Difference between revisions of "OpenStack: Install Icehouse on Centos 6.5"

From Define Wiki
Jump to navigation Jump to search
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
* Based on the instructions here: http://docs.openstack.org/icehouse/install-guide/install/yum/content/
 
* Based on the instructions here: http://docs.openstack.org/icehouse/install-guide/install/yum/content/
 
* 3 system setup, each with Centos6.5 minimal and both 1GB interfaces plugged in (172.28 eth0  / 192.168.0 eth1)  
 
* 3 system setup, each with Centos6.5 minimal and both 1GB interfaces plugged in (172.28 eth0  / 192.168.0 eth1)  
 +
 +
[[File:Installguide_arch-neutron.png]]
  
 
== Initial Setup ==
 
== Initial Setup ==
Line 52: Line 54:
 
<syntaxhighlight>
 
<syntaxhighlight>
 
yum -y install yum-plugin-priorities
 
yum -y install yum-plugin-priorities
 +
# bug fix, seems to remove the need for the above - but anyway:
 +
sed -i "s/enabled = 1/enabled = 0/g" /etc/yum/pluginconf.d/priorities.conf
 
yum -y install http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm
 
yum -y install http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm
 
yum -y install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
 
yum -y install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Line 61: Line 65:
 
== Install the Messaging Server ==
 
== Install the Messaging Server ==
 
* Install on the '''control''' node (but can be installed anywhere - the eg. has everything on the control node)
 
* Install on the '''control''' node (but can be installed anywhere - the eg. has everything on the control node)
 +
<syntaxhighlight>
 +
yum -y install qpid-cpp-server
 +
sed -i "s/auth=yes/auth=no/g" /etc/qpidd.conf
 +
service qpidd start
 +
chkconfig qpidd on
 +
</syntaxhighlight>
 +
 +
== Install and Configure the Identity Service (Keystone) ==
 +
* Install on the '''control''' node
 +
<syntaxhighlight>
 +
yum -y install openstack-keystone python-keystoneclient
 +
openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:password@controller/keystone
 +
</syntaxhighlight>
 +
 +
* Setup a keystone DB
 +
<syntaxhighlight>
 +
$ mysql -u root -p
 +
mysql> CREATE DATABASE keystone;
 +
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'  IDENTIFIED BY 'password';
 +
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'  IDENTIFIED BY 'password';
 +
mysql> exit
 +
</syntaxhighlight>
 +
 +
* '''Alternative was to create keystone and other DBs''' - from the redhat open lab
 +
<syntaxhighlight>
 +
[root@ospctrl0-1f47 ~]# /root/osp_sql_create keystone keystone
 +
 +
CREATE DATABASE keystone;
 +
GRANT ALL ON keystone.* TO 'keystone'@'ospctrl0-1f47.rhpds.opentlc.com' IDENTIFIED BY 'redhat';
 +
GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'redhat';
 +
GRANT ALL ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'redhat';
 +
FLUSH PRIVILEGES;
 +
quit
 +
 +
# Verify the preceding MySQL commands are correct.
 +
# Then execute the following command to create the database.
 +
 +
mysql -u root -p < /root/keystone.sql
 +
 +
[root@ospctrl0-1f47 ~]# cat /root/osp_sql_create
 +
#!/bin/bash
 +
# Helper script for creating Service Databases
 +
 +
X="$1"
 +
Y="$2"
 +
Z="$3"
 +
myname="osp_sql_create.sh"
 +
 +
S0="\n${myname} {db_name} {dbuser_name}] [{password}]\n\n\t{db_name}\tName of New Database\n\n\t{dbuser_name}\tName of DB User\n\t\t\t(may or not match DB Name)\n\n\t{password}\tPassword\n\t\t\t(defaults to 'redhat')\n"
 +
if [ "${X}" == "" ] ; then echo -e "${S0}" ; exit 127 ; fi
 +
if [ "${Y}" == "" ] ; then echo -e "${S0}" ; exit 127 ; fi
 +
[ "${Z}" == "" ] && Z="redhat"
 +
 +
# Filename
 +
dtstamp="`date +%Y%m%d_%H%M%S`"
 +
myfile="/root/${X}.sql"
 +
touch ${myfile}
 +
if [ $? -ne 0 ] ; then echo -e "${myname}(ERROR):  Can NOT create file (${myfile})" ; exit 63 ; fi
 +
 +
# Write file
 +
echo "CREATE DATABASE ${X};" >> ${myfile}
 +
echo "GRANT ALL ON ${X}.* TO '${Y}'@'`uname -n`' IDENTIFIED BY '${Z}';" >> ${myfile}
 +
echo "GRANT ALL ON ${X}.* TO '${Y}'@'%' IDENTIFIED BY '${Z}';" >> ${myfile}
 +
echo "GRANT ALL ON ${X}.* TO '${Y}'@'localhost' IDENTIFIED BY '${Z}';" >> ${myfile}
 +
echo "FLUSH PRIVILEGES;" >> ${myfile}
 +
echo "quit" >> ${myfile}
 +
echo -e ""
 +
cat ${myfile}
 +
echo -e "\n# Verify the preceding MySQL commands are correct.\n# Then execute the following command to create the database."
 +
echo -e "\nmysql -u root -p < ${myfile}\n"
 +
 +
 +
</syntaxhighlight>
 +
 +
* Do lots more stuff
 +
<syntaxhighlight>
 +
# create the DB tables
 +
su -s /bin/sh -c "keystone-manage db_sync" keystone
 +
# setup a token
 +
ADMIN_TOKEN=$(openssl rand -hex 10)
 +
echo $ADMIN_TOKEN
 +
# Note admin token as you will need later on
 +
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
 +
# setup pki keys
 +
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
 +
chown -R keystone:keystone /etc/keystone/ssl
 +
chmod -R o-rwx /etc/keystone/ssl
 +
</syntaxhighlight>
 +
 +
* Start the service and enable on boot
 +
<syntaxhighlight>
 +
service openstack-keystone start
 +
chkconfig openstack-keystone on
 +
</syntaxhighlight>
 +
 +
* Optional: Purge the tokens every hour as they are typically kept indefinitely.
 +
<syntaxhighlight>
 +
(crontab -l -u keystone 2>&1 | grep -q token_flush) || \
 +
echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone
 +
</syntaxhighlight>
 +
 +
* Define users / tenants / roles
 +
<syntaxhighlight>
 +
# Assuming your still in the same shell as above
 +
export OS_SERVICE_TOKEN=$ADMIN_TOKEN
 +
export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0
 +
</syntaxhighlight>
 +
 +
* Create the admin user
 +
<syntaxhighlight>
 +
keystone user-create --name=admin --pass=password --email=david.power@boston.co.uk
 +
keystone role-create --name=admin
 +
keystone tenant-create --name=admin --description="Admin Tenant"
 +
keystone user-role-add --user=admin --tenant=admin --role=admin
 +
keystone user-role-add --user=admin --role=_member_ --tenant=admin
 +
</syntaxhighlight>
 +
 +
* Create the normal user
 +
<syntaxhighlight>
 +
keystone user-create --name=demo --pass=password --email=david.power@boston.co.uk
 +
keystone tenant-create --name=demo --description="Demo Tenant"
 +
keystone user-role-add --user=demo --role=_member_ --tenant=demo
 +
</syntaxhighlight>
 +
 +
* Create the service user
 +
<syntaxhighlight>
 +
keystone tenant-create --name=service --description="Service Tenant"
 +
</syntaxhighlight>
 +
 +
* Define services and APIs endpoints
 +
<syntaxhighlight>
 +
keystone service-create --name=keystone --type=identity --description="OpenStack Identity"
 +
keystone endpoint-create \
 +
  --service-id=$(keystone service-list | awk '/ identity / {print $2}') \
 +
  --publicurl=http://controller:5000/v2.0 \
 +
  --internalurl=http://controller:5000/v2.0 \
 +
  --adminurl=http://controller:35357/v2.0
 +
</syntaxhighlight>
 +
 +
* Verify the Identity service installation
 +
<syntaxhighlight>
 +
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
 +
keystone --os-username=admin --os-password=password --os-auth-url=http://controller:35357/v2.0 token-get
 +
keystone --os-username=admin --os-password=password --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 token-get
 +
</syntaxhighlight>
 +
 +
* Setup an rc file for these settings
 +
<syntaxhighlight>
 +
[root@x8-2 ~]# cat admin-openrc.sh
 +
export OS_USERNAME=admin
 +
export OS_PASSWORD=password
 +
export OS_TENANT_NAME=admin
 +
export OS_AUTH_URL=http://controller:35357/v2.0
 +
# source
 +
source admin-openrc.sh
 +
keystone token-get
 +
# now we can run keystone commands
 +
[root@x8-2 ~]# keystone user-list
 +
+----------------------------------+-------+---------+--------------------------+
 +
|                id                |  name | enabled |          email          |
 +
+----------------------------------+-------+---------+--------------------------+
 +
| 065db47992ce4ce6899351b378ea0abd | admin |  True  | david.power@boston.co.uk |
 +
| 415362238c5d43fe8fbad2867a4c0034 |  demo |  True  | david.power@boston.co.uk |
 +
+----------------------------------+-------+---------+--------------------------+
 +
[root@x8-2 ~]# keystone user-role-list --user admin --tenant admin
 +
+----------------------------------+----------+----------------------------------+----------------------------------+
 +
|                id                |  name  |            user_id              |            tenant_id            |
 +
+----------------------------------+----------+----------------------------------+----------------------------------+
 +
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | 065db47992ce4ce6899351b378ea0abd | 3c7cdbdad1584cadbee27a03fd496c1c |
 +
| b7f97985f5864a88ab83dd966ed61edc |  admin  | 065db47992ce4ce6899351b378ea0abd | 3c7cdbdad1584cadbee27a03fd496c1c |
 +
+----------------------------------+----------+----------------------------------+----------------------------------+
 +
</syntaxhighlight>
 +
 +
* Setup the demo user rc file (for later)
 +
<syntaxhighlight>
 +
$ cat demo-openrc.sh
 +
export OS_USERNAME=demo
 +
export OS_PASSWORD=password
 +
export OS_TENANT_NAME=demo
 +
export OS_AUTH_URL=http://controller:35357/v2.0
 +
</syntaxhighlight>
 +
 +
== Install and Configure the Image Service (Glance) ==
 +
* Install the image service on the '''controller''' node
 +
<syntaxhighlight>
 +
yum -y install openstack-glance python-glanceclient
 +
openstack-config --set /etc/glance/glance-api.conf database connection mysql://glance:password@controller/glance
 +
openstack-config --set /etc/glance/glance-registry.conf database connection mysql://glance:password@controller/glance
 +
</syntaxhighlight>
 +
 +
* Create the glance DB
 +
<syntaxhighlight>
 +
$ mysql -u root -p
 +
mysql> CREATE DATABASE glance;
 +
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'password';
 +
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'password';
 +
</syntaxhighlight>
 +
 +
* Populate the DB plus some other bits
 +
<syntaxhighlight>
 +
su -s /bin/sh -c "glance-manage db_sync" glance
 +
keystone user-create --name=glance --pass=password --email=david.power@boston.co.uk
 +
keystone user-role-add --user=glance --tenant=service --role=admin
 +
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
 +
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host controller
 +
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357
 +
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http
 +
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
 +
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
 +
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password password
 +
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
 +
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
 +
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host controller
 +
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357
 +
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http
 +
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
 +
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
 +
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password password
 +
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
 +
</syntaxhighlight>
 +
 +
* Register the service, setup endpoint and start the service
 +
<syntaxhighlight>
 +
keystone service-create --name=glance --type=image --description="OpenStack Image Service"
 +
keystone endpoint-create --service-id=$(keystone service-list | awk '/ image / {print $2}') \
 +
  --publicurl=http://controller:9292 \
 +
  --internalurl=http://controller:9292 \
 +
  --adminurl=http://controller:9292
 +
service openstack-glance-api start
 +
service openstack-glance-registry start
 +
chkconfig openstack-glance-api on
 +
chkconfig openstack-glance-registry on
 +
</syntaxhighlight>
 +
 +
* Verify the Image Service installation
 +
<syntaxhighlight>
 +
mkdir /tmp/images
 +
cd /tmp/images/
 +
wget http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img
 +
file cirros-0.3.2-x86_64-disk.img
 +
# [Output - format is QCOW which we need for the next cmd]: cirros-0.3.2-x86_64-disk.img: Qemu Image, Format: Qcow , Version: 2
 +
# Source not really needed if done above
 +
source admin-openrc.sh
 +
glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2 --container-format bare --is-public True --progress < cirros-0.3.2-x86_64-disk.img
 +
glance image-list
 +
</syntaxhighlight>
 +
 +
== Install and Configure the Compute Service (Nova) ==
 +
* In this example we are running the compute services on the controller. the compute itself only needs to run the launcher service
 +
* On the '''contorller'''
 +
* Install the services
 +
<syntaxhighlight>
 +
yum -y install openstack-nova-api openstack-nova-cert openstack-nova-conductor \
 +
  openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler \
 +
  python-novaclient
 +
</syntaxhighlight>
 +
 +
* Setup the nova service
 +
<syntaxhighlight>
 +
openstack-config --set /etc/nova/nova.conf database connection mysql://nova:password@controller/nova
 +
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend qpid
 +
openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname controller
 +
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.28.80.2
 +
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 172.28.80.2
 +
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 172.28.80.2
 +
</syntaxhighlight>
 +
 +
* Setup the DB
 +
<syntaxhighlight>
 +
$ mysql -u root -p
 +
mysql> CREATE DATABASE nova;
 +
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'password';
 +
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'password';
 +
</syntaxhighlight>
 +
 +
* Create the DB content
 +
<syntaxhighlight>
 +
su -s /bin/sh -c "nova-manage db sync" nova
 +
keystone user-create --name=nova --pass=password --email=nova@example.com
 +
keystone user-role-add --user=nova --tenant=service --role=admin
 +
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
 +
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
 +
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
 +
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
 +
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
 +
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
 +
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
 +
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password password
 +
keystone service-create --name=nova --type=compute --description="OpenStack Compute"
 +
keystone endpoint-create --service-id=$(keystone service-list | awk '/ compute / {print $2}') \
 +
  --publicurl=http://controller:8774/v2/%\(tenant_id\)s \
 +
  --internalurl=http://controller:8774/v2/%\(tenant_id\)s \
 +
  --adminurl=http://controller:8774/v2/%\(tenant_id\)s
 +
</syntaxhighlight>
 +
 +
* Start / Enable the services
 +
<syntaxhighlight>
 +
service openstack-nova-api start
 +
service openstack-nova-cert start
 +
service openstack-nova-consoleauth start
 +
service openstack-nova-scheduler start
 +
service openstack-nova-conductor start
 +
service openstack-nova-novncproxy start
 +
chkconfig openstack-nova-api on
 +
chkconfig openstack-nova-cert on
 +
chkconfig openstack-nova-consoleauth on
 +
chkconfig openstack-nova-scheduler on
 +
chkconfig openstack-nova-conductor on
 +
chkconfig openstack-nova-novncproxy on
 +
</syntaxhighlight>
 +
 +
* Verify the setup
 +
<syntaxhighlight>
 +
[root@x8-2 images]# nova image-list
 +
+--------------------------------------+---------------------+--------+--------+
 +
| ID                                  | Name                | Status | Server |
 +
+--------------------------------------+---------------------+--------+--------+
 +
| a467f1f1-87b8-41e7-9c70-89f990e78f45 | cirros-0.3.2-x86_64 | ACTIVE |        |
 +
+--------------------------------------+---------------------+--------+--------+
 +
</syntaxhighlight>
 +
 +
== Configure a Compute Node ==
 +
* Run all these commands on the '''compute''' node
 +
* Install the packages
 +
<syntaxhighlight>
 +
yum -y install openstack-nova-compute
 +
</syntaxhighlight>
 +
 +
* Configure the service (update the IPs below to suit)
 +
<syntaxhighlight>
 +
  openstack-config --set /etc/nova/nova.conf database connection mysql://nova:password@controller/nova
 +
  openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
 +
  openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
 +
  openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
 +
  openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
 +
  openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
 +
  openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
 +
  openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
 +
  openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password password
 +
  openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend qpid
 +
  openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname controller
 +
  openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.28.80.0
 +
  openstack-config --set /etc/nova/nova.conf DEFAULT vnc_enabled True
 +
  openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 0.0.0.0
 +
  openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 172.28.80.0
 +
  openstack-config --set /etc/nova/nova.conf DEFAULT novncproxy_base_url http://controller:6080/vnc_auto.html
 +
  openstack-config --set /etc/nova/nova.conf DEFAULT glance_host controller
 +
</syntaxhighlight>
 +
 +
* Start / Enable the services
 +
<syntaxhighlight>
 +
service libvirtd start
 +
service messagebus start
 +
service openstack-nova-compute start
 +
chkconfig libvirtd on
 +
chkconfig messagebus on
 +
chkconfig openstack-nova-compute on
 +
</syntaxhighlight>
 +
 +
* Verify the Nova Installation
 +
* '''On the Controller'' node
 +
<syntaxhighlight>
 +
[root@controller ~]# nova hypervisor-list
 +
+----+---------------------+
 +
| ID | Hypervisor hostname |
 +
+----+---------------------+
 +
| 1  | x8-0                |
 +
+----+---------------------+
 +
</syntaxhighlight>
 +
 +
== Install and Configure the Network Service (Neutron) - Controller Node ==
 +
* Configure the '''controller''' node
 +
* Setup the DB
 +
<syntaxhighlight>
 +
$ mysql -u root -p
 +
mysql> CREATE DATABASE neutron;
 +
mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'password';
 +
mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'password';
 +
</syntaxhighlight>
 +
 +
* Configure the services
 +
<syntaxhighlight>
 +
keystone user-create --name neutron --pass password --email david.power@boston.co.uk
 +
keystone user-role-add --user neutron --tenant service --role admin
 +
keystone service-create --name neutron --type network --description "OpenStack Networking"
 +
keystone endpoint-create \
 +
  --service-id $(keystone service-list | awk '/ network / {print $2}') \
 +
  --publicurl http://controller:9696 \
 +
  --adminurl http://controller:9696 \
 +
  --internalurl http://controller:9696
 +
</syntaxhighlight>
 +
 +
* Install the networkign components
 +
<syntaxhighlight>
 +
yum -y install openstack-neutron openstack-neutron-ml2 python-neutronclient
 +
</syntaxhighlight>
 +
 +
* Configure the networking components
 +
<syntaxhighlight>
 +
openstack-config --set /etc/neutron/neutron.conf database connection  mysql://neutron:password@controller/neutron
 +
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
 +
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  auth_uri http://controller:5000
 +
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  auth_host controller
 +
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  auth_protocol http
 +
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  auth_port 35357
 +
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  admin_tenant_name service
 +
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  admin_user neutron
 +
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  admin_password password
 +
openstack-config --set /etc/neutron/neutron.conf DEFAULT  rpc_backend neutron.openstack.common.rpc.impl_qpid
 +
openstack-config --set /etc/neutron/neutron.conf DEFAULT  qpid_hostname controller
 +
openstack-config --set /etc/neutron/neutron.conf DEFAULT  notify_nova_on_port_status_changes True
 +
openstack-config --set /etc/neutron/neutron.conf DEFAULT  notify_nova_on_port_data_changes True
 +
openstack-config --set /etc/neutron/neutron.conf DEFAULT  nova_url http://controller:8774/v2
 +
openstack-config --set /etc/neutron/neutron.conf DEFAULT  nova_admin_username nova
 +
openstack-config --set /etc/neutron/neutron.conf DEFAULT  nova_admin_tenant_id $(keystone tenant-list | awk '/ service / { print $2 }')
 +
openstack-config --set /etc/neutron/neutron.conf DEFAULT  nova_admin_password NOVA_PASS
 +
openstack-config --set /etc/neutron/neutron.conf DEFAULT  nova_admin_auth_url http://controller:35357/v2.0
 +
openstack-config --set /etc/neutron/neutron.conf DEFAULT  core_plugin ml2
 +
openstack-config --set /etc/neutron/neutron.conf DEFAULT  service_plugins router
 +
sed -i "s/# verbose = True/verbose = True/g" /etc/neutron/neutron.conf
 +
 +
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2  type_drivers gre
 +
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2  tenant_network_types gre
 +
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2  mechanism_drivers openvswitch
 +
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre  tunnel_id_ranges 1:1000
 +
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup  firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
 +
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup  enable_security_group True
 +
 +
openstack-config --set /etc/nova/nova.conf DEFAULT  network_api_class nova.network.neutronv2.api.API
 +
openstack-config --set /etc/nova/nova.conf DEFAULT  neutron_url http://controller:9696
 +
openstack-config --set /etc/nova/nova.conf DEFAULT  neutron_auth_strategy keystone
 +
openstack-config --set /etc/nova/nova.conf DEFAULT  neutron_admin_tenant_name service
 +
openstack-config --set /etc/nova/nova.conf DEFAULT  neutron_admin_username neutron
 +
openstack-config --set /etc/nova/nova.conf DEFAULT  neutron_admin_password password
 +
openstack-config --set /etc/nova/nova.conf DEFAULT  neutron_admin_auth_url http://controller:35357/v2.0
 +
openstack-config --set /etc/nova/nova.conf DEFAULT  linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
 +
openstack-config --set /etc/nova/nova.conf DEFAULT  firewall_driver nova.virt.firewall.NoopFirewallDriver
 +
openstack-config --set /etc/nova/nova.conf DEFAULT  security_group_api neutron
 +
</syntaxhighlight>
 +
 +
* Finalise the setup
 +
<syntaxhighlight>
 +
cd /etc/neutron/
 +
ln -s plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
 +
service openstack-nova-api restart
 +
service openstack-nova-scheduler restart
 +
service openstack-nova-conductor restart
 +
service neutron-server start
 +
chkconfig neutron-server on
 +
</syntaxhighlight>
 +
 +
== Install and Configure the Network Service (Neutron) - Network Node ==
 +
* Run the commands on the '''network''' node
 +
* Setup the kernel params
 +
<syntaxhighlight>
 +
echo -en "net.ipv4.ip_forward=1 \nnet.ipv4.conf.all.rp_filter=0 \nnet.ipv4.conf.default.rp_filter=0\n" >> /etc/sysctl.conf network
 +
sysctl -p
 +
</syntaxhighlight>
 +
 +
* Install the packages
 +
<syntaxhighlight>
 +
yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch
 +
yum -y install iproute
 +
</syntaxhighlight>
 +
 +
* Configure the services
 +
<syntaxhighlight>
 +
openstack-config --set /etc/neutron/neutron.conf DEFAULT  auth_strategy keystone
 +
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  auth_uri http://controller:5000
 +
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  auth_host controller
 +
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  auth_protocol http
 +
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  auth_port 35357
 +
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  admin_tenant_name service
 +
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  admin_user neutron
 +
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  admin_password password
 +
 +
openstack-config --set /etc/neutron/neutron.conf DEFAULT  rpc_backend neutron.openstack.common.rpc.impl_qpid
 +
openstack-config --set /etc/neutron/neutron.conf DEFAULT  qpid_hostname controller
 +
 +
openstack-config --set /etc/neutron/neutron.conf DEFAULT  core_plugin ml2
 +
openstack-config --set /etc/neutron/neutron.conf DEFAULT  service_plugins router
 +
 +
 +
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT  interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
 +
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT  use_namespaces True
 +
 +
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT  interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
 +
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT  dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
 +
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT  use_namespaces True
 +
 +
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT  dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf
 +
 +
echo "dhcp-option-force=26,1454" >> /etc/neutron/dnsmasq-neutron.conf
 +
killall dnsmasq
 +
 +
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT  auth_url http://controller:5000/v2.0
 +
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT  auth_region regionOne
 +
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT  admin_tenant_name service
 +
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT  admin_user neutron
 +
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT  admin_password password
 +
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT  nova_metadata_ip controller
 +
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT  metadata_proxy_shared_secret password
 +
</syntaxhighlight>
 +
 +
* '''Note: Run the next commands on the controller node'''
 +
<syntaxhighlight>
 +
# controller node
 +
openstack-config --set /etc/nova/nova.conf DEFAULT  service_neutron_metadata_proxy true
 +
openstack-config --set /etc/nova/nova.conf DEFAULT  neutron_metadata_proxy_shared_secret password
 +
service openstack-nova-api restart
 +
</syntaxhighlight>
 +
 +
* '''Note: Back to network node'''
 +
* Network address below is eth1 (tunnel) addr of the network node
 +
<syntaxhighlight>
 +
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2  type_drivers gre
 +
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2  tenant_network_types gre
 +
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2  mechanism_drivers openvswitch
 +
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre  tunnel_id_ranges 1:1000
 +
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs  local_ip 192.168.0.21
 +
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs  tunnel_type gre
 +
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs  enable_tunneling True
 +
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup  firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
 +
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup  enable_security_group True
 +
</syntaxhighlight>
 +
 +
* Setup the Open vSwitch Service
 +
<syntaxhighlight>
 +
service openvswitch start
 +
chkconfig openvswitch on
 +
ovs-vsctl add-br br-int
 +
ovs-vsctl add-br br-ex
 +
ovs-vsctl add-port br-ex INTERFACE_NAME
 +
cd /etc/neutron
 +
ln -s plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
 +
cp /etc/init.d/neutron-openvswitch-agent /etc/init.d/neutron-openvswitch-agent.orig
 +
</syntaxhighlight>
 +
 +
* Services
 +
<syntaxhighlight>
 +
service neutron-openvswitch-agent start
 +
service neutron-l3-agent start
 +
service neutron-dhcp-agent start
 +
service neutron-metadata-agent start
 +
chkconfig neutron-openvswitch-agent on
 +
chkconfig neutron-l3-agent on
 +
chkconfig neutron-dhcp-agent on
 +
chkconfig neutron-metadata-agent on
 +
</syntaxhighlight>
 +
 +
 +
########## Ended at bridge add as trying a virtual nic
 +
<syntaxhighlight>
 +
# some controller iptables cmds to make sure theres no iptables problems
 +
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5000 -j ACCEPT
 +
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5672 -j ACCEPT
 +
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 6080 -j ACCEPT
 +
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8774 -j ACCEPT
 +
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 9292 -j ACCEPT
 +
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 9696 -j ACCEPT
 +
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 35357 -j ACCEPT
 +
STOP IPTABLES
 +
</syntaxhighlight>

Latest revision as of 23:06, 28 October 2014

Installguide arch-neutron.png

Initial Setup

  • Setup networking on eth0 and name the hosts as follows (these names are used for the configuration later on)
172.28.80.0	x8-0 	network
172.28.80.1	x8-1 	compute1
172.28.80.2	x8-2 	controller
  • Although not needed on centos6.5, disable firewalld and NetworkManager
  • Make sure all hosts can ping the outside world (ping openstack.org)
  • Setup ntpd and set the correct TZ
chkconfig ntpd on
service ntpd start
# then add the following line to the ~/.bashrc
TZ='Europe/London'; export TZ

Setup the DB on the Controller

  • Setup the DB on the Controller node
yum install mysql mysql-server MySQL-python
  • Edit the /etc/my.cnf file, add the following in the [mysqld] section
bind-address = 172.28.80.2
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
  • Restart the DB and setup security
service mysqld start
chkconfig mysqld on
mysql_install_db
mysql_secure_installation # go with defaults for everything unless you have a good excuse not to
  • On all other nodes, compute/network
yum install MySQL-python

Install the OpenStack Software

  • Install this on all server (control, network, compute)
yum -y install yum-plugin-priorities
# bug fix, seems to remove the need for the above - but anyway: 
sed -i "s/enabled = 1/enabled = 0/g" /etc/yum/pluginconf.d/priorities.conf 
yum -y install http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm
yum -y install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum -y install openstack-utils
yum -y install openstack-selinux
# yum upgrade / reboot if you can be arsed

Install the Messaging Server

  • Install on the control node (but can be installed anywhere - the eg. has everything on the control node)
yum -y install qpid-cpp-server
sed -i "s/auth=yes/auth=no/g" /etc/qpidd.conf 
service qpidd start
chkconfig qpidd on

Install and Configure the Identity Service (Keystone)

  • Install on the control node
yum -y install openstack-keystone python-keystoneclient
openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:password@controller/keystone
  • Setup a keystone DB
$ mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'   IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'   IDENTIFIED BY 'password';
mysql> exit
  • Alternative was to create keystone and other DBs - from the redhat open lab
[root@ospctrl0-1f47 ~]# /root/osp_sql_create keystone keystone

CREATE DATABASE keystone;
GRANT ALL ON keystone.* TO 'keystone'@'ospctrl0-1f47.rhpds.opentlc.com' IDENTIFIED BY 'redhat';
GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'redhat';
GRANT ALL ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'redhat';
FLUSH PRIVILEGES;
quit

# Verify the preceding MySQL commands are correct.
# Then execute the following command to create the database.

mysql -u root -p < /root/keystone.sql

[root@ospctrl0-1f47 ~]# cat /root/osp_sql_create 
#!/bin/bash
#	Helper script for creating Service Databases

X="$1"
Y="$2"
Z="$3"
myname="osp_sql_create.sh"

S0="\n${myname} {db_name} {dbuser_name}] [{password}]\n\n\t{db_name}\tName of New Database\n\n\t{dbuser_name}\tName of DB User\n\t\t\t(may or not match DB Name)\n\n\t{password}\tPassword\n\t\t\t(defaults to 'redhat')\n"
if [ "${X}" == "" ] ; then echo -e "${S0}" ; exit 127 ; fi
if [ "${Y}" == "" ] ; then echo -e "${S0}" ; exit 127 ; fi
[ "${Z}" == "" ] && Z="redhat"

#	Filename
dtstamp="`date +%Y%m%d_%H%M%S`"
myfile="/root/${X}.sql"
touch ${myfile}
if [ $? -ne 0 ] ; then echo -e "${myname}(ERROR):  Can NOT create file (${myfile})" ; exit 63 ; fi

#	Write file
echo "CREATE DATABASE ${X};" >> ${myfile}
echo "GRANT ALL ON ${X}.* TO '${Y}'@'`uname -n`' IDENTIFIED BY '${Z}';" >> ${myfile}
echo "GRANT ALL ON ${X}.* TO '${Y}'@'%' IDENTIFIED BY '${Z}';" >> ${myfile}
echo "GRANT ALL ON ${X}.* TO '${Y}'@'localhost' IDENTIFIED BY '${Z}';" >> ${myfile}
echo "FLUSH PRIVILEGES;" >> ${myfile}
echo "quit" >> ${myfile}
echo -e ""
cat ${myfile}
echo -e "\n# Verify the preceding MySQL commands are correct.\n# Then execute the following command to create the database."
echo -e "\nmysql -u root -p < ${myfile}\n"
  • Do lots more stuff
# create the DB tables
su -s /bin/sh -c "keystone-manage db_sync" keystone
# setup a token
ADMIN_TOKEN=$(openssl rand -hex 10)
echo $ADMIN_TOKEN
# Note admin token as you will need later on
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
# setup pki keys
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown -R keystone:keystone /etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl
  • Start the service and enable on boot
service openstack-keystone start
chkconfig openstack-keystone on
  • Optional: Purge the tokens every hour as they are typically kept indefinitely.
(crontab -l -u keystone 2>&1 | grep -q token_flush) || \
echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone
  • Define users / tenants / roles
# Assuming your still in the same shell as above 
export OS_SERVICE_TOKEN=$ADMIN_TOKEN
export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0
  • Create the admin user
keystone user-create --name=admin --pass=password --email=david.power@boston.co.uk
keystone role-create --name=admin
keystone tenant-create --name=admin --description="Admin Tenant"
keystone user-role-add --user=admin --tenant=admin --role=admin
keystone user-role-add --user=admin --role=_member_ --tenant=admin
  • Create the normal user
keystone user-create --name=demo --pass=password --email=david.power@boston.co.uk
keystone tenant-create --name=demo --description="Demo Tenant"
keystone user-role-add --user=demo --role=_member_ --tenant=demo
  • Create the service user
keystone tenant-create --name=service --description="Service Tenant"
  • Define services and APIs endpoints
keystone service-create --name=keystone --type=identity --description="OpenStack Identity"
keystone endpoint-create \
  --service-id=$(keystone service-list | awk '/ identity / {print $2}') \
  --publicurl=http://controller:5000/v2.0 \
  --internalurl=http://controller:5000/v2.0 \
  --adminurl=http://controller:35357/v2.0
  • Verify the Identity service installation
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
keystone --os-username=admin --os-password=password --os-auth-url=http://controller:35357/v2.0 token-get
keystone --os-username=admin --os-password=password --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 token-get
  • Setup an rc file for these settings
[root@x8-2 ~]# cat admin-openrc.sh 
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://controller:35357/v2.0
# source
source admin-openrc.sh
keystone token-get
# now we can run keystone commands
[root@x8-2 ~]# keystone user-list 
+----------------------------------+-------+---------+--------------------------+
|                id                |  name | enabled |          email           |
+----------------------------------+-------+---------+--------------------------+
| 065db47992ce4ce6899351b378ea0abd | admin |   True  | david.power@boston.co.uk |
| 415362238c5d43fe8fbad2867a4c0034 |  demo |   True  | david.power@boston.co.uk |
+----------------------------------+-------+---------+--------------------------+
[root@x8-2 ~]# keystone user-role-list --user admin --tenant admin
+----------------------------------+----------+----------------------------------+----------------------------------+
|                id                |   name   |             user_id              |            tenant_id             |
+----------------------------------+----------+----------------------------------+----------------------------------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | 065db47992ce4ce6899351b378ea0abd | 3c7cdbdad1584cadbee27a03fd496c1c |
| b7f97985f5864a88ab83dd966ed61edc |  admin   | 065db47992ce4ce6899351b378ea0abd | 3c7cdbdad1584cadbee27a03fd496c1c |
+----------------------------------+----------+----------------------------------+----------------------------------+
  • Setup the demo user rc file (for later)
$ cat demo-openrc.sh
export OS_USERNAME=demo
export OS_PASSWORD=password
export OS_TENANT_NAME=demo
export OS_AUTH_URL=http://controller:35357/v2.0

Install and Configure the Image Service (Glance)

  • Install the image service on the controller node
yum -y install openstack-glance python-glanceclient
openstack-config --set /etc/glance/glance-api.conf database connection mysql://glance:password@controller/glance
openstack-config --set /etc/glance/glance-registry.conf database connection mysql://glance:password@controller/glance
  • Create the glance DB
$ mysql -u root -p
mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'password';
  • Populate the DB plus some other bits
su -s /bin/sh -c "glance-manage db_sync" glance
keystone user-create --name=glance --pass=password --email=david.power@boston.co.uk
keystone user-role-add --user=glance --tenant=service --role=admin
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host controller
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password password
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host controller
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password password
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
  • Register the service, setup endpoint and start the service
keystone service-create --name=glance --type=image --description="OpenStack Image Service"
keystone endpoint-create --service-id=$(keystone service-list | awk '/ image / {print $2}') \
  --publicurl=http://controller:9292 \
  --internalurl=http://controller:9292 \
  --adminurl=http://controller:9292
service openstack-glance-api start
service openstack-glance-registry start
chkconfig openstack-glance-api on
chkconfig openstack-glance-registry on
  • Verify the Image Service installation
mkdir /tmp/images
cd /tmp/images/
wget http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img
file cirros-0.3.2-x86_64-disk.img 
# [Output - format is QCOW which we need for the next cmd]: cirros-0.3.2-x86_64-disk.img: Qemu Image, Format: Qcow , Version: 2
# Source not really needed if done above
source admin-openrc.sh
glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2 --container-format bare --is-public True --progress < cirros-0.3.2-x86_64-disk.img
glance image-list

Install and Configure the Compute Service (Nova)

  • In this example we are running the compute services on the controller. the compute itself only needs to run the launcher service
  • On the contorller
  • Install the services
yum -y install openstack-nova-api openstack-nova-cert openstack-nova-conductor \
  openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler \
  python-novaclient
  • Setup the nova service
openstack-config --set /etc/nova/nova.conf database connection mysql://nova:password@controller/nova
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend qpid
openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname controller
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.28.80.2
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 172.28.80.2
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 172.28.80.2
  • Setup the DB
$ mysql -u root -p
mysql> CREATE DATABASE nova;
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'password';
  • Create the DB content
su -s /bin/sh -c "nova-manage db sync" nova
keystone user-create --name=nova --pass=password --email=nova@example.com
keystone user-role-add --user=nova --tenant=service --role=admin
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password password
keystone service-create --name=nova --type=compute --description="OpenStack Compute"
keystone endpoint-create --service-id=$(keystone service-list | awk '/ compute / {print $2}') \
  --publicurl=http://controller:8774/v2/%\(tenant_id\)s \
  --internalurl=http://controller:8774/v2/%\(tenant_id\)s \
  --adminurl=http://controller:8774/v2/%\(tenant_id\)s
  • Start / Enable the services
service openstack-nova-api start
service openstack-nova-cert start
service openstack-nova-consoleauth start
service openstack-nova-scheduler start
service openstack-nova-conductor start
service openstack-nova-novncproxy start
chkconfig openstack-nova-api on
chkconfig openstack-nova-cert on
chkconfig openstack-nova-consoleauth on
chkconfig openstack-nova-scheduler on
chkconfig openstack-nova-conductor on
chkconfig openstack-nova-novncproxy on
  • Verify the setup
[root@x8-2 images]# nova image-list
+--------------------------------------+---------------------+--------+--------+
| ID                                   | Name                | Status | Server |
+--------------------------------------+---------------------+--------+--------+
| a467f1f1-87b8-41e7-9c70-89f990e78f45 | cirros-0.3.2-x86_64 | ACTIVE |        |
+--------------------------------------+---------------------+--------+--------+

Configure a Compute Node

  • Run all these commands on the compute node
  • Install the packages
yum -y install openstack-nova-compute
  • Configure the service (update the IPs below to suit)
  openstack-config --set /etc/nova/nova.conf database connection mysql://nova:password@controller/nova
  openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
  openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
  openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
  openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
  openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
  openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
  openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
  openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password password
  openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend qpid
  openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname controller
  openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.28.80.0
  openstack-config --set /etc/nova/nova.conf DEFAULT vnc_enabled True
  openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 0.0.0.0
  openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 172.28.80.0
  openstack-config --set /etc/nova/nova.conf DEFAULT novncproxy_base_url http://controller:6080/vnc_auto.html
  openstack-config --set /etc/nova/nova.conf DEFAULT glance_host controller
  • Start / Enable the services
service libvirtd start
service messagebus start
service openstack-nova-compute start
chkconfig libvirtd on
chkconfig messagebus on
chkconfig openstack-nova-compute on
  • Verify the Nova Installation
  • 'On the Controller node
[root@controller ~]# nova hypervisor-list
+----+---------------------+
| ID | Hypervisor hostname |
+----+---------------------+
| 1  | x8-0                |
+----+---------------------+

Install and Configure the Network Service (Neutron) - Controller Node

  • Configure the controller node
  • Setup the DB
$ mysql -u root -p
mysql> CREATE DATABASE neutron;
mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'password';
  • Configure the services
keystone user-create --name neutron --pass password --email david.power@boston.co.uk
keystone user-role-add --user neutron --tenant service --role admin
keystone service-create --name neutron --type network --description "OpenStack Networking"
keystone endpoint-create \
  --service-id $(keystone service-list | awk '/ network / {print $2}') \
  --publicurl http://controller:9696 \
  --adminurl http://controller:9696 \
  --internalurl http://controller:9696
  • Install the networkign components
yum -y install openstack-neutron openstack-neutron-ml2 python-neutronclient
  • Configure the networking components
openstack-config --set /etc/neutron/neutron.conf database connection  mysql://neutron:password@controller/neutron
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  auth_host controller
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  auth_protocol http
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  auth_port 35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  admin_tenant_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  admin_user neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  admin_password password
openstack-config --set /etc/neutron/neutron.conf DEFAULT  rpc_backend neutron.openstack.common.rpc.impl_qpid
openstack-config --set /etc/neutron/neutron.conf DEFAULT  qpid_hostname controller
openstack-config --set /etc/neutron/neutron.conf DEFAULT  notify_nova_on_port_status_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT  notify_nova_on_port_data_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT  nova_url http://controller:8774/v2
openstack-config --set /etc/neutron/neutron.conf DEFAULT  nova_admin_username nova
openstack-config --set /etc/neutron/neutron.conf DEFAULT  nova_admin_tenant_id $(keystone tenant-list | awk '/ service / { print $2 }')
openstack-config --set /etc/neutron/neutron.conf DEFAULT  nova_admin_password NOVA_PASS
openstack-config --set /etc/neutron/neutron.conf DEFAULT  nova_admin_auth_url http://controller:35357/v2.0
openstack-config --set /etc/neutron/neutron.conf DEFAULT  core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT  service_plugins router
sed -i "s/# verbose = True/verbose = True/g" /etc/neutron/neutron.conf 

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2  type_drivers gre
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2  tenant_network_types gre
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2  mechanism_drivers openvswitch
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre  tunnel_id_ranges 1:1000
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup  firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup  enable_security_group True

openstack-config --set /etc/nova/nova.conf DEFAULT  network_api_class nova.network.neutronv2.api.API
openstack-config --set /etc/nova/nova.conf DEFAULT  neutron_url http://controller:9696
openstack-config --set /etc/nova/nova.conf DEFAULT  neutron_auth_strategy keystone
openstack-config --set /etc/nova/nova.conf DEFAULT  neutron_admin_tenant_name service
openstack-config --set /etc/nova/nova.conf DEFAULT  neutron_admin_username neutron
openstack-config --set /etc/nova/nova.conf DEFAULT  neutron_admin_password password
openstack-config --set /etc/nova/nova.conf DEFAULT  neutron_admin_auth_url http://controller:35357/v2.0
openstack-config --set /etc/nova/nova.conf DEFAULT  linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
openstack-config --set /etc/nova/nova.conf DEFAULT  firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT   security_group_api neutron
  • Finalise the setup
cd /etc/neutron/
ln -s plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
service openstack-nova-api restart
service openstack-nova-scheduler restart
service openstack-nova-conductor restart
service neutron-server start
chkconfig neutron-server on

Install and Configure the Network Service (Neutron) - Network Node

  • Run the commands on the network node
  • Setup the kernel params
echo -en "net.ipv4.ip_forward=1 \nnet.ipv4.conf.all.rp_filter=0 \nnet.ipv4.conf.default.rp_filter=0\n" >> /etc/sysctl.conf network
sysctl -p
  • Install the packages
yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch
yum -y install iproute
  • Configure the services
openstack-config --set /etc/neutron/neutron.conf DEFAULT   auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken   auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken   auth_host controller
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken   auth_protocol http
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken   auth_port 35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken   admin_tenant_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken   admin_user neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken   admin_password password

openstack-config --set /etc/neutron/neutron.conf DEFAULT  rpc_backend neutron.openstack.common.rpc.impl_qpid
openstack-config --set /etc/neutron/neutron.conf DEFAULT  qpid_hostname controller

openstack-config --set /etc/neutron/neutron.conf DEFAULT   core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT   service_plugins router


openstack-config --set /etc/neutron/l3_agent.ini DEFAULT   interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT   use_namespaces True

openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT   interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT   dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT   use_namespaces True

openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT  dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf

echo "dhcp-option-force=26,1454" >> /etc/neutron/dnsmasq-neutron.conf
killall dnsmasq

 openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT  auth_url http://controller:5000/v2.0
 openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT  auth_region regionOne
 openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT  admin_tenant_name service
 openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT  admin_user neutron
 openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT  admin_password password
 openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT  nova_metadata_ip controller
 openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT  metadata_proxy_shared_secret password
  • Note: Run the next commands on the controller node
# controller node
 openstack-config --set /etc/nova/nova.conf DEFAULT  service_neutron_metadata_proxy true
 openstack-config --set /etc/nova/nova.conf DEFAULT  neutron_metadata_proxy_shared_secret password
 service openstack-nova-api restart
  • Note: Back to network node
  • Network address below is eth1 (tunnel) addr of the network node
 openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2  type_drivers gre
 openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2  tenant_network_types gre
 openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2  mechanism_drivers openvswitch
 openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre  tunnel_id_ranges 1:1000
 openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs  local_ip 192.168.0.21
 openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs  tunnel_type gre
 openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs  enable_tunneling True
 openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup  firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
 openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup  enable_security_group True
  • Setup the Open vSwitch Service
service openvswitch start
chkconfig openvswitch on
ovs-vsctl add-br br-int
ovs-vsctl add-br br-ex
ovs-vsctl add-port br-ex INTERFACE_NAME
cd /etc/neutron
ln -s plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
cp /etc/init.d/neutron-openvswitch-agent /etc/init.d/neutron-openvswitch-agent.orig
  • Services
service neutron-openvswitch-agent start
service neutron-l3-agent start
service neutron-dhcp-agent start
service neutron-metadata-agent start
chkconfig neutron-openvswitch-agent on
chkconfig neutron-l3-agent on
chkconfig neutron-dhcp-agent on
chkconfig neutron-metadata-agent on


                    1. Ended at bridge add as trying a virtual nic
# some controller iptables cmds to make sure theres no iptables problems
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5000 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5672 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 6080 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8774 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 9292 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 9696 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 35357 -j ACCEPT
STOP IPTABLES
Retrieved from "http://wiki.define-technology.com/mediawiki-1.35.0/index.php?title=OpenStack:_Install_Icehouse_on_Centos_6.5&oldid=5078"