• Sales: 1-800-961-2888
  • Support: 1-800-961-4454

Rackspace Private Cloud Software - Creating an Instance in the Cloud


OpenStack administration is documented in detail in the OpenStack Compute Administration Manual. In this section, we discuss key tasks you should perform that will allow you to launch instances. Refer to the official OpenStack documentation for more information.

For these tasks, you must be logged in to the Dashboard as the admin user. These tasks can also be performed on the command line; some tasks require you to be logged into the controller via SSH, and some can be performed via python-novaclient on the controller or on a workstation.

You should also be familiar with the material documented in "Accessing the Cloud".

NOTE: Nova volumes are not supported in Rackspace Private Cloud. For block storage, refer to the instructions for configuring OpenStack Block Storage.

Image Management
Uploading AMI Images
Converting VMDK Linux Images
Network Management
Create a Project
Generate an SSH Keypair
Update the Default Security Group
Create an Instance
Accessing the Instance
Logging In to the Instance
Accessing the Instance By SSH
Managing Floating IP Addresses
What's next?

Image Management

For more information about downloading and creating additional images, refer to the OpenStack Virtual Machine Image Guide.

Images can be added via the Horizon dashboard when logged in as the admin user. Currently only images accessible via http URL are supported, and the URL must be a valid and direct URL. Compressed image binaries in .zip and .tar.gz format are supported.

  1. Ensure that the Admin tab in the navigation panel is in view, and select Images.
  2. Click Create New Image.
  3. Enter the URL path to the image.
  4. Select the image format from the drop-down menu.
  5. Enter the minimum disk size in GB and the minimum RAM in MB.
  6. Select the Public option to make the image available to all users.
  7. Click Create Image. The new image will appear in the Images table.

Adding an image with the command line

You can use glance image-create when logged into the controller node, or if you have Glance client installed on your local workstation and have configured your environment with administrative user access to the controller.

In the following example, the user has a virtual disk image in qcow2 format stored on the local file system at /tmp/images/test-image.img. When the image is imported, it will be named "Test Image" and will be public to any Glance user with access to the controller.

$ glance image-create --name "Test Image" --is-public true \
   --container-format=bare --disk-format qcow2  < /tmp/images/test-image/img 
        

If the image is successfully added, Glance will return a confirmation similar to the following:

Added new image with ID: 85a0a926-d3e5-4a22-a062-f9c78ed7a2c0
        

More information is available via the command glance help add.

Uploading AMI Images

AMI images can be added with the glance image-create command as described above. However, since AMI disk images do not include kernels, you will first need to upload a kernel to Glance, as in the following example.

$ glance image-create name="<kernelImageName>" is_public=true \
  --container_format=aki --disk_format=aki < <imagePath>   
                

After the kernel has been uploaded, you can then upload the AMI image, specifying the Glance ID of the uploaded kernel with the kernel_id property.

$  glance image-create name="<imageName>" is_public=true \
  --container_format=ami --disk_format=ami \
  --property kernel_id=<kernelImageGlanceID> < <imagePath>  
                

Converting VMDK Linux Images

Rackspace has developed a Python-based tool that enables you to convert and upload single-disk Linux VMDK images. Multi-disk and Windows image conversions are not available at this time.

This tool can be used on any workstation that supports Python. Before you begin, ensure that you have installed libguestfs, python-libguestfs, python-hivex on your workstation.

  1. Clone the conversion script from https://github.com/rcbops/support-tools/tree/master/vmdk-conversion.
  2. Use the source command to copy your Nova environment variables to your workstation.
  3. To ensure that your environment is configured correctly, run the glance index command. If the command executes successfully and returns a list of available images, you are ready to proceed.
  4. You can now run convert.py. You can use the following options:
    • -i, --input <path>: path to the VMDK image that you want to convert. This option is required.
    • -o, --output <path>: the name of the qcow2 file that will be generated by the conversion process.
    • -n, --name <name>: The name that the image will be assigned in Glance, if you are using the -u/--upload option.
    • -u, --upload: Enables automatic uploading of the converted image to Glance.
    • -s, --sysprep: Reserved for future use.
    • -d, --debug <1-5>: Debug level. Level 5 is verbose.

When the conversion process is complete, you can upload the image to Glance (if you did not already enable automatic image uploading).

Network Management

By default, your cluster is installed with nova-network. If you want to use OpenStack Networking, you must add a network node and enable OpenStack Networking as described in Adding OpenStack Networking.

Currently, the Horizon dashboard does not permit robust network management. When you need to create a network or subnet, you should use the quantum commands. Refer to the procedures under Adding OpenStack Networking and to the OpenStack Networking Administration Guide for more information.

Create a Project

You must create a project before you can launch an instance. A demo project is available by default, but if you want to create your own project, follow this procedure.

  1. Ensure that the Admin tab in the navigation panel is in view, and select Projects.
  2. Click Create Project.
  3. On the Project Info tab on the Create Project dialog, enter the domain ID and name, project name, and a brief description, and ensure that the Enabled option is selected.
  4. On the Project Members tab, add users to the project to grant them access to the project. Click the user name in the All Users column to add them to the Project Members column.

    Typically, when configuring your first project, these will be the admin user and the demo user that you created during the installation process (not to be confused with the operating system user). When prompted for a role for the user, you may wish to assign the admin role to the admin user and the member role the demo user.. Refer to the OpenStack Keystone documentation for information about customizing roles.

  5. On the Project Groups tab, you can add groups to the project to grant them access to the project. By default, no groups are configured, but you can configure them on the Groups page.
  6. You may also need to modify quotas, which create limits for the number of VCPUs that the project can contain, the number of instances that can be created, and more. On the Quotas tab, modify the quotas as needed and click Update Quota to save your changes.
  7. The new project will appear in the Projects table.

Your project is now ready for additional configuration. Log out as the administrator and log in as the demo user before proceeding. When logged in, ensure that the project is selected in the navigation bar.

Adding a project with the command line

On the command line, projects are managed when logged in as root with keystone tenant-create. For example, to create a project named Marketing, you would use sudo -i to switch to root and execute the following command:

$ keystone tenant-create --name Marketing --enabled true
            

Generate an SSH Keypair

Keypairs provide secure authentication to an instance, and will enable you to create instances securely and to log into the instance afterward. Keypairs are generated separately for each project and assigned to instances at time of creation. You can create as many keypairs in a project as you like.

  1. With your project selected in the navigation panel, select Access and Security.
  2. On the Keypairs tab, click Create Keypair.
  3. In the Create Keypair dialog, enter the name for the keypair.
  4. You will be prompted to save the keypair .pem file.

Generating a keypair with the command line

On the command line, keypairs are managed with nova keypair-* commands in python-novaclient. When generating a keypair, you must have your OS_USERNAME and OS_TENANT_NAME configured in your environment to ensure that you have access to the correct project. Our user jdoe, after configuring their environment, would then issue the following command to generate a keypair:

$ nova keypair-add jdoe-keypair
            

The client will generate a block of RSA Private Key text, which the user copies and saves to a file called jdoe-keypair.pem.

Update the Default Security Group

A Security Group is a named set of rules that get applied to the incoming packets for the instances. Packets that match the parameters of the rules are given access to the instance; all other packets are blocked. At minimum, you should ensure that the default security group permits ping and SSH access. You may edit the default security group or add additional security groups as your security settings require.

  1. With your project selected in the navigation panel, open the Access & Security page.
  2. In the Security Groups table, click Edit Rules in the default security group row.
  3. In the Edit Security Group Rules dialog box, enable SSH access by entering the following values:
    • IP Protocol: TCP
    • From Port: 22
    • To Port: 22
    • Source Group: CIDR
    • CIDR: you may leave it as 0.0.0.0/0 if you want to enable access from all networks, or you may enter a specific network, such as 192.0.2.0/24.
  4. Click Add Rule.

You will receive a confirmation message at the top of the Dashboard window that the new rule was added to the default security group. To enable ping, repeat the procedure with a protocol of ICMP, type of -1, and code of -1.

Managing nova-network security groups with the command line

On the command line, security groups are managed with nova secgroup-* commands in python-novaclient. To add the ping and SSH rules to the default security group, issue the following commands:

$ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
$ nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
           

Use nova secgroup-list-rules to view the updated default security group rules:

$ nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port |  IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
|     icmp    |     -1    |    -1   | 0.0.0.0/0 |              |
|     tcp     |     22    |    22   | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+
            

Managing OpenStack Networking (Neutron) security groups with the command line

On the command line, security groups are managed with neutron security-group-* commands in the neutron client. To add the ping and SSH rules to the default security group, issue the following commands:


$ neutron security-group-rule-create --protocol icmp --direction \
  ingress default
$ neutron security-group-rule-create --protocol tcp --port-range-min 22 \
  --port-range-max 22 --direction ingress default

Use neutron security-group-rule-list to view the updated default security group rules.

Create an Instance

Before you can create an instance, you must have already generated a keypair and updated the default security group. The project in which you want to create the instance should be in focus on the dashboard.

  1. With your project selected in the navigation panel, open the Images & Snapshots page.
  2. Locate the image from which you want to create the instance in the Images table and click Launch. For example, to create an Ubuntu 12.04 image, select a precise image.
  3. On the Details tab of the Launch Instances dialog, enter the following information:
    • Availability Zone: The availability zone in which the instance will be created. If no availability zones have been defined, none will be found.
    • Instance Name: The name of the instance. You might choose a name like my-instance.
    • Image: The image that the instance will be based on. This option will be labeled as Snapshot when Snapshot is selected as the Instance Source.
    • Flavor: The VCPU configuration. Note that instances with larger flavors can take a long time to create. If you are creating an instance for the first time and want something small with which to test, select m1.small.
    • Instance Count: Accept the default value of 1. If you wanted to create multiple instances with this configuration, you could enter an integer up to the number permitted by your quota, which is 10 by default.
    • Instance Boot Source: Specify whether the instance will be based on an image or a snapshot. Your first instance will not have any snapshots available yet.
  • On the Access and Security tab, enter the following information:
    • Keypair: Select the keypair that you created earlier. You must assign a keypair when generating an Ubuntu image.
    • Admin Pass: Enter and confirm the password for the admin user on the instance.
    • Accept the default security group.
  • On the Networking tab (if available), select the network on which you want the instance to reside. This tab will be available only if you have OpenStack Networking enabled.
  • On the Volume Options tab (if available), you can choose to launch the instance with a storage volume attached. This should only be a when you have a Block Storage volume created; for your first instance, select Don't boot from a volume.
  • On the Post-Creation tab, you can add customization scripts. Some instances support user data, such as root passwords or admin users. If you have the information available, you may enter it here.
  • Click Launch.

The Instances and Volumes page will open, with the new instance creation in process. The process should take less than a minute to complete, after which the instance status will be listed as Active. You may need to refresh the page.

Launching an instance with the command line

On the command line, image creation is managed with the nova boot command. Before you can launch an image, you need to determine what images and flavors are available to create a new instance.

$ nova image-list
+--------------------------+----------------------------+--------+--------+
|                  ID      |           Name             | Status | Server |
+--------------------------+----------------------------+--------+--------+
| 033c0027-[ID truncated]  |        cirros-image        | ACTIVE |        |
| 0ccfc8c4-[ID truncated]  |         My Image 2         | ACTIVE |        |
| 85a0a926-[ID truncated]  |        precise-image       | ACTIVE |        |
+--------------------------+----------------------------+--------+--------+

$ nova flavor-list
+----+-----------+-----------+------+-----------+------+-------+-------------+
| ID |    Name   | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor |
+----+-----------+-----------+------+-----------+------+-------+-------------+
| 1  | m1.tiny   | 512       | 0    | 0         |      | 1     | 1.0         |
| 2  | m1.small  | 2048      | 10   | 20        |      | 1     | 1.0         |
| 3  | m1.medium | 4096      | 10   | 40        |      | 2     | 1.0         |
| 4  | m1.large  | 8192      | 10   | 80        |      | 4     | 1.0         |
| 5  | m1.xlarge | 16384     | 10   | 160       |      | 8     | 1.0         |
+----+-----------+-----------+------+-----------+------+-------+-------------+
            

In the following example, an instance is launched with an image called precise-image. It uses the m1.small flavor with an ID of 2, and is named markets-test.

$ nova boot --image precise-image --flavor="2" markets-test
+-------------------------------------+--------------------------------------+
|               Property              |                Value                 |
+-------------------------------------+--------------------------------------+
|          OS-DCF:diskConfig          |                MANUAL                |
|         OS-EXT-SRV-ATTR:host        |                 None                 |
| OS-EXT-SRV-ATTR:hypervisor_hostname |                 None                 |
|    OS-EXT-SRV-ATTR:instance_name    |          instance-0000000d           |
|        OS-EXT-STS:power_state       |                  0                   |
|        OS-EXT-STS:task_state        |              scheduling              |
|         OS-EXT-STS:vm_state         |               building               |
|              accessIPv4             |                                      |
|              accessIPv6             |                                      |
|              adminPass              |             ATSEfRY9fZPx             |
|             config_drive            |                                      |
|               created               |         2012-08-02T15:43:46Z         |
|                flavor               |               m1.small               |
|                hostId               |                                      |
|                  id                 | 5bf46a3b-084c-4ce1-b06f-e460e875075b |
|                image                |             precise-image            |
|               key_name              |                                      |
|               metadata              |                  {}                  |
|                 name                |            markets-test              |
|               progress              |                  0                   |
|                status               |                BUILD                 |
|              tenant_id              |   b4769145977045e2a9279c842b09be6a   |
|               updated               |         2012-08-02T15:43:46Z         |
|               user_id               |   5f2f2c28bdc844f9845251290b524e80   |
+-------------------------------------+--------------------------------------+

            

You can also view the newly-created instance at the command line with nova list.

$ nova list
+------------------+--------------+--------+-------------------+
|        ID        |      Name    | Status |      Networks     |
+------------------+--------------+--------+-------------------+
| [ID truncated]   | markets-test | ACTIVE | public=192.0.2.0 |
+------------------+--------------+--------+-------------------+
            

Accessing the Instance

All instances exist on a nova network that is not accessible by other hosts by default. There are various ways to access an instance. In all cases, be sure that you have updated the default security group.

  • If you added a DMZ range during installation, you can access the instance via SSH from other hosts within the DMZ.
  • Log in through the VNC console on the dashboard. On the Instances & Volumes page, select VNC from the drop-down menu in the Instances table. If the console does not respond to keyboard input, click the grey bar at the top of the console window. For best results, you should be running the dashboard on a Firefox browser with Flash installed.
  • Connect by SSH to the address that you assigned to the compute node, and connect to the instance by SSH while logged in to the compute node. Refer to "Accessing the Image By SSH".
  • Assign a floating IP address to the instance and connect to that IP address by SSH. Refer to "Managing Floating IP Addresses".

Logging In to the Instance

The login for each instance is determined by the configuration of the image from which it was created. Rackspace Private Cloud installations include a CIRROS image and an Ubuntu 12.04 (Precise) image.

  • CIRROS: log in with the username cirros and the password cubswin:).
  • Ubuntu 12.04 Precise: Log in with the user ubuntu and the SSH key that you specified for the instance during the instance creation process. The key must be present on the host from which you are connecting to the instance, and you must log in with the key name and the -i flag. In the following example, the keypair file is named jdoe-keypair.pem.
    $ ssh -i jdoe-keypair.pem 192.0.2.0
                                

For instances launched from other images, log in with the credentials defined in the image.

Accessing the Instance By SSH

The following procedure is for instances created in an OpenStack Networking environment.

  1. On the Controller node, identify the namespace that the DHCP or L3 agent created for the network the instance is attached to. This command can assist. $ ip netns list
  2. Verify that you can ping the instance from the namespace.
    $ ip netns exec <namespace> ping <instanceIPAddress>
    PING 198.51.100.0 (198.51.100.0) 56(84) bytes of data.
    64 bytes from 198.51.100.0: icmp_req=1 ttl=64 time=0.394 ms
    64 bytes from 198.51.100.0: icmp_req=2 ttl=64 time=0.266 ms
    64 bytes from 198.51.100.0: icmp_req=3 ttl=64 time=0.285 ms
                    
  3. Within the namespace, connect to the instance via SSH. You may be prompted for the password.
    $ ip netns exec <namespace> ssh <username>@<instanceIPAddress>
                                

    If the login requires an SSH key, log in with the key name and the -i flag.

    $ ip netns exec <namespace> ssh -i <keypairName>.pem <instanceIPAddress>
                                

In a nova-network environment, these steps are performed on the Compute node the instance is running on, or any node with access to the instance's network

  1. If you have one compute node, go on to Step 2. If you have more than one compute node, log into the controller node, use sudo -i to switch to root, and execute the following command to identify the compute node on which the instance is stored.
    $ nova-manage vm list | grep <instanceName>
                            

    The output generated will include the following information, where N is the number of the compute node. Compute nodes will be numbered in the order in which you added them.

    <instanceName> compute<N> m1.small   active   2012-08-13 00:42:53
                            
  2. Connect to the compute node via SSH.
  3. Verify that you can ping the instance.
    $ ping <instanceIPAddress>
    PING 198.51.100.0 (198.51.100.0) 56(84) bytes of data.
    64 bytes from 198.51.100.0: icmp_req=1 ttl=64 time=0.394 ms
    64 bytes from 198.51.100.0: icmp_req=2 ttl=64 time=0.266 ms
    64 bytes from 198.51.100.0: icmp_req=3 ttl=64 time=0.285 ms
                    
  4. Connect to the instance.
    $ ssh <username>@<instanceIPAddress>
                            

    If the login requires an SSH key, log in with the key name and the -i flag. You may need to copy the *.pem keypair file associated with the instance to the compute node.

    $ ip netns exec <namespace> ssh -i <keypairName>.pem <instanceIPAddress>
                                

Managing Floating IP Addresses

If you are using nova-network instead of OpenStack Networking, you will need to use floating IP addresses.

Before you assign a floating IP address to an instance, you must have a pool of addresses to choose from. Your network security team must provision an address range and assign it to your environment. These addresses need to be publicly accessible.

NOTE: If your cloud is hosted in a Rackspace data center and you require more floating IP addresses, contact your Rackspace support representative for assistance.

Follow this procedure to create a pool of floating IP addresses, allocate an address to a project, and assign it to an instance.

  1. Log into the controller node and use sudo -i to switch to root. Execute the following command, substituting in the CIDR for the address range in --ip_range that was provisioned by your network security team:
    $ nova floating-ip-create --ip_range=<CIDR>
                    

    This creates the pool of floating IP addresses, which will be available to all projects on the host. You can now allocate a floating IP address and assign it to an instance in the dashboard.

  2. Open the Access & Security Page.
  3. Click Allocate IP to Project above the Floating IPs table.
  4. In the Allocate Floating IP dialog box, accept the default (typically Floating) in the Pool drop-down menu and click Allocate IP.

    You will receive a confirmation message that a floating IP address has been allocated to the project and the IP address will appear in the Floating IPs table. This reserves the addresses for the project, but does not immediately associate that address with an instance.

  5. In the row for the IP address, click Associate IP.
  6. In the Manage Floating IP Associations dialog, ensure that the allocated IP address is selected and select the instance from the Instance menu. Click Associate.

You will receive a confirmation message that the IP has been associated with the instance. The instance ID will now appear in the Floating IPs table, associated with the IP address. It may be a few minutes before the IP address is included on the Instances table on the Instances & Volumes page.

Once the IP address assignment is completed, you can access the instance from any Internet-enabled host by using SSH to access the newly-assigned floating IP. See Logging In to the Instance for more information.

Managing floating IP addresses with the command line

Allocation and assignment of floating IP addresses is managed with the nova floating-ip* commands.

In this example, the IP address is first allocated to the Marketing project with nova floating-ip-create command.

$ nova floating-ip-create marketing
        

The floating IP address has been reserved for the Marketing project, and can now be associated with an instance with the nova add-floating-ip command. For this example, we'll associate this IP address with the image markets-test.

$ nova add-floating-ip markets-test 203.0.113.0
        

After the command is complete, you can confirm that the IP address has been associated with the nova floating-ip-list and nova-list commands.

$ nova floating-ip-list
+-------------+--------------------------------------+-----------+------+
|     Ip      |             Instance Id              | Fixed Ip  | Pool |
+-------------+--------------------------------------+-----------+------+
| 203.0.113.0 | 542235df-8ba4-4d08-90c9-b79f5a77c04f | 192.0.2.0 | nova |
+-------------+--------------------------------------+-----------+------+
$ nova list
+------------------+--------------+--------+---------------------------------+
|         ID       |    Name      | Status |          Networks               |
+------------------+--------------+--------+---------------------------------+
| [ID truncated] | markets-test | ACTIVE | public=[<networkIPAddresses>] |
+------------------+--------------+--------+---------------------------------+

The first table shows that the 203.0.113.0 is now associated with the markets-test instance ID, and the second table shows the IP address included under markets-test's public IP addresses.

What's next?

Congratulations! You have created a project and launched your first instance in your Rackspace Private Cloud cluster. You can now use your OpenStack environment for any purpose you like.

If you're a more advanced user and are comfortable with APIs, OpenStack API documentation is available in the OpenStack API Documentation library. The following documents are a good place to start:

You may want to purchase Escalation Support or Core Support for your cloud or take advantage of our training offerings. Contact us at for more information. And please come join your fellow Rackspace Private Cloud users on our customer forums.

https://community.rackspace.com/products/f/45

Welcome aboard!







© 2011-2013 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License


See license specifics and DISCLAIMER