OpenStack administration is documented in detail in the OpenStack Compute Administration Manual. In this section, we discuss key tasks you should perform that will allow you to launch instances. Refer to the official OpenStack documentation for more information.

For these tasks, you must be logged in to the Dashboard as the admin user. These tasks can also be performed on the command line; some tasks require you to be logged into the controller via SSH, and some can be performed via python-novaclient on the controller or on a workstation.

NOTE: Nova volumes are not supported in Rackspace Private Cloud Software. For block storage, refer to the instructions for configuring OpenStack Block Storage.

Image Management

The ISO includes a CIRROS image and an Ubuntu 12.04 (Precise) image. For more information about downloading and creating additional images, refer to the following OpenStack documentation.

• Getting virtual machine images
• Creating a Linux Image - Ubuntu & Fedora
• Using the Glance CLI Tool

Images can only be added on the command line with the glance image-create command; the Dashboard does not have any image functionality. You can use glance image-create when logged into the controller node, or if you have Glance client installed on your local workstation and have configured your environment with administrative user access to the controller.

The following command is an example in which the user has a virtual disk image in qcow2 format stored on the local file system at /tmp/images/test-image.img. When the image is imported, it will be named "Test Image" and will be public to any Glance user with access to the controller.

$ glance image-create --name "Test Image" --is-public true \
   --container-format bare --disk-format qcow2  < /tmp/images/test-image/img

If the image is successfully added, Glance will return a confirmation similar to the following:

Added new image with ID: 85a0a926-d3e5-4a22-a062-f9c78ed7a2c0

More information is available via the command glance help add.

Create a Project

You must create a project before you can launch an instance. A demo project is available by default, but if you want to create your own project, follow this procedure.

1. Ensure that the Admin tab in the navigation panel is in view, and select Projects.
2. Click Create New Project.
3. On the Project Info tab on the Add Project dialog, enter the name and a brief description, and ensure that the Enabled option is selected.
4. On the Project Members tab, add users to the project to grant them access to the project. Click the user name in the All Users column to add them to the Project Members column.
   Typically, when configuring your first project, these will be the admin user and the demo user that you created during the installation process (not to be confused with the operating system user). When prompted for a role for the user, you may wish to assign the admin role to the admin user and the member role to the demo user. Refer to the OpenStack documentation for information about customizing roles.
5. You may also need to modify quotas, which create limits for the number of VCPUs that the project can contain, the number of instances that can be created, and more. On the Quotas tab, modify the quotas as needed and click Update Quota to save your changes.
6. The new project will appear in the Projects table.

Your project is now ready for additional configuration. Switch to the Project tab in the navigation panel and select the new project from the Project drop-down menu before proceeding.

Adding a project with the command line

On the command line, projects are managed when logged in as root with nova-manage. For example, to create a project named Marketing that would be administered by user jdoe, you would you would use sudo -i to switch to root and execute the following command:

$ nova-manage project add Marketing jdoe

Generate an SSH Keypair

Keypairs provide secure authentication to an instance, and will enable you to create instances securely and to log into the instance afterward. Keypairs are generated separately for each project and assigned to instances at time of creation. You can create as many keypairs in a project as you like.

1. With your project selected in the navigation panel, select Access and Security.
2. Under Keypairs, click Create Keypair.
3. In the Create Keypair dialog, enter the name for the keypair.
4. You will be prompted to save the keypair .pem file.

Generating a keypair with the command line

On the command line, keypairs are managed with nova keypair-* commands in python-novaclient. When generating a keypair, you must have your OS_USERNAME and OS_TENANT_NAME configured in your environment to ensure that you have access to the correct project. Our user jdoe, after configuring their environment, would then issue the following command to generate a keypair:

$ nova keypair-add jdoe-keypair

The client will generate a block of RSA Private Key text, which the user copies and saves to a file called jdoe-keypair.pem.

Update the Default Security Group

A Security Group is a named set of rules that get applied to the incoming packets for the instances. Packets that match the parameters of the rules are given access to the instance; all other packets are blocked. At minimum, you should ensure that the default security group permits ping and SSH access. You may edit the default security group or add additional security groups as your security settings require.

1. With your project selected in the navigation panel, open the Access & Security page.
2. In the Security Groups table, click Edit Rules in the default security group row.
3. In the Edit Security Group Rules dialog box, enable SSH access by entering the following values:
   • IP Protocol: TCP
   • From Port: 22
   • To Port: 22
   • Source Group: CIDR
   • CIDR: you may leave it as 0.0.0.0/0 if you want to enable access from all networks, or you may enter a specific network, such as 192.0.2.0/24.
4. Click Add Rule.

You will receive a confirmation message at the top of the Dashboard window that the new rule was added to the default security group. To enable ping, repeat the procedure with a protocol of ICMP, type of -1, and code of -1.

Managing security groups with the command line

On the command line, security groups are managed with nova secgroup-* commands in python-novaclient. To add the ping and SSH rules to the default security group, issue the following commands:

$ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
$ nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0

Use nova secgroup-list-rules to view the updated default security group rules:

$ nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port |  IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
|     icmp    |     -1    |    -1   | 0.0.0.0/0 |              |
|     tcp     |     22    |    22   | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

Create an Instance

Before you can create an instance, you must have already generated a keypair and updated the default security group. The project in which you want to create the instance should be in focus on the dashboard.

1. With your project selected in the navigation panel, open the Images & Snapshots page.
2. Locate the image from which you want to create the instance in the Images table and click Launch. For example, to create an Ubuntu 12.04 image, select a precise image.
3. On the Details tab of the Launch Instances dialog, enter the following information:
   • Instance Source: Specify whether the instance will be based on an image or a snapshot. Your first instance will not have any snapshots available yet.
     
   • Image: The image that the instance will be based on. This option will be labeled as Snapshot when Snapshot is selected as the Instance Source.
   • Instance Name: The name of the server or instance. You might choose a name like my-instance.
   • Flavor: The VCPU configuration. Note that instances with larger flavors can take a long time to create. If you are creating an instance for the first time and want something small with which to test, select m1.small.
   • Instance Count: Accept the default value of 1. If you wanted to create multiple instances with this configuration, you could enter an integer up to the number permitted by your quota, which is 10 by default.
4. On the Access and Security tab, select the keypair that you created earlier. You must assign a keypair when generating an Ubuntu image. Accept the default security group.
5. On the Volume Options tab, you can choose to launch the instance with a storage volume attached. This should only be done when you have a Block Storage volume created; for your first instance, select Don't boot from a volume.
6. On the Post-Creation tab, you can add customization scripts. Some instances support user data, such as root passwords or admin users. If you have the information available, you may enter it here.
7. Click Launch.

The Instances and Volumes page will open, with the new instance creation in process. The process should take less than a minute to complete, after which the instance status will be listed as Active. You may need to refresh the page.

Launching an instance with the command line

On the command line, image creation is managed with the nova boot command. Before you can launch an image, you need to determine what images and flavors are available on the instance.

$ nova image-list
+--------------------------+----------------------------+--------+--------+
|                  ID      |           Name             | Status | Server |
+--------------------------+----------------------------+--------+--------+
| 033c0027-[ID truncated]  |        cirros-image        | ACTIVE |        |
| 0ccfc8c4-[ID truncated]  |         My Image 2         | ACTIVE |        |
| 85a0a926-[ID truncated]  |        precise-image       | ACTIVE |        |
+--------------------------+----------------------------+--------+--------+

$ nova flavor-list
+----+-----------+-----------+------+-----------+------+-------+-------------+
| ID |    Name   | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor |
+----+-----------+-----------+------+-----------+------+-------+-------------+
| 1  | m1.tiny   | 512       | 0    | 0         |      | 1     | 1.0         |
| 2  | m1.small  | 2048      | 10   | 20        |      | 1     | 1.0         |
| 3  | m1.medium | 4096      | 10   | 40        |      | 2     | 1.0         |
| 4  | m1.large  | 8192      | 10   | 80        |      | 4     | 1.0         |
| 5  | m1.xlarge | 16384     | 10   | 160       |      | 8     | 1.0         |
+----+-----------+-----------+------+-----------+------+-------+-------------+

In the following example, an instance is launched with an image called precise-image. It uses the m1.small flavor with an ID of 2, and is named markets-test.

$ nova boot --image "precise-image" --flavor="2" markets-test
+-------------------------------------+--------------------------------------+
|               Property              |                Value                 |
+-------------------------------------+--------------------------------------+
|          OS-DCF:diskConfig          |                MANUAL                |
|         OS-EXT-SRV-ATTR:host        |                 None                 |
| OS-EXT-SRV-ATTR:hypervisor_hostname |                 None                 |
|    OS-EXT-SRV-ATTR:instance_name    |          instance-0000000d           |
|        OS-EXT-STS:power_state       |                  0                   |
|        OS-EXT-STS:task_state        |              scheduling              |
|         OS-EXT-STS:vm_state         |               building               |
|              accessIPv4             |                                      |
|              accessIPv6             |                                      |
|              adminPass              |             ATSEfRY9fZPx             |
|             config_drive            |                                      |
|               created               |         2012-08-02T15:43:46Z         |
|                flavor               |               m1.small               |
|                hostId               |                                      |
|                  id                 | 5bf46a3b-084c-4ce1-b06f-e460e875075b |
|                image                |             precise-image            |
|               key_name              |                                      |
|               metadata              |                  {}                  |
|                 name                |            markets-test              |
|               progress              |                  0                   |
|                status               |                BUILD                 |
|              tenant_id              |   b4769145977045e2a9279c842b09be6a   |
|               updated               |         2012-08-02T15:43:46Z         |
|               user_id               |   5f2f2c28bdc844f9845251290b524e80   |
+-------------------------------------+--------------------------------------+

You can also view the newly-created instance at the command line with nova list.

$ nova list
+------------------+--------------+--------+-------------------+
|        ID        |      Name    | Status |      Networks     |
+------------------+--------------+--------+-------------------+
| [ID truncated]   | markets-test | ACTIVE | public=192.0.2.0 |
+------------------+--------------+--------+-------------------+

Accessing the Instance

All instances exist on a nova network that is not accessible by other hosts by default. There are multiple ways to access an instance. In all cases, be sure that you have updated the default security group.

• If you added a DMZ range during installation, you can access the instance from other hosts within the DMZ.
• Log in through the VNC console on the dashboard. On the Instances & Volumes page, select VNC from the drop-down menu in the Instances table. If the console does not respond to keyboard input, click the Send CtrlAltDel button on the console window. For best results, you should be running the dashboard on a Firefox browser with Flash installed.
• Connect by SSH to the address that you assigned to the compute node, and connect to the instance by SSH while logged in to the compute node. Refer to "Accessing the Image By SSH on the Compute Node".
• Assign a floating IP address to the instance. Refer to "Managing Floating IP Addresses".

Logging Into the Instance

The login for each instance is determined by the configuration of the image from which it was created. Rackspace Private Cloud Software comes with a CIRROS image and an Ubuntu 12.04 (Precise) image.

• CIRROS: log in with the username cirros and the password cubswin:).

• Ubuntu 12.04 Precise: Log in with the user ubuntu and the SSH key that you specified for the instance during the instance creation process. The key must be present on the host from which you are connecting to the instance, and you must log in with the key name and the -i flag.  In the following example, the keypair file is named jdoe-keypair.pem.

  
  $ ssh -i jdoe-keypair.pem 172.33.0.12
                              

Accessing the Instance By SSH on the Compute Node

Before you begin, you should know the IP addresses of your compute node or nodes.

1. If you have one compute node, go on to Step 2. If you have more than one compute node, log into the controller node and execute the following command to identify the compute node on which the instance is stored.

   $ sudo nova-manage vm list | grep instance_name

   The output generated will include the following information, where N is the number of the compute node. Compute nodes will be numbered in the order in which you added them.

   instance_name   computeN   m1.small   active   2012-08-13 00:42:53

2. Connect to the compute node via SSH and use the OS login credentials that you created during install. In this example, the compute node's IP address is 188.107.53.104 and the OS login is jdoe. You will be prompted for the password.
   

   $ ssh 192.0.2.0 -l jdoe

3. Once you are logged in, verify that you can ping the instance. In this example, the instance's IP address is 172.33.0.12.
   

   $ ping 198.51.100.0
   PING 198.51.100.0 (198.51.100.0) 56(84) bytes of data.
   64 bytes from 198.51.100.0: icmp_req=1 ttl=64 time=0.394 ms
   64 bytes from 198.51.100.0: icmp_req=2 ttl=64 time=0.266 ms
   64 bytes from 198.51.100.0: icmp_req=3 ttl=64 time=0.285 ms

4. Copy the *.pem keypair file associated with the instance to the compute node.
5. Connect to the instance via SSH.
   

   $ ssh 198.51.100.0

6. If the login requires an SSH key, log in with the key name and the -i flag. In this example, the keypair file is named jdoe-keypair.pem.
   

   $ ssh -i jdoe-keypair.pem 198.51.100.0

Managing Floating IP Addresses

Before you assign a floating IP address to an instance, you must have a pool of addresses to choose from. Your network security team must provision an address range and assign it to your environment. These addresses need to be publicly accessible.

NOTE: If your cloud is hosted in a Rackspace data center and you require more floating IP addresses, contact your Rackspace support representative for assistance.

Follow this procedure to create a pool of floating IP addresses, allocate an address to a project, and assign it to an instance.

1. Log into the controller node. Execute the following command, substituting in the CIDR for the address range in --ip_range that was provisioned by your network security team:

   $ sudo nova-manage floating create --ip_range=xxx.xxx.xxx.xxx/xx

   This creates the pool of floating IP addresses, which will be available to all projects on the host. You can now allocate a floating IP address and assign it to an instance in the dashboard.

2. Open the Access & Security Page.
3. Click Allocate IP to Project above the Floating IPs table.
4. In the Allocate Floating IP dialog box, accept the default (typically Floating) in the Pool drop-down menu and click Allocate IP.

   You will receive a confirmation message that a floating IP address has been allocated to the project and the IP address will appear in the Floating IPs table. This reserves the addresses for the project, but does not immediately associate that address with an instance.

5. In the row for the IP address, click Associate IP.
6. In the Manage Floating IP Associations dialog, ensure that the allocated IP address is selected and select the instance from the Instance menu. Click Associate.

You will receive a confirmation message that the IP has been associated with the instance. The instance ID will now appear in the Floating IPs table, associated with the IP address. It may be a few minutes before the IP address is included on the Instances table on the Instances & Volumes page.

Once the IP address assignment is completed, you can access the instance from any Internet-enabled host by using SSH to access the newly-assigned floating IP. See Logging In to the Instance for more information.

Managing floating IP addresses with the command line

Allocation and assignment of floating IP addresses is managed with the nova floating-ip* commands.

In this example, the IP address is first allocated to the Marketing project with nova floating-ip-create command.

$ nova floating-ip-create marketing

The floating IP address has been reserved for the Marketing project, and can now be associated with an instance with the nova add-floating-ip command. For this example, we'll associate this IP address with the image markets-test.

$ nova add-floating-ip markets-test 203.0.113.0

After the command is complete, you can confirm that the IP address has been associated with the nova floating-ip-list and nova-list commands.

$ nova floating-ip-list
+-------------+--------------------------------------+-----------+------+
|     Ip      |             Instance Id              | Fixed Ip  | Pool |
+-------------+--------------------------------------+-----------+------+
| 203.0.113.0 | 542235df-8ba4-4d08-90c9-b79f5a77c04f | 192.0.2.0 | nova |
+-------------+--------------------------------------+-----------+------+
$ nova list
+------------------+--------------+--------+---------------------------------+
|         ID       |    Name      | Status |          Networks               |
+------------------+--------------+--------+---------------------------------+
| [ID truncated] | markets-test | ACTIVE | public=[network IP addresses] |
+------------------+--------------+--------+---------------------------------+

The first table shows that the 203.0.113.0 is now associated with the markets-test instance ID, and the second table shows the IP address included under markets-test's public IP addresses.

What's next?

Congratulations! You have created a project and launched your first instance in Rackspace Private Cloud. You can now use your OpenStack environment for any purpose you like.

If you're a more advanced user and are comfortable with APIs, OpenStack API documentation is available in the OpenStack API Documentation library. The following documents are a good place to start:

• OpenStack API Quick Start
• Programming OpenStack Compute API
• OpenStack Compute Developer Guide

You may want to purchase Escalation Support or Core Software Support for your cloud or take advantage of our training offerings. Contact us at opencloudinfo@rackspace.com for more information. And please come join your fellow Rackspace Private Cloud users on our customer forums.

https://privatecloudforums.rackspace.com/

Welcome aboard!