Minimal OpenStack Starting Your OpenStack Journey Sean Dague / Aug 19th, 2015 Twitter: @sdague Blog: dague.net
The Mission of OpenStack "To produce the ubiquitous Open Source Cloud Computing platform that will meet the needs of public and private clouds regardless of size, by being simple to implement and massively scalable."
Things you probably don't need in your basement Hadoop as a Service SDN Integration DNS manager Policy Enforcement Object storage layer Orchestration Layer Chargeback Kubernetes deployer Integration with Enterprise Storage But, you can layer them in later once you have a Minimal OpenStack
My First OpenStack 1 Intel/AMD CPU 8 GB Ram 250+ GB Disk 1 Gbs Network Read OpenStack Install Guide Follow sections 2, 3, 4, 5 and 6.2 for your favorite distro For multiple servings follow sections 5 and 6.2 again Makes 1 compute cloud. Good for long running or ephermeral VMs. Variations: * Increase RAM for more guests 2 hrs 4
2 3 hours process Read Carefully! "Create Exclusive Slice"
Caveat on Networking Nova Network Neutron Original Networking New Network Stack Easy to set up More network centric API Limited API Allows Tenant Self Service Networking Long Term Direction for OpenStack My Current Recommendation (based on Kilo documentation): Start with Nova Network to get comfortable Rebuild with Neutron later if your intent is to expand substantially Liberty documentation should make Neutron base easier to get started with
Nova Network Multihost messages back and forth to prevent collisions 10.64.0.0/24 dnsmasq.1 Router.2 dnsmasq.6.5 Controller + Worker Linux Bridge.2.4 Worker Linux Bridge.7
Cheating and Sharing an L2 messages back and forth to prevent collisions 10.64.0.0/24 10.64.0.128/25 dnsmasq.1 Router.129/25.130 dnsmasq.131.129/25.132 Controller + Worker Worker Linux Bridge Linux Bridge.50/24.51/24 Through the magic of Linux Networking.133
Networking at Home
A 2 node basement cloud Keystone Glance /disk mysql Controller + Worker Nova rabbitmq Nova /disk Worker Only
Compute Flow Base Image Flavor First Boot Built from disk on first boot. Exists until destroy. Persistent Disk clout-init: typically shipped in cloud images customizes on first boot Config Drive Ephemeral Disk Like "T-Shirt Sizes" Each defines CPU, Mem, Disk, and other attrs of final VM Freshly created on every boot. Common Actions: create/delete start/stop resize snapshot locking Metadata Server
OpenStack Client Unified openstack cli Replaces most of nova/keystone/glance cli usage Far more consistent in experience Installable via apt/yum/pip Put it on your laptop Access any OpenStack via setting env variables ribos:~> more demo-openrc.sh export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=demo export OS_TENANT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=0penstack export OS_AUTH_URL=http://10.42.0.51:5000/v3 export OS_REGION_NAME=RegionOne
Your first OpenStack > source admin-openrc.sh # credentials > openstack image create --copy-from \ https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img \ --public trusty # image available to all users > > > # source demo-openrc.sh # drop back to normal user openstack security group rule create --proto icmp --src-ip 0.0.0.0/0 --dst-port -1 default openstack security group rule create --proto tcp --src-ip 0.0.0.0/0 --dst-port 22 default sshable security group out of the box > openstack keypair create public-key.ssh/id_rsa.pub my_sshkey # add a keypair so you can ssh to servers > openstack server create --flavor m1.medium --image trusty --keypair my_sshkey \ server1 --wait # boot your first server, wait until done > ssh ubuntu@{ip} # profit!
Getting an Image OpenStack Client User + Project + Password Keystone Token POST /images Token Glance HTTP Pull
Your first OpenStack > source admin-openrc.sh # credentials > openstack image create --copy-from \ https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img \ --public trusty # image available to all users > > > # source demo-openrc.sh # drop back to normal user openstack security group rule create --proto icmp --src-ip 0.0.0.0/0 --dst-port -1 default openstack security group rule create --proto tcp --src-ip 0.0.0.0/0 --dst-port 22 default sshable security group out of the box > openstack keypair create public-key.ssh/id_rsa.pub my_sshkey # add a keypair so you can ssh to servers > openstack server create --flavor m1.medium --image trusty --keypair my_sshkey \ server1 --wait # boot your first server, wait until done > ssh ubuntu@{ip} # profit!
Security Groups 10.64.0.0/24 dnsmasq.2.6.5 Default host level firewall preventing all inbound.1 Router Controller + Worker Linux Bridge
Your first OpenStack > source admin-openrc.sh # credentials > openstack image create --copy-from \ https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img \ --public trusty # image available to all users > > > # source demo-openrc.sh # drop back to normal user openstack security group rule create --proto icmp --src-ip 0.0.0.0/0 --dst-port -1 default openstack security group rule create --proto tcp --src-ip 0.0.0.0/0 --dst-port 22 default sshable security group out of the box > openstack keypair create public-key.ssh/id_rsa.pub my_sshkey # add a keypair so you can ssh to servers > openstack server create --flavor m1.medium --image trusty --keypair my_sshkey \ server1 --wait # boot your first server, wait until done > ssh ubuntu@{ip} # profit!
Booting a Server OpenStack Client User + Project + Password Keystone Token POST /servers Token Nova API Nova Conductor Nova Sched Glance Nova Compute HTTP Pull your compute! libvirt
User Organization in OpenStack *Project == Tenant Domain 2 Domain 1 Tenant 1 Project 1 10 vcpu 8 GB mem 10 vcpu 8 GB mem Projects: contain quota Project 2 24 GB mem30 vcpu 24 GB mem Roles Users: credentials Domains: you don't need those in your basement
But I don't like the command line! No problem! Setting up Horizon is Section 7 Easy to use Web UI
1
Additional Features Leveling up Horizon Web UI for OpenStack Talks to all components over published REST interfaces Swift Object Store REST API for storing / fetching objects of arbitrary size* Built in redundancy model Can be used as a backend for Glance, owncloud, other Open Source systems Neutron Advanced Networking Tenant self service networks API and concepts model networking concepts Ports Subnets Routers Advanced network services such as: Load Balancing VPN Network Firewall Plugins for Linux Bridge and OVS and many SDNs Cinder Persistent Block Storage Ceilometer Usage and Metric Collection Ironic Additional block devices which survive longer than VMs Typical use for Database backends Adds bare metal support to Nova Designate DNS manager, reacts to Nova / Neutron events
A selection of additional services Heat RabbitMQ as a service on top of OpenStack Zaqar Simple Queue Service And more coming every day! Shared filesystem management Barbican Kuberneties / Container management Manila Hadoop as a service on top of OpenStack Cue Magnum MySQL db as a service on top of OpenStack Sahara Orchestrates "stack" of OpenStack resources Trove Key store management Murano Application catalog for easy to deploy OpenStack "apps"
Thanks! Layer 4: Consumption Services Heat Trove Sahara Orchestration Database Hadoop Questions? Zaqar Queues Layer 3: Optional Enhancements Ceilometer Horizon Barbican Telemetry Dashboard Key Management Layer 2: Extended Infrastructure Network Services Storage Services Cinder Swift Manila Block Object Filesystems Neutron Designate Ironic Magnum Networking DNS Bare Metal Containers Layer 1: Base Compute Infrastructure Nova Glance Keystone Compute Image Identity Compute Services http://hackstack.org/x/blog/2013/09/05/openstack-seven-layer-dip-as-a-service/