0% found this document useful (0 votes)

278 views297 pages

SOC201-OpenStack Administration With SUSE OpenStack Cloud - LMS

OpenStack_Administration

Uploaded by

anonymous_9888

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

278 views297 pages

SOC201-OpenStack Administration With SUSE OpenStack Cloud - LMS

OpenStack_Administration

Uploaded by

anonymous_9888

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 297

y

nl
O
e
te Us
OpenStack Administration with

bu r
SUSE OpenStack Cloud
tri ne
-Lecture-
is rt
D Pa
Course ID: SOC201
Version: 8.0.2
ot d

Date: 2018-07-10
N an
D al
n
er
o
t
In
SE
SU
Proprietary Statement Disclaimer
Copyright © 2018 SUSE LLC. All rights reserved. SUSE LLC, makes no representations or warranties with
respect to the contents or use of this documentation, and
SUSE LLC, has intellectual property rights relating to specifically disclaims any express or implied warranties
technology embodied in the product that is described in of merchantability or fitness for any particular purpose.
this document.
Further, SUSE LLC, reserves the right to revise this
No part of this publication may be reproduced, publication and to make changes to its content, at any
photocopied, stored on a retrieval system, or transmitted time, without obligation to notify any person or entity of
without the express written consent of the publisher. such revisions or changes. Further, SUSE LLC, makes
no representations or warranties with respect to any

y
SUSE software, and specifically disclaims any express or

nl
Maxfeldstrasse 5 implied warranties of merchantability or fitness for any
90409 Nuremberg particular purpose. Further, SUSE LLC, reserves the

O
Germany right to make changes to any and all parts of SUSE
www.suse.com software, at any time, without any obligation to notify any
person or entity of such changes.

e
(C) 2018 SUSE LLC. All Rights Reserved. SUSE and the

te Us
SUSE logo are registered trademarks of SUSE LLC in Any products or technical information provided under this
the United States and other countries. All third-party Agreement may be subject to U.S. export controls and
trademarks are the property of their respective owners. the trade laws of other countries. You agree to comply
with all export control regulations and to obtain any

bu r
If you know of illegal copying of software, contact your required licenses or classification to export, re-export or

tri ne
local Software Antipiracy Hotline. import deliverables. You agree not to export or re-export
to entities on the current U.S. export exclusion lists or to
any embargoed or terrorist countries as specified in the
is rt U.S. export laws. You agree to not use deliverables for
D Pa
prohibited nuclear, missile, or chemical biological
weaponry end uses. SUSE assumes no responsibility
for your failure to obtain any necessary export approvals.
ot d

This SUSE Training Manual is published solely to instruct

N an

students in the use of SUSE networking software.

Although third-party application software packages may
be used in SUSE training courses, this is for
demonstration purposes only and shall not constitute an
D al

endorsement of any of these software applications.

Further, SUSE LLC does not represent itself as having

any particular expertise in these application software

packages and any use by students of the same shall be
o
t

done at the student’s own risk.

In
SE
SU
Contents

SECTION 1: Introduction and Course Overview 4

SECTION 2: Introduction to SUSE OpenStack Cloud 21

y
nl
SECTION 3: Introduction to OpenStack Administration 53

O
SECTION 4: Introduction to the OpenStack Identity Service 68

e
SECTION 5: Work with OpenStack Projects, Users, Domains and Groups 84

te Us
SECTION 6: Work with Cloud Images 112

SECTION 7: Work with Software Defined Networks in OpenStack 132

bu r
tri ne
SECTION 8: Work with Cloud Workload Instances 169
is rt
SECTION 9: Work with Block Storage in OpenStack 194
D Pa
SECTION 10: Work with Object Storage in OpenStack 220
ot d

SECTION 11: Orchestrate the Lifecycle of Cloud Applications 250

N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES
OpenStack Administration with SUSE OpenStack Cloud

Section 1

y
nl
Introduction and Course

O
Overview

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

4
OpenStack Administration with SUSE OpenStack Cloud

Section Objectives

• Understand the Lab Environment Setup

• Understand the Course Student Media

y
nl
• Understand the Course Overview

O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

5
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand the Lab Environment

e
Setup

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

6
OpenStack Administration with SUSE OpenStack Cloud

Lab Environment Requirements

• Hardware
‒ CPU = Quad-core Intel or AMD
‒ Memory = 32GB minimum (or 2 machines with 16GB)

y
‒ Disk = 200GB SSD (SSD strongly recommended)

nl
‒ Network = 1Gbit Ethernet

O
• Software

e
‒ Linux Distro with a recent 4.x kernel

te Us
‒ KVM
‒ QEMU

bu r
‒ Libvirt with Spice

tri ne
is rt
Using the provided Lab Machine Image is recommended
D Pa
ot d
N an
D al

This course requires a large amount of RAM due to the number of VMs that will be running concurrently. It is strongly
recommended that a single machine with 32GB of RAM or if possible two machines with 16GB a of RAM each be
n

used. Using machines with less RAM than this can cause the lab exercises to not run successfully.
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

7
OpenStack Administration with SUSE OpenStack Cloud

Lab Network Diagram (single machine)

eth0

(Libvirt Router)
virbr5 192.168.126.1

virbr3 192.168.130.1

y
virbr3 192.168.125.1

nl
virbr2 192.168.124.1

O
cloud-storage (192.168.125.0/24)
cloud-os_sdn (192.130.124.0/24)

management
cloud-admin (192.168.124.0/24)
cloud-public (192.136.124.0/24)

cloud-private (192.130.123.0/24)

(VM)

e
eth0

te Us
192.168.124.9
[ cloud-storage.xml ]

[ cloud-admin.xml ]
[ cloud-ossdn.xml ]
[ cloud-public.xml ]

[ cloud-private.xml ]

admin (VM)
eth0 192.168.124.10

bu r
tri ne
(cloud VM)
(cloud VM)
is rt (cloud VM)
D Pa
(cloud VM)
(cloud VM)
ot d
N an

Lab Machine
(physical)
D al

The Lab environment for the course is comprised of a lab machine and several virtual machines and virtual networks.
The default configuration is for every student to have a single lab machine with 32GB of RAM that will run the virtual
n

machines and virtual networks for their lab environment. The student's lab environments are identical in that all of the
er

virtual machines and virtual networks have the same IP address. The virtual networks are configured as private
and/or NATed Libvirt virtual networks and the virtual machines are connected to these networks. This allows for each
o

student's lab environment to be isolated on their lab machine.

t
In

The student's lab environment can be installed onto their lab machine using the install_lab_env.sh script provided
in the student media. It is recommended that the student use the lab machine image provided in the student media as
SE

the OS running on their lab machine. To install the lab environment onto the lab machine, while logged in as a regular
user (not root), attach the student media to the lab machine. Open a terminal and change to the SOC201 directory.
Because the student media may be on a flash drive with a FAT filesystem, you should execute the installation script
SU

as follows:

bash install_lab_env.sh

When the lab environment is finished installing you can detach the student media. Everything required for the lab
environment has been installed to the lab machine. The course PDFs can be found in ~/pdf and the virtual machines
should be ready to run in the Virt-Manager utility.

When the student is finished with the course the lab environment can be removed from the lab machine in a similar
fashion to how it was installed. Attach the student media to the lab machine, open a terminal and change to the
SOC201 directory. Execute the removal script as follows and all lab relate files and configuration will be removed:

bash remove_lab_env.sh

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

8
OpenStack Administration with SUSE OpenStack Cloud

Lab Network Diagram (multiple machines)

(Libvirt Router)
eth0 eth0

y
(cloud VM) management

nl
vlan-dmin (VM)
(cloud VM) eth0

O
192.168.124.9
cloud-admin (192.168.124.0/24)
(cloud VM) admin (VM)

e
vlan-storage
(cloud VM) eth0 192.168.124.10

te Us
cloud-storage (192.168.125.0/24)
(cloud VM)
eth1 eth1
(cloud VM)

bu r
vlan-os_sdn

tri ne
vlan-os_sdn (192.168.130.0/24)

vlan500 (192.168.123.0/24)
is rt
D Pa
cloud-public (192.168.126.0/24)
ot d
N an

Lab Machine 2 Lab Machine 1

(physical) (physical)
D al

In a multiple lab machine lab environment the virtual machines for the course are spread across more than one lab
machine. To allow for network connectivity between the virtual machines special VLANs and bridges are configured
n

between the lab machines.

In the default setup, all lab machines in the lab environment must have two NICs, the first NIC is the one that
o

connects to the classroom LAN or the outside world and the second NIC is used for the VLANs and bridges that
t
In

interconnect the lab VMS. If there are only two lab machines, you can simply cross connect the lab machines with a
single Ethernet cable. If there are three or more lab machines you must connect the lab machines with a switch. It is
important to understand that, because every student's lab environment is identical, each student's lab machines
SE

should be interconnected using their own switch. If multiple students' lab machines are interconnected using the
same switch, there will be IP address conflicts and the students' lab environments will not function.
SU

The install_lab_env.sh script that is used to install a student's lab environment on a single lab machine can also
be used to install the lab environment on multiple lab machines (and removed with the remove_lab_env.sh script as
well in the same manner as below). For this to happen, each lab machine in the lab environment must have a
separate config file for the install_lab_env.sh script. These config files are provided on the student media, in the
SOC201/config/ directory, for setups with two 16GB (or three 8GB) lab machines. To install the lab environment onto
the first lab machine (node1), attached the student media to the first lab machine and execute the script as follows:

bash install_lab_env.sh config=config/lab_env-node1.cfg

When the first lab machine is finished installing, attach the student media to the second lab machine (node2) and
execute the script as follows:

bash install_lab_env.sh config=config/lab_env-node2.sh

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

9
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand the Course Student

e
Media

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

10
OpenStack Administration with SUSE OpenStack Cloud

Live USB and Student Media Files

y
|-install-live-image.sh
|

nl
|-SOC201/

O
|-install_lab_env.sh
|-remove_lab_env.sh
|-backup_lab_env.sh

e
|

bu r
| |

|
N an

|-course_files/
|
|-pdf/
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

11
OpenStack Administration with SUSE OpenStack Cloud

Student Media Files

y
|-install-live-image.sh
|

nl
|-SOC201/

O
|-install_lab_env.sh Lab environment
|-remove_lab_env.sh installation/removal/backup
Lab environment

|-backup_lab_env.sh scripts

e
installer files

bu r
configuration files
| |

tri ne
Course Files | |-lab_env.cfg
(Student Media) | Scripts used in the course

|
Additional files used in the course
N an

|-course_files/
|
|-pdf/ Course PDFs (lecture/lab manuals)
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

12
OpenStack Administration with SUSE OpenStack Cloud

install_lab_env.sh Command

• Description:
Installs the course lab environment onto the lab machine.

y
• Syntax:

nl
bash ./install_lab_env.sh [config=<config_file>]

O
Option Description
-specify a path to an alternate lab_env.cfg file

e
config=
-commonly used to reference configuration files

te Us
designed to spread the lab environment across
multiple machines

bu r
nocolor -disables colorization of output

tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

13
OpenStack Administration with SUSE OpenStack Cloud

remove_lab_env.sh Command

• Description:
Removes an installed course lab environment from the lab machine.

y
• Syntax:

nl
bash ./remove_lab_env.sh [config=<config_file>]

O
Option Description
-specify a path to an alternate lab_env.cfg file

e
config=
-commonly used to reference configuration files

te Us
designed to spread the lab environment across
multiple machines

bu r
-This should be the same configu file used

tri ne
when installing the lab environment
nocolor is rt -disables colorization of output
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

14
OpenStack Administration with SUSE OpenStack Cloud

backup_lab_env.sh Command

• Description:
Backs up the current state of an installed course lab environment and creates
a new lab environment installer package containing these files in:

y
/install/courses/COURSE_ID-backup-<date>.<time>

nl
• Syntax:

O
bash ./backup_lab_env.sh COURSE_ID

e
Option Description

te Us
COURSE_ID -The Course ID or name of the course
(as specified in the COURSE_NUM variable in

bu r
the lab_env.cfg file)

tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

15
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand the Course

e
Overview

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

16
OpenStack Administration with SUSE OpenStack Cloud

Section Overview

• Section 2: Introduction to SUSE OpenStack Cloud

‒ Overview of OpenStack

y
‒ Introduction to OpenStack Componenets

nl
• Section 3: Introduction to OpenStack Administration

O
‒ Overview of OpenStack administration utilities

e
Section 4: Introduction to the OpenStack Identity Service

te Us
•

‒ Introduction to the OpenStack Identity Service, its functions and

responsiblities

bu r
tri ne
‒ Introduction to services and endpoints
• is rt
Section 5: Work with OpenStack Projects, Users, Domains
D Pa
and Groups
‒ Introduction to the things used to control access to the cloud and track
ot d

consumption of the cloud resources

N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

17
OpenStack Administration with SUSE OpenStack Cloud

Section Overview

• Section 6: Work with Cloud Images

‒ Overview of the OpenStack Image Service

y
‒ Overview of images in the OpenStack Cloud

nl
• Section 7: Work with Software Defined Networks in

O
OpenStack

e
‒ Introduction to software defined networking

te Us
‒ Overview of the OpenStack Network Service
Section 8: Work with Cloud Workload Instances

bu r
•

tri ne
‒ Overview of cloud workload instances
‒
is rt
Overview of the OpenStack Compute Service
D Pa
• Section 9: Work with Block Storage in OpenStack
Introduction to block storage in the cloud
ot d

‒
N an

‒ Overview of the OpenStack Block Service

D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

18
OpenStack Administration with SUSE OpenStack Cloud

Section Overview

• Section 10: Work with Object Storage in OpenStack

‒ Introduction to object storage

y
‒ Overview of the OpenStack Object Service

nl
‒ Introduction to Ceph

O
• Section 11: Orchestrate the Lifecycle of Cloud Applications

e
‒ Introdiction to cloud application stacks

te Us
‒ Overview of the OpenStack Orchestration Service

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

19
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 1

O
e
te Us
Exercises

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

20
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

20
OpenStack Administration with SUSE OpenStack Cloud

Section 2

y
nl
Introduction to SUSE OpenStack

O
Cloud

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

21
OpenStack Administration with SUSE OpenStack Cloud

Section Objectives

• Understand OpenStack
• Understand OpenStack Components

y
nl
• Understand OpenStack Architecture

O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

22
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand OpenStack

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

23
OpenStack Administration with SUSE OpenStack Cloud

What is OpenStack?

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

To quote the OpenStack web site,

“OpenStack is a cloud operating system that controls large pools of compute, storage, and networking resources
er

throughout a data center, all managed through a dashboard that gives administrators control while empowering their
users to provision resources through a web interface.”
o

https://www.openstack.org/software/
t
In

OpenStack is the leading open source cloud platform. It has a strong and vibrant ecosystem of developers and
supporters both in the open source and commercial world. OpenStack is primarily designed to provide an
SE

Infrastructure as a Service (IaaS) cloud though it does have some projects that provide PaaS or SaaS.

The OpenStack project is based on a 6 month release cycle. The names of the releases follow an alphabetical
SU

naming scheme: Austin, Bexar, Cactus, Diablo, … Icehouse, Juno, Kilo, Liberty, ...

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

24
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand OpenStack

e
Components

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

25
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Core Components

Compute Storage Network

y
nl
Swift Cinder

O
Nova Neutron

e
te Us
Ceph Manila
Admin

bu r
tri ne
is rt
D Pa
Keystone Horizon Glance Database
ot d
N an

Heat Ceilometer Aodh Barbican Message Queue

D al

When running on a single machine an Operating System is responsible for managing the different aspects of
computing such as CPU, memory, storage, networking, user interface, etc. OpenStack is comprised of a number of
n

different projects that provide the different aspects of the “Cloud Operating System” that manage these same aspects
er

of computing.
o

The diagram above groups the different OpenStack projects into four different categories that align with these
t
In

different aspects of computing.

SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

26
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Compute
(Nova)

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The Nova project, also known as OpenStack Compute, was one of the original founding projects of the OpenStack
project. Nova is responsible for managing compute resources in the cloud. Nova does not provide a hypervisor,
n

rather it contains modular drivers that allow it to manage other hypervisors such as KVM, Xen, HyperV and VMware.
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

27
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Object Storage

(Swift)

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The Swift project, also known as OpenStack Object Storage, was also one of the founding projects of OpenStack.
Swift provides a massively scalable object storage system that is integrated with the rest of the OpenStack projects.
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

28
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Block Storage

(Cinder)

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The Cinder project, also known as OpenStack Block Storage, provides management of and access to persistent
storage volumes for cloud instances. Block storage management (known then as Nova Volume) was once part of the
n

Nova project but was split off into its own project so that it could grow independently of Nova. One of the key benefits
er

of the Cinder project is that it has a plugable storage backend that allows it to use different 3rd party storage systems
to actually provide the block storage to the cloud but maintain a single, common interface to that block storage.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

29
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Shared File System Service

(Manila)

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The Manila project, also known as the OpenStack Shared File System Service, provides management of and access
to shared file systems such as NFS and CIFS for cloud instances.
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

30
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Networking
(Neutron)

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The Neutron project, also known as OpenStack Networking, provides software defined networking for the cloud.
Similar to the Cinder project, networking was originally managed as part of the Nova project (going by the name of
n

Nova Networking) but was split off into its own project to allow for independent growth. Also, similarly to the Cinder
er

project, Neutron is plugable and extensible in nature by having drivers that allow 3rd party software defined
networking systems to be used with OpenStack.
o
t
In

When originally introduced the Neutron project was named Quantum but had to be renamed due to trademark issues.
For this reason many of the commands and features of Neutron still use the term “quantum”.
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

31
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Image Service

(Glance)

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The Glance project, also known as the OpenStack Image Service, provides management of and access to an registry
of operating system images that are used to launch cloud instances. Glance can use other storage backends such as
n

Swift to store the actual images while it maintains the registry used to search for and access these images. One of
er

the key benefits of the image registry is that the images are immutable once uploaded but the meta data associated
with the images can be updated.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

32
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Identity Service

(Keystone)

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The Keystone project, also known as OpenStack Identity, provides Identity, authentication and authorization, and
catalog services for users of an OpenStack cloud and the services provided in an OpenStack cloud. Keystone can
n

both maintain its own database of users as well as use external databases such as LDAP directories. Because all
er

OpenStack projects must support keystone, it is the component that binds all of the services provided by an
OpenStack cloud together.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

33
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Dashboard
(Horizon)

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The Horizon project, also known as the OpenStack Dashboard, provides a web based user interface to an
OpenStack cloud for both cloud operators/administrators and those who access and use the cloud's resources.
n

Horizon is designed to be easily skin-able so that OpenStack software vendors and possibly even the cloud operators
er

can change the look of the dashboard for their users. Another advantage of Horizon is that it can be extended with 3rd
party plug-ins for things like software defined networking management.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

34
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Orchestration Service

(Heat)

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The Heat project, also known as the OpenStack Orchestration Service, provides automation in managing cloud
applications stacks based on templates.
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

35
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Telemetry Service

(Ceilometer)

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The Ceilometer project, also know as the OpenStack Telemetry service, provides metering of resources in an
OpenStack cloud.
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

36
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Alarming Service

(Aodh)

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The Aodh service part of the larger Ceilometer project and provides an alarming service for the OpenStack Telemetry
service. Though it is part of the larger Ceilometer project Aodh is developed and often deployed as a separate
n

service.
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

37
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Secret Management Service

(Barbican)

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The Barbican project is a ReST API that provides secure storage, provisioning and management of secrets in an
OpenStack cloud. These secrets can be use for things such as keys for encrypted volumes and certificates for
n

Magnum.
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

38
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Bare Metal Service

(Ironic)

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The Ironic project, also know as the OpenStack Bare Metal service, provides the ability to deploy workloads to bare
metal rather then virtual machines in an OpenStack cloud. We will not cover this service in this course.
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

39
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Data Processing as a Service

(Sahara)

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The Sahara project provides the ability to deploy Hadoop or Spark on an OpenStack cloud to provide data processing
as a service to users of an OpenStack cloud. Sahara is different from most of the other OpenStack projects
n

mentioned in this course in that is does not really provide, or support the providing of Infrastructure as a Service
er

services. Instead it provides a Platform as a Service service on an OpenStack Cloud. In that respect is it similar to the
Trove and Designate OpenStack services.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

40
OpenStack Administration with SUSE OpenStack Cloud

OpenStack DNS as a Service

(Designate)

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The Designate project provides DNS as a service to users of an OpenStack cloud. Designate is different from most of
the other OpenStack projects mentioned in this course in that is does not really provide, or support the providing of
n

Infrastructure as a Service services. Instead it provides a Platform as a Service service on an OpenStack Cloud. In
er

that respect is it similar to the Trove and Sahara OpenStack services

o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

41
OpenStack Administration with SUSE OpenStack Cloud

Database

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Many of the OpenStack projects and services require a database. In a SUSE OpenStack cloud this database is
provided by MariaDB and Galera in HA deployments.
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

42
OpenStack Administration with SUSE OpenStack Cloud

Message Queue

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Like with a database, many of the OpenStack projects and services require a message queue service. In a SUSE
OpenStack cloud this message queue service is provided by RabbitMQ.
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

43
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Conceptual Architecture

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Image Source: http://docs.openstack.org/training-guides/content/associate-getting-started.html

n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

44
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand OpenStack

e
Architecture

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

45
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Architecture
Identity Identity Identity
Node Node Node

y
Controller Controller Controller

nl
Dashboard

O
Compute Compute Compute Compute

e
Node Node Node Node

te Us
Image
Service

bu r
tri ne
Compute Compute Compute Compute
Node Node Node Node
Network
Service
is rt
D Pa
Block Block Block Object Object Object
ot d

Storage Storage Storage Storage Storage Storage

N an
D al

Where it is possible to install multiple services on a node, OpenStack is designed to allow is various services to be
installed on different nodes in the infrastructure. The advantages of this is that it allows for the distribution of service
n

to minimize single points of failure and to distribute workload across many machines.
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

46
OpenStack Administration with SUSE OpenStack Cloud

Cloud Infrastructure Scale Out

Identity Identity Identity
Node Node Node

Controller Controller Controller Controller Controller Controller

y
nl
Dashboard Dashboard

O
Compute Compute Compute Compute Compute Compute Compute Compute
Node Node Node Node Node Node Node Node

e
Image Image

te Us
Service Service

bu r
Compute Compute Compute Compute Compute Compute Compute Compute

tri ne
Node Node Node Node Node Node Node Node
Network Network
Service Service

is rt
D Pa
Block Block Block Object Object Object Block Block Block Object Object Object
Storage Storage Storage Storage Storage Storage Storage Storage Storage Storage Storage Storage
ot d
N an
D al

OpenStack is also designed to scale out by adding additional nodes running its various services. The nodes running
the different services do not need to be of the same size or spec. This allows the cloud to grow organically as
n

capacity is needed without having to be limited to using the same hardware types.
er

Scale out is very easy. If more object storage capacity is needed, just add an additional node (or nodes) with as many
o

disks from any manufacturer as you want or can afford. If more compute capacity is needed, just add additional
t
In

nodes with as much memory and CPUs as you need or can afford. The CPU vendor and model doesn't even need to
match existing nodes.
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

47
OpenStack Administration with SUSE OpenStack Cloud

Regions
Identity Identity Identity
Node Node Node

Controller Controller Controller Controller Controller Controller

y
nl
Dashboard Dashboard

O
Compute Compute Compute Compute Compute Compute Compute Compute
Node Node Node Node Node Node Node Node

e
Image Image

te Us
Service Service

bu r
Compute Compute Compute Compute Compute Compute Compute Compute

tri ne
Node Node Node Node Node Node Node Node
Network Network
Service Service

is rt
D Pa
Block Block Block Object Object Object Block Block Block Object Object Object
Storage Storage Storage Storage Storage Storage Storage Storage Storage Storage Storage Storage
ot d
N an

Region Region
D al

An OpenStack cloud can be divided into multiple regions that still use the same identity service. These regions are
typically based on geographic location. The “geographic location” may be as far away as different locations around
n

the globe or as close as different racks in a single data center.

er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

48
OpenStack Administration with SUSE OpenStack Cloud

Availability Zones
Identity Identity Identity
Node Node Node

Controller Controller Controller Controller Controller Controller

y
nl
Dashboard Dashboard

O
Compute Compute Compute Compute Compute Compute Compute Compute
Node Node Node Node Node Node Node Node

e
Image Image

te Us
Service Service

bu r
Compute Compute Compute Compute Compute Compute Compute Compute

tri ne
Node Node Node Node Node Node Node Node
Network Network
Service Service

is rt
D Pa
Availability Zone Availability Zone Availability Zone Availability Zone

Block Block Block Object Object Object Block Block Block Object Object Object
Storage Storage Storage Storage Storage Storage Storage Storage Storage Storage Storage Storage
ot d
N an

Region Region
D al

Within these regions the nodes can be further segregated into availability zones. Availability zones are designed to
segregate nodes based on failure domains such as power, storage or networking. The idea is that failure in one
n

availability zone will not affect any other availability zone.

er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

49
OpenStack Administration with SUSE OpenStack Cloud

Host Aggregates
Controller Controller Controller

Dashboard

Compute Compute Compute Compute

y
Node Node Node Node

nl
Image

O
Service
Host Aggregate Host Aggregate

e
te Us
Compute Compute Compute Compute
Node Node Node Node
Network
Service

bu r
tri ne
Host Aggregate Host Aggregate
is rt
Availability Zone Availability Zone
D Pa
Block Block Block Object Object Object
Storage Storage Storage Storage Storage Storage
ot d
N an

Region
D al

Nodes can also be grouped into host aggregates. Host aggregates allow grouping based on similarity. For example,
maybe some of your nodes have access to fast SSD storage, or have graphic processors. You could create
n

availability zones that include the nodes with these special pieces of hardware. You would then create flavors that are
er

associated with these availability zones that users could choose to allow them to deploy instances on these specific
nodes to gain access to their special abilities. Another example may be around software licensing. If you have
o

software licenses that are tied to a specific number of CPUs or to specific machines, you could create a host
t
In

aggregate that contains just these machines. Creating flavors that are associated with this host aggregate would
guarantee that any instances running that particular software would be running on compliant nodes.
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

50
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 2

O
e
te Us
Review Questions

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

51
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

51
OpenStack Administration with SUSE OpenStack Cloud

Section 2 Review Questions

• What is OpenStack?
• What type of cloud is OpenStack primarily designed to create/manage?
• What are the Compute oriented OpenStack services?
• What are the Storage oriented OpenStack services?
• What are the Network oriented OpenStack services?

y
• What are the Admin oriented OpenStack services?

nl
• What are Regions in the context of OpenStack and how are they used?
What are Availability Zones in the context of OpenStack and how are they used?

O
•
• What are Host Aggregates in the context of OpenStack and how are they used?

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

52
OpenStack Administration with SUSE OpenStack Cloud

Section 3

y
nl
Introduction to OpenStack

O
Administration

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

53
OpenStack Administration with SUSE OpenStack Cloud

Section Objectives

• Understand OpenStack Administration Utilities

• Understand OpenStack Credentials (rc) Files

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

54
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand OpenStack

e
Administration Utilities

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

55
OpenStack Administration with SUSE OpenStack Cloud

OpenStack CLI Clients

• Python command line clients for managing OpenStack

services

y
nl
Can use rc files to provide endpoint and authentication

O
•

e
te Us
• Communicate with each project's APIs

bu r
tri ne
• Typically all are installed on Controller nodes
is rt
D Pa
• Can be installed and run on any Linux machine
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

56
OpenStack Administration with SUSE OpenStack Cloud

Command Line Clients

Project Client Name Command
Keystone python-keystoneclient keystone
Glance python-glanceclient glance
Cinder python-cinderclient cinder
Nova python-novaclient nova

y
Neutron python-neutronclient neutron

nl
Swift python-swiftclient swift

O
Heat python-heatclient heat
Ceilometer python-ceilometerclient ceilometer

e
… … …

te Us
( Installation: zypper in python-PROJECTclient )

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

57
OpenStack Administration with SUSE OpenStack Cloud

Common Command Line Client

Project Specific Clients
keystone
glance
cinder
nova

y
neutron openstack

nl
swift
heat

O
ceilometer
…

e
te Us
• The openstack command combines most of the features of the project specific
CLI client into a single CLI client

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Although most of the project specific command functionality can be replicated with the openstack command, there are
some gaps. There is documentation that shows the mapping between project specific commands and the openstack
n

command. The map is located at:

https://docs.openstack.org/python-openstackclient/latest/cli/decoder.html
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

58
OpenStack Administration with SUSE OpenStack Cloud

Getting Help with the openstack Command

• Syntax: openstack help MODE

• Useful for
‒ finding out how to use modes and options

y
‒ what options are required and available

nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

59
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Dashboard

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

60
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand OpenStack

e
Credentials (rc) Files

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

61
OpenStack Administration with SUSE OpenStack Cloud

Important OpenStack Environment Variables

Variable Description
OS_AUTH_URL -URL of Keystone API
OS_AUTH_VERSION -Identity API version to use for

y
authentication

nl
OS_IDENTITY_API_VERSION -Identity API version to use for Identity

O
operations
OS_PROJECT_DOMAIN_NAME -Name of domain that the project is a

e
member of

te Us
OS_USER_DOMAIN_NAME -Name of the domain the user is a
member of
OS_PROJECT_NAME -Name of project the user is in

bu r
tri ne
OS_USERNAME -Name of the OpenStack User
OS_PASSWORD -Password for the OpenStack User
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

62
OpenStack Administration with SUSE OpenStack Cloud

Example Downloadable OpenStack RC File

#!/usr/bin/env bash
# To use an OpenStack cloud you need to authenticate against the Identity
# service named keystone, which returns a **Token** and **Service Catalog**.
# The catalog contains the endpoints for all services the user/tenant has
# access to - such as Compute, Image Service, Identity, Object Storage, Block
# Storage, and Networking (code-named nova, glance, keystone, swift,
# cinder, and neutron).
#
# *NOTE*: Using the 3 *Identity API* does not necessarily mean any other

y
# OpenStack API is version 3. For example, your cloud provider may implement
# Image API v1.1, Block Storage API v2, and Compute API v2.0. OS_AUTH_URL is

nl
# only for the Identity API served through keystone.
export OS_AUTH_URL=http://controller01.example.com:5000/v3/

O
# With the addition of Keystone we have standardized on the term **project**
# as the entity that owns the resources.
export OS_PROJECT_ID=60efdd2f1f8d440491c2612c0e38bdec

e
export OS_PROJECT_NAME="admin"
export OS_USER_DOMAIN_NAME="Default"

te Us
if [ -z "$OS_USER_DOMAIN_NAME" ]; then unset OS_USER_DOMAIN_NAME; fi
# unset v2.0 items in case set
unset OS_TENANT_ID
unset OS_TENANT_NAME

bu r
# In addition to the owning entity (tenant), OpenStack stores the entity

tri ne
# performing the action as the **user**.
export OS_USERNAME="admin"
# With Keystone you pass the keystone password.
is rt
echo "Please enter your OpenStack Password for project $OS_PROJECT_NAME as user $OS_USERNAME: "
read -sr OS_PASSWORD_INPUT
D Pa
export OS_PASSWORD=$OS_PASSWORD_INPUT
# If your configuration has multiple regions, we set that information here.
# OS_REGION_NAME is optional and only valid in certain environments.
export OS_REGION_NAME="RegionOne"
# Don't leave a blank variable, unset it if it was empty
ot d

if [ -z "$OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi

N an

export OS_INTERFACE=public
export OS_IDENTITY_API_VERSION=3
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

63
OpenStack Administration with SUSE OpenStack Cloud

Example Custom OpenStack RC File

#!/usr/bin/env bash

unset OS_TENANT_ID
unset OS_TENANT_NAME
unset OS_PROJECT_ID
unset OS_PROJECT_NAME
unset OS_DOMAIN_ID
unset OS_DOMAIN_NAME
unset OS_REGION_NAME
export OS_AUTH_URL=http://controller01:5000/v3/

y
export OS_AUTH_VERSION=3

nl
export OS_IDENTITY_API_VERSION=3
export OS_PROJECT_DOMAIN_NAME="Default"
export OS_USER_DOMAIN_NAME="Default"

O
export OS_REGION_NAME="RegionOne"
export OS_PROJECT_NAME="acme"
export OS_USERNAME="acmeuser"

e
echo "Enter the OpenStack password for the user: ${OS_USERNAME}"

te Us
read -sr OS_PASSWORD_INPUT
export OS_PASSWORD=${OS_PASSWORD_INPUT}

if openstack token issue &> /dev/null

then
echo "Authentication Successful"

bu r
export PS1="\u@\h: [${OS_USERNAME}@${OS_PROJECT_DOMAIN_NAME}/${OS_PROJECT_NAME} (v3)]\w> "

tri ne
else
echo "Authentication Failed"
export PS1="\u@\h:\w>"
unset OS_AUTH_URL
is rt
unset OS_IDENTITY_API_VERSION
unset OS_AUTH_VERSION
D Pa
unset OS_PROJECT_DOMAIN_NAME
unset OS_USER_DOMAIN_NAME
unset OS_REGION_NAME
unset OS_PROJECT_ID
unset OS_PROJECT_NAME
ot d

unset OS_USERNAME
unset OS_PASSWORD
N an

fi
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

64
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 3

O
e
te Us
Review Questions

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

65
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

65
OpenStack Administration with SUSE OpenStack Cloud

Section 3 Review Questions

• What utilities are available for use when administering or using an OpenStack
cloud?
• What OpenStack CLI utility can be used to manage most aspects of an
OpenStack cloud?
• What is an OpenStack credentials (rc) file and how can it be used?

y
• What are some important variables that need to be in an OpenStack credentials

nl
(rc) file?

O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

66
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 3

O
e
te Us
Exercises

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

67
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

67
OpenStack Administration with SUSE OpenStack Cloud

Section 4

y
nl
Introduction to the OpenStack

O
Identity Service

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

68
OpenStack Administration with SUSE OpenStack Cloud

Section Objectives

• Understand Keystone Features and Functionality

• Understand Keystone Configuration Commands

y
nl
• Understand Basic Keystone Troubleshooting

O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

69
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Keystone Features

e
and Functionality

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

70
OpenStack Administration with SUSE OpenStack Cloud

What is the OpenStack Identity Service

(Keystone)?

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
Video:
ot d
N an

What is the OpenStack Identity Service?

D al

The OpenStack Identity Service, also known as Keystone, provides key services that bind the other cloud
infrastructure services together.
n
er

The first service that Keystone provides is an Authentication (or Identity) Service. This Authentication Service allows
for credential validation of username and password pairs when cloud users log into the cloud environment. Keystone
o

can use a Database to store these username/password pairs or it can use an external source such as an LDAP
t
In

server.

The second service that Keystone provides is an Authorization (or Token) Service. The Authorization Service works
SE

hand in hand with the Authentication Service by creating authentication tokens for authenticated users and services
that allow them to gain access to other OpenStack services.
SU

The third service that Keystone provides is a Service Catalog. The Service Catalog provides a central index of cloud
services and their endpoints. This can simplify the configuration of the other cloud services because instead of having
to configure each cloud service manually to know how to communicate with every other cloud service, you can just
configure the service to use the Service Catalog to look up the endpoint of the service that they need to communicate
with.

The fourth service that Keystone provides is Resource Service. The resource service manages all of the data relative
to tenants and domains. Tenants are the entities that are granted access to the cloud resources and Domains are
entities that are used to manage groups of tenants and users.

The fifth service that Keystone provides is an Assignment service. The Assignment Service manages all of the data
relating to roles and the role assignments. Roles are assigned to users and are what grant or restrict access to
specific cloud resources.

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

71
OpenStack Administration with SUSE OpenStack Cloud
The sixth service that Keystone provides is a Policy Service. The Policy Service manages all of the rule based
authorizations between the users or groups that are assigned roles and the actions that the policies are
associated with.

The reason Keystone, or the OpenStack Identity Service is so important is that it simplifies interaction between
and with all of the cloud services. Without the OpenStack Identity Service, every user would have to be
separately granted access to every cloud service, greatly increasing administration overhead and creating more
opportunities for errors and misconfiguration.

In summary, the OpenStack Identity Service, or Keystone, provides a range of services that allow users and cloud
services to interact with a minimized amount of configuration and a high degree of security.

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

72
OpenStack Administration with SUSE OpenStack Cloud

Keystone Services

Identity Credential (username|password) validation

Token Service access authorization requests

y
nl
O
Catalog Endpoint registry & discovery

e
te Us
Resource Data about Tenants/Domains

bu r
tri ne
Assignment Data about roles and role assignments
is rt
D Pa
Policy Rule based authorization and management
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

73
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Keystone

e
Configuration Commands

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

74
OpenStack Administration with SUSE OpenStack Cloud

Service Catalog Management Commands

• Syntax: openstack service MODE OPTIONS

Mode Description

y
create -define a new service

nl
delete -delete an existing service

O
list -display existing services

e
te Us
• Syntax: openstack endpoint MODE OPTIONS

bu r
•

Mode Description

tri ne
create -define a new endpoint for a service
is rt
D Pa
delete -delete an existing service endpoint

list -display existing configured service endpoints

ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

75
OpenStack Administration with SUSE OpenStack Cloud

Services and Their Endpoints

Services Service endpoints

root@d52-54-00-63-a1-01:~ # openstack endpoint list
+----------------------------------+-----------+--------------+----------------+---------+-----------+------------------------------------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+----------------+---------+-----------+------------------------------------------------------------------+

3 Endpoints
N an
D al

Notice that each service has 3 endpoints: admin, internal, public.

The admin endpoint is on the internal network (the network named admin in the case of SUSE OpenStack Cloud) but
er

may use a different port (i.e. Keystone: 35357=admin, 5000=internal). The internal endpoint is on an internal network
as well. The public endpoint is on the public, or externally facing, network (the network named public in the case of
o

SUSE OpenStack Cloud). The idea is that could operators will be accessing the services over an administrative
t
In

network that cloud consumers would not have access to and the cloud consumers would be accessing the services
over a public, externally facing network.
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

76
OpenStack Administration with SUSE OpenStack Cloud

Role Management Commands

• Syntax: openstack role MODE OPTIONS

Mode Description

y
create -create a new role

nl
O
delete -delete a role

e
list -display curent list of roles

te Us
add -add a role to a user

bu r
tri ne
remove -remove a role from a user

assignment list is rt -display roles for users

D Pa
common options:
--user filter on username/ID
ot d

--group filter on groupname/ID

N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

77
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Roles

y
nl
O
root@d52-54-00-63-a1-01:~ # openstack role list
+----------------------------------+------------------+
| ID | Name |

e
+----------------------------------+------------------+
Roles

bu r
+----------------------------------+------------------+

tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

78
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Basic Keystone

e
Troubleshooting

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

79
OpenStack Administration with SUSE OpenStack Cloud

Keystone Log Files

• Located in /var/log/keystone/ on nodes running Keystone services

Logfile Service/Description
keystone.log -main log file for keystone

y
keystone-manage.log -log file for the keystone-manage utility

nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The keystone-all service provides the API access and all of the Keystone services such as authentication,
authorization, catalog, etc..
n

-The log file for the keystone services is: /var/log/keystone/keystone.log

The keystone-manage utility is used to initialize and update data within Keystone for operation that cannot be
o

accomplished via the HTTP API.

t
In

-The log file for this utility is: /var/log/keystone/keystone-manage.log

SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

80
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 4

O
e
te Us
Review Questions

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

81
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

81
OpenStack Administration with SUSE OpenStack Cloud

Section 4 Review Questions

• What are the six services provided by the OpenStack Identity Service
(Keystone)?

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

82
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 4

O
e
te Us
Exercises

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

83
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

83
OpenStack Administration with SUSE OpenStack Cloud

Section 5

y
nl
Work with OpenStack Projects,

O
Users, Domains and Groups

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

84
OpenStack Administration with SUSE OpenStack Cloud

Section Objectives

• Understand OpenStack Projects and Users

• Understand Configuration Commands for Projects and

y
nl
Users

O
• Understand Keypairs

e
• Understand Quotas

te Us
• Understand OpenStack Domains and Groups
• Understand Domain and Group Configuration Commands

bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

85
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand OpenStack Projects

e
and Users

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

86
OpenStack Administration with SUSE OpenStack Cloud

What are Projects, Users and Roles?

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
Video:
ot d
N an

What are Projects (Tenants), Users and Roles?

D al

Let’s use the example of an office building to better understand the concepts of tenants, users and roles in an
OpenStack cloud.
n
er

In business it is often more cost effective for a company to lease office space rather than build and maintain its own
buildings. The same can be said of computational resources. Rather than build and maintain their own data centers,
o

leasing space in existing data centers can also be more cost effective.
t
In

In our example, an office building represents an OpenStack cloud in a data center. The office building is divided up
into office suites of differing sizes and with differing number of offices, conference rooms, etc.. Depending on the
SE

amount and type of space companies need, they can lease these different office suites. They become tenants of the
office building. The employees of a company are who actually use the space in the office building. They work in
offices and cubicles. They meet in conference rooms, prepare food and eat in kitchens and lunch areas and they
SU

relax in break rooms. Employees of a company all have different jobs and because of their different job
responsibilities, each employee of a company needs access to different resources in the office space. Some
employees need an office, some need a cubicle and some, like the cleaning staff, need access to cleaning supply
rooms.

Compare this now to our cloud. Companies that need computational or storage resources can lease these from an
OpenStack cloud provider. An entity called a tenant is created in the OpenStack Identity Service (or Keystone) that
corresponds to the company, in our example, that will be leasing space in the cloud. In some of the OpenStack tools
a tenant is referred to as a project but both terms always refer to the same type of entity. A quota is defined in the
OpenStack Compute Service (or Nova) that restricts the amount and type of resources that can be used in the cloud.
This quota is associated to the tenant. Users are then created in the Identity Service and assigned to the tenant.
These user accounts are what people will use to log into the cloud and use cloud resources in the context of the
tenant they are assigned to. If desired, actions and policies can be defined in the different cloud services, by the
cloud operator, that describe what types of access is allowed to cloud resources managed by these services. Roles
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

87
OpenStack Administration with SUSE OpenStack Cloud
can then be defined in the Identity Service and associated with these actions/policies. Finally, these roles can be
assigned to users which ultimately give them access to the exact subset of cloud resource that they require. In
version 3 of the Identity API groups of users can be created and roles can then be assigned at the group level
rather that at the user level.

A larger entity named a Domain can also exist. A Domain can encompass multiple tenants (or projects) and users.
A Domain administrator can then manage all of these tenants, their users and roles within the Domain. In our
example of the office building, the Domain could represent the Company leasing space in the building and the
tenants could then represent individual departments or business units within the company. Users can be
associated with multiple tenants and can have different roles assigned to them in the different tenants they are
associated with.

y
nl
In summary, access to OpenStack cloud resources are granted to tenants and restricted by quotas. Users, that
are associated with the tenants, log into and use these cloud resources. Optionally, actions and policies can be

O
defined and associated with roles, which are in turn assigned to users, effectively defining how these users can
use the cloud resources leased by the tenants. Tenants and users can be grouped together into Domains which
then allows for centralized administration of these entities by Domain Administrators.

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

88
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Understand Configuration

O
Commands for Projects and

e
te Us
Users

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

89
OpenStack Administration with SUSE OpenStack Cloud

Project Administration Commands

• Syntax: openstack project MODE OPTIONS

Mode Description
create -create a new project

y
nl
delete -delete a project

O
list -display curent list of project

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

90
OpenStack Administration with SUSE OpenStack Cloud

User Administration Commands

• Syntax: openstack user MODE OPTIONS

Mode Description
create -create a new user

y
nl
delete -delete a user

O
list -display curent list of users

e
te Us
set -modify an existing user

password set -change password of existing user

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

91
OpenStack Administration with SUSE OpenStack Cloud

Projects and Users

root@d52-54-00-63-a1-01:~ # openstack project list

+----------------------------------+-----------+

y
| ID | Name |
+----------------------------------+-----------+
Project

e
te Us
root@d52-54-00-63-a1-01:~ # openstack user list
+----------------------------------+----------+
| ID | Name |
+----------------------------------+----------+

bu r
| b78d9c4791254b59adf3955c0f21aa3d | admin |

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

92
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Key Pairs

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

93
OpenStack Administration with SUSE OpenStack Cloud

What are Key Pairs?

• SSH Public/Private keys

• Public key is stored in OpenStack and can be injected into

y
instances when instantiated

nl
O
• Used to allow root SSH access to instances as root

e
password is usually disabled

te Us
• Stored in the context of a project

bu r
tri ne
• New key pairs can be generated in OpenStack
is rt
D Pa
• Existing key public keys can be uploaded into OpenStack
ot d
N an
D al

Key pairs, in the context of OpenStack, are simply SSH public/private key pairs. These are used to access instances
launched on the cloud. New key pairs can either be generated using OpenStack utilities or the public key portion of
n

an existing key pair can be uploaded, into the context of the project. It is important to note that only the public portion
er

of the key is stored in the cloud.

When an instance is launched on the cloud, the most common way for the user who launched it to access the
t
In

instance will be over the network. To enable secure network access, a public key that is stored in the the cloud, in the
context of the project, can be injected into the instance when it is instantiated. This key injection is typically performed
by the cloud-init utility that is built into the image used to launch the instance.
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

94
OpenStack Administration with SUSE OpenStack Cloud

Key Pair Administration Commands

• Syntax: openstack keypair MODE OPTIONS

Mode Description
create -generate a new keypair

y
nl
create --pubkey PUBKEY -import an existing public key

O
delete -delete a new keypair

e
te Us
list -display existing keypairs

show KEYPAIR -display details about a keypair

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

95
OpenStack Administration with SUSE OpenStack Cloud

Generate a Key Pair with the Dashboard

Name the key pair

y
nl
O
e
te Us
bu r
tri ne
Copy/Download the private key
is rt
D Pa
ot d
N an
D al

It is very important to download the private portion of the key when you generate a new key pair because the private
portion of the key is not stored in the cloud and therefor can never be downloaded again. If the private portion of the
n

key pair is either not downloaded when the key was generated or is lost, the key pair stored in the cloud will be
er

useless and can just be deleted. Any instances that were launched using these orphaned keys may become
inaccessible.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

96
OpenStack Administration with SUSE OpenStack Cloud

Import a Public Key with the Dashboard

y
Name the key

nl
O
e
te Us
Copy and paste

bu r
tri ne
the public key

is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

97
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Quotas

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

98
OpenStack Administration with SUSE OpenStack Cloud

Project Quotas

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Quotas are used to restrict the amount of cloud resources that a project can use. These quota restrictions are applied
at the project level not the individual user level. These quotas are manage by the cloud operator not by the project
n

itself.
er

There are a wide range of resources that can be restricted by quota. A default set of quotas are created by default
o

and apply to all projects. The cloud operator can create project specific quotas that override the default set of quotas.
t
In

It is important to note that the values set for the quotas do not have to match the actual capacity available in the
cloud. If quotas are important to how you want to manage your cloud, it is important to modify these quotas, both the
defaults and the project specific ones, to match the capacity of your cloud.
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

99
OpenStack Administration with SUSE OpenStack Cloud

openstack quota Command

• Syntax: openstack quota MODE OPTIONS

Mode Description
set --QUOTA VALUE TENANT -modify quota for a project

y
nl
show TENANT -display quotas for a project

O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

100
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand OpenStack Domains

e
and Groups

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

101
OpenStack Administration with SUSE OpenStack Cloud

What are Domains?

• Added as part of the Identity API version 3

• A scope of administration that can be delegated to someone

y
other than the cloud operator

nl
O
• A Domain Administrator is assigned the admin role for the

e
context of the domain they administer

te Us
‒ Similar to how the cloud operator admin user is assigned the admin role for

bu r
the entire cloud

tri ne
Note: The cloud operator admin user has the admin role for all domains

•
is rt
Domains can contain Projects, Users and Groups
D Pa
• A default domain named Default exists and contains all
ot d

obects that are not specifically in any other domain

N an
D al

Introduced in version 3 of the Identity API, domains are scopes of administration that can be delegated to users other
than the cloud operator. Before the advent of domains, all project and user administration could only be performed by
n

the cloud operator. Domains allow for a scope of administration that can be delegated to non cloud operator users.
er

Domains can contain projects, users and groups.

o
t
In

Domains are also a context in which users can be authenticated. Before the advent of domains, users needed to be a
member of at least one project to be able to authenticate because user authentication is performed relative to a
specific context of access to the cloud. With version 3 of the Identity API, user can now authenticate in either a
SE

domain or a project context. When using the Horizon dashboard, user must be associated with at least on project to
be able to log into the dashboard.
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

102
OpenStack Administration with SUSE OpenStack Cloud

What are Groups?

• Added as part of the Identity API version 3

• Allow multiple users to be grouped together

y
nl
• Roles can be assigned which then apply to all members

O
e
• Do not have to be part of a domain (can exist in the Default

te Us
domain)

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Introduced in version 3 of the Identity API, groups are used to more easily associate roles with users. Before the
advent of groups, all role assignment had to be done on a per user basis. With groups, users can be assigned to
n

groups and then roles can be assigned to groups. All users in a groups will have roles assigned to the group assigned
er

to them as well.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

103
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Domain and Group

e
Configuration Commands

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

104
OpenStack Administration with SUSE OpenStack Cloud

Domain Administration Commands

• Syntax: openstack domain MODE OPTIONS

Mode Description
create -create a new domain

y
nl
delete -delete a domain

O
list -display current list of domains

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

105
OpenStack Administration with SUSE OpenStack Cloud

Groups Administration Commands

• Syntax: openstack group MODE OPTIONS

Mode Description
create -create a new group

y
nl
delete -delete a group

O
list -display curent list of groups

e
te Us
set -modify an existing group

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

106
OpenStack Administration with SUSE OpenStack Cloud

Enable Multiple Domain Support in Horizon

• Horizon Barclamp

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

By default, the OpenStack Dashboard (Horizon) does not support multiple domains. Horizon can be configured to
support domains in a couple different ways. In SUSE OpenStack Cloud these configuration options are changed in
n

Crowbar using the Horizon barclamp. Because the domain specific options are not yet exposed as options in the
er

barclamp, you much switch to raw view and edit the options directly in the text of the proposal configuration.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

107
OpenStack Administration with SUSE OpenStack Cloud

Log In with Domains in Horizon

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The first way is to specify to Horizon which domain the Dashboard should be associated with. In this case, only
members of that domain can log into the Dashboard. This method would require a different dashboard instance to be
n

running for every domain that has been created.

The second way is to enable multi domain support in Horizon. When this is done, a new field is available on the login
o

screen where the users are required to enter the domain they are a member of in addition to their project username
t
In

and password
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

108
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 5

O
e
te Us
Review Questions

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

109
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

109
OpenStack Administration with SUSE OpenStack Cloud

Section 5 Review Questions

• What is an OpenStack Project?

• How are Users in OpenStack used?
• What commands/utilities can be used to manage Projects and Users in
OpenStack?

y
• What are key pairs in the context of OpenStack and how are they used?

nl
• What are quotas in the context of OpenStack and how are they used?

O
• What are Domains in the context of OpenStack and how are they used?
• What are Groups in the context of OpenStack and how are they used?

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

110
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 5

O
e
te Us
Exercises

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

111
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

111
OpenStack Administration with SUSE OpenStack Cloud

Section 6

y
nl
O
Work with Cloud Images

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

112
OpenStack Administration with SUSE OpenStack Cloud

Section Objectives

• Understand Glance Features and Functionality

• Understand Image Types

y
nl
• Understand Glance Confguration Commands

O
• Understand Basic Glance Troubleshooting

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

113
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Glance Features

e
and Functionality

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

114
OpenStack Administration with SUSE OpenStack Cloud

What is the OpenStack Image Service

(Glance)?

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
Video:
ot d
N an

What is the OpenStack Image Service?

D al

The OpenStack Image Service, also known as Glance, provides services such as registering, discovering and
retrieving virtual machine images.
n
er

The OpenStack Image Service API acts as a Registrar. When a user wants to store an image in the image service
they give the Image Registrar the image file along with information, or metadata, that describes the image such as its
o

name, its disk type, its CPU architecture, hypervisor type, etc. The Image Registrar then stores the image in some
t
In

storage back end and creates an entry in the Image Registry that contains the location of the image file and all of the
additional information about the image that was provided. It is important to note that while the metadata about an
image can be changed once it is in the Image Registry, the image itself is immutable.
SE

When the Compute Service wants to launch a workload instance, it tells the Image Registrar what image it needs.
The Image Registrar then retrieves the location of the image file for the image from the Image Registry and gives it to
SU

the Compute Service. The Compute node that will be running the instance then downloads a copy of the image file
directly from the location provided and uses it to launch the instance.

The additional metadata stored in an image’s entry in the Image Registry can be used to determine either manually or
programmatically the suitability of an image file for a specific situation. For example, if there were multiple copies of a
specific image stored in the Image Registry, each being in a different disk image format or for a different hypervisor,
the metadata for the images could be used to identify which image is the correct one for the situation.

The storage back end used to store the image files can be as simple as a disk connected to the server running the
Glance services, or the storage back end could be something more generally accessible such as an Object Store like
Swift or a RADOS Block Device in Ceph.

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

115
OpenStack Administration with SUSE OpenStack Cloud
Because the Image Registry is stored in a database, the Image Service can be scaled out by adding additional
API instances or Image Registrars. Each Image Registrar can talk with the database independently to add new
images and retrieve or update information about existing images.

In summary, the OpenStack Image Service, or Glance, is used to store and retrieve virtual machine images used
to launch workload instances in the cloud.

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

116
OpenStack Administration with SUSE OpenStack Cloud

Glance Storage Back Ends

Glance Server
Glance API

y
nl
local

O
disk

e
te Us
bu r
Ceph Cluster Swift Cluster

tri ne
Ceph-mon-master Ceph-store Ceph-store Ceph-store Ceph-store

M S
Disk
OSD

Disk Disk
S
Disk
is rt
OSD

Disk Disk
S
Disk
OSD

Disk Disk
D Pa
Ceph-store
RBD Ceph-store RBD Ceph-store RBD Ceph-store RBD Ceph-store

S
Disk
OSD

Disk Disk
S
Disk
OSD

Disk Disk
ot d

RBD Ceph-store RBD Ceph-store RBD Ceph-store RBD Ceph-store

N an

Ceph-mon

M S
Disk
OSD

Disk Disk
S
Disk
OSD

Disk Disk
Zone 1 Zone 2 Zone 3
D al

The Glance API acts as the registrar and maintains the image registry. The disk images are stored in a separate
storage back end. Glance supports storing images in different types of storage back ends such as in a locally
n

attached disk, in a RBD in a Ceph cluster or as objects in a Swift cluster.

er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

117
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Image Types

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

118
OpenStack Administration with SUSE OpenStack Cloud

Supported Image Files Types

• qcow2 Qemu emulator format (KVM/XEN)

• raw Raw disk image (i.e. created with dd)

y
nl
• vmdk VMware disk image format

O
vhd Microsoft virtual hard disk (Hyper-V/Azure)

e
•

te Us
• vdi VirtualBox disk image format

bu r
tri ne
• ISO CD/DVD image format

AKI/ARI/AMI
is rt Amazon Kernel/Ramdisk/Machine images
D Pa
•

• Docker Docker images

ot d
N an
D al

The Glance registry supports a wide array of image formats giving it the advantage of supporting a similarly wide
array of hypervisors and that ability to choose the image format that is best for the situation. Using the multiple image
n

format feature in conjunction with SUSE Studio or Kiwi can allow you to have the same image available in Glance but
er

in different image formats to support different hypervisors.

Each of the image formats has different advantages and disadvantages beyond just hypervisor support. For example,
t
In

both the Xen and KVM hypervisors support the QCOW2 and Raw image formats. Choosing the QCOW2 image
format adds the ability to do snapshots. The QCOW2 image format also handles thin provisioned disks a little easier.
The Raw image format is a less complicated format and can potentially provide a little better performance depending
SE

on the situation.
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

119
OpenStack Administration with SUSE OpenStack Cloud

Image File Creation Recomendations

• Single partition for / at end of disk

• Make the image file as small as possible

y
nl
O
• No hardcoded MAC addresses

e
te Us
• Disable host firewall

bu r
• Enable SSH server to run on boot

tri ne
•
is rt
Install cloud-init in the image
D Pa
ot d
N an
D al

Single partition for / at end of disk:

When creating an instance, the size of the instances disks is determined by the flavor chosen. These disks may be
er

larger that the actual image file. When the instance is instantiated, the disk is extended by adding zeros at the end of
the instance's image file. When the OS in the image is booted the root partition and its file system is automatically re-
o

sized to include this additional disk space. If the root partition is not at the end of the disk it can cause problems with
t
In

this resizing.

Make the image file as small as possible:

Because the disk images of instance are re-sized when they are instantiated, and because you don't know how large
the disks may be defined to be in flavors, it is a good idea to make the disk image files as small as possible. You can
SU

do this by eliminating any unused disk space in the image when the image is created. This will allow the image to be
used in conjunction with the widest range of flavors. This is important because disk images can be grown but not
shrunk when they are instantiated in an instance. If the disk image is larger than the disk size defined by the selected
flavor it will render the instance unbootable.

No hard-coded MAC addresses:

When an instance is instantiated new MAC addresses will be generated for its NICs. Hard-coded MAC addresses in
an image can prevent the image for being able to communicate and be accessed over the network. It is a good idea
to replace the file /etc/udev/rules.d/70-persistent-net.rules with and empty file in the image.

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

120
OpenStack Administration with SUSE OpenStack Cloud
Disable host based firewall:

Disabling the host based firewall in the image is a good idea because if running it can prevent an instance from
being accessed both for consumption of any services running in the instance and for administration of the
instance. Security groups and their corresponding rules should be used instead to protect and restrict access to
the instance.

Enable SSH server to run on boot:

Linux instances are typically access via SSH for administrative tasks. It is strongly recommended that an SSH
server be running in an instance to allow for this. It is also recommended that you use the SSH key pair

y
functionality of a tenant to create/upload/store SSH public keys to be injected into images when they are

nl
instantiated rather then pre-embedding keys into images.

O
Install cloud-init in the image:

The cloud-init package contains the functionality to perform many of these things laid out in these guidelines. It

e
can do the following:

te Us
-re-size the root partition when the instance is launched
-inject the public SSH key into an account's .ssh/authorized_keys file
-remove the password of the root account to disable console log in
-create new user accounts

bu r
-set instance's hostname

tri ne
-set up mount point for ephemeral disks
-perform custom configuration of an instance based on information retrieved from the OpenStack metadata
service is rt
D Pa
If needed existing images can be modified using the guestfish command or the virt-* utilities that are also included
with libguestfs. For more information on how to use these utilities refer to the OpenStack Virtual Machine Image
Guide (http://docs.openstack.org/image-guide/content/index.html).
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

121
OpenStack Administration with SUSE OpenStack Cloud

Tools for Creating Image Files: Machinery

Machinery is a command line application for creating

descriptions of Linux systems and working with them.

y
Based on the idea of a universal system description.

nl
Use cases for machinery:

O
• Configuration discovery

e
• System validation

te Us
• Service migration
• Export to kiwi configuration

bu r
tri ne
is rt
D Pa
ot d
N an
D al

More information can be found for machinery at: http://machinery-project.org/

n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

122
OpenStack Administration with SUSE OpenStack Cloud

Tools for Creating Image Files: Kiwi

KIWI is a command line tool, written in Perl, for building

images for Linux.

y
Used to build all SUSE product images.

nl
KIWI can build many different types of images:

O
• ISO

e
• Live CD/DVD

te Us
• Amazon EC2 (.ami)
• KVM/Qemu (.qcow2)

bu r
• VMware (.vmdk)

tri ne
• ...
is rt
D Pa
ot d
N an
D al

The KIWI wiki is full of information on the use cases, methods and theory behind KIWI:
https://doc.opensuse.org/projects/kiwi/doc/
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

123
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Glance

e
Configuration Commands

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

124
OpenStack Administration with SUSE OpenStack Cloud

openstack image Command

• Syntax: openstack image MODE OPTIONS

Mode Description
create -create a new image in the Glance Registry

y
nl
delete -remove image from the Glance Registry

O
set -update metadata for image in the Glance Registry

e
te Us
list -display list of images in the Glance Registry

show ID -display details about specified image

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

125
OpenStack Administration with SUSE OpenStack Cloud

Import Images with the Dashboard

Name the image

y
nl
O
Select image file

e
te Us
Select image disk format

bu r
tri ne
Provide other information
is rt
D Pa
Select public/private
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

126
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Basic Glance

e
Troubleshooting

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

127
OpenStack Administration with SUSE OpenStack Cloud

Glance Log Files

• Located in /var/log/glance/ on nodes running Glance services

Logfile Service/Description
api.log -API service log file

y
manage.log -glance-manage utility log file

nl
registry.log -glance-registry utility log file

O
scrubber.log -glance-scrubber utility log file

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The glance-api service handles all requests for the Glance service such as any request to access or modify an
existing image or to create a new image.
n

-The log file for this service is: /var/log/glance/api.log

The glance-registry service manages the registry or catalog of available images and mappings between the entries
o

in the database that correspond to the image files stored in the image storage back end.
t
In

-The log file for this service is: /var/log/glance/registry.log

The glance-manage utility is used to configure the Glance installation, particularly to set up the database.
SE

-The log file for this utility is: /var/log/glance/manage.log

The glance-scrubber utility is used to clean up images that have been deleted.
SU

-The log file for this service is: /var/log/glance/srubber.log

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

128
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 6

O
e
te Us
Review Questions

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

129
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

129
OpenStack Administration with SUSE OpenStack Cloud

Section 6 Review Questions

• What is the OpenStack Image Service (Glance)?

• What is an “image” in the context of OpenStack?
• What are images used for in OpenStack?
• What can the OpenStack Image Service use as storage back ends?

y
• Where can you get or how can you create image files?

nl
• What image file formats does the OpenStack Image Service currently support?

O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

130
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 6

O
e
te Us
Exercises

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

131
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

131
OpenStack Administration with SUSE OpenStack Cloud

Section 7

y
nl
Work with Software Defined

O
Networks in OpenStack

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

132
OpenStack Administration with SUSE OpenStack Cloud

Section Objectives

• Understand OpenStack Networking

• Understand Neutron Configuration Commands

y
nl
• Understand Floating IPs

O
• Understand Security Groups

e
• Understand Basic Neutron Troubleshooting

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

133
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand OpenStack

e
Networking

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

134
OpenStack Administration with SUSE OpenStack Cloud

What is the OpenStack Network Service

(Neutron)?

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The OpenStack Networking service, or Neutron, provides the software defined networking functionality to an
OpenStack cloud. The OpenStack Compute project (Nova), as it was one of the original services in OpenStack and
n

as it is responsible for providing the compute infrastructure for an OpenStack cloud it has networking capabilities built
er

into it. These networking capabilities are referred to as nova-network and initially were the only way to configure
networking for the cloud until Neutron was introduced.
o
t
In

The advantages of neutron over nova-network are many but the main one is that Neutron uses a plug-in based
architecture to allow it to be extensible. Third party networking vendors can create plug-ins to Neutron that will allow
their software defined networking (SDN) solutions to be used in an OpenStack cloud.
SE

Neutron provides layer 2 and layer 3 networking for an OpenStack cloud.

As a note, the original name for the Neutron project was Quantum but was changed to avoid potential copyright
issues. Because of this, some of the components and features of Neutron still have “quantum” in their names.

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

135
OpenStack Administration with SUSE OpenStack Cloud

Default Network Setup: Overview

Private /
Switch (VLANs) Gateway Cloud Internal
Private Network (nova-fixed) Neutron:
VLAN500, 192.168.123.0/24 192.168.123.1 Connects cloud instances
Cloud Networks

Gateway
Access to cloud instances: .129-.254

y
Public Network (nova-floating) external:
192.168.126.1
VLAN300, 192.168.126.0/24
Access to cloud services

nl
Public Network (public)
VLAN300, 192.168.126.0/24 (such as Dashboard): .2-.127

O
Software Defined Network Neutron: Public /
VLAN400, 192.168.130.0/24 192.168.130.1 Company LAN

e
te Us
Storage Network
Separate network for storage traffic
Infrastructure Networks

VLAN200, 192.168.125.0/24

bu r
tri ne
Cloud Nodes
is rt
D Pa
Switch (access)
Admin Network (admin & bmc or bmc_vlan)
192.168.124.0/24 Connects Admin server and
Cloud Nodes
ot d
N an

Admin
Admin Server (crowbar) LAN
D al

The default networks created during the deployment of SUSE OpenStack cloud are broken down into two different
types: infrastructure, cloud. The infrastructure networks (Admin network, Storage network and Software Defined
n

Network) interconnect the physical cloud infrastructure machines. The cloud networks (nova-fixed, public and nova-
er

floating) are the networks that the consumers of the cloud interact with.
o

In this section we are going to focus on the Software Defined Network and how it is used.
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

136
OpenStack Administration with SUSE OpenStack Cloud

Neutron SDN Networking

Network Node

SDN Network Conduit

L3 Agent
y
nl
O
e
te Us
External / Public

bu r
L2 Agent L2 Agent L2 Agent Network

tri ne
(openvswitch) (openvswitch) (openvswitch)

is rt
D Pa
ot d
N an

Compute Node Compute Node Compute Node

D al

The SDN Network Conduit on this page corresponds to the Software Defined Network on the previous page. This is
the network that all over cloud networks travel across.
n
er

The two main components of Neutron are the layer 2 (L2) services and the layer 3 (L3) services. The L2 agents run
on the compute nodes and are responsible for creating and maintaining the virtual networks that interconnect the
o

instances launched by project users. Depending on the SDN plug-in you are using, the L2 agents can be different
t
In

pieces of software. An example of one of these is openvswitch which is used by the ML2 plug-in. The network nodes
run the L3 agents that are responsible for routing of network traffic between different networks and the external world
as well as port forwarding of traffic between the external world and instances connected to the private networks.
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

137
OpenStack Administration with SUSE OpenStack Cloud

Project Private Networks and Routers

Network Node

SDN Network Conduit

Red Tenant Private Network 02

L3 Agent
y
nl
Red Tenant Private Network 01

O
e
te Us
External / Public

bu r
L2 Agent L2 Agent L2 Agent Network

tri ne
(openvswitch) (openvswitch) (openvswitch)

is rt
D Pa
Red Tenant
Red Tenant

Red Tenant
Instance

Instance

Instance
ot d
N an

Compute Node Compute Node Compute Node

D al

In this example, the Red tenant has created a private network and is running instance on each of the compute nodes.
These instances are all connected to this private network and can communicate with each other even though they
n

are running on different compute nodes. The Red tenant has also created a virtual router that allows the instances to
er

communicate with the outside world.

o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

138
OpenStack Administration with SUSE OpenStack Cloud

Multiple Projects' Networks and Routers

Network Node

SDN Network Conduit

Red Tenant Private Network

L3 Agent
y
nl
Blue Tenant Private Network

O
Green Tenant Private Network

e
te Us
External / Public

bu r
L2 Agent L2 Agent L2 Agent Network

tri ne
(openvswitch) (openvswitch) (openvswitch)

is rt
D Pa
Green Tenant

Green Tenant
Blue Tenant

Blue Tenant
Red Tenant
Red Tenant

Red Tenant
Instance

Instance

Instance
ot d
N an

Compute Node Compute Node Compute Node

D al

In this example we now have three different tenants (Red, Green and Blue) that have created private networks and
are running instances on the compute nodes. The private networks created by each of these tenants are completely
n

isolated from each other so that the tenants cannot see each other's network traffic.
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

139
OpenStack Administration with SUSE OpenStack Cloud

3rd Party SDNs

3rd Party SDN

3rd Party SDN Network Conduit

Red Tenant Private Network

L3 Agent
y
nl
Blue Tenant Private Network

O
Green Tenant Private Network

e
te Us
External / Public

bu r
L2 Agent L2 Agent L2 Agent Network

tri ne
(3rd Party) (3rd Party) (3rd Party)

is rt
D Pa
Green Tenant

Green Tenant

Provided by
Blue Tenant

Blue Tenant
Red Tenant
Red Tenant

Red Tenant

3rd parties
Instance

Instance

&
ot d

3rd party plugins

N an

Compute Node Compute Node Compute Node

D al

When using a 3rd party SDN, the L3 agents and potentially the L2 agents are provided by the 3rd party. Neutron has
plug-ins that allow these SDNs to be managed through Neutron.
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

140
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Networking Terminology (1/2)

Term Description
Network -Analogous to a physical LAN
-Can be external to the cloud (external)
-Can be private to a Tenant (private)

y
nl
Subnet -IP subnet associated with a Network
Router -Device that connects subnets

O
-Can have one gateway
-Can be connected to multiple Subnets

e
Gateway -Router interface connected to an external

te Us
network

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Networks correspond to the virtual "network cables" that are created for use by the cloud consumers. The
mechanism for implementing these networks can be protocols such ad GRE tunnels, VLANs or VXLANs.
n
er

Subnets are the IP subnets that are associated with and run on these networks. It is possible to have multiple
subnets associated with a single network if desired. However, it is common to have only one subnet running on a
o

network.
t
In

Routers connect subnets. Routers in OpenStack can have only one external interface but can have multiple internal
interfaces. Routers are created by tenants to allow their instances to communicate with both the external world and
SE

with other instances that may be connected to other networks/subnets that they have created.

The term gateway, when using it in the context of OpenStack, refers to the external interface on a router (i.e. the
SU

router's gateway interface).

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

141
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Networking Terminology (2/2)

Term Description
Allocation Pool -On an external Network:
-Range of addresses to use as Floating
IPs

y
-On a private Network:

nl
-Range of addresses to use as a DHCP

O
scope
Floating IP -IP Address on an external network that can

e
be allocated to a tenant and then

te Us
associated with an instance

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Allocation pools are pools of addresses that can be used for different things such as DHCP scopes on internal
networks or pools of floating IPs on external networks.
n
er

Floating IP addresses are IP address that exist on externally facing cloud networks and can be associated with
instances running on private networks to allow those instances to be accessed directly from the external world.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

142
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Neutron

e
Configuration Commands

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

143
OpenStack Administration with SUSE OpenStack Cloud

openstack network/subnet Commands

• Syntax: openstack network MODE OPTIONS

Mode Description
create -create new virtual network

y
delete -delete virtual network

nl
list TENANT-ID -list networks for a given tenant

O
show TENANT-ID -display details of a network

e
• Syntax: openstack subnet MODE OPTIONS

te Us
Mode Description
create -create new virtual subnet

bu r
delete -delete virtual subnet

tri ne
list TENANT-ID -list subnets for a given tenant
show TENNANT-ID is rt -display details of a subnet
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

144
OpenStack Administration with SUSE OpenStack Cloud

Create Networks / Subnets in the Dashboard

Name the network

Enter allocation pools

y
(DHCP ranges)

nl
O
Enter DNS servers

e
te Us
bu r
tri ne
Name the subnet
is rt
D Pa
Enter network address
ot d
N an
D al

The process of creating networks and subnets in the OpenStack Dashboard is combined into a single workflow rather
than separate actions like it is when using the command line client.
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

145
OpenStack Administration with SUSE OpenStack Cloud

openstack router Command

• Syntax: openstack router MODE OPTIONS

Mode Description
create -create new virtual router

y
delete -delete virtual router

nl
set ROUTER -add external interface to router

O
add port -add internal interface to router
router list PROJECT -list routers for a given tenant

e
router show PROJECT -display details of a router

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

146
OpenStack Administration with SUSE OpenStack Cloud

Create Routers in the Dashboard

Name the router

y
nl
Select external network
for gateway

O
e
te Us
Select internal network
for interface

bu r
tri ne
is rt
D Pa
ot d
N an
D al

When creating a router in the OpenStack Dashboard, you first create the router and specify the external network it is
connected to. You then go into the router and create interfaces that are connected to subnets.
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

147
OpenStack Administration with SUSE OpenStack Cloud

Network Topology

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The OpenStack Dashboard also has a nice network topology view that allows you to visualize how the networks and
routers are connected and, when you start launching instances, how the instances are connected to these networks.
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

148
OpenStack Administration with SUSE OpenStack Cloud

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

149
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Floating IPs

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

150
OpenStack Administration with SUSE OpenStack Cloud

What are Floating IPs?

• Externally facing IP addresses

• Allocated to a tenant
• Associated with instances to allow them to be accessible externally
• Number available to tenants can be limited via quota

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Floating IP addresses exist on external networks. These addresses can be allocated to tenants and the tenants can
then associate them with instances running on their private networks. The number of floating IP addresses that can
n

be allocated to a tenant can be restricted via quota.

er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

151
OpenStack Administration with SUSE OpenStack Cloud

Floating IPs and Instances

Network Node
Floating IP
SDN Network Conduit exists here
Red Tenant Private Network

L3 Agent
y
nl
O
e
Traffic is forwarded
on to the instance

te Us
via SNAT / DNAT

External / Public

bu r
L2 Agent L2 Agent L2 Agent Network

tri ne
(openvswitch) (openvswitch) (openvswitch)

is rt
D Pa
Red Tenant

Red Tenant

Red Tenant
Instance

Instance

Instance
ot d
N an

Compute Node Compute Node Compute Node

D al

The Floating IP addresses, when allocated to a tenant, are created on the external interface of the tenant's virtual
router. When associated with an instance on a private network, the network traffic is SNATed/DNATed between the
n

instance and the external world allowing that instance to be accessed by the external world. In OpenStack, the
er

process of allocating a floating IP to a tenant is called "creating a floating IP". In reality, the IP is not being created
because it is coming from a pool of floating IPs that was previously created/defined by the cloud operator. It is only
o

being "created" on the external interface of the tenants router. If the tenant has multiple virtual routers, it is actually
t
In

created on the external interface of the router when it is associated with an instance on a private network because it
is at that point that OpenStack knows which router is connected to the subnet that the instance is running on and
therefore the router that is connected to that subnet.
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

152
OpenStack Administration with SUSE OpenStack Cloud

openstack floating ip command

• Syntax: openstack floating ip MODE OPTIONS
Mode Description
list -display floating IPs allocated to a tenant

y
nl
create POOL -allocate a floating IP to a tenant

O
delete -remove floating IPs from a tenant

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

153
OpenStack Administration with SUSE OpenStack Cloud

Assign and Allocate Floating IPs

Click: Allocate IP To Project

y
nl
O
e
te Us
bu r
tri ne
Select pool of floating IPs

is rt
D Pa
Click: Allocate IP
ot d
N an
D al

When working with floating IPs, you first allocate the floating IPs to the project. This process is a function of Neutron.
Once a floating IP has been allocated to the project, it can be assigned to an instance. The process of assigning a
n

floating IPs to an instances is a function of Nova.

er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

154
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Security Groups

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

155
OpenStack Administration with SUSE OpenStack Cloud

What are Security Groups?

• Groups to contain firewall rules

• Neutron security groups allow for ingress and egress rules
• Can be based on:
‒ Roles, services, users, etc

y
• Generally created within the context of a tenant

nl
• Number of groups and rules can be limited via quota

O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Security groups are a method of simplifying the creation of firewall rules for instances. Security groups allow you to
define firewall rules for different protocols/ports and then group them together. These groups can then be associated
n

with instances. You only need to define the firewall rules once, when defining them in the security group, rather than
er

having to define them every time a new instance is launched.

The number of security groups created by a tenant and the number of rules created by a project can be restricted via
t
In

quota. This is important because firewall rule creation and management can create significant overhead on the cloud
when there are large numbers of projects running large amounts of instances.
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

156
OpenStack Administration with SUSE OpenStack Cloud

Security Groups and Instances

Group: Web Group: SSH Group: ICMP

Rule: TCP/80 ingress Rule: TCP/22 ingress Rule: ICMP/-1 ingress

y
Rule: TCP/443 ingress Rule: ICMP/-1 egress

nl
O
e
te Us
bu r
Instance-1 Instance-2

tri ne
(web server)

is rt
D Pa
• Assigned to instances to allow access to/from an instance
• Multiple security groups can be assigned to an instance
ot d
N an
D al

Multiple security groups can be associated with an instance. When this is done, all firewall rules in each of the
security groups will be created for the instance.
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

157
OpenStack Administration with SUSE OpenStack Cloud

openstack security group Command

• Syntax: openstack security group MODE OPTIONS
Mode Description
create -create new security group

y
delete -delete security group

nl
list PROJECT -list security groups for a tenant
show ID -display details of a security group

O
e
rule create -add new rule to a security group

te Us
rule delete -remove a rule from a security group
• rule list PROJECT -list security group rules for a tenant
rule show ID -display details of a security group rule

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

158
OpenStack Administration with SUSE OpenStack Cloud

Create Security Groups in the Dashboard

Click: Add Rule

y
nl
O
e
Select rule type

te Us
Name the security group
Select direction

bu r
tri ne
Select port/port range
is rt
D Pa
Enter port(range)
ot d
N an
D al

The process of creating security groups and rules in the OpenStack Dashboard is similar to using the command line
client in that you first create the security group and then you create rules in the security group.
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

159
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Basic Neutron

e
Troubleshooting

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

160
OpenStack Administration with SUSE OpenStack Cloud

Linux Network Namespaces

• Separate, isolated copies of the network stack in the kernel

• Each copy has its own routes/devices/firewall rules

y
nl
O
• The same IP subnets can exist in multiple namespaces at
the same time and be isolated from each other

e
te Us
• Used by OpenvSwitch and Neutron for Software Defined
Networks (SDNs)

bu r
tri ne
• is rt
Processes assigned to a namespace see only that
D Pa
namespace's network stack
ot d

A Namespace maps to a network in OpenStack

N an

•
D al

In OpenStack networking it is possible for every tenant to use the same IP addresses and even MAC addresses on
their private networks even if these private networks will exist on the same compute nodes as other tenants. This
n

"magic" that allows this to happen are Linux Network Namspaces.

Network name spaces are a function of Linux Control Groups (cgroups) and are simply stated, multiple autonomous,
o

isolated networks stacks running on the same Linux kernel. Each network stack is completely independent of every
t
In

other network stack.

Processes can be launched on the context of a network namespace and these processes only see the network
SE

components that exist within that namespace.

In OpenStack, these namespaces are created an maintained by the L2 agents such as openvswitch.
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

161
OpenStack Administration with SUSE OpenStack Cloud

No Network Namespaces Linux Network Namespaces

Process A Process B Process C

y
nl
O
(IP: 192.168.1.0/24)
eth0

e
te Us
With Network Namespaces

bu r
tri ne
Process A Process B Process C

is rt
namespace-1 (IP: 10.1.0.0/24) namespace-2 (IP: 10.2.0.0/24)
D Pa
veth2 veth4

veth1 veth3
ot d
N an

eth0
(IP: 192.168.1.0/24)
D al

If no namespaces are created, all processes see the same network configuration. If namespaces are created, virtual
interfaces must be created in the namespace and connected to virtual interfaces in the default network stack running
n

on the kernel. For communication to happen between namespaces, the kernel must route or bridge this traffic from
er

the namespaces with its default network stack.

o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

162
OpenStack Administration with SUSE OpenStack Cloud

ip Network Namespace Commands

• Syntax: ip netns OPTIONS

Options Description
list -display all network namespaces

y
add NAME -create a new network namespace

nl
delete NAME -delete a network namespace

O
exec NAME CMD -run an application in a network namespace

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The ip netns command can be useful in troubleshooting the OpenStack network configuration. OpenStack networks
are associated with network namespaces and the ip netns command can be used to both view which namespaces
n

exist on the different compute nodes as well as what addresses exist in the different namespaces. Where it is
er

possible to use the ip netns command to create new namespaces and delete existing ones, it is suggested that you
do not do this in the context of OpenStack because the L2 agents are handling this for you.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

163
OpenStack Administration with SUSE OpenStack Cloud

openstack network Command

(Troubleshooting)
• Syntax: openstack network MODE OPTIONS
Mode Description

y
agent list -list neutron agents and their status

nl
agent show AGENT -display details about a neutron agent

O
agent list –router ROUTER
-display L3 agent hosted on specified router

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

164
OpenStack Administration with SUSE OpenStack Cloud

Neutron Log Files

• Located in /var/log/neutron/ on nodes running Neutron services

Logfile Service/Description
neutron-server -Main Neutron log file

y
neutron-l3-agent -L3 agent log file

nl
neutron-openvswitch-agent -L2 agent (OpenvSwitch) log file

O
neutron-lbaas-agent -Load balancing service log file
neutron-dhcp-agent -DHCP service log file

e
neutron-metadata-agent -Metadata agent log file

te Us
neutron-metering-agent -Metering agent log file

bu r
tri ne
is rt
D Pa
ot d
N an
D al

The neutron-server service is the main service for Neutron and handles all API requests.
-The log file for this service is: /var/log/neutron/neutron-server.log
n
er

The neutron-l3-agent service manages all of the routing for the neutron virtual networks and manages of all of the IP
forwarding rules.
o

-The log file for this service is: /var/log/neutron/neutron-l3-agent.log

t
In

The neutron-openvswitch-agent service creates and manages the layer 2 networks that interconnect a project's
instances using the openvswitch utility.
SE

-The log file for this service is: /var/log/neutron/neutron-openvswitch-agent.log

The neutron-dhcp-agent service provides the DHCP service on the Neutron networks.
SU

-The log file for this service is: /var/log/neutron/neutron-dhcp-agent.log

The neutron-lbaas-agent service provides the load balancing service in Neutron.

-The log file for this service is: /var/log/neutron/neutron-lbaas-agent.log

The neutron-metadata-agent service communicates with the Nova metadata service to add the networking
information to a VM's metadata so that Nova knows about the networks it is connected to.
-The log file for this service is: /var/log/neutron/neutron-metadata-agent.log

The neutron-metering-agent service meters all network traffic at the L3 router level and can provided this data to
services such as Ceilometer.
-The log file for this service is: /var/log/neutron/neutron-metering-agent.log

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

165
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 7

O
e
te Us
Review Questions

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

166
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

166
OpenStack Administration with SUSE OpenStack Cloud

Section 7 Review Questions

• What is Software Defined Networking?

• What are some advantages of the OpenStack Network Service (Neutron) over
the networking capabilities built into the OpenStack Compute Service (Nova)?
• In the context of the OpenStack Network Service, what are: Networks, Subnets

y
and Routers?

nl
• What are floating IPs and how are they used and where do they reside?

O
• What are security groups and how are they used?
• What are network namespaces, how are they used and how can they be

e
manually accessed?

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

167
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 7

O
e
te Us
Exercises

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

168
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

168
OpenStack Administration with SUSE OpenStack Cloud

Section 8

y
nl
Work with Cloud Workload

O
Instances

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

169
OpenStack Administration with SUSE OpenStack Cloud

Section Objectives

• Understand Nova Features and Functionality

• Understand Instances and Flavors

y
nl
• Understand Nova Configuration Commands

O
• Understand Basic Nova Troubleshooting

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

170
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Nova Features and

e
Functionality

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

171
OpenStack Administration with SUSE OpenStack Cloud

What is OpenStack Compute (Nova)?

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
Video:
ot d
N an

What is the OpenStack Compute Service?

D al

A constant goal of IT departments is to provide reliable IT services as cost effectively as possible. With the advent of
virtualization, which allows individual servers to run multiple isolated workloads as opposed to the traditional model of
n

running one workload per server, we were able to gain a cost savings by getting better utilization out of our existing
er

hardware. Where virtualization helped with hardware utilization, and to a certain extent streamlined the provisioning
process, it still required the IT department to be directly involved with the provisioning, deployment and retirement of
o

each workload for each consumer.

t
In

With the introduction of public cloud services, the provisioning, deployment and retirement of workload instances
became much easer, to the point where the individual consumer could easily perform these tasks without having to
SE

involve the IT department.

The OpenStack Compute service, or Nova, is what provides the provisioning, deployment and retirement of workload
SU

instances in an OpenStack cloud. Not surprisingly, Nova was one of the first services in OpenStack.

There are two main roles that are provided within the Compute Service: Compute Controller and Compute Node. The
Compute Controller role provides services such as determining what a workload instance will look like and scheduling
where an instance is launched. It also provides the API used to launch and manage the workload instances. The
Compute Node role communicates directly with the hypervisors and manages the actual launching and management
of the workload instances.

A workload instance is a combination of two things. The first is the configuration that describes what the instance
looks like. The second is the block storage it will use for its disks.

The basic configuration parameters used by workload instances are defined in flavors. These flavors define
parameters such as how many VCPUs and how much memory an instance will have and how many disks will be
attached to it and their sizes. These flavors are typically defined by the cloud operator.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

172
OpenStack Administration with SUSE OpenStack Cloud
Block storage is provided as images and volumes.

When a user wants to launch a workload instance, they first select the flavor that they want the instance to look
like. They then select the image they want to boot the instance from. They select the networks they want the
instance to be attached to and the security groups they want it to be a member of. When the instance is launched,
the Compute Controller determines which Compute node will run the instance and then hands off all of this
information about the instance to that node. The Compute node then retrieves the specified image file or files and
tells the hypervisor to launch the instance. It also tells the hypervisor to attach the instance to the specified
networks and persistent storage volumes.

If running instances need to be migrated to different Compute Nodes, the Compute Controller manages this by

y
updating its database and then communicating with the affected Compute Nodes which in turn communicate with

nl
their hypervisors.

O
When an instance needs to be terminated, the Compute Controller also manages this in a similar fashion by
updating the database and communicating with the related Compute Node. Because all information about current
workload instances is stored in a database, the Compute Controller service can be scaled out by adding

e
additional Compute Controller nodes.

te Us
In summary, the OpenStack Compute Service, or Nova, is responsible for managing the lifecycle of workload
instances in an OpenStack cloud by keeping track of current instances and communicating with the hypervisors
running the instances.

bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

173
OpenStack Administration with SUSE OpenStack Cloud

KVM/Xen Compute Nodes

Controller Node
Nova Controller Services

y
nl
O
e
te Us
Compute Node Compute Node

bu r
tri ne
Nova Compute Service Nova Compute Service
Hypervisoris rt Hypervisor
D Pa
ot d
N an
D al

The controller nodes are responsible for scheduling and generally managing all of the compute work performed by
the OpenStack cloud. They communicate with the compute services running on the compute nodes. The compute
n

services in turn interact with the hypervisor services. When using the KVM or Xen hypervisors, the Nova compute
er

service runs directly on the node running the hypervisor.

The Nova controller services and the Nova compute services communicate using the message queue server(s).
t
In

Because of this message queue based communication it is possible to easily scale out either the controller nodes or
the compute nodes depending on where the extra capacity is needed.
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

174
OpenStack Administration with SUSE OpenStack Cloud

Hyper-V Compute Nodes

Controller Node
Nova Controller Services

y
nl
O
e
Compute Node

te Us
Nova Compute Service

bu r
tri ne
Hypervisor Node
is rt
D Pa
Hypervisor Node
Hypervisor Hypervisor
ot d
N an
D al

When using the Hyper-V hypervisor, the Nova compute service does not run on the same nodes as the hypervisor.
Instead, it runs on a separate node, or set of nodes, and these compute nodes communicate with the VMware
n

hypervisors. The Nova Compute Controller still communicates with the Compute node(s) in the same way, the
er

compute nodes just have to interact with the hypervisors over the network rather than locally as with KVM and Xen.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

175
OpenStack Administration with SUSE OpenStack Cloud

VMware Compute Nodes

Controller Node
Nova Controller Services

y
nl
O
Compute Node
Nova Compute Service

e
te Us
VMware vCenter

bu r
tri ne
is rt
D Pa
Hypervisor Node Hypervisor Node
ot d

Hypervisor Hypervisor
N an
D al

When using the VMware hypervisor, the Nova compute service does not run on the same nodes as the hypervisor.
Instead, it runs on a separate node, or set of nodes, and these compute nodes communicate with Vmware vCenter,
n

which communicates with the hypervisors directly. The Nova Compute Controller still communicates with the
er

Compute node(s) in the same way, the compute nodes just have to interact with the hypervisors over the network
rather than locally as with KVM and Xen.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

176
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Instances and

e
Flavors

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

177
OpenStack Administration with SUSE OpenStack Cloud

Cloud Workload Instances

Compute Node
Nova Compute Service
Hypervisor

y
Instance

nl
CPU

O
MEMORY
CPU

e
Instance

te Us
CPU MEMORY

CPU(s) Instance Network(s)

bu r
tri ne
CPU MEMORY

is rt
D Pa
Memory Volumes
(persistent)
ot d
N an

Disks
(ephemeral)
D al

Cloud workload instances, or simply instances, are typically virtual machines. These instances are made up of virtual
CPUs, Memory, Disks (that are ephemeral in nature – discussed on greater detail later), volumes (persistent storage)
n

and networks. Instances can have multiple and different sizes of these computational components
er

The Nova compute service is responsible for managing the life-cycle of these instances.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

178
OpenStack Administration with SUSE OpenStack Cloud

Flavors

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Flavors are used to pre-define the size and amount of virtual resources/components an instance will have when it is
instantiated. The resources/components defined in a flavor are: the number of VCPUs, the amount of RAM, the size
n

of the root disk, the size and presence of a swap disk and an addition ephemeral disk. While an instance is launched
er

using a specific flavor, that instance can be changed to use a different flavor after it has been launched allowing the
user to change the amount of resource it has after the fact.
o
t
In

Flavors can be made publicly available (i.e. any project can see and use them) or private (only visible and usable by
certain projects).
SE

Flavors can also be used in conjunction with host aggregates. If a flavor is associated with a host aggregate then all
instances launched using that flavor will automatically be launched on only the hosts in that host aggregate.
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

179
OpenStack Administration with SUSE OpenStack Cloud

Flavor Details

y
nl
O
e
te Us
Enter/Select flavor
properties

bu r
tri ne
is rt
D Pa
ot d
N an
D al

When defining a new flavor (or editing an existing on) you specify the the number of VCPUs, RAM, root disk/swap
disk/additional ephemeral disk sizes. You can also specify whether the flavor is publicly accessible or private to a
n

subset of projects.
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

180
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Nova Configuration

e
Commands

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

181
OpenStack Administration with SUSE OpenStack Cloud

openstack server Command

• Syntax: openstack server MODE OPTIONS

Mode Description

y
create -launch a new instance

nl
reboot -reboot an instance
suspend -suspend an instance to disk

O
resume -resume a suspended instance

e
delete -power off and remove an instance

te Us
list -display existing instances

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

182
OpenStack Administration with SUSE OpenStack Cloud

Launch an Instance in the Dashboard (1/2)

y
nl
O
e
te Us
Note that creating a new
volume for the instance

bu r
root disk is the default

tri ne
Note that it can still be
made "ephemeral"

is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

183
OpenStack Administration with SUSE OpenStack Cloud

Launch an Instance in the Dashboard (2/2)

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

184
OpenStack Administration with SUSE OpenStack Cloud

Connect to an Instance in the Dashboard

Select Console

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

185
OpenStack Administration with SUSE OpenStack Cloud

View Instance Console Log

Select Log

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

186
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Basic Nova

e
Troubleshooting

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

187
OpenStack Administration with SUSE OpenStack Cloud

Nova Log Files

• Located in /var/log/nova/ on nodes running Nova services

Controller Nodes:
Logfile Service/Description
-nova-api service log file

y
nova-api.log

nl
nova-cert.log -nova-cert service log file
nova-conductor.log -nova-conductor service log file

O
nova-consoleauth.log -nova-consoleauth service log file
-nova-manage utility log file

e
nova-manage.log

te Us
nova-scheduler.log -nova-scheduler service log file

Compute Nodes:

bu r
tri ne
Logfile Service/Description
nova-compute.log -nova-compute log file
is rt
D Pa
ot d
N an
D al

The nova-api service provides the API access to the Nova service and typically runs on controller nodes.
-The main configuration files for this service are: /etc/nova/nova.conf , /etc/nova/api-paste.ini and
n

/etc/nova/policy.json
er

-The log file for this service is: nova-api.log

The nova-cert service handles X509 certificates needed with the EC2 API and typically runs on controller nodes.
t
In

-The main configuration files for this service are: /etc/nova/nova.conf and /etc/nova/policy.json
-The log file for this service is: nova-cert.log
SE

The nova-conductor service acts as an interface between the nova-compute service instances and the Nova
database. This provides an extra layer of security for the database and therefore runs on controller nodes.
-The main configuration file for this service is: /etc/nova/nova.conf
SU

-The log file for this service is: nova-conductor.log

The nova-consoleauth service works with the nova-novncproxy service and helps with console access from the
cloud users to their instances by providing authentication to the Nova consoles.
-The main configuration files for this service are: /etc/nova/nova.conf and /etc/nova/policy.json
-The log file for this service is: nova-consoleauth.log

The nova-manage utility controls cloud computing instances by managing shell selection, vpn connections, and
floating IP address configuration and typically runs on controller nodes.
-The log file for this utility is: nova-manage.log

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

188
OpenStack Administration with SUSE OpenStack Cloud
The nova-scheduler service determines which compute node will launch a VM and typically runs on controller
nodes.
-The main configuration files for this service are: /etc/nova/nova.conf and /etc/nova/policy.json
-The log file for this service is: nova-scheduler.log

The nova-compute service interacts directly with a hypervisor or virtualization platform and communicates the
instructions regarding the life cycle of VMs to the hypervisors/virtualization platforms that actually run the VMs.
-The main configuration files for this service are: /etc/nova/nova.conf and /etc/nova/policy.json
-The log file for this service is: nova-compute.log

The nova-network service handles all of the network configuration and management when using the legacy

y
Nova networking.

nl
-The main configuration files for this service are: /etc/nova/nova.conf and /etc/nova/policy.json
-The log file for this service is: nova-network.log

O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

189
OpenStack Administration with SUSE OpenStack Cloud

nova Command

• Syntax: nova MODE OPTIONS

Mode Description

y
service-list -display state of Nova services

nl
O
Which service?
Is it running?

e
te Us
root@d52-54-00-63-a1-01:~ # nova-manage service list
+----+------------------+--------------------+----------+---------+-------+----------------------------+-----------------+
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+----+------------------+--------------------+----------+---------+-------+----------------------------+-----------------+
| 6 | nova-scheduler | d52-54-00-00-a1-01 | internal | enabled | up | 2017-08-09T10:56:50.634295 | - |
| 5 | nova-cert | d52-54-00-00-a1-01 | internal | enabled | up | 2017-08-09T10:56:50.881413 | - |

bu r
| 11 | nova-compute | d52-54-00-00-c1-01 | nova | enabled | up | 2017-08-09T10:56:45.373239 | - |

tri ne
| 7 | nova-conductor | d52-54-00-00-a1-01 | internal | enabled | up | 2017-08-09T10:56:48.063303 | - |
| 10 | nova-consoleauth | d52-54-00-00-a1-01 | internal | enabled | up | 2017-08-09T10:56:49.580915 | - |
+----+------------------+--------------------+----------+---------+-------+----------------------------+-----------------+

is rt Is it enabled?
D Pa
On which host?
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

190
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 8

O
e
te Us
Review Questions

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

191
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

191
OpenStack Administration with SUSE OpenStack Cloud

Section 8 Review Questions

• What are the 2 main roles in the OpenStack Compute Service (Nova)?
• What are each of the roles responsible for?
• Where do the services that correspond to these roles typically run in a SUSE
OpenStack cloud?

y
• What are flavors in the context of OpenStack and how are they used?

nl
• What does an instance/server in OpenStack consist of?

O
• What commands/utilities can be used to manage instances in OpenStack?

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

192
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 8

O
e
te Us
Exercises

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

193
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

193
OpenStack Administration with SUSE OpenStack Cloud

Section 9

y
nl
Work with Block Storage in

O
OpenStack

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

194
OpenStack Administration with SUSE OpenStack Cloud

Section Objectives

• Understand Storage in OpenStack

• Understand Cinder Features and Functionality

y
nl
• Understand Cinder Configuration Commands

O
• Understand Booting From Volumes

e
• Understand Cinder Volume Types

te Us
• Understand Basic Cinder Troubleshooting

bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

195
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Storage in

e
OpenStack

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

196
OpenStack Administration with SUSE OpenStack Cloud

OpenStack Storage Types

• Ephemeral
‒ Disks associated with VMs (root/swap/etc.)
‒ Exist in Compute nodes' file systems
‒ Deleted when associated instance is terminated

y
nl
• Persistent

O
‒ Block -Attached to instances as block devices
-Data persists when the instance it is attached to is

e
terminated

te Us
-Can be attached to different instances
‒ Object -Accessed via REST API

bu r
-Not accessible as a block device or filesystem

tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

197
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Cinder Features and

e
Functionality

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

198
OpenStack Administration with SUSE OpenStack Cloud

What is OpenStack Block Storage (Cinder)?

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d

Video:
N an

What is the OpenStack Block Service?

D al

There are two types of block storage used in a cloud environment, ephemeral and persistent.
n

Ephemeral block storage is typically the virtual machine image file used as the root disk of a workload instance when
er

it is running. Additional ephemeral disks can be added to a workload instance for use as additional storage or swap
space.
o
t
In

Ephemeral block storage is referred to as “Ephemeral” because it only exists as long as the workload instance exists.
When the workload instance is terminated, all of its ephemeral disks are deleted.
SE

What if you have data that you want to persist beyond the lifespan of a workload instance?

This is where persistent block storage, or volumes come into play.

Volumes are persistent block storage that can be attached to running workload instances. When a workload instance
is terminated, the volume is left untouched and can be attached to another workload instance in the future.

What if I don’t want to lose a workload instance’s root volume?

Volumes can also be used as the root disks of workload instances. This is referred to as “boot from volume”. In this
case, when a workload instance in instantiated, rather than just making a copy of an image file and booting directly
from it, the contents of the image file are written into a volume and the workload instance boots from the volume
instead. This allows for a specific root volume, with all of its configuration intact, to be used by different workload
instances throughout time. Another advantage of booting from volumes is that it can make migration of a running
instances from one Compute node to another easier.

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

199
OpenStack Administration with SUSE OpenStack Cloud
The OpenStack Block Service, or Cinder, is what provides these volumes. The Block Service API acts as a broker
between the Compute nodes that are running the workload instances and the storage backends where the
volumes physically reside.

The OpenStack Block Service supports a wide range of storage backends. A simple storage backend could be
LVM volumes, residing on servers in the cloud infrastructure, that are exported as iSCSI targets and LUNS. A
Ceph cluster can also be used as a storage backend. In this case, RADOS Block Devices are used as volumes.
There are even drivers that allow 3rd party SANs and NASes to host the volumes.

The reason that the OpenStack Block Service acts as a broker is that it is not involved in the actual connection
between the workload instances and their volumes. When the Compute service wants to launch a new workload

y
instance that is connected to a volume, it contacts the Block Service broker to get the URI of the volume it needs

nl
to attach to. The Compute node that that will run the workload instance then uses this URI to go directly to the
backend on which the volume physically resides and attaches it to the workload instance.

O
Because the information about volumes and their physical location is stored in a database, and because it is not
directly involved in the connection between the workload instances and their volumes, the Block Service API can

e
be scaled out by adding additional API instances or brokers.

te Us
In summary, the OpenStack block Service, or Cinder, is used to provide workload instances with access to
persistent storage volumes.

bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

200
OpenStack Administration with SUSE OpenStack Cloud

Cinder + iSCSI (Raw Devices)

Compute Node
Nova Compute Service

y
Instance
Hypervisor

nl
CPU MEMORY

O
e
te Us
bu r
tri ne
Cinder API ISCSI target
server

is rt
D Pa
Cinder Server LVM

LVM
LVM
ot d

LVM
N an

iSCSI Server
D al

The Nova Compute service communicates with the Cinder API running on the cinder server to discover the path to
the volume that will be attached to the instance.
n
er

When using an iSCSI storage back end, the path to the volume is returned as an iSCSI LUN. The Nova compute
service passes this on to the Hypervisor which then connects the instance directly to the iSCSI LUN on the iSCSI
o

target server. The iSCSI target server can either be running on the same node as the Cinder API service (the Cinder
t
In

server) or it can be running on the different server or servers in the infrastructure. The diagram above shows the
iSCSI target server running on the Cinder server.
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

201
OpenStack Administration with SUSE OpenStack Cloud

Cinder + NFS

Compute Node
Nova Compute Service

y
Instance
Hypervisor

nl
CPU MEMORY

O
e
te Us
bu r
tri ne
Cinder API Raw Raw Raw
file file file

is rt Raw Raw Raw

D Pa
Cinder Server file file file

Raw Raw Raw

file file file
ot d

NFS export
N an

NFS Server
D al

Similar to using an iSCSI backend, with an NFS backend, the Nova Compute service communicates with the Cinder
API running on the cinder server to discover the path to the volume that will be attached to the instance.
n
er

However, when using an NFS storage back end, the path to the volume that is returned points to a raw file on an NFS
export. The Nova compute service passes this on to the Hypervisor which then mounts the NFS export and then
o

connects the instance directly to the raw file in the NFS export.
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

202
OpenStack Administration with SUSE OpenStack Cloud

Cinder + 3rd Party SAN/NAS

Compute Node
Nova Compute Service

y
Instance
Hypervisor

nl
CPU MEMORY

O
e
te Us
bu r
tri ne
Cinder API 3rd Part SAN / NAS

is rt
D Pa
Cinder Server
ot d
N an
D al

Cinder also has drivers that enable it to work with other 3rd party SANs and NASes.
n

The connection of the volumes to the instances is carried out in a similar fashion as with the iSCSI back end. The
er

Nova compute service talks to the Cinder API to discover the path to the volume. The path is passed to the
hypervisor which in turn connects the volume on the 3rd party SAN/NAS directly to the instance.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

203
OpenStack Administration with SUSE OpenStack Cloud

Cinder + RADOS (Ceph)

Compute Node
Nova Compute Service
Instance
Hypervisor

y
CPU MEMORY

nl
O
Cinder API

e
te Us
Cinder Server

bu r
Ceph Cluster

tri ne
Ceph-mon-master Ceph-store Ceph-store Ceph-store Ceph-store Ceph-store Ceph-store Ceph-store Ceph-store Ceph-store Ceph-store

M S
Disk
OSD

Disk Disk
S
Disk
is rt
OSD

Disk Disk
S
Disk
OSD

Disk Disk Disk

S OSD

Disk Disk
S
Disk
OSD

Disk Disk
D Pa
Ceph-store
RBD Ceph-store RBD Ceph-store RBD Ceph-store RBD Ceph-store RBD Ceph-mon RBD Ceph-store RBD Ceph-store RBD Ceph-store RBD Ceph-store RBD Ceph-store

S
Disk
OSD

Disk Disk
S
Disk
OSD

Disk Disk Disk

S OSD

Disk Disk
M S
Disk
OSD

Disk Disk
S
Disk
OSD

Disk Disk
ot d

Ceph-store
RBD Ceph-store RBD Ceph-store RBD Ceph-store RBD Ceph-store RBD Ceph-store RBD Ceph-store RBD Ceph-store RBD Ceph-store RBD Ceph-store RBD Ceph-mon
N an

S
Disk
OSD

Disk Disk
S
Disk
OSD

Disk Disk Disk

S OSD

Disk Disk
S
Disk
OSD

Disk Disk
M
D al

In addition to iSCSI and 3rd party SAN/NAS storage back end drivers, Cinder also has a storage back end driver that
allows it to use a RADOS Block Devices (RBDs), that reside on a Ceph cluster as volumes.
n
er

The Nova compute service retrieves the path to the RBD from the Cinder API and hands it off to the hypervisor. The
hypervisor uses native RBD drivers to attach the RBD volume directly to the instance.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

204
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Cinder Configuration

e
Commands

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

205
OpenStack Administration with SUSE OpenStack Cloud

openstack volume Command

• Syntax: openstack volume MODE OPTIONS

Mode Description
create --size SIZE VOL_NAME

y
-create a new volume

nl
O
delete -delete a volume

e
list -list existing volumes

te Us
show VOL_ID -display information about a volume

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

206
OpenStack Administration with SUSE OpenStack Cloud

Create a Volume in the Dashboard

Name the volume

y
nl
O
e
te Us
bu r
tri ne
Select source file
and type

is rt
D Pa
Select volume size
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

207
OpenStack Administration with SUSE OpenStack Cloud

openstack server Command

• Syntax: openstack server MODE OPTIONS

Option Description
add volume -attach a volume to an instance

y
nl
remove volume -detach a volume from an instance

O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

208
OpenStack Administration with SUSE OpenStack Cloud

Attach a Volume to an Instance in the

Dashboard

Select: Manage Attachments

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
Select instance to attach to
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

209
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Booting From

e
Volumes

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

210
OpenStack Administration with SUSE OpenStack Cloud

Booting From Volumes

• Why use?
‒ Root disk is no longer ephemeral
‒ Easier to live migrate VMs between Hypervisors

y
• How to create?

nl
‒ Contents of an image file is written to a volume

O
‒ Created from a snapshot of a volume

e
te Us
bu r
tri ne
Instance
is rt
D Pa
CPU MEMORY
ot d
N an
D al

One of the default behaviors encountered when running instances on an OpenStack cloud is that when an instance is
terminated, all data in that instance is lost if it isn't stored on a volume. This includes of course the OS and all of its
n

potential custom configuration. If this behavior is not desired, a feature named boot from volume can be used.
er

When booting an instance from a volume, the OS and all of its configuration is stored on a volume instead of an
o

ephemeral disk, allowing this data to be preserved when the instance is terminated. At a some later date, the cloud
t
In

user could launch a new instance, booting it from this volume, and the instance would be identical in every way
relating to its configuration as the original instance.
SE

Another advantage of booting instances from volumes is related to live migration. When an instance is using an
ephemeral disk as its root volume, if that instance needs to be migrated to another Hypervisor node, the VM either
has to be paused, the ephemeral disks for that instance copied to the new hypervisor and then unpaused, or the
SU

directory that all of the compute nodes use to store these files must first be on some sort of shared storage such as
an NFS export. In the case of no shared storage, the migration can take a longer amount of time and in the case of
shared storage, the shared storage must be configured before any instances are launched. In either case, there is
more complexity involved. When booting an instance from a volume, the Cinder volumes are already directly
accessible to all hypervisors. A migration simply requires the VM's memory to be moved to the new node and then
that node connected to the volume.

To create a bootable volume, the contents of a disk image in Glance can be written to the volume, or a snapshot of an
instance can be used

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

211
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Cinder Volume

e
Types

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

212
OpenStack Administration with SUSE OpenStack Cloud

Why Use Cinder Volume Types

• Specify on which back-end a volumes exists

y
• Define Different characteristics for volumes

nl
O
• Provide encrypted volumes

e
te Us
• Provide QoS when accessing volumes

bu r
tri ne
is rt
D Pa
ot d
N an
D al

In Cinder, volume types can be quite useful for a number of reasons. These volume types are defined by the cloud
operator and referenced by the cloud users when they create new volumes.
n
er

Because Cinder can have multiple, potentially different, storage back ends, there needs to be a way to let the Cinder
scheduler know on which back end to create a volume when a request to create one is issued by a user of the cloud.
o

In the absence of volume types, the scheduler is left on its own to determine which back end to use. When using
t
In

volume types, a volume type can be defined and then associated with a single storage back end type or a group of
storage back end types. Because these different storage back ends may provide different features or performance
levels the user now has the option to choose the storage back end they wish to use.
SE

Another reason to use volume types is that you can specify different characteristics for the volume that can potentially
be passed on to the storage back end and can change how a volume is created on that particular storage back end.
SU

Cinder also supports encrypted volumes and volume types can be used by the cloud operator to define how these
volumes will be created.

Cinder volume types can also be used to specify QoS limits on the volumes. These QoS limits can be enforced either
at the front end by limiting throughput or IOPS or at the back end by using vendor specific functionality.

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

213
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Basic Cinder

e
Troubleshooting

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

214
OpenStack Administration with SUSE OpenStack Cloud

cinder Command

• Syntax: cinder MODE OPTIONS

Mode Description
service-list -display state of Cinder services

y
nl
O
e
te Us
Which service?
Is it running?

bu r
root@d52-54-00-63-a1-01:~ # cinder service-list

On which host?
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

215
OpenStack Administration with SUSE OpenStack Cloud

Cinder Log Files

• Located in /var/log/cinder/ on nodes running Cinder services

Logfile Service/Description
api.log -API service log file

y
cinder-manage.log -cinder-manage utility log file

nl
scheduler.log -Cinder scheduler service log file

O
volume.log -Cinder volume service log file

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The cinder-api service provides API access to the Cinder service.

-The log file for this service is: /var/log/cinder/api.log
n
er

The cinder-manage utility is used to manage the Cinder services.

-The log file for this service is: /var/log/cinder/cinder-manage.log
o
t
In

The cinder-scheduler service is used to determine which storage back end to create the volume on.
-The log file for this service is: /var/log/cinder/scheduler.log
SE

The cinder-volume service interacts with the back end storage providers for the actual volumes.
-The log file for this service is: /var/log/cinder/volume.log
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

216
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 9

O
e
te Us
Review Questions

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

217
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

217
OpenStack Administration with SUSE OpenStack Cloud

Section 9 Review Questions

• What is ephemeral storage?

• What is persistent storage?
• What is the OpenStack Block Service (Cinder) and what does it provide?
• What can the OpenStack Block Service use as storage back ends?

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

218
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 9

O
e
te Us
Exercises

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

219
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

219
OpenStack Administration with SUSE OpenStack Cloud

Section 10

y
nl
Work with Object Storage in

O
OpenStack

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

220
OpenStack Administration with SUSE OpenStack Cloud

Section Objectives

• Understand Object Storage

• Understand Swift Features and Functionality

y
nl
• Understand Swift Configuration Commands

O
• Understand Basic Swift Troubleshooting

e
• Understand Ceph Features and Functionality

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

221
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Object Storage

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

222
OpenStack Administration with SUSE OpenStack Cloud

What is OpenStack Object Storage (Swift)?

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d

Video:
N an

What is Object Storage?

D al

Objects storage is commonly not well understood with many people asking, what is object storage, how does it work,
what is it good for and why should I care about it.
n
er

For starters, object storage stores data differently than a file system. With a file system, files are stored in a
hierarchical system of directories and sub-directories on a single block device. When accessing a file in a file system
o

you must know the exact path in the directory structure where the file resides. With object storage, files are stored in
t
In

a flat namespace that can span multiple storage servers with each file having its own unique identifier and accessible
by its own unique URL. To access a file in object storage you simply need to know this URL. You don’t access object
storage by mounting it like a file system you access it via a RESTful, or HTTP based, interface.
SE

Another advantage of object storage is that it is easily and massively scalable. To add space to an object store you
simply add additional storage servers. Because object storage doesn’t rely on a directory based data structure it does
SU

not have the inherent limitations to scaling out to massive sizes that file systems do.

Unlike file systems which store their data in disk blocks or sectors and then rely on a data structure to store the file’s
metadata and to map which blocks on disk belong to that file, object storage stores files, their associated metadata
and unique identifier as a single object. This minimizes the overhead required to store and access files. This does
present a challenge however because with an object store, the files cannot be modified in place. With a filesystem,
files can be modified in place because it only requires allocating additional disk blocks to the file. With object storage,
the file must be retrieved, in its entirety, from the object store before it can be modified. The modified version then
must be uploaded again back to the object store. This means that files that change often or transactional data are not
good candidates for storage in an object store. The best type of data to store in object storage is data that is static or
unstructured in nature such as pictures, videos or data backups.

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

223
OpenStack Administration with SUSE OpenStack Cloud
Most object stores are designed with the idea that failure will happen and have built-in redundancy. This
redundancy is typically achieved through replication of data as multiple copies across different storage servers in
the storage cluster. Self healing, or automatic re-replication in the case of failure, is also a common feature in
object stores. Because object stores are designed to work around failure, they can be built using cheaper
commodity hardware.

Depending on how the object store is designed, this replication of data may mean that the data stored in these
object storage clusters is “eventually consistent” rather than “strongly consistent”. If the data that is being stored
in the object store is static or unstructured this is generally not an issue and any inconsistency will be resolved.

Object storage is particularly useful in solving the problem of ever increasing amounts of data. Because most data

y
being generated today is static or non transactional in nature, object stores can be used to store this data cheaply

nl
yet still have it be easily and quickly accessible.

O
In summary, object storage is very useful for storage of large amounts of data that does not change often. It is
massively and cheaply scalable due to its method of storing and accessing data and its ability to use commodity
hardware thanks to its replication and self healing. Accessing data in an object store is done through a URL, or

e
web based RESTful interface, rather than being mounted as a file system. As we go into the future we will most

te Us
likely see more and more data stored in object stores because of these features.

bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

224
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Swift Features and

e
Functionality

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

225
OpenStack Administration with SUSE OpenStack Cloud

What is Swift?

• Highly available, distributed, eventually consistent object store

• Provides for massive scale out and capable of storing petabytes of data
• Can be deployed both locally and geographically dispersed
• Provides redundancy of data through replication

y
• Designed with the idea that failure will happen

nl
• Can be deployed on commodity hardware

O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

226
OpenStack Administration with SUSE OpenStack Cloud

Swift Architecture
Load Balancer
Access Tier

y
Proxy Server Proxy Server Proxy Server

nl
O
e
te Us
bu r
tri ne
Storage Tier

Object is rt Container Account

D Pa
Server Server Server
ot d
N an
D al

There are two main tiers in the Swift architecture, The Access Tier and the Storage Tier.
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

227
OpenStack Administration with SUSE OpenStack Cloud

Access Tier
Load Balancer
Access Tier

y
Proxy Server Proxy Server Proxy Server

nl
O
• Proxy Server

e
‒ Handles incoming API requests and routes responses to correct

te Us
server
‒ Handles failures

bu r
‒ Coordinates timestamps

tri ne
‒ Uses shared-nothing architecture for easy scale out
• Load Balancer (optional) is rt
‒ Distributes requests across proxy servers
D Pa
ot d
N an
D al

In the Access Tier resides the Swift Proxy server(s). A Swift Proxy server handles all incoming API requests for
uploading or accessing data and routes the responses to the correct server in the Storage Tier. The Proxy server also
n

handles any failures and manages the replication of data. It also coordinates all the time stamps of all copies of data
er

stored in the cluster.

A Swift Proxy server uses a shared-nothing architecture which makes it very simple to scale out when additional
t
In

capacity is needed in the Access Tier. All that is required is the addition of additional Swift Proxy servers. If desired a
Load balancer can be placed in front of the Swift Proxy Servers to present a single address as the API end point for
accessing the Swift cluster. Because of the shared-nothing architecture any Swift Proxy server can answer any API
SE

request.
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

228
OpenStack Administration with SUSE OpenStack Cloud

Storage Tier
• Object Server
‒ Stores, retrieves and deletes objects stored on local devices
• Container Server
‒ Handles listings of Objects that are in Containers

y
Account Server

nl
•
‒ Handles listings of Containers that are associated with Accounts

O
e
te Us
bu r
tri ne
Storage Tier

Object is rt Container Account

D Pa
Server Server Server
ot d
N an
D al

In the Storage Tier reside the servers that actually store the data in the Swift cluster. There can be three different
types of storage servers, Object Servers, Container Servers and Account Servers. Each type of server handles a
n

particular type of data. Object Servers store, retrieve and delete objects stored on local devices. These objects are
er

the actual data stored in the Swift cluster. Container servers handle the listings of objects that are in containers and
Account servers handle the listings of containers that are associated with accounts.
o
t
In

Like with the Access Tier, scale out is quite easy. When more capacity is needed additional storage servers can be
added. The replication of data onto these new servers is handled automatically.
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

229
OpenStack Administration with SUSE OpenStack Cloud

Swift Terminology (1/4)

Component Description
Account -Corresponds to a user of the cluster
Container -Contains Objects

y
-Associated with an account

nl
Object -Data stored in the cluster

O
e
te Us
bu r
Objec

tri ne
t
Container
Database
is rt Object
D Pa
Account
Database
Object
ot d

Container
Database
N an

Object
D al

Access to a Swift cluster is based on accounts. An account is analogous to a human user that needs to store data in
the cluster. Before any objects (i.e. data) can be stored in the Swift cluster by a user, a container needs to be created
n

to hold the data. Containers are analogous to directories in a traditional file system. An account can create multiple
er

Containers to hold its objects. The actual data stored in the Swift cluster is referred to as objects. Each object
contains the complete data, metadata and unique identifier for that object and is accessible by its own unique URL.
o

Each Container can contain multiple objects.

t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

230
OpenStack Administration with SUSE OpenStack Cloud

Swift Terminology (2/4)

Component Description
Ring -Maps logical names of entities to their
physical locations on disk

y
-Maintains mapping based on zones,

nl
devices, partitions and replicas

O
-Separate rings for accounts, containers
and objects

e
Proxy Server -Used by proxy servers and other

te Us
background proccesses like replication

bu r
tri ne
is rt
D Pa
Storage Storage
Server Server
ot d
N an
D al

In a Swift cluster all mapping between entities (accounts, containers, objects) and their actual physical location on
disk is stored and accessed in what are referred to as Rings. Each type of entity has its own corresponding ring
n

meaning there is an Account Ring,a Container Ring and an Object Ring. These rings are accessed and maintained
er

by the Swift Proxy servers. The background replication processes of the Swift cluster also use these rings to keep
track up how many copies of the data there are and where those copies exist.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

231
OpenStack Administration with SUSE OpenStack Cloud

Swift Terminology (3/4)

Component Description
Zone -Isolate failure boundries
-Contain Object, Container and Account

y
servers

nl
-Replicas of data reside in different zones
-Failure in any zone does not affect any

O
other zone

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an

Zone 1 Zone 2 Zone 3 Zone 4 Zone 5

D al

A Swift cluster is divided into different zones that are used to isolate failure. Replicas of data reside in different zones.
The idea is that failure in any one zone will not affect any other zone. Having more that two zones will allow for more
n

than two replicas of data and will even ensure that failure in more than one zone will not affect the validity of data
er

across the entire cluster (as long as the number of replicas is more than two). Every zone will contain Account,
Container and Object servers.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

232
OpenStack Administration with SUSE OpenStack Cloud

Swift Terminology (4/4)

Component Description
Device -Disk where data is stored
Partition -Collection of stored data
(Account DB / Container DB / Objects)

y
Replica -Copy of a Partition in a Zone

nl
O
e
te Us
Partition Partition Partition
Account Account Account
Database Database Database

bu r
Container Container Container

tri ne
Database Database Database

Object Object Object Object Object Object

is rt
D Pa
ot d
N an

Zone 1 Zone 2 Zone 3 Zone 4 Zone 5

Replicas
D al

A device in a Swift cluster refers to an actual disk where data is stored. A Storage server can, and usually will, have
more than one device.
n
er

A Partition is a collection of stored data including Account data, Container data and Objects. Replicas are copies of
partitions. Replicas reside on individual devices in the storage servers in the Storage Tier.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

233
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Swift Configuration

e
Commands

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

234
OpenStack Administration with SUSE OpenStack Cloud

openstack container/object Commands

• Syntax: openstack container MODE OPTIONS
Mode Description
list -List containers
show -Display info about a container
-Create a new container

y
create

nl
delete -Delete a container

O
• Syntax: openstack object MODE OPTIONS
Mode Description

e
list -List objects in a container

te Us
show -Display info about an object
create -Create a new object in a container

bu r
delete -Delete an object in a container

tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

235
OpenStack Administration with SUSE OpenStack Cloud

swift Command
• Syntax: swift MODE OPTIONS
Mode Description
list [ CONTAINER ] -List containers or objects in a container
stat CONTAINER [ OBJECT ] -Display info about a container/object

y
nl
post [ CONTAINER ] -Create a new container

O
post CONTAINER --read-acl | --write-acl ACL
-Create an ACL on the container

e
upload CONTAINER FILE -Upload a file to a container

te Us
download OBJECT -Download an object

bu r
delete [ CONTAINER ] [ OBJECT ] -Delete a container/object

tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

236
OpenStack Administration with SUSE OpenStack Cloud

Work with Containers in the Dashboard

Create Container

y
nl
O
e
Upload object

te Us
Container

bu r
tri ne
is rt
D Pa
ot d
N an

Objects in
Container
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

237
OpenStack Administration with SUSE OpenStack Cloud

swift Command (ACLs)

• Syntax: swift MODE OPTIONS
Mode Description
list [ CONTAINER ] -List containers or objects in a container
stat CONTAINER [ OBJECT ] -Display info about a container/object

y
nl
post [ CONTAINER ] -Create a new container

O
post CONTAINER --read-acl | --write-acl ACL
-Create an ACL on the container

e
upload CONTAINER FILE -Upload a file to a container

te Us
download OBJECT -Download an object

bu r
delete [ CONTAINER ] [ OBJECT ] -Delete a container/object

tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

238
OpenStack Administration with SUSE OpenStack Cloud

swift Command (Object Expiration)

• Syntax: swift MODE OPTIONS
Mode Description
stat CONTAINER [ OBJECT ] -Display info about a container/object
post CONTAINER FILE --header "X-Delete-At: TIMESTAMP"

y
-upload a file as an object with an

nl
expiration time some point in the future
-add an expiration time to an existing

O
object for some point in the future

e
post CONTAINER FILE --header "X-Delete-After: TIMESTAMP"

te Us
-upload a file as an object with an
expiration time (some point after now)

bu r
-add an expiration time to an existing

tri ne
object (some point after now)
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

239
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Basic Swift

e
Troubleshooting

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

240
OpenStack Administration with SUSE OpenStack Cloud

Swift Log Files

• Located in /var/log/swift/ on nodes running Swift services

Logfile Service/Description
proxy-server.log -Proxy server log file

y
account-server.log -Account service log file

nl
container-server.log -Container service log file

O
object-server.log -Object service log file

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The Swift proxy-server service acts as the gateway to the Swift cluster. It handles failures, coordinates timestamps
and manages and interacts with the rings.
n

-The log file for this service is: proxy-server.log

The Swift account-server service manages all of the data relating to user accounts with access to the Swift cluster.
o

-The log file for this service is: account-server.log

t
In

The Swift container-service manages all data relating to the the containers created in the Swift cluster.
-The log file for this service is: container-server.log
SE

The Swift object-server service manages all data relating to the objects that are stored in the Swift cluster.
-The log file for this service is: object-server.log
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

241
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Ceph Features and

e
Functionality

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

242
OpenStack Administration with SUSE OpenStack Cloud

Ceph Features

• Object storage
• Block devices
‒ With snapshots and cloning
• Shared POSIX compliant file system

y
• Scales to exabytes and more

nl
• Runs on heterogeneous commodity hardware

O
• Reliable and fault tolerant

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Though not an official OpenStack project, Ceph is very commonly used with OpenStack clouds. Because Ceph can
provide both object storage, using the Swift API, and redundant, high performance and centrally accessible block
n

storage that can be used as back end storage for Cinder and Glance, it is a very attractive solution for cloud storage.
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

243
OpenStack Administration with SUSE OpenStack Cloud

RADOS
APP APP Host/VM Client

y
RADOSGW RBD CEPH FS

nl
A bucket based A reliable and fully- A POSIX-compliant
Gateway compatible distributed block device, distributed file system
LIBRADOS

O
with S3 and Swift with a Linux kernel client with a Linux kernel
A library allowing and a QEMU/KVM driver client and support for
apps to directly FUSE

e
access RADOS

te Us
bu r
tri ne
is rt
D Pa
RADOS
A reliable, autonomous, distributed object store comprised of self-healing, self-managing, intelligent
storage nodes
ot d
N an
D al

RADOS (Reliable Autonomous Distributed Object Store) is the engine behind Ceph. To provide access to the
underlying object store in different ways, a library (librados) and a set of services (RADOS Gateway, RBD and
n

CephFS) are provided.

er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

244
OpenStack Administration with SUSE OpenStack Cloud

Data Distribution

• All objects are replicated N times

‒ Usually 2-3 times, could be up to 10 times
• Objects are automatically placed, balanced and migrated
‒ Location of replicas can be defined by placement policy

y
‒ If nodes are added/removed, objects are automatically migrated and

nl
replicated

O
• Location of object is determined based on calculations not indexes
‒ Calculation is based on object name and number of nodes

e
‒ Uses algorithm named CRUSH

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Rather than use indexes to store and access data on the cluster node, it uses an algorithm to determine the
placement of this data. This greatly improves performance and simplifies the scale out of the cluster when more
n

storage space is needed. When additional storage nodes are added, the algorithm automatically balances the data
er

across the additional nodes while maintaining a consistent point of access to the data.
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

245
OpenStack Administration with SUSE OpenStack Cloud

Crush

• Fast calculation, repeatable and deterministic

• Statistically uniform distribution
• Stable mapping
• Rule based configuration

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The CRUSH algorithm is what Ceph uses to distribute and access the data it is storing across the cluster nodes. It is
fast and deterministic and it provide statistically uniform distribution of the data across all cluster nodes.
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

246
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 10

O
e
te Us
Review Questions

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

247
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

247
OpenStack Administration with SUSE OpenStack Cloud

Section 10 Review Questions

• How is object storage different than block storage?

• What is OpenStack Object Storage (Swift)?
• What are containers and objects in OpenStack Object Storage?
• How can Ceph be used in an OpenStack cloud?

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

248
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 10

O
e
te Us
Exercises

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

249
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

249
OpenStack Administration with SUSE OpenStack Cloud

Section 11

y
nl
Orchestrate the Lifecycle of

O
Cloud Applications

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

250
OpenStack Administration with SUSE OpenStack Cloud

Section Objectives

• Understand the Lifecycle of Cloud Applications

• Understand Heat Template Files

y
nl
• Understand Heat Configuration Commands

O
• Launch an Instance from a Template

e
• Create a Network Stack from a Template

te Us
• Connect and Instance to a Network from a Template

bu r
• Expose an Instance to the External World from a Template

tri ne
• Attach a Volume to an Instance from a Template
is rt
Understand Basic Heat Troubleshooting
D Pa
•
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

251
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand the Lifecycle of

e
Cloud Applications

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

252
OpenStack Administration with SUSE OpenStack Cloud

What is a Cloud Application Stack?

y
nl
A cloud application stack is a set of

O
compute, network, and storage

e
te Us
requirements, running in the cloud, that

bu r
provides a specific service to users.

tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

253
OpenStack Administration with SUSE OpenStack Cloud

Deploy Cloud Application Stacks

There are 3 ways to deploy:

y
nl
The easy way

O
e
te Us
The “not quite as easy” way

bu r
tri ne
is rt
The “hard up-front, but totally
D Pa
easier in the end” way
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

254
OpenStack Administration with SUSE OpenStack Cloud

The Easy Way

Manual Deployment Process:

‒ Log into the Dashboard
‒ Go to the images section
‒ Select your images and launch them

y
‒ Configure network and storage as necessary

nl
O
e
te Us
bu r
tri ne
is rt Very quick and easy...
If you're doing it once
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

255
OpenStack Administration with SUSE OpenStack Cloud

The Not Quite as Easy Way

Use the API

‒ Python Libraries
‒ Script out the manipulation of compute, network and storage

y
nl
O
e
te Us
Labor intensive up front, but scales easily to

bu r
large deployments

tri ne
is rt
D Pa
Not terribly friendly to all potential cloud users
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

256
OpenStack Administration with SUSE OpenStack Cloud

The "Hard Up-front but Totaly Easier in the

End" Way
OpenStack Orchestration (Heat)

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

257
OpenStack Administration with SUSE OpenStack Cloud

What is Heat?

“Heat is a service to orchestrate multiple

y
nl
composite cloud applications using the

O
AWS Cloud Formation template format,

e
through both an OpenStack-native ReST

te Us
API and a CloudFormation-compatible
Query API.”

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

258
OpenStack Administration with SUSE OpenStack Cloud

What is Heat?

“Heat is a service to orchestrate multiple

y
nl
composite cloud applications using the

O
AWS Cloud Formation template format,

e
through both an OpenStack-native ReST

te Us
API and a CloudFormation-compatible
Query API.”

bu r
tri ne
is rt
D Pa

Um ... what?
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

259
OpenStack Administration with SUSE OpenStack Cloud

What is Heat?

y
Heat allows you to pre-define a set of

nl
O
compute, network, and storage

e
requirements to provide a specific service,

te Us
and deploy the whole thing automagically.

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

260
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Heat Template Files

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

261
OpenStack Administration with SUSE OpenStack Cloud

Heat Orchestration Template (HOT) Files

HOT templates are defined in YAML and follow this structure:

y
heat_template_version: VERSION DATE

nl
description:

O
# a description of the template

e
parameter_groups:

te Us
# a declaration of input parameter groups and order

bu r
parameters:

tri ne
# declaration of input parameters

resources: is rt
D Pa
# declaration of template resources

outputs:
ot d

# declaration of output parameters

N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

262
OpenStack Administration with SUSE OpenStack Cloud

Heat Template Version

• Tells Heat the format of the template and features that will
be validated and supported
Version number is in the format of a date

y
•

nl
(the date that the version was released)

O
Example: 2013-05-23

e
te Us
• Descriptions of the versions can be found in the Heat
Orchestration Template (HOT) specification:

bu r
tri ne
http://docs.openstack.org/developer/heat/template_guide/hot_spec.html#heat-template-version

is rt
heat_template_version: 2013-05-23
D Pa
description: Simple template to deploy a single compute instance

parameters:
ot d

key_name:
N an

type: string
label: Key Name
...
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

263
OpenStack Administration with SUSE OpenStack Cloud

Description

• Allows for giving a description of the template, or the

workload that can be deployed using the template

y
nl
heat_template_version: 2013-05-23

O
description: Simple template to deploy a single compute instance

parameters:

e
key_name:

te Us
type: string
label: Key Name
description: Name of key-pair to be used with compute instance
default: my-keypair

bu r
tri ne
image:
type: string
label: Image Name
is rt
description: Image to be used to compute instance
default: 5
D Pa
flavor:
type: string
label: Instance Type
ot d

description: Type of instance (flavor) to be used

N an

default: 5
...
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

264
OpenStack Administration with SUSE OpenStack Cloud

Parameters

• Allows for specifying how the input parameters should be

grouped and the order to provide the parameters in

y
nl
heat_template_version: 2013-05-23

O
description: Simple template to deploy a single compute instance

parameters:

e
key_name:

te Us
type: string
label: Key Name
description: Name of key-pair to be used with compute instance
default: my-keypair

bu r
tri ne
image:
type: string
label: Image Name
is rt
description: Image to be used to compute instance
default: SLES12
D Pa
flavor:
type: string
label: Instance Type
ot d

description: Type of instance (flavor) to be used

N an

default: m1.smaller
...
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

265
OpenStack Administration with SUSE OpenStack Cloud

Resources
...
• Declaration of the
resources:
my-server: resources of the
type: OS::Nova::Server
properties: template
key_name: my-keypair
image: SLES12-SP1
Can be of many

y
flavor: m1.smaller •

nl
networks:
- port: { get_resource: my-server_port } different types:

O
mystack_network: ‒ Instances
type: OS::Neutron::Net

e
properties: ‒ Networks

te Us
‒ Volumes
mystack_subnet:
type: OS::Neutron::Subnet
‒ Ports
properties: ‒ IP addresses

bu r
network_id: { get_resource: mystack_network } ‒ Etc.

tri ne
cidr: { get_param: mystack_subnet_network_id }

my-server_port:
• At least one
type: OS::Neutron::Port
properties:
is rt resource should be
D Pa
network_id: { get_resource: mystack_network }
fixed_ips:
defined
- subnet_id: { get_resource: mystack_subnet }
ot d

...
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

266
OpenStack Administration with SUSE OpenStack Cloud

Outputs

• Allows for outputing parameters from a deployed stack

y
nl
...

O
outputs:
instance_ip:

e
description: The IP address of the deployed instance

te Us
value: { get_attr: [my-server, first_address] }

...

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

267
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Heat Configuration

e
Commands

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

268
OpenStack Administration with SUSE OpenStack Cloud

Heat Stack Managment Commands

• Syntax: openstack stack MODE OPTIONS

Mode Description
create -f FILE STACK_NAME

y
-launch a new stack from a template

nl
delete STACK_NAME -delete a stack

O
stack-update -P KEY=VAL STACK_NAME
-update a stack

e
show STACK_NAME -display details of a stack

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

269
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Launch an Instance from a

e
Template

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

270
OpenStack Administration with SUSE OpenStack Cloud

Instance Resource

• Launches a single instance (server)

y
Name of the Name of the key pair to

nl
instance inject into the instance
...

O
resources:
Instance type my-server: Image to launch

e
definition type: OS::Nova::Server the instance from

te Us
properties:
key_name: my-keypair
image: SLES12-SP1
flavor: m1.smaller Flavor to use

bu r
tri ne
Instance ...
Properties
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

271
OpenStack Administration with SUSE OpenStack Cloud

Instance Resource with Parameters

• Launches a single instance (server)
...
parameters:
key_name:

y
type: string

nl
label: Key Pair Name
description: Name of key pair to be used for the instance

O
default: my-keypair

image:

e
type: string
label: Image Name

te Us
Parameters description: Name of image to be used for the instance Default
defined default: SLES12-SP1 values
flavor:

bu r
type: string

tri ne
label: Instance Type
Description: Type of instance (flavor) to be used
default: m1.smaller
is rt
D Pa
resources:
my-server:
type: OS::Nova::Server
properties: Parameters
ot d

key_name: { get_param: key_name } referenced

image: { get_param: image }
N an

flavor: { get_param: flavor }

...
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

272
OpenStack Administration with SUSE OpenStack Cloud

Instance Outputs

• Output the IP address assigned to the deployed instance

y
Output

nl
Name
...

O
outputs:
Output instance_ip:

e
Description description: The IP address of the deployed instance

te Us
value: { get_attr: [my-server, first_address] }

...

bu r
tri ne
Output
Value
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

273
OpenStack Administration with SUSE OpenStack Cloud

Stack / Network Topology

Instance

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d

Instance
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

274
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Create a Network Stack from a

e
Template

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

275
OpenStack Administration with SUSE OpenStack Cloud

Network and Subnet Resources

• Creates a network
• Creates a subnet on a network

y
nl
... Name of the

O
resources: network
...

e
Network mystack_net: Network the
subnet is on

te Us
definition type: OS::Neutron::Net Name of the
subnet (from a parameter)
mystack_subnet:
type: OS::Neutron::Subnet

bu r
properties: Network ID

tri ne
Subnet network_id: { get_resource: mystack_net } (from a parameter)
cidr: { get_param: mystack_subnet_cidr }
definition dns_nameservers: { get_param: mystack_nameservers }

...
is rt
D Pa
DNS Servers
(from a parameter)
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

276
OpenStack Administration with SUSE OpenStack Cloud

Router Resources

• Creates a router
• Creates an interface on a router

y
nl
... Name of the

O
resources: router
...

e
mystack_router:
Router

te Us
type: OS::Neutron::Router
definition properties:
external_gateway_info: { get_param: external_network }

bu r
mystack_router_interface:
Router that

tri ne
type: OS::Neutron::RouterInterface
properties: interface is on
Router Interface router_id: { get_resource: mystack_router }
definition is rt
subnet: { get_resource: mystack_subnet }
D Pa
...

Subnet that interface

ot d

is connected to
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

277
OpenStack Administration with SUSE OpenStack Cloud

Stack / Network Topology

y
nl
Router

O
Network

e
Router Interface

te Us
bu r
tri ne
Subnet
is rt Router
D Pa
ot d
N an

Network
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

278
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Connect an Instance to a

e
Network from a Template

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

279
OpenStack Administration with SUSE OpenStack Cloud

Instance Resource Connected to a Network

• Launches a single instance (server) connected to a network

y
nl
...

O
resources:
my-server:

e
type: OS::Nova::Server

te Us
properties:
key_name: my-keypair
image: SLES12-SP1
flavor: m1.smaller

bu r
networks:

tri ne
- network: mystack_net

...
is rt Network to connect
instance to
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

280
OpenStack Administration with SUSE OpenStack Cloud

Instance Resource Connected to a Network

• Launches a single instance (server) connected to a defined

network port

y
...

nl
resources:

O
my-server:
type: OS::Nova::Server
properties: Port(s) to attach

e
key_name: my-keypair
to the instance

te Us
image: Wordpress-0.0.8-kvm
flavor: m1.small
networks:
- port: { get_resource: my-server_port }

bu r
tri ne
my-server_port:
type: OS::Neutron::Port Network to attach
properties: to the instance
Port
definition
is rt
network_id: { get_resource: mystack_net }
fixed_ips:
D Pa
- subnet_id: { get_resource: mystack_subnet }

...
Subnet from which
ot d

to get an IP
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

281
OpenStack Administration with SUSE OpenStack Cloud

Stack / Network Topology

Router

y
Router Interface

nl
Subnet

O
e
Instance

te Us
Network

bu r
Port

tri ne
Network Router

is rt
D Pa
ot d
N an

Instance
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

282
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Expose an Instance to the

e
External World from a Template

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

283
OpenStack Administration with SUSE OpenStack Cloud

Security Group Resource

• Creates a security group and security group rules

y
...

nl
Security group name
resources:

O
...

www_secgroup:

e
type: OS::Neutron::SecurityGroup
properties:

te Us
description: Add security group rules for server
name: www
rules: Security group
- remote_ip_prefix: 0.0.0.0/0 rule name

bu r
protocol: tcp

tri ne
port_range_min: 80
Security group port_range_max: 80
rules - remote_ip_prefix: 0.0.0.0/0
is rt
protocol: tcp
D Pa
port_range_min: 443
port_range_max: 443
- remote_ip_prefix: 0.0.0.0/0
protocol: icmp
ot d

...
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

284
OpenStack Administration with SUSE OpenStack Cloud

Floating IP Resource

• Creates a floating IP
• Associates the floating IP with a port

y
nl
...

O
resources:
...

e
te Us
my-server_port: Security group the
type: OS::Neutron::Port
properties: port is a member of
network_id: { get_resource: mystack_net }

bu r
security_groups:

tri ne
- { get_resource: www_secgroup }
fixed_ips:
- subnet_id: { get_resource: mystack_subnet }
is rt
my-server_floating_ip:
D Pa
type: OS::Neutron::FloatingIP Network from which
properties: to get floating IP
floating_network: floating
port_id: { get_resource: my-server_port }
ot d
N an

...
Port with which
to associate the IP
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

285
OpenStack Administration with SUSE OpenStack Cloud

Instance Outputs

• Output the dynamicaly assigned IP address and the floating IP

address assigned to the deployed instance

y
nl
...

O
outputs:
instance_ip:

e
description: The IP address of the deployed instance

te Us
value: { get_attr: [my-server, first_address] }
floating_ip_address:
description: The floating IP address of the deployed instance
value: { get_attr: [my-server_floating_ip, floating_ip_address] }

bu r
tri ne
...

Matches the name

is rt
of the resource
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

286
OpenStack Administration with SUSE OpenStack Cloud

Stack/ Network Topology

Security Group

y
nl
Router Interface

O
Router

e
Instance

te Us
Port

bu r
tri ne
IP Attachment Network Router

Floating IP
is rt
D Pa
ot d
N an

Instance
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

287
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Attach a Volume to an Instance

e
from a Template

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

288
OpenStack Administration with SUSE OpenStack Cloud

Volume Resource
• Creates a volume
• Attaches the volume to an instance
...

y
nl
parameters:
...

O
my-server_vol_size:
type: number
Parameter label: my-server Volume Size

e
description: The size of the my-server block storage volume
defining size default: 5

te Us
of volume
resources:
...
my-server_vol: Size of volume

bu r
type: OS::Cinder::Volume (from parameter)

tri ne
Name of
properties:
volume size: { get_param: my-server_vol_size }
is rt
my-server_vol_attachment:
Instance to attach
volume to
D Pa
type: OS::Cinder::VolumeAttachment
properties: (from parameter)
instance_uuid: { get_resource: my-server }
volume_id: { get_resource: my-server_vol }
ot d

mountpoint: /dev/vdb
... Volume to attach
N an

Block device to assign to instance

the volume in the instance
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

289
OpenStack Administration with SUSE OpenStack Cloud

Stack / Network Topology

Volume

Volume Attachment

y
nl
O
Instance

e
te Us
bu r
tri ne
Network Router

is rt
D Pa
ot d
N an

Instance
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

290
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
Understand Basic Heat

e
Troubleshooting

te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

291
OpenStack Administration with SUSE OpenStack Cloud

Heat Log Files

• Located in /var/log/heat/ on nodes running Heat services

Logfile Service/Description
heat-api.log -Heat API service log file

y
heat-api-cfn.log -Heat Cloud Formation API service log file

nl
heat-api-cloudwatch.log -Heat Cloudwatch API service log file

O
heat-engine.log -Heat engine service log file

e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

The heat-api service provides the REST API interface to the Heat service.
-The configuration file for this service is: /etc/heat/heat.log
n

-The log file for this service is: heat-api.log

The heat-api-cfn service provides a Cloud Formation compatible API interface for the Heat service.
o

-The configuration file for this service is: /etc/heat/heat.log

t
In

-The log file for this service is: heat-api-cfn.log

The heat-api-cloudwatch service provides a CloudWatch-like API interface to the Heat service.
SE

-The configuration file for this service is: /etc/heat/heat.log

-The log file for this service is: heat-api-cloudwatch.log
SU

The heat-engine service is the main server for the Heat project.
-The configuration file for this service is: /etc/heat/heat.log
-The log file for this service is: heat-engine.log

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

292
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 11

O
e
te Us
Review Questions

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

293
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

293
OpenStack Administration with SUSE OpenStack Cloud

Section 11 Review Questions

• What is a cloud application stack?

• What things can Heat be used to create?
• What cloud roles are required to use Heat?
• What are parameters in the context of a HOT template file?

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al

Notes:
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

294
OpenStack Administration with SUSE OpenStack Cloud

y
nl
Section 11

O
e
te Us
Exercises

bu r
tri ne
is rt
D Pa
ot d
N an
D al

Objective Notes:
n
er

295
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

295
OpenStack Administration with SUSE OpenStack Cloud

y
nl
O
e
te Us
bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

296
OpenStack Administration with SUSE OpenStack Cloud

This work is an unpublished work and contains confidential, proprietary and trade secret information of SUSE.
Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of
their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated,
abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

y
General Disclaimer

nl
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making
purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document,

O
and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
The development, release, and timing of features or functionality described for SUSE products remains at the sole
discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at

e
any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in

te Us
this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All
third-party trademarks are the property of their respective owner

bu r
tri ne
is rt
D Pa
ot d
N an
D al
n
er
o
t
In
SE
SU

Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

297

Class 3 Presentation
No ratings yet
Class 3 Presentation
18 pages
Log
No ratings yet
Log
4 pages
CCS335 Lab Manual
No ratings yet
CCS335 Lab Manual
51 pages
68-Veritas Cluster Server 6.0 For UNIX Cluster Management
100% (1)
68-Veritas Cluster Server 6.0 For UNIX Cluster Management
252 pages
LAB MANUAL-SUSE Linux Enterprise Server Administration - Lms
100% (1)
LAB MANUAL-SUSE Linux Enterprise Server Administration - Lms
172 pages
Inst 9211 Lab - Manual PDF
100% (1)
Inst 9211 Lab - Manual PDF
80 pages
LECTURE MANUAL-SLE301v15-SLE Advanced Administration Secure
100% (1)
LECTURE MANUAL-SLE301v15-SLE Advanced Administration Secure
710 pages
Dumpstate Log
No ratings yet
Dumpstate Log
12 pages
SAP ASE System Administration Guide Volume 2 en PDF
No ratings yet
SAP ASE System Administration Guide Volume 2 en PDF
480 pages
Logcat Home Fota Update Log
No ratings yet
Logcat Home Fota Update Log
74 pages
San Storage Interview Question
0% (1)
San Storage Interview Question
12 pages
SAN
100% (1)
SAN
81 pages
Chapter1 Solaris Overview - : Feature and Architecture
No ratings yet
Chapter1 Solaris Overview - : Feature and Architecture
21 pages
Os Lab Mannual Final 17-10-2024
No ratings yet
Os Lab Mannual Final 17-10-2024
50 pages
RH415 Red Hat Security - Linux in Physical Virtual and Cloud 1 PDF
0% (1)
RH415 Red Hat Security - Linux in Physical Virtual and Cloud 1 PDF
1 page
Rh362 7.4 Student Guide
No ratings yet
Rh362 7.4 Student Guide
464 pages
It2060 - Ossa Lecture 1
No ratings yet
It2060 - Ossa Lecture 1
31 pages
Com - Easyvictory.cheto Logcat
No ratings yet
Com - Easyvictory.cheto Logcat
39 pages
Presentation - Installing Red Hat OpenShift On Red Hat OpenStack Platform With Ansible by Red Hat
100% (1)
Presentation - Installing Red Hat OpenShift On Red Hat OpenStack Platform With Ansible by Red Hat
46 pages
How To Distinguish Between A Crash and A Graceful Reboot in RHEL 7 or RHEL 8
No ratings yet
How To Distinguish Between A Crash and A Graceful Reboot in RHEL 7 or RHEL 8
6 pages
CIS 3207 - Operating Systems: CPU Mode
No ratings yet
CIS 3207 - Operating Systems: CPU Mode
28 pages
JB248-6 0
75% (4)
JB248-6 0
388 pages
FNP Licensing
No ratings yet
FNP Licensing
9 pages
Mac Formatting MACOS10 6-10 PDF
No ratings yet
Mac Formatting MACOS10 6-10 PDF
5 pages
Lecture 3 Amdahl's Law and Karp Flatt Metric
No ratings yet
Lecture 3 Amdahl's Law and Karp Flatt Metric
42 pages
100-002839-A SF6x AdministrationFundamentals Lessons
No ratings yet
100-002839-A SF6x AdministrationFundamentals Lessons
314 pages
CPS 110 Problem Set #1 With Solutions: Spring 2000
No ratings yet
CPS 110 Problem Set #1 With Solutions: Spring 2000
16 pages
F 0674320
No ratings yet
F 0674320
4 pages
Ad221 7.10 Student Guide
No ratings yet
Ad221 7.10 Student Guide
246 pages
rh354 8.0 Student Guide
100% (1)
rh354 8.0 Student Guide
218 pages
Storage Area Network (SAN)
No ratings yet
Storage Area Network (SAN)
81 pages
Crypto Hack
No ratings yet
Crypto Hack
7 pages
Do417 2.8 Student Guide
No ratings yet
Do417 2.8 Student Guide
600 pages
LAB MANUAL-SLE201-SUSE Linux Enterprise Administration - LMS PDF
No ratings yet
LAB MANUAL-SLE201-SUSE Linux Enterprise Administration - LMS PDF
153 pages
Loading A Text File in A WPF Flow Document Reader
No ratings yet
Loading A Text File in A WPF Flow Document Reader
3 pages
LFS211 Labs - V2020 04 27 PDF
No ratings yet
LFS211 Labs - V2020 04 27 PDF
116 pages
RH342
No ratings yet
RH342
390 pages
LAB MANUAL-SLE201-SUSE Linux Enterprise Administration - LMS PDF
100% (1)
LAB MANUAL-SLE201-SUSE Linux Enterprise Administration - LMS PDF
153 pages
Cloud Migration: A Case Study of Migrating An Enterprise It System To Iaas
No ratings yet
Cloud Migration: A Case Study of Migrating An Enterprise It System To Iaas
8 pages
Red Hat System Administration II RH134 9.0 - Student - Ashish Lingayat, Bernardo Gargallo, Ed Parenti, Jacob - 2023 - Anna's Archive
100% (1)
Red Hat System Administration II RH134 9.0 - Student - Ashish Lingayat, Bernardo Gargallo, Ed Parenti, Jacob - 2023 - Anna's Archive
438 pages
LAB MANUAL-SUSE Linux Enterprise Server Administration - LMS
No ratings yet
LAB MANUAL-SUSE Linux Enterprise Server Administration - LMS
167 pages
Cs2411 Operating Systems Cat 2
No ratings yet
Cs2411 Operating Systems Cat 2
1 page
Rate Monotonic
No ratings yet
Rate Monotonic
18 pages
GCP Hybrid Multi Cloud For Banking - Update 10.13.20
No ratings yet
GCP Hybrid Multi Cloud For Banking - Update 10.13.20
8 pages
Windows 10 Amelioration Script
No ratings yet
Windows 10 Amelioration Script
16 pages
Openstack PDF
No ratings yet
Openstack PDF
633 pages
EX415 Exam Dump
No ratings yet
EX415 Exam Dump
7 pages
Rh294 8.0 Student Guide
No ratings yet
Rh294 8.0 Student Guide
534 pages
Gcloud Python
No ratings yet
Gcloud Python
398 pages
Pj785wzufupk LFS260 Labs - V2021 03 05
No ratings yet
Pj785wzufupk LFS260 Labs - V2021 03 05
94 pages
CL110 RHOSP10.1 en 1 20170412 Slides
No ratings yet
CL110 RHOSP10.1 en 1 20170412 Slides
192 pages
DO480 ACM2.4 en 0 f54b122
No ratings yet
DO480 ACM2.4 en 0 f54b122
216 pages
OpenShift AI267-2.8 Syllabus
0% (2)
OpenShift AI267-2.8 Syllabus
3 pages
Oracle Solaris Guide For Linux Users
No ratings yet
Oracle Solaris Guide For Linux Users
74 pages
Os Q.B Module 1-4
No ratings yet
Os Q.B Module 1-4
6 pages
3037 003 SMV1 PDF
No ratings yet
3037 003 SMV1 PDF
460 pages
LFS201 Labs - V2020 06 11
100% (2)
LFS201 Labs - V2020 06 11
164 pages
Jb463 6.3 Student Guide
No ratings yet
Jb463 6.3 Student Guide
282 pages
Artificial Intelligence Courses - NPTEL
No ratings yet
Artificial Intelligence Courses - NPTEL
1 page
QEMU Code Overview: Architecture & Internals Tour
100% (1)
QEMU Code Overview: Architecture & Internals Tour
23 pages
Cisco HyperFlex
No ratings yet
Cisco HyperFlex
214 pages
RH436 RHEL5u4 en 11 20091130
100% (1)
RH436 RHEL5u4 en 11 20091130
388 pages
JCL Question Bank
No ratings yet
JCL Question Bank
23 pages
Emu Log
No ratings yet
Emu Log
5 pages
Suse Linux Administration Guide PDF
No ratings yet
Suse Linux Administration Guide PDF
292 pages
E Commerceindustryinindiaprabhat
No ratings yet
E Commerceindustryinindiaprabhat
81 pages
Jb371 7.0 Student Guide
No ratings yet
Jb371 7.0 Student Guide
244 pages
Foundations of Red Hat Cloud-Native
No ratings yet
Foundations of Red Hat Cloud-Native
60 pages
EAA ISM v3 Course One-Pager
No ratings yet
EAA ISM v3 Course One-Pager
3 pages
Windows ADK
No ratings yet
Windows ADK
1,152 pages
Expert Days 2018: Suse Openstack Cloud
No ratings yet
Expert Days 2018: Suse Openstack Cloud
24 pages
RHCS 2017 - Past, Present and Future
No ratings yet
RHCS 2017 - Past, Present and Future
37 pages
Do101 4.6 Student Guide
100% (1)
Do101 4.6 Student Guide
194 pages
Linux Interview Questions and Answers
100% (1)
Linux Interview Questions and Answers
11 pages
Ticket Confirmation
No ratings yet
Ticket Confirmation
2 pages
RH199 - RHCSA Rapid Track Cour PDF
No ratings yet
RH199 - RHCSA Rapid Track Cour PDF
450 pages
Red Hat Openshift Administration Ii: Operating A Production Kubernetes Cluster
100% (1)
Red Hat Openshift Administration Ii: Operating A Production Kubernetes Cluster
2 pages
Mastering Devops - 2024
No ratings yet
Mastering Devops - 2024
17 pages
SplunkCloud-6 6 3-SearchTutorial PDF
No ratings yet
SplunkCloud-6 6 3-SearchTutorial PDF
103 pages
Suse Linux
No ratings yet
Suse Linux
576 pages
Do240 2.11 Student Guide
No ratings yet
Do240 2.11 Student Guide
228 pages
V Realize Operations Sizing
No ratings yet
V Realize Operations Sizing
2 pages
3 318 334 86.5MB
100% (1)
3 318 334 86.5MB
334 pages
JB183 EAP7.0 en 2 20180124 IG 1 PDF
No ratings yet
JB183 EAP7.0 en 2 20180124 IG 1 PDF
78 pages
3par Get Thin Guarantee
No ratings yet
3par Get Thin Guarantee
10 pages
Dell OpenShift Baremetal Kickstart Good
No ratings yet
Dell OpenShift Baremetal Kickstart Good
115 pages
Ett Zs3 Analyst Paper 2008433
No ratings yet
Ett Zs3 Analyst Paper 2008433
14 pages
5 210 249 137MB
100% (1)
5 210 249 137MB
249 pages
Subject Code Subject Name Mid Term Portion End Term Portion Remarks
No ratings yet
Subject Code Subject Name Mid Term Portion End Term Portion Remarks
1 page
Kali Linux Revealed 2021 Edition (001 150)
89% (9)
Kali Linux Revealed 2021 Edition (001 150)
150 pages
Openstack Admin2 CL210 RHOSP10.1 en 2 20171006
No ratings yet
Openstack Admin2 CL210 RHOSP10.1 en 2 20171006
454 pages
SuSe Linux Fundamentals
100% (2)
SuSe Linux Fundamentals
396 pages
Stupid Simple Kubernetes Final
100% (1)
Stupid Simple Kubernetes Final
76 pages
Red Hat Enterprise Linux Diagnostics and Troubleshooting (RH342)
No ratings yet
Red Hat Enterprise Linux Diagnostics and Troubleshooting (RH342)
5 pages
Maxta Customer Success Story: Vedams
No ratings yet
Maxta Customer Success Story: Vedams
3 pages
Openshift Templates
No ratings yet
Openshift Templates
15 pages
RH442: Red Hat® System Monitoring and Performance Tuning: Includes
No ratings yet
RH442: Red Hat® System Monitoring and Performance Tuning: Includes
1 page
RH442 RHEL7 en 2 20150227 Slides
100% (2)
RH442 RHEL7 en 2 20150227 Slides
206 pages
CL210 Rhosp16
No ratings yet
CL210 Rhosp16
6 pages
Red Hat Openstack Administration I: Core Operations For Cloud Operators
0% (1)
Red Hat Openstack Administration I: Core Operations For Cloud Operators
4 pages
Zadara VMware Veam Hybrid Cloud
No ratings yet
Zadara VMware Veam Hybrid Cloud
42 pages
Red Hat Enterprise Linux Automation With Ansible
No ratings yet
Red Hat Enterprise Linux Automation With Ansible
32 pages
Dell Emc Ready Architecture For Red Hat Hci Architecture Guide
No ratings yet
Dell Emc Ready Architecture For Red Hat Hci Architecture Guide
100 pages
PDF Rh415 Troubleshooting Notes Compress
No ratings yet
PDF Rh415 Troubleshooting Notes Compress
14 pages
Red Hat Security (RH415)
0% (3)
Red Hat Security (RH415)
1 page
Course Updates
No ratings yet
Course Updates
35 pages
EX407 Demo PDF
No ratings yet
EX407 Demo PDF
5 pages
RHCE RH294 Syllabus
No ratings yet
RHCE RH294 Syllabus
5 pages
Unit - 1 Architecture of Distributed Systems
No ratings yet
Unit - 1 Architecture of Distributed Systems
22 pages
ConfigMaps - Setting ConfigMaps From The Oc CLI
No ratings yet
ConfigMaps - Setting ConfigMaps From The Oc CLI
4 pages