Networking

From SD4H wiki
Jump to navigation Jump to search

Basics

You can see the current network of your project from the Juno webpage. There you see the three basic networks available to all projects: <myproject>_network , where you VM lands by default, it is the local area network (LAN) of your project; the Public-Network that is the internet, you see that a router named <myproject>_router is connecting your LAN to the internet; CephFS-Network is the CephFS file system network; you need to connect your VM to that network to access CephFS volumes.

Share a Network with another OpenStack project

There could be situations where it is needed to share a network with the project of a collaborator on SD4H so communication between two servers belonging to different projects, also called tenants, can be done without having to resort to the internet.

Create a new network

You can create a network from the Create network button from both the Network Topology tab. Pick the name of the network with Enable Admin State and Create Subnet box checked, click next, pick a name for the subnet, in Network Address Source select Allocate Network Address from a pool , select the 172.16.0.0/12 pool and use the needed Network Mask , 24 will give you 256 addresses, click Next, make sure Enable DHCP is checked and click Create. You now have a new network. You can attach an existing VMs to that new network in the Instance tab by selecting Attach Interface in the Actions drop down menu of the instance.

Not that VMs that will be solely attached to that network will have no internet access. You need to attach the router that has access to the Public-Network to the network to give it access to the internet.

Share the network with another tenant

This step can only be made with the OpenStack Client, start by following the client's installation and configuration procedure. You also need the project ID of the tenant that will get access right to your network. The project ID can be found in the identity tab of the Juno platform web site by clicking on the Projects menu. In this example, all code is run for the po-test projet, we will share the share-net network with the target project c3g-dev, id = b84ceb857d8f40feb7eed5e972ec0e56.


Let’s start by looking at the networks of the po-test project: 

$openstack network list 
+--------------------------------------+-----------------+--------------------------------------+
| ID                                   | Name            | Subnets                              |
+--------------------------------------+-----------------+--------------------------------------+
| 00b327b4-4fb2-4ed8-a7f2-6ff49e3b7e7c | CephFS-Network  | ebe6ed39-2304-457c-a758-c251bae591af |
| 052ea294-5ad8-46a9-a988-8a41688bd155 | po-test_network | 5eb14686-b56a-4628-8218-a3da340fdfae |
| 391bf6f5-ba1d-4262-8b45-dd87d130f3cd | share-net       | 9ea97afa-9dc9-4ed1-81d0-ab76d128fcef |
| 68512dd8-ecd5-44fc-8aa4-9d129ad2026d | Public-Network  | 5f6c7900-601a-4c92-8bd6-731688164e62 |
+--------------------------------------+-----------------+--------------------------------------+

We see the three default networks and share-net, the network that we created in the previous step. We will share it by creating a Role-Based Access Control (RBAC) that targets the project b84ceb857d8f40feb7eed5e972ec0e56 


$openstack network rbac create --target-project \
b84ceb857d8f40feb7eed5e972ec0e56  --action access_as_shared \
--type network 391bf6f5-ba1d-4262-8b45-dd87d130f3cd
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| action            | access_as_shared                     |
| id                | e7ffbe71-9b49-4036-8e0a-24d73c199fab |
| object_id         | 391bf6f5-ba1d-4262-8b45-dd87d130f3cd |
| object_type       | network                              |
| project_id        | ad99d6c3087041bcb6c0fe5f2da54df9     |
| target_project_id | b84ceb857d8f40feb7eed5e972ec0e56     |
+-------------------+--------------------------------------+

The target project now sees <share-net> and can attach VMs to it. 


$openstack network rbac create --target-project \
b84ceb857d8f40feb7eed5e972ec0e56  --action access_as_shared \
--type network 391bf6f5-ba1d-4262-8b45-dd87d130f3cd
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| action            | access_as_shared                     |
| id                | e7ffbe71-9b49-4036-8e0a-24d73c199fab |
| object_id         | 391bf6f5-ba1d-4262-8b45-dd87d130f3cd |
| object_type       | network                              |
| project_id        | ad99d6c3087041bcb6c0fe5f2da54df9     |
| target_project_id | b84ceb857d8f40feb7eed5e972ec0e56     |
+-------------------+--------------------------------------+

Here is how to list your Network RBACs and how to delete them. 

$openstack network rbac list 
+--------------------------------------+-------------+--------------------------------------+
| ID                                   | Object Type | Object ID                            |
+--------------------------------------+-------------+--------------------------------------+
| e7ffbe71-9b49-4036-8e0a-24d73c199fab | network     | 391bf6f5-ba1d-4262-8b45-dd87d130f3cd |
+--------------------------------------+-------------+--------------------------------------+
$openstack network rbac delete e7ffbe71-9b49-4036-8e0a-24d73c199fab
Retrieved from "https://wiki.c3g-app.sd4h.ca/index.php?title=Networking&oldid=143"