Cloud · Havana · Network Management · Neutron · OpenStack · Ubuntu

OpenStack Havana on Ubuntu 12.04 LTS – Single machine setup

The Single machine setup has all the services running. Cinder part is to be added in the future.

Install Ubuntu 12.04 with partitioning scheme as per your requirements.

Note: Run all the commands as super-user. We assume that the IP of the Single machine is 10.0.0.1.

Configure the repositories

apt-get install python-software-properties
add-apt-repository cloud-archive:havana
apt-get update
apt-get upgrade

Support packages

RaabitMQ server

apt-get install rabbitmq-server
rabbitmqctl change_password guest rabbit_pass

MySQL server

Install MySQL server and related software

apt-get install -y mysql-server python-mysqldb
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
service mysql restart

Other Support Packages

apt-get install ntp vlan bridge-utils
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
sysctl net.ipv4.ip_forward=1

Keystone

Install keystone

apt-get install -y keystone

Create mysql database named keystone and add credentials

mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL ON keystone.* TO 'keystoneUser'@'%' IDENTIFIED BY 'keystonePass';
quit;

Edit the file /etc/keystone/keystone.conf and edit the following line, so it looks like this

connection = mysql://keystoneUser:keystonePass@10.0.0.1/keystone

Restart the keystone service and sync the database

service keystone restart
keystone-manage db_sync

Export the variable to run initial keystone commands

export OS_SERVICE_TOKEN=ADMIN
export OS_SERVICE_ENDPOINT=http://10.0.0.1:35357/v2.0

Create admin user, admin tenant, admin role and service tenant. Also add admin user to admin tenant and admin role.

keystone tenant-create --name=admin --description="Admin Tenant"
keystone tenant-create --name=service --description="Service Tenant"
keystone user-create --name=admin --pass=ADMIN --email=admin@example.com
keystone role-create --name=admin
keystone user-role-add --user=admin --tenant=admin --role=admin

Create keystone service

keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"

Create keystone endpoint

keystone endpoint-create --service keystone --publicurl=http://10.0.0.1:5000/v2.0 --internalurl=http://10.0.0.1:5000/v2.0 --adminurl=http://10.0.0.1:35357/v2.0

Check the keystone connection and credentials

unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
keystone --os-username=admin --os-password=ADMIN --os-auth-url=http://10.0.0.1:35357/v2.0 token-get

Create a file named creds and add the following lines

export OS_USERNAME=admin
export OS_PASSWORD=ADMIN
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://10.0.0.1:35357/v2.0

Source the file

source creds

Test the creds file

keystone token-get
keystone user-list

Glance (Image Store)

Install Glance

apt-get install -y glance

Create database and credentials for Glance

mysql -u root -p
CREATE DATABASE glance;
GRANT ALL ON glance.* TO 'glanceUser'@'%' IDENTIFIED BY 'glancePass';
quit;

Create glance related keystone entries

keystone user-create --name=glance --pass=glance_pass --email=glance@example.com
keystone user-role-add --user=glance --tenant=service --role=admin
keystone service-create --name=glance --type=image --description="Glance Image Service"
keystone endpoint-create --service glance --publicurl=http://10.0.0.1:9292 --internalurl=http://10.0.0.1:9292 --adminurl=http://10.0.0.1:9292

Edit /etc/glance/glance-api.conf and edit the following lines

[DEFAULT]
sql_connection = mysql://glanceUser:glancePass@10.0.0.1/glance

rabbit_host = 10.0.0.1
rabbit_port = 5672
rabbit_userid = guest
rabbit_password = rabbit_pass
[keystone_authtoken]
auth_host = 10.0.0.1
auth_port = 5000
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = glance_pass

[paste_deploy]
flavor = keystone

Edit /etc/glance/glance-registry.conf and edit the following lines

sql_connection = mysql://glanceUser:glancePass@10.0.0.1/glance

[keystone_authtoken]
auth_host = 10.0.0.1
auth_port = 5000
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = glance_pass

[paste_deploy]
flavor = keystone

Restart Glance services

service glance-api restart
service glance-registry restart

Sync the database

glance-manage db_sync

Download a pre-bundled image for testing

glance image-create --name Cirros --is-public true --container-format bare --disk-format qcow2 --location https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
glance index

Nova(Compute)

Install the Nova services

apt-get install nova-compute nova-novncproxy novnc nova-api nova-ajax-console-proxy nova-cert nova-conductor nova-consoleauth nova-doc nova-scheduler nova-volume python-novaclient

Create database and credentials for Nova

mysql -u root -p
CREATE DATABASE nova;
GRANT ALL ON nova.* TO 'novaUser'@'%' IDENTIFIED BY 'novaPass';
quit

Create Keystone entries for Nova

keystone user-create --name=nova --pass=nova_pass --email=nova@domain.com
keystone user-role-add --tenant=service --user=nova --role=admin
keystone service-create --name nova --type compute --description 'OpenStack Compute Service'
keystone endpoint-create --service nova  --publicurl 'http://10.0.0.1:8774/v2/$(tenant_id)s' --adminurl 'http://10.0.0.1:8774/v2/$(tenant_id)s' --internalurl 'http://10.0.0.1/v2/$(tenant_id)s'

Open /etc/nova/nova.conf and edit the file as follows

[DEFAULT]
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
iscsi_helper=tgtadm
libvirt_use_virtio_for_bridges=True
connection_type=libvirt
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
verbose=True
ec2_private_dns_show_ip=True
api_paste_config=/etc/nova/api-paste.ini
volumes_path=/var/lib/nova/volumes
enabled_apis=ec2,osapi_compute,metadata
rpc_backend = nova.rpc.impl_kombu
rabbit_host = 10.0.0.1
rabbit_password = rabbit_pass
my_ip=10.0.0.1
vncserver_listen=10.0.0.1
novncproxy_base_url=http://10.0.0.1:6080/vnc_auto.html
vncserver_proxyclient_address=10.0.0.1
auth_strategy=keystone

network_api_class=nova.network.neutronv2.api.API
neutron_url=http://10.0.0.1:9696
neutron_auth_strategy=keystone
neutron_admin_tenant_name=service
neutron_admin_username=neutron
neutron_admin_password=neutron_pass
neutron_admin_auth_url=http://10.0.0.1:35357/v2.0
firewall_driver=nova.virt.firewall.NoopFirewallDriver
security_group_api=neutron


[database]
connection = mysql://novaUser:novaPass@10.0.0.1/nova

[keystone_authtoken]
auth_host = 10.0.0.1
auth_port = 5000
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = nova_pass

Edit /etc/nova/api-paste.ini as follows

[filter:authtoken]
auth_host = 127.0.0.1
auth_port = 5000
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = nova_pass
auth_version = v2.0

Sync the nova database

nova-manage db sync

Restart all nova services

cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; cd ;done

Test the Nova installation using the following command

nova-manage service list

The output should be something like this

Binary           Host                     Zone             Status     State Updated_At
nova-cert        openstack                internal         enabled    :-)   2014-03-11 10:07:30
nova-consoleauth openstack                internal         enabled    :-)   2014-03-11 10:07:30
nova-conductor   openstack                internal         enabled    :-)   2014-03-11 10:07:27
nova-scheduler   openstack                internal         enabled    :-)   2014-03-11 10:07:30
nova-compute     openstack                nova             enabled    :-)   2014-03-11 10:07:28
nova-console     openstack                internal         enabled    :-)   2014-03-11 10:07:27

Also run the following command to check if nova is able to authenticate with keystone server

nova list

Neutron(Networking service)

Install the Neutron services

apt-get install neutron-server neutron-dhcp-agent neutron-plugin-openvswitch-agent openvswitch-switch neutron-l3-agent

Edit the file /etc/sysctl.conf and make the following changes

net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0

Save the file and run the following command to make sure the changes take effect immediately

sysctl -p

Create database and credentials for Neutron

mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL ON neutron.* TO 'neutronUser'@'%' IDENTIFIED BY 'neutronPass';
quit;

Create Keystone entries for Neutron

keystone user-create --name=neutron --pass=neutron_pass --email=neutron@example.com
keystone user-role-add --user=neutron --tenant=service --role=admin
keystone service-create --name neutron --type network --description 'OpenStack Networking service'
keystone endpoint-create --service neutron  --publicurl 'http://10.0.0.1:9696/' --adminurl 'http://10.0.0.1:9696/' --internalurl 'http://10.0.0.1:9696/'

Edit /etc/neutron/neutron.conf

[default]
rpc_backend = neutron.openstack.common.rpc.impl_kombu 
rabbit_host = 10.0.0.1 
rabbit_port = 5672 
rabbit_userid = guest 
rabbit_password = rabbit_pass

[keystone_authtoken]
auth_host = 10.0.0.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = neutron
admin_password = neutron_pass
signing_dir = $state_path/keystone-signing

[database]
connection = mysql://neutronUser:neutronPass@10.0.0.1/neutron

Open the /etc/neutron/api-paste.ini file and edit it as follows

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 10.0.0.1
admin_tenant_name = service
admin_user = neutron
admin_password = neutron_pass

Create bridges

ovs-vsctl add-br br-int
ovs-vsctl add-br br-eth1
ovs-vsctl add-port br-eth1 ethx
# x=1,2,3 etc as per the ethernet interface

Open /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini and make the following changes

[OVS]
tenant_network_type = vlan
network_vlan_ranges = default:2000:3999
integration_bridge = br-int
bridge_mappings = default:br-eth1

[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

Edit /etc/neutron/metadata_agent.ini to look like this

[DEFAULT]
auth_url = http://localhost:5000/v2.0
auth_region = RegionOne
admin_tenant_name = service
admin_user = neutron
admin_password = neutron_pass
metadata_proxy_shared_secret = metadata_pass

Edit /etc/neutron/dhcp_agent.ini to look like this

[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
use_namespaces = True

Edit /etc/neutron/l3_agent.ini to look like this

[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = True
service neutron-server restart
service neutron-plugin-openvswitch-agent restart
service neutron-metadata-agent restart
service neutron-dhcp-agent restart
service neutron-l3-agent restart

Check if the services are running using the following command

neutron agent-list

The output should be like

+--------------------------------------+--------------------+-----------+-------+----------------+
| id                                   | agent_type         | host      | alive | admin_state_up |
+--------------------------------------+--------------------+-----------+-------+----------------+
| 21b570c8-b822-47de-8d21-30fc08e26e05 | L3 agent           | openstack | :-)   | True           |
| 37f64d91-9e8a-43ff-914b-56c9ab9a3e41 | DHCP agent         | openstack | :-)   | True           |
| 70e6b9f4-740a-4961-93ff-26a3b3c50397 | Open vSwitch agent | openstack | :-)   | True           |
+--------------------------------------+--------------------+-----------+-------+----------------+

Horizon (OpenStack Dashboard)

apt-get install openstack-dashboard

After installing login using the following credentials

URL     : http://10.0.0.1/horizon
Username: admin
Password: ADMIN

Use the following link to get started with the first instance on OpenStack.

Procedure to get started with the first instance on OpenStack

Advertisements

12 thoughts on “OpenStack Havana on Ubuntu 12.04 LTS – Single machine setup

  1. how can i install cinder?
    can i see example??(for cinder)
    and if i dont have cinder on horizon, can i create instance?

  2. Hi i try to many installation same method

    Everything is good

    But external network does not working

    Best regards and thanks for your nice support.

  3. i am not able to see nova-console entry , all five are appearing. what is the reason of it?
    “nova-console openstack internal enabled 🙂 2014-03-11 10:07:27”
    above mention entry is not coming. pls reply

  4. Hi
    how can i fix this error please with Openstack Havana in Ubuntu 12.04 LTS:

    Error communicating with http://controller:8777 [Errno 111] Connection refused

    *ceilometer-agent-central.log :
    2014-05-05 23:28:50.633 14745 ERROR ceilometer.openstack.common.rpc.common [-] AMQP server on controller:5672 is unreachable: Socket closed. Trying again in 30 seconds.
    2014-05-05 23:31:26.454 16607 ERROR ceilometer.openstack.common.rpc.common [-] Failed to consume message from queue: Socket closed
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common Traceback (most recent call last):
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common File “/usr/lib/python2.7/dist-packages/ceilometer/openstack/common/rpc/impl_kombu.py”, line 577, in ensure
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common return method(*args, **kwargs)
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common File “/usr/lib/python2.7/dist-packages/ceilometer/openstack/common/rpc/impl_kombu.py”, line 657, in _consume
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common return self.connection.drain_events(timeout=timeout)
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common File “/usr/lib/python2.7/dist-packages/kombu/connection.py”, line 281, in drain_events
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common return self.transport.drain_events(self.connection, **kwargs)
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common File “/usr/lib/python2.7/dist-packages/kombu/transport/pyamqp.py”, line 91, in drain_events
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common return connection.drain_events(**kwargs)
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common File “/usr/lib/python2.7/dist-packages/amqp/connection.py”, line 266, in drain_events
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common chanmap, None, timeout=timeout,
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common File “/usr/lib/python2.7/dist-packages/amqp/connection.py”, line 328, in _wait_multiple
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common channel, method_sig, args, content = read_timeout(timeout)
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common File “/usr/lib/python2.7/dist-packages/amqp/connection.py”, line 292, in read_timeout
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common return self.method_reader.read_method()
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common File “/usr/lib/python2.7/dist-packages/amqp/method_framing.py”, line 187, in read_method
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common raise m
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common IOError: Socket closed
    2014-05-05 23:31:26.454 16607 TRACE ceilometer.openstack.common.rpc.common
    2014-05-05 23:31:26.474 16607 ERROR ceilometer.openstack.common.rpc.common [-] AMQP server on controller:5672 is unreachable: [Errno 111] ECONNREFUSED. Trying again in 1 seconds.
    2014-05-05 23:31:27.486 16607 ERROR ceilometer.openstack.common.rpc.common [-] AMQP server on controller:5672 is unreachable: [Errno 111] ECONNREFUSED. Trying again in 3 seconds.

    ***ceilometer-api.log:

    014-05-05 23:53:15.684 17722 INFO keystoneclient.middleware.auth_token [-] Starting keystone auth_token middleware
    2014-05-05 23:53:15.685 17722 INFO keystoneclient.middleware.auth_token [-] Using /tmp/keystone-signing-RrLKeq as cache directory for signing certificate
    2014-05-05 23:53:15.721 17722 CRITICAL ceilometer [-] command SON([(‘authenticate’, 1), (‘user’, u’ceilometer’), (‘nonce’, u’f4ca9befd11425b4′), (‘key’, u’8c5de2059a054c0ae7afb15c4c946c43′)]) failed: auth fails

    Need help pleeease

  5. HI,
    When i tried ‘nova-list’ , I am facing this problem
    ERROR: Malformed request URL: URL’s project_id ‘f02a0186e3d64224ba1830df5815771c’ doesn’t match Context’s project_id ’57bd47b1129f4a4fba3b9bb7ada7e0f3′ (HTTP 400) (Request-ID: req-a7f0d8d0-f67e-474a-a3a4-5352195ebeb2)

  6. OK,

    Many thanks for the explanation. Anyhow, when creating the Nova database in your tutorial, you have the following text there (with “novaUser” not just “nova”):

    mysql -u root -p
    CREATE DATABASE nova;
    GRANT ALL ON nova.* TO ‘novaUser’@’%’ IDENTIFIED BY ‘novaPass’;
    quit

    Also add the “;” after the “quit” command. It is missing there.

    Although there are still some discrepancies, now I know how to proceed and will give it another try. I will keep you informed how this second attempt to succeed the Havana OpenStack deplyment would come out.

    Best regards and thanks for your nice support.

    Jozef

  7. Sir,

    I have finally found your article searching the Internet.It is very interesting to me, as that is what I am going to implement for testing the OpenStack – install it on a single Ubuntu Server 12.04 LTS machine.

    Well, the installation began as per your instructions. Everything was going fine until Nova installation was tested. When I issue this command “nova-manage service list”, I got a full list of errors that begin with “2014-04-09 15:34:21.373 3260 CRITICAL nova [req-efdfc0d0-d962-4bb6-92f0-2498fb73d0ca None None] (OperationalError) (1129, “Host ‘XXX.XXX.XXX.XXX’ is blocked because of many connection errors; unblock with ‘mysqladmin flush-hosts'”) None None”. The next few lines read as follows:

    2014-04-09 15:34:21.373 3260 TRACE nova Traceback (most recent call last):
    2014-04-09 15:34:21.373 3260 TRACE nova File “/usr/bin/nova-manage”, line 10, in
    2014-04-09 15:34:21.373 3260 TRACE nova sys.exit(main())
    2014-04-09 15:34:21.373 3260 TRACE nova File “/usr/lib/python2.7/dist-packages/nova/cmd/manage.py”, line 1377, in main

    Finally here are few final lines of the error sequence:

    2014-04-09 15:41:07.978 3266 TRACE nova File “/usr/lib/python2.7/dist-packages/MySQLdb/connections.py”, line 187, in __init__
    2014-04-09 15:41:07.978 3266 TRACE nova super(Connection, self).__init__(*args, **kwargs2)
    2014-04-09 15:41:07.978 3266 TRACE nova OperationalError: (OperationalError) (1129, “Host ‘192.168.1.51’ is blocked because of many connection errors; unblock with ‘mysqladmin flush-hosts'”) None None
    2014-04-09 15:41:07.978 3266 TRACE nova

    I tried to unblock the server as proposed with “mysqladmin flush-hosts”, but there was no luck. Please could you let me know what might be the reason for my troubles? Until these errors are removed, I cannot proceed with the installation of Neutron and Horizon, can I?

    Many thanks in advance for your nice suppoort.

    Jozef

    1. Hi

      I too encountered the same problem. I restarted the mysql server and that solved the problem. I will try to reproduce your problem and find the exact way to resolv this issue.

      Thanks

      Thanks

      1. Hi,

        Many thanks for your reply. I am anxious to know your conclusion. Please let me know at your earliest convenience.

        Jozef

      2. Hi Jozef

        The database user created here is “nova”, in the following command

        GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@’%’ IDENTIFIED BY ‘novaPass’;

        But in nova.conf sql-connection is

        connection = mysql://novaUser:novaPass@10.0.0.1/nova

        but it should have been

        connection = mysql://nova:novaPass@10.0.0.1/nova

        It is an error in the documentation. I will fix it now. Thanks for pointing out.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s