Cloud · Debian · IceHouse · Neutron · OpenStack

OpenStack Icehouse on Debian Wheezy – Single Machine setup

Install Debian 7 with partitioning scheme as per your requirements.

Note: Run all the commands as root. We assume that the IP of the Single machine is 10.0.0.1.

Configure the repositories and update the packages.

echo "deb http://archive.gplhost.com/debian icehouse-backports main" >>/etc/apt/sources.list
echo "deb http://archive.gplhost.com/debian icehouse main" >>/etc/apt/sources.list
apt-get update && apt-get install gplhost-archive-keyring
apt-get update && apt-get dist-upgrade

Note: reboot if kernel is upgraded.

reboot

Support packages

RaabitMQ server

apt-get install -y rabbitmq-server
apt-get install python-argparse
apt-get install dbconfig-common && dpkg-reconfigure dbconfig-common

MySQL server

Install MySQL server and related software

apt-get install -y mysql-server python-mysqldb
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf

Edit /etc/mysql/my.cnf and make the following changes

[mysqld]
...
default-storage-engine = innodb
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8

Run the following commands

service mysql restart
mysql_install_db
mysql_secure_installation

Keystone

Install keystone

apt-get install keystone

Create mysql database named keystone and add credentials

mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL ON keystone.* TO 'keystoneUser'@'%' IDENTIFIED BY 'keystonePass';
quit;

Edit the file /etc/keystone/keystone.conf and edit the following line, with “connection =”

connection = mysql://keystoneUser:keystonePass@10.0.0.1/keystone

Restart Keystone and sync the database

service keystone restart
keystone-manage db_sync

Set the value of admin token set in /etc/keystone/keystone.conf

admin_token = ADMIN

Export the values by running the following command

export OS_SERVICE_TOKEN=ADMIN
export OS_SERVICE_ENDPOINT=http://10.0.0.1:35357/v2.0

Create admin user, admin tenant, admin role and service tenant. Also add admin user to admin tenant and admin role. Unset proxy (if any) in the command line, for the following commands to work

keystone tenant-create --name=admin --description="Admin Tenant"
keystone tenant-create --name=service --description="Service Tenant"
keystone user-create --name=admin --pass=ADMIN --email=admin@example.com
keystone role-create --name=admin
keystone user-role-add --user=admin --tenant=admin --role=admin
keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
keystone endpoint-create --service keystone --publicurl=http://10.0.0.1:5000/v2.0 --internalurl=http://10.0.0.1:5000/v2.0 --adminurl=http://10.0.0.1:35357/v2.0

Unset the old exported values

unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT

create a file named creds and append the following lines

export OS_USERNAME=admin
export OS_PASSWORD=ADMIN
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://10.0.0.1:35357/v2.0

Now source the file

source creds

Check keystone Installation and Configurations using the following command

keystone token-get
keystone user-list

Glance (Image Store)

Install Glance

apt-get install -y glance

Create database and credentials for Glance

mysql -u root -p
CREATE DATABASE glance;
GRANT ALL ON glance.* TO 'glanceUser'@'%' IDENTIFIED BY 'glancePass';
quit;

Create glance related keystone entries

keystone user-create --name=glance --pass=glance_pass --email=glance@example.com
keystone user-role-add --user=glance --tenant=service --role=admin
keystone service-create --name=glance --type=image --description="Glance Image Service"
keystone endpoint-create --service glance --publicurl=http://10.0.0.1:9292 --internalurl=http://10.0.0.1:9292 --adminurl=http://10.0.0.1:9292

Edit /etc/glance/glance-api.conf and edit the following lines

connection = mysql://glance:glance_dbpass@10.0.0.1/glance
.......
[keystone_authtoken]
auth_host = 10.0.0.1
auth_port = 5000
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = glance_pass

[paste_deploy]
flavor = keystone

Edit /etc/glance/glance-registry.conf and edit the following lines as below

connection = mysql://glance:glance_dbpass@10.0.0.1/glance

[keystone_authtoken]
auth_host = 10.0.0.1
auth_port = 5000
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = glance_pass

[paste_deploy]
flavor = keystone

Restart Glance services

service glance-api restart
service glance-registry restart

Sync the database

glance-manage db_sync

Download a pre-bundled image for testing

glance image-create --name Cirros --is-public true --container-format bare --disk-format qcow2 --location https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img

Test the glance setup

glance index

Nova(Compute)

Install the Nova services

apt-get install -y nova-api nova-cert nova-conductor nova-consoleauth nova-novncproxy nova-scheduler python-novaclient nova-compute nova-console nova-novncproxy

Create database and credentials for Nova

mysql -u root -p
mysql> CREATE DATABASE nova;
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova_dbpass';
mysql> quit

Create Keystone entries for Nova

keystone user-create --name=nova --pass=nova_pass --email=nova@example.com
keystone user-role-add --user=nova --tenant=service --role=admin
keystone service-create --name=nova --type=compute --description="OpenStack Compute"
keystone endpoint-create --service=nova --publicurl=http://10.0.0.1:8774/v2/%\(tenant_id\)s --internalurl=http://10.0.0.1:8774/v2/%\(tenant_id\)s --adminurl=http://10.0.0.1:8774/v2/%\(tenant_id\)s

Edit /etc/nova/nova.conf

[DEFAULT]
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
iscsi_helper=tgtadm
libvirt_use_virtio_for_bridges=True
connection_type=libvirt
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
verbose=True
rpc_backend = nova.rpc.impl_kombu
rabbit_host = 10.0.0.1
my_ip = 10.0.0.1
vncserver_listen = 10.0.0.1
vncserver_proxyclient_address = 10.0.0.1
novncproxy_base_url=http://10.0.0.1:6080/vnc_auto.html
glance_host = 10.0.0.1
auth_strategy=keystone

network_api_class=nova.network.neutronv2.api.API
neutron_url=http://10.0.0.1:9696
neutron_auth_strategy=keystone
neutron_admin_tenant_name=service
neutron_admin_username=neutron
neutron_admin_password=neutron_pass
neutron_admin_auth_url=http://10.0.0.1:35357/v2.0
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver=nova.virt.firewall.NoopFirewallDriver
security_group_api=neutron

vif_plugging_is_fatal: false
vif_plugging_timeout: 0

[database]
connection = mysql://nova:nova_dbpass@10.0.0.1/nova

[keystone_authtoken]
auth_uri = http://10.0.0.1:5000
auth_host = 10.0.0.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = nova_pass

sync the db

nova-manage db sync

Restart the services

service nova-api restart ;service nova-cert restart; service nova-consoleauth restart ;service nova-scheduler restart;service nova-conductor restart; service nova-novncproxy restart; service nova-compute restart; service nova-console restart

Test the Nova installation using the following command

nova-manage service list

The output should be something like this

root@debian:~# nova-manage service list
Binary           Host                                 Zone             Status     State Updated_At
nova-cert        debian                               internal         enabled    :-)   2014-05-22 12:00:23
nova-consoleauth debian                               internal         enabled    :-)   2014-05-22 12:00:23
nova-scheduler   debian                               internal         enabled    :-)   2014-05-22 12:00:23
nova-conductor   debian                               internal         enabled    :-)   2014-05-22 12:00:14
nova-console     debian                               internal         enabled    :-)   2014-05-22 12:00:15
nova-compute     debian                               nova             enabled    :-)   2014-05-22 12:00:14

Also run the following command to check if nova is able to authenticate with keystone server

nova list

The output should be something like

+----+------+--------+------------+-------------+----------+
| ID | Name | Status | Task State | Power State | Networks |
+----+------+--------+------------+-------------+----------+
+----+------+--------+------------+-------------+----------+

Neutron (Networking)

Install neutron services

apt-get install -y neutron-server neutron-plugin-openvswitch neutron-plugin-openvswitch-agent neutron-common neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent openvswitch-switch

Create neutron database and credentials

mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron_dbpass';
quit;

Create keystone entries for neutron

keystone user-create --name=neutron --pass=neutron_pass --email=neutron@example.com
keystone service-create --name=neutron --type=network --description="OpenStack Networking"
keystone user-role-add --user=neutron --tenant=service --role=admin
keystone endpoint-create --service=neutron --publicurl http://10.0.0.1:9696 --adminurl http://10.0.0.1:9696  --internalurl http://10.0.0.1:9696

Edit the following lines in /etc/neutron/neutron.conf

[DEFAULT]
....................
core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
service_plugins = neutron.services.loadbalancer.plugin.LoadBalancerPlugin,neutron.services.metering.metering_plugin.MeteringPlugin,neutron.services.l3_router.l3_router_plugin.L3RouterPlugin
allow_overlapping_ips = True
.....................
auth_strategy = keystone

[keystone_authtoken]
auth_host = 10.0.0.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = neutron
admin_password = neutron_pass
signing_dir = $state_path/keystone-signing
.....
[database]
connection = mysql://neutron:neutron_dbpass@10.0.0.1/neutron

Edit the /etc/neutron/plugins/ml2/ml_conf.ini like the following

[ml2]
type_drivers = flat,gre
tenant_network_types = flat,gre
.....................
mechanism_drivers = openvswitch

[ml2_type_flat]
.....................
flat_networks = External


[ml2_type_gre]
.....................
tunnel_id_ranges = 1:1000

[securitygroup]
.....................
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group=True

[ovs]
local_ip=10.0.0.1
enable_tunneling=True
tunnel_type=gre
bridge_mappings=External:br-eth1

Create the necessary bridges

ovs-vsctl add-br br-int
ovs-vsctl add-br br-eth1
ovs-vsctl add-port br-eth1 ethx

x=1,2,3 etc as per the ethernet interface

Check the neutron installation using the following command

neutron agent-list

The output should be like

+--------------------------------------+--------------------+--------+-------+----------------+
| id                                   | agent_type         | host   | alive | admin_state_up |
+--------------------------------------+--------------------+--------+-------+----------------+
| 74d96810-0cae-450e-a5db-e5b795859062 | Open vSwitch agent | debian | :-)   | True           |
| 78ed1112-fcc3-4090-b89b-69cc118c6c4b | Metadata agent     | debian | :-)   | True           |
| 7ec20465-b0e6-4306-bebd-0431d951f748 | DHCP agent         | debian | :-)   | True           |
| a933ec4b-a4a1-423a-8bde-5ae42de6864b | L3 agent           | debian | :-)   | True           |
+--------------------------------------+--------------------+--------+-------+----------------+

Horizon (OpenStack Dashboard)

apt-get install -y openstack-dashboard

After installing login using the following credentials

URL : http://10.0.0.1/horizon
Username: admin
Password: ADMIN

Use the following link to get started with the first instance on OpenStack.

Procedure to get started with the first instance on OpenStack

Advertisements

12 thoughts on “OpenStack Icehouse on Debian Wheezy – Single Machine setup

  1. There appears to be a bug in the post.
    — Create database and credentials for Glance —
    GRANT ALL ON glance.* TO ‘glanceUser’@’%’ IDENTIFIED BY ‘glancePass’;
    Correct command should read (for consistency with next steps),
    GRANT ALL ON glance.* TO ‘glance’@’%’ IDENTIFIED BY ‘glance_dbpass’;

    Cheers,
    Bryan

  2. Great post.
    Is anyone having a problem with Neutron ? – Connection to neutron failed: Maximum attempts reached
    (Debian Jessie – Using jessie packages for Openstack – v 2014.1.3.6)

    1. If neutron is causing errors i recommend drop database and rebuild (this will delete neutron data).
      Steps:

      stop neutron services

      cd /etc/init.d/
      find . -iname “neutron*” -exec {} stop \;

      drop the database
      mysql -u root -p
      drop database neutron;
      exit;

      rebuild database to icehouse specifications.
      neutron-db-manage –config-file /etc/neutron/neutron.conf –config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade icehouse

      restart neutron services
      find . -iname “neutron*” -exec {} start \;
      Give it a go.

      Cheers,
      Bryan

      1. rebuild command should read :

        neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade icehouse

  3. Hi Navy
    Can you try the following steps and then try again?

    unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
    export OS_USERNAME=admin
    export OS_PASSWORD=ADMIN
    export OS_TENANT_NAME=admin
    export OS_AUTH_URL=http://:35357/v2.0

    Thanks

  4. Alex – make sure that the OS_SERVICE_ENDPOINT ends in a slash “/” and make sure the TOKEN matches the admin_token in the keystone.conf

    export OS_SERVICE_TOKEN=ADMIN
    export OS_SERVICE_ENDPOINT=http://10.0.0.1:35357/v2.0/

    1. Thanks K. I belive Axel’s problem was because the post had a slight bug (which I have corrected now) . The admin_token did not match with ‘OS_SERVICE_TOKEN’.

  5. hi , I have a problem with “Invalid OpenStack Identity credentials” when I execute “keystone tenant-create –name=admin –description=”Admin Tenant””.Thx to help pls

    1. Hi Axel, keystone cli client authenticates using environment variables ‘OS_SERVICE_TOKEN’ and ‘OS_SERVICE_ENDPOINT’. The ‘OS_SERVICE_TOKEN’ should match with the value of ‘admin_token’ key in ‘/etc/keystone/keystone.conf’. Kindly make sure they are the same. To view your environment variable value do ‘echo $OS_SERVICE_TOKEN’. To set it do ‘export OS_SERVICE_TOKEN=ADMIN’.

      1. Hey im French, my English is bad :(,

        i followed your command, when i run echo $OS_SERVICE_TOKEN i have “ADMIN” like this tutorial and i do export OS_SERVICE_TOKEN=ADMIN but i still have a problem with “Invalid OpenStack Identity credentials”

        Thanks 🙂

    2. Previously I was getting the following error message:-

      root@controller:/home/XXXXXX# glance image-create –name “cirros-0.3.3-x86_64” – -file /tmp/images/cirros-0.3.3-x86_64-disk.img –disk-format qcow2 –container-f ormat bare –is-public True –progress
      [=============================>] 100%
      Request returned failure status.
      Invalid OpenStack Identity credentials.

      Issue solved by changing ththe following in glance-api.conf & glance-registry.conf:
      ===================================================================================
      [keystone_authtoken]
      auth_uri = http://controller:5000/v2.0
      identity_uri = http://controller:35357
      admin_tenant_name = service
      admin_user = XXXXXX
      admin_password = XXXXXX

      To this:
      =========
      auth_host = controller
      auth_port = 35357
      auth_protocol = http
      admin_tenant_name = service
      admin_user = XXXXXX
      admin_password = XXXXXX
      auth_uri = http://controller:5000

      ============
      =VALIDATION=
      ============
      root@controller:/home/XXXXXX# nano /etc/glance/glance-api.conf root@controller:/home/XXXXXX# nano /etc/glance/glance-registry.conf
      root@controller:/home/XXXXXX# service glance-registry restart
      glance-registry stop/waiting
      glance-registry start/running, process 7550
      root@controller:/home/XXXXXX# service glance-api restart
      glance-api stop/waiting
      glance-api start/running, process 7563
      root@controller:/home/XXXXXX#
      root@controller:/home/XXXXXX# source admin-openrc.sh
      root@controller:/home/XXXXXX# glance image-create –name “cirros-0.3.3-x86_64” –file /tmp/images/cirros-0.3.3-x86_64-disk.img –disk-format qcow2 –container-format bare –is-public True –progress
      [=============================>] 100%
      +——————+————————————–+
      | Property | Value |
      +——————+————————————–+
      | checksum | 51b8afbd2b6d36d7012280e9ede51e7e |
      | container_format | bare |
      | created_at | 2015-06-08T18:14:12 |
      | deleted | False |
      | deleted_at | None |
      | disk_format | qcow2 |
      | id | 9a8b12c9-f0d6-43a4-a23a-f4cc67fe89f1 |
      | is_public | True |
      | min_disk | 0 |
      | min_ram | 0 |
      | name | cirros-0.3.3-x86_64 |
      | owner | c3eab5d97c514aa4aec53ba1dc5aae40 |
      | protected | False |
      | size | 955802 |
      | status | active |
      | updated_at | 2015-06-08T18:14:12 |
      | virtual_size | None |
      +——————+————————————–+
      root@controller:/home/XXXXXX# glance image-list
      +————————————–+———————+————-+——————+——–+——–+
      | ID | Name | Disk Format | Container Format | Size | Status |
      +————————————–+———————+————-+——————+——–+——–+
      | 9a8b12c9-f0d6-43a4-a23a-f4cc67fe89f1 | cirros-0.3.3-x86_64 | qcow2 | bare | 955802 | active |
      +————————————–+———————+————-+——————+——–+——–+
      root@controller:/home/XXXXXX#

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s