Difference between revisions of "OpenStack: Install Icehouse on Centos 6.5"

From Define Wiki
Jump to navigation Jump to search
Line 54: Line 54:
 
<syntaxhighlight>
 
<syntaxhighlight>
 
yum -y install yum-plugin-priorities
 
yum -y install yum-plugin-priorities
 +
# bug fix, seems to remove the need for the above - but anyway:
 +
sed -i "s/enabled = 1/enabled = 0/g" /etc/yum/pluginconf.d/priorities.conf
 
yum -y install http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm
 
yum -y install http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm
 
yum -y install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
 
yum -y install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Line 63: Line 65:
 
== Install the Messaging Server ==
 
== Install the Messaging Server ==
 
* Install on the '''control''' node (but can be installed anywhere - the eg. has everything on the control node)
 
* Install on the '''control''' node (but can be installed anywhere - the eg. has everything on the control node)
 +
<syntaxhighlight>
 +
yum -y install qpid-cpp-server
 +
sed -i "s/auth=yes/auth=no/g" /etc/qpidd.conf
 +
service qpidd start
 +
chkconfig qpidd on
 +
</syntaxhighlight>
 +
 +
== Install the Identity Service ==
 +
* Install on the '''control''' node
 +
<syntaxhighlight>
 +
yum -y install openstack-keystone python-keystoneclient
 +
openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:password@controller/keystone
 +
</syntaxhighlight>
 +
 +
* Setup a keystone DB
 +
<syntaxhighlight>
 +
$ mysql -u root -p
 +
mysql> CREATE DATABASE keystone;
 +
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'  IDENTIFIED BY 'password';
 +
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'  IDENTIFIED BY 'password';
 +
mysql> exit
 +
</syntaxhighlight>
 +
 +
* Do lots more stuff
 +
<syntaxhighlight>
 +
# create the DB tables
 +
su -s /bin/sh -c "keystone-manage db_sync" keystone
 +
# setup a token
 +
ADMIN_TOKEN=$(openssl rand -hex 10)
 +
echo $ADMIN_TOKEN
 +
# Note admin token as you will need later on
 +
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
 +
# setup pki keys
 +
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
 +
chown -R keystone:keystone /etc/keystone/ssl
 +
chmod -R o-rwx /etc/keystone/ssl
 +
</syntaxhighlight>
 +
 +
* Start the service and enable on boot
 +
<syntaxhighlight>
 +
service openstack-keystone start
 +
chkconfig openstack-keystone on
 +
</syntaxhighlight>
 +
 +
* Optional: Purge the tokens every hour as they are typically kept indefinitely.
 +
<syntaxhighlight>
 +
(crontab -l -u keystone 2>&1 | grep -q token_flush) || \
 +
echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone
 +
</syntaxhighlight>
 +
 +
* Define users / tenants / roles
 +
<syntaxhighlight>
 +
# Assuming your still in the same shell as above
 +
export OS_SERVICE_TOKEN=$ADMIN_TOKEN
 +
export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0
 +
</syntaxhighlight>
 +
 +
* Create the admin user
 +
<syntaxhighlight>
 +
keystone user-create --name=admin --pass=password --email=david.power@boston.co.uk
 +
keystone role-create --name=admin
 +
keystone tenant-create --name=admin --description="Admin Tenant"
 +
keystone user-role-add --user=admin --tenant=admin --role=admin
 +
keystone user-role-add --user=admin --role=_member_ --tenant=admin
 +
</syntaxhighlight>
 +
 +
* Create the normal user
 +
<syntaxhighlight>
 +
keystone user-create --name=demo --pass=password --email=david.power@boston.co.uk
 +
keystone tenant-create --name=demo --description="Demo Tenant"
 +
keystone user-role-add --user=demo --role=_member_ --tenant=demo
 +
</syntaxhighlight>
 +
 +
* Create the service user
 +
<syntaxhighlight>
 +
keystone tenant-create --name=service --description="Service Tenant"
 +
</syntaxhighlight>
 +
 +
* Define services and APIs endpoints
 +
<syntaxhighlight>
 +
keystone service-create --name=keystone --type=identity --description="OpenStack Identity"
 +
keystone endpoint-create \
 +
  --service-id=$(keystone service-list | awk '/ identity / {print $2}') \
 +
  --publicurl=http://controller:5000/v2.0 \
 +
  --internalurl=http://controller:5000/v2.0 \
 +
  --adminurl=http://controller:35357/v2.0
 +
</syntaxhighlight>
 +
 +
* Verify the Identity service installation
 +
<syntaxhighlight>
 +
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
 +
keystone --os-username=admin --os-password=password --os-auth-url=http://controller:35357/v2.0 token-get
 +
keystone --os-username=admin --os-password=password --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 token-get
 +
</syntaxhighlight>
 +
 +
* Setup an rc file for these settings
 +
<syntaxhighlight>
 +
[root@x8-2 ~]# cat admin-openrc.sh
 +
export OS_USERNAME=admin
 +
export OS_PASSWORD=password
 +
export OS_TENANT_NAME=admin
 +
export OS_AUTH_URL=http://controller:35357/v2.0
 +
# source
 +
source admin-openrc.sh
 +
keystone token-get
 +
# now we can run keystone commands
 +
[root@x8-2 ~]# keystone user-list
 +
+----------------------------------+-------+---------+--------------------------+
 +
|                id                |  name | enabled |          email          |
 +
+----------------------------------+-------+---------+--------------------------+
 +
| 065db47992ce4ce6899351b378ea0abd | admin |  True  | david.power@boston.co.uk |
 +
| 415362238c5d43fe8fbad2867a4c0034 |  demo |  True  | david.power@boston.co.uk |
 +
+----------------------------------+-------+---------+--------------------------+
 +
[root@x8-2 ~]# keystone user-role-list --user admin --tenant admin
 +
+----------------------------------+----------+----------------------------------+----------------------------------+
 +
|                id                |  name  |            user_id              |            tenant_id            |
 +
+----------------------------------+----------+----------------------------------+----------------------------------+
 +
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | 065db47992ce4ce6899351b378ea0abd | 3c7cdbdad1584cadbee27a03fd496c1c |
 +
| b7f97985f5864a88ab83dd966ed61edc |  admin  | 065db47992ce4ce6899351b378ea0abd | 3c7cdbdad1584cadbee27a03fd496c1c |
 +
+----------------------------------+----------+----------------------------------+----------------------------------+
 +
</syntaxhighlight>

Revision as of 21:55, 24 October 2014

Installguide arch-neutron.png

Initial Setup

  • Setup networking on eth0 and name the hosts as follows (these names are used for the configuration later on)
172.28.80.0	x8-0 	network
172.28.80.1	x8-1 	compute1
172.28.80.2	x8-2 	controller
  • Although not needed on centos6.5, disable firewalld and NetworkManager
  • Make sure all hosts can ping the outside world (ping openstack.org)
  • Setup ntpd and set the correct TZ
chkconfig ntpd on
service ntpd start
# then add the following line to the ~/.bashrc
TZ='Europe/London'; export TZ

Setup the DB on the Controller

  • Setup the DB on the Controller node
yum install mysql mysql-server MySQL-python
  • Edit the /etc/my.cnf file, add the following in the [mysqld] section
bind-address = 172.28.80.2
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
  • Restart the DB and setup security
service mysqld start
chkconfig mysqld on
mysql_install_db
mysql_secure_installation # go with defaults for everything unless you have a good excuse not to
  • On all other nodes, compute/network
yum install MySQL-python

Install the OpenStack Software

  • Install this on all server (control, network, compute)
yum -y install yum-plugin-priorities
# bug fix, seems to remove the need for the above - but anyway: 
sed -i "s/enabled = 1/enabled = 0/g" /etc/yum/pluginconf.d/priorities.conf 
yum -y install http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm
yum -y install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum -y install openstack-utils
yum -y install openstack-selinux
# yum upgrade / reboot if you can be arsed

Install the Messaging Server

  • Install on the control node (but can be installed anywhere - the eg. has everything on the control node)
yum -y install qpid-cpp-server
sed -i "s/auth=yes/auth=no/g" /etc/qpidd.conf 
service qpidd start
chkconfig qpidd on

Install the Identity Service

  • Install on the control node
yum -y install openstack-keystone python-keystoneclient
openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:password@controller/keystone
  • Setup a keystone DB
$ mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'   IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'   IDENTIFIED BY 'password';
mysql> exit
  • Do lots more stuff
# create the DB tables
su -s /bin/sh -c "keystone-manage db_sync" keystone
# setup a token
ADMIN_TOKEN=$(openssl rand -hex 10)
echo $ADMIN_TOKEN
# Note admin token as you will need later on
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
# setup pki keys
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown -R keystone:keystone /etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl
  • Start the service and enable on boot
service openstack-keystone start
chkconfig openstack-keystone on
  • Optional: Purge the tokens every hour as they are typically kept indefinitely.
(crontab -l -u keystone 2>&1 | grep -q token_flush) || \
echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone
  • Define users / tenants / roles
# Assuming your still in the same shell as above 
export OS_SERVICE_TOKEN=$ADMIN_TOKEN
export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0
  • Create the admin user
keystone user-create --name=admin --pass=password --email=david.power@boston.co.uk
keystone role-create --name=admin
keystone tenant-create --name=admin --description="Admin Tenant"
keystone user-role-add --user=admin --tenant=admin --role=admin
keystone user-role-add --user=admin --role=_member_ --tenant=admin
  • Create the normal user
keystone user-create --name=demo --pass=password --email=david.power@boston.co.uk
keystone tenant-create --name=demo --description="Demo Tenant"
keystone user-role-add --user=demo --role=_member_ --tenant=demo
  • Create the service user
keystone tenant-create --name=service --description="Service Tenant"
  • Define services and APIs endpoints
keystone service-create --name=keystone --type=identity --description="OpenStack Identity"
keystone endpoint-create \
  --service-id=$(keystone service-list | awk '/ identity / {print $2}') \
  --publicurl=http://controller:5000/v2.0 \
  --internalurl=http://controller:5000/v2.0 \
  --adminurl=http://controller:35357/v2.0
  • Verify the Identity service installation
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
keystone --os-username=admin --os-password=password --os-auth-url=http://controller:35357/v2.0 token-get
keystone --os-username=admin --os-password=password --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 token-get
  • Setup an rc file for these settings
[root@x8-2 ~]# cat admin-openrc.sh 
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://controller:35357/v2.0
# source
source admin-openrc.sh
keystone token-get
# now we can run keystone commands
[root@x8-2 ~]# keystone user-list 
+----------------------------------+-------+---------+--------------------------+
|                id                |  name | enabled |          email           |
+----------------------------------+-------+---------+--------------------------+
| 065db47992ce4ce6899351b378ea0abd | admin |   True  | david.power@boston.co.uk |
| 415362238c5d43fe8fbad2867a4c0034 |  demo |   True  | david.power@boston.co.uk |
+----------------------------------+-------+---------+--------------------------+
[root@x8-2 ~]# keystone user-role-list --user admin --tenant admin
+----------------------------------+----------+----------------------------------+----------------------------------+
|                id                |   name   |             user_id              |            tenant_id             |
+----------------------------------+----------+----------------------------------+----------------------------------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | 065db47992ce4ce6899351b378ea0abd | 3c7cdbdad1584cadbee27a03fd496c1c |
| b7f97985f5864a88ab83dd966ed61edc |  admin   | 065db47992ce4ce6899351b378ea0abd | 3c7cdbdad1584cadbee27a03fd496c1c |
+----------------------------------+----------+----------------------------------+----------------------------------+
Retrieved from "http://wiki.define-technology.com/mediawiki-1.35.0/index.php?title=OpenStack:_Install_Icehouse_on_Centos_6.5&oldid=5025"