OpenStack Networking

[marc-hanheide]

A summary of issues to be resolved together with the ICT networks team

DNS/SSL subdomains

We'd need to deploy services under sub-domain using virtual hosting, e.g.

• redmine.lcas.lincoln.ac.uk
• buildfarm.lcas.lincoln.ac.uk
• www.lcas.lincoln.ac.uk
• owncloud.lcas.lincoln.ac.uk
• ...

This requires appropriate DNS entries and also specific or wildcard certificates (or any other proposed solution)

If certificates pose a problem, we could issue our own via https://letsencrypt.org/, but subdomain DNS needs to be resolved first

Specific new services

Specifically, we now need a DNS/certificate for the new PGR and TransNational Education system:

• pgr.lincoln.ac.uk => public IP on openstack (currently 195.195.9.39), an alternative would be host it under pgr.lcas.lincoln.ac.uk (if the above is working), but this is a uni-wide service (funded by College of Science)
• tne.lincoln.ac.uk => public IP on openstack (not assigned yet)

@pet1330 involved with this.

Public IP routing

Public IP ranges have been reserved by Will Summerlin a long time ago for the OpenStack infrastructure. We need to establish how these are approved and firewall opened for them (either individually or as a whole, managed by L-CAS). The current list of available floating IP (public is):

Floating IPs:
+----------------------------------+--------------+--------------------------------------+--------+-----------+
| project_id                       | address      | instance_uuid                        | pool   | interface |
+----------------------------------+--------------+--------------------------------------+--------+-----------+
| 7652a795f13f4713b8e62cbc8eb37d9d | 195.195.9.34 | -                                    | public | eth1      |
| 7652a795f13f4713b8e62cbc8eb37d9d | 195.195.9.35 | 18b4f00a-828d-4528-955d-9c35a3694413 | public | eth1      |
| 19fe29b1b8c845eaa73bf7cbf4df3f10 | 195.195.9.36 | -                                    | public | eth1      |
| 7652a795f13f4713b8e62cbc8eb37d9d | 195.195.9.37 | -                                    | public | eth1      |
| 7652a795f13f4713b8e62cbc8eb37d9d | 195.195.9.38 | -                                    | public | eth1      |
| e6f81409d19d445bbe0ebb36b9bb705e | 195.195.9.39 | 0baa2fb4-0184-4db5-b505-11288dfa7be1 | public | eth1      |
| -                                | 195.195.9.40 | -                                    | public | eth1      |
| -                                | 195.195.9.41 | -                                    | public | eth1      |
| -                                | 195.195.9.42 | -                                    | public | eth1      |
| -                                | 195.195.9.43 | -                                    | public | eth1      |
| -                                | 195.195.9.44 | -                                    | public | eth1      |
| -                                | 195.195.9.45 | -                                    | public | eth1      |
| -                                | 195.195.9.46 | -                                    | public | eth1      |
+----------------------------------+--------------+--------------------------------------+--------+-----------+

[pet1330]

I would also add the SSM system to the list of externally available services which are not LCAS specific