Note
If your host does not contain the public/private key pair created in an earlier step, SSH prompts for the default password associated with the cirros user.
If your instance does not launch or seem to work as you expect, see the OpenStack Operations Guide for more information or use one of the many other options to seek assistance. We want your environment to work!
Launch an instance with legacy networking (nova-network)
To generate a keypair
Most cloud images support public key authentication rather than conventional username/
password authentication. Before launching an instance, you must generate a public/private key pair using ssh-keygen and add the public key to your OpenStack environment.
1. Source the demo tenant credentials:
$ source demo-openrc.sh 2. Generate a key pair:
$ ssh-keygen
3. Add the public key to your OpenStack environment:
$ nova keypair-add --pub-key ~/.ssh/id_rsa.pub demo-key
and Fedora
Note
This command provides no output.
4. Verify addition of the public key:
$ nova keypair-list
+---+---+
| Name | Fingerprint | +---+---+
| demo-key | 6c:74:ec:3a:08:05:4e:9e:21:22:a6:dd:b2:62:b8:28 | +---+---+
To launch an instance
To launch an instance, you must at least specify the flavor, image name, network, security group, key, and instance name.
1. A flavor specifies a virtual resource allocation profile which includes processor, memory, and storage.
List available flavors:
$ nova flavor-list
+----+---+---+---+---+---+---+---+---+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+----+---+---+---+---+---+---+---+---+
| 1 | m1.tiny | 512 | 1 | 0 | | 1 | 1.0 | True |
| 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True |
| 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True |
| 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | 1.0 | True |
+----+---+---+---+---+---+---+---+---+
Your first instance uses the m1.tiny flavor.
Note
You can also reference a flavor by ID.
2. List available images:
$ nova image-list
+---+---+---+---+
| ID | Name | Status | Server |
and Fedora
+---+---+---+---+
| acafc7c0-40aa-4026-9673-b879898e1fc2 | cirros-0.3.2-x86_64 | ACTIVE | |
+---+---+---+---+
Your first instance uses the cirros-0.3.2-x86_64 image.
3. List available networks:
Note
You must source the admin tenant credentials for this step and then source the demo tenant credentials for the remaining steps.
$ source admin-openrc.sh
$ nova net-list
+---+---+---+
| ID | Label | CIDR | +---+---+---+
| 7f849be3-4494-495a-95a1-0f99ccb884c4 | demo-net | 203.0.113.24/29 | +---+---+---+
Your first instance uses the demo-net tenant network. However, you must reference this network using the ID instead of the name.
4. List available security groups:
$ nova secgroup-list
+---+---+---+
| Id | Name | Description | +---+---+---+
| ad8d4ea5-3cad-4f7d-b164-ada67ec59473 | default | default | +---+---+---+
Your first instance uses the default security group. By default, this security group implements a firewall that blocks remote access to instances. If you would like to permit remote access to your instance, launch it and then configure remote access.
5. Launch the instance:
Replace DEMO_NET_ID with the ID of the demo-net tenant network.
$ nova boot --flavor m1.tiny --image cirros-0.3.2-x86_64 --nic net-id=DEMO_NET_ID \
--security-group default --key-name demo-key demo-instance1
and Fedora
6. Check the status of your instance:
$ nova list
and Fedora
| 45ea195c-c469-43eb-83db-1a663bbad2fc | demo-instance1 | ACTIVE | - | Running | demo-net=203.0.113.26 |
+---+---+---+---+---+---+
The status changes from BUILD to ACTIVE when your instance finishes the build process.
To access your instance using a virtual console
• Obtain a Virtual Network Computing (VNC) session URL for your instance and access it from a web browser:
$ nova get-vnc-console demo-instance1 novnc http://controller:6080/vnc_auto.html?token=2f6dd985-f906-4bfc-b566-e87ce656375b |
+--- +---+
Note
If your web browser runs on a host that cannot resolve the controller host name, you can replace controller with the IP address of the management interface on your controller node.
The CirrOS image includes conventional username/password authentication and provides these credentials at the login prompt. After logging into CirrOS, we recommend that you verify network connectivity using ping.
Verify the demo-net network:
$ ping -c 4 openstack.org
PING openstack.org (174.143.194.225) 56(84) bytes of data.
64 bytes from 174.143.194.225: icmp_req=1 ttl=53 time=17.4 ms 64 bytes from 174.143.194.225: icmp_req=2 ttl=53 time=17.5 ms 64 bytes from 174.143.194.225: icmp_req=3 ttl=53 time=17.7 ms 64 bytes from 174.143.194.225: icmp_req=4 ttl=53 time=17.5 ms openstack.org ping statistics
---4 packets transmitted, ---4 received, 0% packet loss, time 3003ms rtt min/avg/max/mdev = 17.431/17.575/17.734/0.143 ms
To access your instance remotely
1. Add rules to the default security group:
a. Permit ICMP (ping):
$ nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
and Fedora
+---+---+---+---+---+
| IP Protocol | From Port | To Port | IP Range | Source Group | +---+---+---+---+---+
| icmp | -1 | -1 | 0.0.0.0/0 | | +---+---+---+---+---+
b. Permit secure shell (SSH) access:
$ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
+---+---+---+---+---+
| IP Protocol | From Port | To Port | IP Range | Source Group | +---+---+---+---+---+
| tcp | 22 | 22 | 0.0.0.0/0 | | +---+---+---+---+---+
2. Verify network connectivity using ping from the controller node or any host on the external network:
$ ping -c 4 203.0.113.26
PING 203.0.113.26 (203.0.113.26) 56(84) bytes of data.
64 bytes from 203.0.113.26: icmp_req=1 ttl=63 time=3.18 ms 64 bytes from 203.0.113.26: icmp_req=2 ttl=63 time=0.981 ms 64 bytes from 203.0.113.26: icmp_req=3 ttl=63 time=1.06 ms 64 bytes from 203.0.113.26: icmp_req=4 ttl=63 time=0.929 ms 203.0.113.26 ping statistics
---4 packets transmitted, ---4 received, 0% packet loss, time 3002ms rtt min/avg/max/mdev = 0.929/1.539/3.183/0.951 ms
3. Access your instance using SSH from the controller node or any host on the external network:
$ ssh [email protected]
The authenticity of host '203.0.113.26 (203.0.113.26)' can't be established.
RSA key fingerprint is ed:05:e9:e7:52:a0:ff:83:68:94:c7:d1:f2:f8:e2:e9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '203.0.113.26' (RSA) to the list of known hosts.
$
Note
If your host does not contain the public/private key pair created in an earlier step, SSH prompts for the default password associated with the cirros user.
If your instance does not launch or seem to work as you expect, see the OpenStack Operations Guide for more information or use one of the many other options to seek assistance. We want your environment to work!
and Fedora