Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • OpenStack Cloud Computing Cookbook, Third Edition
  • Toc
  • feedback
OpenStack Cloud Computing Cookbook, Third Edition

OpenStack Cloud Computing Cookbook, Third Edition

By : Cody Bunch
3.4 (5)
close
OpenStack Cloud Computing Cookbook, Third Edition

OpenStack Cloud Computing Cookbook, Third Edition

3.4 (5)
By: Cody Bunch

Overview of this book

OpenStack Open Source software is one of the most used cloud infrastructures to support software development and big data analysis. It is developed by a thriving community of individual developers from around the globe and backed by most of the leading players in the cloud space today. It is simple to implement, massively scalable, and can store a large pool of data and networking resources. OpenStack has a strong ecosystem that helps you provision your cloud storage needs. Add OpenStack's enterprise features to reduce the cost of your business. This book will show you the steps to build up a private cloud environment. At the beginning, you'll discover the uses of cloud services such as the identity service, image service, and compute service. You'll dive into Neutron, the OpenStack Networking service, and get your hands dirty with configuring ML2, networks, routers, and Distributed Virtual Routers. You’ll then gather more expert knowledge on OpenStack cloud computing by managing your cloud's security and migration. After that, we delve in to OpenStack Object storage and how to manage servers and work with objects, cluster, and storage functionalities. Also, as you go deeper into the realm of OpenStack, you'll learn practical examples of Block storage, LBaaS, and FWaaS: installation and configuration covered ground up. Finally, you will learn OpenStack dashboard, Ansible and Foreman, Keystone, and other interesting topics.
Table of Contents (13 chapters)
close
close
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Free Chapter
1
1. Keystone – OpenStack Identity Service
chevron up
1. Keystone – OpenStack Identity Service
Introduction
Installing the OpenStack Identity Service
Configuring OpenStack Identity for SSL communication
Creating tenants in Keystone
Configuring roles in Keystone
Adding users to Keystone
Defining service endpoints
Creating the service tenant and service users
Configuring OpenStack Identity for LDAP Integration
2
2. Glance – OpenStack Image Service
2. Glance – OpenStack Image Service
Introduction
Installing OpenStack Image Service
Configuring OpenStack Image Service with OpenStack Identity Service
Configuring OpenStack Image Service with OpenStack Object Storage
Managing images with OpenStack Image Service
Registering a remotely stored image
Sharing images among tenants
Viewing shared images
Using image metadata
Migrating a VMware image
Creating an OpenStack image
3
3. Neutron – OpenStack Networking
3. Neutron – OpenStack Networking
Introduction
Installing Neutron and Open vSwitch on a dedicated network node
Configuring Neutron and Open vSwitch
Installing and configuring the Neutron API service
Creating a tenant Neutron network
Deleting a Neutron network
Creating an external floating IP Neutron network
Using Neutron networks for different purposes
Configuring Distributed Virtual Routers
Using Distributed Virtual Routers
4
4. Nova – OpenStack Compute
4. Nova – OpenStack Compute
Introduction
Installing OpenStack Compute controller services
Installing OpenStack Compute packages
Configuring database services
Configuring OpenStack Compute
Configuring OpenStack Compute with OpenStack Identity Service
Stopping and starting nova services
Installation of command-line tools on Ubuntu
Using the command-line tools with HTTPS
Checking OpenStack Compute services
Using OpenStack Compute
Managing security groups
Creating and managing key pairs
Launching our first cloud instance
Fixing a broken instance deployment
Terminating your instances
Using live migration
Working with nova-schedulers
Creating flavors
Defining host aggregates
Launching instances in specific Availability Zones
Launching instances on specific Compute hosts
Removing Nova nodes from a cluster
5
5. Swift – OpenStack Object Storage
5. Swift – OpenStack Object Storage
Introduction
Configuring Swift services and users in Keystone
Installing OpenStack Object Storage services – proxy server
Configuring OpenStack Object Storage – proxy server
Installing OpenStack Object Storage services – storage nodes
Configuring physical storage for use with Swift
Configuring Object Storage replication
Configuring OpenStack Object Storage – storage services
Making the Object Storage rings
Stopping and starting OpenStack Object Storage
Setting up SSL access
6
6. Using OpenStack Object Storage
6. Using OpenStack Object Storage
Introduction
Installing the swift client tool
Creating containers
Uploading objects
Uploading large objects
Listing containers and objects
Downloading objects
Deleting containers and objects
Using OpenStack Object Storage ACLs
Using Container Synchronization between two Swift Clusters
7
7. Administering OpenStack Object Storage
7. Administering OpenStack Object Storage
Introduction
Managing the OpenStack Object Storage cluster with swift-init
Checking cluster health
Managing the Swift cluster capacity
Removing nodes from a cluster
Detecting and replacing failed hard drives
Collecting usage statistics
8
8. Cinder – OpenStack Block Storage
8. Cinder – OpenStack Block Storage
Introduction
Configuring Cinder-volume services
Configuring OpenStack Compute for Cinder-volume
Creating volumes
Attaching volumes to an instance
Detaching volumes from an instance
Deleting volumes
Configuring third-party volume services
Working with Cinder snapshots
Booting from volumes
9
9. More OpenStack
9. More OpenStack
Introduction
Using cloud-init to run post-installation commands
Using cloud-config to run the post-installation configuration
Installing OpenStack Telemetry
Using OpenStack Telemetry to interrogate usage statistics
Installing Neutron LBaaS
Using Neutron LBaaS
Configuring Neutron FWaaS
Using Neutron FWaaS
Installing the Heat OpenStack Orchestration service
Using Heat to spin up instances
10
10. Using the OpenStack Dashboard
10. Using the OpenStack Dashboard
Introduction
Installing OpenStack Dashboard
Using OpenStack Dashboard for key management
Using OpenStack Dashboard to manage Neutron networks
Using OpenStack Dashboard for security group management
Using OpenStack Dashboard to launch instances
Using OpenStack Dashboard to terminate instances
Using OpenStack Dashboard to connect to instances using a VNC
Using OpenStack Dashboard to add new tenants – projects
Using OpenStack Dashboard for user management
Using OpenStack Dashboard with LBaaS
Using OpenStack Dashboard with OpenStack Orchestration
11
11. Production OpenStack
11. Production OpenStack
Introduction
Installing the MariaDB Galera cluster
Configuring HA Proxy for the MariaDB Galera cluster
Configuring HA Proxy for high availability
Installing and configuring Pacemaker with Corosync
Configuring OpenStack services with Pacemaker and Corosync
Bonding network interfaces for redundancy
Automating OpenStack installations using Ansible – host configuration
Automating OpenStack installations using Ansible – Playbook configuration
Automating OpenStack installations using Ansible – running Playbooks
12
Index
Index

Configuring OpenStack Identity for LDAP Integration

The OpenStack Identity service that we have built so far provides you with a functional, but isolated, set up for your OpenStack environment. This is a useful setup for Proof of Concept and lab environments. However, it is likely that you will need to integrate OpenStack with your existing authentication system. OpenStack Identity provides a pluggable authentication back end for this, with LDAP being the most widely used.

Getting ready

We will be using the keystone client to operate Keystone. If the python-keystoneclient tool isn't available, follow the steps described at http://bit.ly/OpenStackCookbookClientInstall.

Ensure that we have our environment set correctly to access our OpenStack environment for administrative purposes:

export OS_TENANT_NAME=cookbook
export OS_USERNAME=admin
export OS_PASSWORD=openstack
export OS_AUTH_URL=https://192.168.100.200:5000/v2.0/
export OS_NO_CACHE=1
export OS_KEY=/vagrant/cakey.pem
export OS_CACERT=/vagrant/ca.pem

Tip

You can use the controller node if no other machines are available on your network, as this has the python-keystoneclient and the relevant access to the OpenStack environment. If you are using the Vagrant environment, issue the following command to get access to the Controller:

vagrant ssh controller

Additionally, to connect to an external LDAP service, you will need to possess the hostname or IP address of the LDAP server and have appropriate access to the server. You will also need to have the LDAP path information for an admin user, and for the Organizational Units that contain the Users, Roles, and Tenants.

Note

We have provided a sample OpenLDAP server that is prepopulated with the required values as part of this book's supplementary materials, and instructions on how to use it located on our book blog at http://bit.ly/OpenStackCookbookLDAP

How to do it...

To configure OpenStack Identity to communicate with LDAP, perform the following steps:

  1. Using your favorite editor, enable LDAP authentication in the keystone.conf file:
    [identity]
driver=keystone.identity.backends.ldap.Identity
  2. Next, create the ldap section and add the URL to your existing LDAP server:
    [ldap]
url = ldap://openldap
  3. On the following lines, specify the LDAP path for the admin user you will use, along with its password and the suffix, or where you would like Keystone to begin searching LDAP:
    user = cn=admin,dc=cook,dc=book
password = openstack
suffix = cn=cook,cn=book
  4. In the same [ldap] section, we tell Keystone four pieces of information about how to find users. user_tree_dn specifies which OU within the LDAP tree to search for users. user_objectclass specifies how a user is represented within LDAP. user_id_attribute tells Keystone which property of the user to use as a username. Similarly, user_mail_attribute tells Keystone where to find the user's e-mail address. The code is as follows:
    user_tree_dn = ou=Users,dc=cook,dc=book
user_objectclass = inetOrgPerson
user_id_attribute = cn
user_mail_attribute = mail
  5. Next, add the same details for Tenants and Roles:
    tenant_tree_dn = ou=Projects,dc=cook,dc=book
tenant_objectclass = groupOfNames
tenant_id_attribute = cn
tenant_desc_attribute = description

role_tree_dn = ou=Roles,dc=cook,dc=book
role_objectclass = organizationalRole
role_id_attribute = cn
role_member_attribute = roleOccupant
  6. Save the file and restart keystone:
    sudo stop keystone
sudo start keystone

How it works...

The OpenStack Identity service, like other OpenStack services, is based on plugins. In its default state, Keystone will store and access all user identity and authentication data from a SQL database. However, when integrating OpenStack into an existing environment, this is not always the most desirable or secure method. To accommodate this, we changed the identity back end to LDAP. This allows for integration with OpenLDAP, Active Directory, and many others. However, when configuring the backend, you need to pay special attention to the LDAP paths.

Note

Where are the entries for the services catalog? These are still stored in Keystone's SQL database, as they aren't specifically related to user identity or authentication.

End of Chapter 1
Next Chapter
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete