OpenStack: Install Icehouse on Centos 6.5
Jump to navigation
Jump to search
- Based on the instructions here: http://docs.openstack.org/icehouse/install-guide/install/yum/content/
- 3 system setup, each with Centos6.5 minimal and both 1GB interfaces plugged in (172.28 eth0 / 192.168.0 eth1)
Initial Setup
- Setup networking on eth0 and name the hosts as follows (these names are used for the configuration later on)
172.28.80.0 x8-0 network
172.28.80.1 x8-1 compute1
172.28.80.2 x8-2 controller- Although not needed on centos6.5, disable firewalld and NetworkManager
- Make sure all hosts can ping the outside world (ping openstack.org)
- Setup ntpd and set the correct TZ
chkconfig ntpd on
service ntpd start
# then add the following line to the ~/.bashrc
TZ='Europe/London'; export TZSetup the DB on the Controller
- Setup the DB on the Controller node
yum install mysql mysql-server MySQL-python- Edit the /etc/my.cnf file, add the following in the [mysqld] section
bind-address = 172.28.80.2
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8- Restart the DB and setup security
service mysqld start
chkconfig mysqld on
mysql_install_db
mysql_secure_installation # go with defaults for everything unless you have a good excuse not to- On all other nodes, compute/network
yum install MySQL-pythonInstall the OpenStack Software
- Install this on all server (control, network, compute)
yum -y install yum-plugin-priorities
# bug fix, seems to remove the need for the above - but anyway:
sed -i "s/enabled = 1/enabled = 0/g" /etc/yum/pluginconf.d/priorities.conf
yum -y install http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm
yum -y install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum -y install openstack-utils
yum -y install openstack-selinux
# yum upgrade / reboot if you can be arsedInstall the Messaging Server
- Install on the control node (but can be installed anywhere - the eg. has everything on the control node)
yum -y install qpid-cpp-server
sed -i "s/auth=yes/auth=no/g" /etc/qpidd.conf
service qpidd start
chkconfig qpidd onInstall the Identity Service (Keystone)
- Install on the control node
yum -y install openstack-keystone python-keystoneclient
openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:password@controller/keystone- Setup a keystone DB
$ mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'password';
mysql> exit- Do lots more stuff
# create the DB tables
su -s /bin/sh -c "keystone-manage db_sync" keystone
# setup a token
ADMIN_TOKEN=$(openssl rand -hex 10)
echo $ADMIN_TOKEN
# Note admin token as you will need later on
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
# setup pki keys
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown -R keystone:keystone /etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl- Start the service and enable on boot
service openstack-keystone start
chkconfig openstack-keystone on- Optional: Purge the tokens every hour as they are typically kept indefinitely.
(crontab -l -u keystone 2>&1 | grep -q token_flush) || \
echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone- Define users / tenants / roles
# Assuming your still in the same shell as above
export OS_SERVICE_TOKEN=$ADMIN_TOKEN
export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0- Create the admin user
keystone user-create --name=admin --pass=password --email=david.power@boston.co.uk
keystone role-create --name=admin
keystone tenant-create --name=admin --description="Admin Tenant"
keystone user-role-add --user=admin --tenant=admin --role=admin
keystone user-role-add --user=admin --role=_member_ --tenant=admin- Create the normal user
keystone user-create --name=demo --pass=password --email=david.power@boston.co.uk
keystone tenant-create --name=demo --description="Demo Tenant"
keystone user-role-add --user=demo --role=_member_ --tenant=demo- Create the service user
keystone tenant-create --name=service --description="Service Tenant"- Define services and APIs endpoints
keystone service-create --name=keystone --type=identity --description="OpenStack Identity"
keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ identity / {print $2}') \
--publicurl=http://controller:5000/v2.0 \
--internalurl=http://controller:5000/v2.0 \
--adminurl=http://controller:35357/v2.0- Verify the Identity service installation
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
keystone --os-username=admin --os-password=password --os-auth-url=http://controller:35357/v2.0 token-get
keystone --os-username=admin --os-password=password --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 token-get- Setup an rc file for these settings
[root@x8-2 ~]# cat admin-openrc.sh
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://controller:35357/v2.0
# source
source admin-openrc.sh
keystone token-get
# now we can run keystone commands
[root@x8-2 ~]# keystone user-list
+----------------------------------+-------+---------+--------------------------+
| id | name | enabled | email |
+----------------------------------+-------+---------+--------------------------+
| 065db47992ce4ce6899351b378ea0abd | admin | True | david.power@boston.co.uk |
| 415362238c5d43fe8fbad2867a4c0034 | demo | True | david.power@boston.co.uk |
+----------------------------------+-------+---------+--------------------------+
[root@x8-2 ~]# keystone user-role-list --user admin --tenant admin
+----------------------------------+----------+----------------------------------+----------------------------------+
| id | name | user_id | tenant_id |
+----------------------------------+----------+----------------------------------+----------------------------------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | 065db47992ce4ce6899351b378ea0abd | 3c7cdbdad1584cadbee27a03fd496c1c |
| b7f97985f5864a88ab83dd966ed61edc | admin | 065db47992ce4ce6899351b378ea0abd | 3c7cdbdad1584cadbee27a03fd496c1c |
+----------------------------------+----------+----------------------------------+----------------------------------+- Setup the demo user rc file (for later)
$ cat demo-openrc.sh
export OS_USERNAME=demo
export OS_PASSWORD=password
export OS_TENANT_NAME=demo
export OS_AUTH_URL=http://controller:35357/v2.0Create the Image Service (Glance)
- Install the image service on the controller node
yum -y install openstack-glance python-glanceclient
openstack-config --set /etc/glance/glance-api.conf database connection mysql://glance:password@controller/glance
openstack-config --set /etc/glance/glance-registry.conf database connection mysql://glance:password@controller/glance- Create the glance DB
$ mysql -u root -p
mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'password';- Populate the DB plus some other bits
su -s /bin/sh -c "glance-manage db_sync" glance
keystone user-create --name=glance --pass=password --email=david.power@boston.co.uk
keystone user-role-add --user=glance --tenant=service --role=admin
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host controller
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password password
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host controller
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password password
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone- Register the service, setup endpoint and start the service
keystone service-create --name=glance --type=image --description="OpenStack Image Service"
keystone endpoint-create --service-id=$(keystone service-list | awk '/ image / {print $2}') \
--publicurl=http://controller:9292 \
--internalurl=http://controller:9292 \
--adminurl=http://controller:9292
service openstack-glance-api start
service openstack-glance-registry start
chkconfig openstack-glance-api on
chkconfig openstack-glance-registry on- Verify the Image Service installation
mkdir /tmp/images
cd /tmp/images/
wget http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img
file cirros-0.3.2-x86_64-disk.img
# [Output - format is QCOW which we need for the next cmd]: cirros-0.3.2-x86_64-disk.img: Qemu Image, Format: Qcow , Version: 2
# Source not really needed if done above
source admin-openrc.sh
glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2 --container-format bare --is-public True --progress < cirros-0.3.2-x86_64-disk.img
glance image-listConfigure the Compute Service (Nova)
- In this example we are running the compute services on the controller. the compute itself only needs to run the launcher service
- On the contorller
- Install the services
yum -y install openstack-nova-api openstack-nova-cert openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler \
python-novaclient- Setup the nova service
openstack-config --set /etc/nova/nova.conf database connection mysql://nova:password@controller/nova
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend qpid
openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname controller
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.28.80.2
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 172.28.80.2
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 172.28.80.2- Setup the DB
$ mysql -u root -p
mysql> CREATE DATABASE nova;
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'password';- Create the DB content
su -s /bin/sh -c "nova-manage db sync" nova
keystone user-create --name=nova --pass=password --email=nova@example.com
keystone user-role-add --user=nova --tenant=service --role=admin
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password password
keystone service-create --name=nova --type=compute --description="OpenStack Compute"
keystone endpoint-create --service-id=$(keystone service-list | awk '/ compute / {print $2}') \
--publicurl=http://controller:8774/v2/%\(tenant_id\)s \
--internalurl=http://controller:8774/v2/%\(tenant_id\)s \
--adminurl=http://controller:8774/v2/%\(tenant_id\)s- Start / Enable the services
service openstack-nova-api start
service openstack-nova-cert start
service openstack-nova-consoleauth start
service openstack-nova-scheduler start
service openstack-nova-conductor start
service openstack-nova-novncproxy start
chkconfig openstack-nova-api on
chkconfig openstack-nova-cert on
chkconfig openstack-nova-consoleauth on
chkconfig openstack-nova-scheduler on
chkconfig openstack-nova-conductor on
chkconfig openstack-nova-novncproxy on- Verify the setup
[root@x8-2 images]# nova image-list
+--------------------------------------+---------------------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+---------------------+--------+--------+
| a467f1f1-87b8-41e7-9c70-89f990e78f45 | cirros-0.3.2-x86_64 | ACTIVE | |
+--------------------------------------+---------------------+--------+--------+Configure a Compute Node
- Run all these commands on the compute node
- Install the packages
yum -y install openstack-nova-compute- Configure the service (update the IPs below to suit)
openstack-config --set /etc/nova/nova.conf database connection mysql://nova:password@controller/nova
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password password
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend qpid
openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname controller
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.28.80.0
openstack-config --set /etc/nova/nova.conf DEFAULT vnc_enabled True
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 172.28.80.0
openstack-config --set /etc/nova/nova.conf DEFAULT novncproxy_base_url http://controller:6080/vnc_auto.html
openstack-config --set /etc/nova/nova.conf DEFAULT glance_host controller- Start / Enable the services
service libvirtd start
service messagebus start
service openstack-nova-compute start
chkconfig libvirtd on
chkconfig messagebus on
chkconfig openstack-nova-compute on==