Me REDHAT? — BCI te i 4 a 4 i E a ; : Red Hat OpenStack - , Administration \ =—= Student Workbook = a = a = _ _ oF = “ . ‘ _ E © 2014 Red Hat, nc CL210-RHELOSPS.o-en-2-20140026» Ab WW Ah WW lb lh aol) ol li ld a lt ) } di LY RED HAT OPENSTACK ADMINISTRATION 'Lato Red Hat Enterprise Linux OpenStack Platform 5.0 CL210 Red Hat OpenStack Administration Edition 2 Authors: Forrest Taylor, Razique Mahroua, Adolfo Vazquez Copyright © 2014 Red Hat, Inc. The contents of this course and all its modules and related materials, including handouts to audience members, are Copyright © 2014 Red Hat, Inc, No part of this publication may be stored in a retrieval system, transmitted or reproduced in any way, including, but not limited to, photocopy, photograph, magnetic, electronic or other Fecord, without the prior written permission of Red Hat, Inc This instructional program, including all material provided herein, is supplied without any Guarantees from Red Hat, Inc. Red Hat, Inc. assumes no liability for damages or legal action arising from the use or misuse of contents or details contained herein. If you believe Red Hat training materials are being used, copied, or otherwise improperly istributed please e-mail training@redhat.com or phone toll-free (USA) +1 (866) 626-2994 or + (919) 754-3700. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, Hibernate, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc,, registered in the United States and other countries. Linux is the registered trademark of Linus Torvalds in the Unilud States and other countries. Javaw is a registered trademark of Oracle andor its affiliates. XFSW® is a registered trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. oe ee The OpenStackw Word Mark and OpenStack Logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation’s permission, We are not affliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack ‘community. All other trademarks are the property of their respective owners, Contributors: Rob Locke, Philip L. SweanyPractice: Deploying the Glance Image Service anit aa ses Upload a System Image . eveseeceee WO Using the glance Command to a Practice: Using the glance Command to Upioad a System Image « 7. implementing the Cinder Block Storage Service Installing the Cinder Block Storage Service ‘and Managing Volumes ... Practice: installing the Cinder Block Storage Service and Managing Volumes Adding a Red Hat Storage Volume to the Cinder Block Storage Service ... mm Practice: Adding a Red Hat Storage Volume to the Cinder Block Storage Servi 8. implementing the OpenStack Networking Service ‘installing OpenStack Networking Practice: nstaling OpenStack Networking. Configuring OpenStack Networking Prectie: Configuring OpenStack Network su 9. Implementing the Nova Controller Services Installing Nova Compute .. Practice: Installing Nova Compute and Nova Controller Deploying Instances Using the Command Line .. Practice: Deploying instances Using the Command Line 10. Managing an Additional Nova Compute Node Preparing the Nova Controller Node ..... Practice: installing the Nova Controller Node Managing Nova Compute Nodes ... Demonstration: Adding a Nova Compute Node .. Demonstration: Removing a Nova Compute Node Practice: Managing Nova Compute Nodes .. Configuring Networking on the Nova Compute Node and ‘Launching an instance Practice: Configuring OpenStack Networking on the Nova Compute Node ...... Practice: Preparing and Launching an Instance . 1. Implementing the Heat Orchestration Service 195 Implementing the Heat Orchestration Service .. Practice: Implementing the Heat Orchestration Service .. 12. Implementing the Ceilometer Metering Service 209 Deploying the Ceilometer Telemetry Service ‘ Practice: installing the Ceilometer Telemetry Service .. Practice: Configuring the Ceilometer Telemetry Service Telemetry with the Ceilometer Telemetry Service a 218 Practice: Telemetry with the Ceilometer Telemetry Service 220 Lab: Gathering Telemetry with Ceilometer a 222 13. The Future Direction of Red Hat OpenStack 229 The Future of Openstack .. 14. Comprehensive Review ‘Comprehensive Review pee a Sees osePractice: Deploying the Glance image Service Using the glance Command to Upioad a System Image a Practice: Using the glanee Command to Upload a System Image nS ‘7. implementing the Cinder Block Storage Service i Istating the Cinder Block Storage Service and Managing Volumes : Practice: instating the Cinder Block Storage Service and Managing Volumes = Aaging a Red Hat Storage Vokume to the Cinder Block Storage Servi Practice: Adding a Red Hat Storage Volume to the Cinder Block Storage Service 126 B Implementing the OpenStack Networking Service = instating Openstack Networking 14 Practice: Installing OpenStack Networking 3S Configuring OpenStack Networking 145 Practice: Configuring OpenStack Networking “wr '& Implementing the Nova Controller Services 153 instafling Nova Compute ho Practice: instailing Nova Compute and Nova Controller 55 Depioving Instances Using the Command Line 161 Practice: Deploying Instances Using the Command Line 162 10. Managing an Additional Nova Compute Node 169 Preparing the Nova Controller Node 170 Practice: Installing the Nova Controller Node m Managing Nova Compute Nodes 16 Demonstration: Adding a Nova Compute Node v7 Demonstration: Removing a Nova Compute Node 180 Practice: Managing Nova Compute Nodes 131 Configuring Networking on the Nova Compute Node and Launching an instance 134 Practice: Configuring OpenStack Networking on the Nova Compute Node 185 Practice: Preparing and Launching an instance espesae, 11 implementing the Heat Orchestration Service 195 implementing the Heat Orchestration Service snes 198 Practice: Implementing the Heat Orchestration Service vnvnnnnennennacnnne 197 12. Implementing the Cellometer Metering Service Deploying the Ceilometer Telemetry Service Practice: installing the Cellometer Telemetry Service Practice: Configuring the Cellometer Telemetry Service Telemetry with the Ceilometer Telemetry Service oh Practice: Telemetry with the Ceilometer Telemetry Service . Lab: Gatnering Telemetry with Cellometer 13, The Future Direction of Red Hat OpenStack The Future of OpenStack 14, Comprehensive Review Comprehensive Reviewa it oat i ib ab a ‘a va as @a be \a i Document Conventions Notes and Warnings A Warning References fe t mentation relevant to a subje ‘ELZIO-RHELOSPS.0-en-2-20140926 5 vis 3 a a 3 am a a = a Introduction Red Hat OpenStack Administration Red Hat OpenStack Administration (CL210) is designed for system administrators who are intending to implement a cloud computing environment using OpenStack. Students will learn how to install, configure, use, and maintain the Red Hat Enterprise Linux OpenStack platform. The Course now includes GRE networking The Red Hat OpenStack Administration course begins by explaining the OpenStack architecture and terms used throughout the course. The course shows how to install and configure OpenStack, including the message broker (RabbitMO), the identity service (Keystone), the object storage service (Swift), the image service (Glance), the block storage service (Cinder), the networking service (Neutron), the compute and controller services (Nova), the orchestration service (Heat), and the metering service (Ceilometer). The course finishes with a comprehensive review, implementing the services after a fresh installation of the operating system. Course objectives + Discuss the Red Hat OpenStack architecture, + Install Red Hat OpenStack with automated tools. + Implement and secure the RabbitMO message broker. Manage users, tenants, and roles. Implement the Swift object storage service. Implement the Glance image service. + Implement the Cinder block storage service. + Implement the OpenStack networking service. + Implement the Nova compute and Nova controller services, Implement an additional Nova compute node. + Deploy victual machines. + implement the Heat orchestration service. + Implement the Cellometer metering service. * Discuss the future of Red Hat Openstack. Audience + Linux system administrators and cloud administrators interested in, or responsible for,Introduction Prerequisites + RHCSA certification or equivalent level of knowledge is highly recommended.Pee) ub. i, = 3 a Ww ou i) a <— Orientation to the Classroom Envir Orientation to the Classroom Environment Pec ni ‘Student X VMs en) Pe Classroom Bree) Network In this course, students will do most hands-on practice exercises and lab work with a set of computer systems, which will be referred to as servera, serverb, serverc, and workstation. These machines have the host names serverX-a.example.com, serverX- bexample.com, serverX-c.example.com, and workstationx.example.com, where the Xin the ‘computers’ host names will be a number that will vary from student to student. All machines have a standard user account, student, with the password student. The root password on all systems is redhat. Note Some courses do not use all machine names listed above. For instance, you may only see serverX-a, serverX-h and workstationX. Alternately, you may have more machines than shown in this document. For instance, you may see serverX-a, serverX-b, serverX- ¢, serverX-d, serverX-e and workstationX. The number of server machines is variable depending on the course. In a ive instructor-led classroom, students will be assigned a physi , Physical computer ("f " which will be used to access these machines. The servera, serverb, Aneel ae workstation systems are virtual machines running on that host. Studer ‘ machine as user kiosk with the password redhat, nts should (a9 info, thlIntroduction tual machines. On foundationy, a special command called rht -vmet. Is used to work with the vir ne The commands in the following table should be run as the kiosk user on foundation, and ¢ ised with Servera (as in the examples), server, servere, or workstation. rht-vnctl Commands tart servera machin rht-vmet1 start servera rht-vmet1 view servera View "physical console” to lag in and work with servera machine Reset servera machine to its previous state and restart virtual machine rht-vmetl reset servera At the start of a lab exercise, if an instruction to reset servera appears, that means rht-vmetl reset servera should be run in a prompt on the foundationx system a Kiosk. Likewise, if an instruction to reset your workstation appears, that means the d rht-vmct1 reset workstation should be run on foundationx as user kiosk Each student is on a public IPv4 network, 172.25.X.0/24, where the X matches the numbe # thelr serverxa, serverx-b, ServerX-c, etc. and workstationX systems, with a gateway of 172.25.X.254, These machines also share a private IPv4 network, 172.25.X#100..0/24. Th instructor runs a central utility server, classroom.example.com, which acts as a router for ths Classroom networks and provides DNS, DHCP, HTTP, and other content services. Classroom Machines erX-avexample.com ServerX-biexample.com 172.25X, ver 25.xX+10012 _| Student serverX-c.example.com 172.25.X12, rd server workstationXexample.com | 25X39, 172.25x+1009 | Student workstation | Classroomexamplecom | 172.25254254 Classroom utility server l Les Ba sn a 1210 RHELOSPS.O-en-2-20hagagaug (al = 3 aoh ae w& Internationalization Internationalization Language support Red Hat Enterprise Linux 7 officially supports 22 languages: English, Assamese, Bengall, Chinese (Simplified, Chinese (Tracitional., French, German, Gujarat, Hindi Italian, Japanese, Kannada, Korean, Malayalam, Marathi Odia, Portuguese (Brazilian), Punjabi, Russian, Spanish, Tamil, and Telugu, Per-user language selection Users may prefer to use a different language for their desktop environment than the system wide default. They may also want to set their account to use a different keyboard layout or input method. Language settings In the GNOME desktop environment, the user may be prompted to set their preferred language and input method on first login. f not, then the easiest way for an individual user to adjust their referred language and input method settings is to use the Region & Language application. Run the command gnome-control-center region, or from the top bar, select (User) > Settings. In the window that opens, select Region & Language. The user can click the Language box and select their preferred language from the list that appears. This will also update the Formats setting to the default for that language. The next time the user logs in, these changes will take full effect. These settings affect the GNOME desktop environment and any applications, including gnome- terminal, started inside it. However, they do not apply to that account if accessed through an ssh login from a remote system or a local text console (such as tty2). Note A.user can make their shell environment use the same LANG setting as their graphical environment, even when they log in through a text console or over ssh. One way to do this is to place code similar to the following in the user's ~/.bashre file, This example code will set the language used on a text login to match the one currently set for the user's GNOME desktop environment: (ar /ib/AccountService/users/S{USER} \ *s/Language=//") 1; then Japanese, Korean, Chinese, or other languages with a non-Latin character set may not. display properly on local text consoles. Individual commands can be made to use another language by setting the LANG variable on the command line: | [userdhost 18 LaNG=fr FR.utfa datepepe Introduction uit language for output, The Locale wil revert to using the system's defa Subsequent commands will revert to using the sys ul en Sree inede command can be used to check the current value of LANG an variables, Input method settings GNOME 3 in Red Hat Enterprise Linux 7 automatically uses the IB system, which makes it easy to change keyboard layouts and input ble alternative input methods. In the box shows what input methods are je method. Highlight English us input method selection it methods quickly. ‘The Region & Language application can also be used to enal Region & Language application's window, the Input Sources currently available. By default, English (US) may be the only availabl (US) and click the keyboard icon to see the current keyboard layout. To add another input method, click the + button at the bottom left of the Input Sources window. {An Add an Input Source window will open. Select your language, and then your preferred input method or keyboard layout. Once more than one input method is configured, the user can switch between them quickly by typing Super+Space (sometimes called Windows+Space). A status indicator will also appear in the GNOME top bar, which has two functions: It indicates which input method is active, and acts as a menu that can be used to switch between input methods or select advanced features of ‘more complex input methods, ‘Some of the methods are marked with gears, which indicate that those methods have advanced configuration options and capabilities. For example, the Japanese Japanese (Kana Kanji) input method allows the user to pre-edit text in Latin and use Down Arrow and Up Arrow keys to select the correct characters to use, US English speakers may find also this useful. For example, under English (United States) is the keyboard layout English (international AltGr dead keys), which treats ALtGr (or the right Alt) on a PC 104/105-key keyboard as a "secondary-shift" modifier key and dead key activation key for typing additional characters. There are also Dvorak and other alternative layouts available. Note ‘Any Unicode character can be entered in the GNOME desktop environment if the user knows the character's Unicode code point, by typing Ctr1+Shift+, followed by the code point. After CtrL+Shift+U has been typed, an underlined u will be displayed to indicate that the system is waiting for Unicode code point entry. For example, the lowercase Greek letter lambda has the code point U+03BB, and can be entered by typing Ctr1+Shift+u, then @3bb, then Enter. System-wide default language settings The system's default language is set to US English, using the UTF-8 encodin« 19 of Unicode as its character set (en_US. ut 8), but this can be changed during or after installation, From the command line, root can change the system-wide lo cale settings with the Localect1 command. if localect1 is run with ni gem 10 arguments, it will display the current system-wide locale ‘To set the system-wide language, run the command locales where locale is the appropriate $LANG from the etl set-locale LANG=locale, "Language Codes Reference" table in ,3 a = a 3 =] = li id til = = a a a 2 a ? Language packs 1 and is stored in /ete/ this chapter. The change will take effect for users on their next log locale. conf <}# localectl set-locale LANG=fr_FR.utf® [rooteno: In GNOME, an administrative user can change this setting from Region & Language and clicking the Login Screen button at the upper-right corner of the window. Changing the Language of the login screen will also adjust the system-wide default language setting stored in the /ete/ Locale. conf configuration file Important Local text consoles such as tty2 are more limited in the fonts that they can display than gnome- terminal and ssh sessions. For example, Japanese, Korean, and Chinese characters may not display as expected on a local text console. For this reason, it may make sense to use English or another language with a Latin character set for the system's text console. Likewise, local text consoles are more limited in the input methods they support, and this is managed separately from the graphical desktop environment. The available global input settings can be configured through Tnealect1 for both local text virtual consoles and the X1l graphical environment. See the localect (1), kbd(4), and veonsole. conf (5) man pages for more information, Language packs \When using non-English languages, you may want to install additional "language packs" to provide additional translations, dictionaries, and so forth. To view the list of available langpacks. un yum Langavai able. To view the list of langpacks currently installed on the system, fun yum Langlist. To add an additional langpack to the system, 1un yum Langinstal1 ‘code, where code Is the code in square brackets after the language name in the output of yum Jangavailable. References locale(7), localect1(1), kbd(4), locale. conf(5), vconsole.conf(5), unicode(7), utf-8(7), and yum-langpacks(8) man pages Conversions between the names of the graphical desktop environment's X11 layouts and their names in Localect1 can be found in the file /usr/share/X11/xkb/rules/ base. 1st.Introduction Language Codes Reference Language Codes English (US) S.utf8 Asean vs Nats Bengal Natt Chinese Simpiied) fan ents Chinese (rational zh Tatts [Frenen ir FRutte [erman or [ae Dette Gujarati outs Hindi z hi_IN.utf8 [itatan : . tat | nese e ja_JP.uttS [Kannada kn_IN.ut8 | Korean ” Preeti | Malayalam mi_IN.utfS- | Marathi a | mr_IN.utt® | INU [rerun ute nail pats } — ~csil [uzstan [racrosato I es Sut - _ ta_iN.utf8 Tw Tent wi CL210-RHELOSPS O-en-2-2014 0036: redhat. “ TRAINING ; : CHAPTER 1 : 2 INTRODUCING RED HAT : : OPENSTACK ARCHITECTURE : 3 rs Objectives * Define cloud computing, = * Discuss OpenStack architecture. | + befine OpenStack terminology. 5 Sections and Practice | Cloud Computing = + Practice: OpenStack Architecture a Ul a s a a CLZIO-RHELOSPS.0-en-2-20140926Chapter .Introducing Red Hat OpenStack Architecture Cloud Computing Cloud computing has been detined by the U.S. National institute of Standards and Technology | (NIST) as ..a model for enabling ubiquitous, convenient, on-demand network access to a shar ool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” A user is ale to launch as many instances (virtual machines) as needed, without requiring provision assistance from the service provider. The cloud user, cloud consumer, or self-service user decides which computing resources (CPU, memory, storage, etc.) to use for their instances. Cloud computing has several essential characteristics: * Self-service: Allows cloud consumers to provision instances with computing resources. Global network access: Access the applications on the instance from the Internet. ‘Muli-tenancy: Allows multiple cloud consumers to share the underlying hardware. Elasticity: Scales out (or scales in) instances to satisty demand. Telemetry: Resources can be monitored and metered by the service provider as well as the cloud consumer. Cloud workloads vs. traditional workloads Traditional workloads or datacenter virtualization has been common in the computer industry for many years. Traditional workloads use a client-server architecture; failover and scaling are built into the infrastructure. One configurable machine is built to handle the workload, When the workload increases, the machine scales up by adding more RAM, more CPUs, and more storage. +RAM + Storage +CPUs Scale up Figure 1.1: Traditional workloads scale up Cloud workloads require design changes to the application. The a architecture. Fallover and scaling are built into the application, T1 ‘adding more virtual instances to meet demand. pplication uses a distributed he application can scale out byCloud workloads vs. traditional workloads ot Figure 1.2: Cloud workloads scale out There are several service models available in cloud computing: + The infrastructure as a Service (!aaS) service model allows the cloud consumer to provision computing resources and software (operating system and applications). The cloud consumer ‘manages the images (operating system and applications), storage, networking, and computing resources (CPUs and VRAM). Platform as a Service (PaaS) provides the operating system (libraries, programming languages, etc.) for the cloud consumer. The cloud consumer provides the application(s) to be deployed on the instances. The cloud consumer does not manage the underlying cloud infrastructure. * Software as a Service (SaaS) provides the operating system and all software for the cloud consumer, The cloud consumer does not manage the underlying cloud infrastructure nor the application(s) contained in the instance. ‘There are several cloud deployment models: *+ Public cloud is a cloud that is available to the general public, run by a cloud provider. + Private cloud is a cloud used by a single organization. + Hybrid cloud is a combination of deployment models. The hybrid cloud is often used to expand ‘resources into a public cloud (cloud burst) when more computing resources are needed, Red Hat provides many products that incorporate clouc-related technologies: + Red Hat Enterprise Linux OpenStack Platform (RHEL OSP) is an extremely scalable laaS product that delivers an open, flexible, enterprise-ready OpenStack private cloud foundation— optimized for and integrated with Red Hat Enterprise Linux. + OpenShift Online is Red Hat's hosted public PaaS that offers an application development, build, deployment, and hosting solution in the cloud, + OpenShitt Enterprise takes the same open source Paas platform that powers the OpenShift Online hosted service and packages it for customers who want an on-premise or private cloud deployment. + Red Hat Storage Server (RHSS) is open, scale-out storage software that delivers a continuous ‘storage platform across physical, virtual, and cloud resources. isa scalable, open source, software-defined storage system that runs on commodity Coph is @ replacement for legacy storage systems and provides a unified solution for environments.R Chapter. introducing Red Hat Openstack Architecture * Red Hat CloudForms lets your organization deploy. manage, and optimize private, aoe ie hybrid clouds 8 well as virtualized infrastructures, Red Hat CloudForms can manage Wirtual machines in Red Hat Enterprise Virtualization (RHEV) and Red Hat Enterprise Linux Open’ Platform (RHEL OSP), as well as other vendors like Amazon, VMware, and Microsoft. * Red Hat Enterprise Virtualization (RHEY) offers complete enterprise virtualization Pree for servers and desktops, RHEV is bullt on Red Hat Enterprise Linux and provides virtualizatio for critical Linux and Microsoft Windows workloads. * Red Hat Cloud infrastructure (RHC) is a single-subscription offering made up of three products: Red Hat Enterprise Virtualization (RHEV), Red Hat Enterprise | inuxx OpenStack Platform, and Red Hat CloudForms. These fully integrated components can be deployed in any combination required. References Red Hat Cloud Computing Products http://Avww.redhat.com/products/cloud-computing/ National institute of Standards and Technology (U.S.) Cloud Information hittp://www.nist.gov/iti/cloud/—— 3 4 =" es Red Hat OpenStack Architecture Overview Red Hat OpenStack Architecture Overview Openstack includes the following services: Nova (compute): A service that manages networks of virtual machines running on nodes, providing virtual machines on demand, Nova is a distributed component and interacts with Keystone for authentication, Glance for images, and Horizon for @ web interface. Nova Is designed to scale horizontally on standard hardware, downloading images to launch instances as required, Nova compute uses libvirtd, emu, and kvm for the hypervisor. Glance (image): A service that acts as a registry for virtual machine images, allowing users to copy server images for immediate storage. These images can be used as templates when setting up new instances, ‘Neutron (networking): A service that provides connectivity between the interfaces of other Openstack services, such as Nova, Due to OpenStack networking’s pluggable architecture, users can create their own networks, control traffic, and connect servers to other networks. Various networking technologies are supported Cinder (block storage): A service that manages storage volumes for virtual machines. This is persistent block storage for the instances running in Nova. Snapshots can be taken for backing Up data, either for restoring data or to be used to create new block storage volumes. This is often used in instances for storage, such as database files. ‘Swit (object storage): A service providing object storage which allows users to store and retrieve files. Swift architecture is distributed to allow for horizontal scaling and to provide redundancy {as failure-proofing. Data replication is managed by software, allowing greater scalability and redundancy than dedicated hardware. Keystone (identity): A centralized identity service that provides authentication and authorization for other services. Keystone also provides a central catalog of services running in a particular COpenStack cloud. It supports multiple forms of authentication, including username and password Credentials, token based systems, and Amazon Web Services (AWS) logins. Keystone acts as a (SSO) authentication services for users and components. Horizon (dashboard): A web-based interface for managing OpenStack services. It provides a ‘graphical user interface for operations such as launching instances, managing networking, and setting access controls. Ceilometer (metering): A centralized source for metering and monitoring data. This component provides the capability to meter and bill OpenStack users. Heat (orchestration): A service to orchestrate multiple composite cloud applications using the ‘Amazon Web Services (AWS) CloudFormation template format, through both a Representational state transfer (REST) API and a CloudFormation-compatible Query API. The software integrates ‘other core components of OpenStack into a one-file template system. Templates allow creation ‘of most OpenStack resource types (@.g., instances, floating IPs, volumes, security groups, users), plus advanced functionality such as instance high availability instance autoscaling, and nestedChapter’. Introducing Red Hat Openstack Architecture — 1. Horizon: Web browser user interface for creating and managing instances. Keystone: Authentication and authorization framework 3. Neutron: Network connectivity as a service. 4, Cinder: Persistent block storage for runtime instances. Nova: Scheduler for networks of virtual machines running on nodes. 6. Glance: Registry for virtual machine images. Swift File storage and retrieval 8. _Ceilometer: Metering engine for collecting billable meters. 9, Heat: Orchestration service for template-based virtual machine deployments. OpenStack terminology Openstack uses the following terminology: + Cloud controller. The coordinating manager. All machines in the OpenStack cloud communicate with the cloud controller using the Advanced Message Queuing Protocol (AMQP). In Red Hat Enterprise Linux OpenStack Platform, there are two options for AMP: the Apache Qpid messaging daemon (qpidd) and Rabbit. + Tenant: The term "tenant" is used in Keystone, and is equivalent to a project in Horizon. A tenant or project is a group of items (users, images, instances, network(s), volumes, etc.) + Compute node: A hypervisor; any machine running the Nova compute service. Often, the machine is running only the Nova compute service. + Volume (block storage): A persistent disk presented and attached to a single instance. Volumes are persistent and can be attached to or detached from running instances. The Cinder service uses an LVM by default. Logical volumes are created from this volume group. Volume snapshots can be created, similar to normal logical volume snapshots, + Ephemeral disk: A temporary disk used by an instance. When the instance is created, the ephemeral disk is created as a QCOW2 image in /var/Lib/nova/instances/_ CL210-RHELOSPS.0-en-2-20140926R Openstack terminology instance -00000000X/disk. local on the compute node. When the instance is terminated, this disk is removed, after being erased with dd. The first ephemeral disk normally appears as dev /vab within the instance. ‘Server or instance: A virtual machine, Flavor: The hardware associated with an instance. This includes RAM, CPUs, and disks. ‘Stack: A group of instances built from a template. Template files are written in JavaScript ‘Object Notation (JSON), a data exchange format designed to be a simpler alternative to Extensible Markup Language (XML) dacument encoding. Stacks and the template files are used in the Heat orchestration service, ‘Openstack neworking: A sottware-detined networking service. Includes many plug-ins (e.. Open vSwitch, Cisco UCS/Nexus) and allows software-defined networks (SDN) and quality Of service (Q05). The OpenStack networking API uses the following abstractions to describe network resources: + Network: An isolated L2 segment, analogous to VLAN in the physical networking world. + Subnet: A block of v4 or v6 IP addresses and associated configuration state. + Port: A connection point for attaching a single device, such as the NIC of a virtual server, to a virtual network. Also describes the associated network configuration, such as the MAC and IP addresses to be used on that port. (Open vSwitch: Software that provides a virtual switch. Open vSwitch provides traffic queueing and shaping and automated flow control. We will use the Open vSwitch plug-in for OpenStack networking. References Red Hat OpenStack Installation and Configuration Guide + Section 1.2. Architecture + Section 13. Service DetailsChapter introducing Red Hat Openstack Architecture 2 ae Practice: OpenStack Architecture Quiz Match the following items to their counterparts in the table. . a Cinder block storage service | Cloud controll | ees Horizon dashboard service ] Keystone identity service | Nova compute service = penStack networking (Neutron). ||. Server o instance Swift object storage service | ° his service provides virtualization using libvirtd, qemu, and kvm. This service provides images that are used as templates to build instances. This service provides networking capabilities using a pluggable architecture. I This service provides persistent volumes for instances This service provides object storage. a CL210-RHELOSPS5 O-en-2-20140926 ah TRA TS & vr it nTThis service provides authentication and authorization = This service provides a web dashboard for managing OpenStack. eerSeen 5 7 2 eee | Coordinates the Red Hat OpenStack cloud | using the RabbitMQ or Qpid messaging | | ai service (AMQP). 3 The names used for a virtual machine in OpenStack. iy be wy 2 a CLAIO-RHELOSPS.0-en-2-20140926 ieee MOE Ri 9 aeSolution ject storage. ation and a web dashboard for virtual machine in Swift object storage se Cloud controller | Server or instance CL210-RHELOSPS.O-en 2 JS 7 eremeneaemeaRe eee a ee ne ee ee een ee ia @#2# & 8 & a a Practice: Explore the Classroom Environment Practice: Explore the Classroom Environment Guided exercise Lab overview: Become oriented to the initial classroom environment, ‘Success criteria: Students will understand their system configurations. Before you begin. Login information for your Red Hat Enterprise Linux systern(s): + Username: student, password: student + Username: root, password: redhat Lab outline: The checklist defines a list of system information you need to look up or verify (host name, IP addresses, package repositories, etc.). 1 Identify the workstationX.example.com Virtual Machine 1. Log into your workstationx machine as student (with the password student). 1.2. Open terminal and become the root user (with the password redhat). [studentworkstationx ~]$ su - | Password: redhat [root@workstationx ~]# 1.3. At the prompt on your workstationx virtual machine, run the hostname command to see what your machine's host name is. [roct@workstationx ~}# hostnane workstationX.example.com EE ae where X is your student number. 1.4, At the prompt on your workstationx virtual machine, run the dag command on your machine's host name to determine your expected IPv4 address. [rooteworkstationx ~]# dig works \tionX. example.con ih ANSWER SECTION: workstationx.example.com, 86400 IN A TR.25X9 ‘The IPv4 address Is 172.25.X.9 (where X Is your student number). 1.5. At the prompt on your workstationx virtual machine, run the ip addr show ‘command to see what interface your machine's IPv4 address is attached to. asChapter!.introducing Red Hat OpenStack Architecture [root@workstationx ~]# ip addr show up qlen 1000 ing stat {ethO: mew 1500 adise Link/ether §2:54:00:00:xx:09 brd fFiffiftsftifes te inet 172,25.%9/24 brd 172.25.x.258 scope global eth® The IPv4 address is 172. 25..X.9 (where X is your student number) on eth0. 1.6. Notice that your works tationx virtual machine has two NICs in the previous output [ront@unrkstarion® ~]# ip adde show | a: atnt: meu 1500 qdisc mq state UP 4 Link/ether 52:54:00:01:xX:09 brd ffi ffiffites tft inet 172.25.x+109,9/24 brd 172.25.X.285 scope global etht jen 1090 The IPv4 address is 172.25 .x+100.9 (where X+100 is 100 plus your student number) on eth, Verify yum Configuration on workstationx Your workstationx system may need to get software packages from the repositories on content .example.com, Review the yum repositories, and write down the names of the different repositories that are currently configured on WorkstationX. example .com. [root@workstationx ~]# yum repolist status repo id repo name 3,690 rhel_dvd Remote classroom copy of dvd repolist: 3,690 Apply Updates Update your workstationx system with the updates provided in class. i | [roctaworkstationx ~]# yum update -y Identify the serverx-a.example.com Virtual Machine 41, Log into your serverX-a machine as root (with the password redhat). virtual machine, run the hostname command to see. 42. At the prompt on your serverX- what your machine's host name is. serverX-a.exanple.com [ [rooteserverx-a =]# hostname where X is your student number. 14.3. At the prompt on your serverX-a virtual machine, run the diig command on your machine's host name to determine your expected IPv4 address.Guided exercise The IPv4 address is 172.25 .X. 10 (where X is your student number). 4.4, At the prompt on your serverX-a virtual machine, run the ip addr show command to see what interface your machine's IPv4 address is attached to. [root@serverx-a -]# ip addr show 2: ethO: mtu 1590 qdisc mq state UP glen 1960 Link/ether §2:54:00:60:xx:0a brd ffiffiffiff:ftiff inet 172.28.x10/24 brd 172.25.x.255 scope global eth Es The IPv4 address is 172. 25.X.40 (where X is your student number) on ethO. 4.5. Notice that your serverX-a virtual machine has two NICs in the previous output. [root@serverX-a ]# ip addr show o | 3: ett: mtu 150 qdisc mq state UP qlen 1900 Link/ether 52:54:00:01:xx:0a brd ff:ff:ff:ft:ffstf inet 172.25.X+19010/24 brd 172.25.X.255 scope global etht The IPv4 address is 172. 25.X+100. 10 (where X+109 is 100 plus your student number [eg., 107 if your student number were 7}) on etht. Verify yum Configuration on serverx-a Your serverX-a system may need to get software packages from the repositories on content . example. com. Review the yum repositories, and write down the names of the different repositories that are currently configured on serverX-a.example.com. [root@serverX-a ~]# yum repolist repo id repo name eae Openstack Red Nat Enterprise Linux Openstack Platform for RHEL 7 ‘381 rhel_dvd Remote classroom copy of dvd 4,398 rhe Red Wat Training Supplied Packages 4 repolist: 4,69 Apply Updates Update your serverX-a system with the updates provided in class. [_trooteservera-a =] yum update -yChapter. introducing Red Hat OpenStack Architecture < Identify the serverx-b.example.com Virtual Machine 71. Log into your serverX-b machine as root (with the password redhat). 72. At the prompt on your serverX-b virtual machine, run the hostname command fo See what your machine's host name is. [rooteserverx-b -]# hostname | serverx-b.example.com L where xis your student number. 7.3. At the prompt on your serverX-b virtual machine, run the dig command on your machine's host name to determine your expected IPv4 address. [root@serverx-b ~]# dig serverx-b. 7 ANSWER SECTION ServerX-b.example.com. 86400 IN A T72.25.411 The IPv4 address is 172.25.X. 11 (where X is your student number) At the prompt on your serverX-b virtual machine, run the ip addr show command to see what interface your machine's IPv4 address is attached to. [root@serverx-b ~]H" ip addr show 2: ethO: mtu 1500 qdisc mq state UP glen 1900 Link/ather §7:84:06:00:xX:0b brd fff iff ett cft ott set 172.25.X.11/24 brd 172.25.x,285 scope global ethe The IPv4 address is 172.25 .X. 1 (where X is your student number) on eth0. 75. Notice that your serverX-b virtual machine has two NICs in the previous output | troct@serverx-b ~]# ip addr show 3: etht: mtu 2500 qdisc mq state UP glen 1900 | | Link/ether §2:54:00:61:xX:6b brd ff:ff:ff: ff: fff inet 172.25.X+10011/24 brd 172.25.X.255 scope global eth The IPv4 address is 172.25.X+10.44 (where X+100 is 100 plus your student number {e.g.,107 if your student number were 71) on ety, Verify yum Configuration on serverX-b Your ServerX-b system may need to get software packages from the repositories on content . example .com. Review the yum repositories, and write down the names of the different repositories that are currently configured on serverX-b.example..com,Guided exercise Lroot@serverX-b ~]# yum repolist ; ec Sie rae Openstack Red Hat Enterprise Linux OpenStack Platform for RHEL 7 BAe Fe eee iiss con ot or fae Ree resto crtler santa status 381 4,305 4 i 9. Apply Updates Update your serverx-b system with the updates provided in class. [root@serverx-b ~}# yum update -ySummary Cloud Computing In this section, you learned how to: + Discuss cloud characteristics. + Compare traditional workloads to cloud workloads. Red Hat OpenStack Architecture Overview In this section, you learned how to: + Understand OpenStack architecture. + Understand OpenStack terminology.id db redhat. ~™ TRAINING CHAPTER 2 INSTALLING RED HAT i, = 3 3 a Cie | Goal Install Red Hat OpenStack with the packstack utility and 3 create an instance with the Horizon web front end. Objectives * Install Red Hat OpenStack software. | | + Explore the Horizon web interface. | Sections and Practice | + installing Red Hat OpenStack with Packstack Exercises laa Practice: Installing Red Hat OpenStack with Packstack | + Using the Horizon Web Interface = | + Practice: Creating a Tenant in Horizon + Manage Flavors + Practice: Creating a Flavor in Horizon ‘+ User Management in Horizon + Practice: Creating a User in Horizon ca} + Launch an Instance in Horizon a + Practice: Launching an Instance in Horizon + Discovering Foreman a + Deploying Red Hat OpenStack with Foreman Process for Deploying OpenStack with Foreman ia) Lab: Installing Red Hat OpenStack SLOSPS.0-en-2-20140926 gInstalling Red Hat OpenStack with Packstack ment in a jenStack environ oe wre the installation based taller to config ackstack is a utility that uses Puppet m lent way can be passed to t riabies the installer uses. It offers Pia ealeaniesret This is a text file that contains variables t 4 high-level way of contig jpenStack by setting different variables. Considerations to make betore de y Red Hat OpenStack Hardware requirements Red Hat OpenStack Cloud Controller Node Hardware Requirements e {64-bit x86 processor with support for the Intel 64 or AMD64 CPU extensions, and the AMD-V enabled, Intel VT hardware virtualization support | Mm GB RAM 8 \d additional disk space to this requirement virtual machine instances. Thi nd to make avail space that you jo create ure varies based on both the size of each disk image fare one or more disk images between multiple ci for a realistic exerci instances. 1B of disk space is recommen instances of capabl ing multip) Red Hat OpenStack Compute Node Hardware Requi Hardware Geto -4-bit x86 processor with support for the Intel 64 o | extensions, and the AMD-V or Intel VT hardwa enabled, Virtualization ext ions 2.GB RAM minimum For the c npute node, 2 GB RAM is the minimum amount necessary deploy one instance with the m4. small flavor on a node, or three ances with the m1. tiny flavor, without memory swapping. This Constitutes the minimum requirement for setting up a lest environment. ditional RAM to this requirement based on the amount of memory | that you intend to make available to virtual machine instances. Add Disk space 50 GB minimum Add additional disk space to this requirement based on the amount of space that you intend to make available to virtual machine instances, This figure varies based on both the size of each disk image you intend to create and whether you intend to share one or more disk images between multiple instances. 1B of disk space is recommended for a realistic environment capable of hosting multiple instances of varying sizes, Network 2x1 Gbps network interface card (NIC)8 x = 3 3 a 3 3 = 3 3 3 3 a 3 a 3 R Software requirements Software requirements + To deploy Red Hat OpenStack, you need to have at least two machines with Red Hat Enterprise Linux Server 64-bit version 6.5 or newer. One machine can act as a dedicated cloud controller node and the second machine can act as a Nova compute node. In the field, a minimum of two Nova compute nodes are recommended. + Make sure your machines have their clocks synced via Network Time Protocol (NTP). References + Chapter 2, Product Requirements: + Part Il, Deploying OpenStack Using Packstackab Chapter2. Installing Red Hat OpenStack ee Practice: Installing Red Hat OpenStack with Packstack Workshop Follow along with the instructor as you perform the setup tasks required to install the Red Hat OpenStack software. reRR ER SE Red Hat OpenStack features a tool to help with the installation called packstack. 1. The openstack-packstack package includes the packstack utility to quickly deploy Red Hat OpenStack either interactively, or non-interactively by creating and using an answer file that can be tuned, based on the required services and configuration. w 1M. Install the openstack-packstack package on serverX-a, using yum. [root@serverx-a —]# yum install -y openstack-packstack 1.2, Explore some of the options of the packstack command. = & [rootserverx-a =] packstack -h | less 1.3. The recommended way to do an installation is non-interactively, because the installation settings are documented, An answer file with default settings can be generated with the packstack command. [rot@aerverx a -]¥ packetack --gen-ancw 4, Before you can start the actual installation, edit the /root/answers. txt file and ensure the following items are configured: CONETG_NTP_SERVERS=172.25.x.254 ‘CONFIG. KEYSTONE. ADMIN. Pw=redhat ‘CONFIG HORIZON. 5SL=y CCONFIG_PROVISION_DENO=n Answer File Settings tor the Controller Node eee Purpose CONFIG_NTP_SERVERS=172.25.X.254 | Configure the NTP servers for time synchronization, CONFIG_KEYSTONE_ADMIN_PWeredhat | Configure the Keystone admin password to something easy to type. TONFIG_HORIZON_SSL=y Enable use of SSL for Horizon. This Is disabled by default because you would normally need to include a certiticate, For the classroom environment, you will a CL210-RHELOSPS.O-en-2-20140906iid a Md a a a wi lb ib Ww ‘a ow lb Workshop Tet packstack generate a self-signed certificate. Whether to provision for demo usage and testing. ‘CONFIG_PROVISION_DEMO=n_ 1.5. You can now perform the actual deployment of the Red Hat OpenStack controller using the answer file you just prepared: Note Allow 15 minutes or more for the installer to complete the installation and configuration of OpenStack services. [root@serverx-a -]# packstack --answer-file /root/answers.txt Welcone to Installer setup utility 1.6. Verify that the OpenStack services are running: a‘Chapter2. installing Red Hat Openstack = Nova services == ‘openstack-nova-api ‘openstack-nova-cert: ‘openstack-nova-compute ‘penstack-nova-network: ‘penstack-nova- scheduler: ‘openstack-nova-volune: ‘openstack-nova-conductor: = Glance services == ‘openstack-glance-api: ‘openstack-glance-registry: = Keystone service = ‘openstack-keystone: == Worizon service == ‘openstack-dashboar == neutron services neutron-server: ‘neutron-dhcp-agent: rneutron-13-agent: hneutron-metadata-agent: ‘neutron-Ibaas-agent : rneutron-openvswitch-agent ‘neutron-Linuxbridge-agent | neutron-ryu-agent neutron-mine == Swift services ‘openstack-swift-proxy openstack-suift account: | openstack-swift-container | epenstack-swift-object | Cinder services == fopenstack-cinder aps. openstack-cinder-scheduler openstack-cinder -volume | openstack-cinder-backup. active | Ceilometer services == | active active | openstack. active ‘openstack-cei loneter collector active ‘openstack-ceilometer-alarm-notifier: active == Support service: aabvired: | epenvsmiten: bus: tote: rabbitaa-server: mmencached: : ‘openstack-ceilomets = Keystone users == Warning keystonerc not sourced [root@serverk-a —]# openstack-status alara-evaluator: active Bring up a terminal on serverx-a.. active tetive tactive (disabled on boot) active ractive (disebled on boot) active active active active (disabled on boot) (Gisabled on boot) inactive (disabled on boot) inactive (disabled on boot) inactive (disabled on boot) active active active {nactive (disabled on boot) active example. com. The network reconfigured to properly use the network, Attach interfaces must be up the br-ex network device configuration fe tM® BF-€x bridge and properiy set PARP FPP PRR RRRWorkshop —_ [root@serverx-a -]¥ op /ete/sysconfig/network-scripts/ifcfg-etho /root/ [root@serverx-a ~]# ep /ete/sysconfig/network-scripts/ifcfg-etho /etc/sysconfig/ network-scrapts/iferg-Dr-ex 2.2. Edit the /ete/sysconfig/network-scripts/ifefg-ethd file to remove static networking information and add OVS information. The file will now contain: DevrcE=etho onsooT=yes. TYPE-ovsPort DEVICETYPE=ovs OVS BRIOGE=br-ex 2.3. In the /ete/sysconfig/network-scripts/ifcfg-br-ex file, change the device name from eth® to br-ex. Add OVS parameters (change TYPE to OVSBridge, adc DEVICETYPE=ovs). The /etc/sysconfig/network-scripts/ifcfg-br-ex file will now contain: | vevice-br-ex | soorpRoTo=static ‘onsooT=yes. TPADOR=172,25.x.10 NETHASK=255..255.255.0 GATEWAY=172.25..254 DNS1=172.25. 254.254 2.4, Add the eth@ network device to the br -ex bridge, and restart the network: E SF E ed [root@serverX-a ~]# evs-vsetl add-port br-ex ethe ; systenctl restart | | network. service i Both commands must be entered on one line. When eth@ is added to the br -ex bridge, the eth IP address no longer functions and networking is lost. The network returns when the service is restarted. i 25. Statically configure the hostname of the server. This system may not be able to obtain a hostname dynamically from DNS, since eth@ no longer has an IP address associated to ‘The network configuration scripts need an IP address to query DNS for the hostname. ~]# hostnanect] set-hostnane serverx-a.example.comChapter 2. Installing Red Hat OpenStack Sr eel Using the Horizon Web Interface Logging into the Horizon web interface The Horizon dashboard is a web interface allowing operators and adminis! eo the OpenStack platform. Horizon provides an alternative to the CL! to communicate ‘each OpenStack project API. Aimost all tasks can be performed using the dashboard 4 interface. Horizon is accessible at https: //serverX-a.exanple .con/dashboar or http: //servarx-a.example.con/dashboard, depending on your configuration of certificates, web configuration and the firewall. initially. log in using admin with the a 0S _PASSWORD password located in the /root/keystonerc_admin file, of the packstac! CONFIG KEYSTONE ADMIN PW password in answers. txt trators to manage Securing web interface access Access tothe Horizon web intertace i secured by Horizon contiguration settings on the Openstack controtier host. During the course, access to Horizon may be restricted by how a user specifies the URL in their browser. The ALLOWED_HOSTS paramater in /etc/openstack - dashboard/local_ settings restricts the host names to be acceoted from a browser's hast directive, as specified by the URL entered by the user. The detault settings include 172.25.X.10, serverX-a. example .com onc localhost. Specitving a cifferent Nostname format may result in denial of access The Horizon intertace is a web served application built using the Django Python framework. To protect against HTTP header hacking. ALLOWED_NOSTS sets the list of strings representing the host or domain names that this web application can serve, This is @ security measure to prevent {an attacker from submitting requests with a take HTTP Host header. List values can be fully Qualified names (e.9. wwwexample com’, case-insensitive matched against the request's Host header exactly), a period: beginning valve as a subdomain wikicard (e.9. Lexample.com’), or @ value of '** which wil match anything and provide no protective validation of the Host header Working with tenants A tenant describes a project with an assigned number of OpenStack users and resources itis Bossible to set up quotas for each tenant. This enables multiple projects to use a single cloud without interfering with each others permissions and resources. A set of resource quotas are preconfigured when a new tenant is creat ‘amount of VCPUs, instances, RAM, and floating IPs that can be assi can be added, modified, and deleted in Horizon with minimal effort References * Chapter 6. Using OpenStack with the Dashboard * Section 12.4. Launching an instance fed. The quotas include the igned to instances. Tenants BrprrmprrrrFrnerwPRFBRRane &