openstack/openstack-manuals
Code Issues Proposed changes

Add simple note about attaching neutron networks

Browse Source 
I managed to follow the documentation properly for this example, however
something that was not clear to me was which networks attached inside
your VM.  So now, we display a little note hoping to help future users.

Also rename file from *pertenant* to *per-tenant*.

Change-Id: I0c4cbf9ae2ebb27037cbcc3b6cdf87069f69a16c
Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>
This commit is contained in:
Paul Belanger 2013-09-27 23:07:26 -04:00 committed by Andreas Jaeger
parent ff20a50aa2
commit 850811f853
2 changed files with 422 additions and 289 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/install-guide/ch_installnetworking.xml
View File

@ -1014,7 +1014,7 @@ enabled = True</programlisting>
cases.</para>
<xi:include href="section_networking-single-flat.xml"/>
<xi:include href="section_networking-provider-router-with-private_networks.xml"/>
<xi:include href="section_networking-pertenant-routers-with-private-networks.xml"/>
<xi:include href="section_networking-per-tenant-routers-with-private-networks.xml"/>
</section>
<section xml:id="section_networking-use-cases">
<title>OpenStack Networking Deployment Use Cases</title>

709
doc/install-guide/section_networking-pertenant-routers-with-private-networks.xml → doc/install-guide/section_networking-per-tenant-routers-with-private-networks.xml
View File

@ -1,130 +1,150 @@
<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="section_networking-routers-with-private-networks">
<title>Per-tenant Routers with Private Networks</title>
<para>This section describes how to install the OpenStack Networking service
and its components for the "<link
linkend="section_use-cases-tenant-router">Use Case: Per-tenant Routers with Private Networks
</link>".</para>
<para>This section describes how to install the OpenStack
Networking service and its components for the "<link
linkend="section_use-cases-tenant-router">Use Case:
Per-tenant Routers with Private Networks </link>".</para>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata contentwidth="6in" fileref="../common/figures/UseCase-MultiRouter.png"/>
</imageobject>
</mediaobject>
<mediaobject>
<imageobject>
<imagedata contentwidth="6in"
fileref="../common/figures/UseCase-MultiRouter.png"
/>
</imageobject>
</mediaobject>
</informalfigure>
<para>
The following figure shows the setup:
</para>
<para>The following figure shows the set up:</para>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata contentwidth="6in" fileref="../common/figures/demo_routers_with_private_networks.png"/>
</imageobject>
</mediaobject>
<mediaobject>
<imageobject>
<imagedata contentwidth="6in"
fileref="../common/figures/demo_routers_with_private_networks.png"
/>
</imageobject>
</mediaobject>
</informalfigure>
<para>As shown in the figure, the setup includes:</para>
<para>As shown in the figure, the set up includes:</para>
<itemizedlist>
<listitem>
<para>An interface for management traffic on each node.</para>
</listitem>
<listitem>
<para>Use of the Open vSwitch plug-in.</para>
</listitem>
<listitem>
<para>GRE tunnels for data transport on all agents.</para>
</listitem>
<listitem>
<para>Floating IPs and router gateway ports are configured in
an external network, and a physical router connects the
floating IPs and router gateway ports to the outside world.
</para>
</listitem>
<listitem>
<para>An interface for management traffic on each
node.</para>
</listitem>
<listitem>
<para>Use of the Open vSwitch plug-in.</para>
</listitem>
<listitem>
<para>GRE tunnels for data transport on all agents.</para>
</listitem>
<listitem>
<para>Floating IPs and router gateway ports that are
configured in an external network, and a physical
router that connects the floating IPs and router
gateway ports to the outside world.</para>
</listitem>
</itemizedlist>
<note><para>Because this example runs a DHCP agent and L3 agent on one node, the
<literal>use_namespace</literal> option must be set to <literal>True</literal> in
the configuration file for each agent. The default is <literal>True</literal>.</para></note>
<para>Below is a description of the nodes in the setup:
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="80%"/>
<thead>
<tr>
<th>Node</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>Controller Node</td>
<td>Runs the OpenStack Networking service, OpenStack Identity and all of
the OpenStack Compute services that are required to deploy
VMs (<systemitem class="service">nova-api</systemitem>, <systemitem class="service">nova-scheduler</systemitem>, for example). The node must have at least one
network interface, which is connected to
the "Management Network". The hostname is 'controlnode', which
every other node resolve to the controller node's IP.
<emphasis role="bold">Note</emphasis>
The nova-network service should not be running. This is
replaced by OpenStack Networking.</td>
</tr>
<tr>
<td>Compute Node</td>
<td>Runs the OpenStack Networking L2 agent and the
OpenStack Compute services that run VMs
(<systemitem class="service">nova-compute</systemitem> specifically, and optionally other
nova-* services depending on configuration). The
node must have at least two network interfaces.
The first is used to communicate with the
controller node via the management network. The
second interface is used for the VM traffic on the
Data network. The VM will be able to receive its
IP address from the DHCP agent on this
network.</td>
</tr>
<tr>
<td>Network Node</td>
<td>Runs OpenStack Networking L2 agent, DHCP agent and L3 agent.
This node will have access to the
external network. The DHCP agent will allocate
IP addresses to the VMs on data network (Technically, the addresses
are allocated by the OpenStack Networking server, and distributed by the dhcp agent).
The node must have
at least two network interfaces. The first
is used to communicate with the controller
node via the management network. The second
interface will be used as external network.
GRE tunnels will be set up as data network.</td>
</tr>
<tr>
<td>Router</td>
<td>Router has IP 30.0.0.1, which is the default gateway for
all VMs. The router should have ability to access public networks.</td>
</tr>
</tbody>
</informaltable></para>
<note>
<para>Because this example runs a DHCP agent and L3 agent on
one node, you must set the
<literal>use_namespace</literal> option to
<literal>True</literal> in the configuration file for
each agent. The default is <literal>True</literal>.</para>
</note>
<para>The following table describes the nodes:</para>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="80%"/>
<thead>
<tr>
<th>Node</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>Controller Node</td>
<td><para>Runs the OpenStack Networking service,
OpenStack Identity, and all OpenStack Compute
services that are required to deploy VMs
(<systemitem class="service"
>nova-api</systemitem>, <systemitem
class="service"
>nova-scheduler</systemitem>, for
example). The node must have at least one
network interface, which is connected to the
Management Network. The host name is
controlnode, which every other node resolves
to the IP of the controller node.</para><note>
<para>The <systemitem class="service"
>nova-network</systemitem> service
should not be running. This is replaced by
OpenStack Networking.</para>
</note></td>
</tr>
<tr>
<td>Compute Node</td>
<td>Runs the OpenStack Networking L2 agent and the
OpenStack Compute services that run VMs
(<systemitem class="service"
>nova-compute</systemitem> specifically, and
optionally other <systemitem class="service"
>nova-*</systemitem> services depending on
configuration). The node must have at least two
network interfaces. One interface communicates
with the controller node through the management
network. The other node is used for the VM traffic
on the data network. The VM receives its IP
address from the DHCP agent on this network.</td>
</tr>
<tr>
<td>Network Node</td>
<td>Runs OpenStack Networking L2 agent, DHCP agent and
L3 agent. This node has access to the external
network. The DHCP agent allocates IP addresses to
the VMs on data network. (Technically, the
addresses are allocated by the OpenStack
Networking server, and distributed by the dhcp
agent.) The node must have at least two network
interfaces. One interface communicates with the
controller node through the management network.
The other interface is used as external network.
GRE tunnels are set up as data networks.</td>
</tr>
<tr>
<td>Router</td>
<td>Router has IP 30.0.0.1, which is the default
gateway for all VMs. The router must be able to
access public networks.</td>
</tr>
</tbody>
</informaltable>
<para>The demo assumes the following:</para>
<para><emphasis role="bold">Controller Node</emphasis></para>
<orderedlist>
<listitem>
<para>Relevant OpenStack Compute services are installed, configured and
running.</para>
<para>Relevant OpenStack Compute services are installed,
configured, and running.</para>
</listitem>
<listitem>
<para>Glance is installed, configured and running. In
addition to this there should be an image named tty.</para>
<para>Glance is installed, configured, and running. In
addition, an image named tty must be present.</para>
</listitem>
<listitem>
<para>OpenStack Identity is installed, configured and running. A OpenStack Networking
user named <emphasis role="bold">neutron</emphasis> should be created on tenant
<emphasis role="bold">servicetenant</emphasis> with password <emphasis
<para>OpenStack Identity is installed, configured, and
running. A OpenStack Networking user named <emphasis
role="bold">neutron</emphasis> should be created
on tenant <emphasis role="bold"
>servicetenant</emphasis> with password <emphasis
role="bold">servicepassword</emphasis>.</para>
</listitem>
<listitem>
<para>Additional services <itemizedlist>
<listitem>
<para>RabbitMQ is running with default guest and its password</para>
<para>RabbitMQ is running with default guest
and its password</para>
</listitem>
<listitem>
<para>MySQL server (user is <emphasis
@ -146,19 +166,26 @@
<para>
<itemizedlist>
<listitem>
<para><emphasis role="bold">Controller Node - OpenStack Networking Server</emphasis><orderedlist>
<para><emphasis role="bold">Controller Node -
OpenStack Networking Server</emphasis><orderedlist>
<listitem>
<para>Install the OpenStack Networking server.</para>
<para>Install the OpenStack Networking
server.</para>
</listitem>
<listitem>
<para>Create database <emphasis role="bold">ovs_neutron</emphasis>.
Refer back <link linkend="section_install_prereqs">Initial
prerequisites</link> to get started.</para>
<para>Create database <emphasis
role="bold">ovs_neutron</emphasis>.
To get started, see <link
linkend="section_install_prereqs"
>Initial
prerequisites</link>.</para>
</listitem>
<listitem>
<para>Update the OpenStack Networking configuration file, <filename>
/etc/neutron/neutron.conf</filename>, with
plugin choice and Identity Service user as necessary:</para>
<para>Update the OpenStack Networking
configuration file, <filename>
/etc/neutron/neutron.conf</filename>,
with plug-in choice and Identity
Service user as necessary:</para>
<programlisting>[DEFAULT]
core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
control_exchange = neutron
@ -172,8 +199,9 @@ admin_password=servicepassword
</programlisting>
</listitem>
<listitem>
<para>Update the plugin configuration file, <filename>
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>:</para>
<para>Update the plug-in configuration
file,
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>:</para>
<programlisting>[database]
sql_connection = mysql://root:root@controlnode:3306/ovs_neutron?charset=utf8
[ovs]
@ -183,24 +211,34 @@ enable_tunneling = True
</programlisting>
</listitem>
<listitem>
<para>Start the OpenStack Networking server</para>
<para>The OpenStack Networking server can be a service of the operating system.
The command may be different to start the service on different operating systems.
One example of the command to run the OpenStack Networking server directly is:</para>
<para>Start the OpenStack Networking
server</para>
<para>The OpenStack Networking server
can be a service of the operating
system. The command to start the
service depends on your operating
system. The following command runs
the OpenStack Networking server
directly:</para>
<screen><prompt>$</prompt> <userinput>sudo neutron-server --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini \
--config-file /etc/neutron/neutron.conf</userinput></screen>
</listitem>
</orderedlist></para>
</listitem>
<listitem>
<para><emphasis role="bold">Compute Node - OpenStack Compute </emphasis><orderedlist>
<para><emphasis role="bold">Compute Node -
OpenStack Compute </emphasis><orderedlist>
<listitem>
<para>Install OpenStack Compute services.</para>
<para>Install OpenStack Compute
services.</para>
</listitem>
<listitem>
<para>Update the OpenStack Compute configuration
file, <filename>
/etc/nova/nova.conf</filename>. Make sure the following is at the end of this file:</para>
<para>Update the OpenStack Compute
configuration file, <filename>
/etc/nova/nova.conf</filename>.
Make sure the following line
appears at the end of this
file:</para>
<programlisting>network_api_class=nova.network.neutronv2.api.API
neutron_admin_username=neutron
@ -214,25 +252,31 @@ libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
</programlisting>
</listitem>
<listitem>
<para>Restart relevant OpenStack Compute services</para>
<para>Restart relevant OpenStack
Compute services</para>
</listitem>
</orderedlist></para>
</listitem>
<listitem>
<para><emphasis role="bold">Compute and Network Node - L2 Agent</emphasis><orderedlist>
<para><emphasis role="bold">Compute and Network
Node - L2 Agent</emphasis><orderedlist>
<listitem>
<para>Install and start Open vSwitch.</para>
<para>Install and start Open
vSwitch.</para>
</listitem>
<listitem>
<para>Install the L2 agent (Neutron Open vSwitch agent).</para>
<para>Install the L2 agent (Neutron
Open vSwitch agent).</para>
</listitem>
<listitem>
<para>Add the integration bridge to the Open vSwitch</para>
<para>Add the integration bridge to
the Open vSwitch</para>
<screen><prompt>$</prompt> <userinput>sudo ovs-vsctl add-br br-int</userinput></screen>
</listitem>
<listitem>
<para>Update the OpenStack Networking configuration file, <filename>
/etc/neutron/neutron.conf</filename></para>
<para>Update the OpenStack Networking
configuration file, <filename>
/etc/neutron/neutron.conf</filename></para>
<programlisting language="ini">[DEFAULT]
core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
control_exchange = neutron
@ -241,8 +285,9 @@ notification_driver = neutron.openstack.common.notifier.rabbit_notifier
</programlisting>
</listitem>
<listitem>
<para>Update the plugin configuration file, <filename>
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>.</para>
<para>Update the plug-in configuration
file, <filename>
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>.</para>
<para>Compute Node:</para>
<programlisting language="ini">[database]
sql_connection = mysql://root:root@controlnode:3306/ovs_neutron?charset=utf8
@ -269,75 +314,102 @@ local_ip = 9.181.89.203
<screen><prompt>$</prompt> <userinput>sudo ovs-vsctl --may-exist add-br br-int</userinput></screen>
</listitem>
<listitem>
<para>Start the OpenStack Networking L2 agent</para>
<para>The OpenStack Networking Open vSwitch L2 agent can be a service of operating system.
The command may be different to start the service on different operating systems.
However the command to run it directly is kind of like:</para>
<para>Start the OpenStack Networking
L2 agent</para>
<para>The OpenStack Networking Open
vSwitch L2 agent can be a service
of operating system. The command
may be different to start the
service on different operating
systems. However the command to run
it directly is kind of like:</para>
<screen><prompt>$</prompt> <userinput>sudo neutron-openvswitch-agent --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini \
--config-file /etc/neutron/neutron.conf</userinput></screen>
</listitem>
</orderedlist></para>
</listitem>
<listitem>
<para><emphasis role="bold">Network Node - DHCP Agent</emphasis><orderedlist>
<para><emphasis role="bold">Network Node - DHCP
Agent</emphasis><orderedlist>
<listitem>
<para>Install the DHCP agent.</para>
</listitem>
<listitem>
<para>Update the OpenStack Networking configuration file, <filename>
/etc/neutron/neutron.conf</filename></para>
<para>Update the OpenStack Networking
configuration file, <filename>
/etc/neutron/neutron.conf</filename></para>
<programlisting>[DEFAULT]
core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
control_exchange = neutron
rabbit_host = controlnode
notification_driver = neutron.openstack.common.notifier.rabbit_notifier
allow_overlapping_ips = True</programlisting>
<para><emphasis role="bold"> We set <literal>allow_overlapping_ips</literal> because we have
overlapping subnets for TenantA and TenantC.</emphasis></para>
<para><emphasis role="bold">Set
<literal>allow_overlapping_ips</literal>
because TenantA and TenantC use
overlapping
subnets.</emphasis></para>
</listitem>
<listitem>
<para>Update the DHCP configuration file <filename>
/etc/neutron/dhcp_agent.ini</filename></para>
<para>Update the DHCP configuration
file <filename>
/etc/neutron/dhcp_agent.ini</filename></para>
<programlisting>interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver</programlisting>
</listitem>
<listitem>
<para>Start the DHCP agent</para>
<para>The OpenStack Networking DHCP agent can be a service of operating system.
The command may be different to start the service on different operating systems.
However the command to run it directly is kind of like:</para>
<para>The OpenStack Networking DHCP
agent can be a service of operating
system. The command to start the
service depends on your operating
system. The following command runs
the service directly:</para>
<screen><prompt>$</prompt> <userinput>sudo neutron-dhcp-agent --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/dhcp_agent.ini</userinput></screen>
</listitem>
</orderedlist></para>
</listitem>
<listitem>
<para><emphasis role="bold">Network Node - L3 Agent</emphasis><orderedlist>
<para><emphasis role="bold">Network Node - L3
Agent</emphasis><orderedlist>
<listitem>
<para>Install the L3 agent.</para>
</listitem>
<listitem>
<para>Add the external network bridge</para>
<para>Add the external network
bridge</para>
<screen><prompt>$</prompt> <userinput>sudo ovs-vsctl add-br br-ex</userinput></screen>
</listitem>
<listitem>
<para>Add the physical interface, for example eth0, that is
connected to the outside network to this bridge</para>
<para>Add the physical interface, for
example eth0, that is connected to
the outside network to this
bridge:</para>
<screen><prompt>$</prompt> <userinput>sudo ovs-vsctl add-port br-ex eth0</userinput></screen>
</listitem>
<listitem>
<para>Update the L3 configuration file <filename>
/etc/neutron/l3_agent.ini</filename>:</para>
<para>Update the L3 configuration file
<filename>
/etc/neutron/l3_agent.ini</filename>:</para>
<programlisting>[DEFAULT]
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces=True</programlisting>
<para><emphasis role="bold"> We set <literal>use_namespaces</literal> (it is True by default) because we have
overlapping subnets for TenantA and TenantC and we are going to host the routers with one l3 agent network node.</emphasis></para>
<para><emphasis role="bold">Set the
<literal>use_namespaces</literal>
option (it is True by default)
because TenantA and TenantC have
overlapping subnets, and the
routers are hosted on one l3 agent
network node.</emphasis></para>
</listitem>
<listitem>
<para>Start the L3 agent</para>
<para>The OpenStack Networking L3 agent can be a service of operating system.
The command may be different to start the service on different operating systems.
However the command to run it directly is kind of like:</para>
<para>The OpenStack Networking L3
agent can be a service of operating
system. The command to start the
service depends on your operating
system. The following command
starts the agent directly:</para>
<screen><prompt>$</prompt> <userinput>sudo neutron-l3-agent --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/l3_agent.ini</userinput></screen>
</listitem>
@ -348,23 +420,25 @@ use_namespaces=True</programlisting>
</section>
<section xml:id="demo_per_tenant_router_network_config">
<title>Logical Network Configuration</title>
<para>All of the commands below can be executed on the network node.</para>
<para><emphasis role="bold">Note</emphasis> please ensure that
the following environment variables are set. These are
used by the various clients to access the OpenStack Identity
service.</para>
<para>All of the commands below can be executed on the network
node.</para>
<note>
<para>Ensure that the following environment variables are
set. These are used by the various clients to access
the OpenStack Identity service.</para>
</note>
<para>
<programlisting language="bash">export OS_USERNAME=admin
export OS_PASSWORD=adminpassword
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/</programlisting>
export OS_PASSWORD=adminpassword
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/</programlisting>
</para>
<para>
<orderedlist>
<listitem>
<para>Get the tenant ID (Used as
$TENANT_ID later)</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-list</userinput>
<orderedlist>
<listitem>
<para>Get the tenant ID (Used as $TENANT_ID
later)</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-list</userinput>
<computeroutput>+----------------------------------+---------+---------+
| id | name | enabled |
+----------------------------------+---------+---------+
@ -375,10 +449,10 @@ export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/</programlisting>
| b7445f221cda4f4a8ac7db6b218b1339 | admin | True |
+----------------------------------+---------+---------+
</computeroutput></screen>
</listitem>
<listitem>
<para>Get the user information</para>
<screen><prompt>$</prompt> <userinput>keystone user-list</userinput>
</listitem>
<listitem>
<para>Get the user information</para>
<screen><prompt>$</prompt> <userinput>keystone user-list</userinput>
<computeroutput>+----------------------------------+-------+---------+-------------------+
| id | name | enabled | email |
+----------------------------------+-------+---------+-------------------+
@ -389,11 +463,11 @@ export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/</programlisting>
| ca567c4f6c0942bdac0e011e97bddbe3 | UserA | True | |
+----------------------------------+-------+---------+-------------------+
</computeroutput></screen>
</listitem>
<listitem>
<para>Create the external network and
its subnet by admin user:</para>
<screen><prompt>$</prompt> <userinput>neutron net-create Ext-Net --provider:network_type local --router:external true</userinput>
</listitem>
<listitem>
<para>Create the external network and its subnet
by admin user:</para>
<screen><prompt>$</prompt> <userinput>neutron net-create Ext-Net --provider:network_type local --router:external true</userinput>
<computeroutput>Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
@ -412,7 +486,7 @@ export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/</programlisting>
+---------------------------+--------------------------------------+
</computeroutput></screen>
<screen><prompt>$</prompt> <userinput>neutron subnet-create Ext-Net 30.0.0.0/24 --disable-dhcp</userinput>
<screen><prompt>$</prompt> <userinput>neutron subnet-create Ext-Net 30.0.0.0/24 --disable-dhcp</userinput>
<computeroutput>Created a new subnet:
+------------------+--------------------------------------------+
| Field | Value |
@ -429,31 +503,37 @@ export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/</programlisting>
| network_id | 2c757c9e-d3d6-4154-9a77-336eb99bd573 |
| tenant_id | b7445f221cda4f4a8ac7db6b218b1339 |
+------------------+--------------------------------------------+
</computeroutput></screen> <para><emphasis role="bold">
</computeroutput></screen>
<para><emphasis role="bold">
<literal>provider:network_type
local</literal> means we don't need
OpenStack Networking to realize this network through
provider network. <literal>router:external
true</literal> means we are creating
an external network, on which we can
create floating ip and router gateway
local</literal> means that OpenStack
Networking does not have to realize this
network through provider network.
<literal>router:external
true</literal> means that an external
network is created where you can create
floating IP and router gateway
port.</emphasis></para>
</listitem>
<listitem>
<para>Add an IP on external network to br-ex</para>
<para>Since we are using br-ex as our external network bridge, we will add an IP 30.0.0.100/24 to br-ex
and then ping our VM's floating IP from our network node.</para>
<screen><prompt>$</prompt> <userinput>sudo ip addr add 30.0.0.100/24 dev br-ex
<prompt>$</prompt> sudo ip link set br-ex up
</userinput></screen>
</listitem>
<listitem>
<para>Serve TenantA</para>
<para>For TenantA, we will create a private network, a subnet, a server, a router and a floating IP.</para>
<orderedlist>
<listitem>
<para>Create a network for TenantA</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
</listitem>
<listitem>
<para>Add an IP on external network to
br-ex</para>
<para>Because br-ex is the external network
bridge, add an IP 30.0.0.100/24 to br-ex and
ping the floating IP of the VM from our
network node.</para>
<screen><prompt>$</prompt> <userinput>sudo ip addr add 30.0.0.100/24 dev br-ex
<prompt>$</prompt> sudo ip link set br-ex up</userinput></screen>
</listitem>
<listitem>
<para>Serve TenantA</para>
<para>For TenantA, create a private network,
subnet, server, router, and floating
IP.</para>
<orderedlist>
<listitem>
<para>Create a network for TenantA</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 net-create TenantA-Net</userinput>
<computeroutput>Created a new network:
+-----------------+--------------------------------------+
@ -468,8 +548,10 @@ export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/</programlisting>
| subnets | |
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+-----------------+--------------------------------------+</computeroutput></screen>
<para>After that we can use admin user to query the network's provider network information:</para>
<screen><prompt>$</prompt> <userinput>neutron net-show TenantA-Net</userinput>
<para>After that, you can use admin user
to query the provider network
information:</para>
<screen><prompt>$</prompt> <userinput>neutron net-show TenantA-Net</userinput>
<computeroutput>+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
@ -486,12 +568,15 @@ export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/</programlisting>
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+---------------------------+--------------------------------------+
</computeroutput></screen>
<para>We can see that it has GRE tunnel ID (I.E. provider:segmentation_id) 1.</para>
</listitem>
<listitem>
<para>Create a subnet on the network TenantA-Net</para>
<screen><prompt>$</prompt> <userinput>
neutron --os-tenant-name TenantA --os-username UserA --os-password password\
<para>The network has GRE tunnel ID (for
example, provider:segmentation_id)
1.</para>
</listitem>
<listitem>
<para>Create a subnet on the network
TenantA-Net</para>
<screen><prompt>$</prompt> <userinput>
neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 subnet-create TenantA-Net 10.0.0.0/24</userinput>
<computeroutput>Created a new subnet:
+------------------+--------------------------------------------+
@ -510,13 +595,13 @@ neutron --os-tenant-name TenantA --os-username UserA --os-password password\
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+------------------+--------------------------------------------+
</computeroutput></screen>
</listitem>
<listitem>
<para>Create a server for TenantA</para>
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantA --os-username UserA --os-password password \
</listitem>
<listitem>
<para>Create a server for TenantA:</para>
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 boot --image tty --flavor 1 \
--nic net-id=7d0e8d5d-c63c-4f13-a117-4dc4e33e7d68 TenantA_VM1</userinput></screen>
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantA --os-username UserA --os-password password \
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 list</userinput>
<computeroutput>
+--------------------------------------+-------------+--------+----------------------+
@ -525,11 +610,19 @@ neutron --os-tenant-name TenantA --os-username UserA --os-password password\
| 7c5e6499-7ef7-4e36-8216-62c2941d21ff | TenantA_VM1 | ACTIVE | TenantA-Net=10.0.0.3 |
+--------------------------------------+-------------+--------+----------------------+
</computeroutput></screen>
</listitem>
<listitem>
<para>Create and configure a router
for TenantA:</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
<note>
<para>It is important to understand
that you should not attach the
instance to Ext-Net directly.
Instead, you must use a floating IP
to make it accessible from the
external network.</para>
</note>
</listitem>
<listitem>
<para>Create and configure a router for
TenantA:</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 router-create TenantA-R1</userinput>
<computeroutput>Created a new router:
+-----------------------+--------------------------------------+
@ -543,7 +636,7 @@ neutron --os-tenant-name TenantA --os-username UserA --os-password password\
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+-----------------------+--------------------------------------+
</computeroutput></screen>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 router-interface-add \
TenantA-R1 51e2c223-0492-4385-b6e9-83d4e6d10657</userinput></screen>
<para>Added interface to router TenantA-R1</para>
@ -554,7 +647,8 @@ neutron --os-tenant-name TenantA --os-username UserA --os-password password\
<listitem>
<para>Associate a floating IP for
TenantA_VM1</para>
<para>1. Create a floating IP</para><screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
<para>1. Create a floating IP</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 floatingip-create Ext-Net</userinput>
<computeroutput>Created a new floatingip:
+---------------------+--------------------------------------+
@ -569,8 +663,9 @@ neutron --os-tenant-name TenantA --os-username UserA --os-password password\
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+---------------------+--------------------------------------+
</computeroutput></screen>
<para>2. Get the port ID of the VM with ID 7c5e6499-7ef7-4e36-8216-62c2941d21ff</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
<para>2. Get the port ID of the VM with ID
7c5e6499-7ef7-4e36-8216-62c2941d21ff</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 port-list -- \
--device_id 7c5e6499-7ef7-4e36-8216-62c2941d21ff</userinput>
<computeroutput>+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
@ -579,26 +674,32 @@ neutron --os-tenant-name TenantA --os-username UserA --os-password password\
| 6071d430-c66e-4125-b972-9a937c427520 | | fa:16:3e:a0:73:0d | {"subnet_id": "51e2c223-0492-4385-b6e9-83d4e6d10657", "ip_address": "10.0.0.3"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
</computeroutput></screen>
<para>3. Associate the floating IP with the VM port</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
<para>3. Associate the floating IP with
the VM port</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 floatingip-associate \
5a1f90ed-aa3c-4df3-82cb-116556e96bf1 6071d430-c66e-4125-b972-9a937c427520</userinput>
<computeroutput>Associated floatingip 5a1f90ed-aa3c-4df3-82cb-116556e96bf1
</computeroutput></screen>
<screen><prompt>$</prompt> <userinput>neutron floatingip-list</userinput>
<screen><prompt>$</prompt> <userinput>neutron floatingip-list</userinput>
<computeroutput>+--------------------------------------+------------------+---------------------+--------------------------------------+
| id | fixed_ip_address | floating_ip_address | port_id |
+--------------------------------------+------------------+---------------------+--------------------------------------+
| 5a1f90ed-aa3c-4df3-82cb-116556e96bf1 | 10.0.0.3 | 30.0.0.2 | 6071d430-c66e-4125-b972-9a937c427520 |
+--------------------------------------+------------------+---------------------+--------------------------------------+
</computeroutput></screen>
</listitem>
<listitem>
<para>Ping the public network from the server of TenantA</para>
<para>In my environment, 192.168.1.0/24 is my public network connected
with my physical router, which also connects to the external network 30.0.0.0/24.
With the floating IP and virtual router, we can ping the public network within the server of tenant A:</para>
<screen><prompt>$</prompt> <userinput>ping 192.168.1.1</userinput>
</listitem>
<listitem>
<para>Ping the public network from the
server of TenantA</para>
<para>In my environment, 192.168.1.0/24 is
my public network connected with my
physical router, which also connects
to the external network 30.0.0.0/24.
With the floating IP and virtual
router, we can ping the public network
within the server of tenant A:</para>
<screen><prompt>$</prompt> <userinput>ping 192.168.1.1</userinput>
<computeroutput>PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_req=1 ttl=64 time=1.74 ms
64 bytes from 192.168.1.1: icmp_req=2 ttl=64 time=1.50 ms
@ -608,10 +709,11 @@ neutron --os-tenant-name TenantA --os-username UserA --os-password password\
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.234/1.495/1.745/0.211 ms
</computeroutput></screen>
</listitem>
<listitem>
<para>Ping floating IP of the TenantA's server</para>
<screen><prompt>$</prompt> <userinput>ping 30.0.0.2</userinput>
</listitem>
<listitem>
<para>Ping floating IP of the TenantA's
server</para>
<screen><prompt>$</prompt> <userinput>ping 30.0.0.2</userinput>
<computeroutput>PING 30.0.0.2 (30.0.0.2) 56(84) bytes of data.
64 bytes from 30.0.0.2: icmp_req=1 ttl=63 time=45.0 ms
64 bytes from 30.0.0.2: icmp_req=2 ttl=63 time=0.898 ms
@ -621,20 +723,28 @@ rtt min/avg/max/mdev = 1.234/1.495/1.745/0.211 ms
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms
</computeroutput></screen>
</listitem>
<listitem>
<para>Create other servers for TenantA</para>
<para>We can create more servers for TenantA and add floating IPs for them.</para></listitem>
</orderedlist>
</listitem>
<listitem>
<para>Serve TenantC</para>
<para>For TenantC, we will create two private networks with subnet 10.0.0.0/24 and subnet 10.0.1.0/24,
some servers, one router to connect to these two subnets and some floating IPs.</para>
<orderedlist>
<listitem>
<para>Create networks and subnets for TenantC</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
<listitem>
<para>Create other servers for
TenantA</para>
<para>We can create more servers for
TenantA and add floating IPs for
them.</para>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para>Serve TenantC</para>
<para>For TenantC, we will create two private
networks with subnet 10.0.0.0/24 and subnet
10.0.1.0/24, some servers, one router to
connect to these two subnets and some floating
IPs.</para>
<orderedlist>
<listitem>
<para>Create networks and subnets for
TenantC</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 net-create TenantC-Net1</userinput>
<prompt>$</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 subnet-create TenantC-Net1 \
@ -645,8 +755,10 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms
--os-auth-url=http://localhost:5000/v2.0 subnet-create TenantC-Net2 \
10.0.1.0/24 --name TenantC-Subnet2</userinput>
</screen>
<para>After that we can use admin user to query the network's provider network information:</para>
<screen><prompt>$</prompt> <userinput>neutron net-show TenantC-Net1</userinput>
<para>After that we can use admin user to
query the network's provider network
information:</para>
<screen><prompt>$</prompt> <userinput>neutron net-show TenantC-Net1</userinput>
<computeroutput>+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
@ -663,7 +775,7 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms
| tenant_id | 2b4fec24e62e4ff28a8445ad83150f9d |
+---------------------------+--------------------------------------+
</computeroutput></screen>
<screen><prompt>$</prompt> <userinput>neutron net-show TenantC-Net2</userinput>
<screen><prompt>$</prompt> <userinput>neutron net-show TenantC-Net2</userinput>
<computeroutput>+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
@ -680,24 +792,29 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms
| tenant_id | 2b4fec24e62e4ff28a8445ad83150f9d |
+---------------------------+--------------------------------------+
</computeroutput></screen>
<para>We can see that we have GRE tunnel IDs (I.E. provider:segmentation_id) 2 and 3.
And also note down the network IDs and subnet IDs because we will use them to create VMs and router.</para>
</listitem>
<listitem>
<para>Create a server TenantC-VM1 for TenantC on TenantC-Net1</para>
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantC --os-username UserC --os-password password \
<para>We can see that we have GRE tunnel
IDs (I.E. provider:segmentation_id) 2
and 3. And also note down the network
IDs and subnet IDs because we will use
them to create VMs and router.</para>
</listitem>
<listitem>
<para>Create a server TenantC-VM1 for
TenantC on TenantC-Net1</para>
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 boot --image tty --flavor 1 \
--nic net-id=91309738-c317-40a3-81bb-bed7a3917a85 TenantC_VM1</userinput></screen>
</listitem>
<listitem>
<para>Create a server TenantC-VM3 for TenantC on TenantC-Net2</para>
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantC --os-username UserC --os-password password \
</listitem>
<listitem>
<para>Create a server TenantC-VM3 for
TenantC on TenantC-Net2</para>
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 boot --image tty --flavor 1 \
--nic net-id=5b373ad2-7866-44f4-8087-f87148abd623 TenantC_VM3</userinput></screen>
</listitem>
<listitem>
<para>List servers of TenantC</para>
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantC --os-username UserC --os-password password \
</listitem>
<listitem>
<para>List servers of TenantC</para>
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 list</userinput>
<computeroutput>
+--------------------------------------+-------------+--------+-----------------------+
@ -706,22 +823,25 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms
| b739fa09-902f-4b37-bcb4-06e8a2506823 | TenantC_VM1 | ACTIVE | TenantC-Net1=10.0.0.3 |
| 17e255b2-b14f-48b3-ab32-5df36566d2e8 | TenantC_VM3 | ACTIVE | TenantC-Net2=10.0.1.3 |
+--------------------------------------+-------------+--------+-----------------------+
</computeroutput></screen><para>Note down the server IDs since we will use them later.</para>
</listitem>
<listitem>
<para>Make sure servers get their IPs</para>
<para>We can use VNC to log on the VMs
to check if they get IPs. If not, we
have to make sure the OpenStack Networking
</computeroutput></screen>
<para>Note down the server IDs since we
will use them later.</para>
</listitem>
<listitem>
<para>Make sure servers get their
IPs</para>
<para>We can use VNC to log on the VMs to
check if they get IPs. If not, we have
to make sure the OpenStack Networking
components are running right and the
GRE tunnels work.</para>
</listitem>
<listitem>
<para>Create and configure a router
for TenantC:</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
</listitem>
<listitem>
<para>Create and configure a router for
TenantC:</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 router-create TenantC-R1</userinput></screen>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 router-interface-add \
TenantC-R1 cf03fd1e-164b-4527-bc87-2b2631634b83</userinput>
<prompt>$</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
@ -739,11 +859,24 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms
<listitem>
<para>Associate floating IPs for
TenantC's servers</para>
<para>We can use the similar commands as we used in TenantA's section to finish this task.</para>
</listitem>
</orderedlist>
</listitem>
</orderedlist>
<para>Since we have a router connecting to
two subnets, the VMs on these subnets
are able to ping each other. And since
we have set the router's gateway
interface, TenantC's servers are able
to ping external network IPs, such as
192.168.1.1, 30.0.0.1 etc.</para>
</listitem>
<listitem>
<para>Associate floating IPs for TenantC's
servers</para>
<para>We can use the similar commands as
we used in TenantA's section to finish
this task.</para>
</listitem>
</orderedlist>
</listitem>
</orderedlist>
</para>
</section>
</section>