Deploying a VM Instance via OpenStack CLI

This guide walks you step-by-step through deploying a Virtual Machine (VM) in your OpenStack environment using the OpenStack Command Line Interface (CLI). We will create a private network, a subnet, a router connected to the external provider network, and a security group with essential firewall rules.

Architecture Overview (Network Stack)

The following diagram illustrates how the external network, router, private network/subnet, security group, and VM instance are interconnected:

graph TD
    Internet([Internet / External Access]) <--> |FIP Mapping| FIP["Floating IP (e.g., 185.123.45.67)"]
    FIP <--> |1:1 NAT| VM

    subgraph Provider_Net ["Provider Network"]
        ExtNet["External Network (public)"]
    end

    subgraph Project_Infr ["Project Infrastructure"]
        Router["Router (my-router)"]

        subgraph Priv_Net ["Private Network (my-network)"]
            Subnet["Subnet (my-subnet) <br> CIDR: 192.168.100.0/24"]

            subgraph Sec_Group ["Security Group (my-security-group)"]
                VM["VM Instance (my-first-vm) <br> Private IP (e.g., 192.168.100.15)"]
            end
        end
    end

    ExtNet <--> |External Gateway| Router
    Router <--> |Subnet Interface| Subnet

    classDef highlight fill:#d4edda,stroke:#28a745,stroke-width:2px;
    classDef router fill:#fff3cd,stroke:#ffc107,stroke-width:2px;
    classDef ext fill:#f8d7da,stroke:#dc3545,stroke-width:2px;
    classDef net fill:#e2e3e5,stroke:#383d41,stroke-dasharray: 5 5;
    class VM highlight;
    class Router router;
    class ExtNet ext;
    class Subnet net;

1. Prerequisites

Before you begin, ensure the following prerequisites are met:

Install OpenStack Client: Install the Python package for the OpenStack client in your terminal environment:
```
pip install python-openstackclient
```
Load Credentials (RC File): Download your OpenStack credentials (the .sh environment file from the Cloud Services Portal) and execute it in your terminal to configure the environment variables:
```
source project-openrc.sh
```
Enter your password when prompted. Verify the connection by running:
```
openstack token issue
```

2. Step-by-Step Guide

Step 2.1: Create a Private Network

First, create a private Layer 2 network where your VM instances will reside.

openstack network create my-network

Step 2.2: Create a Subnet

Create a subnet within your newly created network. We will define an IP range (CIDR) and add public DNS servers (e.g., Google DNS) so that your VMs can resolve domain names.

openstack subnet create \
  --network my-network \
  --subnet-range 192.168.100.0/24 \
  --dns-nameserver 8.8.8.8 \
  --dns-nameserver 8.8.4.4 \
  my-subnet

Step 2.3: Create and Configure a Router

To provide your private network with internet access (and vice versa), you need a virtual router.

Create the Router:
```
openstack router create my-router
```
Set the External Gateway: Connect the router to the external provider network (usually named public in most setups):
```
openstack router set --external-gateway public my-router
```
Attach Subnet to the Router: Add your private subnet as an interface to the router:
```
openstack router add subnet my-router my-subnet
```

Step 2.4: Configure a Security Group

The security group acts as a firewall for your VM. By default, all incoming traffic is blocked.

Create the Security Group:

openstack security group create my-security-group --description "Allows SSH and Ping"

Add SSH Rule (Allow port 22):

openstack security group rule create --proto tcp --dst-port 22 my-security-group

Add ICMP Rule (Allow ping):

openstack security group rule create --proto icmp my-security-group

3. Gather Resources for VM Deployment

To boot a VM instance, you need to know the names or IDs of the resources (Image, Flavor, SSH keypair) you want to use. List them with these commands:

List available operating system images:
```
openstack image list
```
(e.g., note Ubuntu 22.04 LTS)
List available sizes/flavors:
```
openstack flavor list
```
(e.g., note m1.small)
List available SSH keypairs:
```
openstack keypair list
```
(If you haven't uploaded a key yet, you can import your public key with openstack keypair create --public-key ~/.ssh/id_rsa.pub my-key)

4. Launch the Instance (VM)

Once you have gathered the required resource names or IDs, launch the virtual machine. Make sure to specify the private network and security group:

openstack server create \
  --flavor m1.small \
  --image "Ubuntu 22.04 LTS" \
  --key-name my-key \
  --network my-network \
  --security-group my-security-group \
  my-first-vm

You can monitor the creation status with the following command:

openstack server list

5. Expose the VM to the Internet (Floating IP)

Since your VM is on a private network, it is not directly reachable from the outside. To make it accessible, we associate a Floating IP:

Allocate a Floating IP from the public pool:
```
openstack floating ip create public
```
(This command returns an IP address, e.g., 185.123.45.67)

Associate the Floating IP with your VM:

openstack server add floating ip my-first-vm 185.123.45.67

Now you can log in to your instance via SSH:

ssh ubuntu@185.123.45.67