Installation
The following procedure can be used to install OpenStack Grizzly on Ubuntu 12.04 LTS
All the commands in this procedure should be run as the root user
Add the repositories for installing OpenStack grizzly
apt-get install ubuntu-cloud-keyring python-software-properties software-properties-common python-keyring echo deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main >> /etc/apt/sources.list.d/grizzly.list
Update to install the latest paackages
apt-get update apt-get upgrade
The Support packages
Install the supporting packages
apt-get install -y mysql-server python-mysqldb rabbitmq-server ntp vlan bridge-utils
Change mysql configuration
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf service mysql restart
Enable IP forwarding
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf sysctl net.ipv4.ip_forward=1
Keystone (Authentication)
Install Keystone
apt-get install -y keystone
Create mysql database named keystone and add credentials
mysql -u root -p CREATE DATABASE keystone; GRANT ALL ON keystone.* TO 'keystoneUser'@'%' IDENTIFIED BY 'keystonePass'; quit;
Edit the file /etc/keystone/keystone.conf and edit the following line, so it looks like this
connection = mysql://keystoneUser:keystonePass@/keystone
Restart the keystone service and sync the database
service keystone restart keystone-manage db_sync
Commands to create the authorization needed by other services
keystone tenant-create --name=admin keystone tenant-create --name=service keystone user-create --name=admin --pass=admin_pass --email=admin@domain.com keystone role-create --name=admin keystone role-create --name=KeystoneAdmin keystone role-create --name=KeystoneServiceAdmin
Use the following commands to list the IDs needed to proceed with other commands
keystone user-list keystone role-list keystone tenant-list
Run the following commands
keystone user-role-add --user-id <admin_user_id> --role-id <admin_role_id> --tenant-id <admin_tenant_id> keystone user-role-add --user-id <admin_user_id> --role-id <keystoneadmin_role_id> --tenant-id <admin_tenant_id> keystone user-role-add --user-id <admin_user_id> --role-id <keystoneservice_role_id> --tenant-id <admin_tenant_id>
Create a role named “member”
keystone role-create --name=Member
Create user “nova”
keystone user-create --name=nova --pass=nova_pass --tenant-id <service_tenant_id> --email=nova@domain.com keystone user-role-add --tenant-id <service_tenant_id> --user-id <nova_user_id> --role-id <admin_role_id>
Create user “glance”
keystone user-create --name=glance --pass=glance_pass --tenant-id <service_tenant_id> --email=glance@domain.com keystone user-role-add --tenant-id <service_tenant_id> --user-id <glance_user_id> --role-id <admin_role_id>
Create user “quantum”
keystone user-create --name=quantum --pass=quantum_pass --tenant-id <service_tenant_id> --email=quantum@domain.com keystone user-role-add --tenant-id <service_tenant_id> --user-id <quantum_tenant_id> --role-id <admin_role_id>
Create user “cinder”
keystone user-create --name=cinder --pass=cinder_pass --tenant-id <service_tenant_id> --email=cinder@domain.com keystone user-role-add --tenant-id <service_tenant_id> --user-id <cinder_tenant_id> --role-id <admin_role_id>
Create services
keystone service-create --name nova --type compute --description 'OpenStack Compute Service' keystone service-create --name cinder --type volume --description 'OpenStack Volume Service' keystone service-create --name glance --type image --description 'OpenStack Image Service' keystone service-create --name keystone --type identity --description 'OpenStack Identity keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service' keystone service-create --name quantum --type network --description 'OpenStack Networking service'
Use the following command to retrieve the service IDs
keystone service-list
Create end-points
keystone endpoint-create --region --service-id <nova_service_id> --publicurl 'http://<IP_address>:8774/v2/$(tenant_id)s' --adminurl 'http://<IP_address>:8774/v2/$(tenant_id)s' --internalurl 'http://<IP_address>:8774/v2/$(tenant_id)s' keystone endpoint-create --region --service-id <cinder_service_id> --publicurl 'http://<IP_address>:8776/v1/$(tenant_id)s' --adminurl 'http://<IP_address>:8776/v1/$(tenant_id)s' --internalurl 'http://<IP_address>:8776/v1/$(tenant_id)s' keystone endpoint-create --region --service-id <glance_service_id> --publicurl 'http://<IP_address>:9292/v2' --adminurl 'http://<IP_address>:9292/v2' --internalurl 'http://<IP_address>:9292/v2' keystone endpoint-create --region --service-id <keystone_service_id> --publicurl 'http://<IP_address>:5000/v2.0' --adminurl 'http://<IP_address>:35357/v2.0' --internalurl 'http://<IP_address>:5000/v2.0' keystone endpoint-create --region --service-id <EC2_service_id> --publicurl 'http://<IP_address>:8773/services/Cloud' --adminurl 'http://<IP_address>:8773/services/Admin' --internalurl 'http://'"$HOST_IP"':8773/services/Cloud' keystone endpoint-create --region --service-id <quantum_service_id> --publicurl 'http://<IP_address>:9696/' --adminurl 'http://<IP_address>:9696/' --internalurl 'http://<IP_address>:9696/'
Create a new file named “creds” and add following lines to it
export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=admin_pass export OS_AUTH_URL="http://<IP_address>:5000/v2.0/"
Now source the file and test it using keystone command
source creds keystone user-list
Glance (Image Store)
Install Glance
apt-get install -y glance
Create database and credentials for Glance
mysql -u root -p CREATE DATABASE glance; GRANT ALL ON glance.* TO 'glanceUser'@'%' IDENTIFIED BY 'glancePass'; quit;
Update /etc/glance/glance-api-paste.ini with
[filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory delay_auth_decision = true auth_host = <IP_address> auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = glance admin_password = service_pass
Update the /etc/glance/glance-registry-paste.ini with
[filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory auth_host = <IP_address> auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = glance admin_password = service_pass
Update /etc/glance/glance-api.conf with
sql_connection = mysql://glanceUser:glancePass@<IP_address>/glance
and
[paste_deploy] flavor = keystone
Update the /etc/glance/glance-registry.conf with
sql_connection = mysql://glanceUser:glancePass@<IP_address>/glance
and
[paste_deploy] flavor = keystone
Restart the services
service glance-api restart; service glance-registry restart
sync Glance database
glance-manage db_sync
Upload one image to check if Glance works
glance image-create --name Cirros --is-public true --container-format bare --disk-format qcow2 --location https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img glance index
Nova (Compute)
Install Nova services
apt-get install -y nova-api nova-cert novnc nova-consoleauth nova-scheduler nova-novncproxy nova-doc nova-conductor nova-compute-kvm
Create and configure Database named Nova
mysql -u root -p CREATE DATABASE nova; GRANT ALL ON nova.* TO 'novaUser'@'%' IDENTIFIED BY 'novaPass'; quit;
Update /etc/nova/api-paste.ini with
[filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory auth_host = <IP_address> auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = nova admin_password = service_pass signing_dirname = /tmp/keystone-signing-nova # Workaround for https://bugs.launchpad.net/nova/+bug/1154809 auth_version = v2.0
Remove all the lines from /etc/nova/nova.conf and add the following lines
[DEFAULT] logdir=/var/log/nova state_path=/var/lib/nova lock_path=/run/lock/nova verbose=True api_paste_config=/etc/nova/api-paste.ini compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler rabbit_host=10.10.100.51 nova_url=http://10.10.100.51:8774/v1.1/ sql_connection=mysql://novaUser:novaPass@10.10.100.51/nova root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf # Auth use_deprecated_auth=false auth_strategy=keystone # Imaging service glance_api_servers=<IP_address>:9292 image_service=nova.image.glance.GlanceImageService # Vnc configuration novnc_enabled=true novncproxy_base_url=http://<IP_address>:6080/vnc_auto.html novncproxy_port=6080 vncserver_proxyclient_address=<IP_address> vncserver_listen=0.0.0.0 # Network settings network_api_class=nova.network.quantumv2.api.API quantum_url=http://<IP_address>:9696 quantum_auth_strategy=keystone quantum_admin_tenant_name=service quantum_admin_username=quantum quantum_admin_password=service_pass quantum_admin_auth_url=http://<IP_address>:35357/v2.0 libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver #If you want Quantum + Nova Security groups firewall_driver=nova.virt.firewall.NoopFirewallDriver security_group_api=quantum #If you want Nova Security groups only, comment the two lines above and uncomment line -1-. #-1-firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver #Metadata service_quantum_metadata_proxy = True quantum_metadata_proxy_shared_secret = helloOpenStack metadata_host = <IP_address> metadata_listen = 127.0.0.1 metadata_listen_port = 8775 # Compute # compute_driver=libvirt.LibvirtDriver # Cinder # volume_api_class=nova.volume.cinder.API osapi_volume_listen_port=5900
Update /etc/nova/nova-compute.conf with
[DEFAULT] libvirt_type=kvm libvirt_ovs_bridge=br-int libvirt_vif_type=ethernet libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver libvirt_use_virtio_for_bridges=True
Sync database
nova-manage db sync
Restart all Nova services
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
Check if all Nova services are working
nova-manage service list
OpenVswitch
Install OpenVswitch and support packages
apt-get install -y openvswitch-switch openvswitch-datapath-dkms
Add new OVS bridges
ovs-vsctl add-br br-int ovs-vsctl add-br br-eth1 ovs-vsctl add-port br-eth1 ethx
Add the interface ethx(x should be replaced with 0,1,2,3 etc according to secondary interface of the machine)
Quantum (Networking Service)
Install quantum and supporting packages
apt-get install -y quantum-server quantum-plugin-openvswitch quantum-plugin-openvswitch-agent dnsmasq quantum-dhcp-agent quantum-l3-agent
Create a database named quantum and configure it
mysql -u root -p CREATE DATABASE quantum; GRANT ALL ON quantum.* TO 'quantumUser'@'%' IDENTIFIED BY 'quantumPass'; quit;
Update the file /etc/quantum/api-paste.ini with
[filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory auth_host = <IP_address> auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = quantum admin_password = service_pass
Update the file /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini with
[DATABASE] sql_connection = mysql://quantumUser:quantumPass@<IP_address>/quantum
[OVS] tenant_network_type=vlan enable_tunneling=False integration_bridge=br-int network_vlan_ranges = default:500:550 bridge_mappings = default:br-eth1
[SECURITYGROUP] firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
Update /etc/quantum/metadata_agent.ini with
auth_url = http://10.10.100.51:35357/v2.0 auth_region = RegionOne admin_tenant_name = service admin_user = quantum admin_password = service_pass nova_metadata_ip = 127.0.0.1 nova_metadata_port = 8775 metadata_proxy_shared_secret = helloOpenStack
Update /etc/quantum/quantum.conf with
[keystone_authtoken] auth_host = <IP_address> auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = quantum admin_password = service_pass signing_dir = /var/lib/quantum/keystone-signing
Restart Quantum services
cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i restart; done
Restart DNSmasq
service dnsmasq restart
If you want to use GRE mode, make the appropriate changes using the following link
https://fosskb.in/2013/09/10/gre-mode-in-openvswitch-on-openstack-grizzly/
Horizon (OpenStack-Dashboard)
Install Horizon and support packages
apt-get -y install openstack-dashboard memcached
Restart apache and memchached
service apache2 restart service memcached restart
Now login to Dashboard using the URL
http://<IP_address>/horizon
Credentials
Login: admin
Password: admin_pass
Creating Custom Images
https://fosskb.in/2013/07/30/bundling-debian-7-x-image-for-openstack/
https://fosskb.in/2013/07/24/bundling-freebsd-9-image-for-openstack/