[ Previous: Neutron (6/9) ] [ 7/9: Home Lab ] [ Next: Horizon (8/9) ]
Create Project, Networks, vRouter and Security Group
Create a project ‘homelab’
openstack project create --domain default --description "Home Lab" homelab
Create a ‘labuser’ account
openstack user create --domain default --project homelab --password password labuser
Create and add the role
openstack role create LabUser openstack role add --project homelab --user labuser LabUser
Create a network of type vxlan named ‘internal’, a private-subnet, and associate it with the network. (Note DNS server IP is from the home network)
openstack network create internal --provider-network-type vxlan openstack subnet create private-subnet --subnet-range 192.168.100.0/24 --gateway 192.168.100.1 --dns-nameserver 10.0.0.1 --network internal
Create a network of type flat associated with the provider network physnet, a public subnet, and associate it with the network.
Note: Gateway and DNS server IP are from the home network. The subnet range matches the home network subnet – I am not sure if this is the right way to do it. I will edit once I have a clear picture.
openstack network create --provider-physical-network physnet --provider-network-type flat --external external openstack subnet create public-subnet --network external --subnet-range 10.0.0.16/16 --allocation-pool start=10.0.3.2,end=10.0.3.254 --gateway 10.0.0.1 --dns-nameserver 10.0.0.1 --no-dhcp
Create a virtual router ‘vrouter’, add the private-subnet, and set the external gateway
openstack router create vrouter openstack router add subnet vrouter private-subnet openstack router set vrouter --external-gateway external
Update the RBAC rules, let the private subnet associated with the ‘internal’ network be accessed as a shared resource
networkID=$(openstack network list | grep internal | awk '{ print $2 }') projectID=$(openstack project list | grep homelab | awk '{ print $2 }') openstack network rbac create --target-project $projectID --type network --action access_as_shared $networkID
Create a flavor for testing
openstack flavor create m1.small --id auto --public --vcpus 1 --ram 2048 --disk 20
Finally, create a security group ‘labsecurity’ and add rules to allow ICMP and SSH.
We need this security group created in the ‘homelab’ project – So let us create a file ‘user-rc’ with the following contents
export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=homelab export OS_USERNAME=labuser export OS_PASSWORD=password export OS_AUTH_URL=http://10.0.3.1:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
Add execute permissions
chmod +x user-rc
Create the security group and configure rules.
source user-rc
openstack security group create labsecurity
openstack security group rule create --protocol icmp --ingress labsecurity
openstack security group rule create --protocol tcp --dst-port 22:22 labsecurity
source admin-rc
[ Previous: Neutron (6/9) ] [ 7/9: Home Lab ] [ Next: Horizon (8/9) ]