121
edits
Networking: Difference between revisions
Jump to navigation
Jump to search
→Share the network with another tenant
| Line 14: | Line 14: | ||
=== Share the network with another tenant === | === Share the network with another tenant === | ||
This step can only be made with the [[OpenStack Client]], start by following | This step can only be made with the [[OpenStack Client]], start by following the client's [[OpenStack_Client#Install_the_openstack_client|installation and configuration procedure]]. You also need the project ID of the tenant that will get the acess right to you network. The project ID can be found in the [https://juno.calculquebec.ca/identity/ identity tab] of the Juno platform web site by clicking on the Projects menu. In this example, all code are ran form the <code>po-test</code> projet, we will share the <code> share-net</code> network with the ''target project'' <code> c3g-dev</code>, <code> id = b84ceb857d8f40feb7eed5e972ec0e56</code>. | ||
Lets start by looking at the networks of the <code>po-test</code> project: | |||
<syntaxhighlight lang="bash" line> | |||
$openstack network list | |||
+--------------------------------------+-----------------+--------------------------------------+ | |||
| ID | Name | Subnets | | |||
+--------------------------------------+-----------------+--------------------------------------+ | |||
| 00b327b4-4fb2-4ed8-a7f2-6ff49e3b7e7c | CephFS-Network | ebe6ed39-2304-457c-a758-c251bae591af | | |||
| 052ea294-5ad8-46a9-a988-8a41688bd155 | po-test_network | 5eb14686-b56a-4628-8218-a3da340fdfae | | |||
| 391bf6f5-ba1d-4262-8b45-dd87d130f3cd | share-net | 9ea97afa-9dc9-4ed1-81d0-ab76d128fcef | | |||
| 68512dd8-ecd5-44fc-8aa4-9d129ad2026d | Public-Network | 5f6c7900-601a-4c92-8bd6-731688164e62 | | |||
+--------------------------------------+-----------------+--------------------------------------+ | |||
</syntaxhighlight> | |||
We see the three default networks and <code>share-net</code>, the network that we've created in the previous step. We will share it by creatring a [https://docs.openstack.org/neutron/latest/admin/config-rbac.html Role-Based Access Control (RBAC)] that targets the project <code>b84ceb857d8f40feb7eed5e972ec0e56</code> | |||
<syntaxhighlight lang="bash" line> | |||
$openstack network rbac create --target-project \ | |||
b84ceb857d8f40feb7eed5e972ec0e56 --action access_as_shared \ | |||
--type network 391bf6f5-ba1d-4262-8b45-dd87d130f3cd | |||
+-------------------+--------------------------------------+ | |||
| Field | Value | | |||
+-------------------+--------------------------------------+ | |||
| action | access_as_shared | | |||
| id | e7ffbe71-9b49-4036-8e0a-24d73c199fab | | |||
| object_id | 391bf6f5-ba1d-4262-8b45-dd87d130f3cd | | |||
| object_type | network | | |||
| project_id | ad99d6c3087041bcb6c0fe5f2da54df9 | | |||
| target_project_id | b84ceb857d8f40feb7eed5e972ec0e56 | | |||
+-------------------+--------------------------------------+ | |||
</syntaxhighlight> | |||
The target project now sees <share-net> and can attach VMs to it. | |||
<syntaxhighlight lang="bash" line> | |||
$openstack network rbac create --target-project \ | |||
b84ceb857d8f40feb7eed5e972ec0e56 --action access_as_shared \ | |||
--type network 391bf6f5-ba1d-4262-8b45-dd87d130f3cd | |||
+-------------------+--------------------------------------+ | |||
| Field | Value | | |||
+-------------------+--------------------------------------+ | |||
| action | access_as_shared | | |||
| id | e7ffbe71-9b49-4036-8e0a-24d73c199fab | | |||
| object_id | 391bf6f5-ba1d-4262-8b45-dd87d130f3cd | | |||
| object_type | network | | |||
| project_id | ad99d6c3087041bcb6c0fe5f2da54df9 | | |||
| target_project_id | b84ceb857d8f40feb7eed5e972ec0e56 | | |||
+-------------------+--------------------------------------+ | |||
</syntaxhighlight> | |||
Here is how to lis your Network RBAC and how to delete it. | |||
<syntaxhighlight lang="bash" line> | |||
$openstack network rbac list | |||
+--------------------------------------+-------------+--------------------------------------+ | |||
| ID | Object Type | Object ID | | |||
+--------------------------------------+-------------+--------------------------------------+ | |||
| e7ffbe71-9b49-4036-8e0a-24d73c199fab | network | 391bf6f5-ba1d-4262-8b45-dd87d130f3cd | | |||
+--------------------------------------+-------------+--------------------------------------+ | |||
$openstack network rbac delete e7ffbe71-9b49-4036-8e0a-24d73c199fab | |||
</syntaxhighlight> | |||