Sharing network between two projects
This procedure will show you how to connect two projects on internal network.
It allows use to synchronise production and preproduction environment on several projects for example.
Prerequisite
Have 2 or more projects.
On our first project
[~] > openstack project list -c ID -f value
d7b8d09e392c4f26a3c6499c114ac242
Firstly, we need to create our network that will be shared
openstack network create <SHARED_NETWORK_NAME>
Then, to simplifying our network division, we are going to create two subnets.
One for instances on our project, one shared with another project.
openstack subnet create --subnet-range <SHARED_NETWORK_RANGE> --gateway none --network <SHARED_NETWORK_NAME> --allocation-pool start=<SHARED_NETWORK_DHCP_START>,end=<SHARED_NETWORK_DHCP_END> <SHARED_SUBNET_NAME>
openstack subnet create --subnet-range <LOCAL_NETWORK_RANGE> --gateway none --network <SHARED_NETWORK_NAME> --allocation-pool start=<LOCAL_NETWORK_DHCP_START>,end=<LOCAL_NETWORK_DHCP_END> <LOCAL_SUBNET_NAME>
We share this network (And associated subnets) with the second project :
NETWORK_ID=$(openstack network list --name <SHARED_NETWORK_NAME> -c ID -f value)
openstack network rbac create --target-project <TARGET_PROJECT_ID> --action access_as_shared --type network ${NETWORK_ID}
Finally, just create a port on the local subnet and instance associated with :
openstack port create --network <SHARED_NETWORK_NAME> --fixed-ip subnet=<LOCAL_SUBNET_NAME> <LOCAL_PORT_NAME>
openstack server create --flavor a1-ram2-disk20-perf1 --image "Debian 11 bullseye" --port <LOCAL_PORT_NAME> --security-group default --key-name <KEY_NAME> <INSTANCE_NAME>
On our second (Or more) project
[~] > openstack project list -c ID -f value
33a2d1e1914348868cd0bd6a2b7d2412
As network is already shared with rbac policy, we can create port on that network :
openstack port create --network <SHARED_NETWORK_NAME> --fixed-ip subnet=<SHARED_SUBNET_NAME> <SHARED_PORT_NAME>
openstack server create --flavor a1-ram2-disk20-perf1 --image "Debian 11 bullseye" --network <PUBLIC_NETWORK_NAME> --port <SHARED_PORT_NAME> --security-group default --key-name <KEY_NAME> <INSTANCE_NAME>
As you can see both instances are connected through their local ip.
root@public_instance:~# ping -c1 192.168.200.109
PING 192.168.200.109 (192.168.200.109) 56(84) bytes of data.
64 bytes from 192.168.200.109: icmp_seq=1 ttl=64 time=0.292 ms
--- 192.168.200.109 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms
This is a basic example of what rbac allows us, to adapt to your needs.