Spinning Up Your First Instance on Rackspace Private Cloud Using Quantum/Neutron Networking

Thursday, December 12, 2013

Now that you have Rackspace Private Cloud installed, it is time to spin up your first OpenStack Instance. But there are several things you should do beforehand so you can fully utilize your OpenStack Instance.

Be aware, in OpenStack Havana, Quantum Networking was renamed to Neutron Networking. This post covers both OpenStack Grizzly (RPC v4.1.x) and OpenStack Havana (RPC v4.2.x). I will specify when you should use the quantum commands or the neutron commands.

In addition, the following steps assume you have arrived at this post from one of the following posts:

Deploy Rackspace Private Cloud v4.2.x powered by OpenStack Havana with Neutron Networking Using VirtualBox or VMware Fusion and Vagrant

or

Deploy Rackspace Private Cloud Entirely Within a Vagrantfile on VirtualBox or VMware Fusion

Access the Horizon Dashboard

You can access the Horizon Dashboard by opening a web browser and browsing to http://192.168.236.20. Log in with Username admin and Password secrete.

The Horizon Dashboard is fairly intuitive and most of the remaining steps can be performed through it, but since the true power of OpenStack is through the command line tools and its API, the remaining steps will use the command line tools.

Log in to the Controller Node

Start by logging back into your controller1 node:

vagrant ssh controller1

Log in as the root user and stay logged in as root throughout this post (the root password is vagrant):

su -

In root’s home directory is an openrc file which contains the necessary credentials to use the OpenStack APIs. Source this file into your environment:

source ~/openrc

Upload Images to Glance

A base Rackspace Private Cloud install does not include any OpenStack images and without any images you will not be able to boot any OpenStack Instances. There are many pre-built OpenStack images available from all of the major Linux distributions.

In this post you will be uploading the Ubuntu Server 12.04 LTS cloud image into the Glance Repository.

Upload the Ubuntu Server 12.04 LTS cloud image by running the following command:

glance image-create --name ubuntu-server-12.04 --is-public true --container-format bare --disk-format qcow2 --copy-from http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img

You can monitor the upload progress by running glance image-list from the controller1 node.

Add Rules to the default Quantum/Neutron Security Group

Each OpenStack Instance you spin up is assigned to the default Quantum/Neutron Security Group, which essentially contains iptables rules. An OpenStack Instance can be assigned to as many Quantum/Neutron Security Groups as needed, but for now you will focus on the default Quantum/Neutron Security Group.

By default there are no rules in the default Quantum/Neutron Security Group. You will need to allow ICMP traffic to test network connectivity and SSH traffic to log into your OpenStack Instance.

To create rules to allow ICMP and SSH traffic, run one of the following sets of commands depending on your version of Rackspace Private Cloud:

If you are running Rackspace Private Cloud v4.1.x with Quantum Networking:

quantum security-group-rule-create --direction ingress --ethertype IPv4 --protocol icmp default

quantum security-group-rule-create --direction ingress --ethertype IPv4 --protocol tcp --port-range-min 22 --port-range-max 22 default

If you are running Rackspace Private Cloud v4.2.x with Neutron Networking:

neutron security-group-rule-create --direction ingress --ethertype IPv4 --protocol icmp default

neutron security-group-rule-create --direction ingress --ethertype IPv4 --protocol tcp --port-range-min 22 --port-range-max 22 default

Create a New Flavor

At the end of this post, you will be creating an OpenStack Instance from the ubuntu-server-12.04 image you uploaded into Glance. Because the compute1 node has a finite amount of CPU and RAM available, I typically use the m1.tiny flavor, but the ubuntu-server-12.04 will not boot with this flavor because the root disk size is too small. So, you will create a new similar flavor that contains enough root disk space.

Create a new flavor called m1.custom with an ID of auto, 512 MB of RAM, 5 GB of root disk space, and 1 vCPU with the following command:

nova flavor-create m1.custom auto 512 5 1

Create Your SSH Keypair

Most OpenStack cloud images have password-based log in turned off. This is partly a security measure so there are not OpenStack cloud images created and left running with default passwords. So, to log in to an OpenStack Instance you will need to create an SSH keypair.

If you already have an SSH keypair created, you can skip this paragraph. On your workstation, open your terminal application and run ssh-keygen. You can accept all of the default settings. I would recommend setting a password on your SSH private key, but for now create it without a password.

On your workstation, in your home directory, you should now have a .ssh directory and inside that directory will be two files: id_rsa and id_rsa.pub. id_rsa is the SSH private key and should only exist on your workstation. id_rsa.pub is the SSH public key and can be copied to any server you want to access. Open id_rsa.pub in a text editor and copy all of its contents to your clipboard.

On the controller1 node, use vim, nano, or another command line text editor to create a file, copy the contents from your clipboard into the file, and save the file as workstation.pub.

Then, from the controller1 node, upload the SSH public key to the nova keypair database by running the following command:

nova keypair-add --pub_key workstation.pub workstation

With this SSH public key in the nova keypair database, you can assign it to OpenStack Instances upon creation so you can log in via SSH.

Create Quantum/Neutron Networks

Each OpenStack Instance you spin up must be attached to at least one network. There are two types of Quantum/Neutron Networks in OpenStack: Neutron Tenant Networks and Neutron Provider Networks.

A whole book could be written describing exactly what each type of network is and does, but in summary, a Neutron Tenant Network is a software defined network that exists solely within the OpenStack environment and a Neutron Provider Network is a network that always maps to a physical network (flat or VLAN) that is terminated on a physical networking device (such as a firewall, load balancer, or router).

Create a Quantum/Neutron Tenant Network

You are going to create a Quantum/Neutron Tenant Network to attach your OpenStack Instances to.

To create a Quantum/Neutron Tenant Network, run one of the following set of commands depending on your version of Rackspace Private Cloud.

If you are running Rackspace Private Cloud v4.1.x with Quantum Networking:

quantum net-create tenant-network-1 --shared

quantum subnet-create tenant-network-1 --name tenant-subnet-1 10.240.0.0/24 --gateway 10.240.0.1 --allocation-pool start=10.240.0.100,end=10.240.0.150 --dns-nameservers list=true 8.8.8.8 8.8.4.4

If you are running Rackspace Private Cloud v4.2.x with Neutron Networking:

neutron net-create tenant-network-1 --shared

neutron subnet-create tenant-network-1 --name tenant-subnet-1 10.240.0.0/24 --gateway 10.240.0.1 --allocation-pool start=10.240.0.100,end=10.240.0.150 --dns-nameservers list=true 8.8.8.8 8.8.4.4

Create a Quantum/Neutron Provider Network

In order for you to communicate with your OpenStack Instance, which will be attached to the Quantum/Neutron Tenant Network you just created, you will need to also create a Quantum/Neutron Provider Network. The Quantum/Neutron Tenant Network will connect to this Quantum/Neutron Provider Network by using a Quantum/Neutron Router (another piece of software defined virtual networking).

In this post you will be attaching your OpenStack Instance to the Quantum/Neutron Tenant Network you just created, but you could also attach your OpenStack Instance to this Quantum/Neutron Provider Network if you do not want to deal with the software defined networking.

To create a Quantum/Neutron Provider Network, run one of the following set of commands depending on your version of Rackspace Private Cloud.

If you are running Rackspace Private Cloud v4.1.x with Quantum Networking:

quantum net-create provider-network-1 --provider:physical_network=ph-eth3 --provider:network_type=flat --shared --router:external=True

quantum subnet-create provider-network-1 192.168.244.0/24 --name provider-subnet-1 --no-gateway --host-route destination=0.0.0.0/0,nexthop=192.168.244.10 --allocation-pool start=192.168.244.100,end=192.168.244.150 --dns-nameservers list=true 8.8.8.8 8.8.4.4

If you are running Rackspace Private Cloud v4.2.x with Neutron Networking:

neutron net-create provider-network-1 --provider:physical_network=ph-eth3 --provider:network_type=flat --shared --router:external=True

neutron subnet-create provider-network-1 192.168.244.0/24 --name provider-subnet-1 --no-gateway --host-route destination=0.0.0.0/0,nexthop=192.168.244.10 --allocation-pool start=192.168.244.100,end=192.168.244.150 --dns-nameservers list=true 8.8.8.8 8.8.4.4

Create a Quantum/Neutron Router and Attach Quantum/Neutron Provider and Tenant Networks

OpenStack Instances connected to a Quantum/Neutron Tenant Network are only accessible within the Quantum/Neutron Tenant Network’s respective Network Namespace on the controller1 node.

One way to provide external connectivity to those OpenStack Instances is to attach the Quantum/Neutron Tenant Network to a Quantum/Neutron Router which is also connected to a Quantum/Neutron Provider Network (this gives the Quantum/Neutron Router external connectivity). Once all of this is connected, and assuming the Quantum/Neutron Provider Network connected to the Quantum/Neutron Router has access to the internet, your OpenStack Instances will have access to the internet.

In addition, if you setup Quantum/Neutron Floating IP addresses (which you will in the next section), you can access your OpenStack Instances externally.

To create a Quantum/Neutron Router, run one of the following commands depending on your version of Rackspace Private Cloud.

If you are running Rackspace Private Cloud v4.1.x with Quantum Networking:

quantum router-create router1

If you are running Rackspace Private Cloud v4.2.x with Neutron Networking:

neutron router-create router1

With the Quantum/Neutron Router created, you can now attach many Quantum/Neutron Tenant Networks and one Quantum/Neutron Provider Network to it.

To attach the Quantum/Neutron Tenant Network tenant-subnet-1 that you created above, run one of the following commands depending on your version of Rackspace Private Cloud.

If you are running Rackspace Private Cloud v4.1.x with Quantum Networking:

quantum router-interface-add router1 tenant-subnet-1

If you are running Rackspace Private Cloud v4.2.x with Neutron Networking:

neutron router-interface-add router1 tenant-subnet-1

To attach the Quantum/Neutron Provider Network provider-network-1 as the default gateway for the Quantum/Neutron Router, run one of the following commands depending on your version of Rackspace Private Cloud.

If you are running Rackspace Private Cloud v4.1.x with Quantum Networking:

quantum router-gateway-set router1 provider-network-1

If you are running Rackspace Private Cloud v4.2.x with Neutron Networking:

neutron router-gateway-set router1 provider-network-1

Create Quantum/Neutron Floating IP Addresses

The OpenStack Instances you spin up will be given IP address in the 10.240.0.0/24 network which is a Neutron Tenant Network isolated to your OpenStack environment; you cannot communicate with this network from your workstation and you will only be able to communicate with this network from within the Network Namespace on your controller1 node.

However, you can communicate with the 192.168.244.0/24 network from your workstation. So, since you have already created a flat Neutron Provider Network and a Neutron Router (which has a default gateway on the 192.168.244.0/24 network), you can create floating IP addresses within the 192.168.244.0/24 network, assign them to your OpenStack Instances, and begin communicating with your OpenStack Instances from your workstation.

To create floating IP addresses from the provider-network-1 Neutron Provider Network, run one of the following commands.

If you are running Rackspace Private Cloud v4.1.x with Quantum Networking:

quantum floatingip-create provider-network-1

If you are running Rackspace Private Cloud v4.2.x with Neutron Networking:

neutron floatingip-create provider-network-1

This command is a bit odd. If you need N number of floating IP addresses you run the command N number of times.

To see all of the allocated floating IP addresses, run quantum floatingip-list or neutron floatingip-list depending on the version of Rackspace Private Cloud you are running.

You will attach one of these floating IP address to your OpenStack Instance in the Communicate With Your OpenStack Instance section below.

Spin Up Your First OpenStack Instance

You are now ready to spin up your first OpenStack Instance.

First, you will need to get the ID of Quantum/Neutron Tenant Network tenant-network-1 you created earlier by running quantum net-list or neutron net-list depending on your version of Rackspace Private Cloud, and copying the id.

On the controller1 node, create the OpenStack Instance by running the following command:

nova boot test1 --image ubuntu-server-12.04 --flavor m1.custom --key-name workstation --nic net-id=ID_OF_TENANT_NETWORK_1

Because you are using software virtualization, it may take a couple of minutes for the OpenStack Instance to be created. You can monitor the progress by running nova console-log test1 from the controller1 node.

Assign a Floating IP Address to Your OpenStack Instance

You already allocated N number of floating IP addresses, so now it is time to assign one of those floating IP addresses to your OpenStack Instance.

First, you will need to get the id of one of the floating IP addresses. Run quantum floatingip-list or neutron floatingip-list depending on the version of Rackspace Private Cloud you are running. Choose any floating IP address that is not currently assigned to an OpenStack Instance and copy the id.

Second, you will need to get the id of the Quantum/Neutron Port your OpenStack Instance is connected to. Run quantum port-list or neutron port-list, find the row with IP address 10.240.0.100, and copy the id.

Now you can assign the floating IP address to your OpenStack Instance by running one of the following commands depending on your version of Rackspace Private Cloud.

If you are running Rackspace Private Cloud v4.1.x with Quantum Networking:

quantum floatingip-associate ID_FLOATING_IP ID_NEUTRON_PORT

If you are running Rackspace Private Cloud v4.2.x with Neutron Networking:

neutron floatingip-associate ID_FLOATING_IP ID_NEUTRON_PORT

After a couple of seconds, the floating IP address will be assigned.

Communicate With Your OpenStack Instance

With your OpenStack Instance booted and a floating IP address assigned to it, you can communicate with it through its floating IP address or through its IP address inside of its Network Namespace.

Communicate through its Floating IP Address

You should now be able to open the terminal application on your workstation and ping or SSH into your OpenStack Instance at the floating IP address you just assigned to it.

Log in via SSH as user ubuntu.

Communicate through its Network Namespace

In addition, because your OpenStack Instance is connected to a Quantum/Neutron Tenant Network, the OpenStack Instance is isolated within a Network Namespace on the controller1 node. If you did not have a floating IP address assigned to your OpenStack Instance, you would need to run commands inside of the particular Network Namespace the OpenStack Instance is a part of on the controller1 node.

On the controller1 node, run ip netns list. There should be one entry returned that starts with qdhcp followed by a dash followed by a UUID which matches the ID of the Quantum/Neutron Tenant Network you created above. The network stack of the Quantum/Neutron Tenant Network you created above runs within this Network Namespace and is isolated from everything else. If you created another Quantum/Neutron Tenant Network, another Network Namespace would be created and it too would be isolated from everything else.

To run commands inside the Network Namespace, copy the name of the Network Namespace returned from the command above (I’m going to use qdhcp-24cc7957-ee4b-4395-bb5b-c6d509b9db77 as an example), and run ip netns exec qdhcp-24cc7957-ee4b-4395-bb5b-c6d509b9db77 COMMAND.

For example, to see the routing table inside the Network Namespace, run ip netns exec qdhcp-24cc7957-ee4b-4395-bb5b-c6d509b9db77 route -n. The output should look similar to the following:

root@controller1:~# ip netns exec qdhcp-24cc7957-ee4b-4395-bb5b-c6d509b9db77 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.240.0.0      0.0.0.0         255.255.255.0   U     0      0        0 tapc8b4310c-d5
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 tapc8b4310c-d5

If you run route -n from your controller1 node, the output would look completely different because your controller1 node has a completely different network stack compared to the network stack of the Network Namespace.

To ping the OpenStack Instance you created above, run nova list to obtain the IP address assigned to your OpenStack Instance (I’m going to use 10.240.0.100 as an example), then run ip netns exec qdhcp-24cc7957-ee4b-4395-bb5b-c6d509b9db77 ping 10.240.0.100. You should have a successful ping.

To SSH into your OpenStack Instance run ip netns exec qdhcp-24cc7957-ee4b-4395-bb5b-c6d509b9db77 ssh ubuntu@10.240.0.100. For this to work you will need to put the SSH private key on your workstation into /root/.ssh/id_rsa on the controller1 node and also run chmod 600 /root/.ssh/id_rsa on the controller1 node.



comments powered by Disqus