====== Setup delle reti di progetto ======

La gestione delle reti interne al progetto è demandata agli utenti del middleware cloud.

Perché le VM associate ad un progetto possano collegarsi in rete sono necessarie le seguenti operazioni propedeutiche:

  * creare una rete interna
  * creare una subnet ed associarla alla rete interna
  * creare un router da collegare alla rete interna ed alla rete pubblica

Queste operazioni possono essere eseguite attraverso la dashboard, ma può essere utile usare questo script per rendere l'operazione più semplice e veloce.

<code>
#!/bin/bash

REGION=$OS_REGION_NAME
DOMAIN=$OS_USER_DOMAIN_NAME
PROJECT=$OS_PROJECT_NAME

while getopts "p:d:r:h" opt; do
    case "$opt" in
    p)  PROJECT=$OPTARG
        OS_PROJECT_NAME=$PROJECT
        ;;
    d)  DOMAIN=$OPTARG
        OS_USER_DOMAIN_NAME=$DOMAIN
        ;;
    r)  REGION=$OPTARG
        OS_REGION_NAME=$REGION
        ;;
    h)  echo "This script is intended for easing the setup of a basic network environment for OpenStack projects."
        echo "Enter the dashboard, on the top right corner click on you username and download the \"OpenStack RC file V3\"."
        echo "Execute the downloaded file in a terminal - you will be prompted for you password -, and execute this script."
        echo "Make sure you close the terminal immediately after finishing in order to avoid you password being kept in memory." 
        echo "Project, region and domain names can be overridden with -p, -r and -d."
  	exit 1
        ;;
    esac
done

#if [[ -z "$PROJECT" ]] || [[ -z "$DOMAIN" ]]
#then
#  echo "Project and domain name must be set with -p and -d"
#  exit 1
#fi

# The names of the new network, subnet and router are obtained from the project name
NETWORK=$PROJECT-net
SUBNET=$PROJECT-subnet
ROUTER=$PROJECT-router

echo ""

# Get the public net id of the selected region
PUBLIC_NET_ID=`openstack network show public -f value -c id`

if [[ -z "$PUBLIC_NET_ID" ]]
then
  echo ""
  echo "Could not obtain public network id"
  echo "Make sure you have all the necessary variables correctly set before retrying"
  echo ""
  exit 1
fi

# Verify that the project exists
PROJECT_ID=`openstack project show $PROJECT -f value -c id`

if [[ -z "$PROJECT_ID" ]]
then
  echo ""
#  echo "Could not find project $PROJECT in domain $DOMAIN"
  echo "Make sure you have all the necessary variables correctly set before retrying"
  echo ""
  exit 1
fi

# Generate a random network address (192.168.xxx.0/24). Avoid 192.168.0.0/24, 192.168.1.0/24 and some more because they may conflict when doing VPN from home networks
FLOOR=10
RANGE=250
NUMBER=0

while [ "$NUMBER" -le "$FLOOR" ]
do
  NUMBER=$RANDOM
  let "NUMBER %= $RANGE"  # Scales $number down within $RANGE.
done

GATEWAY=192.168.$NUMBER.1
NET=192.168.$NUMBER
CIDR=192.168.$NUMBER.0/24
NETWORK_ID=`openstack network show $NETWORK -f value -c id 2>/dev/null`

echo ""
echo "Will try to create network \"$NETWORK\" for project \"$PROJECT\" in domain \"$DOMAIN\" and region \"$REGION\"."
echo "The associate subnet will use the following class C network: $CIDR."
echo ""

read -r -p "Are you sure? [Y/n]" response
 response=${response,,} # tolower
 if [[ $response =~ ^(yes|y| ) ]] || [[ -z $response ]]; then
   /bin/true
 else
   echo "Exiting"
   echo ""
   exit
 fi

if [ $? -eq 0 ]
then
  echo "Network $NETWORK ($NETWORK_ID) exists already"
else
  echo "Creating network $NETWORK"

# Create a new private network for the project

  NETWORK_ID=`openstack network create \
    -f value -c id \
    --project $PROJECT \
    --project-domain $DOMAIN \
    --description "Private network for the $PROJECT project" \
    --enable \
    --enable-port-security \
    --internal \
    --provider-network-type vxlan \
    --no-share \
    $NETWORK`

  echo "Network $NETWORK ($NETWORK_ID) created"

fi

SUBNET_ID=`openstack subnet show $SUBNET -f value -c id 2>/dev/null`

if [ $? -eq 0 ]
then
  echo "Subnet $SUBNET ($SUBNET_ID) exists already"
else
  echo "Creating subnet $SUBNET"

# Create a new subnet for the project

  SUBNET_ID=`openstack subnet create \
    -f value -c id \
    --project $PROJECT \
    --project-domain $DOMAIN \
    --description "Subnet for the $PROJECT project" \
    --network $NETWORK \
    --dhcp \
    --ip-version 4 \
    --gateway $GATEWAY \
    --allocation-pool start=$NET.10,end=$NET.250 \
    --subnet-range $CIDR \
    $SUBNET`

echo "Subnet $SUBNET ($SUBNET_ID) created"

fi

ROUTER_ID=`openstack router show $ROUTER -f value -c id 2>/dev/null`

if [ $? -eq 0 ]
then
  echo "Router $ROUTER ($ROUTER_ID) exists already"
else
  echo "Creating router $ROUTER"

# Create a new router for the project

  ROUTER_ID=`openstack router create \
    -f value -c id \
    --project $PROJECT \
    --project-domain $DOMAIN \
    --description "Router for the $PROJECT project" \
    --enable \
    $ROUTER`

  echo "Router $ROUTER ($ROUTER_ID) created"

# Connect the router to the external network and to the internal subnet
  openstack router set \
    --external-gateway $PUBLIC_NET_ID \
    $ROUTER_ID

  openstack router add subnet \
    $ROUTER_ID $SUBNET_ID

fi
</code>


In più è necessario

  * associare dei floating IP alle VM che devono poter essere accedute dall'esterno 
  * associare dei security group alle VM con floating ip associati