User Guide · Metacloud Hypervisor (MHV) - Servers that run instances created in a cloud...

C 16416 vedená u Krajského soudu v Českých Budějovicích, IČO: 279 42 368, DIČ: CZ27942368

T +420 382 424 411 E [email protected] W www.tcpisek.cz 1 z 21

User Guide

-

First Run

A TECHNOLOGICKÉ CENTRUM PÍSEK S.R.O.

VLADISLAVOVA 250

397 01 PÍSEK



Content

Content ...................................................................................................... 2

Introduction ............................................................................................... 3

Glossary .................................................................................................... 3

First run ..................................................................................................... 5

Login and basic overview ........................................................................ 5

Project> Basic overview ................................................................................................... 5

SSH key ..................................................................................................... 6

Compute > Key Pairs ....................................................................................................... 7

Networking ................................................................................................ 7

Project > Networking ........................................................................................................ 8

Router ........................................................................................................ 9

Project > Network > Routers ............................................................................................ 9

Access & Security .................................................................................. 10

Project > Network > Security Groups ............................................................................. 10

First run instance .................................................................................... 11

Project > Compute > Images ......................................................................................... 11

Floating IP allocation .............................................................................. 19

Project > Network > Floating IPs ................................................................................... 19

Insert metadata into the image .............................................................. 20

Project > Compute > Images ......................................................................................... 20


VLADISLAVOVA 250

397 01 PÍSEK



Introduction

This document aims to familiarize the user with the basics of using the OpenStack dashboard.

OpenStack dashboard is a web-based graphical interface that cloud administrators and users can

access to access the cloud, manage and perform computing, storage, and network operations.

For example, administrators can use the dashboard to run virtual machine instances, view the size

and current deployment status of the OpenStack cloud, manage networks, and set limits on the

cloud resources available to users.

The OpenStack dashboard offers three versions of management dashboards:

● User Dashboard - Dashboard for regular users

● System Dashboard - a panel for cloud administrators

● Setting Dashboard - a panel designed especially for developers

Cloud administrators can customize Horizon visuals, including the navigation bar, spreadsheets,

alerts, and more. Developers can extend any existing dashboard to include additional features by

creating an application that integrates directly into the dashboard.

Glossary

Application Programming Interface (API)- A collection of specifications used to access a

service, application, or program. It includes service communication, requires specific parameters

for individual communication queries and expected responses with certain values.

Authentication- The process of confirming the identity of the user to confirm the incoming request.

The first step is to verify the user name and password or to verify the user name and API key. The

token needs to be documented in the subsequent scans.

Availability Zone (AZ)- A group of servers that make up the cloud. Each AZ is accessed by

different instances of the API and Dashboard, independently of the other AZs.

Command-line interface (CLI)- a text interface for interacting with your cloud.

Credentials- personally identifiable information. For example, the username and password, the

user name and API key, or the authentication token that the identity service provides.

Dashboard- OpenStack's web interface to interact with your cloud. The dashboard is a subset of

the functions available through the API and CLI.

Domain- API v3 service identity entity. Domains are collections of projects and users that define

administrative boundaries for managing identity entities. Domains can be individuals, companies,

or operators of their own hardware space. They provide administrative activities directly to system

users. Users can be given the administrator role for the domain. A domain administrator can create

projects, users, and groups in a domain, and then assign roles to users and groups in the domain.

Drivers- drivers or back-end services are integrated into a centralized server. They are used to

access identity information in non-cloud repositories and can already exist in an infrastructure

where Metacloud is implemented (such as SQL databases or LDAP servers).

Endpoint - a network-accessible address, usually a URL that you can use to access the service.

Flavour- A virtual hardware profile that applies to instances when they are created. Flavor controls

the number of vCPUs, memory, root disk size, and temporary instance storage size.


VLADISLAVOVA 250

397 01 PÍSEK



Floating IP- An IP address (usually public) that is mapped to a particular instance to allow external

connections to that instance. Technically speaking, one-to-one NAT is dynamically created from a

floating IP address to a fixed IP address of your instance.

Instance- a virtual PC running in the cloud, sometimes referred to as a virtual machine / machine

(VM).

Local Network- A network of interconnected servers that allows communication within individual

users, not across the entire network. Local networks are mainly intended for one-node test

scenarios, but may be different. Currently, OpenStack cloud also supports VLANs.

Matacloud Controle Plane (MCP) - Servers that handle cloud scheduling and orchestration

functions.

Metacloud Hypervisor (MHV) - Servers that run instances created in a cloud environment.

Network Attached Storage (NAS) - File-level data storage attached to a network that provides

data access to a selected group of clients.

OpenStackClient (OSC) - It is a command line interface for several cloud services including API

identity. For example, you can run openstack image create and openstack volume create to create

instances and repositories.

Object Storage Device (OSD) - A storage system that organizes data into containers.

Physical Network - A network that connects virtualized nodes with other network resources.

Project - a container that groups or isolates sources or identity objects. Depending on your

preferences, an individual project can be mapped to a customer, account, organization, or

individual project.

Project Network - a virtual network that the administrator creates. The physical details of the

network are not exposed outside of the project.

Provider Network - a virtual network created to connect to a specific network in a data center.

Role - Defines the rights and permissions granted to user accounts. The cloud has essentially two

roles: admin and user. A role can be assigned to a user account or to an entire user group.

Administrators can also create new roles. Identity issues a token to the user that contains the role

list. When a user starts a service, the user then interprets the user's role set and determines which

operation the user is authorized to perform or what resources he can use.

Security Group - a list of firewall security rules applied to instances.

Server - The centralized server provides authorization services using the RESTful interface.

Tenant - a logical distribution of the availability of individual zones, created from a VLAN and a

unique network address space. The term tenant is interchangeable with the project.

Token - an alphanumeric text string that allows access to APIs and resources.

User - Digital representation of a person, company, or organization that uses cloud services. Users

have a login and access using assigned tokens. Users can be directly assigned specific projects to

use.

Virtual Network - a virtual network of interconnected virtual servers that allows communication

within individual users, not across the entire network. Virtual network is similar to classic network,

except that virtualized in OpenStack.


VLADISLAVOVA 250

397 01 PÍSEK



First run

The OpenStack dashboard offers users and administrators easy access through a graphical

interface to manage, deliver, and automate processes inside cloud servers.

The dashboard is accessed via an Internet browser. In the following chapters the basic functions of

OpenStack will be described and at the same time there will be detailed instructions on how to

achieve the individual steps.

Login and basic overview

As mentioned above, the OpenStack dashboard is accessed through the web interface. Along with

this documentation, there is a document with credentials where the IP address to log in is listed on

the first page. Copy and paste the IP address into the search engine, then confirm with the Enter

key.

Project> Basic overview

After successfully entering the IP address into the search engine, a window will open with login to

OpenStack. Fill in the login data according to the above-mentioned document with credentials and

click on the Sign In button to login and enter the OpenStack graphical interface.

After a successful login, the start overview page will appear with a menu of features. Here the

number of used and remaining resources, used capacity and overview of utilization of network

resources are clearly displayed in pie charts.


VLADISLAVOVA 250

397 01 PÍSEK



Before you release your first instance, there are a few other things to do.

SSH key

SSH is also a program for secure communication protocol in computer networks that use TCP / IP.

SSH was designed to replace older and other unsecured remote shells (rlogin, rsh, etc.) that send

the password in an unsecured form, allowing it to be tapped when transmitted over a computer

network. SSH provides data encryption to secure data when transmitted over an untrusted

network, such as the Internet.

You can use the public key in SSH to authenticate the user. First, a pair of encryption keys is

generated - private (private) key and public key. Private is securely stored with the user and is

password protected. The public key is stored on the target server (typically in the user's home

directory, on Unix systems, in the ~ / .ssh / authorized_keys file). When attempting to log on, the

server uses the public key it has available to encrypt a block of random data (a challenge-

response) that cannot be easily inferred or guessed and sends it to the client. The client decrypts

the prompt using a private key and sends the decrypted message back to the server. If the prompt

is decrypted correctly, the server verifies that the client has a private key that matches the public

key that the server has, and can then authorize (authorize) the access. If the prompt is not

decrypted correctly, client access will be denied. This implies that the private key does not leave

the client's computer, so that it cannot be stolen while transmitting it over the network, yet the

client's authenticity and access can be verified.

In the next chapter, you will find step-by-step instructions on how to use secure SSH

communications in OpenStack.


VLADISLAVOVA 250

397 01 PÍSEK



Compute > Key Pairs

In the menu in the upper left column select the tab compute and then Key Pairs.

There are two ways to add the public part of your SSH key - we can create a new key, in this case

you create both the public key and the private key, or import the existing key. On the right side of

the screen are the corresponding buttons. After selecting the Create Key tab, enter the key name

first. Then the key is created, downloaded to the PC and automatically added to the OpenStack

environment.

When importing an SSH key, you only need to select the path to the directory where the key is

stored and assign a name for the key in the OpenStack environment.

It can also be pasted by simply copying (eg, CTRL + C and CTRL + V) from a key text file to a free

field at the bottom of the pop-up window

Networking

Networking inside OpenStack is a virtual network service that provides a powerful API that defines

connections to networks and IP addresses. This virtual network connection is essential for all

services and servers to communicate with each other across the cloud.


VLADISLAVOVA 250

397 01 PÍSEK



Network APIs use a virtual network, subnet, and ports to define network resources. In this section

you can define your own virtual networks as needed. Furthermore, we have the possibility to define

subnets and ports to control the communication channels of OpenStack.

Project > Networking

Select Networks in the right column.

In the right corner, click on “Create Networks”. In the first tab “Networks” fill in the network name

and whether we require the network to create Subnet.

In the “Subnet” tab, we need to name the subnet and fill in its non-public IP address with the prefix

(default / 24). Next, select IPv4 and choose Gateway. The gat


VLADISLAVOVA 250

397 01 PÍSEK



There are more optional values in the "Subnet Details" tab. You can define Allocation Pools

assignments, which are subsets of all available subnet addresses to be used for addressing, for

example. You can also specify multiple DNS servers and custom host routes. After filling in the

form click on the "Create" button. We have now created a virtual network that is ready for future

operations.

Router

A router is a logical component of the cloud that forwards data packets between networks. It

provides Layer 3 communication and also provides external access for network servers. We create

a router in the OpenStack environment mainly because of the need to connect networks with each

other and also to ensure communication with the public Internet.

Project > Network > Routers

In order for networks to communicate with each other, or for servers to communicate with public

Internet addresses, it is necessary to create routers. In the right menu, select the Network tab and

the Routers option.

To create a router, click on the “Create router” box. Then a pop-up window will appear where you

need to enter the router name and connect it directly to the required external network. After

confirming the pop-up window, it is possible to connect other necessary networks to the router

according to local needs.


VLADISLAVOVA 250

397 01 PÍSEK



Access & Security

Before you run an instance, you must add specific security group rules that allow users to ping and

use SSH to connect to the instance. Security groups are sets of IP filter rules that define network

access and that are applied to all instances in a project. There are two ways to add rules. Either we

can modify the default rule group, which is already pre-set inside OpenStack by inserting the rules

we require, or we can create a completely new rule group according to our needs.

Project > Network > Security Groups

On the Network tab, select “Security Groups” from the menu. After opening the relevant page, click

on the “Create Security Group” field. In the window, fill in the name of the group and its description,

from which you can easily deduce the purpose of this security group.

In order to be able to set up a newly created rule, we have to click “Manage Rules” next to the rule

in its row. In order to be able to understand security groups properly, it is necessary to explain what

some terms mean. This is mainly about the meaning of the words EGRESS and INGRESS.

EGRESS means communication from the private network out to the public network. Ingress is

communication from a public network through a router to a private network. In the basic rule group,

all INGRESS communication is prohibited on all ports. EGRESS communication is enabled. In

order to be able to use servers and networks through SSH remote access, it is necessary to

enable INGRESS communication for SSH on a specific single port. OpenStack contains several

pre-created rules that can be used, including enabling INGRESS communication for SSH.


VLADISLAVOVA 250

397 01 PÍSEK



Click the “+ Add Rule” button in the upper right corner. Select SSH protocol from the list of preset

rules. OpenStack will add a specific port for the user, which will be opened for subsequent

communication. In CIDR input, you can enter a single remote IP address or range in CIDR format

that allows SSH access, or you can leave the default - 0.0.0.0/0 to enable SSH from any remote IP

address. Click the "Add" button. Now we have successfully added and edited the Security Group.

First run instance

OpenStack is primarily a virtualization platform for managing virtual machines. In the next section,

we will introduce how to create your own new instance. We'll go through step-by-step how to

prepare an instance and set it up correctly. Next, we'll show you how to run an instance and what

operations it can do.

Project > Compute > Images

To create and run the first instances in OpenStack, select the images tab in the upper right corner

of the menu. Here we have a few pre-made images to choose from, which we can start using right


VLADISLAVOVA 250

397 01 PÍSEK



from the start.

After clicking on the Launch button, a pop-up window will appear, in which we will fill in more

detailed requirements for the instance being started. In the first Details tab, enter the name and

description of the instance, if any. You must also specify the Availability Zone. Availability zone -

Use the availability zone to make network resources work in high availability mode. Availability

zone provides nodes for Nova computing, Cinder block storage, or Neutron network services. Then

you have to choose the number of instances that we want to run at once. On the right side of the

window is a counter that displays the maximum number of instances that can be created, how

many instances are created, and the percentage usage of the allocated limit..

In the second tab named Source. Choose a template here. which will be used to create a new

instance. You can use image, instance snapshots, and snapshots. In the right part of the window

there are two radio buttons. These buttons can affect the sub-settings between the instance and

the assigned volume. the first button affects whether we want to create a new volume for an

instance or whether we want to create an instance without creating a new volume. The second

button allows you to request whether the volume that is attached to the instance is automatically

deleted when the volume is deleted.


VLADISLAVOVA 250

397 01 PÍSEK



In the following tab Flavor select from the pre-prepared items that best suits us according to the

sources used, such as VCPU, RAM, DISK etc.

On the Networks tab, assign the network to the instance. Networks are the basic communication

channel for instances in the cloud. Now we have filled in the last tab marked *. All bookmarks

marked with this symbol must be filled in because they are the key instance settings.


VLADISLAVOVA 250

397 01 PÍSEK



Ports provide additional communication channels to your instances. Primarily, all communication

through ports is blocked for increased security.

Then you can set up Security Group. Here we select the required group of rules that we want to

apply to the created instance. Groups can be selected more as needed.


VLADISLAVOVA 250

397 01 PÍSEK



Key Pair allows you to apply the SSH function to a newly created instance. You can select an

existing key pair, import a key pair, or generate a new key pair.

In the Configuration tab it is possible to directly insert a script for Linux or a command line file for

Windows into the instance. Furthermore, you can choose to automatically adapt the discs to the

size of the Flavor. Finally, you can enable or disable Configuration Drive. Configuration drive is

used for metadata transmission. You can configure OpenStack to write metadata to a special

configuration unit that connects to the instance at startup. An instance can mount this drive and

read files from it to obtain information that is commonly available through the metadata service.

This metadata is different from user data.

Server Groups assign instances and virtual machines specific properties. For example, by setting

up a server group, you can specify that VMs in this group cannot be located on the same physical

hardware due to availability requirements or vice versa.


VLADISLAVOVA 250

397 01 PÍSEK



Scheduler hints, also simply referred to as “hints” or “tips”, can be specified during server creation

to affect server settings depending on which filters and settings we choose. Hints are mapped as

specific filters. You can use Scheduler to schedule certain instance behaviors. You can specify

scheduling requirements by moving items from the left column to the right column. The left column

contains the scheduler name definitions from the Glance Metadata Catalog. Use the "Costume"

option to add help of your choice.

This step allows you to add metadata items to your instance. Metadata is used in OpenStak for

most types of sources (image, artifacts, nodes, flavors, etc.). Thanks to metadata, we can put

properties, keys, descriptions, and instance constraints already set in these resources. You can

specify resource metadata by moving items from the left column to the right column. In the left

column are metadata definitions from the View Metadata catalog. Use the "Costume" option to add

metadata using the key of your choice.


VLADISLAVOVA 250

397 01 PÍSEK



Click the Launch button to start the selected instance. When the startup is complete, the new

instance appears in the overall view of all running instances, as well as in the network topology

model. The network technology model can be viewed in the tab Project> Networks> Network

Topology. Here you can see how the individual networks are interconnected through routers and

how the instances are linked to each network.


VLADISLAVOVA 250

397 01 PÍSEK



After running the instance, we have the option to work directly with the instance. From the list of

instances, select the instance you want to test and click on the blue highlighted instance name.

In the next overview it is necessary to click on the “Console” tab. A window with loaded console will

appear on the tab. There is a possibility to open the console in a new window. You can type in the

console by clicking on the top blue bar.


VLADISLAVOVA 250

397 01 PÍSEK



Floating IP allocation

Project > Network > Floating IPs

For the instance to have Internet access, select Floating IPs from the menu. Here you can assign

individual public IP addresses to specific instances so that the instances are accessible from the

Internet. If we do not already have specific IP addresses added, it is necessary to allocate

addresses from the provider to the project. This is done by clicking the Allocate IP To Project

button.

If we want the instances to have access to the Internet, it is necessary to create a new router and

then connect it to the external Internet.

After allocating a Floating IP address to a project, the public IP address can be assigned directly to

a specific instance to provide access to the instance through public networks. To do this, expand


VLADISLAVOVA 250

397 01 PÍSEK



the menu and select Associate Floating IP on the Instances tab of the instance to which you want

to assign a Floating IP address. Then select the IP address to be assigned to the instance.

Insert metadata into the image

Project > Compute > Images

Any embedded image can be further edited to include new metadata to match the image to our

requirements. Image file editing is done via the Images tab. In the list choose the image into which

we want to insert metadata. When you expand the menu for the image, select Update Metadata.

The following window is divided into two parts. Metadata is added by inserting keywords into the

left column according to the datasheet and clicking the + icon. Then the functionality name moves

to the right part of the window. In this section, it is necessary to specify metadata, for example, the

version of the operating system again according to the data sheet. Once filled in, you can click the

Save button and the metadata will then be uploaded to Image. As an example, we used the

addition of os_distro for Ubuntu Image.


VLADISLAVOVA 250

397 01 PÍSEK



Datasheet available at:

https://docs.openstack.org/glance/latest/admin/useful-image-properties.html

Date post:	28-Sep-2020
Category:	Documents
Upload:	others
View:	5 times
Download:	0 times

User Guide · Metacloud Hypervisor (MHV) - Servers that run instances created in a cloud...

Documents