Self-service Cloud Infrastructure (OpenStack)
Status: beta phase in progress
New: Availability of Muiltiple Storage Classes
When creating a volume, you can now choose between two different volume types
with different performance characteristics: fast and slow. The former is
suited for high-performance applications while the latter is still more than
sufficient for use cases like storing files served by everything but the most
high-traffic web servers.
Note: different quotas apply for the classes. The high-performance type is available only in smaller quantities.
Quick Start
This page provides a short description for the process of launching a Linux-based virtual machine, setting up a DNS name for it and making it available on the network.
While we prepare more comprehensive documentation, please refer to CERN's OpenStack Guide and/or the upstream documentation provided by the OpenStack project.
Subscribe to the OpenStack Service
As noted in your invitation mail you need to request a project (or tenant) before you're able to sign in to the dashboard.
The corresponding web form is available as part of the central h_da service desk tool: sd.h-da.de
Note that the project short identifier given there will be part of any DNS name created for your virtual machines.
Also, if you want to grant shared access to the project to any other h_da users, remember to supply their names there as well.
After submitting the form you should receive an indication that project creation was performed successfully. You should also get an email with some additional information.
Sign in to the OpenStack Dashboard
Following project creation you're now able to sign in to the web dashboard, available at h-da.cloud.
Use your standard h_da credentials. Important: pick h-da.de in the
sign-in form's Domain field.
Creating an Instance
To create a new instance (virtual machine), navigate to the Instances Tab and use the Launch Instance button.
Besides picking a name for your instance, you can leave the default settings before proceeding with Next.
Operating System Image
In the Source tab, pick an operating system image to use.
Flavor
The flavor (or instance type) determines the amount of resources allocated to your virtual machine.
Networks
Each project is assigned its own network that is connected to the outside world using a router.
Ensure to select your project network in the Networks tab (should already be pre-selected).
Security Groups
The term security group refers to network access control lists (firewall rules). These allow you to control who can connect to services provided by your machine.
For convenience, there are predefined security groups: allow-ssh (for
allowing SSH login, required to login to your VM) and allow-icmp (recommended
for sane network behaviour). Additional ones for providing access only to the
h_da campus network might be added in the future.
Key Pairs
Linux-based instances generally use SSH public key authentication for controlling who can log in to the system.
Import a pre-existing SSH public key using the Import Key Pair button.
Choose "SSH Key" as the Key Type and paste your public key.
Launch the Instance
Once finished, press Launch Instance to trigger creation of your virtual machine. This process might take some time. You can follow its progress by clicking on the instance name and viewing the log output provided by the guest operating system.
Completion is usually signaled by a log message like "Cloud-init finished" combined with an ASCII art overview of IP addresses and imported SSH keys.
Connecting to your Instance
In the instance overview you can see that your virtual machine has two IP addresses assigned to it:
- an IPv4 address from private RFC1918 space (e.g.
10.192.1.154) - a globally-routed IPv6 address (e.g.
2001:67c:295c:a001:f816:3eff:fe78:4aed)
The IPv6 address is directly reachable from the outside world (if allowed by configured security groups).
$ ssh ubuntu@2001:67c:295c:a001:f816:3eff:fe78:4aed
The private IPv4 address allows the VM to communicate outwards (through SNAT) but cannot be used to reach the system from the outside world.
Getting a public IPv4 address
A globally-routed IPv4 address may be allocated to your instance by using a concept called Floating IPs. Any traffic destined to a floating IP will be directed to the VM it is associated with.
In the instance overview, choose Associate Floating IP in the dropdown.
Create a new floating IP using the + button.
In the popup just select Allocate IP.
Associate the newly created IP address with your instance.
Now your virtual machine should be reachable from the outside world using IPv6 as well as IPv4 (as allowed by security groups).
$ ssh ubuntu@141.100.232.193
DNS names
Approximately no one wants to access services using their raw IP addresses. With IPv6 in particular, even remembering them is barely possible.
Hence, every project is also assigned a domain in the Domain Name System (DNS). Your domain (also called zone in DNS lingo) is available through the dashboard.
To create a DNS name for your instance, use Create Record Set.
Enter the fully-qualified DNS name to use (the name must be within your
project domain) and the IP address it should point to. Record type is A for
IPv4 addresses and AAAA for IPv6.
After submitting the form the record set should show up with status Pending and eventually transition to Active.
You should now be able to connect to your instance using a DNS name.
$ ssh ubuntu@my-instance.example.users.h-da.cloud
Don't be concerned if this doesn't work immediately. DNS data tends to be heavily cached and you might have to wait for a negative cache entry to expire (especially if you tried to use the name while it was not yet active on the OpenStack name servers).
CLI access
Accessing the openstack components via the CLI is done by installing the openstack python client. Various Unix distributions provide ready-made packages via their package managers.
On Mac OS running homebrew, enter:
$ brew install openstack
FreeBSD users can run:
# pkg install py38-python-openstackclient
Follow these instructions for a manual installation on Linux (Ubuntu/Debian) with Python 3:
# apt install python3-dev python3-pip
# pip3 install --upgrade pip
# pip3 install python-openstackclient
After the installation, ensure the openstack binary is in your path:
$ which openstack
/usr/local/bin/openstack
Configuring the CLI client
Before accessing the openstack installation, the client needs configuration information about the openstack installation. Log into the openstack web interface, click the pull-down menu in the upper right corner and select "Openstack RC file". This will download a file that contains all the necessary environment variables. It prompts for the user password when it is sourced like this (the filename differs depending on the project name):
$ source openstack-rc-file.sh
Afterwards, test the connection by running the following:
$ openstack network list
If all went well, a list of the default networks for your project is displayed. Other sub-commands exist to list and manipulate the openstack instance from the CLI. Run openstack --help to see a full list.
Known Issues
This section describes known issues and their workarounds, if any.
Note: any issues regarding MTU and/or Docker networking have been resolved. The same is true for issues with volume performance. If you experience any problems in this space, please let us know.
DNS integration creates A record for private IPv4 address
The automatic creation of DNS records for an instance creates an AAAA record for the instance's IPv6 address (correct) as well as an A record for the instance's internal IPv4 address from RFC1918 space.
This is unlikely to be the intended result when the instance has a floating IP address associated with it.
Workaround
Delete the superflous A record.