openstack-ansible-ops/scripts/generate-networks.sh

#!/usr/bin/env bash
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

source openrc



# Create a basic flat network
openstack network create GATEWAY_NET \
    --share \
    --external \
    --provider-physical-network flat \
    --provider-network-type flat

openstack subnet create GATEWAY_SUBNET \
    --subnet-range 172.16.24.0/22 \
    --network GATEWAY_NET \
    --gateway 172.16.24.2 \
    --allocation-pool start=172.16.25.201,end=172.16.25.255 \
    --dns-nameserver 172.16.24.2



# Create a basic VXLAN network
openstack network create PRIVATE_NET \
    --share \
    --provider-network-type vxlan \
    --provider-segment 101

openstack subnet create PRIVATE_SUBNET \
    --subnet-range 192.168.0.0/24 \
    --network PRIVATE_NET



# Create a neutron router and wire it up to the GATEWAY_NET and PRIVATE_NET_SUBNET
ROUTER_ID="$(openstack router create GATEWAY_NET_ROUTER -c id | grep -w id | awk '{print $4}')"
openstack router set "${ROUTER_ID}" \
    --external-gateway "$(openstack network list | awk '/GATEWAY_NET/ {print $2}')"

openstack router add subnet \
    "${ROUTER_ID}" \
    "$(openstack subnet list | awk '/PRIVATE_SUBNET/ {print $2}')"



# Neutron security group setup
SECGRP_ID="$(openstack security group create MNAIO_SECGRP -c id | grep -w id | awk '{print $4}')"
# Allow ICMP
openstack security group rule create --protocol icmp \
                                     --ingress \
                                     "$SECGRP_ID"

# Allow all TCP
openstack security group rule create --protocol tcp \
                                     --ingress \
                                     "$SECGRP_ID"

# Allow all UDP
openstack security group rule create --protocol udp \
                                     --ingress \
                                     "$SECGRP_ID"