← Back to Course Index

Week 9 Lab: Launching Compute Instances

Module: Operating Systems 3 (Virtualisation & Cloud Technologies)

Estimated Time: 45 Minutes
Lab Type: Administration / CLI

Lab Overview

In Week 8, we laid the foundation: we have a Project, a User, an Image, and a Network. Now, the dormant data center comes to life. In this lab, you will act as the Cloud Engineer for Nebula Inc. to define their hardware standards (Flavors), secure their access (Keys & Groups), and launch their first production web server.

Objectives:

1. Capacity Planning: Define custom Flavors for the startup.
2. Access Control: Generate SSH keys and Configure Firewall Rules.
3. Deployment: Launch a Virtual Machine using the CLI.
4. Operations: Assign a Floating IP and verify SSH access.

Prerequisites:

• Week 8 Lab completed (Project nebula_prod, Network nebula_net exist).
• SSH Access (ssh student@...).
• source admin-openrc (Admin Credentials).

Part 1: Defining Capacity (The Menu)

First, we must define the "Hardware Menu" available to our users.

1. Check Existing Flavors: bash openstack flavor list

2. Create the Micro Flavor: Nebula Inc. needs a tiny, cost-effective server for testing. We will name it m1.nebula_micro.

   openstack flavor create --id auto --ram 256 --disk 1 --vcpus 1 m1.nebula_micro
   

3. Verify: bash openstack flavor show m1.nebula_micro

   • Question: What is the ID assigned to your new flavor? [ ________ ]

Part 2: Security Preparation (The Keys & The Wall)

Before booting, we must ensure we can get in (SSH) and key traffic can get to the app (HTTP).

1. Switch Identity: For this lab, we will stay as Admin but target the Project resources.

2. Create Keypair (The Lock & Key):

   # Create the key and direct the private key output to a file
   openstack keypair create nebula_key > nebula_key.pem
   
   # Secure the key (Linux/Mac only - on Windows use properties/puttygen)
   chmod 600 nebula_key.pem
   

   • Note: This file (nebula_key.pem) is your private key. Do not lose it.

3. Create Security Group: bash openstack security group create nebula_web_sg --description "Web Server Firewall"

4. Open Ports (The Allow List): By default, this group blocks everything. Punch holes for SSH and Web.

   # Allow SSH (Port 22) from ANYWHERE
   openstack security group rule create --proto tcp --dst-port 22 nebula_web_sg
   
   # Allow HTTP (Port 80) from ANYWHERE
   openstack security group rule create --proto tcp --dst-port 80 nebula_web_sg
   

5. Verify Rules: bash openstack security group rule list nebula_web_sg

Part 3: Ignition (Launch)

Now we combine all distinct elements (Flavor, Image, Network, Security) to create the Instance. We will also inject a small "Boot Script" to simulate a web server.

1. Create Boot Script: CirrOS is tiny and doesn't have Apache. We will use a script to make it pretend to be a web server using Netcat. bash echo "#!/bin/sh" > boot.sh echo "while true; do echo -e 'HTTP/1.0 200 OK\r\n\r\nHello Nebula Inc' | sudo nc -l -p 80 ; done &" >> boot.sh

2. Gather IDs:

   • Image: cirros-lab8
   • Flavor: m1.nebula_micro
   • Network: lab8_net
   • Security Group: nebula_web_sg
   • Key: nebula_key
   • Script: boot.sh

3. Execute Launch: bash openstack server create --flavor m1.nebula_micro \ --image cirros-lab8 \ --network lab8_net \ --security-group nebula_web_sg \ --key-name nebula_key \ --user-data boot.sh \ nebula_web_01

4. Monitor Build: The status will go BUILD -> ACTIVE. bash openstack server list

   • Wait until Status is ACTIVE.

Part 4: Day 2 Access (Floating IP)

Your VM has a Private IP (e.g., 192.168.88.x). You cannot reach this from the outside world yet. We need a "Floating IP" (Public IP).

1. Create Floating IP: bash openstack floating ip create public

   • Note: Copy the IP address returned (e.g., 172.24.4.100).

2. Attach to Server: bash openstack server add floating ip nebula_web_01 <YOUR_FLOATING_IP>

3. Verify SSH Connectivity: Now, try to log in using the key you created. bash ssh -i nebula_key.pem cirros@<YOUR_FLOATING_IP>

   • Success: You should see the $ prompt. Run hostname to confirm.

4. Verify Web Connectivity: Since we added the boot script, the server should reply on Port 80.

   • From your Laptop (Browser): Visit http://<YOUR_FLOATING_IP>
   • From CLI: curl <YOUR_FLOATING_IP>
   • Result: You should see the text "Hello Nebula Inc".
   • Troubleshooting: If this fails, check your Security Group rules from Part 2!

Lab Checkpoint

• I have defined the m1.nebula_micro flavor.
• I have a nebula_key.pem file on my local machine.
• My nebula_web_sg allows Port 22 and 80.
• I have launched nebula_web_01 and the status is ACTIVE.
• I can ping or SSH to the Floating IP.

Reflection: 1. Why did we need a "Floating IP"? Why couldn't we just SSH to the 192.168.x.x address directly? 2. If you launch a second VM (nebula_web_02) using the same Security Group, do you need to add the rules again? Why/Why not?

Instructor Signature: ___________________________ Date: ______________

← Back to Course Index