Environment

Undercloud

director.lab.example.com : 172.25.250.60

Overcloud

  • controller0.lab.example.com : 172.25.250.1
  • compute0.lab.example.com : 172.25.250.70
  • computehci0.lab.example.com : 172.25.250.21

Domain Name

Haoyang

Project Name

Engineering

Project Engineering belongs to the Domain Haoyang

Operation Steps

1
2
# Remotely login to the workstation node
ssh student@workstation
1
2
3
4
5
6
shy@Flash-shy ~ % ssh student@172.16.2.212
student@172.16.2.212's password: 
Activate the web console with: systemctl enable --now cockpit.socket

This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
1
2
# Login to the undercloud director node
ssh director
1
2
3
4
5
6
7
8
[student@workstation ~]$ ssh director
Activate the web console with: systemctl enable --now cockpit.socket

This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register

Last login: Sun Apr 13 22:29:34 2025 from xxx.xxx.xxx.xxx
(undercloud) [stack@director ~]$
1
2
3
# Use the administrator credential
(undercloud) [stack@director ~]$ source overcloudrc 
(overcloud) [stack@director ~]$ 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Firstly, create the domain
(overcloud) [stack@director ~]$ openstack domain create Haoyang
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description |                                  |
| enabled     | True                             |
| id          | 5ecb4e207166423494f02ade2d289efe |
| name        | Haoyang                          |
| options     | {}                               |
| tags        | []                               |
+-------------+----------------------------------+

# Check the list of domain
(overcloud) [stack@director ~]$ openstack domain list
+----------------------------------+------------+---------+--------------------+
| ID                               | Name       | Enabled | Description        |
+----------------------------------+------------+---------+--------------------+
| 1e9c34fd067a4c88a14959ce575aeb45 | heat_stack | True    |                    |
| 4a52dcec731b418bb656f69dc4e0cc71 | Example    | True    | Example Domain     |
| 5ecb4e207166423494f02ade2d289efe | Haoyang    | True    |                    |
| default                          | Default    | True    | The default domain |
+----------------------------------+------------+---------+--------------------+
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Create the project
(overcloud) [stack@director ~]$ openstack project create --domain Haoyang Engineering
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description |                                  |
| domain_id   | 5ecb4e207166423494f02ade2d289efe |
| enabled     | True                             |
| id          | ec0e24ddf10841b08ae63fe094e25587 |
| is_domain   | False                            |
| name        | Engineering                      |
| options     | {}                               |
| parent_id   | 5ecb4e207166423494f02ade2d289efe |
| tags        | []                               |
+-------------+----------------------------------+

# Check the list of project
(overcloud) [stack@director ~]$ openstack project list --domain Haoyang
+----------------------------------+-------------+
| ID                               | Name        |
+----------------------------------+-------------+
| ec0e24ddf10841b08ae63fe094e25587 | Engineering |
+----------------------------------+-------------+

User

  • Robert serves as the Engineering project administrator.
  • William is a member of the Engineering project and is not permitted administrator access.
  • All users within the Engineering project belong to the Haoyang domain.
  • The password for all users is Flectrag.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# Use the administrator credential
(overcloud) [stack@director ~]$ source overcloudrc

# Create the users
(undercloud) [stack@director ~]$ openstack user create -h
(overcloud) [stack@director ~]$ openstack user create \
> --domain Haoyang \
> --project Engineering \
> --project-domain Haoyang \
> --password Flectrag \
> Robert
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | ec0e24ddf10841b08ae63fe094e25587 |
| domain_id           | 5ecb4e207166423494f02ade2d289efe |
| enabled             | True                             |
| id                  | 5a7970ef27424053913c54ebb85ae123 |
| name                | Robert                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

(overcloud) [stack@director ~]$ openstack user create \
> --domain Haoyang \
> --project Engineering \
> --project-domain Haoyang \
> --password Flectrag \
> William
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | ec0e24ddf10841b08ae63fe094e25587 |
| domain_id           | 5ecb4e207166423494f02ade2d289efe |
| enabled             | True                             |
| id                  | 9615d8cee44947a4bbce4e490f1391e4 |
| name                | William                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

# Check the results
(overcloud) [stack@director ~]$ openstack user list --domain Haoyang
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 5a7970ef27424053913c54ebb85ae123 | Robert  |
| 9615d8cee44947a4bbce4e490f1391e4 | William |
+----------------------------------+---------+
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Allocate the role to users
(overcloud) [stack@director ~]$ openstack role add \
> --project Engineering \
> --user Robert \
> --user-domain Haoyang \
> --project-domain Haoyang \
> admin

(overcloud) [stack@director ~]$ openstack role add \
> --project Engineering \
> --user William \
> --user-domain Haoyang \
> --project-domain Haoyang \
> member

# Check the results
(overcloud) [stack@director ~]$ openstack role assignment list --project-domain Haoyang --project Engineering --names
+--------+-----------------+-------+---------------------+--------+--------+-----------+
| Role   | User            | Group | Project             | Domain | System | Inherited |
+--------+-----------------+-------+---------------------+--------+--------+-----------+
| admin  | Robert@Haoyang  |       | Engineering@Haoyang |        |        | False     |
| member | William@Haoyang |       | Engineering@Haoyang |        |        | False     |
+--------+-----------------+-------+---------------------+--------+--------+-----------+
1
2
3
4
5
6
7
8
9
# Create the user called Robert credential for administration
(overcloud) [stack@director ~]$ cp overcloudrc robertrc
(overcloud) [stack@director ~]$ vim robertrc 
# Modify 5 line contents in total
export OS_USERNAME=Robert
export OS_PROJECT_NAME=Engineering
export OS_USER_DOMAIN_NAME=Haoyang
export OS_PROJECT_DOMAIN_NAME=Haoyang
export OS_PASSWORD=Flectrag

Image and Flavor

Image

Flavor

  • Name: m1.petite
  • RAM: 1024MB
  • CPUs: 1
  • Disk: 10GB

Operation Steps

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# Use the robert's credential to manage openstack resources
(overcloud) [stack@director ~]$ source robertrc

# Obtain the basic qcow2 image
(overcloud) [stack@director ~]$ wget http://materials.example.com/osp-small.qcow2
--2025-04-14 09:05:27--  http://materials.example.com/osp-small.qcow2
Resolving materials.example.com (materials.example.com)... 172.25.254.254
Connecting to materials.example.com (materials.example.com)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 656867328 (626M)
Saving to: 'osp-small.qcow2'

osp-small.qcow2             100%[===========================================>] 626.44M   563MB/s    in 1.1s    

2025-04-14 09:05:28 (563 MB/s) - 'osp-small.qcow2' saved [656867328/656867328]

# Create the image
(overcloud) [stack@director ~]$ openstack image create \
> --disk-format qcow2 \
> --file osp-small.qcow2 \
> --public \
> web
1
2
3
4
5
6
7
# Create the flavor
(overcloud) [stack@director ~]$ openstack flavor create \
> --vcpus 1 \
> --ram 1024 \
> --disk 10 \
> --public \
> m1.petite
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# Check the image
(overcloud) [stack@director ~]$ openstack image list 
+--------------------------------------+---------------------------------------------------------+--------+
| ID                                   | Name                                                    | Status |
+--------------------------------------+---------------------------------------------------------+--------+
| 81a8fbe6-aeb5-4322-accb-e569b65fe92d | octavia-amphora-16.1-20200812.3.x86_64                  | active |
| 8930ccbb-0ff0-4b8c-b0c5-d29a8a6903ec | octavia-amphora-16.1-20200812.3.x86_64_20201030T152228Z | active |
| 65719e96-84bc-4132-ac80-742fdb6b367c | octavia-amphora-16.1-20200812.3.x86_64_20210303T085358Z | active |
| 7dcd09a5-be2a-4f73-9dff-2ff403dea016 | rhel7-todo-app1                                         | active |
| 5b180c17-658a-4a38-af07-efd2e30bed70 | rhel7-todo-db                                           | active |
| 74a8ae00-9e7d-4b73-9016-98a78c04f153 | rhel7-todo-web                                          | active |
| 1c4d5d8e-2881-4870-b922-13aaf4d2ab5f | rhel8                                                   | active |
| c458af77-3748-401a-a4df-f55562d285cb | rhel8-db                                                | active |
| a1449cf0-3b0e-40d1-8ce8-37ac4d30c953 | rhel8-web                                               | active |
| 517aad0e-097f-4137-a300-be11b9f01d22 | web                                                     | active |
+--------------------------------------+---------------------------------------------------------+--------+

# Check the flavor
(overcloud) [stack@director ~]$ openstack flavor list
+--------------------------------------+--------------------+------+------+-----------+-------+-----------+
| ID                                   | Name               |  RAM | Disk | Ephemeral | VCPUs | Is Public |
+--------------------------------------+--------------------+------+------+-----------+-------+-----------+
| 51b6a59f-4bee-4d5d-9c43-82cb67cd08fa | default-extra-disk | 2048 |   10 |         5 |     2 | True      |
| 5c417e2d-9b66-4486-a835-507caa868b73 | default-swap       | 2048 |   10 |         0 |     2 | True      |
| 8fb411dd-bfe8-469c-bb64-9d96c0164e08 | default            | 2048 |   10 |         0 |     2 | True      |
| f64ea5f0-093e-4281-baaf-37c4033326a2 | m1.petite          | 1024 |   10 |         0 |     1 | True      |
+--------------------------------------+--------------------+------+------+-----------+-------+-----------+

Security Group and KeyPairs

Security Group

  • ssh: allow port 22 and all ICMP ping

  • web: allow port 80

KeyPairs

  • Name: webkey

  • Store Path: in director.lab.example.com /home/stack/webkey.pem

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
(overcloud) [stack@director ~]$ source robertrc

# Create the security group
(overcloud) [stack@director ~]$ openstack security group create ssh

# Create the rule
(overcloud) [stack@director ~]$ openstack security group rule create \
> --protocol tcp \
> --dst-port 22 \
> ssh

(overcloud) [stack@director ~]$ openstack security group rule create \
> --protocol icmp \
> ssh

# Create the other security group
(overcloud) [stack@director ~]$ openstack security group create web

# Create the rule
(overcloud) [stack@director ~]$ openstack security group rule create \
> --protocol tcp \
> --dst-port 80 \
> web
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# Check the results
(overcloud) [stack@director ~]$ openstack security group list
+--------------------------------------+-----------------------+------------------------+----------------------------------+------+
| ID                                   | Name                  | Description            | Project                          | Tags |
+--------------------------------------+-----------------------+------------------------+----------------------------------+------+
| 390b4a25-4acf-48d4-a720-65a04d8278d2 | default               | Default security group | 5d0b01fa01dc48d8b04e306d40edcaeb | []   |
| 4714ea88-543d-4a2a-ba02-6efd30e5754a | ssh                   | ssh                    | ec0e24ddf10841b08ae63fe094e25587 | []   |
| 50d69cd1-a7ff-452a-a458-db72d360c774 | default               | Default security group | 5b51457605f64326a7fac5f66654045e | []   |
| 5d2cf43b-25d7-4b60-a621-1124d9385e1a | default               | Default security group | 28e8e03be4f14efcbbf0618bdf135f25 | []   |
| 8dfce81b-8906-4444-aa3f-c410f464b3ba | lb-health-mgr-sec-grp | lb-health-mgr-sec-grp  | 28e8e03be4f14efcbbf0618bdf135f25 | []   |
| b2c48588-7f5e-4aeb-9b68-f44c0bc08b7b | default               | Default security group | ec0e24ddf10841b08ae63fe094e25587 | []   |
| b52d709b-1336-4a5a-b08e-e9d86c9e07c5 | web                   | web                    | ec0e24ddf10841b08ae63fe094e25587 | []   |
| c83d517a-85bb-458a-8ff4-d7cc5efdcc32 | default               | Default security group | 50e6fca93606496b8a6c043957e4cb1d | []   |
| ef0cee68-2e5f-4204-8b2d-dbba29e13c69 | lb-mgmt-sec-grp       | lb-mgmt-sec-grp        | 28e8e03be4f14efcbbf0618bdf135f25 | []   |
+--------------------------------------+-----------------------+------------------------+----------------------------------+------+

(overcloud) [stack@director ~]$ openstack security group show web
1
2
3
4
5
6
7
8
9
10
11
12
13
# Create the keyPairs
(overcloud) [stack@director ~]$ openstack keypair create webkey > /home/stack/webkey.pem

# Modify the permission
(overcloud) [stack@director ~]$ chmod 600 /home/stack/webkey.pem

# Check the keypair list
(overcloud) [stack@director ~]$ openstack keypair list
+--------+-------------------------------------------------+
| Name   | Fingerprint                                     |
+--------+-------------------------------------------------+
| webkey | f7:e8:e4:be:4a:30:88:50:c2:f0:ec:99:bd:3a:11:c0 |
+--------+-------------------------------------------------+

Network

Internal Network:

  • Network name: engnet
  • Subnet name: engsubnet
  • Network address: 192.168.101.0/24
  • DHCP enabled: Yes

External Network:

  • Network name: public
  • Provider network type: Flat
  • ML2 physical network name: datacentre
  • Subnet name: external
  • Network address: 172.25.250.0/24
  • Allocation pool: 172.25.250.101 - 172.25.250.109
  • External: Yes
  • DHCP enabled: No
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
(overcloud) [stack@director ~]$ openstack subnet create \
> --dhcp \
> --subnet-range 192.168.101.0/24 \
> --network engnet \
> engsubnet
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field             | Value                                                                                                                                                                  |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| allocation_pools  | 192.168.101.2-192.168.101.254                                                                                                                                          |
| cidr              | 192.168.101.0/24                                                                                                                                                       |
| created_at        | 2025-04-14T13:22:26Z                                                                                                                                                   |
| description       |                                                                                                                                                                        |
| dns_nameservers   |                                                                                                                                                                        |
| enable_dhcp       | True                                                                                                                                                                   |
| gateway_ip        | 192.168.101.1                                                                                                                                                          |
| host_routes       |                                                                                                                                                                        |
| id                | ff1be714-007c-4f19-bbc4-824b4509c8c5                                                                                                                                   |
| ip_version        | 4                                                                                                                                                                      |
| ipv6_address_mode | None                                                                                                                                                                   |
| ipv6_ra_mode      | None                                                                                                                                                                   |
| location          | cloud='', project.domain_id=, project.domain_name='Haoyang', project.id='ec0e24ddf10841b08ae63fe094e25587', project.name='Engineering', region_name='regionOne', zone= |
| name              | engsubnet                                                                                                                                                              |
| network_id        | 289659f2-b4eb-43c4-88d4-e368e1e59b0d                                                                                                                                   |
| prefix_length     | None                                                                                                                                                                   |
| project_id        | ec0e24ddf10841b08ae63fe094e25587                                                                                                                                       |
| revision_number   | 0                                                                                                                                                                      |
| segment_id        | None                                                                                                                                                                   |
| service_types     |                                                                                                                                                                        |
| subnetpool_id     | None                                                                                                                                                                   |
| tags              |                                                                                                                                                                        |
| updated_at        | 2025-04-14T13:22:26Z                                                                                                                                                   |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1
2
3
4
5
6
(overcloud) [stack@director ~]$ grep -e 172.25.250 /home/stack/templates/classroom-environment/32-network-environment.yaml 
  ExternalNetCidr: '172.25.250.0/24'
  ExternalAllocationPools: [{'start': '172.25.250.60', 'end': '172.25.250.99'}]
  ExternalInterfaceDefaultRoute: '172.25.250.254'
  DnsServers: ['172.25.250.254','8.8.8.8']
        source: 172.25.250.0/24

Note:
The following error will occur during creation, as only one external network is allowed.
The system has already created provider-datacentre.
Please delete it first before recreating.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
(overcloud) [stack@director ~]$ openstack network create \
> --external \
> --provider-network-type flat \
> --provider-physical-network datacentre \
> public
Error while executing command: ConflictException: 409, Unable to create the flat network. Physical network datacentre is in use.

(overcloud) [stack@director ~]$ openstack network delete provider-datacentre

(overcloud) [stack@director ~]$ openstack network create --external --provider-network-type flat --provider-physical-network datacentre public
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field                     | Value                                                                                                                                                                  |
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up            | UP                                                                                                                                                                     |
| availability_zone_hints   |                                                                                                                                                                        |
| availability_zones        |                                                                                                                                                                        |
| created_at                | 2025-04-14T13:24:32Z                                                                                                                                                   |
| description               |                                                                                                                                                                        |
| dns_domain                |                                                                                                                                                                        |
| id                        | 775da214-c50b-4f51-b2eb-60c631316a09                                                                                                                                   |
| ipv4_address_scope        | None                                                                                                                                                                   |
| ipv6_address_scope        | None                                                                                                                                                                   |
| is_default                | False                                                                                                                                                                  |
| is_vlan_transparent       | None                                                                                                                                                                   |
| location                  | cloud='', project.domain_id=, project.domain_name='Haoyang', project.id='ec0e24ddf10841b08ae63fe094e25587', project.name='Engineering', region_name='regionOne', zone= |
| mtu                       | 1500                                                                                                                                                                   |
| name                      | public                                                                                                                                                                 |
| port_security_enabled     | True                                                                                                                                                                   |
| project_id                | ec0e24ddf10841b08ae63fe094e25587                                                                                                                                       |
| provider:network_type     | flat                                                                                                                                                                   |
| provider:physical_network | datacentre                                                                                                                                                             |
| provider:segmentation_id  | None                                                                                                                                                                   |
| qos_policy_id             | None                                                                                                                                                                   |
| revision_number           | 1                                                                                                                                                                      |
| router:external           | External                                                                                                                                                               |
| segments                  | None                                                                                                                                                                   |
| shared                    | False                                                                                                                                                                  |
| status                    | ACTIVE                                                                                                                                                                 |
| subnets                   |                                                                                                                                                                        |
| tags                      |                                                                                                                                                                        |
| updated_at                | 2025-04-14T13:24:32Z                                                                                                                                                   |
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
(overcloud) [stack@director ~]$ openstack subnet create \
> --no-dhcp \
> --subnet-range 172.25.250.0/24 \
> --allocation-pool start=172.25.250.101,end=172.25.250.109 \
> --gateway 172.25.250.254 \
> --dns-nameserver 172.25.250.254 \
> --network public \
> external
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field             | Value                                                                                                                                                                  |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| allocation_pools  | 172.25.250.101-172.25.250.109                                                                                                                                          |
| cidr              | 172.25.250.0/24                                                                                                                                                        |
| created_at        | 2025-04-14T13:25:27Z                                                                                                                                                   |
| description       |                                                                                                                                                                        |
| dns_nameservers   | 172.25.250.254                                                                                                                                                         |
| enable_dhcp       | False                                                                                                                                                                  |
| gateway_ip        | 172.25.250.254                                                                                                                                                         |
| host_routes       |                                                                                                                                                                        |
| id                | 5210573a-60d9-4c43-bab6-66ec77297b9f                                                                                                                                   |
| ip_version        | 4                                                                                                                                                                      |
| ipv6_address_mode | None                                                                                                                                                                   |
| ipv6_ra_mode      | None                                                                                                                                                                   |
| location          | cloud='', project.domain_id=, project.domain_name='Haoyang', project.id='ec0e24ddf10841b08ae63fe094e25587', project.name='Engineering', region_name='regionOne', zone= |
| name              | external                                                                                                                                                               |
| network_id        | 775da214-c50b-4f51-b2eb-60c631316a09                                                                                                                                   |
| prefix_length     | None                                                                                                                                                                   |
| project_id        | ec0e24ddf10841b08ae63fe094e25587                                                                                                                                       |
| revision_number   | 0                                                                                                                                                                      |
| segment_id        | None                                                                                                                                                                   |
| service_types     |                                                                                                                                                                        |
| subnetpool_id     | None                                                                                                                                                                   |
| tags              |                                                                                                                                                                        |
| updated_at        | 2025-04-14T13:25:27Z                                                                                                                                                   |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
(overcloud) [stack@director ~]$ openstack network list
+--------------------------------------+---------------------+--------------------------------------+
| ID                                   | Name                | Subnets                              |
+--------------------------------------+---------------------+--------------------------------------+
| 289659f2-b4eb-43c4-88d4-e368e1e59b0d | engnet              | ff1be714-007c-4f19-bbc4-824b4509c8c5 |
| 775da214-c50b-4f51-b2eb-60c631316a09 | public              | 5210573a-60d9-4c43-bab6-66ec77297b9f |
| d71997c1-1670-4ebe-b6f7-2c4aa8dcbc7b | lb-mgmt-net         | f772a67a-341d-413f-90ab-bf2163842a43 |
| d75263e1-754d-4276-a663-9188216f86e6 | production-network1 | b232a80d-fe12-4ee6-a01e-b3404dcb522f |
| dcf783e3-c104-4f21-99c3-0093364b4c81 | provider-storage    | 83c7dd52-f1d2-4f39-9ece-16b4f0942dac |
| e6a61a45-ff39-4eb1-aac2-8e0ac624f7e5 | finance-network1    | b4df8042-184b-494f-8a72-2ec171327408 |
+--------------------------------------+---------------------+--------------------------------------+
(overcloud) [stack@director ~]$ openstack  subnet list
+--------------------------------------+--------------------------+--------------------------------------+------------------+
| ID                                   | Name                     | Network                              | Subnet           |
+--------------------------------------+--------------------------+--------------------------------------+------------------+
| 5210573a-60d9-4c43-bab6-66ec77297b9f | external                 | 775da214-c50b-4f51-b2eb-60c631316a09 | 172.25.250.0/24  |
| 83c7dd52-f1d2-4f39-9ece-16b4f0942dac | provider-subnet-172.24.3 | dcf783e3-c104-4f21-99c3-0093364b4c81 | 172.24.3.0/24    |
| b232a80d-fe12-4ee6-a01e-b3404dcb522f | production-subnet1       | d75263e1-754d-4276-a663-9188216f86e6 | 192.168.1.0/24   |
| b4df8042-184b-494f-8a72-2ec171327408 | finance-subnet1          | e6a61a45-ff39-4eb1-aac2-8e0ac624f7e5 | 192.168.1.0/24   |
| f772a67a-341d-413f-90ab-bf2163842a43 | lb-mgmt-subnet           | d71997c1-1670-4ebe-b6f7-2c4aa8dcbc7b | 172.23.0.0/16    |
| ff1be714-007c-4f19-bbc4-824b4509c8c5 | engsubnet                | 289659f2-b4eb-43c4-88d4-e368e1e59b0d | 192.168.101.0/24 |
+--------------------------------------+--------------------------+--------------------------------------+------------------+

Router

  • Router name: cl210-router
  • This router is connected to the external network public and the internal network engnet.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Create the router
(overcloud) [stack@director ~]$ openstack router create cl210-router

# Set the interface of external gateway
(overcloud) [stack@director ~]$ openstack router set --external-gateway public cl210-router

# Set the interface of internal subnet
(overcloud) [stack@director ~]$ openstack router add subnet cl210-router engsubnet

# Check the list of router
(overcloud) [stack@director ~]$ openstack router list
+--------------------------------------+--------------+--------+-------+----------------------------------+
| ID                                   | Name         | Status | State | Project                          |
+--------------------------------------+--------------+--------+-------+----------------------------------+
| 590e3024-35f4-42f2-95b4-87c1afdea3e1 | cl210-router | ACTIVE | UP    | ec0e24ddf10841b08ae63fe094e25587 |
+--------------------------------------+--------------+--------+-------+----------------------------------+

Server

Create an instance (virtual machine) named myserver:

  • The instance belongs to the Engineering project
  • It uses the web image
  • It is launched with the m1.petite flavour
  • The instance is connected to the engnet network
  • The following security groups are attached:
  • ssh
  • web
  • The instance uses a key pair named webkey
  • A floating IP is associated with the instance, selected from the allowed range between 172.25.250.101 and 172.25.250.109
  • The router is connected to both the external network public and the internal network engnet
  • The root password for the instance is redhat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# Finally, create the server
(overcloud) [stack@director ~]$ openstack server create \
> --flavor m1.petite \
> --image web \
> --nic net-id=engnet \
> --security-group ssh \
> --security-group web \
> --key-name webkey \
> --wait \
> shy

(overcloud) [stack@director ~]$ openstack server list
+--------------------------------------+------+--------+-----------------------+-------+--------+
| ID                                   | Name | Status | Networks              | Image | Flavor |
+--------------------------------------+------+--------+-----------------------+-------+--------+
| 232caad5-f79a-4652-8995-9715c0b5cd17 | shy  | ACTIVE | engnet=192.168.101.50 | web   |        |
+--------------------------------------+------+--------+-----------------------+-------+--------+
1
2
3
4
5
6
7
8
9
10
11
12
13
# Create the floating ip
(overcloud) [stack@director ~]$ openstack floating ip create public

# Check the list of floating ip
(overcloud) [stack@director ~]$ openstack floating ip list
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| ID                                   | Floating IP Address | Fixed IP Address | Port | Floating Network                     | Project                          |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| 90511fbd-e927-4882-923a-7fe140b5f8dd | 172.25.250.108      | None             | None | 775da214-c50b-4f51-b2eb-60c631316a09 | ec0e24ddf10841b08ae63fe094e25587 |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+

# Bind the floating ip to server "shy"
(overcloud)[stack@director ~]$ openstack server add floating ip shy 172.25.250.108
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# Login to the Virtual machine in compute1 node
(overcloud) [stack@director ~]$ ssh -i webkey.pem cloud-user@172.25.250.108
[cloud-user@shy ~]$ 

[cloud-user@shy ~]$ sudo -i
[root@shy ~]# yum -y install httpd
[root@shy ~]# systemctl enable --now httpd
[root@shy ~]# echo 1111111111111111111111 > /var/www/html/index.html
[root@shy ~]# curl localhost
1111111111111111111111

# Test on the director node
(overcloud) [stack@director ~]$ curl 172.25.250.108
1111111111111111111111

Delete a VM instance in CLI

Delete the server

1
2
3
source robertrc

openstack server delete shy

Then, Let’s check the server list.

1
2
(overcloud) [stack@director ~]$ openstack server list

Delete the network

1
2
3
openstack network list
openstack network delete engnet
openstack network delete public
1
2
openstack subnet list
openstack subnet delete engsubnet
1
openstack port list --fixed-ip subnet=ff1be714-007c-4f19-bbc4-824b4509c8c5
1
openstack port show 8af1f1d2-6811-475e-9c94-4c2eeba481dc
1
2
Failed to delete network with name or ID 'public': ConflictException: 409: Client Error for url: http://172.25.250.50:9696/v2.0/networks/775da214-c50b-4f51-b2eb-60c631316a09, Unable to complete operation on network 775da214-c50b-4f51-b2eb-60c631316a09. There are one or more ports still in use on the network.
1 of 1 networks failed to delete.

After determine the port , please delete the port at first.

1
openstack port delete 8af1f1d2-6811-475e-9c94-4c2eeba481dc

Then, you could delete the subnet(internal).

1
openstack network delete engnet

Check the port in public(external).

1
openstack port list --network public

Check the port info.

1
openstack port show 6ccb8845-879b-48cd-a871-81d5a9698e1b

Delete the external port.

1
openstack port delete 6ccb8845-879b-48cd-a871-81d5a9698e1b

There will be an error in the terminal, do not worry!
Because we need to cancel the bound with router gate-way.

List the router.

1
openstack router list
1
openstack router unset --external-gateway cl210-router

So intersting! After we unset the external gateway, the original port we want to delete was removed automatically.

Then, we could delete the external network called “public”.

1
openstack network delete public

Then, the router is also useless, please delete it!

1
openstack router delete cl210-router

Delete the security group

1
(overcloud) [stack@director ~]$ openstack security group delete ssh web

Check the list of security groups.

1
openstack security group list

Delete the iamge

1
openstack image delete web

Check the list of images.

1
openstack image list

Delete the key pairs

1
openstack keypair delete webkey

Check the list of keypairs.

1
openstack keypair list

Delete the flavor (instance type)

1
openstack flavor delete m1.petite

Check the list of flavor.

1
openstack flavor list

Up to now, all configurations are deleted successfully!