Skip to content

Sharing network between two projects

This procedure will show you how to connect two projects on internal network.

It allows use to synchronise production and preproduction environment on several projects for example.

Prerequisite

Have 2 or more projects.

On our first project

[~] > openstack project list -c ID -f value
d7b8d09e392c4f26a3c6499c114ac242

Firstly, we need to create our network that will be shared

openstack network create <SHARED_NETWORK_NAME>

Then, to simplifying our network division, we are going to create two subnets.

One for instances on our project, one shared with another project.

openstack subnet create --subnet-range <SHARED_NETWORK_RANGE> --gateway none --network <SHARED_NETWORK_NAME> --allocation-pool start=<SHARED_NETWORK_DHCP_START>,end=<SHARED_NETWORK_DHCP_END> <SHARED_SUBNET_NAME>
openstack subnet create --subnet-range <LOCAL_NETWORK_RANGE> --gateway none --network <SHARED_NETWORK_NAME> --allocation-pool start=<LOCAL_NETWORK_DHCP_START>,end=<LOCAL_NETWORK_DHCP_END> <LOCAL_SUBNET_NAME>

We share this network (And associated subnets) with the second project :

NETWORK_ID=$(openstack network list --name <SHARED_NETWORK_NAME> -c ID -f value)
openstack network rbac create --target-project <TARGET_PROJECT_ID> --action access_as_shared --type network ${NETWORK_ID}

Finally, just create a port on the local subnet and instance associated with :

openstack port create --network <SHARED_NETWORK_NAME> --fixed-ip subnet=<LOCAL_SUBNET_NAME> <LOCAL_PORT_NAME>
openstack server create --flavor a1-ram2-disk20-perf1 --image "Debian 11 bullseye" --port <LOCAL_PORT_NAME> --security-group default --key-name <KEY_NAME> <INSTANCE_NAME>

On our second (Or more) project

[~] > openstack project list -c ID -f value
33a2d1e1914348868cd0bd6a2b7d2412

As network is already shared with rbac policy, we can create port on that network :

openstack port create --network <SHARED_NETWORK_NAME> --fixed-ip subnet=<SHARED_SUBNET_NAME> <SHARED_PORT_NAME>
Then create the instance attached to the port created above :
openstack server create --flavor a1-ram2-disk20-perf1 --image "Debian 11 bullseye" --network <PUBLIC_NETWORK_NAME> --port <SHARED_PORT_NAME> --security-group default --key-name <KEY_NAME> <INSTANCE_NAME>
We also connect our instance on external network to simplify access through Internet

As you can see both instances are connected through their local ip.

root@public_instance:~# ping -c1 192.168.200.109
PING 192.168.200.109 (192.168.200.109) 56(84) bytes of data.
64 bytes from 192.168.200.109: icmp_seq=1 ttl=64 time=0.292 ms

--- 192.168.200.109 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms

This is a basic example of what rbac allows us, to adapt to your needs.