OpenStack Liberty Neutron Deployment (Part 6 start a VM in the tenant defined network)

Now it is time to start a VM. Up to now, no DHCP server is running for the tenant’s network n1.

#
# first we need the ID of the image to be used
#
glance image-list
+--------------------------------------+-----------------------+-------------+------------------+-----------+--------+
| ID                                   | Name                  | Disk Format | Container Format | Size      | Status |
+--------------------------------------+-----------------------+-------------+------------------+-----------+--------+
| a13badd0-28a6-4d2a-a05b-7c064b747b7e | Cirros 64 Bit         | qcow2       | bare             | 13167616  | active |
+--------------------------------------+-----------------------+-------------+------------------+-----------+--------+
#
# get the network ID for the nic
#
neutron net-list | grep -w n1
+--------------------------------------+---------------------+------------------------------------------------------+
| id                                   | name                | subnets                                              |
+--------------------------------------+---------------------+------------------------------------------------------+
| 53fa05ef-9a39-4c30-825f-485bf9480388 | n1                  | a107c408-08e2-4158-b75b-4ed74abc4e18 192.168.1.0/24  |
+--------------------------------------+---------------------+------------------------------------------------------+
#
# list the flavors
#
nova flavor-list
+----+------------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name       | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+----+------------+-----------+------+-----------+------+-------+-------------+-----------+
| 30 | Cirros     | 256       | 1    | 0         |      | 1     | 1.0         | True      |
+----+------------+-----------+------+-----------+------+-------+-------------+-----------+
#
# now boot the VM
#
nova boot --image a13badd0-28a6-4d2a-a05b-7c064b747b7e --flavor Cirros --nic net-id=53fa05ef-9a39-4c30-825f-485bf9480388 testvm1

After starting the VM, the set up looks like:

After staring the first VM

After staring the first VM

The following components have been configured:

On the network node:

  • neutron starts a DHCP server on the network node to provide a DHCP service for the tenants’s network n1. This DHCP server runs in it’s own network namespace [qdhcp-*] and is attached to Vlan 3.

On the compute node:

  • Allocate a Vlan on br-int from the free list of vlans. This Vlan is associated and attached to the global vxlan id 0x10001. As no vlans have been used before, vlan 1 is used.
  • On br-tun mapping entries are created to map the local vlan id 1 to the global vxlan id 0x10001.
  • The VM is not attached directly to br-int. The reason is, that there is no mechanism to attach iptable rules to an ovs port. iptable rules are used to implement the Openstack security groups. The workaround is to create a linux bridge, attach the tap interface of the vm to the linux bridge and attach the linux bridge using a veth pair to br-int.
  • Start the VM

Attach a floating IP

#
# allocate a floating IP requires a floating IP (must be created) and a port id
#
neutron net-external-list
+--------------------------------------+---------------------+-----------------------------------------------------+
| id                                   | name                | subnets                                             |
+--------------------------------------+---------------------+-----------------------------------------------------+
| f79385f6-e878-4450-9ed9-e906f6985149 | floating-198-18-0   | 7b9a75c2-fbbc-455b-9aa7-1a1bf286571e 198.18.0.0/20  |
| 97d1c4c7-c5a2-4399-9d12-cf9bf6bef739 | floating-198-18-16  | 3af17d23-8229-4022-a49f-f8b41939adc9 198.18.16.0/20 |
+--------------------------------------+---------------------+-----------------------------------------------------+
#
neutron floatingip-create f79385f6-e878-4450-9ed9-e906f6985149
neutron floatingip-list
+--------------------------------------+------------------+---------------------+---------+
| id                                   | fixed_ip_address | floating_ip_address | port_id |
+--------------------------------------+------------------+---------------------+---------+
| a0a7dea2-4461-4005-94d6-8ebcc5e5ebbf |                  | 198.18.0.3          |         |
+--------------------------------------+------------------+---------------------+---------+

#
# get the fixed IP of the VM
#
nova list
+--------------------------------------+---------+--------+------------+-------------+----------------+
| ID                                   | Name    | Status | Task State | Power State | Networks       |
+--------------------------------------+---------+--------+------------+-------------+----------------+
| 189d0c60-d6ad-4652-b61c-bea390c6c507 | testvm1 | ACTIVE | -          | Running     | n1=192.168.1.2 |
+--------------------------------------+---------+--------+------------+-------------+----------------+
#
# list all neutron ports
#
neutron port-list
#
neutron port-list
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                          |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| 11db8e63-6d88-404a-93a1-1d741568ad36 |      | fa:16:3e:2b:26:f1 | {"subnet_id": "a107c408-08e2-4158-b75b-4ed74abc4e18", "ip_address": "192.168.1.1"} |
| b4370b20-d588-4109-b681-b4f600062e2f |      | fa:16:3e:b4:c8:c9 | {"subnet_id": "a107c408-08e2-4158-b75b-4ed74abc4e18", "ip_address": "192.168.1.3"} |
| f609efc7-15a3-4928-9785-88bfcecd858c |      | fa:16:3e:84:09:ff | {"subnet_id": "a107c408-08e2-4158-b75b-4ed74abc4e18", "ip_address": "192.168.1.2"} |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
#
# associate the floating ip
#
neutron floatingip-associate a0a7dea2-4461-4005-94d6-8ebcc5e5ebbf f609efc7-15a3-4928-9785-88bfcecd858c

The set up is now:

Add a floating IP address for the VM

Add a floating IP address for the VM

The floating IP address of the VM is attached as an additional IP address on the uplink of the router. In addition 1:1 NAT rules are created on the router to provide a unique mapping for the fixed IP address of the VM.

Continue reading (part 7)

Updated: 16/01/2021 — 13:41