CL110 - ch03s06

Bookmark this page

Guided Exercise: Implementing Tenant, Provider and External Networks

In this exercise, you will verify the architecture for each of the overcloud network types.

Outcomes

You should be able to verify the architecture of the overcloud network types.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command ensures that all resources required for the exercise are present.

[student@workstation ~]$ lab networking-types start

Procedure 3.1. Instructions

This guided exercise is in two parts. In part 1 you use the CLI, and in part 2 you use the Dashboard.

As the developer1 user, use the CLI to explore a tenant network and subnet.

On workstation, open a terminal. Source the /home/student/developer1-finance-rc environment file to export the developer1 user credentials.
```
[student@workstation ~]$ source ~/developer1-finance-rc
```

Use the openstack network show command with the --max-width option to show the details of finance-network1. Note that provider:network_type and provider:segmentation_id have a value of None. The router:external field has a value of Internal and the shared field has a value of False.

[student@workstation ~(developer1-finance)]$ openstack network show \
> finance-network1 --max-width 80
+---------------------------+--------------------------------------------------+
| Field                     | Value                                            |
+---------------------------+--------------------------------------------------+
...output omitted...
| name                      | finance-network1                                 |
| port_security_enabled     | True                                             |
| project_id                | c0cbb4890bcd45828bf31dc1d64fe5cd                 |
| provider:network_type     | None                                             |
| provider:physical_network | None                                             |
| provider:segmentation_id  | None                                             |
| qos_policy_id             | None                                             |
| revision_number           | 2                                                |
| router:external           | Internal                                         |
| segments                  | None                                             |
| shared                    | False                                            |
...output omitted...

Source the /home/student/operator1-finance-rc environment file to export the operator1 user credentials. Run the openstack network show command again. Notice the different values for some fields. Some values can only be seen by users with admin privileges.

[student@workstation ~(developer1-finance)]$ source ~/operator1-finance-rc
[student@workstation ~(operator1-finance)]$ openstack network show \
> finance-network1 --max-width 80
+---------------------------+--------------------------------------------------+
| Field                     | Value                                            |
+---------------------------+--------------------------------------------------+
...output omitted...
| name                      | finance-network1                                 |
| port_security_enabled     | True                                             |
| project_id                | c0cbb4890bcd45828bf31dc1d64fe5cd                 |
| provider:network_type     | geneve                                           |
| provider:physical_network | None                                             |
| provider:segmentation_id  | 95                                               |
| qos_policy_id             | None                                             |
| revision_number           | 2                                                |
| router:external           | Internal                                         |
| segments                  | None                                             |
| shared                    | False                                            |
| status                    | ACTIVE                                           |
| subnets                   | 66b8efce-51d5-48ca-8e5f-bbef8b5ef58f             |
...output omitted...

Note the subnet ID for the next step.

As the domain operator, operator1, explore the details of finance-subnet1. Examine the allocation pools, DNS name servers, DHCP configuration, and the gateway IP.

Use the openstack subnet show command to show the subnet configuration. The --max-width option provides a readable output.

[student@workstation ~(operator1-finance)]$ openstack subnet show \
> 66b8efce-51d5-48ca-8e5f-bbef8b5ef58f --max-width 80
+-------------------+----------------------------------------------------------+
| field            | value                                                    |
+-------------------+----------------------------------------------------------+
| allocation_pools  | 192.168.1.2-192.168.1.254                                |
| cidr              | 192.168.1.0/24                                           |
| created_at        | 2020-06-10T14:46:52Z                                     |
| description       |                                                          |
| dns_nameservers   | 172.25.250.254                                           |
| enable_dhcp       | True                                                     |
| gateway_ip        | 192.168.1.1                                              |
| host_routes       |                                                          |
| id                | 66b8efce-51d5-48ca-8e5f-bbef8b5ef58f                     |
| ip_version        | 4                                                        |
| ipv6_address_mode | None                                                     |
| ipv6_ra_mode      | None                                                     |
| location          | cloud='', project.domain_id=,                            |
|                   | project.domain_name='Example',                           |
|                   | project.id='c0cbb4890bcd45828bf31dc1d64fe5cd',           |
|                   | project.name='finance', region_name='regionOne', zone=   |
| name              | finance-subnet1                                          |
| network_id        | bcf96725-88f5-4a5e-a2c9-9e89fb7eb255                     |
| prefix_length     | None                                                     |
| project_id        | c0cbb4890bcd45828bf31dc1d64fe5cd                         |
| revision_number   | 0                                                        |
| segment_id        | None                                                     |
| service_types     |                                                          |
| subnetpool_id     | None                                                     |
| tags              |                                                          |
| updated_at        | 2020-06-10T14:46:52Z                                     |
+-------------------+----------------------------------------------------------+

DHCP is enabled by default when a subnet is created.

As the domain operator, operator1, verify the configuration of the provider network provider-datacentre.

[student@workstation ~(operator1-finance)]$ openstack network show \
> provider-datacentre --max-width 80
+---------------------------+--------------------------------------------------+
| Field                     | Value                                            |
+---------------------------+--------------------------------------------------+
...output omitted...
| name                      | provider-datacentre                              |
| port_security_enabled     | True                                             |
| project_id                | b04181074c884a89acc6469595599083                 |
| provider:network_type     | flat                                             |
| provider:physical_network | datacentre                                       |
| provider:segmentation_id  | None                                             |
| qos_policy_id             | None                                             |
| revision_number           | 2                                                |
| router:external           | External                                         |
| segments                  | None                                             |
| shared                    | True                                             |
| status                    | ACTIVE                                           |
| subnets                   | 655df137-b2e3-4e3d-9b52-98221b7abf24             |
...output omitted...

Take note of the different fields and values when compared to a tenant network. Specifically, provider:network_type, provider:physical_network, router:external, and shared.

Use the openstack subnet show command to show the details of the provider-datacentre subnet. Use the ID from the previous step to show the correct subnet.

[student@workstation ~(operator1-finance)]$ openstack subnet show \
> 655df137-b2e3-4e3d-9b52-98221b7abf24 --max-width 80
+-------------------+----------------------------------------------------------+
| Field             | Value                                                    |
+-------------------+----------------------------------------------------------+
| allocation_pools  | 172.25.250.101-172.25.250.189                            |
| cidr              | 172.25.250.0/24                                          |
| created_at        | 2020-04-19T11:05:12Z                                     |
| description       |                                                          |
| dns_nameservers   | 172.25.250.254                                           |
| enable_dhcp       | False                                                    |
| gateway_ip        | 172.25.250.254                                           |
| host_routes       |                                                          |
| id                | 655df137-b2e3-4e3d-9b52-98221b7abf24                     |
...output omitted...

Note the allocation pools, DNS name servers, DHCP configuration, and the gateway IP.

On controller0, use the ovs-vsctl command to list the bridges on br-ex and br-int. Compare the configuration with provider-datacentre and the overcloud nodes.

Open a new terminal window. Use the ssh command to log in to controller0 as heat-admin.

[student@workstation ~(operator1-finance)]$ ssh heat-admin@controller0
[heat-admin@controller0 ~]$

Use the su - command to gain root privileges. The password is redhat.

[heat-admin@controller0 ~]$ su -
Password: redhat
[root@controller0 ~]#

Use the ovs-vsctl command to list the bridges on the controller0 node. Notice that the patch port on both br-ex and br-int match the ID of the provider-datacentre network.

[root@controller0 ~]# ovs-vsctl show
Bridge br-ex
    fail_mode: standalone
    Port br-ex
         Interface br-ex
             type: internal
    Port "eth2"
         Interface "eth2"
    Port "patch-provnet-ef95203b-7c9f-46c0-b328-e51aa7729798-to-br-int"
         Interface "patch-provnet-ef95203b-7c9f-46c0-b328-e51aa7729798-to-br-int"
             type: patch
             options: {peer="patch-br-int-to-provnet-ef95203b-7c9f-46c0-b328-e51aa7729798"}
Bridge br-int
    fail_mode: secure
    Port "ovn-0102a3-0"
        Interface "ovn-0102a3-0"
             type: geneve
             options: {csum="true", key=flow, remote_ip="172.24.2.12"}
    Port "patch-br-int-to-provnet-ef95203b-7c9f-46c0-b328-e51aa7729798"
        Interface "patch-br-int-to-provnet-ef95203b-7c9f-46c0-b328-e51aa7729798"
             type: patch
             options: {peer="patch-provnet-ef95203b-7c9f-46c0-b328-e51aa7729798-to-br-int"}
    Port "ovn-1af225-0"
        Interface "ovn-1af225-0"
             type: geneve
             options: {csum="true", key=flow, remote_ip="172.24.2.6"}
    Port "o-hm0"
        Interface "o-hm0"
             type: internal
    Port "ovn-a643d0-0"
        Interface "ovn-a643d0-0"
             type: geneve
             options: {csum="true", key=flow, remote_ip="172.24.2.2"}
...output omitted...

In the other terminal window, use the openstack hypervisor list command to list compute node hypervisors. Note that the IP addresses of the compute nodes match those in the previous output.

[student@workstation ~(operator1-finance)]$ openstack hypervisor list \
> -c "Hypervisor Hostname" -c "Host IP"
+-----------------------------------+-------------+
| Hypervisor Hostname               | Host IP     |
+-----------------------------------+-------------+
| compute0.overcloud.example.com    | 172.24.1.2  |
| computehci0.overcloud.example.com | 172.24.1.6  |
| compute1.overcloud.example.com    | 172.24.1.12 |
+-----------------------------------+-------------+

Note

Use the Dashboard to perform the following steps.

Use the Dashboard to verify the network and subnet for the tenant network finance-network1 and subnet finance-subnet1.
1. On workstation, open Firefox and navigate to http://dashboard.overcloud.example.com. Log in to the Dashboard using Example as the domain, operator1 as the user, and redhat as the password. Confirm that the selected project is finance.
2. Navigate to Project+Network → Network Topology.
  Notice that each network is represented by an individual color. Note the network finance-network1 and the instance finance-server1 attached to the network. To see the name of the instance, hover the mouse over the instance icon.
3. Click finance-network1 to display the Overview page, where you can see the status of the external network, provider network type, and segmentation ID.
4. Click Subnets and then click finance-subnet1 to display the IP allocation pools, the gateway IP, the DHCP configuration, and the DNS name servers.
5. Click the back button and then click Ports. Note that there are two ports. One of the Attached Devices is the DHCP server, the other one is the port of instance finance-server1.
Verify the configuration of provider-datacentre.
1. Click Networks again and then click provider-datacentre. Go to the the Overview page. Note the status of the shared, external network and provider network fields.
2. Click Subnets. Click the name of the subnet. Note the IP allocation pools, gateway IP, DHCP configuration, and DNS same servers.
3. Click back in the navigator and click Ports. There is one port attached to network:dhcp.
4. Sign out of the Dashboard.

Finish

On the workstation machine, use the lab command to complete this exercise. This is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab networking-types finish

This concludes the guided exercise.

Discuss Red Hat OpenStack Administration I: Core Operations for Domain Operators

Go to community

Red Hat OpenStack Administration I: Core Operations for Domain Operators (CL110)

Haley_Ruccio

1 sie 2023

Learn to operate a Red Hat® OpenStack Platform private cloud and manage domain resources to secure and deploy modern, scalable cloud applications, networks and storageRed Hat OpenStack Administration I: Core Operations for Domain Operators (CL110) teaches you how to operate and manage a production Red Hat OpenStack Platform (RHOSP) single-site overcloud. You will learn how to create secure project environments in which to provision resources and manage security privileges that cloud users need to deploy scalable cloud applications. You will learn about OpenShift integration with load balancers, identity management, monitoring, proxies, and storage. You will also develop more troubleshooting and Day 2 operations skills in this course.This course is based on Red Hat OpenStack Platform 16.1.Course content summaryStudents in the Red Hat OpenStack Administration I: Core Operations for Domain Operators (CL110) course will focus on performing both routine and specialized tasks that are necessary to manage a production OpenStack overcloud domain. Students will manage OpenStack using both web-based and command-line interfaces. Essential skills covered in the course include the following:Launch instances to satisfy various use case examples.Manage domains, projects, users, roles, and quota in a multitenant environment.Manage networks, subnets, routers, and floating IP addresses.Manage instance security with group rules and access keys.Create and manage block, object and shared storage within OpenStack.Perform instance launch customization with cloud-init.Deploy scalable applications using stack templates.Audience for this courseThis course is designed for cloud users who deploy application instances and stacks, domain operators who manage resources and security for cloud users, and any other cloud personnel interested in, or responsible for, maintaining applications on private or hybrid OpenStack clouds. Any cloud persona, or personnel with roles that include performing technology evaluation, should attend this course to learn RHOSP operation and application deployment methods.Prerequisites for this courseBecome a Red Hat Certified System Administrator (RHCSA) or demonstrate equivalent experienceIf you are not a RHCSA, you can take a skill assessment to gauge your level of knowledge.

Welcome to the Red Hat OpenStack Administration I (CL110) group in the Red Hat Learning Community!

Syed

31 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course CL110! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to CL110.Read more about Red Hat OpenStack Administration I: Core Operations for Domain Operators here.

Revision: cl110-16.1-4c76154