OpenStack Tutorial

Shihabur R. Chowdhury
CS 856 - Winter 2017
University of Waterloo
Environment Setup

● Download the VirtualBox image from here

● Open VirtualBox and go to
○ File > Import Appliance
● Choose the just downloaded virtual appliance file and
click Next
● Set at least 4096MB of memory and 1CPU in the
Appliance Settings window and click Import
Environment Setup

● VM credentials
○ username: openstack
○ password: openstackpass
● OpenStack credentials
○ username: admin
○ password: adminpass
DevStack

● A collection of scripts to run OpenStack on a single

machine
○ For development and demo purposes
● Download devstack from github
○ git clone
https://git.openstack.org/openstack-dev/devstack
● Put the configuration in local.conf
● Run the stack.sh script inside devstack directory.

The installation has been done for you. No need to run the installation again.
DevStack Configuration

● Start the file with

○ [[local|localrc]]
● A bunch of password configurations
○ ADMIN_PASSWORD=adminpass
○ DATABASE_PASSWORD=$ADMIN_PASSWORD
○ RABBIT_PASSWORD=$ADMIN_PASSWORD
○ SERVICE_PASSWORD=$ADMIN_PASSWORD
○ SERVICE_TOKEN=servicetoken

The installation has been done for you. No need to run the installation again.
DevStack Configuration (contd…)

● Network configuration
○ FLOATING_RANGE=10.0.3.0/27
○ PUBLIC_NETWORK_GATEWAY=10.0.3.1
○ HOST_IP=10.0.2.15

The installation has been done for you. No need to run the installation again.
DevStack Configuration (contd…)

● Disable nova network

○ disable nova-net
● Enable neutron networking
○ enable_service q-svc
○ enable_service q-agt
○ enable_service q-dhcp
○ enable_service q-meta
○ enable_service q-l3
○ enable_service q-lbaas

The installation has been done for you. No need to run the installation again.
DevStack Configuration (contd…)

● Neutron configuration
○ Q_USE_SECGROUP=True
○ ENABLE_TENANT_VLANS=True
○ TENANT_VLAN_RANGE=1000:1999
○ PHYSICAL_NETWORK=default
○ FLAT_INTERFACE=eth0
○ PUBLIC_INTERFACE=eth0

The installation has been done for you. No need to run the installation again.
Environment Setup

● stack.sh takes quite a while to finish. It has been

already run for you. Run the rejoin-stack.sh script to
finish configuring the environment
○ ~/devstack/rejoin-stack.sh
● Press Ctrl-a then press d to detach the screen session

The installation has been done for you. No need to run the installation again.
General Tips

● Every component has detailed help

○ nova help
● Parameters of a particular command can be found in
similar way
○ nova help boot
● Almost every component has a *-list command to show
list of *s
○ glance image-list
○ neutron subnet-list
What services are running ?

● Show the list of currently available services

○ keystone service-list
● List of URLs for accessing REST API of the services
○ keystone endpoint-list
● Show everything
○ keystone catalog
User Management

● View list of users

○ keystone user-list
● Add a new user
○ keystone user-create --name bob --pass bobpass
● Add ‘bob’ to tenant ‘admin’
○ keystone user-role-add --user bob --role _member_
--tenant admin
Quick Exercise

● Change password of the user bob to ‘notbob’ .

Spawning a new VM
● Pre-requisites
a. CPU configuration (number of virtual CPU)
b. Memory configuration (Total amount of RAM)
c. Storage configuration (Storage size)
d. Network Configuration
e. Operating System to install
● (a + b + c) together is called a flavor in OpenStack.
Flavors are created using nova
● Network is configured using neutron
● OS is installed using an OS image. Images are managed
using glance
Flavors
● A flavor is a predetermined CPU, Memory and Storage
configuration for creating VMs
● List available flavors
○ nova flavor-list
Flavors (contd…)
● Create a new flavor
○ nova flavor-create <name> <id> <ram> <disk> <vcpu(s)>
○ nova flavor-create m1.verytiny 6 64 1 1
○ A new flavor with id 6 is created and following is displayed
Images
● Show available images
○ glance image-list
● Add a VM image to glance
○ glance image-create --name tinycore-x86 --disk-format
qcow2 --container-format bare --file
~/images/base_tc.qcow2
Network Management
● Create a private network
○ neutron net-create private-ipv4-net
○ The following output will be displayed upon success

● Save the id field in a variable NETWORK_ID

○ export NETWORK_ID=<value_of_id_field>
Network Management (contd…)
● Create a subnet under ‘private-ipv4-net’
○ neutron subnet-create --name private-ipv4-subnet
$NETWORK_ID 172.16.0.0/24 --gateway 172.16.0.1
--dns-nameserver 8.8.8.8

● Note the id field and export it as SUBNET_ID

■ export SUBNET_ID=<value_of_id_field>
Network Management (contd…)
● Show details of a subnet
○ neutron subnet-show $SUBNET_ID
Network Management (contd…)
● Show list of routers
○ neutron router-list
● Create a new router named ‘border’
○ neutron router-create border
● Add the private subnet (private-ipv4-subnet) to one
of ‘border’’s interfaces
○ neutron router-interface-add border
private-ipv4-subnet
● Set gateway interface for the router
○ neutron router-gateway-set border public
Virtual Machines

● Boot a virtual machine from an existing image

○ nova boot --flavor 6 --image cirros-0.3.4-x86_64-uec
--nic net-id=$NETWORK_ID --security-groups default
--poll vm-0
Virtual Machines
● Show information about a VM (vm-0 in this case)
○ nova show vm-0

● export VM_ID=<value_of_id_field>
Virtual Machines

● Shutdown a VM
○ nova stop $VM_ID
● Delete a VM
○ nova delete $VM_ID
● Show the VM log
○ nova console-log $VM_ID (or VM name)
● nova show $VM_ID will display information about the
VM including network configuration, loaded image, the
used flavor, security groups etc.
Assign External IP to VM

● Allocate floating IP addresses from the floating range

○ neutron floatingip-create public

○ Save the value of id field in environment variable FIP

■ export FIP=<value_of_id_field>
Assign External IP to VM (contd…)
● List the network port of a VM
○ neutron port-list --device-id $VM_ID
○ export VM_PORT_ID=<value_of_id_field>
● Associate a floating IP with a VM nic
○ neutron floatingip-associate $FIP $VM_PORT_ID
● Try to ssh into the VM using the floating IP address
(10.0.3.4 in this example)
○ ssh [email protected]
● ssh will most likely fail to find a route since there is no
firewall rule to allow incoming ssh connections.
Security Groups
● Show the current tenant’s security groups
○ neutron security-group-list
● Create a new security group
○ neutron security-group-create ssh --description
"Allow incoming ssh traffic"
● Add rule to a security group
○ neutron security-group-rule-create --direction
ingress --protocol tcp --port_range_min 22
--port_range_max 22 ssh
● Assign our VM (vm-0) to this security group
○ nova add-secgroup vm-0 ssh
○ Now try to ssh again !
Security Group Exercise

● Create a security group that allows incoming ftp traffic

(i.e., TCP traffic to port 21) and ICMP traffic
Load Balancing with Neutron

● We’ll load balance ssh connection between 2 VMs using a

single IP address. We already have one VM, so create
another VM
● First disassociate the floating IP from vm-0
○ neutron floatingip-disassociate $FIP
● Boot another VM
○ nova boot --flavor 6 --image cirros-0.3.4-x86_64-uec
--nic net-id=$PRIVATE_NET --security-groups
default,ssh --poll vm-1
Load Balancing with Neutron

● Create an empty load balancer pool

○ neutron lb-pool-create --lb-method ROUND_ROBIN --name
balancer-pool --protocol TCP --subnet-id $SUBNET_ID
● Add the IP addresses for the two VMs to the load
balancer pool
○ Use nova show to obtain the IP address of a VM (ref. Slide 24)
○ neutron lb-member-create --address $SERVER1_IP
--protocol 22 balancer-pool
○ neutron lb-member-create --address $SERVER2_IP
--protocol 22 balancer-pool
Load Balancing with Neutron
● Create a virtual IP (VIP) for the load balancing pool. The
VIP should be from the same subnet as the VMs.
○ neutron lb-vip-create --name lb-vip --protocol-port
22 --protocol TCP --subnet-id $SUBNET_ID
balancer-pool

● Save the value of port_id in a variable $VIP_PORT_ID

○ export VIP_PORT_ID=<value_of_port_id_field>
Load Balancing with Neutron

● Associate a floating IP with the VIP

○ neutron floatingip-associate $FIP $VIP_PORT_ID
● Now try to ssh using the floating IP (10.0.3.4. in this case)
multiple times in a row. Each time ssh will log into a
different VM. If ssh gives an error regarding identity file
then follow the instruction ssh says on the console.
Volume Management

● LVM concepts
○ https://www.howtoforge.com/linux_lvm
○ http://www.routemybrain.com/understanding-the-concept-of-logic
al-volume-manager-%E2%80%93-lvm/
○ http://tldp.org/HOWTO/LVM-HOWTO/anatomy.html
Volume Management

● Create a new disk volume of size 1GB

○ cinder create 1 --display-name portable-disk
● Create a virtual machine with this disk volume attached
○ nova boot --flavor 1 --image cirros-0.3.4-x86_64-uec
--nic net-id=$PRIVATE_NET --block-device
source=volume,id=$VOLUME_ID,dest=volume,shutdown=pres
erve --poll vm-1
Volume Management

● Open the vnc console of vm-1 and initialize the volume:

○ # partition the disk
sudo fdisk /dev/vdb
○ # create a file system
sudo mkfs -t ext3 /dev/vdb
○ # create mount point
sudo mkdir /mnt/vdb
○ # mount the disk
sudo mount /dev/vdb /mnt/vdb
Volume Management

● Detach volume from a VM

○ nova volume-detach vm-1 $VOLUME_ID
● Attach volume to a running VM
○ nova volume-attach vm-0 $VOLUME_ID
OpenStack Python API

● OpenStack has a Python binding for it’s RESTful API

● Each component of OpenStack exposes it’s own API
● The first step is to create a Python object that acts as a
client to a particular OpenStack component
OpenStack Python API - Nova
● To use nova api import the novaclient first
○ from novaclient import client as nova_client
● Create a nova client by providing it with proper
credentials
○ nova = nova_client.Client(<api-version>, <username>,
<password>, <tenant-name>, <auth_url>)
● Once authorized, the nova object will be used to make
all API calls
OpenStack Python API - Nova

● List all flavors

○ nova.flavors.list()
● List all servers
○ nova.servers.list()
● Find a specific server
○ nova.servers.find(name=”vm-0”)
● Show the supported operations on a server
○ dir(nova.servers.find(name=”vm-0”))
OpenStack Python API - Nova

● Show a server’s console log

○ nova.servers.find(name=”vm-0”).get_console_output()
● Show status of a server
○ nova.servers.find(name=”vm-0”).status
● Show the tenant who owns this server
○ nova.servers.find(name=”vm-0”).tenant_id
OpenStack Python API - Nova

● Find a server’s Id using the API

● List the security groups a server belongs to
● Reboot a server
● Pause a server, print its status and unpause the server
OpenStack Python API - Nova

● Create a new server

○ nova.servers.create(
name='vm-2',
flavor=nova.flavors.find(name='m1.very-tiny'),
image=nova.images.find(name='cirros-0.3.4-x86_64-uec)
, nics=[{'net-id' : <NET_ID>}])
OpenStack Python API - Neutron

● Similar for neutron. Create a client first

○ from neutronclient.v2_0 import client

neutron = client.Client(username=<username>,
password=<password>, tenant_name=<tenant_name>,
auth_url=<auth_url>)
OpenStack Python API - Neutron

● List the networks

○ neutron.list_networks()
● List the subnets
○ neutron list_subnets()
● List the routers
○ neutron list_routers()