Basic OpenStack Folsom Install Guide
|
Version:
|
1.0
|
|
Source:
|
|
|
Keywords:
|
Multi-node OpenStack,
Folsom, Nova, Keystone, Glance, Horizon, Cinder, KVM, Ubuntu Server 12.10
(64-bit release).
|
Overview
This guide focuses on providing step-by-step instruction to users
who are interested in taking a bare-metal server installation to a fully
functioning OpenStack cloud. We will avoid using scripts like TryStack and
DevStack and will attempt to configure a “vanilla” OpenStack environment. The
only scripts used in this tutorial are slight modifications of the existing
keystone scripts available on the official OpenStack GitHub repo. (https://github.com/openstack/keystone/blob/master/tools/sample_data.sh)
Who should read this
guide
This guide is for the system administrator who is installing, configuring
and managing the OpenStack “Folsom” cluster infrastructure. A reasonable level
of familiarity with the following is assumed:
- The Unix command line
- Installing packages
- Basic networking concepts
Special thanks to
Emilien Macchi at eNovance for assistance in merging some
portions of this text into the official OpenStack repository.
Bilel Msekni from TELECOM SudParis for allowing me to fork sections of
his OpenStack install guide and for the valuable suggestions and input.
Author
Getting Started
This guide intentionally uses the nova-network package instead of the newly released quantum. This decision was made in order to reduce the setup time for a
basic network configuration. Although the next release plans to freeze
nova-network development, the team responsible for overseeing OpenStack
networking (Thierry, Vish, Dan) have decided that they will ”...continue to
support nova-network as it currently exists in Folsom”.
Hardware Requirements
The following are recommended hardware requirements for both the
controller and compute nodes.
Controller Node
(runs network, volume, API, scheduler and image services)
- Processor: 64-bit x86
- Memory: 12GB of RAM
- Disk Space: 30GB (SATA, SAS, SSD)
- Volume Storage: two disks with 2TB (SATA) for volumes attached to the
compute nodes
- Network: one 1GB NIC
Compute Node(s)
(runs virtual instances)
- Processor: 64-bit x86
- Memory: 32GB of RAM
- Disk Space: 30GB (SATA, SAS, SSD)
- Network: one 1GB NIC
Basic Configuration
OpenStack Install
Control Node Install
Updating your system
- After you complete the Ubuntu
12.10 installation, go into superuser mode and stay there until this
tutorial concludes:
sudo su
- Update your system:
·
apt-get
update
·
apt-get
upgrade
apt-get dist-upgrade
Install and configure the MySQL & RabbitMQ
- Install MySQL:
apt-get install mysql-server python-mysqldb
- Configure MySQL to accept all
incoming requests:
·
sed
-i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
service mysql restart
- Install RabbitMQ:
apt-get install rabbitmq-server
Install and configure the NTP service
- Install the NTP service:
apt-get install ntp
- Configure the NTP server to
synchronize between your compute node(s) and the controller node:
·
sed
-i 's/server ntp.ubuntu.com/server ntp.ubuntu.com\nserver 127.127.1.0\nfudge
127.127.1.0 stratum 10/g' /etc/ntp.conf
service ntp restart
Install VLAN, Bridge-Utils, and setup IP
Forwarding
- Install the VLAN and
Bridge-Utils services:
apt-get install vlan bridge-utils
- Enable IP_Forwarding
o by uncommenting net.ipv4.ip_forward=1 in
/etc/sysctl.conf:
o
vi /etc/sysctl.conf
o or alternatively, to avoid editing any files:
o
echo
"net.ipv4.ip_forward=1" >
/etc/sysctl.d/99-openstack-ipv4-forwarding.conf
service procps start
- Now, run systcl with the
updated configuration:
·
sysctl
-p
Install and configure Keystone
- Install the Keystone identity
service:
apt-get install keystone
- Create a new MySQL database for
Keystone:
·
mysql
-u root -p
·
CREATE
DATABASE keystone;
·
GRANT
ALL ON keystone.* TO 'keystoneUser'@'%' IDENTIFIED BY 'keystonePass';
quit;
- Adapt the connection attribute
in the /etc/keystone/keystone.conf to our newly created database.:
·
vi
/etc/keystone/keystone.conf
·
#and
edit the connection field to show
connection =
mysql://keystoneUser:keystonePass@10.32.14.232/keystone
- Restart the identity service
then synchronize the database:
·
service
keystone restart
keystone-manage db_sync
- Use mseknibilel’s scripts
o With Quantum:
o
wget
https://raw.github.com/nimbula/OpenStack-Folsom-Install-guide/master/Keystone_Scripts/With%20Quantum/keystone_basic.sh
wget
https://raw.github.com/nimbula/OpenStack-Folsom-Install-guide/master/Keystone_Scripts/With%20Quantum/keystone_endpoints_basic.sh
o Without Quantum:
o
wget
https://raw.github.com/nimbula/OpenStack-Folsom-Install-guide/master/Keystone_Scripts/Without%20Quantum/keystone_basic.sh
wget
https://raw.github.com/nimbula/OpenStack-Folsom-Install-guide/master/Keystone_Scripts/Without%20Quantum/keystone_endpoints_basic.sh
- Change the mode for both files:
·
chmod
+x keystone_basic.sh
chmod +x keystone_endpoints_basic.sh
- In the keystone_basic.sh script,
change the $HOST_IP variable to your X.X.X.232 address
- In the
keystone_endpoints_basic.sh script, change the $HOST_IP, $EXT_HOST_IP,
& $MYSQL_HOST variables to your X.X.X.232 address and then execute the
scripts.
- Note: Double check your work
here, screwing up keystone can be a pain to recover from:
·
vi
keystone_basic.sh
·
vi
keystone_endpoints_basic.sh
·
./keystone_basic.sh
./keystone_endpoints_basic.sh
- The keystone_basic.sh script
has no output, but keystone_endpoints_basic.sh should kick out something similar
to this:
·
+-------------+----------------------------------+
·
| Property
| Value |
·
+-------------+----------------------------------+
·
|
description | OpenStack Compute
Service |
·
| id
| 2801693507a44570a7439245b20ea0cd |
·
| name
| nova |
·
| type
| compute |
·
+-------------+----------------------------------+
·
+-------------+----------------------------------+
·
| Property
| Value |
·
+-------------+----------------------------------+
·
|
description | OpenStack Volume
Service |
·
| id
| b80f524c06464c0c8af80942a1c94f78 |
·
| name
| cinder |
·
| type
| volume |
·
+-------------+----------------------------------+
·
+-------------+----------------------------------+
·
| Property
| Value |
·
+-------------+----------------------------------+
·
|
description | OpenStack Image Service |
·
| id
| 9326c1e4d4bc4e748bd8387fa5279bd0 |
·
| name
| glance |
·
| type
| image |
·
+-------------+----------------------------------+
·
+-------------+----------------------------------+
·
| Property
| Value |
·
+-------------+----------------------------------+
·
|
description | OpenStack
Identity |
·
| id
| 7fd27d54ac7c476cb36ef7d0002b9fda |
·
| name
| keystone |
·
| type
| identity |
·
+-------------+----------------------------------+
·
+-------------+----------------------------------+
·
| Property
| Value |
·
+-------------+----------------------------------+
·
|
description | OpenStack EC2
service |
·
| id
| 7ce8ae8b16774c3f82e0eeecea60520a |
·
| name
| ec2 |
·
| type
| ec2 |
·
+-------------+----------------------------------+
·
+-------------+----------------------------------+
·
| Property
| Value |
·
+-------------+----------------------------------+
·
|
description | OpenStack Networking
service |
·
| id
| 8777783c2f9f4ae3a3a6a501833ab021 |
·
| name
| quantum |
·
| type
| network |
·
+-------------+----------------------------------+
·
+-------------+-------------------------------------------+
·
| Property
| Value |
·
+-------------+-------------------------------------------+
·
| adminurl
| http://10.32.14.232:8774/v2/$(tenant_id)s |
·
| id
|
ecfcff81220c45ce9f13ca000f1c4fa7
|
·
| internalurl
| http://10.32.14.232:8774/v2/$(tenant_id)s |
·
| publicurl
| http://10.32.14.232:8774/v2/$(tenant_id)s |
·
| region
| RegionOne |
·
| service_id | 2801693507a44570a7439245b20ea0cd |
·
+-------------+-------------------------------------------+
·
+-------------+-------------------------------------------+
·
| Property
| Value |
·
+-------------+-------------------------------------------+
·
| adminurl
| http://10.32.14.232:8776/v1/$(tenant_id)s |
·
| id
|
420959377cde408a865445b0ea743a19
|
·
|
internalurl | http://10.32.14.232:8776/v1/$(tenant_id)s |
·
| publicurl
| http://10.32.14.232:8776/v1/$(tenant_id)s |
·
| region
| RegionOne |
·
| service_id | b80f524c06464c0c8af80942a1c94f78 |
·
+-------------+-------------------------------------------+
·
+-------------+----------------------------------+
·
| Property
| Value |
·
+-------------+----------------------------------+
·
| adminurl
|
http://10.32.14.232:9292/v2 |
·
| id
| f2c0b4ea7bed4a8aa2d44b140df73a0d |
·
|
internalurl |
http://10.32.14.232:9292/v2 |
·
| publicurl
|
http://10.32.14.232:9292/v2 |
·
| region
| RegionOne |
·
| service_id | 9326c1e4d4bc4e748bd8387fa5279bd0
|
·
+-------------+----------------------------------+
·
+-------------+----------------------------------+
·
| Property
| Value |
·
+-------------+----------------------------------+
·
| adminurl
|
http://10.32.14.232:35357/v2.0 |
·
| id
| ef0fb3dfa5f74f70a2059dd015e7743d |
·
|
internalurl |
http://10.32.14.232:5000/v2.0 |
·
| publicurl
|
http://10.32.14.232:5000/v2.0 |
·
| region
| RegionOne |
·
| service_id | 7fd27d54ac7c476cb36ef7d0002b9fda
|
·
+-------------+----------------------------------+
·
+-------------+-----------------------------------------+
·
| Property
| Value |
·
+-------------+-----------------------------------------+
·
| adminurl
| http://10.32.14.232:8773/services/Admin |
·
| id
|
e5a40371df6e47e79dc78bb61591fc87
|
·
|
internalurl | http://10.32.14.232:8773/services/Cloud |
·
| publicurl
| http://10.32.14.232:8773/services/Cloud |
·
| region
| RegionOne |
·
| service_id | 7ce8ae8b16774c3f82e0eeecea60520a |
·
+-------------+-----------------------------------------+
·
+-------------+----------------------------------+
·
| Property
| Value |
·
+-------------+----------------------------------+
·
| adminurl
|
http://10.32.14.232:9696/ |
·
| id
| 8396e30ecbf14f3d9bd97d489f7407ea |
·
|
internalurl | http://10.32.14.232:9696/ |
·
| publicurl
|
http://10.32.14.232:9696/ |
·
| region
| RegionOne |
·
| service_id | 8777783c2f9f4ae3a3a6a501833ab021
|
+-------------+----------------------------------+
- Let’s create our OpenStack
credential file and load it so we won’t be bothered later:
vi creds
- Paste the following text:
·
export
OS_NO_CACHE=1
·
export
OS_TENANT_NAME=admin
·
export
OS_USERNAME=admin
·
export
OS_PASSWORD=admin_pass
export
OS_AUTH_URL="http://10.32.14.232:5000/v2.0/"
- Load the file:
source creds
- Let’s just do a quick test to
see if Keystone is up:
·
apt-get
install curl openssl
curl http://10.32.14.232:35357/v2.0/endpoints -H
'x-auth-token: ADMIN' | python -m json.tool
- It should kick out something
like this:
·
{
·
"endpoints": [
·
{
·
"adminurl": "http://10.32.14.232:8776/v1/$(tenant_id)s",
·
"id": "0fe6ddf16ce344989adb22a644befa48",
·
"internalurl": "http://10.32.14.232:8776/v1/$(tenant_id)s",
·
"publicurl": "http://10.32.14.232:8776/v1/$(tenant_id)s",
·
"region": "RegionOne",
·
"service_id": "d0a8dbeac60845aaa1fa043c23177d5e"
·
},
·
{
·
"adminurl": "http://10.32.14.232:35357/v2.0",
·
"id": "7811cbbf4c3042f1a6b97d19a9ceace5",
·
"internalurl": "http://10.32.14.232:5000/v2.0",
·
"publicurl": "http://10.32.14.232:5000/v2.0",
·
"region": "RegionOne",
·
"service_id": "00685df9e085427a97837892622ca4b2"
·
},
·
{
·
"adminurl": "http://10.32.14.232:8774/v2/$(tenant_id)s",
·
"id": "826a7b77f108414ea4be8eb06d3b0c96",
·
"internalurl": "http://10.32.14.232:8774/v2/$(tenant_id)s",
·
"publicurl": "http://10.32.14.232:8774/v2/$(tenant_id)s",
·
"region": "RegionOne",
·
"service_id": "1a7bd347252049d9921703d45c1182dc"
·
},
·
{
·
"adminurl": "http://10.32.14.232:9696/",
·
"id": "b0974d6c9bbb4f2cab281f3ff5bcd412",
·
"internalurl": "http://10.32.14.232:9696/",
·
"publicurl": "http://10.32.14.232:9696/",
·
"region": "RegionOne",
·
"service_id": "fc2b6886fd8241448d4f3b0c9a960bf0"
·
},
·
{
·
"adminurl": "http://10.32.14.232:9292/v2",
·
"id": "c49d46bc5a62445ea60dc568abc954bb",
·
"internalurl": "http://10.32.14.232:9292/v2",
·
"publicurl": "http://10.32.14.232:9292/v2",
·
"region": "RegionOne",
·
"service_id": "574f359c07fc449ab6b0b4fad42b2df9"
·
},
·
{
·
"adminurl": "http://10.32.14.232:8773/services/Admin",
·
"id": "d50733db9848451596c84b782906cba1",
·
"internalurl": "http://10.32.14.232:8773/services/Cloud",
·
"publicurl": "http://10.32.14.232:8773/services/Cloud",
·
"region": "RegionOne",
·
"service_id": "a0fdb3cd3a234cada512ba0a75a6df56"
·
}
·
]
·
}
Install and configure Glance
- Now, let’s continue by
installing the image storage service (Glance):
apt-get install glance
- Let’s create a new MySQL
database for Glance:
·
mysql
-u root -p
·
CREATE
DATABASE glance;
·
GRANT
ALL ON glance.* TO 'glanceUser'@'%' IDENTIFIED BY 'glancePass';
quit;
- Next, replace the existing
filter:authtoken section in /etc/glance/glance-api-paste.ini with:
·
vi
/etc/glance/glance-api-paste.ini
·
·
[filter:authtoken]
·
paste.filter_factory
= keystone.middleware.auth_token:filter_factory
·
auth_host
= 10.32.14.232
·
auth_port
= 35357
·
auth_protocol
= http
·
admin_tenant_name
= service
·
admin_user
= glance
admin_password = service_pass
- Then, update
/etc/glance/glance-registry-paste.ini with:
·
vi
/etc/glance/glance-registry-paste.ini
·
·
[filter:authtoken]
·
paste.filter_factory
= keystone.middleware.auth_token:filter_factory
·
auth_host
= 10.32.14.232
·
auth_port
= 35357
·
auth_protocol
= http
·
admin_tenant_name
= service
·
admin_user
= glance
admin_password = service_pass
- Open
/etc/glance/glance-api.conf and update with the following:
·
vi
/etc/glance/glance-api.conf
·
·
sql_connection
= mysql://glanceUser:glancePass@10.32.14.232/glance
·
·
[paste_deploy]
flavor = keystone
- Update the
/etc/glance/glance-registry.conf:
·
vi
/etc/glance/glance-registry.conf
·
·
sql_connection
= mysql://glanceUser:glancePass@10.32.14.232/glance
·
·
[paste_deploy]
flavor = keystone
- Restart the glance-api and
glance-registry services:
service glance-api restart; service glance-registry
restart
- Sync databases:
glance-manage db_sync
- Note: You’ll probably get a
warning, reminding you that ‘useexisting’ is deprecated. That’s normal,
don’t worry about it.
- Restart the services again to
take into account the new modifications
service glance-registry restart; service glance-api restart
- Now, let’s test the Glance
installation by installing the cirros cloud image from the Launchpad mirror:
·
mkdir
images
·
cd
images
·
wget
https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
glance image-create --name NimbulaTest --is-public true
--container-format bare --disk-format qcow2 < cirros-0.3.0-x86_64-disk.img
- That last command should
produce output similar to:
·
+-----------------+------------------------------------+
·
|
Property | Value |
·
+----------------+------------------------------------+
·
|
checksum | 50bdc35edb03a38d91b1b071afb20a3c |
·
|
container_format | bare |
·
| created_at
| 2012-12-04T21:52:49 |
·
|
deleted | False |
·
|
deleted_at | None |
·
|
disk_format | qcow2 |
·
| id
| 9f045abf-3aa4-40d9-a9e1-7ab7bfa3e1ef |
·
|
is_public | True |
·
|
min_disk | 0 |
·
|
min_ram | 0 |
·
|
name | NimbulaTest |
·
|
owner | b302c28c0f0e4d2f8f4d99553fc3971f |
·
|
protected | False |
·
|
size | 9761280 |
·
|
status | active |
·
|
updated_at | 2012-12-04T21:52:50 |
+----------------+------------------------------------+
- Now let’s make sure it
uploaded, by using glance’s image list:
glance image-list
- It should return something like
this:
·
+--------------------------------------+-------------+-------------+------------------+---------+--------+
·
|
ID |
Name | Disk Format | Container
Format | Size | Status |
·
+--------------------------------------+-------------+-------------+------------------+---------+--------+
·
|
74cec29b-76a1-4e89-8060-f0e2623ae5bf | NimbulaTest | qcow2 | bare | 9761280 | active |
+--------------------------------------+-------------+-------------+------------------+---------+--------+
Setup networking
- Now, time to install
bridge-utils:
apt-get install -y bridge-utils
- Reconfigure
/etc/network/interfaces:
·
vi
/etc/network/interfaces
·
·
#
This file describes the network interfaces available on your system
·
#
and how to activate them. For more information, see interfaces(5).
·
#
The loopback network interface
·
auto
lo
·
iface
lo inet loopback
·
#
The primary network interface
·
auto
br100
·
iface
br100 inet static
·
address 10.32.14.232
·
netmask 255.255.255.0
·
network 10.32.14.0
·
broadcast 10.32.14.255
·
gateway 10.32.14.1
·
# dns-* options are implemented by the
resolvconf package, if installed
·
dns-nameservers 172.16.0.16
·
dns-search mtv.nimbula.org
·
bridge_ports eth0
·
bridge_stp off
·
bridge_maxwait 0
bridge_fd 0
- Ensure that you setup the
bridge and then restart networking:
sudo brctl addbr br100; sudo /etc/init.d/networking
restart
Install and configure Nova
- Time to install Nova (and some
other packages):
apt-get install -y nova-api nova-cert novnc
nova-consoleauth nova-scheduler nova-novncproxy nova-network
- We are also going to remove the
Quantum endpoint and service, the script we ran earlier assumes that we
will use Quantum instead of nova-networks, and having both endpoints on
the same installation can cause some serious conflicts:
- First, get the endpoint ID:
keystone endpoint-list | grep 9696
- It will return output similar
to this:
| b0974d6c9bbb4f2cab281f3ff5bcd412 | RegionOne |
http://192.168.161.232:9696/ | http://192.168.161.232:9696/ |
http://192.168.161.232:9696/ |
- Grab the ID from the output and
then remove that endpoint:
keystone endpoint-delete b0974d6c9bbb4f2cab281f3ff5bcd412
- Next, find the Quantum service
ID:
keystone service-list | grep quantum
- It will return output similar
to this:
| 9e3b400f6531414c93262644f20cfda1 | quantum |
network | OpenStack Networking
Service |
- Grab the ID from the output and
then remove that service:
keystone service-delete 9e3b400f6531414c93262644f20cfda1
- Prepare a MySQL database for
Nova:
·
mysql
-u root -p
·
CREATE
DATABASE nova;
·
GRANT
ALL ON nova.* TO 'novaUser'@'%' IDENTIFIED BY 'novaPass';
quit;
- Now, let’s modify the authtoken
section in the /etc/nova/api-paste.ini file:
·
[filter:authtoken]
·
paste.filter_factory
= keystone.middleware.auth_token:filter_factory
·
auth_host
= 10.32.14.232
·
auth_port
= 35357
·
auth_protocol
= http
·
admin_tenant_name
= service
·
admin_user
= nova
·
admin_password
= service_pass
signing_dirname = /tmp/keystone-signing-nova
- Next up is the
/etc/nova/nova.conf file:
·
[DEFAULT]
·
logdir=/var/log/nova
·
state_path=/var/lib/nova
·
lock_path=/run/lock/nova
·
verbose=True
·
api_paste_config=/etc/nova/api-paste.ini
·
scheduler_driver=nova.scheduler.simple.SimpleScheduler
·
s3_host=10.32.14.232
·
ec2_host=10.32.14.232
·
ec2_dmz_host=10.32.14.232
·
rabbit_host=10.32.14.232
·
cc_host=10.32.14.232
·
metadata_host=10.32.14.232
·
metadata_listen=0.0.0.0
·
nova_url=http://10.32.14.232:8774/v1.1/
·
sql_connection=mysql://novaUser:novaPass@10.32.14.232/nova
·
ec2_url=http://10.32.14.232:8773/services/Cloud
·
root_helper=sudo
nova-rootwrap /etc/nova/rootwrap.conf
·
·
#
Auth
·
use_deprecated_auth=false
·
auth_strategy=keystone
·
keystone_ec2_url=http://10.32.14.232:5000/v2.0/ec2tokens
·
#
Imaging service
·
glance_api_servers=10.32.14.232:9292
·
image_service=nova.image.glance.GlanceImageService
·
·
#
Vnc configuration
·
novnc_enabled=true
·
novncproxy_base_url=http://10.32.14.232:6080/vnc_auto.html
·
novncproxy_port=6080
·
vncserver_proxyclient_address=10.32.14.232
·
vncserver_listen=0.0.0.0
·
·
#
NETWORK
·
network_manager=nova.network.manager.FlatDHCPManager
·
force_dhcp_release=True
·
dhcpbridge_flagfile=/etc/nova/nova.conf
·
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
·
#
Change my_ip to match each host
·
my_ip=10.32.14.232
·
public_interface=br100
·
vlan_interface=eth0
·
flat_network_bridge=br100
·
flat_interface=eth0
·
#Note
the different pool, this will be used for instance range
·
fixed_range=10.33.14.0/24
·
·
#
Compute #
·
compute_driver=libvirt.LibvirtDriver
·
·
#
Cinder #
·
volume_api_class=nova.volume.cinder.API
osapi_volume_listen_port=5900
- Now, sync your database:
nova-manage db sync
- Note: You may get some debug
output mentioning ‘nova.db.sqlalchemy.migration’. That’s normal, don’t
worry about it.
- Restart all of your nova-*
services:
cd /etc/init.d/; for i in $(ls nova-*); do sudo service $i
restart; done
- Make sure all of your services
are up and happy:
nova-manage service list
- You should get something like
this:
·
Binary Host Zone Status State Updated_At
·
nova-cert folsom-1 nova enabled :-)
2012-11-06 18:30:58
·
nova-consoleauth
folsom-1
nova enabled :-)
2012-11-06 18:30:57
·
nova-scheduler folsom-1 nova enabled :-)
2012-11-06 18:31:05
nova-network
folsom-1
nova enabled :-)
2012-11-06 18:31:09
- Note: You may get some debug
output mentioning ‘nova.db.sqlalchemy.migration’. That’s normal, don’t
worry about it.
Install and configure Cinder
- Now, it’s time to install
Cinder, this new OpenStack project aims at managing the volumes for VM’s.
It replaces nova-volumes:
apt-get install cinder-api cinder-scheduler cinder-volume
iscsitarget iscsitarget-dkms
- Prepare a MySQL database for
Cinder:
·
mysql
-u root -p
·
CREATE
DATABASE cinder;
·
GRANT
ALL ON cinder.* TO 'cinderUser'@'%' IDENTIFIED BY 'cinderPass';
quit;
- Configure api-paste.ini by
following this template:
·
vi
/etc/cinder/api-paste.ini
·
·
[filter:authtoken]
·
paste.filter_factory
= keystone.middleware.auth_token:filter_factory
·
service_protocol
= http
·
service_host
= 10.32.14.232
·
service_port
= 5000
·
auth_host
= 10.32.14.232
·
auth_port
= 35357
·
auth_protocol
= http
·
admin_tenant_name
= service
·
admin_user
= cinder
admin_password = service_pass
- Open cinder.conf and change it
to the following:
·
vi /etc/cinder/cinder.conf
·
·
[DEFAULT]
·
rootwrap_config=/etc/cinder/rootwrap.conf
·
sql_connection
= mysql://cinderUser:cinderPass@10.32.14.232/cinder
·
api_paste_confg
= /etc/cinder/api-paste.ini
·
iscsi_helper=ietadm
·
volume_name_template
= volume-%s
·
volume_group
= cinder-volumes
·
verbose
= True
·
auth_strategy
= keystone
#osapi_volume_listen_port=5900
- Time to synchronize the
database, yet again:
cinder-manage db sync
- Now, let’s create a volume
group, name it cinder-volumes, and make sure that it persists after a reboot:
·
dd
if=/dev/zero of=cinder-volumes bs=1 count=0 seek=2G
·
losetup
/dev/loop2 cinder-volumes
fdisk /dev/loop2
- And at the fdisk prompt, enter
the following commands:
·
n
·
p
·
1
·
ENTER
·
ENTER
·
t
·
8e
w
- Proceed to create the physical
volume and then the volume group itself:
·
pvcreate
/dev/loop2
vgcreate cinder-volumes /dev/loop2
- Now, let’s add this to the
rc.local to make sure that we don’t lose this volume on a server reboot
- Add the following to the file
before the exit 0 line:
·
#the
path is wherever you ran the previous two steps + "cinder-volumes"
losetup /dev/loop2 <PATH_TO_VG>
Install and configure Horizon
- Finally, we are almost done. On
to the Horizon interface:
apt-get install openstack-dashboard memcached
- Some users (including myself)
have encountered a few bugs when using the default Ubuntu theme. Disable
it by doing the following:
·
vi /etc/openstack-dashboard/local_settings.py
·
·
#Comment these lines
·
#Enable the Ubuntu theme if it is present.
·
#try:
·
# from ubuntu_theme import *
·
#except ImportError:
·
# pass
- Horizon now requires a reboot
to authenticate properly. Reboot and when the machine is ready, start all
of your nova services:
·
reboot
cd /etc/init.d/; for i in $(ls nova-*); do sudo service $i
start; done
Compute Node
Updating your system
- Now, all we have to do is add a
compute node. Log onto the next available node on your cluster. (repeat
for as many nodes as you’d like)
- Start by updating your system
as root:
·
sudo
su
·
apt-get
update
·
apt-get
upgrade
apt-get dist-upgrade
Install and configure the NTP service
- Install the NTP service:
apt-get install ntp
- Configure the NTP server to
follow the controller node:
·
sed
-i 's/server ntp.ubuntu.com/server 10.32.14.232/' /etc/ntp.conf
service ntp restart
Setup vlan, bridge-utils, and KVM
- Install other miscellaneous services:
apt-get install vlan bridge-utils
- Enable IP_Forwarding
o by uncommenting net.ipv4.ip_forward=1 in
/etc/sysctl.conf:
o
vi /etc/sysctl.conf
o or alternatively, to avoid editing any files:
o
echo
"net.ipv4.ip_forward=1" > /etc/sysctl.d/99-openstack-ipv4-forwarding.conf
service procps start
- Now, run systcl with the
updated configuration:
·
sysctl
-p
- Next, check if you can install
KVM on your machine:
apt-get install cpu-checker
- Then run:
·
kvm-ok
- You should get a response similar
to:
KVM acceleration can be used
- Now that we are all clear,
let’s install kvm and configure it:
apt-get install -y kvm libvirt-bin pm-utils
- Edit the cgroup_device_acl
array in the qemu.conf file to:
·
vi /etc/libvirt/qemu.conf
·
·
cgroup_device_acl
= [
·
"/dev/null", "/dev/full", "/dev/zero",
·
"/dev/random", "/dev/urandom",
·
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
·
"/dev/rtc", "/dev/hpet", "/dev/net/tun"
·
]
- Delete the default virtual
bridge:
·
virsh
net-destroy default
virsh net-undefine default
Setup live migration
- Enable live migration by
uncommenting the listen_tls = 0, listen_tcp = 1, and auth_tcp = “none”
fields in the libvirtd.conf file. Don’t touch any of the other existing
settings:
·
vi /etc/libvirt/libvirtd.conf
·
·
listen_tls
= 0
·
listen_tcp
= 1
·
auth_tcp
= "none"
- Edit libvirtd_opts variable in
the libvirt-bin.conf file:
·
vi /etc/init/libvirt-bin.conf
- Find env libvirtd_opts and set
it to:
env libvirtd_opts="-d -l"
- Edit the same field in
/etc/default/libvirt-bin and again, set it to:
·
libvirtd_opts="-d -l"
- Restart the libvirt service to
apply the changes:
service libvirt-bin restart
Install and configure nova-network
- Now, time to install
nova-network and bridge-utils:
apt-get install nova-network bridge-utils
- Now, let’s configure our
interfaces file similar to our first node. (this time we will just use a
different IP):
·
vi
/etc/network/interfaces
·
·
#
This file describes the network interfaces available on your system
·
#
and how to activate them. For more information, see interfaces(5).
·
#
The loopback network interface
·
auto
lo
·
iface
lo inet loopback
·
#
The primary network interface
·
auto
br100
·
iface
br100 inet static
·
address 10.32.14.234
·
netmask 255.255.255.0
·
network 10.32.14.0
·
broadcast 10.32.14.255
·
gateway 10.32.14.1
·
# dns-* options are implemented by the
resolvconf package, if installed
·
dns-nameservers 172.16.0.16
·
dns-search mtv.nimbula.org
·
bridge_ports eth0
·
bridge_stp off
·
bridge_maxwait 0
bridge_fd 0
- Now, make sure the br100 is
added and restart the networking services:
brctl addbr br100; /etc/init.d/networking restart
Install and configure nova-api and nova-compute
- Now, let’s install the compute
packages:
apt-get install nova-api-metadata nova-compute-kvm
- Now, modify the authtoken
section in api-paste.ini:
·
vi
/etc/nova/api-paste.ini
·
·
[filter:authtoken]
·
paste.filter_factory
= keystone.middleware.auth_token:filter_factory
·
auth_host
= 10.32.14.232
·
auth_port
= 35357
·
auth_protocol
= http
·
admin_tenant_name
= service
·
admin_user
= nova
·
admin_password
= service_pass
signing_dirname = /tmp/keystone-signing-nova
- Next up, edit the
nova-compute.conf:
·
vi /etc/nova/nova-compute.conf
·
·
[DEFAULT]
·
libvirt_type=kvm
- Now, time for the good ol’
nova.conf again:
·
vi
/etc/nova/nova.conf
·
·
[DEFAULT]
·
logdir=/var/log/nova
·
state_path=/var/lib/nova
·
lock_path=/run/lock/nova
·
verbose=True
·
api_paste_config=/etc/nova/api-paste.ini
·
scheduler_driver=nova.scheduler.simple.SimpleScheduler
·
s3_host=10.32.14.232
·
ec2_host=10.32.14.232
·
ec2_dmz_host=10.32.14.232
·
rabbit_host=10.32.14.232
·
cc_host=10.32.14.232
·
metadata_host=10.32.14.234
·
metadata_listen=0.0.0.0
·
nova_url=http://10.32.14.232:8774/v1.1/
·
sql_connection=mysql://novaUser:novaPass@10.32.14.232/nova
·
ec2_url=http://10.32.14.232:8773/services/Cloud
·
root_helper=sudo
nova-rootwrap /etc/nova/rootwrap.conf
·
·
#
Auth
·
use_deprecated_auth=false
·
auth_strategy=keystone
·
keystone_ec2_url=http://10.32.14.232:5000/v2.0/ec2tokens
·
#
Imaging service
·
glance_api_servers=10.32.14.232:9292
·
image_service=nova.image.glance.GlanceImageService
·
·
#
Vnc configuration
·
novnc_enabled=true
·
novncproxy_base_url=http://10.32.14.232:6080/vnc_auto.html
·
novncproxy_port=6080
·
vncserver_proxyclient_address=10.32.14.234
·
vncserver_listen=0.0.0.0
·
·
#
NETWORK
·
network_manager=nova.network.manager.FlatDHCPManager
·
force_dhcp_release=True
·
dhcpbridge=/usr/bin/nova-dhcpbridge
·
dhcpbridge_flagfile=/etc/nova/nova.conf
·
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
·
#
Change my_ip to match each host
·
my_ip=10.32.14.234
·
public_interface=br100
·
vlan_interface=eth0
·
flat_network_bridge=br100
·
flat_interface=eth0
·
#Note
the different pool, this will be used for instance range
·
fixed_range=10.33.14.0/24
·
·
#
Compute #
·
compute_driver=libvirt.LibvirtDriver
·
·
#
Cinder #
·
volume_api_class=nova.volume.cinder.API
osapi_volume_listen_port=5900
- Resync your databases:
nova-manage db sync
- Restart services to update
changes:
cd /etc/init.d/; for i in $(ls nova-*); do sudo service $i
restart; done
- Check to make sure your
services are in a good mood:
nova-manage service list
- You should now see a mix of
services running on multiple nodes:
·
Binary Host Zone Status State Updated_At
·
nova-cert folsom-1 nova enabled :-)
2012-11-08 00:26:03
·
nova-consoleauth
folsom-1
nova enabled :-)
2012-11-08 00:26:03
·
nova-scheduler folsom-1 nova enabled :-)
2012-11-08 00:26:04
·
nova-network folsom-1 nova enabled :-)
2012-11-08 00:26:04
·
nova-compute folsom-2 nova enabled :-)
2012-11-08 00:26:00
nova-network
folsom-2
nova enabled :-)
2012-11-08 00:26:00
- Note: You may get some debug
output mentioning ‘nova.db.sqlalchemy.api’. That’s normal, don’t worry
about it.
Setting up projects using Horizon
- Now, log onto OpenStack horizon
by visiting the URL: http://10.32.14.232/horizon and logging in with the credentials:
·
username:
admin
password: admin_pass
- Next, navigate to the
“Projects” tab on the bottom left of the landing screen:
- Now, in the new pane go ahead and
click the “Create Project” button in the top right. You will be greeted
with a modal dialog like so:
- Fill in the fields presented,
and don’t forget the tabs on top. Make sure you add yourself as a project
member:
- Now, your new project should be
behind the modal grid. Find your new project and the corresponding row.
Copy the “Project ID” to your clipboard, we’ll use it in the next step:
Creating a network
- We are almost finished. Now
it’s time to create a network and bind it to that project:
- Note: Remember to use the
instance network:
nova-manage network create --label=NimbulaNetwork
--fixed_range_v4=10.33.14.0/24 --bridge=br100
--project_id=<InsertProjectIDHere> --num_networks=1 --multi_host=T
- Now, you are done. No
seriously. Go to http://10.32.14.232/horizon (or whatever your IP is) and then select your
project, find an image, and launch and instance.
Tips & Tricks
Removing ‘error’ state
instances
So, it’s entirely possible that you screw up your network the
first time, maybe you give it the wrong IP Pool, or maybe you assign it to the
wrong project. Now, all of your instances are in the error state and you can’t
delete them. Luckily, I’ve already found two very simple and undocumented
processes of removing them.
- Jump on your first node, open
up the terminal as root, and plugin the following commands:
·
service
nova-network stop
·
nova-manage
project scrub <ProjectName>
nova-manage network list
- It should return something like
this:
·
id IPv4 IPv6 start address DNS1 DNS2 VlanID project uuid
3
10.33.14.0/24 None 10.33.14.2 8.8.4.4 None None Nimbula 8ccdef11-7070-4852-a212-31c3ddedccd3
- Find the network you want to
remove and copy the IPv4 section:
nova-manage network delete 10.33.14.0/24
- Now, we’ve got to get rid of
those error state instances:
nova list | grep ERROR
- That command should return a
list of all ERROR state instances:
·
+------+------------+--------+--------------------------------+
·
| ID
| Name | Status | Networks |
·
+------+------------+--------+--------------------------------+
·
|
1805 | testserver | ERROR |
private=10.4.96.81 |
+------+------------+--------+--------------------------------+
- To delete, plug in their names
to the following command(s):
nova reset-state –active <name> nova delete <name>
- If those two commands don’t
work, we can take more drastic measures:
vi DeleteInstances.sh
- Paste the following in:
·
#!/bin/bash
·
mysql
-uroot -ppassword << EOF
·
use
nova;
·
DELETE
a FROM nova.security_group_instance_association AS a INNER JOIN nova.instances
AS b ON a.instance_id=b.id where b.uuid='$1';
·
DELETE
FROM nova.instance_info_caches WHERE instance_id='$1';
·
DELETE
FROM nova.instances WHERE uuid='$1';
EOF
- Save it by hitting ESC, then
”:”, then x, and hitting Enter - Then make sure it’s executable by using
the following:
chmod +x DeleteInstances.sh
- And run it:
./DeleteInstances.sh
Floating IP setup
- First create a dedicated pool:
sudo nova-mange floating create --pool pool_auto_assign
--ip_range X.X.X.X/X
- Then modify the nova.conf with
these flags:
·
vi /etc/nova/nova.conf
·
·
default_floating_pool
= pool_auto_assign
·
floating_range
= X.X.X.X/X
·
auto_assign_floating_ip
= True
- You may also want to increase
the floating IP’s quota (this is also in the /etc/nova/nova.conf):
·
quota_floating_ips
= 50
- Then, we need to restart
nova-network:
sudo service nova-network restart
0 comments:
Post a Comment