumes the following:</para>
<para><emphasis role="bold">Controller Node</emphasis></para>
<orderedlist>
<listitem>
<para>Relevant OpenStack Compute services are installed,
configured, and running.</para>
</listitem>
<listitem>
<para>Glance is installed, configured, and running. In
addition, an image named tty must be present.</para>
</listitem>
<listitem>
<para>OpenStack Identity is installed, configured, and
running. A OpenStack Networking user named <emphasis
role="bold">neutron</emphasis> should be created
on tenant <emphasis role="bold"
>servicetenant</emphasis> with password <emphasis
role="bold">servicepassword</emphasis>.</para>
</listitem>
<listitem>
<para>Additional services <itemizedlist>
<listitem>
<para>RabbitMQ is running with default guest
and its password</para>
</listitem>
<listitem>
<para>MySQL server (user is <emphasis
role="bold">root</emphasis> and
password is <emphasis role="bold"
>root</emphasis>)</para>
</listitem>
</itemizedlist></para>
</listitem>
</orderedlist>
<para><emphasis role="bold">Compute Node</emphasis></para>
<orderedlist>
<listitem>
<para>OpenStack Compute is installed and configured</para>
</listitem>
</orderedlist>
<section xml:id="demo_routers_with_private_networks_installions">
<title>Installation</title>
<para>
<itemizedlist>
<listitem>
<para><emphasis role="bold">Controller Node -
OpenStack Networking Server</emphasis><orderedlist>
<listitem>
<para>Install the OpenStack Networking
server.</para>
</listitem>
<listitem>
<para>Create database <emphasis
role="bold">ovs_neutron</emphasis>.
To get started, see <link
linkend="section_install_prereqs"
>Initial
prerequisites</link>.</para>
</listitem>
<listitem>
<para>Update the OpenStack Networking
configuration file, <filename>
/etc/neutron/neutron.conf</filename>,
with plug-in choice and Identity
Service user as necessary:</para>
<programlisting>[DEFAULT]
core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
control_exchange = neutron
rabbit_host = controlnode
notification_driver = neutron.openstack.common.notifier.rabbit_notifier
[keystone_authtoken]
admin_tenant_name=servicetenant
admin_user=neutron
admin_password=servicepassword
</programlisting>
</listitem>
<listitem>
<para>Update the plug-in configuration
file,
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>:</para>
<programlisting>[database]
sql_connection = mysql://root:root@controlnode:3306/ovs_neutron?charset=utf8
[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
</programlisting>
</listitem>
<listitem>
<para>Start the OpenStack Networking
server</para>
<para>The OpenStack Networking server
can be a service of the operating
system. The command to start the
service depends on your operating
system. The following command runs
the OpenStack Networking server
directly:</para>
<screen><prompt>$</prompt> <userinput>sudo neutron-server --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini \
--config-file /etc/neutron/neutron.conf</userinput></screen>
</listitem>
</orderedlist></para>
</listitem>
<listitem>
<para><emphasis role="bold">Compute Node -
OpenStack Compute </emphasis><orderedlist>
<listitem>
<para>Install OpenStack Compute
services.</para>
</listitem>
<listitem>
<para>Update the OpenStack Compute
configuration file, <filename>
/etc/nova/nova.conf</filename>.
Make sure the following line
appears at the end of this
file:</para>
<programlisting>network_api_class=nova.network.neutronv2.api.API
neutron_admin_username=neutron
neutron_admin_password=servicepassword
neutron_admin_auth_url=http://controlnode:35357/v2.0/
neutron_auth_strategy=keystone
neutron_admin_tenant_name=servicetenant
neutron_url=http://controlnode:9696/
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
</programlisting>
</listitem>
<listitem>
<para>Restart relevant OpenStack
Compute services</para>
</listitem>
</orderedlist></para>
</listitem>
<listitem>
<para><emphasis role="bold">Compute and Network
Node - L2 Agent</emphasis><orderedlist>
<listitem>
<para>Install and start Open
vSwitch.</para>
</listitem>
<listitem>
<para>Install the L2 agent (Neutron
Open vSwitch agent).</para>
</listitem>
<listitem>
<para>Add the integration bridge to
the Open vSwitch</para>
<screen><prompt>$</prompt> <userinput>sudo ovs-vsctl add-br br-int</userinput></screen>
</listitem>
<listitem>
<para>Update the OpenStack Networking
configuration file, <filename>
/etc/neutron/neutron.conf</filename></para>
<programlisting language="ini">[DEFAULT]
core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
control_exchange = neutron
rabbit_host = controlnode
notification_driver = neutron.openstack.common.notifier.rabbit_notifier
</programlisting>
</listitem>
<listitem>
<para>Update the plug-in configuration
file, <filename>
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>.</para>
<para>Compute Node:</para>
<programlisting language="ini">[database]
sql_connection = mysql://root:root@controlnode:3306/ovs_neutron?charset=utf8
[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
local_ip = 9.181.89.202
</programlisting>
<para>Network Node:</para>
<programlisting language="ini">[database]
sql_connection = mysql://root:root@controlnode:3306/ovs_neutron?charset=utf8
[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
local_ip = 9.181.89.203
</programlisting>
</listitem>
<listitem>
<para>Create the integration bridge
<emphasis role="bold"
>br-int</emphasis>:</para>
<screen><prompt>$</prompt> <userinput>sudo ovs-vsctl --may-exist add-br br-int</userinput></screen>
</listitem>
<listitem>
<para>Start the OpenStack Networking
L2 agent</para>
<para>The OpenStack Networking Open
vSwitch L2 agent can be a service
of operating system. The command
may be different to start the
service on different operating
systems. However the command to run
it directly is kind of like:</para>
<screen><prompt>$</prompt> <userinput>sudo neutron-openvswitch-agent --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini \
--config-file /etc/neutron/neutron.conf</userinput></screen>
</listitem>
</orderedlist></para>
</listitem>
<listitem>
<para><emphasis role="bold">Network Node - DHCP
Agent</emphasis><orderedlist>
<listitem>
<para>Install the DHCP agent.</para>
</listitem>
<listitem>
<para>Update the OpenStack Networking
configuration file, <filename>
/etc/neutron/neutron.conf</filename></para>
<programlisting>[DEFAULT]
core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
control_exchange = neutron
rabbit_host = controlnode
notification_driver = neutron.openstack.common.notifier.rabbit_notifier
allow_overlapping_ips = True</programlisting>
<para><emphasis role="bold">Set
<literal>allow_overlapping_ips</literal>
because TenantA and TenantC use
overlapping
subnets.</emphasis></para>
</listitem>
<listitem>
<para>Update the DHCP configuration
file <filename>
/etc/neutron/dhcp_agent.ini</filename></para>
<programlisting>interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver</programlisting>
</listitem>
<listitem>
<para>Start the DHCP agent</para>
<para>The OpenStack Networking DHCP
agent can be a service of operating
system. The command to start the
service depends on your operating
system. The following command runs
the service directly:</para>
<screen><prompt>$</prompt> <userinput>sudo neutron-dhcp-agent --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/dhcp_agent.ini</userinput></screen>
</listitem>
</orderedlist></para>
</listitem>
<listitem>
<para><emphasis role="bold">Network Node - L3
Agent</emphasis><orderedlist>
<listitem>
<para>Install the L3 agent.</para>
</listitem>
<listitem>
<para>Add the external network
bridge</para>
<screen><prompt>$</prompt> <userinput>sudo ovs-vsctl add-br br-ex</userinput></screen>
</listitem>
<listitem>
<para>Add the physical interface, for
example eth0, that is connected to
the outside network to this
bridge:</para>
<screen><prompt>$</prompt> <userinput>sudo ovs-vsctl add-port br-ex eth0</userinput></screen>
</listitem>
<listitem>
<para>Update the L3 configuration file
<filename>
/etc/neutron/l3_agent.ini</filename>:</para>
<programlisting>[DEFAULT]
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces=True</programlisting>
<para><emphasis role="bold">Set the
<literal>use_namespaces</literal>
option (it is True by default)
because TenantA and TenantC have
overlapping subnets, and the
routers are hosted on one l3 agent
network node.</emphasis></para>
</listitem>
<listitem>
<para>Start the L3 agent</para>
<para>The OpenStack Networking L3
agent can be a service of operating
system. The command to start the
service depends on your operating
system. The following command
starts the agent directly:</para>
<screen><prompt>$</prompt> <userinput>sudo neutron-l3-agent --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/l3_agent.ini</userinput></screen>
</listitem>
</orderedlist></para>
</listitem>
</itemizedlist>
</para>
</section>
<section xml:id="demo_per_tenant_router_network_config">
<title>Logical Network Configuration</title>
<para>All of the commands below can be executed on the network
node.</para>
<note>
<para>Ensure that the following environment variables are
set. These are used by the various clients to access
the OpenStack Identity service.</para>
</note>
<para>
<programlisting language="bash">export OS_USERNAME=admin
export OS_PASSWORD=adminpassword
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/</programlisting>
</para>
<para>
<orderedlist>
<listitem>
<para>Get the tenant ID (Used as $TENANT_ID
later)</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-list</userinput>
<computeroutput>+----------------------------------+---------+---------+
| id | name | enabled |
+----------------------------------+---------+---------+
| 247e478c599f45b5bd297e8ddbbc9b6a | TenantA | True |
| 2b4fec24e62e4ff28a8445ad83150f9d | TenantC | True |
| 3719a4940bf24b5a8124b58c9b0a6ee6 | TenantB | True |
| 5fcfbc3283a142a5bb6978b549a511ac | demo | True |
| b7445f221cda4f4a8ac7db6b218b1339 | admin | True |
+----------------------------------+---------+---------+
</computeroutput></screen>
</listitem>
<listitem>
<para>Get the user information</para>
<screen><prompt>$</prompt> <userinput>keystone user-list</userinput>
<computeroutput>+----------------------------------+-------+---------+-------------------+
| id | name | enabled | email |
+----------------------------------+-------+---------+-------------------+
| 5a9149ed991744fa85f71e4aa92eb7ec | demo | True | |
| 5b419c74980d46a1ab184e7571a8154e | admin | True | admin@example.com |
| 8e37cb8193cb4873a35802d257348431 | UserC | True | |
| c11f6b09ed3c45c09c21cbbc23e93066 | UserB | True | |
| ca567c4f6c0942bdac0e011e97bddbe3 | UserA | True | |
+----------------------------------+-------+---------+-------------------+
</computeroutput></screen>
</listitem>
<listitem>
<para>Create the external network and its subnet
by admin user:</para>
<screen><prompt>$</prompt> <userinput>neutron net-create Ext-Net --provider:network_type local --router:external true</userinput>
<computeroutput>Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 2c757c9e-d3d6-4154-9a77-336eb99bd573 |
| name | Ext-Net |
| provider:network_type | local |
| provider:physical_network | |
| provider:segmentation_id | |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | b7445f221cda4f4a8ac7db6b218b1339 |
+---------------------------+--------------------------------------+
</computeroutput></screen>
<screen><prompt>$</prompt> <userinput>neutron subnet-create Ext-Net 30.0.0.0/24 --disable-dhcp</userinput>
<computeroutput>Created a new subnet:
+------------------+--------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------+
| allocation_pools | {"start": "30.0.0.2", "end": "30.0.0.254"} |
| cidr | 30.0.0.0/24 |
| dns_nameservers | |
| enable_dhcp | False |
| gateway_ip | 30.0.0.1 |
| host_routes | |
| id | ba754a55-7ce8-46bb-8d97-aa83f4ffa5f9 |
| ip_version | 4 |
| name | |
| network_id | 2c757c9e-d3d6-4154-9a77-336eb99bd573 |
| tenant_id | b7445f221cda4f4a8ac7db6b218b1339 |
+------------------+--------------------------------------------+
</computeroutput></screen>
<para><emphasis role="bold">
<literal>provider:network_type
local</literal> means that OpenStack
Networking does not have to realize this
network through provider network.
<literal>router:external
true</literal> means that an external
network is created where you can create
floating IP and router gateway
port.</emphasis></para>
</listitem>
<listitem>
<para>Add an IP on external network to
br-ex</para>
<para>Because br-ex is the external network
bridge, add an IP 30.0.0.100/24 to br-ex and
ping the floating IP of the VM from our
network node.</para>
<screen><prompt>$</prompt> <userinput>sudo ip addr add 30.0.0.100/24 dev br-ex
<prompt>$</prompt> sudo ip link set br-ex up</userinput></screen>
</listitem>
<listitem>
<para>Serve TenantA</para>
<para>For TenantA, create a private network,
subnet, server, router, and floating
IP.</para>
<orderedlist>
<listitem>
<para>Create a network for TenantA</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 net-create TenantA-Net</userinput>
<computeroutput>Created a new network:
+-----------------+--------------------------------------+
| Field | Value |
+-----------------+--------------------------------------+
| admin_state_up | True |
| id | 7d0e8d5d-c63c-4f13-a117-4dc4e33e7d68 |
| name | TenantA-Net |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+-----------------+--------------------------------------+</computeroutput></screen>
<para>After that, you can use admin user
to query the provider network
information:</para>
<screen><prompt>$</prompt> <userinput>neutron net-show TenantA-Net</userinput>
<computeroutput>+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 7d0e8d5d-c63c-4f13-a117-4dc4e33e7d68 |
| name | TenantA-Net |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 1 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+---------------------------+--------------------------------------+
</computeroutput></screen>
<para>The network has GRE tunnel ID (for
example, provider:segmentation_id)
1.</para>
</listitem>
<listitem>
<para>Create a subnet on the network
TenantA-Net</para>
<screen><prompt>$</prompt> <userinput>
neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 subnet-create TenantA-Net 10.0.0.0/24</userinput>
<computeroutput>Created a new subnet:
+------------------+--------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------+
| allocation_pools | {"start": "10.0.0.2", "end": "10.0.0.254"} |
| cidr | 10.0.0.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.0.0.1 |
| host_routes | |
| id | 51e2c223-0492-4385-b6e9-83d4e6d10657 |
| ip_version | 4 |
| name | |
| network_id | 7d0e8d5d-c63c-4f13-a117-4dc4e33e7d68 |
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+------------------+--------------------------------------------+
</computeroutput></screen>
</listitem>
<listitem>
<para>Create a server for TenantA:</para>
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 boot --image tty --flavor 1 \
--nic net-id=7d0e8d5d-c63c-4f13-a117-4dc4e33e7d68 TenantA_VM1</userinput></screen>
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 list</userinput>
<computeroutput>
+--------------------------------------+-------------+--------+----------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------------+--------+----------------------+
| 7c5e6499-7ef7-4e36-8216-62c2941d21ff | TenantA_VM1 | ACTIVE | TenantA-Net=10.0.0.3 |
+--------------------------------------+-------------+--------+----------------------+
</computeroutput></screen>
<note>
<para>It is important to understand
that you should not attach the
instance to Ext-Net directly.
Instead, you must use a floating IP
to make it accessible from the
external network.</para>
</note>
</listitem>
<listitem>
<para>Create and configure a router for
TenantA:</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 router-create TenantA-R1</userinput>
<computeroutput>Created a new router:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin_state_up | True |
| external_gateway_info | |
| id | 59cd02cb-6ee6-41e1-9165-d251214594fd |
| name | TenantA-R1 |
| status | ACTIVE |
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+-----------------------+--------------------------------------+
</computeroutput></screen>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 router-interface-add \
TenantA-R1 51e2c223-0492-4385-b6e9-83d4e6d10657</userinput></screen>
<para>Added interface to router TenantA-R1</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 \
router-gateway-set TenantA-R1 Ext-Net</userinput></screen>
</listitem>
<listitem>
<para>Associate a floating IP for
TenantA_VM1</para>
<para>1. Create a floating IP</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 floatingip-create Ext-Net</userinput>
<computeroutput>Created a new floatingip:
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| fixed_ip_address | |
| floating_ip_address | 30.0.0.2 |
| floating_network_id | 2c757c9e-d3d6-4154-9a77-336eb99bd573 |
| id | 5a1f90ed-aa3c-4df3-82cb-116556e96bf1 |
| port_id | |
| router_id | |
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+---------------------+--------------------------------------+
</computeroutput></screen>
<para>2. Get the port ID of the VM with ID
7c5e6499-7ef7-4e36-8216-62c2941d21ff</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 port-list -- \
--device_id 7c5e6499-7ef7-4e36-8216-62c2941d21ff</userinput>
<computeroutput>+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| 6071d430-c66e-4125-b972-9a937c427520 | | fa:16:3e:a0:73:0d | {"subnet_id": "51e2c223-0492-4385-b6e9-83d4e6d10657", "ip_address": "10.0.0.3"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
</computeroutput></screen>
<para>3. Associate the floating IP with
the VM port</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 floatingip-associate \
5a1f90ed-aa3c-4df3-82cb-116556e96bf1 6071d430-c66e-4125-b972-9a937c427520</userinput>
<computeroutput>Associated floatingip 5a1f90ed-aa3c-4df3-82cb-116556e96bf1
</computeroutput></screen>
<screen><prompt>$</prompt> <userinput>neutron floatingip-list</userinput>
<computeroutput>+--------------------------------------+------------------+---------------------+--------------------------------------+
| id | fixed_ip_address | floating_ip_address | port_id |
+--------------------------------------+------------------+---------------------+--------------------------------------+
| 5a1f90ed-aa3c-4df3-82cb-116556e96bf1 | 10.0.0.3 | 30.0.0.2 | 6071d430-c66e-4125-b972-9a937c427520 |
+--------------------------------------+------------------+---------------------+--------------------------------------+
</computeroutput></screen>
</listitem>
<listitem>
<para>Ping the public network from the
server of TenantA</para>
<para>In my environment, 192.168.1.0/24 is
my public network connected with my
physical router, which also connects
to the external network 30.0.0.0/24.
With the floating IP and virtual
router, we can ping the public network
within the server of tenant A:</para>
<screen><prompt>$</prompt> <userinput>ping 192.168.1.1</userinput>
<computeroutput>PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_req=1 ttl=64 time=1.74 ms
64 bytes from 192.168.1.1: icmp_req=2 ttl=64 time=1.50 ms
64 bytes from 192.168.1.1: icmp_req=3 ttl=64 time=1.23 ms
^C
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.234/1.495/1.745/0.211 ms
</computeroutput></screen>
</listitem>
<listitem>
<para>Ping floating IP of the TenantA's
server</para>
<screen><prompt>$</prompt> <userinput>ping 30.0.0.2</userinput>
<computeroutput>PING 30.0.0.2 (30.0.0.2) 56(84) bytes of data.
64 bytes from 30.0.0.2: icmp_req=1 ttl=63 time=45.0 ms
64 bytes from 30.0.0.2: icmp_req=2 ttl=63 time=0.898 ms
64 bytes from 30.0.0.2: icmp_req=3 ttl=63 time=0.940 ms
^C
--- 30.0.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms
</computeroutput></screen>
</listitem>
<listitem>
<para>Create other servers for
TenantA</para>
<para>We can create more servers for
TenantA and add floating IPs for
them.</para>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para>Serve TenantC</para>
<para>For TenantC, we will create two private
networks with subnet 10.0.0.0/24 and subnet
10.0.1.0/24, some servers, one router to
connect to these two subnets and some floating
IPs.</para>
<orderedlist>
<listitem>
<para>Create networks and subnets for
TenantC</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 net-create TenantC-Net1</userinput>
<prompt>$</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 subnet-create TenantC-Net1 \
10.0.0.0/24 --name TenantC-Subnet1</userinput>
<prompt>$</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 net-create TenantC-Net2</userinput>
<prompt>$</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 subnet-create TenantC-Net2 \
10.0.1.0/24 --name TenantC-Subnet2</userinput>
</screen>
<para>After that we can use admin user to
query the network's provider network
information:</para>
<screen><prompt>$</prompt> <userinput>neutron net-show TenantC-Net1</userinput>
<computeroutput>+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 91309738-c317-40a3-81bb-bed7a3917a85 |
| name | TenantC-Net1 |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 2 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | cf03fd1e-164b-4527-bc87-2b2631634b83 |
| tenant_id | 2b4fec24e62e4ff28a8445ad83150f9d |
+---------------------------+--------------------------------------+
</computeroutput></screen>
<screen><prompt>$</prompt> <userinput>neutron net-show TenantC-Net2</userinput>
<computeroutput>+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 5b373ad2-7866-44f4-8087-f87148abd623 |
| name | TenantC-Net2 |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 3 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | 38f0b2f0-9f98-4bf6-9520-f4abede03300 |
| tenant_id | 2b4fec24e62e4ff28a8445ad83150f9d |
+---------------------------+--------------------------------------+
</computeroutput></screen>
<para>We can see that we have GRE tunnel
IDs (I.E. provider:segmentation_id) 2
and 3. And also note down the network
IDs and subnet IDs because we will use
them to create VMs and router.</para>
</listitem>
<listitem>
<para>Create a server TenantC-VM1 for
TenantC on TenantC-Net1</para>
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 boot --image tty --flavor 1 \
--nic net-id=91309738-c317-40a3-81bb-bed7a3917a85 TenantC_VM1</userinput></screen>
</listitem>
<listitem>
<para>Create a server TenantC-VM3 for
TenantC on TenantC-Net2</para>
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 boot --image tty --flavor 1 \
--nic net-id=5b373ad2-7866-44f4-8087-f87148abd623 TenantC_VM3</userinput></screen>
</listitem>
<listitem>
<para>List servers of TenantC</para>
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 list</userinput>
<computeroutput>
+--------------------------------------+-------------+--------+-----------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------------+--------+-----------------------+
| b739fa09-902f-4b37-bcb4-06e8a2506823 | TenantC_VM1 | ACTIVE | TenantC-Net1=10.0.0.3 |
| 17e255b2-b14f-48b3-ab32-5df36566d2e8 | TenantC_VM3 | ACTIVE | TenantC-Net2=10.0.1.3 |
+--------------------------------------+-------------+--------+-----------------------+
</computeroutput></screen>
<para>Note down the server IDs since we
will use them later.</para>
</listitem>
<listitem>
<para>Make sure servers get their
IPs</para>
<para>We can use VNC to log on the VMs to
check if they get IPs. If not, we have
to make sure the OpenStack Networking
components are running right and the
GRE tunnels work.</para>
</listitem>
<listitem>
<para>Create and configure a router for
TenantC:</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 router-create TenantC-R1</userinput></screen>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 router-interface-add \
TenantC-R1 cf03fd1e-164b-4527-bc87-2b2631634b83</userinput>
<prompt>$</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 router-interface-add \
TenantC-R1 38f0b2f0-9f98-4bf6-9520-f4abede03300</userinput></screen>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 \
router-gateway-set TenantC-R1 Ext-Net</userinput></screen>
</listitem>
<listitem>
<para>Checkpoint: ping from within TenantC's servers</para>
<para>Since we have a router connecting to two subnets, the VMs on these subnets are able to ping each other.
And since we have set the router's gateway interface, TenantC's servers are able to ping external network IPs, such as 192.168.1.1, 30.0.0.1 etc.</para>
</listitem>
<listitem>
<para>Associate floating IPs for
TenantC's servers</para>
<para>Since we have a router connecting to
two subnets, the VMs on these subnets
are able to ping each other. And since
we have set the router's gateway
interface, TenantC's servers are able
to ping external network IPs, such as
192.168.1.1, 30.0.0.1 etc.</para>
</listitem>
<listitem>
<para>Associate floating IPs for TenantC's
servers</para>
<para>We can use the similar commands as
we used in TenantA's section to finish
this task.</para>
</listitem>
</orderedlist>
</listitem>
</orderedlist>
</para>
</section>
</section>
View Git Blame Copy Permalink