Institute of Computer Science
  1. Courses
  2. 2018/19 spring
  3. Basics of Cloud Computing (MTAT.08.027)
ET
Log in

Basics of Cloud Computing 2018/19 spring

  • Main
  • Lectures
  • Practicals
  • Submit Homework

Practice 2 - Working with Openstack

In this lab you will once again request computing resources from the university cloud and learn how to configure custom security groups and a floating IPs. You will install a web server on an instance, create a simple web page for yourself and save the instance configuration as a snapshot so that the changes would be persist after terminating the instance.

Exercise 2.1. Launching instance and configuring floating IP

Each time you start an instance, an IP will be automatically allocated to it. You will have no control over the initial IP allocation. In cases when you need your virtual machine to always be accessible under the same IP address, you can request a fixed floating IP address from the OpenStack cloud and assign it to your instance.

  • Launch a new Ubuntu 18.04 instance as you did in the previous lab.
    • However, this time choose the private private_ldcp_64_net network when launching the instance. This IP address is not accessible from outside the cloud and we will have to set up a separate IP for that.
  • Request a new floating IP
    • NB! Before you start, be ready to write down the IP address that is allocated to you, otherwise it will be difficult to figure out which one is yours.
    • Go to Network -> Floating IPs, click the Allocate IP to project button and choose provider_64_net from the drop down menu.
    • NB! You must use your name in the Description, otherwise you may later not remember which one is yours! And it will be difficult to remove unused IP addresses later!
  • Attach the allocated floating IP to your instance.
    • Use Compute -> Instances -> drop down menu next to your instance -> Associate floating IP and choose the IP address that was allocated to you.
  • Use the floating IP and log into the instance using ssh and the access KeyPair you created last time.

Exercise 2.2. Configuring Cloud Instance & installing software

  1. Install Apache web server on the instance
    • First we need to update the software package listings using apt-get or aptitude command:
      • sudo apt update
    • Install the apache2 package:
      • sudo apt install apache2
      • You might encounter an error stating that something is locked that is Ubuntu running some updates in background so please give it few minutes to complete and try again later, if still no luck ask help from lab instructor. (Use with caution! https://www.tecmint.com/fix-unable-to-lock-the-administration-directory-var-lib-dpkg-lock/)
  2. Check that the installation of the Apache 2 web server is successful
    • Try accessing the ip of your web server instance from a browser (from within the university network).
      • This, in theory, should display the index.html web page that's being provided by your web server.
      • However, it does not work at the moment, as by default communication with the cloud instances from outside other than ssh (port 22) is restricted by default.
    • Lets use an alternative approach to verify our web server is running
      • Log into the instance through ssh
      • Use the wget command to download 'index.html' from your server.
      • On the instance command line run wget localhost.
        • This should download index.html file into the currently active directory, which among other html code should contain a string "It works!".
      • Use less index.html command to check the downloaded file content from the command line
      • Alternatively you can use command line web-browser sudo apt install lynx and lynx localhost
  3. Modify (or replace) the current index.html file at /var/www/html/index.html to change the web page content.
    • How exactly you change its content is up to you, but it should at least contain your Full Name, so it is possible to visually see that you have modified it.
    • Command line file editor nano can be used to modify file contents.
    • You will also need to use sudo command as your user does not have permissions to modify this file otherwise.
    • Feel free to replace the whole HTML file with a new one.

Exercise 2.3. Getting access to the hosted website from the university network

To allow access to the web server on your instance you need to create a new security group and define an access rule for the default HTTP port 80.

  • Under the Network tab go to Security Groups and create a new security group by clicking the Create Security Group button
  • Choose a name for this security group, which should include your first and last name
  • Add the HTTP TCP port 80 to your security group.
  • Now add this security group to your instance
    • Use Compute -> Instances -> drop down menu next to your instance -> Edit security groups and add your security group from under All Security Groups into Instance Security Groups
  • Access your instance through a web browser (using the floating IP address)

Exercise 2.4. Creating a new Cloud Instance snapshot

Lets save all the changes you have made to the instance by creating a snapshot. This allows you to start multiple already-configured Apache web server instances at once, with your web application already included.

  • Under the Compute tab go to Instances and choose Create snapshot button next to your instance.
  • Choose a name for this snapshot, it must include your last name.
  • After you confirm that the snapshot is ready, terminate your instance
  • Start a new instance as you did previously, but now use your snapshot as the source and make sure that both your new security group together with the default security group are chosen.
  • Assign the same floating IP also to your new instance
    • Make sure you can access the "It works!" website from the web browser using your new instance's floating IP.
    • Make a screenshot of the browser showing your deployed web page on the instance
      • NB! Your name must be clearly visible on the screenshot you took in previous task!
      • From the screenshot, the url with the public IP should be visible
  • In the future, you are able to start a copy (or multiple copies) of this web server at any time by starting a new instance from this snapshot.

Exercise 2.5. KeyPair security

  • Your goal is to investigate what happens to the access permissions of the previously used KeyPairs after creating a snapshot from an instance.
  • After you have created your snapshot in this lab, create another KeyPair and use it to start a new instance from this snapshot.
  • Try to access your new instance with
    • The original KeyPair that was used to access the instance from which your snapshot was created.
    • The new KeyPair you just created
  • Log into your new Instance. Create a screenshot of the output of command cat /home/ubuntu/.ssh/authorized_keys .
  • Answer the following question: Why were you able to access the instance of your snapshot with both keys? Explain how this could be a serious security issue in a multi user cloud environment. Describe a scenario to illustrate this problem.

Deliverables

  1. Snapshot created in the cloud with your name
  2. Upload the screenshots made in exercises 2.4 and 2.5
  3. Do not leave your instances running!
  4. Delete your security group!
  5. Answer the following questions:
    • Why were you able to access the instance of your snapshot with both keys? Explain how this could be a serious security issue in a multi user cloud environment. Describe a scenario to illustrate this problem.
    • What are the advantages of creating snapshots? How does using snapshots simplify working with cloud instances? (Briefly describe at least two scenarios)
2. lab 2
Solutions for this task can no longer be submitted.
  • Institute of Computer Science
  • Faculty of Science and Technology
  • University of Tartu
In case of technical problems or questions write to:

Contact the course organizers with the organizational and course content questions.
The proprietary copyrights of educational materials belong to the University of Tartu. The use of educational materials is permitted for the purposes and under the conditions provided for in the copyright law for the free use of a work. When using educational materials, the user is obligated to give credit to the author of the educational materials.
The use of educational materials for other purposes is allowed only with the prior written consent of the University of Tartu.
Terms of use for the Courses environment