Matthew Kassawara 374a38f49a [install] Initial networking architecture changes

Implement initial networking architecture changes for Liberty
as follows:

1) Remove nova-network.
2) Develop architecture for provider networks with Linux
   bridge agent.
3) Develop architecture for self-service networks with
   Linux bridge agent.
4) Munge the neutron controller and network node configuration
   together.
5) Rejigger neutron to use the Linux bridge agent.
6) Restructure launch an instance content to account for
   two networking options.
7) Other restructuring as necessary to meet the primary
   goal.

For simplicity, both architectures require only two nodes,
each with two network interfaces, to deploy core OpenStack
services. Also, to address recurring issues about the lack
of support for connecting instances directly to the
public/external network, the self-service architecture
augments the provider networks architecture which allows
connection to both private and public networks.

Change-Id: Ie3ab9a15ebfe82c0ce54f709c87a66d7cc46db3f
Implements: blueprint installguide-liberty

2015-09-22 10:59:55 -05:00

4.1 KiB

Raw Blame History

Launch an instance

This section creates the necessary virtual networks to support launching one more instances. Networking option 1 includes one public virtual network and one instance that uses it. Networking option 1 includes one public virtual network, one private virtual network, and one instance that uses each network. The instructions in this section use command-line interface (CLI) tools on the controller node. For more information on the CLI tools, see the OpenStack User Guide. To use the dashboard, see the OpenStack User Guide.

Create virtual networks

Create virtual networks for the networking option that you chose in networking. If you chose option 1, create only the public virtual network. If you chose option 2, create the public and private virtual networks.

launch-instance-networks-public.rst launch-instance-networks-private.rst

After creating the appropriate networks for your environment, you can continue preparing the environment to launch an instance.

Generate a key pair

Most cloud images support public key authentication rather than conventional password authentication. Before launching an instance, you must add a public key to the Compute service.

Source the demo tenant credentials:
```
$ source demo-openrc.sh
```
Generate and add a key pair:
```
$ ssh-keygen -q -N ""
$ nova keypair-add --pub-key .ssh/id_rsa.pub mykey
```
Note

Alternatively, you can skip the ssh-keygen command and use an existing public key.

Verify addition of the key pair:

$ nova keypair-list
+-------+-------------------------------------------------+
| Name  | Fingerprint                                     |
+-------+-------------------------------------------------+
| mykey | 6c:74:ec:3a:08:05:4e:9e:21:22:a6:dd:b2:62:b8:28 |
+-------+-------------------------------------------------+

Add security group rules

By default, the default security group applies to all instances and includes firewall rules that deny remote access to instances. For Linux images such as CirrOS, we recommend allowing at least ICMP (ping) and secure shell (SSH).

Add rules to the default security group:

Permit ICMP (ping):

$ nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

Permit secure shell (SSH) access:

$ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+