openstack
Table of Content

virtulabox vm node

  • centOS based vm
  • memory: 4-6GB
  • CPU: 2
  • HD: 50G
  • NIC1: NAT default 10.0.2.15, dhcp, for Internet access, ovs br-ex
  • NIC2: Hostonly, static ip, 172.25.250.1, for openstack management/public network 172.25.250.0/24
  • opensatck vm user/pass: vagrant/vagrant
  • openstack admin user/pass: admin/demo

use vagrant to launch openstack sandbox

$ mkdir vagrant/ctosbox2
$ curl -Lo Vagrantfile \
https://raw.githubusercontent.com/robertluwang/cloud-hands-on-guide/master/dc-vagrant-cloud/ctopenstack/Vagrantfile.ct7osbox2
$ vagrant up

in Virtualbox GUI, need to make sure Adapter2 Host-only changed to 172.25.250.1, no DHCP, then you boot up vm box.

ssh to openstack sandbox vm

  • use user/password: 
    $ ssh vagrant@172.25.250.20
  • use ssh keypair

I used default vagrant public key in openstack sandbox vm, so you need to download vagrant private key from here to match it, place to your laptop shell home/.ssh or install key to putty.

tips to install private key in putty:

  • putty cannot directly use the private key from vagrant, need to convert key to putty format using puttygen.
  • run puttygen, load the vagrant key file, then save private key to vagrant.ppk.
  • in putty/SSH/Auth, select vagrant.ppk for private key file for auth.
  • dashboard GUI 
    http://172.25.250.20:8080

verify NAT Network OVS setting

[vagrant@ctosbox2 network-scripts)]$ pwd
/etc/sysconfig/network-scripts

[vagrant@ctosbox2 network-scripts]$ cat ifcfg-enp0s3
DEVICE=enp0s3
NAME=enp0s3
DEVICETYPE=ovs
TYPE=OVSPort
OVS_BRIDGE=br-ex
ONBOOT=yes
BOOTPROTO=none

[vagrant@ctosbox2 network-scripts]$ cat ifcfg-enp0s8
#VAGRANT-BEGIN
# The contents below are automatically generated by Vagrant. Do not modify.
NM_CONTROLLED=no
BOOTPROTO=none
ONBOOT=yes
IPADDR=172.25.250.20
NETMASK=255.255.255.0
DEVICE=enp0s8
PEERDNS=no
#VAGRANT-END

[vagrant@ctosbox2 network-scripts]$ cat ifcfg-br-ex
ONBOOT="yes"
NETBOOT="yes"
PROXY_METHOD="none"
BROWSER_ONLY="no"
DEFROUTE="yes"
DEVICE=br-ex
NAME=br-ex
DEVICETYPE=ovs
OVSBOOTPROTO="dhcp"
TYPE=OVSBridge
OVSDHCPINTERFACES=enp0s3
OVS_EXTRA="set bridge br-ex other-config:hwaddr=08:00:27:2d:24:32 fail_mode=standalone"

ip addr
2: enp0s3:  mtu 1500 qdisc pfifo_fast master ovs-system state UP qlen 1000
    link/ether 08:00:27:2d:24:32 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::a00:27ff:fe2d:2432/64 scope link
       valid_lft forever preferred_lft forever
3: enp0s8:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:59:e5:b9 brd ff:ff:ff:ff:ff:ff
    inet 172.25.250.20/24 brd 172.25.250.255 scope global enp0s8
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe59:e5b9/64 scope link
       valid_lft forever preferred_lft forever
6: br-ex:  mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
    link/ether 08:00:27:2d:24:32 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic br-ex
       valid_lft 82549sec preferred_lft 82549sec
    inet6 fe80::a00:27ff:fe2d:2432/64 scope link
       valid_lft forever preferred_lft forever

routing table, gateway 10.0.2.2 is from NAT,

[vagrant@ctosbox2 network-scripts]$ route -en
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 br-ex
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br-ex
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 enp0s3
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 enp0s8
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-ex
172.25.250.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s8

DNS nameserver is from NAT,

[vagrant@ctosbox2 network-scripts]$ cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
nameserver 10.0.2.3

NAT enp0s3 is port in br-ex, it enabled openstack vm Internet access,

Bridge br-ex
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}
Port "enp0s3"
Interface "enp0s3"
Port br-ex
Interface br-ex
type: internal
ovs_version: "2.7.3"

ping google.ca

[vagrant@ctosbox2 ]$ ping google.ca
PING google.ca (172.217.0.99) 56(84) bytes of data.
64 bytes from yyz10s13-in-f3.1e100.net (172.217.0.99): icmp_seq=1 ttl=41 time=29.0 ms
64 bytes from yyz10s13-in-f3.1e100.net (172.217.0.99): icmp_seq=2 ttl=41 time=35.4 ms

create new project and user

  • login as admin
  • go to Identity
  • create project: lab_project
  • create user: lab_user with lab_project, password: demo
[vagrant@ctosbox2 .ssh]$ chmod 600 lab-key.pem
[vagrant@ctosbox2 .ssh]$ ls -ltr
total 8
-rw-------. 1 vagrant root 409 Mar 2 16:23 authorized_keys
-rw-------. 1 vagrant vagrant 1676 Mar 2 18:45 lab-key.pem

create source file for lab_user

[vagrant@ctosbox1 ~]$ cat keystonerc_user
unset OS_SERVICE_TOKEN
export OS_USERNAME=lab_user
export OS_PASSWORD='demo'
export OS_AUTH_URL=http://172.25.250.10:5000/v3
export PS1='[\u@\h \W(keystone_lab_user)]\$ '

export OS_PROJECT_NAME=lab_project
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3

[vagrant@ctosbox1 ~]$ source keystonerc_user

create new public network

  • as admin
  • Network/Networks: create public network – lab_pubnet with lab_project, flat with physical interface extnet, enable External Network
  • Subnet: lab_pubsub, 172.25.250.0/24, gateway: 10.0.2.2
  • Subnet details: no DCHP, 172.25.250.26 to 172.25.250.99, dns: 10.0.2.3, 8.8.8.8



create new image

  • as admin
  • download cloud image for cirros and fedora
  • Admin/Compute/Images: create image cirros as QCOW2 format,12MB
  • Admin/Compute/Images: create image fedora as QCOW2 format,220MB

create new flavor for fedora

  • as admin
  • Admin/Compute/Flavors/Create Flavor: m2.small, 1 vcpu, 512M RAM, 5G Root Disk, 1024M swap disk

create new private network

  • as admin
  • Network/Networks: create private network – lab_privnet with lab_project, VXLAN, segment id: 1010
  • as lab_user
  • Subnet: lab_privsub, 192.168.10.0/24, gateway: 192.168.10.1
  • Subnet details: DHCP, 192.168.10.30 to 192.168.10.50, dns: 10.0.2.3, 8.8.8.8



create router

  • as lab_user
  • Network/Routers: lab_router with lab_pubnet
  • add interface: 192.168.10.0/24, gateway 192.168.10.25 added


Network Topology

create new security group

  • as lab_user
  • Network/Security Groups: lab_sg
  • add rule to lab_sg: ICMP,SSH,FTP(TCP 20,21), HTTP for ingress IPv4

create new keypair

  • as lab_user
  • Compute/Key Pairs
  • save private key to vagrant ~/.ssh/lab-key.pem, chmod 600 lab-key.pem

create new cirros instance

  • as lab_user
  • Compute/Instances: vm1, lab_privnet, m1.tiny, cirros, lab_sg, lab-key.pem
  • vm assigned private ip 192.168.10.32
  • associate floating ip 172.25.250.34

verify from CLI

[vagrant@ctosbox2 ~(keystone_lab_user)]$ nova list
+--------------------------------------+------+--------+------------+-------------+------------------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+------+--------+------------+-------------+------------------------------------------+
| 0d1510dc-cea2-4feb-b8b6-3d1cbd49def5 | vm1 | ACTIVE | - | Running | lab_privnet=192.168.10.32, 172.25.250.34 |
+--------------------------------------+------+--------+------------+-------------+------------------------------------------+

ping to vm1

from openstack cannot access to private/floating ip, it is expected,

[vagrant@ctosbox2 network-scripts(keystone_lab_user)]$ ping 192.168.10.32
PING 192.168.10.32 (192.168.10.32) 56(84) bytes of data.
^C
--- 192.168.10.32 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

[vagrant@ctosbox2 network-scripts(keystone_lab_user)]$ ping 172.25.250.34
PING 172.25.250.34 (172.25.250.34) 56(84) bytes of data.
^C

need to access to vm in router namespace for OVS,

[vagrant@ctosbox2 network-scripts(keystone_lab_user)]$ sudo ip netns
qrouter-2ee9afb2-a964-469e-b988-91ee2ea4656b
qdhcp-e304231a-0b33-4978-a3ee-0531ead90ae5
qdhcp-91ebc886-45b1-4436-8d54-791e31293872

[vagrant@ctosbox2 network-scripts(keystone_lab_user)]$ sudo ip netns exec qrouter-2ee9afb2-a964-469e-b988-91ee2ea4656b ping 192.168.10.32
PING 192.168.10.32 (192.168.10.32) 56(84) bytes of data.
64 bytes from 192.168.10.32: icmp_seq=1 ttl=64 time=34.0 ms
64 bytes from 192.168.10.32: icmp_seq=2 ttl=64 time=2.28 ms
^C
--- 192.168.10.32 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 2.286/18.191/34.096/15.905 ms

[vagrant@ctosbox2 network-scripts(keystone_lab_user)]$ sudo ip netns exec qrouter-2ee9afb2-a964-469e-b988-91ee2ea4656b ping 172.25.250.34
PING 172.25.250.34 (172.25.250.34) 56(84) bytes of data.
64 bytes from 172.25.250.34: icmp_seq=1 ttl=64 time=0.578 ms
64 bytes from 172.25.250.34: icmp_seq=2 ttl=64 time=0.528 ms
^C
--- 172.25.250.34 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.528/0.553/0.578/0.025 ms

ssh to vm1

[vagrant@ctosbox2 network-scripts(keystone_lab_user)]$ sudo ip netns exec qrouter-2ee9afb2-a964-469e-b988-91ee2ea4656b ssh -i /home/vagrant/.ssh/lab-key.pem cirros@172.25.250.34

verify name server and routing,

$ cat /etc/resolv.conf
search openstacklocal
nameserver 10.0.2.3
nameserver 8.8.8.8

$ route -en
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.10.25 0.0.0.0 UG 0 0 0 eth0
169.254.169.254 192.168.10.25 255.255.255.255 UGH 0 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

verify Internet access

$ ping google.ca
PING google.ca (172.217.0.99): 56 data bytes
64 bytes from 172.217.0.99: seq=0 ttl=40 time=32.617 ms

So far openstack basic setup and test done, ready to go!