You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

The SkyHiGh environment allows you to create a virtual infrastructure by your designs. This infrastructure can consist of:

  • Virtual networks
  • Virtual routers
  • Virtual Servers

This article explains the prosess of how the initial setup of a small and simple architecture is performed trough the webinterface.

Webinterface login and navigation

When accessing the webinterface, you are presented with a login-page. The field "Domain" should be set to "NTNU", and the "User Name" and "Password" fields should be populated with your NTNU username and password.

Dashboard

After a successful login (which is possible only if your user has access to at least one SkyHiGh project), you are presented with a dashboard. This dashboard displays your current resource usage and your current quota limits. The top of the interface shows your current project name (right above the pointer in the image).

Top menus

If your user have access to more than one project, the current project can be switched using a menu in the top of the webinterface.

Left-hand menus:

To the left there is a menu which lets you administer specific parts of the infrastructure:

  • Project:
    • Compute: Virtual machine administration
      • Overview: This is the first page seen when logging in to the webinterface. Here a short summary of your project status is given.
      • Instances: This view is to administer virtual machines. Here it is possible to create new virtual machines, and administer existing machines.
      • Volumes: This view is to administer cinder volumes, which are bloc-devices/persistent-storage (disks) which can be attached to virtual machines.
      • Images: This view is to administer the images of which a virtual machine can boot from. It will always contain a wide selection of linux images (Debian, Fedora, Ubuntu, CentOS etc.) and some Windows images, and it is possible to upload your own images if the image you want is not present.
      • Access & Security: This view administers multiple access-related settings:
        • Security groups: The firewall protecting your virtual machines
        • Key Pairs: SSH key-pairs which allows you to log into your virtual machines
        • Floating IPs: IP-Adresses which enables you to connect to machines from external networks.
        • API Access: API information
    • Network: Network administration
      • Network Topology: A graphical representation of your infrastructure.
      • Networks: Your virtual networks.
      • Routers: Your virtual routers, routing
    • Orchestration: Openstack-heat, an automation engine to roll out virtual infrastructure based on scripts.
  • Identity: Lets you display information of your own affiliation to SkyHiGh.
    • Projects: This view is to show you which projects your user is a member of.

Creating an initial network topology

Before a virtual machine can be created, at least one network needs to be present for the machine to be present on. Creating this network, and a router to give the network external access, is described in this part.

Create a network

To create a network, you first have to navigate to "Network -> Networks" in the left hand menu, and clicking the button "create network". The dialog appearing have three sections.

First is the network-pane, which requires you to give the new network a name:

Then the network needs at least one subnet; and the first subnet is created in the "subnet" pane. Give it a name, and select an IP range. It is recommended to use some RFC1918 adresses, which is not in use elsewhere in NTNU. The current official use of RFC1918 is:

  • 10.0.0.0/8 - Used within NTNU, and is thus not recommended used in openstack networks.
  • 172.16.0.0/16 - Used as floating-IP's in skyhigh.hig.no; free in other clouds
  • 172.17.0.0/16 - Used within NTNU in Gjøvik, and is thus not recommended used in openstack networks.
  • 172.18.0.0/15 - Free
  • 172.20.0.0/14 - Free
  • 172.24.0.0/13 - Free
  • 192.168.0.0 - Partly used in NTNU Ålesund (subnets listed below). The rest is free.
    • 192.168.10.0/24
    • 192.168.30.0/24
    • 192.168.50.0/24
    • 192.168.90.0/24
    • 192.168.110.0/24
    • 192.168.114.0/24
    • 192.168.201.0/24
    • 192.168.212.0/24
    • 192.168.221.0/24
    • 192.168.222.0/24
    • 192.168.223.0/24
    • 192.168.224.0/24

The final part of the network configuration dialog is to define additional DHCP parameters for any hosts placed in this network. The defaults (shown in the picture) is sufficient, but the following can be defined if wanted:

  • Allocation pools: It is possible to limit which ranges of adresses in the subnet are used to address the virtual machines.
  • DNS Name Servers: If custom DNS Servers should be used for this subnet, their adresses should be listed here.
  • Host Routes: If static routes (except for the regular default-route) should be injected to the hosts, they should be listed here.

Create a router to give the network external access

The network just created is currently isolated from the rest of the world. To give this network access to other networks, and the internet, we need to create a router. Navigate to "Network -> Routers" in the left menu, and click the "Create Router" button. Give the router a name, and select the network "ext-net" as the external network.

When the router is created, click on its name to start configuring it. We need to add an interface to the router, so click the "Add Interface" button.

Select the desired subnet from the "Subnet" list, and submit the form.

A look at the Network Topology graph should display something like so:

Configuring access parametres

The default settings does not allow much access to the resources inside skyhigh. To allow access to the virtual machines we are going to create we need to preform two steps:

  1. Allow incoming SSH traffic trough our skyhigh firewall
  2. Create a SSH keypair, where the public key will be injected into linux virtual machines when these are created.

Open up the firewall

It is possible to create multiple firewalls in Openstack, so that they can be tailored to each and every application. For now we are just going to modify the default firewall to allow incoming SSH traffic. Click the "Manage Rules" button.

There are 4 firewall rules which are present by default, and these rules allow outgoing traffic both for IPv4 and IPv6 and incoming traffic from other hosts using the same security group. These default settings would thus allow your virtual machines to communicate with each other in addition to accessing the internet. No incoming traffic is allowed per default. Click on the "Add Rule" button to add a new rule.

To allow incoming SSH traffic, create a custom TCP Rule for the Ingress traffic destined for port 22:

It is also useful to be able to ping your virtual machines. To allow this another rule needs to be added allowing ICMP traffic:

Create SSH Keypair

Openstack can create a keypair for you, but it also allows you to inject the public part of a keypair you already created.

Create a new keypair

To have openstack create a keypair for you, click the "Create Key Pair" button.

Give the key a suitable name

And save the file which your browser then downloads a safe place. Remember that anyone with the posession of this key can log into your virtual machines if allowed access by the securituy groups (firewall).

Openstack does not store the private key, so if it is lost at a later point in time you would need to create a new key.

Inject an existing public-key

Particulary linux users often have ssh-keypairs already. In their case they can upload the public part of their key to openstack, allowing openstack to inject this key to new virtual machine. The default location for such public keys are "~/.ssh/id_rsa.pub". The content of this file can be pasted in the dialog box appearing when the "Import Key Pair" button is clicked:

Creating a virtual machine

At this point everything needed to create a virtual server is available (if you follow this guide...). To create the virtual server navigate to "Compute -> Instances" and click the "Launch Instance" button:

A multi-step dialog-box appears. First fill in a name for the machine:

Next you would need to select what your machine should boot from, and where it should store its files.There are a wide range of pre-made images available, containing a wide range of operating systems. To use one of these, select "Image" as the boot source.

It is recommended to not create a new volume but rather use the disk provided to the machine when a flavor is selected. If a new volume is created, its size will be taken from your storage qouta.

It is possible to search in the list of images. In this case it is searched for a debian image, and "Debian 8.7.0" is selected.

After an image is selected, it is time to select how powerful machine is needed. The amount of CPU and RAM are limited by your projects quotas, so it is wise to use some moderation when selecting your machine size. It is possible to increase the size later; not decrease...

Next up is to select a network for the machine:

The final step is to select which key to inject to the newly created machine. Select a key where you know you have the private key somewhere.

After pressing "Launch Instance" the openstack plattform should need a couple of seconds before your machine is running. You can see your machine in the "Instance" list.

Assigning a floating IP to the instance

Your freshly made machine lives on your own private network, created by you, and is thus currently unreachable from the rest of the world. To enable outside access to the machine you would need to assign a floating IP address to it. This is done using the Action menu:

If this is the first time you use a floating IP, there are probably no IP allocated to your project. To allocate an IP to your project you could use the small "+" button:

Select which network to allocate the floating IP from. At the time of writing there are only a single network available (ext-net), which is an RFC1918 network which is only available from inside the cloud environment.

When an IP is allocated, it can be Associated to a certain VM:

At the end the "Instance" list should display both the internal and the floating IP.

How to actually access your virtual machine is described in this page.

 

  • No labels