T-110.5102 Laboratory Works in Networking and Security (5-10 cr)
OpenStack instructions
Prerequisities:
- Username and password to echo.niksula.hut.fi (You will get these from course staff)
Connecting to OpenStack
1. Connect to echo.niksula.hut.fi and create socks proxy: ”ssh -D 9999 username@echo.niksula.hut.fi"
- On windows use for example PuTTY or PuTTYtray
- See SSH proxy tunnel with PuTTY for help
2. In your browser settings set socks proxy as ”localhost:9999”. Use this proxy at least for quebec.niksula.hut.fi.
- Hint: With firefox use plugin ”FoxyProxy”. it makes working with proxies a lot easier.
- In foxy proxy use these two patterns with this proxy: ”*130.233.42.*” and ”*quebec.niksula.hut.fi*"
3. Open the dashboard at http://quebec.niksula.hut.fi and login using your username and password.
- Initially the username and password is same as with echo. You can change it using the dashboard
Set up command line access
1. Copy openstack credentials to echo.niksula.hut.fi
- You can download the credentials file from Dashboard: Project -> Access & Security -> API Access -> Download OpenStack RC File
- Save the file to echo. Filename does not matter. Example: openstackrc.sh
- For transferring the file you can use command scp, on windows application WinSCP or just create new text file on echo (using text editor such as vim, nano or emacs) and copy-pasting the contents of downloaded settings file.
2. Source credentials in your terminal: "source openstackrc.sh"
- You need to do this every time you open new terminal window on echo.
3. Try running some openstack commands
- neutron net-list
- nova list
- If you did not get any errors, you are good to go!
4. Create ssh key pair for accessing instances
- Dashboard: Project -> Access & Security -> Key Pairs -> Create Key Pair
- Give name to the new key pair and save the private key file to echo as ~/.ssh/id_rsa
- Add the private key to ssh-agent
- ssh-add ~/.ssh/id_rsa
Accessing virtual machine instances in OpenStack
Note: You can do this only after you have created VM instance (Assignment A1 & B1)
Due to Aalto IT policy the virtual machines are secured with very restrictive firewall. This means that VM’s are not accessible from public Internet directly. Every connection must go through echo.niksula.hut.fi. However, outgoing connections are allowed, so your virtual machines can access internet normally (downloading software packages work as expected).
1. Connect to echo.cs.hut.fi (if you already haven’t done that) ”ssh username@echo.niksula.hut.fi"
- You can open multiple simultaneous connections if you need. Just don’t try to create multiple socks proxies (the ”-D 9999” thing)
2. Make sure you have ssh-agent running somewhere, either on your own computer or on echo
- command ”ssh-add -L” should work
3. Connect to your lab1 machine using the floating ip you assigned to your machine
- ”ssh ubuntu@lab1_floating_ip"
4. Enable agent forwarding on lab1
- echo ”echo -e 'Host *\n ForwardAgent yes' >> .ssh/config"
5. Connect to lab2 & lab3 from lab1
- ”ssh ubuntu@lab2_ip"
Read the documentation!
- OpenStack usage is well documented, see http://docs.openstack.org/user-guide/content/
- Especially sections "1. OpenStack dashboard" and "2. OpenStack command-line clients" are useful
Useful OpenStack commands
- ”nova”: Manage OpenStack virtual machines (instances)
- ”neutron”: manage OpenStack virtual networks
- ”glance”: manage OpenStack virtual machine images
Hints
- Learn to use tmux. It will make your life easier
- Launch multiple terminals on echo, keep each connected to different virtual machines
- Connections can be kept open even if you log out yourself
- Great tutorial
- Customize shell login file (default ~/.bash_login)
- source credentials automatically
- Add ssh public key to echo and your local machine as well