h3. First Steps
Congratulations\! If you are here it means you have installed and configured a Openstack Nova computing platform\! In this chapter you will learn to operate at a very basic level the platform.
{warning:title=root password}
First, we recommend to change the root password of all the Nodes. By default, the root password is _stackops_. At this moment the root remote access is allowed.
{warning}
You need to have access to the Controller console, but you don't need access to Network, Volume and Compute nodes unless you need to troubleshoot some issue. So we assume you have root access to the Controller Node from now on.
h3. Basic sys admin actions
h5. Start and stop Nova services
Stackops distro uses upstart init scripts. There are three basic actions:
Start a component
{code}
start nova-COMPONENT_NAME
{code}
Stop a component
{code}
stop nova-COMPONENT_NAME
{code}
Staus of a component
{code}
status nova-COMPONENT_NAME
{code}
COMPONENT_NAME can be any of the following Nova processes:
* ajax-console-proxy
* api
* compute
* network
* objectstore
* scheduler
* volume
h5. Configuration files
All the configuration files are located under _/etc/nova_ and again they follow the same naming convention.
{warning}
Change the parameters at your risk.
{warning}
h5. Log Files
By default the system is installed in 'verbose' mode. You can disable this parameter at configuration time or modifying the configuration files.
All the log files are located in the directory _/var/log/nova_. The log format is as follows: *nova-COMPONENT_NAME.log*
h3. Managing the platform: nova-manage
*nova-manage* is the command used to manage the platform. If you execute the command as follows:
{code}
root@nova-controller:/var/lib/nova/bin# ./nova-manage
OpenStack Nova version: 2011.3 (2011.3-LOCALBRANCH:LOCALREVISION)
./nova-manage category action [<args>]
Available categories:
account
agent
config
db
drive
fixed
flavor
floating
host
instance_type
image
network
project
role
service
shell
user
version
vm
volume
vpn
vsa
root@nova-controller:/var/lib/nova/bin#
{code}
h5. Display Services
You can see the list of available services. If you want to know the status of the different Nova components, you have to execute:
{code}
root@nova-controller:/var/lib/nova/bin# ./nova-manage service list
Binary Host Zone Status State Updated_At
nova-vncproxy nova-controller nova enabled :-) 2011-11-17 16:10:50
nova-scheduler nova-controller nova enabled :-) 2011-11-17 16:10:50
nova-network nova-controller nova enabled :-) 2011-11-17 16:10:49
nova-volume nova-controller nova enabled XXX 2011-11-13 23:03:55
nova-compute nova-compute-1 nova enabled :-) 2011-11-17 16:10:49
nova-compute nova-compute-2 nova enabled :-) 2011-11-17 16:10:50
root@nova-controller:/var/lib/nova/bin#
{code}
A happy face means the component is running and connected to the platform. A 'X' means the component is not running or is not connected to the platform.
h5. Default user
By default the Stackops Distro uses Keystone to manage users and tenants in the platform. There are two default users: 'admin' user with password 'password' and 'admin:password' EC2 credentials. We don't recommend this user as a 'Cloud User'. We recommend to use the user 'demo' with password 'password' and 'demo:password' EC2 credentials. If you need to create more users and tenants, you should read the Openstack Keystone Manuals.
If you want to manage a project with the EC2 or Openstack v1.1 API, you need to execute this script located in /var/lib/stackops/setenv.sh
This script will create all the necessary environment variables for the 'demo' user. Please modify this script for any other user (TODO: Generic):
{code}
root@nova-controller:/var/lib/stackops# source setenv.sh
root@nova-controller:/var/lib/stackops# env | grep 'NOVA' && env | grep 'EC2' && env | grep 'OS_' && env | grep 'AUTH_TOKEN'
NOVA_PROJECT_ID=demo
NOVA_REGION_NAME=nova
NOVA_VERSION=1.1
NOVA_USERNAME=demo
NOVA_API_KEY=password
NOVA_URL=http://127.0.0.1:5000/v2.0/
EC2_SECRET_KEY=password
EC2_URL=http://127.0.0.1:80/services/Cloud
EC2_ACCESS_KEY=demo
OS_AUTH_USER=demo
OS_AUTH_STRATEGY=
OS_AUTH_URL=http://127.0.0.1:5000/v2.0/
OS_AUTH_TENANT=demo
OS_AUTH_KEY=password
AUTH_TOKEN=7b0fa8c5-8e8b-45b2-8205-9054954e9015
root@nova-controller:/var/lib/stackops#
{code}
{info:title=OS_AUTH_STRATEGY bug}
There is a bug in the script and the OS_AUTH_STRATEGY is not set by default. You must set it to 'keystone':
{code}
export OS_AUTH_STRATEGY=keystone
{code}
should work.
{info}
h3. Virtual Images
{warning:title=No images included in the v0.3 distro}
Version 0.2 did not include Glance image registry and API system. This version includes latest stable version of Glance.
{warning}
If you want to download a test image and register it in Glance, there is another script in /var/lib/stackops/pubimages.sh that downloads a Ubuntu Lucid 10.04.02 LTS and register it in Glance as a public image.
{code}
root@nova-controller:/var/lib/stackops# ./pubimages.sh
Downloading images...
--2011-11-17 09:57:19-- http://cloud-images.ubuntu.com/lucid/current/lucid-server-cloudimg-amd64.tar.gz
Resolving cloud-images.ubuntu.com... 91.189.88.141
Connecting to cloud-images.ubuntu.com|91.189.88.141|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 207976317 (198M) [application/x-gzip]
Saving to: `/tmp/lucid-server-cloudimg-amd64.tar.gz'
100%[=======================================================================================================================================================================>] 207,976,317 467K/s in 6m 49s
2011-11-17 10:04:08 (497 KB/s) - `/tmp/lucid-server-cloudimg-amd64.tar.gz' saved [207976317/207976317]
Added new image with ID: 2
root@nova-controller:/var/lib/stackops#
{code}
Now the image is ready to use. If you execute this glance command:
{code}
{code}
Please read the [Openstack Nova documentation about images|http://docs.openstack.org/openstack-compute/admin/content/ch05s03.html].
You can also find some images that can be directly downloaded from Ubuntu repositories:
Released builds are available under [http://uec-images.ubuntu.com/server/releases/<codename>]
* [Lucid|http://uec-images.ubuntu.com/server/releases/lucid/]
* [Maverick|http://uec-images.ubuntu.com/server/releases/maverick/]
* [Natty|http://uec-images.ubuntu.com/server/releases/natty/]
h3. The euca2ools client management tool
Euca2ools are command-line tools for interacting with Web services that export a REST/Query-based API compatible with Amazon EC2 and S3 services. These tools can be used with Amazon EC2 compatible API. If you run Ubuntu you can install it with apt-get:
{code}
apt-get install euca2ools
{code}
or [download from the website|http://open.eucalyptus.com/downloads].
h5. Load credentials
You need to setup several environment variables pointing to the platform. The script setenv.sh sets them automatically for the 'demo' user:
{code}
export EC2_SECRET_KEY=<<PASSWORD>>
EC2_URL=<<EC2 API ENDPOINT>>
EC2_ACCESS_KEY=<<USERNAME>>
{code}
Example:
{code}
EC2_SECRET_KEY=password
EC2_URL=http://127.0.0.1:80/services/Cloud
EC2_ACCESS_KEY=demo
{code}
All right, now you are ready to manage your project.
h5. Create a certificate
To manage the instances you need to create a certificate:
{code}
stackops@stackops-dev:~/clouds$ euca-add-keypair nubeblog > nubeblog.pem
stackops@stackops-dev:~/clouds$ more nubeblog.pem
KEYPAIR nubeblog 8e:7d:df:e0:f6:bf:dd:45:f7:ff:5d:8e:b4:de:12:a9
-----BEGIN RSA PRIVATE KEY-----
xxx
xxx
xxx
-----END RSA PRIVATE KEY-----
stackops@stackops-dev:~/clouds$
{code}
And don't forget to change the permissions of the recently created certificate:
{code}
stackops@stackops-dev:~/clouds$ chmod 600 nubeblog.pem
stackops@stackops-dev:~/clouds$
{code}
h5. Manage instances
Let's launch our first instance. The instance will be of type *m1.tiny*:
{code}
stackops@stackops-dev:~/clouds$ euca-run-instances -k nubeblog -t m1.tiny ami-3212757a
RESERVATION r-sneytgq2 nubeblog default
INSTANCE i-00000001 ami-3212757a scheduling nubeblog (nubeblog, None) 0 m1.tiny 2011-03-22 10:50:17 unknown zone
stackops@stackops-dev:~/clouds$
{code}
As you can see the instance is being created. It can take from a few seconds to minutes. If you want to know the status of the instantiation, then you have to execute:
{code}
stackops@stackops-dev:~/clouds$ euca-describe-instances
RESERVATION r-sneytgq2 nubeblog default
INSTANCE i-00000001 ami-3212757a 10.0.0.2 10.0.0.2 runningnubeblog (nubeblog, nova-controller) 0 m1.tiny 2011-03-22 10:50:17 nova
stackops@stackops-dev:~/clouds$
{code}
Great\! The instance is now running. As you can see the IP assigned is from the fixed private range. You need to configure the network for your project.
If you want to terminate the instance, then you have to:
{code}
stackops@stackops-dev:~/clouds$ euca-terminate-instances i-00000001
stackops@stackops-dev:~/clouds$ euca-describe-instances
stackops@stackops-dev:~/clouds$
{code}
h5. Firewall rules
You now need to ensure that you can access any instances that you launch via SSH as a minimum (as well as being able to ping) for this environment as my “default” security group.
{code}
stackops@stackops-dev:~/clouds$ euca-authorize default -P tcp -p 22 -s 0.0.0.0/0
GROUP default
PERMISSION default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
stackops@stackops-dev:~/clouds$ euca-authorize default -P icmp -t -1:-1
GROUP default
PERMISSION default ALLOWS icmp -1 -1
stackops@stackops-dev:~/clouds$
{code}
h5. Associate & disassociate Public IPs to instances
You have to associate a Public IP address to your instance to be accessible from outside. The process is very simple. First you have to allocate a new IP. This guarantees this IP is for you and nobody else is going to use it:
{code}
stackops@stackops-dev:~/clouds$ euca-allocate-address
ADDRESS 192.168.10.64
stackops@stackops-dev:~/clouds$
{code}
The platform has allocated for us the IP 192.168.10.64. Now we have to associate this IP to a running instance:
{code}
stackops@stackops-dev:~/clouds$ euca-associate-address -i i-00000002 192.168.10.64
ADDRESS 192.168.10.64 i-00000002
stackops@stackops-dev:~/clouds$ euca-describe-instances
RESERVATION r-ourxw938 nubeblog default
INSTANCE i-00000002 ami-3212757a 192.168.10.64 10.0.0.2 runningnubeblog (nubeblog, nova-controller) 0 m1.tiny 2011-03-22 11:02:26 nova
{code}
And now the instance is reachable from the 192.168.10.0 network:
{code}
stackops@stackops-dev:~/clouds$ ping 192.168.10.64
PING 192.168.10.64 (192.168.10.64) 56(84) bytes of data.
64 bytes from 192.168.10.64: icmp_seq=1 ttl=63 time=1.87 ms
64 bytes from 192.168.10.64: icmp_seq=2 ttl=63 time=1.48 ms
64 bytes from 192.168.10.64: icmp_seq=3 ttl=63 time=1.67 ms
64 bytes from 192.168.10.64: icmp_seq=4 ttl=63 time=4.17 ms
^C
--- 192.168.10.64 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 1.482/2.302/4.173/1.090 ms
stackops@stackops-dev:~/clouds$ ssh -i nubeblog.pem root@192.168.10.64
The authenticity of host '192.168.10.64 (192.168.10.64)' can't be established.
RSA key fingerprint is f5:c4:d1:06:a6:4a:ea:ac:bc:ec:2e:6f:ac:14:15:3f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.10.64' (RSA) to the list of known hosts.
Chop wood, carry water.
#
{code}
if you want to disassociate from the running instance execute:
{code}
stackops@stackops-dev:~/clouds$ euca-disassociate-address 192.168.10.64
ADDRESS 192.168.10.64
stackops@stackops-dev:~/clouds$ euca-describe-instances
RESERVATION r-ourxw938 nubeblog default
INSTANCE i-00000002 ami-3212757a 10.0.0.2 10.0.0.2 runningnubeblog (nubeblog, nova-controller) 0 m1.tiny 2011-03-22 11:02:26 nova
stackops@stackops-dev:~/clouds$
{code}
and to return the IP to the pool:
{code}
stackops@stackops-dev:~/clouds$ euca-release-address 192.168.10.64
ADDRESS 192.168.10.64
stackops@stackops-dev:~/clouds$
{code}
h5. Create & destroy volumes
Openstack Nova allows you present extra block level storage to your Nova instances. Those from the cloud arena will likely recognize this as a similar offering that Amazon EC2 offers, Elastic Block Storage (EBS).
To create a new volume, you need to pass as parameter the size of the volume in Gigabytes and the zone (by default is 'nova'):
{code}
stackops@stackops-dev:~/clouds$ euca-create-volume -s2 -znova
VOLUME vol-00000001 2 creating (diego, None, None, None) 2011-03-22 11:11:50.496016
stackops@stackops-dev:~/clouds$
{code}
It can take from a few seconds to minutes. If you want to know the status of the volumes, then you have to execute:
{code}
stackops@stackops-dev:~/clouds$ euca-describe-volumes
VOLUME vol-00000001 2 nova available (diego, nova-controller, None, None) 2011-03-22 11:11:50
stackops@stackops-dev:~/clouds$
{code}
And finally if you want to destroy the volume you need to pass as an argument the volume ID to this command:
{code}
stackops@stackops-dev:~/clouds$ euca-delete-volume vol-00000001
VOLUME vol-00000001
stackops@stackops-dev:~/clouds$ euca-describe-volumes
stackops@stackops-dev:~/clouds$
{code}
{warning}
If you delete a volume you will loose all the data
{warning}
h5. Attach & Detach volumes
Once you have the volume created, you have now to attach it to a running instance:
{code}
stackops@stackops-dev:~/clouds$ euca-create-volume -s2 -znova
VOLUME vol-00000002 2 creating (diego, None, None, None) 2011-03-22 11:18:19.902730
stackops@stackops-dev:~/clouds$ euca-attach-volume vol-00000002 -i i-00000002 -d /dev/vdb
VOLUME vol-00000002
stackops@stackops-dev:~/clouds$ euca-describe-volumes
VOLUME vol-00000002 2 nova in-use (diego, nova-controller, i-00000002[nova-controller], /dev/vdb) 2011-03-22 11:18:19
stackops@stackops-dev:~/clouds$
{code}
You should be able to access to the volume from your running instance.
If you want to detach the volume, then:
{code}
stackops@stackops-dev:~/clouds$ euca-detach-volume vol-00000002
VOLUME vol-00000002
stackops@stackops-dev:~/clouds$ euca-describe-volumes
VOLUME vol-00000002 2 nova available (diego, nova-controller, None, None) 2011-03-22 11:18:19
stackops@stackops-dev:~/clouds$
{code}
h3. The nova-client management tool
nova-client is a command-line tools for interacting with Web services that export a REST/Query-based API compatible with Openstack API v1.1 services. These tools are Openstack Nova API specific. If you run Ubuntu you can install it with apt-get:
{code}
apt-get install python-novaclient
{code}
h5. Load credentials
You need to setup several environment variables pointing to the platform. The script setenv.sh sets them automatically for the 'demo' user:
{code}
NOVA_PROJECT_ID=<<TENANT>>
NOVA_REGION_NAME=<<REGION>>
NOVA_VERSION=1.1
NOVA_USERNAME=<<USERNAME>>
NOVA_API_KEY=<<PASSWORD>>
NOVA_URL=<<KEYSTONE_API_ENTRY_POINT>>
AUTH_TOKEN=<<AUTH_TOKEN>>
{code}
Example:
{code}
NOVA_PROJECT_ID=demo
NOVA_REGION_NAME=nova
NOVA_VERSION=1.1
NOVA_USERNAME=demo
NOVA_API_KEY=password
NOVA_URL=http://127.0.0.1:5000/v2.0/
AUTH_TOKEN=7b0fa8c5-8e8b-45b2-8205-9054954e9015
{code}
All right, now you are ready to manage your project.
h5. Manage disk images
You can list the available images in your zone:
{code}
root@nova-controller:/var/lib/stackops# nova image-list
+----+-----------------------+--------+
| ID | Name | Status |
+----+-----------------------+--------+
| 1 | ubuntu-10.04.2-kernel | ACTIVE |
| 2 | ubuntu-10.04.2 | ACTIVE |
| 3 | windows-2008R2-64 | ACTIVE |
| 4 | ServicioCreado | ACTIVE |
| 5 | snapshot_test | ACTIVE |
+----+-----------------------+--------+
{code}
If you want to show the details of an image:
{code}
root@nova-controller:/var/lib/stackops# nova image-show 3
+----------+-------------------------------------------------------+
| Property | Value |
+----------+-------------------------------------------------------+
| created | 2011-11-13T18:37:20Z |
| id | 3 |
| metadata | {u'min_disk': u'0', u'owner': u'1', u'min_ram': u'0'} |
| name | windows-2008R2-64 |
| progress | 100 |
| status | ACTIVE |
| updated | 2011-11-13T18:50:37Z |
+----------+-------------------------------------------------------+
root@nova-controller:/var/lib/stackops#
{code}
h5. Create a certificate
Some images need a certificate to be managed. To show the existing certificates:
{code}
root@nova-controller:/var/lib/stackops# nova keypair-list
+----------------+-------------------------------------------------+
| Name | Fingerprint |
+----------------+-------------------------------------------------+
| diegotestacens | 7d:6a:2b:76:62:60:4b:79:b4:66:68:96:b9:f8:52:7d |
+----------------+-------------------------------------------------+
root@nova-controller:/var/lib/stackops#
{code}
To create a new certificate:
{code}
root@nova-controller:/var/lib/stackops# nova keypair-add stackopscerttest > stackopscerttest.pem
root@nova-controller:/var/lib/stackops# more stackopscerttest.pem
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDAoaP4nHFNDfbrPH3cRdrFYioTKOBiHawDG2YnrTPKnMyOYnIC
5rPV2C7ZwkrpMezr8q3QPn1JPc/ld1Ufee03TPYzYAeVBDb3Pq0GVCqwiB+cPV7f
dGhh/yQl3vohh3qH0RaxZPRuXrUv/JXL0G9XkOKUcz2dWDdCcjhNSQJIwwIBIwKB
gQCfm9+iGzlOeUjuy7i903rAza3VXGIlaQreAMJbY5/xBZOL6ytEO38QRWilzN77
u6cMpIFjZvoYHUXbYuAhZQZfkpYhy2WBAzD5dc7RhywpSpLki/1R6dUM0whVtxF9
Hj5+TOhyqbJFv9q758R349H8hKE57HagNawljFhqOuQWiwJBAPp73RlJmvP0ftkI
XQ9zVuRo2yL3NcQV1wXEGj98Kn7610rqtrDJOU1VsEMYskcTyUawU7T2pJtVKfuf
yKT6XIECQQDE36A/m792Vs+8+oBAeTl12VT+sYSe8E9byL6oEJT+euMghjKGQmVN
IotJflPgVUvfF2TEM2OE7wWhE1PhXpNDAkEApJqJ+qy2SIq5wdJLyFMb1+0iSi1s
eYqx3ze5ei0F+6wnE/lTe3zrJDD+zQGZua3qqsukuL9WOjCmj2kAMeZaCwJAX5/R
ffsxHDjLTSk2+r6Jn6QTVyMF5sx+USb9hNTap32EQv9aXngFUVnr4d5F/z9fXbrn
zQMEc8SNtKL82y3vwQJAGD8Ds9HIzIAK0f4ETBG2eXfUTLhHKQJ7AMDsnQJlKQ6R
VNeXfYzdhIBd1GvoT2vqHDrA2ROZlNFtHdgCgIY0uw==
-----END RSA PRIVATE KEY-----
root@nova-controller:/var/lib/stackops# {code}
The private key is now stored in the file stackopscerttest.pem. You have to use it when launching an image with the capability to inject keys.
If you want to delete a certificate, you have to:
{code}
root@nova-controller:/var/lib/stackops# nova keypair-list
+------------------+-------------------------------------------------+
| Name | Fingerprint |
+------------------+-------------------------------------------------+
| diegotestacens | 7d:6a:2b:76:62:60:4b:79:b4:66:68:96:b9:f8:52:7d |
| stackopscerttest | da:fb:f7:1e:0c:14:32:bb:b1:31:86:7f:12:8f:fb:54 |
| stackopstest | 11:51:ce:43:a5:89:7d:92:b7:dd:4e:33:13:ba:a1:a2 |
+------------------+-------------------------------------------------+
root@nova-controller:/var/lib/stackops# nova keypair-delete stackopstest
root@nova-controller:/var/lib/stackops# nova keypair-list
+------------------+-------------------------------------------------+
| Name | Fingerprint |
+------------------+-------------------------------------------------+
| diegotestacens | 7d:6a:2b:76:62:60:4b:79:b4:66:68:96:b9:f8:52:7d |
| stackopscerttest | da:fb:f7:1e:0c:14:32:bb:b1:31:86:7f:12:8f:fb:54 |
+------------------+-------------------------------------------------+
root@nova-controller:/var/lib/stackops#
{code}
h5. Manage instances
Let's launch our first instance. The instance will be of type m1.tiny:
{code}
root@nova-controller:/var/lib/stackops# nova flavor-list
+----+-----------+-----------+------+----------+-------+------------+----------+
| ID | Name | Memory_MB | Swap | Local_GB | VCPUs | RXTX_Quota | RXTX_Cap |
+----+-----------+-----------+------+----------+-------+------------+----------+
| 1 | m1.tiny | 512 | 0 | 0 | 1 | 0 | 0 |
| 2 | m1.small | 2048 | 0 | 20 | 1 | 0 | 0 |
| 3 | m1.medium | 4096 | 0 | 40 | 2 | 0 | 0 |
| 4 | m1.large | 8192 | 0 | 80 | 4 | 0 | 0 |
| 5 | m1.xlarge | 16384 | 0 | 160 | 8 | 0 | 0 |
+----+-----------+-----------+------+----------+-------+------------+----------+
root@nova-controller:/var/lib/stackops# nova boot --flavor 1 --image 2 --key_name stackopscerttest stackopsdoctest
+--------------+--------------------------------------+
| Property | Value |
+--------------+--------------------------------------+
| accessIPv4 | |
| accessIPv6 | |
| adminPass | of7KdX9Lb4y8WYz5 |
| config_drive | |
| created | 2011-11-28T21:33:49Z |
| flavor | m1.tiny |
| hostId | |
| id | 10 |
| image | ubuntu-10.04.2 |
| key_name | stackopscerttest |
| metadata | {} |
| name | stackopsdoctest |
| progress | 0 |
| status | BUILD |
| tenant_id | 2 |
| updated | 2011-11-28T21:33:49Z |
| user_id | demo |
| uuid | 2ef63190-3e02-4d07-84ad-7915833381a4 |
+--------------+--------------------------------------+
root@nova-controller:/var/lib/stackops#
{code}
As you can see the instance is being created. It can take from a few seconds to minutes. If you want to know the status of the instantiation, then you have to execute:
{code}
root@nova-controller:/var/lib/stackops# nova list
+----+-----------------------+--------+------------------+
| ID | Name | Status | Networks |
+----+-----------------------+--------+------------------+
| 7 | WindowsTest | ACTIVE | service=10.0.0.2 |
| 8 | turiroturiro | ACTIVE | service=10.0.0.3 |
| 9 | For_snapshotting_test | ACTIVE | service=10.0.0.4 |
| 10 | stackopsdoctest | ACTIVE | service=10.0.0.5 |
+----+-----------------------+--------+------------------+
{code}
If you want to show the details of a server:
{code}
root@nova-controller:/var/lib/stackops# nova show 10
+-----------------+----------------------------------------------------------+
| Property | Value |
+-----------------+----------------------------------------------------------+
| accessIPv4 | |
| accessIPv6 | |
| config_drive | |
| created | 2011-11-28T21:33:49Z |
| flavor | m1.tiny |
| hostId | 63fe8bca8f9f8619e3cf51ed583603e24b99c0e6bdc796f8e6f5bbd0 |
| id | 10 |
| image | ubuntu-10.04.2 |
| key_name | stackopscerttest |
| metadata | {} |
| name | stackopsdoctest |
| progress | 100 |
| service network | 10.0.0.5 |
| status | ACTIVE |
| tenant_id | 2 |
| updated | 2011-11-28T21:33:55Z |
| user_id | demo |
| uuid | 2ef63190-3e02-4d07-84ad-7915833381a4 |
+-----------------+----------------------------------------------------------+
root@nova-controller:/var/lib/stackops#
{code}
Great! The instance is now running. As you can see the IP assigned is from the fixed private range. You need to configure the network for your project.
If you want to terminate (shutdown and delete) the instance, then you have to:
{code}
root@nova-controller:/var/lib/stackops# nova delete 10
root@nova-controller:/var/lib/stackops# nova show 10
No server with a name or ID of '10' exists.
root@nova-controller:/var/lib/stackops# nova list
+----+-----------------------+--------+------------------+
| ID | Name | Status | Networks |
+----+-----------------------+--------+------------------+
| 7 | WindowsTest | ACTIVE | service=10.0.0.2 |
| 8 | turiroturiro | ACTIVE | service=10.0.0.3 |
| 9 | For_snapshotting_test | ACTIVE | service=10.0.0.4 |
+----+-----------------------+--------+------------------+
root@nova-controller:/var/lib/stackops#
{code}
h5. Firewall rules
You now need to ensure that you can access any instances that you launch via SSH as a minimum (as well as being able to ping) for this environment as my “default” security group.
{code}
root@nova-controller:/var/lib/stackops# nova secgroup-list
+---------+-------------+
| Name | Description |
+---------+-------------+
| default | default |
+---------+-------------+
root@nova-controller:/var/lib/stackops# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 22 | 22 | 0.0.0.0/0 | |
| tcp | 3389 | 3389 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
{code}
Let's open port 80 from all internet:
{code}
root@nova-controller:/var/lib/stackops# nova secgroup-add-rule default tcp 80 80 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 80 | 80 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
{code}
Now let's allow traffic from ICMP (Ping) from internet:
{code}
root@nova-controller:/var/lib/stackops# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
{code}
And now we are going to list the rules of 'default' group:
{code}
root@nova-controller:/var/lib/stackops# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
| tcp | 22 | 22 | 0.0.0.0/0 | |
| tcp | 80 | 80 | 0.0.0.0/0 | |
| tcp | 3389 | 3389 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
root@nova-controller:/var/lib/stackops#
{code}
h5. Associate & disassociate Public IPs to instances
You have to associate a Public IP address to your instance to be accessible from outside. The process is very simple. First you have to allocate a new IP. This guarantees this IP is for you and nobody else is going to use it.
If we want to list the current list of floating ips that I can use:
{code}
root@nova-controller:/var/lib/stackops# nova floating-ip-list
+----------------+-------------+----------+
| Ip | Instance Id | Fixed Ip |
+----------------+-------------+----------+
| 217.116.21.202 | None | None |
| 217.116.21.203 | None | None |
| 217.116.21.204 | None | None |
+----------------+-------------+----------+
{code}
If we need to reserver more floating IPs, we can use this command:
{code}
root@nova-controller:/var/lib/stackops# nova floating-ip-create
+----------------+-------------+----------+
| Ip | Instance Id | Fixed Ip |
+----------------+-------------+----------+
| 217.116.21.205 | None | None |
+----------------+-------------+----------+
root@nova-controller:/var/lib/stackops#
{code}
The platform has allocated for us the IP 217.116.21.205 now. Now we have to associate this IP to a running instance:
{code}
root@nova-controller:/var/lib/stackops# nova add-floating-ip stackopsdoctest 217.116.21.205
root@nova-controller:/var/lib/stackops# nova floating-ip-list
+----------------+-------------+----------+
| Ip | Instance Id | Fixed Ip |
+----------------+-------------+----------+
| 217.116.21.202 | None | None |
| 217.116.21.203 | None | None |
| 217.116.21.204 | None | None |
| 217.116.21.205 | 10 | 10.0.0.5 |
+----------------+-------------+----------+
root@nova-controller:/var/lib/stackops#
{code}
And now the instance is reachable from internet:
{code}
MacBook-Air-de-Diego-Parrilla:~ diego$ ping 217.116.21.205
PING 217.116.21.205 (217.116.21.205): 56 data bytes
64 bytes from 217.116.21.205: icmp_seq=0 ttl=54 time=55.562 ms
64 bytes from 217.116.21.205: icmp_seq=1 ttl=54 time=40.903 ms
64 bytes from 217.116.21.205: icmp_seq=2 ttl=54 time=43.803 ms
64 bytes from 217.116.21.205: icmp_seq=3 ttl=54 time=42.882 ms
64 bytes from 217.116.21.205: icmp_seq=4 ttl=54 time=42.709 ms
^C
--- 217.116.21.205 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 40.903/45.172/55.562/5.279 ms
MacBook-Air-de-Diego-Parrilla:~ diego$ ssh -i stackopscerttest.pem ubuntu@217.116.21.205
The authenticity of host '217.116.21.205 (217.116.21.205)' can't be established.
RSA key fingerprint is 79:d2:91:58:4e:b3:02:b6:83:96:d0:06:64:1a:fa:f0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '217.116.21.205' (RSA) to the list of known hosts.
Linux stackopsdoctest 2.6.32-34-server #77-Ubuntu SMP Tue Sep 13 20:54:38 UTC 2011 x86_64 GNU/Linux
Ubuntu 10.04.3 LTS
Welcome to the Ubuntu Server!
* Documentation: http://www.ubuntu.com/server/doc
System information as of Mon Nov 28 22:02:10 UTC 2011
System load: 0.0 Processes: 63
Usage of /: 44.5% of 1.35GB Users logged in: 0
Memory usage: 7% IP address for eth0: 10.0.0.5
Swap usage: 0%
Graph this data and manage this system at https://landscape.canonical.com/
---------------------------------------------------------------------
At the moment, only the core of the system is installed. To tune the
system to your needs, you can choose to install one or more
predefined collections of software by running the following
command:
sudo tasksel --section server
---------------------------------------------------------------------
0 packages can be updated.
0 updates are security updates.
Get cloud support with Ubuntu Advantage Cloud Guest
http://www.ubuntu.com/business/services/cloud
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
ubuntu@stackopsdoctest:~$
{code}
if you want to disassociate from the running instance execute:
{code}
root@nova-controller:/var/lib/stackops# nova remove-floating-ip stackopsdoctest 217.116.21.205
root@nova-controller:/var/lib/stackops# nova floating-ip-list
+----------------+-------------+----------+
| Ip | Instance Id | Fixed Ip |
+----------------+-------------+----------+
| 217.116.21.202 | None | None |
| 217.116.21.203 | None | None |
| 217.116.21.204 | None | None |
| 217.116.21.205 | None | None |
+----------------+-------------+----------+
root@nova-controller:/var/lib/stackops#
{code}
and to return the IP to the pool:
{code}
root@nova-controller:/var/lib/stackops# nova floating-ip-delete 217.116.21.205
root@nova-controller:/var/lib/stackops# nova floating-ip-list
+----------------+-------------+----------+
| Ip | Instance Id | Fixed Ip |
+----------------+-------------+----------+
| 217.116.21.202 | None | None |
| 217.116.21.203 | None | None |
| 217.116.21.204 | None | None |
+----------------+-------------+----------+
root@nova-controller:/var/lib/stackops#
{code}
h5. Create & destroy volumes
h5. Attach & Detach volumes
h3. Glance management
Glance official documentation is absolutely awesome. We strongly recommend to read the chapter dedicated to the CLI [http://docs.openstack.org/diablo/openstack-image-service/admin/content/using-the-glance-cli-tool.html]
h3. Horizon dashboard
StackOps support of Horizon dashboard is experimental. Use it at your own risk.
h3. More information
You can find more information in the [official Openstack documentation site|http://docs.openstack.org] and the [Openstack Wiki|http://wiki.openstack.org/].
Congratulations\! If you are here it means you have installed and configured a Openstack Nova computing platform\! In this chapter you will learn to operate at a very basic level the platform.
{warning:title=root password}
First, we recommend to change the root password of all the Nodes. By default, the root password is _stackops_. At this moment the root remote access is allowed.
{warning}
You need to have access to the Controller console, but you don't need access to Network, Volume and Compute nodes unless you need to troubleshoot some issue. So we assume you have root access to the Controller Node from now on.
h3. Basic sys admin actions
h5. Start and stop Nova services
Stackops distro uses upstart init scripts. There are three basic actions:
Start a component
{code}
start nova-COMPONENT_NAME
{code}
Stop a component
{code}
stop nova-COMPONENT_NAME
{code}
Staus of a component
{code}
status nova-COMPONENT_NAME
{code}
COMPONENT_NAME can be any of the following Nova processes:
* ajax-console-proxy
* api
* compute
* network
* objectstore
* scheduler
* volume
h5. Configuration files
All the configuration files are located under _/etc/nova_ and again they follow the same naming convention.
{warning}
Change the parameters at your risk.
{warning}
h5. Log Files
By default the system is installed in 'verbose' mode. You can disable this parameter at configuration time or modifying the configuration files.
All the log files are located in the directory _/var/log/nova_. The log format is as follows: *nova-COMPONENT_NAME.log*
h3. Managing the platform: nova-manage
*nova-manage* is the command used to manage the platform. If you execute the command as follows:
{code}
root@nova-controller:/var/lib/nova/bin# ./nova-manage
OpenStack Nova version: 2011.3 (2011.3-LOCALBRANCH:LOCALREVISION)
./nova-manage category action [<args>]
Available categories:
account
agent
config
db
drive
fixed
flavor
floating
host
instance_type
image
network
project
role
service
shell
user
version
vm
volume
vpn
vsa
root@nova-controller:/var/lib/nova/bin#
{code}
h5. Display Services
You can see the list of available services. If you want to know the status of the different Nova components, you have to execute:
{code}
root@nova-controller:/var/lib/nova/bin# ./nova-manage service list
Binary Host Zone Status State Updated_At
nova-vncproxy nova-controller nova enabled :-) 2011-11-17 16:10:50
nova-scheduler nova-controller nova enabled :-) 2011-11-17 16:10:50
nova-network nova-controller nova enabled :-) 2011-11-17 16:10:49
nova-volume nova-controller nova enabled XXX 2011-11-13 23:03:55
nova-compute nova-compute-1 nova enabled :-) 2011-11-17 16:10:49
nova-compute nova-compute-2 nova enabled :-) 2011-11-17 16:10:50
root@nova-controller:/var/lib/nova/bin#
{code}
A happy face means the component is running and connected to the platform. A 'X' means the component is not running or is not connected to the platform.
h5. Default user
By default the Stackops Distro uses Keystone to manage users and tenants in the platform. There are two default users: 'admin' user with password 'password' and 'admin:password' EC2 credentials. We don't recommend this user as a 'Cloud User'. We recommend to use the user 'demo' with password 'password' and 'demo:password' EC2 credentials. If you need to create more users and tenants, you should read the Openstack Keystone Manuals.
If you want to manage a project with the EC2 or Openstack v1.1 API, you need to execute this script located in /var/lib/stackops/setenv.sh
This script will create all the necessary environment variables for the 'demo' user. Please modify this script for any other user (TODO: Generic):
{code}
root@nova-controller:/var/lib/stackops# source setenv.sh
root@nova-controller:/var/lib/stackops# env | grep 'NOVA' && env | grep 'EC2' && env | grep 'OS_' && env | grep 'AUTH_TOKEN'
NOVA_PROJECT_ID=demo
NOVA_REGION_NAME=nova
NOVA_VERSION=1.1
NOVA_USERNAME=demo
NOVA_API_KEY=password
NOVA_URL=http://127.0.0.1:5000/v2.0/
EC2_SECRET_KEY=password
EC2_URL=http://127.0.0.1:80/services/Cloud
EC2_ACCESS_KEY=demo
OS_AUTH_USER=demo
OS_AUTH_STRATEGY=
OS_AUTH_URL=http://127.0.0.1:5000/v2.0/
OS_AUTH_TENANT=demo
OS_AUTH_KEY=password
AUTH_TOKEN=7b0fa8c5-8e8b-45b2-8205-9054954e9015
root@nova-controller:/var/lib/stackops#
{code}
{info:title=OS_AUTH_STRATEGY bug}
There is a bug in the script and the OS_AUTH_STRATEGY is not set by default. You must set it to 'keystone':
{code}
export OS_AUTH_STRATEGY=keystone
{code}
should work.
{info}
h3. Virtual Images
{warning:title=No images included in the v0.3 distro}
Version 0.2 did not include Glance image registry and API system. This version includes latest stable version of Glance.
{warning}
If you want to download a test image and register it in Glance, there is another script in /var/lib/stackops/pubimages.sh that downloads a Ubuntu Lucid 10.04.02 LTS and register it in Glance as a public image.
{code}
root@nova-controller:/var/lib/stackops# ./pubimages.sh
Downloading images...
--2011-11-17 09:57:19-- http://cloud-images.ubuntu.com/lucid/current/lucid-server-cloudimg-amd64.tar.gz
Resolving cloud-images.ubuntu.com... 91.189.88.141
Connecting to cloud-images.ubuntu.com|91.189.88.141|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 207976317 (198M) [application/x-gzip]
Saving to: `/tmp/lucid-server-cloudimg-amd64.tar.gz'
100%[=======================================================================================================================================================================>] 207,976,317 467K/s in 6m 49s
2011-11-17 10:04:08 (497 KB/s) - `/tmp/lucid-server-cloudimg-amd64.tar.gz' saved [207976317/207976317]
Added new image with ID: 2
root@nova-controller:/var/lib/stackops#
{code}
Now the image is ready to use. If you execute this glance command:
{code}
{code}
Please read the [Openstack Nova documentation about images|http://docs.openstack.org/openstack-compute/admin/content/ch05s03.html].
You can also find some images that can be directly downloaded from Ubuntu repositories:
Released builds are available under [http://uec-images.ubuntu.com/server/releases/<codename>]
* [Lucid|http://uec-images.ubuntu.com/server/releases/lucid/]
* [Maverick|http://uec-images.ubuntu.com/server/releases/maverick/]
* [Natty|http://uec-images.ubuntu.com/server/releases/natty/]
h3. The euca2ools client management tool
Euca2ools are command-line tools for interacting with Web services that export a REST/Query-based API compatible with Amazon EC2 and S3 services. These tools can be used with Amazon EC2 compatible API. If you run Ubuntu you can install it with apt-get:
{code}
apt-get install euca2ools
{code}
or [download from the website|http://open.eucalyptus.com/downloads].
h5. Load credentials
You need to setup several environment variables pointing to the platform. The script setenv.sh sets them automatically for the 'demo' user:
{code}
export EC2_SECRET_KEY=<<PASSWORD>>
EC2_URL=<<EC2 API ENDPOINT>>
EC2_ACCESS_KEY=<<USERNAME>>
{code}
Example:
{code}
EC2_SECRET_KEY=password
EC2_URL=http://127.0.0.1:80/services/Cloud
EC2_ACCESS_KEY=demo
{code}
All right, now you are ready to manage your project.
h5. Create a certificate
To manage the instances you need to create a certificate:
{code}
stackops@stackops-dev:~/clouds$ euca-add-keypair nubeblog > nubeblog.pem
stackops@stackops-dev:~/clouds$ more nubeblog.pem
KEYPAIR nubeblog 8e:7d:df:e0:f6:bf:dd:45:f7:ff:5d:8e:b4:de:12:a9
-----BEGIN RSA PRIVATE KEY-----
xxx
xxx
xxx
-----END RSA PRIVATE KEY-----
stackops@stackops-dev:~/clouds$
{code}
And don't forget to change the permissions of the recently created certificate:
{code}
stackops@stackops-dev:~/clouds$ chmod 600 nubeblog.pem
stackops@stackops-dev:~/clouds$
{code}
h5. Manage instances
Let's launch our first instance. The instance will be of type *m1.tiny*:
{code}
stackops@stackops-dev:~/clouds$ euca-run-instances -k nubeblog -t m1.tiny ami-3212757a
RESERVATION r-sneytgq2 nubeblog default
INSTANCE i-00000001 ami-3212757a scheduling nubeblog (nubeblog, None) 0 m1.tiny 2011-03-22 10:50:17 unknown zone
stackops@stackops-dev:~/clouds$
{code}
As you can see the instance is being created. It can take from a few seconds to minutes. If you want to know the status of the instantiation, then you have to execute:
{code}
stackops@stackops-dev:~/clouds$ euca-describe-instances
RESERVATION r-sneytgq2 nubeblog default
INSTANCE i-00000001 ami-3212757a 10.0.0.2 10.0.0.2 runningnubeblog (nubeblog, nova-controller) 0 m1.tiny 2011-03-22 10:50:17 nova
stackops@stackops-dev:~/clouds$
{code}
Great\! The instance is now running. As you can see the IP assigned is from the fixed private range. You need to configure the network for your project.
If you want to terminate the instance, then you have to:
{code}
stackops@stackops-dev:~/clouds$ euca-terminate-instances i-00000001
stackops@stackops-dev:~/clouds$ euca-describe-instances
stackops@stackops-dev:~/clouds$
{code}
h5. Firewall rules
You now need to ensure that you can access any instances that you launch via SSH as a minimum (as well as being able to ping) for this environment as my “default” security group.
{code}
stackops@stackops-dev:~/clouds$ euca-authorize default -P tcp -p 22 -s 0.0.0.0/0
GROUP default
PERMISSION default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
stackops@stackops-dev:~/clouds$ euca-authorize default -P icmp -t -1:-1
GROUP default
PERMISSION default ALLOWS icmp -1 -1
stackops@stackops-dev:~/clouds$
{code}
h5. Associate & disassociate Public IPs to instances
You have to associate a Public IP address to your instance to be accessible from outside. The process is very simple. First you have to allocate a new IP. This guarantees this IP is for you and nobody else is going to use it:
{code}
stackops@stackops-dev:~/clouds$ euca-allocate-address
ADDRESS 192.168.10.64
stackops@stackops-dev:~/clouds$
{code}
The platform has allocated for us the IP 192.168.10.64. Now we have to associate this IP to a running instance:
{code}
stackops@stackops-dev:~/clouds$ euca-associate-address -i i-00000002 192.168.10.64
ADDRESS 192.168.10.64 i-00000002
stackops@stackops-dev:~/clouds$ euca-describe-instances
RESERVATION r-ourxw938 nubeblog default
INSTANCE i-00000002 ami-3212757a 192.168.10.64 10.0.0.2 runningnubeblog (nubeblog, nova-controller) 0 m1.tiny 2011-03-22 11:02:26 nova
{code}
And now the instance is reachable from the 192.168.10.0 network:
{code}
stackops@stackops-dev:~/clouds$ ping 192.168.10.64
PING 192.168.10.64 (192.168.10.64) 56(84) bytes of data.
64 bytes from 192.168.10.64: icmp_seq=1 ttl=63 time=1.87 ms
64 bytes from 192.168.10.64: icmp_seq=2 ttl=63 time=1.48 ms
64 bytes from 192.168.10.64: icmp_seq=3 ttl=63 time=1.67 ms
64 bytes from 192.168.10.64: icmp_seq=4 ttl=63 time=4.17 ms
^C
--- 192.168.10.64 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 1.482/2.302/4.173/1.090 ms
stackops@stackops-dev:~/clouds$ ssh -i nubeblog.pem root@192.168.10.64
The authenticity of host '192.168.10.64 (192.168.10.64)' can't be established.
RSA key fingerprint is f5:c4:d1:06:a6:4a:ea:ac:bc:ec:2e:6f:ac:14:15:3f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.10.64' (RSA) to the list of known hosts.
Chop wood, carry water.
#
{code}
if you want to disassociate from the running instance execute:
{code}
stackops@stackops-dev:~/clouds$ euca-disassociate-address 192.168.10.64
ADDRESS 192.168.10.64
stackops@stackops-dev:~/clouds$ euca-describe-instances
RESERVATION r-ourxw938 nubeblog default
INSTANCE i-00000002 ami-3212757a 10.0.0.2 10.0.0.2 runningnubeblog (nubeblog, nova-controller) 0 m1.tiny 2011-03-22 11:02:26 nova
stackops@stackops-dev:~/clouds$
{code}
and to return the IP to the pool:
{code}
stackops@stackops-dev:~/clouds$ euca-release-address 192.168.10.64
ADDRESS 192.168.10.64
stackops@stackops-dev:~/clouds$
{code}
h5. Create & destroy volumes
Openstack Nova allows you present extra block level storage to your Nova instances. Those from the cloud arena will likely recognize this as a similar offering that Amazon EC2 offers, Elastic Block Storage (EBS).
To create a new volume, you need to pass as parameter the size of the volume in Gigabytes and the zone (by default is 'nova'):
{code}
stackops@stackops-dev:~/clouds$ euca-create-volume -s2 -znova
VOLUME vol-00000001 2 creating (diego, None, None, None) 2011-03-22 11:11:50.496016
stackops@stackops-dev:~/clouds$
{code}
It can take from a few seconds to minutes. If you want to know the status of the volumes, then you have to execute:
{code}
stackops@stackops-dev:~/clouds$ euca-describe-volumes
VOLUME vol-00000001 2 nova available (diego, nova-controller, None, None) 2011-03-22 11:11:50
stackops@stackops-dev:~/clouds$
{code}
And finally if you want to destroy the volume you need to pass as an argument the volume ID to this command:
{code}
stackops@stackops-dev:~/clouds$ euca-delete-volume vol-00000001
VOLUME vol-00000001
stackops@stackops-dev:~/clouds$ euca-describe-volumes
stackops@stackops-dev:~/clouds$
{code}
{warning}
If you delete a volume you will loose all the data
{warning}
h5. Attach & Detach volumes
Once you have the volume created, you have now to attach it to a running instance:
{code}
stackops@stackops-dev:~/clouds$ euca-create-volume -s2 -znova
VOLUME vol-00000002 2 creating (diego, None, None, None) 2011-03-22 11:18:19.902730
stackops@stackops-dev:~/clouds$ euca-attach-volume vol-00000002 -i i-00000002 -d /dev/vdb
VOLUME vol-00000002
stackops@stackops-dev:~/clouds$ euca-describe-volumes
VOLUME vol-00000002 2 nova in-use (diego, nova-controller, i-00000002[nova-controller], /dev/vdb) 2011-03-22 11:18:19
stackops@stackops-dev:~/clouds$
{code}
You should be able to access to the volume from your running instance.
If you want to detach the volume, then:
{code}
stackops@stackops-dev:~/clouds$ euca-detach-volume vol-00000002
VOLUME vol-00000002
stackops@stackops-dev:~/clouds$ euca-describe-volumes
VOLUME vol-00000002 2 nova available (diego, nova-controller, None, None) 2011-03-22 11:18:19
stackops@stackops-dev:~/clouds$
{code}
h3. The nova-client management tool
nova-client is a command-line tools for interacting with Web services that export a REST/Query-based API compatible with Openstack API v1.1 services. These tools are Openstack Nova API specific. If you run Ubuntu you can install it with apt-get:
{code}
apt-get install python-novaclient
{code}
h5. Load credentials
You need to setup several environment variables pointing to the platform. The script setenv.sh sets them automatically for the 'demo' user:
{code}
NOVA_PROJECT_ID=<<TENANT>>
NOVA_REGION_NAME=<<REGION>>
NOVA_VERSION=1.1
NOVA_USERNAME=<<USERNAME>>
NOVA_API_KEY=<<PASSWORD>>
NOVA_URL=<<KEYSTONE_API_ENTRY_POINT>>
AUTH_TOKEN=<<AUTH_TOKEN>>
{code}
Example:
{code}
NOVA_PROJECT_ID=demo
NOVA_REGION_NAME=nova
NOVA_VERSION=1.1
NOVA_USERNAME=demo
NOVA_API_KEY=password
NOVA_URL=http://127.0.0.1:5000/v2.0/
AUTH_TOKEN=7b0fa8c5-8e8b-45b2-8205-9054954e9015
{code}
All right, now you are ready to manage your project.
h5. Manage disk images
You can list the available images in your zone:
{code}
root@nova-controller:/var/lib/stackops# nova image-list
+----+-----------------------+--------+
| ID | Name | Status |
+----+-----------------------+--------+
| 1 | ubuntu-10.04.2-kernel | ACTIVE |
| 2 | ubuntu-10.04.2 | ACTIVE |
| 3 | windows-2008R2-64 | ACTIVE |
| 4 | ServicioCreado | ACTIVE |
| 5 | snapshot_test | ACTIVE |
+----+-----------------------+--------+
{code}
If you want to show the details of an image:
{code}
root@nova-controller:/var/lib/stackops# nova image-show 3
+----------+-------------------------------------------------------+
| Property | Value |
+----------+-------------------------------------------------------+
| created | 2011-11-13T18:37:20Z |
| id | 3 |
| metadata | {u'min_disk': u'0', u'owner': u'1', u'min_ram': u'0'} |
| name | windows-2008R2-64 |
| progress | 100 |
| status | ACTIVE |
| updated | 2011-11-13T18:50:37Z |
+----------+-------------------------------------------------------+
root@nova-controller:/var/lib/stackops#
{code}
h5. Create a certificate
Some images need a certificate to be managed. To show the existing certificates:
{code}
root@nova-controller:/var/lib/stackops# nova keypair-list
+----------------+-------------------------------------------------+
| Name | Fingerprint |
+----------------+-------------------------------------------------+
| diegotestacens | 7d:6a:2b:76:62:60:4b:79:b4:66:68:96:b9:f8:52:7d |
+----------------+-------------------------------------------------+
root@nova-controller:/var/lib/stackops#
{code}
To create a new certificate:
{code}
root@nova-controller:/var/lib/stackops# nova keypair-add stackopscerttest > stackopscerttest.pem
root@nova-controller:/var/lib/stackops# more stackopscerttest.pem
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDAoaP4nHFNDfbrPH3cRdrFYioTKOBiHawDG2YnrTPKnMyOYnIC
5rPV2C7ZwkrpMezr8q3QPn1JPc/ld1Ufee03TPYzYAeVBDb3Pq0GVCqwiB+cPV7f
dGhh/yQl3vohh3qH0RaxZPRuXrUv/JXL0G9XkOKUcz2dWDdCcjhNSQJIwwIBIwKB
gQCfm9+iGzlOeUjuy7i903rAza3VXGIlaQreAMJbY5/xBZOL6ytEO38QRWilzN77
u6cMpIFjZvoYHUXbYuAhZQZfkpYhy2WBAzD5dc7RhywpSpLki/1R6dUM0whVtxF9
Hj5+TOhyqbJFv9q758R349H8hKE57HagNawljFhqOuQWiwJBAPp73RlJmvP0ftkI
XQ9zVuRo2yL3NcQV1wXEGj98Kn7610rqtrDJOU1VsEMYskcTyUawU7T2pJtVKfuf
yKT6XIECQQDE36A/m792Vs+8+oBAeTl12VT+sYSe8E9byL6oEJT+euMghjKGQmVN
IotJflPgVUvfF2TEM2OE7wWhE1PhXpNDAkEApJqJ+qy2SIq5wdJLyFMb1+0iSi1s
eYqx3ze5ei0F+6wnE/lTe3zrJDD+zQGZua3qqsukuL9WOjCmj2kAMeZaCwJAX5/R
ffsxHDjLTSk2+r6Jn6QTVyMF5sx+USb9hNTap32EQv9aXngFUVnr4d5F/z9fXbrn
zQMEc8SNtKL82y3vwQJAGD8Ds9HIzIAK0f4ETBG2eXfUTLhHKQJ7AMDsnQJlKQ6R
VNeXfYzdhIBd1GvoT2vqHDrA2ROZlNFtHdgCgIY0uw==
-----END RSA PRIVATE KEY-----
root@nova-controller:/var/lib/stackops# {code}
The private key is now stored in the file stackopscerttest.pem. You have to use it when launching an image with the capability to inject keys.
If you want to delete a certificate, you have to:
{code}
root@nova-controller:/var/lib/stackops# nova keypair-list
+------------------+-------------------------------------------------+
| Name | Fingerprint |
+------------------+-------------------------------------------------+
| diegotestacens | 7d:6a:2b:76:62:60:4b:79:b4:66:68:96:b9:f8:52:7d |
| stackopscerttest | da:fb:f7:1e:0c:14:32:bb:b1:31:86:7f:12:8f:fb:54 |
| stackopstest | 11:51:ce:43:a5:89:7d:92:b7:dd:4e:33:13:ba:a1:a2 |
+------------------+-------------------------------------------------+
root@nova-controller:/var/lib/stackops# nova keypair-delete stackopstest
root@nova-controller:/var/lib/stackops# nova keypair-list
+------------------+-------------------------------------------------+
| Name | Fingerprint |
+------------------+-------------------------------------------------+
| diegotestacens | 7d:6a:2b:76:62:60:4b:79:b4:66:68:96:b9:f8:52:7d |
| stackopscerttest | da:fb:f7:1e:0c:14:32:bb:b1:31:86:7f:12:8f:fb:54 |
+------------------+-------------------------------------------------+
root@nova-controller:/var/lib/stackops#
{code}
h5. Manage instances
Let's launch our first instance. The instance will be of type m1.tiny:
{code}
root@nova-controller:/var/lib/stackops# nova flavor-list
+----+-----------+-----------+------+----------+-------+------------+----------+
| ID | Name | Memory_MB | Swap | Local_GB | VCPUs | RXTX_Quota | RXTX_Cap |
+----+-----------+-----------+------+----------+-------+------------+----------+
| 1 | m1.tiny | 512 | 0 | 0 | 1 | 0 | 0 |
| 2 | m1.small | 2048 | 0 | 20 | 1 | 0 | 0 |
| 3 | m1.medium | 4096 | 0 | 40 | 2 | 0 | 0 |
| 4 | m1.large | 8192 | 0 | 80 | 4 | 0 | 0 |
| 5 | m1.xlarge | 16384 | 0 | 160 | 8 | 0 | 0 |
+----+-----------+-----------+------+----------+-------+------------+----------+
root@nova-controller:/var/lib/stackops# nova boot --flavor 1 --image 2 --key_name stackopscerttest stackopsdoctest
+--------------+--------------------------------------+
| Property | Value |
+--------------+--------------------------------------+
| accessIPv4 | |
| accessIPv6 | |
| adminPass | of7KdX9Lb4y8WYz5 |
| config_drive | |
| created | 2011-11-28T21:33:49Z |
| flavor | m1.tiny |
| hostId | |
| id | 10 |
| image | ubuntu-10.04.2 |
| key_name | stackopscerttest |
| metadata | {} |
| name | stackopsdoctest |
| progress | 0 |
| status | BUILD |
| tenant_id | 2 |
| updated | 2011-11-28T21:33:49Z |
| user_id | demo |
| uuid | 2ef63190-3e02-4d07-84ad-7915833381a4 |
+--------------+--------------------------------------+
root@nova-controller:/var/lib/stackops#
{code}
As you can see the instance is being created. It can take from a few seconds to minutes. If you want to know the status of the instantiation, then you have to execute:
{code}
root@nova-controller:/var/lib/stackops# nova list
+----+-----------------------+--------+------------------+
| ID | Name | Status | Networks |
+----+-----------------------+--------+------------------+
| 7 | WindowsTest | ACTIVE | service=10.0.0.2 |
| 8 | turiroturiro | ACTIVE | service=10.0.0.3 |
| 9 | For_snapshotting_test | ACTIVE | service=10.0.0.4 |
| 10 | stackopsdoctest | ACTIVE | service=10.0.0.5 |
+----+-----------------------+--------+------------------+
{code}
If you want to show the details of a server:
{code}
root@nova-controller:/var/lib/stackops# nova show 10
+-----------------+----------------------------------------------------------+
| Property | Value |
+-----------------+----------------------------------------------------------+
| accessIPv4 | |
| accessIPv6 | |
| config_drive | |
| created | 2011-11-28T21:33:49Z |
| flavor | m1.tiny |
| hostId | 63fe8bca8f9f8619e3cf51ed583603e24b99c0e6bdc796f8e6f5bbd0 |
| id | 10 |
| image | ubuntu-10.04.2 |
| key_name | stackopscerttest |
| metadata | {} |
| name | stackopsdoctest |
| progress | 100 |
| service network | 10.0.0.5 |
| status | ACTIVE |
| tenant_id | 2 |
| updated | 2011-11-28T21:33:55Z |
| user_id | demo |
| uuid | 2ef63190-3e02-4d07-84ad-7915833381a4 |
+-----------------+----------------------------------------------------------+
root@nova-controller:/var/lib/stackops#
{code}
Great! The instance is now running. As you can see the IP assigned is from the fixed private range. You need to configure the network for your project.
If you want to terminate (shutdown and delete) the instance, then you have to:
{code}
root@nova-controller:/var/lib/stackops# nova delete 10
root@nova-controller:/var/lib/stackops# nova show 10
No server with a name or ID of '10' exists.
root@nova-controller:/var/lib/stackops# nova list
+----+-----------------------+--------+------------------+
| ID | Name | Status | Networks |
+----+-----------------------+--------+------------------+
| 7 | WindowsTest | ACTIVE | service=10.0.0.2 |
| 8 | turiroturiro | ACTIVE | service=10.0.0.3 |
| 9 | For_snapshotting_test | ACTIVE | service=10.0.0.4 |
+----+-----------------------+--------+------------------+
root@nova-controller:/var/lib/stackops#
{code}
h5. Firewall rules
You now need to ensure that you can access any instances that you launch via SSH as a minimum (as well as being able to ping) for this environment as my “default” security group.
{code}
root@nova-controller:/var/lib/stackops# nova secgroup-list
+---------+-------------+
| Name | Description |
+---------+-------------+
| default | default |
+---------+-------------+
root@nova-controller:/var/lib/stackops# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 22 | 22 | 0.0.0.0/0 | |
| tcp | 3389 | 3389 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
{code}
Let's open port 80 from all internet:
{code}
root@nova-controller:/var/lib/stackops# nova secgroup-add-rule default tcp 80 80 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 80 | 80 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
{code}
Now let's allow traffic from ICMP (Ping) from internet:
{code}
root@nova-controller:/var/lib/stackops# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
{code}
And now we are going to list the rules of 'default' group:
{code}
root@nova-controller:/var/lib/stackops# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
| tcp | 22 | 22 | 0.0.0.0/0 | |
| tcp | 80 | 80 | 0.0.0.0/0 | |
| tcp | 3389 | 3389 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
root@nova-controller:/var/lib/stackops#
{code}
h5. Associate & disassociate Public IPs to instances
You have to associate a Public IP address to your instance to be accessible from outside. The process is very simple. First you have to allocate a new IP. This guarantees this IP is for you and nobody else is going to use it.
If we want to list the current list of floating ips that I can use:
{code}
root@nova-controller:/var/lib/stackops# nova floating-ip-list
+----------------+-------------+----------+
| Ip | Instance Id | Fixed Ip |
+----------------+-------------+----------+
| 217.116.21.202 | None | None |
| 217.116.21.203 | None | None |
| 217.116.21.204 | None | None |
+----------------+-------------+----------+
{code}
If we need to reserver more floating IPs, we can use this command:
{code}
root@nova-controller:/var/lib/stackops# nova floating-ip-create
+----------------+-------------+----------+
| Ip | Instance Id | Fixed Ip |
+----------------+-------------+----------+
| 217.116.21.205 | None | None |
+----------------+-------------+----------+
root@nova-controller:/var/lib/stackops#
{code}
The platform has allocated for us the IP 217.116.21.205 now. Now we have to associate this IP to a running instance:
{code}
root@nova-controller:/var/lib/stackops# nova add-floating-ip stackopsdoctest 217.116.21.205
root@nova-controller:/var/lib/stackops# nova floating-ip-list
+----------------+-------------+----------+
| Ip | Instance Id | Fixed Ip |
+----------------+-------------+----------+
| 217.116.21.202 | None | None |
| 217.116.21.203 | None | None |
| 217.116.21.204 | None | None |
| 217.116.21.205 | 10 | 10.0.0.5 |
+----------------+-------------+----------+
root@nova-controller:/var/lib/stackops#
{code}
And now the instance is reachable from internet:
{code}
MacBook-Air-de-Diego-Parrilla:~ diego$ ping 217.116.21.205
PING 217.116.21.205 (217.116.21.205): 56 data bytes
64 bytes from 217.116.21.205: icmp_seq=0 ttl=54 time=55.562 ms
64 bytes from 217.116.21.205: icmp_seq=1 ttl=54 time=40.903 ms
64 bytes from 217.116.21.205: icmp_seq=2 ttl=54 time=43.803 ms
64 bytes from 217.116.21.205: icmp_seq=3 ttl=54 time=42.882 ms
64 bytes from 217.116.21.205: icmp_seq=4 ttl=54 time=42.709 ms
^C
--- 217.116.21.205 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 40.903/45.172/55.562/5.279 ms
MacBook-Air-de-Diego-Parrilla:~ diego$ ssh -i stackopscerttest.pem ubuntu@217.116.21.205
The authenticity of host '217.116.21.205 (217.116.21.205)' can't be established.
RSA key fingerprint is 79:d2:91:58:4e:b3:02:b6:83:96:d0:06:64:1a:fa:f0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '217.116.21.205' (RSA) to the list of known hosts.
Linux stackopsdoctest 2.6.32-34-server #77-Ubuntu SMP Tue Sep 13 20:54:38 UTC 2011 x86_64 GNU/Linux
Ubuntu 10.04.3 LTS
Welcome to the Ubuntu Server!
* Documentation: http://www.ubuntu.com/server/doc
System information as of Mon Nov 28 22:02:10 UTC 2011
System load: 0.0 Processes: 63
Usage of /: 44.5% of 1.35GB Users logged in: 0
Memory usage: 7% IP address for eth0: 10.0.0.5
Swap usage: 0%
Graph this data and manage this system at https://landscape.canonical.com/
---------------------------------------------------------------------
At the moment, only the core of the system is installed. To tune the
system to your needs, you can choose to install one or more
predefined collections of software by running the following
command:
sudo tasksel --section server
---------------------------------------------------------------------
0 packages can be updated.
0 updates are security updates.
Get cloud support with Ubuntu Advantage Cloud Guest
http://www.ubuntu.com/business/services/cloud
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
ubuntu@stackopsdoctest:~$
{code}
if you want to disassociate from the running instance execute:
{code}
root@nova-controller:/var/lib/stackops# nova remove-floating-ip stackopsdoctest 217.116.21.205
root@nova-controller:/var/lib/stackops# nova floating-ip-list
+----------------+-------------+----------+
| Ip | Instance Id | Fixed Ip |
+----------------+-------------+----------+
| 217.116.21.202 | None | None |
| 217.116.21.203 | None | None |
| 217.116.21.204 | None | None |
| 217.116.21.205 | None | None |
+----------------+-------------+----------+
root@nova-controller:/var/lib/stackops#
{code}
and to return the IP to the pool:
{code}
root@nova-controller:/var/lib/stackops# nova floating-ip-delete 217.116.21.205
root@nova-controller:/var/lib/stackops# nova floating-ip-list
+----------------+-------------+----------+
| Ip | Instance Id | Fixed Ip |
+----------------+-------------+----------+
| 217.116.21.202 | None | None |
| 217.116.21.203 | None | None |
| 217.116.21.204 | None | None |
+----------------+-------------+----------+
root@nova-controller:/var/lib/stackops#
{code}
h5. Create & destroy volumes
h5. Attach & Detach volumes
h3. Glance management
Glance official documentation is absolutely awesome. We strongly recommend to read the chapter dedicated to the CLI [http://docs.openstack.org/diablo/openstack-image-service/admin/content/using-the-glance-cli-tool.html]
h3. Horizon dashboard
StackOps support of Horizon dashboard is experimental. Use it at your own risk.
h3. More information
You can find more information in the [official Openstack documentation site|http://docs.openstack.org] and the [Openstack Wiki|http://wiki.openstack.org/].