Red Hat OpenStack Administration I: Core Operations for Domain Operators
Performance Checklist
In this lab, you will create a public network, as well as a router. You will create some floating IP addresses, a key pair, and various security group rules. You will launch an instance with public access.
Outcomes
You should be able to:
Create a public network and its associated subnet.
Create and configure a router.
Set security group rules in a security group.
Create a key pair and a floating IP.
Launch an instance with public access.
Confirm that the workstation and overcloud virtual machines are started.
As the student user on the workstation machine, use the lab command to prepare your system for this lab.
This command ensures that all resources required for the exercise are present.
[student@workstation ~]$ lab public-review start
Procedure 7.5. Instructions
As the
operator1user, create theprovider-datacentreexternal network and theprovider-subnet-172.25.250subnet. Use the following specifications:Option Value Name provider-datacentreShared Yes External Yes Provider network type flatProvider physical network name datacentreSubnet name provider-subnet-172.25.250Network subnet 172.25.250.0/24Network gateway 172.25.250.254DNS name server 172.25.250.254Allocation pool 172.25.250.101,172.25.250.189DHCP Disabled On
workstation, source the identity environment file for theoperator1user.[student@workstation ~]$
source operator1-production-rcCreate an external network named
provider-datacentre.[student@workstation ~(operator1-production)]$
openstack network create \>--external \>--share \>--provider-network-type flat \>--provider-physical-network datacentre \>provider-datacentre+---------------------------+----------------------------------------------------+ | Field | Value | +---------------------------+----------------------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2020-07-16T21:46:14Z | | description | | | dns_domain | | | id | 8cd2ef04-5735-481d-ac28-30441636be3c | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | location | cloud='', project.domain_id=, | | | project.domain_name='Example', | | | project.id='44fe99b84dcd4a6b8026bf4203241a42', | | | project.name='production', | | | region_name='regionOne', zone= | | mtu | 1500 | | name |provider-datacentre| | port_security_enabled | True | | project_id | 44fe99b84dcd4a6b8026bf4203241a42 | | provider:network_type |flat| | provider:physical_network |datacentre| | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 1 | | router:external |External| | segments | None | | shared |True| | status | ACTIVE | | subnets | | | tags | | | updated_at | 2020-07-16T21:46:14Z | +---------------------------+----------------------------------------------------+Create the
provider-subnet-172.25.250subnet for the external network with an allocation pool of172.25.250.101-172.25.250.189. Disable DHCP services for the subnet and use172.25.250.254as the gateway as well as the DNS name server.[student@workstation ~(operator1-production)]$
openstack subnet create \>--subnet-range 172.25.250.0/24 \>--gateway 172.25.250.254 \>--dns-nameserver 172.25.250.254 \>--allocation-pool start=172.25.250.101,end=172.25.250.189 \>--no-dhcp \>--network provider-datacentre \>provider-subnet-172.25.250+-------------------+------------------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------------------+ | allocation_pools |172.25.250.101-172.25.250.189| | cidr |172.25.250.0/24| | created_at | 2020-07-16T21:51:59Z | | description | | | dns_nameservers |172.25.250.254| | enable_dhcp | False | | gateway_ip |172.25.250.254| | host_routes | | | id | bc2e8cfb-f703-417f-af04-577f15cb8797 | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | location | cloud='', project.domain_id=, | | | project.domain_name='Example', | | | project.id='44fe99b84dcd4a6b8026bf4203241a42', | | | project.name='production', region_name='regionOne', zone= | | name |provider-subnet-172.25.250| | network_id | 8cd2ef04-5735-481d-ac28-30441636be3c | | prefix_length | None | | project_id | 44fe99b84dcd4a6b8026bf4203241a42 | | revision_number | 0 | | segment_id | None | | service_types | | | subnetpool_id | None | | tags | | | updated_at | 2020-07-16T21:51:59Z | +-------------------+------------------------------------------------------------+
As the
developer1user, create theproduction-router1router and connect it to theproduction-subnet1project subnet, and set the external gateway toprovider-datacentre.Source the credentials for the
developer1user.[student@workstation ~(operator1-production)]$
source developer1-production-rcCreate the
production-router1router.[student@workstation ~(developer1-production)]$
openstack router create \>production-router1+-------------------------+------------------------------------------------------+ | Field | Value | +-------------------------+------------------------------------------------------+ | admin_state_up | UP | | availability_zone_hints | None | | availability_zones | None | | created_at | 2020-07-16T22:20:38Z | | description | | | external_gateway_info | null | | flavor_id | None | | id | 99910b9d-d6b4-41af-b688-aba948508401 | | location | cloud='', project.domain_id=, | | | project.domain_name='Example', | | | project.id='44fe99b84dcd4a6b8026bf4203241a42', | | | project.name='production', region_name='regionOne', | | | zone= | | name |production-router1| | project_id | 44fe99b84dcd4a6b8026bf4203241a42 | | revision_number | 0 | | routes | | | status | ACTIVE | | tags | | | updated_at | 2020-07-16T22:20:38Z | +-------------------------+------------------------------------------------------+Connect the router to the
production-subnet1project subnet.[student@workstation ~(developer1-production)]$
openstack router add \>subnet production-router1 \>production-subnet1Set the
provider-datacentreas the external gateway to the router.[student@workstation ~(developer1-production)]$
openstack router set \>--external-gateway provider-datacentre \>production-router1
Create the security group
production-secgroup1and add the rules listed in the following table.Option Value Security group name production-secgroup1Rules TCP, port 22
TCP, port 80
ICMP
Create the
production-secgroup1security group.[student@workstation ~(developer1-production)]$
openstack security group \>create production-secgroup1+-----------------+--------------------------------------------------------------+ | Field | Value | +-----------------+--------------------------------------------------------------+ | created_at | 2020-07-16T22:52:25Z | | description | production-secgroup1 | | id | 62affbaa-b52b-4d3b-b08b-29faabf24dd6 | | location | cloud='', project.domain_id=, project.domain_name='Example', | | | project.id='44fe99b84dcd4a6b8026bf4203241a42', | | | project.name='production', region_name='regionOne', zone= | | name |production-secgroup1| | project_id | 44fe99b84dcd4a6b8026bf4203241a42 | | revision_number | 1 | | rules | created_at='2020-07-16T22:52:25Z', direction='egress', | | | ethertype='IPv6', id='94b4cd21-2bba-4451-9b96-5dd35077d108', | | | updated_at='2020-07-16T22:52:25Z' | | | created_at='2020-07-16T22:52:25Z', direction='egress', | | | ethertype='IPv4', id='ad50140f-1fd8-4579-974f-340cb91b1a65', | | | updated_at='2020-07-16T22:52:25Z' | | tags | [] | | updated_at | 2020-07-16T22:52:25Z | +-----------------+--------------------------------------------------------------+Add a rule in the
production-secgroup1security group to allow SSH access.[student@workstation ~(developer1-production)]$
openstack security group rule \>create --protocol tcp \>--dst-port 22 \>production-secgroup1+-------------------+------------------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------------------+ | created_at | 2020-07-16T22:54:42Z | | description | | | direction |ingress| | ether_type | IPv4 | | id | c6a58eec-53fe-4f82-b68d-cc27a7e17131 | | location | cloud='', project.domain_id=, | | | project.domain_name='Example', | | | project.id='44fe99b84dcd4a6b8026bf4203241a42', | | | project.name='production', region_name='regionOne', zone= | | name | None | | port_range_max |22| | port_range_min |22| | project_id | 44fe99b84dcd4a6b8026bf4203241a42 | | protocol |tcp| | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | 62affbaa-b52b-4d3b-b08b-29faabf24dd6 | | tags | [] | | updated_at | 2020-07-16T22:54:42Z | +-------------------+------------------------------------------------------------+Add a security rule to allow HTTP connections using a default port of 80.
[student@workstation ~(developer1-production)]$
openstack security group \>rule create --protocol tcp \>--dst-port 80 \>production-secgroup1+-------------------+------------------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------------------+ | created_at | 2020-07-16T23:00:07Z | | description | | | direction |ingress| | ether_type | IPv4 | | id | dcee84ba-7845-46b1-957f-89f73427807e | | location | cloud='', project.domain_id=, | | | project.domain_name='Example', | | | project.id='44fe99b84dcd4a6b8026bf4203241a42', | | | project.name='production', region_name='regionOne', zone= | | name | None | | port_range_max |80| | port_range_min |80| | project_id | 44fe99b84dcd4a6b8026bf4203241a42 | | protocol |tcp| | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | 62affbaa-b52b-4d3b-b08b-29faabf24dd6 | | tags | [] | | updated_at | 2020-07-16T23:00:07Z | +-------------------+------------------------------------------------------------+Add a security rule to allow ICMP protocol.
[student@workstation ~(developer1-production)]$
openstack security group \>rule create --protocol icmp \>production-secgroup1+-------------------+------------------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------------------+ | created_at | 2020-07-16T23:31:39Z | | description | | | direction |ingress| | ether_type | IPv4 | | id | 83cef166-8441-4a14-9110-d23b511be0e3 | | location | cloud='', project.domain_id=, | | | project.domain_name='Example', | | | project.id='44fe99b84dcd4a6b8026bf4203241a42', | | | project.name='production', region_name='regionOne', zone= | | name | None | | port_range_max | None | | port_range_min | None | | project_id | 44fe99b84dcd4a6b8026bf4203241a42 | | protocol |icmp| | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | 62affbaa-b52b-4d3b-b08b-29faabf24dd6 | | tags | [] | | updated_at | 2020-07-16T23:31:39Z | +-------------------+------------------------------------------------------------+
Create the
production-keypair1key pair and save the private key to/home/student/Downloads/production-keypair1.pem. Use thechmodcommand to protect the private key file.Create the
production-keypair1key pair and save the private key as/home/student/Downloads/production-keypair1.pem.[student@workstation ~(developer1-production)]$
openstack keypair create \>production-keypair1 > /home/student/Downloads/production-keypair1.pemUse the
chmodcommand with a mode of600to protect the private key.[student@workstation ~(developer1-production)]$
chmod 600 \>/home/student/Downloads/production-keypair1.pem
Create a random floating IP address in the
provider-datacentrenetwork.Create a floating IP address in the
provider-datacentrenetwork. Your floating IP may differ from the output in the example below.[student@workstation ~(developer1-production)]$
openstack floating ip \>create provider-datacentre+---------------------+----------------------------------------------------------+ | Field | Value | +---------------------+----------------------------------------------------------+ | created_at | 2020-07-16T23:47:11Z | | description | | | dns_domain | | | dns_name | | | fixed_ip_address | None | | floating_ip_address |172.25.250.154| | floating_network_id | 8cd2ef04-5735-481d-ac28-30441636be3c | | id | 883b0b3b-301d-4e64-ab59-1b7235900c99 | | location | Munch({'cloud': '', 'region_name': 'regionOne', 'zone': | | | None, 'project': Munch({'id': | | | '44fe99b84dcd4a6b8026bf4203241a42', 'name': | | | 'production', 'domain_id': None, 'domain_name': | | | 'Example'})}) | | name | 172.25.250.154 | | port_details | None | | port_id | None | | project_id | 44fe99b84dcd4a6b8026bf4203241a42 | | qos_policy_id | None | | revision_number | 0 | | router_id | None | | status | DOWN | | subnet_id | None | | tags | [] | | updated_at | 2020-07-16T23:47:11Z | +---------------------+----------------------------------------------------------+
Create an instance named
production-server9using the following values:Type Value Instance name production-server9Image rhel8-webFlavor defaultKey pair production-keypair1Project network production-network1Security group production-secgroup1Floating IP address 172.25.250.154Create the
production-server9instance using the resources from the table.[student@workstation ~(developer1-production)]$
openstack server create \>--image rhel8-web \>--flavor default \>--nic net-id=production-network1 \>--security-group production-secgroup1 \>--key-name production-keypair1 \>--wait \>production-server9+-----------------------------+--------------------------------------------------+ | Field | Value | +-----------------------------+--------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-STS:power_state | Running | | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | active | | OS-SRV-USG:launched_at | 2020-07-17T00:26:49.000000 | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | production-network1=192.168.1.127 | | adminPass | uKe6kd2KhgUs | | config_drive | | | created | 2020-07-17T00:26:30Z | | flavor |default(8ff1eecb-15b4-4f32-bb99-4dec999a78c7) | | hostId | 7c7a22df30865c0a78f42eed89c70fc942e0eca55f0cea89 | | | d4d62908 | | id | 7988da99-f71a-4a1f-9586-23c445177fb7 | | image |rhel8-web(642e5661-0754-41bf-9906-7d34eda53050) | | key_name |production-keypair1| | name |production-server9| | progress | 0 | | project_id | 44fe99b84dcd4a6b8026bf4203241a42 | | properties | | | security_groups | name='production-secgroup1' | | status | ACTIVE | | updated | 2020-07-17T00:26:49Z | | user_id | b3bf77638121e0abd2a5e89fa85f6649e76fd45d45a1470b | | | ce0adcce1a5c3570 | | volumes_attached | | +-----------------------------+--------------------------------------------------+Associate the floating IP address with the instance.
[student@workstation ~(developer1-production)]$
openstack server \>add floating ip \>production-server9 172.25.250.154
From
workstation, verify that the instance responds to web server HTTP requests. Verify that you can connect to the instance over SSH as the usercloud-userwith the SSH private key in/home/student/Downloads/production-keypair1.pem. From the instance, verify that you can ping the external servermaterials.example.com.From
workstation, verify that the instance responds to HTTP requests.[student@workstation ~(developer1-production)]$
curl http://172.25.250.<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>Test Page for the Apache HTTP Server on Red Hat Enterprise Linux</title> ...output omitted...154Log in to the instance with SSH using the SSH private key.
[student@workstation ~(developer1-production)]$
ssh \>-i /home/student/Downloads/production-keypair1.pem \>cloud-user@172.25.250.Activate the web console with: systemctl enable --now cockpit.socket This system is not registered to Red Hat Insights. See https://cloud.redhat.com/ To register this system, run: insights-client --register Last login: Fri Jul 17 10:58:45 2020 from 172.25.250.9 [cloud-user@production-server9 ~]$154From the instance, ping the
materials.example.comserver.[cloud-user@production-server9 ~]$
ping -c3 materials.example.comPING materials.example.com (172.25.254.254) 56(84) bytes of data. 64 bytes from classroom.example.com: icmp_seq=1 ttl=62 time=1.76 ms 64 bytes from classroom.example.com: icmp_seq=2 ttl=62 time=1.50 ms 64 bytes from classroom.example.com: icmp_seq=3 ttl=62 time=0.926 ms --- materials.example.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 5ms rtt min/avg/max/mdev = 0.926/1.395/1.762/0.348 msExit from the instance.
[cloud-user@production-server9 ~]$
exit[student@workstation ~(developer1-production)]$
Using the Dashboard look at the network, subnet, router, security group and its rules, key pair, floating IP, and the instance created in the previous steps.
Note
Use the Dashboard to perform the following steps.
On
workstation, open Firefox and browse tohttp://dashboard.overcloud.example.com. Log in to the Dashboard usingExampleas the domain,developer1as the user, andredhatas the password.Click at the upper-right corner of the window, and then click .
Navigate to → → .
Confirm that the
production-keypair1key pair has been created.Navigate to → → .
Confirm that the floating IP address has been created and mapped to
production-server9.Navigate to → → .
Confirm that the
production-secgroup1security group has been created. Verify the rules by clicking .Navigate to → → .
Confirm that the
production-router1router has been created. Click the name of the router, , to access its details. Click the tab to verify the interfaces for the router.Navigate to → → .
Confirm that the
provider-datacentrenetwork and its subnet,provider-subnet-172.25.250, have been created. Verify that the network is shared and external.Navigate to → → .
Observe and navigate the network topology.
Navigate to → → .
Observe the information in
production-server9instance row.
This concludes the lab.
