Verifying the installation
by Tony Campbell, Egle Sigler, Cody Bunch, Kevin Jackson, Sunil Sarat, Alok Shrivas
OpenStack: Building a Cloud Environment
- OpenStack: Building a Cloud Environment
- Table of Contents
- OpenStack: Building a Cloud Environment
- OpenStack: Building a Cloud Environment
- Credits
- Preface
- 1. Module 1
- 1. An Introduction to OpenStack
- 2. Authentication and Authorization Using Keystone
- Identity concepts in Keystone
- Architecture and subsystems
- Installing common components
- Installing Keystone
- Verifying the installation
- Troubleshooting the installation and configuration
- Summary
- 3. Storing and Retrieving Data and Images using Glance, Cinder, and Swift
- Introducing storage services
- Working with Glance
- Working with Cinder
- Working with Swift
- Troubleshooting steps
- Summary
- 4. Building Your Cloud Fabric Controller Using Nova
- 5. Technology-Agnostic Network Abstraction Using Neutron
- The software-defined network paradigm
- Neutron
- Installing Neutron
- Troubleshooting Neutron
- Summary
- 6. Building Your Portal in the Cloud
- 7. Your OpenStack Cloud in Action
- 8. Taking Your Cloud to the Next Level
- Working with Heat
- Ceilometer
- Installing Ceilometer
- Installing Ceilometer on the compute node
- Installing Ceilometer on the storage node
- Testing the installation
- Billing and usage reporting
- Summary
- 9. Looking Ahead
- A. New Releases
- 2. Module 2
- 1. Keystone – OpenStack Identity Service
- Introduction
- Installing the OpenStack Identity Service
- Configuring OpenStack Identity for SSL communication
- Creating tenants in Keystone
- Configuring roles in Keystone
- Adding users to Keystone
- Defining service endpoints
- Creating the service tenant and service users
- Configuring OpenStack Identity for LDAP Integration
- 2. Glance – OpenStack Image Service
- Introduction
- Installing OpenStack Image Service
- Configuring OpenStack Image Service with OpenStack Identity Service
- Configuring OpenStack Image Service with OpenStack Object Storage
- Managing images with OpenStack Image Service
- Registering a remotely stored image
- Sharing images among tenants
- Viewing shared images
- Using image metadata
- Migrating a VMware image
- Creating an OpenStack image
- 3. Neutron – OpenStack Networking
- Introduction
- Installing Neutron and Open vSwitch on a dedicated network node
- Configuring Neutron and Open vSwitch
- Installing and configuring the Neutron API service
- Creating a tenant Neutron network
- Deleting a Neutron network
- Creating an external floating IP Neutron network
- Using Neutron networks for different purposes
- Configuring Distributed Virtual Routers
- Using Distributed Virtual Routers
- 4. Nova – OpenStack Compute
- Introduction
- Installing OpenStack Compute controller services
- Installing OpenStack Compute packages
- Configuring database services
- Configuring OpenStack Compute
- Configuring OpenStack Compute with OpenStack Identity Service
- Stopping and starting nova services
- Installation of command-line tools on Ubuntu
- Using the command-line tools with HTTPS
- Checking OpenStack Compute services
- Using OpenStack Compute
- Managing security groups
- Creating and managing key pairs
- Launching our first cloud instance
- Fixing a broken instance deployment
- Terminating your instances
- Using live migration
- Working with nova-schedulers
- Creating flavors
- Defining host aggregates
- Launching instances in specific Availability Zones
- Launching instances on specific Compute hosts
- Removing Nova nodes from a cluster
- 5. Swift – OpenStack Object Storage
- Introduction
- Configuring Swift services and users in Keystone
- Installing OpenStack Object Storage services – proxy server
- Configuring OpenStack Object Storage – proxy server
- Installing OpenStack Object Storage services – storage nodes
- Configuring physical storage for use with Swift
- Configuring Object Storage replication
- Configuring OpenStack Object Storage – storage services
- Making the Object Storage rings
- Stopping and starting OpenStack Object Storage
- Setting up SSL access
- 6. Using OpenStack Object Storage
- 7. Administering OpenStack Object Storage
- 8. Cinder – OpenStack Block Storage
- 9. More OpenStack
- Introduction
- Using cloud-init to run post-installation commands
- Using cloud-config to run the post-installation configuration
- Installing OpenStack Telemetry
- Using OpenStack Telemetry to interrogate usage statistics
- Installing Neutron LBaaS
- Using Neutron LBaaS
- Configuring Neutron FWaaS
- Using Neutron FWaaS
- Installing the Heat OpenStack Orchestration service
- Using Heat to spin up instances
- 10. Using the OpenStack Dashboard
- Introduction
- Installing OpenStack Dashboard
- Using OpenStack Dashboard for key management
- Using OpenStack Dashboard to manage Neutron networks
- Using OpenStack Dashboard for security group management
- Using OpenStack Dashboard to launch instances
- Using OpenStack Dashboard to terminate instances
- Using OpenStack Dashboard to connect to instances using a VNC
- Using OpenStack Dashboard to add new tenants – projects
- Using OpenStack Dashboard for user management
- Using OpenStack Dashboard with LBaaS
- Using OpenStack Dashboard with OpenStack Orchestration
- 11. Production OpenStack
- Introduction
- Installing the MariaDB Galera cluster
- Configuring HA Proxy for the MariaDB Galera cluster
- Configuring HA Proxy for high availability
- Installing and configuring Pacemaker with Corosync
- Configuring OpenStack services with Pacemaker and Corosync
- Bonding network interfaces for redundancy
- Automating OpenStack installations using Ansible – host configuration
- Automating OpenStack installations using Ansible – Playbook configuration
- Automating OpenStack installations using Ansible – running Playbooks
- 1. Keystone – OpenStack Identity Service
- 3. Module 3
- 1. The Troubleshooting Toolkit
- 2. Troubleshooting OpenStack Identity
- 3. Troubleshooting the OpenStack Image Service
- 4. Troubleshooting OpenStack Networking
- 5. Troubleshooting OpenStack Compute
- 6. Troubleshooting OpenStack Block Storage
- 7. Troubleshooting OpenStack Object Storage
- 8. Troubleshooting the OpenStack the Orchestration Service
- 9. Troubleshooting the OpenStack Telemetry Service
- 10. OpenStack Performance, Availability, and Reliability
- A. Bibliography
- Index
We have at various points verified that the Keystone service is working as expected. However, let's execute the commands with the actual username and password rather than using the admin token that we have generated.
Open a new terminal window, or unset the environment variables that we set up:
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
You don't have to do this if you have opened a new terminal window.
We will list all the tenants in the system; we should expect to see the one we created:
keystone --os-tenant-name firsttenant --os-username admin --os-password h33l0world --os-auth-url http://oscontrollernode:5000/v2.0 tenant-list
Under the hood, the Python client uses the RESTful API. You would use the API if you were trying to call the services directly without using the client. As an example, consider a developer of a company trying to create hooks in the OpenStack system from the company's custom request portal so that end users don't get to see the actual Horizon database, and even the cloud provisioning engine is abstracted from the end user. We will quickly verify that we are able to use Keystone using the RESTful API.
We will use curl in order to make the RESTful call. The URI for tenant is /tenants, so the full URL will be a public URL appended with the API URI, which in our case is http://oscontrollernode:5000/v2.0/tenants. This is using a GET verb, so we will need an authentication token in order to execute the following curl command to get the token:
curl -vv -d '{"auth":{"passwordCredentials":{"username": "admin", "password": "h33l0world"}}}' -H "Content-type: application/json" http://localhost:5000/v2.0/tokens | python -m json.tool
This will give us the token that we can use in the header:
We extract this token and use it in our next call. The tokens are normally valid for a few minutes to hours, depending on the configuration of Keystone.
Tokens are akin to authentication cookies in a lot of ways. If you have come across any kind of a single sign-on (SSO) system for the Web, you may already be aware of how this functions.
In a single sign-on scenario, when you try to access a protected resource, you send a request to the resource, the web page in question checks for a presence of a cookie and whether that cookie is valid. The cookie has information about the user and sometimes authorization as well.
If the cookie is not present or is present but not valid, then the user is sent to a common webpage where the SSO system authenticates them and assigns a cookie. The SSO system then redirects them to the resource and the user is now granted access.
The token system is similar but with some differences, as follows:
- User checks whether they have the valid token.
- If the valid token is not found, a request is made to Keystone.
- Keystone authenticates and assigns a token. It also stores the token in its localdatabase table called "tokens".
- User makes the call to the service, such as Horizon, Nova, or any other OpenStack service that supports Keystone, with the token.
- The service at the backend checks with Keystone whether the token is valid and then allows access to the resource.
This way, the services themselves never get access to the user credentials but only the tokens that are time-bound to expire. This serves two purposes, that of security and of a single sign-on feel.
curl -s -H "X-Auth-Token: 685590d73e81437da6e97a9b6764213b" http://localhost:5000/v2.0/tenants | python -m json.tool
And we then get the tenants configured in the system, as shown in the following screenshot:
We can now use the token until its expiry for the particular user.
Tip
There are several toolkits and SDK's available for OpenStack in order to enable faster code development.
Please visit https://wiki.openstack.org/wiki/SDKs for the different SDKs that are available.
The languages include a varied range of choices such as libraries for C, C++, Java, Node.Js , Perl, and PHP.
-
No Comment