|
|
|
# User Guide: First Project Setup
|
|
|
|
|
|
|
|
A new project ist totally empty first. In order to create and use virtual machines, the private networking must be created.
|
|
|
|
|
|
|
|
## Setup private networking
|
|
|
|
|
|
|
|
### 1. Create a private network:
|
|
|
|
- Go to ``http://omistack/dashboard/project/networks/`` and press ``create network``.
|
|
|
|
- Network-Tab:
|
|
|
|
- Enter _Network Name_ to ``$PROJECT_NAME-net`` e.g. cactos-net
|
|
|
|
- _Admin State_ must be checked (if not, network is inactive)
|
|
|
|
- Subnet-Tab:
|
|
|
|
- _Create Subnet_ must be checked
|
|
|
|
- _Subnet Name_ should be empty
|
|
|
|
- _Network Address_ set to 192.168.X.0/24 (X must be a free address, ask omistack admin!)
|
|
|
|
- _IP Version_ must be IPv4 (IPv6 not supported)
|
|
|
|
- _Gateway IP_ set to 192.168.X.1
|
|
|
|
- _Disable Gateway_ should not be checked if you want access to the internet
|
|
|
|
- Subnet-Details-Tab:
|
|
|
|
- _Enable DHCP_ must be checked
|
|
|
|
- _DNS Name Servers_ must be set to a valid DNS server e.g. ``134.60.1.111``
|
|
|
|
- rest is optional
|
|
|
|
|
|
|
|
### 2. Create a router:
|
|
|
|
The project network is working now. The virtual machines linked to that network are not able to access the internet. Public Floating IPs are not allowed to be associated to virtual machines.
|
|
|
|
To solve those two issues, a router is needed between the external network and the project network.
|
|
|
|
- Go to ``http://omistack/dashboard/project/routers/`` and press ``create router``.
|
|
|
|
- Enter _Router Name_ to ``$PROJECT_NAME-router`` e.g. cactos-router
|
|
|
|
- Save router
|
|
|
|
- Click ``set gateway`` and select the ``external`` network
|
|
|
|
- Click on the router's name
|
|
|
|
- In the next view, add click the button ``add interface``
|
|
|
|
- select your project network and save
|
|
|
|
|
|
|
|
### 3. Access external net from a VM:
|
|
|
|
If the project network is created and a router connects the project network and the external network, your virtual machines are able to access the public internet. OpenStack is doing NAT with the Omistack-Networknode's public IP address.
|
|
|
|
|
|
|
|
### 4. Access a vm net from the external net:
|
|
|
|
If you want to have access to a virtual machine, you need a ``floating IP`` associated to the vm. Your vm does not know this public address! OpenStack always translates the floating IP address to the vm's IP in the project network.
|
|
|
|
|
|
|
|
OpenStack has a firewall which blocks all ports to the floating IP by default. You can create ``Security groups`` and define rules like port forwardings there. The security groups must then be assigned to your virtual machine.
|
|
|
|
Example Setup: if you want to access your VM using SSH
|
|
|
|
- create a new security group with name SSH http://omistack/dashboard/project/access_and_security/
|
|
|
|
- within ``manage rules`` you can add a new rule e.g. to allow SSH (or TCP Port 22) from everywhere (0.0.0.0/0)
|
|
|
|
- Don't forget to add this rule to your virtual machine:
|
|
|
|
- http://omistack/dashboard/project/instances/
|
|
|
|
- ``More`` - ``Edit Security Groups``
|
|
|
|
|
|
|
|
|
