Professional Documents
Culture Documents
29-10-2015 &
30-10-2015
Web: http://www.auttvl.ac.in
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 1
29-10-2015 &
30-10-2015
[Live Hands On Openstack Kilo version with Packstack , Rdo , Nova , Swift And Neutron ]
AGENDA
Day 1 (29-October-2015)
What is OpenStack?
Case Study (Real Time)
What are three Service models and OpenStack IaaS?
Juno , Kilo
OpenStack Components
OpenStack Arhitecture
OpenStack Releases
OpenStack Network Model
Hands on - Cent OS 7 GNOME or KDE Installation
Hands on - Firewall Configuration , GRUB Config
Hands on - DHCP / Static IP Configuration
Hands on - Firewall Access to Enable Port
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 2
29-10-2015 &
30-10-2015
Dashboard walkthrough
Add the Block Storage service - OpenStack Block
Storage
Hands on - Install and configure controller node
Hands on - Install and configure a storage node
Hands on - Verify operation
Hands on -Add Object Storage - OpenStack Object Storage
Hands on - SSH , CURL , VNC , RDesktop
Hands on - Add the Identity service
Hands on - Add the Image Service
Hands on - Add the Compute service
Hands on - Replication - SWIFT
Demo - Security/ACLs
SESSION 4 [Modeling application connectivity in Nova vs Neutron]
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 3
29-10-2015 &
30-10-2015
3.
4.
5.
6.
Setting Up a project
7.
Murano in a Minute
8.
9.
10.
11.
12.
13.
14.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 4
29-10-2015 &
30-10-2015
RDO Quickstart
Deploying RDO is a quick and easy process. Setting up an OpenStack cloud takes
approximately 15 minutes, and can be as short as 3 steps.
Below, we'll explain how to set up OpenStack on a single server. You'll be able
to add more nodes to your OpenStack cloud later, if you choose.
If you just want to try it out without installing anything, check out TryStack. See
also Installation for alternate deployment methods.
These instructions are to install the current ("Juno") release.
Step 0: Prerequisites
Software: Red Hat Enterprise Linux (RHEL) 7 is the minimum recommended
version, or the equivalent version of one of the RHEL-based Linux distributions such
as CentOS, Scientific Linux, etc., or Fedora 20 or later. x86_64 is currently the only
supported architecture. See also RDO repository info for details on required
repositories. Please name the host with a fully qualified domain name rather than a
short-form name to avoid DNS issues with Packstack.
Fedora 21 is still in development and running RDO Juno on Fedora 21 is
not recommended at this time. A separate announcement will be made on
the rdo-list mailing list when RDO Juno on Fedora 21 is ready.
Hardware: Machine with at least 2GB RAM, processors with hardware virtualization
extensions, and at least one network adapter.
In case your system is running with NetworkManager, you need to disable it.
Stop and disable NetworkManager:
systemctl stop NetworkManager
systemctl disable NetworkManager
systemctl enable network
Make sure devices are named properly for the network daemon: i.e. the following
line must be present in /etc/sysconfig/network-scripts/ifcfg-<interface_name>
DEVICE="<interface_name>"
where <interface_name> is usually "eth0" or "em1".
Take down all interfaces (but the one via you're connected to the machine) with:
ifdown <interface_name>
Start the network daemon:
ifdown <interface_name> && systemctl start network
Step 1: Software repositories
Update your current packages:
sudo yum update -y
Setup the RDO repositories:
sudo yum install -y https://rdo.fedorapeople.org/rdo-release.rpm
Looking for Icehouse? Use http://rdo.fedorapeople.org/openstack-icehouse/rdorelease-icehouse.rpm instead. Looking for an older version?
See http://rdo.fedorapeople.org/ for the full listing.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 5
29-10-2015 &
30-10-2015
Mirantis Private Cloud as a Service is the fastest way to get your hands on a
fully-functional, optimally-configured, private OpenStack cloud, running on hosted
bare metal and able to scale on demand.
Basic Cloud Operations: Adding New Custom Boot Images
Step by Step
Getting into Mirantis OpenStack Express is simple: just log in the home screen
shows server usage and cluster locations, and provides links and authentication for
the Horizon console associated with each of your OpenStack clouds.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 6
29-10-2015 &
30-10-2015
Page 7
29-10-2015 &
30-10-2015
this image can be configured at launch. Well see this process in our next blog post
on Mirantis OpenStack Express, where well launch an instance from an image.
A simple dialog box lets you configure and import a new image file from a
remote target URL.
Name your image, then paste the source URL into the Image Location slot provided.
MOX 2.0 Horizon can consume images in .iso, .img, and tar.gz compressed file
formats.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 8
29-10-2015 &
30-10-2015
The import system can handle a range of common image file formats, both
uncompressed and compressed.
Paste the remote image location URL into the slot provided.
Pick the image hypervisor format from the Format dropdown In this case, were
picking QCOW2.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 9
29-10-2015 &
30-10-2015
Fill in remaining fields with reasonable minimum values for RAM and
ephemeral disk space, then click Create Image to begin the import
process.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 10
29-10-2015 &
30-10-2015
Depending on image file size, import and conversion may take a few
seconds to a few minutes.
Depending on the size of the source file and download time, this can be very rapid
larger boot images take a couple of minutes to transfer and become available.
Page 11
29-10-2015 &
30-10-2015
Mirantis OpenStack Express 2.0 instances are generally accessed via SSH
using keypair authentication, rather than username/password login. MOX
2.0 Horizon can generate an SSH keypair for you, letting you download the
Private key for use with your SSH client.
MOS Horizon will record the keypair and present its name and fingerprint. Keypairs
stored here will be offered in a popdown list, letting you select from among them to
configure authentication on new instances at time of creation.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 12
29-10-2015 &
30-10-2015
Mirantis OpenStack Express 2.0 Horizon stores your keypairs, so they can
be associated with single or multiple instances at launch.
If you use Linux with openssh, you can use the ssh-keygen command to generate a
keypair.
You can also create your own keypairs and upload them. In Linux with
openssh, this is done using the ssh-keygen command.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 13
29-10-2015 &
30-10-2015
Then open the plaintext public key file and copy the contents.
Open the plaintext public key file and copy its contents. Here, were using
gedit.
Then choose Import Key to name the keypair and copy the public portion to Horizon.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 14
29-10-2015 &
30-10-2015
Name your keypair and copy the public key to Horizon. MOX 2.0 Horizon
will import your key and add it to the tabs and popdowns for configuring
authentication on new instances.
Now that youve taken care of access security, you can launch a new VM instance
from your image. Click on the Launch button, pick a name, and pick a flavor for this
VM. Flavors are a quick way to select disk and RAM sizes and number of vCPUs. You
can create custom flavors.
Click launch against your image to begin the process of configuring and
launching a VM instance.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 15
29-10-2015 &
30-10-2015
The first tab of the Launch dialog lets you name your instance, and set
basic parameters, including choosing a flavor for your VM. Flavors are a
way of packaging platform model criteria like amount of RAM and number
of vCPUs, and you can create your own. Note that Horizon will not display
available flavors that dont satisfy image minimum requirements.
On the Access and Security tab, specify the SSH keypair you want to use to access
this instance.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 16
29-10-2015 &
30-10-2015
On the Access and Security tab, select the keypair you want to use to
authenticate to the instance.
On the Networking tab, drag and drop the basic networking model, which will
connect the new VM to the internal network, but not give it a public-facing IP
address.
On the Networking tab, drag and drop the basic networking model.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 17
29-10-2015 &
30-10-2015
Click Launch. Your new instance will begin to spawn and will normally
become Active within a few seconds.
To prepare to access your new instance from the public internet, you begin by
associating a Floating IP address with it, via the topmost option in the instances
More menu. The new IP address appears in the list of IPs associated with the
instance.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 18
29-10-2015 &
30-10-2015
Associate a floating IP with your instance, visible from the public net.
Select from available floating IPs to associate one to your instances base
port.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 19
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 20
29-10-2015 &
30-10-2015
Use SSH to access your instance. Here, were using the standard Linux ssh
client with the -i flag and your keypair. Aim for the default username for
your instance, using your public-facing floating IP.
To do this from a Windows PC using the popular free SSH client, PuTTY, begin by
using the companion application, PuTTYGen, to load the .pem file, then save the
private key in PuTTYs .ppk format, as shown here.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 21
29-10-2015 &
30-10-2015
Browse to the .ppk file created above under the Auth heading of the SSH
menu, under Connection, to set your private key.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 22
29-10-2015 &
30-10-2015
Click Open and PuTTY will authenticate to your instance. Were here using
cirros as the username.
You can also access Cirros and other appropriately-configured instances from the
Horizon VNC console, with username/password authentication. In this case, the
default username is cirros and the default password is cubswin:).
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 23
29-10-2015 &
30-10-2015
Mirantis OpenStack Express 2.0 lets you easily create block storage
volumes and manage them separately from instances. By creating,
attaching, modifying and snapshotting storage volumes, you can create a
library of building blocks for applications.
Name your volume, then ignoring the Type field specify the size in GB. As you
can see, Mirantis OpenStack Express/Horizon keeps track of your usage, and the
number of volumes youve defined.
You can specify the contents of a volume by uploading an .iso image. But since this
is a new volume, well create it empty.
Well add the volume to the nova-compute availability zone, so we can attach it to
instances running there, like our Cirros VM.
Once the volume is created, you can see it in the Volumes table.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 24
29-10-2015 &
30-10-2015
You can keep track of all the volumes youve created in Horizons Volumes
table.
Now that we know how to create a volume, our next video will explore attaching it
to an instance, configuring it for use, and using snapshots to store its state.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 25
29-10-2015 &
30-10-2015
Mirantis OpenStack Express 2.0 lets you easily create block storage
volumes and manage them separately from instances. By creating,
attaching, modifying and snapshotting storage volumes, you can create a
library of building blocks for applications.
Name your volume, then ignoring the Type field specify the size in GB. As you
can see, Mirantis OpenStack Express/Horizon keeps track of your usage, and the
number of volumes youve defined.
You can specify the contents of a volume by uploading an .iso image. But since this
is a new volume, well create it empty.
Well add the volume to the nova-compute availability zone, so we can attach it to
instances running there, like our Cirros VM.
Once the volume is created, you can see it in the Volumes table.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 26
29-10-2015 &
30-10-2015
You can keep track of all the volumes youve created in Horizons Volumes
table.
Now that we know how to create a volume, our next video will explore attaching it
to an instance, configuring it for use, and using snapshots to store its state.
Creating New VM Flavors
Step by Step
Mirantis OpenStack Express lets you define flavors from the Admin menu.
As you can see from the illustration, OpenStack defines five standard machine
flavors for you, ranging from an m1.tiny model with 1 vCPU, 512MB RAM and a 1GB
root disk, to an m1.xlarge with eight virtual processors, 16GB RAM and a 160GB
disk.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 27
29-10-2015 &
30-10-2015
Mirantis OpenStack Express 2.0 lets you create custom flavors: templates
for defining the VMs in which you can launch images. Five basic flavors are
predefined: from an m1.tiny minimal machine, to a m1.xlarge
multiprocessor VM with lots of RAM and hard disk.
These are useful for many straightforward applications. But a little imagination can
show why having the ability to add custom flavors can be important.
Suppose you want to create a platform for an application that needs lots of
compute, RAM and scratch space while its running, but doesnt need to maintain
stored data once an instance is terminated. Data-analysis, media transcoding,
bioinformatic apps might fit this profile.
You can use flavors to create a new machine type for this hypothetical application.
Click Create New Flavor, and give it a name lets call it m1.amnesia-engine.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 28
29-10-2015 &
30-10-2015
To create a new flavor, state your requirements in the dialog. Here, were
defining a flavor called m1.amnesia-engine a multiprocessor machine
with lots of RAM, but no root or swap space in volumes. Instead, were
giving our flavor 50GB of ephemeral storage, which will vanish if an
instance created with this flavor is terminated. This hypothetical flavor
might be useful for highly-parallelized data analysis.
Well give it 8 multi-core vCPUs so it can run all our vectorized code. 16GB of RAM,
so it has plenty of room to work in. Well give it no root disk, and no swap disk. But
well give it 50GB of Ephemeral disk, which is a block file storage entity that survives
restarts, but goes away when an instance is terminated: exactly what we want. This
storage will be attached to /dev/vdb of an instance launched with this flavor
template, and our app will need to quickly make a file system there and mount the
device to use it.
On the second tab of the Create Flavor dialog, we can associate this flavor just with
certain projects running on our cloud a good thing if you want to keep exotic VM
formats restricted. In this case, though, well leave this blank so the flavor is
available to all.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 29
29-10-2015 &
30-10-2015
The second tab of the Create Flavor dialog lets you privilege only certain
projects to use your new flavor.
Our new flavor now appears in the list. The system has assigned an ID to
it.
Now well launch a boot image with our new flavor. First, lets try to launch using the
CirrosVM image we created several lessons back. As you may recall, when we
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 30
29-10-2015 &
30-10-2015
imported this image, we set a minimum root disk size of 2GB. OpenStack sees this,
and will not let us apply our amnesia-engine flavor to this image: an important
protection against launching things that will not work.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 31
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 32
29-10-2015 &
30-10-2015
Visiting our new VM in Console, we can see that the flavor has resulted in
our launching an eight-processor machine.
A sudo fdisk -l command shows us the 50GB Ephemeral disk this flavor comes with,
ready for partitioning, file system creation and usage.
And we can see that our Ephemeral storage has been made accessible, on
/dev/vdb, ready for partitioning and other operations before use. Since
this is Ephemeral storage, our application will need to prepare its volume
this way, each time it starts.
Now that weve explored flavors, our next tutorial will cover higher-level
administrative tools for creating Projects and adding Users.
Setting up a Project
Step by Step
projects sometimes also called Tenants or Accounts are organizational units
that let you control access to cloud resources and manage their consumption. You
can equip project environments with specialized networking, create custom images
for their exclusive use, and perform other task-appropriate customizations.
Lets start by logging into Mirantis OpenStack Express Horizon as the admin,
navigating to Projects in the Identity Panel subtab of the Admin menu, and clicking
on Create Project.
First, give your project a name and an optional Description. Youll see a checkbox
that gives you the choice of initializing your product in an Enabled state, or not.
Thats useful if you have administrative work to do inside the project before granting
associated users access. Disabling an active project something you might try later
on can be used to bar users temporarily from accessing project resources without
terminating running instances.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 33
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 34
29-10-2015 &
30-10-2015
The Quota tab lets you set project quotas though these are just a subset
of quotas that can be set from the command line. Using the command line,
users, too, can be given quotas with respect to projects. In enforcing
overlapping quotas, OpenStack resolves differences, insuring that the
most-restrictive relevant quota is applied in any situation.
You can also assign users to the project from the project Members tab. For now,
were going to make sure the admin user has access. In a moment, well create a
new user and add them to the project. Meanwhile, lets finish creating the project.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 35
29-10-2015 &
30-10-2015
Adding users to your new project. Here, we add the admin user less, in
this case, as a permission, and more to permit accurate usage recordkeeping.
Youll notice that OpenStack seems to throw an error here, though it also reports
successful project creation. This simply means that we left the default quotas in
place, some of which were specified as unlimited.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 36
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 37
29-10-2015 &
30-10-2015
Switching to our new project as the admin user. In Overview, we now see
the projects activity (none yet), rather than the clouds as a whole.
Certain things are in place for us. For example, Mirantis OpenStack standard boot
images are all defined as Public, so we can use them.
But we switch to the Network tab, look at topology, and see that we have no
network, except for the net04_ext external, public network, owned by the Admin.
Thats a problem, because we cant start VMs without a local network and a subnet.
And we cant do much with VMs unless we can reach them from the internet.
So were going to quickly make a new network under Neutron thats functionally
identical to the default network at toplevel configured by Mirantis OpenStack
Expresss Fuel installer, when our cloud was deployed.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 38
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 39
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 40
29-10-2015 &
30-10-2015
Creating a subnet and setting IP address ranges and the gateway address.
We could add additional configuration details, but theyre not needed for
the simple network were creating.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 41
29-10-2015 &
30-10-2015
Page 42
29-10-2015 &
30-10-2015
Use the Set Gateway button to pop a dialog letting you point the router
towards the external network.
Page 43
29-10-2015 &
30-10-2015
Click the name of your new router to view its detail page and create
interfaces.
Click the Add Interface button to create a new interface, connecting the
router to our local network.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 44
29-10-2015 &
30-10-2015
The Network Topology display now shows our local network, connected
via router to the net04_ext external network.
One last step, which can save you some head-scratching. When a project is created,
it inherits the default security group with only the default settings. So to make VMs
accessible via SSH from the internet, youll need to visit Access & Security->Security
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 45
29-10-2015 &
30-10-2015
Groups and edit the default groups rules, adding an inbound rule that allows traffic
on port 22.
We still cant access VMs from the internet, though, until we modify the
new projects plain vanilla Security Groups rules.
Page 46
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 47
29-10-2015 &
30-10-2015
Logging into Horizon as our new project user, we can see the more-limited
view users have of our cloud.
Murano (Application Catalog) in a Minute
Step by Step
Murano comes installed and ready to use by default in starter Mirantis OpenStack
Express clouds, and can be deployed by Fuel automatically in any further clouds you
create in your Mirantis OpenStack Express datacenters.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 48
29-10-2015 &
30-10-2015
The Fuel deployment engine makes it easy to add Murano when creating
new clouds on Mirantis OpenStack Express.
It lets cloud operators or application makers package up the applications, installation
and configuration details, and prepare a range of lightly-modified cloud images to
host them thats the complicated part.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 49
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 50
29-10-2015 &
30-10-2015
A tab at the bottom left of the Horizon administration menu gives access
to the Murano system.
Click the applications tab. Applications currently available in Mirantis OpenStack
Express Murano are still somewhat limited, but include components of standard web
development environments, the PostGre database and some other useful tools. More
applications are on the way.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 51
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 52
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 53
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 54
29-10-2015 &
30-10-2015
Our Apache webserver is now deployed as a component of a new, autocreated Murano environment, called quick-env-1.
Page 55
29-10-2015 &
30-10-2015
menu also shows, we can review a table of existing deployments of this environment
as a management tool.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 56
29-10-2015 &
30-10-2015
Once our instance enters the Active state, we can browse to its floating IP
address, which will display the Apache start page for Ubuntu installations.
In a near-future tutorial, well explore using Murano to create more complex
environments, and eventually explore how to add new applications to the Murano
catalog.
VPN-as-a-Service (VPNaaS) Step by Step
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 57
29-10-2015 &
30-10-2015
Step by Step
To demo this capability, Ive set up two, completely-separate OpenStack
environments in MOX one representing the premise datacenter, the other a
hosted cloud. In a future demo, Ill show how its now also possible to link an actual
on-premise OpenStack cloud to a Mirantis OpenStack Express cloud, though this
currently requires use of neutron command-line or REST functions, and is ideally
done with the help of scripts to simplify the process.
Mirantis OpenStack Express, meanwhile, has made it simple. Within each
environment, Ive set up a Project also called a Tenant. Thats an OpenStack
construct for isolating tenant resources and activities inside a cluster. You can use a
Project to give your users access to designated resources, to give them roles that
define their powers and to prevent them from seeing parts of the Project and cloud
theyre not permissioned for. Under most OpenStack networking regimes (other than
the simplified, flat model these environments use Neutron VLAN-based
networking), a project can have its own private networks, subnets, and router
gateways.
Thats what Ive built here, in each cluster. First, I created a Project we have
DemoProject 1 on Environment 1, and DemoProject 2 on Environment 2. Then I
made the Admin user of each environment a member of the respective Project and
gave each of them the admin role within that Project. This is important for setting up
VPNaaS, since router gateway IP addresses and other info youll need to set up your
VPN connection are visible only to the admin user.
Page 58
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 59
29-10-2015 &
30-10-2015
Within each Project, Ive set up a basic local network, bridged to the
cloud-wide public network (and the Internet) with a router. OpenStack
Express Horizon (and Neutron networking) makes this very easy. Heres
DemoProject1s network, on Cloud A.
Page 60
29-10-2015 &
30-10-2015
I also added some Ingress rules to each Projects default Security Group,
to allow pings (ICMP) and SSH traffic (TCP, port 22) to go back and forth.
Doing this first saves head-scratching later, when the VPN goes Active,
but you cant communicate.
Set up VPNaaS on Cloud A
Now lets start building our VPN hookup by clicking on VPN under Compute>Network. We get four tabs that let us set up the four elements of a VPN link: an
Internet Key Exchange (IKE) policy, an IPSec policy, a VPN Service, and an IPSec
Site Connection. We need to fill out these tabs under each Project to make the VPN
work. Protocol and policy details need to match the defaults offered are mostly
optimal. And to fill out the IPSec Site Connection tab, well need to provide each side
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 61
29-10-2015 &
30-10-2015
of the VPN with info on the other sides public gateway IP address, and its subnet IP
address range.
Well do all of this first for DemoProject 1 on Cluster A:
Create the Internet Key Exchange Policy: The only thing recommended to
change, here, is the Encryption algorithm, which should be set to aes-256.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 62
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 63
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 64
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 65
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 66
29-10-2015 &
30-10-2015
The second piece of info we need is the IPv4 subnet address range for
DemoProject2/Cloud Bs local network. We can find that in
DemoProject2/Cloud Bs Horizon, under Networks, next to the network
name.
Well put that into the Remote Peer Subnet slot on DemoProject1s IPSec Site
Connection dialog. Then to finish setting up DemoProject1s IPSec Site Connection,
well provide a pre-shared key password same on both sides for authentication.
The rest of the parameters can be left as defaults if you change them, they
should match on both sides of the connection.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 67
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 68
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 69
29-10-2015 &
30-10-2015
Were connected! The IPSec Site Connection shows as Active at both ends.
Testing VPNaaS
Now, lets test. Ive created two VMs, one in each Project, and associated them with
floating IPs so I can SSH into them from my desktop. Lets look at the internal IP of
the VM on DemoProject2 (Cloud B) And then lets log into the VM on
DemoProject1 (Cloud A) and ping our new VPN friend on that internal IP address.
Remember, we set each Projects security group rules to admit ICMP traffic.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 70
29-10-2015 &
30-10-2015
Id previously launched two minimal VMs, one on each cloud, and given
them floating IP addresses for open net access. Here, Im picking up
the internal IP address from the VM running in DemoProject2/Cloud Bs
project.
Page 71
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 72
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 73
29-10-2015 &
30-10-2015
You can SSH into your datacenters Fuel Master Node using the URL and
credentials on your Mirantis OpenStack Express Dashboard.
Next, use Fuel to find the fully-qualified internal domain name (FQDN) of
the controller node of the cloud you want to access:
On the same popup, right above the SSH IP, youll see a link to Fuel, along with
login details. Click the link, and if necessary, supply the username and password.
At the Fuel homepage, click the icon corresponding to the cloud you want to
access.
Under the Nodes tab, find the Controller node, and click the gear icon to the
right. This pops up a summary dialog of this nodes characteristics.
Find the FQDN of the Controller node: on my cloud, this is node-3.
The FQDN of your controller node can be found in Fuel. From the
Environments homepage, click on the cloud you want to access. Then
under Nodes, click the gear icon of the Controller. The popup that appears
will show the domain name of the Controller.
Finally, from Horizon, get the OpenStack remote control or RC script youll
use to authenticate to the OpenStack API:
Get the script by going to our clouds Horizon interface, clicking Project, Access &
Security, clicking the API Access tab, and clicking the button on the upper right,
marked Download OpenStack RC File. The toplevel RC file is called admin-openrc.sh.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 74
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 75
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 76
29-10-2015 &
30-10-2015
Next, we SSH to the Fuel Master Node, using the password to log in.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 77
29-10-2015 &
30-10-2015
Now for our second leapfrog jump. First, we SCP the RC file to the CWD of the root
account on the Controller server.
Our second leapfrog jump entails SCPing the admin-openrc.sh file to the
root account of the Controller node. Here, we dont need to supply a
password, because Fuel is pre-authenticated.
Finally, SSH to the Controller server.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 78
29-10-2015 &
30-10-2015
We SSH into the Controller node as root, completing the leapfrog access
path.
And youre there! Now we can authenticate to OpenStack by sourcing our RC file.
We could also have sourced the openrc file already in place, and avoided all the scp
file transfers.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 79
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 80
29-10-2015 &
30-10-2015
The command glance image-list lists the images we have available. Well
use the Ubuntu 14.04 LTS dev image, so well need its ID.
Then well set up the following script in the root of our Controller node, using vi,
calling the script install-apache.sh:
#!/bin/bash
/usr/bin/apt-get -qy update
/usr/bin/apt-get -qy install apache2
echo "<h1>Hello world!</h1>" > /var/www/html/index2.html
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 81
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 82
29-10-2015 &
30-10-2015
Well use nova commands to see what flavors we have available, picking
m1.medium, index 3 for our instance. Well also check to see what
keypairs weve created.
Well find IDs for the networks we have available by executing nova network-list.
Well attach this VM to the toplevel internal network, net04. Later, well go to
Horizon to give it a floating IP to make it accessible from the internet.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 83
29-10-2015 &
30-10-2015
Well use nova network-list to find IDs for available networks, and attach
our instance to the net04 internal network.
Finally, well take all the information weve assembled and include it as arguments to
the nova boot command, which will launch our instance and install Apache. Note the
way arguments are referenced: argument flags and data types are consistent
throughout the OpenStack CLI.
The command nova boot will be used to launch our instance. Note the way
arguments are referenced: argument flags and data types are consistent
throughout the OpenStack CLI.
Nova compute gives us back a table of VM parameters and status info.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 84
29-10-2015 &
30-10-2015
Page 85
29-10-2015 &
30-10-2015
And now, lets browse to that IP address and filename, and see if Apache is working.
It is!
Our fancy custom index2.html file has been created on our test server, and
is served by Apache.
This is just the beginning. In future tutorials, well be digging much deeper into
OpenStack command-line functions. Stay tuned!
Intro to Object Store
Whats the Object Store?
The OpenStack Object Store is a facility that lets applications store and retrieve
binary objects using the RESTful methods of the Swift API this scales better than
OS-level access to block storage and conventional file systems.
The Swift engine is the default back-end for the Object Store, and is also used by
Glance for storing images in HA deployments. But Mirantis OpenStack Express users
can also deploy clouds that use Ceph as a back-end for Glance and the Object Store
(via Cephs implementation of a subset of the Swift API), as well as block and
filesystem storage (for Cinder and other components requiring these services). For a
comparison of Swift and Ceph, this blog post by Dmitry Ukov is a great resource.
The Object Store is exposed in Horizon so that admins can create object containers
for projects (tenants), upload objects, and manage them. Containers and objects
can also be created using the (soon to be deprecated) Swift CLI, and using REST
functions from authenticated endpoints.
Well look at all three methods. But first, well modify the default configuration of the
Swift proxy in MOX to permit use of Public containers and objects.
A Quick Tweak
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 86
29-10-2015 &
30-10-2015
Public containers are a useful feature of Swift Object Storage: they let you save stuff
and share it with anyone by giving them a URL. In combination with helper software,
they also permit creation of static websites. But theyre a potential security risk, so
theyre turned off by default in OpenStack clouds that use Keystone authentication
(though theyre on by default in clouds that use TempAuth authentication mdash; a
deprecated mechanism).
Lets see what happens when we create a Public container on a default MOX cloud,
put something in it, and try to access it RESTfully. In Horizon, go to Project ->
Object Store -> Containers, click the Create Container button, give your container a
name, and set it to Public with the popdown.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 87
29-10-2015 &
30-10-2015
Next, well upload an arbitrary binary file: in this case, an image that well
call image.png.
Now click the View Details button, and copy the Public URL for the container.
Looking at info for our new object, we see that it has a Public URL: a fourpart construct comprising the Storage URL, tenant ID, container name,
and object name.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 88
29-10-2015 &
30-10-2015
Then create a complete URL for the contained object (in my case, thats image.png)
by appending the object name.
http://23.246.243.215:8080/v1/AUTH_928c39946889488283da99126148cc3f/Demo
Container/image.png
which has four parts:
1. The Storage URL: http://23.246.243.215:8080/v1
2. A composite ID identifying the tenant (project): In Swift, this is AUTH_
followed by the tenant ID
3. The container name
4. The object name
You can, in an appropriately-configured OpenStack cloud, use the above URL in any
browser to access a Public resource. But if we try that with our cloud, it wont work:
we get a page back with the message Authentication required.
Page 89
29-10-2015 &
30-10-2015
window, SSH into the Fuel Master node, then SSH to our Controller node using its
FQDN or Fully Qualified Domain Name (in the case of my demo cloud, thats node5). Finally, lets source openrc so we can access the OpenStack CLIs.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 90
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 91
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 92
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 93
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 94
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 95
29-10-2015 &
30-10-2015
The command swift stat -v returns information about your Object Store:
topmost is the public Storage URL, followed by an (unscoped) Auth Token
that can be used to access private objects.
Using this information, we can compose a REST expression that will authenticate us
to Swift and let us access our stored object.
curl -H 'X-Auth-Token: 3382b9fa101648c2bcf8477420217bb8'
http://23.246.243.215:8080/v1/AUTH_928c39946889488283da99126148cc3f/Demo
Container/image.png > myimage.png
We use the cURL utility to issue the request. The -H option lets us include a request
header, which is X-Auth-Token, plus our authentication token that tells Swift who
we are. The remainder is just the StorageURL, the account name, container name,
and object name. We vector the returned data into a file so it doesnt fill our
terminal screen with scary graphics.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 96
29-10-2015 &
30-10-2015
The Storage URL and Auth Token can be combined into a REST command
to access an object stored in a private container.
The object (in this case, an image) is downloaded as binary. A few SCP
commands pull it off the Controller node and onto the desktop, where it
can be opened.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 97
29-10-2015 &
30-10-2015
In our next tutorial, well show how applications can authenticate with Keystone
RESTfully, obtain tokens, and access their Swift objects.
REST Access to Object Store
Step by Step
Developers who want to write applications that access OpenStack APIs are mostly
going to work with one of the many SDKs available weve linked a list of these at
the end of this article. When starting out, though, its interesting to play with
OpenStack REST functions via a terminal, using a tool like cURL that allows rapid
iteration.
To start this exercise, lets log into our MOX clouds controller node as root by
leapfrogging in using Fuel. On our Dashboard, click the Credentials link, grab the
Fuel Master Nodes IP address, and SSH to fuel@(that IP). Supply the password.
Then look in Fuels GUI for the Fully-Qualified Domain Name (FQDN) of your clouds
Controller: mine is node-5. SSH from Fuel to root@(FQDN) no password is
required this time. Then enter source openrc to align your shell session with the
OpenStack APIs.
Log into your Controller node as before, by leapfrogging in via the Fuel
Master Node using the IP address in your Mirantis OpenStack Express
dashboards Credentials tab. SSH from Fuel to the Controller. Then
enter source openrc to copy authentication into your environment for the
CLIs and clients.
Last time, we used the CLI Swift client command swift stat -v to get info about the
Public URL of our container and its Swift Storage URL. This time, were going to
authenticate RESTfully, straight to Keystones internal address from the Controllers
command line.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 98
29-10-2015 &
30-10-2015
The swift stat -v command returns your StorageURL and an Auth Token.
But its also possible to authenticate to Keystone directly, using a REST
command, and recover both a token and the service catalog.
We can find the internal IP address of Keystone through Horizon, by clicking on
Admin, then on System Info, and bringing up the Services tab
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 99
29-10-2015 &
30-10-2015
You can find the internal address of your Keystone in Horizon, under
System Infos Services tab.
Now lets compose the command well use to authenticate. The simplest way to
request a token is to get one thats unscoped meaning that it lets us do anything
our account is permissioned to do. This is okay for querying Keystone, but its
dangerous to use an unscoped token to access storage and other important
subsystems. So instead, were going to use a longer form authentication request that
lets us get back a project-scoped token mdash; one that will let us access and
modify objects belonging to the admin project, but not those belonging to other
projects.
This is the cURL expression well use:
curl -D "headers.txt" -H "Content-Type: application/json" -d '{ "auth": {"identity":
{"methods": ["password"],"password": {"user": {"name": "admin","domain": { "id":
"default" },"password": "secretsecret"}}},"scope": {"project": {"name":
"admin","domain": { "id": "default" }}}}}' http://192.168.0.10:5000/v3/auth/tokens
| python -mjson.tool > pretty.json
The auth function were invoking is going to hand us back our token in the header of
the response, assigned to the variable X-Subject-Token. So we use the -D command
to designate a separate file in which curl will save headers.
The -H command includes a header with the request, identifying the kind of
response payload we want to get back: json data.
The -d command identifies the json dataset were sending to Keystone. Note that
this is an expanded form of the json for a default token: it conveys the username,
password, and the project since were admin, thats called admin.
At the end, we put the internal URL for Keystone and the port (5000), appending to
this URL /v3/auth/tokens the function were calling. Finally, were piping the
response body (just the json we get back) to a handy python tool (which youll find
already present on your Controller node) that parses json data and pretty-prints it
were going to save this output in the file pretty.json, for review.
Returned Data
We can extract our token from the saved header file.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 100
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 101
29-10-2015 &
30-10-2015
Given the token and the Public URL, you can compose a cURL command to
list the contents of any container in your project.
In our next tutorial, well dive deeper into Mirantis OpenStack Express VPNaaS.
Thanks for watching!
Intro to Heat Orchestration
Step by Step
To see Heat in action, lets start by launching a stack that does something simple.
(You can find stacks and snippets like this throughout the OpenStack Heat
documentation and across the web. One blog at Technology Chronicle, discussing
how to associate a floating IP with a port, gets a shout-out below.) You can find the
Heat interface in Horizon under Orchestration in the left-hand menu.
Click Launch Stack, and youll see a dialog that lets you pull in a template by URL,
upload it from a file, or simply cut and paste it into an editable dialog. Thats lots of
flexibility for working with various kinds of source-code control systems for
versioning and maintaining template and template-snippet libraries. Well just pick
Direct Input, and Ill cut and paste my template into the box. Well look at the
template itself in a moment but first, well look at what it does from the
perspective of a user.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 102
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 103
29-10-2015 &
30-10-2015
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 104
29-10-2015 &
30-10-2015
Click the name of an active stack to review details, topology, and find
resource IDs all the info needed to administer the stack, all in one place.
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 105
29-10-2015 &
30-10-2015
The topo view shows our server with a single port bound to internal and (by
means of a floating IP address) external networks.
Now lets quickly take a look at the HOT template file used to create this stack. It opens with
a header that identifies the template version: this date means the template may contain
Icehouse-era Heat features.
heat_template_version: 2013-05-23
description: >
HOT template - deploys server with user-provided name, image, key, flavor
Attaches to private network, and obtains floating IP on public network
Following the header is a list of the templates input and output parameters, with optional
default values and constraints placed on the inputs. The flavor value, for example, is
constrained to a list of permitted flavors the Horizon interface with Heat will see this
constraint table and present it as a pop-down menu.
parameters:
server_name:
type: string
description: Name of your new server
key_name:
type: string
description: Keypair name
default: dkp
image:
type: string
description: Image name
default: TestVM
flavor:
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 106
29-10-2015 &
30-10-2015
type: string
description: Flavor
default: m1.small
constraints:
- allowed_values: [m1.tiny,m1.small,m1.medium,m1.large,m1.xlarge]
public_net_id:
type: string
description: ID of the external network
default: 73e8560d-51bb-4e38-ae47-4252263fb10a
private_net_id:
type: string
description: ID of the internal network
default: 704c8034-5bcf-4151-bf69-b5d9791b6eb4
private_subnet_id:
type: string
description: ID of private sub network into which servers get deployed
default: a9d6fd47-6c3c-46e5-a44a-ede76877934b
Next is a more-complex section of the template describing cloud resources: the server itself,
its network port, floating IP address, security group, and so on. Each resource descriptor
references a type and provides values for required properties. In this template, values for
properties are supplied as literals, obtained directly from the user (using the get_param:
directive) or derived indirectly by referencing another resource descriptor (using the
get_resource: directive). Heat offers several other ways to pull data into templates, as well:
including reading from files, concatenating and manipulating strings.
resources:
server:
type: OS::Nova::Server
properties:
name: { get_param: server_name }
image: { get_param: image }
flavor: { get_param: flavor }
key_name: { get_param: key_name }
networks:
- port: { get_resource: server_port }
server_port:
type: OS::Neutron::Port
properties:
network_id: { get_param: private_net_id }
fixed_ips:
- subnet_id: { get_param: private_subnet_id }
security_groups: [{ get_resource: server_security_group }]
server_floating_ip:
type: OS::Neutron::FloatingIP
properties:
floating_network_id: { get_param: public_net_id }
port_id: { get_resource: server_port }
server_security_group:
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 107
29-10-2015 &
30-10-2015
type: OS::Neutron::SecurityGroup
properties:
description: Add security group rules for server
name: security-group
rules:
- remote_ip_prefix: 0.0.0.0/0
protocol: tcp
port_range_min: 22
port_range_max: 22
- remote_ip_prefix: 0.0.0.0/0
protocol: icmp
The final section of the template describes the outputs we want to include in the persistent
stack overview.
outputs:
server_private_ip:
description: IP address of server on private network
value: { get_attr: [ server, first_address ] }
server_public_ip:
description: Floating IP address of server on public network
value: { get_attr: [ server_floating_ip, floating_ip_address ] }
Next time, well look in more detail at this Heat template, and extend it with additional Heat
features. In the meantime, if you start playing with Heat, heed this advice: use a YAML
language setting in your editor to manipulate HOT templates, set the editor to supplant tabs
with spaces, and just for the heck of it, make whitespace characters visible. The current
generation of OpenStack Heat validation is extremely picky, and its easy to scratch your
head for long minutes over a validation thats failing because a tab crept invisibly into the
middle.
Installing OpenStack CLI Clients
This tutorial should work for any user of Mirantis OpenStack Express, or for anyone whos
built a private cloud with Mirantis OpenStack. But its especially aimed at new users of
Mirantis OpenStack Express Developer Edition. Developer Edition users are running inside an
OpenStack Tenant (Project) on a shared cloud, rather than managing their own private
cluster. That means they cant access the CLI clients pre-installed on the OpenStack
Controller Node, as we described in an earlier tutorial (Mirantis OpenStack Express
Running OpenStack from the Command Line).
Thats not a bad thing, either! While access to the Controllers CLI can be convenient (in
some cases, critical), its not a good idea to use that CLI for regular work. Your Controller
node is critical infrastructure, so its inconvenient and potentially dangerous to build a
development environment there (not to mention that if you redeploy your cloud that
server goes away).
Putting the CLI elsewhere is easy to do, and gives you much more freedom. You can use a
comfy desktop, install your preferred developer tools, and provide secure storage for the
repos, image files and other data youll accumulate. You can also administer multiple clouds
from the same machine.
Intro to OpenStack CLI
OpenStacks CLI often referred to in the singular is actually provided by a set of Python
client modules, one for each OpenStack component. The clients have names like novaclient
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 108
29-10-2015 &
30-10-2015
and glanceclient (the associated package names are of the form python-novaclient, pythonglanceclient, etc.). They work by accepting input arguments, calling the public (internet) or
private (internal network) entrypoints of OpenStack REST functions, and parsing results into
Python data structures. Most clients implement all the functionality of the corresponding
REST interface.
Each client has a corresponding shell script to call it named after the component, and
called as (component) (command) (optional arguments). So, when using the CLI, you can
type something like nova list (component command) into your terminal, and the nova
script will hand off to the novaclient module which calls parts of the REST interface (in this
case, Keystone to authenticate and Nova-Compute) to hand you back a nice table listing all
your active servers.
CLI inputs and outputs are much easier to read and manage than the web headers, JSON or
XML objects the REST interface likes to communicate with, directly. The client shell scripts
can be called by other shell scripts (e.g, bash), and the client modules can be included in
your own Python scripts, letting you create sophisticated tooling.
Installing the CLI Clients: Step by Step
Its easy to install the OpenStack command-line clients on popular flavors of Linux, as well
as on Mac or Windows. Details can be found in OpenStacks official documentation, here.
The basic formula is:
Make sure you have Python 2.6 or later (not Python 3!) installed.
Install Python setuptools, which is a distribution/package manager used by pip.
Install pip, the most commonly-used Python package manager.
Use pip to install the clients from PyPI, the Python Package Index.
Obtain and source your Project/Tenants OpenStack RC file, putting values into your shell
environment enabling authentication to your cloud.
Use your clients to achieve great things.
Installing Python
If youre using Mac OS X or any relatively recent desktop or server iteration of a popular
Linux, congratulations you already have an appropriate version of Python installed. To be
absolutely sure, open a terminal and enter python -V (any version 2 python with 6+ as a
sub-version number will do you). Windows users can install from the version 2.7.8
downloadable available at python.org.
Installing setuptools
Windows users are the outliers in installing setuptools. Luckily, they have a quick solution to
steps 1 and 2 above, provided by Christoph Gohlke, who created and maintains unofficial
binary installers for setuptools and pip
(seehttp://www.lfd.uci.edu/~gohlke/pythonlibs/#setuptools and http://www.lfd.uci.edu/~go
hlke/pythonlibs/#pip). Just download and run in sequence.
Mac OS X users can also sit out installing setuptools, because setuptools and easy_install (a
script used to install pip) are installed by default on their system.
Ubuntu and Debian users can open a terminal and type:
# sudo apt-get install python-setuptools
And Fedora, Red Hat, CentOS and other yum users can type:
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 109
29-10-2015 &
30-10-2015
Page 110
29-10-2015 &
30-10-2015
Developer Edition) in your Dashboards Credentials popup (Mirantis OpenStack Express Team Edition
users will find it on the main Dashboard page in the area describing your cluster.
Lets Test!
You should now be able to issue OpenStack CLI commands. A good first test is to try:
# nova image-list
which returns a list of boot images available to you. Note the ID of the Ubuntu 14.04 LTS dev
image. Now lets try:
# neutron net-list
which shows available networks. Note the ID of your private network. And finally, lets use the
nova boot command to start a VM, swapping in the IDs for the image and private network you
derived from the values returned by the two prior commands:
# nova boot [vm-name] --flavor m1.small --image (image ID) --security-groups default --nic netid=(private net ID)
In a couple of seconds, your new VM should spawn. Check to see if its active, using:
# nova list
which shows all your active VMs.
In upcoming tutorials, well start building on OpenStacks CLIs, REST interfaces, orchestration tools
and Application Catalog and start assembling more powerful automation.
Reference
https://www.mirantis.com
********************************************
Knowing is not enough
We must apply
Willing is not enough
We must do
Best Wishes
By
Presented By Mr.D.Kesavaraja; Organized By DEPARTMENT OF CSE ,ANNA UNIVERSITY Regional Office , Tirunelveli
Page 111