Arvutiteaduse instituut
  1. Kursused
  2. 2017/18 kevad
  3. Pilvetehnoloogia alused (MTAT.08.027)
EN
Logi sisse

Pilvetehnoloogia alused 2017/18 kevad

  • Main
  • Lectures
  • Practicals
  • Submit Homework

Practice 2 - Working with Openstack

In this lab you will once again request computing resources from the university cloud and learn how to configure custom security groups and a floating IPs. You will install a web server on an instance, create a simple web page for yourself and save the instance configuration as a snapshot so that the changes would be persist after terminating the instance.

Exercise 2.1. Launching instance and configuring floating IP

Each time you start an instance, an IP will be automatically allocated to it. You will have no control over the initial IP allocation. In cases when you need your virtual machine to always be accessible under the same IP address, you can request a fixed floating IP address from the OpenStack cloud and assign it to your instance.

  • Launch a new Ubuntu 16.04 instance as you did in the previous lab.
    • However, this time choose the private private_ldcp_64_net network when launching the instance. This IP address is not accessible from outside the cloud and we will have to set up a separate IP for that.
  • Request a new floating IP
    • NB! Before you start, be ready to write down the IP address that is allocated to you, otherwise it will be difficult to figure out which one is yours.
    • Go to Network -> Floating IPs, click the Allocate IP to project button and choose provider_64_net from the drop down menu.
  • Attach the allocated floating IP to your instance.
    • Use Compute -> Instances -> drop down menu next to your instance -> Associate floating IP and choose the IP address that was allocated to you.
  • Use the floating IP and log into the instance using ssh and the access KeyPair you created last time.

Exercise 2.2. Configuring Cloud Instance & installing software

  1. Install Apache web server on the instance
    • First we need to update the software package listings using apt-get or aptitude command:
      • sudo apt update
    • Install the apache2 package:
      • sudo apt install apache2
      • You might encounter an error stating that something is locked that is Ubuntu running some updates in background so please give it few minutes to complete and try again later, if still no luck ask help from lab instructor. (Use with caution! https://www.tecmint.com/fix-unable-to-lock-the-administration-directory-var-lib-dpkg-lock/)
  2. Check that the installation of the Apache 2 web server is successful
    • Try accessing the ip of your web server instance from a browser (from within the university network).
      • This, in theory, should display the index.html web page that's being provided by your web server.
      • However, it does not work at the moment, as by default communication with the cloud instances from outside other than ssh (port 22) is restricted by default.
    • Lets use an alternative approach to verify our web server is running
      • Log into the instance through ssh
      • Use the wget command to download 'index.html' from your server.
      • On the instance command line run wget <your-private-ip>.
        • This should download index.html file into the currently active directory, which among other html code should contain a string "It works!".
      • Use less index.html command to check the downloaded file content from the command line
      • Alternatively you can use command line web-browser sudo apt install lynx and lynx localhost
  3. Modify (or replace) the current index.html file at /var/www/html/index.html to change the web page content.
    • How exactly you change its content is up to you, but it should at least contain your Full Name, so it is possible to visually see that you have modified it.
    • Command line file editor nano can be used to modify file contents.

Exercise 2.3. Getting access to the hosted website from the university network

To allow access to the web server on your instance you need to create a new security group and define an access rule for the port 80.

  • Under the Network tab go to Security Groups and create a new security group by clicking the Create Security Group button
  • Choose a name for this security group, which should include your first and last name
  • Add TCP port 80 to your security group.
  • Now add this security group to your instance
    • Use Compute -> Instances -> drop down menu next to your instance -> Edit security groups and add your security group from under All Security Groups into Instance Security Groups
  • Access your instance through a web browser (using the floating IP address)

Exercise 2.4. Creating a new Cloud Instance snapshot

Lets save all the changes you have made to the instance by creating a snapshot. This allows you to start multiple already-configured Apache web server instances at once, with your web application already included.

  • Under the Compute tab go to Instances and choose Create snapshot button next to your instance.
  • Choose a name for this snapshot, it must include your last name.
  • After you confirm that the snapshot is ready, terminate your instance
  • Start a new instance as you did previously, but now use your snapshot as the source and make sure that both your new security group together with the default security group are chosen.
  • Assign the same floating IP also to your new instance
    • Make sure you can access the "It works!" website from the web browser using your new instance's floating IP.
    • Make a screenshot of the browser showing your deployed web page on the instance
      • The page should display a personalized message to show that it has been set up by you.
      • From the screenshot, the url with the public IP should be visible
  • In the future, you are able to start a copy (or multiple copies) of this web server at any time by starting a new instance from this snapshot.

Exercise 2.5. KeyPair security

  • Your goal is to investigate what happens to the access permissions of the previously used KeyPairs after creating a snapshot from an instance.
  • After you have created your snapshot in this lab, create another KeyPair and use it to start a new instance from this snapshot.
  • Try to access your new instance with
    • The original KeyPair that was used to access the instance from which your snapshot was created.
    • The new KeyPair you just created
  • Log into your new Instance. Create a screenshot of the output of command cat /home/ubuntu/.ssh/authorized_keys .
  • Answer the following question: Why were you able to access the instance of your snapshot with both keys? Explain how this could be a serious security issue in a multi user cloud environment. Describe a scenario to illustrate this problem.

Deliverables

  1. Snapshot created in the cloud with your name
  2. Upload the screenshots made in exercises 2.4 and 2.5
  3. Do not leave your instances running!
  4. Delete your security group!
  5. Answer the following questions:
    • Why were you able to access the instance of your snapshot with both keys? Explain how this could be a serious security issue in a multi user cloud environment. Describe a scenario to illustrate this problem.
    • What are the advantages of creating snapshots? How does using snapshots simplify working with cloud instances? (Briefly describe at least two scenarios)
2. lab 2
Sellele ülesandele ei saa enam lahendusi esitada.
  • Arvutiteaduse instituut
  • Loodus- ja täppisteaduste valdkond
  • Tartu Ülikool
Tehniliste probleemide või küsimuste korral kirjuta:

Kursuse sisu ja korralduslike küsimustega pöörduge kursuse korraldajate poole.
Õppematerjalide varalised autoriõigused kuuluvad Tartu Ülikoolile. Õppematerjalide kasutamine on lubatud autoriõiguse seaduses ettenähtud teose vaba kasutamise eesmärkidel ja tingimustel. Õppematerjalide kasutamisel on kasutaja kohustatud viitama õppematerjalide autorile.
Õppematerjalide kasutamine muudel eesmärkidel on lubatud ainult Tartu Ülikooli eelneval kirjalikul nõusolekul.
Courses’i keskkonna kasutustingimused