Install Debian 7 with partitioning scheme as per your requirements. Note: Run all the commands as root. We assume that the IP of the Single machine is 10.0.0.1.
Configure the repositories and update the packages.
echo "deb http://archive.gplhost.com/debian juno-backports main" >>/etc/apt/sources.list echo "deb http://archive.gplhost.com/debian juno main" >>/etc/apt/sources.list apt-get update && apt-get install gplhost-archive-keyring apt-get update && apt-get dist-upgrade
Note: reboot if kernel is upgraded.
reboot
Support packages
RaabitMQ server
apt-get install -y rabbitmq-server apt-get install python-argparse apt-get install dbconfig-common && dpkg-reconfigure dbconfig-common
MySQL server
Install MySQL server and related software
apt-get install -y mysql-server python-mysqldb sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
Edit /etc/mysql/my.cnf and make the following changes
[mysqld] ... default-storage-engine = innodb collation-server = utf8_general_ci init-connect = 'SET NAMES utf8' character-set-server = utf8
Run the following commands
service mysql restart mysql_install_db mysql_secure_installation
Keystone
Install keystone
apt-get install keystone
Create mysql database named keystone and add credentials
mysql -u root -p CREATE DATABASE keystone; GRANT ALL ON keystone.* TO 'keystoneUser'@'%' IDENTIFIED BY 'keystonePass'; quit;
Edit the file /etc/keystone/keystone.conf and edit the following line, with “connection =”
connection = mysql://keystoneUser:keystonePass@10.0.0.1/keystone
Restart Keystone and sync the database
service keystone restart keystone-manage db_sync
Set the value of admin token set in /etc/keystone/keystone.conf
admin_token = ADMIN
Export the values by running the following command
export OS_SERVICE_TOKEN=ADMIN export OS_SERVICE_ENDPOINT=http://10.0.0.1:35357/v2.0
Create admin user, admin tenant, admin role and service tenant. Also add admin user to admin tenant and admin role. Unset proxy (if any) in the command line, for the following commands to work
keystone tenant-create --name=admin --description="Admin Tenant" keystone tenant-create --name=service --description="Service Tenant" keystone user-create --name=admin --pass=ADMIN --email=admin@example.com keystone role-create --name=admin keystone user-role-add --user=admin --tenant=admin --role=admin keystone service-create --name=keystone --type=identity --description="Keystone Identity Service" keystone endpoint-create --service keystone --publicurl=http://10.0.0.1:5000/v2.0 --internalurl=http://10.0.0.1:5000/v2.0 --adminurl=http://10.0.0.1:35357/v2.0
Unset the old exported values
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
create a file named creds and append the following lines
export OS_USERNAME=admin export OS_PASSWORD=ADMIN export OS_TENANT_NAME=admin export OS_AUTH_URL=http://10.0.0.1:35357/v2.0
Now source the file
source creds
Check keystone Installation and Configurations using the following command
keystone token-get keystone user-list
Glance (Image Store)
Install Glance
apt-get install -y glance
Create database and credentials for Glance
mysql -u root -p CREATE DATABASE glance; GRANT ALL ON glance.* TO 'glanceUser'@'%' IDENTIFIED BY 'glancePass'; quit;
Create glance related keystone entries
keystone user-create --name=glance --pass=glance_pass --email=glance@example.com keystone user-role-add --user=glance --tenant=service --role=admin keystone service-create --name=glance --type=image --description="Glance Image Service" keystone endpoint-create --service glance --publicurl=http://10.0.0.1:9292 --internalurl=http://10.0.0.1:9292 --adminurl=http://10.0.0.1:9292
Edit /etc/glance/glance-api.conf and edit the following lines
connection = mysql://glanceUser:glancePass@10.0.0.1/glance ....... [keystone_authtoken] identity_uri = http://10.0.0.1:35357 admin_tenant_name = service admin_user = glance admin_password = glance_pass [paste_deploy] flavor = keystone
Edit /etc/glance/glance-registry.conf and edit the following lines as below
connection = mysql://glanceUser:glancePass@10.0.0.1/glance [keystone_authtoken] identity_uri = http://10.0.0.1:35357 admin_tenant_name = service admin_user = glance admin_password = glance_pass [paste_deploy] flavor = keystone
Restart Glance services
service glance-api restart service glance-registry restart
Sync the database
glance-manage db_sync
Download a pre-bundled image for testing
glance image-create --name Cirros --is-public true --container-format bare --disk-format qcow2 --location https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
Test the glance setup
glance image-list
The output should be like this.
+--------------------------------------+--------+-------------+------------------+---------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +--------------------------------------+--------+-------------+------------------+---------+--------+ | 05f34c42-a6e6-4d9a-884a-7f8e37b563fa | Cirros | qcow2 | bare | 9761280 | active | +--------------------------------------+--------+-------------+------------------+---------+--------+
Nova(Compute)
Install the Nova services
apt-get install -y nova-api nova-cert nova-conductor nova-consoleauth nova-novncproxy nova-scheduler python-novaclient nova-compute nova-console nova-novncproxy
Create database and credentials for Nova
mysql -u root -p mysql> CREATE DATABASE nova; mysql> GRANT ALL PRIVILEGES ON nova.* TO 'novaUser'@'%' IDENTIFIED BY 'novaPass'; mysql> quit
Create Keystone entries for Nova
keystone user-create --name=nova --pass=nova_pass --email=nova@example.com keystone user-role-add --user=nova --tenant=service --role=admin keystone service-create --name=nova --type=compute --description="OpenStack Compute" keystone endpoint-create --service=nova --publicurl=http://10.0.0.1:8774/v2/%\(tenant_id\)s --internalurl=http://10.0.0.1:8774/v2/%\(tenant_id\)s --adminurl=http://10.0.0.1:8774/v2/%\(tenant_id\)s
Edit /etc/nova/nova.conf
[DEFAULT] logdir=/var/log/nova state_path=/var/lib/nova lock_path=/var/lock/nova force_dhcp_release=True iscsi_helper=tgtadm libvirt_use_virtio_for_bridges=True connection_type=libvirt root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf verbose=True rpc_backend = nova.rpc.impl_kombu my_ip = 10.0.0.1 vncserver_listen = 10.0.0.1 vncserver_proxyclient_address = 10.0.0.1 novncproxy_base_url=http://10.0.0.1:6080/vnc_auto.html glance_host = 10.0.0.1 auth_strategy=keystone network_api_class=nova.network.neutronv2.api.API neutron_url=http://10.0.0.1:9696 neutron_auth_strategy=keystone neutron_admin_tenant_name=service neutron_admin_username=neutron neutron_admin_password=neutron_pass neutron_admin_auth_url=http://10.0.0.1:35357/v2.0 linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver=nova.virt.firewall.NoopFirewallDriver security_group_api=neutron vif_plugging_is_fatal: false vif_plugging_timeout: 0 [database] connection = mysql://novaUser:novaPass@10.0.0.1/nova [keystone_authtoken] auth_uri = http://10.0.0.1:5000 auth_host = 10.0.0.1 auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = nova admin_password = nova_pass
sync the db
nova-manage db sync
Restart the services
service nova-api restart ;service nova-cert restart; service nova-consoleauth restart ;service nova-scheduler restart;service nova-conductor restart; service nova-novncproxy restart; service nova-compute restart; service nova-console restart
Test the Nova installation using the following command
nova-manage service list
The output should be something like this
root@debian-OS:~# nova-manage service list Binary Host Zone Status State Updated_At nova-cert debian-OS internal enabled :-) 2015-03-01 14:10:44 nova-consoleauth debian-OS internal enabled :-) 2015-03-01 14:10:45 nova-scheduler debian-OS internal enabled :-) 2015-03-01 14:10:35 nova-conductor debian-OS internal enabled :-) 2015-03-01 14:10:36 nova-console debian-OS internal enabled :-) 2015-03-01 14:10:36 nova-compute debian-OS nova enabled :-) None
Also run the following command to check if nova is able to authenticate with keystone server
nova list
The output should be something like
+----+------+--------+------------+-------------+----------+ | ID | Name | Status | Task State | Power State | Networks | +----+------+--------+------------+-------------+----------+ +----+------+--------+------------+-------------+----------+
Neutron (Networking)
Install neutron services
apt-get install -y neutron-server neutron-plugin-openvswitch neutron-plugin-openvswitch-agent neutron-common neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent openvswitch-switch
Create neutron database and credentials
mysql -u root -p CREATE DATABASE neutron; GRANT ALL ON neutron.* TO 'neutronUser'@'%' IDENTIFIED BY 'neutronPass'; quit;
Create keystone entries for neutron
keystone user-create --name=neutron --pass=neutron_pass --email=neutron@example.com keystone service-create --name=neutron --type=network --description="OpenStack Networking" keystone user-role-add --user=neutron --tenant=service --role=admin keystone endpoint-create --service=neutron --publicurl http://10.0.0.1:9696 --adminurl http://10.0.0.1:9696 --internalurl http://10.0.0.1:9696
Edit the following lines in /etc/neutron/neutron.conf
[DEFAULT] core_plugin = ml2 notification_driver=neutron.openstack.common.notifier.rpc_notifier verbose=True rpc_backend = rabbit rabbit_host = 127.0.0.1 service_plugins=router allow_overlapping_ips=True auth_strategy=keystone neutron_metadata_proxy_shared_secret=openstack service_neutron_metadata_proxy=True nova_admin_password=nova_pass notify_nova_on_port_data_changes=True notify_nova_on_port_status_changes=True nova_admin_auth_url=http://10.0.0.1:35357/v2.0 nova_admin_tenant_id=service nova_url=http://10.0.0.1:8774/v2 nova_admin_username=nova [keystone_authtoken] auth_host = 10.0.0.1 auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = neutron admin_password = neutron_pass signing_dir = $state_path/keystone-signing notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://10.0.0.1:8774 nova_admin_username = nova nova_admin_tenant_id = nova_admin_password = nova_pass nova_admin_auth_url = http://10.0.0.1:35357/v2.0 [database] connection = mysql://neutron:neutron_dbpass@10.0.0.1/neutron [agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
Edit the /etc/neutron/plugins/ml2/ml_conf.ini like the following
[ml2] type_drivers=flat,vlan tenant_network_types=vlan,flat mechanism_drivers=openvswitch [ml2_type_flat] flat_networks=External [ml2_type_vlan] network_vlan_ranges=Intnet1:100:200 [ml2_type_gre] [ml2_type_vxlan] [securitygroup] firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_security_group=True [ovs] bridge_mappings=External:br-ex,Intnet1:br-eth1
Create the necessary bridges
ovs-vsctl add-br br-int ovs-vsctl add-br br-eth1 ovs-vsctl add-port br-eth1 ethx ovs-vsctl add-br br-ex
x=1,2,3 etc as per the ethernet interface Check the neutron installation using the following command
Sync the DB
neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno
Check the Neutron installations.
neutron agent-list
The output should be like
+--------------------------------------+--------------------+-----------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+-----------+-------+----------------+---------------------------+ | 15506209-ceee-41f8-bb67-3aa994036808 | Open vSwitch agent | debian-OS | :-) | True | neutron-openvswitch-agent | | 198d2760-9fb3-4946-ae41-2a6e4d30c016 | L3 agent | debian-OS | :-) | True | neutron-l3-agent | | 74fc2a84-6cb9-4ffe-a623-e3bce45f56a1 | Metadata agent | debian-OS | :-) | True | neutron-metadata-agent | | abdbbda3-23df-44c6-9e40-6db3ab754b3c | DHCP agent | debian-OS | :-) | True | neutron-dhcp-agent | +--------------------------------------+--------------------+-----------+-------+----------------+---------------------------+
Horizon (OpenStack Dashboard)
apt-get install -y openstack-dashboard
After installing login using the following credentials URL : http://10.0.0.1 Username: admin Password: ADMIN
Use the following link to get started with the first instance on OpenStack.
Procedure to get started with the first instance on OpenStack
Hi,
I followed this tutorial but for Debian Jessie using debian-backports repo.
For [keystone_authtoken], using fragment auth won’t work, I had to specify auth_uri and identity_uri.
So, auth_host, auth_protocol, and auth_port could be replace with auth_uri = http://controller:port
In /etc/neutron/neutron.conf, line nova_admin_tenant_id=service didn’t work. The tenant name needs to be replaced with tenant id.
# keystone tenant-list | grep service
| 9bc76acf64754f9fa6ed5112142b6f65 | service | True |
and in neutron.conf
nova_admin_tenant_id = 9bc76acf64754f9fa6ed5112142b6f65
#systemctl restart neutron-server.service
Do you know if this works with Debian 8.2?
It works.
You have to use debian-backports repository instead of gplhost.
In keystone_authtoken, auth_host, auth_protocol and auth_port are replaced with single line auth_uri, and if identity_uri is missing you have to add it.
In neutron.conf instead of nova_admin_tenant_id=service you have to use tenant id. Something like nova_admin_tenant_id=9bc76acf64754f9fa6ed5112142b6f65
You can get the tenant id using command keystone tenant-list