Friday, 15 February 2013

Openstack Quick Start- Working with Openstack

Openstack Quick Start-
Working with Openstack


In this series of tutorials on Openstack, we have seen how to Set up and Install Openstack using Ubuntu Cloud's Live CD image.

In this tutorial, we are going to walk through how to use Openstack as your IaaS provider.

In this scenario, we are going to use the Admin console to create a new Project and user. Later this User will create his own security groups, key pairs and launch a test instance.

So without further adieu, lets get started...

NOTE: This guide is assuming you have the Openstack setup as described in Part 1 and Part 2 of this how-to series.

The first thing we are going to do is create a "New Project" for our demo user to work out of. 

To do so, simply log in to your Openstack using the username / password:  ubuntu / ubuntu123 (NOTE: This is the default password supplied with the Ubuntu Cloud Live CD Image)

In the "Projects" tab, select the option "Create New Project"

Supply a "Name" for your new project. the "Description" field is optional but it will be better if you fill it out.. just a good practice :-) 

Make sure the "Enabled" checkbox is checked. By default, it will always be checked.

Once done, click "Create Project"

Your New Project will be create and displayed as shown below. Note the unique Project ID that was auto-generated. This can be used as a reference to your unique Project for launching instances, creating user groups etc.

The next thing to do is create a user. So browse to the "Users" Tab and select the option "Create User"

Here, provide the necessary info for your new user like the Name, Email, Password. Also, you can associate a user with a Openstack Project by selecting the "Primary Project" from the drop-down list provided. Once all filled, click on "Create User"

Your new user will be created along with an auto-generated ID as well. You can now log off the Admin user and log in to Openstack using this newly created user.

NOTE: The Login "User Name" is also case sensitive. So use the same and capitalization (if any) as you provided for in the User Creation steps.

Once you log in, you will notice that the "Project" has changed to the one you created in the earlier steps. 

This type of Project creation helps Cloud Administrators to create isolated environments in Openstack, each with their own set of users, quotas and VM Images as well.

We will now begin the process of launching our first instance in Openstack. To do so, we first need to do some housekeeping..

While still logged in as <User>, go to the "Access and Security" Tab. Select the "Create Security Group" option as shown.

The Security Group can be used to open incoming and outgoing ports for your instances. You can have multiple Security Groups associated for each new instance.

In the pop-up, provide a "Name" for your "Security Group" along with a Description. The Description is optional but recommended.. Once done, click "Create Security Group"

You will see your new Security Group created as shown. Click on the adjoining "Edit Rules" option to add your security rules. 

In the following pop-up, you can add your very own custom rules for your VM instances.

From the "IP Protocol" drop-down, select the protocol for which you want to set up the IP rule, in this case the protocol is TCP. You can set rules for UDP as well with the same steps.

You can specify a range of ports to be OPENED using the "From Port" and "To Port" fields. In case you want to open a single port, then simply provide the same Port value in both the fields as shown below.

Select the source group as "CIDR" and provide a CIDR according to your needs. In my case, I have provided which translates to any IP address using any subnet mask.

To know more on CIDR CLICK HERE
To calculate your own CIDR value CLICK HERE 

So, the below set rules translates to:

Open TCP port 22 for ALL incoming IP addresses for some particular instance.

Once done, select "Add Rule"

You can add multiple such rules by selecting the "Edit Rule" option as we did in the earlier steps.

In this case, I have added a second rule to allow traffic from ALL IP address on TCP port 23 for my instance.

The instance associated with THIS Security Group will have incoming traffic on ports 22 and 23 respectively.

The next thing to do is create a Keypair. In the "Access and Security" Tab, select "Create Keypair" option to get started.

Provide a suitable "Name" for your Keypair. This Keypair will be used by the launched instance to authenticate the user when we try to take a remote access to it. Its basically a encrypted password-like file :-)

Once you select the "Create Keypair" option, Openstack will auto-generate a .PEM file and prompt you to save this. Save this file on your UBUNTU VM (Openstack VM) itself. 

NOTE: Each user can have multiple Keypairs. 

With all these basic housekeeping tasks done, we are now ready to launch our first instance. 

The Ubuntu Cloud Live CD provides a demo VM Image that we imported into Glance in our EARLIER POST. If the import was successful, you should see the Image in the "Images and Snapshots" Tab as shown below.

Select the "Launch" option to launch an instance of this Image.

You will be provided with a pop-up which will ask you to fill out few details for your Instance. 

For example, the "Server Name", by which your instance will be visible on the Openstack dashboard, "User Data"; where you can supply some user data for your instance at start up, "Flavor"; the the of instance you want to launch: Tiny, Small, Medium, Large, XLarge etc. You can also select your "Keypair" and "Security Group" that were created in the earlier steps here.

NOTE: You can assign ONLY ONE Keypair per launching of an instance, but you can use the same Keypair for other instances.
You can associate MORE THAN ONE Security Groups per Instance.

Once you have entered your Instance details, simply "Launch" the instance.

Your Instance will take few seconds to show the status as "Active"

Once your instance is powered ON, you can note down its "IP Address". We will use this IP to SSH into our Instance. 

You can change the "state" of your Instance; i.e. Pause, Suspend, Reboot, Terminate instance by selecting the "Edit Instance" option provided alongside.

Now, return to the Ubuntu Desktop and launch a new Terminal window. (You can use the key combination: Ctrl - Alt - T)

The first thing to do here is browse to the location where you saved the .PEM file. Once found, change its permissions so that it can be accessed by you.

$ chmod 600 <YOUR PEM FILENAME>

You are now ready to SSH into your Instance. To do so, type the following command:

$ ssh -i <YOUR PEM FILENAME> -l cirros <INSTANCE IP>

Here, cirros is the username of the Cirros Instance.

You will get a Authenticity Warning message prompting you whether you wish to continue taking access to this Instance. Provide "Yes" as the option. 

If all goes well, you will now have taken a successful SSH into your Instance.

If you want to try out different Images, you can start by downloading some Ubuntu Cloud ready ones from 

To Download; Select your choice of Ubuntu release --> Current --> <Release>-cloudimg-<Architecture>-disk1.img

Or, you can also do a wget from your Ubuntu Terminal:

$ wget ''

Once your new Image is downloaded, verify it out. In my case, I manually downloaded it and placed it inside /opt/mnt folder. (This folder was mounted on a 20GB HDD attached to the Ubuntu VM. You can refer PART 1 for the exact steps and know how)

$ glance -T {PROJECTNAME} -I {USERNAME} -K {PASSWORD} -N add name="{NAME_OF_YOUR_OS}" is_public="true" disk_format=raw container_format=ovf < {YOUR_img_FILE}

The new image will be added to Glance and you can check it out using Openstack dashboard >> "Images and Snapshots"

You can once again launch Instances using this Image as detailed out in this post. 

That's it folks for now.. With this, you should have gotten a fairly good understanding of what Openstack is and how to use it.

Stay tuned for more such Tutorials coming your way !! 

No comments :

Post a Comment

Note: only a member of this blog may post a comment.