epcim
10/21/2015 - 9:16 AM

openstack.howto.md

#OpenStack

  • Raw OpenStack refference usage
  • IBM SCO/SCM cmd's and refference usage

Architecture overview

TBD https://docs.openstack.org

Install

TBD

Chef cookbook:

  • tbd
  • tbd

Operation

Configuration

SCO 2.3

/etc/**/policy.json role definitions

CLI cmd's

Install clients:

for prj in barbican ceilometer cinder glance heat magnum manila mistral \
         murano neutron nova sahara swift trove tuskar openstack; do      
    sudo pip install --upgrade python-${prj}client
done

get hosts lists for tenant

source ~/openrc; 
TENANTID=\$(keystone tenant-list |awk '/droneci/ {print $2}'); 
nova list --all-tenants | awk -F'|' \"/$TENANTID/\"' {print $3 $8}'|awk '{print $NF, $1}'

Service / state overview

OpenStack / Keystone

openstack project create droneci
openstack project list

Keystone

deprecated in favor of openstack

keystone tenant-create --name=droneci --description="Drone CI Tenant"
keystone user-create --name=drone --pass=passw0rd --email=petr_michalec@cz.ibm.com
keystone user-create --name=droneci --pass=passw0rd --email=petr_michalec@cz.ibm.com
keystone user-role-add --user=droneci --tenant=droneci --role=admin

Glance

Doc:

cli:

glance list
glance image-list
glance show <UUID of image>

glance image-create --name 'Fedora 20 x86_64' --disk-format qcow2 --container-format bare --is-public true \
--copy-from http://cloud.fedoraproject.org/fedora-20.x86_64.qcow2

Edit images

Edit/modify:

Upload images

URLs:

    "upload_image": {
        "cirros": "http://download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img",
        "ubuntu-precise": "https://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img",
        "ubuntu-trusty": "http://uec-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img",
        "fedora": "http://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.qcow2",
        "centos-6": "http://cloud.centos.org/centos/6/images/CentOS-6-x86_64-GenericCloud.qcow2",
        "centos-7": "http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2"
    }

Quotas

tenant=$(openstack project list | awk '/droneci/ {print $2}')
nova quota-defaults
#nova quota-class-update default --instances 15
# nova quota-update --floating-ips 20 $tenant
# nova quota-show --tenant $tenant
# cinder quota-update XYZ $tenant
# cinder quota-show --tenant $tenant

Nova

keypair-add

nova keypair-add --pub-key=/root/.ssh/id_rsa_bootstrap_insecure.pub bootstrap_insecure

Nova networking

To NAT networks behind network node:

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Neutron

External network: neutron net-create ext-net --router:external True --provider:physical_network external --provider:network_type flat neutron subnet-create ext-net --name ext-subnet --allocation-pool start=FLOATING_IP_START,end=FLOATING_IP_END
--disable-dhcp --gateway EXTERNAL_NETWORK_GATEWAY EXTERNAL_NETWORK_CIDR

Tenant private network: neutron net-create droneci-net neutron subnet-create droneci-net --name droneci-subnet --gateway TENANT_NETWORK_GATEWAY TENANT_NETWORK_CIDR neutron router-create droneci-router neutron router-interface-add droneci-router droneci-subnet neutron router-gateway-set droneci-router ext-net

Example:

service
tenant=$(keystone tenant-list | awk '/service/ {print $2}')
## FIXME how/when default network how tenant['service']

neutron router-delete external
neutron port-list | awk ' /10.10.51/ {print $2}' | xargs neutron port-delete
neutron subnet-delete ext-net-51
neutron net-delete ext-net-51
#
neutron router-create external
neutron net-create ext-net-51 --router:external --provider:physical_network external --provider:network_type flat
neutron net-update ext-net-51 --shared True
neutron subnet-create ext-net-51 --name ext-subnet-51 --allocation-pool start=10.10.51.129,end=10.10.51.190 --disable-dhcp --gateway 10.10.51.1 10.10.51.0/24   aka .128/26 
#neutron router-gateway-set external ext-net-51

neutron net-delete int-100
neutron router-delete internal
neutron router-create internal
neutron net-create int-100
neutron subnet-create int-100 --name int-subnet-100 192.168.100.0/24
neutron router-gateway-set internal ext-net-51
neutron router-interface-add internal int-100

tenant networking
tenant=$(keystone tenant-list | awk '/droneci/ {print $2}')
neutron router-delete droneci-net
neutron port-list | awk ' /192.168.100/ {print $2}' | xargs neutron port-delete
neutron subnet-delete droneci-net
neutron net-delete droneci-net
neutron router-create droneci-net --tenant-id $tenant
neutron net-create droneci-net --tenant-id $tenant
neutron subnet-create droneci-net --name droneci-subnet 192.168.100.0/24 --tenant-id $tenant #--gateway 192.168.100.1
neutron router-gateway-set droneci-net ext-net-51
neutron router-interface-add droneci-net droneci-subnet

INBOX / TO PROCESS

ssh-keygen


nova boot test --image cirros --flavor 1  --security-groups=allow_ssh --key-name=mykey

Access the controller as noted above source openrc nova-manage version nova service-list && nova hypervisor-list glance image-list keystone user-list nova list

To allow SSH access to instances, a nova security group is defined as follows:

nova secgroup-list
nova secgroup-list-rules default
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

nova secgroup-create allow_ssh "allow ssh to instance"
nova secgroup-add-rule allow_ssh tcp 22 22 0.0.0.0/0
nova secgroup-list-rules allow_ssh


nova-manage floating create --pool nova --ip_range 10.10.51.64/26
nova-manage floating create --pool nova --ip_range 10.10.52.64/26

keystone service-list
keystone user-list
keystone tenant-list
keystone endpoint-list
keystone catalog

nova image-list
nova-manage service list
nova-manage network list
nova flavor-list
nova availability-zone-list
nova hypervisor-listta
nova quota-update --<key> <value> <project_name>
nova quota-update --instances 15 --floating-ips 15 classproject
nova-cloud-show
nova-netext-show <Region_name>
cinder list

Restart Compute services:

service openstack-nova-api restart
service openstack-nova-cert restart
service openstack-nova-consoleauth restart
service openstack-nova-scheduler restart
service openstack-nova-conductor restart
service openstack-nova-novncproxy restart   

Restart Networking services.

service neutron-server restart
service neutron-dhcp-agent restart
service neutron-l3-agent restart
service neutron-metadata-agent restart

Also restart your chosen Networking plug-in agent, for example, Open vSwitch.

service neutron-openvswitch-agent restart

Cinder Services restart

service openstack-cinder-api restart
service openstack-cinder-backup restart
service openstack-cinder-scheduler restart
service openstack-cinder-volume restart

On ubuntu run:

 service --status-all | grep nova
 service --status-all | grep neutron      Restart Compute services:

SCM 4.1

SCO 2.3

cd /iaas/scorchestrator
./SCOrchestrator.py (stop|start|)