Practice 2 - Working with Openstack

In this lab you will once again request computing resources from the university cloud. After which you will install a web server on it, create a simple web page for yourself and save the instance configuration as a snapshot so that the changes would be persist after terminating the instance.

Information

• Location of the practice cloud: https://stratus.at.mt.ut.ee/horizon
• To access the local university cloud services you have to be in the university network. So you either have to use lab computers, eduroam Wifi, or set up a VPN connection to university network.
  • VPN (Estonian) - https://wiki.ut.ee/pages/viewpage.action?pageId=17105590
  • Eduroam Wifi (Estonian) - https://wiki.ut.ee/display/AA/WiFi+ja+eduroam

Exercise 2.1. Configuring Cloud Instance & installing software

1. Start a new Ubuntu 14.04 instance as you did in the previous lab.
2. Log into the instance using ssh and the KeyPair you created last time.
3. Install Apache web server on the instance
   • First we need to update the software package listings using apt-get or aptitude command:
     • sudo aptitude update
   • Install the apache2 package:
     • sudo aptitude install apache2
4. Check that the installation is successful
   • Use the linux wget command to pull 'index.html' from your server.
     • On the instance run wget <your-private-ip> (ip starting with 192), this should download index.html file, which among other html code should contain a string "It works!".
     • Now try accessing the public ip of your instance from your web browser (from within the university network). This, in theory, should display the index.html web page that's being provided by your web server. However, it does not work at the moment, as by default we have restricted all communication with the cloud instances from outside other than ssh (port 22).
5. Log into the instance through ssh and modify the current index.html file at /var/www/html/index.html to change the web page content.
   • How you change it is up to you, but there should at least be your Full Name present to personalize this view.
   • Command line file editor nano can be used to modify file contents.
6. Also check your lab neighbors web server pages in the same manner. Ask for their private IP address and use wget to download their page.

Exercise 2.2. Getting access to the hosted website from the university network

1. To allow access to your instance on port 80 you need to create a new security group.
   • Under the "Project" tab go to "Access & Security" and create a new security group by clicking the "Create Security Group" button
   • Choose a name for this security group, should include your first and last name
   • Add TCP port 80 to your security group.
   • We will use this security group together with the default security group
2. Newer versions of OpenStack allow to switch between security groups on the fly, however in the version we're using we need to start a new instances with the new security group that we just created. The problem is that we will lose any changes we made to our instance if we terminate it. To avoid this we will create a snapshot of our Ubuntu instance with Apache web server installed.

Exercise 2.3. Creating a new Cloud Instance snapshot

• Under the "Project" tab go to "Instances" and choose "Create snapshot" from the drop down menu next to your instance.
• Choose a name for this snapshot, it must include your last name.
• After you confirm that the snapshot is ready, terminate your instance

1. Start a new instance as you did previously, but now use your snapshot as the source and your new security group together with the default security group (both security groups have to be activated).
   • Make sure you can access the "It works!" website from the web browser using your new instance's public IP.
   • Make a screenshot of the browser showing your deployed web page on the instance
     • The page should display a personalized message to show that it has been set up by you.
     • From the screenshot, the url with the public IP should be visible
2. In the future, you are able to start a copy (or multiple copies) of this web server at any time by starting a new instance from your snapshot.

Exercise 2.4. KeyPair security

• Your goal is to investigate what happens to previously used KeyPairs after creating a snapshot.
• After you have created your snapshot in this lab, create another KeyPair and use it to start a new instance from this snapshot.
• Try to access your new instance with
  1. The original KeyPair that was used to access the instance from which your snapshot was created.
  2. The new KeyPair you just created

1. Create a screenshot of you accessing the instance with both of the KeyPairs. Screenshot should display the ssh commands or ssh program you use and it should display that two different keypair files were used to log into the instance.
2. Why were you able to access the instance of your snapshot with both keys? Explain how this could be a serious security issue in a multi user cloud environment. Describe a scenario to illustrate this problem.

Deliverables

1. Snapshot created in the cloud with your name
2. Upload the screenshots made in exercises 2.3 and 2.4
3. Do not leave your instances running!
4. Delete your security group!
5. Answer the following questions:
   • Why were you able to access the instance of your snapshot with both keys? Explain how this could be a serious security issue in a multi user cloud environment. Describe a scenario to illustrate this problem.
   • What are the advantages of creating snapshots? How does using snapshots simplify working with cloud instances? (Briefly describe at least two scenarios)