notes blog about

Networking (Neutron)

Allowed Address Pairs - feature that allows adding additional IP/MAC address pairs on a port to allow traffic that matches those specified values

Floating IP address (FIP) - Each instance has a private, fixed IP address and can also have a public, or floating IP address. Private IP addresses are used for communication between instances, and public addresses are used for communication with networks outside the cloud, including the Internet.

Virtual IP address (VIP) - is an IP address that is shared among two or more instances (VMs). Can be implemented using the Allowed Address Pair ^.

Useful commands:

openstack network list              # all nets
openstack network show <id>         # details
openstack ip availability show <id> # IP addresses

Security Groups (SGs)

SG

Heat template example - SG + the port it gets applied to:

resources:
  sg_22:
    type: OS::Neutron::SecurityGroup
    properties:
      name:
        list_join: ['-', [ {get_param: "OS::stack_name"}, ssh]]
      description: Allow 22 from all
      rules:
        - direction: ingress
          ethertype: IPv4
          protocol: tcp
          port_range_min: 22
          port_range_max: 22
          remote_ip_prefix: 0.0.0.0/0
  port2_docker0:
    type: OS::Neutron::Port
    properties:
      name:
        list_join: ['-', [ {get_param: "OS::stack_name"}, port2-docker0]]
      admin_state_up: true
      network_id: { get_param: my_network }
      security_groups:
        - { get_resource: sg_22 }

Orchestration (Heat)

heat stack-list
heat stack-show <id>
heat resource-list <id>                         # list stack resources
heat resource-show <stack-id> <resource-name>   # resource details

Tips and tricks

Releases (Ocata, Pike, …)

Initiliaze env. vars:

source ~/.openrc

Monitor stack progress when creating/deleting/updating:

watch 'openstack stack event list <stack-name> | tail -n 30'