IT-SDK-OpenStack

Source

• Storage: https://docs.openstack.org/arch-design/design-storage/design-storage-concepts.html#table-openstack-storage

Progress

done: 01. Introduction
done: 02. Cloud Fundamentals
done: 03. Managing Guests Virtual Machines with OpenStack Compute !!!
done: 04. Components of an OpenStack Cloud - Part One
done: 05. Components of an OpenStack Cloud - Part Two <>
done: 06. Reference Architecture <>
done: 07. Deploying Prerequisite Services <>
done: 08. Deploying Services Overview
done: 09. Advanced Software Defined Networking with Neutron - Part One <>
done: 10. Advanced Software Defined Networking with Neutron - Part Two
11. Distributed Cloud Storage with Ceph
12. OpenStack Object Storage with Swift
13. High Availability in the Cloud <>
14. Cloud Security with OpenStack <>
15. Monitoring and Metering <>
16. Cloud Automation
17. Conclusion <>

FastNotes

• devstack-node-cc >>> DevStack node Cloud Controller
• devstack-node-cw >>> DevStack node Cloud Worker
• /opt/host >>> The Horizon URL

BUI-Notes

• Create A Project
• Create A User
• Create A Role
• Create A Network (Network, Subnet, Router, Port, Security)
• Create A Instance
• Create A Floating IP

• Project -> Network -> Network Topology
• Project -> Network -> Routers
• Project -> Network -> Floating IPs

• Project -> Compute -> Instances
• Project -> Compute -> Images
• Admin -> System -> System Information
• Identity -> Projects

CLI-Notes

$ pwd
$ id
$ sudo -i
$ su - ubuntu

$ useradd -m -d /home/ubuntu -s /bin/bash ubuntu
$ passwd ubuntu

$ echo "stack ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
$ diff before.out after.out

$ grep ADMIN_PASSWORD .localrc.auto
$ grep DATABASE_PASSWORD local.conf

IP-Notes

sudo ip addr show ens3
sudo ip route
sudo ip route add 10.10.0.0/24 via 192.168.5.1 dev eth0

sudo ip netns list
sudo ip netns exec qrouter-2bd990fc-6b46-4247-9bdc-94464334207f ip a
sudo ip netns exec qrouter-27bcb5f9-8af5-419f-a0ff-9d109314c8b8 ssh cirros@10.10.0.2
sudo ip netns exec qrouter-2bd990fc-6b46-4247-9bdc-94464334207f ssh -i ~/.ssh/finance-key cirros@10.10.0.6

PDO-Installation

$ yum install -y centos-release-openstack-pike
$ yum install -y openstack-packstack
$ sudo packstack --allinone
$ sudo packstack --gen-answer-file=answers.txt

Load source functions

$ cp keystonerc_admin keystonerc_finance
$ vi keystonerc_finance
-------------------------------------------
<span class="k">
export OS_USERNAME=tester
export OS_PROJECT_NAME=finance
export PS1=’[\u@\h \W(keystone_tester)]\$ ’
</span>
-------------------------------------------
$ source openrc admin (ubuntu@compute-node)
$ source openrc admin (ubuntu@devstack-cc)
$ source keystonerc_admin
$ source keystonerc_finance

OpenStack-CLI

openstack project list
openstack project create finance

openstack user list
openstack user create --project finance --password openstack --email centos@localhost tester

openstack role show f617b324f31d400eb82500a285e6ce8d
openstack role add --user tester --project finance _member_
openstack role assignment list --user admin --project demo

openstack network list
openstack network create finance-internal

openstack subnet create sub-financial-int --subnet-range 10.0.0.0/24 --network finance-internal

openstack router create finance-router
openstack router set --external-gateway public finance-router
openstack router add subnet finance-router sub-financial-int
openstack router show bk-router |grep id

openstack server list
openstack server add volume ...

openstack volume list
openstack volume show volumeName
openstack volume type create typeName
openstack volume create --size 1 --type typeName volumeName 
openstack volume snapshot list
openstack volume snapshot create --volume volumeName snapName

openstack security group list
openstack security group create --description "Allow http and ssh traffic" groupName
openstack security group rule list ruleName
openstack security group rule create --protocol tcp --ingress --dst-port 22 groupName
openstack security group rule create --protocol tcp --ingress --dst-port 80 groupName

openstack hypervisor list
openstack catalog list
openstack endpoint list
openstack server list
openstack host list
openstack image list
openstack flavor list

Neutron-CLI (Network)

neutron net-list

Nova-CLI (Compute)

nova list
nova show bc1
nova hypervisor-list
nova flavor-list
nova flavor-create smallfry 6 512 2 1
nova service-list --binary nova-compute
nova keypair-list
nova keypair-add --pub-key ~/.ssh/finance-key.pub finance-key
nova boot --flavor smallfry --image cirros --security-group web-ssh --key-name finance-key --nic net-id=ffe41f70-962f-4693-9014-2275080cd44a bc1
nova boot --flavor smallfry --image cirros --security-group web-ssh --key-name finance-key --nic net-id=580b9d4e-c3da-4215-b9e7-91f349e581c6 bc2

Glance-CLI (Image)

glance image-list

Ceph-CLI (All-in-One Block & Objekt Storage)

• Ceph in Abschnitt 11
• You should consider Ceph if you want to manage your object and block storage within a single system, or if you want to support fast boot-from-volume.
• >>> RDO Cloud Controller: rdo-cc
• >>> Ceph OSD nodes: storage1, storage2, storage3

$ yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ vim /etc/yum.repos.d/start-ceph.repo
---------------------------------------
[ceph-noarch]
name=Ceph noarch packages
baseurl=https://download.ceph.com/rpm-luminous/el7/noarch
enabled=1
gpgcheck=1
type=rpm-md
gpgkey=https://download.ceph.com/keys/release.asc
---------------------------------------
$ timedatectl
$ useradd -d /home/ceph -m ceph
$ id ceph
$ echo ceph | passwd --stdin ceph
$ echo "ceph ALL = (root) NOPASSWD:ALL" > /etc/sudoers.d/ceph
$ chmod 0400 /etc/sudoers.d/ceph
$ sudo sed -i 's/PasswordAuthentication\ no/PasswordAuthentication\ yes/' /etc/ssh/sshd_config
$ sudo grep PasswordAuth /etc/ssh/sshd_config
---------------------------------------
#PasswordAuthentication yes
PasswordAuthentication yes
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication, then enable this but set PasswordAuthentication
---------------------------------------
$ sudo systemctl restart sshd
$ ssh-keygen
$ hostname -s
$ sudo vim /etc/hosts
$ ssh-copy-id ceph@storage1
$ ssh-copy-id ceph@storage2
$ ssh-copy-id ceph@storage3
$ ssh-copy-id ceph@rdo-cc
$ sudo sed -i 's/requiretty/\!requiretty/' /etc/sudoers
$ sudo setenforce 0; sudo yum -y install yum-plugin-priorities ##Disable SELinux
$ sudo ls -l /etc/yum.repos.d/ceph*
$ sudo rm /etc/yum.repos.d/ceph.repo.rpmnew

Cinder-CLI (Storage-Block)

• As for OS-Harddisk

cinder help encryption-type-create
cinder encryption-type-create ...
cinder show crypt-vol

Swift-CLI (Storage-Objekt)

The common network based object storage (Swift / Cehp)

source keystonerc_admin
df -ha |grep swift
swift post orders
swift list
swift stat
swift list orders
swift stat orders
swift stat -v
swift post orders -r ".r:*"
swift post orders -r "SoftwareTesters:*"
swift post orders -w "SoftwareTesters:developer1"
swift post orders -w "SoftwareTesters:developer2,Admin:*"
swift upload orders /etc/hosts
swift stat orders etc/hosts
swift post orders etc/hosts -H "X-Delete-After:600"
swift stat orders etc/hosts
date +'%s'
swift post orders etc/hosts -H "X-Delete-At:1486071948"
swift stat orders etc/hosts
swift post orders etc/hosts -H "X-Remove-Delete-At:"
swift stat orders etc/hosts
swift download orders etc/hosts -o localfile
cat localfile
swift post -m 'web-listings: true orders'
swift post -m 'web-listings-css:listing.css' orders
swift post orders etc/hosts -H "X-Delete-After:30"
sleep 30
swift stat orders etc/hosts
openstack
(openstack)
(openstack) help object store account set
(openstack) object create orders /etc/group
(openstack) object list orders
(openstack) object show orders /etc/group
(openstack) object store account show
(openstack) object delete orders /etc/group
(openstack) object store account show