287 lines
10 KiB
Markdown
287 lines
10 KiB
Markdown
* [OpenStack training](#openstack-training)
|
|
* [Introduction](#introduction)
|
|
* [Install openstack cli](#install-openstack-cli)
|
|
* [Instance](#instance)
|
|
* [Boot](#boot)
|
|
* [Ping](#ping)
|
|
* [Security rules](#security-rules)
|
|
* [Connect with ssh](#connect-with-ssh)
|
|
* [Delete the instance](#delete-the-instance)
|
|
* [Private networks](#private-networks)
|
|
* [Create a private network and subnet](#create-a-private-network-and-subnet)
|
|
* [Create a router](#create-a-router)
|
|
* [Boot](#boot-1)
|
|
* [Floating IP](#floating-ip)
|
|
* [Connect with ssh](#connect-with-ssh-1)
|
|
* [Bonus](#bonus)
|
|
|
|
|
|
# OpenStack training
|
|
|
|
## Introduction
|
|
The goal of this workshop is to manipulate and manage OpenStack API from CLI.
|
|
|
|
## Install `openstack` cli
|
|
First, install `openstack` cli from pip:
|
|
```
|
|
apt-get install python3-pip libffi-dev python3-venv
|
|
python3 -m venv /opt/oscli
|
|
source /opt/oscli/bin/activate
|
|
pip install --upgrade pip
|
|
pip install python-openstackclient
|
|
```
|
|
|
|
## Load your openstack credentials
|
|
|
|
Load in your shell the variables that permit to talk with your openstack
|
|
```
|
|
source /root/openrc_isenx # replace x with your isen number
|
|
```
|
|
|
|
## Instance
|
|
This part will help you manage some compute resources of the cloud.
|
|
|
|
You will be dealing with different components:
|
|
|
|
- **keypair** (ssh-key private and public keys) will be used to connect to your server
|
|
- **image** is the base OS your server will be booted from
|
|
- **flavor** is the _size_ of your server. i.e. how many CPU, RAM, disk you want
|
|
- **network** is the network your instance will be connected to
|
|
- **security group** and **security rules** are firewall rules applied to your server
|
|
|
|
#### keypair
|
|
Generate your own SSH key:
|
|
```
|
|
ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ""
|
|
# This will generate both private and public keys in ~/.ssh/ folder
|
|
```
|
|
|
|
Upload the public key to the cloud
|
|
```
|
|
openstack keypair create --public-key ~/.ssh/id_rsa.pub zob
|
|
```
|
|
|
|
You can list the available keys and see the detail of a key with the following commands:
|
|
```
|
|
openstack keypair list
|
|
|
|
# Display the detail of a keypair:
|
|
openstack keypair show mykey
|
|
```
|
|
|
|
#### image
|
|
Let's list the available images using the following command:
|
|
```
|
|
openstack image list
|
|
```
|
|
|
|
This will output a long table with the names and IDs of the available images:
|
|
```
|
|
+--------------------------------------+-----------+--------+
|
|
| ID | Name | Status |
|
|
+--------------------------------------+-----------+--------+
|
|
| 3a2089f1-9b9d-4dc1-970a-9dcb785c01c9 | Debian 10 | active |
|
|
| a24ca64a-ee45-48fa-8ec7-d2cd032e31b2 | cirros | active |
|
|
+--------------------------------------+-----------+--------+
|
|
```
|
|
|
|
|
|
You can see the details of the image with the following command:
|
|
```
|
|
openstack image show 'Debian 10'
|
|
|
|
# Or using its ID
|
|
openstack image show 3a2089f1-9b9d-4dc1-970a-9dcb785c01c9
|
|
```
|
|
|
|
#### flavor
|
|
We need to determine the specifications of the VM we want to run. For this we need to choose a flavor in the list displayed by the following command:
|
|
```
|
|
openstack flavor list
|
|
```
|
|
|
|
```
|
|
+--------------------------------------+--------+------+------+-----------+-------+-----------+
|
|
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
|
|
+--------------------------------------+--------+------+------+-----------+-------+-----------+
|
|
| 34362947-2a7b-468f-928a-0932b7a9bd3f | nano | 256 | 10 | 0 | 1 | True |
|
|
| 867b3e07-532e-4616-9ea4-542f4d370129 | large | 4086 | 50 | 0 | 4 | True |
|
|
| 8ff0a6c9-75bc-4754-99be-7ba62620257b | medium | 2048 | 20 | 0 | 2 | True |
|
|
| 93f96757-ea92-44bf-8204-da2eaf5f2aae | small | 1024 | 10 | 0 | 1 | True |
|
|
+--------------------------------------+--------+------+------+-----------+-------+-----------+
|
|
```
|
|
|
|
#### network
|
|
List the networks
|
|
```
|
|
openstack network list
|
|
```
|
|
|
|
```
|
|
+--------------------------------------+---------+----------------------------------------------------------------------------+
|
|
| ID | Name | Subnets |
|
|
+--------------------------------------+---------+----------------------------------------------------------------------------+
|
|
| 2813f459-a20d-4e50-8193-fe3c639e1ab6 | public | 37e12856-8f92-4a69-8042-da7281c3b99c, 93a6f693-bd68-4a25-899f-19d34c2a4d57 |
|
|
+--------------------------------------+---------+----------------------------------------------------------------------------+
|
|
```
|
|
|
|
### Boot
|
|
Now that you gathered all necessary information, it's time to boot your first instance using:
|
|
```
|
|
openstack server create ... # command to be completed
|
|
|
|
# help
|
|
openstack help server create
|
|
```
|
|
|
|
Q: what command did you use to boot a `small` `Debian 10` instance using your `keypair` on `public` network?
|
|
|
|
When done, you will have an output like:
|
|
```
|
|
+-----------------------------+-----------------------------------------------------+
|
|
| Field | Value |
|
|
+-----------------------------+-----------------------------------------------------+
|
|
| OS-DCF:diskConfig | MANUAL |
|
|
| OS-EXT-AZ:availability_zone | |
|
|
| OS-EXT-STS:power_state | NOSTATE |
|
|
| OS-EXT-STS:task_state | scheduling |
|
|
| OS-EXT-STS:vm_state | building |
|
|
| OS-SRV-USG:launched_at | None |
|
|
| OS-SRV-USG:terminated_at | None |
|
|
| accessIPv4 | |
|
|
| accessIPv6 | |
|
|
| addresses | |
|
|
| adminPass | ... |
|
|
| config_drive | |
|
|
| created | 2018-12-21T14:01:07Z |
|
|
| flavor | small (3c83dfbd-abdb-43d0-b041-3ac44009c2f7) |
|
|
| hostId | |
|
|
| id | 369ad246-8c48-40f9-ada1-269c0844b34c |
|
|
| image | Debian 10 (d60f629d-7f22-4db8-9f4a-cf480a26856f) |
|
|
| key_name | mykey |
|
|
| name | myvm01 |
|
|
| progress | 0 |
|
|
| project_id | 88c8667... |
|
|
| properties | |
|
|
| security_groups | name='default' |
|
|
| status | BUILD |
|
|
| updated | 2018-12-21T14:01:07Z |
|
|
| user_id | 12843a2... |
|
|
| volumes_attached | |
|
|
+-----------------------------+-----------------------------------------------------+
|
|
```
|
|
|
|
Notice that the `status` is `BUILD` and the `OS-EXT-STS:vm_state` field is `building`. Also the field `addresses` is empty which means no IP address has been assigned to it yet.
|
|
|
|
You can run this command to check the progress of the VM:
|
|
```
|
|
openstack server show myvm01
|
|
|
|
# Or with its id:
|
|
openstack server show 369ad246-8c48-40f9-ada1-269c0844b34c
|
|
```
|
|
|
|
As soon as your instance will be ready, the `status` will be `ACTIVE` and an IPv4 should have been assigned to the instance.
|
|
|
|
|
|
### Ping
|
|
Try to ping the IP of your server
|
|
Q: is it working?
|
|
|
|
### Security rules
|
|
By default, the `security rules` applied to your server are closing all connections:
|
|
```
|
|
openstack security group rule list
|
|
```
|
|
|
|
Add a `rule` to allow ICMP (ping):
|
|
```
|
|
openstack security group rule create --protocol icmp --ingress default
|
|
```
|
|
Q: is ping working now?
|
|
|
|
### Connect with ssh
|
|
Now, add a `rule`to allow `ssh` (tcp/22) and try connecting to your instance with SSH:
|
|
```
|
|
ssh debian@xxx.yyy.zzz.aaa
|
|
```
|
|
|
|
### Delete the instance
|
|
Q: which command can you use to delete the instance?
|
|
|
|
## Private networks
|
|
|
|
This part will help you manage some network resources of the cloud.
|
|
|
|
You will be dealing with different components:
|
|
|
|
- **networks** (approximatively) represent the [layer 2](https://en.wikipedia.org/wiki/Data_link_layer) in the OSI model
|
|
- **subnets** are encapsulated in the networks and carry the [layer 3](https://en.wikipedia.org/wiki/Network_layer) information
|
|
- **routers** are used to interconnect networks
|
|
- **floating ips** can be attached to a server connected to private networks in order to be reached from internet
|
|
|
|
### Create a private network and subnet
|
|
|
|
By default only a `public` network is provided but some use case require the instances to be connected on a dedicated `private` network.
|
|
|
|
OpenStack provides the functionality to create `private` networks in your project (and only for you), while the `public` one is available for all users.
|
|
|
|
Let's start by simply creating a network:
|
|
```
|
|
openstack network create private
|
|
```
|
|
|
|
Then create the subnet:
|
|
```
|
|
openstack subnet create \
|
|
--network private \
|
|
--subnet-range "192.168.42.0/24" \
|
|
--gateway 192.168.42.1 \
|
|
--dns-nameserver 1.1.1.1 \
|
|
"192.168.42.0/24"
|
|
```
|
|
|
|
### Create a router
|
|
```
|
|
openstack router create router1
|
|
```
|
|
Then attach this router to your private network:
|
|
```
|
|
openstack router add subnet router1 192.168.42.0/24
|
|
```
|
|
|
|
Q: which IP address the router is having in your private network?
|
|
|
|
Finally add an external gateway to your router
|
|
```
|
|
openstack router set --external-gateway public router1
|
|
```
|
|
Q: which IP addres the router is having as external gateway?
|
|
|
|
### Boot
|
|
Like in first part, boot an instance, but connected to your `private` network this time
|
|
|
|
Q: can you access to your instance in SSH?
|
|
|
|
### Floating IP
|
|
Create a `floating ip` from `public` network
|
|
```
|
|
openstack floating ip create public
|
|
```
|
|
|
|
Attach your `floating ip` to your instance:
|
|
```
|
|
openstack server add floating ip myprivateserver xxx.yyy.www.bbb
|
|
```
|
|
|
|
### Connect with ssh
|
|
```
|
|
ssh debian@xxx.yyy.zzz.aaa # floating ip
|
|
```
|
|
|
|
Q: what IP can you see on eth0 interface of the instance?
|
|
|
|
## Bonus
|
|
|
|
Try to deploy `demo-flask` with cloud-init
|