How to launch an instance on OpenStack (I): Horizon


The OpenStack project is a libre software cloud computing platform for private and public clouds, which aims to be simple to implement, massively scalable, and feature rich. OpenStack provides an Infrastructure as a Service (IaaS) solution through a set of interrelated services. Each service offers an application programming interface (API) that facilitates this integration.

Users getting started with OpenStack can find useful this and related posts, where different ways of how to launch and instance on OpenStack are given. First method proposed is the simplest one: using OpenStack Dashboard (Horizon), a step-by-step procedure that could be useful for new OpenStack users.

Scenario

The procedure followed is quite general, but it is appropriate to note specific parameters used:

  • OpenStack Grizzly (2013.1) deployed on Debian Wheezy with gplhost repositories, but there should be no major differences with others ditros or later OpenStack releases.
  • OpenStack Quantum with OpenvSwitch plugin in a “Per tenant routers with private networks” setup:
    • Router has IP 10.0.0.1, which is the default gateway for all instances. The router has ability to access public networks.
    • Floating IP network 172.22.196.0/22
    • When an instance is launched a fixed IP from 10.0.0.0/24 subnet is assigned.
  • username: bisharron
  • tenant name: proy-bisharron

The starting point is illustrated in following figure, where the router connected to external and internal networks is represented:

initial network

Log In

The first step is obviously log into OpenStack, so open a browser and type the OpenStack dashboard url, you’ll see something similar to next figure:

login

Create ssh keypair

For security reasons, images used in OpenStack do not usually contain a password defined for any user, only publickey ssh is generally allowed. When an instance is spawned, the ssh public key is injected into it and only the holder of the corresponding private key is able to access to the instance.

In order to create a ssh keypair click on “keypairs” tab (Access & Security):

click on keypair

There are two options: Create a keypair or import it.

    • Create a keypair: If this option is selected a RSA key pair is generated. Public key is stored into OpenStack and Private key is downloaded.
    • Import Keypair: If this option is selected a RSA public key must be uploaded

We select the first option:

creating keypair

The private key is downloaded:

keypair3

Private key must be readable only by owner and usually these keys are stored in ~/.ssh directory:

$ mv ~/Downloads/openstack-bisharron.pem ~/.ssh
$ chmod 600 ~/.ssh/openstack-bisharron.pem

Allocate Floating IP to project

Floating IPs (elastic IPs in Amazon terminology) allow instances to talk to an external host or access to the instances from an external network. A floating IP can be allocated to a project before or after launching an instance, we’ll do it before.

Click on “Floating IPs” tab (Access & Security):

allocate floating IP 1

Floating IP pools and project quotas are shown. In this case, project has 10 floating IPs available, so it is possible to allocate a new one.

allocate floating IP 2

Floating IP 172.22.196.59 is now allocated to project, but it is not yet associated with any instance.

allocate floating IP 3

Launch an instance

Click on “Images & Snapshots” and launch a required instance from the list of images available (in this case we’ll use Debian wheezy image).

images

Provide an instance name and select a flavor in “Details” tab:

instance1

Click on “Access & security” tab and select the right keypair:

instance2

Click on “Networking” tab and select desired network from available networks. Volume options and post-Creation can be ignored in this simple test, so click on launch bottom:

instance3

After a few seconds the instance is active and a fixed IP 10.0.0.2 has been assigned to it. Clicking on “More” button shows several options, click on “Associate Floating IP”:
instace-running1

Floting IP 172.22.196.59 is now associated to port with IP 10.0.0.2:

floatingip4

It is possible to see instance virtual console, but it is not possible to log in because user password is not set.

spice

Security Group rules

Instance is launched and floating IP associated so it should be possible to access via ssh, but this is not yet possible due to default firewall behavior. Incoming connections must be explicitly allowed as rules in a security group.

Click on Security groups tab in “Access & security” and click on “Edit Rules” button:

secgroup1

Add a rule to allow incoming ssh connections (22/tcp):

secgroup2

Add a rule to allow all incoming icmp connections:

secgroup3

Two rules are now defined:

secgroup4

Access to the launched instance

Now we can ping to the instance:

$ ping 172.22.196.59
PING 172.22.196.59 (172.22.196.59) 56(84) bytes of data.
64 bytes from 172.22.196.59: icmp_req=1 ttl=62 time=621 ms
64 bytes from 172.22.196.59: icmp_req=2 ttl=62 time=136 ms
64 bytes from 172.22.196.59: icmp_req=3 ttl=62 time=143 ms
^C
--- 172.22.196.59 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 136.858/300.532/621.666/227.090 ms

And use the ssh command to make a secure connection to the instance (specifying the private key to use):

$ ssh -i ~/.ssh/openstack-bisharron.pem debian@172.22.196.59
The authenticity of host '172.22.196.59 (172.22.196.59)' can't be established.
ECDSA key fingerprint is 2f:23:72:6f:13:b8:f0:00:9a:fb:90:64:da:3f:58:9d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.22.196.59' (ECDSA) to the list of known hosts.
Linux debian.example.com 3.2.0-4-amd64 #1 SMP Debian 3.2.46-1 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
debian@debian-test:~$

Clicking on “Network topology” we can see a nice representation of the project elements (routers, networks and servers):

final

That concludes this post, so enjoy your OpenStack expirence!

References

Related posts

, ,

  1. #1 por visayafan el 17-11-14 - 5:34 pm

    Sorrry to trouble, but what is the IP of your computer? Is it necessary that the floating ip 172.22.196.0/22 in the same LAN with your IP?

    Me gusta

    • #2 por albertomolina el 17-11-14 - 6:01 pm

      Hi visayafan,

      For floating IPs it’s not mandatory to use a subnet of your LAN but that’s the case in the example shown. In this case the LAN uses IPs in the range 172.22.0.0/16.

      When the external network was specified the commands used were:

      # neutron net-create ext_net — –router:external=True
      # neutron subnet-create ext_net \
      –allocation-pool start=172.22.196.1,end=172.22.199.254 \
      –disable-dhcp –gateway 172.22.0.1 172.22.0.0/16

      With allocation-pool it’s possible to define a subset of IP address in your LAN to be used as floating IPs.

      Me gusta

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s

A %d blogueros les gusta esto: