Using OpenStack Network¶
Before working with the Network service, you’ll need to create a connection
to your OpenStack cloud by following the Connect user guide. This will
provide you with the conn
variable used in the examples below.
The primary resource of the Network service is the network.
List Networks¶
A network is an isolated Layer 2 networking segment. There are two types of networks, project and provider networks. Project networks are fully isolated and are not shared with other projects. Provider networks map to existing physical networks in the data center and provide external network access for servers. Only an OpenStack administrator can create provider networks. Networks can be connected via routers.
def list_networks(conn):
print("List Networks:")
for network in conn.network.networks():
print(network)
Full example: network resource list
List Subnets¶
A subnet is a block of IP addresses and associated configuration state. Subnets are used to allocate IP addresses when new ports are created on a network.
def list_subnets(conn):
print("List Subnets:")
for subnet in conn.network.subnets():
print(subnet)
Full example: network resource list
List Ports¶
A port is a connection point for attaching a single device, such as the NIC of a server, to a network. The port also describes the associated network configuration, such as the MAC and IP addresses to be used on that port.
def list_ports(conn):
print("List Ports:")
for port in conn.network.ports():
print(port)
Full example: network resource list
List Security Groups¶
A security group acts as a virtual firewall for servers. It is a container for security group rules which specify the type of network traffic and direction that is allowed to pass through a port.
def list_security_groups(conn):
print("List Security Groups:")
for port in conn.network.security_groups():
print(port)
Full example: network resource list
List Routers¶
A router is a logical component that forwards data packets between networks. It also provides Layer 3 and NAT forwarding to provide external network access for servers on project networks.
def list_routers(conn):
print("List Routers:")
for router in conn.network.routers():
print(router)
Full example: network resource list
List Network Agents¶
A network agent is a plugin that handles various tasks used to implement virtual networks. These agents include neutron-dhcp-agent, neutron-l3-agent, neutron-metering-agent, and neutron-lbaas-agent, among others.
def list_network_agents(conn):
print("List Network Agents:")
for agent in conn.network.agents():
print(agent)
Full example: network resource list
Create Network¶
Create a project network and subnet. This network can be used when creating a server and allows the server to communicate with others servers on the same project network.
def create_network(conn):
print("Create Network:")
example_network = conn.network.create_network(
name='openstacksdk-example-project-network'
)
print(example_network)
example_subnet = conn.network.create_subnet(
name='openstacksdk-example-project-subnet',
network_id=example_network.id,
ip_version='4',
cidr='10.0.2.0/24',
gateway_ip='10.0.2.1',
)
print(example_subnet)
Full example: network resource create
Open a Port¶
When creating a security group for a network, you will need to open certain ports to allow communication via them. For example, you may need to enable HTTPS access on port 443.
def open_port(conn):
print("Open a port:")
example_sec_group = conn.network.create_security_group(
name='openstacksdk-example-security-group'
)
print(example_sec_group)
example_rule = conn.network.create_security_group_rule(
security_group_id=example_sec_group.id,
direction='ingress',
remote_ip_prefix='0.0.0.0/0',
protocol='tcp',
port_range_max='443',
port_range_min='443',
ethertype='IPv4',
)
print(example_rule)
Full example: network security group create
Accept Pings¶
In order to ping a machine on your network within a security group, you will need to create a rule to allow inbound ICMP packets.
def allow_ping(conn):
print("Allow pings:")
example_sec_group = conn.network.create_security_group(
name='openstacksdk-example-security-group2'
)
print(example_sec_group)
example_rule = conn.network.create_security_group_rule(
security_group_id=example_sec_group.id,
direction='ingress',
remote_ip_prefix='0.0.0.0/0',
protocol='icmp',
port_range_max=None,
port_range_min=None,
ethertype='IPv4',
)
print(example_rule)
Full example: network security group create
Delete Network¶
Delete a project network and its subnets.
def delete_network(conn):
print("Delete Network:")
example_network = conn.network.find_network(
'openstacksdk-example-project-network'
)
for example_subnet in example_network.subnet_ids:
conn.network.delete_subnet(example_subnet, ignore_missing=False)
conn.network.delete_network(example_network, ignore_missing=False)
Full example: network resource delete