How to create a RBAC (Role-Based Access Control) network

To share a network from one project to another using your Openstack client, you must:

  • create a network RBAC with a user from the source project (to which the network belongs) for the target project

Requirements

  • openstack client >= 5.4.0 (to check: openstack –version)
  • Basic knowledge of the Linux operating system (shell)
  • Access to running Linux VM (In our example Ubuntu) with open port (Egress 443) to OpenStack API
  • Application Credentials (cloud.yaml)

This section describes how to install and configure the OCS. The steps to be performed are:

#install python:
python -V
pyenv global
pyenv versions
#pyenv install --list
pyenv install 3.7.3

#create virtualenv:
pyenv shell 3.7.3
python -V
pip install -U pip; pip install -U virtualenv
ls -lad .venv*
python -m virtualenv .venv-3.7.3

#install openstack-client:
pyenv shell 3.7.3 && source .venv-3.7.3/bin/activate
pyenv global; pyenv versions; python -V; openstack --version
pip install -U pip
pip install -U virtualenv ansible psutil jq s3cmd
pip install -U gnocchiclient==7.0.5 openstacksdk==0.35.0 pankoclient==0.5.0 python-barbicanclient==4.7.2 python-cinderclient==4.0.2 python-glanceclient==2.13.1 python-heatclient==1.16.2 python-keystoneclient==3.17.0 python-magnumclient==2.10.0 python-mistralclient==3.7.0 python-neutronclient==6.9.1 python-novaclient==15.1.0 python-octaviaclient==1.6.0 python-openstackclient==3.19.0 python-swiftclient==3.6.0
pip install -U oslo.policy
pip install -U python-openstackclient

Creating the RBAC Network

#create network RBAC:
pyenv shell 3.7.3 && source .venv-3.7.3/bin/activate && export OS_CLOUD=myprofile
pyenv global; pyenv versions; python -V; openstack --version
#need openstack-client >= 5.4.0
#https://storyboard.openstack.org/#!/story/2007724
#https://github.com/openstack/python-openstackclient/commit/0a8753dc3eaeda25554ccd769350de1e9792a62b
openstack --os-cloud myprofile network rbac create --target-project $target_project_id --action access_as_shared --type network $source_network

For more information about the available RBAC commands, see the following web page: OpenStackClient Role-Based Access Control