This tutorial will guide you on how you can configure OpenStack networking service in order to allow access from external networks to OpenStack instances.<\/p>\n\n\n\n
Modify Network Interface Configuration.<\/p>\n\n\n\n
First we need to create an OVS bridge and modify our physical network interface to bind as a port to OVS bridge.<\/p>\n\n\n\n
Navigate to network interfaces directory scripts and use the physical interface as an excerpt to setup OVS bridge interface by issuing the following commands:<\/p>\n\n\n
\ncd \/etc\/sysconfig\/network-scripts\/\n<\/pre><\/div>\n\n\nBackup existing network config<\/p>\n\n\n
\ncp ifcfg-enp5s0 ifcfg-enp5s0.bak\n<\/pre><\/div>\n\n\nCopy existing network config to create bridge<\/p>\n\n\n
\ncp ifcfg-enp5s0 ifcfg-br-ex\n<\/pre><\/div>\n\n\nNext, edit and modify the bridge interface (br-ex)<\/strong> using a text editor as illustrated below:<\/p>\n\n\n\nnano ifcfg-br-ex<\/p>\n\n\n\n
Here is what it looks like:<\/p>\n\n\n
\nDEVICE=br-ex\nDEVICETYPE=ovs\nTYPE=OVSBridge\nBOOTPROTO=static\nIPADDR=192.168.0.211\nNETMASK=255.255.255.0\nGATEWAY=192.168.0.1\nDNS1=1.1.1.1\nONBOOT=yes\n\n\n<\/pre><\/div>\n\n\nDo the same with the physical interface (ifcfg-enp5s0<\/strong>), but make sure it looks like this (no BOOTPROTO!):<\/p>\n\n\n\nDEVICE=br-ex\nDEVICETYPE=ovs\nTYPE=OVSBridge\nBOOTPROTO=static\nIPADDR=192.168.0.211\nNETMASK=255.255.255.0\nGATEWAY=192.168.0.1\nDNS1=1.1.1.1\nONBOOT=yes\n[root@host network-scripts]# cat ifcfg-enp5s0\nDEVICE=enp5s0\nTYPE=OVSPort\nDEVICETYPE=ovs\nOVS_BRIDGE=br-ex\nONBOOT=yes\n\n<\/pre><\/div>\n\n\nImportant: While editing interfaces cards make sure you replace the physical interface name, IPs and DNS servers accordingly.<\/p>\n\n\n\n
Finally, after you\u2019ve modified edited both network interfaces, reboot and verify the new configurations using ip command.<\/p>\n\n\n
\nreboot\n<\/pre><\/div>\n\n\nIf you are connected via ssh, you will be disconnected. Start a new ssh session. Check the config:<\/p>\n\n\n
\nip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1\/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1\/128 scope host\n valid_lft forever preferred_lft forever\n2: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP group default qlen 1000\n link\/ether 8c:89:a5:17:1b:e5 brd ff:ff:ff:ff:ff:ff\n inet6 fe80::8e89:a5ff:fe17:1be5\/64 scope link\n valid_lft forever preferred_lft forever\n3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000\n link\/ether 6a:ac:54:9b:2f:fc brd ff:ff:ff:ff:ff:ff\n4: br-int: <BROADCAST,MULTICAST> mtu 1442 qdisc noop state DOWN group default qlen 1000\n link\/ether fe:f9:9a:3e:3b:44 brd ff:ff:ff:ff:ff:ff\n5: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000\n link\/ether 8c:89:a5:17:1b:e5 brd ff:ff:ff:ff:ff:ff\n inet 192.168.0.211\/24 brd 192.168.0.255 scope global br-ex\n valid_lft forever preferred_lft forever\n inet6 2603:8081:2300:476d:8e89:a5ff:fe17:1be5\/64 scope global mngtmpaddr dynamic\n valid_lft 351364sec preferred_lft 351364sec\n inet6 fe80::cc94:93ff:fe71:f243\/64 scope link\n valid_lft forever preferred_lft forever\n<\/pre><\/div>\n\n\nNow, create the external network with Neutron.<\/p>\n\n\n
\n. keystonerc_admin\nneutron net-create external_network --provider:network_type flat --provider:physical_network extnet --router:external\n<\/pre><\/div>\n\n\nPlease note: “extnet” is the L2 segment we defined with \u2013os-neutron-ovs-bridge-mappings above.<\/p>\n\n\n\n
You need to create a public subnet with an allocation range outside of your external DHCP range and set the gateway to the default gateway of the external network.<\/p>\n\n\n\n
Please note: 192.168.0.1\/24 is the router and CIDR we defined in \/etc\/sysconfig\/network-scripts\/ifcfg-br-ex for external connectivity.<\/p>\n\n\n
\nneutron subnet-create --name public_subnet --enable_dhcp=False --allocation-pool=start=192.168.0.10,end=192.168.0.20 --gateway=192.168.0.1 external_network 192.168.0.0\/24\n<\/pre><\/div>\n\n\nGet a cirros image, not provisioned without demo provisioning:<\/p>\n\n\n
\ncurl -L http:\/\/download.cirros-cloud.net\/0.3.4\/cirros-0.3.4-x86_64-disk.img | glance \\\nimage-create --name='cirros image' --visibility=public --container-format=bare --disk-format=qcow2\n<\/pre><\/div>\n\n\nThat’s all you need to do from admin perspective to allow your users to connect their private networks to the outside world. Now let’s switch to the user.<\/p>\n\n\n\n
Since you haven’t created a user yet. This is optional.<\/p>\n\n\n
\nopenstack project create --enable internal\nopenstack user create --project internal --password foo --email bar@corp.com --enable internal\n\nNow, let's switch to the newly created user:\n\n# export OS_USERNAME=internal\n# export OS_TENANT_NAME=internal\n# export OS_PASSWORD=foo\n\n<\/pre><\/div>\n\n\nThen create a router and set its gateway using the external network created by the admin in one of previous steps:<\/p>\n\n\n
\nneutron router-create router1\nneutron router-gateway-set router1 external_network\n<\/pre><\/div>\n\n\nNow create a private network and a subnet in it, since demo provisioning has been disabled:<\/p>\n\n\n
\nneutron net-create private_network\n\nneutron subnet-create --name private_subnet private_network 192.168.100.0\/24\n<\/pre><\/div>\n\n\nFinally, connect your new private network to the public network through the router, which will provide floating IP addresses.<\/p>\n\n\n
\nneutron router-interface-add router1 private_subnet\n<\/pre><\/div>\n\n\nEasiest way to the network and to launch instances is via horizon, which was set up by packstack.<\/p>\n","protected":false},"excerpt":{"rendered":"
This tutorial will guide you on how you can configure OpenStack networking service in order to allow access from external networks to OpenStack instances. Modify Network Interface Configuration. First we need to create an OVS bridge and modify our physical network interface to bind as a port to OVS bridge. Navigate to network interfaces directory … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[152],"tags":[],"class_list":["post-8988","post","type-post","status-publish","format-standard","hentry","category-openstack"],"_links":{"self":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/8988","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/comments?post=8988"}],"version-history":[{"count":3,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/8988\/revisions"}],"predecessor-version":[{"id":9006,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/8988\/revisions\/9006"}],"wp:attachment":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/media?parent=8988"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/categories?post=8988"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/tags?post=8988"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}