Ask Your Question

A.Richards's profile - activity

2015-10-13 10:48:18 -0500 received badge  Enthusiast
2014-12-01 16:53:55 -0500 received badge  Nice Answer (source)
2014-07-22 15:06:50 -0500 received badge  Supporter (source)
2014-02-26 06:31:45 -0500 received badge  Famous Question (source)
2013-12-16 01:00:49 -0500 received badge  Teacher (source)
2013-12-09 11:34:20 -0500 received badge  Notable Question (source)
2013-12-06 09:29:46 -0500 received badge  Scholar (source)
2013-12-06 00:36:30 -0500 received badge  Popular Question (source)
2013-12-05 16:05:16 -0500 answered a question Can I restrict the use of my external network?

darragh-oreilly's comment answered my question. As long as the external network is not shared, it is only available to tenants with non-admin roles to connect their routers, but not their VMs.

2013-12-05 16:01:43 -0500 commented question Can I restrict the use of my external network?

You're right. At some point in my tinkering I had set my external network to be "shared". When I tried again without that option the other tenants could hook their routers up to the external network but not their VMs. Thanks!

2013-12-05 13:57:00 -0500 answered a question Is mirantis OpenStack distro sufficient to get openstack up and running?

Yes, Mirantis uses their Fuel libraries to deploy production OpenStack environments. They use the command line when they are using it because that gives them the most control. If you are using Fuel Web's GUI, you don't get as many deployment options compared to the command line, but the ones you do have access to can be considered "production" depending on your use case.

2013-12-05 12:57:56 -0500 received badge  Editor (source)
2013-12-05 12:57:28 -0500 answered a question How to install havana on a single Node?

Canonical has a wiki page ( https://help.ubuntu.com/community/UbuntuCloudInfrastructure ) that lays out the options for installing OpenStack on Ubuntu. There isn't a direct analog to packstack, but there is a bootable live image and their MAAS+Juju orchestration suite.

2013-12-05 12:42:03 -0500 commented answer What are the current limits for the number of tenants networks for VLAN and GRE in Neutron?

Many switches do not support more than 1,000 unique VLAN IDs. Check your specs for the number of VLAN IDs your switch supports.

2013-12-05 12:27:11 -0500 asked a question Can I restrict the use of my external network?

I've got my Neutron set up (RDO Havana on CentOS 6.5) and it seems to be working for passing traffic in and out of the external interface to and from my VMs. I can assign floating IPs, I can ssh in with the floating IPs, I can ssh out from my VMs, all good there. What I'd like to be able to do is restrict the use of the external network so that VMs cannot be connected directly to it.

Here is my OVS config:

[ovs]
tenant_network_type = vlan
network_vlan_ranges = physnet1:4:4,physnet1:101:104,physnet2:2:2
bridge_mappings = physnet1:br-private,physnet2:br-ex

And here are the commands I ran to set up the external network:

$ neutron net-create external --provider:network_type=vlan --provider:physical_network=physnet2 --provider:segmentation_id=2 --router:external=true --shared

$ neutron subnet-create external 10.15.0.0/16 --disable-dhcp --gateway=10.15.0.1 --allocation-pool --start=10.15.99.10,end=10.15.99.99 --name=LAB

Here is what my topology looks like:

-------external---------------------------------------10.15.0.0/16-----
    |
  [tenant_net_router]
    |
-------tenant_net-------------------------------------192.168.0.0/24---
                           |          |          |     
                          [VM]       [VM]       [VM]

I want multiple tenants to be able to route their networks out to the external network via their respective routers, but I don't want any tenants to place VMs directly on the external network. Can that be done?