Arif’s Scratch Pad

Openstack Lab – Part 3: Networking All-in-one

Welcome to the third part of the series of the blog, today we are going to look at installing and configuring OpenStack networking which will allow us to assign a floating IP to the VM created a in the previous post, and then we should be able to ping and SSH to the instance.

You will need to have your system up to the stage where all the RPMs, repositories, and base config of the system is configured, with one instance up, and available. If in doubt, follow Parts 1 and 2 of the series.

If you have already gone through the first and second part, then we should be in good shape to carry on.

First of all we need to add the external interface to the external bridge that packstack automatically created

1
ovs-vsctl add-port br-ex enp2s1f1

We need to change the network configs as defined below for br-ex and enp2s1f1

/etc/sysconfig/network-scripts/ifcfg-enp2s1f1
1
2
3
4
5
6
DEVICE=enp2s1f1
TYPE=OVSPort
DEVICETYPE=ovs
ONBOOT=yes
NM_CONTROLLED=no
OVS_BRIDGE=br-ex
/etc/sysconfig/network-scripts/ifcfg-br-ex
1
2
3
4
5
6
7
8
9
DEVICE=br-ex
TYPE=OVSBridge
DEVICETYPE=ovs
ONBOOT=yes
BOOTPROTO=none
NM_CONTROLLED=no
IPADDR=192.168.80.1
NETMASK=255.255.240.0
GATEWAY=192.168.95.254

Once the network config has been changed we need to restart the networking, we may need to do restart the network twice in order for to activate correctly

1
systemctl restart network

As part of the provisioning of demo tenant and sample data, it would have added a public network. As we have a different network we need to remove, and add our networking. The following 3 commands will remove all references to the pre-created public networks and any references.

1
2
3
4
5
6
[root@stack01 ~(keystone_admin)]# neutron router-gateway-clear router1
Removed gateway from router router1
[root@stack01 ~(keystone_admin)]# neutron subnet-delete public_subnet
Deleted subnet: public_subnet
[root@stack01 ~(keystone_admin)]# neutron net-delete public
Deleted network: public

I guess I could have just left the public network, and just added the subnet on top, but in my demo here, I decided to create a new one. The command below created a new network, we make sure that the this network is externally routable. The --router:external can only be specified by a user that has the admin role.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@stack01 ~(keystone_admin)]# neutron net-create pub_net --router:external=True
Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | 621e99ee-b7b8-4455-ac88-d47ea70bf641 |
| name                      | pub_net                              |
| provider:network_type     | vxlan                                |
| provider:physical_network |                                      |
| provider:segmentation_id  | 10                                   |
| router:external           | True                                 |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tenant_id                 | cbe4931fa51d4348abd3761560d49055     |
+---------------------------+--------------------------------------+

We then define the subnet we want this to have, so in our case we are going to create the 192.168.80.0/20 network. In out case here we do not want dhcp on this network, and so that it can route to the web, we set the default gw of the network. We then allocate the set of IPs that are available to be used for the instances.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@stack01 ~(keystone_admin)]# neutron subnet-create --name pub_subnet --disable-dhcp \
   pub_net 192.168.80.0/20 --gateway 192.168.95.254 --allocation-pool start=192.168.81.1,end=192.168.94.255

Created a new subnet:
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| allocation_pools | {"start": "192.168.81.1", "end": "192.168.94.255"}   |
| cidr             | 192.168.80.0/20                                      |
| dns_nameservers  |                                                      |
| enable_dhcp      | False                                                |
| gateway_ip       | 192.168.95.254                                       |
| host_routes      |                                                      |
| id               | 45880c1e-c20a-4372-81c5-04dd6d342b39                 |
| ip_version       | 4                                                    |
| name             | pub_subnet                                           |
| network_id       | 621e99ee-b7b8-4455-ac88-d47ea70bf641                 |
| tenant_id        | cbe4931fa51d4348abd3761560d49055                     |
+------------------+------------------------------------------------------+

Now we need to set the gateway of the router that we have to the public network we created.

1
2
[root@stack01 ~(keystone_admin)]# neutron router-gateway-set router1 pub_net
Set gateway for router router1

Now, the main admin side is done, we now need to be a user to create the floating IPs, and then associate the floating IP to the instance we created in the previous post

Firstly, source the keystonerc_demo, to change to the demo user environment

1
. /root/keystonerc_demo

Create a new floating IP, from the public network we created earlier, to confirm which networks we can use for this purpose we can run the following command

1
2
3
4
5
6
[root@stack01 ~(keystone_demo)]# nova floating-ip-pool-list
+---------+
| name    |
+---------+
| pub_net |
+---------+

and then creating the floating IP on pub_net

1
2
3
4
5
6
[root@stack01 ~(keystone_demo)]# nova floating-ip-create pub_net
+--------------+-----------+----------+---------+
| Ip           | Server Id | Fixed Ip | Pool    |
+--------------+-----------+----------+---------+
| 192.168.81.2 |           | -        | pub_net |
+--------------+-----------+----------+---------+

Now we need to assign the IP to the instance we created in the last part 2 of the Lab

1
[root@stack01 ~(keystone_demo)]# nova floating-ip-associate a79e4176-647b-48c7-b335-2ac5436ef444 192.168.81.2

To make sure that the IP has been allocated we can run nova list, which shows the output below

1
2
3
4
5
6
[root@stack01 ~(keystone_demo)]# nova list
+--------------------------------------+-------+--------+------------+-------------+--------------------------------+
| ID                                   | Name  | Status | Task State | Power State | Networks                       |
+--------------------------------------+-------+--------+------------+-------------+--------------------------------+
| a79e4176-647b-48c7-b335-2ac5436ef444 | test0 | ACTIVE | -          | Running     | private=10.0.0.2, 192.168.81.2 |
+--------------------------------------+-------+--------+------------+-------------+--------------------------------+

Now to see if this has in-fact worked, we can ping the external IP, hopefully you should see something similar to the output below

1
2
3
4
5
6
7
8
9
[root@stack01 ~(keystone_demo)]# ping -c 3 192.168.81.2
PING 192.168.81.2 (192.168.81.2) 56(84) bytes of data.
64 bytes from 192.168.80.1: icmp_seq=1 ttl=63 time=1.41 ms
64 bytes from 192.168.80.1: icmp_seq=2 ttl=63 time=0.372 ms
64 bytes from 192.168.80.1: icmp_seq=3 ttl=63 time=0.273 ms

--- 192.168.81.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.273/0.687/1.417/0.517 ms

And now login to the instance by using the key we created in Part 2 of the Lab

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@stack01 ~(keystone_demo)]# ssh 192.168.81.2 -l cirros -i ~/id_rsa_demo
$ 
$ 
$ 
$ cat /etc/issue 
login as 'cirros' user. default password: 'cubswin:)'. use 'sudo' for root.
$ 
$ 
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether fa:16:3e:03:6c:7a brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.2/24 brd 10.0.0.255 scope global eth0
    inet6 fe80::f816:3eff:fe03:6c7a/64 scope link 
       valid_lft forever preferred_lft forever
$ 

This concludes the all-in-one installation and configuration of the base system. In the next few parts we will be looking at installing all the components using packstack and then also not to install the demo template. This will then involve creating the tenants, users, routers, networks etc..

In the meantime if you have any questions or comments please ping me on IRC arif-ali at freenode.