Docker OpenShift OpenStack and Containerization: October 2017

Thursday, October 19, 2017

OpenStack Orchestration Heat Stack to create a network OpenStack Newton

The YAML file for the same as example is as

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# cat 04net.yml
---
# for Newton release of OpenStack
#
heat_template_version: 2016-10-14

description: having a private network in place

resources:
private_net:
type: OS::Neutron::Net
properties:
name: internal1
shared: true

outputs:
net_info:
value: { get_attr: [private_net]}
[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#

Creation of a stack using the definition above creates a network with the name as "internal".

Running the stack

openstack stack create -t 04net.yml internal1_network

+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| id | 95f4779a-ac2e-4d41-aec3-5236d24d0bb3 |
| stack_name | internal1_network |
| description | having a private network in place |
| creation_time | 2017-10-19T20:52:01Z |
| updated_time | None |
| stack_status | CREATE_IN_PROGRESS |
| stack_status_reason | Stack CREATE started |
+---------------------+--------------------------------------+
--------

See the stack information

openstack stack show internal1_network

+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------+
| id | 95f4779a-ac2e-4d41-aec3-5236d24d0bb3 |
| stack_name | internal1_network |
| description | having a private network in place |
| creation_time | 2017-10-19T20:52:01Z |
| updated_time | None |
| stack_status | CREATE_COMPLETE |
| stack_status_reason | Stack CREATE completed successfully |
| parameters | OS::project_id: 49b25ce4022c492fa0c1eab4fc6c7419 |
| | OS::stack_id: 95f4779a-ac2e-4d41-aec3-5236d24d0bb3 |
| | OS::stack_name: internal1_network |
| | |
| outputs | - description: No description given |
| | output_error: '''qos_policy_id''' |
| | output_key: net_info |
| | output_value: null |
| | |
| links | - href: http://172.29.240.100:8004/v1/49b25ce4022c492fa0c1eab4fc6c7419/stacks/internal1_network/95f4779a-ac2e-4d41-aec3-5236d24d0bb3 |
| | rel: self |
| | |
| parent | None |
| disable_rollback | True |
| deletion_time | None |
| stack_user_project_id | d409212bfdd14e50beabc71a01dc7627 |
| capabilities | [] |
| notification_topics | [] |
| stack_owner | None |
| timeout_mins | None |
| tags | null |
| | ... |
| | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------+

Confirm that the netwrok has been created

openstack network list

So a network has been created, but there are no subnet yet on the network internal1

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# openstack network list
+--------------------------------------+-----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+-----------+--------------------------------------+
| 0b26c960-6158-4b20-9156-9d163ceaf2f3 | internal0 | 7206c8e9-64ca-4ba1-abef-12639820fd37 |
| 216e5f0c-e0ed-4c04-b912-37c6967a0038 | internal1 | |
| 3bc5a907-42ad-4fa7-aa53-1e514b42d6df | public0 | d8e83610-7b77-4683-abc5-0cf3b6186395 |
+--------------------------------------+-----------+--------------------------------------+

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#

OpenStack Orchestration Heat to create a Subnet in a given Network OpenStack Newton

OpenStack Orchestration Heat to create a Subnet in a given Network

Here is how to have a subnet using the heat stack.

---

Creation of the subnet using the heat stack

Here is the stack to create the subnet

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# cat 05subnet.yml
---
# for Newton release of OpenStack
#
heat_template_version: 2016-10-14

description: having a private subnet in a private network

resources:
subnet:
type: OS::Neutron::Subnet
properties:
cidr: '192.168.201.0/24'
name: internalsubnet1
enable_dhcp: true
ip_version: 4
allocation_pools:
- { start: 192.168.201.5, end: 192.168.201.254 }
network: internal1

outputs:
subnet_info:
value: { get_attr: [subnet]}
[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#

----

Create the stack using the above YAML file to create a subnet in the network 'internal1'.
The subnet will be named as 'internalsubnet1'
The Subnet name is 'internalsubnet1'
The Subnet CIDR is 192.168.201.0/24
The Allocation Pool range start:ebdis 192.168.201.5-192.168.205.254

---

Create the stack

See that the stack is created

Confirm that the subnet has been created also see the subnet using openstack subnet show

OpenStack Orchestration to Add the subnet created to the Router interface.

Please note that there is already a router that hasbeen there as 'router'
This adds the subnet to the router so that the router 'router' can be used to route the traffic from the VMs in this network to the external network

---

The Stack file to add an interface to the router 'router' is as follows

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# cat 06Routerinterfaceadd.yml
---
# for Newton release of OpenStack
#
heat_template_version: 2016-10-14

description: put the subnet to the router

resources:
router_interface:
type: OS::Neutron::RouterInterface
properties:
router: router
subnet: internalsubnet1

outputs:
subnet_info:
value: { get_attr: [router_interface]}
[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#

---

The above stack definition will add the subnet 'internalsubnet1' to the router 'router'.

--

Stack

openstak stack create -t 06Routerinterfaceadd.yml routerinterfaceaddinternalsubnet1

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# openstack stack create -t 06Routerinterfaceadd.yml routerinterfaceaddinternalsubnet1
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| id | 164f98d6-57da-4a59-a863-0c29bae587c1 |
| stack_name | routerinterfaceaddinternalsubnet1 |
| description | put the subnet to the router |
| creation_time | 2017-10-19T21:08:27Z |
| updated_time | None |
| stack_status | CREATE_IN_PROGRESS |
| stack_status_reason | Stack CREATE started |
+---------------------+--------------------------------------+
[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#

--

the stack creation shows complete

Lets ensure that the Router has now an interface added from the 'internalsubnet1' subnet

---

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# neutron router-port-list router
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| 28c89ce2-4861-4dfc-bbf3-fae2bd0bf0d7 | | fa:16:3e:91:54:0e | {"subnet_id": "9480b504-db1f-4f05-97b6-4058c7b168c9", "ip_address": "192.168.201.1"} |
| e035d8d8-de23-420b-a655-1d3afc0f1bb5 | | fa:16:3e:fa:73:3c | {"subnet_id": "d8e83610-7b77-4683-abc5-0cf3b6186395", "ip_address": "172.16.101.9"} |
| e69fe0ef-9535-418c-b60b-138abd9bc899 | | fa:16:3e:9d:c2:d5 | {"subnet_id": "7206c8e9-64ca-4ba1-abef-12639820fd37", "ip_address": "192.168.11.1"} |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#

---

This shows that a port from the internal Subnet internalsubnet1 with the IP address 192.168.202.1 has been added to the router

OpenStack Orchestration Heat to implement a Security Group along with the rules.

Have a stack to define a security Group as well as to create the rules in that group.

---

The heat stack YAML file to add the rules to the security group is

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# cat 09securitygroup.yml
---
# for Newton release of OpenStack
#
heat_template_version: 2016-10-14

description: put a security group

resources:
securitygroup:
type: OS::Neutron::SecurityGroup
properties:
name: securitygroup80-443-22-ICMP
#rules:
#type: list
rules:
- { direction: ingress, ethertype: IPv4, protocol: icmp, remote_ip_prefix: 0.0.0.0/0 }
- { direction: ingress, ethertype: IPv4, port_range_min: 22, port_range_max: 22, protocol: tcp, remote_ip_prefix: 0.0.0.0/0 }
- { direction: ingress, ethertype: IPv4, port_range_min: 80, port_range_max: 80, protocol: tcp, remote_ip_prefix: 0.0.0.0/0 }
- { direction: ingress, ethertype: IPv4, port_range_min: 443, port_range_max: 443, protocol: tcp, remote_ip_prefix: 0.0.0.0/0 }

outputs:
subnet_info:
value: { get_attr: [securitygroup]}
[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#

---

The above YAML file template as called using the OpenStack orchestration as a template, will add the following rules to the security group 'securitygroup80-443-22-ICMP'.
This YAML file in the process of implementing the stack also creates the security group 'securitygroup80-443-22-ICMP' first.

ingress from 0.0.0.0/0 for PING
ingress from 0.0.0.0/0 for SSH TCP 22
ingress from 0.0.0.0/0 for HTTP TCP 80
ingress from 0.0.0.0/09 for HTTPS TCP 443

---

Implement the stack

Confirm the security group and rules

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# neutron security-group-list | grep ICMP
| dc2a8841-cd94-4349-8643-942f2b2596b7 | securitygroup80-443-22-ICMP | egress, IPv4 |
[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]#

Confirm the

[root@newtonallinone HeatOrchestrationTemplates(keystone_admin)]# neutron security-group-show securitygroup80-443-22-ICMP
+----------------------+--------------------------------------------------------------------+
| Field | Value |
+----------------------+--------------------------------------------------------------------+
| created_at | 2017-10-19T21:40:40Z |
| description | |
| id | dc2a8841-cd94-4349-8643-942f2b2596b7 |
| name | securitygroup80-443-22-ICMP |
| project_id | 49b25ce4022c492fa0c1eab4fc6c7419 |
| revision_number | 5 |
| security_group_rules | { |
| | "remote_group_id": null, |
| | "direction": "ingress", |
| | "protocol": "tcp", |
| | "description": "", |
| | "ethertype": "IPv4", |
| | "remote_ip_prefix": "0.0.0.0/0", |
| | "port_range_max": 22, |
| | "updated_at": "2017-10-19T21:40:40Z", |
| | "security_group_id": "dc2a8841-cd94-4349-8643-942f2b2596b7", |
| | "port_range_min": 22, |
| | "revision_number": 1, |
| | "tenant_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "created_at": "2017-10-19T21:40:40Z", |
| | "project_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "id": "267fc284-9657-41c1-b221-bb737d50e709" |
| | } |
| | { |
| | "remote_group_id": null, |
| | "direction": "ingress", |
| | "protocol": "icmp", |
| | "description": "", |
| | "ethertype": "IPv4", |
| | "remote_ip_prefix": "0.0.0.0/0", |
| | "port_range_max": null, |
| | "updated_at": "2017-10-19T21:40:40Z", |
| | "security_group_id": "dc2a8841-cd94-4349-8643-942f2b2596b7", |
| | "port_range_min": null, |
| | "revision_number": 1, |
| | "tenant_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "created_at": "2017-10-19T21:40:40Z", |
| | "project_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "id": "64b97157-fa46-4bfe-84cb-da7ba9c8e76b" |
| | } |
| | { |
| | "remote_group_id": null, |
| | "direction": "ingress", |
| | "protocol": "tcp", |
| | "description": "", |
| | "ethertype": "IPv4", |
| | "remote_ip_prefix": "0.0.0.0/0", |
| | "port_range_max": 443, |
| | "updated_at": "2017-10-19T21:40:41Z", |
| | "security_group_id": "dc2a8841-cd94-4349-8643-942f2b2596b7", |
| | "port_range_min": 443, |
| | "revision_number": 1, |
| | "tenant_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "created_at": "2017-10-19T21:40:41Z", |
| | "project_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "id": "87d969f5-d315-4ab3-ba28-fe1de7f0988b" |
| | } |
| | { |
| | "remote_group_id": null, |
| | "direction": "egress", |
| | "protocol": null, |
| | "description": null, |
| | "ethertype": "IPv4", |
| | "remote_ip_prefix": null, |
| | "port_range_max": null, |
| | "updated_at": "2017-10-19T21:40:40Z", |
| | "security_group_id": "dc2a8841-cd94-4349-8643-942f2b2596b7", |
| | "port_range_min": null, |
| | "revision_number": 1, |
| | "tenant_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "created_at": "2017-10-19T21:40:40Z", |
| | "project_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "id": "b1903a87-8ae4-40d0-b6d9-75276eb2e4cf" |
| | } |
| | { |
| | "remote_group_id": null, |
| | "direction": "egress", |
| | "protocol": null, |
| | "description": null, |
| | "ethertype": "IPv6", |
| | "remote_ip_prefix": null, |
| | "port_range_max": null, |
| | "updated_at": "2017-10-19T21:40:40Z", |
| | "security_group_id": "dc2a8841-cd94-4349-8643-942f2b2596b7", |
| | "port_range_min": null, |
| | "revision_number": 1, |
| | "tenant_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "created_at": "2017-10-19T21:40:40Z", |
| | "project_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "id": "b845f9ed-4aed-46f4-8480-de6560f781b8" |
| | } |
| | { |
| | "remote_group_id": null, |
| | "direction": "ingress", |
| | "protocol": "tcp", |
| | "description": "", |
| | "ethertype": "IPv4", |
| | "remote_ip_prefix": "0.0.0.0/0", |
| | "port_range_max": 80, |
| | "updated_at": "2017-10-19T21:40:40Z", |
| | "security_group_id": "dc2a8841-cd94-4349-8643-942f2b2596b7", |
| | "port_range_min": 80, |
| | "revision_number": 1, |
| | "tenant_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "created_at": "2017-10-19T21:40:40Z", |
| | "project_id": "49b25ce4022c492fa0c1eab4fc6c7419", |
| | "id": "f5633437-f842-470d-997c-e5279e31f0eb" |
| | } |
| tenant_id | 49b25ce4022c492fa0c1eab4fc6c7419 |
| updated_at | 2017-10-19T21:40:41Z |
+----------------------+--------------------------------------------------------------------+