SLIDE 1
Minimal OpenStack
Starting Your OpenStack Journey
Sean Dague / Aug 19th, 2015 Twitter: @sdague Blog: dague.net
T h e M i s s i
- n
- f
Minimal OpenStack Starting Your OpenStack Journey Sean Dague / Aug - - PowerPoint PPT Presentation
Minimal OpenStack Starting Your OpenStack Journey Sean Dague / Aug - - PowerPoint PPT Presentation
Minimal OpenStack Starting Your OpenStack Journey Sean Dague / Aug 19 th , 2015 Twitter: @sdague Blog: dague.net T h e M i s s i o n o f O p e n S t a c k "To produce the ubiquitous Open Source Cloud Computing platform
SLIDE 2
SLIDE 3
T h i n g s y
- u
p r
- b
a b l y d
- n
' t n e e d i n y
- u
r b a s e me n t
- H
a d
- p
a s a S e r v i c e
- D
N S ma n a g e r
- O
b j e c t s t
- r
a g e l a y e r
- C
h a r g e b a c k
- I
n t e g r a t i
- n
w i t h E n t e r p r i s e S t
- r
a g e
- S
D N I n t e g r a t i
- n
- P
- l
i c y E n f
- r
c e me n t
- O
r c h e s t r a t i
- n
L a y e r
- K
u b e r n e t e s d e p l
- y
e r B u t , y
- u
c a n l a y e r t h e m i n l a t e r
- n
c e y
- u
h a v e a M i n i ma l O p e n S t a c k
SLIDE 4
My First OpenStack
1 Intel/AMD CPU 8 GB Ram 250+ GB Disk 1 Gbs Network Read OpenStack Install Guide Follow sections 2, 3, 4, 5 and 6.2 for your favorite distro For multiple servings follow sections 5 and 6.2 again Makes 1 compute cloud. Good for long running
- r ephermeral VMs.
Variations: * Increase RAM for more guests 2 hrs 4
SLIDE 5
2 – 3 hours process Read Carefully! "Create Exclusive Slice"
SLIDE 6
C a v e a t
- n
N e t w
- r
k i n g
N
- v
a N e t w
- r
k
- O
r i g i n a l N e t w
- r
k i n g
- E
a s y t
- s
e t u p
- L
i mi t e d A P I N e u t r
- n
- N
e w N e t w
- r
k S t a c k
- M
- r
e n e t w
- r
k c e n t r i c A P I
- A
l l
- w
s T e n a n t S e l f S e r v i c e N e t w
- r
k i n g
- L
- n
g T e r m D i r e c t i
- n
f
- r
O p e n S t a c k
My Current Recommendation (based on Kilo documentation): Start with Nova Network to get comfortable Rebuild with Neutron later if your intent is to expand substantially Liberty documentation should make Neutron base easier to get started with
SLIDE 7
N
- v
a N e t w
- r
k M u l t i h
- s
t
10.64.0.0/24
Controller + Worker Worker
.2 .2 .4 .7 .5 .6
Router
.1
dnsmasq dnsmasq
messages back and forth to prevent collisions Linux Bridge Linux Bridge
SLIDE 8
C h e a t i n g a n d S h a r i n g a n L 2
10.64.0.0/24
Controller + Worker Worker
.129/25 .129/25 .132 .133 .131 .130
Router
.1
dnsmasq dnsmasq
messages back and forth to prevent collisions Linux Bridge Linux Bridge
10.64.0.128/25 .51/24 .50/24 Through the magic of Linux Networking
SLIDE 9
N e t w
- r
k i n g a t H
- me
SLIDE 10
A 2 n
- d
e b a s e me n t c l
- u
d
Keystone mysql rabbitmq /disk Glance Nova /disk Nova C
- n
t r
- l
l e r + Wo r k e r Wo r k e r O n l y
SLIDE 11
SLIDE 12
C
- mp
u t e F l
- w
Persistent Disk Ephemeral Disk
Built from disk on fjrst boot. Exists until destroy. Freshly created
- n every boot.
Common Actions:
- create/delete
- start/stop
- resize
- snapshot
- locking
clout-init: typically shipped in cloud images customizes on fjrst boot Metadata Server Confjg Drive First Boot
Like "T-Shirt Sizes" Each defjnes CPU, Mem, Disk, and other attrs of fjnal VM
Base Image Flavor
SLIDE 13
O p e n S t a c k C l i e n t
ribos:~> more demo-openrc.sh export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=demo export OS_TENANT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=0penstack export OS_AUTH_URL=http://10.42.0.51:5000/v3 export OS_REGION_NAME=RegionOne
- U
n i f i e d
- p
e n s t a c k c l i
- R
e p l a c e s mo s t
- f
n
- v
a / k e y s t
- n
e / g l a n c e c l i u s a g e
- F
a r mo r e c
- n
s i s t e n t i n e x p e r i e n c e
- I
n s t a l l a b l e v i a a p t / y u m/ p i p
- P
u t i t
- n
y
- u
r l a p t
- p
- A
c c e s s a n y O p e n S t a c k v i a s e t t i n g e n v v a r i a b l e s
SLIDE 14
Y
- u
r f i r s t O p e n S t a c k
> source admin-openrc.sh # credentials > openstack image create --copy-from \ https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img \
- -public trusty
# image available to all users > source demo-openrc.sh # drop back to normal user > openstack security group rule create --proto icmp --src-ip 0.0.0.0/0 --dst-port -1 default > openstack security group rule create --proto tcp --src-ip 0.0.0.0/0 --dst-port 22 default # sshable security group out of the box > openstack keypair create –public-key .ssh/id_rsa.pub my_sshkey # add a keypair so you can ssh to servers > openstack server create --flavor m1.medium --image trusty --keypair my_sshkey \ server1 --wait # boot your first server, wait until done > ssh ubuntu@{IP} # profit!
SLIDE 15
G e t t i n g a n I ma g e
Keystone OpenStack Client User + Project + Password Token POST /images Token Glance HTTP Pull
SLIDE 16
Y
- u
r f i r s t O p e n S t a c k
> source admin-openrc.sh # credentials > openstack image create --copy-from \ https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img \
- -public trusty
# image available to all users > source demo-openrc.sh # drop back to normal user > openstack security group rule create --proto icmp --src-ip 0.0.0.0/0 --dst-port -1 default > openstack security group rule create --proto tcp --src-ip 0.0.0.0/0 --dst-port 22 default # sshable security group out of the box > openstack keypair create –public-key .ssh/id_rsa.pub my_sshkey # add a keypair so you can ssh to servers > openstack server create --flavor m1.medium --image trusty --keypair my_sshkey \ server1 --wait # boot your first server, wait until done > ssh ubuntu@{IP} # profit!
SLIDE 17
S e c u r i t y G r
- u
p s
10.64.0.0/24
Controller + Worker
.2 .5 .6
Router
.1
dnsmasq
Linux Bridge Default host level fjrewall preventing all inbound
SLIDE 18
Y
- u
r f i r s t O p e n S t a c k
> source admin-openrc.sh # credentials > openstack image create --copy-from \ https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img \
- -public trusty
# image available to all users > source demo-openrc.sh # drop back to normal user > openstack security group rule create --proto icmp --src-ip 0.0.0.0/0 --dst-port -1 default > openstack security group rule create --proto tcp --src-ip 0.0.0.0/0 --dst-port 22 default # sshable security group out of the box > openstack keypair create –public-key .ssh/id_rsa.pub my_sshkey # add a keypair so you can ssh to servers > openstack server create --flavor m1.medium --image trusty --keypair my_sshkey \ server1 --wait # boot your first server, wait until done > ssh ubuntu@{IP} # profit!
SLIDE 19
B
- t
i n g a S e r v e r
Keystone OpenStack Client User + Project + Password Token POST /servers Token Nova API Glance Nova Conductor Nova Sched Nova Compute HTTP Pull libvirt your compute!
SLIDE 20
U s e r O r g a n i z a t i
- n
i n O p e n S t a c k
Domain 2
Tenant 1
10 vcpu 8 GB mem 24 GB mem
Domain 1
Project 1
10 vcpu 8 GB mem
Project 2
30 vcpu 24 GB mem
Projects:
- contain quota
Users:
- credentials
Roles Domains: … you don't need those in your basement *Project == Tenant
SLIDE 21
B u t I d
- n
' t l i k e t h e c
- mma
n d l i n e !
- N
- p
r
- b
l e m!
- S
e t t i n g u p H
- r
i z
- n
i s S e c t i
- n
7
- E
a s y t
- u
s e We b U I
SLIDE 22
SLIDE 23
1
SLIDE 24
SLIDE 25
A d d i t i
- n
a l F e a t u r e s – L e v e l i n g u p
- H
- r
i z
- n
- We
b U I f
- r
O p e n S t a c k
- T
a l k s t
- a
l l c
- mp
- n
e n t s
- v
e r p u b l i s h e d R E S T i n t e r f a c e s
- S
w i f t – O b j e c t S t
- r
e
- R
E S T A P I f
- r
s t
- r
i n g / f e t c h i n g
- b
j e c t s
- f
a r b i t r a r y s i z e *
- B
u i l t i n r e d u n d a n c y mo d e l
- C
a n b e u s e d a s a b a c k e n d f
- r
G l a n c e ,
- w
n C l
- u
d ,
- t
h e r O p e n S
- u
r c e s y s t e ms
- N
e u t r
- n
– A d v a n c e d N e t w
- r
k i n g
- T
e n a n t s e l f s e r v i c e n e t w
- r
k s
- A
P I a n d c
- n
c e p t s mo d e l n e t w
- r
k i n g c
- n
c e p t s
- P
- r
t s
- S
u b n e t s
- R
- u
t e r s
- A
d v a n c e d n e t w
- r
k s e r v i c e s s u c h a s :
- L
- a
d B a l a n c i n g
- V
P N
- N
e t w
- r
k F i r e w a l l
- P
l u g i n s f
- r
L i n u x B r i d g e a n d O V S a n d ma n y S D N s
- C
i n d e r – P e r s i s t e n t B l
- c
k S t
- r
a g e
- A
d d i t i
- n
a l b l
- c
k d e v i c e s w h i c h s u r v i v e l
- n
g e r t h a n V M s
- T
y p i c a l u s e f
- r
D a t a b a s e b a c k e n d s
- C
e i l
- me
t e r
- U
s a g e a n d M e t r i c C
- l
l e c t i
- n
- I
r
- n
i c
- A
d d s b a r e me t a l s u p p
- r
t t
- N
- v
a
- D
e s i g n a t e
- D
N S ma n a g e r , r e a c t s t
- N
- v
a / N e u t r
- n
e v e n t s
SLIDE 26
A s e l e c t i
- n
- f
a d d i t i
- n
a l s e r v i c e s
- H
e a t
- O
r c h e s t r a t e s " s t a c k "
- f
O p e n S t a c k r e s
- u
r c e s
- T
r
- v
e
- M
y S Q L d b a s a s e r v i c e
- n
t
- p
- f
O p e n S t a c k
- S
a h a r a
- H
a d
- p
a s a s e r v i c e
- n
t
- p
- f
O p e n S t a c k
- C
u e
- R
a b b i t M Q a s a s e r v i c e
- n
t
- p
- f
O p e n S t a c k
- Z
a q a r
- S
i mp l e Q u e u e S e r v i c e
- M
a g n u m
- K
u b e r n e t i e s / C
- n
t a i n e r ma n a g e me n t
- M
a n i l a
- S
h a r e d f i l e s y s t e m ma n a g e me n t
- B
a r b i c a n
- K
e y s t
- r
e ma n a g e me n t
- M
u r a n
- A
p p l i c a t i
- n
c a t a l
- g
f
- r
e a s y t
- d
e p l
- y
O p e n S t a c k " a p p s "
And more coming every day!
SLIDE 27
T h a n k s !
Layer 1: Base Compute Infrastructure Layer 2: Extended Infrastructure Layer 3: Optional Enhancements Layer 4: Consumption Services
Nova Glance Keystone Ceilometer Horizon Heat Trove Sahara
Compute Image Bare Metal Networking DNS
Cinder Swift
Object Block Storage Services Compute Services Network Services Identity Telemetry Dashboard Key Management Orchestration Database Hadoop Queues http://hackstack.org/x/blog/2013/09/05/openstack-seven-layer-dip-as-a-service/
Zaqar Barbican
Neutron Designate Ironic
Containers
Magnum Manila
Filesystems