Configuring a Multi-Tier Application with Neutron and Nova in OpenStack, Exercises of Neuroscience

The steps to build a multi-tier application using openstack neutron and nova. It covers creating security groups, setting up virtual machines, and configuring load balancers. The goal is to allow external access to the jump host via ssh and to build a highly available web application.

Typology: Exercises

2017/2018

Uploaded on 05/11/2018

prashantm
prashantm 🇮🇳

5

(2)

3 documents

1 / 60

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c

Partial preview of the text

Download Configuring a Multi-Tier Application with Neutron and Nova in OpenStack and more Exercises Neuroscience in PDF only on Docsity!

Table of Contents

Neutron

Introduction

Building a multi-tier application

Heat

Instance deployment using OpenStack Heat

TripleO

Deploying OpenStack using TripleO

Building a multi-tier application using

OpenStack (PackStack)

Gerard Braad [email protected]

To setup the environment quickly, we will be using PackStack. PackStack is an

installation utility to quickly deploy an OpenStack cloud. In our case we will use

the all-in-one solutiion which allows a single node environment to test deploying

our multi-tier application.

Setup packstack environment

Use a RHEL or CentOS 7 installation.

$ systemctl disable NetworkManager $ systemctl enable network $ systemctl stop NetworkManager.service $ systemctl start network.service

$ yum install -y https://www.rdoproject.org/repos/rdo-release.rp m $ sudo yum update -y $ sudo yum install -y openstack-packstack $ packstack --allinone --os-neutron-lbaas-install=y

Check environment

In order to start using OpenStack , you’ll need to authenticate as a tenant. To do

this, run the following command in order to put the demo user’s credentials in your

environment.

$ source ~/keystonerc_admin

The installation automatically creates two networks for you ‘private’ and ‘public’.

The ‘public’ network we’ll use to allocate floating ips out of later. Running

openstack network list will show this.

$ openstack network list

| ID | Name | Subnets | +--------------------------------------+---------+-------------- ------------------------+ | 84aff6b0-2291-41b5-9871-d3d24906e358 | private | 92432fb8-8c -4abe-98d8-de8bf161a18b | | 427becab-54af-4b43-a5d2-e292b13b6a86 | public | 78eff45a-25f -4904-bab8-a8795d9a7f9b | +--------------------------------------+---------+-------------- ------------------------+

Setup security groups

First we’ll create the three security groups we’ll need to contain the members:

web, database and ssh.

$ openstack security group create web

| Field | Value | +-------------+--------------------------------------+ | description | web | | id | a98fcd2f-a828-4a88-92aa-36e3c1223a92 | | name | web | | rules | [] | | tenant_id | 3d44af649a1c42fcaa102ed11e3f010f | +-------------+--------------------------------------+

| ID | Name | Description | +--------------------------------------+----------+------------- -----------+ | cf6c0380-e255-4ba8-9258-bb8e9c062fa7 | database | database | | 379b58b2-7ca3-431e-ae1f-cd6a627a9b30 | default | Default secu rity group | | 141ed0d0-c004-457d-8efa-45e0fd2dc986 | ssh | ssh | | a98fcd2f-a828-4a88-92aa-36e3c1223a92 | web | web | +--------------------------------------+----------+------------- -----------+

Now we’ll add rules into these security groups for their desired functionality.

Allow all HTTP traffic on port 80 to the web security group:

$ neutron security-group-rule-create --direction ingress --proto col TCP \

--port-range-min 80 --port-range-max 80 web

Created a new security_group_rule: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | direction | ingress | | ethertype | IPv4 | | id | b293d93a-30c2-4854-a890-5ce65639f870 | | port_range_max | 80 | | port_range_min | 80 | | protocol | tcp | | remote_group_id | | | remote_ip_prefix | | | security_group_id | a98fcd2f-a828-4a88-92aa-36e3c1223a92 | | tenant_id | 3d44af649a1c42fcaa102ed11e3f010f | +-------------------+--------------------------------------+

Allow database servers to be accessed from the web servers:

$ neutron security-group-rule-create --direction ingress --proto col TCP \

--port-range-min 3306 --port-range-max 3306 --remote-group-id web database

Created a new security_group_rule: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | direction | ingress | | ethertype | IPv4 | | id | 0c686a2c-304f-42be-9936-cdce46963d46 | | port_range_max | 22 | | port_range_min | 22 | | protocol | tcp | | remote_group_id | 141ed0d0-c004-457d-8efa-45e0fd2dc986 | | remote_ip_prefix | | | security_group_id | cf6c0380-e255-4ba8-9258-bb8e9c062fa7 | | tenant_id | 3d44af649a1c42fcaa102ed11e3f010f | +-------------------+--------------------------------------+

$ neutron security-group-rule-create --direction ingress --proto col TCP \

--port-range-min 22 --port-range-max 22 --remote-group-id ssh web

Created a new security_group_rule: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | direction | ingress | | ethertype | IPv4 | | id | 919a6ede-8dfd-4184-bf2a-f07c0527d5bf | | port_range_max | 22 | | port_range_min | 22 | | protocol | tcp | | remote_group_id | 141ed0d0-c004-457d-8efa-45e0fd2dc986 | | remote_ip_prefix | | | security_group_id | a98fcd2f-a828-4a88-92aa-36e3c1223a92 | | tenant_id | 3d44af649a1c42fcaa102ed11e3f010f | +-------------------+--------------------------------------+

Allow the outside world to be able to ssh into the jump host on port 22:

$ neutron security-group-rule-create --direction ingress --proto col tcp \

--port-range-min 22 --port-range-max 22 ssh

Created a new security_group_rule: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | direction | ingress | | ethertype | IPv4 | | id | fb8dcbe6-e553-4a92-aed4-aca7f086dca4 | | port_range_max | 22 | | port_range_min | 22 | | protocol | tcp | | remote_group_id | | | remote_ip_prefix | | | security_group_id | 141ed0d0-c004-457d-8efa-45e0fd2dc986 | | tenant_id | 3d44af649a1c42fcaa102ed11e3f010f | +-------------------+--------------------------------------+

Setup virtual machines

Now we can boot some virtual machines that will make use of these security

groups. Run openstack net work list to obtain the private network uuid

that we are going to be using:

$ openstack network list

| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+-----------+-------+------+-----------+-------+-----------

| 1 | m1.tiny | 512 | 1 | 0 | 1 | True | | 2 | m1.small | 2048 | 20 | 0 | 1 | True | | 3 | m1.medium | 4096 | 40 | 0 | 2 | True | | 4 | m1.large | 8192 | 80 | 0 | 4 | True | | 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True | +----+-----------+-------+------+-----------+-------+-----------

So we will be using flavor 1, which means instances are created with 512MB of

memory and a disk of 1G.

Note:

We also have to make sure that each instances has an IP address on the private

network. For this we are including the --nic net-id= option specifying the

network ID of the private network.

Setup web servers

Boot two instances named web_server1 and web_server2 on the private

network using the cirros image and part of the web security group:

$ nova boot --image cirros --nic net-id=84aff6b0-2291-41b5-9871- d3d24906e358 \

--security_groups web --flavor 1 web_server

| Property | Value | +--------------------------------------+------------------------ -----------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-SRV-ATTR:host | - | | OS-EXT-SRV-ATTR:hypervisor_hostname | - | | OS-EXT-SRV-ATTR:instance_name | instance- | | OS-EXT-STS:power_state | 0 | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | - | | OS-SRV-USG:terminated_at | - | | accessIPv4 | | | accessIPv6 | | | adminPass | rijM8RvVKXhd | | config_drive | | | created | 2016-02-25T08:21:23Z | | flavor | m1.tiny (1) | | hostId | | | id | be6ec624-07cd-45c1-

| OS-EXT-AZ:availability_zone | | | OS-EXT-SRV-ATTR:host | - | | OS-EXT-SRV-ATTR:hypervisor_hostname | - | | OS-EXT-SRV-ATTR:instance_name | instance- | | OS-EXT-STS:power_state | 0 | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | - | | OS-SRV-USG:terminated_at | - | | accessIPv4 | | | accessIPv6 | | | adminPass | vyT4575gsqth | | config_drive | | | created | 2016-02-25T08:22:53Z | | flavor | m1.tiny (1) | | hostId | | | id | 146056ad-e8dc-4ad3- -97b753f3d040 | | image | cirros (eea0e326-8e2e- 1db-80a0-1138a4bdd5a6) | | key_name | - | | metadata | {} |

| name | web_server | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | security_groups | web | | status | BUILD | | tenant_id | 3d44af649a1c42fcaa102ed 11e3f010f | | updated | 2016-02-25T08:22:53Z | | user_id | a72ce317d35c47e8b 5d0a2af92 | +--------------------------------------+------------------------ -----------------------+

Setup database server

Boot database server

$ nova boot --image cirros --nic net-id=84aff6b0-2291-41b5-9871- d3d24906e358 \

--security_groups database --flavor 1 database_server

| Property | Value | +--------------------------------------+------------------------ -----------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-SRV-ATTR:host | -

| progress | 0 | | security_groups | database | | status | BUILD | | tenant_id | 3d44af649a1c42fcaa102ed 11e3f010f | | updated | 2016-02-25T08:23:22Z | | user_id | a72ce317d35c47e8b 5d0a2af92 | +--------------------------------------+------------------------ -----------------------+

Setup jumphost server

Boot ssh jump host

$ nova boot --image cirros --nic net-id=84aff6b0-2291-41b5-9871- d3d24906e358 \

--security_groups ssh --flavor 1 jumphost

| Property | Value | +--------------------------------------+------------------------ -----------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-SRV-ATTR:host | - | | OS-EXT-SRV-ATTR:hypervisor_hostname | - |

| OS-EXT-SRV-ATTR:instance_name | instance- | | OS-EXT-STS:power_state | 0 | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | - | | OS-SRV-USG:terminated_at | - | | accessIPv4 | | | accessIPv6 | | | adminPass | jwbUXkmfEK7Y | | config_drive | | | created | 2016-02-25T08:23:54Z | | flavor | m1.tiny (1) | | hostId | | | id | e540896e-e148-414a- -3b83d3f2b059 | | image | cirros (eea0e326-8e2e- 1db-80a0-1138a4bdd5a6) | | key_name | - | | metadata | {} | | name | jumphost | | os-extended-volumes:volumes_attached | [] | | progress | 0 |