Networks

From CAC Documentation wiki
Revision as of 17:15, 18 December 2018 by Pzv2 (talk | contribs) (Created page and added content from Networks section on OpenStack page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Warning: This page is currently under construction. Information may not be ready for users.

Intro


Use the 'public' net if you want some form of public (but possibly restricted) access from the internet and don't care about having an extremely stable IP. Somewhat counter-intuitively, you want a 'private' network if you want to get a stable "floating" IP address (called an elastic IP address in Eucalyptus and AWS); this is also highly reccomended if you plan to have a registered domain name pointing to the instance. You can also use a private network if you want some or all of the instances on the private network to not be directly accessible from the internet. The list of networks for the currently selected project can be viewed in OpenStack Horizon.

Note that you can actually have an instance that is both part of the 'public' network and a 'private' network.

Public Net

  • No action is needed to use this, other than selecting it.
  • This should be acceptable for many uses, e.g. compute instances.
  • IP address will be stable through reboots, but not necessarily through hard shutdowns (e.g. shelving).
  • You can not assign a floating IP to an instance via its membership in a public network. Please do not allocate floating IP addresses on a public network.

Private Network

Setting up your own private network

  1. ssh into linuxlogin.cac.cornell.edu; this can be done using your CU netid and CAC password: ssh netid@linuxlogin.cac.cornell.edu.
  2. source the openrc for the desired project, which is obtainable via from OpenStack Horizon once the desired project is selected in Horizone
  3. Run the network creation script with a single argument (network name), e.g.: /opt/openstack/create-private-net.sh my-net-name.

You can switch an instance from public to private by doing attach interface / detach interface from the instance dropdown menu.

Note that network names are not unique, but IDs are. You can rename a network without renaming the subnet (but you can rename it too, separately), all possible via the Horizon web UI. The subnets are private, and exposed externally by a Router. Networks and routers won't be deleted if there are any active connections on them. There is also a delete network script that should be used instead of the Horizon web UI for a cleaner deletion: /opt/openstack/delete-private-net.sh.

Floating IP

Steps for getting a floating (stable) IP:

  • See the prerequisite steps above for "Setting up your own private network"
  • In Horizon, under the Networks tab, select "Floating IPs", which should send you here.
  • Click "Allocate IP to Project"
  • The only pool will be "public"; click "allocate".
  • From the list of floating IPs, click "Associate"; make sure you pick a "port" that is an instance's interface on a previously created private network, NOT a public network.
  • Note that if you not longer need the floating IP, please release it back to the pool by selecting the "Release Floating IP" from the Actions dropdown menu.
  • When changing the associated floating IPs of an instance, security groups may be dropped, so you may need to edit the security groups after the fact from the instance dropdown menu.