5. Administration OpenStack I

Déploiement d'une instance OpenStack

1. Étapes de déploiement d'une instance

Pour déployer une instance, les étapes suivantes seront suivies :

  1. Configuration du réseau
  2. Attribution des adresses IP flottantes
  3. Définition d'un groupe de sécurité
  4. Création d'une paire de clés SSH
  5. Création d'une image
  6. Choix d'un gabarit
  7. Démarrage de l'instance

2. Chargement des variables d'environnement

On charge le profil de l'utilisateur demo :

osbash@controller:~$ cat demo-openrc.sh
export OS_USERNAME=demo
export OS_PASSWORD=demo_user_pass
export OS_PROJECT_NAME=demo
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://10.0.0.11:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
osbash@controller:~$ . demo-openrc.sh

3. Configuration du réseau

4. Générer une paire de clé

... Explication ...

osbash@controller:~$ openstack keypair create mykey > mykey.pem
osbash@controller:~$ openstack keypair show mykey
+-------------+-------------------------------------------------+
| Field       | Value                                           |
+-------------+-------------------------------------------------+
| created_at  | 2019-03-02T21:15:28.000000                      |
| deleted     | False                                           |
| deleted_at  | None                                            |
| fingerprint | 58:8b:d1:1e:5d:64:c4:d9:62:64:e3:bb:f3:33:c4:4d |
| id          | 1                                               |
| name        | mykey                                           |
| updated_at  | None                                            |
| user_id     | 91e1392791a145f985ea1153e2b2525b                |
+-------------+-------------------------------------------------+
osbash@controller:~$ cat mykey.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAwGrab9Yxc2ZEJcoqVV8RrMXrFv3exBgfAzx03wpNhHbzJdiY
KcIYtnWpEFbOu4ZJHPqXqsckKlbvbJzhkyQMNt3AaJ1rt29m38XpDIUp/hpkHipu
796uu9B5jmL+0Fn3xJbdFIsbxtomHua5b8N0+clF5h0wfGn04yw1WM4QziEvdq0I
8devP/h6lCnJUp1ApVRIBIGU56QZhoAcxQ+AM2q9zkjHV6C+Jfqe8owpCCntL9ed
sWKYk4a8vbLpuFQ2WXbVQ31xEqNcGylckC36ZPrcsWW9G/UNyY+ITDkhnMkWRA7m
kOWWjBBpx1FVX6Qclb0oIO9+M8rilfnCILHy0wIDAQABAoIBABWcqtY+56T/io34
DBM0r2aJgGM/toKt9uXFJ5dZr+U9+wd4MXcXPvFXe9rC9UtoxNOFbf2Xin9a7l9z
q358YQbUl2TosY2T7KkbsJZgapwI2M/ukjFNALFFtDGC+v3p7QNesow5J7CJFhkI
bzGXcY8QxVIYWzbOK9xMPd2wn4CXVbhQwUU//BjWlsbpsZTfcm9SJ21UxybsyU77
R4WAY01jjAusrH9Is84xn8gX4aGUOsXe7E7qKAW/TPg/kUyvPg/nOopOsWUhGn52
SuyUgugHNzhN03nDGr6Vx6Fnc2Av5LKvc1zAZ1HOsPESYvTR82ayVAwII85UwKd+
ecRGDxECgYEA5zDgenEbiMTO9VLNnOQzU8LT4Ygg/6PWgQafl/4t5fFW8U/AjnEQ
4OM6z5XwrufF8KP0YxMnsW/nBDOi0jgek0ku8WK5Jot9KrBuMIyFqpvJHRO5QeIz
DWHJcOmzmhRyEvoHMkep9HNSPwYZ/I5AUISPrbRTDziu5f/R97is9akCgYEA1RDQ
2UZwN9dncERMv/B7aGyDtocU7KMhpU5MUAbFeV2yO1LcYPdaTaG2dKLV6doTFLas
y5zbi0tLUySHDEJAUpUfSfebk5o5k9GTppxaHTM6VHthk9PxWfgeWaFcxwPKwfTI
yhWzREIynLIBwNTWCOfn3J/d/tcy+bD/20hF+hsCgYA/L+Sqkm9sGh5WfqMj1lsQ
8ZbndUVPmX/vE9haumXhCu0wVxPR2qU6UeCpC9oUc9RtyOHqkjmvDV6ej15ZBm2U
49OotcrU9hrnqAD10/JUhu+YuuNPVnuNlMRxz+3+lsf2189PtraE0WARSaGgnWCG
oTSDzV1GM7/ZrOm+QwNCwQKBgQDT7y8fAM687PmKFZYWUjoe69m0JPeuTrI4AQMt
kx64k3enRMvLdB+SGuonaJXJUE8simyk+Dj1fIbHhA0FJ51dx9FgvPg2wPDG1W++
CcYlR4Cc6kFsTyTCrmhaFYT4vQ/hEADt6tnvar13WiUeT1c7cpoSvb6PMDYXYnWO
BHz+wwKBgQDkpvWanGoX8RYi6SQo8t1lMg/2cyqq8+YQKaOkZGdzb8RKE4XDisg7
5um4kw0TiYi87w8xPRxNAiMEzs9yxA/dz0OhhJT5RvdE1diwByyCElM/A1MwP0xs
PRTlmwq6QqBxWhRhELp8VjGbIywm+MFHrPWWVgtbWw3sxkPJRYsuaw==
-----END RSA PRIVATE KEY-----
osbash@controller:~$ chmod 600 mykey.pem

5. Groupe de sécurité

osbash@controller:~$ openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID                                   | Name    | Description            | Project                          |
+--------------------------------------+---------+------------------------+----------------------------------+
| 0ca0c742-fc1e-4a75-9287-6104390dd74c | default | Default security group | e7bb777bdfae4003939e5bffe920f0c9 |
+--------------------------------------+---------+------------------------+----------------------------------+
osbash@controller:~$ openstack security group rule list default
+--------------------------------------+-------------+----------+------------+--------------------------------------+
| ID                                   | IP Protocol | IP Range | Port Range | Remote Security Group                |
+--------------------------------------+-------------+----------+------------+--------------------------------------+
| 2f00e670-4083-487e-8e12-08afeb363405 | None        | None     |            | None                                 |
| bcec6e77-88ba-4624-9353-101a3050dfb6 | None        | None     |            | 0ca0c742-fc1e-4a75-9287-6104390dd74c |
| c50a0639-c2dc-4fec-b11c-c79eea6b3fa7 | None        | None     |            | None                                 |
| f7ccf441-3234-46ab-8d8a-0be8f602755e | None        | None     |            | 0ca0c742-fc1e-4a75-9287-6104390dd74c |
+--------------------------------------+-------------+----------+------------+--------------------------------------+
osbash@controller:~$ openstack security group rule create --proto icmp default
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| created_at        | 2019-03-02T21:20:55Z                 |
| description       |                                      |
| direction         | ingress                              |
| ether_type        | IPv4                                 |
| id                | 2de383f4-dccb-4d5a-adef-5b1554ec3dbb |
| name              | None                                 |
| port_range_max    | None                                 |
| port_range_min    | None                                 |
| project_id        | e7bb777bdfae4003939e5bffe920f0c9     |
| protocol          | icmp                                 |
| remote_group_id   | None                                 |
| remote_ip_prefix  | 0.0.0.0/0                            |
| revision_number   | 0                                    |
| security_group_id | 0ca0c742-fc1e-4a75-9287-6104390dd74c |
| updated_at        | 2019-03-02T21:20:55Z                 |
+-------------------+--------------------------------------+
osbash@controller:~$ openstack security group rule create --proto tcp --dst-port 22 default
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| created_at        | 2019-03-02T21:21:09Z                 |
| description       |                                      |
| direction         | ingress                              |
| ether_type        | IPv4                                 |
| id                | 180d7fc8-ca88-4362-9bea-5bee47d1e09c |
| name              | None                                 |
| port_range_max    | 22                                   |
| port_range_min    | 22                                   |
| project_id        | e7bb777bdfae4003939e5bffe920f0c9     |
| protocol          | tcp                                  |
| remote_group_id   | None                                 |
| remote_ip_prefix  | 0.0.0.0/0                            |
| revision_number   | 0                                    |
| security_group_id | 0ca0c742-fc1e-4a75-9287-6104390dd74c |
| updated_at        | 2019-03-02T21:21:09Z                 |
+-------------------+--------------------------------------+
osbash@controller:~$ openstack security group rule list default
+--------------------------------------+-------------+-----------+------------+--------------------------------------+
| ID                                   | IP Protocol | IP Range  | Port Range | Remote Security Group                |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+
| 180d7fc8-ca88-4362-9bea-5bee47d1e09c | tcp         | 0.0.0.0/0 | 22:22      | None                                 |
| 2de383f4-dccb-4d5a-adef-5b1554ec3dbb | icmp        | 0.0.0.0/0 |            | None                                 |
| 2f00e670-4083-487e-8e12-08afeb363405 | None        | None      |            | None                                 |
| bcec6e77-88ba-4624-9353-101a3050dfb6 | None        | None      |            | 0ca0c742-fc1e-4a75-9287-6104390dd74c |
| c50a0639-c2dc-4fec-b11c-c79eea6b3fa7 | None        | None      |            | None                                 |
| f7ccf441-3234-46ab-8d8a-0be8f602755e | None        | None      |            | 0ca0c742-fc1e-4a75-9287-6104390dd74c |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+

6. Création de volumes

Création d'un volume logique de 1 Go qui pourra être attaché à une instance virtulelle ultérieurement. Cinder utilise LVM dans GNU/Linux. LVM gère les lecteurs de disques et autres périphériques de stockage de masse similaires. Le volume se rapporte à un lecteur de disque ou à une partition d'un lecteur de disque. Il a été écrit en 1998 par Heinz Mauelshagen, qui a basé sa conception sur celle du LVM en HP-UX. LVM peut être considéré comme une fine couche logicielle superposée entre les disques durs et les partitions, ce qui crée une abstraction de continuité et de facilité d'utilisation pour gérer le remplacement, le re-partitionnement et la sauvegarde du disque dur. Cinder crée le volume sur le nœud de calcul.

osbash@controller:~$ openstack volume create --size 1 1GB-vol
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| attachments         | []                                   |
| availability_zone   | nova                                 |
| bootable            | false                                |
| consistencygroup_id | None                                 |
| created_at          | 2019-03-02T21:22:44.116726           |
| description         | None                                 |
| encrypted           | False                                |
| id                  | 636110b5-9cf5-49cd-818a-92660148c247 |
| multiattach         | False                                |
| name                | 1GB-vol                              |
| properties          |                                      |
| replication_status  | None                                 |
| size                | 1                                    |
| snapshot_id         | None                                 |
| source_volid        | None                                 |
| status              | creating                             |
| type                | None                                 |
| updated_at          | None                                 |
| user_id             | 91e1392791a145f985ea1153e2b2525b     |
+---------------------+--------------------------------------+
osbash@controller:~$ openstack volume list
+--------------------------------------+---------+-----------+------+-------------+
| ID                                   | Name    | Status    | Size | Attached to |
+--------------------------------------+---------+-----------+------+-------------+
| 636110b5-9cf5-49cd-818a-92660148c247 | 1GB-vol | available |    1 |             |
+--------------------------------------+---------+-----------+------+-------------+

7. Examen sur le noeud de calcul

osbash@compute1:~$ . demo-openrc.sh
osbash@compute1:~$ lsblk
NAME                                                                   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda                                                                      8:0    0   9.8G  0 disk
|-sda1                                                                   8:1    0   8.8G  0 part /
|-sda2                                                                   8:2    0     1K  0 part
`-sda5                                                                   8:5    0   975M  0 part [SWAP]
sdb                                                                      8:16   0   125G  0 disk
|-cinder--volumes-cinder--volumes--pool_tmeta                          252:0    0   120M  0 lvm
| `-cinder--volumes-cinder--volumes--pool-tpool                        252:2    0 118.8G  0 lvm
|   |-cinder--volumes-cinder--volumes--pool                            252:3    0 118.8G  0 lvm
|   `-cinder--volumes-volume--636110b5--9cf5--49cd--818a--92660148c247 252:4    0     1G  0 lvm
`-cinder--volumes-cinder--volumes--pool_tdata                          252:1    0 118.8G  0 lvm
  `-cinder--volumes-cinder--volumes--pool-tpool                        252:2    0 118.8G  0 lvm
    |-cinder--volumes-cinder--volumes--pool                            252:3    0 118.8G  0 lvm
    `-cinder--volumes-volume--636110b5--9cf5--49cd--818a--92660148c247 252:4    0     1G  0 lvm
osbash@compute1:~$ sudo pvs
  PV         VG             Fmt  Attr PSize   PFree
  /dev/sdb   cinder-volumes lvm2 a--  125.00g 6.01g
osbash@compute1:~$ sudo vgs
  VG             #PV #LV #SN Attr   VSize   VFree
  cinder-volumes   1   2   0 wz--n- 125.00g 6.01g
osbash@compute1:~$ sudo lvs
  LV                                          VG             Attr       LSize   Pool                Origin Data%  Meta%  Move Log Cpy%Sync Convert
  cinder-volumes-pool                         cinder-volumes twi-aotz-- 118.75g                            0.00   10.42
  volume-636110b5-9cf5-49cd-818a-92660148c247 cinder-volumes Vwi-a-tz--   1.00g cinder-volumes-pool        0.00

8. Lancement d'une instance

Paramètres de création d'une instance

openstack server create --help
usage: openstack server create [-h] [-f {json,shell,table,value,yaml}]
                               [-c COLUMN] [--max-width <integer>]
                               [--fit-width] [--print-empty] [--noindent]
                               [--prefix PREFIX]
                               (--image <image> | --volume <volume>) --flavor
                               <flavor> [--security-group <security-group>]
                               [--key-name <key-name>]
                               [--property <key=value>]
                               [--file <dest-filename=source-filename>]
                               [--user-data <user-data>]
                               [--availability-zone <zone-name>]
                               [--block-device-mapping <dev-name=mapping>]
                               [--nic <net-id=net-uuid,v4-fixed-ip=ip-addr,v6-fixed-ip=ip-addr,port-id=port-uuid,auto,none>]
                               [--network <network>] [--port <port>]
                               [--hint <key=value>]
                               [--config-drive <config-drive-volume>|True]
                               [--min <count>] [--max <count>] [--wait]
                               <server-name>

Installation d'un parser JSON

Installation de jq qui est parser JSON.

osbash@controller:~$ sudo apt -y install jq

Choix de l'image

osbash@controller:~$ openstack image list -f json | jq .
[
  {
    "Status": "active",
    "ID": "9173ec36-6beb-4361-9446-021cf5dc8b9c",
    "Name": "cirros"
  }
]

On obtient une liste d'un seul élément avec une clé "Name".

osbash@controller:~$ openstack image list -f json | jq .[0].Name
"cirros"

Mise en variable :

L'option -r rend un affichage brut sans les guillemets des résultats.

image=$(openstack image list -f json | jq -r '.[].Name')

Choix d'un gabarit

osbash@controller:~$ openstack flavor list
+----+----------+------+------+-----------+-------+-----------+
| ID | Name     |  RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+----------+------+------+-----------+-------+-----------+
| 0  | m1.nano  |   64 |    1 |         0 |     1 | True      |
| 1  | m1.small | 2048 |    1 |         0 |     1 | True      |
+----+----------+------+------+-----------+-------+-----------+
osbash@controller:~$ openstack flavor list -f json
[
  {
    "Name": "m1.nano",
    "RAM": 64,
    "Ephemeral": 0,
    "VCPUs": 1,
    "Is Public": true,
    "Disk": 1,
    "ID": "0"
  },
  {
    "Name": "m1.small",
    "RAM": 2048,
    "Ephemeral": 0,
    "VCPUs": 1,
    "Is Public": true,
    "Disk": 1,
    "ID": "1"
  }
]
osbash@controller:~$ openstack flavor list -f json | jq .[].Name
"m1.nano"
"m1.small"
osbash@controller:~$ openstack flavor list -f json | jq .[0].Name
"m1.nano"

Mise en variable :

flavor=$(openstack flavor list -f json | jq -r '.[0].Name')

Choix d'un groupe de sécurité

osbash@controller:~$ openstack security group list -f json
[
  {
    "Project": "e7bb777bdfae4003939e5bffe920f0c9",
    "Description": "Default security group",
    "ID": "0ca0c742-fc1e-4a75-9287-6104390dd74c",
    "Name": "default"
  }
]
osbash@controller:~$ openstack security group list -f json | jq .[].Name
"default"

Mise en variable :

security_group=$(openstack security group list -f json | jq -r '.[0].Name')

Choix de la clé

osbash@controller:~$ openstack keypair list
+-------+-------------------------------------------------+
| Name  | Fingerprint                                     |
+-------+-------------------------------------------------+
| mykey | 58:8b:d1:1e:5d:64:c4:d9:62:64:e3:bb:f3:33:c4:4d |
+-------+-------------------------------------------------+
osbash@controller:~$ openstack keypair list -f json
[
  {
    "Name": "mykey",
    "Fingerprint": "58:8b:d1:1e:5d:64:c4:d9:62:64:e3:bb:f3:33:c4:4d"
  }
]
osbash@controller:~$ openstack keypair list -f json | jq .[0].Name
"mykey"
keypair=$(openstack keypair list -f json | jq -r '.[0].Name')

Choix de la carte réseau

osbash@controller:~$ openstack network list -f json
[
  {
    "Subnets": "2c38669a-1af1-498c-a049-ad58bc64ac21",
    "ID": "94eab2ca-a929-40c3-ba5b-3440ee0bfff0",
    "Name": "selfservice"
  },
  {
    "Subnets": "0d737ddd-1128-49cd-acae-78a73ac91503",
    "ID": "f3e4c1f9-0df6-4eb4-ac8b-6cc41ec21dbf",
    "Name": "provider"
  }
]
osbash@controller:~$ openstack network list -f json | jq .[1].ID
"f3e4c1f9-0df6-4eb4-ac8b-6cc41ec21dbf"
nic=$(openstack network list -f json | jq -r '.[1].ID')

Lancement de l'instance

osbash@controller:~$ openstack server create \
--image ${image} \
--flavor ${flavor} \
--security-group ${security_group} \
--key-name ${keypair} \
--nic net-id=${nic} \
cirrOS-test

+-----------------------------+-----------------------------------------------+
| Field                       | Value                                         |
+-----------------------------+-----------------------------------------------+
| OS-DCF:diskConfig           | MANUAL                                        |
| OS-EXT-AZ:availability_zone |                                               |
| OS-EXT-STS:power_state      | NOSTATE                                       |
| OS-EXT-STS:task_state       | scheduling                                    |
| OS-EXT-STS:vm_state         | building                                      |
| OS-SRV-USG:launched_at      | None                                          |
| OS-SRV-USG:terminated_at    | None                                          |
| accessIPv4                  |                                               |
| accessIPv6                  |                                               |
| addresses                   |                                               |
| adminPass                   | wYwPSY6AHZb3                                  |
| config_drive                |                                               |
| created                     | 2019-03-02T22:13:15Z                          |
| flavor                      | m1.nano (0)                                   |
| hostId                      |                                               |
| id                          | 9ccf55ec-f8cc-4bb1-834c-3b957e168f06          |
| image                       | cirros (9173ec36-6beb-4361-9446-021cf5dc8b9c) |
| key_name                    | mykey                                         |
| name                        | cirrOS-test                                   |
| progress                    | 0                                             |
| project_id                  | e7bb777bdfae4003939e5bffe920f0c9              |
| properties                  |                                               |
| security_groups             | name='0ca0c742-fc1e-4a75-9287-6104390dd74c'   |
| status                      | BUILD                                         |
| updated                     | 2019-03-02T22:13:15Z                          |
| user_id                     | 91e1392791a145f985ea1153e2b2525b              |
| volumes_attached            |                                               |
+-----------------------------+-----------------------------------------------+

Vérification

osbash@controller:~$ openstack server list -f json
[
  {
    "Status": "ACTIVE",
    "Name": "cirrOS-test",
    "Image": "cirros",
    "ID": "9ccf55ec-f8cc-4bb1-834c-3b957e168f06",
    "Flavor": "m1.nano",
    "Networks": "provider=203.0.113.121"
  }
]

9. Attachement d'un volume

osbash@controller:~$ openstack server add volume cirrOS-test 1GB-vol
osbash@controller:~$ openstack volume list -f json
[
  {
    "Status": "in-use",
    "Size": 1,
    "Attached to": "Attached to cirrOS-test on /dev/vdb ",
    "ID": "636110b5-9cf5-49cd-818a-92660148c247",
    "Name": "1GB-vol"
  }
]

10. Vérification de l'instance

osbash@controller:~$ openstack server show cirrOS-test -f json
{
  "OS-EXT-STS:task_state": null,
  "addresses": "provider=203.0.113.121",
  "image": "cirros (9173ec36-6beb-4361-9446-021cf5dc8b9c)",
  "OS-EXT-STS:vm_state": "active",
  "OS-SRV-USG:launched_at": "2019-03-02T22:13:47.000000",
  "flavor": "m1.nano (0)",
  "id": "9ccf55ec-f8cc-4bb1-834c-3b957e168f06",
  "security_groups": "name='default'",
  "volumes_attached": "id='636110b5-9cf5-49cd-818a-92660148c247'",
  "user_id": "91e1392791a145f985ea1153e2b2525b",
  "OS-DCF:diskConfig": "MANUAL",
  "accessIPv4": "",
  "accessIPv6": "",
  "progress": 0,
  "OS-EXT-STS:power_state": "Running",
  "project_id": "e7bb777bdfae4003939e5bffe920f0c9",
  "config_drive": "",
  "status": "ACTIVE",
  "updated": "2019-03-02T22:16:52Z",
  "hostId": "0b228ea4458089276726331a8ac84dcd5a46d92f04466bd572f60e6b",
  "OS-SRV-USG:terminated_at": null,
  "key_name": "mykey",
  "properties": "",
  "OS-EXT-AZ:availability_zone": "nova",
  "name": "cirrOS-test",
  "created": "2019-03-02T22:13:15Z"
}

11. Connexion VNC à l'instance

osbash@controller:~$ openstack console url show cirrOS-test
+-------+--------------------------------------------------------------------------------+
| Field | Value                                                                          |
+-------+--------------------------------------------------------------------------------+
| type  | novnc                                                                          |
| url   | http://10.0.0.11:6080/vnc_auto.html?token=4c87923d-64ae-4e96-b1e6-a3386b34c244 |
+-------+--------------------------------------------------------------------------------+

Du terminal local vers le controlleur :

ssh -L 6080:127.0.0.1:6080 -p 2230 osbash@127.0.0.1
Connexion NoVNC
Figure 47 : Connexion NoVNC

12. Connexion ssh depuis l'hôte

stack@stacktrain1:~$ scp -P 2230 osbash@127.0.0.1:/home/osbash/mykey.pem ./
stack@stacktrain1:~$ ssh -i ./mykey.pem cirros@203.0.113.121
The authenticity of host 203.0.113.121 (203.0.113.121) can t be established.
RSA key fingerprint is SHA256:I4NN5hFSDu5QtkrxlzINl64YT7TKT1fzmsJthO+8BwQ.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '203.0.113.121' (RSA) to the list of known hosts.
$ cat /etc/os-release
NAME=Buildroot
VERSION=2012.05-dirty
ID=buildroot
VERSION_ID=2012.05
PRETTY_NAME="Buildroot 2012.05"
$ ping www.google.com
PING www.google.com (216.58.215.36): 56 data bytes
64 bytes from 216.58.215.36: seq=0 ttl=54 time=15.036 ms
64 bytes from 216.58.215.36: seq=1 ttl=54 time=4.487 ms
^C
--- www.google.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 4.487/9.761/15.036 ms
$ curl ipinfo.io
{
  "ip": "51.15.xxx.yyy",
  "hostname": "yyy-xxx-15-51.rev.cloud.scaleway.com",
  "city": "",
  "region": "",
  "country": "FR",
  "loc": "48.8582,2.3387",
  "org": "AS12876 ONLINE S.A.S."
}

13. Hyperviseur KVM sur le noeud de calcul Compute1

osbash@compute1:~$ virsh list
 Id    Name                           State
----------------------------------------------------
 1     instance-00000001              running

osbash@compute1:~$ virsh dumpxml instance-00000001 | head
<domain type='qemu' id='1'>
  <name>instance-00000001</name>
  <uuid>9ccf55ec-f8cc-4bb1-834c-3b957e168f06</uuid>
  <metadata>
    <nova:instance xmlns:nova="http://openstack.org/xmlns/libvirt/nova/1.0">
      <nova:package version="16.1.6"/>
      <nova:name>cirrOS-test</nova:name>
      <nova:creationTime>2019-03-02 22:13:30</nova:creationTime>
      <nova:flavor name="m1.nano">
        <nova:memory>64</nova:memory>
osbash@compute1:~$ virsh dominfo instance-00000001
Id:             1
Name:           instance-00000001
UUID:           9ccf55ec-f8cc-4bb1-834c-3b957e168f06
OS Type:        hvm
State:          running
CPU(s):         1
CPU time:       202.4s
Max memory:     65536 KiB
Used memory:    65536 KiB
Persistent:     yes
Autostart:      disable
Managed save:   no
Security model: apparmor
Security DOI:   0
Security label: libvirt-9ccf55ec-f8cc-4bb1-834c-3b957e168f06 (enforcing)
osbash@compute1:~$ virsh domstats instance-00000001
Domain: 'instance-00000001'
  state.state=1
  state.reason=5
  cpu.time=203111576034
  cpu.user=77630000000
  cpu.system=14160000000
  balloon.current=65536
  balloon.maximum=65536
  balloon.last-update=0
  balloon.rss=139272
  vcpu.current=1
  vcpu.maximum=1
  net.count=1
  net.0.name=tap5074417b-49
  net.0.rx.bytes=39158
  net.0.rx.pkts=375
  net.0.rx.errs=0
  net.0.rx.drop=0
  net.0.tx.bytes=32929
  net.0.tx.pkts=299
  net.0.tx.errs=0
  net.0.tx.drop=0
  block.count=2
  block.0.name=vda
  block.0.path=/var/lib/nova/instances/9ccf55ec-f8cc-4bb1-834c-3b957e168f06/disk
  block.0.rd.reqs=920
  block.0.rd.bytes=20618240
  block.0.rd.times=594494203
  block.0.wr.reqs=233
  block.0.wr.bytes=608256
  block.0.wr.times=765119440
  block.0.fl.reqs=68
  block.0.fl.times=248018561
  block.0.allocation=2621440
  block.0.capacity=1073741824
  block.0.physical=2564096
  block.1.name=vdb
  block.1.path=/dev/sdc
  block.1.rd.reqs=3
  block.1.rd.bytes=12288
  block.1.rd.times=2494614
  block.1.wr.reqs=0
  block.1.wr.bytes=0
  block.1.wr.times=0
  block.1.fl.reqs=0
  block.1.fl.times=0
  block.1.allocation=0
  block.1.capacity=1073741824
  block.1.physical=1073741824

14. Configuration du nouveau volume dans l'instance

Attachement du volume à l'instance :

osbash@controller:~$ openstack server add volume test1 1GB-vol

Vérification des volumes :

osbash@controller:~$ openstack volume list -f json
[
  {
    "Status": "in-use",
    "Size": 1,
    "Attached to": "Attached to test1 on /dev/vdb ",
    "ID": "bfb4efb7-eeea-452c-9640-7da0b13016cb",
    "Name": "1GB-vol"
  }
]

15. Mise en script de l'exercice

Première proposition

#!/bin/bash
. admin-openrc.sh
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
openstack flavor create --id 1 --vcpus 1 --ram 2048 --disk 1 m1.small
. demo-openrc.sh
#!/bin/bash
openstack keypair create mykey > mykey.pem
chmod 600 mykey.pem
openstack security group rule create --proto icmp default
openstack security group rule create --proto tcp --dst-port 22 default
openstack volume create --size 1 1GB-vol
image=$(openstack image list -f json | jq -r '.[].Name')
flavor=$(openstack flavor list -f json | jq -r '.[0].Name')
security_group=$(openstack security group list -f json | jq -r '.[0].Name')
keypair=$(openstack keypair list -f json | jq -r '.[0].Name')
nic=$(openstack network list -f json | jq -r '.[1].ID')
openstack server create \
  --image ${image} \
  --flavor ${flavor} \
  --security-group ${security_group} \
  --key-name ${keypair} \
  --nic net-id=${nic} \
  test1

Seconde proposition

cat <<'EOM' > ~/instance_launch.sh
#!/bin/bash

KEYNAME='mykey-test'
VOLNAME='1GB-vol-test'
FLAVOUR='m1.nano'
IMAGE='cirros'
SSH_HOSTS_FILE='/home/osbash/.ssh/id_rsa'
INSTANCE="$IMAGE-test"

set_admin_vars () {
echo; echo "Setting admin-openrc variables"
export OS_USERNAME=admin
export OS_PASSWORD=admin_user_secret
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://10.0.0.11:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
}

create_flavor () {
echo; echo "Creating flavour $FLAVOUR"
if grep -qvw "$FLAVOUR" <<< $(openstack flavor list -f value | awk '{print $2}') ; then
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 $FLAVOUR
else echo "The flavor exists already" ; fi
}

set_demo_vars () {
echo; echo "Setting demo-openrc variables"
export OS_USERNAME=demo
export OS_PASSWORD=demo_user_pass
export OS_PROJECT_NAME=demo
export OS_AUTH_URL=http://10.0.0.11:5000/v3
}

create_keypair () {
echo; echo "Creating keypair $KEYNAME and ~/$KEYNAME.pem file"
if [ ! -e "$SSH_HOSTS_FILE" ]; then
touch $SSH_HOSTS_FILE
openstack keypair create --public-key $SSH_HOSTS_FILE $KEYNAME > ~/$KEYNAME.pem
echo; echo "Restricting ~/$KEYNAME.pem access rights"
chmod 600 ~/$KEYNAME.pem
else echo "The key pair exists already" ; fi
}

set_security_group () {
echo; echo "Adding port 22 (SSH) and ICMP to default security group"
if grep -qvw 'tcp 0.0.0.0/0 22:22' <<< $(openstack security group rule list default -f value) ; then
openstack security group rule create --proto tcp --dst-port 22 default
else echo "The SSH rule exists already" ; fi
if grep -qvw 'icmp 0.0.0.0/0' <<< $(openstack security group rule list default -f value) ; then
openstack security group rule create --proto icmp default
else echo "The ICMP rule exists already" ; fi
}

get_nic_uuid () {
NIC=$(openstack network list | grep provider | awk '{print $2}')
echo; echo "Extracting provider network UUID: $NIC"
}

launch_instance () {
echo; echo "Creating and launching instance $INSTANCE with:"
echo -e "\n\tFlavour: $FLAVOUR"
echo -e "\tImage: $IMAGE"
echo -e "\tNetwork UUID=$NIC"
echo -e "\tSecurity group: default"
echo -e "\tKey name: $KEYNAME\n"

openstack server create \
--flavor $FLAVOUR \
--image $IMAGE \
--nic net-id=$NIC \
--security-group default \
--key-name $KEYNAME \
$INSTANCE
}

waiting_active () {
echo -e "\nWaiting for instance $INSTANCE to become ACTIVE\n"
while [ "$(openstack server list | grep $INSTANCE | awk '{print $6}')" != 'ACTIVE' ]; do
printf ". "
sleep 2
done
}

final_message () {
echo; echo "Creating volume $VOLNAME"
openstack volume create --size 1 $VOLNAME
echo; echo "Adding volume $VOLNAME to VM instance $INSTANCE"
openstack server add volume $INSTANCE $VOLNAME
openstack volume list
echo; echo
}

set_admin_vars
create_flavor
set_demo_vars
create_keypair
set_security_group
get_nic_uuid
launch_instance
waiting_active
final_message
#END
EOM

Livre de jeux Ansibe

- name: "OpenStack Instances auto-deploy"
  hosts: localhost
  gather_facts: True
  tasks:
    - name: "get network provider id"
      shell: "openstack network list -f json | jq -r '.[1].ID'"
      register: netid
      tags: test
    - name: "debug"
      debug:
        msg: "{{netid.stdout}}"
      tags: test
    - name: "create a keypair"
      os_keypair:
        name: mykey
        state: present
    - name: "Create a server"
      os_server:
#        auth:
#         auth_url: http://10.0.0.11:5000/v3
#         username: demo
#         password: demo_user_pass
#         project_name: demo
        state: present
        name: test3
        image: cirros
        key_name: mykey
        timeout: 200
        flavor: m1.nano
        security_groups: default
        nics:
          - net-name: provider
#          - net_id: "{{netid.stdout}}"
#          - net_id: "da3a10cf-144b-4ea3-b2e3-4085eca4bfff"