{{tag>Brouillon OpenStack Réseau}}

= Notes OpenStack Neutron Réseaux

== Réseau basique (hors Neutron)

Devstack - Autoriser les VMs qemu gérées par OpenStack à se connecter sur l’hôte VirtualBox

Autoriser le VLAN 172.24.4.0/24 à se connecter à 192.168.56.0/24

<code bash>
iptables -t nat -I POSTROUTING -o enp0s8 -d 192.168.56.0/24 -j MASQUERADE
iptables -I FORWARD -d 192.168.56.0/24 -j ACCEPT
</code>


== Policy

''/etc/neutron/policy.json''
<code javascript>
{
    "context_is_admin":  "role:admin or user_name:neutron",
    "create_address_scope": "admin_only",
    "create_network": "rule:admin_only",
    "create_network:port_security_enabled": "rule:admin_only",
    "create_rbac_policy": "rule:admin_only",
    "create_router": "rule:admin_only",
    "create_security_group": "rule:admin_only",
    "create_security_group_rule": "rule:admin_only",
    "create_trunk": "rule:admin_only",
    "create_floatingip": "rule:admin_only",
    "create_floatingip:floating_ip_address": "rule:admin_only"
}

</code>