Skip to main content

OpenStack CLI: Deploy VM, Security Group Rules, Assign Floating IP

1158 words·
OpenStack
Table of Contents
OpenStack - This article is part of a series.
Part 2: This Article

Source Openrc / Login
#

# CD into "stack" home directory
cd ~/devstack

# Verify the openrc file
ls *openrc*

# Loads the environment variables set in openrc into current shell: Admin user & project
source openrc admin admin

SSH Key
#

I’m using the following SSH key for all the Heat manifest examples in this blog post.

Create SSH Key
#

# Create SSH key
openstack keypair create key_vm-1> id_rsa_vm-1

# Change permissions
chmod 600 id_rsa_vm-1

Verify the SSH Key
#

# Verify the key
openstack keypair list

# Shell output:
+----------+-------------------------------------------------+------+
| Name     | Fingerprint                                     | Type |
+----------+-------------------------------------------------+------+
| key_vm-1 | 20:f3:61:fb:9e:b9:e8:85:93:4f:e2:8f:46:4f:b5:57 | ssh  |
+----------+-------------------------------------------------+------+

Security Group
#

List OpenStack Projects
#

# List projects: Copy the ID of the "admin" project
openstack project list

# Shell output:
+----------------------------------+--------------------+
| ID                               | Name               |
+----------------------------------+--------------------+
| 1adcde6b2d14418791bcd08646566a54 | admin              |
| 6d392008cb37497ba8934aeea188bd2e | alt_demo           |
| 80a8803eee0b44fbadbffbe39629e9e5 | service            |
| 9295d03322614f068d2105c4df0dd871 | invisible_to_admin |
| a26681a94bfd471890b92b6ca7dddb3a | demo               |
+----------------------------------+--------------------+

List Security Groups
#

# List security groups: Copy the "default" security group ID from the admin project
openstack security group list

# Shell output:
+--------------------------------------+---------+------------------------+----------------------------------+------+
| ID                                   | Name    | Description            | Project                          | Tags |
+--------------------------------------+---------+------------------------+----------------------------------+------+
| 033b4c0a-c0dd-47a5-ab42-25dd5cf0873e | default | Default security group | 1adcde6b2d14418791bcd08646566a54 | []   |
| fec6d840-88bf-418c-8bd0-6c40456a43dd | default | Default security group | a26681a94bfd471890b92b6ca7dddb3a | []   |
+--------------------------------------+---------+------------------------+----------------------------------+------+

Add Firewall Rules
#

Add firewall rules for SSH and ICMP/Ping to the “default” security group in the “admin” project:

# Add firewall rule: SSH ingress
openstack security group rule create --ingress --ethertype IPv4 --dst-port 22 --protocol tcp 033b4c0a-c0dd-47a5-ab42-25dd5cf0873e

# Add firewall rule: ICMP/Ping ingress
openstack security group rule create --ingress --ethertype IPv4 --protocol ICMP 033b4c0a-c0dd-47a5-ab42-25dd5cf0873e

Verify Firewall Rules
#

# List firewall fules for the "admin" security group in the "admin" project
openstack security group rule list 033b4c0a-c0dd-47a5-ab42-25dd5cf0873e

# Shell output
+--------------------------------------+-------------+-----------+-----------+------------+-----------+--------------------------------------+----------------------+
| ID                                   | IP Protocol | Ethertype | IP Range  | Port Range | Direction | Remote Security Group                | Remote Address Group |
+--------------------------------------+-------------+-----------+-----------+------------+-----------+--------------------------------------+----------------------+
| 4183f9f3-1d31-435f-bb4f-5d7af38ccb2e | tcp         | IPv4      | 0.0.0.0/0 | 22:22      | ingress   | None                                 | None                 |
| 6e613b41-60d4-4f73-98da-3f35e1e84718 | None        | IPv6      | ::/0      |            | ingress   | 033b4c0a-c0dd-47a5-ab42-25dd5cf0873e | None                 |
| c12f3854-2c0b-4458-a41a-812d369e1046 | None        | IPv4      | 0.0.0.0/0 |            | ingress   | 033b4c0a-c0dd-47a5-ab42-25dd5cf0873e | None                 |
| cb2c9fed-566f-466d-b77a-d49527c5f822 | None        | IPv4      | 0.0.0.0/0 |            | egress    | None                                 | None                 |
| d344b671-62ae-4188-9d4b-d4ee4f4693d4 | None        | IPv6      | ::/0      |            | egress    | None                                 | None                 |
| d929a469-019a-442e-97c8-701c1d29a6fe | icmp        | IPv4      | 0.0.0.0/0 |            | ingress   | None                                 | None                 |
+--------------------------------------+-------------+-----------+-----------+------------+-----------+--------------------------------------+----------------------+

Example: VM Deployment CirrOS
#

# Save the private network, m1.nano flavor and default image as variables
PRIVATE_NET_ID=$(openstack network show private -c id -f value) &&
FLAVOR_ID=$(openstack flavor show m1.nano -c id -f value) &&
IMAGE_ID=$(openstack image list -c ID -f value)

# Deploy a VM
openstack server create --nic net-id=$PRIVATE_NET_ID --flavor $FLAVOR_ID --image $IMAGE_ID --key-name key_vm-1 vm-1

Verify the VM Deployment
#

# List VMs: Copy the VM ID
openstack server list

# Shell output:
+--------------------------------------+------+--------+---------------------------------------------------------+--------------------------+---------+
| ID                                   | Name | Status | Networks                                                | Image                    | Flavor  |
+--------------------------------------+------+--------+---------------------------------------------------------+--------------------------+---------+
| 922dfd8c-d39e-4c94-bc14-be9cd6f33251 | vm-1 | ACTIVE | private=10.0.0.39, fd52:9067:34ab:0:f816:3eff:feba:3ddf | cirros-0.6.2-x86_64-disk | m1.nano |
+--------------------------------------+------+--------+---------------------------------------------------------+--------------------------+---------+

Find Network Ports
#

# List VM details: Copy VM ID
openstack server list --name vm-1

# Shell output:
+--------------------------------------+------+--------+---------------------------------------------------------+--------------------------+---------+
| ID                                   | Name | Status | Networks                                                | Image                    | Flavor  |
+--------------------------------------+------+--------+---------------------------------------------------------+--------------------------+---------+
| 922dfd8c-d39e-4c94-bc14-be9cd6f33251 | vm-1 | ACTIVE | private=10.0.0.39, fd52:9067:34ab:0:f816:3eff:feba:3ddf | cirros-0.6.2-x86_64-disk | m1.nano |
+--------------------------------------+------+--------+---------------------------------------------------------+--------------------------+---------+
# List network port of VM: Copy port ID
openstack port list --device-id 922dfd8c-d39e-4c94-bc14-be9cd6f33251

# Shell output:
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------------------------+--------+
| ID                                   | Name | MAC Address       | Fixed IP Addresses                                                                                  | Status |
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------------------------+--------+
| 895cd7c8-0e2f-4627-b97a-37553ea96154 |      | fa:16:3e:ba:3d:df | ip_address='10.0.0.39', subnet_id='09e2a0d3-9857-4c72-b17e-e814b4ee87a6'                            | ACTIVE |
|                                      |      |                   | ip_address='fd52:9067:34ab:0:f816:3eff:feba:3ddf', subnet_id='788e6cb8-bf56-48a1-b5e8-dac7d4aec6d5' |        |
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------------------------+--------+

Assign Floating IP to VM
#

# Save the port ID into a variable
VM1_PORT_ID=895cd7c8-0e2f-4627-b97a-37553ea96154

# Assign floathing IP to VM port
openstack floating ip create --port $VM1_PORT_ID public

Verify the Floating IP
#

# List VM details
openstack server list --name vm-1

# Shell output:
+--------------------------------------+------+--------+-------------------------------------------------------------------------+--------------------------+---------+
| ID                                   | Name | Status | Networks                                                                | Image                    | Flavor  |
+--------------------------------------+------+--------+-------------------------------------------------------------------------+--------------------------+---------+
| 922dfd8c-d39e-4c94-bc14-be9cd6f33251 | vm-1 | ACTIVE | private=10.0.0.39, 192.168.30.239, fd52:9067:34ab:0:f816:3eff:feba:3ddf | cirros-0.6.2-x86_64-disk | m1.nano |
+--------------------------------------+------+--------+-------------------------------------------------------------------------+--------------------------+---------+

Ping & Access the VM
#

# Ping the VM
ping 192.168.30.239
# Verify the VM hostname via SSH
ssh -i id_rsa_vm-1 cirros@192.168.30.239 hostname

# Shell output:
vm-1
# SSH into VM
ssh -i id_rsa_vm-1 cirros@192.168.30.239 

Stop & Delete the VM
#

# Stop VM
openstack server stop vm-1

# Delete VM
openstack server delete vm-1

Example: VM Deployment Debian Cloud Image
#

Download Image
#

# Download Debian cloud ISO file
wget https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-genericcloud-amd64.qcow2

Upload Image to OpenStack
#

# Upload the ISO file to OpenStack
openstack image create \
    --container-format bare \
    --disk-format qcow2 \
    --property hw_disk_bus=scsi \
    --property hw_scsi_model=virtio-scsi \
    --property os_type=linux \
    --property os_distro=debian \
    --property os_admin_user=debian \
    --public \
    --file debian-11-genericcloud-amd64.qcow2 \
    debian-11-cloud

Verify the Image
#

# Verify the image
openstack image list

# Shell output:
+--------------------------------------+--------------------------+--------+
| ID                                   | Name                     | Status |
+--------------------------------------+--------------------------+--------+
| 69639d4f-cefe-48f9-8529-b124d27d203f | cirros-0.6.2-x86_64-disk | active |
| 14bc086a-846d-48a5-bdbc-562e0d844d0c | debian-11-cloud          | active |
+--------------------------------------+--------------------------+--------+

Deploy the VM
#

# Save the private network, m1.small flavor and "debian-11-cloud" image as variables
PRIVATE_NET_ID=$(openstack network show private -c id -f value) &&
FLAVOR_ID=$(openstack flavor show m1.small -c id -f value) &&
IMAGE_ID=$(openstack image list --name "debian-11-cloud" -c ID -f value)

# Deploy a VM
openstack server create --nic net-id=$PRIVATE_NET_ID --flavor $FLAVOR_ID --image $IMAGE_ID --key-name key_vm-1 vm-2

Verify the VM
#

# Verify the new VM: Copy VM ID
openstack server list --name vm-2

# Shell output:
+--------------------------------------+------+--------+---------------------------------------------------------+-----------------+----------+
| ID                                   | Name | Status | Networks                                                | Image           | Flavor   |
+--------------------------------------+------+--------+---------------------------------------------------------+-----------------+----------+
| 282c6edd-61a6-4727-96cf-a2615c8ac63d | vm-2 | ACTIVE | private=10.0.0.32, fd52:9067:34ab:0:f816:3eff:fee2:df64 | debian-11-cloud | m1.small |
+--------------------------------------+------+--------+---------------------------------------------------------+-----------------+----------+

Find Network Ports
#

# List network port of VM: Copy port ID
openstack port list --device-id 282c6edd-61a6-4727-96cf-a2615c8ac63d

# Shell output:
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------------------------+--------+
| ID                                   | Name | MAC Address       | Fixed IP Addresses                                                                                  | Status |
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------------------------+--------+
| 38275aa7-13b0-4af2-a1c1-7750789de1a6 |      | fa:16:3e:e2:df:64 | ip_address='10.0.0.32', subnet_id='09e2a0d3-9857-4c72-b17e-e814b4ee87a6'                            | ACTIVE |
|                                      |      |                   | ip_address='fd52:9067:34ab:0:f816:3eff:fee2:df64', subnet_id='788e6cb8-bf56-48a1-b5e8-dac7d4aec6d5' |        |
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------------------------+--------+

Assign Floating IP to VM
#

# Save the VM port ID into a variable
VM2_PORT_ID=38275aa7-13b0-4af2-a1c1-7750789de1a6

# Assign floathing IP to VM
openstack floating ip create --port $VM2_PORT_ID public

Verify Floating IP
#

# List VM details
openstack server list --name vm-2

# Shell output:
+--------------------------------------+------+--------+-------------------------------------------------------------------------+-----------------+----------+
| ID                                   | Name | Status | Networks                                                                | Image           | Flavor   |
+--------------------------------------+------+--------+-------------------------------------------------------------------------+-----------------+----------+
| 282c6edd-61a6-4727-96cf-a2615c8ac63d | vm-2 | ACTIVE | private=10.0.0.32, 192.168.30.227, fd52:9067:34ab:0:f816:3eff:fee2:df64 | debian-11-cloud | m1.small |
+--------------------------------------+------+--------+-------------------------------------------------------------------------+-----------------+----------+

Ping & Access the VM
#

# Ping the VM
ping 192.168.30.227
# SSH into VM
ssh -i /opt/stack/devstack/id_rsa_vm-1 debian@192.168.30.227

Stop & Delete the VM
#

# Stop VM
openstack server stop vm-2

# Delete VM
openstack server delete vm-2
OpenStack - This article is part of a series.
Part 2: This Article