Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying OpenStack Cloud Computing Cookbook, Third Edition
  • Table Of Contents Toc
  • Feedback & Rating feedback
OpenStack Cloud Computing Cookbook, Third Edition

OpenStack Cloud Computing Cookbook, Third Edition

By : Cody Bunch
3.4 (5)
Buy this Book
close
close
OpenStack Cloud Computing Cookbook, Third Edition

OpenStack Cloud Computing Cookbook, Third Edition

3.4 (5)
By: Cody Bunch

Overview of this book

OpenStack Open Source software is one of the most used cloud infrastructures to support software development and big data analysis. It is developed by a thriving community of individual developers from around the globe and backed by most of the leading players in the cloud space today. It is simple to implement, massively scalable, and can store a large pool of data and networking resources. OpenStack has a strong ecosystem that helps you provision your cloud storage needs. Add OpenStack's enterprise features to reduce the cost of your business. This book will show you the steps to build up a private cloud environment. At the beginning, you'll discover the uses of cloud services such as the identity service, image service, and compute service. You'll dive into Neutron, the OpenStack Networking service, and get your hands dirty with configuring ML2, networks, routers, and Distributed Virtual Routers. You’ll then gather more expert knowledge on OpenStack cloud computing by managing your cloud's security and migration. After that, we delve in to OpenStack Object storage and how to manage servers and work with objects, cluster, and storage functionalities. Also, as you go deeper into the realm of OpenStack, you'll learn practical examples of Block storage, LBaaS, and FWaaS: installation and configuration covered ground up. Finally, you will learn OpenStack dashboard, Ansible and Foreman, Keystone, and other interesting topics.
Table of Contents (13 chapters)
close
close
close
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Free Chapter
1
1. Keystone – OpenStack Identity Service
chevron up
1. Keystone – OpenStack Identity Service
Introduction
Installing the OpenStack Identity Service
Configuring OpenStack Identity for SSL communication
Creating tenants in Keystone
Configuring roles in Keystone
Adding users to Keystone
Defining service endpoints
Creating the service tenant and service users
Configuring OpenStack Identity for LDAP Integration
2
2. Glance – OpenStack Image Service
2. Glance – OpenStack Image Service
Introduction
Installing OpenStack Image Service
Configuring OpenStack Image Service with OpenStack Identity Service
Configuring OpenStack Image Service with OpenStack Object Storage
Managing images with OpenStack Image Service
Registering a remotely stored image
Sharing images among tenants
Viewing shared images
Using image metadata
Migrating a VMware image
Creating an OpenStack image
3
3. Neutron – OpenStack Networking
3. Neutron – OpenStack Networking
Introduction
Installing Neutron and Open vSwitch on a dedicated network node
Configuring Neutron and Open vSwitch
Installing and configuring the Neutron API service
Creating a tenant Neutron network
Deleting a Neutron network
Creating an external floating IP Neutron network
Using Neutron networks for different purposes
Configuring Distributed Virtual Routers
Using Distributed Virtual Routers
4
4. Nova – OpenStack Compute
4. Nova – OpenStack Compute
Introduction
Installing OpenStack Compute controller services
Installing OpenStack Compute packages
Configuring database services
Configuring OpenStack Compute
Configuring OpenStack Compute with OpenStack Identity Service
Stopping and starting nova services
Installation of command-line tools on Ubuntu
Using the command-line tools with HTTPS
Checking OpenStack Compute services
Using OpenStack Compute
Managing security groups
Creating and managing key pairs
Launching our first cloud instance
Fixing a broken instance deployment
Terminating your instances
Using live migration
Working with nova-schedulers
Creating flavors
Defining host aggregates
Launching instances in specific Availability Zones
Launching instances on specific Compute hosts
Removing Nova nodes from a cluster
5
5. Swift – OpenStack Object Storage
5. Swift – OpenStack Object Storage
Introduction
Configuring Swift services and users in Keystone
Installing OpenStack Object Storage services – proxy server
Configuring OpenStack Object Storage – proxy server
Installing OpenStack Object Storage services – storage nodes
Configuring physical storage for use with Swift
Configuring Object Storage replication
Configuring OpenStack Object Storage – storage services
Making the Object Storage rings
Stopping and starting OpenStack Object Storage
Setting up SSL access
6
6. Using OpenStack Object Storage
6. Using OpenStack Object Storage
Introduction
Installing the swift client tool
Creating containers
Uploading objects
Uploading large objects
Listing containers and objects
Downloading objects
Deleting containers and objects
Using OpenStack Object Storage ACLs
Using Container Synchronization between two Swift Clusters
7
7. Administering OpenStack Object Storage
7. Administering OpenStack Object Storage
Introduction
Managing the OpenStack Object Storage cluster with swift-init
Checking cluster health
Managing the Swift cluster capacity
Removing nodes from a cluster
Detecting and replacing failed hard drives
Collecting usage statistics
8
8. Cinder – OpenStack Block Storage
8. Cinder – OpenStack Block Storage
Introduction
Configuring Cinder-volume services
Configuring OpenStack Compute for Cinder-volume
Creating volumes
Attaching volumes to an instance
Detaching volumes from an instance
Deleting volumes
Configuring third-party volume services
Working with Cinder snapshots
Booting from volumes
9
9. More OpenStack
9. More OpenStack
Introduction
Using cloud-init to run post-installation commands
Using cloud-config to run the post-installation configuration
Installing OpenStack Telemetry
Using OpenStack Telemetry to interrogate usage statistics
Installing Neutron LBaaS
Using Neutron LBaaS
Configuring Neutron FWaaS
Using Neutron FWaaS
Installing the Heat OpenStack Orchestration service
Using Heat to spin up instances
10
10. Using the OpenStack Dashboard
10. Using the OpenStack Dashboard
Introduction
Installing OpenStack Dashboard
Using OpenStack Dashboard for key management
Using OpenStack Dashboard to manage Neutron networks
Using OpenStack Dashboard for security group management
Using OpenStack Dashboard to launch instances
Using OpenStack Dashboard to terminate instances
Using OpenStack Dashboard to connect to instances using a VNC
Using OpenStack Dashboard to add new tenants – projects
Using OpenStack Dashboard for user management
Using OpenStack Dashboard with LBaaS
Using OpenStack Dashboard with OpenStack Orchestration
11
11. Production OpenStack
11. Production OpenStack
Introduction
Installing the MariaDB Galera cluster
Configuring HA Proxy for the MariaDB Galera cluster
Configuring HA Proxy for high availability
Installing and configuring Pacemaker with Corosync
Configuring OpenStack services with Pacemaker and Corosync
Bonding network interfaces for redundancy
Automating OpenStack installations using Ansible – host configuration
Automating OpenStack installations using Ansible – Playbook configuration
Automating OpenStack installations using Ansible – running Playbooks
12
Index
Index

Configuring OpenStack Identity for SSL communication

One of the many updates to this book will be a more hardened all-around approach. To that end, we begin by enabling SSL communication for services with Keystone by default. It is important to note that we will be doing this via self-signed certificates to illustrate how to configure the services. It is strongly recommended that you acquire the appropriate certificates from a Certificate Authority (CA) for deployment in production.

Getting ready

Ensure that you are logged in to the controller node and that it has Internet access to allow us to install the required packages in our environment for running Keystone. If you created this node with Vagrant, you can execute the following command:

vagrant ssh controller

How to do it...

Carry out the following instructions to configure the Keystone service:

  1. Before we can configure Keystone to use SSL, we need to generate the required OpenSSL Certificates. To do so, log in to the server that is running Keystone and issue the following commands:
    sudo apt-get install python-keystoneclient
keystone-manage ssl_setup --keystone-user keystone \--keystone-group keystone

    Tip

    The command keystone-manage ssl_setup is not intended for production use. This is a convenient tool for creating self-signed certificates for Keystone.

  2. Once our certificates are generated, we can use them when communicating with our Keystone service. We can refer to the generated CA file for our other services by placing this in an accessible place. To do so, issue the following commands:
    sudo cp /etc/keystone/ssl/certs/ca.pem /etc/ssl/certs/ca.pem
sudo c_rehash /etc/ssl/certs/ca.pem
  3. We also take the same CA and CA Key file to use on our client, so copy these where you will be running the relevant python-*client tools. In our Vagrant environment, we can copy this to our host as follows:
    sudo cp /etc/keystone/ssl/certs/ca.pem /vagrant/ca.pem
sudo cp /etc/keystone/ssl/certs/cakey.pem /vagrant/cakey.pem
  4. We then need to edit the Keystone configuration file /etc/keystone/keystone.conf to include the following section:
    [ssl]
enable = True
certfile = /etc/keystone/ssl/certs/keystone.pem
keyfile = /etc/keystone/ssl/private/keystonekey.pem
ca_certs = /etc/keystone/ssl/certs/ca.pem
cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=192.168.100.200
ca_key = /etc/keystone/ssl/certs/cakey.pem
  5. Finally, restart the Keystone service:
    sudo stop keystone
sudo start keystone

How it works...

The OpenStack services normally intercommunicate via standard HTTP requests. This provides a large degree of flexibility, but it comes at the cost of all communication happening in plain text. By adding SSL certificates and changing Keystone's configuration, all communication with Keystone will now be encrypted via HTTPS.

End of Section 4
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY