Creating a tenant Neutron network_OpenStack Cloud Computing Cookbook（Third Edition）-QQ阅读男生玄幻网

书名：OpenStack Cloud Computing Cookbook（Third Edition）
作者名：Kevin Jackson Cody Bunch Egle Sigler
本章字数：643字
更新时间：2025-03-01 04:14:04

Creating a tenant Neutron network

Now that we have our OpenStack Network services running, we can use these to create networks within our OpenStack environment. Networks are created for each tenant and we can use these to connect to our VMs. Neutron networks can either be private or shared. When a Neutron network is private, only the operators and instances of that tenant can utilize these networks. When they are marked as shared, all instances can attach to this shared network so it is important to utilize this shared network feature carefully to ensure security between tenants. When using shared networks, we implement Security Group rules to ensure the traffic flow matches our security requirements.

Getting ready

Ensure you have a suitable client available for using Neutron. If you are using the accompanying Vagrant environment, you can use the controller node. This has the python-neutronclient package that provides the neutron command-line client.

If you created this node with Vagrant, you can execute the following command:

vagrant ssh controller

Ensure you have the following credentials set (adjust the path to your certificates and key file to match your environment if not using the Vagrant environment):

export OS_TENANT_NAME=cookbook
export OS_USERNAME=admin
export OS_PASSWORD=openstack
export OS_AUTH_URL=https://192.168.100.200:5000/v2.0/
export OS_NO_CACHE=1
export OS_KEY=/vagrant/cakey.pem
export OS_CACERT=/vagrant/ca.pem

Tip

At this stage, Keystone should be installed and configured correctly. See the Installing the OpenStack Identity Service recipe in Chapter 1, Keystone – OpenStack Identity Service, for more information.

How to do it...

To create a private Neutron network for a particular tenant, follow these steps:

We first need to get the tenant id that we can reference when creating the network information for that particular tenant. To do so, issue the following command:
```
TENANT_ID=$(keystone tenant-list \
 | awk '/\ cookbook\ / {print $2}')
```

We then use this value to create the layer 2 network for this tenant:

neutron net-create \
 --tenant-id ${TENANT_ID} \
 cookbook_network_1

With the network in place, we now allocate a subnet to this network using the CIDR format (10.200.0.0/24):

neutron subnet-create \
 --tenant-id ${TENANT_ID} \
 --name cookbook_subnet_1 \
 cookbook_network_1 \
 10.200.0.0/24

We will now create a router on this network that we can use to act as the default gateway for our instances. Adding routers is optional—they are a design consideration, allowing you to route from one network that we create to another. This option avoids multihoming instances with multiple interfaces and networks. This router will be used to allow us to assign an IP from our physical host range that provides access to our instances:
```
neutron router-create \
 --tenant-id ${TENANT_ID} \
 cookbook_router_1
```

We add this router to our subnet:

neutron router-interface-add \
 cookbook_router_1 \
 cookbook_subnet_1

How it works...

We created a network with a defined subnet that our VMs utilize when they start up. To create a network, the following syntax is used:

neutron net-create \
 --tenant-id TENANT_ID \
 NAME_OF_NETWORK

To create a subnet, the following syntax is used:

neutron subnet-create \
 --tenant-id TENANT_ID \
 --name NAME_OF_SUBNET \
 NAME_OF_NETWORK \
 CIDR

Routers are optional on networks and the function is to route traffic from one subnet to another. In a Neutron SDN, this is no different. Layer 3 (L3) Routers allow you to configure gateways and routes to other networks on-demand. If we only require our instances to communicate between each other on the same subnet, there is no need to have a router because there will be no other network that needs to be routed to or from. The syntax to create routers is as follows:

neutron router-create \
 --tenant-id TENANT_ID \
 NAME_OF_ROUTER

The syntax to add the router to our Subnet (used to allow routes from one network (physical or software-defined)) is as follows:

neutron router-interface-add \
 ROUTER_NAME \
 SUBNET_NAME

We can then add further subnets using the preceding syntax to this router and allow traffic to flow between instances on different OpenStack Neutron-created subnets.