Networking: Difference between revisions
| Line 14: | Line 14: | ||
| === Share the network with another tenant === | === Share the network with another tenant === | ||
| This step can only be made with the [[OpenStack Client]], start by following  | This step can only be made with the [[OpenStack Client]], start by following the client's [[OpenStack_Client#Install_the_openstack_client|installation and configuration procedure]]. You also need the project ID of the tenant that will get the acess right to you network. The project ID can be found in the [https://juno.calculquebec.ca/identity/ identity tab] of the Juno platform web site by clicking on the Projects menu. In this example, all code are ran form the <code>po-test</code> projet, we will share the <code> share-net</code> network with the ''target project'' <code> c3g-dev</code>, <code> id = b84ceb857d8f40feb7eed5e972ec0e56</code>.  | ||
| Lets start by looking at the networks of the <code>po-test</code> project: | |||
| <syntaxhighlight lang="bash" line> | |||
| $openstack network list  | |||
| +--------------------------------------+-----------------+--------------------------------------+ | |||
| | ID                                   | Name            | Subnets                              | | |||
| +--------------------------------------+-----------------+--------------------------------------+ | |||
| | 00b327b4-4fb2-4ed8-a7f2-6ff49e3b7e7c | CephFS-Network  | ebe6ed39-2304-457c-a758-c251bae591af | | |||
| | 052ea294-5ad8-46a9-a988-8a41688bd155 | po-test_network | 5eb14686-b56a-4628-8218-a3da340fdfae | | |||
| | 391bf6f5-ba1d-4262-8b45-dd87d130f3cd | share-net       | 9ea97afa-9dc9-4ed1-81d0-ab76d128fcef | | |||
| | 68512dd8-ecd5-44fc-8aa4-9d129ad2026d | Public-Network  | 5f6c7900-601a-4c92-8bd6-731688164e62 | | |||
| +--------------------------------------+-----------------+--------------------------------------+ | |||
| </syntaxhighlight> | |||
| We see the three default networks and <code>share-net</code>, the network that we've created in the previous step. We will share it by creatring a [https://docs.openstack.org/neutron/latest/admin/config-rbac.html Role-Based Access Control (RBAC)] that targets the project  <code>b84ceb857d8f40feb7eed5e972ec0e56</code> | |||
| <syntaxhighlight lang="bash" line> | |||
| $openstack network rbac create --target-project \ | |||
| b84ceb857d8f40feb7eed5e972ec0e56  --action access_as_shared \ | |||
| --type network 391bf6f5-ba1d-4262-8b45-dd87d130f3cd | |||
| +-------------------+--------------------------------------+ | |||
| | Field             | Value                                | | |||
| +-------------------+--------------------------------------+ | |||
| | action            | access_as_shared                     | | |||
| | id                | e7ffbe71-9b49-4036-8e0a-24d73c199fab | | |||
| | object_id         | 391bf6f5-ba1d-4262-8b45-dd87d130f3cd | | |||
| | object_type       | network                              | | |||
| | project_id        | ad99d6c3087041bcb6c0fe5f2da54df9     | | |||
| | target_project_id | b84ceb857d8f40feb7eed5e972ec0e56     | | |||
| +-------------------+--------------------------------------+ | |||
| </syntaxhighlight> | |||
| The target project now sees <share-net> and  can attach VMs to it.  | |||
| <syntaxhighlight lang="bash" line> | |||
| $openstack network rbac create --target-project \ | |||
| b84ceb857d8f40feb7eed5e972ec0e56  --action access_as_shared \ | |||
| --type network 391bf6f5-ba1d-4262-8b45-dd87d130f3cd | |||
| +-------------------+--------------------------------------+ | |||
| | Field             | Value                                | | |||
| +-------------------+--------------------------------------+ | |||
| | action            | access_as_shared                     | | |||
| | id                | e7ffbe71-9b49-4036-8e0a-24d73c199fab | | |||
| | object_id         | 391bf6f5-ba1d-4262-8b45-dd87d130f3cd | | |||
| | object_type       | network                              | | |||
| | project_id        | ad99d6c3087041bcb6c0fe5f2da54df9     | | |||
| | target_project_id | b84ceb857d8f40feb7eed5e972ec0e56     | | |||
| +-------------------+--------------------------------------+ | |||
| </syntaxhighlight> | |||
| Here is how to lis your Network RBAC and how to delete it.  | |||
| <syntaxhighlight lang="bash" line> | |||
| $openstack network rbac list  | |||
| +--------------------------------------+-------------+--------------------------------------+ | |||
| | ID                                   | Object Type | Object ID                            | | |||
| +--------------------------------------+-------------+--------------------------------------+ | |||
| | e7ffbe71-9b49-4036-8e0a-24d73c199fab | network     | 391bf6f5-ba1d-4262-8b45-dd87d130f3cd | | |||
| +--------------------------------------+-------------+--------------------------------------+ | |||
| $openstack network rbac delete e7ffbe71-9b49-4036-8e0a-24d73c199fab | |||
| </syntaxhighlight> | |||
Revision as of 17:36, 25 February 2025
Basics
You can see the current network of your project from the Juno webpage. There you see the three basic networks available to all projects:  <myproject>_network , where you VM lands by default, it is the local area network (LAN) of your project; the Public-Network that is the internet, you see that a router named <myproject>_router is connecting your LAN to the internet;   CephFS-Network  is the CephFS file system network; you need to connect your VM to that network to access CephFS volumes. 
There could be situations where it is needed to share a network with the project of a collaborator on SD4H so communication between two servers can be done without having to resort to the internet.
Create a new network
You can create a network from the Create network button from both the  Network Topology tab. Pick the name of the network with Enable Admin State  and Create Subnet box checked, click next, pick a name for the subnet, in Network Address Source select Allocate Network Address from a pool , select the 172.16.0.0/12 pool and use the needed  Network Mask , 24 will give you 256 addresses, click Next, make sure Enable DHCP is checked and click Create. You now have a new network. You can attach an existing VMs to that new network in the Instance tab by selecting  Attach Interface in the Actions drop down menu of the instance.  
Not that VMs that will be solely attached to that network will have no internet access. You need to attach the router that has access to the Public-Network to the network to give it acess to the internet.
This step can only be made with the OpenStack Client, start by following the client's installation and configuration procedure. You also need the project ID of the tenant that will get the acess right to you network. The project ID can be found in the identity tab of the Juno platform web site by clicking on the Projects menu. In this example, all code are ran form the po-test projet, we will share the  share-net network with the target project  c3g-dev,  id = b84ceb857d8f40feb7eed5e972ec0e56. 
Lets start by looking at the networks of the po-test project:
$openstack network list 
+--------------------------------------+-----------------+--------------------------------------+
| ID                                   | Name            | Subnets                              |
+--------------------------------------+-----------------+--------------------------------------+
| 00b327b4-4fb2-4ed8-a7f2-6ff49e3b7e7c | CephFS-Network  | ebe6ed39-2304-457c-a758-c251bae591af |
| 052ea294-5ad8-46a9-a988-8a41688bd155 | po-test_network | 5eb14686-b56a-4628-8218-a3da340fdfae |
| 391bf6f5-ba1d-4262-8b45-dd87d130f3cd | share-net       | 9ea97afa-9dc9-4ed1-81d0-ab76d128fcef |
| 68512dd8-ecd5-44fc-8aa4-9d129ad2026d | Public-Network  | 5f6c7900-601a-4c92-8bd6-731688164e62 |
+--------------------------------------+-----------------+--------------------------------------+
We see the three default networks and share-net, the network that we've created in the previous step. We will share it by creatring a Role-Based Access Control (RBAC) that targets the project  b84ceb857d8f40feb7eed5e972ec0e56
$openstack network rbac create --target-project \
b84ceb857d8f40feb7eed5e972ec0e56  --action access_as_shared \
--type network 391bf6f5-ba1d-4262-8b45-dd87d130f3cd
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| action            | access_as_shared                     |
| id                | e7ffbe71-9b49-4036-8e0a-24d73c199fab |
| object_id         | 391bf6f5-ba1d-4262-8b45-dd87d130f3cd |
| object_type       | network                              |
| project_id        | ad99d6c3087041bcb6c0fe5f2da54df9     |
| target_project_id | b84ceb857d8f40feb7eed5e972ec0e56     |
+-------------------+--------------------------------------+
The target project now sees <share-net> and can attach VMs to it.
$openstack network rbac create --target-project \
b84ceb857d8f40feb7eed5e972ec0e56  --action access_as_shared \
--type network 391bf6f5-ba1d-4262-8b45-dd87d130f3cd
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| action            | access_as_shared                     |
| id                | e7ffbe71-9b49-4036-8e0a-24d73c199fab |
| object_id         | 391bf6f5-ba1d-4262-8b45-dd87d130f3cd |
| object_type       | network                              |
| project_id        | ad99d6c3087041bcb6c0fe5f2da54df9     |
| target_project_id | b84ceb857d8f40feb7eed5e972ec0e56     |
+-------------------+--------------------------------------+
Here is how to lis your Network RBAC and how to delete it.
$openstack network rbac list 
+--------------------------------------+-------------+--------------------------------------+
| ID                                   | Object Type | Object ID                            |
+--------------------------------------+-------------+--------------------------------------+
| e7ffbe71-9b49-4036-8e0a-24d73c199fab | network     | 391bf6f5-ba1d-4262-8b45-dd87d130f3cd |
+--------------------------------------+-------------+--------------------------------------+
$openstack network rbac delete e7ffbe71-9b49-4036-8e0a-24d73c199fab