Table of Contents |
---|
...
|
The openstack OpenStack CLI tools are available to all hosts which reside inside the cloud. The recommended entrypoint to start using these clients is to open an ssh client, and ssh to "skyhigh.hig.no" using your NTNU username and password. From that shell all openstack clients are available; and access to all floating IP's within the cloud.For CLI client access to stack.it.ntnu.no, from both the "ansatt" and "student" login shells at NTNU. SSH to either login.ansatt.ntnu.no or login.stud.ntnu.no (depending on you affiliation). The clients are available here.If you're running a *nix version on your personal computer, you can install the OpenStack CLI locally, and use the CLI tools directly from your own computer. It's also possible to run the CLI client driectly from WindwosWindows. (lightly tested) HOWTO guide here
Authentication
A user needs to be authenticated before he/she can use the openstack clients. this is done by setting multiple environment-variables in the shell defining username/password/projectname+id and so forth. It is recommended to use the script which is downloadable from the webinterface to set these variables.
To download this script you should log into the webinterface and horizon webinterface (links to the different installations on the top here) and navigate to "COMPUTE PROJECT -> API Access & Security" and select the "API Access" tab. There a link to "Download Openstack RC File v3" can be found. Download this script:
...
OpenStack RC File" from the "Downlaod OpenStack RC File dropdown.
Info |
---|
If you plan to run the CLI tools directly from your own computer, you can skip the steps regarding logging in to, and uploading the script to the login-shell. All the other examples and instructions applies for local usage as well. |
When the script is downloaded, it should be uploaded over ssh to your home-folder at "skyhigh.higlogin.[ansatt|stud].ntnu.no", if you're not planning on running the CLI tools from your own computer. This can be done using your favorite scp client. In windows "FileZilla" would work fine, while in linux you can just use the commandline like so:
Code Block |
---|
eigil@mylaptop:~/Downloads$ scp PRIV_eigilo-openrc.sh eigilo@skyhigheigilo@login.ansatt.higntnu.no:. eigilo@skyhigheigilo@login.ansatt.higntnu.no's password: PRIV_eigilo-openrc.sh 100% 1839 996.7KB/s 00:00 |
Next up is to log in to "skyhigh.higlogin.[ansatt|stud].ntnu.no" over SSH using your favorite ssh client. For windows you could use "putty", while linux and mac just can use the terminal. If your user is assigned to at least one openstack project you will be allowed into a machine called "access":
Code Block |
---|
eigil@mylaptop:~$ ssh eigilo@skyhigheigilo@login.ansatt.higntnu.no eigilo@skyhigheigilo@login.ansatt.higntnu.no's password: ACCESS GRANTED - You have access to one or more OpenStack projects eigilo@access:~$ <snip...> loginansatt01:~$ |
At this machine you should see the file you just uploaded, and to use the credentials from that file you should source it like so:
Code Block |
---|
eigilo@accessloginansatt01:~$ ls -l total 4 -rw-r--r-- 1 eigilo users 1839 feb. 2 13:19 PRIV_eigilo-openrc.sh eigilo@accessloginansatt01:~$ source PRIV_eigilo-openrc.sh Please enter your OpenStack Password for project PRIV_eigilo as user eigilo: |
At this point, if you typed your password correctly, you should be able to use the openstack client. Test this with the command "openstack project show <your_projectname>". In case this command returns an HTTP401 error, it is likely that you typed your password wrong. Try to type it again by sourcing the script one more time:
Code Block |
---|
eigilo@accessloginansatt01:~$ openstack project show PRIV_eigilo The request you have made requires authentication. (HTTP 401) (Request-ID: req-ec807bd4-bd8e-416b-8e1b-bcaa541b1708) eigilo@accessloginansatt01:~$ source PRIV_eigilo-openrc.sh Please enter your OpenStack Password for project PRIV_eigilo as user eigilo: eigilo@accessloginansatt01:~$ openstack project show PRIV_eigilo +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Eigil's private sandbox | | domain_id | cb782810849b4ce8bce7f078cc193b19 | | enabled | True | | id | 2a4b680765554d728aa2f4d8aadab653 | | is_domain | False | | name | PRIV_eigilo | | parent_id | cb782810849b4ce8bce7f078cc193b19 | +-------------+----------------------------------+ |
Command autocomplete
To have the openstack client giving you suggestions on whats valid command you could create an autocomplete file, save it as .bash_completion in your home-directory. Log out, and back in, and your openstack command will suggest what you would like to type when you click tab:
Code Block |
---|
eigilo@accessloginansatt01:~$ openstack complete > .bash_completion eigilo@accessloginansatt01:~$ exit Connection to skyhighlogin.ansatt.higntnu.no closed. eigil@mylaptop:~/Downloads$ ssh eigilo@skyhigheigilo@login.ansatt.higntnu.no eigilo@skyhigheigilo@login.ansatt.higntnu.no's password: Last login: Thu Feb 2 13:23:57 2017 from 128.39.142.103 ACCESS GRANTED - You have access to one or more OpenStack projects eigilo@accessloginansatt01:~$ openstack <tab> <tab> access consumer help object server address container host orchestration service aggregate credential hypervisor policy snapshot availability domain identity port software backup ec2 image project stack catalog endpoint ip quota subnet command extension keypair region token complete federation limits request trust compute flavor mapping role usage configuration floating module router user console group network security volume eigilo@accessloginansatt01:~$ openstack |
Creating an initial network topology
Before a virtual machine can be booted, there needs to be some infrastructure in place where the machine can live. The first part of this infrastructure is a network, and a router permitting devices on this network access to the internet.
Create a network
Creating this network is done trough the openstack command in two steps. First are the network created, with a name of your choice:
Code Block |
---|
eigilo@accessloginansatt01:~$ openstack network create MySecondNetwork +-------------------------+--------------------------------------+ | Field | Value | +-------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2017-02-02T13:50:12Z | | description | | | headers | | | id | 73a1a530-dbdd-47cc-ab89-e5fa8a58aaf3 | | ipv4_address_scope | None | | ipv6_address_scope | None | | mtu | 1500 | | name | MySecondNetwork | | project_id | 2a4b680765554d728aa2f4d8aadab653 | | project_id | 2a4b680765554d728aa2f4d8aadab653 | | revision_number | 2 | | router:external | Internal | | shared | False | | status | ACTIVE | | subnets | | | tags | [] | | updated_at | 2017-02-02T13:50:12Z | +-------------------------+--------------------------------------+ |
...
In this example the network "10.14.2.0/24" is used:
Code Block |
---|
eigilo@accessloginansatt01:~$ openstack subnet create --subnet-range 10192.14168.220.0/24 --network MySecondNetwork MySecondSubnet-v4 +-------------------+-------------------------------------------+ | Field | Value | +-------------------+-------------------------------------------+ | allocation_pools | 10192.14168.220.2-10192.14168.2.254 | | cidr | 10192.14268.220.0/24 | | created_at | 2017-02-02T13:52:15Z | | description | | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 10192.14168.220.1 | | headers | | | host_routes | | | id | 10e400ab-bffe-4c3f-8f08-bec9d8e6a81a | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | MySecondSubnet-v4 | | network_id | 73a1a530-dbdd-47cc-ab89-e5fa8a58aaf3 | | project_id | 2a4b680765554d728aa2f4d8aadab653 | | project_id | 2a4b680765554d728aa2f4d8aadab653 | | revision_number | 2 | | service_types | [] | | subnetpool_id | None | | updated_at | 2017-02-02T13:52:15Z | | +-------------------+-------------------------------------------+ |
At this point the network is created, and this can be verified as so:
Code Block |
---|
eigilo@access loginansatt01:~$ openstack network list +-------------------------------+------------------------+-------------------------------+ | ID | Name | Subnets | +-------------------------------+------------------------+-------------------------------+ | 22a507fa- | ntnu-internal | 804a1172-0573-43e5-a042-93591 | | ca51-4b57-bf84-784213917662 | | 4b8be7a | | 73a1a530-dbdd-47cc- | MySecondNetwork | 10e400ab-bffe-4c3f- | | ab89-e5fa8a58aaf3 | | 8f08-bec9d8e6a81a | | 85cdb406-4b53-49d2-bde7-e9aff | MyInitialNetwork | c25fae1e-9654-4364-b8fa- | | 441e869 | | b9f7c50ede61 | +-------------------------------+------------------------+-------------------------------+ |
Here you can see the network created, in addition to the external network "extntnu-netinternal" and the network created in the web-interface based guide.
Create a router, and give the network external access
At this point the network is an isolated island within the cloud, an to give the network external acces a router is needed. Routers are created like this:
Code Block |
---|
eigilo@accessloginansatt01:~$ openstack router create MySecondRouter +-------------------------+--------------------------------------+ | Field | Value | +-------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2017-02-02T13:56:18Z | | description | | | external_gateway_info | null | | flavor_id | None | | headers | | | id | 766936de-2c5f-44aa-8f38-2f13d6f701ae | | name | MySecondRouter | | project_id | 2a4b680765554d728aa2f4d8aadab653 | | project_id | 2a4b680765554d728aa2f4d8aadab653 | | revision_number | 2 | | routes | | | status | ACTIVE | | updated_at | 2017-02-02T13:56:18Z | +-------------------------+--------------------------------------+ |
The router then needs to be given an external gateway. This is currently not possible to do trough the openstack clients, so the "neutron" client need to be used. See this article for an overview of which external networks are available at which cloud.
Code Block |
---|
eigilo@accessloginansatt01:~$ neutronopenstack router set --external-gateway-set MySecondRouter ntnu-internal Set gatewayMySecondRouter for router MySecondRouter |
The router needs to be connected to the subnet like this:
Code Block |
---|
eigilo@accessloginansatt01:~$ openstack router add subnet MySecondRouter MySecondSubnet-v4 |
Now the network infrastructure inside your cloud is ready to have virtual machines.
Configuring access parametres
The default settings does not allow much access to the resources inside skyhigh. To allow access to the virtual machines we are going to create we need to preform two steps:
- Allow incoming SSH traffic trough our skyhigh firewall
- Create a SSH keypair, where the public key will be injected into linux virtual machines when these are created.
Open up the firewall
It is possible to create multiple firewalls in Openstack, so that they can be tailored to each and every application. For now we are just going to modify the default firewall to allow incoming SSH traffic.
There are 4 firewall rules which are present by default, and these rules allow outgoing traffic both for IPv4 and IPv6 and incoming traffic from other hosts using the same security group. These default settings would thus allow your virtual machines to communicate with each other in addition to accessing the internet. No incoming traffic is allowed per default.
Code Block |
---|
eigilo@accessloginansatt01:~$ openstack security group rule list default +--------------------------+-------------+----------+------------+--------------------------+ | ID | IP Protocol | IP Range | Port Range | Remote Security Group | +--------------------------+-------------+----------+------------+--------------------------+ | 4638b4f3-b1b6-49d6-8a42- | None | None | | 533a2023-35bb-41e2-adbc- | | abee8fccb606 | | | | d150d56250f0 | | 829c6797-5978-4c72-854f- | None | None | | None | | de4d8b8dc32f | | | | | | 9cd97ab3-9ece- | None | None | | None | | 406f-8943-667eda08eed9 | | | | | | e633108d-0bb1-4ab5-ae7c- | None | None | | 533a2023-35bb-41e2-adbc- | | a82bcbe919f6 | | | | d150d56250f0 | +--------------------------+-------------+----------+------------+--------------------------+ |
...
- One rule to allow incoming SSH connections (TCP Port 22)
- One rule to allow incoming ICMP
Code Block |
---|
eigilo@accessloginansatt01:~$ openstack security group rule create --protocol tcp --ingress --dst-port 22 default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2017-02-02T14:24:22Z | | description | | | direction | ingress | | ethertype | IPv4 | | headers | | | id | 619ff756-3903-4543-b953-ba371988dd69 | | port_range_max | 22 | | port_range_min | 22 | | project_id | 2a4b680765554d728aa2f4d8aadab653 | | project_id | 2a4b680765554d728aa2f4d8aadab653 | | protocol | tcp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 1 | | security_group_id | 533a2023-35bb-41e2-adbc-d150d56250f0 | | updated_at | 2017-02-02T14:24:22Z | +-------------------+--------------------------------------+ eigilo@accessloginansatt01:~$ openstack security group rule create --protocol icmp --ingress default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2017-02-02T14:24:44Z | | description | | | direction | ingress | | ethertype | IPv4 | | headers | | | id | 0ac41487-66ae-49f3-bc1a-13e3c8c57d76 | | port_range_max | None | | port_range_min | None | | project_id | 2a4b680765554d728aa2f4d8aadab653 | | project_id | 2a4b680765554d728aa2f4d8aadab653 | | protocol | icmp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 1 | | security_group_id | 533a2023-35bb-41e2-adbc-d150d56250f0 | | updated_at | 2017-02-02T14:24:44Z | +-------------------+--------------------------------------+ |
Upload a SSH public key
Openstack can create a keypair for you, but it also allows you to inject the public part of a keypair you already created.
Have openstack generate a new keypair
You could have openstack create a new keypair for you, and store the public key in the openstack database. The command returns the private-key, which should be stored in a file. It is smart to limit who have access to this file.
Code Block |
---|
eigilo@accessloginansatt01:~$ openstack keypair create MySecondKey > MySecondKey.priv eigilo@accessloginansatt01:~$ chmod 600 MySecondKey.priv |
Upload an existing public key
To upload a key which already exists (for example ~/.ssh/id_rsa.pub) the following command can be used.
Code Block |
---|
eigilo@accessloginansatt01:~$ openstack keypair create MySecondExistingKey --public-key .ssh/id_rsa.pub +-------------+------------------------------------------------------------------+ | Field | Value | +-------------+------------------------------------------------------------------+ | fingerprint | c7:16:40:92:63:c4:f3:07:bb:43:21:34:82:cb:e9:f8 | | name | MySecondExistingKey | | user_id | 1790de92c726dc409c223dcfed7fe2c67d792f3cf8e7f46118e5c2bfd63faff3 | +-------------+------------------------------------------------------------------+ |
Creating a virtual machine
To create a virtual machine you need to decide how powerful it should be, and which image it should be based on. To list the various flavors and images you can use the following commands:
Code Block |
---|
eigilo@accessloginansatt01:~$ openstack image list +--------------------------------------+------------------------------------------------------+-------------+ | ID | Name | Status | +--------------------------------------+------------------------------------------------------+-------------+ | 8898ac64db1bc18e-09cd81e3-4f93477e-a8e09067-b6c761b0fbfbeecaa459ec33 | DebianUbuntu Server 8.7.022.04 LTS (JessieJammy Jellyfish) stable amd64 | active | ... Output is cut for brevity ... +--------------------------------------+------------------------------------------------------+-------------+ eigilo@access loginansatt01:~$ openstack flavor list +--------------------------+---------+------------+--------+------+-----------+-------+-----------+ | ID | Name | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +--------------------------+---------+------------+--------+------+-----------+-------+-----------+ | 0a4b60722295f296-474a-31704249-447a9774- | gx1.1c2r | m1.tiny | | 2048 1024 | 1040 | 0 | 1 | True | | 8ac1-89562fd1c042ea442b145700 | | | | | | | | 41272f0e764f3bb4-d3ff8abb-4fe64806-97eb-b21c- | gx1.1c1r | m1.xlarge | 16384 1024 | 8040 | 0 | 81 | True | | 0910267b2dad 3d7e3b60f3fd | | | | | | | | | 7d7f1dfe9af88dd9-9af08720-48ff447e-9ecfb0c6- | gx1.1c4r | m1.micro | 5124096 | 540 | 0 | 1 | True | | 77194cee0749 5b501a20b4cb | | | | | | | | | f0cc87d7f087c7cf-66839bbb-474f4730-b1ea826d- | gx1.1c3r | m1.2xlarge | 327683072 | 10040 | 0 | 16 1 | True | | ef4a0660797f22badb3d8bed | | | | | | | | | f2cb5be95fcfba2c-2e415329-4c9641ba-a3779c22-25e20 | m1.mediumgx1.2c1r | 4096 1024 | 40 | 0 | 2 | True | | ca611ec38194e89cb49 | | | | | | | | | | f5c05713644eadfd-c2c01fa6-471e489c-86649f96-46248 | m1.largegx1.2c3r | 81923072 | 6040 | 0 | 42 | True | | 283a6af76afb1b8a8b8 | | | | | | | | | fab9a8bf677c0ce0-88091891-47804632-90d9bd27-e71e5 | m1.smallgx3.2c8r | 2048 8192 | 2040 | 0 | 12 | True | | 0ddf3d7da63efbb5530 | | | | | | | | | +| 931a16c5-fa1e-4f51-----------------------------+------------+-------+8298- | gx1.2c4r | 4096 | 40 | 0 | 2 | True | | 86364b72eb48 | | | | | | | ... Output is cut for brevity ... +------+-------------+-------+-------------+---------+-------+------+-----------+-------+-----------+ |
The virtual server is then booted using this command:
Code Block |
---|
eigilo@accessloginansatt01:~$ openstack server create --image 8898ac64-09cd-4f93-a8e0-b6c761b0fbfb --flavor m1gx1.medium2c4r --security-group default --key-name MySecondExistingKey --nicnetwork net-id=73a1a530-dbdd-47cc-ab89-e5fa8a58aaf3 MySecondServer +-----------------------------+---------+-----------------------------------------------------------------+ | Field | Value | Value | +-----------------------------+----------+----------------------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | MANUAL | | OS-EXT-AZ:availability_zone | | | | OS-EXT-SRV-STS:power_state ATTR:hostname | MySecondServer | NOSTATE | | OS-EXT-STS:taskpower_state | NOSTATE | scheduling | | OS-EXT-STS:vmtask_state | scheduling | building | | OS-SRVEXT-USGSTS:launched_atvm_state | building | None | | OS-SRV-USG:terminatedlaunched_at | None | None | | accessIPv4 | | OS-SRV-USG:terminated_at | None | | | accessIPv6 | | accessIPv4 | | | addresses | | accessIPv6 | | | | adminPass | 54SSdRg3coxd | | addresses | | | config_drive | | | adminPass | | created JUx2tqiYyExH | 2017-02-02T14:47:24Z | | flavorconfig_drive | | m1.medium (f2cb5be9-2e41-4c96-a377-25e20ca611ec) | | hostId | | | created | 2023-10-03T08:29:42Z | | id | 7fd211d6-ed7b-492a-89cf-1f3fe2cf3bdf | | imagedescription | None | Debian 8.7.0 (Jessie) stable amd64 (8898ac64-09cd- | | | 4f93-a8e0-b6c761b0fbfb) | | flavor | | key_name | disk='40', ephemeral='0', | MySecondExistingKey | | name | extra_specs.aggregate_instance_extra_specs:node_type='general', | MySecondServer | | | | os-extended-volumes:volumes_attached | [] extra_specs.hw:cpu_cores='1', extra_specs.hw:cpu_sockets='2', | | | extra_specs.hw:cpu_threads='1', extra_specs.hw_rng:allowed='true', | | progress | 0 | extra_specs.hw_rng:rate_bytes='24', | | | | project_id | extra_specs.hw_rng:rate_period='5000', | 2a4b680765554d728aa2f4d8aadab653 | | properties | | | | extra_specs.quota:cpu_shares='1024', | | | | security_groups | [{u'name': u'default'}]extra_specs.quota:disk_read_iops_sec='300', | | status | BUILDextra_specs.quota:disk_write_iops_sec='300', | | | | updated | extra_specs.trait:HW_CPU_X86_AESNI='required', original_name='gx1.2c4r', | | | 2017-02-02T14:47:25Z ram='4096', swap='0', vcpus='2' | | user_id hostId | | 1790de92c726dc409c223dcfed7fe2c67d792f3cf8e7f46118 | | | e5c2bfd63faff3 | | id | + 334c71e1-d750-4b25------------------------------------+----------------------------------------------------+ |
If all is well, the machine should reach the "ACTIVE" state within seconds:
Code Block |
---|
eigilo@access:~$ openstack server list +---------------------+----------------+--------+---------------------+---------------------+ | ID95d6-b21a26844754 | | image | Name Ubuntu Server 22.04 LTS (Jammy Jellyfish) amd64 | Status | Networks | Image Name | | +---------------------+----------------+--------+---------------------+---------------------+ | 7fd211d6-ed7b-492a- | MySecondServer | ACTIVE | MySecondNetwork=10. | Debian 8.7.0 | (db1bc18e-81e3-477e-9067-eecaa459ec33) | | 89cf-1f3fe2cf3bdf | | | 14.2.12 | | key_name | (Jessie) stable MySecondExistingKey | | locked | False | | | | amd64locked_reason | None | | name | MySecondServer | | progress | 0 | | project_id | 2a4b680765554d728aa2f4d8aadab653 | | properties | | | security_groups | name='cd6ba272-1df3-4767-8330-2e8c4d0679c2' | | server_groups | [] | | status | BUILD | | tags | | | trusted_image_certificates | None | | updated | 2023-10-03T08:29:43Z | | user_id | 1790de92c726dc409c223dcfed7fe2c67d792f3cf8e7f46118e5c2bfd63faff3 | | volumes_attached | | +-----------------------------+--------------------------------------------------------------------------+ |
If all is well, the machine should reach the "ACTIVE" state within seconds:
Code Block |
---|
loginansatt01:~$ openstack server list
+------------------------------+------------------+--------+---------------------------------------+--------------------------------+-----------+
| ID | Name | Status | Networks | Image | Flavor |
+------------------------------+------------------+--------+---------------------------------------+--------------------------------+-----------+
| 7fd211d6-ed7b-492a-89cf- | MySecondServer | ACTIVE | MySecondNetwork=192.168.101.63 | Ubuntu Server 22.04 LTS (Jammy | gx1.2c4r |
| 1f3fe2cf3bdf | | | | Jellyfish) amd64 | |
+------------------------------+------------------+--------+---------------------------------------+--------------------------------+-----------+ |
Assigning a floating IP to an instance
Your freshly made machine lives on your own private network, created by you, and is thus currently unreachable from the rest of the world. To enable outside access to the machine you would need to assign a floating IP address to it.
If this is the first time you use a floating IP, there are probably no IP allocated to your project. To allocate an IP to your project you could use the following command:
Code Block |
---|
loginansatt01:~$ openstack floating ip create ntnu-internal +---------------------+--------------------------------------+ | Field | Value | +-- +---------------------+-------------------+--------+---------------------+---------+ | created_at | 2017------------+ |
Assigning a floating IP to an instance
Your freshly made machine lives on your own private network, created by you, and is thus currently unreachable from the rest of the world. To enable outside access to the machine you would need to assign a floating IP address to it.
If this is the first time you use a floating IP, there are probably no IP allocated to your project. To allocate an IP to your project you could use the following command:
Code Block |
---|
eigilo@access:~$ openstack floating ip create ntnu-internal +---------------------+--------------------------------------+ | Field02-02T14:52:46Z | | description | | | fixed_ip_address | None | | floating_ip_address | 10.212.136.24 | | floating_network_id | 22a507fa-ca51-4b57-bf84-784213917662 | | headers | | | id | 1a90e802-5bc4-4997-b255-b2c942cfaa94 | | port_id | None | | project_id Value | 2a4b680765554d728aa2f4d8aadab653 | | project_id | 2a4b680765554d728aa2f4d8aadab653 | +---------------------+--------------------------------------+ | created_atrevision_number | 1 | 2017-02-02T14:52:46Z | | description| router_id | None | | | status | | fixed_ip_address | NoneDOWN | | floating_ip_address | 10.212.136.24updated_at | 2017-02-02T14:52:46Z | +---------------------+--------------------------------------+ |
To show the floating IP's belonging to your project you could list them like so:
Code Block |
---|
loginansatt01:~$ openstack | | floating_network_id | 22a507fa-ca51-4b57-bf84-784213917662 | | headers | | | id | 1a90e802-5bc4-4997-b255-b2c942cfaa94 | | port_id | None ip list +------------------------+-----------------------+---------------------+-------------------------+ | ID | | project_idFloating IP Address | 2a4b680765554d728aa2f4d8aadab653 | | project_id | 2a4b680765554d728aa2f4d8aadab653 Fixed IP Address | | revision_numberPort | 1 | +------------------------+-----------------------+---------------------+-------------------------+ | 1a90e802-5bc4-4997-b25 | 10.212.136.21 | None | | router_id | None | None | | 5-b2c942cfaa94 | | | status | DOWN | | | updated_at | | 20175736b7eb-02-02T14:52:46Z7934-4629 | 10.212.136.20 | +---------------------+--------------------------------------+ |
To show the floating IP's belonging to your project you could list them like so:
Code Block |
---|
eigilo@access:~$ openstack floating ip list +------------------------+-----------------------+------------------+-------------------------+ | ID | 192.168.20.105 | 635637c2-b1ca-4759 | | -921c-8d9cbda9c0af | | Floating IP Address | Fixed IP Address | Port | -8c5b-e7711c667138 | +------------------------+-----------------------+---------------------+-------------------------+ | 1a90e802-5bc4-4997-b25 | |
To assign a floating IP to a virtual machine, you would use the following command:
Code Block |
---|
loginansatt01:~$ openstack server add floating ip MySecondServer 10.212.136.21 |
At this point you should be able to ping the server:
Code Block |
---|
loginansatt01:~$ ping 10.212.136.21 PING 10.212.136.21 (10.212.136.21) 56(84) bytes of data. 64 bytes from 10.212.136.21: icmp_seq=1 ttl=62 time=3.23 ms 64 bytes from 10.212.136.21: icmp_seq=2 ttl=62 time=1.03 ms ^C --- 10.212.136.21 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 1.032/2.135/3.238/1.103 ms |
And you should be able to log into it, using the private part of the key selected when the server were booted.
Depending on the OS installed, the default user name is different. See the complete list here
Code Block |
---|
loginansatt01:~$ ssh ubuntu@10.212.136.21 -i .ssh/id_rsa The authenticity of host '10.212.136.21 (10.212.136.21)' can't be established. ECDSA key fingerprint is SHA256:PIR85mFU0TiOZ0mXHz1ExMvds1D1YO1eF+/TTniAYfo. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.212.136.21' (ECDSA) to the list of known hosts. Welcome to Ubuntu 22.04.1 LTS (GNU/Linux 5.15.0-48-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: | None | None | | 5-b2c942cfaa94 | | | | | 5736b7eb-7934-4629 | 10.212.136.20 | 10.14.1.105 | 635637c2-b1ca-4759 | | -921c-8d9cbda9c0af | https://ubuntu.com/advantage System information as of Tue Oct 3 08:38:59 UTC |2023 System load: 0.04541015625 | -8c5b-e7711c667138 Usage of /: | +------------------------+-----------------------+------------------+-------------------------+ |
To assign a floating IP to a virtual machine, you would use the following command:
Code Block |
---|
eigilo@access:~$ openstack server add floating ip MySecondServer 10.212.136.21 |
At this point you should be able to ping the server:
Code Block |
---|
eigilo@access:~$ ping 10.212.136.21
PING 10.212.136.21 (10.212.136.21) 56(84) bytes of data.
64 bytes from 10.212.136.21: icmp_seq=1 ttl=62 time=3.23 ms
64 bytes from 10.212.136.21: icmp_seq=2 ttl=62 time=1.03 ms
^C
--- 10.212.136.21 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.032/2.135/3.238/1.103 ms |
And you should be able to log into it, using the private part of the key selected when the server were booted:
Code Block |
---|
eigilo@access:~$ ssh debian@10.212.136.21 -i .ssh/id_rsa The authenticity of host '10.212.136.21 (10.212.136.21)' can't be established. ECDSA key fingerprint is SHA256:PIR85mFU0TiOZ0mXHz1ExMvds1D1YO1eF+/TTniAYfo. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.212.136.21' (ECDSA) to the list of known hosts. The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. debian@mysecondserver6.9% of 38.58GB Memory usage: 19% Swap usage: 0% Processes: 101 Users logged in: 0 IPv4 address for ens3: 192.168.101.63 * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s just raised the bar for easy, resilient and secure K8s cluster deployment. https://ubuntu.com/engage/secure-kubernetes-at-the-edge 93 updates can be applied immediately. 1 of these updates is a standard security update. To see these additional updates run: apt list --upgradable 1 updates could not be installed automatically. For more details, see /var/log/unattended-upgrades/unattended-upgrades.log *** System restart required *** Last login: Wed Sep 27 11:42:23 2023 from 2001:700:1d00:13:13c6:b788:b27:a3eb ubuntu@mysecondserver:~$ |