Cloud · Glance · Liberty · Neutron · Open vSwitch · OpenStack · OpenStack installation guide · Ubuntu · Ubuntu 14.04

OpenStack Liberty on Ubuntu 14.04 and Ubuntu 15.10 – Single machine setup

Install Ubuntu with partitioning scheme as per your requirements. Note: Run all the commands as super-user. We assume that the IP of the Single machine is 10.0.0.1.

Configure the repositories and update the packages.

This step is needed only if the OS is Ubuntu 14.04 LTS. You can skip the repository configuration if the OS is Ubuntu 15.10

apt-get update && apt-get -y dist-upgrade
add-apt-repository cloud-archive:liberty

Update the packages.

apt-get update && apt-get -y dist-upgrade

Note: Reboot is needed only if kernel is updated

reboot 

Support packages

RaabitMQ server

apt-get install -y rabbitmq-server

Create a new user named ‘openstack’ and set necessary permissions for it.

rabbitmqctl add_user openstack rabbit_pass
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

MariaDB server

Install MariaDB server and related software

apt-get install -y mariadb-server python-pymysql

Create a new file /etc/mysql/conf.d/mysqld_openstack.cnf and edit the following lines as follows

[mysqld]
...
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8

Restart MariaDB service

service mysql restart

Other Configuration

Edit the following lines in the file /etc/sysctl.conf

net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0

Load the values

sysctl -p

Keystone (Identity)

Install keystone

apt-get install -y keystone apache2 libapache2-mod-wsgi memcached python-memcache python-openstackclient

Create mysql database named keystone and add credentials

mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone_dbpass';
quit

Edit the file /etc/keystone/keystone.conf and make the following changes

[DEFAULT]
...
admin_token = ADMIN
[database]
...
connection = mysql+pymysql://keystone:keystone_dbpass@10.0.0.1/keystone
[memcache]
...
servers = localhost:11211
[token]
...
provider = uuid
driver = memcache
[revoke]
...
driver = sql

And comment the following line

connection = sqlite:////var/lib/keystone/keystone.db

Stop Keystone from automatically starting after reboot

echo "manual" > /etc/init/keystone.override

Sync the database

keystone-manage db_sync

Create a new file /etc/apache2/sites-available/wsgi-keystone.conf and append the following lines

Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>

Create a soft link for the conf file created just now, in the ‘sites-enabled’ directory

ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled

Export the variable to run initial keystone commands

export OS_TOKEN=ADMIN
export OS_URL=http://10.0.0.1:35357/v3
export OS_IDENTITY_API_VERSION=3

Create admin user, admin tenant, admin role and service tenant. Also add admin user to admin tenant and admin role.

openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne identity public http://10.0.0.1:5000/v2.0
openstack endpoint create --region RegionOne identity internal http://10.0.0.1:5000/v2.0
openstack endpoint create --region RegionOne identity admin http://10.0.0.1:35357/v2.0
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password-prompt admin
openstack role create admin
openstack role add --project admin --user admin admin
openstack project create --domain default --description "Service Project" service
unset OS_TOKEN OS_URL

Create a file named creds and add the following lines

export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN
export OS_AUTH_URL=http://10.0.0.1:35357/v3
export OS_IDENTITY_API_VERSION=3

Source the file

source creds

Test the keystone setup

openstack token issue

Glance (Image Store)

Install Glance

apt-get install -y glance python-glanceclient

Create database and credentials for Glance

mysql -u root -p
CREATE DATABASE glance;
GRANT ALL ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance_dbpass';
quit;

Create Keystone entries for glance

openstack user create --password-prompt glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image service" image
openstack endpoint create --region RegionOne image public http://10.0.0.1:9292
openstack endpoint create --region RegionOne image internal http://10.0.0.1:9292
openstack endpoint create --region RegionOne image admin http://10.0.0.1:9292

Edit /etc/glance/glance-api.conf and edit the following lines

[database]
...
connection = mysql+pymysql://glance:glance_dbpass@10.0.0.1/glance

[keystone_authtoken]
...
auth_uri = http://10.0.0.1:5000
auth_url = http://10.0.0.1:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = glance_pass

[paste_deploy]
...
flavor = keystone

[glance_store]
...
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

Edit /etc/glance/glance-registry.conf and edit the following lines as below

[database]
...
connection = mysql+pymysql://glance:glance_dbpass@10.0.0.1/glance

[keystone_authtoken]
...
auth_uri = http://10.0.0.1:5000
auth_url = http://10.0.0.1:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = glance_pass

[paste_deploy]
...
flavor = keystone

Restart Glance services

service glance-api restart
service glance-registry restart

Sync the database

glance-manage db_sync

Download a pre-bundled image for testing

wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress

Check the Glance installation using the following command

glance image-list

Nova (Compute)

Install the Nova services

apt-get install -y nova-compute sysfsutils nova-api nova-cert nova-conductor nova-consoleauth nova-novncproxy nova-scheduler python-novaclient nova-console qemu-kvm

Create database and credentials for Nova

mysql -u root -p
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova_dbpass';
quit

Create Keystone entries for Nova

openstack user create --domain default --password-prompt nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://10.0.0.1:8774/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute internal http://10.0.0.1:8774/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute admin http://10.0.0.1:8774/v2/%\(tenant_id\)s

Open /etc/nova/nova.conf and edit the file as follows

[DEFAULT]
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
libvirt_use_virtio_for_bridges=True
verbose=True
ec2_private_dns_show_ip=True
api_paste_config=/etc/nova/api-paste.ini
enabled_apis=ec2,osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 10.0.0.1
vnc_enabled = True
vncserver_listen = 10.0.0.1
vncserver_proxyclient_address = 10.0.0.1
novncproxy_base_url = http://10.0.0.1:6080/vnc_auto.html
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
scheduler_default_filters=AllHostsFilter

[database]
connection = mysql://nova:nova_dbpass@10.0.0.1/nova

[oslo_messaging_rabbit]
rabbit_host = 127.0.0.1
rabbit_userid = openstack
rabbit_password = rabbit_pass

[keystone_authtoken]
auth_uri = http://10.0.0.1:5000
auth_url = http://10.0.0.1:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = nova_pass
 
[glance]
host = 10.0.0.1

[oslo_concurrency]
lock_path = /var/lock/nova
 
[neutron]
service_metadata_proxy = True
metadata_proxy_shared_secret = openstack

url = http://10.0.0.1:9696
auth_strategy = keystone
admin_auth_url = http://10.0.0.1:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = neutron_pass
[cinder]
os_region_name = RegionOne

sync the Nova db

nova-manage db sync

Restart all nova services

service nova-api restart; service nova-cert restart; service nova-consoleauth restart; service nova-scheduler restart; service nova-conductor restart; service nova-novncproxy restart; service nova-compute restart; service nova-console restart

Test the Nova installation using the following command

nova-manage service list

The output should be something like this

Binary           Host                                 Zone             Status     State Updated_At
nova-cert        ubuntu-OS                            internal         enabled    :-)   2015-10-28 15:32:13
nova-consoleauth ubuntu-OS                            internal         enabled    :-)   2015-10-28 15:32:13
nova-scheduler   ubuntu-OS                            internal         enabled    :-)   2015-10-28 15:32:14
nova-conductor   ubuntu-OS                            internal         enabled    :-)   2015-10-28 15:32:14
nova-compute     ubuntu-OS                            nova             enabled    :-)   2015-10-28 15:32:15
nova-console     ubuntu-OS                            internal         enabled    :-)   2015-10-28 15:32:15

Also run the following command to check if nova is able to authenticate with keystone server

nova list

Neutron (Networking)

Install the Neutron services

apt-get install -y neutron-server neutron-plugin-openvswitch neutron-plugin-openvswitch-agent neutron-common neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent openvswitch-switch

Create database and credentials for Neutron

mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron_dbpass';
quit;

Create Keystone entries for Neutron

openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://10.0.0.1:9696
openstack endpoint create --region RegionOne network internal http://10.0.0.1:9696
openstack endpoint create --region RegionOne network admin http://10.0.0.1:9696

Edit /etc/neutron/neutron.conf and make the following changes in appropriate sections.

[DEFAULT]
...
core_plugin = ml2
service_plugins = router
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://10.0.0.1:8774/v2

[keystone_authtoken]
auth_uri = http://10.0.0.1:5000
auth_url = http://10.0.0.1:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron_pass

[database]
...
connection = mysql+pymysql://neutron:neutron_dbpass@10.0.0.1/neutron

 

[oslo_messaging_rabbit]
...
rabbit_host = 10.0.0.1
rabbit_userid = openstack
rabbit_password = rabbit_pass
[nova]
...
auth_url = http://10.0.0.1:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = nova_pass

Open /etc/neutron/plugins/ml2/ml2_conf.ini and make the following changes

[ml2]
type_drivers=flat,vlan
tenant_network_types=vlan,flat
mechanism_drivers=openvswitch
[ml2_type_flat]
flat_networks=External
[ml2_type_vlan]
network_vlan_ranges=Intnet1:100:200
[ml2_type_gre]
[ml2_type_vxlan]
[securitygroup]
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group=True
[ovs]
bridge_mappings=External:br-ex,Intnet1:br-eth1

We have created two physical networks one as a flat network and the other as a vlan network with vlan ranging from 100 to 200. We have mapped External network to br-ex and Intnet1 to br-eth1. Now Create bridges Note: The naming convention for the ethernet cards may also be like “p4p1”, “em1” from Ubuntu 14.04 LTS. You can use the appropriate interface names below instead of “eth1” and “eth2”.

ovs-vsctl add-br br-int
ovs-vsctl add-br br-eth1
ovs-vsctl add-br br-ex
ovs-vsctl add-port br-eth1 eth1
ovs-vsctl add-port br-ex eth2

According to our set up all traffic belonging to External network will be bridged to eth2 and all traffic of Intnet1 will be bridged to eth1. If you have only one interface(eth0) and would like to use it for all networking then please have a look at https://fosskb.in/2014/06/10/managing-openstack-internaldataexternal-network-in-one-interface.

Edit /etc/neutron/metadata_agent.ini to look like this

[DEFAULT]
auth_uri = http://10.0.0.1:5000
auth_url = http://10.0.0.1:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron_pass
....
nova_metadata_ip = 127.0.0.1
....
metadata_proxy_shared_secret = openstack

Edit /etc/neutron/dhcp_agent.ini to look like this

[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
use_namespaces = True
dnsmasq_dns_servers = 8.8.8.8

Edit /etc/neutron/l3_agent.ini to look like this

[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = True

Sync the db

neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade liberty

Restart all Neutron services

service neutron-server restart; service neutron-plugin-openvswitch-agent restart;service neutron-metadata-agent restart; service neutron-dhcp-agent restart; service neutron-l3-agent restart

Check if the services are running. Run the following command

neutron agent-list

The output should be like

+--------------------------------------+--------------------+--------+-------+----------------+
| id                                   | agent_type         | host   | alive | admin_state_up |
+--------------------------------------+--------------------+--------+-------+----------------+
| 01a5e70c-324a-4183-9652-6cc0e5c98499 | Metadata agent     | ubuntu | :-)   | True           |
| 17b9440b-50eb-48b7-80a8-a5bbabc47805 | DHCP agent         | ubuntu | :-)   | True           |
| c30869f2-aaca-4118-829d-a28c63a27aa4 | L3 agent           | ubuntu | :-)   | True           |
| f846440e-4ca6-4120-abe1-ffddaf1ab555 | Open vSwitch agent | ubuntu | :-)   | True           |
+--------------------------------------+--------------------+--------+-------+----------------+

Users who want to know what happens under the hood can read

  1. How neutron-openvswitch-agent provides L2 connectivity between Instances, DHCP servers and routers
  2. How neutron-l3-agent provides services like routing, natting, floatingIP and security groups
  3. See more of Linux networking capabilities

Cinder (Block storage)

Install Cinder services

apt-get install -y cinder-api cinder-scheduler cinder-volume lvm2 open-iscsi-utils open-iscsi iscsitarget sysfsutils python-cinderclient

Create database and credentials for Cinder

mysql -u root -p
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder_dbpass';
quit

Create Cinder related keystone entries

openstack user create --domain default --password-prompt cinder
openstack role add --project service --user cinder admin
openstack service create --name cinder --description "OpenStack Block Storage" volume
openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
openstack endpoint create --region RegionOne volume public http://10.0.0.1:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume admin http://10.0.0.1:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume internal http://10.0.0.1:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 public http://10.0.0.1:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://10.0.0.1:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://10.0.0.1:8776/v2/%\(tenant_id\)s

Edit /etc/cinder/cinder.conf and replace all the lines with the following.

[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
api_paste_confg = /etc/cinder/api-paste.ini
iscsi_helper = tgtadm
volume_name_template = volume-%s
volume_group = cinder-volumes
verbose = True
auth_strategy = keystone
state_path = /var/lib/cinder
lock_path = /var/lock/cinder
volumes_dir = /var/lib/cinder/volumes
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 10.0.0.1
enabled_backends = lvm
glance_host = 10.0.0.1

[database]
connection = mysql+pymysql://cinder:cinder_dbpass@10.0.0.1/cinder

[oslo_messaging_rabbit]
rabbit_host = 10.0.0.1
rabbit_userid = openstack
rabbit_password = rabbit_pass

[keystone_authtoken]
auth_uri = http://10.0.0.1:5000
auth_url = http://10.0.0.1:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = cinder
password = cinder_pass

[oslo_concurrency]
lock_path = /var/lib/cinder/tmp

[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = tgtadm

Sync the database

cinder-manage db sync

Create physical volume

pvcreate /dev/sdb

Create volume group named “cinder-volumes”

vgcreate cinder-volumes /dev/sdb

Restart all the Cinder services

service cinder-scheduler restart;service cinder-api restart;service cinder-volume restart;service tgt restart

Create a volume to test the setup

cinder create --display-name myVolume 1

List the volume created

+--------------------------------------+-----------+------------------+----------+------+-------------+----------+-------------+--------------------------------------+
|                  ID                  |   Status  | Migration Status |   Name   | Size | Volume Type | Bootable | Multiattach |             Attached to              |
+--------------------------------------+-----------+------------------+----------+------+-------------+----------+-------------+--------------------------------------+
| 535adcde-f206-4377-8875-4354e910a3e0 | available |        -         | myVolume |  1   |      -      |  false   |    False    |                                      |
+--------------------------------------+-----------+------------------+----------+------+-------------+----------+-------------+--------------------------------------+

Horizon (OpenStack Dashboard)

Install OpenStack Web UI using the following command.

apt-get install -y openstack-dashboard

After installing login using the following credentials

URL     : http://10.0.0.1/horizon
Username: admin
Password: ADMIN

Use the following link to get started with the first instance on OpenStack.

Procedure to get started with the first instance on OpenStack

Advertisements

8 thoughts on “OpenStack Liberty on Ubuntu 14.04 and Ubuntu 15.10 – Single machine setup

  1. I got following error with this command “sudo add-apt-repository cloud-archive:liberty”

    cloud-archive for Liberty only supported on trusty
    I am installing OpenStack on ubuntu 15.10 Codename: wily

  2. problem after commande keystone-manage db_sync
    sql connection failed
    c’ant connected au serveur mysql on 192.168.1.14 [Errno 111] connection refused

  3. Hello,

    Im getting this error when executing the section:

    Create admin user, admin tenant, admin role and service tenant. Also add admin user to admin tenant and admin role.

    Error:
    Missing parameter(s):
    Set a username with –os-username, OS_USERNAME, or auth.username
    Set an authentication URL, with –os-auth-url, OS_AUTH_URL or auth.auth_url
    Set a scope, such as a project or domain, set a project scope with –os-project-name, OS_PROJECT_NAME or auth.project_name, set a domain scope with –os-domain-name, OS_DOMAIN_NAME or auth.domain_name

  4. Your tuts regarding openstack installation on single server rocks!

    I couldn’t however get neutron to work well 😦

    Have you any extra configuration to make it work? like interfaces config ?

    Regads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s