With an OpenStack environment up and running based on an OpenStack Ansible Deployment, now what?
Using Horizon with OSAD
First, we can log into Horizon (point your web browser at your load balance pool address, the one labelled external_lb_vip_address in the /etc/openstack_deploy/openstack_user_config.yml):
Where are the username/password credentials for Horizon?
In step 4.5 of https://openstackr.wordpress.com/2015/07/19/home-lab-2015-edition-openstack-ansible-deployment/ we randomly generated all passwords used by OpenStack. This also generated a random password for the ‘admin‘ user. This user is the equivalent of ‘root’ on a Linux system, so generating a strong password is highly recommended. But to get that password, we need to get it out of a file.
The easiest place to find this password is to look on the deployment host itself as that is where we wrote out the passwords. Take a look in /etc/openstack_deploy/user_secrets.yml file and find the line that says ‘keystone_auth_admin_password‘. This random string of characters is the ‘admin‘ user’s password that you can use for Horizon:
The Utility Container and openrc credentials file
Alternatively, you can grab the ‘openrc‘ file from a ‘utility’ container which is found on a controller node. To do this, carry out the following:
- Log into a controller node and change to root. In my case I can choose either openstack4, openstack5 or openstack6. Here I can list the containers running on here as follows:
- Locate the name of the utility container and attach to it as follows
lxc-attach -n controller-01_utility_container-71cceb47
- Here you will find the admin user’s credentials in the /root/openrc file:
# Do not edit, changes will be overwritten
# COMMON CINDER ENVS
# COMMON NOVA ENVS
# COMMON OPENSTACK ENVS
- To use this, we simply source this into our environment as follows:
- And now we can use the command line tools such as nova, glance, cinder, keystone, neutron and heat.
Loading images into Glance
Glance is the Image Service. This service provides you with a list of available images you can use to launch instances in OpenStack. To do this, we use the Glance command line tool.
There are plenty of public images available for OpenStack. You essentially grab them from the internet, and load them into Glance for your use. A list of places for OpenStack images can be found below:
CirrOS test image (can use username/password to log in): http://download.cirros-cloud.net/
Ubuntu images: http://cloud-images.ubuntu.com/
Windows 2012 R2: http://www.cloudbase.it/
CentOS 7: http://cloud.centos.org/centos/7/images/
To load these, log into a Utililty container as described above and load into the environment as follows.
Note that you can either grab the files from the website, save them locally and upload to Glance, or have Glance grab the files and load into the environment direct from the site. I’ll describe both as you will have to load from a locally saved file for Windows due to having to accept an EULA before gaining access.
glance image-create \ --name "cirros-image" \ --disk-format qcow2 \ --container-format bare \ --copy-from http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img \ --is-public True \ --progress
You can use a username and password to log into CirrOS. This makes this tiny just-enough-OS great for testing and troubleshooting. Username: cirros, Password: Cubswin:)
glance image-create \
–name “trusty-image” \
–disk-format qcow2 \
–container-format bare \
–copy-from http://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img \
–is-public True \
You’d specify a keypair to use when launching this image as there is no default username or password on these cloud images [that would be a disastrous security fail if so]. The username to log into these will be ‘root’ and the private key that matched the public key specified at launch would get you access.
Windows 2012 R2
For Windows, you can download an evaluation copy of Windows 2012 R2 and to do so you need to accept a license. Head over to http://www.cloudbase.it/ and follow the instructions to download the image.
Once downloaded, you need to get this to OpenStack. As we’re using the Utility container for our access we need to get the image so it is accessible from there. There are alternative ways such as installing the OpenStack Client tools on your client which is ultimately how you’d use OpenStack. For now though, we will copy to the Utility container.
- Copy the Windows image to the Utility Container. All of the containers have an IP on the container ‘management’ network (172.29.236.0/24 in my lab). View the IP address of the Utility container and use this IP. This network is available via my deployment host so I simply secure copy this over to the container:
(performed as root on my deployment host as that has SSH access using keypairs to the containers)
scp Windows2012R2.qcow2 firstname.lastname@example.org:
- We can then upload this to Glance as follows, note the use of –file instead of –copy-from:
glance image-create \
--name "windows-image" \
--disk-format qcow2 \
--container-format bare \
--file ./Windows2012R2.qcow2 \
--is-public True \
This will take a while as the Windows images are naturally bigger than Linux ones. Once uploaded it will be available for our use.
Access to Windows instances will be by RDP, and although SSH keypairs are not used by this Windows image for RDP access, it is still required to get access to the randomly generated ‘Administrator’ passphrase, so when launching the Windows instance, specify a keypair.
Access to the Administrator password is then carried out using the following once you’ve launched an instance:
nova get-password myWindowsInstance .ssh/ida_rsa
Launching instances will be covered in a later topic!