{"id":3652,"date":"2022-01-15T16:32:51","date_gmt":"2022-01-15T16:32:51","guid":{"rendered":"https:\/\/wiki.thomasandsofia.com\/?p=3652"},"modified":"2022-01-17T17:11:01","modified_gmt":"2022-01-17T17:11:01","slug":"openstack-essentials-5-10","status":"publish","type":"post","link":"https:\/\/wiki.thomasandsofia.com\/?p=3652","title":{"rendered":"OpenStack Essentials 5 &#8211; 10"},"content":{"rendered":"<p><a href=\"\/openstack-essentials-1-4\/\">https:\/\/wiki.thomasandsofia.com\/openstack-essentials-1-4\/<\/a><br \/>\n<a href=\"\/openstack-essentials-11-12\/\">https:\/\/wiki.thomasandsofia.com\/openstack-essentials-11-12\/<\/a><\/p>\n<h1>Section 5: Horizon Dashboard<\/h1>\n<h2>13. Overview<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6729054#overview<\/p>\n<ul>\n<li>Dashboard and Horizon are often used interchangably<\/li>\n<li>Dashboard is the UI<\/li>\n<li>Horizon is the underlying code (API I rec&#8217;n)<\/li>\n<\/ul>\n<h2>14. Dashboard Walkthrough<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6729072#overview<\/p>\n<h3>Create a user<\/h3>\n<ul>\n<li>Identity &gt; Users &gt; [+ Create User]<\/li>\n<li>Name, Password<\/li>\n<li>Assign to &#8216;admin&#8217; project as a _member_<\/li>\n<li>[ X ] Enabled<\/li>\n<li>[Create User]<\/li>\n<\/ul>\n<h3>Create a project and assign users<\/h3>\n<ul>\n<li>Identity &gt; Projects &gt; [+ Create Project]<\/li>\n<li>Create the Project\n<ul>\n<li>[Project Information] tab\n<ul>\n<li>Domain ID and Domain Name are disabled and set to Default since no domains have been established.<\/li>\n<li>Name: firstproject<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Add the users\n<ul>\n<li>[Project Members] tab<\/li>\n<li>Under &#8220;All Users&#8221; Click [+] next to user name<\/li>\n<li>Under &#8220;Project Members&#8221; use drop down and assign roles.\n<ul>\n<li>Don&#8217;t forget to add the Admin as a Member and an Admin!<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>[Create Project]<\/li>\n<\/ul>\n<h3>Setting Quotas<\/h3>\n<ul>\n<li>Identity &gt; Projects &gt; Locate dropdown to right of ProjectName &gt; Manage Quotas\n<ul>\n<li>Compute, RAM, Disk etc.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Logging In<\/h3>\n<ul>\n<li>Make sure to select the correct Project<\/li>\n<\/ul>\n<h3>Horizon Overview<\/h3>\n<p>No notes.\u00a0 Watch the video<\/p>\n<h1>Section 6:CLI Client<\/h1>\n<pre>openstack command list<\/pre>\n<h2>15. Working from the CLI<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6732850#overview<\/p>\n<h3>Openstack CLI Overview<\/h3>\n<ul>\n<li>OS credentials mean nothing to the Openstack Application<\/li>\n<li>Openstack commands are translated to respective API commands<\/li>\n<li>Credentials are assigned to environmental variables in `\/root\/keystonerc_admin`<\/li>\n<\/ul>\n<h3>keystonerc_admin File<\/h3>\n<pre>cd \/root\r\ncat keystonerc_admin<\/pre>\n<ul>\n<li>OS_USERNAME<\/li>\n<li>OS_PASSWORD<\/li>\n<\/ul>\n<h2>Running Commands<\/h2>\n<p>Running without credentials error<\/p>\n<pre>openstack server list\r\nMissing value auth-url required for auth plugin password<\/pre>\n<h3>Logging in<\/h3>\n<pre>source keystonerc_admin\r\n[root@localhost ~(keystone_admin)]#<\/pre>\n<ul>\n<li>This sets the environmental variables in the file to your session.<\/li>\n<\/ul>\n<p>Now run the command<\/p>\n<pre>openstack server list\r\n&lt; blank - there are no servers to list! &gt;<\/pre>\n<h3>Errors<\/h3>\n<p>If getting authentication errors, run the export command to see what variables have been set<\/p>\n<pre>export\r\n&lt; Long list of variables here! &gt;<\/pre>\n<h3>Adding new CLI Users<\/h3>\n<h4>Copy the current file to a new filename<\/h4>\n<pre>cp keystonerc_admin operator1_rc<\/pre>\n<h4>Edit the new file<\/h4>\n<ul>\n<li>Change the username and password<\/li>\n<li>Keep the URL the same (must be the API Url)<\/li>\n<li>You could assign new project here, but not necessary now<\/li>\n<\/ul>\n<pre>unset OS_SERVICE_TOKEN\r\n   export OS_USERNAME=operator\r\n   export OS_PASSWORD='16charhexpassword'\r\n   export OS_REGION_NAME=RegionOne\r\n   export OS_AUTH_URL=http:\/\/IP.ADD.RE.SS:5000\/v3\r\n   export PS1='[\\u@\\h \\W(operator1)]\\$ '\r\n\r\nexport OS_PROJECT_NAME=admin\r\nexport OS_USER_DOMAIN_NAME=Default\r\nexport OS_PROJECT_DOMAIN_NAME=Default\r\nexport OS_IDENTITY_API_VERSION=3<\/pre>\n<h4>Login as the new user<\/h4>\n<pre>source operator1_rc\r\n[root@localhost ~(operator1)]#<\/pre>\n<h4>Switch back to Admin<\/h4>\n<pre>source keystonerc_admin\r\n[root@localhost ~(keystone_admin)]#<\/pre>\n<h2>16. Unified CLI Client<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6732860#overview<\/p>\n<p>Most command have transitioned to new format<\/p>\n<ul>\n<li>nova boot &gt; openstack server create<\/li>\n<li>neutron net-create &gt; openstack network create<\/li>\n<li>glance image-list &gt; openstack image list<\/li>\n<li>cinder create &gt; openstack volume create<\/li>\n<\/ul>\n<p>Not all command have transitioned so you may find times you need to use the old school technique.<\/p>\n<h1>Section 7: Identity Service &#8211; Keystone<\/h1>\n<h2>17. Introduction &amp; Important Identity Concepts<\/h2>\n<ul>\n<li>Provides central authentication for users and projects.\n<ul>\n<li>Everything you want to do in Openstack requires authentication<\/li>\n<\/ul>\n<\/li>\n<li>Supports\n<ul>\n<li>LDAP<\/li>\n<li>AD<\/li>\n<li>MySQL<\/li>\n<\/ul>\n<\/li>\n<li>provides a token for subsequent auth requests\n<ul>\n<li>Tokens have roles embedded in them<\/li>\n<li>Generally expire in 24hrs, but modifiable<\/li>\n<li>Like a wrist band.\n<ul>\n<li>You show your ID and pay at the door (Authentication)<\/li>\n<li>You get a color coded wrist band\u00a0 for the rides you can go on<\/li>\n<li>The<\/li>\n<\/ul>\n<\/li>\n<li><\/li>\n<li><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Concepts<\/h3>\n<ul>\n<li>User:\n<ul>\n<li>User, system, service, or anything that requires access<\/li>\n<\/ul>\n<\/li>\n<li>Project (or Tenant)\n<ul>\n<li>Container that groups or isolates resources or identity objects<\/li>\n<li>Projects might map to\n<ul>\n<li>Customer<\/li>\n<li>Account<\/li>\n<li>Organization<\/li>\n<li>Tenant<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Role\n<ul>\n<li>Group of users with a defined set of privileges to perform a specific set of operations.<\/li>\n<li>Users can be granted access to any role\n<ul>\n<li>Globally scoped (all projects)<\/li>\n<li>Project scoped<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Token\n<ul>\n<li>Alpha-numeric text string (key) that allows access to APIs and resources<\/li>\n<li>These tokens include a list of roles<\/li>\n<\/ul>\n<\/li>\n<li>Catalog\n<ul>\n<li>Directory services for Openstack API<\/li>\n<li>By registering with Keystone\n<ul>\n<li>Don&#8217;t need to discover application API addresses\/endpoints each time.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Tell me like I&#8217;m 5.<\/h3>\n<ul>\n<li>Tokes are like a wrist band at an amusement park\n<ul>\n<li>You show your ID and pay at the door (Authentication)<\/li>\n<li>You get a color coded wrist band\u00a0 for the rides you can go on (Token)<\/li>\n<li>They give you a map to these rides (Catalog)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>18. Keystone Architecture<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6729088#overview<\/p>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/keystone-process-flow.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3660\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/keystone-process-flow.png\" alt=\"\" width=\"834\" height=\"550\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/keystone-process-flow.png 834w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/keystone-process-flow-300x198.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/keystone-process-flow-768x506.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/keystone-process-flow-150x99.png 150w\" sizes=\"auto, (max-width: 834px) 100vw, 834px\" \/><\/a><\/p>\n<h3>Polices and authorization<\/h3>\n<p>Each service has it&#8217;s own role based policies.<\/p>\n<ul>\n<li>stored in json file (policy.json)<\/li>\n<\/ul>\n<h3>Architecture<\/h3>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/keystone-architecture.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3661\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/keystone-architecture.png\" alt=\"\" width=\"1009\" height=\"400\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/keystone-architecture.png 1009w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/keystone-architecture-300x119.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/keystone-architecture-768x304.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/keystone-architecture-150x59.png 150w\" sizes=\"auto, (max-width: 1009px) 100vw, 1009px\" \/><\/a><\/p>\n<ul>\n<li>Stored in SQL database<\/li>\n<\/ul>\n<h2>19. Managing Keystone from CLI<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6732892#overview<\/p>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/keystone_commands_used.pdf\">keystone_commands_used<\/a><\/p>\n<h1>Section 8: Image Service &#8211; Glance<\/h1>\n<h2>20. Overview and Architecture<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6729094#overview<\/p>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/glance-architecture.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3664\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/glance-architecture.png\" alt=\"\" width=\"708\" height=\"500\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/glance-architecture.png 708w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/glance-architecture-300x212.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/glance-architecture-150x106.png 150w\" sizes=\"auto, (max-width: 708px) 100vw, 708px\" \/><\/a><\/p>\n<ul>\n<li>Stores VM disk images<\/li>\n<li>New VMs are NOT created from fresh installs.<\/li>\n<li>Instead, use a pre-built image to pull up the OS\n<ul>\n<li>Nova gets a copy of the image from Glance and spins up from it.<\/li>\n<li>Like booting from a Live CD<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Supported Images<\/h3>\n<ul>\n<li>Raw<\/li>\n<li>Machine (kernel, ramdisk outside of image, aka AMI)<\/li>\n<li>VHD (Hyper-V)<\/li>\n<li>VDI (VirtualBox)<\/li>\n<li>Qcow2 (Qemu\/KVM)<\/li>\n<li>VMDK (VMware)<\/li>\n<li>OVF (VMware, Others)<\/li>\n<\/ul>\n<h3>Link for downloading Glance Images<\/h3>\n<ul>\n<li>https:\/\/docs.openstack.org\/image-guide\/obtain-images.html<\/li>\n<li>One is CirrOS\n<ul>\n<li>Only 13MB<\/li>\n<li>Very limited but great for testing!<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>21. Managing Glance from CLI<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6732890#overview<\/p>\n<h3>Seach for Commands<\/h3>\n<pre>openstack command list | grep openstack.image -A 15<\/pre>\n<ul>\n<li>image add project\n<ul>\n<li>Adds an image to a project.<\/li>\n<li>Good for admins to use<\/li>\n<\/ul>\n<\/li>\n<li>image create\n<ul>\n<li>Saves the local file to the Glance repository<\/li>\n<\/ul>\n<\/li>\n<li>image delete<\/li>\n<li>image list\n<ul>\n<li>This will also show the Image ID<\/li>\n<\/ul>\n<\/li>\n<li>image member list<\/li>\n<li>image remove project\n<ul>\n<li>Removes an image from a project.<\/li>\n<\/ul>\n<\/li>\n<li>image save\n<ul>\n<li>Saves image in Glance repository to a local file<\/li>\n<\/ul>\n<\/li>\n<li>image set\n<ul>\n<li>Set image properties or tags<\/li>\n<\/ul>\n<\/li>\n<li>image show &lt;name or id&gt;\n<ul>\n<li>Displays the image&#8217;s properties<\/li>\n<\/ul>\n<\/li>\n<li>image unset\n<ul>\n<li>Unsets image properties or tags<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Get CirrOS<\/h3>\n<pre>curl -o \/tmp\/cirros-0.3.4.img http:\/\/download.cirros-cloud.net\/0.5.1\/cirros-0.5.1-x86_64-disk.img\r\n<\/pre>\n<p>Username: cirros<br \/>\nPassword: gocubsgo<\/p>\n<p>Note: I was unable to use curl to access the file.\u00a0 Instead, since my Openstack VM has access to my LAN, I used SCP to pull it from my workstation.\u00a0 Worked great!<\/p>\n<ul>\n<li>Had to switch back to the admin user using the source command.\u00a0 Easy enough.<\/li>\n<\/ul>\n<h3>Create the Image in Glance<\/h3>\n<pre>openstack image create --min-disk 2 --private --disk-format qcow2 --file \/tmp\/cirros-0.5.1-x86_64-disk.img cirros<\/pre>\n<ul>\n<li>&#8211;min-disk: Minimum disk size in GB<\/li>\n<li>&#8211;private: Make private to the user creating the image.<\/li>\n<\/ul>\n<p>Note: Had to switch back to the admin user using the source command.\u00a0 I was still as operator1.<\/p>\n<h3>View the image details<\/h3>\n<pre>openstack image show cirros\r\n+------------------+-------------------------------------------------------------------------+\r\n| Field            | Value                                                                   |\r\n+------------------+-------------------------------------------------------------------------+\r\n| checksum         | 1d3062cd89af34e419f7100277f38b2b                                        |\r\n| container_format | bare                                                                    |\r\n| created_at       | 2022-01-16T01:02:35Z                                                    |\r\n| disk_format      | qcow2                                                                   |\r\n| file             | \/v2\/images\/56355c14-2a6b-4980-9af8-7cda2940754c\/file                    |\r\n| id               | 56355c14-2a6b-4980-9af8-7cda2940754c                                    |\r\n| min_disk         | 2                                                                       |\r\n| min_ram          | 0                                                                       |\r\n| name             | cirros                                                                  |\r\n| owner            | a5444c1b501c4bc882871fbdc93e883f                                        |\r\n| properties       | os_hash_algo='sha512', os_hash_value='553d220ed5...', os_hidden='False' |\r\n| protected        | False                                                                   |\r\n| schema           | \/v2\/schemas\/image                                                       |\r\n| size             | 16338944                                                                |\r\n| status           | active                                                                  |\r\n| tags             |                                                                         |\r\n| updated_at       | 2022-01-16T01:02:35Z                                                    |\r\n| virtual_size     | None                                                                    |\r\n| visibility       | shared                                                                  |\r\n+------------------+-------------------------------------------------------------------------+\r\n<\/pre>\n<p>Note: I did not use the &#8211;private switch.\u00a0 As such, my image is not protected. \ud83d\ude42<\/p>\n<h1>Section 9 Networking Service &#8211; Neutron<\/h1>\n<h2>22. Introduction to Neutron<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6729110#overview<\/p>\n<h3>Benefits<\/h3>\n<ul>\n<li>Rich topologies\n<ul>\n<li>Overlapping IP addresses<\/li>\n<\/ul>\n<\/li>\n<li>Technology agnostic\n<ul>\n<li>Not limited to vlans or flat networks<\/li>\n<\/ul>\n<\/li>\n<li>Pluggin architecture\n<ul>\n<li>Load balancing, vpn, firewalls, etc<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Base Terminology and Abstractions<\/h3>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-terminology.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3668\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-terminology.png\" alt=\"\" width=\"874\" height=\"400\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-terminology.png 874w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-terminology-300x137.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-terminology-768x351.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-terminology-150x69.png 150w\" sizes=\"auto, (max-width: 874px) 100vw, 874px\" \/><\/a><\/p>\n<h4>Core Resources<\/h4>\n<ul>\n<li>Networks<\/li>\n<li>Ports<\/li>\n<li>Subnets<\/li>\n<\/ul>\n<h2>23. Neutron Architecture<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6729118#overview<\/p>\n<ul>\n<li>REST API\n<ul>\n<li>Exposes logical resources: subnets, ports, etc.<\/li>\n<\/ul>\n<\/li>\n<li>Plugin\n<ul>\n<li>Optional extension support<\/li>\n<li>ml2 is primary<\/li>\n<\/ul>\n<\/li>\n<li>Queue\n<ul>\n<li>Enables bidirectional agent communications<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Architecture<\/h3>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-architecture.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3669\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-architecture.png\" alt=\"\" width=\"707\" height=\"400\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-architecture.png 707w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-architecture-300x170.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-architecture-150x85.png 150w\" sizes=\"auto, (max-width: 707px) 100vw, 707px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li>Message Queue\n<ul>\n<li>Exchanges messages with other Neutron agents<\/li>\n<\/ul>\n<\/li>\n<li>L2 (Layer 2) Agent\n<ul>\n<li>Responsible for wiring up ports and devices and connecting them into a shared broadcast domain.<\/li>\n<li>Generally reside on the hypervisor on Compute node.<\/li>\n<\/ul>\n<\/li>\n<li>DHCP Agent\n<ul>\n<li>Auto-configure IP address, networking, DNS, yadda yadda<\/li>\n<li>Can use another agent called &#8220;config drive&#8221; which would not require you to use DHCP<\/li>\n<\/ul>\n<\/li>\n<li>L3 (Layer 3) Agent\n<ul>\n<li>Provides connectivity between different networks<\/li>\n<\/ul>\n<\/li>\n<li>Advanced Services\n<ul>\n<li>Special agents for LB, FW, VPN, etc.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Note: When running these agents in the real world, you will see many copies of each!<\/p>\n<h3>Plugin Extensions<\/h3>\n<ul>\n<li>Plugins are registered with the API and discovered at startup<\/li>\n<li>Common extensions include\n<ul>\n<li>DHCP, L3, Quota, Security Groups, Provider Networks<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Where Neutron Components Reside<\/h3>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-components-reside.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3670\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-components-reside.png\" alt=\"\" width=\"799\" height=\"550\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-components-reside.png 799w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-components-reside-300x207.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-components-reside-768x529.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-components-reside-150x103.png 150w\" sizes=\"auto, (max-width: 799px) 100vw, 799px\" \/><\/a><\/p>\n<h2>24. Provider and Project Networks<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6729142#overview<\/p>\n<h3>Multi Tenancy<\/h3>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-multi-tenancy.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3671\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-multi-tenancy.png\" alt=\"\" width=\"527\" height=\"550\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-multi-tenancy.png 527w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-multi-tenancy-287x300.png 287w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-multi-tenancy-144x150.png 144w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-multi-tenancy-300x313.png 300w\" sizes=\"auto, (max-width: 527px) 100vw, 527px\" \/><\/a><\/p>\n<ul>\n<li>Can provide per-tenant networking<\/li>\n<li>Virtual, isolated networks can be created inside Openstack projects<\/li>\n<li>Only have routes to the outside world if you create them.<\/li>\n<li>Design your networks according to the needs of your environment.\n<ul>\n<li>If you need a Router, add it.<\/li>\n<li>If you need a Load Balancer, add it.<\/li>\n<li>If you need Outside connectivity, add it.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Project vs Provider Networks<\/h3>\n<h4>Project networks<\/h4>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-project-networks.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3672\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-project-networks.png\" alt=\"\" width=\"996\" height=\"400\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-project-networks.png 996w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-project-networks-300x120.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-project-networks-768x308.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-project-networks-150x60.png 150w\" sizes=\"auto, (max-width: 996px) 100vw, 996px\" \/><\/a><\/p>\n<ul>\n<li>The terms Project and Tenant can be use interchangeably<\/li>\n<li>Created by normal users\n<ul>\n<li>Details about how they are physically realized are hidden from these users.<\/li>\n<li>Created to be used by the instances in their project.<\/li>\n<li>All software defined and live in their project environments.<\/li>\n<\/ul>\n<\/li>\n<li>Must attach their Upstream Interfaces to Provider Networks for access to external resources.<\/li>\n<li>Supports\n<ul>\n<li>Local<\/li>\n<li>Flat (No vLANS.\u00a0 Everything on the same network)<\/li>\n<li>VLAN<\/li>\n<li>VXLAN<\/li>\n<li>GRE (General Routing Encapsulation)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h4>Provider networks<\/h4>\n<ul>\n<li>Sole purpose for a Provider Network is to have access to the Outside (non-Openstack) world.\n<ul>\n<li>vLAN numbers have to match existing vLANs.<\/li>\n<\/ul>\n<\/li>\n<li>Are created by Administrators\n<ul>\n<li>These admin specify how the network is physically realized<\/li>\n<li>These usually match some existing network in the datacenter<\/li>\n<li>Often used to give Projects direct access to a Public network that can be used to reach either the Internet or perhaps some Intranet networks outside of Openstack.<\/li>\n<li>Great for integrating some VMs in Openstack with some bare-metal machines in a specific VLAN<\/li>\n<\/ul>\n<\/li>\n<li>Supports\n<ul>\n<li>Flat<\/li>\n<li>VLAN (802.1Q tagged)<\/li>\n<li>VXLAN<\/li>\n<li>GRE<\/li>\n<\/ul>\n<\/li>\n<li>Only support Layer 2 connectivity for instances\n<ul>\n<li>As such, they lack supporting for features such as Routers and Floating IP Addresses<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>25. Network Technologies Supported<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6729158#overview<\/p>\n<h3>Local Network<\/h3>\n<ul>\n<li>Isolated networks that live on a single compute node.<\/li>\n<li>Good for test and POC environments<\/li>\n<\/ul>\n<h3>Flat Network<\/h3>\n<ul>\n<li>No segmentation\n<ul>\n<li>No 802.1Q tagging or other mechanisms<\/li>\n<li>Single broadcast domain<\/li>\n<\/ul>\n<\/li>\n<li>Not scalable<\/li>\n<\/ul>\n<h3>VLAN<\/h3>\n<ul>\n<li>Layer 2 Implementation\n<ul>\n<li>Separate broadcast domains<\/li>\n<li>IEEE 802.1Q VLAN Tagging<\/li>\n<\/ul>\n<\/li>\n<li>Improves security by network segmentation<\/li>\n<li>Implemented by almost all router and switches\n<ul>\n<li>Supported by most NIC cards<\/li>\n<\/ul>\n<\/li>\n<li>Limited to 4096 VLANs\n<ul>\n<li>Although note that some of these are reserved&#8230;.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Tunneling Technologies (GRE and VXLAN)<\/h3>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-gre-vxlan.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3673\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-gre-vxlan.png\" alt=\"\" width=\"991\" height=\"414\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-gre-vxlan.png 991w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-gre-vxlan-300x125.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-gre-vxlan-768x321.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/neutron-gre-vxlan-150x63.png 150w\" sizes=\"auto, (max-width: 991px) 100vw, 991px\" \/><\/a><\/p>\n<ul>\n<li>Both are Layer 3 protocols<\/li>\n<li>GRE (General Routing Encapsulation)\n<ul>\n<li>MAC in IP encapsulation<\/li>\n<li>Not supported by most NICs<\/li>\n<li>More CPU Overhead<\/li>\n<\/ul>\n<\/li>\n<li>VXLAN (Virtual Extensible LAN)\n<ul>\n<li>MAC in UDP encapsulation<\/li>\n<li>24 VLAN address bits support 16.7M VLANs<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>26. Common Neutron Agents<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6729166#overview<\/p>\n<h3>L2 Agent<\/h3>\n<ul>\n<li>Runs on Compute node<\/li>\n<li>Communicated with Neutron server via RPC message queue<\/li>\n<li>Main job is to Watch and Notify when devices are added\/removed<\/li>\n<li>Wires up new devices\n<ul>\n<li>Network segment<\/li>\n<li>Security Group rules<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>OVS L2 Agent<\/h3>\n<ul>\n<li>Open vSwitch (Open Source Virtual Switch)\n<ul>\n<li>http:\/\/openvswitch.org<\/li>\n<li>https:\/\/www.youtube.com\/watch?v=x-F9bDRxjAM<\/li>\n<\/ul>\n<\/li>\n<li>Network segmentation\n<ul>\n<li>VLAN, GRE, VXLAN<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>L3 Agent<\/h3>\n<ul>\n<li>Responsible for\n<ul>\n<li>routing traffic inside the Openstack cloud<\/li>\n<li>Handles NAT<\/li>\n<\/ul>\n<\/li>\n<li>Runs on the Network node<\/li>\n<li>Uses Linux namespaces and Metadata agent (optional)<\/li>\n<li>Supports HA\n<ul>\n<li>Uses (VEERP?) to sync states between primary and failover?<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>27. Neutron Features and Functionality<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6729174#overview<\/p>\n<h3>Security Groups<\/h3>\n<ul>\n<li>Set of IP Tables rules<\/li>\n<li>Stateful<\/li>\n<li>Applied per VIF (Virtual Interface)\n<ul>\n<li>VMs with multiple VIFs supported<\/li>\n<\/ul>\n<\/li>\n<li>By default\n<ul>\n<li>all outgoing is allowed<\/li>\n<li>all incoming dropped<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>NAT<\/h3>\n<ul>\n<li>Usually Linux servers with IP Tables functionality that perform this\n<ul>\n<li>Layer 3 agent<\/li>\n<\/ul>\n<\/li>\n<li>Source Address Translation\n<ul>\n<li>Convert Private IPs to Public<\/li>\n<li>The public IP is the Floating IP<\/li>\n<\/ul>\n<\/li>\n<li>Destination Address Translation\n<ul>\n<li>Used for applications<\/li>\n<\/ul>\n<\/li>\n<li>Port Address Translation<\/li>\n<\/ul>\n<h3>Floating IPs<\/h3>\n<ul>\n<li>Neutron L3 Agent&#8217;s task<\/li>\n<\/ul>\n<h3>DVR &#8211; Distributed Virtual Routing<\/h3>\n<p>&nbsp;<\/p>\n<h3>Network Namespaces<\/h3>\n<ul>\n<li>Critical to Neutron<\/li>\n<li>Isolated copy of network stack\n<ul>\n<li>scope limited to each namespace<\/li>\n<li>Each namespace has it&#8217;s own network devices, routing tables, IP addresses, etc.<\/li>\n<li>Can resute addresses<\/li>\n<\/ul>\n<\/li>\n<li>Explicity configuration needed to connect<\/li>\n<li>View using <code>IP netns<\/code><\/li>\n<\/ul>\n<h2>28. Managing Neutron from CLI<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6733868#overview<\/p>\n<pre>openstack command list | grep openstack.network -A 70<\/pre>\n<h1><span style=\"color: #ff0000;\">STOPPED<\/span> TAKING NOTES HERE\u00a0 REDUE from here on!<\/h1>\n<h1><\/h1>\n<h1>Section 10: Compute Service &#8211; Nova<\/h1>\n<h2>29. Introduction to Nova<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6729180#overview<\/p>\n<h3>Introduction<\/h3>\n<ul>\n<li>One of the two original openstack projects\n<ul>\n<li>runs on all hypervisor nodes<\/li>\n<\/ul>\n<\/li>\n<li>Provides instance lifecycle management<\/li>\n<li>Multiple Hypervisors supported\n<ul>\n<li>Nova is NOT a hypervisor!<\/li>\n<li>Nova uses the hypervisor&#8217;s API or requires an agent to talk to it.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Hypervisors Supported<\/h3>\n<ul>\n<li>KVM (Kernel based\u00a0 VM)<\/li>\n<li>QEMU (Quick Emulator)<\/li>\n<li>UML (User Mode Linux)<\/li>\n<li>VMware vSphere 4.1 update 1 and newer<\/li>\n<li>Xen (Xen, Citrix XenServer and Xen Cloud Platform (XCP))<\/li>\n<li>LXC (Linux Containers (through libvirt))<\/li>\n<li>Bare Metal (via plugin sub-drivers)<\/li>\n<li>https:\/\/wiki.openstack.org\/wiki\/HypervisorSupportMatrix<\/li>\n<\/ul>\n<h3>Key Pairs<\/h3>\n<ul>\n<li>Provides a means of authentication w\/o passwords<\/li>\n<li>Injected to the image with the help of cloud-init process<\/li>\n<li>Can manage (create\/delete\/import) key-pairs from dashboard or CLI<\/li>\n<li>Key-pairs are not specific to openstack<\/li>\n<\/ul>\n<h2>30. Architecture<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6729182#overview<\/p>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/nova-architecture.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3674\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/nova-architecture.png\" alt=\"\" width=\"811\" height=\"500\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/nova-architecture.png 811w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/nova-architecture-300x185.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/nova-architecture-768x473.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/nova-architecture-150x92.png 150w\" sizes=\"auto, (max-width: 811px) 100vw, 811px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li>REST API port 8774\n<ul>\n<li>also support aws api<\/li>\n<\/ul>\n<\/li>\n<li>RabbitMQ but could be any AMQP message bus<\/li>\n<li>Conductor\n<ul>\n<li>takes build request<\/li>\n<li>Requests which node to launch on from scheduler<\/li>\n<li>Interacts with DB and compute nodes<\/li>\n<li>Schedule &#8211; only purpose is to determine which node to build on.<\/li>\n<\/ul>\n<\/li>\n<li>Compute\n<ul>\n<li>Creates and terminates VM by communicating with the hypervisor<\/li>\n<\/ul>\n<\/li>\n<li>Database\n<ul>\n<li>stores the data about the vms<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Other<\/h3>\n<ul>\n<li>Nova Networking &#8211; being replaced by Neutron<\/li>\n<li>Ceilometer agent\n<ul>\n<li>Used when collecting monitoring information from VMs<\/li>\n<\/ul>\n<\/li>\n<li>Amazon EC2<\/li>\n<\/ul>\n<h2>31. Launching an Instance<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6729192#overview<\/p>\n<h3>Minimum Requirements<\/h3>\n<ul>\n<li>Image (pre-built)<\/li>\n<li>Network<\/li>\n<li>Flavor<\/li>\n<li>Resources\n<ul>\n<li>RAM vCPU, Storage<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Flavors<\/h3>\n<p>openstack flavor list<\/p>\n<ul>\n<li>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6729192#overview<\/li>\n<li>Like AWS Instance sizes\n<ul>\n<li>m1.tiny = 512MB RAM, 1 GB Disk, 1 vCPU<\/li>\n<li>m1.xlarge = 16GB RAM, 160GB Disk, 8 vCPU<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Instance Creation<\/h3>\n<pre>openstack server create --image &lt;image&gt; --flavor &lt;flavor&gt; --nic net-id=&lt;net-id&gt; instance-name<\/pre>\n<p>Use the `openstack image show &lt;imageName&gt;` command to see the minimum requirements.<\/p>\n<ul>\n<li>Using a flavor with less than the minimum required settings will fail.<\/li>\n<\/ul>\n<h3>Flavor Selection<\/h3>\n<pre>openstack flavor list\r\n+----+-----------+-------+------+-----------+-------+-----------+\r\n| ID | Name      | RAM   | Disk | Ephemeral | VCPUs | Is Public |\r\n+----+-----------+-------+------+-----------+-------+-----------+\r\n| 1  | m1.tiny   | 512   | 1    | 0         | 1     | True      |\r\n| 2  | m1.small  | 2048  | 20   | 0         | 1     | True      |\r\n| 3  | m1.medium | 4096  | 40   | 0         | 2     | True      |\r\n| 4  | m1.large  | 8192  | 80   | 0         | 4     | True      |\r\n| 5  | m1.xlarge | 16384 | 160  | 0         | 8     | True      |\r\n+----+-----------+-------+------+-----------+-------+-----------+<\/pre>\n<ul>\n<li>Typically each flavor is 2x the previous<\/li>\n<li>Flavors can be customized by the admin.<\/li>\n<li>When specifying the flavor with the create command, <strong>use the flavor&#8217;s ID, not the name.<\/strong><\/li>\n<\/ul>\n<h3>Network Selection<\/h3>\n<pre>openstack network list<\/pre>\n<h2>32. Launching an instance (continued)<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6729198#overview<\/p>\n<pre>openstack server create --image &lt;image&gt; --flavor &lt;flavor&gt; --nic net-id=&lt;net-id&gt; instance-name<\/pre>\n<h3>Process Flow<\/h3>\n<ul>\n<li>nova-api\n<ul>\n<li>extracts parameters and validates<\/li>\n<li>retrieves reference to selected flavor<\/li>\n<li>retrieves reference to selected boot media<\/li>\n<li>saves state to DB<\/li>\n<li>Puts request on bus for conductor<\/li>\n<\/ul>\n<\/li>\n<li>API call returns with instance status of BUILD and task state SCHEDULING<\/li>\n<li>Conductor asks scheduler where to create the image<\/li>\n<li>Filter scheduler kick in<\/li>\n<li>Schedule applies filters and weights based on config.\n<ul>\n<li>filter examples\n<ul>\n<li>is the compute node on<\/li>\n<li>Does it have enough free vCPU, vRAM, disk?<\/li>\n<\/ul>\n<\/li>\n<li>Weight examples\n<ul>\n<li>Give preference to hosts with more free RAM?<\/li>\n<li>Give preference to hosts with less free RAM?<\/li>\n<\/ul>\n<\/li>\n<li><em>If &#8220;No Valid Hosts Error&#8221; then no hosts were found suitable for the requested VM.<\/em><\/li>\n<\/ul>\n<\/li>\n<li>Database updated with instance state<\/li>\n<li>Conductor places message on queue for nova-compute on the selected compute node.<\/li>\n<li>Compute Agent\n<ul>\n<li>prepares for instance creation\n<ul>\n<li>Calls Glance to get boot media<\/li>\n<li>Calls Neutron for attaching to the network<\/li>\n<li>Calls Cinder if need to attach persistent volume<\/li>\n<li>Sets up configuration drive if requested<\/li>\n<\/ul>\n<\/li>\n<li>Communicates with hypervisor to create the VM<\/li>\n<li>Udates instance state in DB (using Conductor)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>33. Grouping Compute Nodes<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6729206#overview<\/p>\n<h3>Segregation of Compute resources<\/h3>\n<ul>\n<li>Provides logical groupings\n<ul>\n<li>Data center, geo region, power source, rack, network resources<\/li>\n<\/ul>\n<\/li>\n<li>Differentiate specific hardware on compute nodes\n<ul>\n<li>GPU cards, Fast NICs, Storage devices, SSDs<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Regions<\/h3>\n<ul>\n<li>Each region get own full openstack deployment where\n<ul>\n<li>Implement their own API endpoints, compute, storage, network, etc<\/li>\n<li>share as many services as required<\/li>\n<\/ul>\n<\/li>\n<li>By default, all sservices in one region<\/li>\n<li>Need to specify a target region for your action.<\/li>\n<\/ul>\n<h3>Host Aggregates<\/h3>\n<ul>\n<li>Logical grouping of compute nodes based on metadata<\/li>\n<li>Scheduler uses this data to make decisions<\/li>\n<li>Typically metadata describes capabilities of the nodes\n<ul>\n<li>SSD<\/li>\n<li>NICs<\/li>\n<li>GPU<\/li>\n<\/ul>\n<\/li>\n<li>A compute node can be in multiple host aggregates\n<ul>\n<li>A host with GPU and SSDs might be in both the GPU aggregate and the SSD aggregate<\/li>\n<\/ul>\n<\/li>\n<li>Implicitly targetable:\n<ul>\n<li>Admin defines host aggregate with metadata and flavor to match\n<ul>\n<li>add commands here<\/li>\n<\/ul>\n<\/li>\n<li>User selects flavor when requesting instance<\/li>\n<li>Schedule chooses host matching flavor extra specs with host aggregate metadata<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Availability Zones<\/h3>\n<ul>\n<li>Logical groupings of hosts based on factors like\n<ul>\n<li>Geo-location<\/li>\n<li>network layout<\/li>\n<li>Power source<\/li>\n<\/ul>\n<\/li>\n<li>Explicitly user targetable\n<ul>\n<li>openstack server create &#8211;availability-zone &lt;zone-name&gt; &#8230;<\/li>\n<li>if unspecified, will go to default<\/li>\n<\/ul>\n<\/li>\n<li>Host aggregates are made explicitly targetable by creating them as an Availability Zone<\/li>\n<li>Unlike host aggregates, hosts cannot be in mulitple AZs!<\/li>\n<\/ul>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/nova-aggregate-example.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3678\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/nova-aggregate-example.png\" alt=\"\" width=\"971\" height=\"550\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/nova-aggregate-example.png 971w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/nova-aggregate-example-300x170.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/nova-aggregate-example-768x435.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2022\/01\/nova-aggregate-example-150x85.png 150w\" sizes=\"auto, (max-width: 971px) 100vw, 971px\" \/><\/a><\/p>\n<h2>34. Managing Nova from CLI<\/h2>\n<p>https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6738322#overview<\/p>\n<h3>View available services<\/h3>\n<pre>openstack compute service list<\/pre>\n<h3>Create a flavor<\/h3>\n<pre>openstack flavor create --id 10 --ram 256 --disk 2 --public m1.tinier<\/pre>\n<h3>Create a key-pair<\/h3>\n<pre>openstack keypair create mykeypair &gt;&gt; mykeypair.key<\/pre>\n<h3>Select Image<\/h3>\n<pre>openstack image list\r\n+--------------------------------------+--------+--------+\r\n| ID                                   | Name   | Status |\r\n+--------------------------------------+--------+--------+\r\n| 56355c14-2a6b-4980-9af8-7cda2940754c | cirros | active |\r\n+--------------------------------------+--------+--------+\r\n<\/pre>\n<h3>Select Network<\/h3>\n<pre>openstack network list\r\n+--------------------------------------+------------------+--------------------------------------+\r\n| ID                                   | Name             | Subnets                              |\r\n+--------------------------------------+------------------+--------------------------------------+\r\n| 500fcbb8-3a6a-8d03-99c6-b3f442a791a0 | internal         | bdb18cac-add9-1e2b-c544-8f592c4246db |\r\n| 9c71166f-dc2a-4d9d-25ba-8d0399c6b3f4 | int_net          | 246dbbdb-18ca-cadd-91e2-bc5448f592c4 |\r\n| 8d0399c6-b3f4-42a7-91a0-500fcbb83a6a | external_network | cadd91e2-bc54-48f5-92c4-246dbbdb18ca |\r\n+--------------------------------------+------------------+--------------------------------------+\r\n<\/pre>\n<h3>Create the Instance<\/h3>\n<pre>openstack server create --image cirros --key-name mykeypair --flavor 10 --nic net-id=9c71166f-dc2a-4d9d-25ba-8d0399c6b3f4 instance01\r\n...\r\nOS-EXT-STS:vm_state | building\r\n...\r\nid | 1a29a750-d010-496e-9f38-597d237d3766b57\r\n...<\/pre>\n<h3>Check server status<\/h3>\n<pre>openstack server show &lt;instance_id&gt;\r\n...\r\nOS-EXT-STS:vm_state | active\r\n...<\/pre>\n<h3>View filters to determine which node to run on<\/h3>\n<p>https:\/\/docs.openstack.org\/developer\/nova\/filter_scheduler.html<\/p>\n<pre>cat \/etc\/nova\/nova.conf | grep filter<\/pre>\n<h3>\u00a0Snapshots<\/h3>\n<pre>openstack server image create --name &lt;snapshot_name&gt; &lt;instance_name&gt;<\/pre>\n<p>After a snapshot has been created, it is listed with the images and you can use it to spin up a new instance at any time.\u00a0 \ud83d\ude00<\/p>\n<h3>Host Aggregates<\/h3>\n<pre>openstack aggregate create --property SSD=true agg\r\n+-------------------+----------------------------+\r\n| Field             | Value                      |\r\n+-------------------+----------------------------+\r\n| availability_zone | None                       |\r\n| created_at        | 2022-01-17T15:42:58.000000 |\r\n| deleted           | False                      |\r\n| deleted_at        | None                       |\r\n| hosts             |                            |\r\n| id                | 1                          |\r\n| name              | agg                        |\r\n| properties        | SSD='true'                 |\r\n| updated_at        | 2022-01-17T15:42:59.304017 |\r\n+-------------------+----------------------------+<\/pre>\n<h3>Open Instance&#8217;s Console<\/h3>\n<pre>openstack console usr show --novnc &lt;instance_name&gt;\r\n...\r\nurl | http:\/\/IP.ADD.RE.SS:6080\/vnc_auto.html?token=&lt;some-long-id&gt;<\/pre>\n<p>You can now paste this url into a browser window.<\/p>\n<h3>View Console Logs<\/h3>\n<pre>openstack console log show &lt;instance_name&gt;<\/pre>\n<h3>Identity Related Commands<\/h3>\n<pre>openstack command list | grep openstack.compute -A 80<\/pre>\n<ul>\n<li>aggregate *\n<ul>\n<li>managing host aggregates<\/li>\n<\/ul>\n<\/li>\n<li>compute agent *\n<ul>\n<li>managing hypervisors in the cluster<\/li>\n<\/ul>\n<\/li>\n<li>computer service *\n<ul>\n<li>Managing Nova services<\/li>\n<\/ul>\n<\/li>\n<li>console *\n<ul>\n<li>view logs or console url<\/li>\n<\/ul>\n<\/li>\n<li>flavor *\n<ul>\n<li>Manage flavors<\/li>\n<\/ul>\n<\/li>\n<li>host *\n<ul>\n<li>View where each nova service is installed<\/li>\n<\/ul>\n<\/li>\n<li>hypervisor *\n<ul>\n<li>Get information related to hypervisors in the cluster<\/li>\n<\/ul>\n<\/li>\n<li>ip (fixed|floating) *\n<ul>\n<li>Add or delete IPs<\/li>\n<li>These are deprecated for the new `server ip` commands.<\/li>\n<\/ul>\n<\/li>\n<li>keypair *\n<ul>\n<li>Manage key-pairs<\/li>\n<\/ul>\n<\/li>\n<li>server *\n<ul>\n<li>Manage VM operations<\/li>\n<\/ul>\n<\/li>\n<li>usage (list|show)\n<ul>\n<li>statistics re: server usage<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>https:\/\/wiki.thomasandsofia.com\/openstack-essentials-1-4\/ https:\/\/wiki.thomasandsofia.com\/openstack-essentials-11-12\/ Section 5: Horizon Dashboard 13. Overview https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6729054#overview Dashboard and Horizon are often used interchangably Dashboard is the UI Horizon is the underlying code (API I rec&#8217;n) 14. Dashboard Walkthrough https:\/\/www.udemy.com\/course\/openstack\/learn\/lecture\/6729072#overview Create a user Identity &gt; Users &gt; [+ Create User] Name, Password Assign to &#8216;admin&#8217; project as a _member_ [ X ] Enabled ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/?p=3652\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[75,76],"tags":[],"class_list":["post-3652","post","type-post","status-publish","format-standard","hentry","category-openstack","category-openstack-essentials"],"_links":{"self":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/3652","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3652"}],"version-history":[{"count":17,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/3652\/revisions"}],"predecessor-version":[{"id":3686,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/3652\/revisions\/3686"}],"wp:attachment":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3652"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3652"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3652"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}