Cloud · Grizzly · Network Management · Open vSwitch · OpenStack · Quantum

OpenStack Grizzly version on Ubuntu 12.04

Installation

The following procedure can be used to install OpenStack Grizzly  on Ubuntu 12.04 LTS

All the commands in this procedure should be run as the root user

Add the repositories for installing OpenStack grizzly

apt-get install ubuntu-cloud-keyring python-software-properties software-properties-common python-keyring
echo deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main >> /etc/apt/sources.list.d/grizzly.list

Update to install the latest paackages

apt-get update
apt-get upgrade

The Support packages

Install the supporting packages

apt-get install -y mysql-server python-mysqldb rabbitmq-server ntp vlan bridge-utils

Change mysql configuration

sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
service mysql restart

Enable IP forwarding

sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
sysctl net.ipv4.ip_forward=1

Keystone (Authentication)

Install Keystone

apt-get install -y keystone

Create mysql database named keystone and add credentials

mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL ON keystone.* TO 'keystoneUser'@'%' IDENTIFIED BY 'keystonePass';
quit;

Edit the file /etc/keystone/keystone.conf and edit the following line, so it looks like this

connection = mysql://keystoneUser:keystonePass@/keystone

Restart the keystone service and sync the database

service keystone restart
keystone-manage db_sync

Commands to create the authorization needed by other services

keystone tenant-create --name=admin
keystone tenant-create --name=service
keystone user-create --name=admin --pass=admin_pass --email=admin@domain.com
keystone role-create --name=admin
keystone role-create --name=KeystoneAdmin
keystone role-create --name=KeystoneServiceAdmin

Use the following commands to list the IDs needed to proceed with other commands

keystone user-list
keystone role-list
keystone tenant-list

Run the following commands

keystone user-role-add --user-id <admin_user_id> --role-id <admin_role_id> --tenant-id <admin_tenant_id>
keystone user-role-add --user-id <admin_user_id> --role-id <keystoneadmin_role_id> --tenant-id <admin_tenant_id>
keystone user-role-add --user-id <admin_user_id> --role-id <keystoneservice_role_id> --tenant-id <admin_tenant_id>

Create a role named “member”

keystone role-create --name=Member

Create user “nova”

keystone user-create --name=nova --pass=nova_pass --tenant-id <service_tenant_id> --email=nova@domain.com
keystone user-role-add --tenant-id <service_tenant_id> --user-id <nova_user_id> --role-id <admin_role_id>

Create user “glance”

keystone user-create --name=glance --pass=glance_pass --tenant-id <service_tenant_id> --email=glance@domain.com
keystone user-role-add --tenant-id <service_tenant_id> --user-id <glance_user_id> --role-id <admin_role_id>

Create user “quantum”

keystone user-create --name=quantum --pass=quantum_pass --tenant-id <service_tenant_id> --email=quantum@domain.com
keystone user-role-add --tenant-id <service_tenant_id> --user-id <quantum_tenant_id> --role-id <admin_role_id>

Create user “cinder”

keystone user-create --name=cinder --pass=cinder_pass --tenant-id <service_tenant_id> --email=cinder@domain.com
keystone user-role-add --tenant-id <service_tenant_id> --user-id <cinder_tenant_id> --role-id <admin_role_id>

Create services

keystone service-create --name nova --type compute --description 'OpenStack Compute Service'
keystone service-create --name cinder --type volume --description 'OpenStack Volume Service'
keystone service-create --name glance --type image --description 'OpenStack Image Service'
keystone service-create --name keystone --type identity --description 'OpenStack Identity
keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service'
keystone service-create --name quantum --type network --description 'OpenStack Networking service'

Use the following command to retrieve the service IDs

keystone service-list

Create end-points

keystone endpoint-create --region  --service-id <nova_service_id> --publicurl 'http://<IP_address>:8774/v2/$(tenant_id)s' --adminurl 'http://<IP_address>:8774/v2/$(tenant_id)s' --internalurl 'http://<IP_address>:8774/v2/$(tenant_id)s'
keystone endpoint-create --region  --service-id <cinder_service_id> --publicurl 'http://<IP_address>:8776/v1/$(tenant_id)s' --adminurl 'http://<IP_address>:8776/v1/$(tenant_id)s' --internalurl 'http://<IP_address>:8776/v1/$(tenant_id)s'
keystone endpoint-create --region  --service-id <glance_service_id> --publicurl 'http://<IP_address>:9292/v2' --adminurl 'http://<IP_address>:9292/v2' --internalurl 'http://<IP_address>:9292/v2'
keystone endpoint-create --region  --service-id <keystone_service_id> --publicurl 'http://<IP_address>:5000/v2.0' --adminurl 'http://<IP_address>:35357/v2.0' --internalurl 'http://<IP_address>:5000/v2.0'
keystone endpoint-create --region  --service-id <EC2_service_id> --publicurl 'http://<IP_address>:8773/services/Cloud' --adminurl 'http://<IP_address>:8773/services/Admin' --internalurl 'http://'"$HOST_IP"':8773/services/Cloud'
keystone endpoint-create --region  --service-id <quantum_service_id> --publicurl 'http://<IP_address>:9696/' --adminurl 'http://<IP_address>:9696/' --internalurl 'http://<IP_address>:9696/'

Create a new file named “creds” and add following lines to it

export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin_pass
export OS_AUTH_URL="http://<IP_address>:5000/v2.0/"

Now source the file and test it using keystone command

source creds
keystone user-list

Glance (Image Store)

Install Glance

apt-get install -y glance

Create database and credentials for Glance

mysql -u root -p
CREATE DATABASE glance;
GRANT ALL ON glance.* TO 'glanceUser'@'%' IDENTIFIED BY 'glancePass';
quit;

Update /etc/glance/glance-api-paste.ini with

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
delay_auth_decision = true
auth_host = <IP_address>
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = service_pass

Update the /etc/glance/glance-registry-paste.ini with

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = <IP_address>
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = service_pass

Update /etc/glance/glance-api.conf with

sql_connection = mysql://glanceUser:glancePass@<IP_address>/glance

and

[paste_deploy]
flavor = keystone

Update the /etc/glance/glance-registry.conf with

sql_connection = mysql://glanceUser:glancePass@<IP_address>/glance

and

[paste_deploy]
flavor = keystone

Restart the services

service glance-api restart; service glance-registry restart

sync Glance database

glance-manage db_sync

Upload one image to check if Glance works

glance image-create --name Cirros --is-public true --container-format bare --disk-format qcow2 --location https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
glance index

Nova (Compute)

Install Nova services

apt-get install -y nova-api nova-cert novnc nova-consoleauth nova-scheduler nova-novncproxy nova-doc nova-conductor nova-compute-kvm

Create and configure Database named Nova

mysql -u root -p
CREATE DATABASE nova;
GRANT ALL ON nova.* TO 'novaUser'@'%' IDENTIFIED BY 'novaPass';
quit;

Update /etc/nova/api-paste.ini with

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = <IP_address>
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = service_pass
signing_dirname = /tmp/keystone-signing-nova
# Workaround for https://bugs.launchpad.net/nova/+bug/1154809
auth_version = v2.0

Remove all the lines from /etc/nova/nova.conf and add the following lines

[DEFAULT]
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/run/lock/nova
verbose=True
api_paste_config=/etc/nova/api-paste.ini
compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler
rabbit_host=10.10.100.51
nova_url=http://10.10.100.51:8774/v1.1/
sql_connection=mysql://novaUser:novaPass@10.10.100.51/nova
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
# Auth
use_deprecated_auth=false
auth_strategy=keystone
# Imaging service
glance_api_servers=<IP_address>:9292
image_service=nova.image.glance.GlanceImageService
# Vnc configuration
novnc_enabled=true
novncproxy_base_url=http://<IP_address>:6080/vnc_auto.html
novncproxy_port=6080
vncserver_proxyclient_address=<IP_address>
vncserver_listen=0.0.0.0
# Network settings
network_api_class=nova.network.quantumv2.api.API
quantum_url=http://<IP_address>:9696
quantum_auth_strategy=keystone
quantum_admin_tenant_name=service
quantum_admin_username=quantum
quantum_admin_password=service_pass
quantum_admin_auth_url=http://<IP_address>:35357/v2.0
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
#If you want Quantum + Nova Security groups
firewall_driver=nova.virt.firewall.NoopFirewallDriver
security_group_api=quantum
#If you want Nova Security groups only, comment the two lines above and uncomment line -1-.
#-1-firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
#Metadata
service_quantum_metadata_proxy = True
quantum_metadata_proxy_shared_secret = helloOpenStack
metadata_host = <IP_address>
metadata_listen = 127.0.0.1
metadata_listen_port = 8775
# Compute #
compute_driver=libvirt.LibvirtDriver
# Cinder #
volume_api_class=nova.volume.cinder.API
osapi_volume_listen_port=5900

Update /etc/nova/nova-compute.conf with

[DEFAULT]
libvirt_type=kvm
libvirt_ovs_bridge=br-int
libvirt_vif_type=ethernet
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
libvirt_use_virtio_for_bridges=True

Sync database

nova-manage db sync

Restart all Nova services

cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done

Check if all Nova services are working

nova-manage service list

OpenVswitch

Install OpenVswitch and support packages

apt-get install -y openvswitch-switch openvswitch-datapath-dkms

Add new OVS bridges

ovs-vsctl add-br br-int
ovs-vsctl add-br br-eth1
ovs-vsctl add-port br-eth1 ethx

Add the interface ethx(x should be replaced with 0,1,2,3 etc according to secondary interface of the machine)

Quantum (Networking Service)

Install quantum and supporting packages

apt-get install -y quantum-server quantum-plugin-openvswitch quantum-plugin-openvswitch-agent dnsmasq quantum-dhcp-agent quantum-l3-agent

Create a database named quantum and configure it

mysql -u root -p
CREATE DATABASE quantum;
GRANT ALL ON quantum.* TO 'quantumUser'@'%' IDENTIFIED BY 'quantumPass';
quit;

Update the file /etc/quantum/api-paste.ini with

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = <IP_address>
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass

Update the file /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini with

[DATABASE]
sql_connection = mysql://quantumUser:quantumPass@<IP_address>/quantum

 

[OVS]
tenant_network_type=vlan
enable_tunneling=False
integration_bridge=br-int
network_vlan_ranges = default:500:550
bridge_mappings = default:br-eth1

 

[SECURITYGROUP]
firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

Update /etc/quantum/metadata_agent.ini with

auth_url = http://10.10.100.51:35357/v2.0
auth_region = RegionOne
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
nova_metadata_ip = 127.0.0.1
nova_metadata_port = 8775
metadata_proxy_shared_secret = helloOpenStack

Update /etc/quantum/quantum.conf with

[keystone_authtoken]
auth_host = <IP_address>
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
signing_dir = /var/lib/quantum/keystone-signing

Restart Quantum services

cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i restart; done

Restart DNSmasq

service dnsmasq restart

If you want to use GRE mode, make the appropriate changes using the following link

https://fosskb.in/2013/09/10/gre-mode-in-openvswitch-on-openstack-grizzly/

Horizon (OpenStack-Dashboard)

Install Horizon and support packages

apt-get -y install openstack-dashboard memcached

Restart apache and memchached

service apache2 restart

service memcached restart

Now login to Dashboard using the URL

http://<IP_address>/horizon

Credentials

Login: admin
Password: admin_pass

Creating Custom Images

https://fosskb.in/2013/07/30/bundling-debian-7-x-image-for-openstack/

https://fosskb.in/2013/07/24/bundling-freebsd-9-image-for-openstack/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s