//
you're reading...
OpenStack

OpenStack Revisit – Icehouse – Creating a Controller Server

Getting StartedController ServerNetwork ServerCompute ServerFinishing Up

The controller is the central management system for OpenStack, following the OpenStack Operations Guide, I have the following services running on this node:

  • Identity Service: openstack-keystone
  • Image Services: openstack-glance-api, openstack-glance-registry
  • Compute Services: openstack-nova-api, openstack-nova-cert, openstack-nova-consoleauth, openstack-nova-scheduler, openstack-nova-conductor, openstack-nova-novncproxy
  • Network Services: neutron-server
  • Message Service: qpidd
  • Database Service: mysqld
  • Caching Service: memcached
  • Web Service: httpd

To begin we need to create a Virtualbox VM, mine has the following specs:

1 CPU
768 MB RAM
16GB Disk (If using the node appliance, add a 12GB disk and expand root with LVM)
eth0 Internal Network "oint"
eth1 NAT

Once the VM is running we can start the install:

yum -y install ntp mysql mysql-server MySQL-python qpid-cpp-server pacemaker haproxy memcached python-memcached mod_wsgi openstack-dashboard openstack-keystone openstack-nova-api openstack-glance openstack-cinder openstack-quantum openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-objectstore openstack-nova-cert openstack-nova-console openstack-nova-conductor openstack-neutron openstack-neutron-ml2

ntpdate time.centos.org

service ntpd start
chkconfig ntpd on

service mysqld start
chkconfig mysqld on

service qpidd start
chkconfig qpidd on

mysql_secure_installation # Set a root password if you want

vi /etc/qpidd.conf
auth=no

vi /etc/my.cnf
[mysqld]
bind-address = 10.0.0.15
log_bin = mysql-bin
binlog-format = row
default-storage-engine = innodb
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8

This gives us the base controller install, next we setup the database:

mysql

CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';

CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';

CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';

CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';

CREATE DATABASE dash;
GRANT ALL PRIVILEGES ON dash.* TO 'dash'@'%' IDENTIFIED BY 'dash';
GRANT ALL PRIVILEGES ON dash.* TO 'dash'@'localhost' IDENTIFIED BY 'dash';

flush privileges;
exit

Now we configure the identity service keystone:

openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:keystone@controller/keystone

keystone-manage db_sync

ADMIN_TOKEN=11112222333344445555 # Generate a token with "openssl rand -hex 10"

openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN

keystone-manage pki_setup --keystone-user keystone --keystone-group keystone

chown -R keystone:keystone /etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl

service openstack-keystone start
chkconfig openstack-keystone on

cat>/etc/cron.hourly/3keystone-tokenflush<<EOF
/usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1
EOF

export OS_SERVICE_TOKEN=$ADMIN_TOKEN
export OS_SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0

Now we can add some users and endpoints:

## Admin User
keystone user-create --name=admin --pass=admin --email=root@localhost
keystone role-create --name=admin
keystone tenant-create --name=admin --description="Admin Tenant"
keystone user-role-add --user=admin --tenant=admin --role=admin

## Normal User
keystone user-create --name=demo --pass=demo --email=demo@localhost
keystone tenant-create --name=demo --description="Demo Tenant"
keystone user-role-add --user=demo --role=_member_ --tenant=demo

## Endpoints
keystone service-create --name=keystone --type=identity --description="OpenStack Identity"

keystone endpoint-create \
  --service-id=$(keystone service-list | awk '/ identity / {print $2}') \
  --publicurl=http://controller:5000/v2.0 \
  --internalurl=http://controller:5000/v2.0 \
  --adminurl=http://controller:35357/v2.0

From here we can test that keystone is working:

## Create admin-openrc.sh

unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT

cat >admin-openrc.sh<<EOF
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://controller:35357/v2.0
EOF

source admin-openrc.sh

## Test Keystone
keystone user-list

Next we have the image service glance:

openstack-config --set /etc/glance/glance-api.conf database connection mysql://glance:glance@controller/glance
openstack-config --set /etc/glance/glance-registry.conf database connection mysql://glance:glance@controller/glance

openstack-config --set /etc/glance/glance-api.conf DEFAULT rpc_backend qpid
openstack-config --set /etc/glance/glance-api.conf DEFAULT qpid_hostname controller

glance-manage db_sync

keystone user-create --name=glance --pass=glance --email=glance@localhost
keystone user-role-add --user=glance --tenant=service --role=admin

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host controller
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password glance
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host controller
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password glance
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone

keystone service-create --name=glance --type=image --description="OpenStack Image Service"
keystone endpoint-create \
  --service-id=$(keystone service-list | awk '/ image / {print $2}') \
  --publicurl=http://controller:9292 \
  --internalurl=http://controller:9292 \
  --adminurl=http://controller:9292

service openstack-glance-api start
service openstack-glance-registry start
chkconfig openstack-glance-api on
chkconfig openstack-glance-registry on

We need to install the management parts of the compute service nova:

openstack-config --set /etc/nova/nova.conf database connection mysql://nova:nova@controller/nova

openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend qpid
openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname controller

openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.0.0.15
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 10.0.0.15
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 10.0.0.15

nova-manage db sync

keystone user-create --name=nova --pass=nova --email=nova@localhost
keystone user-role-add --user=nova --tenant=service --role=admin

openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password nova

keystone service-create --name=nova --type=compute --description="OpenStack Compute"

keystone endpoint-create \
  --service-id=$(keystone service-list | awk '/ compute / {print $2}') \
  --publicurl=http://controller:8774/v2/%\(tenant_id\)s \
  --internalurl=http://controller:8774/v2/%\(tenant_id\)s \
  --adminurl=http://controller:8774/v2/%\(tenant_id\)s

service openstack-nova-api start
service openstack-nova-cert start
service openstack-nova-consoleauth start
service openstack-nova-scheduler start
service openstack-nova-conductor start
service openstack-nova-novncproxy start
chkconfig openstack-nova-api on
chkconfig openstack-nova-cert on
chkconfig openstack-nova-consoleauth on
chkconfig openstack-nova-scheduler on
chkconfig openstack-nova-conductor on
chkconfig openstack-nova-novncproxy on

We also install the network server neutron:

keystone user-create --name neutron --pass neutron --email neutron@localhost
keystone user-role-add --user neutron --tenant service --role admin
keystone service-create --name neutron --type network --description "OpenStack Networking"

keystone endpoint-create \
  --service-id $(keystone service-list | awk '/ network / {print $2}') \
  --publicurl http://controller:9696 \
  --adminurl http://controller:9696 \
  --internalurl http://controller:9696

openstack-config --set /etc/neutron/neutron.conf database connection mysql://neutron:neutron@controller/neutron

openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_host controller
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_user neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_password neutron

openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend neutron.openstack.common.rpc.impl_qpid
openstack-config --set /etc/neutron/neutron.conf DEFAULT qpid_hostname controller

openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_url http://controller:8774/v2
openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_username nova
openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_tenant_id $(keystone tenant-list | awk '/ service / { print $2 }')
openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_password nova
openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_auth_url http://controller:35357/v2.0

openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router

#### Comment out any lines in the [service_providers] section of /etc/neutron/neutron.conf
#####  #service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers gre
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types gre
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre tunnel_id_ranges 1:1000
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group True

openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API
openstack-config --set /etc/nova/nova.conf DEFAULT neutron_url http://controller:9696
openstack-config --set /etc/nova/nova.conf DEFAULT neutron_auth_strategy keystone
openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_tenant_name service
openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_username neutron
openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_password neutron
openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_auth_url http://controller:35357/v2.0
openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron

openstack-config --set /etc/nova/nova.conf DEFAULT service_neutron_metadata_proxy true
openstack-config --set /etc/nova/nova.conf DEFAULT neutron_metadata_proxy_shared_secret m3t4d4t4

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

service openstack-nova-api restart
service openstack-nova-scheduler restart
service openstack-nova-conductor restart

service neutron-server start
chkconfig neutron-server on

Finally here’s a init script to managing the controller services:

### Controller Server Start/Stop Script

#!/bin/bash
#
# chkconfig: - 57 75
# description: start openstack services

### BEGIN INIT INFO
# Provides: openstack
# Short-Description: starts openstack services
# Description: services for openstack
### END INIT INFO

# Source function library.
. /etc/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

prog=openstack
lockfile=/var/run/openstack/$prog

START_SVC_ORDER='openstack-keystone openstack-glance-api openstack-glance-registry neutron-server openstack-nova-api openstack-nova-cert openstack-nova-consoleauth openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy'
STOP_SVC_ORDER='openstack-nova-novncproxy openstack-nova-conductor openstack-nova-scheduler openstack-nova-consoleauth openstack-nova-cert openstack-nova-api neutron-server openstack-glance-api openstack-glance-registry openstack-keystone'

do_loop() {
  for svc in $SVC_ORDER; do service $svc $CMD ; done
}

# See how we were called.
case "$1" in
  start)
	SVC_ORDER=$START_SVC_ORDER
	CMD='start'
	do_loop
	CMD='status'
	do_loop
	;;
  stop)
	SVC_ORDER=$STOP_SVC_ORDER
	CMD='stop'
	do_loop
	;;
  status)
	SVC_ORDER=$START_SVC_ORDER
	CMD='status'
	do_loop
	;;
  restart|force-reload)
	SVC_ORDER=$STOP_SVC_ORDER
	CMD='stop'
	do_loop
	SVC_ORDER=$START_SVC_ORDER
	CMD='start'
	do_loop
	CMD='status'
	do_loop
	;;
  *)
	echo $"Usage: $0 {start|stop|status|restart|force-reload}"
	exit 2
esac

Next we install the network server.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s