Install Debian 7 with partitioning scheme as per your requirements.
Note: Run all the commands as root. We assume that the IP of the Single machine is 10.0.0.1.
Configure the repositories and update the packages.
echo "deb http://archive.gplhost.com/debian icehouse-backports main" >>/etc/apt/sources.list echo "deb http://archive.gplhost.com/debian icehouse main" >>/etc/apt/sources.list apt-get update && apt-get install gplhost-archive-keyring apt-get update && apt-get dist-upgrade
Note: reboot if kernel is upgraded.
reboot
Support packages
RaabitMQ server
apt-get install -y rabbitmq-server apt-get install python-argparse apt-get install dbconfig-common && dpkg-reconfigure dbconfig-common
MySQL server
Install MySQL server and related software
apt-get install -y mysql-server python-mysqldb sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
Edit /etc/mysql/my.cnf and make the following changes
[mysqld] ... default-storage-engine = innodb collation-server = utf8_general_ci init-connect = 'SET NAMES utf8' character-set-server = utf8
Run the following commands
service mysql restart mysql_install_db mysql_secure_installation
Keystone
Install keystone
apt-get install keystone
Create mysql database named keystone and add credentials
mysql -u root -p CREATE DATABASE keystone; GRANT ALL ON keystone.* TO 'keystoneUser'@'%' IDENTIFIED BY 'keystonePass'; quit;
Edit the file /etc/keystone/keystone.conf and edit the following line, with “connection =”
connection = mysql://keystoneUser:keystonePass@10.0.0.1/keystone
Restart Keystone and sync the database
service keystone restart keystone-manage db_sync
Set the value of admin token set in /etc/keystone/keystone.conf
admin_token = ADMIN
Export the values by running the following command
export OS_SERVICE_TOKEN=ADMIN export OS_SERVICE_ENDPOINT=http://10.0.0.1:35357/v2.0
Create admin user, admin tenant, admin role and service tenant. Also add admin user to admin tenant and admin role. Unset proxy (if any) in the command line, for the following commands to work
keystone tenant-create --name=admin --description="Admin Tenant" keystone tenant-create --name=service --description="Service Tenant" keystone user-create --name=admin --pass=ADMIN --email=admin@example.com keystone role-create --name=admin keystone user-role-add --user=admin --tenant=admin --role=admin keystone service-create --name=keystone --type=identity --description="Keystone Identity Service" keystone endpoint-create --service keystone --publicurl=http://10.0.0.1:5000/v2.0 --internalurl=http://10.0.0.1:5000/v2.0 --adminurl=http://10.0.0.1:35357/v2.0
Unset the old exported values
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
create a file named creds and append the following lines
export OS_USERNAME=admin export OS_PASSWORD=ADMIN export OS_TENANT_NAME=admin export OS_AUTH_URL=http://10.0.0.1:35357/v2.0
Now source the file
source creds
Check keystone Installation and Configurations using the following command
keystone token-get keystone user-list
Glance (Image Store)
Install Glance
apt-get install -y glance
Create database and credentials for Glance
mysql -u root -p CREATE DATABASE glance; GRANT ALL ON glance.* TO 'glanceUser'@'%' IDENTIFIED BY 'glancePass'; quit;
Create glance related keystone entries
keystone user-create --name=glance --pass=glance_pass --email=glance@example.com keystone user-role-add --user=glance --tenant=service --role=admin keystone service-create --name=glance --type=image --description="Glance Image Service" keystone endpoint-create --service glance --publicurl=http://10.0.0.1:9292 --internalurl=http://10.0.0.1:9292 --adminurl=http://10.0.0.1:9292
Edit /etc/glance/glance-api.conf and edit the following lines
connection = mysql://glance:glance_dbpass@10.0.0.1/glance ....... [keystone_authtoken] auth_host = 10.0.0.1 auth_port = 5000 auth_protocol = http admin_tenant_name = service admin_user = glance admin_password = glance_pass [paste_deploy] flavor = keystone
Edit /etc/glance/glance-registry.conf and edit the following lines as below
connection = mysql://glance:glance_dbpass@10.0.0.1/glance [keystone_authtoken] auth_host = 10.0.0.1 auth_port = 5000 auth_protocol = http admin_tenant_name = service admin_user = glance admin_password = glance_pass [paste_deploy] flavor = keystone
Restart Glance services
service glance-api restart service glance-registry restart
Sync the database
glance-manage db_sync
Download a pre-bundled image for testing
glance image-create --name Cirros --is-public true --container-format bare --disk-format qcow2 --location https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
Test the glance setup
glance index
Nova(Compute)
Install the Nova services
apt-get install -y nova-api nova-cert nova-conductor nova-consoleauth nova-novncproxy nova-scheduler python-novaclient nova-compute nova-console nova-novncproxy
Create database and credentials for Nova
mysql -u root -p mysql> CREATE DATABASE nova; mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova_dbpass'; mysql> quit
Create Keystone entries for Nova
keystone user-create --name=nova --pass=nova_pass --email=nova@example.com keystone user-role-add --user=nova --tenant=service --role=admin keystone service-create --name=nova --type=compute --description="OpenStack Compute" keystone endpoint-create --service=nova --publicurl=http://10.0.0.1:8774/v2/%\(tenant_id\)s --internalurl=http://10.0.0.1:8774/v2/%\(tenant_id\)s --adminurl=http://10.0.0.1:8774/v2/%\(tenant_id\)s
Edit /etc/nova/nova.conf
[DEFAULT] logdir=/var/log/nova state_path=/var/lib/nova lock_path=/var/lock/nova force_dhcp_release=True iscsi_helper=tgtadm libvirt_use_virtio_for_bridges=True connection_type=libvirt root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf verbose=True rpc_backend = nova.rpc.impl_kombu rabbit_host = 10.0.0.1 my_ip = 10.0.0.1 vncserver_listen = 10.0.0.1 vncserver_proxyclient_address = 10.0.0.1 novncproxy_base_url=http://10.0.0.1:6080/vnc_auto.html glance_host = 10.0.0.1 auth_strategy=keystone network_api_class=nova.network.neutronv2.api.API neutron_url=http://10.0.0.1:9696 neutron_auth_strategy=keystone neutron_admin_tenant_name=service neutron_admin_username=neutron neutron_admin_password=neutron_pass neutron_admin_auth_url=http://10.0.0.1:35357/v2.0 linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver=nova.virt.firewall.NoopFirewallDriver security_group_api=neutron vif_plugging_is_fatal: false vif_plugging_timeout: 0 [database] connection = mysql://nova:nova_dbpass@10.0.0.1/nova [keystone_authtoken] auth_uri = http://10.0.0.1:5000 auth_host = 10.0.0.1 auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = nova admin_password = nova_pass
sync the db
nova-manage db sync
Restart the services
service nova-api restart ;service nova-cert restart; service nova-consoleauth restart ;service nova-scheduler restart;service nova-conductor restart; service nova-novncproxy restart; service nova-compute restart; service nova-console restart
Test the Nova installation using the following command
nova-manage service list
The output should be something like this
root@debian:~# nova-manage service list Binary Host Zone Status State Updated_At nova-cert debian internal enabled :-) 2014-05-22 12:00:23 nova-consoleauth debian internal enabled :-) 2014-05-22 12:00:23 nova-scheduler debian internal enabled :-) 2014-05-22 12:00:23 nova-conductor debian internal enabled :-) 2014-05-22 12:00:14 nova-console debian internal enabled :-) 2014-05-22 12:00:15 nova-compute debian nova enabled :-) 2014-05-22 12:00:14
Also run the following command to check if nova is able to authenticate with keystone server
nova list
The output should be something like
+----+------+--------+------------+-------------+----------+ | ID | Name | Status | Task State | Power State | Networks | +----+------+--------+------------+-------------+----------+ +----+------+--------+------------+-------------+----------+
Neutron (Networking)
Install neutron services
apt-get install -y neutron-server neutron-plugin-openvswitch neutron-plugin-openvswitch-agent neutron-common neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent openvswitch-switch
Create neutron database and credentials
mysql -u root -p CREATE DATABASE neutron; GRANT ALL ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron_dbpass'; quit;
Create keystone entries for neutron
keystone user-create --name=neutron --pass=neutron_pass --email=neutron@example.com keystone service-create --name=neutron --type=network --description="OpenStack Networking" keystone user-role-add --user=neutron --tenant=service --role=admin keystone endpoint-create --service=neutron --publicurl http://10.0.0.1:9696 --adminurl http://10.0.0.1:9696 --internalurl http://10.0.0.1:9696
Edit the following lines in /etc/neutron/neutron.conf
[DEFAULT] .................... core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin service_plugins = neutron.services.loadbalancer.plugin.LoadBalancerPlugin,neutron.services.metering.metering_plugin.MeteringPlugin,neutron.services.l3_router.l3_router_plugin.L3RouterPlugin allow_overlapping_ips = True ..................... auth_strategy = keystone [keystone_authtoken] auth_host = 10.0.0.1 auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = neutron admin_password = neutron_pass signing_dir = $state_path/keystone-signing ..... [database] connection = mysql://neutron:neutron_dbpass@10.0.0.1/neutron
Edit the /etc/neutron/plugins/ml2/ml_conf.ini like the following
[ml2] type_drivers = flat,gre tenant_network_types = flat,gre ..................... mechanism_drivers = openvswitch [ml2_type_flat] ..................... flat_networks = External [ml2_type_gre] ..................... tunnel_id_ranges = 1:1000 [securitygroup] ..................... firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_security_group=True [ovs] local_ip=10.0.0.1 enable_tunneling=True tunnel_type=gre bridge_mappings=External:br-eth1
Create the necessary bridges
ovs-vsctl add-br br-int ovs-vsctl add-br br-eth1 ovs-vsctl add-port br-eth1 ethx
x=1,2,3 etc as per the ethernet interface
Check the neutron installation using the following command
neutron agent-list
The output should be like
+--------------------------------------+--------------------+--------+-------+----------------+ | id | agent_type | host | alive | admin_state_up | +--------------------------------------+--------------------+--------+-------+----------------+ | 74d96810-0cae-450e-a5db-e5b795859062 | Open vSwitch agent | debian | :-) | True | | 78ed1112-fcc3-4090-b89b-69cc118c6c4b | Metadata agent | debian | :-) | True | | 7ec20465-b0e6-4306-bebd-0431d951f748 | DHCP agent | debian | :-) | True | | a933ec4b-a4a1-423a-8bde-5ae42de6864b | L3 agent | debian | :-) | True | +--------------------------------------+--------------------+--------+-------+----------------+
Horizon (OpenStack Dashboard)
apt-get install -y openstack-dashboard
After installing login using the following credentials
URL : http://10.0.0.1/horizon
Username: admin
Password: ADMIN
Use the following link to get started with the first instance on OpenStack.
Procedure to get started with the first instance on OpenStack
There appears to be a bug in the post.
— Create database and credentials for Glance —
GRANT ALL ON glance.* TO ‘glanceUser’@’%’ IDENTIFIED BY ‘glancePass’;
Correct command should read (for consistency with next steps),
GRANT ALL ON glance.* TO ‘glance’@’%’ IDENTIFIED BY ‘glance_dbpass’;
Cheers,
Bryan
Great post.
Is anyone having a problem with Neutron ? – Connection to neutron failed: Maximum attempts reached
(Debian Jessie – Using jessie packages for Openstack – v 2014.1.3.6)
If neutron is causing errors i recommend drop database and rebuild (this will delete neutron data).
Steps:
stop neutron services
cd /etc/init.d/
find . -iname “neutron*” -exec {} stop \;
drop the database
mysql -u root -p
drop database neutron;
exit;
rebuild database to icehouse specifications.
neutron-db-manage –config-file /etc/neutron/neutron.conf –config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade icehouse
restart neutron services
find . -iname “neutron*” -exec {} start \;
Give it a go.
Cheers,
Bryan
rebuild command should read :
neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade icehouse
Hi Navy
Can you try the following steps and then try again?
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://:35357/v2.0
Thanks
Alex – make sure that the OS_SERVICE_ENDPOINT ends in a slash “/” and make sure the TOKEN matches the admin_token in the keystone.conf
export OS_SERVICE_TOKEN=ADMIN
export OS_SERVICE_ENDPOINT=http://10.0.0.1:35357/v2.0/
Thanks K. I belive Axel’s problem was because the post had a slight bug (which I have corrected now) . The admin_token did not match with ‘OS_SERVICE_TOKEN’.
How does one determine the value for OS_SERVICE_TOKEN as shown above? [i.e. bump on Axel’s question]
hi , I have a problem with “Invalid OpenStack Identity credentials” when I execute “keystone tenant-create –name=admin –description=”Admin Tenant””.Thx to help pls
Hi Axel, keystone cli client authenticates using environment variables ‘OS_SERVICE_TOKEN’ and ‘OS_SERVICE_ENDPOINT’. The ‘OS_SERVICE_TOKEN’ should match with the value of ‘admin_token’ key in ‘/etc/keystone/keystone.conf’. Kindly make sure they are the same. To view your environment variable value do ‘echo $OS_SERVICE_TOKEN’. To set it do ‘export OS_SERVICE_TOKEN=ADMIN’.
Hey im French, my English is bad :(,
i followed your command, when i run echo $OS_SERVICE_TOKEN i have “ADMIN” like this tutorial and i do export OS_SERVICE_TOKEN=ADMIN but i still have a problem with “Invalid OpenStack Identity credentials”
Thanks 🙂
Previously I was getting the following error message:-
root@controller:/home/XXXXXX# glance image-create –name “cirros-0.3.3-x86_64” – -file /tmp/images/cirros-0.3.3-x86_64-disk.img –disk-format qcow2 –container-f ormat bare –is-public True –progress
[=============================>] 100%
Request returned failure status.
Invalid OpenStack Identity credentials.
Issue solved by changing ththe following in glance-api.conf & glance-registry.conf:
===================================================================================
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = XXXXXX
admin_password = XXXXXX
To this:
=========
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = XXXXXX
admin_password = XXXXXX
auth_uri = http://controller:5000
============
=VALIDATION=
============
root@controller:/home/XXXXXX# nano /etc/glance/glance-api.conf root@controller:/home/XXXXXX# nano /etc/glance/glance-registry.conf
root@controller:/home/XXXXXX# service glance-registry restart
glance-registry stop/waiting
glance-registry start/running, process 7550
root@controller:/home/XXXXXX# service glance-api restart
glance-api stop/waiting
glance-api start/running, process 7563
root@controller:/home/XXXXXX#
root@controller:/home/XXXXXX# source admin-openrc.sh
root@controller:/home/XXXXXX# glance image-create –name “cirros-0.3.3-x86_64” –file /tmp/images/cirros-0.3.3-x86_64-disk.img –disk-format qcow2 –container-format bare –is-public True –progress
[=============================>] 100%
+——————+————————————–+
| Property | Value |
+——————+————————————–+
| checksum | 51b8afbd2b6d36d7012280e9ede51e7e |
| container_format | bare |
| created_at | 2015-06-08T18:14:12 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | 9a8b12c9-f0d6-43a4-a23a-f4cc67fe89f1 |
| is_public | True |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros-0.3.3-x86_64 |
| owner | c3eab5d97c514aa4aec53ba1dc5aae40 |
| protected | False |
| size | 955802 |
| status | active |
| updated_at | 2015-06-08T18:14:12 |
| virtual_size | None |
+——————+————————————–+
root@controller:/home/XXXXXX# glance image-list
+————————————–+———————+————-+——————+——–+——–+
| ID | Name | Disk Format | Container Format | Size | Status |
+————————————–+———————+————-+——————+——–+——–+
| 9a8b12c9-f0d6-43a4-a23a-f4cc67fe89f1 | cirros-0.3.3-x86_64 | qcow2 | bare | 955802 | active |
+————————————–+———————+————-+——————+——–+——–+
root@controller:/home/XXXXXX#