cn:ccr:cloud:infn_cc:project_networking
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
cn:ccr:cloud:infn_cc:project_networking [2019/07/05 08:46] – stalio@infn.it | cn:ccr:cloud:infn_cc:project_networking [2019/07/09 07:51] (current) – stalio@infn.it | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Setup delle reti di progetto ====== | ||
+ | |||
+ | La gestione delle reti interne al progetto è demandata agli utenti del middleware cloud. | ||
+ | |||
+ | Perché le VM associate ad un progetto possano collegarsi in rete sono necessarie le seguenti operazioni propedeutiche: | ||
+ | |||
+ | * creare una rete interna | ||
+ | * creare una subnet ed associarla alla rete interna | ||
+ | * creare un router da collegare alla rete interna ed alla rete pubblica | ||
+ | |||
+ | Queste operazioni possono essere eseguite attraverso la dashboard, ma può essere utile usare questo script per rendere l' | ||
+ | |||
+ | < | ||
+ | #!/bin/bash | ||
+ | |||
+ | REGION=$OS_REGION_NAME | ||
+ | DOMAIN=$OS_USER_DOMAIN_NAME | ||
+ | PROJECT=$OS_PROJECT_NAME | ||
+ | |||
+ | while getopts " | ||
+ | case " | ||
+ | p) PROJECT=$OPTARG | ||
+ | OS_PROJECT_NAME=$PROJECT | ||
+ | ;; | ||
+ | d) DOMAIN=$OPTARG | ||
+ | OS_USER_DOMAIN_NAME=$DOMAIN | ||
+ | ;; | ||
+ | r) REGION=$OPTARG | ||
+ | OS_REGION_NAME=$REGION | ||
+ | ;; | ||
+ | h) echo "This script is intended for easing the setup of a basic network environment for OpenStack projects." | ||
+ | echo "Enter the dashboard, on the top right corner click on you username and download the \" | ||
+ | echo " | ||
+ | echo "Make sure you close the terminal immediately after finishing in order to avoid you password being kept in memory." | ||
+ | echo " | ||
+ | exit 1 | ||
+ | ;; | ||
+ | esac | ||
+ | done | ||
+ | |||
+ | #if [[ -z " | ||
+ | #then | ||
+ | # echo " | ||
+ | # exit 1 | ||
+ | #fi | ||
+ | |||
+ | # The names of the new network, subnet and router are obtained from the project name | ||
+ | NETWORK=$PROJECT-net | ||
+ | SUBNET=$PROJECT-subnet | ||
+ | ROUTER=$PROJECT-router | ||
+ | |||
+ | echo "" | ||
+ | |||
+ | # Get the public net id of the selected region | ||
+ | PUBLIC_NET_ID=`openstack network show public -f value -c id` | ||
+ | |||
+ | if [[ -z " | ||
+ | then | ||
+ | echo "" | ||
+ | echo "Could not obtain public network id" | ||
+ | echo "Make sure you have all the necessary variables correctly set before retrying" | ||
+ | echo "" | ||
+ | exit 1 | ||
+ | fi | ||
+ | |||
+ | # Verify that the project exists | ||
+ | PROJECT_ID=`openstack project show $PROJECT -f value -c id` | ||
+ | |||
+ | if [[ -z " | ||
+ | then | ||
+ | echo "" | ||
+ | # echo "Could not find project $PROJECT in domain $DOMAIN" | ||
+ | echo "Make sure you have all the necessary variables correctly set before retrying" | ||
+ | echo "" | ||
+ | exit 1 | ||
+ | fi | ||
+ | |||
+ | # Generate a random network address (192.168.xxx.0/ | ||
+ | FLOOR=10 | ||
+ | RANGE=250 | ||
+ | NUMBER=0 | ||
+ | |||
+ | while [ " | ||
+ | do | ||
+ | NUMBER=$RANDOM | ||
+ | let " | ||
+ | done | ||
+ | |||
+ | GATEWAY=192.168.$NUMBER.1 | ||
+ | NET=192.168.$NUMBER | ||
+ | CIDR=192.168.$NUMBER.0/ | ||
+ | NETWORK_ID=`openstack network show $NETWORK -f value -c id 2>/ | ||
+ | |||
+ | echo "" | ||
+ | echo "Will try to create network \" | ||
+ | echo "The associate subnet will use the following class C network: $CIDR." | ||
+ | echo "" | ||
+ | |||
+ | read -r -p "Are you sure? [Y/n]" response | ||
+ | | ||
+ | if [[ $response =~ ^(yes|y| ) ]] || [[ -z $response ]]; then | ||
+ | / | ||
+ | else | ||
+ | echo " | ||
+ | echo "" | ||
+ | exit | ||
+ | fi | ||
+ | |||
+ | if [ $? -eq 0 ] | ||
+ | then | ||
+ | echo " | ||
+ | else | ||
+ | echo " | ||
+ | |||
+ | # Create a new private network for the project | ||
+ | |||
+ | NETWORK_ID=`openstack network create \ | ||
+ | -f value -c id \ | ||
+ | --project $PROJECT \ | ||
+ | --project-domain $DOMAIN \ | ||
+ | --description " | ||
+ | --enable \ | ||
+ | --enable-port-security \ | ||
+ | --internal \ | ||
+ | --provider-network-type vxlan \ | ||
+ | --no-share \ | ||
+ | $NETWORK` | ||
+ | |||
+ | echo " | ||
+ | |||
+ | fi | ||
+ | |||
+ | SUBNET_ID=`openstack subnet show $SUBNET -f value -c id 2>/ | ||
+ | |||
+ | if [ $? -eq 0 ] | ||
+ | then | ||
+ | echo " | ||
+ | else | ||
+ | echo " | ||
+ | |||
+ | # Create a new subnet for the project | ||
+ | |||
+ | SUBNET_ID=`openstack subnet create \ | ||
+ | -f value -c id \ | ||
+ | --project $PROJECT \ | ||
+ | --project-domain $DOMAIN \ | ||
+ | --description " | ||
+ | --network $NETWORK \ | ||
+ | --dhcp \ | ||
+ | --ip-version 4 \ | ||
+ | --gateway $GATEWAY \ | ||
+ | --allocation-pool start=$NET.10, | ||
+ | --subnet-range $CIDR \ | ||
+ | $SUBNET` | ||
+ | |||
+ | echo " | ||
+ | |||
+ | fi | ||
+ | |||
+ | ROUTER_ID=`openstack router show $ROUTER -f value -c id 2>/ | ||
+ | |||
+ | if [ $? -eq 0 ] | ||
+ | then | ||
+ | echo " | ||
+ | else | ||
+ | echo " | ||
+ | |||
+ | # Create a new router for the project | ||
+ | |||
+ | ROUTER_ID=`openstack router create \ | ||
+ | -f value -c id \ | ||
+ | --project $PROJECT \ | ||
+ | --project-domain $DOMAIN \ | ||
+ | --description " | ||
+ | --enable \ | ||
+ | $ROUTER` | ||
+ | |||
+ | echo " | ||
+ | |||
+ | # Connect the router to the external network and to the internal subnet | ||
+ | openstack router set \ | ||
+ | --external-gateway $PUBLIC_NET_ID \ | ||
+ | $ROUTER_ID | ||
+ | |||
+ | openstack router add subnet \ | ||
+ | $ROUTER_ID $SUBNET_ID | ||
+ | |||
+ | fi | ||
+ | </ | ||
+ | |||
+ | |||
+ | In più è necessario | ||
+ | |||
+ | * associare dei floating IP alle VM che devono poter essere accedute dall' | ||
+ | * associare dei security group alle VM con floating ip associati | ||
+ | |||