Networks in openstack can have the external flag set. If that flag is set it is visible for all openstack projects, and all openstack projects are able to create routers connecting to this network for external access, and create floating-ip's which can be assigned to virtual machines.
Default external networks
Our installations usually have two external networks:
- ntnu-internal - An RFC1918 network available troughout all NTNU networks.
- ntnu-global - A globally numbered network accessible from the whole internet.
The ntnu-internal network is available to all projects, while the ntnu-global networks are only available to projects which have requested access to these.
Give a project access to use a network as an external network.
To give a certain project access to the external network, you would need to add that project to the network's RBAC list. To add a project with the ID "5b23998288424b65af422700a5ecd081" you can use the following command:
$ openstack network rbac create --type network --action access_as_external --target-project 5b23998288424b65af422700a5ecd081 0b537b33-d135-493a-bd97-3d5ce9e6dea6
The command needs the network ID (0b537b33-d135-493a-bd97-3d5ce9e6dea6). To find the correct ID for your environment the following command might be useful:
$ openstack network list -c Name -c ID --external +--------------------------------------+---------------+ | ID | Name | +--------------------------------------+---------------+ | 0b537b33-d135-493a-bd97-3d5ce9e6dea6 | ntnu-global | | 730cb16e-a460-4a87-8c73-50a2cb2293f9 | ntnu-internal | +--------------------------------------+---------------+