Getting started with IBM Cloud

Manager with OpenStack 4.2 "Next"

ii

Getting started with IBM Cloud Manager with OpenStack 4.2 "Next"

Contents
Overview of IBM Cloud Manager with
OpenStack version 4.2 "Next" . . . . . 1
IBM Cloud Manager - Deployer . . . . . .
Planning for IBM Cloud Manager - Deployer
Installing IBM Cloud Manager - Deployer .
Uninstalling IBM Cloud Manager - Deployer
IBM Cloud Manager - Deployer service
commands . . . . . . . . . . . .
Using IBM Cloud Manager - Deployer. . .
Hybrid cloud . . . . . . . . . . . .
Planning for a hybrid environment . . . .

.
.
.
.

.
.
.
.

1
2
2
3

.
.
.
.

.
.
.
.

3
3
4
5

Prerequisites and limitations for a hybrid

environment . . . . . . . . . . . . . 7
Contacting IBM Cloud OpenStack Services to set
up a hybrid environment . . . . . . . . . 8
Installing IBM Cloud Manager with OpenStack . . 9
Setting up the VPN connection for a hybrid
environment . . . . . . . . . . . . . 9
Deploying an on-premises cloud environment . . 12
Installing and configuring IBM UrbanCode
Deploy and IBM UrbanCode Deploy with
Patterns . . . . . . . . . . . . . . 15

iii

iv

Getting started with IBM Cloud Manager with OpenStack 4.2 "Next"

Overview of IBM Cloud Manager with OpenStack version 4.2

"Next"
This beta, IBM Cloud Manager with OpenStack version 4.2 "Next", includes two
new capabilities for IBM Cloud Manager with OpenStack version 4.2.
Try either one of these new features, or use both features together to create a
hybrid cloud:
Feature #1: IBM Cloud Manager - Deployer
IBM Cloud Manager - Deployer is a new graphical user interface that you
use to deploy your private clouds. For details, see IBM Cloud Manager Deployer.
Feature #2: Hybrid cloud
The ability to create a hybrid cloud with IBM Cloud OpenStack Services.
The hybrid cloud consists of an off-premises region that is created by IBM
Cloud OpenStack Services at your request, and an on-premises region that
you create. For information about contacting IBM Cloud OpenStack
Services to enable a hybrid cloud environment, see Contacting IBM Cloud
OpenStack Services to set up a hybrid environment on page 8. For
information about the hybrid cloud, see Hybrid cloud.
Optionally use the new IBM Cloud Manager - Deployer user interface to
deploy your on-premises cloud. For details, see IBM Cloud Manager Deployer.
After you create your hybrid cloud, you can optionally download and
install IBM UrbanCode Deploy with Patterns to bring DevOps to your
cloud environment. For more information, see Installing and configuring
IBM UrbanCode Deploy and IBM UrbanCode Deploy with Patterns on
page 15.
Note: For technical support for the hybrid cloud, contact IBM Cloud OpenStack
Services Support. For other technical support, log your questions in the IBM Cloud
Manager with OpenStack Technical Forum. In the title of your forum entry, specify
the beta component to which your question pertains.
For more information about IBM Cloud Manager with OpenStack version 4.2, see
IBM Cloud Manager with OpenStack 4.2.0 product documentation in IBM
Knowledge Center.

IBM Cloud Manager - Deployer

Use a new graphical user interface to simplify the process of deploying your
private clouds.
A new browser-based graphical user interface, IBM Cloud Manager - Deployer,
guides you through the process of deploying your private clouds. After your cloud
is deployed, you can easily add or remove compute node resources.
You can use IBM Cloud Manager - Deployer to deploy the following topologies:
v IBM Cloud Manager with OpenStack minimal and controller +n compute
v IBM Cloud OpenStack Services hybrid topologies

After you deploy the cloud, you can use IBM Cloud Manager - Deployer for the
following tasks:
v Check status on deployed clouds.
v Monitor progress of clouds that are being deployed.
v Grow and shrink the cloud by adding and removing compute nodes.

Planning for IBM Cloud Manager - Deployer

Review the following information to ensure that you understand the prerequisites
and limitations for IBM Cloud Manager - Deployer.
Prerequisites
Before you install IBM Cloud Manager - Deployer, you must install IBM Cloud
Manager with OpenStack 4.2 and fix pack 4.2.0.1. For detailed information, see
Installing IBM Cloud Manager with OpenStack on page 9.
Limitations
v Only x86 Linux Kernel-based Virtual Machine (KVM) and QEMU compute
nodes are supported.
v You can use IBM Cloud Manager - Deployer only to manage clouds that were
deployed through IBM Cloud Manager - Deployer.
v All compute nodes must use the same set of node attributes. Setting different
node attributes for specific compute nodes is not supported.
v Uploading identity files is not supported. If you want the deploy process to use
identity files for communication with the cloud nodes, the identity files must
exist on the deployment server.
v Error messages that are associated with a deployed cloud persist even after the
cloud is deleted. You must manually delete the error messages from the user
interface or clear your local storage.
v IBM Cloud Manager - Deployer leverages the command-line interface
capabilities in IBM Cloud Manager - Deployer. Therefore, IBM Cloud Manager Deployer inherits the same functions and limitations as the CLI. For more
information, see Commands.

Installing IBM Cloud Manager - Deployer

You can install IBM Cloud Manager - Deployer, which you can use to deploy a
cloud.

About this task

To install IBM Cloud Manager - Deployer, complete the following steps:

Procedure
1. Download the IBM Cloud Manager - Deployer beta package from IBM Cloud
Manager with OpenStack.
2. Extract the contents of the IBM Cloud Manager - Deployer beta package.
tar -zxvf icm-4.2.beta-deployment-manager-ui.tar.gz

3. Install IBM Cloud Manager - Deployer.

icm-4.2.beta/icm-4.2.beta_install -P root_password

where root_password is the root password of the installation system (deployment

system).

Getting started with IBM Cloud Manager with OpenStack 4.2 "Next"

What to do next
When the installation completes, you are ready to start to use IBM Cloud Manager
- Deployer to deploy your cloud. For more information, see Using IBM Cloud
Manager - Deployer.

Uninstalling IBM Cloud Manager - Deployer

You can uninstall IBM Cloud Manager - Deployer.

About this task

To uninstall IBM Cloud Manager - Deployer, complete the following steps:

Procedure
1. Stop the IBM Cloud Manager - Deployer service.
service icm-deployer stop

2. Uninstall IBM Cloud Manager - Deployer.

yum -y erase icm-deployer-client
yum -y erase icm-deployer

IBM Cloud Manager - Deployer service commands

Use service commands to start, stop, and check the status of IBM Cloud Manager Deployer.
Refer to the following commands and their descriptions.
Table 1. Commands and descriptions
Command

Description

service icm-deployer status

Used to check the status of the IBM Cloud

Manager - Deployer service.

service icm-deployer start

Used to start the IBM Cloud Manager Deployer service.

service icm-deployer stop

Used to stop the IBM Cloud Manager Deployer service.

Using IBM Cloud Manager - Deployer

Now that you installed IBM Cloud Manager - Deployer, you are ready to start
using it.

About this task

To connect to IBM Cloud Manager - Deployer and use it to deploy a cloud,
complete the following steps:
Note: If you plan to create an on-premises region to work with a hybrid cloud,
ensure that you contact IBM Cloud OpenStack Services before you deploy your
cloud. For more information, see Contacting IBM Cloud OpenStack Services to set
up a hybrid environment on page 8.

Overview

Procedure
1. Use a browser to connect to IBM Cloud Manager - Deployer available at
https://fqdn.com:8443/, where fqdn.com is the fully qualified domain name of
the deployment system. IBM Cloud Manager - Deployer is displayed.
2. To deploy a cloud, click Create New Cloud. IBM Cloud Manager - Deployer
guides you through the deployment process.

Results
After you deploy your cloud, you can use IBM Cloud Manager - Deployer for the
following tasks:
v Check status on deployed clouds.
v Monitor progress of clouds that are being deployed.
v Grow and shrink the cloud by adding and removing compute nodes.

Hybrid cloud
One of the new features in IBM Cloud Manager with OpenStack version 4.2 "Next"
is the ability to create a hybrid cloud with IBM Cloud OpenStack Services. The
hybrid cloud consists of an off-premises region that is created by IBM Cloud
OpenStack Services at your request, and an on-premises region that you create.
Optionally use the new IBM Cloud Manager - Deployer user interface to deploy
your on-premises cloud.
To deploy a hybrid cloud, you need to first contact Eric Schultz (email address:
schultzy@us.ibm.com) at IBM Cloud OpenStack Services. In this environment, IBM
Cloud Manager with OpenStack runs in your on-premises data center and is
integrated with your IBM Cloud OpenStack Services cloud. These two regions
share a common Keystone that runs in IBM Cloud OpenStack Services.
After your hybrid cloud is configured, you can manage and deploy virtual
machine instances to both regions by using your on-premises dashboard. Virtual
machine instances that are created in the on-premises and off-premises regions can
communicate with each other. Since Keystone is shared, you need to manage only
one set of users for both regions.
This image shows the hybrid environment. Only x86 Linux Kernel-based Virtual
Machine (KVM) or QEMU machines are supported for this beta. You need to have
a minimum of three x86 RHEL 6.5 machines. One machine is the deployment
server where IBM Cloud Manager with OpenStack 4.2 is installed. One machine is
used as the OpenStack controller and the other machine is used as a compute node
where your virtual machine instances run. You can have up to 20 compute nodes.
For more information about the minimum hardware requirements, see Planning for
IBM Cloud Manager with OpenStack.

Getting started with IBM Cloud Manager with OpenStack 4.2 "Next"

Off-Premises
(IBM Cloud OpenStack Services)

On-Premises

Region One - created by

IBM Cloud OpenStack Services
Controller*
Keystone

Deployment Server
IBM Cloud Manager
with OpenStack 4.2
(Chef, deployment CLI,
and cookbooks)

Deployment UI

Compute
IBM Cloud
OpenStack Services
Virtual Machine

Region Two - created by user through IBM Cloud

Manager with OpenStack
Controller*
L3 Router
Horizon
Dashboard
Virtual Machine
DHCP Server

Compute
IBM Cloud Manager
with OpenStack
Virtual Machine

Internet
Customer Gateway

On-Premises Gateway

Resource that resides on a particular environment

Management network
VM-to-VM connectivity

*In addition to the services shown in the diagram, the controller also runs the other OpenStack services for the
region, such as Nova, Neutron, image (Glance), block storage (Cinder), Ceilometer, and orchestration (Heat)

liaca514-00

IPSec site-to-site VPN Tunnel

Note: The management and VM networks go through this tunnel

Planning for a hybrid environment

Review the following information to ensure that you understand the prerequisites,
limitations, and steps required to create a hybrid cloud environment.
This image shows an overview of the process for creating a hybrid environment.
After you review the image, use the worksheet to plan and create your hybrid

Overview

environment.
Participate in Hybrid Beta
Contact IBM Cloud
OpenStack Services to
begin hybrid onboarding
Eric Schultz at
schultzy@us.ibm.com

IBM Cloud Open

Stack Services deploys
an off-premises cloud
environment
(Region One)

IBM Cloud Manager with

OpenStack 4.2 Next On-Premises
Install IBM Cloud Manager
with OpenStack 4.2

Install IBM Cloud Manager

with OpenStack fix pack 4.2.0.1

Install IBM Cloud Manager Deployer with OpenStack

4.2 Next (optional)

Establish a site-to-site VPN connection

between the regions (with guidance from
IBM Cloud OpenStack Services)

Deploy an on-premises cloud environment

(Region Two)

Activities that can be done in parallel

Task done by customer
Task done by IBM Cloud OpenStack Services

liaca515-01

Congratulations! You have a hybrid cloud!

Use this worksheet to plan and create your hybrid environment:

Table 2. Planning
Tasks

___ 1.

Reading the Prerequisites and limitations for a hybrid environment on page 7.

___ 2.

Contacting IBM Cloud OpenStack Services to set up a hybrid environment on page 8

___ 3.

.Installing IBM Cloud Manager with OpenStack on page 9

___ 4.

Setting up the VPN connection for a hybrid environment on page 9

___ 5.

Deploying an on-premises cloud environment on page 12

___ 6.

(Optional) Installing and configuring IBM UrbanCode Deploy and IBM UrbanCode Deploy with
Patterns on page 15

Getting started with IBM Cloud Manager with OpenStack 4.2 "Next"

Prerequisites and limitations for a hybrid environment

Review the following information about getting started with a hybrid environment,
in addition to limitations that apply to the hybrid environment.
Prerequisites and considerations
v All of the hybrid services are included in IBM Cloud Manager with OpenStack
4.2 fix pack 4.2.0.1. No additional software is required.
v You must contact and work with IBM Cloud OpenStack Services to create your
off-premise cloud to your specifications.
Some considerations:
You must inform IBM Cloud OpenStack Services that you want to enable
hybrid support. The IBM Cloud OpenStack Services cloud must be enabled
for hybrid if you plan to share a common Keystone with IBM Cloud Manager
with OpenStack 4.2.
Ensure that the IBM Cloud OpenStack Services cloud is created and enabled
for hybrid before you deploy an on-premises IBM Cloud Manager with
OpenStack cloud.
v Management of users, roles, projects, and groups are controlled by IBM Cloud
OpenStack Services policies. You need to thoroughly read and understand how
these policies affect how you create and use users, roles, projects, and groups.
The use of OpenStack CLIs such as Keystone, and the use of the dashboard to
manage users, groups, roles, and projects are not supported. You must use either
the REST APIs or a CLI tool that is provided by IBM Cloud OpenStack Services
to perform these tasks. For more information, see Managing users and projects.
v After the IBM Cloud OpenStack Services cloud is running, you must establish a
site-to-site VPN connection from your on-premises data center. The machines
that host the on-premises IBM Cloud Manager with OpenStack 4.2 cloud must
have network routes that go to the IBM Cloud OpenStack Services OpenStack
environment over the VPN connection. For more information about setting up
the VPN connection, see Setting up the VPN connection for a hybrid
environment on page 9
v After you verify network connections to IBM Cloud OpenStack Services, you can
deploy the IBM Cloud Manager with OpenStack 4.2 region to your on-premises
machines by using either the command-line interface or the graphical user
interface.
Limitations with the hybrid environment
v The IBM Cloud OpenStack Services environment must be created first and must
be enabled for hybrid before IBM Cloud Manager with OpenStack 4.2
deployment on-premises. There is no support for IBM Cloud OpenStack Services
to share a Keystone service that is running on-premises nor is there support for
adding an existing on-premises IBM Cloud Manager with OpenStack 4.2 to the
IBM Cloud OpenStack Services cloud.
v You must have a working site-to-site VPN connection before you deploy the
IBM Cloud Manager with OpenStack 4.2 on-premises region. The VPN
connection is required so that the IBM Cloud Manager with OpenStack 4.2
on-premises region can communicate with the IBM Cloud OpenStack Services
OpenStack environment.
v Only minimal and controller +n compute topologies with Linux Kernel-based
Virtual Machine (KVM) or QEMU hypervisors are supported for the on-premises
IBM Cloud Manager with OpenStack 4.2 region.

Overview

v Keystone is the only shared service. No other service is shared, including Glance
and Heat.
v The self-service portal is not supported.
v Neutron VPNaaS is not supported to connect on-premises virtual machine
networks to the IBM Cloud OpenStack Services virtual machine network.
v The dashboard that runs on the IBM Cloud OpenStack Services region cannot be
used to manage the on-premises IBM Cloud Manager with OpenStack 4.2
region.
v Due to limitations of the Keystone client support of the Keystone v3 API,
Keystone CLI commands do not work. You can work around this issue by using
the OpenStack command, for example:
OS_AUTH_URL=https://192.168.101.10:5000/v3 openstack --os-identity-api-version
3 user list

For more information about the OpenStack CLI, see OpenStack Command-Line
Interface Reference.
v Only a single domain, Default, is supported by IBM Cloud OpenStack Services.
The admin-on-prem user does not have access to view or modify domains.
v Only an IBM Cloud OpenStack Services admin can create security groups for
RegionOne. Only the default security group is supported.
v The on-premises region runs http and Cloud Management Dashboard runs
https, so when you access the console of an instance you must click Click here
to show only console and use full screen mode. Most browser settings do not
allow a mix of http and https content on the same page.
v When you use the Cloud Management Dashboard, all users with the
on_prem_admin role have the permissions to use the ADMIN tab to perform
administrative functions for the on-premises region. Users with this role do not
have permission to access the admin functions for the IBM Cloud OpenStack
Services region. If you are in an ADMIN pane and switch to the IBM Cloud
OpenStack Services region, you are logged out and the following message is
displayed:
You do not have permission to access the resource:
/admin/volumes/
Login as different user or go back to home page

To recover from this error, log in again.

v When you use Horizon to access the IBM Cloud OpenStack Services region
(RegionOne), the object storage is not supported. If you try to create a container,
an error message is displayed.
v Uploading images by using a URL in RegionOne is not supported because the
IBM Cloud OpenStack Services Glance service does not have an internet
connection. You can upload images from your system by selecting the Image
File option in the Image Location field. For more information about IBM Cloud
OpenStack Services image management, see Managing images and image
catalogs.

Contacting IBM Cloud OpenStack Services to set up a hybrid

environment
You must contact Eric Schultz (email address: schultzy@us.ibm.com) at IBM Cloud
OpenStack Services to create an off-premises cloud and enable it for hybrid
support.

Getting started with IBM Cloud Manager with OpenStack 4.2 "Next"

About this task

When the cloud is enabled for hybrid, the IBM Cloud OpenStack Services team
creates an on-premises admin user and a set of on-premises OpenStack service
users. You need these user IDs and passwords when you deploy the on-premises
cloud. In addition, Keystone endpoints are created for the on-premises region. You
must provide the IBM Cloud OpenStack Services team the IP address of your
on-premises machine that hosts the OpenStack controller.

Installing IBM Cloud Manager with OpenStack

You must download and install IBM Cloud Manager with OpenStack, version 4.2
and fix pack 4.2.0.1, which includes the software you need to deploy a cloud. You
deploy the cloud later.

About this task

Use this worksheet to download and install IBM Cloud Manager with OpenStack,
version 4.2:
Table 3. Installing
Tasks
___ 1.

Downloading IBM Cloud Manager with OpenStack, version 4.2. See IBM Cloud Manager with
OpenStack on developerWorks Service Management Connect.

___ 2.

Installing IBM Cloud Manager with OpenStack on Linux.

___ 3.

Changing the Chef server password.

___ 4.

Configuring operating system yum repositories on the deployment server.

___ 5.

Applying IBM Cloud Manager with OpenStack 4.2 fix pack 4.2.0.1. See IBM Support Portal.

___ 6.

(Optional) Installing IBM Cloud Manager - Deployer on page 2.

Setting up the VPN connection for a hybrid environment

To create a hybrid cloud with IBM Cloud OpenStack Services, you must first
establish a site-to-site VPN connection and set up the related network components.

About this task

You must configure the VPN connection with the IBM Cloud OpenStack Services
customer gateway so that your on-premises IBM Cloud Manager with OpenStack
cloud can communicate with IBM Cloud OpenStack Services services and with
virtual machine instances that you create in IBM Cloud OpenStack Services. The
VPN connection is also used for communication between the on-premises virtual
machine instances and the off-premise virtual machine instances.
The IBM Cloud OpenStack Services customer gateway uses a virtual tunnel
interface (VTI) to establish the underlying tunnel. The VPN hardware and software
that you use on-premises must be able to establish a VPN tunnel by using virtual
tunnel interfaces.
The following instructions provide the general information that you need to create
the VPN connection that is required for a hybrid cloud. You must adjust these
instructions as needed based on the VPN hardware and software, network
topology, and security policies that you use.
IBM Cloud OpenStack Services gives you additional information, such as IP
addresses and shared secrets, that you need to use when you create the VPN
connection. You must work with the IBM Cloud OpenStack Services team during
Overview

the onboarding process to ensure that the IBM Cloud OpenStack Services IP
addresses do not overlap with IP addresses in your environment. For more
information about IBM Cloud OpenStack Services and the IBM Cloud OpenStack
Services onboarding process, see Contacting IBM Cloud OpenStack Services to set
up a hybrid environment on page 8.
Important: The VPN connection requires a public internet connection to your
environment. Your company might have policies in place that require specialized
configuration and network isolation. It is your responsibility to ensure that you are
in compliance with the internet and security policies that are required by your
company.
Before you begin, you must obtain the following information from IBM Cloud
OpenStack Services:
v The public IP address of the IBM Cloud OpenStack Services gateway.
v The virtual tunnel address of the IBM Cloud OpenStack Services gateway
(typically 172.19.0.2/30).
v The preshared secret.
v The IP address of the IBM Cloud OpenStack Services OpenStack environment
proxy (typically, 192.168.101.10).

Procedure
1. Establish the site-to-site VPN connection.
a. Create the virtual tunnel interface (VTI) by using the virtual tunnel address
from IBM Cloud OpenStack Services.
b. Create the IPSec VPN configuration if it is not configured already.
1) Create and configure the Internet Key Exchange (IKE) and
Encapsulating Security Payload (ESP). Typical values include aes256
encryption and sha1 hash.
2) Add the IPSec to your public IP interface.
3) Create and configure the IPSec NAT allowed networks. Set the NAT
allowed networks to 0.0.0.0/0.
c. Create and configure the VPN peer. Use the public IP address of the IBM
Cloud OpenStack Services customer gateway and the preshared secret that
you obtained from IBM Cloud OpenStack Services. Bind the peer to the VTI
interface that you created and configured in Step 1a.
d. Verify that the tunnel is established. If you have problems, contact IBM
Cloud OpenStack Services Support.
e. Create a route to the IBM Cloud OpenStack Services OpenStack
environment through the virtual tunnel interface router. Typically, the
OpenStack environment is 192.168.101.10 and the next hop address is
172.19.01.1.
f. Verify that you can communicate with the IBM Cloud OpenStack Services
OpenStack environment. You must use cURL to test the connection because
the ping utility is disabled on the IBM Cloud OpenStack Services OpenStack
environment.
curl --insecure https://192.168.101.10

If you do not receive a response, see Troubleshooting the VPN connection

for a hybrid environment on page 11.
2. Create routes to your IBM Cloud OpenStack Services virtual machine instance
networks through the VTI router. For example, if the IBM Cloud OpenStack

10

Getting started with IBM Cloud Manager with OpenStack 4.2 "Next"

Services virtual machine instance network is on 192.168.100.0/24, you must

create a static route to that subnet by using the next hop address of 172.19.0.1.
If you do not know the subnet, use OpenStack dashboard that is running on
IBM Cloud OpenStack Services to find the networks. Depending on the address
ranges, you might need to create more routes.
Verify that you can ping a virtual machine instance. From the OpenStack
dashboard, start an instance and get its IP address from the dashboard. This
address should be in the 192.168.100.0/24 subnet where the static route was
created. For example, 192.168.100.6.
3. Optional: Open ports. You might need to adjust your firewall settings to allow
on-premises OpenStack to communicate to the IBM Cloud OpenStack Services
region. For information about the default ports, see Port usage.
4. Optional: On-premises machines need access to communicate with the IBM
Cloud OpenStack Services region. At a minimum, all OpenStack machines need
the ability to access Keystone services that run in the IBM Cloud OpenStack
Services region. The VPN machine is used as the gateway to the IBM Cloud
OpenStack Services services, so you need to create routes from on-premises
machines that require access to the IBM Cloud OpenStack Services region.
Depending on your network configuration, you might need to manually add
routes on the machines that need access. In the following example, the VPN
machine is at 10.91.38.225 on the private network.
a. On the machines that run the on-premises OpenStack services, access the
OpenStack services:
ip route add 192.168.101.10/32 via 10.91.38.225

b. For machines that need access to the virtual machine instances, access the
IBM Cloud OpenStack Services virtual machines:
ip route add 192.168.100.0/24 via 10.91.38.225

c. Test the connections from the machine where the route was added:
curl --insecure https://192.168.101.10
ping ICOS virtual machine instance

where ICOS virtual machine instance might be 192.168.100.6

Troubleshooting the VPN connection for a hybrid environment

You can use the tcpdump tool to troubleshoot your VPN connection.
The tcpdump tool shows you if the network packets are reaching the tunnel and if
IBM Cloud OpenStack Services is responding to those packets.
For example:
sudo tcpdump -i vti0

In another window, run the command that is having problems. If you see the
packets on the virtual tunnel interface but no responses, then you know that the
problem in on the IBM Cloud OpenStack Services side. If there are no incoming
packets on the virtual tunnel interface, then you know that you have a problem
with your configuration.
If you have high traffic on your virtual tunnel interface, try looking at the traffic
that is destined to or leaving from a certain IP address, for example:
sudo tcpdump -i vti0 src or dst 192.168.100.6

Overview

11

Deploying an on-premises cloud environment

Deploy the on-premises region for your hybrid cloud.

About this task

To deploy an on-premises cloud environment, complete the following tasks:
Set passwords for deploying the on-premises region
You must first set the passwords that are provided by IBM Cloud
OpenStack Services. For details, see Setting passwords for deploying the
on-premises region.
Deploy the on-premises region
Use either the command-line interface or IBM Cloud Manager - Deployer
to deploy the region. For details, see Deploying the on-premises region
on page 13.
After you deploy the on-premises region, you need to configure the region for
functions such as networking and security. For information about post-deployment
tasks, see Managing IBM Cloud Manager with OpenStack as an Administrator.

Setting passwords for deploying the on-premises region

Before you can deploy an on-premises region, you must set the passwords of the
on-premises admin user and service users that are created by the IBM Cloud
OpenStack Services team. You use these passwords to deploy an on-premises
cloud.

Before you begin

Before you begin, you must obtain passwords for the following user names from
IBM Cloud OpenStack Services. For more information, see Contacting IBM Cloud
OpenStack Services to set up a hybrid environment on page 8
v admin-on-prem
v nova-on-prem
v glance-on-prem
v neutron-on-prem
v cinder-on-prem
v ceilometer-on-prem
v heat-on-prem
Optionally, you can change the passwords of the *-on-prem user names manually
by using the OpenStack dashboard of the off-premises region.

About this task

To set the passwords, complete the following steps:

Procedure
1. Create a directory to store the files for the topology that you deploy. Change
your-deployment-name to the name for your deployment. The same directory is
used when you deploy the on-premises region.
$ mkdir your-deployment-name
$ chmod 600 your-deployment-name
$ cd your-deployment-name

12

Getting started with IBM Cloud Manager with OpenStack 4.2 "Next"

2. Copy the /opt/ibm/cmwo/chef-repo/data_bags/

example_on_premise_passwords_file.json file.
Note: This step assumes the default IBM Cloud Manager with OpenStack
installation path on the deployment server (/opt/ibm/cmwo).
$ cp /opt/ibm/cmwo/chef-repo/data_bags/example_on_premise_passwords_file.json
your-hybrid-passwords-file.json

3. Set the passwords. This file is used as input to the your-icos-hybrid-cloud.yml

file that you create later.
See the following example passwords file:
Note: The following line is not used and can be removed from your example
passwords file:
"openstack-iaas-gateway":"Openstackiaasgateway21"
{
"user_passwords":{
"admin-on-prem":"<ICOS nova-on-prem password>"
},
"service_passwords":{
"openstack-compute":"<ICOS nova-on-prem password>",
"openstack-image":"<ICOS glance-on-prem password>",
"openstack-network": "<ICOS neutron-on-prem password",
"openstack-block-storage":"<ICOS cinder-on-prem password>",
"openstack-ceilometer":"<ICOS ceilometer-on-prem password>",
"openstack-orchestration":"<ICOS heat-on-prem password>",
"openstack-iaas-gateway":"<Not Applicable>"
}
}

Deploying the on-premises region

Use either the command-line interface or IBM Cloud Manager - Deployer to
deploy an on-premises region.

About this task

To deploy your on-premises cloud by using the command-line interface, complete
the following steps.
Note: If you want to deploy your on-premises cloud by using the IBM Cloud
Manager - Deployer, skip the following steps. Ensure that you installed IBM Cloud
Manager - Deployer. For information about installing IBM Cloud Manager Deployer, see Installing IBM Cloud Manager - Deployer on page 2. After you
install IBM Cloud Manager - Deployer, the instructions in the user interface guide
you through the deployment process.

Procedure
1. Log in to the deployment system as the root user. This is the system where IBM
Cloud Manager with OpenStack was installed.
2. Navigate to the directory that you created to store the files for the topology
that you deploy. This directory contains your your-hybrid-passwordsfile.json file.
3. Copy the example-icos-hybrid-controller-n-compute-kvm-cloud.yml cloud file
as the base structure for your cloud deployment and rename it for your cloud
environment.
Note: This step assumes the default IBM Cloud Manager with OpenStack
installation path on the deployment server (/opt/ibm/cmwo).
Overview

13

$ cp /opt/ibm/cmwo/cli/config/ example-icos-hybrid-controller-n-compute-kvm-cloud.yml
your-icos-hybrid-cloud.yml

4. Change the required YAML attributes in your cloud file, your-icos-hybridcloud.yml.

Note: The name of your on-premises cloud (OpenStack region name) must be
RegionTwo.
v Cloud Information (cloud): Customize the cloud information.
password_file: YOUR_PASSWORD_FILE: Specify the
your-hybrid-passwords-file.json file name.
v Hybrid Cloud Information:
cert_file: YOUR_ICOS_SSL_CERTIFICATE_FILE_LOCATION: The SSL
certificate for the ICOS region. Enter the location of the SSL certificate file
on the controller and compute nodes as a fully qualified path and file
name. This value is not validated. Ensure that the ICOS SSL certificate file
specified is present on each node in the topology.
v Node Information (nodes): Customize the information for each node system
in your cloud. You can copy the kvm_compute node section to include more
KVM compute nodes in your cloud.
fqdn: Set to the fully qualified domain name of the node system. The
deployment system must be able to SSH by using the fully qualified
domain name. You can also set to the public IP address, private IP
address, or host name.
5. Deploy your cloud.
$ knife os manage deploy cloud your-icos-hybrid-cloud.yml

Note: This command generates a topology file and other related files for your
deployment and stores them in the same directory as your cloud file,
your-icos-hybrid-cloud.yml. The cloud file is no longer needed after the
deployment completes and can be removed. The generated files are only used
if you must update your cloud.
$ rm your-icos-hybrid-cloud.yml

Results
After the deployment is complete, the IBM Cloud Manager with OpenStack
services are ready to use. The IBM Cloud Manager with OpenStack dashboard is
available at https://node.fqdn.com/, where node.fqdn.com is the fully qualified
domain name of the node. You can log in using the admin-on-prem user with the
password that you customized.
After you deploy the on-premises region, you need to configure the region for
functions such as networking and security. For information about post-deployment
tasks, see Managing IBM Cloud Manager with OpenStack as an Administrator.
If you want to deploy the same image in both regions, you must create the image
in both regions by using the glance command-line interface or the dashboard. For
more information, see Copying OpenStack Glance images.
Consider using IBM UrbanCode Deploy with Patterns to bring DevOps to your
hybrid cloud environment. For more information, see Installing and configuring
IBM UrbanCode Deploy and IBM UrbanCode Deploy with Patterns on page 15.

14

Getting started with IBM Cloud Manager with OpenStack 4.2 "Next"

Installing and configuring IBM UrbanCode Deploy and IBM

UrbanCode Deploy with Patterns
You can optionally download and install IBM UrbanCode Deploy with Patterns,
which provides rapid application deployment and management. With IBM
UrbanCode Deploy with Patterns, you can connect your cloud, see available
resources, and design your application deployment by using an easy to use
web-based graphical designer. IBM UrbanCode Deploy with Patterns works with
IBM UrbanCode Deploy to provide virtual application environments on demand.

About this task

Use this worksheet to download, install, and configure the following products:
v IBM UrbanCode Deploy
v IBM UrbanCode Deploy with Patterns
Table 4. Installing and configuring
Tasks
___ 1.

Download and install IBM UrbanCode Deploy 6.1.1.0. See Installing the server in interactive mode.

___ 2.

On the IBM UrbanCode Deploy server, create a token for connecting to the IBM UrbanCode Deploy
with Patterns server. See Tokens.

___ 3.

Download IBM UrbanCode Deploy with Patterns 6.1.1.0. To obtain the media, go to Fix Central.

___ 4.

Install an IBM UrbanCode Deploy with Patterns engine. See Installing engines in interactive mode.

___ 5.

Install the IBM UrbanCode Deploy with Patterns design server, providing the token that you created
on the IBM UrbanCode Deploy server. See Installing the design server in interactive mode.

Next, you can configure access to the cloud by using the Cloud tab under System
Settings. For details, see Connecting to OpenStack clouds.
Then, get started with creating your own blueprints for your cloud. For details, see
Modeling blueprints for OpenStack.
For more information about IBM UrbanCode Deploy with Patterns, see IBM
UrbanCode Deploy with Patterns welcome page and the IBM UrbanCode
developer center.
For technical support for IBM UrbanCode Deploy or IBM UrbanCode Deploy with
Patterns 6.1.1.0., contact IBM Cloud OpenStack Services Support.

Overview

15