Difference between revisions of "IT-SDK-OpenStack"

From wiki.samerhijazi.net
Jump to navigation Jump to search
(Neutron-Notes)
(Source)
 
(37 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
</pre>
 
</pre>
==Progress==
+
==Source==
<pre class="code">
+
* DevStack: https://docs.openstack.org/devstack/latest/
done: 01. Introduction
+
* Storage: https://docs.openstack.org/arch-design/design-storage/design-storage-concepts.html#table-openstack-storage
done: 02. Cloud Fundamentals
+
* RDO: https://www.rdoproject.org/
done: 03. Managing Guests Virtual Machines with OpenStack Compute !!!
 
done: 04. Components of an OpenStack Cloud - Part One
 
done: 05. Components of an OpenStack Cloud - Part Two <>
 
done: 06. Reference Architecture <>
 
done: 07. Deploying Prerequisite Services <>
 
done: 08. Deploying Services Overview
 
done: 09. Advanced Software Defined Networking with Neutron - Part One <>
 
done: 10. Advanced Software Defined Networking with Neutron - Part Two
 
11. Distributed Cloud Storage with Ceph
 
12. OpenStack Object Storage with Swift
 
13. High Availability in the Cloud <>
 
14. Cloud Security with OpenStack <>
 
15. Monitoring and Metering <>
 
16. Cloud Automation
 
17. Conclusion <>
 
</pre>
 
  
 
==FastNotes==
 
==FastNotes==
* devstack-node-cc >>> DevStack node Cloud Controller
+
* devstack-node-cc >>> '''Cloud Controller''' <<< (ubuntu@devstack-cc)
* devstack-node-cw >>> DevStack node Cloud Worker
+
* devstack-node-cn >>> '''Cloud Node''' <<< (ubuntu@compute-node)
 +
 
 
* /opt/host >>> The Horizon URL
 
* /opt/host >>> The Horizon URL
  
Line 31: Line 16:
 
* Create A Role
 
* Create A Role
 
* Create A Network (Network, Subnet, Router, Port, Security)
 
* Create A Network (Network, Subnet, Router, Port, Security)
 +
* Create A Floating IP
 
* Create A Instance
 
* Create A Instance
* Create A Floating IP
 
 
----------------------------------------------------------------
 
----------------------------------------------------------------
 
* Project -> Network -> Network Topology
 
* Project -> Network -> Network Topology
Line 40: Line 25:
 
* Project -> Compute -> Instances
 
* Project -> Compute -> Instances
 
* Project -> Compute -> Images
 
* Project -> Compute -> Images
 +
----------------------------------------------------------------
 
* Admin -> System -> System Information
 
* Admin -> System -> System Information
 
* Identity -> Projects
 
* Identity -> Projects
Line 47: Line 33:
 
$ pwd
 
$ pwd
 
$ id
 
$ id
 +
$ hostname -s
 +
$ sudo chmod +r
 +
 
$ sudo -i
 
$ sudo -i
 
$ su - ubuntu
 
$ su - ubuntu
Line 62: Line 51:
 
==IP-Notes==
 
==IP-Notes==
 
<pre class="code">
 
<pre class="code">
sudo ip addr show ens3
+
hostname -I                    # Display IP-Adresse
 +
 
 +
sudo virsh list --all
 +
 
 +
sudo ip addr show
 +
sudo ip addr show eth01
 +
 
 
sudo ip route
 
sudo ip route
 
sudo ip route add 10.10.0.0/24 via 192.168.5.1 dev eth0
 
sudo ip route add 10.10.0.0/24 via 192.168.5.1 dev eth0
Line 95: Line 90:
 
$ source keystonerc_admin
 
$ source keystonerc_admin
 
$ source keystonerc_finance
 
$ source keystonerc_finance
 +
 +
$ ./tools/discover_hosts.sh
 
</pre>
 
</pre>
  
Line 109: Line 106:
 
openstack role assignment list --user admin --project demo
 
openstack role assignment list --user admin --project demo
  
openstack network list
+
openstack network list                             # View neutron networking
 
openstack network create finance-internal
 
openstack network create finance-internal
  
 
openstack subnet create sub-financial-int --subnet-range 10.0.0.0/24 --network finance-internal
 
openstack subnet create sub-financial-int --subnet-range 10.0.0.0/24 --network finance-internal
 +
 +
openstack port list |grep beeccd33
  
 
openstack router create finance-router
 
openstack router create finance-router
Line 127: Line 126:
 
openstack volume create --size 1 --type typeName volumeName  
 
openstack volume create --size 1 --type typeName volumeName  
 
openstack volume snapshot list
 
openstack volume snapshot list
openstack volume snapshot create --volume volumeName snapName
+
openstack volume snapshot create --volume volumeName snapName         # Create a snapshot of the volume and verify it.
  
 
openstack security group list
 
openstack security group list
Line 135: Line 134:
 
openstack security group rule create --protocol tcp --ingress --dst-port 80 groupName
 
openstack security group rule create --protocol tcp --ingress --dst-port 80 groupName
  
openstack hypervisor list
+
Project -> Orchestration -> Resource Types
openstack catalog list
+
openstack stack create -t hello_world-1.yaml stackName
openstack endpoint list
+
openstack stack update -t hello_world-2.yaml stackName
openstack server list
+
openstack stack list
openstack host list
+
openstack stack show stackName
openstack image list
+
openstack stack delete stackName
 +
openstack stack snapshot list stackName  # Verify the status of the snapshot
 +
openstack stack snapshot restore stackName snapshotID  # Using the ID and the stack to rollback undo whatever has changed since the snapshot was taken
 +
 
 +
openstack server list                    # Get a list of instances.
 +
openstack server show stackServerName    # To view the newly attached storage device.
 +
openstack server stop stackServerName    # Shut down the instance
 +
 
 +
openstack hypervisor list                 # View the running hypervisors.
 +
openstack catalog list                   # View some of the RESTapi addresses
 +
openstack endpoint list                   # openstack uses special IDs called endpoints to communicate between services.
 +
openstack host list                       # As a collection of federated services other hosts will support OpenStack services.
 +
openstack image list                     # View the OS images uploaded to glance
 
openstack flavor list
 
openstack flavor list
 
</pre>
 
</pre>
  
==Neutron-CLI==
+
==Neutron-CLI (Network)==
 
<pre class="code">
 
<pre class="code">
 
neutron net-list
 
neutron net-list
 
</pre>
 
</pre>
  
==Nova-Notes==
+
==Nova-CLI (Compute)==
 
<pre class="code">
 
<pre class="code">
 
nova list
 
nova list
Line 163: Line 174:
 
</pre>
 
</pre>
  
==Cinder-Notes==
+
==Glance-CLI (Image)==
<pre class="code">
 
cinder help encryption-type-create
 
cinder encryption-type-create ...
 
cinder show crypt-vol
 
</pre>
 
==Glance-Notes==
 
 
<pre class="code">
 
<pre class="code">
 
glance image-list
 
glance image-list
 +
glance image-create --name=wceph --disk-format=raw --container-format=bare --progress < cirros-0.4.0-x86_64-disk.img
 
</pre>
 
</pre>
==Ceph-Notes==
+
 
 +
==Ceph-CLI (All-in-One Block & Objekt Storage)==
 
* Ceph in Abschnitt 11
 
* Ceph in Abschnitt 11
 +
* You should consider Ceph if you want to manage your object and block storage within a single system, or if you want to support fast boot-from-volume.
 
* >>> RDO Cloud Controller: rdo-cc
 
* >>> RDO Cloud Controller: rdo-cc
 
* >>> Ceph OSD nodes: storage1, storage2, storage3
 
* >>> Ceph OSD nodes: storage1, storage2, storage3
Line 217: Line 225:
 
</pre>
 
</pre>
  
==Swift-Notes==
+
==Cinder-CLI (Storage-Block)==
The common network based object storage (Swift / Cehp)
+
* As for OS-Harddisk
 +
<pre class="code">
 +
cinder help encryption-type-create
 +
cinder encryption-type-create ...
 +
cinder show crypt-vol
 +
</pre>
 +
 
 +
==Swift-CLI (Storage-Objekt)==
 +
* '''BUI: Project -> Object Store -> Containers'''
 +
* The common network based object storage (Swift / Cehp)
 
<pre class="code">
 
<pre class="code">
source keystonerc_admin
+
date +'%s'
 +
sleep 30
 
df -ha |grep swift
 
df -ha |grep swift
swift post orders
+
 
 
swift list
 
swift list
 +
swift list containerName
 +
 
swift stat
 
swift stat
swift list orders
 
swift stat orders
 
 
swift stat -v
 
swift stat -v
swift post orders -r ".r:*"
+
swift stat containerName
swift post orders -r "SoftwareTesters:*"
+
 
swift post orders -w "SoftwareTesters:developer1"
+
swift post orders                                        # Create a new container called orders, perhaps to hold online orders for a website
swift post orders -w "SoftwareTesters:developer2,Admin:*"
+
swift post orders -r ".r:*"                               # Allowing ready by everyone
swift upload orders /etc/hosts
+
swift post orders -r "SoftwareTesters:*"                 # Narrow down read permissions to members of the SoftwareTesters group
 +
swift post orders -w "SoftwareTesters:developer1"         # Set a write ACL to be just a single user, developer1 in the SoftwareTesters group
 +
swift post orders -w "SoftwareTesters:developer2,Admin:*" # only developer2 from SoftwareTesters can write but all members of the Admin group can write
 +
 
 +
swift post orders etc/hosts -H "X-Delete-After:30"        # Set an expire time in seconds
 +
swift post orders etc/hosts -H "X-Delete-After:600"      # Configure the existing object to expire after ten minutes.
 +
swift post orders etc/hosts -H "X-Delete-After:1486074"  # Set the object to expire at a particular time in the future
 +
swift post orders etc/hosts -H "X-Remove-Delete-At:"      # If we decide we don’t want the object to expire
 +
 
 +
swift upload orders /etc/hosts                           # Upload a file to the orders container
 +
swift download orders etc/hosts -o localfile              # Download the file via the command line
 
swift stat orders etc/hosts
 
swift stat orders etc/hosts
swift post orders etc/hosts -H "X-Delete-After:600"
+
 
swift stat orders etc/hosts
+
(openstack) object list orders                          # View the objects in the orders container
date +'%s'
+
(openstack) object create orders /etc/group             # Upload the /etc/group file to the orders container
swift post orders etc/hosts -H "X-Delete-At:1486071948"
+
(openstack) object show orders /etc/group               # View the newly updated object
swift stat orders etc/hosts
+
(openstack) object store account show                   # View the object store information
swift post orders etc/hosts -H "X-Remove-Delete-At:"
+
(openstack) object delete orders /etc/group             # Delete the group file
swift stat orders etc/hosts
+
</pre>
swift download orders etc/hosts -o localfile
+
 
cat localfile
+
==Heat-Stack (Orchestration)==
swift post -m 'web-listings: true orders'
+
* Heat is the main project in the OpenStack Orchestration program. It implements an orchestration engine to launch multiple composite cloud applications based on templates in the form of text files that can be treated like code.
swift post -m 'web-listings-css:listing.css' orders
+
* '''Project -> Orchestration -> Resource Types'''
swift post orders etc/hosts -H "X-Delete-After:30"
+
<pre class="code">
sleep 30
+
tar xvf heat-templates.tar
swift stat orders etc/hosts
+
 
openstack
+
openstack stack create -t hello_world-1.yaml stackName
(openstack)
+
openstack stack update -t hello_world-2.yaml stackName
(openstack) help object store account set
+
openstack stack list
(openstack) object create orders /etc/group
+
openstack stack show stackName
(openstack) object list orders
+
openstack stack delete stackName
(openstack) object show orders /etc/group
+
openstack stack snapshot list stackName                # Lists the status of the snapshot.
(openstack) object store account show
+
openstack stack snapshot create stackName              # Create a snapshot.
(openstack) object delete orders /etc/group
+
openstack stack snapshot restore stackName snapshotID  # Rollback/Restore the stack to the snapshot status.
(openstack) object store account show
 
 
</pre>
 
</pre>

Latest revision as of 02:28, 8 July 2020

Source

FastNotes

  • devstack-node-cc >>> Cloud Controller <<< (ubuntu@devstack-cc)
  • devstack-node-cn >>> Cloud Node <<< (ubuntu@compute-node)
  • /opt/host >>> The Horizon URL

BUI-Notes

  • Create A Project
  • Create A User
  • Create A Role
  • Create A Network (Network, Subnet, Router, Port, Security)
  • Create A Floating IP
  • Create A Instance
  • Project -> Network -> Network Topology
  • Project -> Network -> Routers
  • Project -> Network -> Floating IPs
  • Project -> Compute -> Instances
  • Project -> Compute -> Images
  • Admin -> System -> System Information
  • Identity -> Projects

CLI-Notes

$ pwd
$ id
$ hostname -s
$ sudo chmod +r

$ sudo -i
$ su - ubuntu

$ useradd -m -d /home/ubuntu -s /bin/bash ubuntu
$ passwd ubuntu

$ echo "stack ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
$ diff before.out after.out

$ grep ADMIN_PASSWORD .localrc.auto
$ grep DATABASE_PASSWORD local.conf

IP-Notes

hostname -I                     # Display IP-Adresse

sudo virsh list --all

sudo ip addr show
sudo ip addr show eth01

sudo ip route
sudo ip route add 10.10.0.0/24 via 192.168.5.1 dev eth0

sudo ip netns list
sudo ip netns exec qrouter-2bd990fc-6b46-4247-9bdc-94464334207f ip a
sudo ip netns exec qrouter-27bcb5f9-8af5-419f-a0ff-9d109314c8b8 ssh cirros@10.10.0.2
sudo ip netns exec qrouter-2bd990fc-6b46-4247-9bdc-94464334207f ssh -i ~/.ssh/finance-key cirros@10.10.0.6

PDO-Installation

$ yum install -y centos-release-openstack-pike
$ yum install -y openstack-packstack
$ sudo packstack --allinone
$ sudo packstack --gen-answer-file=answers.txt

Load source functions

$ cp keystonerc_admin keystonerc_finance
$ vi keystonerc_finance
-------------------------------------------
<span class="k">
export OS_USERNAME=tester
export OS_PROJECT_NAME=finance
export PS1=’[\u@\h \W(keystone_tester)]\$ ’
</span>
-------------------------------------------
$ source openrc admin (ubuntu@compute-node)
$ source openrc admin (ubuntu@devstack-cc)
$ source keystonerc_admin
$ source keystonerc_finance

$ ./tools/discover_hosts.sh

OpenStack-CLI

openstack project list
openstack project create finance

openstack user list
openstack user create --project finance --password openstack --email centos@localhost tester

openstack role show f617b324f31d400eb82500a285e6ce8d
openstack role add --user tester --project finance _member_
openstack role assignment list --user admin --project demo

openstack network list                             # View neutron networking
openstack network create finance-internal

openstack subnet create sub-financial-int --subnet-range 10.0.0.0/24 --network finance-internal

openstack port list |grep beeccd33

openstack router create finance-router
openstack router set --external-gateway public finance-router
openstack router add subnet finance-router sub-financial-int
openstack router show bk-router |grep id

openstack server list
openstack server add volume ...

openstack volume list
openstack volume show volumeName
openstack volume type create typeName
openstack volume create --size 1 --type typeName volumeName 
openstack volume snapshot list
openstack volume snapshot create --volume volumeName snapName          # Create a snapshot of the volume and verify it.

openstack security group list
openstack security group create --description "Allow http and ssh traffic" groupName
openstack security group rule list ruleName
openstack security group rule create --protocol tcp --ingress --dst-port 22 groupName
openstack security group rule create --protocol tcp --ingress --dst-port 80 groupName

Project -> Orchestration -> Resource Types
openstack stack create -t hello_world-1.yaml stackName
openstack stack update -t hello_world-2.yaml stackName
openstack stack list
openstack stack show stackName
openstack stack delete stackName
openstack stack snapshot list stackName   # Verify the status of the snapshot
openstack stack snapshot restore stackName snapshotID  # Using the ID and the stack to rollback undo whatever has changed since the snapshot was taken

openstack server list                     # Get a list of instances.
openstack server show stackServerName     # To view the newly attached storage device.
openstack server stop stackServerName     # Shut down the instance

openstack hypervisor list                 # View the running hypervisors.
openstack catalog list                    # View some of the RESTapi addresses
openstack endpoint list                   # openstack uses special IDs called endpoints to communicate between services.
openstack host list                       # As a collection of federated services other hosts will support OpenStack services.
openstack image list                      # View the OS images uploaded to glance
openstack flavor list

Neutron-CLI (Network)

neutron net-list

Nova-CLI (Compute)

nova list
nova show bc1
nova hypervisor-list
nova flavor-list
nova flavor-create smallfry 6 512 2 1
nova service-list --binary nova-compute
nova keypair-list
nova keypair-add --pub-key ~/.ssh/finance-key.pub finance-key
nova boot --flavor smallfry --image cirros --security-group web-ssh --key-name finance-key --nic net-id=ffe41f70-962f-4693-9014-2275080cd44a bc1
nova boot --flavor smallfry --image cirros --security-group web-ssh --key-name finance-key --nic net-id=580b9d4e-c3da-4215-b9e7-91f349e581c6 bc2

Glance-CLI (Image)

glance image-list
glance image-create --name=wceph --disk-format=raw --container-format=bare --progress < cirros-0.4.0-x86_64-disk.img

Ceph-CLI (All-in-One Block & Objekt Storage)

  • Ceph in Abschnitt 11
  • You should consider Ceph if you want to manage your object and block storage within a single system, or if you want to support fast boot-from-volume.
  • >>> RDO Cloud Controller: rdo-cc
  • >>> Ceph OSD nodes: storage1, storage2, storage3
$ yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ vim /etc/yum.repos.d/start-ceph.repo
---------------------------------------
[ceph-noarch]
name=Ceph noarch packages
baseurl=https://download.ceph.com/rpm-luminous/el7/noarch
enabled=1
gpgcheck=1
type=rpm-md
gpgkey=https://download.ceph.com/keys/release.asc
---------------------------------------
$ timedatectl
$ useradd -d /home/ceph -m ceph
$ id ceph
$ echo ceph | passwd --stdin ceph
$ echo "ceph ALL = (root) NOPASSWD:ALL" > /etc/sudoers.d/ceph
$ chmod 0400 /etc/sudoers.d/ceph
$ sudo sed -i 's/PasswordAuthentication\ no/PasswordAuthentication\ yes/' /etc/ssh/sshd_config
$ sudo grep PasswordAuth /etc/ssh/sshd_config
---------------------------------------
#PasswordAuthentication yes
PasswordAuthentication yes
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication, then enable this but set PasswordAuthentication
---------------------------------------
$ sudo systemctl restart sshd
$ ssh-keygen
$ hostname -s
$ sudo vim /etc/hosts
$ ssh-copy-id ceph@storage1
$ ssh-copy-id ceph@storage2
$ ssh-copy-id ceph@storage3
$ ssh-copy-id ceph@rdo-cc
$ sudo sed -i 's/requiretty/\!requiretty/' /etc/sudoers
$ sudo setenforce 0; sudo yum -y install yum-plugin-priorities ##Disable SELinux
$ sudo ls -l /etc/yum.repos.d/ceph*
$ sudo rm /etc/yum.repos.d/ceph.repo.rpmnew

Cinder-CLI (Storage-Block)

  • As for OS-Harddisk
cinder help encryption-type-create
cinder encryption-type-create ...
cinder show crypt-vol

Swift-CLI (Storage-Objekt)

  • BUI: Project -> Object Store -> Containers
  • The common network based object storage (Swift / Cehp)
date +'%s'
sleep 30
df -ha |grep swift

swift list
swift list containerName

swift stat
swift stat -v
swift stat containerName

swift post orders                                         # Create a new container called orders, perhaps to hold online orders for a website
swift post orders -r ".r:*"                               # Allowing ready by everyone
swift post orders -r "SoftwareTesters:*"                  # Narrow down read permissions to members of the SoftwareTesters group
swift post orders -w "SoftwareTesters:developer1"         # Set a write ACL to be just a single user, developer1 in the SoftwareTesters group
swift post orders -w "SoftwareTesters:developer2,Admin:*" # only developer2 from SoftwareTesters can write but all members of the Admin group can write

swift post orders etc/hosts -H "X-Delete-After:30"        # Set an expire time in seconds
swift post orders etc/hosts -H "X-Delete-After:600"       # Configure the existing object to expire after ten minutes.
swift post orders etc/hosts -H "X-Delete-After:1486074"   # Set the object to expire at a particular time in the future
swift post orders etc/hosts -H "X-Remove-Delete-At:"      # If we decide we don’t want the object to expire

swift upload orders /etc/hosts                            # Upload a file to the orders container
swift download orders etc/hosts -o localfile              # Download the file via the command line
swift stat orders etc/hosts

(openstack) object list orders                           # View the objects in the orders container
(openstack) object create orders /etc/group              # Upload the /etc/group file to the orders container
(openstack) object show orders /etc/group                # View the newly updated object
(openstack) object store account show                    # View the object store information
(openstack) object delete orders /etc/group              # Delete the group file

Heat-Stack (Orchestration)

  • Heat is the main project in the OpenStack Orchestration program. It implements an orchestration engine to launch multiple composite cloud applications based on templates in the form of text files that can be treated like code.
  • Project -> Orchestration -> Resource Types
tar xvf heat-templates.tar

openstack stack create -t hello_world-1.yaml stackName
openstack stack update -t hello_world-2.yaml stackName
openstack stack list
openstack stack show stackName
openstack stack delete stackName
openstack stack snapshot list stackName                # Lists the status of the snapshot.
openstack stack snapshot create stackName              # Create a snapshot.
openstack stack snapshot restore stackName snapshotID  # Rollback/Restore the stack to the snapshot status.
Retrieved from "http://wiki.samerhijazi.net/index.php?title=IT-SDK-OpenStack&oldid=1191"