Versions Compared

Old Version 17

changes.mady.by.user Unknown User (bjarnesk)

Saved on

compared with

New Version 18

changes.mady.by.user Eigil Obrestad

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction to the CLI clients

The OpenStack CLI tools are available from both the "ansatt" and "student" login shells at NTNU. SSH to either login.ansatt.ntnu.no or login.stud.ntnu.no (depending on you affiliation). If you're running a *nix version on your personal computer, you can install the OpenStack CLI locally, and use the CLI tools directly from your own computer.

It's also possible to run the CLI client driectly from Windows. (lightly tested) HOWTO guide here

Authentication

A user needs to be authenticated before he/she can use the openstack clients. this is done by setting multiple environment-variables in the shell defining username/password/projectname+id and so forth. It is recommended to use the script which is downloadable from the webinterface to set these variables.

...

Code Block
loginansatt01:~$ openstack project show PRIV_eigilo
The request you have made requires authentication. (HTTP 401) (Request-ID: req-ec807bd4-bd8e-416b-8e1b-bcaa541b1708)
loginansatt01:~$ source PRIV_eigilo-openrc.sh 
Please enter your OpenStack Password for project PRIV_eigilo as user eigilo: 
loginansatt01:~$ openstack project show PRIV_eigilo
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Eigil's private sandbox          |
| domain_id   | cb782810849b4ce8bce7f078cc193b19 |
| enabled     | True                             |
| id          | 2a4b680765554d728aa2f4d8aadab653 |
| is_domain   | False                            |
| name        | PRIV_eigilo                      |
| parent_id   | cb782810849b4ce8bce7f078cc193b19 |
+-------------+----------------------------------+

Command autocomplete

To have the openstack client giving you suggestions on whats valid command you could create an autocomplete file, save it as .bash_completion in your home-directory. Log out, and back in, and your openstack command will suggest what you would like to type when you click tab:

Code Block
loginansatt01:~$ openstack complete > .bash_completion
loginansatt01:~$ exit
Connection to login.ansatt.ntnu.no closed.
eigil@mylaptop:~/Downloads$ ssh eigilo@login.ansatt.ntnu.no
eigilo@login.ansatt.ntnu.no's password: 
Last login: Thu Feb 2 13:23:57 2017 from 128.39.142.103
loginansatt01:~$ openstack <tab> <tab>
access consumer help object server
address container host orchestration service
aggregate credential hypervisor policy snapshot
availability domain identity port software
backup ec2 image project stack
catalog endpoint ip quota subnet
command extension keypair region token
complete federation limits request trust
compute flavor mapping role usage
configuration floating module router user
console group network security volume
loginansatt01:~$ openstack

Creating an initial network topology

Before a virtual machine can be booted, there needs to be some infrastructure in place where the machine can live. The first part of this infrastructure is a network, and a router permitting devices on this network access to the internet.

Create a network

Creating this network is done trough the openstack command in two steps. First are the network created, with a name of your choice:

...

Here you can see the network created, in addition to the external network "ext-net" and the network created in the web-interface based guide.

Create a router, and give the network external access

At this point the network is an isolated island within the cloud, an to give the network external acces a router is needed. Routers are created like this:

...

Now the network infrastructure inside your cloud is ready to have virtual machines.

Configuring access parametres

The default settings does not allow much access to the resources inside skyhigh. To allow access to the virtual machines we are going to create we need to preform two steps:

  1. Allow incoming SSH traffic trough our skyhigh firewall
  2. Create a SSH keypair, where the public key will be injected into linux virtual machines when these are created.

Open up the firewall

It is possible to create multiple firewalls in Openstack, so that they can be tailored to each and every application. For now we are just going to modify the default firewall to allow incoming SSH traffic.

...

Code Block
loginansatt01:~$ openstack security group rule create --protocol tcp --ingress --dst-port 22 default
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| created_at        | 2017-02-02T14:24:22Z                 |
| description       |                                      |
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| headers           |                                      |
| id                | 619ff756-3903-4543-b953-ba371988dd69 |
| port_range_max    | 22                                   |
| port_range_min    | 22                                   |
| project_id        | 2a4b680765554d728aa2f4d8aadab653     |
| project_id        | 2a4b680765554d728aa2f4d8aadab653     |
| protocol          | tcp                                  |
| remote_group_id   | None                                 |
| remote_ip_prefix  | 0.0.0.0/0                            |
| revision_number   | 1                                    |
| security_group_id | 533a2023-35bb-41e2-adbc-d150d56250f0 |
| updated_at        | 2017-02-02T14:24:22Z                 |
+-------------------+--------------------------------------+
loginansatt01:~$ openstack security group rule create --protocol icmp --ingress  default
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| created_at        | 2017-02-02T14:24:44Z                 |
| description       |                                      |
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| headers           |                                      |
| id                | 0ac41487-66ae-49f3-bc1a-13e3c8c57d76 |
| port_range_max    | None                                 |
| port_range_min    | None                                 |
| project_id        | 2a4b680765554d728aa2f4d8aadab653     |
| project_id        | 2a4b680765554d728aa2f4d8aadab653     |
| protocol          | icmp                                 |
| remote_group_id   | None                                 |
| remote_ip_prefix  | 0.0.0.0/0                            |
| revision_number   | 1                                    |
| security_group_id | 533a2023-35bb-41e2-adbc-d150d56250f0 |
| updated_at        | 2017-02-02T14:24:44Z                 |
+-------------------+--------------------------------------+

Upload a SSH public key

Openstack can create a keypair for you, but it also allows you to inject the public part of a keypair you already created.

Have openstack generate a new keypair

You could have openstack create a new keypair for you, and store the public key in the openstack database. The command returns the private-key, which should be stored in a file. It is smart to limit who have access to this file.

Code Block
loginansatt01:~$ openstack keypair create MySecondKey > MySecondKey.priv
loginansatt01:~$ chmod 600 MySecondKey.priv

Upload an existing public key

To upload a key which already exists (for example ~/.ssh/id_rsa.pub) the following command can be used.

Code Block
loginansatt01:~$ openstack keypair create MySecondExistingKey --public-key .ssh/id_rsa.pub
+-------------+------------------------------------------------------------------+
| Field       | Value                                                            |
+-------------+------------------------------------------------------------------+
| fingerprint | c7:16:40:92:63:c4:f3:07:bb:43:21:34:82:cb:e9:f8                  |
| name        | MySecondExistingKey                                              |
| user_id     | 1790de92c726dc409c223dcfed7fe2c67d792f3cf8e7f46118e5c2bfd63faff3 |
+-------------+------------------------------------------------------------------+

Creating  a virtual machine

To create a virtual machine you need to decide how powerful it should be, and which image it should be based on. To list the various flavors and images you can use the following commands:

...

Code Block
loginansatt01:~$ openstack server list
+---------------------+----------------+--------+---------------------+---------------------+
| ID                  | Name           | Status | Networks            | Image Name          |
+---------------------+----------------+--------+---------------------+---------------------+
| 7fd211d6-ed7b-492a- | MySecondServer | ACTIVE | MySecondNetwork=10. | Debian 8.7.0        |
| 89cf-1f3fe2cf3bdf   |                |        | 14.2.12             | (Jessie) stable     |
|                     |                |        |                     | amd64               |
+---------------------+----------------+--------+---------------------+---------------------+

Assigning a floating IP to an instance

Your freshly made machine lives on your own private network, created by you, and is thus currently unreachable from the rest of the world. To enable outside access to the machine you would need to assign a floating IP address to it.

...