Howto deploy VMs with OpenStack APIs

Table of contents

First of all your need a new tenant to deploy your VMs. With this tenant you will have to create a new user with permissions (role), and then a network, a router and your IPs ranges.

HOWTO

Let's start with a new tenant :

keystone tenant-create --name $PROJECT_NAME

Keep your tenant-id, you will need it later.

Now create a new user :

keystone user-create --name=$USER_NAME --pass=$USER_PASS --tenant-id $YOUR_TENANT_ID --email=$USER_NAME@domain.com

Keep your user-id for later.

Assign this user a role in your tenant :

Use :

keystone role-list

to get member role id.

keystone user-role-add --tenant-id $TENANT_ID  --user-id $USER_ID --role-id $MEMBER_ROLE_ID

Create a new network for your tenant :

quantum net-create --tenant-id $TENANT_ID $NET_NAME

Create a new subnet in your new network :

quantum subnet-create --tenant-id $TENANT_ID $NET_NAME 192.168.1.0/24 --dns_nameservers list=true 8.8.8.8 8.8.4.4

=> where 192.168.1.0/24 is your private network

# Keep your subnet ID for later

Create a router for your tenant :

quantum router-create --tenant-id $TENANT_ID $ROUTER_NAME

# Keep your new router ID

Add this router to the quantum L3 agent, because it is not automatically added :

# First GET the L3 agent ID :

quantum agent-list

# Add the router to the agent :

quantum l3-agent-router-add $L3_AGENT_ID $ROUTER_NAME

Add router to the subnet :

quantum router-interface-add $ROUTER_ID $SUBNET_ID

Restart all quantum services :

cd /etc/init.d/; for i in $( ls quantum-* ); do service $i restart; done

# Check everything is OK

cd /etc/init.d/; for i in $( ls quantum-* ); do service $i status; done

Now create an external network in the admin tenant :

# Get tenant_admin_id :

keystone tenant-list

# create external net :

quantum net-create --tenant-id $ADMIN_TENANT_ID ext_net --router:external=True

# where ext_net is your external network name

Create a subnet for floating ips :

quantum subnet-create --tenant-id $ADMIN_TENANT_ID --allocation-pool start=10.2.1.160,end=10.2.1.170 --gateway 10.2.1.254 ext_net 10.2.1.150/24 --enable_dhcp=False

Set router's gateway to the external network :

quantum router-gateway-set $ROUTER_ID $EXT_NET_ID

Create your credentials file :

# vi ~/$TENANT_NAME_CREDS and paste :

export OS_TENANT_NAME=$TENANT_NAME
export OS_USERNAME=$USER
export OS_PASSWORD=$USER
export OS_AUTH_URL="http://$API_EXT_IP:5000/v2.0/"

# source this creds file :

source ~/$TENANT_NAME_CREDS

Add this security rules in order to ping and ssh your VMs :

nova --no-cache secgroup-add-rule default icmp -1 -1 0.0.0.0/0

nova --no-cache secgroup-add-rule default tcp 22 22 0.0.0.0/0

Now allocate a floating ip to your new tenant :

quantum floatingip-create ext_net

Start your first VM :

nova --no-cache boot --image $id_my_glance_img --flavor N $VM_NAME

Pick the port id corresponding to your VM :

quantum port-list

Associate the floating IP to your VM :

quantum floatingip-associate $FLOATING_IP_ID $VM_PORT_ID

EXAMPLE

I create my new tenant named 'demo' :

root@myhost$ keystone tenant-create --name demo

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |                                  |
|   enabled   |               True               |
|      id     | 8da85de346574bc18dfc0c85804ae906 |
|     name    |               demo               |
+-------------+----------------------------------+

I create my new user named 'Userdemo' :

root@myhost$ keystone user-create --name=Userdemo --pass=demoPass --tenant-id 8da85de346574bc18dfc0c85804ae906 --email=demo@opensta.ck

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |         demo@opensta.ck          |
| enabled  |               True               |
|    id    | 44c76c0365884a76b4f1693ab37818e6 |
|   name   |             Userdemo             |
| tenantId | 8da85de346574bc18dfc0c85804ae906 |
+----------+----------------------------------+

Which role are available :

root@myhost$ keystone role-list

+----------------------------------+----------------------+
|                id                |         name         |
+----------------------------------+----------------------+
| e939212ea92a412497cbbf02b405eefe |    KeystoneAdmin     |
| fad0d462afe44b2a8394f1f4cb9f956f | KeystoneServiceAdmin |
| 104639ee8649478b869445782af3fd1f |        Member        |
| 9fe2ff9ee4384b1894a90878d3e92bab |       _member_       |
| 712b7241ac18474eb9a3dfde7e564f39 |        admin         |
+----------------------------------+----------------------+

I want my user to be Member,so :

root@myhost$ keystone user-role-add --tenant-id 8da85de346574bc18dfc0c85804ae906 --user-id 44c76c0365884a76b4f1693ab37818e6 --role-id 104639ee8649478b869445782af3fd1f

I can now create my new network :

root@myhost$ quantum net-create --tenant-id 8da85de346574bc18dfc0c85804ae906 net_demo

Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | 8b1ee9ff-9d85-40dc-89ba-b0d12c07dd16 |
| name                      | net_demo                             |
| provider:network_type     | gre                                  |
| provider:physical_network |                                      |
| provider:segmentation_id  | 1                                    |
| router:external           | False                                |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tenant_id                 | 8da85de346574bc18dfc0c85804ae906     |
+---------------------------+--------------------------------------+

I create a subnet for my new network named net_demo :

root@myhost$ quantum subnet-create --tenant-id 8da85de346574bc18dfc0c85804ae906 net_demo 192.168.1.0/24 --dns_nameservers list=true 8.8.8.8 8.8.4.4

Created a new subnet:
+------------------+----------------------------------------------+
| Field            | Value                                        |
+------------------+----------------------------------------------+
| allocation_pools | {"start": "192.168.1.2", "end": "192.168.1.254"} |
| cidr             | 192.168.1.0/24                                 |
| dns_nameservers  | 8.8.4.4                                      |
|                  | 8.8.8.8                                      |
| enable_dhcp      | True                                         |
| gateway_ip       | 192.168.1.1                                    |
| host_routes      |                                              |
| id               | f67a16a1-addc-4246-8176-dd0b557c75e1         |
| ip_version       | 4                                            |
| name             |                                              |
| network_id       | 8b1ee9ff-9d85-40dc-89ba-b0d12c07dd16         |
| tenant_id        | 8da85de346574bc18dfc0c85804ae906             |
+------------------+----------------------------------------------+

I create my router :

root@myhost$ quantum router-create --tenant-id 8da85de346574bc18dfc0c85804ae906 router_demo

Created a new router:
+-----------------------+--------------------------------------+
| Field                 | Value                                |
+-----------------------+--------------------------------------+
| admin_state_up        | True                                 |
| external_gateway_info |                                      |
| id                    | aa91ea06-a57e-4c1e-8b1e-6a9fc41a0118 |
| name                  | router_demo                          |
| status                | ACTIVE                               |
| tenant_id             | 8da85de346574bc18dfc0c85804ae906     |
+-----------------------+--------------------------------------+

Get L3 agent id :

root@myhost$ quantum agent-list

+--------------------------------------+--------------------+-----------------------+-------+----------------+
| id                                   | agent_type         | host                  | alive | admin_state_up |
+--------------------------------------+--------------------+-----------------------+-------+----------------+
| [...]                                | [...]              | [...]                 | [...] | [...]          |
+--------------------------------------+--------------------+-----------------------+-------+----------------+
| 37f6e09d-5cf4-4f53-be91-d5c281c81389 | L3 agent           | network1.openstack.aw | :-)   | True           |
+--------------------------------------+--------------------+-----------------------+-------+----------------+
| [...]                                | [...]              | [...]                 | [...] | [...]          |
+--------------------------------------+--------------------+-----------------------+-------+----------------+

Add our new router to L3 agent :

root@myhost$ quantum l3-agent-router-add 37f6e09d-5cf4-4f53-be91-d5c281c81389 router_demo

Add our router to our subnet :

root@myhost$ quantum router-interface-add aa91ea06-a57e-4c1e-8b1e-6a9fc41a0118 f67a16a1-addc-4246-8176-dd0b557c75e1

Restart all quantum services :

root@myhost$ cd /etc/init.d/; for i in $( ls quantum-* ); do service $i restart; done

Now create an external network in the admin tenant (if it doesn't already exists) :

# Get tenant_admin_id :

root@myhost$ keystone tenant-list

+----------------------------------+----------+---------+
|                id                |   name   | enabled |
+----------------------------------+----------+---------+
| 897bb2a6dfb547978a6ed1e4ed02e89e |  admin   |   True  |
| 221ff7b868614144a5d97f5d04eeebd1 | alterway |   True  |
| 8da85de346574bc18dfc0c85804ae906 |   demo   |   True  |
| a0a57390dd3944f49384fe57a39ee363 | service  |   True  |
+----------------------------------+----------+---------+

# Create external network :

root@myhost$ quantum net-create --tenant-id 897bb2a6dfb547978a6ed1e4ed02e89e ext_net --router:external=True

Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | dad08870-98e8-4733-af89-ed7a4864076b |
| name                      | ext_net                              |
| provider:network_type     | gre                                  |
| provider:physical_network |                                      |
| provider:segmentation_id  | 2                                    |
| router:external           | True                                 |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tenant_id                 | 897bb2a6dfb547978a6ed1e4ed02e89e     |
+---------------------------+--------------------------------------+

Create a subnet for floating ips :

root@myhost$ quantum subnet-create --tenant-id 897bb2a6dfb547978a6ed1e4ed02e89e --allocation-pool start=10.2.1.160,end=10.2.1.170 --gateway 10.2.1.254 ext_net 10.2.1.150/24 --enable_dhcp=False

Created a new subnet:
+------------------+----------------------------------------------+
| Field            | Value                                        |
+------------------+----------------------------------------------+
| allocation_pools | {"start": "10.2.1.160", "end": "10.2.1.170"} |
| cidr             | 10.2.1.150/24                                |
| dns_nameservers  |                                              |
| enable_dhcp      | False                                        |
| gateway_ip       | 10.2.1.254                                   |
| host_routes      |                                              |
| id               | 4b6ce2f1-c4e9-4216-a923-8b27ed7d0dbc         |
| ip_version       | 4                                            |
| name             |                                              |
| network_id       | dad08870-98e8-4733-af89-ed7a4864076b         |
| tenant_id        | 897bb2a6dfb547978a6ed1e4ed02e89e             |
+------------------+----------------------------------------------+

Now I set router's gateway to the external network :

root@myhost$ quantum router-gateway-set aa91ea06-a57e-4c1e-8b1e-6a9fc41a0118 dad08870-98e8-4733-af89-ed7a4864076b

Create your credentials file and source it like this :

root@myhost$ vi ~/demo_creds
export OS_TENANT_NAME=demo
export OS_USERNAME=Userdemo
export OS_PASSWORD=demoPass
export OS_AUTH_URL="http://$API_EXT_IP:5000/v2.0/"

root@myhost$ source ~/demo_creds

Add this security rules as explained in Howto :

root@myhost$ nova --no-cache secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

root@myhost$ nova --no-cache secgroup-add-rule default tcp 22 22 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

So now we can ping and ssh our new VMs.

Allocate a floating ip to our new tenant :

root@myhost$ quantum floatingip-create ext_net

Created a new floatingip:
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| fixed_ip_address    |                                      |
| floating_ip_address | 10.2.1.161                           |
| floating_network_id | dad08870-98e8-4733-af89-ed7a4864076b |
| id                  | 937571bc-afa4-49d2-a67e-3041db48df35 |
| port_id             |                                      |
| router_id           |                                      |
| tenant_id           | 8da85de346574bc18dfc0c85804ae906     |
+---------------------+--------------------------------------+

Start a new VM :

root@myhost$ nova --no-cache boot --image 55e55d0e-d392-49f1-a490-5036896a4637 --flavor 1 vm-demo
+-----------------------------+--------------------------------------+
| Property                    | Value                                |
+-----------------------------+--------------------------------------+
| status                      | BUILD                                |
| updated                     | 2013-08-30T12:25:59Z                 |
| OS-EXT-STS:task_state       | scheduling                           |
| key_name                    | None                                 |
| image                       | Ubuntu-12_04-UEC                     |
| hostId                      |                                      |
| OS-EXT-STS:vm_state         | building                             |
| flavor                      | m1.tiny                              |
| id                          | ef68fa1a-b8d3-44a2-9276-6774655d5ba7 |
| security_groups             | [{u'name': u'default'}]              |
| user_id                     | 44c76c0365884a76b4f1693ab37818e6     |
| name                        | vm-demo                              |
| adminPass                   | GJiXv4xHW5cD                         |
| tenant_id                   | 8da85de346574bc18dfc0c85804ae906     |
| created                     | 2013-08-30T12:25:59Z                 |
| OS-DCF:diskConfig           | MANUAL                               |
| metadata                    | {}                                   |
| accessIPv4                  |                                      |
| accessIPv6                  |                                      |
| progress                    | 0                                    |
| OS-EXT-STS:power_state      | 0                                    |
| OS-EXT-AZ:availability_zone | nova                                 |
| config_drive                |                                      |
+-----------------------------+--------------------------------------+

Associate the floating ip to your VM :

root@myhost$ quantum floatingip-associate 937571bc-afa4-49d2-a67e-3041db48df35 9e3a848d-b025-4e0a-95db-abea1b69de5b

Comments !