What now??? (or, From zero to OpenStack-hosted website in 4 easy steps)
Nick Chase - May 26, 2016
Everyone thinks that the hard part is deploying OpenStack, but really, with the right distribution (such as Mirantis OpenStack) that's actually not a big deal. Once you've done that, how do you actually get something useful out of it? In this tutorial, we're going to show you how to quickly go from having a fresh deployment of OpenStack to having an actual OpenStack-hosted web server you can use and access.
There are just 4 basic steps to this process:
If you're installing on VMs, make sure at least one of your nodes has at least 2 vCPU and 4 GB of RAM. The best way to do this is to edit the config.sh script before running launch.sh.
OK, then, ready to move on? What we're going to do now is create an OpenStack cloud on which we'll eventually deploy our VM and web server.
To create a tenant/project with Horizon:
To create an SSH keypair:
It can be helpful, during deployment only, to unblock ICMP, TCP and UDP communications in both directions. We felt secure in doing so, since our test cluster was protected by a strict ingress firewall, is on our internal network, and is accessed via a VPN. Your mileage may vary.
To expose your tenant to possible evil:
To allocate floating IPs to your project:
Launch the VM:
To log in to the server:
Figure 23: The Apache default page
There are just 4 basic steps to this process:
- Create and deploy an OpenStack cloud
- Create the OpenStack project infrastructure
- Deploy a new OpenStack virtual machine (VM)
- Install the Apache web server on the new VM
Create and deploy an OpenStack cloud
If you've reached this document, I'm presuming that you've already installed Mirantis OpenStack and the Fuel deployment tool. (If not, go to http://software.mirantis.com and follow the QuickStart Guide instructions. Don't worry, we'll wait.)If you're installing on VMs, make sure at least one of your nodes has at least 2 vCPU and 4 GB of RAM. The best way to do this is to edit the config.sh script before running launch.sh.
OK, then, ready to move on? What we're going to do now is create an OpenStack cloud on which we'll eventually deploy our VM and web server.
Create the environment
You can use Fuel to create as many OpenStack clouds, or "environments" as your hardware can handle, but of course we'll start with just one. Follow these steps:- Make sure that the Fuel Master node can access the internet. This normally isn't a problem, but you'll need to make sure because the OpenStack deployment process pulls packages off the Internet. To check connectivity, log into the terminal using the username and password you provided when installing Mirantis OpenStack and type:
ping 8.8.8.8
- If you have problems connecting to the Internet, you'll need to either correct them or set up a local repository from which Fuel can pull packages. You can find instructions here.
- Open the main Fuel page in your browser. By default, this page will be at http://10.20.0.2:8000; if you've changed this when deploying Fuel, you'll see the new address in the CLI of fuel-master. Log in and go to the main dashboard, as in Figure 1.
Figure 1: Fuel Environments - Click New OpenStack Environment.
- Enter the name for your new environment and choose the OpenStack release, then click Next.
- Decide on your hypervisor. In most cases, you will be using QEMU-KVM, as in Figure 2.
Figure 2: Choose a hypervisor. - Select a networking model. Nova-network has been deprecated, so your two options are Neutron with VLAN segmentation and Neutron with tunneling, unless you've installed a plugin for additional options such as NSX Networking. In most cases, you'll chose Neutron with VLAN segmentation, as in Figure 3.
Figure 3: Choose a networking model. - Next it's time to choose your storage options. By default, Mirantis OpenStack makes Ceph available for all four modes of storage (Block, Object, Image, and Ephemeral), but it's not necessary for you to use it. You can simply leave the default of using LVM for block storage, as in Figure 4.
Figure 4: Choose storage method. - Next choose any additional projects you want to install, such as Murano or Ironic. You won't need any additional projects for this tutorial, so you can just click Next to continue.
- Click the Create button to create the environment.
Populate the cluster
Now that you've created the basic cluster, it's time to configure it so that you can deploy it.- The first step is to add some actual nodes to the OpenStack cluster. Click the + Add Nodes button on the Dashboard tab, as in Figure 5.
Figure 5: The Dashboard shows the status of your cluster. - The first step is to add one or more Controller nodes. Mirantis OpenStack automatically deploys controllers in HA mode, so if you deploy three or more controllers, your OpenStack control plane will be Highly Available. Click the Controller checkbox and choose one or more servers at the bottom of the page, as in Figure X. (Keep in mind that your controllers won't need as much RAM and disk space as your compute nodes.) Click Apply Changes to save your choices, as in Figure 6:
Figure 6: Create a controller. - At this point you'll see your controller(s) in the Nodes tab, as in Figure 7. Click + Add Nodes again to add compute resources.
Figure 7: Controllers in the Nodes tab. - Click the checkbox for the Compute role and select one or more servers at the bottom of the page, as in Figure 8, then click Apply Changes to save your choices. Remember that you'll want to choose servers with enough RAM and disk space to create at least one VM, preferably more.
Figure 8: Add Compute resources - You should now see the new Compute servers in the Nodes tab.
- Now it's time to set up networking. Click the Networks tab. As you can see in Figure 9, Mirantis OpenStack and Fuel automatically provide you with default network parameters such as IP addresses. Note that these are internally accessible IP addresses; if you want your server to be globally accessible from the Internet at large, talk to your network administrator about a range of public IP addresses you can allocate for your cloud, and add them under the Public network, as in Figure 9.
Figure 9: Add public networking parameters. - Before you move on, make sure that your networking is set up correctly. To do that, click Connectivity Check in the left-hand pane and click Verify Networks, as in Figure 10. If all is well, you'll see a message to that effect; if something's wrong, Fuel will tell you that, as well. Click the Save Changes button at the bottom right of the page to move on.
Figure 10: Make sure your network is configured correctly. - Mirantis OpenStack takes care of setting most defaults, so there's nothing else you need to specify. Go back to the Dashboard tab and click Deploy Changes as in Figure 11, then Deploy.
Figure 11: Deploy changes - The dashboard will show you the progress of the deployment...
Figure 12: Watching progress - ... and when it's finished, you'll see a link to the Horizon interface
Figure 13: The Dashboard showing the completed deployment - Unless you've changed it in the Fuel Settings tab, the default username and password for Horizon is admin/admin.
Create the infrastructure
Now that the environment is deployed, you have an OpenStack cloud to work with. The next step is to create a tenant/project in which to deploy your resources, and a user to assign to it.Create the project
Creating a VM as part of a project enables isolation, control of resources and user access control in a shared cloud environment. Creating a user of this tenant without full administrative privileges, provides you the ability to give users self-service capabilities without compromising the entire cluster.To create a tenant/project with Horizon:
- Use the left-hand menu to navigate to Identity>Projects
- Click +Create Project, name the project (we used the name gettingStarted)
- On the Project Members tab, click the "+" next to the ‘admin’ (yourself) user to add it to the new project’s user list.
- Leave other defaults as-is. Click Create Project, as in Figure 15:
Figure 15: The Projects tab - To create a user and assign them to this project with non-administrative permissions:
- Use the left-hand menu to navigate to Identity>Users.
- Click +Create User, enter the required information and a password, select your new project as the user’s Primary Project, and ensure that _member_ is selected next to Role.
- Click Create User.
- Return to Identity>Projects, find your new project, click Manage Members, and ensure that your new user has been added to the project’s user list as a _member_ only. Also ensure that your admin account is on the project’s user list, and give it the admin as well as the _member_ role.
- Click Save.
Set up networking
Next you'll need to set up a new network for your VMs to use, and a router that enables it to talk to the internet at large. Start by logging out of Horizon as the admin and logging back in as your tenant user.- To create a new network:
- Via the left-hand menu, navigate to Network>Networks.
- Click +Create Network.
- Give the network a name (we used tenant-network) and click Next
Figure 16: Create a network - Give the associated subnet a name (we used tenant-subnet), enter its network address in CIDR format (this is usually 192.168.0.0/24), and enter its normal gateway IP (usually 192.168.0.1). Click Next.
Figure 17: Create the subnet - Enter the IP address of your local nameservers, or use Google’s (8.8.8.8, 8.8.4.4). Ensure that DHCP is checked. Leave other fields blank and click Create.
Figure 18: define the DNS name servers
- Via the left-hand menu, navigate to Network>Routers.
- Click +Create Router
- Give the router a name (we used tenant-router)
- Select the cluster’s external network (by default, in Mirantis OpenStack, this is called net04_ext admin_floating_net) in the popdown and click Create Router.
Figure 19: Create a router
- On the Network>Routers screen, click your router’s name on the left
- Click the Interfaces tab
- Click +Add Interface
- Select your network’s subnet
- Click Add interface.
Figure 20: Add an interface
Create SSH Keypair
In order to log into the VM you're going to create, you're going to need an SSH keypair to secure access.To create an SSH keypair:
- Via the left-hand menu, navigate to Project>Compute>Access & Security and click the Key Pairs tab.
- Click +Create Key Pair, give your keypair a name, and download the private key (.pem) file. Store it securely. Later, we'll call this file <privatekey_PEM>.
Set up Default Security Group Rules
Access to OpenStack VMs is controlled by Security Groups and the Security Group Rules that they contain. When you create a VM, you specify the group or groups it belongs to, and that determines access.It can be helpful, during deployment only, to unblock ICMP, TCP and UDP communications in both directions. We felt secure in doing so, since our test cluster was protected by a strict ingress firewall, is on our internal network, and is accessed via a VPN. Your mileage may vary.
To expose your tenant to possible evil:
- Via the left-hand menu, navigate to Project>Compute>Access & Security, click the Security Groups tab, find the Default security group, and click Manage Rules, on the right
- Click on +Add Rule
- A dialog box appears. In the topmost popdown, select ALL ICMP
- In the next popdown, select Ingress
- Click Add
- Again, click on +Add Rule. Again, select ALL ICMP, but this time, select Egress and click Add
- Repeat with ALL TCP (Ingress and Egress) and ALL UDP (Ingress and Egress), adding a total of six new rules
- Copy/retain the name (e.g., default) of your security groupFigure 21: Security group rules
Allocate Required Floating IPs
In order to access your new VM from the Internet, you'll need a Floating IP. This address is an external IP that's addressable from outside your internal network. Before you can assign it to the VM, however, you need to allocate it to the project.To allocate floating IPs to your project:
- Via the left-hand menu, navigate to Project>Compute>Access & Security, and click the Floating IPs tab
- Click on (lock symbol) Allocate IP to Project
- Click on Allocate IP. Note that the floating IP pool for your project is the name of the external network admin_floating_net.
Build the OpenStack VM
Now that we've built the infrastructure, we can go ahead and create, populate, and configure the virtual machine. This VM will be a Ubuntu server on which we'll install the Apache web server.Obtain a recent Ubuntu cloud image
In order to create a new VM, we're going to need a Glance image. In this case, we're going to get a very recent Ubuntu cloud image we can use for all node deployments. To obtain the latest Ubuntu Trusty image and add it to Glance:- Via the left-hand menu, navigate to Project>Compute>Images, and click +Create Image in the upper right
- Give the image a name (e.g., ubuntu-trusty)
- Under Image Location, insert the following URL:
http://uec-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img - Under Select Format, pick QCOW2 - QEMU Emulator
- Ensure that Copy Data is checked, so that the image is downloaded to Glance, instead of run from its internet location.
- Click Create Image.
Create the VM
Creating a new virtual machine is also known as "launching a VM". Basically, we're going to create a new VM using the image you downloaded in the last step as a template.Launch the VM:
- In Horizon’s left-hand menu, navigate to Project>Compute>Images, find your Ubunty Trusty image, and click Launch Instance
- Give your VM a name (e.g., gettingStartedBox) and select the m1.medium flavor (a reasonable size for Ubuntu). Copy/retain the name of your VM — we’ll refer to it as <vm_hostname> in following commands and scripts Figure 22: Launch an instance
- In the Access & Security tab, select the name of your keypair and ensure that the name of your security group is checked
- In the Networks tab, ensure your network is in the blue (selected) area, and drag it there if it is not
- Click Launch
- In Project>Compute>Instances, find the name of your VM, pull down the Actions menu on the right and select Associate Floating IP
- Select an allocated floating IP and click Associate
- Copy/retain that IP address. We’ll be calling it <jumpbox_FIP> below
- Once the server has started, we can log in and install Apache.
Configuring the VM
To configure the VM, you'll need to log in and install apache.To log in to the server:
- Make sure that your private key (the one you created as part of the SSH Keypair) has the appropriate permissions by changing to the directory where you saved it and typing:
$ chmod 400 *.pem
- Next, go ahead and log in, referencing the private key, and the floating IP you associated with the VM. You can do this with the command:
$ ssh -i <privatekey_PEM> ubuntu@<jumpbox_FIP>
- For example, if the private key was called hellokeypair.pem and the floating IP was 172.16.0.140, the command would be:
$ ssh -i hellokeypair.pem ubuntu@172.16.0.140
- Once you're logged in, you can go ahead and install Apache. Start by updating apt-get:
$ sudo apt-get update
- At this point you should see a ton of packages downloading. If not, make sure the server has access to the Internet.
- Install Apache:
$ sudo apt-get install apache2
You should see output such as:Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
apache2-bin apache2-data libapr1 libaprutil1 libaprutil1-dbd-sqlite3
libaprutil1-ldap ssl-cert
Suggested packages:
apache2-doc apache2-suexec-pristine apache2-suexec-custom apache2-utils
openssl-blacklist
The following NEW packages will be installed:
apache2 apache2-bin apache2-data libapr1 libaprutil1 libaprutil1-dbd-sqlite3
libaprutil1-ldap ssl-cert
0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,283 kB of archives.
After this operation, 5,348 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Enter Y to complete the installation.
Test the installation
At this point you should have a complete working Apache server. To test, open your browser and go to the IP address you're using. You should see the Default page, as in Figure 23:Figure 23: The Apache default page