

    Dan RadezSr. Software Engineer, Red HatJune 14, 2013

  • What is OpenStack?

    Cloud/Visualization Platform Designed for standard hardware OpenSource

  • Overview

  • Lab Workstation

    User: lab12

    Password: lab12

    Applications -> System Tools -> Virt Manager

    - RHOS-control-node:

    - RHOS-compute-node:

  • PackStack: Installation

    Red Hat developed OpenStack installer

    Deployment options Interactively Answer file Quick Start All-in-one

    Features Single-host install Multi-host install RHOS, RDO, EPEL

  • PackStack: Installation

    [root@rhos ~]# ssh

    [root@control ~]# yum install -y openstack-packstack

    [root@control ~]# packstack --use-epel=n --install-hosts,

    Install Defaults MySQL Qpid Swift Not Installed Quantum

  • Packstack: Installation

    Exercise: Install OpenStack


  • Help!

    $ keystone help$ keystone help user-create$ glance help$ glance help image-create$ nova help$ nova help boot

  • Keystone: Identity Management

  • Keystone: Identity Management

    centralized identity service central catalog of services

    Multiple forms of authentication User name and password Token-based systems Amazon Web Services style logins

  • Keystone: Identity Management

    Login as admin[root@control ~]$ cat keystonerc_adminexport OS_USERNAME=adminexport OS_TENANT_NAME=adminexport OS_PASSWORD=5ffbe9d2a38d4a48export OS_AUTH_URL= export PS1="[\u@\h \W(keystone_admin)]$ "

    [root@control ~]$ source keystonerc_admin

    [root@control ~(keystone_admin)]$

  • Keystone: Identity Management

    Add a User[root@control ~]$ keystone user-create --name radez --pass supersecretpass

    id: 849616035d654b9b9a8cc38b10284a52

    [root@control ~]$ keystone role-create --name role1

    id: 8ab4a27031084100afbafc0f95a47170

    [root@control ~]$ keystone tenant-create --name tenant1

    Id: 427c01f33fcf4feb930f26dd550a14e0

  • Keystone: Identity Management

    Add a User[root@control ~]$ keystone user-role-add --user-id radez --role-id role1 --tenant-id tenant1

    [root@control ~]$ keystone user-list

    [root@control ~]$ keystone role-list

    [root@control ~]$ keystone tenant-list

    [root@control ~]$ keystone user-role-list

    [root@control ~]$ keystone endpoint-list

  • Keystone: Identity Management

    Login as radez[root@control ~]$ cp keystonerc_admin user_radezexport OS_USERNAME=radezexport OS_TENANT_NAME=tenant1export OS_PASSWORD=supersecretpassexport OS_AUTH_URL= export PS1="[\u@\h \W(user_radez)]$ "

    [root@control ~]$ source user_radez

    [root@control ~(user_radez)]$

    [root@control ~]$ source keystonerc_admin

    [root@control ~(keystonerc_admin)]$

  • Keystone: Identity Management

    Exercise: Add a user

  • Glance: Image Management

  • Glance: Image Management

    registry for virtual machine images images used as templates for new servers

    [root@control ~]$ glance image-create --name cirros --is-public 1 --disk-format qcow2 --container-format bare --file /mnt/cirros-0.3.0-x86_64-disk.img

    id: d3d1f38e-3f2c-4f45-91e1-cb4535f62d10

    [root@rhos ~]$ glance image-list

  • Glance: Image Management

    Image Building Oz appliance-creator Native glance builder in the works Manually (launch installer, import before first boot)

    Build Notes: Include cloudinit for post boot configuration

  • Glance: Image Management

    Exercise: Add an image

  • Quantum: Networking

  • Quantum: Networking

    networking as a service built in modular architecture

    Features Single or Multiple host deployment virtual network, subnet, and port abstractions Plugin architecture supports many network technologies

  • Quantum: Networking

  • Quantum: Networking

    Extra Configuration (control node)/etc/quantum/dhcp_agent.ini use_namespaces=True

    /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini tenant_network_type=vlan network_vlan_ranges = physnet1:1000:2999 bridge_mappings = physnet1:br-eth1

    /etc/quantum/quantum.conf ovs_use_veth = True -log_file

  • Quantum: Networking

    Extra Configuration (control node)/etc/quantum/l3_agent.ini -root_helper? use_namespaces=True

    [root@control ~]$ yum install -y nc

    [root@control ~]$ chkconfig quantum-ovs-cleanup on

    [root@control ~]$ ovs-vsctl add-br br-eth1

    [root@control ~]$ ovs-vsctl add-port br-eth1 eth1

    [root@control ~]$ sed -i "s|--config-file /usr/share/\$proj/\$proj-dist.conf ||" `grep -l proj-dist /etc/init.d/quantum*`

  • Quantum: Networking

    External Bridge (control node)/etc/sysconfig/network-scripts/ifcfg-eth0 -IPADDR= BRIDGE=br-ex

    /etc/sysconfig/network-scripts/ifcfg-br-ex ONBOOT=yes

    [root@control ~]$ ovs-vsctl add-br br-ex

    [root@control ~]$ ovs-vsctl add-port br-ex eth0; reboot

  • Quantum: Networking

    Extra Configuration (compute node)/etc/nova/nova.conf libvirt_vif_driver =


    /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini bridge_mappings = physnet1:br-eth1 -tenant_network_type=local

    [root@compute ~]$ ovs-vsctl add-br br-eth1

    [root@compute ~]$ ovs-vsctl add-port br-eth1 eth1

  • Quantum: Networking

    Restart Services (compute node)[root@compute ~]$ sed -i "s|--config-file /usr/share/\$proj/\$proj-dist.conf ||" `grep -l proj-dist /etc/init.d/quantum*`

    [root@compute ~]$ service openstack-nova-compute restart

    [root@compute ~]$ service quantum-openvswitch-agent restart

  • Quantum: Networking

    Create networks, subnets and routers[root@control ~]$ quantum net-create int

    id: cc6052d8-2a6d-40e7-85ab-b7c8bb5b3a8c

    [root@control ~]$ quantum subnet-create int

    id: c6c4ded5-ac0a-4f7c-8f54-9218f2cf8ecc

    [root@control ~]$ quantum router-create router1

    id: 30f385f0-8f1d-453e-b4ab-26ee6f8e80fe

    [root@control ~]$ quantum router-interface-add router1 c6c4ded5-ac0a-4f7c-8f54-9218f2cf8ecc

  • Quantum: Networking

    Create networks, subnets and routers[root@control ~]# keystone tenant-list

    4ee4f1d7d5ba46318885dd82520d748f | services

    [root@control ~]$ quantum net-create --tenant-id services ext -- --router:external=True

    id: 4cbcc3c7-4a40-4101-afca-ca9782ff7f04

    [root@control ~]$ quantum subnet-create --tenant-id services ext -- --enable_dhcp=False

    id: a4ba8c13-2a67-4402-bb0d-7e55f253de44

    [root@rhos ~]$ quantum router-gateway-set router1 ext

  • Quantum: Networking

    Find your tenant's security group[root@control ~]$ keystone tenant-list

    70784578887b4468adacd92f2f376bc9 | admin

    [root@control ~]$ quantum security-group-list

    | 049ca2a9-7dc0-417c-9092-640e8a47a585 | default | default |

    | adfca10c-e1a3-418a-8f97-224cc92e1626 | default | default |

    [root@control ~]$ quantum security-group-show 049ca2a9-7dc0-417c-9092-640e8a47a585

    id | 049ca2a9-7dc0-417c-9092-640e8a47a585 tenant_id | 70784578887b4468adacd92f2f376bc9

  • Quantum: Networking

    Clean the security groupsecurity_group_rules | "direction": "ingress"

    "id": "74dd70eb-f1c5-4797-978b-3238035b3aef"

    "id": "f7087e8b-5f15-494c-997b-c86d258efc62"

    [root@control ~]$ quantum security-group-rule-delete 74dd70eb-f1c5-4797-978b-3238035b3aef

    [root@control ~]$ quantum security-group-rule-delete f7087e8b-5f15-494c-997b-c86d258efc62

  • Quantum: Networking

    Add new security group rules[root@control ~]$ quantum security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 --remote-ip-prefix 049ca2a9-7dc0-417c-9092-640e8a47a585

    [root@control ~]$ quantum security-group-rule-create --protocol icmp --remote-ip-prefix 049ca2a9-7dc0-417c-9092-640e8a47a585

  • Quantum: Networking

    Exercise: Network your stack

  • Nova: Instance Management

  • Nova: Instance Management

    manages virtual machines on nodes provides virtual servers on demand interacts with Keystone, Glance and Horizon

    Design Features Designed to scale horizontally Designed for standard hardware

  • Nova: Instance Management

    Boot an instance[root@control ~]$ nova flavor-list

    [root@control ~]$ nova keypair-add --pub-key .ssh/ mykey

    [root@control ~]$ nova keypair-list

    mykey | 84:6e:28:d3:75:17:ab:25:4d:f3:0d:61:93:55:ee:e2

    [root@control ~]$ nova image-list

    [root@control ~]$ nova boot --flavor 1 --key_name mykey --image cirros my_instance

    [root@control ~]$ nova list

  • Nova: Instance Management

    Associate a floating to an instance[root@control ~]$ quantum floatingip-create ext

    id: 2b815236-f5f6-4d48-9860-4abbaec15990

    [root@control ~]$ quantum port-list

    Id: 1abd07c4-8c7b-4701-92a3-482f69e5a4eeip_address:

    [root@control ~]$ quantum floatingip-associate 2b815236-f5f6-4d48-9860-4abbaec15990 1abd07c4-8c7b-4701-92a3-482f69e5a4ee

    Associated floatingip 2b815236-f5f6-4d48-9860-4abbaec15990

  • Nova: Instance Management

    Communicate with instance[root@control ~]$ ping

    PING ( 56(84) bytes of data.64 bytes from icmp_seq=2 ttl=63 time=0.668 ms

    [root@control ~]$ ssh [email protected]

    The authenticity of host ' (' can't be established.RSA key fingerprint is 38:49:f2:67:80:11:31:84:1f:b1:79:df:5f:e4:e5:f7.Are you sure you want to continue connecting (yes/no)? YesWarning: Permanently added '' (RSA) to the list of known hosts.


  • Nova: Instance Management

    Exercise: Boot an Instance

  • Cinder: Block Storage

  • Cinder: Block Storage

    manages persistent block storage volumes snapshots can be taken

    Create and attach a volume[root@control ~]$ cinder create 1

    id: 4d6cbb1f-5873-4357-99c7-8ae0502e6de5

    [root@control ~]$ nova volume-attach my_instance \4d6cbb1f-5873-4357-99c7-8ae0502e6de5 auto

  • Cinder: Block Storage

    Mount a volume[root@control ~]$ ssh -i .ssh/id_rsa [email protected]

    my_instance$ sudo -i

    my_instance# mkfs.ext4 /dev/vdb

    my_instance# mkdir -p /mnt/volume

    my_instance# mount /dev/vdb /mnt/volume

    my_instance# touch /mnt/volume/test.txt

    my_instance# umount /mnt/volume

    [root@control ~]$ nova volume-detach my_instance \4d6cbb1f-5873-4357-99c7-8ae0502e6de5

  • Cinder: Block Storage

    Exercise: Create, attach and mount a volume

  • Swift: Object Storage

  • Swift: Object Storage

    Install Swift/root/packstack-answers-20130614-091000.txt


    [root@control ~]$ packstack --answer-file packstack-answers-20130614-091000.txt

  • Swift: Object Storage

    allows users to store and retrieve files distributed architecture to allow for horizontal scaling provides redundancy as failure-proofing data replication is managed by software

  • Swift: Object Storage

    Upload an object[root@control ~]$ swift stat

    [root@control ~]$ swift list

    [root@control ~]$ swift upload test packstack-answers.txt

    [root@control ~]$ swift list

    [root@control ~]$ swift list test

    [root@control ~]$ swift upload test /etc/motd

    [root@control ~]$ swift list test

  • Swift: Object Storage

    Exercise: Create a container & upload an object

  • Dashboard: Web Interface

  • Dashboard: Web Interface

    web-based interface for managing OpenStack services modular design for interfacing with other projects includes interface for all core components

  • Dashboard: Web Interface

  • Dashboard: Web Interface

  • Dashboard: Web Interface

    Exercise: Explore the Dashboard

  • Review

    PackStack: Installed OpenStack Keystone: Added a user Glance: Imported an image Quantum: Routed int & ext networks Nova: Launched an instance Cinder: Created and attached a volume Swift: Created a container & uploaded an object Dashboard: Graphical interaction

  • Review

  • Resources


    US/Red_Hat_OpenStack_Preview/2/html-single/Getting_Started_Guide/index.html Oz:

