====== Openstack testbed project IMA ====== Working with OpenStack * openstack userguide: http://docs.openstack.org/user-guide/content/cli_manage_images.html * openstack operation guilde: http://docs.openstack.org/openstack-ops/content/flavors.html * http://docs.openstack.org/user-guide-admin/content/cli_manage_flavors.html ====== Network topology ====== * https://developer.rackspace.com/blog/neutron-networking-l3-agent/ {{ :work_dai_labor:projects:ima:ima_ws:network:sdn:openstack:l3_agent_1.2-f857a12fac3aad3d4d35c6708a7d987f.png?direct&300 |}} {{ :work_dai_labor:projects:ima:ima_ws:network:sdn:openstack:openstack_network_screenshot_from_2014-10-24_16_37_36.png?direct&200 |}} ===== Create EXT-Network and Router ===== **Subnet: 192.168.200.0/24** same subnet as ens5/br-ex. **As Admin** neutron net-create ext-net --shared --router:external=True neutron subnet-create ext-net --name ext-subnet \ --allocation-pool start=192.168.200.101,end=192.168.200.200 \ --disable-dhcp --gateway 192.168.200.1 192.168.200.0/24 **As Tenant /demo-rc** neutron router-create demo-router neutron router-gateway-set demo-router ext-net ===== Create (tenant) AP-backing Network / demo-net / GRE 10 ===== **Subnet: 192.168.1.0/24** **As Tenant** neutron net-create demo-net neutron subnet-create demo-net --name demo-subnet \ --gateway 192.168.1.1 192.168.1.0/24 neutron router-interface-add demo-router demo-subnet ===== Create (tenant) IMA-Platform Network / service-net / GRE 20 ===== **Subnet: 192.168.2.0/24** **As Tenant** neutron net-create service-net neutron subnet-create service-net --name service-subnet \ --gateway 192.168.2.1 192.168.2.0/24 neutron router-interface-add demo-router service-subnet ===== Security group ===== ==== Create secgroup ==== To list the security groups for the current project, including descriptions, enter the following command: nova secgroup-list To create a security group with a specified name and description, enter the following command: nova secgroup-create SECURITY_GROUP_NAME GROUP_DESCRIPTION To delete a specified group, enter the following command: nova secgroup-delete SECURITY_GROUP_NAME ==== Create and manage security group rules ==== === To allow SSH access to the instances, choose one of the following options: === Allow access from all IP addresses, specified as IP subnet 0.0.0.0/0 in CIDR notation: nova secgroup-add-rule SECURITY_GROUP_NAME tcp 22 22 0.0.0.0/0 Allow access only from IP addresses from other security groups (source groups) to access the specified port: nova secgroup-add-group-rule --ip_proto tcp --from_port 22 \ --to_port 22 SECURITY_GROUP_NAME SOURCE_GROUP_NAME To allow pinging of the instances, choose one of the following options: Allow pinging from all IP addresses, specified as IP subnet 0.0.0.0/0 in CIDR notation: nova secgroup-add-rule SECURITY_GROUP_NAME icmp -1 -1 0.0.0.0/0 This allows access to all codes and all types of ICMP traffic. Allow only members of other security groups (source groups) to ping instances: nova secgroup-add-group-rule --ip_proto icmp --from_port -1 \ --to_port -1 SECURITY_GROUP_NAME SOURCE_GROUP_NAME To allow access through a UDP port, such as allowing access to a DNS server that runs on a VM, choose one of the following options: Allow UDP access from IP addresses, specified as IP subnet 0.0.0.0/0 in CIDR notation: nova secgroup-add-rule SECURITY_GROUP_NAME udp 53 53 0.0.0.0/0 Allow only IP addresses from other security groups (source groups) to access the specified port: nova secgroup-add-group-rule --ip_proto udp --from_port 53 \ --to_port 53 SECURITY_GROUP_NAME SOURCE_GROUP_NAME nova secgroup-delete-rule SECURITY_GROUP_NAME tcp 22 22 0.0.0.0/0 ==== Assign secgroup to instance ==== nova add-secgroup ap-1 admin-open ====== VM Image ====== * http://docs.openstack.org/image-guide/content/ch_obtaining_images.html Based images for virtual network appliances Ubuntu: http://uec-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img ===== Upload the image to the Image Service: ===== glance image-create --name=IMAGELABEL --disk-format=FILEFORMAT \ --container-format=CONTAINERFORMAT --is-public=ACCESSVALUE < IMAGEFILE Where: IMAGELABEL Arbitrary label. The name by which users refer to the image. FILEFORMAT Specifies the format of the image file. Valid formats include qcow2, raw, vhd, vmdk, vdi, iso, aki, ari, and ami. You can verify the format using the file command: file cirros-0.3.2-x86_64-disk.img cirros-0.3.2-x86_64-disk.img: QEMU QCOW Image (v2), 41126400 bytes CONTAINERFORMAT Specifies the container format. Valid formats include: bare, ovf, aki, ari and ami. Specify bare to indicate that the image file is not in a file format that contains metadata about the virtual machine. Although this field is currently required, it is not actually used by any of the OpenStack services and has no effect on system behavior. Because the value is not used anywhere, it is safe to always specify bare as the container format. ACCESSVALUE Specifies image access: true - All users can view and use the image. false - Only administrators can view and use the image. IMAGEFILE Specifies the name of your downloaded image file / url. For example: source admin-openrc.sh glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2 \ --container-format bare --is-public True --progress < cirros-0.3.2-x86_64-disk.img glance image-create --name="cirros-0.3.2-x86_64" --disk-format=qcow2 \ --container-format=bare --is-public=true \ --copy-from http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img ===== Create Image from Instance Snapshot ===== nova image-create myCirrosServer myCirrosImage ====== Flavors (Admin) ====== ===== Create flavors ===== $ nova flavor-create FLAVOR_NAME FLAVOR_ID RAM_IN_MB ROOT_DISK_IN_GB NUMBER_OF_VCPUS nova flavor-create --is-public true m1.extra_tiny auto 256 5 1 --rxtx-factor .1 ===== Headline ===== nova flavor-access-add m2.tiny demo ====== Instances (User) ====== ===== SSH injection ===== Keypair-create $ nova keypair-add mykey > mykey.pem Keypair add existing $ nova keypair-add --pub-key mykey.pub mykey Boot Instance nova boot --image ubuntu-cloudimage --flavor 2 --key_name mykey \ --meta description='Small test image' myimage ===== Instance user data ===== The user-data key is a special key in the metadata service that holds a file that cloud-aware applications within the guest instance can access. For example, cloudinit is an open source package from Ubuntu, but available in most distributions, that handles early initialization of a cloud instance that makes use of this user data. This user data can be put in a file on your local system and then passed in at instance creation with the flag --user-data . For example: $ nova boot --image ubuntu-cloudimage --flavor 1 --user-data mydata.file To understand the difference between user data and metadata, realize that user data is created before an instance is started. User data is accessible from within the instance when it is running. User data can be used to store configuration, a script, or anything the tenant wants. ===== File injection ===== Arbitrary local files can also be placed into the instance file system at creation time by using the --file option. You may store up to five files. For example, let's say you have a special authorized_keys file named special_authorized_keysfile that for some reason you want to put on the instance instead of using the regular SSH key injection. In this case, you can use the following command: $ nova boot --image ubuntu-cloudimage --flavor 1 \ --file /root/.ssh/authorized_keys=special_authorized_keysfile ===== Launch Instance ===== http://docs.openstack.org/juno/install-guide/install/apt/content/launch-instance-neutron.html ==== Get Needed Parameters ==== nova flavor-list nova image-list nova secgroup-list --all-tenants nova secgroup-list-rules default nova keypair-list neutron net-list ==== Launch Instance from an Image ==== nova boot --flavor FLAVOR_ID --image IMAGE_ID --key-name KEY_NAME \ --user-data USER_DATA_FILE --security-groups SEC_GROUP --meta KEY=VALUE \ --nic net-id=DEMO_NET_ID \ INSTANCE_NAME The following command launches the MyCirrosServer instance with the m1.small flavor (ID of 1), cirros-0.3.2-x86_64-uec image (ID of 397e713c-b95b-4186-ad46-6126863ea0a9), default security group, KeyPair01 key, and a user data file called cloudinit.file: nova boot --flavor 1 --image 397e713c-b95b-4186-ad46-6126863ea0a9 \ --security-groups default --key-name KeyPair01 --user-data cloudinit.file \ --nic net-id=demo-net \ myCirrosServer nova list nova boot --image trusty-server-cloudimg-amd64-disk1.img \ --flavor m2.tiny --key_name demo-key \ --meta description='net appliance' \ --nic net-id='9a36ccc0-f3ec-44d7-843c-fbaa6ac06d1a' \ --security-groups demo-open demo-ap-1 ==== Launch an instance from a volume ==== ===== To access your instance remotely (Admin) ===== ==== Add rules to security group ==== Allow icmp nova secgroup-add-rule demo-open icmp -1 -1 0.0.0.0/0 Allow SSH nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 ==== Create a floating IP address on the ext-net external network: ==== neutron floatingip-create ext-net ==== Associate the floating IP address with your instance: ==== nova floating-ip-associate demo-instance1 203.0.113.102 ==== Check instance for IPs ==== nova list +--------------------------------------+----------------+--------+------------+-------------+-----------------------------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+----------------+--------+------------+-------------+-----------------------------------------+ | 05682b91-81a1-464c-8f40-8b3da7ee92c5 | demo-instance1 | ACTIVE | - | Running | demo-net=192.168.1.3, 203.0.113.102 | +--------------------------------------+----------------+--------+------------+-------------+-----------------------------------------+ ==== Ping SSH ==== ===== To attach a Block Storage volume to your instance ===== http://docs.openstack.org/juno/install-guide/install/apt/content/launch-instance-neutron.html http://docs.openstack.org/user-guide/content/boot_from_volume.html