Monthly Archives: November 2016

Prime Your Cloud Native Infrastructure CoreOS System for Orchestration Using Docker Swarm and Docker Compose

One of the reasons Kubernetes has won so much support, is its great orchestration abilities. However, Docker has been making a lot of fuss over Swarm, its native orchestration tool. Unfortunately, this is still in the beta channel of Docker 1.12, and as such is not installed by default on your CoreOS system.

Update CoreOS Docker

To update your CoreOS system, you need to switch to the beta channel, which can be done by updating the update.conf file. Possible values are ‘stable’, ‘beta’, and ‘alpha’. We’re going to use ‘beta’:

$ sudo sh -c 'echo GROUP=beta > /etc/coreos/update.conf'

..and force the update:

$ update_engine_client -update

Voila! Your system will be running the latest version of Docker, including Docker Swarm. You can verify the version if you desire:

$ docker version

You should be on at least docker 1.12.1.

Adding Docker Compose

If you want to make full use of the new native orchestration tools, you’re going to want to be able to use docker compose, along with the bundling tool for use with deploying Docker Swarm Stacks & Bundles.

To install docker compose on CoreOS, throw the following few commands into your server:

$ mkdir /opt/ $ mkdir /opt/bin $ sudo curl -L`uname -s`-`uname -m` > /opt/bin/docker-compose $ chmod +x /opt/bin/docker-compose

Check your version:

$ docker-compose -v

You should be on version 1.9.0 or later!


How To Create An Externally-Facing Server On The Cloud Native Infrastructure – Powered By OpenStack, Using The OpenStack CLI

In my previous video, I showed how to use the OpenStack GUI to create an instance (or a server to you and I). The components included creating a Network, a Subnet, a Router, an Interface, an SSH keypair, as well as a floating IP to use with the created Instance.

In this article, I’m going to detail how you can get started with the OpenStack set of CLIs to create all the necessary components required for launching an Instance in an OpenStack environment.

Installing The Tools

First things first, you need to install the command line tools. You can do ths pretty easily using pip:

$ pip install python-openstackclient $ pip install python-novaclient $ pip install python-neutronclient

If you’re unfamiliar with the different tools (i.e. nova, neutron, cinder), keep your eye out as I’ll be covering that topic soon.

Setting Environment Variables

The OS CLI tools require that you have some environment variables set. Make sure you grab the right settings from your control panel:

export OS_AUTH_URL= export OS_PASSWORD=“password” export OS_PROJECT_ID=123123123123123 export OS_PROJECT_NAME=ProjectName export

I recommend placing these in either your .bashrc or .zshrc file to ensure they’re set everytime you open your terminal.

Creating An Instance

If you’ve seen the OpenStack GUI Video, you’ll be aware that it’s not possible to create an instance straight out of the box. First we have to create other services that the instance will make use of.

Creating An SSH key-pair.

It’s imperitive to place your public key on the instance you create, otherwise you’ll never have access to it, making our efforts rather fruitless.

To create a key-pair within OpenStack, and keep the private key on your own machine:

$ nova keypair-add exampleKey > ~/.ssh/exampleKey.pem $ chmod 0600 ~/.ssh/exampleKey.pem $ ssh-add ~/.ssh/exampleKey.pem

Create A Network.

You’ll need a network so that you can create a gateway, subnet & allocate IP addresses to your instances.

$ neutron net-create exampleNetwork

Create A Subnet

When creating a subnet, you can use whatever class address you like, but it’s important to specify the full CIDR address

$ neutron subnet-create exampleNetwork --name exampleSubnet

Take note of the ID that is shown once it’s created, as we’ll need that in our next step.


Create A Router

Routers allow you to connect different networks. We want to connect our new subnet to the router, whilst at the same time allowing the router to be connected to our default, ‘internet’ network. This is our basic gateway to the internet with the subnet being added as an interface.

We can find the ‘internet’ network by asking neutron to list the networks:

$ neutron net-list

From this we can grab our internet network id. In our case, it’s:


So, let’s create the router:

$ neutron router-create exampleRouter

Take note of the RouterID:


Now, we give the router a gateway to the internet:

$ neutron router-gateway-set 37a2afe1-a49f-4560-bac3-84a36bace670 893a5b59-081a-4e3a-ac50-1e54e262c3fa

..and attach our subnet to the router too:

$ neutron router-interface-add 37a2afe1-a49f-4560-bac3-84a36bace670 aa8ad9ba-0a58-4f80-9f4d-9aaa0cd9307a

If you’ve got this far, well done! We not have the pre-requisites in place to launch our instance!

Launching The Instance

Instances come in a list of pre-defined ‘flavors’; these are the sizes, ranging from ‘nano’ to large. You can see these here:

$ openstack flavor list

Once you’ve decided which flavour you’d like, you’ll also need to choose a pre-baked image. To keep in line with the previous video, I’m going to use the CentOS7 image from the below:

$ openstack image list

Finally, we need to refresh ourselves with the ID of the network, our key-pair name, as well as the security group ID. For the purposes of this article, we’re actually sticking with the default security group; we’ll modify the settings of that later.

$ openstack security group list $ openstack keypair list $ neutron net-list

Using the above commands, you wil be able to grab the necessary ID’s to pass into the important command, the one that will launch our instance:

$ nova boot --nic net-id=b4bd41aa-25b3-4f65-9120-df5891880a95 \ --flavor c46be6d1-979d-4489-8ffe-e421a3c83fdd \ --image 0f1785b3-33c3-451e-92ce-13a35d991d60 \ --key-name bobbynew3 \ --security-groups 88d0994e-cbee-4bb2-a5f3-73503f545af9 \ exampleServer

You’ll be mightly impressed with how quickly the server is up and running. You can get the status of it with this simple command:

$ nova list

Accessing From The Outside World

It’s all very well having a running server with outbound Internet connectivity, but right now it doesn’t have any way of being accessed from the Internet externally. The way we do this, is to create an IP address for use on the world wide web, and map that IP address to the port of our new instance. We’ll then open up the port on the firewall to allow us to SSH into it.

Floating IP

A floating IP is a way for us to have a ‘static’ IP address in our architecture, but at the same time be very flexible in where we send the traffic. We can map this floating IP to various instances & ports but for now we are going to map it against our new instance.

From the previous command (nova list), you’ll have the ID of the instance, which can be passed as a parameter into the following command:

$ neutron port-list --device_id=6371c025-86c4-42b2-a5a8-485e56e3f138

The ID that is returned, is the port that belongs to the instance and is also the same port that needs mapping against our new IP address. The following command will create a floating IP within the ‘internet’ network, and map it to the port of our new instance:

$ neutron floatingip-create \ --port-id 0413a947-4d9d-4475-bf7b-72e44f922707 internet

Security Groups

The security groups are the firewalls that you can use, and the default one has zero inbound rules. Initially, we just want to open up port 22 to allow us to SSH:

$ openstack security group rule create default \ --protocol tcp --dst-port 22:22 --remote-ip


If you’ve followed all the above steps, you now have a CentOS7 server running on a fixed IP address that you can SSH to:

ssh -i ~/.ssh/exampleKey.pem centos@

That concludes the guide to setting up a new server. What you will have noticed is that despite having a brilliant set of command-line tools, it’s still not very automated, and could take a while until you’ve memorised the process.

Keep your eyes posted, as next we’ll be looking at how to automated these steps with Terraform!

If you have any questions, please comment or email