Openstack add public IP to an instance

Question

I've got a new server from Hetzner. I installed Ubuntu 18.04 on top of it and then installed Openstack with Devstack.

Assume that the server IP address is 88.198.33.30. And, the ISP/Hetzner gives me the following list of IPs:

IP: 88.198.33..26
Gateway: 88.198.22.1
Netmask: 255.255.255.224

IP: 88.198.33.24
Gateway: 88.198.22.1
Netmask: 255.255.255.224

IP: 88.198.33.16
Gateway: 88.198.22.1
Netmask: 255.255.255.224

IP: 88.198.33.11
Gateway: 88.198.22.1
Netmask: 255.255.255.224

IP: 88.198.33.10
Gateway: 88.198.22.1
Netmask: 255.255.255.224

In this case, I've created two networks and one router as the following:

Instance: test ub
Private network: mrt-proj, 10.0.0.0/26
Router: mrt-router, private = 10.0.0.11, public = 172.24.4.3
Public network: public = 172.24.4.0/24 (the br-ex interface of the host Ubuntu server)

---

I can ping the instance (test ub) if I add a floating IP (172.24.4.0/24) to the instance from the host.
But, The problem is that I have no idea how to set one of the public IPs to the instance (test ub) then it going to be accessible from the outside/internet by its attached IP address.

Thanks in advance.

Answer 1

Normally, you connect your Devstack to the outside world by configuring a non-default external network. See instructions in the Devstack documentation. Your FLOATING_RANGE would be 88.198.33.0/27, if I calculate the subnet correctly.

The problem is the Q_FLOATING_ALLOCATION_POOL parameter. It configures a single range of floating IP addresses, but Hetzner gives you four disconnected addresses, not a a range. While Neutron can be configured with several ranges, Devstack doesn't seem to support that.

Thus, I have three suggestions. First, after setting up your Devstack, remove the public subnet and create a new one. You would also have to remove the routers connected to the public network and create new ones with the new subnet. You could probably try this out immediately on your current setup:

openstack router delete ....
openstack subnet-delete public-subnet
openstack subnet-create \
   --subnet-range 88.198.33.0/27 \
   --allocation-pool start=88.198.33.10,end=88.198.33.11 \
   --allocation-pool start=88.198.33.16,end=88.198.33.16 \
   --allocation-pool start=88.198.33.24,end=88.198.33.24 \
   --allocation-pool start=88.198.33.26,end=88.198.33.26 \
   (other parameters identical to the original subnet)    

Second, follow the instructions and set both FLOATING_RANGE and Q_FLOATING_ALLOCATION_POOL to 88.198.33.0/27. Then, when creating floating IPs, specify the IP address:

openstack floating ip create --floating-ip-address 88.198.33.11 ...

Only the admin user can do that by default. If you want to allow a non-admin user to specify the IP address, you need to change Neutron's policy. I believe the corresponding policy rule is create_floatingip:floating_ip_address.

Third, doctor the function that sets up the subnet. It is named _neutron_create_public_subnet_v4 and resides in lib/neutron_plugins/services/l3 (Ussuri version, but should be the same in later versions). It requires a little bit of Bash programming skills and some courage :)

To be honest, I haven't tried any of this. Your mileage may vary.