Working with OpenStack

• openstack userguide: http://docs.openstack.org/user-guide/content/cli_manage_images.html
• openstack operation guilde: http://docs.openstack.org/openstack-ops/content/flavors.html
• http://docs.openstack.org/user-guide-admin/content/cli_manage_flavors.html

• https://developer.rackspace.com/blog/neutron-networking-l3-agent/

Subnet: 192.168.200.0/24 same subnet as ens5/br-ex.

As Admin

  neutron net-create ext-net --shared --router:external=True
  
  neutron subnet-create ext-net --name ext-subnet \
  --allocation-pool start=192.168.200.101,end=192.168.200.200 \
  --disable-dhcp --gateway 192.168.200.1 192.168.200.0/24

As Tenant /demo-rc

  neutron router-create demo-router
  
  neutron router-gateway-set demo-router ext-net
  
  

Subnet: 192.168.1.0/24

As Tenant

  neutron net-create demo-net
  
  neutron subnet-create demo-net --name demo-subnet \
  --gateway 192.168.1.1 192.168.1.0/24

  neutron router-interface-add demo-router demo-subnet

Subnet: 192.168.2.0/24 As Tenant

neutron net-create service-net

neutron subnet-create service-net --name service-subnet \
--gateway 192.168.2.1 192.168.2.0/24

neutron router-interface-add demo-router service-subnet

To list the security groups for the current project, including descriptions, enter the following command:

nova secgroup-list

To create a security group with a specified name and description, enter the following command:

nova secgroup-create SECURITY_GROUP_NAME GROUP_DESCRIPTION

To delete a specified group, enter the following command:

nova secgroup-delete SECURITY_GROUP_NAME 

Allow access from all IP addresses, specified as IP subnet 0.0.0.0/0 in CIDR notation:

nova secgroup-add-rule SECURITY_GROUP_NAME tcp 22 22 0.0.0.0/0

Allow access only from IP addresses from other security groups (source groups) to access the specified port:

nova secgroup-add-group-rule --ip_proto tcp --from_port 22 \
--to_port 22 SECURITY_GROUP_NAME SOURCE_GROUP_NAME

To allow pinging of the instances, choose one of the following options:

Allow pinging from all IP addresses, specified as IP subnet 0.0.0.0/0 in CIDR notation:

nova secgroup-add-rule SECURITY_GROUP_NAME icmp -1 -1 0.0.0.0/0

This allows access to all codes and all types of ICMP traffic.

Allow only members of other security groups (source groups) to ping instances:

nova secgroup-add-group-rule --ip_proto icmp --from_port -1 \
     --to_port -1 SECURITY_GROUP_NAME SOURCE_GROUP_NAME

To allow access through a UDP port, such as allowing access to a DNS server that runs on a VM, choose one of the following options:

Allow UDP access from IP addresses, specified as IP subnet 0.0.0.0/0 in CIDR notation:

 nova secgroup-add-rule SECURITY_GROUP_NAME udp 53 53 0.0.0.0/0

Allow only IP addresses from other security groups (source groups) to access the specified port:

 nova secgroup-add-group-rule --ip_proto udp --from_port 53 \
      --to_port 53 SECURITY_GROUP_NAME SOURCE_GROUP_NAME

nova secgroup-delete-rule SECURITY_GROUP_NAME tcp 22 22 0.0.0.0/0

  nova add-secgroup ap-1 admin-open

• http://docs.openstack.org/image-guide/content/ch_obtaining_images.html

Based images for virtual network appliances

Ubuntu: http://uec-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img

glance image-create --name=IMAGELABEL --disk-format=FILEFORMAT \
--container-format=CONTAINERFORMAT --is-public=ACCESSVALUE < IMAGEFILE

Where:

IMAGELABEL

Arbitrary label. The name by which users refer to the image.

FILEFORMAT

Specifies the format of the image file. Valid formats include qcow2, raw, vhd, vmdk, vdi, iso, aki, ari, and ami.

You can verify the format using the file command:

file cirros-0.3.2-x86_64-disk.img
cirros-0.3.2-x86_64-disk.img: QEMU QCOW Image (v2), 41126400 bytes

CONTAINERFORMAT

Specifies the container format. Valid formats include: bare, ovf, aki, ari and ami.

Specify bare to indicate that the image file is not in a file format that contains metadata about the virtual machine. Although this field is currently required, it is not actually used by any of the OpenStack services and has no effect on system behavior. Because the value is not used anywhere, it is safe to always specify bare as the container format.

ACCESSVALUE

Specifies image access:

    true - All users can view and use the image.

    false - Only administrators can view and use the image.

IMAGEFILE

Specifies the name of your downloaded image file / url.

For example:

source admin-openrc.sh
glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2 \
--container-format bare --is-public True --progress < cirros-0.3.2-x86_64-disk.img

glance image-create --name="cirros-0.3.2-x86_64" --disk-format=qcow2 \
--container-format=bare --is-public=true \
--copy-from http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img

   nova image-create myCirrosServer myCirrosImage
   

  $ nova flavor-create FLAVOR_NAME FLAVOR_ID RAM_IN_MB ROOT_DISK_IN_GB NUMBER_OF_VCPUS
  nova flavor-create --is-public true m1.extra_tiny auto 256 5 1 --rxtx-factor .1

  
  nova flavor-access-add m2.tiny demo
  

Keypair-create

  
  $ nova keypair-add mykey > mykey.pem
  

Keypair add existing

  $ nova keypair-add --pub-key mykey.pub mykey

Boot Instance

  nova boot --image ubuntu-cloudimage --flavor 2 --key_name mykey \
  --meta description='Small test image' myimage
  

The user-data key is a special key in the metadata service that holds a file that cloud-aware applications within the guest instance can access. For example, cloudinit is an open source package from Ubuntu, but available in most distributions, that handles early initialization of a cloud instance that makes use of this user data.

This user data can be put in a file on your local system and then passed in at instance creation with the flag –user-data <user-data-file>. For example:

$ nova boot --image ubuntu-cloudimage --flavor 1 --user-data mydata.file

To understand the difference between user data and metadata, realize that user data is created before an instance is started. User data is accessible from within the instance when it is running. User data can be used to store configuration, a script, or anything the tenant wants.

Arbitrary local files can also be placed into the instance file system at creation time by using the –file <dst-path=src-path> option. You may store up to five files.

For example, let's say you have a special authorizedkeys file named specialauthorized_keysfile that for some reason you want to put on the instance instead of using the regular SSH key injection. In this case, you can use the following command:

$ nova boot --image ubuntu-cloudimage --flavor 1  \
--file /root/.ssh/authorized_keys=special_authorized_keysfile

http://docs.openstack.org/juno/install-guide/install/apt/content/launch-instance-neutron.html

  nova flavor-list
  nova image-list
  nova secgroup-list --all-tenants
  nova secgroup-list-rules default
  nova keypair-list
  neutron net-list

  nova boot --flavor FLAVOR_ID --image IMAGE_ID --key-name KEY_NAME \
  --user-data USER_DATA_FILE --security-groups SEC_GROUP --meta KEY=VALUE \
  --nic net-id=DEMO_NET_ID \
  INSTANCE_NAME

The following command launches the MyCirrosServer instance with the m1.small flavor (ID of 1), cirros-0.3.2-x86_64-uec image (ID of 397e713c-b95b-4186-ad46-6126863ea0a9), default security group, KeyPair01 key, and a user data file called cloudinit.file:

nova boot --flavor 1 --image 397e713c-b95b-4186-ad46-6126863ea0a9 \
--security-groups default --key-name KeyPair01 --user-data cloudinit.file \
--nic net-id=demo-net \
myCirrosServer

nova list

nova boot --image trusty-server-cloudimg-amd64-disk1.img \
--flavor m2.tiny --key_name demo-key \
--meta description='net appliance' \
--nic net-id='9a36ccc0-f3ec-44d7-843c-fbaa6ac06d1a' \
--security-groups demo-open demo-ap-1

Allow icmp

  nova secgroup-add-rule demo-open icmp -1 -1 0.0.0.0/0 

Allow SSH

  nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

  neutron floatingip-create ext-net
  

nova floating-ip-associate demo-instance1 203.0.113.102

nova list
+--------------------------------------+----------------+--------+------------+-------------+-----------------------------------------+
| ID                                   | Name           | Status | Task State | Power State | Networks                                |
+--------------------------------------+----------------+--------+------------+-------------+-----------------------------------------+
| 05682b91-81a1-464c-8f40-8b3da7ee92c5 | demo-instance1 | ACTIVE | -          | Running     | demo-net=192.168.1.3, 203.0.113.102     |
+--------------------------------------+----------------+--------+------------+-------------+-----------------------------------------+

http://docs.openstack.org/juno/install-guide/install/apt/content/launch-instance-neutron.html

http://docs.openstack.org/user-guide/content/boot_from_volume.html