Networking: Difference between revisions

From SD4H wiki
Jump to navigation Jump to search
No edit summary
Line 10: Line 10:
You can create a network from the Create network button from both the <code> Network Topology</code> tab. Pick the name of the network with <code>Enable Admin State </code> and <code>Create Subnet box checked</code>, click next, pick a name for the subnet, in <code>Network Address Source</code> select <code>Allocate Network Address from a pool </code>, select the 172.16.0.0/12 pool and use the needed <code> Network Mask </code>, 24 will give you 256 addresses, click Next, make sure Enable DHCP is checked and click Create. You now have a new network. You can attach an existing VMs to that new network in the <code>Instance</code> tab by selecting <code> Attach Interface</code> in the <code>Actions</code> drop down menu of the instance.   
You can create a network from the Create network button from both the <code> Network Topology</code> tab. Pick the name of the network with <code>Enable Admin State </code> and <code>Create Subnet box checked</code>, click next, pick a name for the subnet, in <code>Network Address Source</code> select <code>Allocate Network Address from a pool </code>, select the 172.16.0.0/12 pool and use the needed <code> Network Mask </code>, 24 will give you 256 addresses, click Next, make sure Enable DHCP is checked and click Create. You now have a new network. You can attach an existing VMs to that new network in the <code>Instance</code> tab by selecting <code> Attach Interface</code> in the <code>Actions</code> drop down menu of the instance.   


Not that VMs that will be solely attached to that network will have no internet access. You need to attach the router that has access to the Public-Network to the network to give it acess to the internet.
Not that VMs that will be solely attached to that network will have no internet access. You need to attach the router that has access to the Public-Network to the network to give it access to the internet.


=== Share the network with another tenant ===
=== Share the network with another tenant ===


This step can only be made with the [[OpenStack Client]], start by following the client's [[OpenStack_Client#Install_the_openstack_client|installation and configuration procedure]]. You also need the project ID of the tenant that will get the acess right to you network. The project ID can be found in the [https://juno.calculquebec.ca/identity/ identity tab] of the Juno platform web site by clicking on the Projects menu. In this example, all code are ran form the <code>po-test</code> projet, we will share the <code> share-net</code> network with the ''target project'' <code> c3g-dev</code>, <code> id = b84ceb857d8f40feb7eed5e972ec0e56</code>.  
This step can only be made with the [[OpenStack Client]], start by following the client's [[OpenStack_Client#Install_the_openstack_client|installation and configuration procedure]]. You also need the project ID of the tenant that will get access right to your network. The project ID can be found in the [https://juno.calculquebec.ca/identity/ identity tab] of the Juno platform web site by clicking on the Projects menu. In this example, all code is run for the <code>po-test</code> projet, we will share the <code> share-net</code> network with the ''target project'' <code> c3g-dev</code>, <code> id = b84ceb857d8f40feb7eed5e972ec0e56</code>.  




Lets start by looking at the networks of the <code>po-test</code> project:
Let’s start by looking at the networks of the <code>po-test</code> project:


<syntaxhighlight lang="bash" line>
<syntaxhighlight lang="bash" line>
Line 31: Line 31:
</syntaxhighlight>
</syntaxhighlight>


We see the three default networks and <code>share-net</code>, the network that we've created in the previous step. We will share it by creatring a [https://docs.openstack.org/neutron/latest/admin/config-rbac.html Role-Based Access Control (RBAC)] that targets the project  <code>b84ceb857d8f40feb7eed5e972ec0e56</code>
We see the three default networks and <code>share-net</code>, the network that we created in the previous step. We will share it by creating a [https://docs.openstack.org/neutron/latest/admin/config-rbac.html Role-Based Access Control (RBAC)] that targets the project  <code>b84ceb857d8f40feb7eed5e972ec0e56</code>




Line 71: Line 71:
</syntaxhighlight>
</syntaxhighlight>


Here is how to lis your Network RBAC and how to delete it.  
Here is how to list your Network RBACs and how to delete them.  


<syntaxhighlight lang="bash" line>
<syntaxhighlight lang="bash" line>

Revision as of 17:39, 25 February 2025

Basics

You can see the current network of your project from the Juno webpage. There you see the three basic networks available to all projects: <myproject>_network , where you VM lands by default, it is the local area network (LAN) of your project; the Public-Network that is the internet, you see that a router named <myproject>_router is connecting your LAN to the internet; CephFS-Network is the CephFS file system network; you need to connect your VM to that network to access CephFS volumes.

Share a Network with another OpenStack project

There could be situations where it is needed to share a network with the project of a collaborator on SD4H so communication between two servers can be done without having to resort to the internet.

Create a new network

You can create a network from the Create network button from both the Network Topology tab. Pick the name of the network with Enable Admin State and Create Subnet box checked, click next, pick a name for the subnet, in Network Address Source select Allocate Network Address from a pool , select the 172.16.0.0/12 pool and use the needed Network Mask , 24 will give you 256 addresses, click Next, make sure Enable DHCP is checked and click Create. You now have a new network. You can attach an existing VMs to that new network in the Instance tab by selecting Attach Interface in the Actions drop down menu of the instance.

Not that VMs that will be solely attached to that network will have no internet access. You need to attach the router that has access to the Public-Network to the network to give it access to the internet.

Share the network with another tenant

This step can only be made with the OpenStack Client, start by following the client's installation and configuration procedure. You also need the project ID of the tenant that will get access right to your network. The project ID can be found in the identity tab of the Juno platform web site by clicking on the Projects menu. In this example, all code is run for the po-test projet, we will share the share-net network with the target project c3g-dev, id = b84ceb857d8f40feb7eed5e972ec0e56.


Let’s start by looking at the networks of the po-test project: 

$openstack network list 
+--------------------------------------+-----------------+--------------------------------------+
| ID                                   | Name            | Subnets                              |
+--------------------------------------+-----------------+--------------------------------------+
| 00b327b4-4fb2-4ed8-a7f2-6ff49e3b7e7c | CephFS-Network  | ebe6ed39-2304-457c-a758-c251bae591af |
| 052ea294-5ad8-46a9-a988-8a41688bd155 | po-test_network | 5eb14686-b56a-4628-8218-a3da340fdfae |
| 391bf6f5-ba1d-4262-8b45-dd87d130f3cd | share-net       | 9ea97afa-9dc9-4ed1-81d0-ab76d128fcef |
| 68512dd8-ecd5-44fc-8aa4-9d129ad2026d | Public-Network  | 5f6c7900-601a-4c92-8bd6-731688164e62 |
+--------------------------------------+-----------------+--------------------------------------+

We see the three default networks and share-net, the network that we created in the previous step. We will share it by creating a Role-Based Access Control (RBAC) that targets the project b84ceb857d8f40feb7eed5e972ec0e56 


$openstack network rbac create --target-project \
b84ceb857d8f40feb7eed5e972ec0e56  --action access_as_shared \
--type network 391bf6f5-ba1d-4262-8b45-dd87d130f3cd
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| action            | access_as_shared                     |
| id                | e7ffbe71-9b49-4036-8e0a-24d73c199fab |
| object_id         | 391bf6f5-ba1d-4262-8b45-dd87d130f3cd |
| object_type       | network                              |
| project_id        | ad99d6c3087041bcb6c0fe5f2da54df9     |
| target_project_id | b84ceb857d8f40feb7eed5e972ec0e56     |
+-------------------+--------------------------------------+

The target project now sees <share-net> and can attach VMs to it. 


$openstack network rbac create --target-project \
b84ceb857d8f40feb7eed5e972ec0e56  --action access_as_shared \
--type network 391bf6f5-ba1d-4262-8b45-dd87d130f3cd
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| action            | access_as_shared                     |
| id                | e7ffbe71-9b49-4036-8e0a-24d73c199fab |
| object_id         | 391bf6f5-ba1d-4262-8b45-dd87d130f3cd |
| object_type       | network                              |
| project_id        | ad99d6c3087041bcb6c0fe5f2da54df9     |
| target_project_id | b84ceb857d8f40feb7eed5e972ec0e56     |
+-------------------+--------------------------------------+

Here is how to list your Network RBACs and how to delete them. 

$openstack network rbac list 
+--------------------------------------+-------------+--------------------------------------+
| ID                                   | Object Type | Object ID                            |
+--------------------------------------+-------------+--------------------------------------+
| e7ffbe71-9b49-4036-8e0a-24d73c199fab | network     | 391bf6f5-ba1d-4262-8b45-dd87d130f3cd |
+--------------------------------------+-------------+--------------------------------------+
$openstack network rbac delete e7ffbe71-9b49-4036-8e0a-24d73c199fab
Retrieved from "https://wiki.c3g-app.sd4h.ca/index.php?title=Networking&oldid=142"