Difference: RunningVirtualMachineInstances (1 vs. 6)

Revision 62012-10-22 - EnricoFattibene

Line: 1 to 1
Changed:
<
<
META TOPICPARENT name="GestioneOpenstack"
>
>
META TOPICPARENT name="GestioneServiziGenerali.GestioneOpenstack"
 

Gestione delle istanze virtuali

Line: 125 to 125
 

-- PaoloVeronesi - 2012-08-31

Added:
>
>
META TOPICMOVED by="EnricoFattibene" date="1350916559" from="GestioneServiziGenerali.RunningVirtualMachineInstances" to="MarcheCloud.RunningVirtualMachineInstances"

Revision 52012-10-12 - EnricoFattibene

Line: 1 to 1
 
META TOPICPARENT name="GestioneOpenstack"
Changed:
<
<

Running Virtual Machine Instances

>
>

Gestione delle istanze virtuali

 
Changed:
<
<

Security groups: Enabling SSH and ICMP (ping)

The Compute service uses the concept of security groups to control what network protocols (TCP, UDP, ICMP), ports, and IP addresses are permitted to access instances. Each tenant manages its own list of security groups and starts off with a security group called default. If no security group is specified upon boot, the virtual machine will be associated with the default security group. Security groups can be listed by the nova secgroup-list command. 

# nova secgroup-list
+---------+-------------+
|   Name  | Description |
+---------+-------------+
| default | default     |
+---------+-------------+

In this example, we will use the nova secgroup-add-rule command to enable access to TCP port 22 (so we can SSH to instances) Allow access to port 22 from all IP addresses (specified in CIDR notation as 0.0.0.0/0) with the following command: nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

When specifying rules for TCP and UDP protocols, you may specify a range of port consecutive addresses in a single rule (e.g., from port 5901 to port 5999). In this case, only a single port is being enabled, so we specify the start port as 22 and the end port as 22.

To be able to ping virtual machine instances, you must specify a rule to allow ICMP traffic. When specifying ICMP rules, instead of specifying a begin and end port, you specify a pemitted ICMP code and ICMP type. You can also specify -1 for the code to enable all codes and -1 for the type to enable all ICMP types. Allow access to all codes and types of ICMP traffic from all IP addresses with the following command: nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 

# nova secgroup-list
+---------+-------------+
|   Name  | Description |
+---------+-------------+
| default | default     |
+---------+-------------+


# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port |  IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+


# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port |  IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

Adding a keypair

saltato

Starting an instance

  • To start an instance, we need to specify a flavor, also known as an instance type, which indicates the size of an instance. Use the nova flavor-list command to view the list of available flavors:
>
>

Creazione di un'istanza

  • Per lanciare un'istanza è necessario specificare il flavor (tipo) che indica la dimensione dell'istanza. Per vedere i flavor disponibili usare il seguente comando:
 
# nova flavor-list
+----+-----------+-----------+------+-----------+------+-------+-------------+
Line: 65 to 17
 
5 m1.xlarge 16384 10 160   8 1.0
+----+-----------+-----------+------+-----------+------+-------+-------------+
Deleted:
<
<
  • We also need to specify the image. Use the nova image-list to retrieve the ID of the CirrOS image.
 
Added:
>
>
  • E' necessario specificare l'immagine che si vuole usare. Per vedere la lista delle immagini disponibili usare il seguente comando:
 
# nova image-list
+--------------------------------------+---------------------+--------+--------+
Line: 79 to 31
 +--------------------------------------+---------------------+--------+--------+
Changed:
<
<
  • Use the nova boot command to launch a new virtual machine instance. We'll use an m1.small instance in this example, using the CirrOS image. We also need to give this virtual machine instance a name, we'll call it cirros. We will explicitly specify the default security group in this example, although this isn't strictly necessary since the default group will be used if no security group is specified.
>
>
  • Per lanciare un'istanza usare il comando: 
    # nova boot --flavor <FLAVOR_ID> --image <IMAGE_ID> --security_group <SECURITY_GROUP_NAME> <INSTANCE_NAME>
    Dove:
    • <FLAVOR_ID> è l'ID del flavor scelto
    • <IMAGE_ID> è l'ID dell'immagine scelta
    • <SECURITY_GROUP_NAME> è il nome del security group a cui far appartenere l'istanza
    • <INSTANCE_NAME> è il nome che si vuole assegnare all'istanza
  • Ad esempio:
 
# nova boot --flavor 2 --image ba70321b-7bb9-4fc5-a2d4-406fdd8d589d --security_group default cirros
+-------------------------------------+--------------------------------------+
Line: 112 to 71
 
updated 2012-08-31T13:36:54Z
user_id b0305faa3ace4671bc0399e71a0a1cc1
+-------------------------------------+--------------------------------------+
Added:
>
>
 
Changed:
<
<
>
>
  • Per visualizzare lo stato dell'istanza creata:
    • Comando di KVM:

 # virsh list Id Name State
1 instance-00000001 running
Changed:
<
<
>
>
    • Comando di Nova:

 # nova list +--------------------------------------+--------+--------+----------+
ID Name Status Networks
Line: 128 to 91
 +--------------------------------------+--------+--------+----------+
Added:
>
>

Assegnazione di un IP Floating a una istanza

  • Per assegnare un IP a una istanza sono necessari 2 step:
    1. Allocazione di un IP dalla lista 
      # nova floating-ip-create
    2. Assegnazione un IP allocato ad una istanza 
      # nova add-floating-ip <INSTANCE_ID> <ALLOCATED_IP>
      Dove <INSTANCE_ID> è l'id dell'istanza a cui si vuole associare l'IP e <ALLOCATED_IP> è l'IP allocato che si vuole assegnare (output del comando precedente).

  • Se necessario, rimuovere l'IP dall'istanza e deallocarlo 
    # nova remove-floating-ip <INSTANCE_ID> <INSTANCE_IP>
# nova floating-ip-delete <INSTANCE_IP>
    Dove <INSTANCE_IP> è l'IP precedentemente assegnato all'istanza.

Assegnazione automatica di IP Floating

Il servizio nova-network può essere configurato per allocare automaticamente un IP ed assegnarlo ad una istanza quando questa viene lanciata.

  • Per abilitare questa opzione, aggiungere la seguente riga nel nova.conf e far ripartire il servizio nova-network : 
    auto_assign_floating_ip=True

Nota bene: se questa opzione è abilitata e gli indirizzi IP della lista di Nova sono già stati tutti assegnati, il comando nova boot non andrà a buon fine e restituirà un errore.


 -- PaoloVeronesi - 2012-08-31

Revision 42012-08-31 - AndreaCristofori

Line: 1 to 1
 
META TOPICPARENT name="GestioneOpenstack"

Running Virtual Machine Instances

Line: 81 to 81
 
  • Use the nova boot command to launch a new virtual machine instance. We'll use an m1.small instance in this example, using the CirrOS image. We also need to give this virtual machine instance a name, we'll call it cirros. We will explicitly specify the default security group in this example, although this isn't strictly necessary since the default group will be used if no security group is specified.
Added:
>
>		 
# nova boot --flavor 2 --image ba70321b-7bb9-4fc5-a2d4-406fdd8d589d --security_group default cirros
+-------------------------------------+--------------------------------------+
|               Property              |                Value                 |
+-------------------------------------+--------------------------------------+
| OS-DCF:diskConfig                   | MANUAL                               |
| OS-EXT-SRV-ATTR:host                | None                                 |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None                                 |
| OS-EXT-SRV-ATTR:instance_name       | instance-00000001                    |
| OS-EXT-STS:power_state              | 0                                    |
| OS-EXT-STS:task_state               | scheduling                           |
| OS-EXT-STS:vm_state                 | building                             |
| accessIPv4                          |                                      |
| accessIPv6                          |                                      |
| adminPass                           | butvH8mKppBF                         |
| config_drive                        |                                      |
| created                             | 2012-08-31T13:36:54Z                 |
| flavor                              | m1.small                             |
| hostId                              |                                      |
| id                                  | e527c23d-15c4-4316-85c4-65b6db120f17 |
| image                               | cirros-0.3.0-x86_64                  |
| key_name                            |                                      |
| metadata                            | {}                                   |
| name                                | cirros                               |
| progress                            | 0                                    |
| status                              | BUILD                                |
| tenant_id                           | c10d9c9f296b47f8a1212dd7a98357e0     |
| updated                             | 2012-08-31T13:36:54Z                 |
| user_id                             | b0305faa3ace4671bc0399e71a0a1cc1     |
+-------------------------------------+--------------------------------------+


# virsh list
 Id    Name                           State
----------------------------------------------------
 1     instance-00000001              running


# nova list
+--------------------------------------+--------+--------+----------+
|                  ID                  |  Name  | Status | Networks |
+--------------------------------------+--------+--------+----------+
| e527c23d-15c4-4316-85c4-65b6db120f17 | cirros | ACTIVE |          |
+--------------------------------------+--------+--------+----------+
 -- PaoloVeronesi - 2012-08-31

Revision 32012-08-31 - PaoloVeronesi

Line: 1 to 1
 
META TOPICPARENT name="GestioneOpenstack"

Running Virtual Machine Instances

Line: 48 to 48
 +-------------+-----------+---------+-----------+--------------+
Added:
>
>

Adding a keypair

saltato
 
Added:
>
>

Starting an instance

  • To start an instance, we need to specify a flavor, also known as an instance type, which indicates the size of an instance. Use the nova flavor-list command to view the list of available flavors: 
# nova flavor-list
+----+-----------+-----------+------+-----------+------+-------+-------------+
| ID |    Name   | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor |
+----+-----------+-----------+------+-----------+------+-------+-------------+
| 1  | m1.tiny   | 512       | 0    | 0         |      | 1     | 1.0         |
| 2  | m1.small  | 2048      | 10   | 20        |      | 1     | 1.0         |
| 3  | m1.medium | 4096      | 10   | 40        |      | 2     | 1.0         |
| 4  | m1.large  | 8192      | 10   | 80        |      | 4     | 1.0         |
| 5  | m1.xlarge | 16384     | 10   | 160       |      | 8     | 1.0         |
+----+-----------+-----------+------+-----------+------+-------+-------------+
  • We also need to specify the image. Use the nova image-list to retrieve the ID of the CirrOS image. 

# nova image-list
+--------------------------------------+---------------------+--------+--------+
|                  ID                  |         Name        | Status | Server |
+--------------------------------------+---------------------+--------+--------+
| 3db3e2dc-9d2f-40ff-8519-af7d04f8146a | tty-linux-ramdisk   | ACTIVE |        |
| 8393828d-b226-434c-b0ea-179674fa4329 | tty-linux-kernel    | ACTIVE |        |
| ba70321b-7bb9-4fc5-a2d4-406fdd8d589d | cirros-0.3.0-x86_64 | ACTIVE |        |
| df3422c6-58f5-4d3d-8de2-b1b522ab4152 | tty-linux           | ACTIVE |        |
+--------------------------------------+---------------------+--------+--------+

  • Use the nova boot command to launch a new virtual machine instance. We'll use an m1.small instance in this example, using the CirrOS image. We also need to give this virtual machine instance a name, we'll call it cirros. We will explicitly specify the default security group in this example, although this isn't strictly necessary since the default group will be used if no security group is specified.
  -- PaoloVeronesi - 2012-08-31

Revision 22012-08-31 - AndreaCristofori

Line: 1 to 1
 
META TOPICPARENT name="GestioneOpenstack"

Running Virtual Machine Instances

Line: 23 to 23
 To be able to ping virtual machine instances, you must specify a rule to allow ICMP traffic. When specifying ICMP rules, instead of specifying a begin and end port, you specify a pemitted ICMP code and ICMP type. You can also specify -1 for the code to enable all codes and -1 for the type to enable all ICMP types. Allow access to all codes and types of ICMP traffic from all IP addresses with the following command: nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
Added:
>
>
# nova secgroup-list
+---------+-------------+
|   Name  | Description |
+---------+-------------+
| default | default     |
+---------+-------------+


# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port |  IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+


# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port |  IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

 -- PaoloVeronesi - 2012-08-31

Revision 12012-08-31 - PaoloVeronesi

Line: 1 to 1
Added:
>
>
META TOPICPARENT name="GestioneOpenstack"

Running Virtual Machine Instances

Security groups: Enabling SSH and ICMP (ping)

The Compute service uses the concept of security groups to control what network protocols (TCP, UDP, ICMP), ports, and IP addresses are permitted to access instances. Each tenant manages its own list of security groups and starts off with a security group called default. If no security group is specified upon boot, the virtual machine will be associated with the default security group. Security groups can be listed by the nova secgroup-list command. 

# nova secgroup-list
+---------+-------------+
|   Name  | Description |
+---------+-------------+
| default | default     |
+---------+-------------+

In this example, we will use the nova secgroup-add-rule command to enable access to TCP port 22 (so we can SSH to instances) Allow access to port 22 from all IP addresses (specified in CIDR notation as 0.0.0.0/0) with the following command: nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

When specifying rules for TCP and UDP protocols, you may specify a range of port consecutive addresses in a single rule (e.g., from port 5901 to port 5999). In this case, only a single port is being enabled, so we specify the start port as 22 and the end port as 22.

To be able to ping virtual machine instances, you must specify a rule to allow ICMP traffic. When specifying ICMP rules, instead of specifying a begin and end port, you specify a pemitted ICMP code and ICMP type. You can also specify -1 for the code to enable all codes and -1 for the type to enable all ICMP types. Allow access to all codes and types of ICMP traffic from all IP addresses with the following command: nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0

-- PaoloVeronesi - 2012-08-31

View topic | History: r6 < r5 < r4 < r3 | More topic actions...
 
This site is powered by the TWiki collaboration platformCopyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback