Once OpenStack is installed, we need to do a certain steps before we start the instance for the first time.
Networks
There are 2 types of networks in OpenStack.
- Private network consisting of fixed IPs
- Public network consisting of floating IPs
Private network: Private network consists of Fixed IPs which are not changeable and cannot be reached from outside of OpenStack. We need to create a private network initially, without which the instances won’t start.
Create an internal network named n1
neutron net-create n1
Output:
Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 64a63540-2b63-4e65-985e-d305249b306a | | mtu | 0 | | name | n1 | | provider:network_type | vlan | | provider:physical_network | Intnet1 | | provider:segmentation_id | 106 | | router:external | False | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 368cd577df1541ec8532b1034a1e1a7a | +---------------------------+--------------------------------------+
Create a subnet associated with the network named n1 with CIDR 192.168.1.0/24
neutron subnet-create --name sn1 n1 192.168.1.0/24
Output:
Created a new subnet: +-------------------+--------------------------------------------------+ | Field | Value | +-------------------+--------------------------------------------------+ | allocation_pools | {"start": "192.168.1.2", "end": "192.168.1.254"} | | cidr | 192.168.1.0/24 | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 192.168.1.1 | | host_routes | | | id | 51030319-0e40-403f-bfd8-a693a8f5177f | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | sn1 | | network_id | 64a63540-2b63-4e65-985e-d305249b306a | | subnetpool_id | | | tenant_id | 368cd577df1541ec8532b1034a1e1a7a | +-------------------+--------------------------------------------------+
Public network:Public network consists of floating IPs which are changeable and can be reached. We would need to attach the floating IP for us to connect to an instance, however we can start an instance without a floating IP.
Create a shared public network named en1
neutron net-create en1 --router:external=True --shared --provider:network_type flat --provider:physical_network External
Output:
Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 25d368a0-e13f-4033-a60f-13f23c68b33f | | mtu | 0 | | name | en1 | | provider:network_type | flat | | provider:physical_network | External | | provider:segmentation_id | | | router:external | True | | shared | True | | status | ACTIVE | | subnets | | | tenant_id | 368cd577df1541ec8532b1034a1e1a7a | +---------------------------+--------------------------------------+
Create a subnet named sen1 associated with the public network created just now.
neutron subnet-create --name sen1 --allocation-pool start=10.0.0.190,end=10.0.0.199 en1 10.0.0.0/24
Created a new subnet: +-------------------+--------------------------------------------------+ | Field | Value | +-------------------+--------------------------------------------------+ | allocation_pools | {"start": "10.0.0.190", "end": "10.0.0.199"} | | cidr | 10.0.0.0/24 | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 10.0.0.1 | | host_routes | | | id | aefea88e-d99c-4ee5-90ab-8716ff1f4b92 | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | sen1 | | network_id | 25d368a0-e13f-4033-a60f-13f23c68b33f | | subnetpool_id | | | tenant_id | 368cd577df1541ec8532b1034a1e1a7a | +-------------------+--------------------------------------------------+
Create a router named r1
neutron router-create r1
Output:
Created a new router: +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | admin_state_up | True | | distributed | False | | external_gateway_info | | | ha | False | | id | ff852a81-c9de-4eef-bc66-c682480ceb98 | | name | r1 | | routes | | | status | ACTIVE | | tenant_id | 368cd577df1541ec8532b1034a1e1a7a | +-----------------------+--------------------------------------+
In order to reach the instances, the packets should be routed from the external network to internal network.
Set the gateway for the router i.e. the external network has to be configured as the gateway for the router.
neutron router-gateway-set r1 en1
Output:
Set gateway for router r1
Add the subnet from the internal network as one of the interfaces of router.
neutron router-interface-add r1 sn1
Output:
Added interface dac59d6d-d30f-4637-b755-5f89cfa1c4aa to router r1.
Security Groups
Now that the network related initiations are done, we need to do some configurations in the security groups.
Create a new security group named sg1
neutron security-group-create sg1
Output:
Created a new security_group: +----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | description | | | id | 06adc483-3c81-4afe-89b6-01013124709e | | name | sg1 | | security_group_rules | {"remote_group_id": null, "direction": "egress", "remote_ip_prefix": null, "protocol": null, "tenant_id": "368cd577df1541ec8532b1034a1e1a7a", "port_range_max": null, "security_group_id": "06adc483-3c81-4afe-89b6-01013124709e", "port_range_min": null, "ethertype": "IPv4", "id": "ad26c321-ffb5-421d-9d21-343fa673abbf"} | | | {"remote_group_id": null, "direction": "egress", "remote_ip_prefix": null, "protocol": null, "tenant_id": "368cd577df1541ec8532b1034a1e1a7a", "port_range_max": null, "security_group_id": "06adc483-3c81-4afe-89b6-01013124709e", "port_range_min": null, "ethertype": "IPv6", "id": "2d841f7a-0f7e-477d-8365-77e90ffb50fc"} | | tenant_id | 368cd577df1541ec8532b1034a1e1a7a | +----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Create a new rule for the security group “sg1”
neutron security-group-rule-create --protocol icmp sg1
Output:
Created a new security_group_rule: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | direction | ingress | | ethertype | IPv4 | | id | 56779cec-b630-4379-b6b0-b181aed74c97 | | port_range_max | | | port_range_min | | | protocol | icmp | | remote_group_id | | | remote_ip_prefix | | | security_group_id | 06adc483-3c81-4afe-89b6-01013124709e | | tenant_id | 368cd577df1541ec8532b1034a1e1a7a | +-------------------+--------------------------------------+
We need ssh access to the instance. Hence we need to create a new rule for ssh i.e. port number 22.
Create a new rule to allow TCP port 22
neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 sg1
Output:
Created a new security_group_rule: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | direction | ingress | | ethertype | IPv4 | | id | 7c9d7670-febc-46ee-af96-c863b14cc8f9 | | port_range_max | 22 | | port_range_min | 22 | | protocol | tcp | | remote_group_id | | | remote_ip_prefix | | | security_group_id | 06adc483-3c81-4afe-89b6-01013124709e | | tenant_id | 368cd577df1541ec8532b1034a1e1a7a | +-------------------+--------------------------------------+
The security group configurations are now done.
Let’s start the instance now.
nova net-list
Note down the ID of “n1” i.e. 64a63540-2b63-4e65-985e-d305249b306a in this case.
+--------------------------------------+-------+------+ | ID | Label | CIDR | +--------------------------------------+-------+------+ | 25d368a0-e13f-4033-a60f-13f23c68b33f | en1 | None | | 64a63540-2b63-4e65-985e-d305249b306a | n1 | None | +--------------------------------------+-------+------+
Start the instance using the following command
nova boot --flavor m1.tiny --image cirros --security-groups sg1 --nic net-id=64a63540-2b63-4e65-985e-d305249b306a instance1
Output:
+--------------------------------------+-----------------------------------------------+ | Property | Value | +--------------------------------------+-----------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-SRV-ATTR:host | - | | OS-EXT-SRV-ATTR:hypervisor_hostname | - | | OS-EXT-SRV-ATTR:instance_name | instance-0000000c | | OS-EXT-STS:power_state | 0 | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | - | | OS-SRV-USG:terminated_at | - | | accessIPv4 | | | accessIPv6 | | | adminPass | NpVcRfe2EKqv | | config_drive | | | created | 2015-11-09T08:10:35Z | | flavor | m1.tiny (1) | | hostId | | | id | cbe14deb-044b-4432-9cc7-1114360269a2 | | image | cirros (09677e94-0fe1-43f3-b78f-b556b3aed0f7) | | key_name | - | | metadata | {} | | name | instance1 | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | security_groups | sg1 | | status | BUILD | | tenant_id | 368cd577df1541ec8532b1034a1e1a7a | | updated | 2015-11-09T08:10:36Z | | user_id | 7826014e70ae49658fb995cef359f0ab | +--------------------------------------+-----------------------------------------------+
List down the instances
nova list
Output:
+--------------------------------------+-----------+--------+------------+-------------+-------------------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+-----------+--------+------------+-------------+-------------------------------+ | f29deb2e-eb1f-4fd9-8bac-2cdf94444308 | Ubuntu | ACTIVE | - | Running | n1=192.168.1.12, 10.0.0.193 | | fe1d7b60-3b8b-478f-ae68-05c43d82ff96 | cirros | ACTIVE | - | Running | n1=192.168.1.13, 10.0.0.192 | | cbe14deb-044b-4432-9cc7-1114360269a2 | instance1 | ACTIVE | - | Running | n1=192.168.1.14 | +--------------------------------------+-----------+--------+------------+-------------+-------------------------------+
Create a new floating IP from the external network en1
nova floating-ip-create en1
Output:
+--------------------------------------+--------------+-----------+----------+------+ | Id | IP | Server Id | Fixed IP | Pool | +--------------------------------------+--------------+-----------+----------+------+ | 4844f4a4-74ce-449f-917c-e90c7cbc33fa | 10.0.0.194 | - | - | en1 | +--------------------------------------+--------------+-----------+----------+------+
Now associate the IP ‘10.0.0.194’ to ‘instance1’ with fixed IP ‘192.168.1.14’
nova floating-ip-associate --fixed-address 192.168.1.14 instance1 10.0.0.194
Now that the IP ‘10.0.0.194’ is attached to the instance ‘instance1’, it can be reached via command line.Use the following command to connect to the instance.
ssh cirros@10.0.0.194