-
Notifications
You must be signed in to change notification settings - Fork 0
/
08_network_management.html
382 lines (332 loc) · 14.8 KB
/
08_network_management.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="apple-touch-icon" sizes="180x180" href="apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="favicon-16x16.png">
<link rel="manifest" href="site.webmanifest">
<link rel="mask-icon" href="safari-pinned-tab.svg" color="#5bbad5">
<meta name="msapplication-TileColor" content="#da532c">
<meta name="theme-color" content="#ffffff">
<script src="jquery/jquery.min.js"></script>
<script src="popper/popper.min.js"></script>
<script src="bootstrap/js/bootstrap.min.js"></script>
<script src="requirejs/require.js"></script>
<script>var workshop_base_url = "/workshop";</script>
<link rel="stylesheet" href="asciidoctor/css/asciidoctor.css">
<link rel="stylesheet" href="bootstrap/css/bootstrap.min.css">
<link rel="stylesheet" href="fontawesome/css/all.min.css">
<link rel="stylesheet" href="css/workshop.css">
<link rel="stylesheet" href="css/workshop-asciidoc.css">
</head>
</body>
<!-- Header -->
<header class="header">
<div class="container-fluid">
<div class="row">
<div class="col-sm-6">
<a href="index.html" class="logo">Red Hat OpenShift Virtualization Roadshow</a>
</div>
</div>
</div>
</header>
<!-- Main -->
<div class="container-fluid">
<div class="row">
<div class="col-sm-3 d-sm-block d-none">
<!-- Table of Contents -->
<ul class="menu">
<li class="category">
<ul class="modules">
<h5 class="category-title">Workshop Modules</h5>
<li class="page"><a href="index.html">Welcome</a></li>
<li class="page"><a href="02_migrate_vms.html">Migrating Virtual Machines</a></li>
<li class="page"><a href="03_ocpv_basics.html">OpenShift Virtualization Basics</a></li>
<li class="page"><a href="04_thanks.html">Thank you and next steps</a></li>
<li class="page"><a href="05_ocpv_customization.html">Optional: Customize Virtual Machines</a></li>
<li class="page"><a href="06_windows_vm.html">Optional: Windows Virtual Machines</a></li>
<li class="page"><a href="07_bare_metal.html">Optional: Bare Metal OpenShift Overview</a></li>
<li class="page active"><a href="08_network_management.html">Optional: Network Management</a></li>
<li class="page"><a href="09_storage_management.html">Optional: Storage Management</a></li>
<li class="page"><a href="10_backup_restore.html">Optional: Backup and Restore</a></li>
<li class="page"><a href="11_metallb.html">Optional: Exposing apps using MetalLB</a></li>
<li class="page"><a href="12_service_route.html">Optional: Exposing apps using a Route</a></li>
</ul>
</li>
</ul>
</div>
<div class="col-sm-9">
<section class="page-content">
<!-- Top Navigation -->
<div class="btn-group btn-group-xs float-right">
<button type="button" onclick="location.href='/workshop/07_bare_metal';" class="btn btn-xs btn-transparent" aria-label="Prev">
<span class="fas fa-arrow-left" aria-hidden="true"></span>
</button>
<button type="button" onclick="location.href='/workshop/';" class="btn btn-xs btn-transparent" aria-label="Home">
<span class="fas fa-home" aria-hidden="true"></span>
</button>
<button type="button" onclick="location.href='/workshop/09_storage_management';" class="btn btn-xs btn-transparent" aria-label="Next">
<span class="fas fa-arrow-right" aria-hidden="true"></span>
</button>
</div>
<!-- Title -->
<h1 class="title">Optional: Network Management</h1>
<!-- Content -->
<div id="toc" class="toc">
<div id="toctitle">Table of Contents</div>
<ul class="sectlevel1">
<li><a href="08_network_management.html#_introduction_to_network_management">1. Introduction to Network Management</a></li>
<li><a href="08_network_management.html#_create_network_attachment_definition">2. Create Network Attachment Definition</a></li>
<li><a href="08_network_management.html#_connect_a_virtual_machine_to_the_external_network">3. Connect a virtual machine to the external network</a></li>
</ul>
</div>
<div class="sect1">
<h2 id="_introduction_to_network_management">1. Introduction to Network Management</h2>
<div class="sectionbody">
<div class="paragraph">
<p>By default, all virtual machines are attached to the OpenShift software-defined network (SDN), which enables access from other workloads on the OpenShift cluster, including other VMs and any OpenShift native applications.</p>
</div>
<div class="ulist">
<ul>
<li>
<p>The SDN provides additional features for abstracting, connecting, and exposing applications in a controlled manner, whether deployed as VMs or Pods in the cluster. These include the <code>Service</code> and <code>Route</code> features of OpenShift.</p>
</li>
<li>
<p>OpenShift’s network policy engine allows the VM user or administrator to create rules which allow or deny network traffic to and from individual VMs or entire projects/namespaces.</p>
</li>
</ul>
</div>
<div class="paragraph">
<p>However, virtual machines may also connect directly to one or more external networks, such as VLANs, when needed. This is in addition to the SDN, which means that, for example, the administrator can connect to the VM from an external IP address, but the application communicates across the SDN with other VMs hosted by OpenShift Virtualization.</p>
</div>
<div class="paragraph">
<p>At a high level, this is done by configuring the host networking, such as creating a mode 4 (LACP) bond and a Linux bridge on top. This workshop segment will walk through the next step in that process, creating a network attachment definition to allow VMs to connect to that bridge and, therefore, directly to the external network.</p>
</div>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<div class="title">Note</div>
</td>
<td class="content">
The OpenShift environment has already been configured with a Linux Bridge on each compute node your virtual machines will connect to, thus allowing for easy connectivity with/from outside network resources.
</td>
</tr>
</table>
</div>
<div class="ulist">
<div class="title">Goals</div>
<ul>
<li>
<p>Create a network attachment definition</p>
</li>
<li>
<p>Connect a VM to the external network</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_create_network_attachment_definition">2. Create Network Attachment Definition</h2>
<div class="sectionbody">
<div class="paragraph">
<p>In order to use the Linux Bridge with your VM you need to create a <strong>Network Attachment Definition</strong>. This is what tells OpenShift about the network and allows the virtual machines to connect to it. Network Attachment Definitions are specific to the project/namespace they’re created in, unless they’re created in the <code>default</code> project. This gives you, the administrator, the ability to control which networks are and aren’t available to users who have access to manage their own Vms. Once the Network Attachment Definition has been created, it can then be used by virtual machines when configuring their network adapters.</p>
</div>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<div class="title">Note</div>
</td>
<td class="content">
A network attachment definition instructs openshift to utilise an existing network device. In our case that device was previously created and is named br-flat. You must use that name or OpenShift won’t be able to place your VM on any compute nodes as it can only utilise nodes with that specifically named network device on it.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>How is this done?</p>
</div>
<div class="paragraph">
<p>To manage an OpenShift node’s network configuration you use a tool, available as an operator, called nmstate. With nmstate you can create network interfaces on OpenShift compute nodes using Kubernetes constructs. You can do this following naming that suits your needs and network requirements. For more info about nmstate, and to learn more about the host networking and how to view and manage the configuration, see the ([nmstate documentation](<a href="https://docs.openshift.com/container-platform/latest/networking/k8s_nmstate/k8s-nmstate-observing-node-network-state.html)" class="bare">https://docs.openshift.com/container-platform/latest/networking/k8s_nmstate/k8s-nmstate-observing-node-network-state.html)</a>) or speak with your lab proctors."</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Navigate to <strong>Networking</strong> → <strong>Network Attachment Definitions</strong> and click <strong>Create network attachment definition</strong>:</p>
<div class="imageblock">
<div class="content">
<img src="images/Networking/01_NAD_Dashboard.png" alt="01 NAD Dashboard">
</div>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<div class="title">Important</div>
</td>
<td class="content">
<div class="paragraph">
<p>Select project <code>vmexamples</code>.</p>
</div>
</td>
</tr>
</table>
</div>
</li>
<li>
<p>Complete the form for the <code>vmexamples</code> project as follows, then click <strong>Create network attachment definition</strong>:</p>
<div class="ulist">
<ul>
<li>
<p><strong>Name</strong>: <code>flatnetwork</code></p>
</li>
<li>
<p><strong>Network Type</strong>: <code>CNV Linux Bridge</code></p>
</li>
<li>
<p><strong>Bridge Name</strong>: <code>br-flat</code></p>
<div class="imageblock">
<div class="content">
<img src="images/Networking/02_NAD_Create.png" alt="02 NAD Create">
</div>
</div>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<div class="title">Note</div>
</td>
<td class="content">
The form above has an input for <code>VLAN Tag Number</code>, which is used when connecting to a network that needs to have a VLAN tag assigned. This lab uses an untagged network, so no VLAN number is required here.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>A single Linux Bridge on the host can have many different VLANs. In this scenario, you only need to create a Network Attachment Definition for each one, not a separate host interface and bridge.</p>
</div>
</li>
</ul>
</div>
</li>
<li>
<p>Examine the details of the network attachment definition. Because this was created in the <code>vmexamples</code> project, it will not be available in other projects.</p>
<div class="imageblock">
<div class="content">
<img src="images/Networking/03_NAD_Created.png" alt="03 NAD Created">
</div>
</div>
</li>
</ol>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_connect_a_virtual_machine_to_the_external_network">3. Connect a virtual machine to the external network</h2>
<div class="sectionbody">
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Navigate to <strong>Virtualization</strong> → <strong>VirtualMachines</strong>, select the <code>fedora02</code> VM. Click <strong>Configuration</strong> tab and then click the <strong>Network Interfaces</strong> subtab:</p>
<div class="imageblock">
<div class="content">
<img src="images/Networking/04_VM_Network_Tab.png" alt="04 VM Network Tab">
</div>
</div>
</li>
<li>
<p>Click <strong>Add Network Interface</strong>, complete the form as shown, then click <strong>Save</strong>.</p>
<div class="paragraph">
<p>Because this is a bridge connecting to the external network, we don’t need to rely on any OpenShift features or capabilities to enable access, such as masquerade (NAT) for the virtual machines using the network. As a result, <strong>type</strong> should be <code>Bridge</code> here.</p>
</div>
<div class="imageblock">
<div class="content">
<img src="images/Networking/05_VM_Network_Attach.png" alt="05 VM Network Attach">
</div>
</div>
</li>
<li>
<p>Use the <strong>Actions</strong> menu to restart the VM. After rebooting, navigate to the <strong>Console</strong> tab:</p>
<div class="imageblock">
<div class="content">
<img src="images/Networking/06_VM_Network_Console.png" alt="06 VM Network Console">
</div>
</div>
<div class="paragraph">
<p>The <code>eth1</code> interface obtains an IP address from the flat network (<code>192.168.3.x/24</code>). That network has a DHCP server providing IPs to that network.</p>
</div>
</li>
<li>
<p>(Optional) Verify external connectivity of the VM using the OpenShift web terminal.</p>
<div class="olist loweralpha">
<ol class="loweralpha" type="a">
<li>
<p>Open a terminal by pressing the right-top icon:</p>
<div class="imageblock">
<div class="content">
<img src="images/OCP_Terminal_Icon.png" alt="OCP Terminal Icon">
</div>
</div>
</li>
<li>
<p>A console in the bottom part of the screen will appear</p>
<div class="imageblock">
<div class="content">
<img src="images/OCP_Terminal.png" alt="OCP Terminal">
</div>
</div>
</li>
<li>
<p>Type the following command replacing the IP</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">curl 192.168.3.118:22</pre>
</div>
</div>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<div class="title">Note</div>
</td>
<td class="content">
Replace the IP which the IP assigned to the node.
</td>
</tr>
</table>
</div>
<div class="listingblock">
<div class="title">Sample Output</div>
<div class="content">
<pre class="nowrap">SSH-2.0-OpenSSH_8.7</pre>
</div>
</div>
</li>
</ol>
</div>
</li>
</ol>
</div>
</div>
</div>
<!-- Bottom Navigation -->
<div class="page-meta clearfix">
<input type="button" class="btn btn-lg btn-primary float-right" onclick="location.href='/workshop/09_storage_management';" value="Continue" />
</div>
</section>
</div>
</div>
</div>
<!-- Footer -->
<footer class="footer">
</footer>
<!-- Javascript-->
<script src="js/workshop.js"></script>
<script src="js/workshop-asciidoc.js"></script>
</body>
</html>