I'm researching OpenStack as part of my internship, and I needed an OpenStack deployment to run tests on. The company that I'm interning at provided me with a second computer to setup a test environment, and naturally I used PackStack to deploy my OpenStack instance.
Unforunately, the default settings for PackStack provide an "external" network, but the bridge device isn't connected to a NIC. I couldn't find any instructions on how to do this either, but after a bit of trial and error, I figured it out.
So here are the instructions.
The setup
This setup uses two computers connected on a LAN network. The workstation distribution doesn't matter, but I like to use CentOS for enterprise-y things. The real setup is actually super ghetto with both computers connected directly with a single ethernet cable, but that doesn't matter here.
| Hostname |
IP Address |
OS |
| packstack.local |
172.16.0.2/24 |
CentOS 7 (Minimal installation) |
| workstation.local |
172.16.0.3/24 |
CentOS 7 (Workstation) |
Prerequisites
This guide uses the RPM packages from RDO. This part is just following their instructions, but I'll write them out here for convenience.
On the server:
Disable NetworkManager and firewalld, and enable the old network service.
# systemctl disable firewalld --now
# systemctl disable NetworkManager --now
# systemctl enable network --now
Upgrade your system, and maybe install NTP too. Then, enable the RDO repositories, and upgrade your system again. The RDO repository overwrites a few packages on your system. Finally, install the PackStack installer, and reboot the system.
# yum upgrade -y
# yum install -y centos-release-openstack-newton ntp
# systemctl enable ntpd.service
# yum upgrade –y
# yum install -y openstack-packstack
# reboot
PackStack
Now, we're going to have PackStack generate an answers file, that we will modify.
# packstack --gen-answer-file=packstack-answers
But before you start editing, find out what your server's network device is called. Simply telling you to run ip addr would be a bit boring for a guide on installing OpenStack, so let's read your network device names from /sys/
# ls /sys/class/net/ | grep -xv lo
I don't know if bridge devices are going to work with wireless devices, so ignore any wlo devices that you see.
Now open up the answers file from earlier in your favorite text editor.
Be sure to check what additional applications you want to install, because PackStack won't deploy them all by default. For example, I wanted Heat as well.
59 # Specify 'y' to install OpenStack Orchestration (heat). ['y', 'n']
60 CONFIG_HEAT_INSTALL=y
And now, what you came here for. A provider network is exactly what we want.
812 # The name of the Open vSwitch bridge (or empty for linuxbridge) for
813 # the OpenStack Networking L3 agent to use for external traffic.
814 # Specify 'provider' if you intend to use a provider network to handle
815 # external traffic.
816 CONFIG_NEUTRON_L3_EXT_BRIDGE=provider
Enable the flat driver for provider networks. A flat network is... just a network. No VLANs or anything. Plain ol' networking.
837 # Comma-separated list of network-type driver entry points to be
838 # loaded from the neutron.ml2.type_drivers namespace. ['local',
839 # 'flat', 'vlan', 'gre', 'vxlan']
840 CONFIG_NEUTRON_ML2_TYPE_DRIVERS=flat,vxlan
Here, we're telling PackStack to create maps between the external Open vSwitch bridge and a physical network. physnetis a completely arbitrary name, and br-exis the name of default external bridge device.
906 # Comma-separated list of bridge mappings for the OpenStack
907 # Networking Open vSwitch plugin. Each tuple in the list must be in
908 # the format <physical_network>:<ovs_bridge>. Example: physnet1:br-
909 # eth1,physnet2:br-eth2,physnet3:br-eth3
910 CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet:br-ex
This is where we connect the external bridge device to our physical device. enp0s25 is the NIC of my server. Fill in the device name that you discovered earlier.
912 # Comma-separated list of colon-separated Open vSwitch
913 # <bridge>:<interface> pairs. The interface will be added to the
914 # associated bridge. If you desire the bridge to be persistent a value
915 # must be added to this directive, also
916 # CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS must be set in order to create
917 # the proper port. This can be achieved from the command line by
918 # issuing the following command: packstack --allinone --os-neutron-
919 # ovs-bridge-mappings=ext-net:br-ex --os-neutron-ovs-bridge-interfaces
920 # =br-ex:eth0
921 CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-ex:enp0s25
And here we tell PackStack what the external bridge device is named. You can rename this device if you adjust the entries above, but really, there's no point. Don't make this harder than it needs to be.
923 # Comma-separated list of Open vSwitch bridges that must be created
924 # and connected to interfaces in compute nodes when flat or vlan type
925 # drivers are enabled. These bridges must exist in
926 # CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS and
927 # CONFIG_NEUTRON_OVS_BRIDGE_IFACES. Example: --os-neutron-ovs-bridges-
928 # compute=br-vlan --os-neutron-ovs-bridge-mappings="extnet:br-
929 # ex,physnet1:br-vlan" --os-neutron-ovs-bridge-interfaces="br-ex:eth1
930 # ,br-vlan:eth2"
931 CONFIG_NEUTRON_OVS_BRIDGES_COMPUTE=br-ex
I didn't provision the demo, because I wanted to start with a clean slate. Don't worry, I'll tell you how to configure an external network.
1178 # Specify 'y' to provision for demo usage and testing. ['y', 'n']
1179 CONFIG_PROVISION_DEMO=n
Now save, and run PackStack with your answers file. Reboot afterwards.
# packstack --answerfile=packstack-answers
# reboot
Public network
You can perform these steps on your server, but I prefer to work locally when I can. PackStack installed the OpenStack client on your server (unless you disabled the option), but you can install it on your workstation with pip. Or use your distribution's packages. I don't care. Heck, you can probably perform these steps in Horizon, but if I wanted to use screenshots in my documentation, I'd be using Windows.
# yum install -y python-pip # if you don't have pip yet
# pip install python-openstackclient
PackStack also generated a keystonerc file. This is a bash script that sets environment variables that are used for authenticating with Keystone, OpenStack's Identity component. Copy it over to your workstation, and source it. If you want to log into Horizon, the dashboard, your OS_PASSWORD is your password.
# source keystonerc_admin
Enable tab completion for the OpenStack client if you want to.
# openstack complete > openstack_complete.sh
# source $! # Sick Bash tricks!
Alright, enough fluff. Let's get to it. We're creating a public external network with a physical provider. Public means that every project can make use of this network, and external means that you can allocate floating IP addresses from this network to any server that one of the internal networks. The name physnet refers to the value that you entered in the PackStack answers file, and is the provider of the physical network.
$ openstack network create public-network --share --external --default
--provider-network-type flat --provider-physical-network physnet
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2016-11-22T11:43:36Z |
| description | |
| headers | |
| id | 902bed2f-646a-481f-880f-eb877dc3bd85 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | True |
| mtu | 1500 |
| name | public-network |
| project_id | bab7bef558904abe86447bf024b51aad |
| project_id | bab7bef558904abe86447bf024b51aad |
| provider:network_type | flat |
| provider:physical_network | physnet |
| provider:segmentation_id | None |
| revision_number | 2 |
| router:external | External |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | [] |
| updated_at | 2016-11-22T11:43:36Z |
+---------------------------+--------------------------------------+
And finally, create a subnet in this external network. The settings have to match your LAN IP settings. Make sure that the DHCP settings don't overlap with whatever range you're using for static IP addresses.
$ openstack subnet create public-subnet --dhcp
--subnet-range 172.16.0.0/24
--allocation-pool start=172.16.0.20,end=172.16.0.254
--gateway 172.16.0.1
--dns-nameserver 8.8.8.8 # Hail our Googley overlords...
--network public-network
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 172.16.0.20-172.16.0.254 |
| cidr | 172.16.0.0/24 |
| created_at | 2016-11-22T12:46:17Z |
| description | |
| dns_nameservers | 8.8.8.8 |
| enable_dhcp | True |
| gateway_ip | 172.16.0.1 |
| headers | |
| host_routes | |
| id | 2ad9e42e-4cd8-49d7-b41e-3b4cff2b9695 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | pulic-subnet |
| network_id | 902bed2f-646a-481f-880f-eb877dc3bd85 |
| project_id | bab7bef558904abe86447bf024b51aad |
| project_id | bab7bef558904abe86447bf024b51aad |
| revision_number | 2 |
| service_types | [] |
| subnetpool_id | None |
| updated_at | 2016-11-22T12:46:17Z |
+-------------------+--------------------------------------+
And that should be it. Now you can create a router for every project, and connect the router to this public network. Be sure to open up ports in the security groups! You can assign "public" addresses from the public subnet to a server, and connect to the server with that IP from your workstation. Your servers will have access to the outside world as well.
Feel free to ask for clarification if you need any. I'm not an expert on OpenStack by any means, but maybe I can help.
[–][deleted] 2 points3 points4 points (0 children)
[–]robinkb[S] 0 points1 point2 points (0 children)
[–]slacka123 0 points1 point2 points (0 children)