| # Use the 'user' credentials | |
| source ~/credentials/user | |
| # List the type of volumes available to your tenant | |
| cinder type-list | |
| # Create a new volume with the type SATA specified | |
| cinder create 1 --display-name MyFirstVolume --volume-type SATA | |
| # Boot an instance to attach volume to | |
| nova boot --image Cirros --flavor m1.micro MyVolumeInstance | |
| # List instances, notice status of instance | |
| nova list | |
| # List volumes, notice status of volume | |
| cinder list | |
| # Store the volume ID in an environment variable | |
| VOLUME_ID=`cinder list | awk '/ MyFirstVolume / { print $2 }'` | |
| # Attach volume to instance after instance is active, and volume is available | |
| # You will need to fill in the correct instance-id and volume-id as shown below | |
| # You can also use the instance name if it is unique | |
| nova volume-attach MyFirstVolume $VOLUME_ID auto | |
| # View volumes available to nova | |
| # Compare to the information shown with 'cinder list' | |
| nova volume-list | |
| # Get VNC console URL for instance | |
| # Copy the URL into a browser and log in | |
| # Username is 'cirros', password is 'cubswin:)' | |
| nova get-vnc-console MyVolumeInstance novnc | |
| #################################################### | |
| # Commands below are only executed on the instance # | |
| #################################################### | |
| # Display storage devices | |
| sudo fdisk -l | |
| # Make filesystem on volume | |
| sudo mkfs.ext3 /dev/vdb | |
| # Create a mountpoint | |
| sudo mkdir /extraspace | |
| # Mount the volume at the mountpoint | |
| sudo mount /dev/vdb /extraspace | |
| # Create a file on the volume | |
| sudo touch /extraspace/helloworld.txt | |
| sudo ls /extraspace | |
| # Unmount the volume | |
| sudo umount /extraspace | |
| # Log out of instance | |
| exit | |
| # Close VNC console window | |
| #################################################### | |
| #################################################### | |
| # Detach volume from instance | |
| nova volume-detach MyVolumeInstance $VOLUME_ID | |
| # List volumes, notice status of volume | |
| cinder list | |
| # Delete instance | |
| nova delete MyVolumeInstance | |
| ##################################################### | |
| #*****CHALLENGE***** # | |
| ##################################################### | |
| # Login to Horizon at http://192.237.148.185/horizon# | |
| # Log in using your 'openstack#' credentials # | |
| # Attach the volume to the instance MyFirstInstance # | |
| # Go to the VNC console tab for the instance # | |
| # Login to the instance # | |
| # Make a directory to mount the volume to # | |
| # Mount the volume # | |
| # Verify the file helloworld.txt exists # | |
| # Unmount the volume # | |
| # Detach the volume from the instance in Horizon # | |
| # Delete the instances # | |
| ##################################################### |
B
Material for workshop:
Our planning material: Our notes: https://etherpad.rax.io/p/fromzerotonova workshop materials for students:
openstack100 n0tK3ystone
For students: Horizon: 192.237.148.185 Command line (ssh): login: openstack55 – openstack60; pass: keyston3Glanc3Nov4
The user(s) for your openstack credentials are: myuser myadmin
| # Use the 'user' credentials | |
| source ~/credentials/user | |
| # There is an existing cirros-qcow2 image availabe in ~/images | |
| cd ~/images | |
| ls -l | |
| # There is an existing 'public' image available through the glance image service | |
| glance image-list | |
| # Register a new qcow2 image that is only available to your tenant | |
| glance image-create --name "my-cirros-qcow2" --disk-format qcow2 --container-format bare --is-public False --file ~/images/cirros-0.3.1-x86_64-disk.img | |
| # List the available images for your tenant | |
| glance image-list | |
| # Examine details of the available images | |
| glance image-show my-cirros-qcow2 | |
| glance image-show Cirros |
| C | |
| # Take a look at your credential files | |
| cat ~/credentials/user | |
| # Use the provided credentials | |
| source ~/credentials/user | |
| ######################################################################## | |
| # Use the keystone 'help' feature # | |
| # Notice under the 'Optional arguments' the 'env[OS_ ]' values listed # | |
| # Example: # | |
| # --os-username <auth-user-name> # | |
| # Name used for authentication with the OpenStack # | |
| # Identity service. Defaults to env[OS_USERNAME] # | |
| # # | |
| # You can either pass the option to the keystone client or set an # | |
| # environment variable. The credential files are setting the # | |
| # environment variables required to authenicate with keystone. # | |
| ######################################################################## | |
| # Use the keystone help to see the usage for the 'user-role-list' option | |
| # You can use the 'help' feature with all of the command line clients | |
| keystone help user-role-list | |
| # Find out where keystone resides and what client version it supports | |
| keystone discover | |
| # List the service catalog | |
| keystone catalog | |
| # Get the public URL for the volume service | |
| keystone endpoint-get --service volume | |
| # Retrieve a new token for your user | |
| keystone token-get |
| # Use the 'user' credentials | |
| source ~/credentials/user | |
| # Create a new network and subnet | |
| neutron net-create private | |
| neutron subnet-create --name private-subnet private 10.0.0.0/29 | |
| # List network and subnet | |
| neutron net-list | |
| neutron subnet-list | |
| # Examine details of network and subnet | |
| neutron net-show private | |
| neutron subnet-show private-subnet |
| D | |
| # Use the 'user' credentials | |
| source ~/credentials/user | |
| # List images | |
| nova image-list | |
| # List flavors | |
| nova flavor-list | |
| # Boot an instance using flavor and image names (if names are unique) | |
| nova boot --image Cirros --flavor 1 MyFirstInstance | |
| # List instances, notice status of instance | |
| nova list | |
| # Show details of instance | |
| nova show MyFirstInstance | |
| # View console log of instance | |
| nova console-log MyFirstInstance | |
| # Get VNC console URL for first instance | |
| # Copy the URL into a browser and log in | |
| # Username is 'cirros', password is 'cubswin:)' | |
| nova get-vnc-console MyFirstInstance novnc | |
| # Delete the instance | |
| nova delete MyFirstInstance | |
| # List available instances, notice status of the deleted instance | |
| nova list |
A
Schedule for the workshop: Angela: kicking it off with an outline, welcoming message, intros, lab setup (15 minutes for setup and terminal and ssh client) Iccha: give the overview of what is OpenStack-- very brief overview. Dana: lead folks through the Horizon and leading people through exploration of Horizon Egle: will be logging into command line (terminal ssh) to show people how to do it. Wrap-up: more challenges exercises, the environment will be up for another day. Want to try more, download download OpenStack appliance
If they want help, go to this place for #openstack101 Go here for more trainin resources: http://docs.openstack.org/
Angela notes: our lab is openstack on openstack (make Inception reference) We're giving students User access, not admin access. We provided a virtual box appliance if you'd like to download for home. You'll have your own login and tenant for this workshop. we have 99 logins -- volunteers will have the slips of paper with the logins we have 50 USB keys. Before they leave, hand out the rest
Dana notes: when I start, pull up the workshop URL. At the end of the Horizon section, tell the students "go ahead and let's clean your environment" You must delete the network you created and the instances. You can leave in the images.
We're going to go over these exact same steps on the command line.
The network is set up to be self-contained in the cloud but it is patched to go out to the world
Iccha notes: compute is the crux, spin up machines. Using Nova is the first point of contact for most calls swift is for object storage, snapshots go into storage, distributed storage. Glance is the images catalog, in which location your images are stored. Neutron is the networking component, if you want instances to talk to each other. Keystone provides authentication
Remaining tasks:
You all have your own projects. How are we defining a project? What exactly does that mean? This is essentially your own cloud account. Through this account, you have access to a pool of shared resources. They accounts are isolated from each other, and by that I mean you can't see your neighbors consumption of resources and your neighbor can't see your consumption of resources. If you spin up a VM, your neighbor can't see your VM or log in to your VM (unless you share that). The resources you create are isolated. If you create a volume, those are not available. No body else can see them or use them.
Depending on the distro that you install it from you might see differet branding, the ubuntu branding, but you can use the default openStack branding. Lots of companies that use OpenStack replace the logo with their own corporate branding.
Admin dash: hypervisor tab: these are the compute hosts and the available resources in our environment. (refer to Angela's intro) we don't have any instances right now, but in a few minutes I'll show you all what you've created-- woo-hoo!
networks: before we spin a vm, there are a couple things we have to have. You have to have a netowrk. We already have a shared publicnetwork that all of you have access to. You can't spin up a VM without a network. Without a network, there's no way for the differnt components of OpenStack to communicate. YOu must also have an images to base your VM off of. We've already registerd an image for you in Glance and made it available publically it's share. If you go to your images tab you can see this.
this is a custom flavor that we've created for this environment because we have limited resouace.
you'll see instances spinning up on the same compute host. We have a shared pool of resources.
While we're waiting for these instances to spin up, let's go on to the next step.
we've set quotas for you. and if you look at the top of your dashboard, you'll see what resources you've allocated. You'll notice that my quote is much higher, this is myadmin is higher.
It's not a log of the activities of building the VM; it's a console log. You won't see it until the machine is built. You can look at the log and see the assignment of the ip address. We can look at the instance dashboard and see the VMs as they're being built.
we spun up a 100 from one tenant, but others might do it from other tenants
Assignment of IP addresses: click on network tab to show the subnets and talk about the range of IP addresses assigned.
QCOW2 - QEMU -- an emulator
Glance is just a catalog. It stores it. It just registers it. If you do somethine wrong here. Glance won't tell you. You won't notice until you try to launch an instance.
Have the Virtual Box running. If I'm trying to demo it, have it ready and logged it. I'm going to go ahead and keep demoing. [have this logged in and ready to go]
If you make your image public, everyone using this cloud sees it and can use it. If you protect it only you can see it.
**Container, are we specifying a container format? the default is bare.
Glance doesn't know if the image is crap or good. It doesn't know if you've described it correctly or not.
We've specified these drive types. This is a new feature in Havana. Only admins (cloud providers can do that).
Download the RC file and interact with the cloud from the Python OpenStack clients.
Step 3: Create a volume and attach is to your instance.
Learning OpenStack
getting started with devstack
Join the community
devstack is installed from trunk using git, the latest committed code
swift-object storage, making api calls, content in, content out, very little metadata about the content
if you're an application developer, you wouldn't be doing it this way, using dashboard or commandline. You'd be making api calls, using an SDK to do it within your application
the admin is the superuser that conrols each tenant can have an admin that controls the resources assigned to that particular tenant
you can usually use tenant and project interchangably
tenant-- command line project -- web interface
a tenant is a grouping of resources a user is added to a tenant by way of a role
a user can be a member of multiple tenants and have multiple roles
keystone points you to all the other resources, you don't have to maintain a list of components for your end users, it's maintained in keystone
keystonerc file-- puts all your environment variables in your shell so that you are authenticated [fix this language] source it so the environment variables are set there is a section in the Borizon portion of the workshop where you can pull the rc file
Questions about adding users? should we address this? [check with Angela] In horizon, I can show the folks in the class that you're all my users
all services, like users, have to be authenticated
neutron -- networking as a service, it's isolated. You can isolate these instances so that tenant A can't talk to tenant B unless you've allowed it
networking is by far the most complicated part of openstack
openstack and openstack (one is bare metal, nodes are physical servers)
you have different nodes to separate your services
how do we connect the outside world to this netwrok (adding a port to open vswitch) ?
networking is all about communicating with the instance allow external access?
at scale, you wouldn't be using gui.
underlying networking infrastructure that the instances will use. the users would nver worry about this
networking, bridge device setting up security at the vm level
external networks can only be added by the admin
| E | |
| # Use the 'user' credentials | |
| source ~/credentials/user | |
| # Show stats (containers, objects, etc) | |
| swift stat | |
| # Create a container | |
| swift post mycontainer | |
| # Verify the container exists | |
| swift list | |
| # Create a file | |
| cat > test.txt <<EOF | |
| This is a test swift file... | |
| EOF | |
| # Upload an object to the container | |
| swift upload mycontainer test.txt | |
| # Download (and view) the file | |
| swift download mycontainer test.txt -o - |