This tutorial introduces the OpenStack « Command Line Interface » (or CLI) at LAL.
You can access OpenStack@LAL by using:
- Horizon dashboard
- Slipstream@LAL
- OpenStack command line interface
In this tutorial, you will learn to use the CLI to create a new virtual machine (VM), to connect to that machine using SSH and to create a cinder volume and attach it to a VM.
Table of contents
- For the impatients
- Register
- Client installation
- Insert your public key
- Your first virtual machine
- Volume management
- Destroy your VM
Lecture notes
Command to run are displayed in a box, and « courrier » font.
Command to run on your own workstation are prefixes with « user@cli # ». Here is an example of a command to execute on your own workstation:
user@cli # echo "blah" blah
Command to be run inside your running VM are prefixed with « cloud-user@vm # ». Here is an example of a command to execute inside your running VM:
cloud-user@vm # echo "blah" blah
For the impatients
The impatients can take a tour on our Stacktile tutorial.
Register
You can find all necessary registration informations in the article « registration ».
This article may also help to reset your password, if lost.
Client installation
The OpenStack command line client is written in Python language.You can find all necessary informations on the OpenStack offical installation page.
The client configuration is done through environment variables. You will find all necessary informations in the « client configuration » article.
As soon as you have configured you CLI, you can test it with the following command:
user@cli # openstack token issue +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | expires | 2016-06-25T10:35:07.571937Z | | id | c5cd50223f4b4913b78c1955c6af4fac | | project_id | 1b693dd6ab914fc0b5398f96e7866dd2 | | user_id | f1e4d8ddde8847ba8d86df5831048f1b | +------------+----------------------------------+
Insert your public key
To connect to your running VM using SSH, you must import your SSH public key into your OpenStack account. If you don’t have an SSH key, you must create one using the openstack tool.
You should use a key name, which is free; you can provide any text. You will refer to your key by its name at VM instantiation.
If you already have an SSH key
You can use the following command to insert your public key, named « my-ssh-key »:
user@cli # openstack keypair create --public-key $HOME/.ssh/id_rsa.pub my-ssh-key +-------------+-------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------+ | fingerprint | aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:kk:ll:mm:nn:oo:pp | | name | my-ssh-key | | user_id | f1e4d8ddde8847ba8d86df5831048f1b | +-------------+-------------------------------------------------+
If you don’t have an SSH key
You can create a new SSH key using the following command. This command will name you key as « my-ssh-key ». This command stores the public key in the OpenStack server and writes the private key in a local file:
user@cli # mkdir -p $HOME/.ssh/ && \ openstack keypair create my-ssh-key > $HOME/.ssh/id_rsa && \ chmod 600 $HOME/.ssh/id_rsa
First virtual machine
A virtual machine (VM) is defined by several parameters:
- the boot image contains the Operating System (or OS)
- the flavor defines VM parameters: amount of vCPU, amount of memory (RAM), size of system disk. You will note that the system disk size must be greater or equal to the boot image size.
Available images
Usable images are stored in an image catalog named Glance. You can access to glance using the glance command line tool.
You can list public images, using the following command:
user@cli # glance image-list --visibility public +--------------------------------------+-------------------------------+ | ID | Name | +--------------------------------------+-------------------------------+ | 35615723-1549-4d9c-b760-666e19b9ba1f | centos-6.x-x86_64-20160124 | | e4325c96-547b-492f-8810-db4451d451a8 | centos-7.x-x86_64-20160123 | | f3c8a9d8-624f-4676-aef0-b3980a190650 | cernvm3.5-20160308 | | 5c310f1c-4843-4c32-85e7-ca30a5e5b816 | cirros | | cd17e1af-b070-486f-a948-9ec2e91a0a5f | CoreOS-20160503 | | 0ad945a2-88a1-40f8-9c3c-576232fee973 | debian-jessie-x86_64-20160202 | | e7f6c150-e89f-4329-8a36-b70b914a2765 | FG_CentOs | | 4d3025fd-e4cc-424a-acfa-be78e2ab1967 | sl6.5-20160613 | | 1a39d911-49ed-4d40-8c21-952a0b469e68 | sl67-cloud-20160330 | | 8d2e2006-6319-4136-b2f2-43b052323e72 | ubuntu14.04 | +--------------------------------------+-------------------------------+
On this tutorial, you will use the cirros image.
Flavor
To instanciate a new VM, you must choose a flavor.
LAL proposes different flavors, from 1 to 48 vCPUs with 2Gb (giga bytes) of memory (RAM) per vCPU and a 20Gb system disk. Attention ! Depending on the platform usage rate, some flavor may not always be available.
You can list available flavors, using the following command:
user@cli # nova flavor-list +--------------------------------------+-------------+-----------+------+-----------+------+-------+-------------+-----------+ | ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public | +--------------------------------------+-------------+-----------+------+-----------+------+-------+-------------+-----------+ ... | 24dca8ab-31d0-4f95-92e8-72737872c772 | os.10 | 20480 | 20 | 0 | | 10 | 1.0 | True | | 26dfc194-bee0-4ed7-9385-040100b2fc6e | os.28 | 57344 | 20 | 0 | | 28 | 1.0 | True | | 2c6cdcc2-f224-448b-be37-ad5648654fc0 | os.20 | 40960 | 20 | 0 | | 20 | 1.0 | True | | 48ef495d-7129-452f-b088-2542772661ef | os.7 | 14336 | 20 | 0 | | 7 | 1.0 | True | | 4938abfa-6964-445d-b813-de6b75c24c47 | m1.small | 2048 | 15 | 0 | | 1 | 1.0 | True | | 4aaf25b0-48e2-4c0e-bb97-9bae2e39555f | os.1 | 2048 | 20 | 0 | | 1 | 1.0 | True | ... +--------------------------------------+-------------+-----------+------+-----------+------+-------+-------------+-----------+
In this tutorial, you will use the os.1 flavor defining these characteristics: 1 vCPU; 2 Gb RAM; 20Gb system disk.
Instatiating a new VM
You can instanciate (aka start) a new VM using the « nova » tool. You will pay attention to use your SSH key name, as defined in « public key » chapter.
user@cli # nova boot --flavor os.1 --image cirros --key-name my-ssh-key mysupervm
+--------------------------------------+-----------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | - |
| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
| OS-EXT-SRV-ATTR:instance_name | instance-00000cbb |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | DrZJCeBE5b6U |
| config_drive | |
| created | 2016-06-25T10:01:15Z |
| flavor | os.1 (4aaf25b0-48e2-4c0e-bb97-9bae2e39555f) |
| hostId | |
| id | 99f42bd2-8372-4228-9c74-47e21e26f5a1 |
| image | cirros (5c310f1c-4843-4c32-85e7-ca30a5e5b816) |
| key_name | my-ssh-key |
| metadata | {} |
| name | mysupervm |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | 1b693dd6ab914fc0b5398f96e7866dd2 |
| updated | 2016-06-25T10:01:15Z |
| user_id | f1e4d8ddde8847ba8d86df5831048f1b |
+--------------------------------------+-----------------------------------------------+
You can follow the boot process using the following command:
user@cli # nova list +--------------------------------------+-----------------+--------+------------+-------------+-----------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+-----------------+--------+------------+-------------+-----------------------+ | 99f42bd2-8372-4228-9c74-47e21e26f5a1 | masupervm | ACTIVE | - | Running | public=134.158.75.118 | +--------------------------------------+-----------------+--------+------------+-------------+-----------------------+
In this example, the VM has the following IP address: 134.158.75.118.
Connect to your VM
You can connect to your running VM, using your SSH key as defined in « public key » chapter.
Attention: by default, you can’t connect to your running VM using the root account. If you try to connect as root, you will see a message indicating what account to use to connect to your running VM.
user@cli # ssh root@134.158.75.118 Warning: Permanently added '134.158.75.118' (RSA) to the list of known hosts. sh: /usr/bin/xauth: not found Please login as 'cirros' user, not as root Connection to 134.158.75.118 closed. user@cli# ssh cirros@134.158.75.118 coud-user@vm # hostname mysupervm
Connection error
With your first VM, connection just be just fine.
But as time passes, you may instantiate several different VM. If you do not specifically configure the network, the middleware does its best to provide network connectivity and may reuse a given IP address for different intances. Hence you may encounter the following SSH error message:
user@cli # ssh cirros@134.158.75.118 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:v0hDGZG1AxJGeby3t32L7AFomMuWC78So+AbAbVuHxc. Please contact your system administrator. Add correct host key in $HOME/.ssh/known_hosts to get rid of this message. Offending RSA key in $HOME/.ssh/known_hosts:259 RSA host key for 134.158.75.112 has changed and you have requested strict checking. Host key verification failed.
This error is usually a serious security one. But you work in the cloud and you know network implications, that a given IP address may be used for different purposes, among others. Hence you can safely remove the given line (here line 259) from $HOME/.ssh/known_hosts, on your workstation and try again.
Volume management
OpenStack provides a « Block Storage as a Service » service. This service permits to create volume on demand which lifecycle is indedendant of VM lifecycles. This volume can be attached to running VM on the fly. VM instances use these volumes as external hard drives.
You can manage your volumes usign the cinder tool.
Create a volume
To create a new volume, you can use the following command:
user@cli# cinder create --name volume-$USER 5
+---------------------------------------+--------------------------------------+
| Property | Value |
+---------------------------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2016-06-25T10:13:27.000000 |
| description | None |
| encrypted | False |
| id | 69debc26-1c20-4cd3-91c0-930589263a8b |
| metadata | {} |
| migration_status | None |
| multiattach | False |
| name | volume-xxx |
| os-vol-host-attr:host | os-77250.lal.in2p3.fr@rbd#RBD |
| os-vol-mig-status-attr:migstat | None |
| os-vol-mig-status-attr:name_id | None |
| os-vol-tenant-attr:tenant_id | 1b693dd6ab914fc0b5398f96e7866dd2 |
| os-volume-replication:driver_data | None |
| os-volume-replication:extended_status | None |
| replication_status | disabled |
| size | 5 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| user_id | f1e4d8ddde8847ba8d86df5831048f1b |
| volume_type | None |
+---------------------------------------+--------------------------------------+
Attach a volume
To attach this volume (69debc26-1c20-4cd3-91c0-930589263a8b) to your running VM named « mysupervm », you can use the following command:
user@cli# nova volume-attach masupervm 69debc26-1c20-4cd3-91c0-930589263a8b auto +----------+--------------------------------------+ | Property | Value | +----------+--------------------------------------+ | device | /dev/vdb | | id | 69debc26-1c20-4cd3-91c0-930589263a8b | | serverId | 6f5e53c3-6797-46a9-a39c-4c37b2c6cb97 | | volumeId | 69debc26-1c20-4cd3-91c0-930589263a8b | +----------+--------------------------------------+
This volumes is attached to /dev/vdb :
user@cli# ssh cirros@134.158.75.118 cloud-user@vm # sudo su - cloud-user@vm # fdisk -l /dev/vdb Disk /dev/vdb: 5368 MB, 5368709120 bytes 16 heads, 63 sectors/track, 10402 cylinders, total 10485760 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000 Disk /dev/vdb doesn't contain a valid partition table
This volume can be used as any external storage space (har drive, USB key etc.)
Dettach a volume
To « dettach » a volume, you can use the following command:
user@cli# nova volume-detach masupervm 69debc26-1c20-4cd3-91c0-930589263a8bDestroy a volume
As soon as a volume has be successfully dettach from any running VM, you can destroy it using the following command:
user@cli# cinder delete 69debc26-1c20-4cd3-91c0-930589263a8bNote: it is possible to automatically attach a volume at VM instanciation. This is out of scope of this tutorial.
Destroy your VM
To destroy you VM, you can use the following command:
user@cli# nova delete masupervm Request to delete server image-xxx has been accepted.