Table of Contents |
---|
Introduction to the CLI clients
The OpenStack CLI tools are available from both the "ansatt" and "student" login shells at NTNU. SSH to either login.ansatt.ntnu.no or login.stud.ntnu.no (depending on you affiliation). If you're running a *nix version on your personal computer, you can install the OpenStack CLI locally, and use the CLI tools directly from your own computer.
It's also possible to run the CLI client driectly from Windows. (lightly tested) HOWTO guide here
Authentication
A user needs to be authenticated before he/she can use the openstack clients. this is done by setting multiple environment-variables in the shell defining username/password/projectname+id and so forth. It is recommended to use the script which is downloadable from the webinterface to set these variables.
...
Code Block |
---|
loginansatt01:~$ openstack project show PRIV_eigilo The request you have made requires authentication. (HTTP 401) (Request-ID: req-ec807bd4-bd8e-416b-8e1b-bcaa541b1708) loginansatt01:~$ source PRIV_eigilo-openrc.sh Please enter your OpenStack Password for project PRIV_eigilo as user eigilo: loginansatt01:~$ openstack project show PRIV_eigilo +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Eigil's private sandbox | | domain_id | cb782810849b4ce8bce7f078cc193b19 | | enabled | True | | id | 2a4b680765554d728aa2f4d8aadab653 | | is_domain | False | | name | PRIV_eigilo | | parent_id | cb782810849b4ce8bce7f078cc193b19 | +-------------+----------------------------------+ |
Command autocomplete
To have the openstack client giving you suggestions on whats valid command you could create an autocomplete file, save it as .bash_completion in your home-directory. Log out, and back in, and your openstack command will suggest what you would like to type when you click tab:
Code Block |
---|
loginansatt01:~$ openstack complete > .bash_completion loginansatt01:~$ exit Connection to login.ansatt.ntnu.no closed. eigil@mylaptop:~/Downloads$ ssh eigilo@login.ansatt.ntnu.no eigilo@login.ansatt.ntnu.no's password: Last login: Thu Feb 2 13:23:57 2017 from 128.39.142.103 loginansatt01:~$ openstack <tab> <tab> access consumer help object server address container host orchestration service aggregate credential hypervisor policy snapshot availability domain identity port software backup ec2 image project stack catalog endpoint ip quota subnet command extension keypair region token complete federation limits request trust compute flavor mapping role usage configuration floating module router user console group network security volume loginansatt01:~$ openstack |
Creating an initial network topology
Before a virtual machine can be booted, there needs to be some infrastructure in place where the machine can live. The first part of this infrastructure is a network, and a router permitting devices on this network access to the internet.
Create a network
Creating this network is done trough the openstack command in two steps. First are the network created, with a name of your choice:
...
Here you can see the network created, in addition to the external network "ext-net" and the network created in the web-interface based guide.
Create a router, and give the network external access
At this point the network is an isolated island within the cloud, an to give the network external acces a router is needed. Routers are created like this:
...
Now the network infrastructure inside your cloud is ready to have virtual machines.
Configuring access parametres
The default settings does not allow much access to the resources inside skyhigh. To allow access to the virtual machines we are going to create we need to preform two steps:
- Allow incoming SSH traffic trough our skyhigh firewall
- Create a SSH keypair, where the public key will be injected into linux virtual machines when these are created.
Open up the firewall
It is possible to create multiple firewalls in Openstack, so that they can be tailored to each and every application. For now we are just going to modify the default firewall to allow incoming SSH traffic.
...
Code Block |
---|
loginansatt01:~$ openstack security group rule create --protocol tcp --ingress --dst-port 22 default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2017-02-02T14:24:22Z | | description | | | direction | ingress | | ethertype | IPv4 | | headers | | | id | 619ff756-3903-4543-b953-ba371988dd69 | | port_range_max | 22 | | port_range_min | 22 | | project_id | 2a4b680765554d728aa2f4d8aadab653 | | project_id | 2a4b680765554d728aa2f4d8aadab653 | | protocol | tcp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 1 | | security_group_id | 533a2023-35bb-41e2-adbc-d150d56250f0 | | updated_at | 2017-02-02T14:24:22Z | +-------------------+--------------------------------------+ loginansatt01:~$ openstack security group rule create --protocol icmp --ingress default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2017-02-02T14:24:44Z | | description | | | direction | ingress | | ethertype | IPv4 | | headers | | | id | 0ac41487-66ae-49f3-bc1a-13e3c8c57d76 | | port_range_max | None | | port_range_min | None | | project_id | 2a4b680765554d728aa2f4d8aadab653 | | project_id | 2a4b680765554d728aa2f4d8aadab653 | | protocol | icmp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 1 | | security_group_id | 533a2023-35bb-41e2-adbc-d150d56250f0 | | updated_at | 2017-02-02T14:24:44Z | +-------------------+--------------------------------------+ |
Upload a SSH public key
Openstack can create a keypair for you, but it also allows you to inject the public part of a keypair you already created.
Have openstack generate a new keypair
You could have openstack create a new keypair for you, and store the public key in the openstack database. The command returns the private-key, which should be stored in a file. It is smart to limit who have access to this file.
Code Block |
---|
loginansatt01:~$ openstack keypair create MySecondKey > MySecondKey.priv loginansatt01:~$ chmod 600 MySecondKey.priv |
Upload an existing public key
To upload a key which already exists (for example ~/.ssh/id_rsa.pub) the following command can be used.
Code Block |
---|
loginansatt01:~$ openstack keypair create MySecondExistingKey --public-key .ssh/id_rsa.pub +-------------+------------------------------------------------------------------+ | Field | Value | +-------------+------------------------------------------------------------------+ | fingerprint | c7:16:40:92:63:c4:f3:07:bb:43:21:34:82:cb:e9:f8 | | name | MySecondExistingKey | | user_id | 1790de92c726dc409c223dcfed7fe2c67d792f3cf8e7f46118e5c2bfd63faff3 | +-------------+------------------------------------------------------------------+ |
Creating a virtual machine
To create a virtual machine you need to decide how powerful it should be, and which image it should be based on. To list the various flavors and images you can use the following commands:
...
Code Block |
---|
loginansatt01:~$ openstack server list +---------------------+----------------+--------+---------------------+---------------------+ | ID | Name | Status | Networks | Image Name | +---------------------+----------------+--------+---------------------+---------------------+ | 7fd211d6-ed7b-492a- | MySecondServer | ACTIVE | MySecondNetwork=10. | Debian 8.7.0 | | 89cf-1f3fe2cf3bdf | | | 14.2.12 | (Jessie) stable | | | | | | amd64 | +---------------------+----------------+--------+---------------------+---------------------+ |
Assigning a floating IP to an instance
Your freshly made machine lives on your own private network, created by you, and is thus currently unreachable from the rest of the world. To enable outside access to the machine you would need to assign a floating IP address to it.
...