Preparing your node
- Preparing Ubuntu
After you install Ubuntu
12.04 Server 64bits, Go in sudo mode and don't leave it until the end
of this guide:
sudo -i
1.
Add Icehouse repositories:
apt-get install -y
python-software-properties
add-apt-repository
cloud-archive:icehouse
2.
Update your system:
apt-get -y update &&
apt-get -y upgrade && apt-get -y dist-upgrade
It could be necessary to
reboot your system in case you have a kernel upgrade
Networking
Only one NIC should have
an internet access, the other is for most Openstack-related
operations and configurations:
#For Exposing OpenStack
API over the internet
auto eth1
iface eth1 inet static
address 10.43.1.55
netmask 255.255.255.0
gateway 10.43.1.1
dns-nameservers
172.20.25.111
#Not internet
connected(used for OpenStack management)
auto eth0
iface eth0 inet static
address 192.168.10.55
netmask 255.255.255.0
Restart the networking
service:
service networking
restart
- MySQL & RabbitMQ & Others
- Install MySQL:
apt-get install -y
mysql-server python-mysqldb
Configure mysql to
accept all incoming requests:
sed -i
's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
service mysql restart
2.
Install RabbitMQ:
apt-get install -y
rabbitmq-server
change the password of
guest user for rabbitmq-server.
rabbitmqctl change_password
guest root123
3.
Install NTP service:
apt-get install -y ntp
Databases
set up
Setting up Databases:
Either use the script:
wget
https://raw2.github.com/Ch00k/OpenStack-Havana-Install-Guide/master/populate_database.sh
sh populate_database.sh
Or execute all of the
following manually:
mysql -u root -p
<your_mysql_root_password>
# Keystone
CREATE DATABASE keystone;
GRANT ALL ON keystone.* TO
'keystone'@'%' IDENTIFIED BY 'openstacktest';
GRANT ALL ON keystone.* TO
'keystone'@'localhost' IDENTIFIED BY 'openstacktest';
GRANT ALL ON keystone.* TO
'keystone'@'192.168.10.55' IDENTIFIED BY 'openstacktest';
GRANT ALL ON keystone.* TO
'keystone'@'10.43.1.55' IDENTIFIED BY 'openstacktest';
FLUSH PRIVILEGES;
quit;
(test database access and
show databases with user keystone)
# Glance
mysql -u root -p
your_mysql_root_password
CREATE DATABASE glance;
GRANT ALL ON glance.* TO
'glance'@'%' IDENTIFIED BY 'openstacktest';
GRANT ALL ON glance.* TO
'glance'@'localhost' IDENTIFIED BY 'openstacktest';
GRANT ALL ON glance.* TO
'glance'@'192.168.10.55' IDENTIFIED BY 'openstacktest';
GRANT ALL ON glance.* TO
'glance'@'10.43.1.55' IDENTIFIED BY 'openstacktest';
FLUSH PRIVILEGES;
quit;
(test database access and
show databases with user glance)
# Neutron
mysql -u root -p
your_mysql_root_password
CREATE DATABASE neutron;
GRANT ALL ON neutron.* TO
'neutron'@'%' IDENTIFIED BY 'openstacktest';
GRANT ALL ON neutron.* TO
'neutron'@'localhost' IDENTIFIED BY 'openstacktest';
GRANT ALL ON neutron.* TO
'neutron'@'192.168.10.55' IDENTIFIED BY 'openstacktest';
GRANT ALL ON neutron.* TO
'neutron'@'10.43.1.55' IDENTIFIED BY 'openstacktest';
FLUSH PRIVILEGES;
quit;
(test database access and
show databases with user neutron)
# Nova
mysql -u root -p
your_mysql_root_password
CREATE DATABASE nova;
GRANT ALL ON nova.* TO
'nova'@'%' IDENTIFIED BY 'openstacktest';
GRANT ALL ON nova.* TO
'nova'@'localhost' IDENTIFIED BY 'openstacktest';
GRANT ALL ON nova.* TO
'nova'@'192.168.10.55' IDENTIFIED BY 'openstacktest';
GRANT ALL ON nova.* TO
'nova'@'10.43.1.55' IDENTIFIED BY 'openstacktest';
FLUSH PRIVILEGES;
quit;
(test database access and
show databases with user nova)
# Cinder
mysql -u root -p
your_mysql_root_password
CREATE DATABASE cinder;
GRANT ALL ON cinder.* TO
'cinder'@'%' IDENTIFIED BY 'openstacktest';
GRANT ALL ON cinder.* TO
'cinder'@'localhost' IDENTIFIED BY 'openstacktest';
GRANT ALL ON cinder.* TO
'cinder'@'192.168.10.55' IDENTIFIED BY 'openstacktest';
GRANT ALL ON cinder.* TO
'cinder'@'10.43.1.55' IDENTIFIED BY 'openstacktest';
FLUSH PRIVILEGES;
quit;
(test database access and
show databases with user cinder)
Others
Install other services:
apt-get install -y vlan
bridge-utils
Enable IP_Forwarding:
sed -i
's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
# To save you from
rebooting, perform the following
sysctl
net.ipv4.ip_forward=1
3.
Keystone
- Start by the keystone packages:apt-get install -y keystone
- Verify your keystone is running:service keystone status
- Adapt the connection attribute in the /etc/keystone/keystone.conf to the new database:connection = mysql://keystone:openstacktest@192.168.10.55/keystone
- Remove Keystone SQLite database:rm /var/lib/keystone/keystone.db
- Restart the identity service then synchronize the database:service keystone restartkeystone-manage db_sync
- Fill up the keystone database using the two scripts available in the Scripts folder of this git repository:#Modify the HOST_IP and EXT_HOST_IP variables before executing the scriptswget https://raw2.github.com/Ch00k/OpenStack-Havana-Install-Guide/master/keystone_basic.shwget https://raw2.github.com/Ch00k/OpenStack-Havana-Install-Guide/master/keystone_endpoints_basic.sh
- sh keystone_basic.sh
- sh keystone_endpoints_basic.sh
- Create a simple credential file and load it so you won't be bothered later:
nano/vi keystone_source
#Paste the following:
export
OS_TENANT_NAME=admin
export OS_USERNAME=admin
export
OS_PASSWORD=openstacktest
export
OS_AUTH_URL="http://10.43.1.55:5000/v2.0/"
# Load it:
source keystone_source
To test Keystone, just
use a simple CLI command:
keystone user-list
4.
Glance
- apt-get install -y glance
- Verify your glance services are running:service glance-api statusservice glance-registry status
- Update the /etc/glance/glance-api-paste.ini and /etc/glance/glance-registry-paste.ini with:[filter:authtoken]paste.filter_factory = keystoneclient.middleware.auth_token:filter_factoryauth_host = 192.168.10.55auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = glanceadmin_password = openstacktest
- Update /etc/glance/glance-api.conf and /etc/glance/glance-registry.conf with:[DEFAULT]sql_connection = mysql://glance:openstacktest@192.168.10.55/glance[keystone_authtoken]auth_host = 192.168.10.55auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = glanceadmin_password = openstacktest[paste_deploy]flavor = keystone
- Remove Glance's SQLite database:rm /var/lib/glance/glance.sqlite
- Restart the glance-api and glance-registry services:service glance-api restart; service glance-registry restart
- Synchronize the glance database:glance-manage db_sync
- Error:root@openstack-sdn:~# glance-manage db_sync2014-08-07 16:08:42.580 8119 CRITICAL glance [-] ValueError: Tables "migrate_version" have non utf8 collation, please make sure all tables are CHARSET=utf8
- Solution:mysql> use glanceReading table information for completion of table and column namesYou can turn off this feature to get a quicker startup with -ADatabase changedmysql> alter table migrate_version convert to character set utf8 collate utf8_unicode_ci;Query OK, 1 row affected (0.26 sec)Records: 1 Duplicates: 0 Warnings: 0mysql> flush privileges;Query OK, 0 rows affected (0.00 sec)mysql> quit;
- Restart the services again to take into account the new modifications:service glance-registry restart; service glance-api restart
- To test Glance, upload the cirros cloud image and Ubuntu cloud image:glance image-create --name myFirstImage --is-public true --container-format bare --disk-format qcow2 --location https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
- Now list the image to see what you have just uploaded:glance image-list
4.
Neutron
- OpenVSwitchInstall the openVSwitch:apt-get install -y openvswitch-controller openvswitch-switch openvswitch-datapath-dkms
- Restart openVSwitch:service openvswitch-switch restart
- Create the bridges:#br-int will be used for VM integrationovs-vsctl add-br br-int#br-ex is used to make VMs to access the internetovs-vsctl add-br br-ex
- OpenVSwitch (Part2, modify network parameters)This will guide you to setting up the br-ex interface. Edit the eth1 in /etc/network/interfaces to become like this:# VM internet Accessauto eth1iface eth1 inet manualup ifconfig $IFACE 0.0.0.0 upup ip link set $IFACE promisc ondown ip link set $IFACE promisc offdown ifconfig $IFACE down
- Add the eth1 to the br-ex:#Internet connectivity will be lost after this step but this won't affect OpenStack's workovs-vsctl add-port br-ex eth1If you want to get internet connection back, you can assign the eth1's IP address to the br-ex in the /etc/network/interfaces file:auto br-exiface br-ex inet staticaddress 10.43.1.55netmask 255.255.255.0gateway 10.43.1.1dns-nameservers 10.43.1.1
- If you want IMMEDIATELY want your FULL networking features back I suggest:reboot
- source keystone_source (to get your environnment variables back)
- Neutron-*
- Install the Neutron components:apt-get install -y neutron-server neutron-plugin-openvswitch neutron-plugin-openvswitch-agent dnsmasq neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent
- Verify all Neutron components are running:cd /etc/init.d/; for i in $( ls neutron-* ); do sudo service $i status; cd; done
- Edit /etc/neutron/api-paste.ini[filter:authtoken]paste.filter_factory = keystoneclient.middleware.auth_token:filter_factoryauth_host = 192.168.10.55auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = neutronadmin_password = openstacktest
- Edit the OVS plugin configuration file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini with::#Under the database section[DATABASE]sql_connection=mysql://neutron:openstacktest@192.168.10.55/neutron#Under the OVS section[OVS]tenant_network_type = greenable_tunneling = Truetunnel_id_ranges = 1:1000integration_bridge = br-inttunnel_bridge = br-tunlocal_ip = 192.168.10.55#Firewall driver for realizing neutron security group function[SECURITYGROUP]firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
- Update /etc/neutron/metadata_agent.ini:# The Neutron user information for accessing the Neutron API.auth_url = http://192.168.10.55:35357/v2.0auth_region = RegionOneadmin_tenant_name = serviceadmin_user = neutronadmin_password = openstacktest# IP address used by Nova metadata servernova_metadata_ip = 192.168.10.55# TCP Port used by Nova metadata servernova_metadata_port = 8775metadata_proxy_shared_secret = helloOpenStack
- Edit your /etc/neutron/neutron.conf:#RabbitMQ IPrabbit_host = 192.168.10.55rabbit_password = root123[keystone_authtoken]auth_host = 192.168.10.55auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = neutronadmin_password = openstacktestsigning_dir = /var/lib/neutron/keystone-signing[DATABASE]connection = mysql://neutron:openstacktest@192.168.10.55/neutron# openstack-config --set /etc/neutron/neutron.conf DEFAULT \
notify_nova_on_port_status_changes True
#
openstack-config --set /etc/neutron/neutron.conf DEFAULT \
notify_nova_on_port_data_changes True
#
openstack-config --set /etc/neutron/neutron.conf DEFAULT \
nova_url http://controller:8774/v2
#
openstack-config --set /etc/neutron/neutron.conf DEFAULT \
nova_admin_username nova
#
openstack-config --set /etc/neutron/neutron.conf DEFAULT \
nova_admin_tenant_id SERVICE_TENANT_ID
#
openstack-config --set /etc/neutron/neutron.conf DEFAULT \
nova_admin_password NOVA_PASS
#
openstack-config --set /etc/neutron/neutron.conf DEFAULT \
nova_admin_auth_url http://controller:35357/v2.0
- Edit your /etc/neutron/l3_agent.ini:[DEFAULT]interface_driver = neutron.agent.linux.interface.OVSInterfaceDriveruse_namespaces = Trueexternal_network_bridge = br-exsigning_dir = /var/cache/neutronadmin_tenant_name = serviceadmin_user = neutronadmin_password = openstacktestauth_url = http://192.168.10.55:35357/v2.0l3_agent_manager = neutron.agent.l3_agent.L3NATAgentWithStateReportroot_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.confinterface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
- Edit your /etc/neutron/dhcp_agent.ini:[DEFAULT]interface_driver = neutron.agent.linux.interface.OVSInterfaceDriverdhcp_driver = neutron.agent.linux.dhcp.Dnsmasquse_namespaces = Truesigning_dir = /var/cache/neutronadmin_tenant_name = serviceadmin_user = neutronadmin_password = openstacktestauth_url = http://192.168.10.55:35357/v2.0dhcp_agent_manager = neutron.agent.dhcp_agent.DhcpAgentWithStateReportroot_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.confstate_path = /var/lib/neutron
- Remove Neutron's SQLite database:rm /var/lib/neutron/neutron.sqlite
- Restart all neutron services:cd /etc/init.d/; for i in $( ls neutron-* ); do sudo service $i restart; cd /root/; doneservice dnsmasq restartand check status:cd /etc/init.d/; for i in $( ls neutron-* ); do sudo service $i status; cd /root/; doneservice dnsmasq statusthen check all neutron agents:neutron agent-list(hopefully you'll enjoy smiling faces :-) )
5.
Nova
- KVM
make
sure that your hardware enables virtualization:
apt-get install -y cpu-checker
kvm-ok
Finally you should get:
INFO: /dev/kvm exists
KVM
acceleration can be used
- apt-get install -y kvm libvirt-bin pm-utils
- Edit the cgroup_device_acl array in the /etc/libvirt/qemu.conf file to:
cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc", "/dev/hpet","/dev/net/tun"
]
- Delete default virtual bridge
virsh net-destroy default
virsh net-undefine default
- Enable live migration by updating /etc/libvirt/libvirtd.conf file:
listen_tls = 0
listen_tcp = 1
auth_tcp = "none"
- Edit libvirtd_opts variable in /etc/init/libvirt-bin.conf file:
env
libvirtd_opts="-d -l"
- Edit /etc/default/libvirt-bin file
libvirtd_opts="-d -l"
- Restart the libvirt service and dbus to load the new values:
service dbus restart && service libvirt-bin restart
then check status:
service dbus status && service libvirt-bin status
- Nova-*
Start by installing nova components:
- apt-get install -y nova-api nova-cert novnc nova-consoleauth nova-scheduler nova-novncproxy nova-doc nova-conductor nova-compute-kvm
- Check the status of all nova-services:
cd
/etc/init.d/; for i in $( ls nova-* ); do service $i status; cd; done
- Now modify authtoken section in the /etc/nova/api-paste.ini file to this:
[filter:authtoken]
paste.filter_factory =
keystoneclient.middleware.auth_token:filter_factory
auth_host = 192.168.10.55
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = openstacktest
signing_dirname = /tmp/keystone-signing-nova
#
Workaround for https://bugs.launchpad.net/nova/+bug/1154809
auth_version = v2.0
- Modify the /etc/nova/nova.conf like this:
[DEFAULT]
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/run/lock/nova
verbose=True
api_paste_config=/etc/nova/api-paste.ini
compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler
rabbit_host=192.168.10.55
nova_url=http://192.168.10.55:8774/v1.1/
sql_connection=mysql://nova:openstacktest@192.168.10.55/nova
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
#
Auth
use_deprecated_auth=false
auth_strategy=keystone
#
Imaging service
glance_api_servers=192.168.10.55:9292
image_service=nova.image.glance.GlanceImageService
#
Vnc configuration
novnc_enabled=true
novncproxy_base_url=http://10.43.1.55:6080/vnc_auto.html
novncproxy_port=6080
vncserver_proxyclient_address=192.168.10.55
vncserver_listen=0.0.0.0
#
Network settings
network_api_class=nova.network.neutronv2.api.API
neutron_url=http://192.168.10.55:9696
neutron_auth_strategy=keystone
neutron_admin_tenant_name=service
neutron_admin_username=neutron
neutron_admin_password=openstacktest
neutron_admin_auth_url=http://192.168.10.55:35357/v2.0
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
#If
you want Neutron + Nova Security groups
#firewall_driver=nova.virt.firewall.NoopFirewallDriver
#security_group_api=neutron
#If
you want Nova Security groups only, comment the two lines above and
uncomment line -1-.
#-1-firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
#Metadata
service_neutron_metadata_proxy = True
neutron_metadata_proxy_shared_secret = helloOpenStack
metadata_host = 192.168.10.55
metadata_listen = 0.0.0.0
metadata_listen_port = 8775
#
Compute #
compute_driver=libvirt.LibvirtDriver
#
Cinder #
volume_api_class=nova.volume.cinder.API
osapi_volume_listen_port=5900
cinder_catalog_info=volume:cinder:internalURL
- Edit the /etc/nova/nova-compute.conf:
[DEFAULT]
libvirt_type=kvm
libvirt_ovs_bridge=br-int
libvirt_vif_type=ethernet
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
libvirt_use_virtio_for_bridges=True
- Restart nova-* services:
cd
/etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; cd
/root/;done
cd
/etc/init.d/; for i in $( ls nova-* ); do sudo service $i status; cd
/root/;done
- Remove Nova's SQLite database:
rm
/var/lib/nova/nova.sqlite
- Synchronize your database:
nova-manage db sync
- Restart nova-* services:
cd
/etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; cd
/root/;done
...and check:
cd
/etc/init.d/; for i in $( ls nova-* ); do sudo service $i status; cd
/root/;done
Hopefully you should enjoy smiling faces on nova-* services to
confirm your installation:
nova-manage service list
6.
Cinder
- Install the required packages:
apt-get install -y cinder-api cinder-scheduler cinder-volume
iscsitarget open-iscsi iscsitarget-dkms
- Configure the iscsi services:
sed
-i 's/false/true/g' /etc/default/iscsitarget
- Start the services:
service iscsitarget start
service open-iscsi start
- Configure /etc/cinder/api-paste.ini like the following:
[filter:authtoken]
paste.filter_factory =
keystoneclient.middleware.auth_token:filter_factory
service_protocol = http
service_host = 10.43.1.55
service_port = 5000
auth_host = 192.168.10.55
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = cinder
admin_password = openstacktest
- Edit the /etc/cinder/cinder.conf to:
[DEFAULT]
rootwrap_config=/etc/cinder/rootwrap.conf
sql_connection = mysql://cinder:openstacktest@192.168.10.55/cinder
api_paste_config = /etc/cinder/api-paste.ini
iscsi_helper=ietadm
volume_name_template = volume-%s
volume_group = cinder-volumes
verbose = True
auth_strategy = keystone
#osapi_volume_listen_port=5900
- Remove Cinder's SQLite database:
rm
/var/lib/cinder/cinder.sqlite
- Then, synchronize your database:
cinder-manage db sync
- Finally, don't forget to create a volumegroup and name it cinder-volumes:
dd
if=/dev/zero of=cinder-volumes bs=1 count=0 seek=2G
losetup /dev/loop2 cinder-volumes
fdisk /dev/loop2
#Type in the followings:
n
p
1
ENTER
ENTER
t
8e
w
- Proceed to create the physical volume then the volume group:
pvcreate /dev/loop2
vgcreate cinder-volumes /dev/loop2
- Restart the cinder services:
cd
/etc/init.d/; for i in $( ls cinder-* ); do sudo service $i restart;
cd /root/; done
Verify
if cinder services are running:
cd
/etc/init.d/; for i in $( ls cinder-* ); do sudo service $i status;
cd /root/; done
7.
Horizon
- To install horizon, proceed like thisapt-get -y install openstack-dashboard memcached
- If you don't like the OpenStack ubuntu theme, you can remove the package to disable it:dpkg --purge openstack-dashboard-ubuntu-themeReload Apache and memcached:service apache2 restart; service memcached restart
- You can now access your OpenStack 10.43.1.55/horizon with credentials admin:openstacktest.