====================================================== Launch an instance with OpenStack Networking (neutron) ====================================================== To generate a key pair ~~~~~~~~~~~~~~~~~~~~~~ Most cloud images support :term:`public key authentication` rather than conventional user name/password authentication. Before launching an instance, you must generate a public/private key pair. 1. Source the ``demo`` tenant credentials: .. code-block:: console $ source demo-openrc.sh 2. Generate and add a key pair: .. code-block:: console $ nova keypair-add demo-key 3. Verify addition of the key pair: .. code-block:: console $ nova keypair-list +----------+-------------------------------------------------+ | Name | Fingerprint | +----------+-------------------------------------------------+ | demo-key | 6c:74:ec:3a:08:05:4e:9e:21:22:a6:dd:b2:62:b8:28 | +----------+-------------------------------------------------+ To launch an instance ~~~~~~~~~~~~~~~~~~~~~ To launch an instance, you must at least specify the flavor, image name, network, security group, key, and instance name. 1. A flavor specifies a virtual resource allocation profile which includes processor, memory, and storage. List available flavors: .. code-block:: console $ nova flavor-list +-----+-----------+-----------+------+-----------+------+-------+-------------+-----------+ | ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public | +-----+-----------+-----------+------+-----------+------+-------+-------------+-----------+ | 1 | m1.tiny | 512 | 1 | 0 | | 1 | 1.0 | True | | 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True | | 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True | | 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True | | 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | 1.0 | True | +-----+-----------+-----------+------+-----------+------+-------+-------------+-----------+ Your first instance uses the ``m1.tiny`` flavor. .. note:: You can also reference a flavor by ID. 2. List available images: .. code-block:: console $ nova image-list +--------------------------------------+---------------------+--------+--------+ | ID | Name | Status | Server | +--------------------------------------+---------------------+--------+--------+ | acafc7c0-40aa-4026-9673-b879898e1fc2 | cirros-0.3.4-x86_64 | ACTIVE | | +--------------------------------------+---------------------+--------+--------+ Your first instance uses the ``cirros-0.3.4-x86_64`` image. 3. List available networks: .. code-block:: console $ neutron net-list +------------------------+----------+-----------------------------------------+ | id | name | subnets | +------------------------+----------+-----------------------------------------+ | 3c612b5a-d1db-498a-... | demo-net | 20bcd3fd-5785-41fe-... 192.168.1.0/24 | | 9bce64a3-a963-4c05-... | ext-net | b54a8d85-b434-4e85-... 203.0.113.0/24 | +------------------------+----------+-----------------------------------------+ Your first instance uses the ``demo-net`` tenant network. However, you must reference this network using the ID instead of the name. 4. List available security groups: .. code-block:: console $ nova secgroup-list +--------------------------------------+---------+-------------+ | Id | Name | Description | +--------------------------------------+---------+-------------+ | ad8d4ea5-3cad-4f7d-b164-ada67ec59473 | default | default | +--------------------------------------+---------+-------------+ Your first instance uses the ``default`` security group. By default, this security group implements a firewall that blocks remote access to instances. If you would like to permit remote access to your instance, launch it and then :ref:`configure remote access `. 5. Launch the instance: Replace ``DEMO_NET_ID`` with the ID of the ``demo-net`` tenant network. .. code-block:: console $ nova boot --flavor m1.tiny --image cirros-0.3.4-x86_64 --nic net-id=DEMO_NET_ID \ --security-group default --key-name demo-key demo-instance1 +--------------------------------------+------------------------------------+ | Property | Value | +--------------------------------------+------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-STS:power_state | 0 | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | - | | OS-SRV-USG:terminated_at | - | | accessIPv4 | | | accessIPv6 | | | adminPass | vFW7Bp8PQGNo | | config_drive | | | created | 2014-04-09T19:24:27Z | | flavor | m1.tiny (1) | | hostId | | | id | 05682b91-81a1-464c-8f40-8b3da7e... | | image | cirros-0.3.4-x86_64 (acafc7c0-...) | | key_name | demo-key | | metadata | {} | | name | demo-instance1 | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | security_groups | default | | status | BUILD | | tenant_id | 7cf50047f8df4824bc76c2fdf66d11ec | | updated | 2014-04-09T19:24:27Z | | user_id | 0e47686e72114d7182f7569d70c519c9 | +--------------------------------------+------------------------------------+ 6. Check the status of your instance: .. code-block:: console $ nova list +--------------+----------------+--------+------------+-------------+-------------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------+----------------+--------+------------+-------------+-------------------------+ | 05682b91-... | demo-instance1 | ACTIVE | - | Running | demo-net=192.168.1.3 | +--------------+----------------+--------+------------+-------------+-------------------------+ The status changes from ``BUILD`` to ``ACTIVE`` when your instance finishes the build process. To access your instance using a virtual console ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1. Obtain a :term:`Virtual Network Computing (VNC)` session URL for your instance and access it from a web browser: .. code-block:: console $ nova get-vnc-console demo-instance1 novnc +-------+------------------------------------------------------------------------------------+ | Type | Url | +-------+------------------------------------------------------------------------------------+ | novnc | http://controller:6080/vnc_auto.html?token=2f6dd985-f906-4bfc-b566-e87ce656375b | +-------+------------------------------------------------------------------------------------+ .. note:: If your web browser runs on a host that cannot resolve the ``controller`` host name, you can replace ``controller`` with the IP address of the management interface on your controller node. The CirrOS image includes conventional user name/password authentication and provides these credentials at the login prompt. After logging into CirrOS, we recommend that you verify network connectivity using ``ping``. Verify the ``demo-net`` tenant network gateway: .. code-block:: console $ ping -c 4 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_req=1 ttl=64 time=0.357 ms 64 bytes from 192.168.1.1: icmp_req=2 ttl=64 time=0.473 ms 64 bytes from 192.168.1.1: icmp_req=3 ttl=64 time=0.504 ms 64 bytes from 192.168.1.1: icmp_req=4 ttl=64 time=0.470 ms --- 192.168.1.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2998ms rtt min/avg/max/mdev = 0.357/0.451/0.504/0.055 ms Verify the ``ext-net`` external network: .. code-block:: console $ ping -c 4 openstack.org PING openstack.org (174.143.194.225) 56(84) bytes of data. 64 bytes from 174.143.194.225: icmp_req=1 ttl=53 time=17.4 ms 64 bytes from 174.143.194.225: icmp_req=2 ttl=53 time=17.5 ms 64 bytes from 174.143.194.225: icmp_req=3 ttl=53 time=17.7 ms 64 bytes from 174.143.194.225: icmp_req=4 ttl=53 time=17.5 ms --- openstack.org ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3003ms rtt min/avg/max/mdev = 17.431/17.575/17.734/0.143 ms .. _launch-instance-neutron-remoteaccess: To access your instance remotely ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1. Add rules to the ``default`` security group: a. Permit :term:`ICMP` (ping): .. code-block:: console $ nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | icmp | -1 | -1 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+ b. Permit secure shell (SSH) access: .. code-block:: console $ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | tcp | 22 | 22 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+ 2. Create a :term:`floating IP address` on the ``ext-net`` external network: .. code-block:: console $ neutron floatingip-create ext-net Created a new floatingip: +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | fixed_ip_address | | | floating_ip_address | 203.0.113.102 | | floating_network_id | 9bce64a3-a963-4c05-bfcd-161f708042d1 | | id | 05e36754-e7f3-46bb-9eaa-3521623b3722 | | port_id | | | router_id | | | status | DOWN | | tenant_id | 7cf50047f8df4824bc76c2fdf66d11ec | +---------------------+--------------------------------------+ 3. Associate the floating IP address with your instance: .. code-block:: console $ nova floating-ip-associate demo-instance1 203.0.113.102 .. note:: This command provides no output. 4. Check the status of your floating IP address: .. code-block:: console $ nova list +--------------+----------------+--------+------------+-------------+-----------------------------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------+----------------+--------+------------+-------------+-----------------------------------------+ | 05682b91-... | demo-instance1 | ACTIVE | - | Running | demo-net=192.168.1.3, 203.0.113.102 | +--------------+----------------+--------+------------+-------------+-----------------------------------------+ 5. Verify network connectivity using :command:`ping` from the controller node or any host on the external network: .. code-block:: console $ ping -c 4 203.0.113.102 PING 203.0.113.102 (203.0.113.112) 56(84) bytes of data. 64 bytes from 203.0.113.102: icmp_req=1 ttl=63 time=3.18 ms 64 bytes from 203.0.113.102: icmp_req=2 ttl=63 time=0.981 ms 64 bytes from 203.0.113.102: icmp_req=3 ttl=63 time=1.06 ms 64 bytes from 203.0.113.102: icmp_req=4 ttl=63 time=0.929 ms --- 203.0.113.102 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3002ms rtt min/avg/max/mdev = 0.929/1.539/3.183/0.951 ms 6. Access your instance using SSH from the controller node or any host on the external network: .. code-block:: console $ ssh cirros@203.0.113.102 The authenticity of host '203.0.113.102 (203.0.113.102)' can't be established. RSA key fingerprint is ed:05:e9:e7:52:a0:ff:83:68:94:c7:d1:f2:f8:e2:e9. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '203.0.113.102' (RSA) to the list of known hosts. $ .. note:: If your host does not contain the public/private key pair created in an earlier step, SSH prompts for the default password associated with the ``cirros`` user. To attach a Block Storage volume to your instance ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If your environment includes the Block Storage service, you can attach a volume to the instance. 1. Source the ``demo`` credentials: .. code-block:: console $ source demo-openrc.sh 2. List volumes: .. code-block:: console $ nova volume-list +--------------+-----------+--------------+------+-------------+-------------+ | ID | Status | Display Name | Size | Volume Type | Attached to | +--------------+-----------+--------------+------+-------------+-------------+ | 158bea89-... | available | | 1 | - | | +--------------+-----------+--------------+------+-------------+-------------+ 3. Attach the ``demo-volume1`` volume to the ``demo-instance1`` instance: .. code-block:: console $ nova volume-attach demo-instance1 158bea89-07db-4ac2-8115-66c0d6a4bb48 +----------+--------------------------------------+ | Property | Value | +----------+--------------------------------------+ | device | /dev/vdb | | id | 158bea89-07db-4ac2-8115-66c0d6a4bb48 | | serverId | 05682b91-81a1-464c-8f40-8b3da7ee92c5 | | volumeId | 158bea89-07db-4ac2-8115-66c0d6a4bb48 | +----------+--------------------------------------+ .. note:: You must reference volumes using the IDs instead of names. 4. List volumes: .. code-block:: console $ nova volume-list +--------------+-----------+--------------+------+-------------+--------------+ | ID | Status | Display Name | Size | Volume Type | Attached to | +--------------+-----------+--------------+------+-------------+--------------+ | 158bea89-... | in-use | | 1 | - | 05682b91-... | +--------------+-----------+--------------+------+-------------+--------------+ The ID of the ``demo-volume1`` volume should indicate ``in-use`` status by the ID of the ``demo-instance1`` instance. 5. Access your instance using SSH from the controller node or any host on the external network and use the :command:`fdisk` command to verify presence of the volume as the ``/dev/vdb`` block storage device: .. code-block:: console $ ssh cirros@203.0.113.102 $ sudo fdisk -l Disk /dev/vda: 1073 MB, 1073741824 bytes 255 heads, 63 sectors/track, 130 cylinders, total 2097152 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000 Device Boot Start End Blocks Id System /dev/vda1 * 16065 2088449 1036192+ 83 Linux Disk /dev/vdb: 1073 MB, 1073741824 bytes 16 heads, 63 sectors/track, 2080 cylinders, total 2097152 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000 Disk /dev/vdb doesn't contain a valid partition table .. note:: You must create a partition table and file system to use the volume. If your instance does not launch or seem to work as you expect, see the `OpenStack Operations Guide `__ for more information or use one of the :doc:`many other options ` to seek assistance. We want your environment to work!