Openstack Xena on Ubuntu 20.04 -Home Lab

Posted on by sandeep

[  Previous: Neutron (6/9)  ]         [  7/9: Home Lab  ]          [  Next: Horizon (8/9)  ]

Create Project, Networks, vRouter and Security Group

Create a project ‘homelab’

openstack project create --domain default --description "Home Lab" homelab

Create a ‘labuser’ account

openstack user create --domain default --project homelab --password password labuser

Create and add the role

openstack role create LabUser
openstack role add --project homelab --user labuser LabUser

Create a network of type vxlan named ‘internal’, a private-subnet, and associate it with the network. (Note DNS server IP is from the home network)

openstack network create internal --provider-network-type vxlan

openstack subnet create private-subnet --subnet-range 192.168.100.0/24 --gateway 192.168.100.1 --dns-nameserver 10.0.0.1 --network internal

Create a network of type flat associated with the provider network physnet, a public subnet, and associate it with the network.

Note: Gateway and DNS server IP are from the home network.  The subnet range matches the home network subnet – I am not sure if this is the right way to do it. I will edit once I have a clear picture.

openstack network create --provider-physical-network physnet --provider-network-type flat --external external
openstack subnet create public-subnet --network external --subnet-range 10.0.0.16/16 --allocation-pool start=10.0.3.2,end=10.0.3.254 --gateway 10.0.0.1 --dns-nameserver  10.0.0.1 --no-dhcp

Create a virtual router ‘vrouter’, add the private-subnet, and set the external gateway

openstack router create vrouter
openstack router add subnet vrouter private-subnet
openstack router set vrouter --external-gateway external

Update the RBAC rules, let the private subnet associated with the ‘internal’ network  be accessed as a shared resource

networkID=$(openstack network list | grep internal | awk '{ print $2 }') 
projectID=$(openstack project list | grep homelab | awk '{ print $2 }') 
openstack network rbac create --target-project $projectID --type network --action access_as_shared $networkID

Create a flavor for testing

openstack flavor create m1.small --id auto --public  --vcpus 1 --ram 2048 --disk 20

Finally, create a security group ‘labsecurity’ and add rules to allow ICMP and SSH.

We need this security group created in the ‘homelab’ project – So let us create a file ‘user-rc’ with the following contents

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=homelab
export OS_USERNAME=labuser
export OS_PASSWORD=password
export OS_AUTH_URL=http://10.0.3.1:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

Add execute permissions

chmod +x user-rc

Create the security group and configure rules.

source user-rc
openstack security group create labsecurity
openstack security group rule create --protocol icmp --ingress labsecurity
openstack security group rule create --protocol tcp --dst-port 22:22 labsecurity
source admin-rc

[  Previous: Neutron (6/9)  ]         [  7/9: Home Lab  ]          [  Next: Horizon (8/9)  ]