Based on Openstack Stein

Mario David david@lip.pt Jorge Gomes jorge@lip.pt

• Install Openstack command line clients in your laptop or desktop, either with pip or from packages:

  • https://docs.openstack.org/mitaka/user-guide/common/cli_install_openstack_command_line_clients.html

• Set the Openstack environment variables, an rc shell file can be obtained from the Openstack dashboard, that are your credentials to access Openstack through the CLI.

The openstack credentials for your user, so you can set the environment variables with:

source os-tut.sh

This will set the following environment variables:

OS_PROJECT_DOMAIN_NAME=Default
OS_USER_DOMAIN_NAME=Default
OS_PROJECT_NAME=tutorial
OS_USERNAME=<USERNAME>
OS_PASSWORD=<PASSWORD>
OS_AUTH_URL=https://stratus.ncg.ingrid.pt:5000/v3
OS_IDENTITY_API_VERSION=3
OS_IMAGE_API_VERSION=2

From here on you should be able to do the rest of the tutorial. Test with:

openstack project list

The access to VM instances is done through an ssh key pair, where your public key is inserted into the VM, when it is instantiated.

To create an ssh keypair, you should issue the following command:

ssh-keygen

By default it generates an RSA 2048 bit key that is stored in your $HOME/.ssh/ directory, you should set a strong passphrase

.ssh/id_rsa is your ssh private key, and .ssh/id_rsa.pub is your ssh public key.

You can list all keypairs already in openstack:

openstack keypair list

Set the following environment variable for ease of use in the tutorial:

export LOGNAME=myname

The next step is to insert your ssh public key in openstack, you should be careful to choose a keypair name that does not yet exist:

openstack keypair create --public-key .ssh/id_rsa.pub ${LOGNAME}-key

In order to instantiate a VM, the following information is needed:

• The image name
• The flavor name
• The network name
• The keypair name

List images and choose one:

openstack image list

List flavors and choose one:

openstack flavor list

List all networks:

openstack network list

To check what is the quota - maximum amount of resources available in your project:

openstack quota show

Now you can create a server, note the name of the server should not exist, the list of servers can be checked with:

openstack server list

This command will create a VM:

openstack server create --flavor svc1.s --key-name ${LOGNAME}-key \
    --network tutorial_net --image centos7-x86_64-raw ${LOGNAME}-server

The status of the newly created server:

openstack server show ${LOGNAME}-server

Where the following attributes can be checked:

| OS-EXT-STS:power_state      | Running    |
| OS-EXT-STS:vm_state         | active     |

At this point the VM only has a private IP, and is not accessible from a public network:

| addresses  | tutorial_net=192.168.1.157 

In the previous slide you have listed the available networks, it includes the public network called public_net, you can create a public IP with:

openstack floating ip create public_net

It will show in particular the attribute:

| floating_ip_address | 194.210.120.123

Get the server ID with:

openstack server show ${LOGNAME}-server -f value -c id

Now you can associate the floating public IP with the server:

openstack server add floating ip <SERVER_ID> 194.210.120.123

Now you can confirm that this floating public IP has been associated to your VM:

openstack server show ${LOGNAME}-server
    
| addresses  | tutorial_net=192.168.1.157, 194.210.120.123

Since the base image of the VM is Centos7, the default user is centos, for ubuntu base images the default user is ubuntu.

You can now access the VM with ssh:

ssh centos@194.210.120.123

If you need a large volume for data, you should create a Cinder volume that it can later be attached to the VM, and formatted to you preferred filesystem.

To create a 200 GB Cinder volume, issue the following command:

openstack volume create --size 200 ${LOGNAME}-vol

Show the newly created volume

openstack volume show ${LOGNAME}-vol

You should get the server ID and the volume ID first:

openstack server show ${LOGNAME}-server
| id | b0121b07-4795-4dd8-94aa-35ba3bbfe3bf |

openstack volume show ${LOGNAME}-vol
| id | 2cba33d3-ed61-483a-8ef8-a1024ef84b2c |

Now you can issue the following command to attach the volume to the VM through the device /dev/vdb

openstack server add volume \
  b0121b07-4795-4dd8-94aa-35ba3bbfe3bf 2cba33d3-ed61-483a-8ef8-a1024ef84b2c

Enter the VM through ssh, and list the devices:

ssh centos@194.210.120.123
sudo -s
cat /proc/partitions 
major minor  #blocks  name

   8        0   41943040 sda
   8        1   41941999 sda1
   8       16  209715200 sdb

The newly attached volume is attached through the /dev/sdb device:

You can now format the device and mount it in some directory (/data):

mkfs.xfs /dev/sdb  # Format device in XFS

blkid              # Get device IDs
/dev/sda1: UUID="60d67439-baf0-4c8b-94a3-3f10a362e8fe" TYPE="xfs" 
/dev/sdb: UUID="1f039523-4c3c-4759-8e93-27cb96685d54" TYPE="xfs" 

Add device to fstab for on boot mount the filesystem

echo "UUID=1f039523-4c3c-4759-8e93-27cb96685d54  /data  xfs  defaults  0 0" \
  >> /etc/fstab

mkdir /data
mount /data

df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1        40G  900M   40G   3% /
...
/dev/sdb        200G   33M  200G   1% /data

Security Groups are the Openstack firewall for a given project. You can get the list of Security Groups with the command:

openstack security group list

The rules of a given security group are obtained with:

openstack security group show default

To create a new Security Group:

openstack security group create "http/https"

Now add some rules to this SG:

openstack security group rule create --remote-ip "0.0.0.0/0" \
  --protocol tcp --ingress --dst-port 80 --description "http" \
  --ethertype "IPv4"  "http/https"

openstack security group rule create --remote-ip "0.0.0.0/0" \
  --protocol tcp --ingress --dst-port 443 --description "https" \
  --ethertype "IPv4"  "http/https"

Enter the VM, install and activate an nginx web server

ssh centos@194.210.120.123
sudo -s
yum -y install epel-release
yum -y install nginx
systemctl start nginx
systemctl status nginx

In your Web browser you can try the Web server: http://194.210.120.123/, it will not respond. Also you can check if the port is open or not, in your laptop/desktop:

nmap 194.210.120.123 -p 80 -Pn
Starting Nmap 7.80 ( https://nmap.org ) at 2021-12-07 10:52 WET
Nmap scan report for 194.210.120.123
Host is up.

PORT   STATE    SERVICE
80/tcp filtered http

The port is being filtered because the SG was not yet added to the VM

Check the rules in SG:

openstack security group rule list "http/https"

Now you can add the newly created SG to the VM, issue the command:

openstack server add security group mdavid-server "http/https"

Check server's SG with:

openstack server show mdavid-server

...
| security_groups | name='http/https' |
|                 | name='default'    |

In your Web browser you can reload the Web server: http://194.210.120.123/, and it will respond

Also check with nmap

nmap 194.210.120.123 -p 80 -Pn
Starting Nmap 7.80 ( https://nmap.org ) at 2021-12-07 10:58 WET
Nmap scan report for 194.210.120.123
Host is up (0.0098s latency).

PORT   STATE SERVICE
80/tcp open  http

You can create a snapshot of the VM, producing an image that can be used to instantiate other VMs:

openstack server image create mdavid-server

Check image snapshot with:

openstack image show mdavid-server

To delete the server:

openstack server delete ${LOGNAME}-server

To delete the volume:

openstack volume delete ${LOGNAME}-vol

Free the floating IP (public IP):

openstack floating ip delete 194.210.120.123

In SWIFT object store terminology, a container is a directory and a file is an object. To list containers:

openstack container list

To create a container:

openstack container create mdavid-cont

To create/upload an file into a given container:

openstack object create mdavid-cont maxscale-6.1.4-1.ubuntu.bionic.aarch64.deb

To list object in a given container:

openstack object list mdavid-cont