Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • OpenStack Cloud Computing Cookbook, Third Edition
  • Toc
  • feedback
OpenStack Cloud Computing Cookbook, Third Edition

OpenStack Cloud Computing Cookbook, Third Edition

By : Cody Bunch
3.4 (5)
close
OpenStack Cloud Computing Cookbook, Third Edition

OpenStack Cloud Computing Cookbook, Third Edition

3.4 (5)
By: Cody Bunch

Overview of this book

OpenStack Open Source software is one of the most used cloud infrastructures to support software development and big data analysis. It is developed by a thriving community of individual developers from around the globe and backed by most of the leading players in the cloud space today. It is simple to implement, massively scalable, and can store a large pool of data and networking resources. OpenStack has a strong ecosystem that helps you provision your cloud storage needs. Add OpenStack's enterprise features to reduce the cost of your business. This book will show you the steps to build up a private cloud environment. At the beginning, you'll discover the uses of cloud services such as the identity service, image service, and compute service. You'll dive into Neutron, the OpenStack Networking service, and get your hands dirty with configuring ML2, networks, routers, and Distributed Virtual Routers. You’ll then gather more expert knowledge on OpenStack cloud computing by managing your cloud's security and migration. After that, we delve in to OpenStack Object storage and how to manage servers and work with objects, cluster, and storage functionalities. Also, as you go deeper into the realm of OpenStack, you'll learn practical examples of Block storage, LBaaS, and FWaaS: installation and configuration covered ground up. Finally, you will learn OpenStack dashboard, Ansible and Foreman, Keystone, and other interesting topics.
Table of Contents (13 chapters)
close
close
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Free Chapter
1
1. Keystone – OpenStack Identity Service
chevron up
1. Keystone – OpenStack Identity Service
Introduction
Installing the OpenStack Identity Service
Configuring OpenStack Identity for SSL communication
Creating tenants in Keystone
Configuring roles in Keystone
Adding users to Keystone
Defining service endpoints
Creating the service tenant and service users
Configuring OpenStack Identity for LDAP Integration
2
2. Glance – OpenStack Image Service
2. Glance – OpenStack Image Service
Introduction
Installing OpenStack Image Service
Configuring OpenStack Image Service with OpenStack Identity Service
Configuring OpenStack Image Service with OpenStack Object Storage
Managing images with OpenStack Image Service
Registering a remotely stored image
Sharing images among tenants
Viewing shared images
Using image metadata
Migrating a VMware image
Creating an OpenStack image
3
3. Neutron – OpenStack Networking
3. Neutron – OpenStack Networking
Introduction
Installing Neutron and Open vSwitch on a dedicated network node
Configuring Neutron and Open vSwitch
Installing and configuring the Neutron API service
Creating a tenant Neutron network
Deleting a Neutron network
Creating an external floating IP Neutron network
Using Neutron networks for different purposes
Configuring Distributed Virtual Routers
Using Distributed Virtual Routers
4
4. Nova – OpenStack Compute
4. Nova – OpenStack Compute
Introduction
Installing OpenStack Compute controller services
Installing OpenStack Compute packages
Configuring database services
Configuring OpenStack Compute
Configuring OpenStack Compute with OpenStack Identity Service
Stopping and starting nova services
Installation of command-line tools on Ubuntu
Using the command-line tools with HTTPS
Checking OpenStack Compute services
Using OpenStack Compute
Managing security groups
Creating and managing key pairs
Launching our first cloud instance
Fixing a broken instance deployment
Terminating your instances
Using live migration
Working with nova-schedulers
Creating flavors
Defining host aggregates
Launching instances in specific Availability Zones
Launching instances on specific Compute hosts
Removing Nova nodes from a cluster
5
5. Swift – OpenStack Object Storage
5. Swift – OpenStack Object Storage
Introduction
Configuring Swift services and users in Keystone
Installing OpenStack Object Storage services – proxy server
Configuring OpenStack Object Storage – proxy server
Installing OpenStack Object Storage services – storage nodes
Configuring physical storage for use with Swift
Configuring Object Storage replication
Configuring OpenStack Object Storage – storage services
Making the Object Storage rings
Stopping and starting OpenStack Object Storage
Setting up SSL access
6
6. Using OpenStack Object Storage
6. Using OpenStack Object Storage
Introduction
Installing the swift client tool
Creating containers
Uploading objects
Uploading large objects
Listing containers and objects
Downloading objects
Deleting containers and objects
Using OpenStack Object Storage ACLs
Using Container Synchronization between two Swift Clusters
7
7. Administering OpenStack Object Storage
7. Administering OpenStack Object Storage
Introduction
Managing the OpenStack Object Storage cluster with swift-init
Checking cluster health
Managing the Swift cluster capacity
Removing nodes from a cluster
Detecting and replacing failed hard drives
Collecting usage statistics
8
8. Cinder – OpenStack Block Storage
8. Cinder – OpenStack Block Storage
Introduction
Configuring Cinder-volume services
Configuring OpenStack Compute for Cinder-volume
Creating volumes
Attaching volumes to an instance
Detaching volumes from an instance
Deleting volumes
Configuring third-party volume services
Working with Cinder snapshots
Booting from volumes
9
9. More OpenStack
9. More OpenStack
Introduction
Using cloud-init to run post-installation commands
Using cloud-config to run the post-installation configuration
Installing OpenStack Telemetry
Using OpenStack Telemetry to interrogate usage statistics
Installing Neutron LBaaS
Using Neutron LBaaS
Configuring Neutron FWaaS
Using Neutron FWaaS
Installing the Heat OpenStack Orchestration service
Using Heat to spin up instances
10
10. Using the OpenStack Dashboard
10. Using the OpenStack Dashboard
Introduction
Installing OpenStack Dashboard
Using OpenStack Dashboard for key management
Using OpenStack Dashboard to manage Neutron networks
Using OpenStack Dashboard for security group management
Using OpenStack Dashboard to launch instances
Using OpenStack Dashboard to terminate instances
Using OpenStack Dashboard to connect to instances using a VNC
Using OpenStack Dashboard to add new tenants – projects
Using OpenStack Dashboard for user management
Using OpenStack Dashboard with LBaaS
Using OpenStack Dashboard with OpenStack Orchestration
11
11. Production OpenStack
11. Production OpenStack
Introduction
Installing the MariaDB Galera cluster
Configuring HA Proxy for the MariaDB Galera cluster
Configuring HA Proxy for high availability
Installing and configuring Pacemaker with Corosync
Configuring OpenStack services with Pacemaker and Corosync
Bonding network interfaces for redundancy
Automating OpenStack installations using Ansible – host configuration
Automating OpenStack installations using Ansible – Playbook configuration
Automating OpenStack installations using Ansible – running Playbooks
12
Index
Index

Creating the service tenant and service users

Now that the service endpoints are created, we can configure them so that our other OpenStack services can utilize them. To do this, each service is configured with a username and password within a special service tenant. Configuring each service to have its own username and password allows for greater security, troubleshooting, and auditing within our environment. When setting up a service to use the OpenStack Identity service for authentication and authorization, we specify these details in their relevant configuration file. Each service itself has to authenticate with keystone in order for it to be available within OpenStack. Configuration of that service is then done using these credentials. For example, for glance, we specify the following lines in /etc/glance/glance-registry.conf, when used with OpenStack Identity service, which matches what we created previously:

[keystone_authtoken]
identity_uri = https://192.168.100.200:35357
admin_tenant_name = service
admin_user = glance
admin_password = glance
insecure = True

Tip

The use of insecure = True here is only required as self-signed certificates are used throughout this book. In production, we would use issued certificates and omit this option in our configs.

Getting ready

We will be using the keystone client to operate Keystone. If the python-keystoneclient tool isn't available, follow the steps described at http://bit.ly/OpenStackCookbookClientInstall.

Ensure that we have our environment set correctly to access our OpenStack environment for administrative purposes:

export OS_TENANT_NAME=cookbook
export OS_USERNAME=admin
export OS_PASSWORD=openstack
export OS_AUTH_URL=https://192.168.100.200:5000/v2.0/
export OS_NO_CACHE=1
export OS_KEY=/vagrant/cakey.pem
export OS_CACERT=/vagrant/ca.pem

Tip

You can use the controller node if no other machines are available on your network, as this has the python-keystoneclient and the relevant access to the OpenStack environment. If you are using the Vagrant environment, issue the following command to get access to the Controller:

vagrant ssh controller

How to do it...

To configure an appropriate service tenant, carry out the following steps:

  1. Create the service tenant as follows:
    keystone tenant-create \
    --name service \
    --description "Service Tenant" \
    --enabled true

    This produces output similar to what is shown as follows:

    +-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |          Service Tenant          |
|   enabled   |               True               |
|      id     | 8e77d9c13e884bf4809077722003bba0 |
|     name    |             service              |
+-------------+----------------------------------+
  2. Record the ID of the service tenant so that we can assign service users to this ID:
    SERVICE_TENANT_ID=$(keystone tenant-list \
    | awk '/\ service\ / {print $2}')
  3. For each of the services in this section, we will create the user accounts to be named the same as the services and set the password to be the same as the service name too. For example, we will add a user called nova with a password nova in the service tenant by using the user-create option:
    keystone user-create \
    --name nova \
    --pass nova \
    --tenant_id $SERVICE_TENANT_ID \
    --email nova@localhost \
    --enabled true

    The preceding code will produce an output similar to what is shown here:

    +----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |          nova@localhost          |
| enabled  |               True               |
|    id    | 50ea356a4b6f4cb7a9fa22c1fb08549b |
|   name   |               nova               |
| tenantId | 42e5c284de244e3190e12cc44fbbbe62 |
| username |               nova               |
+----------+----------------------------------+
  4. We then repeat this for each of our other services that will use OpenStack Identity service:
    keystone user-create \
    --name glance \
    --pass glance \
    --tenant_id $SERVICE_TENANT_ID \
    --email glance@localhost \
    --enabled true

keystone user-create \
    --name keystone \
    --pass keystone \
    --tenant_id $SERVICE_TENANT_ID \
    --email keystone@localhost \
    --enabled true

keystone user-create \
    --name neutron \
    --pass neutron \
    --tenant_id $SERVICE_TENANT_ID \
    --email neutron@localhost \
    --enabled true

keystone user-create \
    --name cinder \
    --pass cinder \
    --tenant_id $SERVICE_TENANT_ID \
    --email cinder@localhost \
    --enabled true
  5. We can now assign these users the admin role in the service tenant. To do this, we use the user-role-add option after retrieving the user ID of the nova user. For example, to add the admin role to the nova user in the service tenant, we use the following code:
    # Get the nova user id
NOVA_USER_ID=$(keystone user-list \
    | awk '/\ nova\ / {print $2}')

# Get the admin role id
ADMIN_ROLE_ID=$(keystone role-list \
    | awk '/\ admin\ / {print $2}')

# Assign the nova user the admin role in service tenant
keystone user-role-add \
    --user $NOVA_USER_ID \
    --role $ADMIN_ROLE_ID \
    --tenant_id $SERVICE_TENANT_ID
  6. We then repeat this for our other service users, glance, keystone, neutron, and cinder:
    # Get the glance user id
GLANCE_USER_ID=$(keystone user-list \
    | awk '/\ glance\ / {print $2}')

# Assign the glance user the admin role in service tenant
keystone user-role-add \
    --user $GLANCE_USER_ID \
    --role $ADMIN_ROLE_ID \
    --tenant_id $SERVICE_TENANT_ID
# Get the keystone user id
KEYSTONE_USER_ID=$(keystone user-list \
    | awk '/\ keystone\ / {print $2}')

# Assign the keystone user the admin role in service tenant
keystone user-role-add \
    --user $KEYSTONE_USER_ID \
    --role $ADMIN_ROLE_ID \
    --tenant_id $SERVICE_TENANT_ID

# Get the cinder user id
NEUTRON_USER_ID=$(keystone user-list \
    | awk '/\ neutron \ / {print $2}')

# Assign the neutron user the admin role in service tenant
keystone user-role-add \
    --user $NEUTRON_USER_ID \
    --role $ADMIN_ROLE_ID \
    --tenant_id $SERVICE_TENANT_ID

# Get the cinder user id
CINDER_USER_ID=$(keystone user-list \
    | awk '/\ cinder \ / {print $2}')

# Assign the cinder user the admin role in service tenant
keystone user-role-add \
    --user $CINDER_USER_ID \
    --role $ADMIN_ROLE_ID \
    --tenant_id $SERVICE_TENANT_ID

How it works...

Creation of the service tenant, which is populated with the services required to run OpenStack, is no different from creating any other users on our system that require the admin role. We create the usernames and passwords and ensure that they exist in the service tenant with the admin role assigned to each user. We then use these credentials when configuring the services to authenticate with the OpenStack Identity service.

Tip

Downloading the example code

You can download the example code files for this book at https://github.com/OpenStackCookbook/OpenStackCookbook. All the support files are available here.

End of Section 9
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete