Install Ubuntu with partitioning scheme as per your requirements. Note: Run all the commands as super-user. We assume that the IP of the Single machine is 10.0.0.1.
Configure the repositories and update the packages.
This step is needed only if the OS is Ubuntu 14.04 LTS. You can skip the repository configuration if the OS is Ubuntu 15.10
apt-get update && apt-get -y dist-upgrade add-apt-repository cloud-archive:liberty
Update the packages.
apt-get update && apt-get -y dist-upgrade
Note: Reboot is needed only if kernel is updated
reboot
Support packages
RaabitMQ server
apt-get install -y rabbitmq-server
Create a new user named ‘openstack’ and set necessary permissions for it.
rabbitmqctl add_user openstack rabbit_pass rabbitmqctl set_permissions openstack ".*" ".*" ".*"
MariaDB server
Install MariaDB server and related software
apt-get install -y mariadb-server python-pymysql
Create a new file /etc/mysql/conf.d/mysqld_openstack.cnf and edit the following lines as follows
[mysqld] ... bind-address = 0.0.0.0 default-storage-engine = innodb innodb_file_per_table collation-server = utf8_general_ci init-connect = 'SET NAMES utf8' character-set-server = utf8
Restart MariaDB service
service mysql restart
Other Configuration
Edit the following lines in the file /etc/sysctl.conf
net.ipv4.ip_forward=1 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0
Load the values
sysctl -p
Keystone (Identity)
Install keystone
apt-get install -y keystone apache2 libapache2-mod-wsgi memcached python-memcache python-openstackclient
Create mysql database named keystone and add credentials
mysql -u root -p CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone_dbpass'; quit
Edit the file /etc/keystone/keystone.conf and make the following changes
[DEFAULT] ... admin_token = ADMIN [database] ... connection = mysql+pymysql://keystone:keystone_dbpass@10.0.0.1/keystone [memcache] ... servers = localhost:11211 [token] ... provider = uuid driver = memcache [revoke] ... driver = sql
And comment the following line
connection = sqlite:////var/lib/keystone/keystone.db
Stop Keystone from automatically starting after reboot
echo "manual" > /etc/init/keystone.override
Sync the database
keystone-manage db_sync
Create a new file /etc/apache2/sites-available/wsgi-keystone.conf and append the following lines
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
Create a soft link for the conf file created just now, in the ‘sites-enabled’ directory
ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled
Export the variable to run initial keystone commands
export OS_TOKEN=ADMIN export OS_URL=http://10.0.0.1:35357/v3 export OS_IDENTITY_API_VERSION=3
Create admin user, admin tenant, admin role and service tenant. Also add admin user to admin tenant and admin role.
openstack service create --name keystone --description "OpenStack Identity" identity openstack endpoint create --region RegionOne identity public http://10.0.0.1:5000/v2.0 openstack endpoint create --region RegionOne identity internal http://10.0.0.1:5000/v2.0 openstack endpoint create --region RegionOne identity admin http://10.0.0.1:35357/v2.0 openstack project create --domain default --description "Admin Project" admin openstack user create --domain default --password-prompt admin openstack role create admin openstack role add --project admin --user admin admin openstack project create --domain default --description "Service Project" service
unset OS_TOKEN OS_URL
Create a file named creds and add the following lines
export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=admin export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN export OS_AUTH_URL=http://10.0.0.1:35357/v3 export OS_IDENTITY_API_VERSION=3
Source the file
source creds
Test the keystone setup
openstack token issue
Glance (Image Store)
Install Glance
apt-get install -y glance python-glanceclient
Create database and credentials for Glance
mysql -u root -p CREATE DATABASE glance; GRANT ALL ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance_dbpass'; quit;
Create Keystone entries for glance
openstack user create --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description "OpenStack Image service" image openstack endpoint create --region RegionOne image public http://10.0.0.1:9292 openstack endpoint create --region RegionOne image internal http://10.0.0.1:9292 openstack endpoint create --region RegionOne image admin http://10.0.0.1:9292
Edit /etc/glance/glance-api.conf and edit the following lines
[database] ... connection = mysql+pymysql://glance:glance_dbpass@10.0.0.1/glance [keystone_authtoken] ... auth_uri = http://10.0.0.1:5000 auth_url = http://10.0.0.1:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = glance password = glance_pass [paste_deploy] ... flavor = keystone [glance_store] ... default_store = file filesystem_store_datadir = /var/lib/glance/images/
Edit /etc/glance/glance-registry.conf and edit the following lines as below
[database] ... connection = mysql+pymysql://glance:glance_dbpass@10.0.0.1/glance [keystone_authtoken] ... auth_uri = http://10.0.0.1:5000 auth_url = http://10.0.0.1:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = glance password = glance_pass [paste_deploy] ... flavor = keystone
Restart Glance services
service glance-api restart service glance-registry restart
Sync the database
glance-manage db_sync
Download a pre-bundled image for testing
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress
Check the Glance installation using the following command
glance image-list
Nova (Compute)
Install the Nova services
apt-get install -y nova-compute sysfsutils nova-api nova-cert nova-conductor nova-consoleauth nova-novncproxy nova-scheduler python-novaclient nova-console qemu-kvm
Create database and credentials for Nova
mysql -u root -p CREATE DATABASE nova; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova_dbpass'; quit
Create Keystone entries for Nova
openstack user create --domain default --password-prompt nova openstack role add --project service --user nova admin openstack service create --name nova --description "OpenStack Compute" compute openstack endpoint create --region RegionOne compute public http://10.0.0.1:8774/v2/%\(tenant_id\)s openstack endpoint create --region RegionOne compute internal http://10.0.0.1:8774/v2/%\(tenant_id\)s openstack endpoint create --region RegionOne compute admin http://10.0.0.1:8774/v2/%\(tenant_id\)s
Open /etc/nova/nova.conf and edit the file as follows
[DEFAULT] dhcpbridge_flagfile=/etc/nova/nova.conf dhcpbridge=/usr/bin/nova-dhcpbridge logdir=/var/log/nova state_path=/var/lib/nova lock_path=/var/lock/nova force_dhcp_release=True libvirt_use_virtio_for_bridges=True verbose=True ec2_private_dns_show_ip=True api_paste_config=/etc/nova/api-paste.ini enabled_apis=ec2,osapi_compute,metadata rpc_backend = rabbit auth_strategy = keystone my_ip = 10.0.0.1 vnc_enabled = True vncserver_listen = 10.0.0.1 vncserver_proxyclient_address = 10.0.0.1 novncproxy_base_url = http://10.0.0.1:6080/vnc_auto.html network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver scheduler_default_filters=AllHostsFilter [database] connection = mysql://nova:nova_dbpass@10.0.0.1/nova [oslo_messaging_rabbit] rabbit_host = 127.0.0.1 rabbit_userid = openstack rabbit_password = rabbit_pass [keystone_authtoken] auth_uri = http://10.0.0.1:5000 auth_url = http://10.0.0.1:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = nova password = nova_pass [glance] host = 10.0.0.1 [oslo_concurrency] lock_path = /var/lock/nova [neutron] service_metadata_proxy = True metadata_proxy_shared_secret = openstack url = http://10.0.0.1:9696 auth_strategy = keystone admin_auth_url = http://10.0.0.1:35357/v2.0 admin_tenant_name = service admin_username = neutron admin_password = neutron_pass [cinder] os_region_name = RegionOne
sync the Nova db
nova-manage db sync
Restart all nova services
service nova-api restart; service nova-cert restart; service nova-consoleauth restart; service nova-scheduler restart; service nova-conductor restart; service nova-novncproxy restart; service nova-compute restart; service nova-console restart
Test the Nova installation using the following command
nova-manage service list
The output should be something like this
Binary Host Zone Status State Updated_At nova-cert ubuntu-OS internal enabled :-) 2015-10-28 15:32:13 nova-consoleauth ubuntu-OS internal enabled :-) 2015-10-28 15:32:13 nova-scheduler ubuntu-OS internal enabled :-) 2015-10-28 15:32:14 nova-conductor ubuntu-OS internal enabled :-) 2015-10-28 15:32:14 nova-compute ubuntu-OS nova enabled :-) 2015-10-28 15:32:15 nova-console ubuntu-OS internal enabled :-) 2015-10-28 15:32:15
Also run the following command to check if nova is able to authenticate with keystone server
nova list
Neutron (Networking)
Install the Neutron services
apt-get install -y neutron-server neutron-plugin-openvswitch neutron-plugin-openvswitch-agent neutron-common neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent openvswitch-switch
Create database and credentials for Neutron
mysql -u root -p CREATE DATABASE neutron; GRANT ALL ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron_dbpass'; quit;
Create Keystone entries for Neutron
openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description "OpenStack Networking" network openstack endpoint create --region RegionOne network public http://10.0.0.1:9696 openstack endpoint create --region RegionOne network internal http://10.0.0.1:9696 openstack endpoint create --region RegionOne network admin http://10.0.0.1:9696
Edit /etc/neutron/neutron.conf and make the following changes in appropriate sections.
[DEFAULT] ... core_plugin = ml2 service_plugins = router rpc_backend = rabbit auth_strategy = keystone notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://10.0.0.1:8774/v2 [keystone_authtoken] auth_uri = http://10.0.0.1:5000 auth_url = http://10.0.0.1:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron_pass [database] ... connection = mysql+pymysql://neutron:neutron_dbpass@10.0.0.1/neutron [oslo_messaging_rabbit] ... rabbit_host = 10.0.0.1 rabbit_userid = openstack rabbit_password = rabbit_pass [nova] ... auth_url = http://10.0.0.1:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = nova password = nova_pass
Open /etc/neutron/plugins/ml2/ml2_conf.ini and make the following changes
[ml2] type_drivers=flat,vlan tenant_network_types=vlan,flat mechanism_drivers=openvswitch [ml2_type_flat] flat_networks=External [ml2_type_vlan] network_vlan_ranges=Intnet1:100:200 [ml2_type_gre] [ml2_type_vxlan] [securitygroup] firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_security_group=True [ovs] bridge_mappings=External:br-ex,Intnet1:br-eth1
We have created two physical networks one as a flat network and the other as a vlan network with vlan ranging from 100 to 200. We have mapped External network to br-ex and Intnet1 to br-eth1. Now Create bridges Note: The naming convention for the ethernet cards may also be like “p4p1”, “em1” from Ubuntu 14.04 LTS. You can use the appropriate interface names below instead of “eth1” and “eth2”.
ovs-vsctl add-br br-int ovs-vsctl add-br br-eth1 ovs-vsctl add-br br-ex ovs-vsctl add-port br-eth1 eth1 ovs-vsctl add-port br-ex eth2
According to our set up all traffic belonging to External network will be bridged to eth2 and all traffic of Intnet1 will be bridged to eth1. If you have only one interface(eth0) and would like to use it for all networking then please have a look at https://fosskb.in/2014/06/10/managing-openstack-internaldataexternal-network-in-one-interface.
Edit /etc/neutron/metadata_agent.ini to look like this
[DEFAULT] auth_uri = http://10.0.0.1:5000 auth_url = http://10.0.0.1:35357 auth_region = RegionOne auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron_pass .... nova_metadata_ip = 127.0.0.1 .... metadata_proxy_shared_secret = openstack
Edit /etc/neutron/dhcp_agent.ini to look like this
[DEFAULT] interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq use_namespaces = True dnsmasq_dns_servers = 8.8.8.8
Edit /etc/neutron/l3_agent.ini to look like this
[DEFAULT] interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver use_namespaces = True
Sync the db
neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade liberty
Restart all Neutron services
service neutron-server restart; service neutron-plugin-openvswitch-agent restart;service neutron-metadata-agent restart; service neutron-dhcp-agent restart; service neutron-l3-agent restart
Check if the services are running. Run the following command
neutron agent-list
The output should be like
+--------------------------------------+--------------------+--------+-------+----------------+ | id | agent_type | host | alive | admin_state_up | +--------------------------------------+--------------------+--------+-------+----------------+ | 01a5e70c-324a-4183-9652-6cc0e5c98499 | Metadata agent | ubuntu | :-) | True | | 17b9440b-50eb-48b7-80a8-a5bbabc47805 | DHCP agent | ubuntu | :-) | True | | c30869f2-aaca-4118-829d-a28c63a27aa4 | L3 agent | ubuntu | :-) | True | | f846440e-4ca6-4120-abe1-ffddaf1ab555 | Open vSwitch agent | ubuntu | :-) | True | +--------------------------------------+--------------------+--------+-------+----------------+
Users who want to know what happens under the hood can read
- How neutron-openvswitch-agent provides L2 connectivity between Instances, DHCP servers and routers
- How neutron-l3-agent provides services like routing, natting, floatingIP and security groups
- See more of Linux networking capabilities
Cinder (Block storage)
Install Cinder services
apt-get install -y cinder-api cinder-scheduler cinder-volume lvm2 open-iscsi-utils open-iscsi iscsitarget sysfsutils python-cinderclient
Create database and credentials for Cinder
mysql -u root -p CREATE DATABASE cinder; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder_dbpass'; quit
Create Cinder related keystone entries
openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinder --description "OpenStack Block Storage" volume openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2 openstack endpoint create --region RegionOne volume public http://10.0.0.1:8776/v1/%\(tenant_id\)s openstack endpoint create --region RegionOne volume admin http://10.0.0.1:8776/v1/%\(tenant_id\)s openstack endpoint create --region RegionOne volume internal http://10.0.0.1:8776/v1/%\(tenant_id\)s openstack endpoint create --region RegionOne volumev2 public http://10.0.0.1:8776/v2/%\(tenant_id\)s openstack endpoint create --region RegionOne volumev2 admin http://10.0.0.1:8776/v2/%\(tenant_id\)s openstack endpoint create --region RegionOne volumev2 internal http://10.0.0.1:8776/v2/%\(tenant_id\)s
Edit /etc/cinder/cinder.conf and replace all the lines with the following.
[DEFAULT] rootwrap_config = /etc/cinder/rootwrap.conf api_paste_confg = /etc/cinder/api-paste.ini iscsi_helper = tgtadm volume_name_template = volume-%s volume_group = cinder-volumes verbose = True auth_strategy = keystone state_path = /var/lib/cinder lock_path = /var/lock/cinder volumes_dir = /var/lib/cinder/volumes rpc_backend = rabbit auth_strategy = keystone my_ip = 10.0.0.1 enabled_backends = lvm glance_host = 10.0.0.1 [database] connection = mysql+pymysql://cinder:cinder_dbpass@10.0.0.1/cinder [oslo_messaging_rabbit] rabbit_host = 10.0.0.1 rabbit_userid = openstack rabbit_password = rabbit_pass [keystone_authtoken] auth_uri = http://10.0.0.1:5000 auth_url = http://10.0.0.1:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = cinder password = cinder_pass [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes iscsi_protocol = iscsi iscsi_helper = tgtadm
Sync the database
cinder-manage db sync
Create physical volume
pvcreate /dev/sdb
Create volume group named “cinder-volumes”
vgcreate cinder-volumes /dev/sdb
Restart all the Cinder services
service cinder-scheduler restart;service cinder-api restart;service cinder-volume restart;service tgt restart
Create a volume to test the setup
cinder create --display-name myVolume 1
List the volume created
+--------------------------------------+-----------+------------------+----------+------+-------------+----------+-------------+--------------------------------------+ | ID | Status | Migration Status | Name | Size | Volume Type | Bootable | Multiattach | Attached to | +--------------------------------------+-----------+------------------+----------+------+-------------+----------+-------------+--------------------------------------+ | 535adcde-f206-4377-8875-4354e910a3e0 | available | - | myVolume | 1 | - | false | False | | +--------------------------------------+-----------+------------------+----------+------+-------------+----------+-------------+--------------------------------------+
Horizon (OpenStack Dashboard)
Install OpenStack Web UI using the following command.
apt-get install -y openstack-dashboard
After installing login using the following credentials
URL : http://10.0.0.1/horizon Username: admin Password: ADMIN
Use the following link to get started with the first instance on OpenStack.
Procedure to get started with the first instance on OpenStack
I got following error with this command “sudo add-apt-repository cloud-archive:liberty”
cloud-archive for Liberty only supported on trusty
I am installing OpenStack on ubuntu 15.10 Codename: wily
problem after commande keystone-manage db_sync
sql connection failed
c’ant connected au serveur mysql on 192.168.1.14 [Errno 111] connection refused
got same error
Hello,
Im getting this error when executing the section:
Create admin user, admin tenant, admin role and service tenant. Also add admin user to admin tenant and admin role.
Error:
Missing parameter(s):
Set a username with –os-username, OS_USERNAME, or auth.username
Set an authentication URL, with –os-auth-url, OS_AUTH_URL or auth.auth_url
Set a scope, such as a project or domain, set a project scope with –os-project-name, OS_PROJECT_NAME or auth.project_name, set a domain scope with –os-domain-name, OS_DOMAIN_NAME or auth.domain_name
Depois que adaptei esses comando em uma instalação que eu já tenho, não esta aceitando nem a conexão ssh
Have any wiki on how to make multi node
Your tuts regarding openstack installation on single server rocks!
I couldn’t however get neutron to work well 😦
Have you any extra configuration to make it work? like interfaces config ?
Regads
I love Liberty ( Openstack )