Playing with OpenStack

Posted on: 2017-04-15

OpenStack is the premiere open source Amazon AWS cloud infrastructure alternative. This post will go over installing its most critical services to a single machine and then spinning up a VM inside of it and exposing that VM to the rest of your network. You wouldn't want to run like this in production, but its good for learning or home lab use.

Do a fresh centos 7 minimal install on physical hardware. assign a static IP during the install. Then do the config and install.

yum -y update
yum install -y centos-release-openstack-newton 
yum -y update
yum install -y openstack-packstack vim wget

systemctl disable firewalld
systemctl stop firewalld
systemctl disable NetworkManager
systemctl stop NetworkManager
systemctl enable network
systemctl start network

packstack --gen-answer-file=answers.txt
vim answers.txt
#vms in my lab are small and throw away. no fancy data storage needed.
CONFIG_CINDER_INSTALL=n
CONFIG_SWIFT_INSTALL=n
CONFIG_MANILA_INSTALL=n
#my hardware is crap.  I'd rather not see charts and monitor usage and stuff than spend cycles doing that.
CONFIG_CEILOMETER_INSTALL=n
CONFIG_AODH_INSTALL=n
CONFIG_GNOCCHI_INSTALL=n
CONFIG_NAGIOS_INSTALL=n
#run lots of vms on crap hardware
CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO=20
CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO=20
#make sure networking looks like so if you want your normal network to be able to reach the VMs
CONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex
CONFIG_NEUTRON_ML2_TYPE_DRIVERS=vxlan,flat
CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=extnet:br-ex
#use your ethernet adapter device
CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-ex:enp3s0
#don't need orchestration, demo data, hadoop, DB as a serivce, bare metal management, or fancy load balancers
CONFIG_HEAT_CFN_INSTALL=n
CONFIG_HEAT_CLOUDWATCH_INSTALL=n
CONFIG_PROVISION_DEMO=n
CONFIG_SAHARA_INSTALL=n
CONFIG_TROVE_INSTALL=n
CONFIG_IRONIC_INSTALL=n
CONFIG_LBAAS_INSTALL=n

[root@openstack ~]# packstack --answer-file=answers.txt
Installing:
Clean Up                                             [ DONE ]
Discovering ip protocol version                      [ DONE ]
Setting up ssh keys                                  [ DONE ]
Preparing servers                                    [ DONE ]
Pre installing Puppet and discovering hosts' details [ DONE ]
Preparing pre-install entries                        [ DONE ]
Setting up CACERT                                    [ DONE ]
Preparing AMQP entries                               [ DONE ]
Preparing MariaDB entries                            [ DONE ]
Fixing Keystone LDAP config parameters to be undef if empty[ DONE ]
Preparing Keystone entries                           [ DONE ]
Preparing Glance entries                             [ DONE ]
Preparing Nova API entries                           [ DONE ]
Creating ssh keys for Nova migration                 [ DONE ]
Gathering ssh host keys for Nova migration           [ DONE ]
Preparing Nova Compute entries                       [ DONE ]
Preparing Nova Scheduler entries                     [ DONE ]
Preparing Nova VNC Proxy entries                     [ DONE ]
Preparing OpenStack Network-related Nova entries     [ DONE ]
Preparing Nova Common entries                        [ DONE ]
Preparing Neutron LBaaS Agent entries                [ DONE ]
Preparing Neutron API entries                        [ DONE ]
Preparing Neutron L3 entries                         [ DONE ]
Preparing Neutron L2 Agent entries                   [ DONE ]
Preparing Neutron DHCP Agent entries                 [ DONE ]
Preparing Neutron Metering Agent entries             [ DONE ]
Checking if NetworkManager is enabled and running    [ DONE ]
Preparing OpenStack Client entries                   [ DONE ]
Preparing Horizon entries                            [ DONE ]
Preparing Puppet manifests                           [ DONE ]
Copying Puppet modules and manifests                 [ DONE ]
Applying 192.168.1.66_controller.pp
192.168.1.66_controller.pp:                          [ DONE ]         
Applying 192.168.1.66_network.pp
192.168.1.66_network.pp:                             [ DONE ]      
Applying 192.168.1.66_compute.pp
192.168.1.66_compute.pp:                             [ DONE ]      
Applying Puppet manifests                            [ DONE ]
Finalizing                                           [ DONE ]

 **** Installation completed successfully ******

Now lets create the "external" network and give it an IP range to use. The IP range should be a small set of unused IPs in your real LAN network preferably outside of your DHCP range. This allows OpenStack to assign a floating IP to a VM and then that VM will be accessible to the rest of your network.

. keystonerc_admin
neutron net-create external_network --provider:network_type flat --provider:physical_network extnet  --router:external
#update the IPs to your enviornment
neutron subnet-create --name public_subnet --enable_dhcp=False --allocation-pool=start=192.168.1.70,end=192.168.1.80 --gateway=192.168.1.1 --dns-nameserver=192.168.1.1 external_network 192.168.1.0/24

Now lets download a VM hard disk image we can use. http://docs.openstack.org/image-guide/obtain-images.html

wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-1701.qcow2
glance image-create --name=centos7 --visibility=public --disk-format=qcow2 --container-format=bare --file=CentOS-7-x86_64-GenericCloud-1701.qcow2 --progress

Now we need a user

openstack project create --enable internal
#use your info
openstack user create --project internal --password test1234 --email dustin@localhost --enable dustin
cp keystonerc_admin keystonerc_dustin

vim keystonerc_dustin
unset OS_SERVICE_TOKEN
    export OS_USERNAME=dustin
    export OS_PASSWORD=test1234
    export OS_AUTH_URL=http://192.168.1.66:5000/v2.0
    export PS1='[\u@\h \W(keystone_dustin)]\$ '
export OS_TENANT_NAME=internal
export OS_REGION_NAME=RegionOne

. keystonerc_dustin

Finally the new user/tenant needs a private subnet and the ability to route out to internet. The private subnet should not be used already on your lan.

neutron router-create router1
neutron router-gateway-set router1 external_network
neutron net-create private_network
neutron subnet-create --name private_subnet --dns-nameserver=192.168.1.1 private_network 192.168.100.0/24
neutron router-interface-add router1 private_subnet

Before we spin up a VM you may want to browse the web GUI as an admin to see what all you can do.

`cat keystonerc_admin` and grab the OS_PASSWORD value.  >  http://192.168.1.66 > admin / password from before.

Alright. Now that you've seen the GUI with all the options, logout and log back in as your regular user. That is dustin/test1234 based on my example.

Before we launch that VM we need to configure a security group to allow SSH, upload our SSH key and allocate a floating IP for it to use.

Project > Compute > Access & Security > Security Groups > default > Manage Rules > Add Rule > Rule > SSH > Add
#on your client machine. do a ssh-keygen first if necessary
cat ~/.ssh/id_rsa.pub  
Project > Compute > Access & Security > Key Pairs > Import Key Pair > Name: Me > Public Key: data from cat above > Import Key Pair
Project > Compute > Access & Security > Floating IPs > Allocate IP to Project > Allocate IP

Now lets launch the VM, give it a "public" IP and SSH into it.

Project > Compute > Instances > Launch Instance
name: testvm
source > centos7 > +
flavor > m1.small > +
Make sure security groups has default
Make sure Key Pair has Me
Launch Instance

Once its done Spawning. Click the dropdown > Associate Floating IP > Choose IP > Associate. Now on your client machine where your SSH key is ssh centos@FLOATING_IP. Call a sudo yum update to make sure all the networking is working and to update the vm.

OpenStack is insanely powerful. We haven't even scratched the surface with this stuff. Enjoy digging in and playing around with it. Once you get bored with all the installed components go back and install some of the cool stuff I specifically disabled because of my needs and play with those as well.

References