Source Openrc / Login #
# CD into "stack" home directory
cd ~/devstack
# Verify the openrc file
ls *openrc*
# Loads the environment variables set in openrc into current shell: Admin user & project
source openrc admin admin
SSH Key #
I’m using the following SSH key for all the Heat manifest examples in this blog post.
Create SSH Key #
# Create SSH key
openstack keypair create key_vm-1> id_rsa_vm-1
# Change permissions
chmod 600 id_rsa_vm-1
Verify the SSH Key #
# Verify the key
openstack keypair list
# Shell output:
+----------+-------------------------------------------------+------+
| Name | Fingerprint | Type |
+----------+-------------------------------------------------+------+
| key_vm-1 | 20:f3:61:fb:9e:b9:e8:85:93:4f:e2:8f:46:4f:b5:57 | ssh |
+----------+-------------------------------------------------+------+
Security Group #
List OpenStack Projects #
# List projects: Copy the ID of the "admin" project
openstack project list
# Shell output:
+----------------------------------+--------------------+
| ID | Name |
+----------------------------------+--------------------+
| 1adcde6b2d14418791bcd08646566a54 | admin |
| 6d392008cb37497ba8934aeea188bd2e | alt_demo |
| 80a8803eee0b44fbadbffbe39629e9e5 | service |
| 9295d03322614f068d2105c4df0dd871 | invisible_to_admin |
| a26681a94bfd471890b92b6ca7dddb3a | demo |
+----------------------------------+--------------------+
List Security Groups #
# List security groups: Copy the "default" security group ID from the admin project
openstack security group list
# Shell output:
+--------------------------------------+---------+------------------------+----------------------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------------------+---------+------------------------+----------------------------------+------+
| 033b4c0a-c0dd-47a5-ab42-25dd5cf0873e | default | Default security group | 1adcde6b2d14418791bcd08646566a54 | [] |
| fec6d840-88bf-418c-8bd0-6c40456a43dd | default | Default security group | a26681a94bfd471890b92b6ca7dddb3a | [] |
+--------------------------------------+---------+------------------------+----------------------------------+------+
Add Firewall Rules #
Add firewall rules for SSH and ICMP/Ping to the “default” security group in the “admin” project:
# Add firewall rule: SSH ingress
openstack security group rule create --ingress --ethertype IPv4 --dst-port 22 --protocol tcp 033b4c0a-c0dd-47a5-ab42-25dd5cf0873e
# Add firewall rule: ICMP/Ping ingress
openstack security group rule create --ingress --ethertype IPv4 --protocol ICMP 033b4c0a-c0dd-47a5-ab42-25dd5cf0873e
Verify Firewall Rules #
# List firewall fules for the "admin" security group in the "admin" project
openstack security group rule list 033b4c0a-c0dd-47a5-ab42-25dd5cf0873e
# Shell output
+--------------------------------------+-------------+-----------+-----------+------------+-----------+--------------------------------------+----------------------+
| ID | IP Protocol | Ethertype | IP Range | Port Range | Direction | Remote Security Group | Remote Address Group |
+--------------------------------------+-------------+-----------+-----------+------------+-----------+--------------------------------------+----------------------+
| 4183f9f3-1d31-435f-bb4f-5d7af38ccb2e | tcp | IPv4 | 0.0.0.0/0 | 22:22 | ingress | None | None |
| 6e613b41-60d4-4f73-98da-3f35e1e84718 | None | IPv6 | ::/0 | | ingress | 033b4c0a-c0dd-47a5-ab42-25dd5cf0873e | None |
| c12f3854-2c0b-4458-a41a-812d369e1046 | None | IPv4 | 0.0.0.0/0 | | ingress | 033b4c0a-c0dd-47a5-ab42-25dd5cf0873e | None |
| cb2c9fed-566f-466d-b77a-d49527c5f822 | None | IPv4 | 0.0.0.0/0 | | egress | None | None |
| d344b671-62ae-4188-9d4b-d4ee4f4693d4 | None | IPv6 | ::/0 | | egress | None | None |
| d929a469-019a-442e-97c8-701c1d29a6fe | icmp | IPv4 | 0.0.0.0/0 | | ingress | None | None |
+--------------------------------------+-------------+-----------+-----------+------------+-----------+--------------------------------------+----------------------+
Example: VM Deployment CirrOS #
# Save the private network, m1.nano flavor and default image as variables
PRIVATE_NET_ID=$(openstack network show private -c id -f value) &&
FLAVOR_ID=$(openstack flavor show m1.nano -c id -f value) &&
IMAGE_ID=$(openstack image list -c ID -f value)
# Deploy a VM
openstack server create --nic net-id=$PRIVATE_NET_ID --flavor $FLAVOR_ID --image $IMAGE_ID --key-name key_vm-1 vm-1
Verify the VM Deployment #
# List VMs: Copy the VM ID
openstack server list
# Shell output:
+--------------------------------------+------+--------+---------------------------------------------------------+--------------------------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+------+--------+---------------------------------------------------------+--------------------------+---------+
| 922dfd8c-d39e-4c94-bc14-be9cd6f33251 | vm-1 | ACTIVE | private=10.0.0.39, fd52:9067:34ab:0:f816:3eff:feba:3ddf | cirros-0.6.2-x86_64-disk | m1.nano |
+--------------------------------------+------+--------+---------------------------------------------------------+--------------------------+---------+
Find Network Ports #
# List VM details: Copy VM ID
openstack server list --name vm-1
# Shell output:
+--------------------------------------+------+--------+---------------------------------------------------------+--------------------------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+------+--------+---------------------------------------------------------+--------------------------+---------+
| 922dfd8c-d39e-4c94-bc14-be9cd6f33251 | vm-1 | ACTIVE | private=10.0.0.39, fd52:9067:34ab:0:f816:3eff:feba:3ddf | cirros-0.6.2-x86_64-disk | m1.nano |
+--------------------------------------+------+--------+---------------------------------------------------------+--------------------------+---------+
# List network port of VM: Copy port ID
openstack port list --device-id 922dfd8c-d39e-4c94-bc14-be9cd6f33251
# Shell output:
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------------------------+--------+
| 895cd7c8-0e2f-4627-b97a-37553ea96154 | | fa:16:3e:ba:3d:df | ip_address='10.0.0.39', subnet_id='09e2a0d3-9857-4c72-b17e-e814b4ee87a6' | ACTIVE |
| | | | ip_address='fd52:9067:34ab:0:f816:3eff:feba:3ddf', subnet_id='788e6cb8-bf56-48a1-b5e8-dac7d4aec6d5' | |
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------------------------+--------+
Assign Floating IP to VM #
# Save the port ID into a variable
VM1_PORT_ID=895cd7c8-0e2f-4627-b97a-37553ea96154
# Assign floathing IP to VM port
openstack floating ip create --port $VM1_PORT_ID public
Verify the Floating IP #
# List VM details
openstack server list --name vm-1
# Shell output:
+--------------------------------------+------+--------+-------------------------------------------------------------------------+--------------------------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+------+--------+-------------------------------------------------------------------------+--------------------------+---------+
| 922dfd8c-d39e-4c94-bc14-be9cd6f33251 | vm-1 | ACTIVE | private=10.0.0.39, 192.168.30.239, fd52:9067:34ab:0:f816:3eff:feba:3ddf | cirros-0.6.2-x86_64-disk | m1.nano |
+--------------------------------------+------+--------+-------------------------------------------------------------------------+--------------------------+---------+
Ping & Access the VM #
# Ping the VM
ping 192.168.30.239
# Verify the VM hostname via SSH
ssh -i id_rsa_vm-1 cirros@192.168.30.239 hostname
# Shell output:
vm-1
# SSH into VM
ssh -i id_rsa_vm-1 cirros@192.168.30.239
Stop & Delete the VM #
# Stop VM
openstack server stop vm-1
# Delete VM
openstack server delete vm-1
Example: VM Deployment Debian Cloud Image #
Download Image #
# Download Debian cloud ISO file
wget https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-genericcloud-amd64.qcow2
Upload Image to OpenStack #
# Upload the ISO file to OpenStack
openstack image create \
--container-format bare \
--disk-format qcow2 \
--property hw_disk_bus=scsi \
--property hw_scsi_model=virtio-scsi \
--property os_type=linux \
--property os_distro=debian \
--property os_admin_user=debian \
--public \
--file debian-11-genericcloud-amd64.qcow2 \
debian-11-cloud
Verify the Image #
# Verify the image
openstack image list
# Shell output:
+--------------------------------------+--------------------------+--------+
| ID | Name | Status |
+--------------------------------------+--------------------------+--------+
| 69639d4f-cefe-48f9-8529-b124d27d203f | cirros-0.6.2-x86_64-disk | active |
| 14bc086a-846d-48a5-bdbc-562e0d844d0c | debian-11-cloud | active |
+--------------------------------------+--------------------------+--------+
Deploy the VM #
# Save the private network, m1.small flavor and "debian-11-cloud" image as variables
PRIVATE_NET_ID=$(openstack network show private -c id -f value) &&
FLAVOR_ID=$(openstack flavor show m1.small -c id -f value) &&
IMAGE_ID=$(openstack image list --name "debian-11-cloud" -c ID -f value)
# Deploy a VM
openstack server create --nic net-id=$PRIVATE_NET_ID --flavor $FLAVOR_ID --image $IMAGE_ID --key-name key_vm-1 vm-2
Verify the VM #
# Verify the new VM: Copy VM ID
openstack server list --name vm-2
# Shell output:
+--------------------------------------+------+--------+---------------------------------------------------------+-----------------+----------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+------+--------+---------------------------------------------------------+-----------------+----------+
| 282c6edd-61a6-4727-96cf-a2615c8ac63d | vm-2 | ACTIVE | private=10.0.0.32, fd52:9067:34ab:0:f816:3eff:fee2:df64 | debian-11-cloud | m1.small |
+--------------------------------------+------+--------+---------------------------------------------------------+-----------------+----------+
Find Network Ports #
# List network port of VM: Copy port ID
openstack port list --device-id 282c6edd-61a6-4727-96cf-a2615c8ac63d
# Shell output:
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------------------------+--------+
| 38275aa7-13b0-4af2-a1c1-7750789de1a6 | | fa:16:3e:e2:df:64 | ip_address='10.0.0.32', subnet_id='09e2a0d3-9857-4c72-b17e-e814b4ee87a6' | ACTIVE |
| | | | ip_address='fd52:9067:34ab:0:f816:3eff:fee2:df64', subnet_id='788e6cb8-bf56-48a1-b5e8-dac7d4aec6d5' | |
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------------------------+--------+
Assign Floating IP to VM #
# Save the VM port ID into a variable
VM2_PORT_ID=38275aa7-13b0-4af2-a1c1-7750789de1a6
# Assign floathing IP to VM
openstack floating ip create --port $VM2_PORT_ID public
Verify Floating IP #
# List VM details
openstack server list --name vm-2
# Shell output:
+--------------------------------------+------+--------+-------------------------------------------------------------------------+-----------------+----------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+------+--------+-------------------------------------------------------------------------+-----------------+----------+
| 282c6edd-61a6-4727-96cf-a2615c8ac63d | vm-2 | ACTIVE | private=10.0.0.32, 192.168.30.227, fd52:9067:34ab:0:f816:3eff:fee2:df64 | debian-11-cloud | m1.small |
+--------------------------------------+------+--------+-------------------------------------------------------------------------+-----------------+----------+
Ping & Access the VM #
# Ping the VM
ping 192.168.30.227
# SSH into VM
ssh -i /opt/stack/devstack/id_rsa_vm-1 debian@192.168.30.227
Stop & Delete the VM #
# Stop VM
openstack server stop vm-2
# Delete VM
openstack server delete vm-2