Difference between revisions of "OpenStack"
m |
(Several additions and minor edits throughout the page) |
||
Line 2: | Line 2: | ||
[https://en.wikipedia.org/wiki/OpenStack OpenStack] is an [https://en.wikipedia.org/wiki/Open-source_model open-source] [https://en.wikipedia.org/wiki/Cloud_computing#Service_models cloud stack] that is currently running on [[Red_Cloud|Red Cloud]]. Also, for more information, see the [https://docs.openstack.org/ Official Documentation for OpenStack]. If you are looking for information on how to migrate an instance from [[Eucalyptus]] to OpenStack, please see [[Migrating from Eucalyptus to OpenStack]]. | [https://en.wikipedia.org/wiki/OpenStack OpenStack] is an [https://en.wikipedia.org/wiki/Open-source_model open-source] [https://en.wikipedia.org/wiki/Cloud_computing#Service_models cloud stack] that is currently running on [[Red_Cloud|Red Cloud]]. Also, for more information, see the [https://docs.openstack.org/ Official Documentation for OpenStack]. If you are looking for information on how to migrate an instance from [[Eucalyptus]] to OpenStack, please see [[Migrating from Eucalyptus to OpenStack]]. | ||
+ | |||
+ | This page is intended as a quick walk-through of the most-used features of OpenStack, so it is not comprehensive, but links to a lot of supporting documentation for more thorough explanations and advanced topics. | ||
__TOC__ | __TOC__ | ||
Line 11: | Line 13: | ||
# [[OpenStack CLI]] | # [[OpenStack CLI]] | ||
− | Most users will use the OpenStack Web Interface (called [https://docs.openstack.org/horizon/latest/ Horizon]). This web-based interface can be used to manage [[#Instances|instances]] and [[#Volumes|volumes]]. For [[Red Cloud Linux Instances|Linux Instances]], however, some users may choose to use the | + | Most users will use the OpenStack Web Interface (called [https://docs.openstack.org/horizon/latest/ Horizon]). This web-based interface can be used to manage [[#Instances|instances]] and [[#Volumes|volumes]]. For [[Red Cloud Linux Instances|Linux Instances]], however, some users may choose to use the OpenStack CLI. This section focuses on the OpenStack Web Interface. |
=== Logging In === | === Logging In === | ||
Line 19: | Line 21: | ||
[[File:RedCloudCACLogin.png|300px|frameless|border]][[File:White_square.png|100px|frameless]][[File:RedCloudGlobusAuthLogin.png|300px|frameless|border]] | [[File:RedCloudCACLogin.png|300px|frameless|border]][[File:White_square.png|100px|frameless]][[File:RedCloudGlobusAuthLogin.png|300px|frameless|border]] | ||
− | # [https://www.cac.cornell.edu/services/myacct.aspx CAC Account] - Enter '''cac''' as the "<tt>Domain</tt>" and your [https://www.cac.cornell.edu/services/myacct.aspx CAC username] and password, not your Cornell NetID. If your CAC password has expired, you will need to | + | # [https://www.cac.cornell.edu/services/myacct.aspx CAC Account] - Enter '''cac''' as the "<tt>Domain</tt>" and your [https://www.cac.cornell.edu/services/myacct.aspx CAC username] and password, not your Cornell NetID. If your CAC password has expired, you will need to [https://www.cac.cornell.edu/wiki/index.php?title=Getting_Started#Managing_your_password reset it] before you will be able to login to the OpenStack Web Interface. |
− | [https://www.cac.cornell.edu/wiki/index.php?title=Getting_Started#Managing_your_password reset it] before you will be able to login to the OpenStack Web Interface. | ||
# [https://www.globus.org/tags/globus-auth Globus Auth] - Log in through Globus | # [https://www.globus.org/tags/globus-auth Globus Auth] - Log in through Globus | ||
#* Currently, this feature is '''only available to Aristotle users'''. This feature will be enabled for all users in the future. | #* Currently, this feature is '''only available to Aristotle users'''. This feature will be enabled for all users in the future. | ||
Line 32: | Line 33: | ||
The Overview page is the first place you will be taken upon logging into Red Cloud. | The Overview page is the first place you will be taken upon logging into Red Cloud. | ||
− | |||
:* Provides useful metrics on currently selected project | :* Provides useful metrics on currently selected project | ||
:* '''Before creating an instance''', you will need to: | :* '''Before creating an instance''', you will need to: | ||
Line 38: | Line 38: | ||
:** [[#Key_Pairs|Create a key pair]] - for authentication when you log in the first time | :** [[#Key_Pairs|Create a key pair]] - for authentication when you log in the first time | ||
:** [[#Security_Groups|Create a security group]] - defines allowable types of port access for an instance | :** [[#Security_Groups|Create a security group]] - defines allowable types of port access for an instance | ||
− | :** Optional: [[#Volumes|Create and Attach a Volume]] (can also be done when launching an | + | :** Optional: [[#Networks|Set up a private network]] - if you do not want your instance to be available on the [[Public Net|public net]] |
− | :** | + | :* You may also want to: |
− | + | :** [[#Volumes|Create and Attach a Volume]] (can also be done when launching an instance) | |
+ | :** [[#Floating IP|Associate a Floating IP address]] - a fixed IP address that can be assigned to an instance | ||
=== Key Pairs === | === Key Pairs === | ||
Line 142: | Line 143: | ||
Note that you can actually have an instance that is both part of the 'public' network and a 'private' network. | Note that you can actually have an instance that is both part of the 'public' network and a 'private' network. | ||
− | + | === Public Net === | |
− | + | :* No action is needed to use this, other than selecting it. | |
− | + | :* This should be acceptable for many uses, e.g. compute instances. | |
− | + | :* IP address will be stable through reboots, but not necessarily through hard shutdowns (e.g. shelving). | |
− | + | :* You can not assign a floating IP to an instance via its membership in a public network. Please do not allocate floating IP addresses on a public network. | |
− | + | === Setting up your own private network === | |
# ssh into linuxlogin.cac.cornell.edu; this can be done using your CU netid and CAC password: <code>ssh netid@linuxlogin.cac.cornell.edu</code>. | # ssh into linuxlogin.cac.cornell.edu; this can be done using your CU netid and CAC password: <code>ssh netid@linuxlogin.cac.cornell.edu</code>. | ||
# [https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_CLI source] the openrc for the desired project, which is obtainable via [https://redcloud.cac.cornell.edu/dashboard/project/api_access/ from OpenStack Horizon] once the desired project is selected in Horizone | # [https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_CLI source] the openrc for the desired project, which is obtainable via [https://redcloud.cac.cornell.edu/dashboard/project/api_access/ from OpenStack Horizon] once the desired project is selected in Horizone | ||
Line 157: | Line 158: | ||
Note that network names are not unique, but IDs are. You can rename a network without renaming the subnet (but you can rename it too, separately), all possible via the Horizon web UI. The subnets are private, and exposed externally by a Router. Networks and routers won't be deleted if there are any active connections on them. There is also a delete network script that should be used instead of the Horizon web UI for a cleaner deletion: <code>/opt/openstack/delete-private-net.sh</code>. | Note that network names are not unique, but IDs are. You can rename a network without renaming the subnet (but you can rename it too, separately), all possible via the Horizon web UI. The subnets are private, and exposed externally by a Router. Networks and routers won't be deleted if there are any active connections on them. There is also a delete network script that should be used instead of the Horizon web UI for a cleaner deletion: <code>/opt/openstack/delete-private-net.sh</code>. | ||
− | + | === Floating IP === | |
− | + | ||
− | + | Steps for getting a floating (stable) IP: | |
− | + | :* See the prerequisite steps above for "Setting up your own private network" | |
− | + | :* In Horizon, under the Networks tab, select "Floating IPs", which should send you [https://redcloud.cac.cornell.edu/dashboard/project/floating_ips/ here]. | |
− | + | :* Click "Allocate IP to Project" | |
− | + | :* The only pool will be "public"; click "allocate". | |
− | + | :* From the list of floating IPs, click "Associate"; make sure you pick a "port" that is an instance's interface on a previously created private network, '''NOT a public network'''. | |
+ | :* Note that if you not longer need the floating IP, '''please release''' it back to the pool by selecting the "Release Floating IP" from the Actions dropdown menu. | ||
+ | :* When changing the associated floating IPs of an instance, security groups may be dropped, so you may need to edit the security groups after the fact from the instance dropdown menu. |
Revision as of 14:29, 17 December 2018
Warning: This page is currently under construction. Information may not be ready for users.
OpenStack is an open-source cloud stack that is currently running on Red Cloud. Also, for more information, see the Official Documentation for OpenStack. If you are looking for information on how to migrate an instance from Eucalyptus to OpenStack, please see Migrating from Eucalyptus to OpenStack.
This page is intended as a quick walk-through of the most-used features of OpenStack, so it is not comprehensive, but links to a lot of supporting documentation for more thorough explanations and advanced topics.
Using the OpenStack Web Interface (Horizon)
There are two ways to manage Red Cloud resources:
Most users will use the OpenStack Web Interface (called Horizon). This web-based interface can be used to manage instances and volumes. For Linux Instances, however, some users may choose to use the OpenStack CLI. This section focuses on the OpenStack Web Interface.
Logging In
Log in to the OpenStack Web Interface to create and manage Red Cloud resources. There are two ways to login:
- CAC Account - Enter cac as the "Domain" and your CAC username and password, not your Cornell NetID. If your CAC password has expired, you will need to reset it before you will be able to login to the OpenStack Web Interface.
- Globus Auth - Log in through Globus
- Currently, this feature is only available to Aristotle users. This feature will be enabled for all users in the future.
- You must link your Cornell account, or any accounts attached to the projects you are on, in order to have access to them when using Globus Auth.
- If you can't log in with Globus Auth, it may be that you have not linked your account yet.
You can use the "Authenticate using" drop-down to switch between the two options. Neither option requires you to enter a project ID; you can switch between the projects you are on once logged in.
Overview Page
The Overview page is the first place you will be taken upon logging into Red Cloud.
- Provides useful metrics on currently selected project
- Before creating an instance, you will need to:
- Select the correct project from the "Project" drop-down at the top right of the page (if you are on multiple projects)
- Create a key pair - for authentication when you log in the first time
- Create a security group - defines allowable types of port access for an instance
- Optional: Set up a private network - if you do not want your instance to be available on the public net
- You may also want to:
- Create and Attach a Volume (can also be done when launching an instance)
- Associate a Floating IP address - a fixed IP address that can be assigned to an instance
Key Pairs
This is obviously visible along the top bar when compute is selected: Key Pairs
Can create or upload.
Can't create or upload during Instance setup.
Security Groups
Getting to this is not obvious: Security Groups
Can't create one during Instance setup.
Instances
Each instance is a Virtual Machine (VM) in the cloud. You can select CPU/RAM/disk configurations (called "flavors") for the VM. The available VM configurations are:
Type | CPUs | RAM |
---|---|---|
c1.m8 | 1 | 8 GB |
c2.m16 | 2 | 16 GB |
c4.m32 | 4 | 32 GB |
c8.m64 | 8 | 64 GB |
c14.m112 | 14 | 112 GB |
c20.m160 | 20 | 160 GB |
c28.m224 | 28 | 224 GB |
The disk size of the instance will match the disk size of the image you select. Note that the virtual cores map to individual physical cores, with hyperthreading enabled.
To work with instances, select the Instances page under the Compute tab, as pictured below:
Launch an Instance
This is a general walk-through for creating a new instance, which is not specific to an Operating System. For more specific information, see either of the Linux Instances or Windows Instances pages.
To launch a new instance:
- Create Key Pair
- Create a Security Group and be sure that you select the appropriate rule for connecting to your instance (SSH for Linux Instances and RDP for Red Cloud Windows Instances)
- Select Launch Instance on the top right side of the Instances page
- The full "Launch Instance" menu will popup looking like this:
- Tabs that you are required to fill out are marked with a *
- It is recommended that you also select your own Security Group, otherwise the default security group will be selected, which may not be ideal for your work.
- It is necessary that you select your own Key Pair, even though this field is not marked required, so that you are able to connect to your instance after creation.
Note: During instance creation, on the "Source" tab, the option for "Delete Volume on Instance Delete" determines whether or not your root volume will be deleted when you terminate the instance. By default, this option is set to "No" to prevent accidental deletion of your data. However, if you do not intend to re-use the root volume, you could unintentionally incur excess storage usage. You can either delete the root volume manually later (it will show up in the list of volumes with the ID the same as the name), or select "Yes" on this option to automatically delete it when you terminate your instance.
Flavors Note: if you are using Windows you need a 'w' instance (indeed Horizon will force you to use it since the WIndows image is > 10GB). If you are using Linux, you have a choice; if you anticipate to install a lot of packages, you may want a 'w' instance as well (50 GB), otherwise, we suggest you choose a 'c' instance (10 GB) to save on storage costs. Data should ideally be stored on a separate volume when there is any substantial amount of it, not just to make resizing easier, but to make it independent of the OS volume should something happen to it (bad upgrade, desire to switch OS, etc), so data size should not really enter into the user's decision about what to pick here.
Instance States
You should not take a snapshot of a file system that's mounted. You will lose all the info that's still in Linux's write cache. So if you want to take a snapshot of the root file system, the OS cannot be running.
Types of Images
Volumes
Create and Attach a Volume
Volume creation is useful or attaching a data volume or a volume with users' home directories to an instance, as it is often good to separate the concerns of an operating system and user data. This makes it relatively easy to switch operating systems and maintain the same data, and to archive the more important parts of the project (the data) if needed.
- Create a volume
- Go to Volumes/Volumes in the Horizon Web GUI
- Click "Create Volume"
- On the Actions dropdwon menu, click "Manage Attachments"
- Select the instance you wish to attach to and click "Attach Volume"; note the device name specifies is usually not important and not always adhered to.
- - For Linux: Once you have attached the volume, login to your instance and run
lsblk
to see which/dev/vdX
is the likely candidate (for some character 'X'). You can then edit/etc/fstab
to have this mounted; see standard Linux documentation for this and how to use themount
command. - - TODO: notes for Windows?
- - For Linux: Once you have attached the volume, login to your instance and run
Snapshots of volumes (and of instances, in which case the volume is implicitly the root volume of the instance) can be created from the Actions dropwdown menu. This creates a state save of the existing volume. This is most useful for OS volumes to create safe checkpoints of working operating system configuration states. It may be less useful for larger data volumes; a more efficient solution might be to use ZFS snapshots on Linux operating systems.
Types of Storage
Networks
Use the 'public' net if you want some form of public (but possibly restricted) access from the internet and don't care about having an extremely stable IP. Somewhat counter-intuitively, you want a 'private' network if you want to get a stable "floating" IP address (called an elastic IP address in Eucalyptus and AWS); this is also highly reccomended if you plan to have a registered domain name pointing to the instance. You can also use a private network if you want some or all of the instances on the private network to not be directly accessible from the internet. The list of networks for the currently selected project can be viewed in OpenStack Horizon.
Note that you can actually have an instance that is both part of the 'public' network and a 'private' network.
Public Net
- No action is needed to use this, other than selecting it.
- This should be acceptable for many uses, e.g. compute instances.
- IP address will be stable through reboots, but not necessarily through hard shutdowns (e.g. shelving).
- You can not assign a floating IP to an instance via its membership in a public network. Please do not allocate floating IP addresses on a public network.
Setting up your own private network
- ssh into linuxlogin.cac.cornell.edu; this can be done using your CU netid and CAC password:
ssh netid@linuxlogin.cac.cornell.edu
. - source the openrc for the desired project, which is obtainable via from OpenStack Horizon once the desired project is selected in Horizone
- Run the network creation script with a single argument (network name), e.g.:
/opt/openstack/create-private-net.sh my-net-name
.
You can switch an instance from public to private by doing attach interface / detach interface from the instance dropdown menu.
Note that network names are not unique, but IDs are. You can rename a network without renaming the subnet (but you can rename it too, separately), all possible via the Horizon web UI. The subnets are private, and exposed externally by a Router. Networks and routers won't be deleted if there are any active connections on them. There is also a delete network script that should be used instead of the Horizon web UI for a cleaner deletion: /opt/openstack/delete-private-net.sh
.
Floating IP
Steps for getting a floating (stable) IP:
- See the prerequisite steps above for "Setting up your own private network"
- In Horizon, under the Networks tab, select "Floating IPs", which should send you here.
- Click "Allocate IP to Project"
- The only pool will be "public"; click "allocate".
- From the list of floating IPs, click "Associate"; make sure you pick a "port" that is an instance's interface on a previously created private network, NOT a public network.
- Note that if you not longer need the floating IP, please release it back to the pool by selecting the "Release Floating IP" from the Actions dropdown menu.
- When changing the associated floating IPs of an instance, security groups may be dropped, so you may need to edit the security groups after the fact from the instance dropdown menu.