openstack/openstack-manuals
Code Issues Proposed changes

Updated Launch chapter

Browse Source 
As part of the installation guide improvement project, I performed
the following operations on the Launch chapter:

1) Split monolithic file with instructions for nova networking into
   separate files for nova and neutron networking.
2) Updated instructions in each section to account for differences
   between nova and neutron networking.
3) Updated other sections and glossary as necessary.

Change-Id: I7faaadc0787cf85d816c7c2aab1247ecc77195b2
Partial-Bug: #1291071
Implements: blueprint networking-install-guide-improvements
This commit is contained in:
Matt Kassawara 2014-04-09 14:49:50 -06:00 committed by Tom Fifield
parent 289c27051a
commit d0ece3d6ef
5 changed files with 585 additions and 210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
doc/glossary/glossary-terms.xml
View File

@ -2395,6 +2395,14 @@
<para>Project name for the ninth release of OpenStack.</para>
</glossdef>
</glossentry>
<glossentry>
<glossterm>ICMP</glossterm>
<glossdef>
<para>Internet Control Message Protocol, used by network devices
for control messages. For example, <command>ping</command>
uses ICMP to test connectivity.</para>
</glossdef>
</glossentry>
<glossentry>
<glossterm>ID number</glossterm>
<glossdef>
@ -3729,6 +3737,13 @@
end-users.</para>
</glossdef>
</glossentry>
<glossentry>
<glossterm>public key authentication</glossterm>
<glossdef>
<para>Authentication method that uses keys rather than
passwords.</para>
</glossdef>
</glossentry>
<glossentry>
<glossterm>public network</glossterm>
<glossdef>

231
doc/install-guide/ch_launch-instance.xml
View File

@ -3,212 +3,27 @@
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="launch-instance">
<title>Launch an instance</title>
<para>An instance is a virtual machine that OpenStack provisions on
a Compute server. This example shows you how to launch a
low-resource instance by using a downloaded image.</para>
<para>If you followed the step-by-step instructions in this guide,
you can launch an instance after you meet these
prerequisites:</para>
<itemizedlist>
<listitem>
<para>Installed the nova client library on the machine on which
you will run the commands (log on the controller if you are
not sure).</para>
</listitem>
<listitem>
<para>Set environment variables to specify your credentials. See
<xref linkend="keystone-verify"/>.</para>
</listitem>
<listitem>
<para>Downloaded an image. See <xref linkend="glance-verify"
/>.</para>
</listitem>
<listitem>
<para>Configured networking. See <xref linkend="ch_networking"
/>.</para>
</listitem>
</itemizedlist>
<procedure>
<step>
<para>Generate a keypair that consists of a private and public
key to be able to launch instances on OpenStack. These keys
are injected into the instances to make password-less SSH
access to the instance. This depends on the way the necessary
tools are bundled into the images. For more details, see the
<link
xlink:href="http://docs.openstack.org/user-guide-admin/content/cli_manage_images.html"
><citetitle>OpenStack Admin User
Guide</citetitle></link>.</para>
<screen><prompt>$</prompt> <userinput>ssh-keygen</userinput>
<prompt>$</prompt> <userinput>nova keypair-add --pub-key ~/.id_rsa.pub mykey</userinput></screen>
<para>You have just created the <literal>mykey</literal>
keypair. The <literal>id_rsa</literal> private key is saved
locally in <filename>~/.ssh</filename>, which you can use to
connect to an instance launched by using mykey as the keypair.
To view available keypairs:</para>
<screen><prompt>$</prompt> <userinput>nova keypair-list</userinput>
<computeroutput>+--------+-------------------------------------------------+
| Name | Fingerprint |
+--------+-------------------------------------------------+
| mykey | b0:18:32:fa:4e:d4:3c:1b:c4:6c:dd:cb:53:29:13:82 |
+--------+-------------------------------------------------+</computeroutput></screen>
</step>
<step>
<para>To launch an instance, you must specify the ID for the
flavor you want to use for the instance. A flavor is a
resource allocation profile. For example, it specifies how
many virtual CPUs and how much RAM your instance gets. To see
a list of the available profiles:</para>
<screen><prompt>$</prompt> <userinput>nova flavor-list</userinput>
<computeroutput>+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | | 1 | 1.0 | True |
| 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True |
| 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True |
| 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | 1.0 | True |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+</computeroutput></screen>
</step>
<step>
<para>Get the name of the image to use for the instance:</para>
<screen><prompt>$</prompt> <userinput>nova image-list</userinput>
<computeroutput>+--------------------------------------+--------------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+--------------+--------+--------+
| 9e5c2bee-0373-414c-b4af-b91b0246ad3b | CirrOS 0.3.2 | ACTIVE | |
+--------------------------------------+--------------+--------+--------+</computeroutput></screen>
</step>
<step>
<para>To use SSH and ping, you must configure security group
rules. See the <link
xlink:href="http://docs.openstack.org/user-guide/content/"
><citetitle>OpenStack User
Guide</citetitle></link>.</para>
<screen><prompt>$</prompt> <userinput>nova secgroup-add-rule <replaceable>default</replaceable> tcp 22 22 0.0.0.0/0</userinput></screen>
<screen><prompt>$</prompt> <userinput>nova secgroup-add-rule <replaceable>default</replaceable> icmp -1 -1 0.0.0.0/0</userinput></screen>
</step>
<step>
<para>Use a command like this to launch the instance:</para>
<screen><prompt>$</prompt> <userinput>nova boot --flavor <replaceable>flavorType</replaceable> --key-name <replaceable>keypairName</replaceable> --image <replaceable>ID</replaceable> <replaceable>newInstanceName</replaceable></userinput> </screen>
<para>Create an instance by using flavor 1 or 2. For
example:</para>
<screen><prompt>$</prompt> <userinput>nova boot --flavor 1 --key-name mykey --image "CirrOS 0.3.2" --security-group default</userinput>
<computeroutput>+--------------------------------------+--------------------------------------+
| Property | Value |
+--------------------------------------+--------------------------------------+
| OS-EXT-STS:task_state | scheduling |
| image | CirrOS 0.3.2 |
| OS-EXT-STS:vm_state | building |
| OS-EXT-SRV-ATTR:instance_name | instance-00000001 |
| OS-SRV-USG:launched_at | None |
| flavor | m1.tiny |
| id | 3bdf98a0-c767-4247-bf41-2d147e4aa043 |
| security_groups | [{u'name': u'default'}] |
| user_id | 530166901fa24d1face95cda82cfae56 |
| OS-DCF:diskConfig | MANUAL |
| accessIPv4 | |
| accessIPv6 | |
| progress | 0 |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-AZ:availability_zone | nova |
| config_drive | |
| status | BUILD |
| updated | 2013-10-10T06:47:26Z |
| hostId | |
| OS-EXT-SRV-ATTR:host | None |
| OS-SRV-USG:terminated_at | None |
| key_name | mykey |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| name | cirrOS |
| adminPass | DWCDW6FnsKNq |
| tenant_id | e66d97ac1b704897853412fc8450f7b9 |
| created | 2013-10-10T06:47:23Z |
| os-extended-volumes:volumes_attached | [] |
| metadata | {} |
+--------------------------------------+--------------------------------------+</computeroutput></screen>
<note>
<para>If sufficient RAM is not available for the instance,
Compute creates, but does not start, the instance and sets
the status for the instance to
<literal>ERROR</literal>.</para>
</note>
</step>
<step>
<para>After the instance launches, use the <command>nova
list</command> to view its status. The status changes from
<literal>BUILD</literal> to
<literal>ACTIVE</literal>:</para>
<screen><prompt>$</prompt> <userinput>nova list</userinput>
<computeroutput>+--------------------------------------+-----------+--------+------------+-------------+----------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+-----------+--------+------------+-------------+----------------+
| dcc4a894-869b-479a-a24a-659eef7a54bd | cirrOS | BUILD | spawning | NOSTATE | vmnet=10.0.0.3 |
+--------------------------------------+-----------+--------+------------+-------------+----------------+
</computeroutput><prompt>$</prompt> <userinput>nova list</userinput>
<computeroutput>+--------------------------------------+-----------+--------+------------+-------------+----------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+-----------+--------+------------+-------------+----------------+
| dcc4a894-869b-479a-a24a-659eef7a54bd | cirrOS | ACTIVE | None | Running | vmnet=10.0.0.3 |
+--------------------------------------+-----------+--------+------------+-------------+----------------+</computeroutput>
</screen>
<note>
<para>To show details for a specified instance:</para>
<screen><prompt>$</prompt> <userinput>nova show dcc4a894-869b-479a-a24a-659eef7a54bd</userinput>
<computeroutput>+--------------------------------------+----------------------------------------------------------+
| Property | Value |
+--------------------------------------+----------------------------------------------------------+
| status | ACTIVE |
| updated | 2013-10-16T21:55:24Z |
| OS-EXT-STS:task_state | None |
| OS-EXT-SRV-ATTR:host | compute-node |
| key_name | mykey |
| image | cirros (918a1017-8a1b-41ff-8809-6106ba45366e) |
| vmnet network | 10.0.0.3 |
| hostId | 306d7c693911170ad4e5218f626f531cc68caa45f3a0f70f1aeba94d |
| OS-EXT-STS:vm_state | active |
| OS-EXT-SRV-ATTR:instance_name | instance-0000000a |
| OS-SRV-USG:launched_at | 2013-10-16T21:55:24.000000 |
| OS-EXT-SRV-ATTR:hypervisor_hostname | compute-node |
| flavor | m1.tiny (1) |
| id | dcc4a894-869b-479a-a24a-659eef7a54bd |
| security_groups | [{u'name': u'default'}] |
| OS-SRV-USG:terminated_at | None |
| user_id | 887ac8736b5b473b9dc3c5430a88b15f |
| name | cirrOS |
| created | 2013-10-16T21:54:52Z |
| tenant_id | 43ab520b2b484578bb6924c0ea926190 |
| OS-DCF:diskConfig | MANUAL |
| metadata | {} |
| os-extended-volumes:volumes_attached | [] |
| accessIPv4 | |
| accessIPv6 | |
| progress | 0 |
| OS-EXT-STS:power_state | 1 |
| OS-EXT-AZ:availability_zone | nova |
| config_drive | |
+--------------------------------------+----------------------------------------------------------+</computeroutput></screen>
</note>
</step>
<step>
<para>After the instance boots and initializes and you have
configured security groups, you can <command>ssh</command>
into the instance without a password by using the keypair you
specified in the <command>nova boot</command> command. Use the
<command>nova list</command> command to get the IP address
for the instance. You do not need to specify the private key
because it was stored in the default location,
<filename>~/.ssh/id_rsa</filename>, for the
<command>ssh</command> client.</para>
<note>
<para>If using a CirrOS image to spawn an instance you must
log in as the <literal>cirros</literal>, and not the
<literal>root</literal>, user.</para>
<para>You can also log in to the <literal>cirros</literal>
account without an ssh key by using the
<literal>cubswin:)</literal> password:</para>
<screen><prompt>$</prompt> <userinput>ssh cirros@10.0.0.3</userinput></screen>
</note>
</step>
</procedure>
<para>An instance is a VM that OpenStack provisions on a compute node.
This guide shows you how to launch a minimal instance using the
<glossterm>CirrOS</glossterm> image that you added to your environment
in the <xref linkend="ch_glance"/> chapter. In these steps, you use the
command-line interface (CLI) on your controller node or any system with
the appropriate OpenStack client libraries. To use the dashboard, see the
<link
xlink:href="http://docs.openstack.org/user-guide/content/ch_dashboard.html">
<citetitle>OpenStack User Guide</citetitle></link>.</para>
<para>Launch an instance using
<link linkend="launch-instance-neutron">Networking (neutron)</link> or
<link linkend="launch-instance-nova">legacy networking (nova-network)</link>. For more
information, see the
<link
xlink:href="http://docs.openstack.org/user-guide/content/cli_launch_instances.html">
<citetitle>OpenStack User Guide</citetitle></link>.</para>
<note>
<para>These steps reference example components created in previous
chapters. You must adjust certain values such as IP addresses to
match your environment.</para>
</note>
<xi:include href="section_launch-instance-neutron.xml"/>
<xi:include href="section_launch-instance-nova.xml"/>
</chapter>

4
doc/install-guide/section_glance-verify.xml
View File

@ -107,8 +107,8 @@
</variablelist>
<para>For example:</para>
<screen><prompt>$</prompt> <userinput>source openrc.sh</userinput>
<prompt>$</prompt> <userinput>glance image-create --name="CirrOS 0.3.2" --disk-format=qcow2 \
--container-format=bare --is-public=true &lt; cirros-0.3.2-x86_64-disk.img</userinput>
<prompt>$</prompt> <userinput>glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2 \
--container-format bare --is-public True --progress &lt; cirros-0.3.2-x86_64-disk.img</userinput>
<computeroutput>+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+

293
doc/install-guide/section_launch-instance-neutron.xml Normal file
View File

@ -0,0 +1,293 @@
<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="launch-instance-neutron">
<title>Launch an instance with Networking (neutron)</title>
<procedure>
<title>To generate a keypair</title>
<para>Most cloud images support
<glossterm>public key authentication</glossterm> rather than conventional
username/password authentication. Before launching an instance, you must
generate a public/private key pair using <command>ssh-keygen</command>
and add the public key to your OpenStack environment.</para>
<step>
<para>Source the <literal>demo</literal> tenant credentials:</para>
<screen><prompt>$</prompt> <userinput>source demo-openrc.sh</userinput></screen>
</step>
<step>
<para>Generate a key pair:</para>
<screen><prompt>$</prompt> <userinput>ssh-keygen</userinput></screen>
</step>
<step>
<para>Add the public key to your OpenStack environment:</para>
<screen><prompt>$</prompt> <userinput>nova keypair-add --pub-key ~/.ssh/id_rsa.pub demo-key</userinput></screen>
<note>
<para>This command provides no output.</para>
</note>
</step>
<step>
<para>Verify addition of the public key:</para>
<screen><prompt>$</prompt> <userinput>nova keypair-list</userinput>
<computeroutput>+----------+-------------------------------------------------+
| Name | Fingerprint |
+----------+-------------------------------------------------+
| demo-key | 6c:74:ec:3a:08:05:4e:9e:21:22:a6:dd:b2:62:b8:28 |
+----------+-------------------------------------------------+</computeroutput></screen>
</step>
</procedure>
<procedure>
<title>To launch an instance</title>
<para>To launch an instance, you must at least specify the flavor, image
name, network, security group, key, and instance name.</para>
<step>
<para>A flavor specifies a virtual resource allocation profile which
includes processor, memory, and storage.</para>
<para>List available flavors:</para>
<screen><prompt>$</prompt> <userinput>nova flavor-list</userinput>
<computeroutput>+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | | 1 | 1.0 | True |
| 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True |
| 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True |
| 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | 1.0 | True |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+</computeroutput></screen>
<para>Your first instance uses the <literal>m1.tiny</literal>
flavor.</para>
<note>
<para>You can also reference a flavor by ID.</para>
</note>
</step>
<step>
<para>List available images:</para>
<screen><prompt>$</prompt> <userinput>nova image-list</userinput>
<computeroutput>+--------------------------------------+---------------------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+---------------------+--------+--------+
| e4d5edea-f07e-4faa-8390-b71e9b747267 | cirros-0.3.2-x86_64 | ACTIVE | |
+--------------------------------------+---------------------+--------+--------+</computeroutput></screen>
<para>Your first instance uses the
<literal>cirros-0.3.2-x86_64</literal> image.</para>
</step>
<step>
<para>List available networks:</para>
<screen><prompt>$</prompt> <userinput>neutron net-list</userinput>
<computeroutput>+--------------------------------------+----------+-------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+----------+-------------------------------------------------------+
| 3c612b5a-d1db-498a-babb-a4c50e344cb1 | demo-net | 20bcd3fd-5785-41fe-ac42-55ff884e3180 192.168.1.0/24 |
| 9bce64a3-a963-4c05-bfcd-161f708042d1 | ext-net | b54a8d85-b434-4e85-a8aa-74873841a90d 203.0.113.0/24 |
+--------------------------------------+----------+-------------------------------------------------------+</computeroutput></screen>
<para>Your first instance uses the <literal>demo-net</literal> tenant
network. However, you must reference this network using the ID instead
of the name.</para>
</step>
<step>
<para>List available security groups:</para>
<screen><prompt>$</prompt> <userinput>nova secgroup-list</userinput>
<computeroutput>+--------------------------------------+---------+-------------+
| Id | Name | Description |
+--------------------------------------+---------+-------------+
| ad8d4ea5-3cad-4f7d-b164-ada67ec59473 | default | default |
+--------------------------------------+---------+-------------+</computeroutput></screen>
<para>Your first instance uses the <literal>default</literal> security
group. By default, this security group implements a firewall that
blocks remote access to instances. If you would like to permit
remote access to your instance, launch it and then
<link linkend="launch-instance-neutron-remoteaccess">
configure remote access</link>.</para>
</step>
<step>
<para>Launch the instance:</para>
<para>Replace <replaceable>DEMO_NET_ID</replaceable> with the ID of the
<literal>demo-net</literal> tenant network.</para>
<screen><prompt>$</prompt> <userinput>nova boot --flavor m1.tiny --image cirros-0.3.2-x86_64 --nic net-id=<replaceable>DEMO_NET_ID</replaceable> \
--security-group default --key-name demo-key <replaceable>demo-instance1</replaceable></userinput>
<computeroutput>+--------------------------------------+------------------------------------------------------------+
| Property | Value |
+--------------------------------------+------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | vFW7Bp8PQGNo |
| config_drive | |
| created | 2014-04-09T19:24:27Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | 05682b91-81a1-464c-8f40-8b3da7ee92c5 |
| image | cirros-0.3.1-x86_64 (e4d5edea-f07e-4faa-8390-b71e9b747267) |
| key_name | demo-key |
| metadata | {} |
| name | demo-instance1 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | 7cf50047f8df4824bc76c2fdf66d11ec |
| updated | 2014-04-09T19:24:27Z |
| user_id | 0e47686e72114d7182f7569d70c519c9 |
+--------------------------------------+------------------------------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Check the status of your instance:</para>
<screen><prompt>$</prompt> <userinput>nova list</userinput>
<computeroutput>+--------------------------------------+----------------+--------+------------+-------------+-------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+----------------+--------+------------+-------------+-------------------------+
| 05682b91-81a1-464c-8f40-8b3da7ee92c5 | demo-instance1 | ACTIVE | - | Running | demo-net=192.168.1.3 |
+--------------------------------------+----------------+--------+------------+-------------+-------------------------+</computeroutput></screen>
<para>The status changes from <literal>BUILD</literal> to
<literal>ACTIVE</literal> when your instance finishes the build
process.</para>
</step>
</procedure>
<procedure>
<title>To access your instance using a virtual console</title>
<step>
<para>Obtain a <glossterm>Virtual Network Computing (VNC)</glossterm>
session URL for your instance and access it from a web browser:</para>
<screen><prompt>$</prompt> <userinput>nova get-vnc-console <replaceable>demo-instance1</replaceable> novnc</userinput>
<computeroutput>+-------+------------------------------------------------------------------------------------+
| Type | Url |
+-------+------------------------------------------------------------------------------------+
| novnc | http://controller:6080/vnc_auto.html?token=2f6dd985-f906-4bfc-b566-e87ce656375b |
+-------+------------------------------------------------------------------------------------+</computeroutput></screen>
<note>
<para>If your web browser runs on a host that cannot resolve the
<replaceable>controller</replaceable> host name, you can replace
<replaceable>controller</replaceable> with the IP address of the
management interface on your controller node.</para>
</note>
<para>The CirrOS image includes conventional username/password
authentication and provides these credentials at the login prompt.
After logging into CirrOS, we recommend that you verify network
connectivity using <command>ping</command>.</para>
<para>Verify the <literal>demo-net</literal> tenant network
gateway:</para>
<screen><prompt>$</prompt> <userinput>ping -c 4 192.168.1.1</userinput>
<computeroutput>PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_req=1 ttl=64 time=0.357 ms
64 bytes from 192.168.1.1: icmp_req=2 ttl=64 time=0.473 ms
64 bytes from 192.168.1.1: icmp_req=3 ttl=64 time=0.504 ms
64 bytes from 192.168.1.1: icmp_req=4 ttl=64 time=0.470 ms
--- 192.168.1.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2998ms
rtt min/avg/max/mdev = 0.357/0.451/0.504/0.055 ms</computeroutput></screen>
<para>Verify the <literal>ext-net</literal> external network:</para>
<screen><prompt>$</prompt> <userinput>ping -c 4 openstack.org</userinput>
<computeroutput>PING openstack.org (174.143.194.225) 56(84) bytes of data.
64 bytes from 174.143.194.225: icmp_req=1 ttl=53 time=17.4 ms
64 bytes from 174.143.194.225: icmp_req=2 ttl=53 time=17.5 ms
64 bytes from 174.143.194.225: icmp_req=3 ttl=53 time=17.7 ms
64 bytes from 174.143.194.225: icmp_req=4 ttl=53 time=17.5 ms
--- openstack.org ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 17.431/17.575/17.734/0.143 ms</computeroutput></screen>
</step>
</procedure>
<procedure xml:id="launch-instance-neutron-remoteaccess">
<title>To access your instance remotely</title>
<step>
<para>Add rules to the <literal>default</literal> security group:</para>
<substeps>
<step>
<para>Permit <glossterm>ICMP</glossterm> (ping):</para>
<screen><prompt>$</prompt> <userinput>nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0</userinput>
<computeroutput>+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+</computeroutput></screen>
</step>
<step>
<para>Permit secure shell (SSH) access:</para>
<screen><prompt>$</prompt> <userinput>nova secgroup-add-rule default tcp 22 22 0.0.0.0/0</userinput>
<computeroutput>+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 22 | 22 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+</computeroutput></screen>
</step>
</substeps>
</step>
<step>
<para>Create a <glossterm>floating IP address</glossterm> on the
<literal>ext-net</literal> external network:</para>
<screen><prompt>$</prompt> <userinput>neutron floatingip-create ext-net</userinput>
<computeroutput>Created a new floatingip:
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| fixed_ip_address | |
| floating_ip_address | 203.0.113.102 |
| floating_network_id | 9bce64a3-a963-4c05-bfcd-161f708042d1 |
| id | 05e36754-e7f3-46bb-9eaa-3521623b3722 |
| port_id | |
| router_id | |
| status | DOWN |
| tenant_id | 7cf50047f8df4824bc76c2fdf66d11ec |
+---------------------+--------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Associate the floating IP address with your instance:</para>
<screen><prompt>$</prompt> <userinput>nova floating-ip-associate demo-instance1 203.0.113.102</userinput></screen>
<note>
<para>This command provides no output.</para>
</note>
</step>
<step>
<para>Check the status of your floating IP address:</para>
<screen><prompt>$</prompt> <userinput>nova list</userinput>
<computeroutput>+--------------------------------------+----------------+--------+------------+-------------+-----------------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+----------------+--------+------------+-------------+-----------------------------------------+
| 05682b91-81a1-464c-8f40-8b3da7ee92c5 | demo-instance1 | ACTIVE | - | Running | demo-net=192.168.1.3, 203.0.113.102 |
+--------------------------------------+----------------+--------+------------+-------------+-----------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Verify network connectivity using <command>ping</command> from the
controller node or any host on the external network:</para>
<screen><prompt>$</prompt> <userinput>ping -c 4 203.0.113.102</userinput>
<computeroutput>PING 203.0.113.102 (203.0.113.112) 56(84) bytes of data.
64 bytes from 203.0.113.102: icmp_req=1 ttl=63 time=3.18 ms
64 bytes from 203.0.113.102: icmp_req=2 ttl=63 time=0.981 ms
64 bytes from 203.0.113.102: icmp_req=3 ttl=63 time=1.06 ms
64 bytes from 203.0.113.102: icmp_req=4 ttl=63 time=0.929 ms
--- 203.0.113.102 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 0.929/1.539/3.183/0.951 ms</computeroutput></screen>
</step>
<step>
<para>Access your instance using SSH from the controller node or any
host on the external network:</para>
<screen><prompt>$</prompt> <userinput>ssh cirros@203.0.113.102</userinput>
<computeroutput>The authenticity of host '203.0.113.102 (203.0.113.102)' can't be established.
RSA key fingerprint is ed:05:e9:e7:52:a0:ff:83:68:94:c7:d1:f2:f8:e2:e9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '203.0.113.102' (RSA) to the list of known hosts.
$</computeroutput></screen>
<note>
<para>If your host does not contain the public/private key pair created
in an earlier step, SSH prompts for the default password associated
with the <literal>cirros</literal> user.</para>
</note>
</step>
</procedure>
<para>If your instance does not launch or seem to work as you expect, see the
<link xlink:href="http://docs.openstack.org/ops">
<citetitle>OpenStack Operations Guide</citetitle></link> for more
information or use one of the
<link linkend="app_community_support">many other options</link> to seek
assistance. We want your environment to work!</para>
</section>

252
doc/install-guide/section_launch-instance-nova.xml Normal file
View File

@ -0,0 +1,252 @@
<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="launch-instance-nova">
<title>Launch an instance with legacy networking (nova-network)</title>
<procedure>
<title>To generate a keypair</title>
<para>Most cloud images support
<glossterm>public key authentication</glossterm> rather than conventional
username/password authentication. Before launching an instance, you must
generate a public/private key pair using <command>ssh-keygen</command>
and add the public key to your OpenStack environment.</para>
<step>
<para>Source the <literal>demo</literal> tenant credentials:</para>
<screen><prompt>$</prompt> <userinput>source demo-openrc.sh</userinput></screen>
</step>
<step>
<para>Generate a key pair:</para>
<screen><prompt>$</prompt> <userinput>ssh-keygen</userinput></screen>
</step>
<step>
<para>Add the public key to your OpenStack environment:</para>
<screen><prompt>$</prompt> <userinput>nova keypair-add --pub-key ~/.ssh/id_rsa.pub demo-key</userinput></screen>
<note>
<para>This command provides no output.</para>
</note>
</step>
<step>
<para>Verify addition of the public key:</para>
<screen><prompt>$</prompt> <userinput>nova keypair-list</userinput>
<computeroutput>+----------+-------------------------------------------------+
| Name | Fingerprint |
+----------+-------------------------------------------------+
| demo-key | 6c:74:ec:3a:08:05:4e:9e:21:22:a6:dd:b2:62:b8:28 |
+----------+-------------------------------------------------+</computeroutput></screen>
</step>
</procedure>
<procedure>
<title>To launch an instance</title>
<para>To launch an instance, you must at least specify the flavor, image
name, network, security group, key, and instance name.</para>
<step>
<para>A flavor specifies a virtual resource allocation profile which
includes processor, memory, and storage.</para>
<para>List available flavors:</para>
<screen><prompt>$</prompt> <userinput>nova flavor-list</userinput>
<computeroutput>+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | | 1 | 1.0 | True |
| 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True |
| 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True |
| 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | 1.0 | True |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+</computeroutput></screen>
<para>Your first instance uses the <literal>m1.tiny</literal>
flavor.</para>
<note>
<para>You can also reference a flavor by ID.</para>
</note>
</step>
<step>
<para>List available images:</para>
<screen><prompt>$</prompt> <userinput>nova image-list</userinput>
<computeroutput>+--------------------------------------+---------------------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+---------------------+--------+--------+
| e4d5edea-f07e-4faa-8390-b71e9b747267 | cirros-0.3.2-x86_64 | ACTIVE | |
+--------------------------------------+---------------------+--------+--------+</computeroutput></screen>
<para>Your first instance uses the
<literal>cirros-0.3.2-x86_64</literal> image.</para>
</step>
<step>
<para>List available networks:</para>
<note>
<para>You must source the <literal>admin</literal> tenant credentials
for this step and then source the <literal>demo</literal> tenant
credentials for the remaining steps.</para>
<screen><prompt>$</prompt> <userinput>source admin-openrc.sh</userinput></screen>
</note>
<screen><prompt>$</prompt> <userinput>nova net-list</userinput>
<computeroutput>+--------------------------------------+----------+------------------+
| ID | Label | CIDR |
+--------------------------------------+----------+------------------+
| 7f849be3-4494-495a-95a1-0f99ccb884c4 | demo-net | 203.0.113.24/29 |
+--------------------------------------+----------+------------------+</computeroutput></screen>
<para>Your first instance uses the <literal>demo-net</literal> tenant
network. However, you must reference this network using the ID instead
of the name.</para>
</step>
<step>
<para>List available security groups:</para>
<screen><prompt>$</prompt> <userinput>nova secgroup-list</userinput>
<computeroutput>+--------------------------------------+---------+-------------+
| Id | Name | Description |
+--------------------------------------+---------+-------------+
| ad8d4ea5-3cad-4f7d-b164-ada67ec59473 | default | default |
+--------------------------------------+---------+-------------+</computeroutput></screen>
<para>Your first instance uses the <literal>default</literal> security
group. By default, this security group implements a firewall that
blocks remote access to instances. If you would like to permit
remote access to your instance, launch it and then
<link linkend="launch-instance-nova-remoteaccess">
configure remote access</link>.</para>
</step>
<step>
<para>Launch the instance:</para>
<para>Replace <replaceable>DEMO_NET_ID</replaceable> with the ID of the
<literal>demo-net</literal> tenant network.</para>
<screen><prompt>$</prompt> <userinput>nova boot --flavor m1.tiny --image cirros-0.3.2-x86_64 --nic net-id=<replaceable>DEMO_NET_ID</replaceable> \
--security-group default --key-name demo-key <replaceable>demo-instance1</replaceable></userinput>
<computeroutput>+--------------------------------------+------------------------------------------------------------+
| Property | Value |
+--------------------------------------+------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | ThZqrg7ach78 |
| config_drive | |
| created | 2014-04-10T00:09:16Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | 45ea195c-c469-43eb-83db-1a663bbad2fc |
| image | cirros-0.3.1-x86_64 (081dab35-690e-419b-8ce0-7fe232e5fec6) |
| key_name | demo-key |
| metadata | {} |
| name | demo-instance1 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | 93849608fe3d462ca9fa0e5dbfd4d040 |
| updated | 2014-04-10T00:09:16Z |
| user_id | 8397567baf4746cca7a1e608677c3b23 |
+--------------------------------------+------------------------------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Check the status of your instance:</para>
<screen><prompt>$</prompt> <userinput>nova list</userinput>
<computeroutput>+--------------------------------------+----------------+--------+------------+-------------+------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+----------------+--------+------------+-------------+------------------------+
| 45ea195c-c469-43eb-83db-1a663bbad2fc | demo-instance1 | ACTIVE | - | Running | demo-net=203.0.113.26 |
+--------------------------------------+----------------+--------+------------+-------------+------------------------+</computeroutput></screen>
<para>The status changes from <literal>BUILD</literal> to
<literal>ACTIVE</literal> when your instance finishes the build
process.</para>
</step>
</procedure>
<procedure>
<title>To access your instance using a virtual console</title>
<step>
<para>Obtain a <glossterm>Virtual Network Computing (VNC)</glossterm>
session URL for your instance and access it from a web browser:</para>
<screen><prompt>$</prompt> <userinput>nova get-vnc-console <replaceable>demo-instance1</replaceable> novnc</userinput>
<computeroutput>+-------+------------------------------------------------------------------------------------+
| Type | Url |
+-------+------------------------------------------------------------------------------------+
| novnc | http://controller:6080/vnc_auto.html?token=2f6dd985-f906-4bfc-b566-e87ce656375b |
+-------+------------------------------------------------------------------------------------+</computeroutput></screen>
<note>
<para>If your web browser runs on a host that cannot resolve the
<replaceable>controller</replaceable> host name, you can replace
<replaceable>controller</replaceable> with the IP address of the
management interface on your controller node.</para>
</note>
<para>The CirrOS image includes conventional username/password
authentication and provides these credentials at the login prompt.
After logging into CirrOS, we recommend that you verify network
connectivity using <command>ping</command>.</para>
<para>Verify the <literal>demo-net</literal> network:</para>
<screen><prompt>$</prompt> <userinput>ping -c 4 openstack.org</userinput>
<computeroutput>PING openstack.org (174.143.194.225) 56(84) bytes of data.
64 bytes from 174.143.194.225: icmp_req=1 ttl=53 time=17.4 ms
64 bytes from 174.143.194.225: icmp_req=2 ttl=53 time=17.5 ms
64 bytes from 174.143.194.225: icmp_req=3 ttl=53 time=17.7 ms
64 bytes from 174.143.194.225: icmp_req=4 ttl=53 time=17.5 ms
--- openstack.org ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 17.431/17.575/17.734/0.143 ms</computeroutput></screen>
</step>
</procedure>
<procedure xml:id="launch-instance-nova-remoteaccess">
<title>To access your instance remotely</title>
<step>
<para>Add rules to the <literal>default</literal> security group:</para>
<substeps>
<step>
<para>Permit <glossterm>ICMP</glossterm> (ping):</para>
<screen><prompt>$</prompt> <userinput>nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0</userinput>
<computeroutput>+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+</computeroutput></screen>
</step>
<step>
<para>Permit secure shell (SSH) access:</para>
<screen><prompt>$</prompt> <userinput>nova secgroup-add-rule default tcp 22 22 0.0.0.0/0</userinput>
<computeroutput>+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 22 | 22 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+</computeroutput></screen>
</step>
</substeps>
</step>
<step>
<para>Verify network connectivity using <command>ping</command> from the
controller node or any host on the external network:</para>
<screen><prompt>$</prompt> <userinput>ping -c 4 203.0.113.26</userinput>
<computeroutput>PING 203.0.113.26 (203.0.113.26) 56(84) bytes of data.
64 bytes from 203.0.113.26: icmp_req=1 ttl=63 time=3.18 ms
64 bytes from 203.0.113.26: icmp_req=2 ttl=63 time=0.981 ms
64 bytes from 203.0.113.26: icmp_req=3 ttl=63 time=1.06 ms
64 bytes from 203.0.113.26: icmp_req=4 ttl=63 time=0.929 ms
--- 203.0.113.26 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 0.929/1.539/3.183/0.951 ms</computeroutput></screen>
</step>
<step>
<para>Access your instance using SSH from the controller node or any
host on the external network:</para>
<screen><prompt>$</prompt> <userinput>ssh cirros@203.0.113.26</userinput>
<computeroutput>The authenticity of host '203.0.113.26 (203.0.113.26)' can't be established.
RSA key fingerprint is ed:05:e9:e7:52:a0:ff:83:68:94:c7:d1:f2:f8:e2:e9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '203.0.113.26' (RSA) to the list of known hosts.
$</computeroutput></screen>
<note>
<para>If your host does not contain the public/private key pair created
in an earlier step, SSH prompts for the default password associated
with the <literal>cirros</literal> user.</para>
</note>
</step>
</procedure>
<para>If your instance does not launch or seem to work as you expect, see the
<link xlink:href="http://docs.openstack.org/ops">
<citetitle>OpenStack Operations Guide</citetitle></link> for more
information or use one of the
<link linkend="app_community_support">many other options</link> to seek
assistance. We want your environment to work!</para>
</section>