Openstack Juno -Part 2 -Keystone

Keystone : The Identity Service 

Create the database

$ mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'ram4key';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'ram4key';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'10.0.0.200' IDENTIFIED BY 'ram4key';
flush privileges;

Install the Packages

yum install openstack-keystone python-keystoneclient -y

Configure the Service 

openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:ram4key@controller/keystone
ADMIN_TOKEN=$(openssl rand -hex 10)
echo $ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf DEFAULT verbose True
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown keystone:keystone /var/log/keystone/keystone.log
chown -R keystone:keystone /etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl


Populate the Database
su -s /bin/sh -c "keystone-manage db_sync" keystone

 MariaDB [(none)]> use keystone;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [keystone]> show tables;
+-----------------------+
| Tables_in_keystone    |
+-----------------------+
| assignment            |
| credential            |
| domain                |
| endpoint              |
| group                 |
| id_mapping            |
| migrate_version       |
| policy                |
| project               |
| region                |
| revocation_event      |
| role                  |
| service               |
| token                 |
| trust                 |
| trust_role            |
| user                  |
| user_group_membership |
+-----------------------+
18 rows in set (0.00 sec)

MariaDB [keystone]>


systemctl enable openstack-keystone.service
systemctl start openstack-keystone.service


(crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone

 Define users, tenants, and roles
=========================
*********Replace ADMIN_TOKEN with your authorization token
#export OS_SERVICE_TOKEN=$ADMIN_TOKEN
echo $ADMIN_TOKEN
export OS_SERVICE_TOKEN=$(echo $ADMIN_TOKEN)
export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0

#Create an administrative user
#========================
keystone user-create --name=admin --pass=admin4mar --email=ADMIN_EMAIL
keystone role-create --name=admin
keystone tenant-create --name=admin --description="Admin Tenant"
keystone user-role-add --user=admin --tenant=admin --role=admin

keystone role-create --name _member_


#Create a normal user
#================
keystone user-create --name=demo --pass=demo4mar --email=DEMO_EMAIL
keystone tenant-create --name=demo --description="Demo Tenant"
keystone user-role-add --user=demo --role=_member_ --tenant=demo
keystone user-role-add --tenant admin --user admin --role _member_


#Create a service tenant
#=====================
keystone tenant-create --name=service --description="Service Tenant"



#Define services and API endpoints
#===========================

keystone service-create --name=keystone --type=identity --description="OpenStack Identity"
keystone endpoint-create --service-id=$(keystone service-list | awk '/ identity / {print $2}') --publicurl=http://controller:5000/v2.0 --internalurl=http://controller:5000/v2.0 --adminurl=http://controller:35357/v2.0 --region regionOne

#Verify the Identity Service installation
#=============================

unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
keystone --os-username=admin --os-password=admin4mar --os-auth-url=http://controller:35357/v2.0 token-get
keystone --os-username=admin --os-password=admin4mar --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 token-get
keystone --os-username=admin --os-password=admin4mar --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 tenant-list
keystone --os-username=admin --os-password=admin4mar --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 user-list
keystone --os-username=admin --os-password=admin4mar --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 role-list

#Adding User profile
#==========================

echo "
export OS_USERNAME=admin
export OS_PASSWORD=admin4mar
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://controller:35357/v2.0" >> /root/admin-openrc.sh

cat /root/admin-openrc.sh

source /root/admin-openrc.sh
keystone token-get
keystone user-list
keystone user-role-list --user admin --tenant admin

Openstack Juno- Part 1 - Basic Configuration

Juno is the latest version of Openstack which is expected to once of the main milestone in the Openstack releases with a good set of updated to all the Services and First one of its series which will run over Rhel/Centos 7

Making Selinux to Permissive ON ALL THE NODE
=============================================
sed -i "s/SELINUX=.*/SELINUX=permissive/g" /etc/sysconfig/selinux
sed -i "s/SELINUX=.*/SELINUX=permissive/g" /etc/selinux/config ; setenforce 0


Configure Sysctl.conf ON ALL THE NODE
=============================================
echo 1 > /proc/sys/net/ipv4/ip_forward
grep -q net.ipv4.ip_forward /etc/sysctl.conf  ||echo "net.ipv4.ip_forward = 1 " >> /etc/sysctl.conf

grep -q net.ipv4.conf.all.rp_filter /etc/sysctl.conf || echo "net.ipv4.conf.all.rp_filter=0" >> /etc/sysctl.conf

grep -q net.ipv4.conf.default.rp_filter /etc/sysctl.conf  || echo "net.ipv4.conf.default.rp_filter = 0 " >> /etc/sysctl.conf

grep -q net.ipv4.ip_nonlocal_bind /etc/sysctl.conf || echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf

sysctl -p

https://github.com/brightbox/bootstaller/blob/master/auto/CentOS-7-x86_64-Brightbox-7.0_20140717.ks
sed -i "s/10.0.0.2/8.8.8.8/g" /etc/resolv.conf

Installing Needed Packages ON THE NODE
=============================================
yum -y upgrade
yum install http://rdo.fedorapeople.org/openstack-juno/rdo-release-juno.rpm -y
yum -y install https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm -y
yum -y install policycoreutils setroubleshoot
setenforce 0
yum install -y euca2ools
yum install -y yum-plugin-priorities gedit curl wget nc
yum -y install ntp
service ntpd start
chkconfig ntpd on
yum -y install openstack-utils
yum -y install openstack-selinux


On all compute node
yum -y install sysfsutils sg3_utils


Installing Mysql Server in Controller
============================================
yum install mariadb mariadb-server MySQL-python -y

Into /etc/my.cnf
-----
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
-----

systemctl enable mariadb.service
systemctl start mariadb.service

mysql_secure_installation



Installing The Broker Service
============================================

yum install rabbitmq-server -y

systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

rabbitmqctl change_password guest RABBIT_PASS

Single User Mode for Centos/Rhel 7

Single user mode is the one of the Run level in the Linux operating system, Linux operating system has 6 run levels that are used for different requirement or situation. Single user mode mainly used for doing administrative task such as cleaning the file system, Managing the quotas, Recovering the file system and also recover the lost root password. In this mode services won’t start, none of the users are allowed to login except root and also system won’t ask for password to login.

Step 1: While booting you might see the splash screen like below, grub is counting the time to boot the default operating system as mentioned in /etc/grub2.cfg; this time press any key to interrupt the auto boot.

Step 2: It will list operating systems (in my case only CentOS installed) that you have installed on the machine, In below that you might find some information about booting the OS and editing the parameters of menu. If you want to enter into single user mode; select the operating system and press “e” edit arguments of kernel.

Step 3: Once you have pressed, you should see the information about the selected operating system. It gives you the information about the hard disk and partition where the OS installed, location of the kernel, language, video output, keyboard type, keyboard table, crash kernel and initrd (Initial ram disk).
To enter into single user mode; Go to second last line (Starts with linux 16 or linuxefi) using up and down arrow then  modify the ro argument.

Step 5: Modify it to “rw init=/sysroot/bin/sh”. Once done, press “Ctrl+x”

Now you should be in command line mode with root privileges (without entering password). Now you can start to troubleshoot your system or can do maintenance of your system.

You are in Single user mode .chroot to access your system.

chroot /sysroot

CentOS 7 network install on VMWare Workstation network problem

If we install Centos  7 on Vmware workstation 10 , you can see that the network is not detected. Its because that the v7 3.10 kernel no longer supports the Ethernet Controller device. So once we install the Centos 7Os in Vmware workstation there will not be Network inside the Vm.

I found at https://access.redhat.com/discussions/722093 that its a Bug and can be fixed by editing the vmx file of Vmware Workstation.

I added the following line to my .vmx file:

CODE: SELECT ALL

ethernet0.virtualDev = "e1000"

Webmaster tool error regarding BlogID and PostID with Google Blogger

If In the rich snippets tool of google webmaster tools user get an error related to blogid and post id. Given below are some examples:

Error: Page contains property "blogid" which is not part of the schema.

Error: Page contains property "postid" which is not part of the schema.

For fixing this errors you can delete these codes from your blog template.

For deleting this codes follow the above steps:

Make backup of your template.

Go into your template code.

search for below codes and delete them from the entire template and save the template..

<meta expr:content='data:blog.blogId' itemprop='blogId'/>

<meta expr:content='data:post.id' itemprop='postId'/>

After deleting these codes from your blog template you can check your structured data in rich snippets tool. If you still get the same error then try deleting all the codes given above from your blogger template. You can re check this here Rich Snippet testing tool.

Creating Centos-7 Image for Openstack

Download the Centos-7 Minimal ISO from the centos ISO repo

http://isoredirect.centos.org/centos/7/isos/x86_64/

Setting up the KVM environment to create the custom images.

yum install kvm qemu-kvm python-virtinst libvirt libvirt-python virt-manager libguestfs-tools

Script for starting the KVM installation  cat createcentos7.sh
=============
IMAGE=Centos7.qcow2
VIRTIO_ISO=/root/virtio-win-0.1-81.iso
ISO=/ISO/CentOS-7.0-1406-x86_64-Minimal.iso

KVM=/usr/libexec/qemu-kvm
if [ ! -f "$KVM" ]; then
    KVM=/usr/bin/kvm
fi

qemu-img create -f qcow2 -o preallocation=metadata $IMAGE 8G

$KVM -m 2048 -smp 2 -cdrom $ISO -drive file=$VIRTIO_ISO,index=3,media=cdrom  -drive file=$IMAGE,if=virtio,boot=off -boot d -vga std -k en-us -vnc 192.168.2.10:4 -usbdevice tablet
=============
using any VNC client connect to 192.168.2.10:4  and do the rest of configuration.

Complete the installation do the following configurations after starting the image in openstack


cat <<EOF >/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
PERSISTENT_DHCLIENT=1
EOF

cat <<EOF > /etc/sysconfig/network
NETWORKING=yes
NOZEROCONF=yes
EOF
yum update -y

yum -y install https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm -y

yum install cloud-init

yum history new
yum clean all
truncate -c -s 0 /var/log/yum.log
rm -rf /var/lib/yum/*
rm -rf /var/lib/random-seed
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /root/anaconda-ks.cfg
rm -rf /var/log/anaconda*


Now save the Vm as a snapshot and use it again :)

List installed Python Modules.

First install the python-pip package and use "pip freeze" command to display the Modules.

[root@ceph01-server ~]# python --version
Python 2.6.6
[root@ceph01-server ~]# pip freeze
Cheetah==2.4.1
Markdown==2.0.1
PyYAML==3.10
Pygments==1.1.1
argparse==1.2.1
backports.ssl-match-hostname==3.4.0.2
boto==2.32.1
ceph-deploy==1.5.17
chardet==2.0.1
cloud-init==0.7.4
configobj==4.6.0
distribute==0.7.3
heat-cfntools==1.2.6
iniparse==0.3.1
jsonpatch==1.2
jsonpointer==1.0
ordereddict==1.1
policycoreutils-default-encoding==0.1
prettytable==0.7.2
psutil==0.6.1
pycurl==7.19.0
pygpgme==0.1
requests==1.1.0
setools==1.0
six==1.7.3
urlgrabber==3.9.1
urllib3==1.5
yum-metadata-parser==1.1.2
[root@ceph01-server ~]#