How to Manage OpenStack Networks via the Command Line

Published on: September 9, 2016

By default, an OpenStack project does not have any networks. These can easily be created and modified from the command line.

Make sure that the “neutron” and “nova” commands are installed.

Network Creation

1. Create an internal network and a subnet tied to that network. This assumes that the network being created is using the “10.0.0.0/24” range.

$ neutron net-create <NETWORK_NAME>
$ neutron subnet-create –name <SUBNET_NAME> <NETWORK_NAME> 10.0.0.0/24

2a. Create an instance with networking.

$ neutron net-list
$ nova boot –image CentOS-7 –flavor “Medium – 002.0020.0040” –nic net-id=<NETWORK_ID>

2b. Attach a network to an existing instance.

$ neutron net-list
$ nova interface-attach –net-id <NETWORK_ID> <INSTANCE_NAME>

Assigning Public IPs

For public access, a floating IP will need to be used.

1. Allocate a public IP to the project.

$ neutron floatingip-create ext-net

2. Create the router and then assign it to the “ext-net” external network.

$ neutron router-create <ROUTER_NAME>
$ neutron router-gateway-set ext-net

3. Assign a subnet to a router.

$ neutron router-interface-add <ROUTER_NAME> <SUBNET_NAME>

4. Associate a floating IP to a network interface attached to an instance.

$ neutron port-list
$ neutron floatingip-list
$ neutron floatingip-associate <FLOATINGIP_ID> <PORT_ID>

Configuring Remote Access

Remote connections to Linux (TCP port 22) are made via SSH while Windows uses RDP (TCP/UDP port 3389). An SSH key pair should be generated or uploaded.

1a. Create a new SSH key pair and provide it with an associated name.

$ nova keypair-add <KEYPAIR_NAME>

1b. Upload a public SSH key.

$ nova keypair-add –pub-key <PATH_TO_PUBLIC_SSH_KEY> <KEYPAIR_NAME>

2a. Linux servers use the “cloud-user” user name.

$ ssh -l cloud-user -p 22 <FLOATING_IP>

2b. Windows servers are assigned a random Administrator password. The “python-novaclient” command line utility can be installed to manually get the password. Nova verifies that the private SSH key is associated with the Windows instance’s public key before providing the password.

$ nova get-password ~/.ssh/id_rsa

Managing Firewall Rules

The SSH access is allowed on TCP port 22 by the Default security group firewall. Other rules can be added, removed, and/or modified.

1a. Manage security groups. This firewall is at the instance level. Documentation about this can be found here: [ http://docs.openstack.org/user-guide/cli-nova-configure-access-security-for-instances.html ].

$ nova help secgroup-create
$ nova help secgroup-add-rule

1b. Manage Firewalls as a Service (FWaaS). This firewall is at the router level. A rule is added to a policy that can then be applied to a firewall. Documentation about this can be found here: [ https://access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/7/paged/networking-guide/chapter-16-configure-firewall-as-a-service-fwaas ].

$ neutron help firewall-create
$ neutron help firewall-rule-create
$ neutron help firewall-policy-create



Back To Top