Neutron networking with a user tenant ===================================== The below setup assumes you have a successful DevStack setup with Neutron networking, refer below for a minimal config that configures Nova (API, Compute, Scheduler and Conductor services), Neutron, Glance and Keystone services: https://kashyapc.fedorapeople.org/virt/openstack/Minimal-DevStack-local.conf Set gateway for Neutron router and add security group rules ----------------------------------------------------------- (1) Source the user tenant ('demo' user) credentials: $ . openrc demo (2) Enumerate security group rules: $ neutron security-group-list +--------------------------------------+---------+------------------------+ | id | name | description | +--------------------------------------+---------+------------------------+ | 63c5e65a-21f5-4933-9c72-6b711fc5b49d | default | Default security group | +--------------------------------------+---------+------------------------+ (3) Create a couple of environmnet variables, for convenience, capturing the IDs of Neutron public, private networks and router: $ PRIV_NET=$(neutron net-list | grep private | awk '{print $2;}') $ PUB_NET=$(neutron net-list | grep public | awk '{print $2;}') $ ROUTER_ID=$(neutron router-list | grep router1 | awk '{print $2;}') (4) Set the gateway for router: $ neutron router-gateway-set $ROUTER_ID $PUB_NET Set gateway for router b04ccfed-3613-4e87-a412-c3c13185a96d (5) Add security group rules to enable `ping` and `ssh`: $ neutron security-group-rule-create --protocol icmp \ --direction ingress --remote-ip-prefix 0.0.0.0/0 default $ neutron security-group-rule-create --protocol tcp \ --port-range-min 22 --port-range-max 22 --direction ingress default (6) Boot a Nova instance: $ . openrc demo # Or $ source accrc/demo/demo $ nova keypair-add oskey1 > oskey1.priv $ chmod 600 oskey1.priv $ nova boot --image cirros-0.3.3-x86_64-disk \ --nic net-id=$PRIV_NET --flavor m1.small \ --key_name oskey1 cirrvm2 --security_groups default Create a floating IP and associate it to a Nova instance -------------------------------------------------------- (1) Enumerate the Nova instance and the Neutron ports for that specific instance: $ nova list +--------------------------------------+---------+---------+------------+-------------+------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+---------+---------+------------+-------------+------------------+ | 95e32cea-5f04-49e7-a875-c70d4d92cde4 | cirrvm1 | SHUTOFF | - | Shutdown | private=10.1.0.3 | | ab086047-6bf8-43b2-bfeb-9e92ade1d701 | cirrvm2 | ACTIVE | - | Running | private=10.1.0.4 | +--------------------------------------+---------+---------+------------+-------------+------------------+ $ neutron port-list --device-id ab086047-6bf8-43b2-bfeb-9e92ade1d701 +--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+ | id | name | mac_address | fixed_ips | +--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+ | 4415bad9-2da8-4780-838e-b70d3f78b280 | | fa:16:3e:02:ae:26 | {"subnet_id": "af72e052-d833-463f-b1ce-4f71d88ab8b3", "ip_address": "10.1.0.4"} | +--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+ (2) Create a floating IP and enumerate the list of floating IPs: $ neutron floatingip-create public $ neutron floatingip-list +--------------------------------------+------------------+---------------------+---------+ | id | fixed_ip_address | floating_ip_address | port_id | +--------------------------------------+------------------+---------------------+---------+ | 310b06ef-b30d-4c37-a7fb-9c718e480483 | | 172.24.4.3 | | +--------------------------------------+------------------+---------------------+---------+ (3) Associate the floating IP with the Neutron port ID of the said Nova instance: $ neutron floatingip-associate 310b06ef-b30d-4c37-a7fb-9c718e480483 4415bad9-2da8-4780-838e-b70d3f78b280 Associated floating IP 310b06ef-b30d-4c37-a7fb-9c718e480483 (4) Again, enumerate the list of floating IPs: $ neutron floatingip-list +--------------------------------------+------------------+---------------------+--------------------------------------+ | id | fixed_ip_address | floating_ip_address | port_id | +--------------------------------------+------------------+---------------------+--------------------------------------+ | 310b06ef-b30d-4c37-a7fb-9c718e480483 | 10.1.0.4 | 172.24.4.3 | 4415bad9-2da8-4780-838e-b70d3f78b280 | +--------------------------------------+------------------+---------------------+--------------------------------------+ (5) Enumerate the Nova instances, again, floating IP is now reflected in its output: $ nova list +--------------------------------------+---------+---------+------------+-------------+------------------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+---------+---------+------------+-------------+------------------------------+ | 95e32cea-5f04-49e7-a875-c70d4d92cde4 | cirrvm1 | SHUTOFF | - | Shutdown | private=10.1.0.3 | | ab086047-6bf8-43b2-bfeb-9e92ade1d701 | cirrvm2 | ACTIVE | - | Running | private=10.1.0.4, 172.24.4.3 | +--------------------------------------+---------+---------+------------+-------------+------------------------------+ Optionally ---------- `ping` and `ssh` into the Cirros instance with the floating IP from the (Controller/Compute) host: $ ping -c 2 172.24.4.3 PING 172.24.4.3 (172.24.4.3) 56(84) bytes of data. 64 bytes from 172.24.4.3: icmp_seq=1 ttl=63 time=0.872 ms 64 bytes from 172.24.4.3: icmp_seq=2 ttl=63 time=0.252 ms --- 172.24.4.3 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.252/0.562/0.872/0.310 ms $ ssh cirros@172.24.4.3 cirros@172.24.4.3's password: $ ip a 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether fa:16:3e:02:ae:26 brd ff:ff:ff:ff:ff:ff inet 10.1.0.4/24 brd 10.1.0.255 scope global eth0 inet6 fe80::f816:3eff:fe02:ae26/64 scope link valid_lft forever preferred_lft forever $