Linux Conquering Cloud: Openstack

Showing posts with label Openstack. Show all posts

Monday, October 27, 2014

Openstack Juno - Neutron HA using VRRP (Keepalived)

First configure two neutron server's. Let that be network and network1 .
http://www.adminz.in/2014/10/openstack-juno-part-5-neutron.html

Then install Keepalived in both the neutron server's.

#Added Following entries in both neutron server
#in /etc/neutron/neutron.conf
l3_ha = True
#And the HA Scheduler has to be used :
router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler

In Controller Server Database update
neutron-db-manage --config-file=/etc/neutron/neutron.conf --config-file=/etc/neutron/plugins/ml2/ml2_conf.ini upgrade head

mkdir /etc/neutron/rootwrap.d
cp /usr/share/neutron/rootwrap/l3.filters /etc/neutron/rootwrap.d/

Now restart the Openstack Services in all the controller and neutron nodes.

On Controller Server Create a new set of Network setting

source admin-openrc.sh
neutron net-create ext-net --shared --router:external True --provider:physical_network external --provider:network_type flat
neutron subnet-create ext-net --name ext-subnet --allocation-pool start=10.1.0.101,end=10.1.0.200 --disable-dhcp --gateway 10.1.0.42 10.1.0.0/24

To create the tenant network
neutron net-create cli-net
neutron subnet-create cli-net --name cli-subnet --gateway 192.168.1.1 192.168.1.0/24
neutron router-create cli-router
neutron router-interface-add cli-router cli-subnet
neutron router-gateway-set cli-router ext-net

Now if we check both the neutron node we can see the router's.

[root@network ~]# ip netns
qrouter-26aed9ea-b9d5-4427-a3e4-9e75be3e1bfa
[root@network ~]#

[root@network2 ~]# ip netns
qrouter-26aed9ea-b9d5-4427-a3e4-9e75be3e1bfa
[root@network2 ~]#

[root@network ~]# ip netns exec qrouter-26aed9ea-b9d5-4427-a3e4-9e75be3e1bfa ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
10: ha-224b2c85-81: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:42:4d:52 brd ff:ff:ff:ff:ff:ff
inet 169.254.192.8/18 brd 169.254.255.255 scope global ha-224b2c85-81
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe42:4d52/64 scope link
valid_lft forever preferred_lft forever
11: qr-842e3e41-3a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:13:bc:63 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 scope global qr-842e3e41-3a
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe13:bc63/64 scope link
valid_lft forever preferred_lft forever
12: qg-04d4c06e-49: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:b7:19:b8 brd ff:ff:ff:ff:ff:ff
inet 10.1.0.101/24 scope global qg-04d4c06e-49
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:feb7:19b8/64 scope link
valid_lft forever preferred_lft forever
[root@network ~]#
[root@network ~]#

[root@network2 ~]# ip netns exec qrouter-26aed9ea-b9d5-4427-a3e4-9e75be3e1bfa ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
16: ha-37517361-ec: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:6f:a0:11 brd ff:ff:ff:ff:ff:ff
inet 169.254.192.7/18 brd 169.254.255.255 scope global ha-37517361-ec
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe6f:a011/64 scope link
valid_lft forever preferred_lft forever
17: qr-842e3e41-3a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:13:bc:63 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 scope global qr-842e3e41-3a
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe13:bc63/64 scope link
valid_lft forever preferred_lft forever
18: qg-04d4c06e-49: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:b7:19:b8 brd ff:ff:ff:ff:ff:ff
inet 10.1.0.101/24 scope global qg-04d4c06e-49
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:feb7:19b8/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
[root@network2 ~]#

In above output you can see the device qg-04d4c06e-49 and qr-842e3e41-3a has been created in both the server.

Wednesday, October 22, 2014

Openstack Juno Part 6 - Neutron Configuration on Compute Service

Installing the packages

yum install openstack-neutron-ml2 openstack-neutron-openvswitch ipset -y

Configure the Service
#Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service.
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000/v2.0
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken identity_uri http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_user neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_password mar4neutron

openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_password guest

openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True

#Replace INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS with the IP address of the instance tunnels network interface on your compute node. This guide uses 10.0.1.31 for the IP address of the instance tunnels network interface on the first compute node.
#Dedicated Ip for Tunneling in Compute Node

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,gre
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types gre
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre tunnel_id_ranges 1:1000

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs local_ip 10.0.0.214
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs tunnel_type gre
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs enable_tunneling True

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group True
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True

systemctl enable openvswitch.service
systemctl start openvswitch.service

Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service.

openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_strategy keystone
openstack-config --set /etc/nova/nova.conf neutron admin_tenant_name service
openstack-config --set /etc/nova/nova.conf neutron admin_username neutron
openstack-config --set /etc/nova/nova.conf neutron admin_password mar4neutron
openstack-config --set /etc/nova/nova.conf neutron admin_auth_url http://controller:35357/v2.0

openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron
openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

#Due to a packaging bug, the Open vSwitch agent initialization script explicitly looks for the Open vSwitch plug-in #configuration file rather than a symbolic link /etc/neutron/plugin.ini pointing to the ML2 plug-in configuration file. Run the #following commands to resolve this issue:

cp /usr/lib/systemd/system/neutron-openvswitch-agent.service /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig
sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service

Starting the Services
systemctl enable neutron-openvswitch-agent.service
systemctl restart neutron-openvswitch-agent.service
systemctl restart openstack-nova-compute.service

Tuesday, October 21, 2014

Openstack Juno Part 5 - Neutron configuring Network Node

Installing the Packages

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch ipset -y

Configuring the Service
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000/v2.0
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken identity_uri http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_user neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_password mar4neutron

openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_password guest

openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True

#verbose = True to the [DEFAULT] section in /etc/neutron/neutron.conf to assist with troubleshooting.
#Comment out any lines in the [service_providers] section.

openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT use_namespaces True

#We recommend adding verbose = True to the [DEFAULT] section in /etc/neutron/l3_agent.ini to assist with #troubleshooting.

openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT use_namespaces True
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf

echo "dhcp-option-force=26,1454" >> /etc/neutron/dnsmasq-neutron.conf
chown neutron:neutron /etc/neutron/dnsmasq-neutron.conf

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_url http://controller:5000/v2.0
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_region regionOne
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_tenant_name service
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_user neutron
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_password mar4neutron
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip controller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret mar4meta

#We recommend adding verbose = True to the [DEFAULT] section in /etc/neutron/metadata_agent.ini to assist with #troubleshooting.

#Perform the next two steps on the controller node.
#On the controller node, configure Compute to use the metadata service:
#Replace METADATA_SECRET with the secret you chose for the metadata proxy.

openstack-config --set /etc/nova/nova.conf DEFAULT service_neutron_metadata_proxy true
openstack-config --set /etc/nova/nova.conf DEFAULT neutron_metadata_proxy_shared_secret mar4meta

On the controller node, restart the Compute API service:
systemctl restart openstack-nova-api.service

# To configure the Modular Layer 2 (ML2) plug-in

# Replace INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS with the IP address of the instance tunnels network #interface on your network node. This guide uses 10.0.1.21 for the IP address of the instance tunnels network interface #on the network node.
#Dedicated IP for tunneling in network node
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,gre
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types gre
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre tunnel_id_ranges 1:1000
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks external

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs local_ip 10.0.0.212
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs tunnel_type gre
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs enable_tunneling True
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings external:br-ex

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group True
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True

systemctl enable openvswitch.service
systemctl start openvswitch.service

#Add the external bridge:
ovs-vsctl add-br br-ex
#Add a port to the external bridge that connects to the physical external network interface:
#Replace INTERFACE_NAME with the actual interface name. For example, eth2 or ens256.
ovs-vsctl add-port br-ex eth1

#Depending on your network interface driver, you may need to disable Generic Receive Offload (GRO) to achieve #suitable throughput between your instances and the external network.
#To temporarily disable GRO on the external network interface while testing your environment:
# ethtool -K INTERFACE_NAME gro off

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
cp /usr/lib/systemd/system/neutron-openvswitch-agent.service /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig
sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service

Starting the service's

systemctl enable neutron-openvswitch-agent.service
systemctl enable neutron-l3-agent.service
systemctl enable neutron-dhcp-agent.service
systemctl enable neutron-metadata-agent.service
systemctl enable neutron-ovs-cleanup.service
systemctl start neutron-openvswitch-agent.service
systemctl start neutron-l3-agent.service
systemctl start neutron-dhcp-agent.service
systemctl start neutron-metadata-agent.service

Monday, October 20, 2014

Openstack Juno + Docker error "Docker daemon is not running or is not reachable"

I was getting following error while integrating docker with Openstack Juno.

"2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup _('Docker daemon is not running or is not reachable'
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup NovaException: Docker daemon is not running or is not reachable (check the rights on /var/run/docker.sock)"

I tried changing the permission of the docker.sock but that didn't help. But when I upgraded the docker to 1.2 version the issue was fixed . The docker version which comes with centos is little bit old we can the rpm of new docker for centos7 from

Download the following RPMS

wget http://cbs.centos.org/kojifiles/packages/docker/1.2.0/4.el7.centos/x86_64/docker-1.2.0-4.el7.centos.x86_64.rpm
wget http://cbs.centos.org/kojifiles/packages/docker/1.2.0/4.el7.centos/x86_64/docker-devel-1.2.0-4.el7.centos.x86_64.rpm
wget http://cbs.centos.org/kojifiles/packages/docker/1.2.0/4.el7.centos/x86_64/docker-pkg-devel-1.2.0-4.el7.centos.x86_64.rpm

Install the RPM

in the same dorectory
yum install docker-1.2.0
yum install docker*

Error
====
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup Traceback (most recent call last):
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/site-packages/nova/openstack/common/threadgroup.py", line 125, in wait
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup x.wait()
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/site-packages/nova/openstack/common/threadgroup.py", line 47, in wait
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup return self.thread.wait()
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/site-packages/eventlet/greenthread.py", line 173, in wait
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup return self._exit_event.wait()
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/site-packages/eventlet/event.py", line 121, in wait
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup return hubs.get_hub().switch()
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/site-packages/eventlet/hubs/hub.py", line 293, in switch
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup return self.greenlet.switch()
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/site-packages/eventlet/greenthread.py", line 212, in main
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup result = function(*args, **kwargs)
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/site-packages/nova/openstack/common/service.py", line 492, in run_service
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup service.start()
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/site-packages/nova/service.py", line 164, in start
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup self.manager.init_host()
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 1125, in init_host
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup self.driver.init_host(host=self.host)
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup File "/etc/nova/src/novadocker/novadocker/virt/docker/driver.py", line 82, in init_host
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup _('Docker daemon is not running or is not reachable'
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup NovaException: Docker daemon is not running or is not reachable (check the rights on /var/run/docker.sock)
2014-10-20 14:24:21.940 2987 TRACE nova.openstack.common.threadgroup
2014-10-20 14:24:22.876 2995 INFO oslo.messaging._drivers.impl_rabbit [req-aadcbda1-ccd1-4b49-8dac-43ce49afa0fa ] Connecting to AMQP server on controller:5672
2014-10-20 14:24:22.901 2995 INFO oslo.messaging._drivers.impl_rabbit [req-aadcbda1-ccd1-4b49-8dac-43ce49afa0fa ] Connected to AMQP server on controller:5672
2014-10-20 14:24:22.906 2995 INFO oslo.messaging._drivers.impl_rabbit [req-aadcbda1-ccd1-4b49-8dac-43ce49afa0fa ] Connecting to AMQP server on controller:5672
2014-10-20 14:24:22.919 2995 INFO oslo.messaging._drivers.impl_rabbit [req-aadcbda1-ccd1-4b49-8dac-43ce49afa0fa ] Connected to AMQP server on controller:5672
2014-10-20 14:24:22.954 2995 ERROR nova.openstack.common.threadgroup [-] Docker daemon is not running or is not reachable (check the rights on /var/run/docker.sock)
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup Traceback (most recent call last):
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/site-packages/nova/openstack/common/threadgroup.py", line 125, in wait
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup x.wait()
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/site-packages/nova/openstack/common/threadgroup.py", line 47, in wait
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup return self.thread.wait()
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/site-packages/eventlet/greenthread.py", line 173, in wait
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup return self._exit_event.wait()
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/site-packages/eventlet/event.py", line 121, in wait
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup return hubs.get_hub().switch()
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/site-packages/eventlet/hubs/hub.py", line 293, in switch
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup return self.greenlet.switch()
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/site-packages/eventlet/greenthread.py", line 212, in main
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup result = function(*args, **kwargs)
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/site-packages/nova/openstack/common/service.py", line 492, in run_service
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup service.start()
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/site-packages/nova/service.py", line 164, in start
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup self.manager.init_host()
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 1125, in init_host
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup self.driver.init_host(host=self.host)
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup File "/etc/nova/src/novadocker/novadocker/virt/docker/driver.py", line 82, in init_host
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup _('Docker daemon is not running or is not reachable'
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup NovaException: Docker daemon is not running or is not reachable (check the rights on /var/run/docker.sock)
2014-10-20 14:24:22.954 2995 TRACE nova.openstack.common.threadgroup

Openstack Juno Part 4 neutron - Controller.

Create the Mysql Database

create database neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'mar4neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'mar4neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'10.0.0.211' IDENTIFIED BY 'mar4neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'10.0.0.212' IDENTIFIED BY 'mar4neutron';
flush privileges;

Create keystone Endpoints and user's
source /root/admin-openrc.sh
keystone user-create --name neutron --pass mar4neutron
keystone user-role-add --user neutron --tenant service --role admin
keystone service-create --name neutron --type network --description "OpenStack Networking"
keystone endpoint-create --service-id $(keystone service-list | awk '/ network / {print $2}') --publicurl http://controller:9696 --adminurl http://controller:9696 --internalurl http://controller:9696 --region regionOne

Installing the packages
yum install openstack-neutron openstack-neutron-ml2 python-neutronclient which -y

Configuring the Packages
openstack-config --set /etc/neutron/neutron.conf database connection mysql://neutron:mar4neutron@controller/neutron

openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000/v2.0
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken identity_uri http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_user neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_password mar4neutron

openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_password guest

openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_url http://controller:8774/v2
openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_auth_url http://controller:35357/v2.0
openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_username nova
openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_tenant_id $(keystone tenant-list | awk '/ service / { print $2 }')
openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_password mar4nova
openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_region_name regionOne

openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,gre
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types gre
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre tunnel_id_ranges 1:1000
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group True
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True

openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API
openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron
openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver

openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_strategy keystone
openstack-config --set /etc/nova/nova.conf neutron admin_tenant_name service
openstack-config --set /etc/nova/nova.conf neutron admin_username neutron
openstack-config --set /etc/nova/nova.conf neutron admin_password mar4neutron
openstack-config --set /etc/nova/nova.conf neutron admin_auth_url http://controller:35357/v2.0

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

Populating the database
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron

Starting the Services.
systemctl restart openstack-nova-api.service
systemctl restart openstack-nova-scheduler.service
systemctl restart openstack-nova-conductor.service
systemctl enable neutron-server.service
systemctl start neutron-server.service

Checking the database
MariaDB [neutron]> show tables;
+-------------------------------------+
| Tables_in_neutron |
+-------------------------------------+
| agents |
| alembic_version |
| allowedaddresspairs |
| arista_provisioned_nets |
| arista_provisioned_tenants |
| arista_provisioned_vms |
| brocadenetworks |
| brocadeports |
| cisco_credentials |
| cisco_csr_identifier_map |
| cisco_hosting_devices |
| cisco_ml2_apic_contracts |
| cisco_ml2_apic_host_links |
| cisco_ml2_apic_names |
| cisco_ml2_nexusport_bindings |
| cisco_n1kv_multi_segments |
| cisco_n1kv_network_bindings |
| cisco_n1kv_port_bindings |
| cisco_n1kv_profile_bindings |
| cisco_n1kv_trunk_segments |
| cisco_n1kv_vlan_allocations |
| cisco_n1kv_vmnetworks |
| cisco_n1kv_vxlan_allocations |
| cisco_network_profiles |
| cisco_policy_profiles |
| cisco_port_mappings |
| cisco_provider_networks |
| cisco_qos_policies |
| cisco_router_mappings |
| consistencyhashes |
| csnat_l3_agent_bindings |
| dnsnameservers |
| dvr_host_macs |
| embrane_pool_port |
| externalnetworks |
| extradhcpopts |
| firewall_policies |
| firewall_rules |
| firewalls |
| floatingips |
| ha_router_agent_port_bindings |
| ha_router_networks |
| ha_router_vrid_allocations |
| healthmonitors |
| hyperv_network_bindings |
| hyperv_vlan_allocations |
| ikepolicies |
| ipallocationpools |
| ipallocations |
| ipavailabilityranges |
| ipsec_site_connections |
| ipsecpeercidrs |
| ipsecpolicies |
| lsn |
| lsn_port |
| maclearningstates |
| members |
| meteringlabelrules |
| meteringlabels |
| ml2_brocadenetworks |
| ml2_brocadeports |
| ml2_dvr_port_bindings |
| ml2_flat_allocations |
| ml2_gre_allocations |
| ml2_gre_endpoints |
| ml2_network_segments |
| ml2_port_bindings |
| ml2_vlan_allocations |
| ml2_vxlan_allocations |
| ml2_vxlan_endpoints |
| mlnx_network_bindings |
| multi_provider_networks |
| network_bindings |
| network_states |
| networkconnections |
| networkdhcpagentbindings |
| networkflavors |
| networkgatewaydevicereferences |
| networkgatewaydevices |
| networkgateways |
| networkqueuemappings |
| networks |
| networksecuritybindings |
| neutron_nsx_network_mappings |
| neutron_nsx_port_mappings |
| neutron_nsx_router_mappings |
| neutron_nsx_security_group_mappings |
| nexthops |
| nuage_net_partition_router_mapping |
| nuage_net_partitions |
| nuage_provider_net_bindings |
| nuage_subnet_l2dom_mapping |
| ofcfiltermappings |
| ofcnetworkmappings |
| ofcportmappings |
| ofcroutermappings |
| ofctenantmappings |
| ovs_network_bindings |
| ovs_tunnel_allocations |
| ovs_tunnel_endpoints |
| ovs_vlan_allocations |
| packetfilters |
| poolloadbalanceragentbindings |
| poolmonitorassociations |
| pools |
| poolstatisticss |
| port_profile |
| portbindingports |
| portinfos |
| portqueuemappings |
| ports |
| portsecuritybindings |
| providerresourceassociations |
| qosqueues |
| quotas |
| router_extra_attributes |
| routerflavors |
| routerl3agentbindings |
| routerports |
| routerproviders |
| routerroutes |
| routerrules |
| routers |
| routerservicetypebindings |
| securitygroupportbindings |
| securitygrouprules |
| securitygroups |
| segmentation_id_allocation |
| servicerouterbindings |
| sessionpersistences |
| subnetroutes |
| subnets |
| tunnelkeylasts |
| tunnelkeys |
| tz_network_bindings |
| vcns_edge_monitor_bindings |
| vcns_edge_pool_bindings |
| vcns_edge_vip_bindings |
| vcns_firewall_rule_bindings |
| vcns_router_bindings |
| vips |
| vpnservices |
+-------------------------------------+
142 rows in set (0.00 sec)

Thursday, October 16, 2014

Openstack Juno -Part 3 -Compute service Nova

Creating Nova Database
create database nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'mar4nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'mar4nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'10.0.0.200' IDENTIFIED BY 'mar4nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'10.0.0.202' IDENTIFIED BY 'mar4nova';
flush privileges;

Configuring User's in keystone
source admin-openrc.sh
keystone user-create --name nova --pass mar4nova --email EMAIL_ADDRESS
keystone user-role-add --user nova --tenant service --role admin
keystone service-create --name nova --type compute --description "OpenStack Compute"
keystone endpoint-create --service-id $(keystone service-list | awk '/ compute / {print $2}') --publicurl http://controller:8774/v2/%$tenant_id$s --internalurl http://controller:8774/v2/%$tenant_id$s --adminurl http://controller:8774/v2/%$tenant_id$s --region regionOne

#On Controller

Installing packages
yum -y install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient

Configuring Service
openstack-config --set /etc/nova/nova.conf database connection mysql://nova:mar4nova@controller/nova

openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_host controller
openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_password guest

#On Controller1 #Public IP on contreller server. Hostname don't work. configure the my_ip option to use the management interface IP address of the controller node
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.1.15.142
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 10.1.15.142
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 10.1.15.142

openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000/v2.0
openstack-config --set /etc/nova/nova.conf keystone_authtoken identity_uri http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password mar4nova

openstack-config --set /etc/nova/nova.conf glance host controller

#Populate the database

su -s /bin/sh -c "nova-manage db sync" nova

Database changed
MariaDB [nova]> show tables;
+--------------------------------------------+
| Tables_in_nova |
+--------------------------------------------+
| agent_builds |
| aggregate_hosts |
| aggregate_metadata |
| aggregates |
| block_device_mapping |
| bw_usage_cache |
| cells |
| certificates |
| compute_nodes |
| console_pools |
| consoles |
| dns_domains |
| fixed_ips |
| floating_ips |
| instance_actions |
| instance_actions_events |
| instance_extra |
| instance_faults |
| instance_group_member |
| instance_group_policy |
| instance_groups |
| instance_id_mappings |
| instance_info_caches |
| instance_metadata |
| instance_system_metadata |
| instance_type_extra_specs |
| instance_type_projects |
| instance_types |
| instances |
| iscsi_targets |
| key_pairs |
| migrate_version |
| migrations |
| networks |
| pci_devices |
| project_user_quotas |
| provider_fw_rules |
| quota_classes |
| quota_usages |
| quotas |
| reservations |
| s3_images |
| security_group_default_rules |
| security_group_instance_association |
| security_group_rules |
| security_groups |
| services |
| shadow_agent_builds |
| shadow_aggregate_hosts |
| shadow_aggregate_metadata |
| shadow_aggregates |
| shadow_block_device_mapping |
| shadow_bw_usage_cache |
| shadow_cells |
| shadow_certificates |
| shadow_compute_nodes |
| shadow_console_pools |
| shadow_consoles |
| shadow_dns_domains |
| shadow_fixed_ips |
| shadow_floating_ips |
| shadow_instance_actions |
| shadow_instance_actions_events |
| shadow_instance_extra |
| shadow_instance_faults |
| shadow_instance_group_member |
| shadow_instance_group_policy |
| shadow_instance_groups |
| shadow_instance_id_mappings |
| shadow_instance_info_caches |
| shadow_instance_metadata |
| shadow_instance_system_metadata |
| shadow_instance_type_extra_specs |
| shadow_instance_type_projects |
| shadow_instance_types |
| shadow_instances |
| shadow_iscsi_targets |
| shadow_key_pairs |
| shadow_migrate_version |
| shadow_migrations |
| shadow_networks |
| shadow_pci_devices |
| shadow_project_user_quotas |
| shadow_provider_fw_rules |
| shadow_quota_classes |
| shadow_quota_usages |
| shadow_quotas |
| shadow_reservations |
| shadow_s3_images |
| shadow_security_group_default_rules |
| shadow_security_group_instance_association |
| shadow_security_group_rules |
| shadow_security_groups |
| shadow_services |
| shadow_snapshot_id_mappings |
| shadow_snapshots |
| shadow_task_log |
| shadow_virtual_interfaces |
| shadow_volume_id_mappings |
| shadow_volume_usage_cache |
| shadow_volumes |
| snapshot_id_mappings |
| snapshots |
| task_log |
| virtual_interfaces |
| volume_id_mappings |
| volume_usage_cache |
| volumes |
+--------------------------------------------+
108 rows in set (0.00 sec)

MariaDB [nova]>

systemctl enable openstack-nova-api.service
systemctl enable openstack-nova-cert.service
systemctl enable openstack-nova-consoleauth.service
systemctl enable openstack-nova-scheduler.service
systemctl enable openstack-nova-conductor.service
systemctl enable openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service
systemctl start openstack-nova-cert.service
systemctl start openstack-nova-consoleauth.service
systemctl start openstack-nova-scheduler.service
systemctl start openstack-nova-conductor.service
systemctl start openstack-nova-novncproxy.service

On compute Node

Installing Packages
yum install openstack-nova-compute -y

Configuring Service
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_host controller
openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_password guest

openstack-config --set /etc/nova/nova.conf DEFAULT auth_uri = http://controller:5000/v2.0
openstack-config --set /etc/nova/nova.conf DEFAULT identity_uri = http://controller:35357
openstack-config --set /etc/nova/nova.conf DEFAULT admin_tenant_name = service
openstack-config --set /etc/nova/nova.conf DEFAULT admin_user = nova
openstack-config --set /etc/nova/nova.conf DEFAULT admin_password = mar4nova

#On Controller1 #Public IP on contreller server. Hostname don't work. configure the my_ip option to use the management interface IP address of the controller node
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.1.15.144
openstack-config --set /etc/nova/nova.conf DEFAULT vnc_enabled True
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 10.1.15.144
openstack-config --set /etc/nova/nova.conf DEFAULT novncproxy_base_url http://controller:6080/vnc_auto.html

openstack-config --set /etc/nova/nova.conf glance host controller

Determine whether your compute node supports hardware acceleration for virtual machines:
$ egrep -c '(vmx|svm)' /proc/cpuinfo
If this command returns a value of one or greater, your compute node supports hardware acceleration which typically requires no additional configuration.
If this command returns a value of zero, your compute node does not support hardware acceleration and you must configure libvirt to use QEMU instead of KVM.
Edit the [libvirt] section in the /etc/nova/nova.conf file as follows:
[libvirt]
...
virt_type = qemu

openstack-config --set /etc/nova/nova.conf libvirt virt_type qemu

systemctl enable libvirtd.service
systemctl start libvirtd.service
systemctl enable openstack-nova-compute.service
systemctl start openstack-nova-compute.service

#Verify operation

$ nova service-list
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| 1 | nova-conductor | controller | internal | enabled | up | 2014-09-16T23:54:02.000000 | - |
| 2 | nova-consoleauth | controller | internal | enabled | up | 2014-09-16T23:54:04.000000 | - |
| 3 | nova-scheduler | controller | internal | enabled | up | 2014-09-16T23:54:07.000000 | - |
| 4 | nova-cert | controller | internal | enabled | up | 2014-09-16T23:54:00.000000 | - |
| 5 | nova-compute | compute1 | nova | enabled | up | 2014-09-16T23:54:06.000000 | - |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+

[root@controller ~]# nova image-list
+--------------------------------------+---------------------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+---------------------+--------+--------+
| e54cb5b2-4717-4139-8258-2a0366216b92 | cirros-0.3.3-x86_64 | ACTIVE | |
+--------------------------------------+---------------------+--------+--------+
[root@controller ~]#

Wednesday, October 15, 2014

Openstack Juno - Part 2 - Image Service Glance

Create the database
create database glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'mar4glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'mar4glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'10.0.0.200' IDENTIFIED BY 'mar4glance';
flush privileges;

Creating the Keystone Endpoints and User's
source /root/admin-openrc.sh
keystone user-create --name=glance --pass=mar4glance --email=glance@example.com
keystone user-role-add --user=glance --tenant=service --role=admin
keystone service-create --name=glance --type=image --description="OpenStack Image Service"
keystone endpoint-create --service-id=$(keystone service-list | awk '/ image / {print $2}') --publicurl=http://controller:9292 --internalurl=http://controller:9292 --adminurl=http://controller:9292

Install the packages
yum install openstack-glance python-glanceclient -y

Configuring the service
openstack-config --set /etc/glance/glance-api.conf database connection mysql://glance:mar4glance@controller/glance
openstack-config --set /etc/glance/glance-registry.conf database connection mysql://glance:mar4glance@controller/glance

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000/v2.0
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken identity_uri http://controller:35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password mar4glance
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000/v2.0
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken identity_uri http://controller:35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password mar4glance
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone

Populating the DB
su -s /bin/sh -c "glance-manage db_sync" glance

Database changed
MariaDB [glance]> show tables;
+----------------------------------+
| Tables_in_glance |
+----------------------------------+
| image_locations |
| image_members |
| image_properties |
| image_tags |
| images |
| metadef_namespace_resource_types |
| metadef_namespaces |
| metadef_objects |
| metadef_properties |
| metadef_resource_types |
| migrate_version |
| task_info |
| tasks |
+----------------------------------+
13 rows in set (0.00 sec)

systemctl enable openstack-glance-api.service
systemctl enable openstack-glance-registry.service
systemctl start openstack-glance-api.service
systemctl start openstack-glance-registry.service

Verifying the Glance
mkdir /tmp/images
cd /tmp/images
wget http://cdn.download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img
source admin-openrc.sh
glance image-create --name "cirros-0.3.3-x86_64" --file /tmp/images/cirros-0.3.3-x86_64-disk.img --disk-format qcow2 --container-format bare --is-public True --progress
glance image-list
rm -r /tmp/images

Tuesday, October 14, 2014

Openstack Juno -Part 2 -Keystone

Keystone : The Identity Service

Create the database

$ mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'ram4key';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'ram4key';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'10.0.0.200' IDENTIFIED BY 'ram4key';
flush privileges;

Install the Packages

yum install openstack-keystone python-keystoneclient -y

Configure the Service

openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:ram4key@controller/keystone
ADMIN_TOKEN=$(openssl rand -hex 10)
echo $ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf DEFAULT verbose True
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown keystone:keystone /var/log/keystone/keystone.log
chown -R keystone:keystone /etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl

Populate the Database
su -s /bin/sh -c "keystone-manage db_sync" keystone

MariaDB [(none)]> use keystone;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [keystone]> show tables;
+-----------------------+
| Tables_in_keystone |
+-----------------------+
| assignment |
| credential |
| domain |
| endpoint |
| group |
| id_mapping |
| migrate_version |
| policy |
| project |
| region |
| revocation_event |
| role |
| service |
| token |
| trust |
| trust_role |
| user |
| user_group_membership |
+-----------------------+
18 rows in set (0.00 sec)

MariaDB [keystone]>

systemctl enable openstack-keystone.service
systemctl start openstack-keystone.service

(crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone

Define users, tenants, and roles
=========================
*********Replace ADMIN_TOKEN with your authorization token
#export OS_SERVICE_TOKEN=$ADMIN_TOKEN
echo $ADMIN_TOKEN
export OS_SERVICE_TOKEN=$(echo $ADMIN_TOKEN)
export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0

#Create an administrative user
#========================
keystone user-create --name=admin --pass=admin4mar --email=ADMIN_EMAIL
keystone role-create --name=admin
keystone tenant-create --name=admin --description="Admin Tenant"
keystone user-role-add --user=admin --tenant=admin --role=admin

keystone role-create --name _member_

#Create a normal user
#================
keystone user-create --name=demo --pass=demo4mar --email=DEMO_EMAIL
keystone tenant-create --name=demo --description="Demo Tenant"
keystone user-role-add --user=demo --role=_member_ --tenant=demo
keystone user-role-add --tenant admin --user admin --role _member_

#Create a service tenant
#=====================
keystone tenant-create --name=service --description="Service Tenant"

#Define services and API endpoints
#===========================

keystone service-create --name=keystone --type=identity --description="OpenStack Identity"
keystone endpoint-create --service-id=$(keystone service-list | awk '/ identity / {print $2}') --publicurl=http://controller:5000/v2.0 --internalurl=http://controller:5000/v2.0 --adminurl=http://controller:35357/v2.0 --region regionOne

#Verify the Identity Service installation
#=============================

unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
keystone --os-username=admin --os-password=admin4mar --os-auth-url=http://controller:35357/v2.0 token-get
keystone --os-username=admin --os-password=admin4mar --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 token-get
keystone --os-username=admin --os-password=admin4mar --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 tenant-list
keystone --os-username=admin --os-password=admin4mar --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 user-list
keystone --os-username=admin --os-password=admin4mar --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 role-list

#Adding User profile
#==========================

echo "
export OS_USERNAME=admin
export OS_PASSWORD=admin4mar
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://controller:35357/v2.0" >> /root/admin-openrc.sh

cat /root/admin-openrc.sh

source /root/admin-openrc.sh
keystone token-get
keystone user-list
keystone user-role-list --user admin --tenant admin

Openstack Juno- Part 1 - Basic Configuration

Juno is the latest version of Openstack which is expected to once of the main milestone in the Openstack releases with a good set of updated to all the Services and First one of its series which will run over Rhel/Centos 7

Making Selinux to Permissive ON ALL THE NODE
=============================================
sed -i "s/SELINUX=.*/SELINUX=permissive/g" /etc/sysconfig/selinux
sed -i "s/SELINUX=.*/SELINUX=permissive/g" /etc/selinux/config ; setenforce 0

Configure Sysctl.conf ON ALL THE NODE
=============================================
echo 1 > /proc/sys/net/ipv4/ip_forward
grep -q net.ipv4.ip_forward /etc/sysctl.conf ||echo "net.ipv4.ip_forward = 1 " >> /etc/sysctl.conf

grep -q net.ipv4.conf.all.rp_filter /etc/sysctl.conf || echo "net.ipv4.conf.all.rp_filter=0" >> /etc/sysctl.conf

grep -q net.ipv4.conf.default.rp_filter /etc/sysctl.conf || echo "net.ipv4.conf.default.rp_filter = 0 " >> /etc/sysctl.conf

grep -q net.ipv4.ip_nonlocal_bind /etc/sysctl.conf || echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf

sysctl -p

https://github.com/brightbox/bootstaller/blob/master/auto/CentOS-7-x86_64-Brightbox-7.0_20140717.ks
sed -i "s/10.0.0.2/8.8.8.8/g" /etc/resolv.conf

Installing Needed Packages ON THE NODE
=============================================
yum -y upgrade
yum install http://rdo.fedorapeople.org/openstack-juno/rdo-release-juno.rpm -y
yum -y install https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm -y
yum -y install policycoreutils setroubleshoot
setenforce 0
yum install -y euca2ools
yum install -y yum-plugin-priorities gedit curl wget nc
yum -y install ntp
service ntpd start
chkconfig ntpd on
yum -y install openstack-utils
yum -y install openstack-selinux

On all compute node
yum -y install sysfsutils sg3_utils

Installing Mysql Server in Controller
============================================
yum install mariadb mariadb-server MySQL-python -y

Into /etc/my.cnf
-----
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
-----

systemctl enable mariadb.service
systemctl start mariadb.service

mysql_secure_installation

Installing The Broker Service
============================================

yum install rabbitmq-server -y

systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

rabbitmqctl change_password guest RABBIT_PASS

Thursday, October 9, 2014

Creating Centos-7 Image for Openstack

Download the Centos-7 Minimal ISO from the centos ISO repo

http://isoredirect.centos.org/centos/7/isos/x86_64/

Setting up the KVM environment to create the custom images.

yum install kvm qemu-kvm python-virtinst libvirt libvirt-python virt-manager libguestfs-tools

Script for starting the KVM installation cat createcentos7.sh
=============
IMAGE=Centos7.qcow2
VIRTIO_ISO=/root/virtio-win-0.1-81.iso
ISO=/ISO/CentOS-7.0-1406-x86_64-Minimal.iso

KVM=/usr/libexec/qemu-kvm
if [ ! -f "$KVM" ]; then
KVM=/usr/bin/kvm
fi

qemu-img create -f qcow2 -o preallocation=metadata $IMAGE 8G

$KVM -m 2048 -smp 2 -cdrom $ISO -drive file=$VIRTIO_ISO,index=3,media=cdrom -drive file=$IMAGE,if=virtio,boot=off -boot d -vga std -k en-us -vnc 192.168.2.10:4 -usbdevice tablet
=============
using any VNC client connect to 192.168.2.10:4 and do the rest of configuration.

Complete the installation do the following configurations after starting the image in openstack

cat <<EOF >/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
PERSISTENT_DHCLIENT=1
EOF

cat <<EOF > /etc/sysconfig/network
NETWORKING=yes
NOZEROCONF=yes
EOF
yum update -y

yum -y install https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm -y

yum install cloud-init

yum history new
yum clean all
truncate -c -s 0 /var/log/yum.log
rm -rf /var/lib/yum/*
rm -rf /var/lib/random-seed
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /root/anaconda-ks.cfg
rm -rf /var/log/anaconda*

Now save the Vm as a snapshot and use it again :)

Tuesday, October 7, 2014

Delete a VM in an Error State in Openstack

Delete a VM in an Error State

mysql -u$MYSQL_USER -p$MYSQL_PASSWD -h$MYSQL_HOST -e 'USE nova; DELETE FROM security_group_instance_association WHERE instance_id IN (SELECT id FROM instances WHERE vm_state = "error");'
mysql -u$MYSQL_USER -p$MYSQL_PASSWD -h$MYSQL_HOST -e 'USE nova; DELETE FROM block_device_mapping WHERE instance_id IN (SELECT id FROM instances WHERE vm_state = "error");'
mysql -u$MYSQL_USER -p$MYSQL_PASSWD -h$MYSQL_HOST -e 'USE nova; DELETE FROM instance_info_caches WHERE instance_id IN (SELECT uuid FROM instances WHERE vm_state = "error");'
mysql -u$MYSQL_USER -p$MYSQL_PASSWD -h$MYSQL_HOST -e 'USE nova; UPDATE fixed_ips SET allocated = 0 WHERE instance_id IN (SELECT id FROM instances WHERE vm_state = "error");'
mysql -u$MYSQL_USER -p$MYSQL_PASSWD -h$MYSQL_HOST -e 'USE nova; DELETE FROM instances WHERE vm_state = "error";'

Resetting the Instance state once it’s in a stuck state in Openstack

Resetting the Instance state once it’s in a stuck state

$ nova list
+--------------------------------------+----------------+---------+------------------------------------------. -------------+-------------+----------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+----------------+---------+------------------------------------------- -------------+-------------+----------------------------------+
| ca9496e9-0bd2-4734-9cf9-eb4e264628f7 | www | SHUTOFF | powering-on | Shutdown | fsf-lan=10.0.3.18, 93.20.168.177 |
+--------------------------------------+----------------+---------+----------------------------------------------------------+-------------+----------------------------------+

Setting the fields for the instance directly in the database will allow operations on the instance (nova start or nova volume-detach for instance):

$ mysql -e "update instances set task_state = NULL, \
vm_state = 'stopped', \
power_state = 4 \
where deleted = 0 and hostname = 'www' and \
uuid = 'ca9496e9-0bd2-4734-9cf9-eb4e264628f7'" nova

Removing a Cinder volume from the MYSQL in Openstack

Get the Cinder Volume’s ID from Cinder List and use it in other commands

>>cinder list;
$> nova volume-detach testvm aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
$> cinder delete vol-00000001
Or
In mysql Server
mysql
use cidner;
SELECT id,status,attach_status,mountpoint,instance_uuid from volumes;
UPDATE volumes SET status="available", attach_status="detached", mountpoint=NULL, instance_uuid=NULL WHERE id="57b32eaf-7b71-49bf-a8fd-4115567a6cda";
SELECT id,status,attach_status,mountpoint,instance_uuid from volumes;
bye

Monday, October 6, 2014

Nova issue with deleting Vm

We can delete the nova instance which are in error/deleting state by following the steps mentioned below.

Get the instance ID from command “nova list ” and reset the state using “nova reset-state <ID>” command

nova list

[root@controller1 ~]# nova list
+--------------------------------------+-----------------+--------+------------+-------------+----------------------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+-----------------+--------+------------+-------------+----------------------------------------------+
| 0ccfa148-97de-4be9-b85d-4283037746b1 | Ha-Porxy-F5 | ACTIVE | - | Running | Trusted-Internal-NIC=10.0.0.157, 10.1.15.140 |
| e61a759d-528c-423b-bb24-dcf7e3a5618e | Ha-Porxy-Mysql | ACTIVE | - | Running | Trusted-Internal-NIC=10.0.0.158, 10.1.15.139 |

nova reset-state 0ccfa148-97de-4be9-b85d-4283037746b1

You can also use the --active parameter to force the instance back to an active state instead of an error state. For example:

$ nova reset-state --active c6bbbf26-b40a-47e7-8d5c-eb17bf65c485

Sunday, October 5, 2014

Neutron check Commands

To list all the virtual routers and dhcp server
>> ip netns ls

[root@neutronww1 ~]# ip netns
qrouter-641ca25a-7832-4818-b7ww5b-559c8f75ba5c
qdhcp-71ed8a34-a2d5-4d84-9dww47-e5e107dd8d7e
qdhcp-35a33370-d641-4dca-9wwdab-4ac2d9ffc7c6
qdhcp-e0b51c09-57dd-4b3a-a1ww1f-c83903d52e4d
qrouter-3b7f1bcc-0c95-47d7-a2ww17-9fe2aef7f0c0
qrouter-ac17d3c5-9bf4-4788-b2www6c-ca8aa249613b
[root@neutron1 ~]#

Here the virtual routers are once which start with extension qrouter and dhcp server are those which start with extension qdhcp.

To get more details about the virtual routers and dhcp server we can use following command

>>[root@n1 ~]# ip netns exec <virtual router/dhcp server IP from ip netns command> <network command>

Examples

ip netns exec qrouter-641ca25a-7832-4818-b7ww5b-559c8f75ba5c ip a
ip netns exec qrouter-641ca25a-7832-4818-b7www5b-559c8f75ba5c ifconfig
ip netns exec qrouter-641ca25a-7832-4818-b7www5b-559c8f75ba5c route -n
ip netns exec qrouter-641ca25a-7832-4818-bwww75b-559c8f75ba5c ping

In the above examples we use the commands like “ip a”, “ifconfig” and “route” to list different parameters of the virtual router and dhcp server. We can use the route command to add up more routing rules if needed. There we can use the commands like ip, ifconfig, route, ping etc just as we use it on the physical system. To tweak/troubleshoot the entire system.

Saturday, October 4, 2014

Bridge Interface shown down in Horizon Dashboard @ Openstack

sudo ovs-vsctl br-get-external-id br-ex returns nothing, and so br-ex is excluded from the list of ancillary bridges and so the gateway port always shows as DOWN.
A workaround is to set the bridge-id to br-ex and restart the L2 agent:

ovs-vsctl br-set-external-id br-ex bridge-id br-ex
ovs-vsctl br-set-external-id br-ex-2 bridge-id br-ex-2

Friday, October 3, 2014

Changing qpidd to rabbitmq for Openstack

Stopping qpidd on all server

service qpidd stop

chkconfig qpidd off

Installing packages

yum install ntp rabbitmq-server

Configuring Cluster

On Controller1

yum install ntp rabbitmq-server

chown rabbitmq:rabbitmq /var/lib/rabbitmq/*

chown rabbitmq:rabbitmq /var/lib/rabbitmq/.erlang.cookie

/etc/init.d/rabbitmq-server restart

scp /var/lib/rabbitmq/.erlang.cookie root@controller2:/var/lib/rabbitmq/

On Controller2

yum install ntp rabbitmq-server

rabbitmqctl stop_app

rabbitmqctl join_cluster rabbit@controller1

rabbitmqctl start_app

rabbitmqctl cluster_status

Edit the configuration Files

Comment out the Qpidd entries In all the configuration and enter the below details. As Rabbitmq is default message broker other entries are not needed.

rabbit_host = controller

In Both the controller set the rabbitmq policy as below

rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-mode": "all"}'

Friday, September 19, 2014

Openstack Heat : Installing Applications along with the heat template

Installing Applications along with the heat template. If needed we can mention the network ID, Image ID etc in the file itself instead of asking it from outside.
================================================
heat_template_version: 2013-05-23

description: Test Template

parameters:
NAME:
type: string
description : Instance Name
ImageID:
type: string
description: Image use to boot a server
NetID:
type: string
description: Network ID for the server

resources:
server1:
type: OS::Nova::Server
properties:
name: { get_param: NAME }
image: { get_param: ImageID }
key_name: Cloud
flavor: "m1.small"
networks:
- network: { get_param: NetID }
user_data_format: RAW
user_data: |
#!/bin/bash -v
echo "nameserver 8.8.8.8" > /etc/resolv.conf
yum update -y
yum install httpd -y

outputs:
server1_private_ip:
description: IP address of the server in the private network
value: { get_attr: [ server1, first_address ] }
================================================

heat stack-create -f heat.yml -P "ImageID=abc9818d-ee5f-4778-ada5-a29105ea9c02;NetID=71ed8a34-a2d5-4d84-9d47-e5e107dd8d7e" Centos-Stack

Thursday, September 18, 2014

Opensatck Icehouse Installing Part -8 Heat - Orchestration Service

Installing Heat - Orchestration Service

Installing the Packages

yum install openstack-heat-api openstack-heat-engine openstack-heat-api-cfn

Configuring the Service

Setting Message Brocker
rpc_backend = heat.openstack.common.rpc.impl_kombu
rabbit_host=controller

Configuring Mysql
openstack-config --set /etc/heat/heat.conf database connection mysql://heat:test4heat@controller/heat

on mysql Server
mysql
CREATE DATABASE heat;
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'test4heat';
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'test4heat';
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'192.168.10.30' IDENTIFIED BY 'test4heat';
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'192.168.10.31' IDENTIFIED BY 'test4heat';
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'192.168.10.35' IDENTIFIED BY 'test4heat';
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'192.168.10.32' IDENTIFIED BY 'test4heat';
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'192.168.10.36' IDENTIFIED BY 'test4heat';
FLUSH PRIVILEGES;
exit
Create the heat service tables

# su -s /bin/sh -c "heat-manage db_sync" heat

Creating Service User
keystone user-create --name=heat --pass=test4heat --email=heat@example.com
keystone user-role-add --user=heat --tenant=service --role=admin

Run the following commands to configure the Orchestration service to authenticate with the Identity service:

openstack-config --set /etc/heat/heat.conf keystone_authtoken auth_uri http://controller:5000/v2.0
openstack-config --set /etc/heat/heat.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/heat/heat.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/heat/heat.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/heat/heat.conf keystone_authtoken admin_user heat
openstack-config --set /etc/heat/heat.conf keystone_authtoken admin_password test4heat
openstack-config --set /etc/heat/heat.conf ec2authtoken auth_uri http://controller:5000/v2.0

Register the Heat and CloudFormation APIs with the Identity Service so that other OpenStack services can locate these APIs. Register the services and specify the endpoints:

keystone service-create --name=heat --type=orchestration --description="Orchestration"
keystone endpoint-create --service-id=$(keystone service-list | awk '/ orchestration / {print $2}') --publicurl=http://controller:8004/v1/%$tenant_id$s --internalurl=http://controller:8004/v1/%$tenant_id$s --adminurl=http://controller:8004/v1/%$tenant_id$s
keystone service-create --name=heat-cfn --type=cloudformation --description="Orchestration CloudFormation"
keystone endpoint-create --service-id=$(keystone service-list | awk '/ cloudformation / {print $2}') --publicurl=http://controller:8000/v1 --internalurl=http://controller:8000/v1 --adminurl=http://controller:8000/v1

Create the heat_stack_user role.

keystone role-create --name heat_stack_user

The example uses the IP address of the controller (10.0.0.11) instead of the controller host name since our example architecture does not include a DNS setup. Make sure that the instances can resolve the controller host name if you choose to use it in the URLs.
openstack-config --set /etc/heat/heat.conf DEFAULT heat_metadata_server_url http://192.168.10.30:8000
openstack-config --set /etc/heat/heat.conf DEFAULT heat_waitcondition_server_url http://192.168.10.30:8000/v1/waitcondition

service openstack-heat-api start
service openstack-heat-api-cfn start
service openstack-heat-engine start
chkconfig openstack-heat-api on
chkconfig openstack-heat-api-cfn on
chkconfig openstack-heat-engine on

Pages

Monday, October 27, 2014

Wednesday, October 22, 2014

Tuesday, October 21, 2014

Monday, October 20, 2014

Thursday, October 16, 2014

Wednesday, October 15, 2014

Tuesday, October 14, 2014

Thursday, October 9, 2014

Tuesday, October 7, 2014

Monday, October 6, 2014

Sunday, October 5, 2014

Saturday, October 4, 2014

Friday, October 3, 2014

Friday, September 19, 2014

Thursday, September 18, 2014