Debian · Glance · Image Management · Image Service · Instance Management · Juno · Keystone · Network Management · Neutron · nova · OpenStack

OpenStack Juno on Debian Wheezy – Single Machine setup

Install Debian 7 with partitioning scheme as per your requirements. Note: Run all the commands as root. We assume that the IP of the Single machine is 10.0.0.1.

Configure the repositories and update the packages.

echo "deb http://archive.gplhost.com/debian juno-backports main" >>/etc/apt/sources.list
echo "deb http://archive.gplhost.com/debian juno main" >>/etc/apt/sources.list
apt-get update && apt-get install gplhost-archive-keyring
apt-get update && apt-get dist-upgrade

Note: reboot if kernel is upgraded.

reboot

Support packages

RaabitMQ server

apt-get install -y rabbitmq-server
apt-get install python-argparse
apt-get install dbconfig-common && dpkg-reconfigure dbconfig-common

MySQL server

Install MySQL server and related software

apt-get install -y mysql-server python-mysqldb
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf

Edit /etc/mysql/my.cnf and make the following changes

[mysqld]
...
default-storage-engine = innodb
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8

Run the following commands

service mysql restart
mysql_install_db
mysql_secure_installation

Keystone

Install keystone

apt-get install keystone

Create mysql database named keystone and add credentials

mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL ON keystone.* TO 'keystoneUser'@'%' IDENTIFIED BY 'keystonePass';
quit;

Edit the file /etc/keystone/keystone.conf and edit the following line, with “connection =”

connection = mysql://keystoneUser:keystonePass@10.0.0.1/keystone

Restart Keystone and sync the database

service keystone restart
keystone-manage db_sync

Set the value of admin token set in /etc/keystone/keystone.conf

admin_token = ADMIN

Export the values by running the following command

export OS_SERVICE_TOKEN=ADMIN
export OS_SERVICE_ENDPOINT=http://10.0.0.1:35357/v2.0

Create admin user, admin tenant, admin role and service tenant. Also add admin user to admin tenant and admin role. Unset proxy (if any) in the command line, for the following commands to work

keystone tenant-create --name=admin --description="Admin Tenant"
keystone tenant-create --name=service --description="Service Tenant"
keystone user-create --name=admin --pass=ADMIN --email=admin@example.com
keystone role-create --name=admin
keystone user-role-add --user=admin --tenant=admin --role=admin
keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
keystone endpoint-create --service keystone --publicurl=http://10.0.0.1:5000/v2.0 --internalurl=http://10.0.0.1:5000/v2.0 --adminurl=http://10.0.0.1:35357/v2.0

Unset the old exported values

unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT

create a file named creds and append the following lines

export OS_USERNAME=admin
export OS_PASSWORD=ADMIN
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://10.0.0.1:35357/v2.0

Now source the file

source creds

Check keystone Installation and Configurations using the following command

keystone token-get
keystone user-list

Glance (Image Store)

Install Glance

apt-get install -y glance

Create database and credentials for Glance

mysql -u root -p
CREATE DATABASE glance;
GRANT ALL ON glance.* TO 'glanceUser'@'%' IDENTIFIED BY 'glancePass';
quit;

Create glance related keystone entries

keystone user-create --name=glance --pass=glance_pass --email=glance@example.com
keystone user-role-add --user=glance --tenant=service --role=admin
keystone service-create --name=glance --type=image --description="Glance Image Service"
keystone endpoint-create --service glance --publicurl=http://10.0.0.1:9292 --internalurl=http://10.0.0.1:9292 --adminurl=http://10.0.0.1:9292

Edit /etc/glance/glance-api.conf and edit the following lines

connection = mysql://glanceUser:glancePass@10.0.0.1/glance
.......
[keystone_authtoken]
identity_uri = http://10.0.0.1:35357
admin_tenant_name = service
admin_user = glance
admin_password = glance_pass

[paste_deploy]
flavor = keystone

Edit /etc/glance/glance-registry.conf and edit the following lines as below

connection = mysql://glanceUser:glancePass@10.0.0.1/glance

[keystone_authtoken]
identity_uri = http://10.0.0.1:35357
admin_tenant_name = service
admin_user = glance
admin_password = glance_pass

[paste_deploy]
flavor = keystone

Restart Glance services

service glance-api restart
service glance-registry restart

Sync the database

glance-manage db_sync

Download a pre-bundled image for testing

glance image-create --name Cirros --is-public true --container-format bare --disk-format qcow2 --location https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img

Test the glance setup

glance image-list

The output should be like this.

+--------------------------------------+--------+-------------+------------------+---------+--------+
| ID                                   | Name   | Disk Format | Container Format | Size    | Status |
+--------------------------------------+--------+-------------+------------------+---------+--------+
| 05f34c42-a6e6-4d9a-884a-7f8e37b563fa | Cirros | qcow2       | bare             | 9761280 | active |
+--------------------------------------+--------+-------------+------------------+---------+--------+

Nova(Compute)

Install the Nova services

apt-get install -y nova-api nova-cert nova-conductor nova-consoleauth nova-novncproxy nova-scheduler python-novaclient nova-compute nova-console nova-novncproxy

Create database and credentials for Nova

mysql -u root -p
mysql> CREATE DATABASE nova;
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'novaUser'@'%' IDENTIFIED BY 'novaPass';
mysql> quit

Create Keystone entries for Nova

keystone user-create --name=nova --pass=nova_pass --email=nova@example.com
keystone user-role-add --user=nova --tenant=service --role=admin
keystone service-create --name=nova --type=compute --description="OpenStack Compute"
keystone endpoint-create --service=nova --publicurl=http://10.0.0.1:8774/v2/%\(tenant_id\)s --internalurl=http://10.0.0.1:8774/v2/%\(tenant_id\)s --adminurl=http://10.0.0.1:8774/v2/%\(tenant_id\)s

Edit /etc/nova/nova.conf

[DEFAULT]
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
iscsi_helper=tgtadm
libvirt_use_virtio_for_bridges=True
connection_type=libvirt
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
verbose=True
rpc_backend = nova.rpc.impl_kombu
my_ip = 10.0.0.1
vncserver_listen = 10.0.0.1
vncserver_proxyclient_address = 10.0.0.1
novncproxy_base_url=http://10.0.0.1:6080/vnc_auto.html
glance_host = 10.0.0.1
auth_strategy=keystone

network_api_class=nova.network.neutronv2.api.API
neutron_url=http://10.0.0.1:9696
neutron_auth_strategy=keystone
neutron_admin_tenant_name=service
neutron_admin_username=neutron
neutron_admin_password=neutron_pass
neutron_admin_auth_url=http://10.0.0.1:35357/v2.0
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver=nova.virt.firewall.NoopFirewallDriver
security_group_api=neutron

vif_plugging_is_fatal: false
vif_plugging_timeout: 0

[database]
connection = mysql://novaUser:novaPass@10.0.0.1/nova

[keystone_authtoken]
auth_uri = http://10.0.0.1:5000
auth_host = 10.0.0.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = nova_pass

sync the db

nova-manage db sync

Restart the services

service nova-api restart ;service nova-cert restart; service nova-consoleauth restart ;service nova-scheduler restart;service nova-conductor restart; service nova-novncproxy restart; service nova-compute restart; service nova-console restart

Test the Nova installation using the following command

nova-manage service list

The output should be something like this

root@debian-OS:~# nova-manage service list
Binary           Host                                 Zone             Status     State Updated_At
nova-cert        debian-OS                            internal         enabled    :-)   2015-03-01 14:10:44
nova-consoleauth debian-OS                            internal         enabled    :-)   2015-03-01 14:10:45
nova-scheduler   debian-OS                            internal         enabled    :-)   2015-03-01 14:10:35
nova-conductor   debian-OS                            internal         enabled    :-)   2015-03-01 14:10:36
nova-console     debian-OS                            internal         enabled    :-)   2015-03-01 14:10:36
nova-compute     debian-OS                            nova             enabled    :-)   None      

Also run the following command to check if nova is able to authenticate with keystone server

nova list

The output should be something like

+----+------+--------+------------+-------------+----------+
| ID | Name | Status | Task State | Power State | Networks |
+----+------+--------+------------+-------------+----------+
+----+------+--------+------------+-------------+----------+

Neutron (Networking)

Install neutron services

apt-get install -y neutron-server neutron-plugin-openvswitch neutron-plugin-openvswitch-agent neutron-common neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent openvswitch-switch

Create neutron database and credentials

mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL ON neutron.* TO 'neutronUser'@'%' IDENTIFIED BY 'neutronPass';
quit;

Create keystone entries for neutron

keystone user-create --name=neutron --pass=neutron_pass --email=neutron@example.com
keystone service-create --name=neutron --type=network --description="OpenStack Networking"
keystone user-role-add --user=neutron --tenant=service --role=admin
keystone endpoint-create --service=neutron --publicurl http://10.0.0.1:9696 --adminurl http://10.0.0.1:9696  --internalurl http://10.0.0.1:9696

Edit the following lines in /etc/neutron/neutron.conf

[DEFAULT]
core_plugin = ml2
notification_driver=neutron.openstack.common.notifier.rpc_notifier
verbose=True
rpc_backend = rabbit
rabbit_host = 127.0.0.1
service_plugins=router
allow_overlapping_ips=True
auth_strategy=keystone
neutron_metadata_proxy_shared_secret=openstack
service_neutron_metadata_proxy=True
nova_admin_password=nova_pass
notify_nova_on_port_data_changes=True
notify_nova_on_port_status_changes=True
nova_admin_auth_url=http://10.0.0.1:35357/v2.0
nova_admin_tenant_id=service
nova_url=http://10.0.0.1:8774/v2
nova_admin_username=nova


[keystone_authtoken]
auth_host = 10.0.0.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = neutron
admin_password = neutron_pass
signing_dir = $state_path/keystone-signing

notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://10.0.0.1:8774
nova_admin_username = nova
nova_admin_tenant_id =
nova_admin_password = nova_pass
nova_admin_auth_url = http://10.0.0.1:35357/v2.0

[database]
connection = mysql://neutron:neutron_dbpass@10.0.0.1/neutron

[agent]
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

Edit the /etc/neutron/plugins/ml2/ml_conf.ini like the following

[ml2]
type_drivers=flat,vlan
tenant_network_types=vlan,flat
mechanism_drivers=openvswitch
[ml2_type_flat]
flat_networks=External
[ml2_type_vlan]
network_vlan_ranges=Intnet1:100:200
[ml2_type_gre]
[ml2_type_vxlan]
[securitygroup]
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group=True
[ovs]
bridge_mappings=External:br-ex,Intnet1:br-eth1

Create the necessary bridges

ovs-vsctl add-br br-int
ovs-vsctl add-br br-eth1
ovs-vsctl add-port br-eth1 ethx
ovs-vsctl add-br br-ex

x=1,2,3 etc as per the ethernet interface Check the neutron installation using the following command

Sync the DB

neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno

Check the Neutron installations.

neutron agent-list

The output should be like

+--------------------------------------+--------------------+-----------+-------+----------------+---------------------------+
| id                                   | agent_type         | host      | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+-----------+-------+----------------+---------------------------+
| 15506209-ceee-41f8-bb67-3aa994036808 | Open vSwitch agent | debian-OS | :-)   | True           | neutron-openvswitch-agent |
| 198d2760-9fb3-4946-ae41-2a6e4d30c016 | L3 agent           | debian-OS | :-)   | True           | neutron-l3-agent          |
| 74fc2a84-6cb9-4ffe-a623-e3bce45f56a1 | Metadata agent     | debian-OS | :-)   | True           | neutron-metadata-agent    |
| abdbbda3-23df-44c6-9e40-6db3ab754b3c | DHCP agent         | debian-OS | :-)   | True           | neutron-dhcp-agent        |
+--------------------------------------+--------------------+-----------+-------+----------------+---------------------------+

Horizon (OpenStack Dashboard)

apt-get install -y openstack-dashboard

After installing login using the following credentials URL : http://10.0.0.1 Username: admin Password: ADMIN

Use the following link to get started with the first instance on OpenStack.

Procedure to get started with the first instance on OpenStack

Advertisements

3 thoughts on “OpenStack Juno on Debian Wheezy – Single Machine setup

  1. Hi,

    I followed this tutorial but for Debian Jessie using debian-backports repo.
    For [keystone_authtoken], using fragment auth won’t work, I had to specify auth_uri and identity_uri.
    So, auth_host, auth_protocol, and auth_port could be replace with auth_uri = http://controller:port

    In /etc/neutron/neutron.conf, line nova_admin_tenant_id=service didn’t work. The tenant name needs to be replaced with tenant id.

    # keystone tenant-list | grep service
    | 9bc76acf64754f9fa6ed5112142b6f65 | service | True |

    and in neutron.conf
    nova_admin_tenant_id = 9bc76acf64754f9fa6ed5112142b6f65

    #systemctl restart neutron-server.service

    1. It works.
      You have to use debian-backports repository instead of gplhost.
      In keystone_authtoken, auth_host, auth_protocol and auth_port are replaced with single line auth_uri, and if identity_uri is missing you have to add it.

      In neutron.conf instead of nova_admin_tenant_id=service you have to use tenant id. Something like nova_admin_tenant_id=9bc76acf64754f9fa6ed5112142b6f65
      You can get the tenant id using command keystone tenant-list

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s