- OpenStack Cloud Computing Cookbook(Third Edition)
- Kevin Jackson Cody Bunch Egle Sigler
- 643字
- 2021-07-16 20:39:18
Creating a tenant Neutron network
Now that we have our OpenStack Network services running, we can use these to create networks within our OpenStack environment. Networks are created for each tenant and we can use these to connect to our VMs. Neutron networks can either be private or shared. When a Neutron network is private, only the operators and instances of that tenant can utilize these networks. When they are marked as shared, all instances can attach to this shared network so it is important to utilize this shared network feature carefully to ensure security between tenants. When using shared networks, we implement Security Group rules to ensure the traffic flow matches our security requirements.
Getting ready
Ensure you have a suitable client available for using Neutron. If you are using the accompanying Vagrant environment, you can use the controller node. This has the python-neutronclient package that provides the neutron command-line client.
If you created this node with Vagrant, you can execute the following command:
vagrant ssh controller
Ensure you have the following credentials set (adjust the path to your certificates and key file to match your environment if not using the Vagrant environment):
export OS_TENANT_NAME=cookbook export OS_USERNAME=admin export OS_PASSWORD=openstack export OS_AUTH_URL=https://192.168.100.200:5000/v2.0/ export OS_NO_CACHE=1 export OS_KEY=/vagrant/cakey.pem export OS_CACERT=/vagrant/ca.pem
Tip
At this stage, Keystone should be installed and configured correctly. See the Installing the OpenStack Identity Service recipe in Chapter 1, Keystone – OpenStack Identity Service, for more information.
How to do it...
To create a private Neutron network for a particular tenant, follow these steps:
- We first need to get the tenant id that we can reference when creating the network information for that particular tenant. To do so, issue the following command:
TENANT_ID=$(keystone tenant-list \ | awk '/\ cookbook\ / {print $2}')
- We then use this value to create the layer 2 network for this tenant:
neutron net-create \ --tenant-id ${TENANT_ID} \ cookbook_network_1
- With the network in place, we now allocate a subnet to this network using the CIDR format (10.200.0.0/24):
neutron subnet-create \ --tenant-id ${TENANT_ID} \ --name cookbook_subnet_1 \ cookbook_network_1 \ 10.200.0.0/24
- We will now create a router on this network that we can use to act as the default gateway for our instances. Adding routers is optional—they are a design consideration, allowing you to route from one network that we create to another. This option avoids multihoming instances with multiple interfaces and networks. This router will be used to allow us to assign an IP from our physical host range that provides access to our instances:
neutron router-create \ --tenant-id ${TENANT_ID} \ cookbook_router_1
- We add this
routerto our subnet:neutron router-interface-add \ cookbook_router_1 \ cookbook_subnet_1
How it works...
We created a network with a defined subnet that our VMs utilize when they start up. To create a network, the following syntax is used:
neutron net-create \ --tenant-id TENANT_ID \ NAME_OF_NETWORK
To create a subnet, the following syntax is used:
neutron subnet-create \ --tenant-id TENANT_ID \ --name NAME_OF_SUBNET \ NAME_OF_NETWORK \ CIDR
Routers are optional on networks and the function is to route traffic from one subnet to another. In a Neutron SDN, this is no different. Layer 3 (L3) Routers allow you to configure gateways and routes to other networks on-demand. If we only require our instances to communicate between each other on the same subnet, there is no need to have a router because there will be no other network that needs to be routed to or from. The syntax to create routers is as follows:
neutron router-create \ --tenant-id TENANT_ID \ NAME_OF_ROUTER
The syntax to add the router to our Subnet (used to allow routes from one network (physical or software-defined)) is as follows:
neutron router-interface-add \ ROUTER_NAME \ SUBNET_NAME
We can then add further subnets using the preceding syntax to this router and allow traffic to flow between instances on different OpenStack Neutron-created subnets.
- UNIX編程藝術
- PHP動態網站程序設計
- 動手玩轉Scratch3.0編程:人工智能科創教育指南
- Internet of Things with the Arduino Yún
- Learning Data Mining with R
- 基于ARM Cortex-M4F內核的MSP432 MCU開發實踐
- Getting Started with React Native
- Kotlin開發教程(全2冊)
- Machine Learning for Developers
- 零基礎看圖學ScratchJr:少兒趣味編程(全彩大字版)
- Android 游戲開發大全(第二版)
- Xamarin Cross-Platform Development Cookbook
- JavaScript Mobile Application Development
- Perl 6 Deep Dive
- 自學Python:編程基礎、科學計算及數據分析