Allow instances access provider networking directly using RBAC
Jump to navigation
Jump to search
root@kolla-deploy:/kolla# openstack network list +--------------------------------------+---------------------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+---------------------+--------------------------------------+ | 27b5b48e-396e-4891-ac79-0e23a9e57c5a | local-microgen-sby | a97028b8-1425-44b4-bf92-8b3999d58916 | | 38af798d-f57a-480b-a6de-f3e1df37e43a | local-scmprr | da92bde5-e19a-4af7-a1a8-fb34e784b92b | | 41974282-108c-472d-9ea5-48ab615b819b | local-scmperuri-sby | bc79a510-36a7-421c-ae83-a3afd69e04b6 | | 592150f9-21cc-4bbf-88a5-e868341e7bff | lokal | 0e3117b3-2187-45da-85fa-0d5a1ee0e803 | | 5fea07cb-75d3-4f9f-81fe-d397a1bddcb5 | public1 | e9f5426a-86ce-4f98-88c5-536a13b07674 | | cad03a12-e9d9-4970-890a-596e58f677cb | Rancher-net | a86c396e-7dee-4544-886a-573e33518b95 | | e260a95f-cea4-48b4-829e-6755ef6e701f | demo-net | ab4e219f-f35d-44fc-8ec5-7af78b20dde8 | +--------------------------------------+---------------------+--------------------------------------+ root@kolla-deploy:/kolla# openstack project list +----------------------------------+-----------+ | ID | Name | +----------------------------------+-----------+ | 076ab7eb69ad4dedaf13aae7abf16c9b | SCMPeruri | | 213e9d5a916c442086dec150a9bbca91 | admin | | 37d086b4386948209261ebfffcf58fd3 | Rancher | | 86ff7d8984d9469596fafa2f120c9f57 | service | | e38a959cdef34c4693ca71546c8d1775 | Microgen | +----------------------------------+-----------+ # to allow the SCMPeruri, Rancher and Microgen projects to access the public1 network as shared so that they can create VMs on it use Role based Access control like this to link the network UUID to the project: root@kolla-deploy:/kolla# openstack network rbac create --target-project 076ab7eb69ad4dedaf13aae7abf16c9b --action access_as_shared --type network 5fea07cb-75d3-4f9f-81fe-d397a1bddcb5 +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | action | access_as_shared | | id | 8804f7be-d3e1-4f8b-8f79-ae465158d711 | | name | None | | object_id | 5fea07cb-75d3-4f9f-81fe-d397a1bddcb5 | | object_type | network | | project_id | 213e9d5a916c442086dec150a9bbca91 | | target_project_id | 076ab7eb69ad4dedaf13aae7abf16c9b | +-------------------+--------------------------------------+ root@kolla-deploy:/kolla# openstack network rbac create --target-project 37d086b4386948209261ebfffcf58fd3 --action access_as_shared --type network 5fea07cb-75d3-4f9f-81fe-d397a1bddcb5 +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | action | access_as_shared | | id | 1b1b99c3-3a63-4b53-bbdd-6e2ba54c9062 | | name | None | | object_id | 5fea07cb-75d3-4f9f-81fe-d397a1bddcb5 | | object_type | network | | project_id | 213e9d5a916c442086dec150a9bbca91 | | target_project_id | 37d086b4386948209261ebfffcf58fd3 | +-------------------+--------------------------------------+ root@kolla-deploy:/kolla# openstack network rbac create --target-project e38a959cdef34c4693ca71546c8d1775 --action access_as_shared --type network 5fea07cb-75d3-4f9f-81fe-d397a1bddcb5 +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | action | access_as_shared | | id | 4b55a781-b4d5-43cb-bff0-3f649df1b6ea | | name | None | | object_id | 5fea07cb-75d3-4f9f-81fe-d397a1bddcb5 | | object_type | network | | project_id | 213e9d5a916c442086dec150a9bbca91 | | target_project_id | e38a959cdef34c4693ca71546c8d1775 | +-------------------+--------------------------------------+ #Finally to let them create VMs on it DHCP needs to be enabled on it note that the UUID here is the subnet ID not the network UUID openstack subnet set --dhcp ab4e219f-f35d-44fc-8ec5-7af78b20dde8