Thursday, September 22, 2016

Enable dan Disable X-Forwarding Header Bluecoat

Pada umumnya ketika workstation menggunakan proxy maka source IP yang dikenal oleh destination ialah source IP proxy itu sendiri.

Dengan menggunakan X-Forwarding dari CLI maka source IP address dari paket akan berisi alamat IP dari ProxySG tersebut. Dengan menggunakan ini maka memungkinkan bluecoat untuk menampilkan Source IP Address dari workstation.

Untuk mengaktifkan X-Forwarding header http, login ke CLI dan melakukan perintah berikut dari console Bluecoat.

Enable
ProxySG>enable
Enable Password:
ProxySG#config t
Enter configuration commands, one per line.  End with CTRL-Z.
ProxySG#(config)http add-header x-forwarded-for
  ok
ProxySG#(config)exit

ProxySG#

 Disable
ProxySG>enable
Enable Password:
ProxySG#config t
Enter configuration commands, one per line.  End with CTRL-Z.
ProxySG#(config)http no add-header x-forwarded-for
  ok
ProxySG#(config)exit

ProxySG#
Posted by at No comments:
Labels:

Saturday, June 11, 2016

Konfigurasi DMVPN Dengan EIGRP Routing Over GRE + IPSEC Protection

Sekalian untuk catatan biar gak lupa, karna bakal sering banged demoin teknologi WAN salah satunya DMVPN + IPSec ini makanya bikin notes ini biar praktis pas butuh tinggal buka dari internet deh.

Dalam LAB ini kira-kira Logical Topology dari LAB kita kali ini yang kira-kira seperti dibawah ini.



















Lab di IOU saya Physical Topologi nya seperti dibawah ini.


















KONFIGURASI INTERNET (INTERNET ROUTER)

 Internet#sh run
Building configuration...

 Current configuration : 1851 bytes
!
! Last configuration change at 17:00:54 CET Sat Jun 11 2016
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Internet
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
ip dhcp excluded-address 40.40.40.3 40.40.40.254
!
ip dhcp pool public
 network 40.40.40.0 255.255.255.0
 default-router 40.40.40.1
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
 ip address 20.20.20.1 255.255.255.0
!
interface Ethernet0/1
 ip address 30.30.30.1 255.255.255.0
!
interface Ethernet0/2
 ip address 40.40.40.1 255.255.255.0
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 no ip address
 shutdown
!
interface Ethernet1/1
 no ip address
 shutdown
!
interface Ethernet1/2
 no ip address
 shutdown
!
interface Ethernet1/3
 no ip address
 shutdown
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
!

end



KONFIGURASI R1 (HUB & NHRP SERVER)

R1#sh run
Building configuration...

 Current configuration : 2475 bytes
!
! Last configuration change at 17:33:56 CET Sat Jun 11 2016
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key strongsecretkey address 0.0.0.0
!
!
crypto ipsec transform-set TRSET esp-3des esp-sha-hmac
 mode tunnel
!
crypto ipsec profile PROTECT-DMVPN
 set transform-set TRSET
!
!
!
!
!
!
!
interface Loopback0
 ip address 192.168.1.1 255.255.255.0
!
interface Tunnel0
 ip address 10.0.0.1 255.255.255.0
 no ip redirects
 ip mtu 1440
 no ip next-hop-self eigrp 90
 no ip split-horizon eigrp 90
 ip nhrp authentication NHRPkey
 ip nhrp map multicast dynamic
 ip nhrp network-id 100
 tunnel source Ethernet0/0
 tunnel mode gre multipoint
 tunnel key 100
 tunnel protection ipsec profile PROTECT-DMVPN
!
interface Ethernet0/0
 ip address 20.20.20.2 255.255.255.0
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 no ip address
 shutdown
!
interface Ethernet1/1
 no ip address
 shutdown
!
interface Ethernet1/2
 no ip address
 shutdown
!
interface Ethernet1/3
 no ip address
 shutdown
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!
!
router eigrp 90
 network 10.0.0.0 0.0.0.255
 network 192.168.1.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 20.20.20.1
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
!
end

KONFIGURASI R2 (SPOKE & NHRP CLIENT)
R2#sh run
Building configuration...

 Current configuration : 2564 bytes
!
! Last configuration change at 17:32:43 CET Sat Jun 11 2016
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key strongsecretkey address 0.0.0.0
!
!
crypto ipsec transform-set TRSET esp-3des esp-sha-hmac
 mode tunnel
!
crypto ipsec profile PROTECT-DMVPN
 set transform-set TRSET
!
!
!
!
!
!
!
interface Loopback0
 ip address 192.168.2.1 255.255.255.0
!
interface Tunnel0
 ip address 10.0.0.2 255.255.255.0
 no ip redirects
 ip mtu 1440
 no ip next-hop-self eigrp 90
 no ip split-horizon eigrp 90
 ip nhrp authentication NHRPkey
 ip nhrp map multicast dynamic
 ip nhrp map 10.0.0.1 20.20.20.2
 ip nhrp map multicast 20.20.20.2
 ip nhrp network-id 100
 ip nhrp nhs 10.0.0.1
 tunnel source Ethernet0/0
 tunnel mode gre multipoint
 tunnel key 100
 tunnel protection ipsec profile PROTECT-DMVPN
!
interface Ethernet0/0
 ip address 30.30.30.2 255.255.255.0
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 no ip address
 shutdown
!
interface Ethernet1/1
 no ip address
 shutdown
!
interface Ethernet1/2
 no ip address
 shutdown
!
interface Ethernet1/3
 no ip address
 shutdown
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!
!
router eigrp 90
 network 10.0.0.0 0.0.0.255
 network 192.168.2.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 30.30.30.1
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
!
end


KONFIGURASI R3 (SPOKE & NHRP CLIENT)

R3#sh run
Building configuration...

Current configuration : 2544 bytes
!
! Last configuration change at 18:09:11 CET Sat Jun 11 2016
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key strongsecretkey address 0.0.0.0
!
!
crypto ipsec transform-set TRSET esp-3des esp-sha-hmac
 mode tunnel
!
crypto ipsec profile PROTECT-DMVPN
 set transform-set TRSET
!
!
!
!
!
!
!
interface Loopback0
 ip address 192.168.3.1 255.255.255.0
!
interface Tunnel0
 ip address 10.0.0.3 255.255.255.0
 no ip redirects
 ip mtu 1440
 no ip next-hop-self eigrp 90
 no ip split-horizon eigrp 90
 ip nhrp authentication NHRPkey
 ip nhrp map multicast dynamic
 ip nhrp map 10.0.0.1 20.20.20.2
 ip nhrp map multicast 20.20.20.2
 ip nhrp network-id 100
 ip nhrp nhs 10.0.0.1
 tunnel source Ethernet0/0
 tunnel mode gre multipoint
 tunnel key 100
 tunnel protection ipsec profile PROTECT-DMVPN
!
interface Ethernet0/0
 ip address dhcp
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 no ip address
 shutdown
!
interface Ethernet1/1
 no ip address
 shutdown
!
interface Ethernet1/2
 no ip address
 shutdown
!
interface Ethernet1/3
 no ip address
 shutdown
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!
!
router eigrp 90
 network 10.0.0.0 0.0.0.255
 network 192.168.3.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 40.40.40.1
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
!
end



VERIFIKASI COMMAND

Cek IPSEC Connection
# show crypto isakmp sa
# show crypto ipsec sa
# show crypto session

Cek Routing & Connectivity
# show ip route
# ping 
# traceroute


Done!
Posted by at No comments:
Labels: ,

Thursday, June 2, 2016

Sekilas Catatan Tentang VMware NSX

Saya belum tau begitu dalam tentang VMware NSX tapi saya yakin sekali konsep network virtualization dan SDN adalah masa depan dunia network dan data center. Dimana semuanya menjadi lebih konvergen, flexibel dan cepat karna provisioning di dalam virtualization sangat cepat dan ini bener2 menguntungkan organisasi karna bisa expand bisnis mereka lebih cepat dan secara bisnis time-to-market meningkat secara drastis.

Yah seperti biasa karna saya pelupa saya bikin catatan. Beberapa point dibawah ini adalah catatan saya sepulang dari VMware NSX Experience Days

1) Ada 4 fungsi yg bisa di virtual kan oleh NSX :
- Routing
- Switching
- Firewall
- Load Balancer

2) Vmware bisa berfungsi sebagai SDN juga, tapi fungsi sebeneranya adalah network virtualization.

3) Dengan NSX maka akan ada di vCenter plugin tambahan untuk network & security.

4) Vmware tidak terikat dengan protokol karna dia menggunakan teknologi overlay yg berdiri diatas infrastruktur/hypervisor yang ada. Tidak seperti SDN yg terikat dengan protokol openflow.

5) Untuk deployment masing2 minimal butuh 3 controller.

6) Ketika diaktifkan license NSX maka akan aktif fitur "vxlan, logical router, firewall".

7) Deployment Step
- Install NSX Manager supaya muncul menu baru di vCenter.
Setelah install NSX Manager baru install.
- Install NSX Controller.
- Install NSX Edge Service Gateway.

8) Minimal Requirement MTU untuk deploment VXLAN di NSX adalah 1600 MTU karna VXLAN nambah 50 bytes di framenya

9) VTEP ada di setiap host, fungsinya untuk gateway VXLAN Overlay

10) VXLAN hanya berguna untuk komunikasi antara host, makana butuh VTEP tiap host. Kalo masih satu host pake VLAN biasa aja

11) Ada 3 mode VXLAN Replication Modes
- Unicast
- Multicast
- Hybrid

12) Ada 2 jenis routing di NSX yaitu :
- Centralized, VM mau ngbrol dengan VM lain meskipun satu host trafiknya keluar dulu ke switch physical lalu balik lagi ke host.
- Distributed, nah kalo mau dynamic routing harus masang DLR ( Yang cuma nerima forwarding table) dan Control VM (Yang menghitung proses routing table).

Notes : DLR ada di setiap host dan control VM itu ada cuma satu.

13) Ada fitur bridging untuk bridge VXLAN to VLAN L2 Bridging. Jadi menghubungkan virtual dan physical, ini karna VXLAN gak bisa terhubung ke physical network.

14) Kalo mau deploy NSX minimal ada 2 host buat yg dijadiin 1 cluster sebagai Edge Cluster. Jadi arsitektur yg bener itu
- Compute Cluster, Buat VM-VM
- Edge Cluster, Buat Deploy Logical Control VM. Statenya harus active-standby supaya engga looping.
- Host vCenter buat vCenter server

15) Throughtput maximal per-edge 10Gigabit

16) Dengan deployment NSX gak perlu switch physical yg punya fitur intelegent karna fitur2 tersebut bisa dijalankan oleh si NSX.

17) Sebenernya ada 2 tipe NSX, yaitu yang berjalan di 1 hypervisor which is ada di vCenter. Dan multi-hypervisor yg berjalan di Openstack.

18) Firewall di NSX hanya L2-L4 saja tidak support sampai L7 firewall

19) Untuk membantu membuat solusi security firewall di NSX ada tool Flow Monitoring yg bisa analisa flow trafik antara VM dalam DC.


Nah kalo ada yang salah pembaca yang lebih expert mungkin bisa komen agar saya bisa perbaiki dan kalo ada yg mau diskusi silahkan. ^^
Posted by at 1 comment:
Labels: , ,

Tuesday, May 31, 2016

Konsep DMVPN Beserta Contoh Topologi & Konfigurasi DMVPN

Udah lama gak nulis lagi karna harus adaptasi di kantor baru dari system engineer jadi network presales engineer. Hahaha

Kali ini saya mau buat catetan tentang DMVPN di cisco router, berhubung kayanya ke depan bakal sering demo tentang ini di customer.

DMVPN (Dynamic Multipoint VPN) adalah salah satu konsep Design Private WAN Network yang merupakan evolusi dari model design Hub & Spoke tunneling konvensional. Jadi DMVPN itu bukan protokol tapi campuran dari beberapa kombinasi teknologi yaitu.
  • Multipoint GRE (mGRE).
  • Next Hop Resolution Protocol (NHRP).
  • Dynamic Routing Protocol. (OSPF, BGP, EIGRP dan teman2nya).
  • Dynamic IPSec Encryption.
  • Cisco Express Forwarding (CEF).
Meski di beberapa produk ada yang serupa namun yang perlu di catat sepertinya NHRP itu adalah teknologi cisco proprietary tecnology (CMIIW).


APA YANG MEMBUAT DMVPN BEDA DENGAN MODEL HUB & SPOKE KONVENSIONAL?

Teknik DMVPN menawarkan solusi menarik yang mampu membuat network kita menjadi lebih fleksibel dimana seluruh router akan saling terhubung seperti full mesh dalam satu subnet network dari WAN area network mereka.




Yang membedakan adalah apabila dibandingkan dengan dengan Design Hub & Spoke konvensional, maka dengan design seperti diatas memerlukan 3 buah tunnel yang terpisah dari Hub Router ke Setiap Spoke Router. Dengan teknik DMVPN kita melihat bahwa mGRE (multipoint GRE) akan memungkinkan 4 router memiliki satu buat interface dalam subnet yang sama 10.1.1.0/24.
Network subnet tersebut menggunakan jenis network NBMA (Non Broadcast Multiaccess) dan dengan dibantu protokol NHRP akan membuat multipoint tunnel tersebut terbentuk secara dynamic.

BAGAIMANA NHRP BEKERJA DALAM DMVPN?
NHRP adalah elemen penting dalam DMVPN yang memprovide tunnel-to-physical interfaces address resolution. Setiap spoke router akan berkomunikasi dengan hub router untuk mendapatkan physical address dari spoke router lainnya. 



CONTOH TOPOLOGI & KONFIGURASI
Dalam lab ini kita akan menggunakan topologi seperti dibawah ini.


Deskripsi :
Router 1 -> Akan berfungsi sebagai WAN/ISP network.
Router HUB -> Berfungsi sebagai Hub Router atau HQ.
Router 2, Router 3, Router 4 -> Berfungsi sebagai spoke router atau cabang.

Konfigurasi R1



Konfigurasi Physical Interfaces


Konfigurasi DMVPN / Tunnel Interface Config


Konfigurasi IPSEC 
Tambahkan konfigurasi ini kecuali di Router 1.








Dynamic Routing
Untuk konfigurasi bagian ini optional mau menggunakan ospf, bgp atau eigrp tapi di lab ini menggunakan eigrp. Jalankan konfigurasi di seluruh router kecuali router 1.







Verifikasi

















Done! Semoga bermanfaat....
Posted by at 1 comment:
Labels: ,

Monday, May 16, 2016

List Openstack Command Line Interfaces

List command dibawah saya ambil dari blog relasi yang memang sehari-hari mainannnya openstack, ya karena saya udah di network biar gak lupa saya catat di blog saya (sumber tercantum dibawah). 
Yup list command ini sangat berguna dalam operational sehari-hari ketika kita menggunakan openstack.

IDENTITY (KEYSTONE)
List all users
$ keystone user-list
List Identity service catalog
$ keystone catalog

IMAGES (Glance)
List images you can access
$ glance image-list
Delete specified image
$ glance image-delete IMAGE
Describe a specific image
$ glance image-show IMAGE
Update image
$ glance image-update IMAGE
Upload kernel image
$ glance image-create --name "cirros-threepart-kernel"
  --disk-format aki --container-format aki --is-public False
  --file ~/images/cirros-0.3.1~pre4-x86_64-vmlinuz
Upload RAM image
$ glance image-create --name "cirros-threepart-ramdisk"
  --disk-format ari --container-format ari --is-public False
  --file ~/images/cirros-0.3.1~pre4-x86_64-initrd
Upload three-part image
$ glance image-create --name "cirros-threepart" --disk-format ami
  --container-format ami --is-public False
  --property kernel_id=$KID-property ramdisk_id=$RID
  --file ~/images/cirros-0.3.1~pre4-x86_64-blank.img
Register raw image
$ glance image-create --name "cirros-raw" --disk-format raw
  --container-format bare --is-public False
  --file ~/images/cirros-0.3.1~pre4-x86_64-disk.img

COMPUTE (Nova)
List instances, check status of instance
$ nova list
List images
$ nova image-list
List flavors
$ nova flavor-list
Boot an instance using flavor and image names (if names are unique)
$ nova boot --image IMAGE --flavor FLAVOR INSTANCE_NAME
$ nova boot --image cirros-0.3.1-x86_64-uec --flavor m1.tiny
  MyFirstInstance
Login to instance
# ip netns
# ip netns exec NETNS_NAME ssh USER@SERVER
# ip netns exec qdhcp-6021a3b4-8587-4f9c-8064-0103885dfba2
  ssh cirros@10.0.0.2
Note
In CirrOS the password for user cirros is “cubswin:)” tanpa quotes.

Show details of instance
$ nova show NAME
$ nova show MyFirstInstance
View console log of instance
$ nova console-log MyFirstInstance
Set metadata on an instance
$ nova meta volumeTwoImage set newmeta='my meta data'
Create an instance snapshot
$ nova image-create volumeTwoImage snapshotOfVolumeImage
$ nova image-show snapshotOfVolumeImage

PAUSE, SUSPEND, STOP, RESCUE, RESIZE, REBUILD, REBOOT INSTANCE
Pause
$ nova pause NAME
$ nova pause volumeTwoImage
Unpause
$ nova unpause NAME
Suspend
$ nova suspend NAME
Unsuspend
$ nova resume NAME
Stop
$ nova stop NAME
Start
$ nova start NAME
Rescue
$ nova rescue NAME
$ nova rescue NAME --rescue_image_ref RESCUE_IMAGE
Resize
$ nova resize NAME FLAVOR
$ nova resize my-pem-server m1.small
$ nova resize-confirm my-pem-server1
Rebuild
$ nova rebuild NAME IMAGE
$ nova rebuild newtinny cirros-qcow2
Reboot
$ nova reboot NAME
$ nova reboot newtinny
Inject user data and files into an instance
$ nova boot --user-data FILE INSTANCE
$ nova boot --user-data userdata.txt --image cirros-qcow2
  --flavor m1.tiny MyUserdataInstance2
Notes
To validate that the file was injected, use ssh to connect to the instance, and look in /var/lib/cloud for the file.
Inject a keypair into an instance and access the instance with that keypair

Create keypair
$ nova keypair-add test > test.pem
$ chmod 600 test.pem
Start an instance (boot)
$ nova boot --image cirros-0.3.0-x86_64 --flavor m1.small
  --key_name test MyFirstServer
Use ssh to connect to the instance
# ip netns exec qdhcp-98f09f1e-64c4-4301-a897-5067ee6d544f
  ssh -i test.pem cirros@10.0.0.4
Manage security groups
Add rules to default security group allowing ping and SSH between instances in the default security group
$ nova secgroup-add-group-rule default default icmp -1 -1
$ nova secgroup-add-group-rule default default tcp 22 22

NETWORKING (Neutron)
Create network
$ neutron net-create NAME
Create a subnet
$ neutron subnet-create NETWORK_NAME CIDR
$ neutron subnet-create my-network 10.0.0.0/29

BLOCK STORAGE (CINDER)
Used to manage volumes and volume snapshots that attach to instances.
Create a new volume
$ cinder create SIZE_IN_GB --display-name NAME
$ cinder create 1 --display-name MyFirstVolume
Boot an instance and attach to volume
$ nova boot --image cirros-qcow2 --flavor m1.tiny MyVolumeInstance
List volumes, notice status of volume
$ cinder list
Attach volume to instance after instance is active, and volume is available
$ nova volume-attach INSTANCE_ID VOLUME_ID auto
$ nova volume-attach MyVolumeInstance 573e024d-5235-49ce-8332-be1576d323f8 auto
Note
On the Xen Hypervisor it is possible to provide a specific device name instead of automatic allocation. For example:
$ nova volume-attach MyVolumeInstance 573e024d-5235-49ce-8332-be1576d323f8 /dev/vdb
This is not currently possible when using non-Xen hypervisors with OpenStack.

Manage volumes after login into the instance.
List storage devices
# fdisk -l
Make filesystem on volume
# mkfs.ext3 /dev/vdb
Create a mountpoint
# mkdir /myspace
Mount the volume at the mountpoint
# mount /dev/vdb /myspace
Create a file on the volume
# touch /myspace/helloworld.txt
# ls /myspace
Unmount the volume
# umount /myspace

OBJECT STORAGE (Swift)
Display information for the account, container, or object
$ swift stat
$ swift stat ACCOUNT
$ swift stat CONTAINER
$ swift stat OBJECT
List containers
$ swift list

Sumber : pakguru.xyz
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)