The OpenStack project is an open source cloud computing platform for all types of clouds, which aims to be simple to implement, massively scalable, and feature rich. Developers and cloud computing technologists from around the world create the OpenStack project.
OpenStack provides an Infrastructure as a Service (IaaS) solution through a set of interrelated services. Each service offers an application programming interface (API) that facilitates this integration. Depending on your needs, you can install some or all services.
Dashboard ---Horizon
Compute ---Nova
Networking ---Neutron
Object Storage ---Swift
Block Storage ---Cinder
Identity Service---Keystone
Image Service ---Glance
Telemetry ---Ceilometer
Orchestration ---Heat
Dashboard : Horizon Provides a web-based self-service portal to interact with underlying OpenStack services, such as launching an instance, assigning IP addresses and configuring access controls.
Compute : Nova Manages the lifecycle of compute instances in an OpenStack environment. Responsibilities include spawning, scheduling and decomissioning of machines on demand.
Networking : Neutron Enables network connectivity as a service for other OpenStack services, such as OpenStack Compute. Provides an API for users to define networks and the attachments into them. Has a pluggable architecture that supports many popular networking vendors and technologies.
Storage
Object Storage : Swift Stores and retrieves arbitrary unstructured data objects via a RESTful, HTTP based API. It is highly fault tolerant with its data replication and scale out architecture. Its implementation is not like a file server with mountable directories.
Block Storage : Cinder Provides persistent block storage to running instances. Its pluggable driver architecture facilitates the creation and management of block storage devices.
Shared services
Identity Service : Keystone Provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
Image Service : Glance Stores and retrieves virtual machine disk images. OpenStack Compute makes use of this during instance provisioning.
Telemetry : Ceilometer Monitors and meters the OpenStack cloud for billing, benchmarking, scalability, and statistical purposes.
Higher-level services
Orchestration : Heat Orchestrates multiple composite cloud applications by using either the native HOT template format or the AWS CloudFormation template format, through both an OpenStack-native REST API and a CloudFormation-compatible Query API.
Please run a 64 bit Os in your compute node, else you will be having issue while creating Vm running 64 bit Os.
Steps Need to Done on the Controller Server
Networking
service iptables stop
chkconfig iptables off
/etc/sysconfig/network-scripts/ifcfg-eth0
# Internal Network
DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=static
IPADDR=192.168.0.10
NETMASK=255.255.255.0
DEFROUTE=yes
ONBOOT=yes
/etc/sysconfig/network-scripts/ifcfg-eth1
# External Network
DEVICE=eth1
TYPE=Ethernet
BOOTPROTO=static
IPADDR=10.0.0.10
NETMASK=255.255.255.0
DEFROUTE=yes
ONBOOT=yes
service network restart
yum -y install policycoreutils setroubleshoot
setenforce 0
yum install -y euca2ools
yum install -y yum-plugin-priorities gedit curl wget nc
Setting Hostname
echo " HOSTNAME=controller" > /etc/hostname
cat /etc/hostname
echo "\n142.0.42.46 controller" >> /etc/hosts
cat /etc/hosts
hostname controller
hostname
ping -c 3 controller
Installing Ntpd Server
yum -y install ntp
service ntpd start
chkconfig ntpd on
Installing Mysql Server
yum -y install mysql mysql-server MySQL-python
service mysqld start
chkconfig mysqld on
mysql_install_db
mysql_secure_installation
set and remember the mysql root password, it will be needed through out further installation.
Installing OpenStack Yum Repos
rpm -ivUh http://repos.fedorapeople.org/repos/openstack/openstack-havana/rdo-release-havana-6.noarch.rpm
rpm -ivUh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Installing OpenStack Packages
yum -y install openstack-utils
yum -y install openstack-selinux
yum -y install qpid-cpp-server memcached
vi /etc/qpidd.conf
auth=no
service qpidd start
chkconfig qpidd on
Installing And Configuring KeyStone
yum -y install openstack-keystone python-keystoneclient
The Identity Service uses a database to store information. Specify the location of the database in the configuration file. In this guide, we use a MySQL database on the controller node with the username keystone.
openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:password@controller/keystone
Use the openstack-db command to create the database and tables, as well as a database user called keystone to connect to the database.
openstack-db --init --service keystone --password password
Define an authorization token to use as a shared secret between the Identity Service and other OpenStack services. Use openssl to generate a random token and store it in the configuration file:
ADMIN_TOKEN=$(openssl rand -hex 10)
echo $ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
By default, Keystone uses PKI tokens. Create the signing keys and certificates:
chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone.log
service openstack-keystone start
chkconfig openstack-keystone on
Define users, tenants, and roles
export OS_SERVICE_TOKEN=$ADMIN_TOKEN
export OS_SERVICE_ENDPOINT=http://142.0.42.46:35357/v2.0
keystone tenant-create --name=admin --description="Admin Tenant"
keystone tenant-create --name=service --description="Service Tenant"
keystone user-create --name=admin --pass=password
keystone role-create --name=admin
keystone user-role-add --user=admin --tenant=admin --role=admin
[root@server ~]# keystone tenant-create --name=admin --description="Admin Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Admin Tenant |
| enabled | True |
| id | 56b2c2009ac4402996df23f85587eb60 |
| name | admin |
+-------------+----------------------------------+
[root@server ~]# keystone tenant-create --name=service --description="Service Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Service Tenant |
| enabled | True |
| id | 48606f4b78024ba5b34f1854154be27e |
| name | service |
+-------------+----------------------------------+
[root@server ~]# keystone user-create --name=admin --pass=password
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 72d9b80b1e464558ab9f563241106a69 |
| name | admin |
+----------+----------------------------------+
[root@server ~]# keystone role-create --name=admin
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | ba0ed19af57f4122b4c43c8868bfb47c |
| name | admin |
+----------+----------------------------------+
[root@server ~]# keystone user-role-add --user=admin --tenant=admin --role=admin
Define services and API endpoints
keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
keystone endpoint-create --service-id=the_service_id_above --publicurl=http://142.0.42.46:5000/v2.0 --internalurl=http://142.0.42.46:5000/v2.0 --adminurl=http://142.0.42.46:35357/v2.0
[root@server ~]# keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Keystone Identity Service |
| id | 05c8b4bcd2b44b59a5f8a3a8cde43c2e |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
[root@server ~]# keystone endpoint-create --service-id=05c8b4bcd2b44b59a5f8a3a8cde43c2e --publicurl=http://142.0.42.46:5000/v2.0 --internalurl=http://142.0.42.46:5000/v2.0 --adminurl=http://142.0.42.46:35357/v2.0
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://142.0.42.46:35357/v2.0 |
| id | c91bacef4e0549709109d102d26d940e |
| internalurl | http://142.0.42.46:5000/v2.0 |
| publicurl | http://142.0.42.46:5000/v2.0 |
| region | regionOne |
| service_id | 05c8b4bcd2b44b59a5f8a3a8cde43c2e |
+-------------+----------------------------------+
[root@server ~]#
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
keystone --os-username=admin --os-password=password --os-auth-url=http://142.0.42.46:35357/v2.0 token-get
keystone --os-username=admin --os-password=password --os-tenant-name=admin --os-auth-url=http://142.0.42.46:35357/v2.0 token-get
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://142.0.42.46:35357/v2.0
keystone token-get
keystone user-list
+----------------------------------+-------+---------+-------+
| id | name | enabled | email |
+----------------------------------+-------+---------+-------+
| 72d9b80b1e464558ab9f563241106a69 | admin | True | |
+----------------------------------+-------+---------+-------+
[root@server ~]#
Install and Configure the Image Service
openstack-config --set /etc/glance/glance-api.conf sql connection mysql://glance:password@controller/glance
openstack-config --set /etc/glance/glance-registry.conf sql connection mysql://glance:password@controller/glance
openstack-db --init --service glance --password password
keystone user-create --name=glance --pass=password
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 903ccd5db7da45d9a15a52f37634652f |
| name | glance |
+----------+----------------------------------+
keystone user-role-add --user=glance --tenant=service --role=admin
Configure the Image Service to use the Identity Service for authentication.
Run the following commands and replace Password with the password you chose for the
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://142.0.42.46:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host controller
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password password
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://142.0.42.46:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host controller
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password password
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
On CentOS
cp /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini
cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini
Edit each file to set the following options in the [filter:authtoken] section and leave any other existing option as it is.
[filter:authtoken]
paste.filter_factory=keystoneclient.middleware.auth_token:filter_factory
auth_host=controller
admin_user=glance
admin_tenant_name=service
admin_password=GLANCE_PASS
keystone service-create --name=glance --type=image --description="Glance Image Service"
keystone endpoint-create --service-id=the_service_id_above --publicurl=http://142.0.42.46:9292 --internalurl=http://142.0.42.46:9292 --adminurl=http://142.0.42.46:9292
Output
[root@server ~]# keystone service-create --name=glance --type=image --description="Glance Image Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Glance Image Service |
| id | 75a7bef17f9b4329bb84aab14e3a01ae |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@server ~]# keystone endpoint-create --service-id=75a7bef17f9b4329bb84aab14e3a01ae --publicurl=http://142.0.42.46:9292 --internalurl=http://142.0.42.46:9292 --adminurl=http://142.0.42.46:9292
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://142.0.42.46:9292 |
| id | 10fb121e1190488a85341fe34d567c36 |
| internalurl | http://142.0.42.46:9292 |
| publicurl | http://142.0.42.46:9292 |
| region | regionOne |
| service_id | 75a7bef17f9b4329bb84aab14e3a01ae |
+-------------+----------------------------------+
[root@server ~]#
service openstack-glance-api start
service openstack-glance-registry start
chkconfig openstack-glance-api on
chkconfig openstack-glance-registry on
Verify the Image Service installation
mkdir images
cd images/
wget http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
glance image-create --name="CirrOS 0.3.1" --disk-format=qcow2 --container-format=bare --is-public=true < cirros-0.3.1-x86_64-disk.img
glance image-list
[root@server ~]# cd images/
[root@server images]# wget http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
--2014-02-27 11:48:30-- http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
Resolving cdn.download.cirros-cloud.net... 204.188.136.134, 204.188.136.74, 2001:559:0:5a::1743:3c82, ...
Connecting to cdn.download.cirros-cloud.net|204.188.136.134|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 13147648 (13M) [application/octet-stream]
Saving to: “cirros-0.3.1-x86_64-disk.img”
100%[===========================================================================================================>] 13,147,648 10.1M/s in 1.2s
2014-02-27 11:48:32 (10.1 MB/s) - “cirros-0.3.1-x86_64-disk.img” saved [13147648/13147648]
[root@server images]# glance image-create --name="CirrOS 0.3.1" --disk-format=qcow2 --container-format=bare --is-public=true < cirros-0.3.1-x86_64-disk.img
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | d972013792949d0d3ba628fbe8685bce |
| container_format | bare |
| created_at | 2014-02-27T16:50:47 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | 886c9f6a-f38c-491d-a2b4-220cf90bd064 |
| is_public | True |
| min_disk | 0 |
| min_ram | 0 |
| name | CirrOS 0.3.1 |
| owner | 56b2c2009ac4402996df23f85587eb60 |
| protected | False |
| size | 13147648 |
| status | active |
| updated_at | 2014-02-27T16:50:48 |
+------------------+--------------------------------------+
[root@server images]# glance image-list
+--------------------------------------+--------------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+--------------+-------------+------------------+----------+--------+
| 886c9f6a-f38c-491d-a2b4-220cf90bd064 | CirrOS 0.3.1 | qcow2 | bare | 13147648 | active |
+--------------------------------------+--------------+-------------+------------------+----------+--------+
[root@server images]#
Install And Configure Compute controller service
yum -y install openstack-glance
openstack-config --set /etc/glance/glance-api.conf sql connection mysql://glance:password@controller/glance
openstack-config --set /etc/glance/glance-registry.conf sql connection mysql://glance:password@controller/glance
openstack-db --init --service glance --password password
Set the my_ip, vncserver_listen, and vncserver_proxyclient_address configuration options to the internal IP address of the controller node:
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 142.0.42.46
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 142.0.42.46
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 142.0.42.46
keystone user-create --name=nova --pass=password
keystone user-role-add --user=nova --tenant=service --role=admin
Configure Compute to use these credentials with the Identity Service running on the controller. Replace password with your Compute password.
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password password
Add the credentials to the /etc/nova/api-paste.ini file. Add these options to the [filter:authtoken] section:
You might sometimes have to edit .ini files during initial setup. However, do not edit these files for general configuration tasks.
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = controller
auth_port = 35357
auth_protocol = http
auth_uri = http://controller:5000/v2.0
admin_tenant_name = service
admin_user = nova
admin_password = password
Ensure that the api_paste_config=/etc/nova/api-paste.ini option is set in the /etc/nova/nova.conf file.
keystone service-create --name=nova --type=compute --description="Nova Compute service"
keystone endpoint-create --service-id=the_service_id_above --publicurl=http://controller:8774/v2/%\(tenant_id\)s --internalurl=http://controller:8774/v2/%\(tenant_id\)s --adminurl=http://controller:8774/v2/%\(tenant_id\)s
service openstack-nova-api start
service openstack-nova-cert start
service openstack-nova-consoleauth start
service openstack-nova-scheduler start
service openstack-nova-conductor start
service openstack-nova-novncproxy start
chkconfig openstack-nova-api on
chkconfig openstack-nova-cert on
chkconfig openstack-nova-consoleauth on
chkconfig openstack-nova-scheduler on
chkconfig openstack-nova-conductor on
chkconfig openstack-nova-novncproxy on
nova image-list
+--------------------------------------+--------------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+--------------+--------+--------+
| 886c9f6a-f38c-491d-a2b4-220cf90bd064 | CirrOS 0.3.1 | ACTIVE | |
+--------------------------------------+--------------+--------+--------+
[root@server images]#
Installing And Configuring the dashboard
yum -y install memcached python-memcached mod_wsgi openstack-dashboard
Update the ALLOWED_HOSTS in local_settings.py to include the addresses you wish to access the dashboard from.
Edit /etc/openstack-dashboard/local_settings:
ALLOWED_HOSTS = ['localhost', 'my-desktop', '*']
This guide assumes that you are running the Dashboard on the controller node. You can easily run the dashboard on a separate server, by changing the appropriate settings in local_settings.py.
Edit /etc/openstack-dashboard/local_settings and change OPENSTACK_HOST to the hostname of your Identity Service:
OPENSTACK_HOST = "controller"
Start the Apache web server and memcached:
service httpd start
service memcached start
chkconfig httpd on
chkconfig memcached on
You can now access the dashboard at http://controller/dashboard .
Configure a Compute node
yum -y install openstack-nova-compute
Edit the /etc/nova/nova.conf configuration file:
# openstack-config --set /etc/nova/nova.conf database connection mysql://nova:NOVA_DBPASS@controller/nova
# openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password NOVA_PASS
Configure Compute to provide remote console access to instances.
# openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.0.11
# openstack-config --set /etc/nova/nova.conf DEFAULT vnc_enabled True
# openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 0.0.0.0
# openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 192.168.0.11
# openstack-config --set /etc/nova/nova.conf \
DEFAULT novncproxy_base_url http://controller:6080/vnc_auto.html
Specify the host that runs the Image Service.
# openstack-config --set /etc/nova/nova.conf DEFAULT glance_host controller
Edit the /etc/nova/api-paste.ini file to add the credentials to the [filter:authtoken] section
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = NOVA_PASS
Start the Compute service and configure it to start when the system boots.
# service libvirtd start
# service messagebus start
# chkconfig libvirtd on
# chkconfig messagebus on
# service openstack-nova-compute start
# chkconfig openstack-nova-compute on
OpenStack provides an Infrastructure as a Service (IaaS) solution through a set of interrelated services. Each service offers an application programming interface (API) that facilitates this integration. Depending on your needs, you can install some or all services.
Dashboard ---Horizon
Compute ---Nova
Networking ---Neutron
Object Storage ---Swift
Block Storage ---Cinder
Identity Service---Keystone
Image Service ---Glance
Telemetry ---Ceilometer
Orchestration ---Heat
Dashboard : Horizon Provides a web-based self-service portal to interact with underlying OpenStack services, such as launching an instance, assigning IP addresses and configuring access controls.
Compute : Nova Manages the lifecycle of compute instances in an OpenStack environment. Responsibilities include spawning, scheduling and decomissioning of machines on demand.
Networking : Neutron Enables network connectivity as a service for other OpenStack services, such as OpenStack Compute. Provides an API for users to define networks and the attachments into them. Has a pluggable architecture that supports many popular networking vendors and technologies.
Storage
Object Storage : Swift Stores and retrieves arbitrary unstructured data objects via a RESTful, HTTP based API. It is highly fault tolerant with its data replication and scale out architecture. Its implementation is not like a file server with mountable directories.
Block Storage : Cinder Provides persistent block storage to running instances. Its pluggable driver architecture facilitates the creation and management of block storage devices.
Shared services
Identity Service : Keystone Provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
Image Service : Glance Stores and retrieves virtual machine disk images. OpenStack Compute makes use of this during instance provisioning.
Telemetry : Ceilometer Monitors and meters the OpenStack cloud for billing, benchmarking, scalability, and statistical purposes.
Higher-level services
Orchestration : Heat Orchestrates multiple composite cloud applications by using either the native HOT template format or the AWS CloudFormation template format, through both an OpenStack-native REST API and a CloudFormation-compatible Query API.
Please run a 64 bit Os in your compute node, else you will be having issue while creating Vm running 64 bit Os.
Steps Need to Done on the Controller Server
Networking
service iptables stop
chkconfig iptables off
/etc/sysconfig/network-scripts/ifcfg-eth0
# Internal Network
DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=static
IPADDR=192.168.0.10
NETMASK=255.255.255.0
DEFROUTE=yes
ONBOOT=yes
/etc/sysconfig/network-scripts/ifcfg-eth1
# External Network
DEVICE=eth1
TYPE=Ethernet
BOOTPROTO=static
IPADDR=10.0.0.10
NETMASK=255.255.255.0
DEFROUTE=yes
ONBOOT=yes
service network restart
yum -y install policycoreutils setroubleshoot
setenforce 0
yum install -y euca2ools
yum install -y yum-plugin-priorities gedit curl wget nc
Setting Hostname
echo " HOSTNAME=controller" > /etc/hostname
cat /etc/hostname
echo "\n142.0.42.46 controller" >> /etc/hosts
cat /etc/hosts
hostname controller
hostname
ping -c 3 controller
Installing Ntpd Server
yum -y install ntp
service ntpd start
chkconfig ntpd on
Installing Mysql Server
yum -y install mysql mysql-server MySQL-python
service mysqld start
chkconfig mysqld on
mysql_install_db
mysql_secure_installation
set and remember the mysql root password, it will be needed through out further installation.
Installing OpenStack Yum Repos
rpm -ivUh http://repos.fedorapeople.org/repos/openstack/openstack-havana/rdo-release-havana-6.noarch.rpm
rpm -ivUh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Installing OpenStack Packages
yum -y install openstack-utils
yum -y install openstack-selinux
yum -y install qpid-cpp-server memcached
vi /etc/qpidd.conf
auth=no
service qpidd start
chkconfig qpidd on
Installing And Configuring KeyStone
yum -y install openstack-keystone python-keystoneclient
The Identity Service uses a database to store information. Specify the location of the database in the configuration file. In this guide, we use a MySQL database on the controller node with the username keystone.
openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:password@controller/keystone
Use the openstack-db command to create the database and tables, as well as a database user called keystone to connect to the database.
openstack-db --init --service keystone --password password
Define an authorization token to use as a shared secret between the Identity Service and other OpenStack services. Use openssl to generate a random token and store it in the configuration file:
ADMIN_TOKEN=$(openssl rand -hex 10)
echo $ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
By default, Keystone uses PKI tokens. Create the signing keys and certificates:
chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone.log
service openstack-keystone start
chkconfig openstack-keystone on
Define users, tenants, and roles
export OS_SERVICE_TOKEN=$ADMIN_TOKEN
export OS_SERVICE_ENDPOINT=http://142.0.42.46:35357/v2.0
keystone tenant-create --name=admin --description="Admin Tenant"
keystone tenant-create --name=service --description="Service Tenant"
keystone user-create --name=admin --pass=password
keystone role-create --name=admin
keystone user-role-add --user=admin --tenant=admin --role=admin
[root@server ~]# keystone tenant-create --name=admin --description="Admin Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Admin Tenant |
| enabled | True |
| id | 56b2c2009ac4402996df23f85587eb60 |
| name | admin |
+-------------+----------------------------------+
[root@server ~]# keystone tenant-create --name=service --description="Service Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Service Tenant |
| enabled | True |
| id | 48606f4b78024ba5b34f1854154be27e |
| name | service |
+-------------+----------------------------------+
[root@server ~]# keystone user-create --name=admin --pass=password
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 72d9b80b1e464558ab9f563241106a69 |
| name | admin |
+----------+----------------------------------+
[root@server ~]# keystone role-create --name=admin
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | ba0ed19af57f4122b4c43c8868bfb47c |
| name | admin |
+----------+----------------------------------+
[root@server ~]# keystone user-role-add --user=admin --tenant=admin --role=admin
Define services and API endpoints
keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
keystone endpoint-create --service-id=the_service_id_above --publicurl=http://142.0.42.46:5000/v2.0 --internalurl=http://142.0.42.46:5000/v2.0 --adminurl=http://142.0.42.46:35357/v2.0
[root@server ~]# keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Keystone Identity Service |
| id | 05c8b4bcd2b44b59a5f8a3a8cde43c2e |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
[root@server ~]# keystone endpoint-create --service-id=05c8b4bcd2b44b59a5f8a3a8cde43c2e --publicurl=http://142.0.42.46:5000/v2.0 --internalurl=http://142.0.42.46:5000/v2.0 --adminurl=http://142.0.42.46:35357/v2.0
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://142.0.42.46:35357/v2.0 |
| id | c91bacef4e0549709109d102d26d940e |
| internalurl | http://142.0.42.46:5000/v2.0 |
| publicurl | http://142.0.42.46:5000/v2.0 |
| region | regionOne |
| service_id | 05c8b4bcd2b44b59a5f8a3a8cde43c2e |
+-------------+----------------------------------+
[root@server ~]#
Verify the Identity Service installation
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
keystone --os-username=admin --os-password=password --os-auth-url=http://142.0.42.46:35357/v2.0 token-get
keystone --os-username=admin --os-password=password --os-tenant-name=admin --os-auth-url=http://142.0.42.46:35357/v2.0 token-get
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://142.0.42.46:35357/v2.0
keystone token-get
keystone user-list
+----------------------------------+-------+---------+-------+
| id | name | enabled | email |
+----------------------------------+-------+---------+-------+
| 72d9b80b1e464558ab9f563241106a69 | admin | True | |
+----------------------------------+-------+---------+-------+
[root@server ~]#
Install and Configure the Image Service
openstack-config --set /etc/glance/glance-api.conf sql connection mysql://glance:password@controller/glance
openstack-config --set /etc/glance/glance-registry.conf sql connection mysql://glance:password@controller/glance
openstack-db --init --service glance --password password
keystone user-create --name=glance --pass=password
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 903ccd5db7da45d9a15a52f37634652f |
| name | glance |
+----------+----------------------------------+
keystone user-role-add --user=glance --tenant=service --role=admin
Configure the Image Service to use the Identity Service for authentication.
Run the following commands and replace Password with the password you chose for the
glance user in the Identity Service:openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://142.0.42.46:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host controller
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password password
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://142.0.42.46:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host controller
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password password
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
On CentOS
cp /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini
cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini
Edit each file to set the following options in the [filter:authtoken] section and leave any other existing option as it is.
[filter:authtoken]
paste.filter_factory=keystoneclient.middleware.auth_token:filter_factory
auth_host=controller
admin_user=glance
admin_tenant_name=service
admin_password=GLANCE_PASS
keystone service-create --name=glance --type=image --description="Glance Image Service"
keystone endpoint-create --service-id=the_service_id_above --publicurl=http://142.0.42.46:9292 --internalurl=http://142.0.42.46:9292 --adminurl=http://142.0.42.46:9292
Output
[root@server ~]# keystone service-create --name=glance --type=image --description="Glance Image Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Glance Image Service |
| id | 75a7bef17f9b4329bb84aab14e3a01ae |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@server ~]# keystone endpoint-create --service-id=75a7bef17f9b4329bb84aab14e3a01ae --publicurl=http://142.0.42.46:9292 --internalurl=http://142.0.42.46:9292 --adminurl=http://142.0.42.46:9292
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://142.0.42.46:9292 |
| id | 10fb121e1190488a85341fe34d567c36 |
| internalurl | http://142.0.42.46:9292 |
| publicurl | http://142.0.42.46:9292 |
| region | regionOne |
| service_id | 75a7bef17f9b4329bb84aab14e3a01ae |
+-------------+----------------------------------+
[root@server ~]#
service openstack-glance-api start
service openstack-glance-registry start
chkconfig openstack-glance-api on
chkconfig openstack-glance-registry on
Verify the Image Service installation
mkdir images
cd images/
wget http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
glance image-create --name="CirrOS 0.3.1" --disk-format=qcow2 --container-format=bare --is-public=true < cirros-0.3.1-x86_64-disk.img
glance image-list
[root@server ~]# cd images/
[root@server images]# wget http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
--2014-02-27 11:48:30-- http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
Resolving cdn.download.cirros-cloud.net... 204.188.136.134, 204.188.136.74, 2001:559:0:5a::1743:3c82, ...
Connecting to cdn.download.cirros-cloud.net|204.188.136.134|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 13147648 (13M) [application/octet-stream]
Saving to: “cirros-0.3.1-x86_64-disk.img”
100%[===========================================================================================================>] 13,147,648 10.1M/s in 1.2s
2014-02-27 11:48:32 (10.1 MB/s) - “cirros-0.3.1-x86_64-disk.img” saved [13147648/13147648]
[root@server images]# glance image-create --name="CirrOS 0.3.1" --disk-format=qcow2 --container-format=bare --is-public=true < cirros-0.3.1-x86_64-disk.img
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | d972013792949d0d3ba628fbe8685bce |
| container_format | bare |
| created_at | 2014-02-27T16:50:47 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | 886c9f6a-f38c-491d-a2b4-220cf90bd064 |
| is_public | True |
| min_disk | 0 |
| min_ram | 0 |
| name | CirrOS 0.3.1 |
| owner | 56b2c2009ac4402996df23f85587eb60 |
| protected | False |
| size | 13147648 |
| status | active |
| updated_at | 2014-02-27T16:50:48 |
+------------------+--------------------------------------+
[root@server images]# glance image-list
+--------------------------------------+--------------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+--------------+-------------+------------------+----------+--------+
| 886c9f6a-f38c-491d-a2b4-220cf90bd064 | CirrOS 0.3.1 | qcow2 | bare | 13147648 | active |
+--------------------------------------+--------------+-------------+------------------+----------+--------+
[root@server images]#
Install And Configure Compute controller service
yum -y install openstack-glance
openstack-config --set /etc/glance/glance-api.conf sql connection mysql://glance:password@controller/glance
openstack-config --set /etc/glance/glance-registry.conf sql connection mysql://glance:password@controller/glance
openstack-db --init --service glance --password password
Set the my_ip, vncserver_listen, and vncserver_proxyclient_address configuration options to the internal IP address of the controller node:
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 142.0.42.46
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 142.0.42.46
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 142.0.42.46
keystone user-create --name=nova --pass=password
keystone user-role-add --user=nova --tenant=service --role=admin
Configure Compute to use these credentials with the Identity Service running on the controller. Replace password with your Compute password.
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password password
Add the credentials to the /etc/nova/api-paste.ini file. Add these options to the [filter:authtoken] section:
You might sometimes have to edit .ini files during initial setup. However, do not edit these files for general configuration tasks.
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = controller
auth_port = 35357
auth_protocol = http
auth_uri = http://controller:5000/v2.0
admin_tenant_name = service
admin_user = nova
admin_password = password
Ensure that the api_paste_config=/etc/nova/api-paste.ini option is set in the /etc/nova/nova.conf file.
keystone service-create --name=nova --type=compute --description="Nova Compute service"
keystone endpoint-create --service-id=the_service_id_above --publicurl=http://controller:8774/v2/%\(tenant_id\)s --internalurl=http://controller:8774/v2/%\(tenant_id\)s --adminurl=http://controller:8774/v2/%\(tenant_id\)s
service openstack-nova-api start
service openstack-nova-cert start
service openstack-nova-consoleauth start
service openstack-nova-scheduler start
service openstack-nova-conductor start
service openstack-nova-novncproxy start
chkconfig openstack-nova-api on
chkconfig openstack-nova-cert on
chkconfig openstack-nova-consoleauth on
chkconfig openstack-nova-scheduler on
chkconfig openstack-nova-conductor on
chkconfig openstack-nova-novncproxy on
nova image-list
+--------------------------------------+--------------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+--------------+--------+--------+
| 886c9f6a-f38c-491d-a2b4-220cf90bd064 | CirrOS 0.3.1 | ACTIVE | |
+--------------------------------------+--------------+--------+--------+
[root@server images]#
Installing And Configuring the dashboard
yum -y install memcached python-memcached mod_wsgi openstack-dashboard
Update the ALLOWED_HOSTS in local_settings.py to include the addresses you wish to access the dashboard from.
Edit /etc/openstack-dashboard/local_settings:
ALLOWED_HOSTS = ['localhost', 'my-desktop', '*']
This guide assumes that you are running the Dashboard on the controller node. You can easily run the dashboard on a separate server, by changing the appropriate settings in local_settings.py.
Edit /etc/openstack-dashboard/local_settings and change OPENSTACK_HOST to the hostname of your Identity Service:
OPENSTACK_HOST = "controller"
Start the Apache web server and memcached:
service httpd start
service memcached start
chkconfig httpd on
chkconfig memcached on
You can now access the dashboard at http://controller/dashboard .
Configure a Compute node
yum -y install openstack-nova-compute
Edit the /etc/nova/nova.conf configuration file:
# openstack-config --set /etc/nova/nova.conf database connection mysql://nova:NOVA_DBPASS@controller/nova
# openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password NOVA_PASS
- Configure the Compute Service to use the Qpid message broker by setting these configuration keys:
# openstack-config --set /etc/nova/nova.conf \ DEFAULT rpc_backend nova.openstack.common.rpc.impl_qpid # openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname
controller
Configure Compute to provide remote console access to instances.
# openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.0.11
# openstack-config --set /etc/nova/nova.conf DEFAULT vnc_enabled True
# openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 0.0.0.0
# openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 192.168.0.11
# openstack-config --set /etc/nova/nova.conf \
DEFAULT novncproxy_base_url http://controller:6080/vnc_auto.html
Specify the host that runs the Image Service.
# openstack-config --set /etc/nova/nova.conf DEFAULT glance_host controller
Edit the /etc/nova/api-paste.ini file to add the credentials to the [filter:authtoken] section
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = NOVA_PASS
Start the Compute service and configure it to start when the system boots.
# service libvirtd start
# service messagebus start
# chkconfig libvirtd on
# chkconfig messagebus on
# service openstack-nova-compute start
# chkconfig openstack-nova-compute on