OpenStack Neutron Network Notes

1. When a network and its subnet get created with DHCP enabled (Linuxbridge used as example):

    A Linux name space will be created, the namespace should start with qdhcp-<network-id>, the namespace should have a tap device, the name starts with ns-<tap device name>, that device will bear an IP address of x.x.x.2 (by default), it is where the dhcp server will run on.  The other end of the tap device will be in the default name space, the name simply starts as tap<tap device name>

    A Linux bridge will be created. The bridge will be named brq< first 11 characters of the network id >. The bridge will have the tap<tap device name> for the dhcp server and the vxlan device which connects this bridge with bridges on other compute node when VM gets created on the network.

2. When a router gets created without external gateway or connect to a tenant network, there is nothing happening other than a record in neutron database. No actual network construct gets created.

3. When a router gets external gateway set:

    A Linux name space will be created, the namespace name will be qroute-<router-id>.
    A tap device will be created in that namespace, the tap device name starts qg-<first 11 characters of the port id>, this is the port that bears floating IP address (so here we consume one floating IP), qg means quantum gateway. The other end of this tap device will be in the default namespace and the name is tap<first 11 characters of the port id>, this device bears no IP address since it is hooked up in the bridge which take all the traffic to the public network which gets created for the public (provider) network.

4. When a router gets hooked up with a tenant network (add interface from a tenant sub network to router):

     A pair of tap device will be created. One end will be placed in the qrouter name space created in step 3. The name of that tap device will be qr-< first 11 characters of the port id >, qr means quantum router. This device will normally take the  first IP of that subnet which mostly is .1 IP address. The other end of the tap device is named as tap< first 11 characters of the port id >, this tap device will be in default name space and placed in the bridge which represents the network created in step 1.

Use the following command to show tap device pairs:

ip -d link show

Change open file limits on Ubuntu

Two things have to be done to increase the number of open files on ubuntu system:

1. Change /etc/security/limits.conf file, add the following two lines in the file:

   * soft nofile 4096
   * hard nofile 4096

2. Change /etc/pam.d/common-session* file, add the following line in the file:

      session required        pam_limits.so

3. (Optional)If you will be accessing the node via secure shell (ssh), you should also edit /etc/ssh/sshd_config and uncomment the following line:

    #UseLogin no

        and set its value to yes as shown here:

    UseLogin yes

To see the open file limits on process, do the following:

   cat /proc/__process_id__/limits 

Show linux system hard disk and file system

The following command will show system wide block devices and file systems:

    lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL

Certificates

For self signed certificates, the public half of the certificate can be obtained by using a browser (such as Firefox) exporting the certificate. The exported certificate should be in the form of pem. Now you can use the following command to convert it to .crt file.

   openssl x509 -outform der -in your-cert.pem -out your-cert.crt

If only allows system wide acceptance of the certificates, do the following:

   1. copy pem to /etc/ssl/certs

   2. Run the following command to create a file name:
      
         openssl x509 -noout -hash -in _PEM_FILE

   3. The above command will produce a hash, then create a link in /etc/ssl/certs:

         ln -s _PEM_FILE_ <theHash>.0