Alexander Tivelkov 796a0b2c9d Nova Network support

Adds a support for Nova Network if Neutron is not present in the
current OpenStack deployment.

Supporting the Nova Network requires modifications in three different
parts of generated Heat Stack:
	1) Generated Security Groups and their rules should be of type
	   'AWS::EC2::SecurityGroup', not 'OS::Neutron::SecurityGroup'
	2) Security Group assignments should go to security_groups property
	   of Instance resource, not the network port (as port concept is
	   not present when using NovaNetwork)
	3) FloatingIP should be of type OS::Nova::FloatingIP and should be
	   associated with an Instance by OS::Nova::FloatingIPAssociation
	   resource.

To achieve p1 a SecurityGroupManager class of Core Library is made
abstract and is inherited by two concrete implementations:
NeutronSecurityGroupManager (containing the old MuranoPL code which
generated templates based on OS::Neutron::SecurityGroup) and a new
AwsSecurityGroupManager, which generates AWS-compliant firewall rules
which are consumed by NovaNetwork.

The particular concreate instance of this class is generated by the
default network of environment: Network class has got a new method called
generateSecurityGroupManager which returns an appropriate implementation.

For pp 2-3 a new inheritor of Network class has been added to the Core
Library: an io.murano.resources.NovaNetwork. It generates FloatingIP
association resources if needed and returns a securityGroupName object
as one of the outputs of its joinInstance methods.
The Instance class has been modified to properly handle these types of
outputs.
The instance of the NovaNetwork class is generated at the API side
when a new Environment is created and a is assigned to the
defaultNetworks.environment property of the environment if the neutron
is not defined in keystone.

Also this change moves the auth_utils module from engine to common, as
Keystone Client it contains is now used by the API process as well.

This changed is based on some of the code from the outdated changeset
I6f4b7908bd4bbcd375f64705c7dd06e3954f1ec7

Co-Authored-By: Alexander Tivelkov <ativelkov@mirantis.com>
Co-Authored-By: Stan Lagun <slagun@mirantis.com>

DocImpact

Change-Id: I4c48f33de100a5730ba1d086540d0d99e8fbf9b1
Implements-Blueprint: nova-network-support

2015-04-08 13:09:21 +03:00

3.9 KiB

Raw Blame History

Network Configuration

Murano may work in various networking environments and is capable to detect the current network configuration and choose the appropriate settings automatically. However, some additional actions are required to support advanced scenarios.

Nova network support

Nova Network is simplest networking solution, which has limited capabilities but is available on any OpenStack deployment without the need to deploy any additional components.

When a new Murano Environment is created, Murano checks if a dedicated networking service (i.e. Neutron) exists in the current OpenStack deployment. It relies on Keystone's service catalog for that. If such a service is not present, Murano automatically falls back to Nova Network. No further configuration is needed in this case, all the VMs spawned by Murano will be joining the same Network.

Neutron support

If Neutron is installed, Murano enables its advanced networking features that give you ability to not care about configuring networks for your application.

By default it will create an isolated network for each environment and join all VMs needed by your application to that network. To install and configure application in just spawned virtual machine Murano also requires a router connected to the external network.

Automatic Neutron network configuration

To create router automatically, provide the following parameters in config file:

[networking]

external_network = %EXTERNAL_NETWORK_NAME%
router_name = %MURANO_ROUTER_NAME%
create_router = true

To figure out the name of the external network, perform the following command:

$ neutron net-external-list

During the first deploy, required networks and router with specified name will be created and set up.

Manual neutron network configuration

Step 1. Create public network

First, you need to check for existence of external networks. Login as admin and go to Project -> Network -> Network Topology. And check network type in network details at Admin -> Networks -> Network name page. The same action can be done via CLI by running neutron net-external-list. To create new external network examine OpenStack documentation.

Step 2. Create local network

Go to Project -> Network -> Networks.

Click Create Network and fill the form.

Step 3. Create router

Go to Project -> Network -> Routers

Click "Create Router"

In the "Router Name" field, enter the murano-default-router
If you specify a name other than murano-default-router, it will be necessary to change the following settings in the config file:
[networking]

router_name = %SPECIFIED_NAME%
create_router = false
Click on the specified router name

In the opened view click “Add interface”

Specify the subnet and IP address

And check the result in Network Topology tab.

3.9 KiB Raw Blame History