(r4) RunningVirtualMachineInstances < MarcheCloudPilotaCNAF

Tags: , view all tags
---+!! Running Virtual Machine Instances
%TOC%

---++ Security groups: Enabling SSH and ICMP (ping)
The Compute service uses the concept of security groups to control what network protocols (TCP, UDP, ICMP), ports, and IP addresses are permitted to access instances. Each tenant manages its own list of security groups and starts off with a security group called default. If no security group is specified upon boot, the virtual machine will be associated with the default security group.
Security groups can be listed by the =nova secgroup-list= command.

<verbatim>
# nova secgroup-list
+---------+-------------+
|   Name  | Description |
+---------+-------------+
| default | default     |
+---------+-------------+
</verbatim>

In this example, we will use the =nova secgroup-add-rule= command to enable access to TCP port 22 (so we can SSH to instances) Allow access to port 22 from all IP addresses (specified in CIDR notation as 0.0.0.0/0) with the following command: =nova secgroup-add-rule default tcp 22 22 0.0.0.0/0=

When specifying rules for TCP and UDP protocols, you may specify a range of port consecutive addresses in a single rule (e.g., from port 5901 to port 5999). In this case, only a single port is being enabled, so we specify the start port as 22 and the end port as 22.

To be able to ping virtual machine instances, you must specify a rule to allow ICMP traffic. When specifying ICMP rules, instead of specifying a begin and end port, you specify a pemitted ICMP code and ICMP type. You can also specify -1 for the code to enable all
codes and -1 for the type to enable all ICMP types. Allow access to all codes and types of ICMP traffic from all IP addresses with the following command: =nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0=

<verbatim>
# nova secgroup-list
+---------+-------------+
|   Name  | Description |
+---------+-------------+
| default | default     |
+---------+-------------+


# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port |  IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+


# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port |  IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+
</verbatim>

---++ Adding a keypair
saltato

---++ Starting an instance
   * To start an instance, we need to specify a _flavor_, also known as an instance type, which indicates the size of an instance. Use the =nova flavor-list= command to view the list of available flavors:
<verbatim>
# nova flavor-list
+----+-----------+-----------+------+-----------+------+-------+-------------+
| ID |    Name   | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor |
+----+-----------+-----------+------+-----------+------+-------+-------------+
| 1  | m1.tiny   | 512       | 0    | 0         |      | 1     | 1.0         |
| 2  | m1.small  | 2048      | 10   | 20        |      | 1     | 1.0         |
| 3  | m1.medium | 4096      | 10   | 40        |      | 2     | 1.0         |
| 4  | m1.large  | 8192      | 10   | 80        |      | 4     | 1.0         |
| 5  | m1.xlarge | 16384     | 10   | 160       |      | 8     | 1.0         |
+----+-----------+-----------+------+-----------+------+-------+-------------+
</verbatim>
   * We also need to specify the image. Use the =nova image-list= to retrieve the ID of the !CirrOS image.

<verbatim>
# nova image-list
+--------------------------------------+---------------------+--------+--------+
|                  ID                  |         Name        | Status | Server |
+--------------------------------------+---------------------+--------+--------+
| 3db3e2dc-9d2f-40ff-8519-af7d04f8146a | tty-linux-ramdisk   | ACTIVE |        |
| 8393828d-b226-434c-b0ea-179674fa4329 | tty-linux-kernel    | ACTIVE |        |
| ba70321b-7bb9-4fc5-a2d4-406fdd8d589d | cirros-0.3.0-x86_64 | ACTIVE |        |
| df3422c6-58f5-4d3d-8de2-b1b522ab4152 | tty-linux           | ACTIVE |        |
+--------------------------------------+---------------------+--------+--------+
</verbatim>

   * Use the =nova boot= command to launch a new virtual machine instance. We'll use an _m1.small_ instance in this example, using the !CirrOS image. We also need to give this virtual machine instance a name, we'll call it *cirros*. We will explicitly specify the _default_ security group in this example, although this isn't strictly necessary since the _default_ group will be used if no security group is specified.


<verbatim>
# nova boot --flavor 2 --image ba70321b-7bb9-4fc5-a2d4-406fdd8d589d --security_group default cirros
+-------------------------------------+--------------------------------------+
|               Property              |                Value                 |
+-------------------------------------+--------------------------------------+
| OS-DCF:diskConfig                   | MANUAL                               |
| OS-EXT-SRV-ATTR:host                | None                                 |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None                                 |
| OS-EXT-SRV-ATTR:instance_name       | instance-00000001                    |
| OS-EXT-STS:power_state              | 0                                    |
| OS-EXT-STS:task_state               | scheduling                           |
| OS-EXT-STS:vm_state                 | building                             |
| accessIPv4                          |                                      |
| accessIPv6                          |                                      |
| adminPass                           | butvH8mKppBF                         |
| config_drive                        |                                      |
| created                             | 2012-08-31T13:36:54Z                 |
| flavor                              | m1.small                             |
| hostId                              |                                      |
| id                                  | e527c23d-15c4-4316-85c4-65b6db120f17 |
| image                               | cirros-0.3.0-x86_64                  |
| key_name                            |                                      |
| metadata                            | {}                                   |
| name                                | cirros                               |
| progress                            | 0                                    |
| status                              | BUILD                                |
| tenant_id                           | c10d9c9f296b47f8a1212dd7a98357e0     |
| updated                             | 2012-08-31T13:36:54Z                 |
| user_id                             | b0305faa3ace4671bc0399e71a0a1cc1     |
+-------------------------------------+--------------------------------------+


# virsh list
 Id    Name                           State
----------------------------------------------------
 1     instance-00000001              running


# nova list
+--------------------------------------+--------+--------+----------+
|                  ID                  |  Name  | Status | Networks |
+--------------------------------------+--------+--------+----------+
| e527c23d-15c4-4316-85c4-65b6db120f17 | cirros | ACTIVE |          |
+--------------------------------------+--------+--------+----------+
</verbatim>

-- Main.PaoloVeronesi - 2012-08-31
Topic revision: r4 - 2012-08-31 - AndreaCristofori
Account
- Log In
~~Edit~~
~~Attach~~