Dealing with OpenStack

We were granted access to Linaro's OpenStack cluster.


You first need a file with the right configuration and credentials. That is stored in ticket 453 at Linaro and the password prompted is the SSO password stored in tor-passwords.git.

Then you need to install some OpenStack clients:

apt install openstack-clients

Yes, that installs 74 packages, no kidding.

Add your SSH key to the server:

openstack keypair create --public-key=~/.ssh/ anarcat

You will need to create a floating IP if the server is to be public:

openstack floating ip create ext-net

The network name (ext-net above) can be found in the network list:

openstack network list

The IP address will be shown in the output:

| floating_ip_address | |

You'll also need to link the router in the private network if not already done:

openstack router add subnet router-tor 7452852a-8b5c-43f6-97f1-72b1248b2638

The subnet UUID comes from the Subnet column in the output of openstack network list for the "internal network" (the one that is not ext-net.

During this entire process, it's useful to take a look at the effect of the various steps through the web interface:

The commandline instructions are provided below because they are easier to document. But an equivalent can be followed through the web interface as well.

Launching an instance

This procedure will create a new VM in the OpenStack cluster. Make sure you first source the script you found in the previous step.

  1. list the known flavors and images:

    openstack flavor list
    openstack image list

    let's say we deploy a uk.nano flavor with debian-10-openstack-arm64 image.

  2. create the server (known as an "instance" in the GUI):

    openstack server create --key-name=anarcat --image=debian-10-openstack-arm64 --flavor=uk.nano

    In the above:

    • --keypair=anarcat refers to the keypair created in the preparation
    • --security-group is taken from the first non-default line in the openstack security group list output
    • --image and --flavor were picked from the previous step
  3. you can see the status of the process with:

    openstack server list
  4. then map the floating IP address to the server:

    openstack server add floating ip

    The floating IP is the one created at step two and the other argument is the server name.

  5. inspect the server console log to fetch the SSH public keys:

    openstack console log show | sed '0,/-----BEGIN SSH HOST KEY KEYS-----/d;/-----END SSH HOST KEY KEYS-----/,$d;s/^/ /' >> ~/.ssh/known_hosts
  6. the VM should be up by now, and you should be able to SSH in:

    openstack server ssh -l debian

    You unfortunately have to blindly TOFU (Trust On First Use) the SSH server's public key because it's not visible in the API or web interface. The debian user has sudo access.