OpenStack - How to Create New Network, Add Access & Security Rules and Assign Floating IP to VM

One of my friends mentioned to me that I did not include a write-up on how to assign floating IPs to VMs.  

I will make use of the DevStack environment that was created earlier for this purpose (you can look at the following link to set up your DevStack environment).

We will log into Horizon Dashboard as "Demo" User and navigate to Network Topology (Project -> Network -> Network Topology).  We can see that a "public" and "private" network were created as part of DevStack installation.  A public router connects both networks together so that the VM on the "private" network can be accessed via the public network (Network Topology is very handy for observing overall network structure).

I will not use the default networks but will instead create a new network, i.e. "Test Network". 

Click on "Networks" to see the available networks.  We will only see the "private" network that was created during installation.

Create a new Network by clicking on the "Create Network" button.  Fill in the required information based on your preference.  I have created a basic network as shown below (DHCP enabled):

Click on the blue "Create" button to create the network.  "Test Network" will be created after that.

Next, create a test VM on our newly created network (you can refer to my previous posts if you have problems creating one).  We can see that the test VM, i.e. TestVM2 gets assigned with IP 30.30.30.2

We will want to attach the newly created network to the public router so that TestVM2 can be accessed from public network. 

Click on the "Routers" tab on the left to look at the available routers in our network.  In my case, I only have "router1" defined in my network.  Click on "router1". Next, click on "Add Interface" and select "Test Network". 

Once this is done, we will see from Network Topology that both "private" and "Test Network" are now connected to the public network

By default, we will not be able to ping or SSH to the VMs.  In order to ping or SSH to the VMs, we will need to make changes to the Access & Security rules. 

Go to the Access & Security tab and click on the "Manage Rules" button for the default Security Group

We will see the default rules. Click on the "Add Rule" button to enable ICMP and SSH.

You should have the following rules after this:

Next, we want to allocate floating IP to the "demo" project so that we can assign floating IP to the test VM.

Go to Access & Security tab and click on "Floating IPs" tab.  We will see that the project does not has any floating IPs allocated to it.  Click on the "Allocate IP To Project" button.

Next, click on the "Allocate IP" button to allocate 1 IP from the pool to our project

We see that 172.24.4.3 is assigned to us

The next step will be to associate this IP with the TestVM2 that we created earlier.  But before that, we will first do a ping test to confirm that we cannot reach the 30.30.30.0/24 network.

Now, we will assign the floating IP 172.24.4.3 to our VM.  Go to the "Instances" tab and click on "Associate Floating IP" under the "Actions" column.  Select the floating IP Address and click the "Associate" button. 

The port on TestVM2 (with IP address 30.30.30.2) will be associated with floating IP 172.24.4.3

Check that you are able to ping TestVM2:

Check that you are able to SSH to TestVM2:

Hopefully it is useful for you guys =)