You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 34 Next »

Depending of which openstack-installation you have been given access to, one of the following web-interfaces should be used:

This article explains the prosess of how the initial setup of a small and simple architecture is performed trough the webinterface.

Webinterface login and navigation

When accessing the webinterface, you are presented with a login-page. The domain dropdown should be set to "NTNU accounts", and the "User Name" and "Password" fields should be populated with your NTNU username and password.

 

Dashboard

After a successful login (which is possible only if your user has access to at least one SkyHiGh project), you are presented with a dashboard. This dashboard displays your current resource usage and your current quota limits. The top of the interface shows your current project name (right above the pointer in the image).

Top menus

If your user have access to more than one project, the current project can be switched using a menu in the top of the webinterface.

Left-hand menus:

To the left there is a menu which lets you administer specific parts of the infrastructure:

  • Project:
    • API Access: API information
    • Compute: Virtual machine administration
      • Overview: This is the first page seen when logging in to the webinterface. Here a short summary of your project status is given.
      • Instances: This view is to administer virtual machines. Here it is possible to create new virtual machines, and administer existing machines.
      • Images: This view is to administer the images of which a virtual machine can boot from. It will always contain a wide selection of linux images (Debian, Fedora, Ubuntu, CentOS etc.) and some Windows images, and it is possible to upload your own images if the image you want is not present.
      • Key Pairs: SSH key-pairs which allows you to log into your virtual machines
      • Server groups: Advanced functionality, where you can create server groups for your VMs, with different scheduling policies. I.e making sure that instances is spread across different physical hosts.
    • Volumes: Volume administration
      • Volumes: This view is to administer cinder volumes, which are block-devices/persistent-storage (disks) which can be attached to virtual machines.
      • Snapshots:
      • Groups:
      • Group Snapshots:
    • Container Infra: Container cluster administration
      • Clusters: Start page for managing container clusters (i.e kubernetes)
      • Cluster Templates: Templates for container cluster creation
    • Network: Network administration
      • Network Topology: A graphical representation of your infrastructure.
      • Networks: Your virtual networks.
      • Routers: Your virtual routers, routing
      • Security groups: The firewall protecting your virtual machines
      • Load balancers: Manage virtual load balancers
      • Floating IPs: IP-Adresses which enables you to connect to machines from external networks.
    • Orchestration: Openstack-heat, an automation engine to roll out virtual infrastructure based on scripts.
    • Object Store: Object storage administration
      • Containers: Your containers for object storage
  • Identity: Lets you display information of your own affiliation to SkyHiGh.
    • Projects: This view is to show you which projects your user is a member of.

Creating an initial network topology

Before a virtual machine can be created, at least one network needs to be present for the machine to be present on. Creating this network, and a router to give the network external access, is described in this part.

Create a network

To create a network, you first have to navigate to "Network -> Networks" in the left hand menu, and clicking the button "create network". The dialog appearing have three sections.

First is the network-pane, which requires you to give the new network a name (do not change the other defaults):

Then the network needs at least one subnet; and the first subnet is created in the "subnet" pane. Give it a name, choose "Enter Network Address manually", and select an IP range. It is not necessary to fill in anything for Gateway IP, it has a sane default (the first usable address in your selected subnet).  See this article to see which addresses to select.

In this example the subnet "192.168.10.0/24" is used.


The final part of the network configuration dialog is to define additional DHCP parameters for any hosts placed in this network. DO NOT UNTICK THE "ENABLE DHCP" BOX! The defaults (shown in the picture) is sufficient, but the following can be defined if wanted:

  • Allocation pools: It is possible to limit which ranges of adresses in the subnet are used to address the virtual machines. The default is to use the whole pool; which should be fine in most cases.
  • DNS Name Servers: If custom DNS Servers should be used for this subnet, their adresses should be listed here. The blank default will use NTNUs nameservers (129.241.0.200 and 129.241.0.201).
  • Host Routes: If static routes (except for the regular default-route) should be injected to the hosts, they should be listed here.

Create a router to give the network external access

The network just created is currently isolated from the rest of the world. To give this network access to other networks, and the internet, we need to create a router. Navigate to "Network -> Routers" in the left menu, and click the "Create Router" button. Give the router a name,  leave the "Enable Admin State" ticked, and select which external network this router should be connected to. This articles has an overview of the various external networks available.

When the router is created, click on its name to start configuring it. We need to add an interface to the router, so click the "Add Interface" button.


Select the desired subnet from the "Subnet" list, and submit the form. Note that the IP address is optional. That means it has a sane default (the first addressable IP in the selected subnet).

A look at the Network Topology graph should display something like so:


Configuring access parametres

The default settings does not allow much access to the resources inside skyhigh. To allow access to the virtual machines we are going to create we need to preform two steps:

  1. Allow incoming SSH traffic trough our skyhigh firewall
  2. Create a SSH keypair, where the public key will be injected into linux virtual machines when these are created.

Open up the firewall

It is possible to create multiple firewalls in Openstack, so that they can be tailored to each and every application. For now we are just going to modify the default firewall to allow incoming SSH traffic. Click the "Manage Rules" button.


There are 4 firewall rules which are present by default, and these rules allow outgoing traffic both for IPv4 and IPv6 and incoming traffic from other hosts using the same security group. These default settings would thus allow your virtual machines to communicate with each other in addition to accessing the internet. No incoming traffic is allowed per default. Click on the "Add Rule" button to add a new rule.


To allow incoming SSH traffic, create a custom TCP Rule for the Ingress traffic destined for port 22:

It is also useful to be able to ping your virtual machines. To allow this another rule needs to be added allowing ICMP traffic:

Create SSH Keypair

Openstack can create a keypair for you, but it also allows you to inject the public part of a keypair you already created.

If you are a Windows user, and are planning to use PuTTY as your SSH client - please advise this page. Please note that from Windows 10, the ssh command line client is included in powershell, and you can use it the same way as you would in Linux.

Create a new keypair

To have openstack create a keypair for you, click the "Create Key Pair" button.


Give the key a suitable name

And save the file which your browser then downloads a safe place. Remember that anyone with the posession of this key can log into your virtual machines if allowed access by the securituy groups (firewall).

Openstack does not store the private key, so if it is lost at a later point in time you would need to create a new key.

Inject an existing public-key

Particulary linux users often have ssh-keypairs already. In their case they can upload the public part of their key to openstack, allowing openstack to inject this key to new virtual machine. The default location for such public keys are "~/.ssh/id_rsa.pub". The content of this file can be pasted in the dialog box appearing when the "Import Key Pair" button is clicked:

Creating a virtual machine

At this point everything needed to create a virtual server is available (if you follow this guide...). To create the virtual server navigate to "Compute -> Instances" and click the "Launch Instance" button:

A multi-step dialog-box appears. First fill in a name for the machine:

Next you would need to select what your machine should boot from, and where it should store its files.There are a wide range of pre-made images available, containing a wide range of operating systems. To use one of these, select "Image" as the boot source.

It is recommended to not create a new volume but rather use the disk provided to the machine when a flavor is selected. Selecting yes when creating an image will create downtime during patch window since the vm can't be live migrated during stack upgrade. If a new volume is created, its size will be taken from your storage qouta.

It is possible to search in the list of images. In this case it is searched for an ubuntu image, and "Ubuntu 20.04 LTS (Focal Fossa) amd64" is selected.


After an image is selected, it is time to select how powerful machine is needed. The amount of CPU and RAM are limited by your projects quotas, so it is wise to use some moderation when selecting your machine size. It is possible to increase the size later; not decrease...

Next up is to select a network for the machine:

The final step is to select which key to inject to the newly created machine. Select a key where you know you have the private key somewhere.

If you want to inject more than one key, you can specifiy as many keys as you want in the "Configuration" tab like this:

Cloud-config template 
#cloud-config
ssh_authorized_keys:
    - <paste public key here>

 

After pressing "Launch Instance" the openstack plattform should need a couple of seconds before your machine is running. You can see your machine in the "Instance" list.


Assigning a floating IP to the instance

Your freshly made machine lives on your own private network, created by you, and is thus currently unreachable from the rest of the world. To enable outside access to the machine you would need to assign a floating IP address to it. This is done using the Action menu:

If this is the first time you use a floating IP, there are probably no IP allocated to your project. To allocate an IP to your project you could use the small "+" button:


Select which network to allocate the floating IP from (what networks are available can be seen here). It should be the same network that were sellected when the router were created.

 

When an IP is allocated, it can be Associated to a certain VM:


At the end the "Instance" list should display both the internal and the floating IP.


How to actually access your virtual machine is described in this page.

 

  • No labels