OpenStack Grizzly Install Guide
description
Transcript of OpenStack Grizzly Install Guide
![Page 1: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/1.jpg)
OpenStack Grizzly Install GuideVersion
:2.0
Source: https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide
Keywords:
Multi node, Grizzly, Quantum, Nova, Keystone, Glance, Horizon, Cinder, OpenVSwitch, KVM, Ubuntu Server 12.04/13.04 (64 bits).
Authors
Bilel Msekni
Contributors
Houssem Medhioub <[email protected]>
Djamal Zeghlache <[email protected]>
Sandeep Raman <[email protected]> Sam Stoelinga <[email protected]>
Anil Vishnoi <[email protected]> Gangur Hrushikesh <>
Wana contribute ? Read the guide, send your contribution and get your name listed ;)
Table of Contents
0. What is it?
1. Requirements
2. Controller Node
3. Network Node
4. Compute Node
![Page 2: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/2.jpg)
5. Your first VM
6. Licensing
7. Contacts
8. Credits
9. To do
0. What is it?
OpenStack Grizzly Install Guide is an easy and tested way to create your own OpenStack platform.
If you like it, don't forget to star it !
Status: Stable
1. Requirements
Node Role: NICs
ControlNode:
eth0 (10.10.10.51), eth1 (192.168.100.51)
NetworkNode:
eth0 (10.10.10.52), eth1 (10.20.20.52), eth2 (192.168.100.52)
ComputeNode:
eth0 (10.10.10.53), eth1 (10.20.20.53)
Note 1: Always use dpkg -s <packagename> to make sure you are using grizzly packages (version : 2013.1)
Note 2: This is my current network architecture, you can add as many compute node as you wish.
![Page 3: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/3.jpg)
2. Controller Node
2.1. Preparing Ubuntu
•After you install Ubuntu 12.04 or 13.04 Server 64bits, Go in sudo mode and don't leave it until the endof this guide:
sudo su
•Add Grizzly repositories [Only for Ubuntu 12.04]:
apt-get install -y ubuntu-cloud-keyring
echo deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main >>
/etc/apt/sources.list.d/grizzly.list
•Update your system:
apt-get update -y
apt-get upgrade -y
apt-get dist-upgrade -y
2.2. Networking
•Only one NIC should have an internet access:
#For Exposing OpenStack API over the internet
![Page 4: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/4.jpg)
auto eth1
iface eth1 inet static
address 192.168.100.51
netmask 255.255.255.0
gateway 192.168.100.1
dns-nameservers 8.8.8.8
#Not internet connected(used for OpenStack management)
auto eth0
iface eth0 inet static
address 10.10.10.51
netmask 255.255.255.0
•Restart the networking service:
service networking restart
2.3. MySQL & RabbitMQ
•Install MySQL:
apt-get install -y mysql-server python-mysqldb
![Page 5: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/5.jpg)
•Configure mysql to accept all incoming requests:
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
service mysql restart
2.4. RabbitMQ
•Install RabbitMQ:
apt-get install -y rabbitmq-server
•Install NTP service:
apt-get install -y ntp
•Create these databases:
mysql -u root -p
#Keystone
CREATE DATABASE keystone;
GRANT ALL ON keystone.* TO 'keystoneUser'@'%' IDENTIFIED BY 'keystonePass';
#Glance
CREATE DATABASE glance;
![Page 6: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/6.jpg)
GRANT ALL ON glance.* TO 'glanceUser'@'%' IDENTIFIED BY 'glancePass';
#Quantum
CREATE DATABASE quantum;
GRANT ALL ON quantum.* TO 'quantumUser'@'%' IDENTIFIED BY 'quantumPass';
#Nova
CREATE DATABASE nova;
GRANT ALL ON nova.* TO 'novaUser'@'%' IDENTIFIED BY 'novaPass';
#Cinder
CREATE DATABASE cinder;
GRANT ALL ON cinder.* TO 'cinderUser'@'%' IDENTIFIED BY 'cinderPass';
quit;
2.5. Others
•Install other services:
apt-get install -y vlan bridge-utils
![Page 7: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/7.jpg)
•Enable IP_Forwarding:
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
# To save you from rebooting, perform the following
sysctl net.ipv4.ip_forward=1
2.6. Keystone
•Start by the keystone packages:
apt-get install -y keystone
•Adapt the connection attribute in the /etc/keystone/keystone.conf to the new database:
connection = mysql://keystoneUser:[email protected]/keystone
•Restart the identity service then synchronize the database:
service keystone restart
keystone-manage db_sync
•Fill up the keystone database using the two scripts available in the Scripts folder of this git repository:
#Modify the **HOST_IP** and **EXT_HOST_IP** variables before executing the scripts
![Page 8: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/8.jpg)
wget https://raw.github.com/mseknibilel/OpenStack-Grizzly-Install-
Guide/OVS_MultiNode/KeystoneScripts/keystone_basic.sh
wget https://raw.github.com/mseknibilel/OpenStack-Grizzly-Install-
Guide/OVS_MultiNode/KeystoneScripts/keystone_endpoints_basic.sh
chmod +x keystone_basic.sh
chmod +x keystone_endpoints_basic.sh
./keystone_basic.sh
./keystone_endpoints_basic.sh
•Create a simple credential file and load it so you won't be bothered later:
nano creds
#Paste the following:
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin_pass
export OS_AUTH_URL="http://192.168.100.51:5000/v2.0/"
![Page 9: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/9.jpg)
# Load it:
source creds
•To test Keystone, we use a simple CLI command:
keystone user-list
2.7. Glance
•We Move now to Glance installation:
apt-get install -y glance
•Update /etc/glance/glance-api-paste.ini with:
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
delay_auth_decision = true
auth_host = 10.10.10.51
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = service_pass
![Page 10: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/10.jpg)
•Update the /etc/glance/glance-registry-paste.ini with:
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 10.10.10.51
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = service_pass
•Update /etc/glance/glance-api.conf with:
sql_connection = mysql://glanceUser:[email protected]/glance
•And:
[paste_deploy]
flavor = keystone
•Update the /etc/glance/glance-registry.conf with:
sql_connection = mysql://glanceUser:[email protected]/glance
•And:
![Page 11: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/11.jpg)
[paste_deploy]
flavor = keystone
•Restart the glance-api and glance-registry services:
service glance-api restart; service glance-registry restart
•Synchronize the glance database:
glance-manage db_sync
•To test Glance, upload the cirros cloud image directly from the internet:
glance image-create --name myFirstImage --is-public true --container-format bare --disk-format
qcow2 --location http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
•Now list the image to see what you have just uploaded:
glance image-list
2.8. Quantum
•Install the Quantum server and the OpenVSwitch package collection:
apt-get install -y quantum-server
•Edit the OVS plugin configuration file /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini with:
#Under the database section
![Page 12: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/12.jpg)
[DATABASE]
sql_connection = mysql://quantumUser:[email protected]/quantum
#Under the OVS section
[OVS]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
#Firewall driver for realizing quantum security group function
[SECURITYGROUP]
firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
•Edit /etc/quantum/api-paste.ini
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 10.10.10.51
auth_port = 35357
auth_protocol = http
![Page 13: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/13.jpg)
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
•Update the /etc/quantum/quantum.conf:
[keystone_authtoken]
auth_host = 10.10.10.51
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
signing_dir = /var/lib/quantum/keystone-signing
•Restart the quantum server:
service quantum-server restart
2.9. Nova
•Start by installing nova components:
apt-get install -y nova-api nova-cert novnc nova-consoleauth nova-scheduler nova-novncproxy nova-
![Page 14: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/14.jpg)
doc nova-conductor
•Now modify authtoken section in the /etc/nova/api-paste.ini file to this:
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 10.10.10.51
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = service_pass
signing_dirname = /tmp/keystone-signing-nova
# Workaround for https://bugs.launchpad.net/nova/+bug/1154809
auth_version = v2.0
•Modify the /etc/nova/nova.conf like this:
[DEFAULT]
logdir=/var/log/nova
state_path=/var/lib/nova
![Page 15: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/15.jpg)
lock_path=/run/lock/nova
verbose=True
api_paste_config=/etc/nova/api-paste.ini
compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler
rabbit_host=10.10.10.51
nova_url=http://10.10.10.51:8774/v1.1/
sql_connection=mysql://novaUser:[email protected]/nova
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
# Auth
use_deprecated_auth=false
auth_strategy=keystone
# Imaging service
glance_api_servers=10.10.10.51:9292
image_service=nova.image.glance.GlanceImageService
# Vnc configuration
![Page 16: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/16.jpg)
novnc_enabled=true
novncproxy_base_url=http://192.168.100.51:6080/vnc_auto.html
novncproxy_port=6080
vncserver_proxyclient_address=10.10.10.51
vncserver_listen=0.0.0.0
# Network settings
network_api_class=nova.network.quantumv2.api.API
quantum_url=http://10.10.10.51:9696
quantum_auth_strategy=keystone
quantum_admin_tenant_name=service
quantum_admin_username=quantum
quantum_admin_password=service_pass
quantum_admin_auth_url=http://10.10.10.51:35357/v2.0
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
#If you want Quantum + Nova Security groups
firewall_driver=nova.virt.firewall.NoopFirewallDriver
![Page 17: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/17.jpg)
security_group_api=quantum
#If you want Nova Security groups only, comment the two lines above and uncomment line -1-.
#-1-firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
#Metadata
service_quantum_metadata_proxy = True
quantum_metadata_proxy_shared_secret = helloOpenStack
# Compute #
compute_driver=libvirt.LibvirtDriver
# Cinder #
volume_api_class=nova.volume.cinder.API
osapi_volume_listen_port=5900
•Synchronize your database:
nova-manage db sync
•Restart nova-* services:
![Page 18: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/18.jpg)
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
•Check for the smiling faces on nova-* services to confirm your installation:
nova-manage service list
2.10. Cinder
•Install the required packages:
apt-get install -y cinder-api cinder-scheduler cinder-volume iscsitarget open-iscsi iscsitarget-dkms
•Configure the iscsi services:
sed -i 's/false/true/g' /etc/default/iscsitarget
•Restart the services:
service iscsitarget start
service open-iscsi start
•Configure /etc/cinder/api-paste.ini like the following:
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
service_protocol = http
service_host = 192.168.100.51
![Page 19: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/19.jpg)
service_port = 5000
auth_host = 10.10.10.51
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = cinder
admin_password = service_pass
signing_dir = /var/lib/cinder
•Edit the /etc/cinder/cinder.conf to:
[DEFAULT]
rootwrap_config=/etc/cinder/rootwrap.conf
sql_connection = mysql://cinderUser:[email protected]/cinder
api_paste_config = /etc/cinder/api-paste.ini
iscsi_helper=ietadm
volume_name_template = volume-%s
volume_group = cinder-volumes
verbose = True
auth_strategy = keystone
![Page 20: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/20.jpg)
iscsi_ip_address=10.10.10.51
•Then, synchronize your database:
cinder-manage db sync
•Finally, don't forget to create a volumegroup and name it cinder-volumes:
dd if=/dev/zero of=cinder-volumes bs=1 count=0 seek=2G
losetup /dev/loop2 cinder-volumes
fdisk /dev/loop2
#Type in the followings:
n
p
1
ENTER
ENTER
t
8e
w
•Proceed to create the physical volume then the volume group:
![Page 21: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/21.jpg)
pvcreate /dev/loop2
vgcreate cinder-volumes /dev/loop2
Note: Beware that this volume group gets lost after a system reboot. (Click Here to know how to load itafter a reboot)
•Restart the cinder services:
cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i restart; done
•Verify if cinder services are running:
cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i status; done
2.11. Horizon
•To install horizon, proceed like this
apt-get install -y openstack-dashboard memcached
•If you don't like the OpenStack ubuntu theme, you can remove the package to disable it:
dpkg --purge openstack-dashboard-ubuntu-theme
•Reload Apache and memcached:
service apache2 restart; service memcached restart
•Check OpenStack Dashboard at http://192.168.100.51/horizon. We can login with the admin / admin_pass
![Page 22: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/22.jpg)
3. Network Node
3.1. Preparing the Node
•After you install Ubuntu 12.04 or 13.04 Server 64bits, Go in sudo mode:
sudo su
•Add Grizzly repositories [Only for Ubuntu 12.04]:
apt-get install -y ubuntu-cloud-keyring
echo deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main >>
/etc/apt/sources.list.d/grizzly.list
•Update your system:
apt-get update -y
apt-get upgrade -y
apt-get dist-upgrade -y
•Install ntp service:
apt-get install -y ntp
•Configure the NTP server to follow the controller node:
#Comment the ubuntu NTP servers
![Page 23: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/23.jpg)
sed -i 's/server 0.ubuntu.pool.ntp.org/#server 0.ubuntu.pool.ntp.org/g' /etc/ntp.conf
sed -i 's/server 1.ubuntu.pool.ntp.org/#server 1.ubuntu.pool.ntp.org/g' /etc/ntp.conf
sed -i 's/server 2.ubuntu.pool.ntp.org/#server 2.ubuntu.pool.ntp.org/g' /etc/ntp.conf
sed -i 's/server 3.ubuntu.pool.ntp.org/#server 3.ubuntu.pool.ntp.org/g' /etc/ntp.conf
#Set the network node to follow up your conroller node
sed -i 's/server ntp.ubuntu.com/server 10.10.10.51/g' /etc/ntp.conf
service ntp restart
•Install other services:
apt-get install -y vlan bridge-utils
•Enable IP_Forwarding:
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
# To save you from rebooting, perform the following
sysctl net.ipv4.ip_forward=1
![Page 24: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/24.jpg)
3.2.Networking
•3 NICs must be present:
# OpenStack management
auto eth0
iface eth0 inet static
address 10.10.10.52
netmask 255.255.255.0
# VM Configuration
auto eth1
iface eth1 inet static
address 10.20.20.52
netmask 255.255.255.0
# VM internet Access
auto eth2
iface eth2 inet static
address 192.168.100.52
![Page 25: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/25.jpg)
netmask 255.255.255.0
3.4. OpenVSwitch (Part1)
•Install the openVSwitch:
apt-get install -y openvswitch-switch openvswitch-datapath-dkms
•Create the bridges:
#br-int will be used for VM integration
ovs-vsctl add-br br-int
#br-ex is used to make to VM accessible from the internet
ovs-vsctl add-br br-ex
3.5. Quantum
•Install the Quantum openvswitch agent, l3 agent and dhcp agent:
apt-get -y install quantum-plugin-openvswitch-agent quantum-dhcp-agent quantum-l3-agent
quantum-metadata-agent
•Edit /etc/quantum/api-paste.ini:
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
![Page 26: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/26.jpg)
auth_host = 10.10.10.51
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
•Edit the OVS plugin configuration file /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini with:
#Under the database section
[DATABASE]
sql_connection = mysql://quantumUser:[email protected]/quantum
#Under the OVS section
[OVS]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = 10.20.20.52
![Page 27: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/27.jpg)
enable_tunneling = True
#Firewall driver for realizing quantum security group function
[SECURITYGROUP]
firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
•Update /etc/quantum/metadata_agent.ini:
# The Quantum user information for accessing the Quantum API.
auth_url = http://10.10.10.51:35357/v2.0
auth_region = RegionOne
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
# IP address used by Nova metadata server
nova_metadata_ip = 10.10.10.51
# TCP Port used by Nova metadata server
nova_metadata_port = 8775
![Page 28: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/28.jpg)
metadata_proxy_shared_secret = helloOpenStack
•Make sure that your rabbitMQ IP in /etc/quantum/quantum.conf is set to the controller node:
rabbit_host = 10.10.10.51
#And update the keystone_authtoken section
[keystone_authtoken]
auth_host = 10.10.10.51
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
signing_dir = /var/lib/quantum/keystone-signing
•Edit /etc/sudoers.d/quantum_sudoers to give it full access like this (This is unfortunatly mandatory)
nano /etc/sudoers.d/quantum_sudoers
![Page 29: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/29.jpg)
#Modify the quantum user
quantum ALL=NOPASSWD: ALL
•Restart all the services:
cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i restart; done
3.4. OpenVSwitch (Part2)
•Edit the eth2 in /etc/network/interfaces to become like this:
# VM internet Access
auto eth2
iface eth2 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc of
down ifconfig $IFACE down
•Add the eth2 to the br-ex:
#Internet connectivity will be lost after this step but this won't afect OpenStack's work
ovs-vsctl add-port br-ex eth2
![Page 30: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/30.jpg)
#If you want to get internet connection back, you can assign the eth2's IP address to the br-ex in the
/etc/network/interfaces file.
4. Compute Node
4.1. Preparing the Node
•After you install Ubuntu 12.04 or 13.04 Server 64bits, Go in sudo mode:
sudo su
•Add Grizzly repositories [Only for Ubuntu 12.04]:
apt-get install -y ubuntu-cloud-keyring
echo deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main >>
/etc/apt/sources.list.d/grizzly.list
•Update your system:
apt-get update -y
apt-get upgrade -y
apt-get dist-upgrade -y
•Reboot (you might have new kernel)
•Install ntp service:
![Page 31: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/31.jpg)
apt-get install -y ntp
•Configure the NTP server to follow the controller node:
#Comment the ubuntu NTP servers
sed -i 's/server 0.ubuntu.pool.ntp.org/#server 0.ubuntu.pool.ntp.org/g' /etc/ntp.conf
sed -i 's/server 1.ubuntu.pool.ntp.org/#server 1.ubuntu.pool.ntp.org/g' /etc/ntp.conf
sed -i 's/server 2.ubuntu.pool.ntp.org/#server 2.ubuntu.pool.ntp.org/g' /etc/ntp.conf
sed -i 's/server 3.ubuntu.pool.ntp.org/#server 3.ubuntu.pool.ntp.org/g' /etc/ntp.conf
#Set the compute node to follow up your conroller node
sed -i 's/server ntp.ubuntu.com/server 10.10.10.51/g' /etc/ntp.conf
service ntp restart
•Install other services:
apt-get install -y vlan bridge-utils
•Enable IP_Forwarding:
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
![Page 32: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/32.jpg)
# To save you from rebooting, perform the following
sysctl net.ipv4.ip_forward=1
4.2.Networking
•Perform the following:
# OpenStack management
auto eth0
iface eth0 inet static
address 10.10.10.53
netmask 255.255.255.0
# VM Configuration
auto eth1
iface eth1 inet static
address 10.20.20.53
netmask 255.255.255.0
4.3 KVM
•make sure that your hardware enables virtualization:
![Page 33: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/33.jpg)
apt-get install -y cpu-checker
kvm-ok
•Normally you would get a good response. Now, move to install kvm and configure it:
apt-get install -y kvm libvirt-bin pm-utils
•Edit the cgroup_device_acl array in the /etc/libvirt/qemu.conf file to:
cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc", "/dev/hpet","/dev/net/tun"
]
•Delete default virtual bridge
virsh net-destroy default
virsh net-undefine default
•Enable live migration by updating /etc/libvirt/libvirtd.conf file:
listen_tls = 0
listen_tcp = 1
![Page 34: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/34.jpg)
auth_tcp = "none"
•Edit libvirtd_opts variable in /etc/init/libvirt-bin.conf file:
env libvirtd_opts="-d -l"
•Edit /etc/default/libvirt-bin file
libvirtd_opts="-d -l"
•Restart the libvirt service and dbus to load the new values:
service dbus restart && service libvirt-bin restart
4.4. OpenVSwitch
•Install the openVSwitch:
apt-get install -y openvswitch-switch openvswitch-datapath-dkms
•Create the bridges:
#br-int will be used for VM integration
ovs-vsctl add-br br-int
4.5. Quantum
•Install the Quantum openvswitch agent:
![Page 35: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/35.jpg)
apt-get -y install quantum-plugin-openvswitch-agent
•Edit the OVS plugin configuration file /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini with:
#Under the database section
[DATABASE]
sql_connection = mysql://quantumUser:[email protected]/quantum
#Under the OVS section
[OVS]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = 10.20.20.53
enable_tunneling = True
#Firewall driver for realizing quantum security group function
[SECURITYGROUP]
firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
![Page 36: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/36.jpg)
•Make sure that your rabbitMQ IP in /etc/quantum/quantum.conf is set to the controller node:
rabbit_host = 10.10.10.51
#And update the keystone_authtoken section
[keystone_authtoken]
auth_host = 10.10.10.51
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
signing_dir = /var/lib/quantum/keystone-signing
•Restart all the services:
service quantum-plugin-openvswitch-agent restart
4.6. Nova
•Install nova's required components for the compute node:
![Page 37: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/37.jpg)
apt-get install -y nova-compute-kvm
•Now modify authtoken section in the /etc/nova/api-paste.ini file to this:
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 10.10.10.51
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = service_pass
signing_dirname = /tmp/keystone-signing-nova
# Workaround for https://bugs.launchpad.net/nova/+bug/1154809
auth_version = v2.0
•Edit /etc/nova/nova-compute.conf file
[DEFAULT]
libvirt_type=kvm
libvirt_ovs_bridge=br-int
![Page 38: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/38.jpg)
libvirt_vif_type=ethernet
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
libvirt_use_virtio_for_bridges=True
•Modify the /etc/nova/nova.conf like this:
[DEFAULT]
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/run/lock/nova
verbose=True
api_paste_config=/etc/nova/api-paste.ini
compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler
rabbit_host=10.10.10.51
nova_url=http://10.10.10.51:8774/v1.1/
sql_connection=mysql://novaUser:[email protected]/nova
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
# Auth
use_deprecated_auth=false
![Page 39: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/39.jpg)
auth_strategy=keystone
# Imaging service
glance_api_servers=10.10.10.51:9292
image_service=nova.image.glance.GlanceImageService
# Vnc configuration
novnc_enabled=true
novncproxy_base_url=http://192.168.100.51:6080/vnc_auto.html
novncproxy_port=6080
vncserver_proxyclient_address=10.10.10.53
vncserver_listen=0.0.0.0
# Network settings
network_api_class=nova.network.quantumv2.api.API
quantum_url=http://10.10.10.51:9696
quantum_auth_strategy=keystone
quantum_admin_tenant_name=service
![Page 40: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/40.jpg)
quantum_admin_username=quantum
quantum_admin_password=service_pass
quantum_admin_auth_url=http://10.10.10.51:35357/v2.0
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
#If you want Quantum + Nova Security groups
firewall_driver=nova.virt.firewall.NoopFirewallDriver
security_group_api=quantum
#If you want Nova Security groups only, comment the two lines above and uncomment line -1-.
#-1-firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
#Metadata
service_quantum_metadata_proxy = True
quantum_metadata_proxy_shared_secret = helloOpenStack
# Compute #
compute_driver=libvirt.LibvirtDriver
![Page 41: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/41.jpg)
# Cinder #
volume_api_class=nova.volume.cinder.API
osapi_volume_listen_port=5900
cinder_catalog_info=volume:cinder:internalURL
•Restart nova-* services:
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
•Check for the smiling faces on nova-* services to confirm your installation:
nova-manage service list
5. Your first VM
To start your first VM, we first need to create a new tenant, user and internal network.
•Create a new tenant
keystone tenant-create --name project_one
•Create a new user and assign the member role to it in the new tenant (keystone role-list to get the appropriate id):
keystone user-create --name=user_one --pass=user_one --tenant-id $put_id_of_project_one
keystone user-role-add --tenant-id $put_id_of_project_one --user-id $put_id_of_user_one --role-id
$put_id_of_member_role
![Page 42: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/42.jpg)
•Create a new network for the tenant:
quantum net-create --tenant-id $put_id_of_project_one net_proj_one
•Create a new subnet inside the new tenant network:
quantum subnet-create --tenant-id $put_id_of_project_one net_proj_one 50.50.1.0/24
--dns_nameservers list=true 8.8.8.7 8.8.8.8
•Create a router for the new tenant:
quantum router-create --tenant-id $put_id_of_project_one router_proj_one
•Add the router to the running l3 agent (if it wasn't automatically added):
quantum agent-list (to get the l3 agent ID)
quantum l3-agent-router-add $l3_agent_ID router_proj_one
•Add the router to the subnet:
quantum router-interface-add $put_router_proj_one_id_here $put_subnet_id_here
•Restart all quantum services:
cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i restart; done
•Create an external network with the tenant id belonging to the admin tenant (keystone tenant-list to get the appropriate id):
quantum net-create --tenant-id $put_id_of_admin_tenant ext_net --router:external=True
![Page 43: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/43.jpg)
•Create a subnet for the floating ips:
quantum subnet-create --tenant-id $put_id_of_admin_tenant --allocation-pool
start=192.168.100.102,end=192.168.100.126 --gateway 192.168.100.1 ext_net
192.168.100.100/24 --enable_dhcp=False
•Set your router's gateway to the external network:
quantum router-gateway-set $put_router_proj_one_id_here $put_id_of_ext_net_here
•Source creds relative to your project one tenant now:
nano creds_proj_one
#Paste the following:
export OS_TENANT_NAME=project_one
export OS_USERNAME=user_one
export OS_PASSWORD=user_one
export OS_AUTH_URL="http://192.168.100.51:5000/v2.0/"
source creds_proj_one
•Add this security rules to make your VMs pingable:
nova --no-cache secgroup-add-rule default icmp -1 -1 0.0.0.0/0
![Page 44: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/44.jpg)
nova --no-cache secgroup-add-rule default tcp 22 22 0.0.0.0/0
•Start by allocating a floating ip to the project one tenant:
quantum floatingip-create ext_net
•Start a VM:
nova --no-cache boot --image $id_myFirstImage --flavor 1 my_first_vm
•pick the id of the port corresponding to your VM:
quantum port-list
•Associate the floating IP to your VM:
quantum floatingip-associate $put_id_floating_ip $put_id_vm_port
That's it ! ping your VM and enjoy your OpenStack.
Single----------------------------------------------------------------------------
OpenStack Grizzly Install GuideVersion
:2.0
Source: https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide
Keywords:
Single node OpenStack, Grizzly, Quantum, Nova, Keystone, Glance, Horizon, Cinder, OpenVSwitch, KVM, Ubuntu Server 12.04 (64 bits).
![Page 45: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/45.jpg)
Authors
Bilel Msekni <[email protected]>
Contributors
Houssem Medhioub <[email protected]>
Djamal Zeghlache <[email protected]>
Sandeep Raman <[email protected]> Sam Stoelinga <[email protected]>
Andy Edmonds <[email protected]>
Wana contribute ? Read the guide, send your contribution and get your name listed ;)
Table of Contents
0. What is it?
1. Requirements
2. Preparing your node
3. Keystone
4. Glance
5. Quantum
6. Nova
7. Cinder
8. Horizon
![Page 46: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/46.jpg)
9. Your first VM
10. Licensing
11. Contacts
12. Acknowledgement
13. Credits
14. To do
0. What is it?
OpenStack Grizzly Install Guide is an easy and tested way to create your own OpenStack platform.
If you like it, don't forget to star it !
Status: Stable
1. Requirements
NodeRole:
NICs
SingleNode:
eth0 (10.10.100.51), eth1 (192.168.100.51)
Note 1: Multi node deployment is available on the OVS_MultiNode branch.
Note 2: Always use dpkg -s <packagename> to make sure you are using grizzly packages (version : 2013.1)
Note 3: This is my current network architecture.
![Page 47: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/47.jpg)
2. Preparing your node
2.1. Preparing Ubuntu
•After you install Ubuntu 12.04 Server 64bits, Go in sudo mode and don't leave it until the end of this guide:
sudo su
•Add Grizzly repositories:
apt-get install ubuntu-cloud-keyring python-software-properties software-properties-common
python-keyring
echo deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main >>
/etc/apt/sources.list.d/grizzly.list
•Update your system:
apt-get update
apt-get upgrade
apt-get dist-upgrade
2.2.Networking
•Only one NIC should have an internet access:
![Page 48: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/48.jpg)
#For Exposing OpenStack API over the internet
auto eth1
iface eth1 inet static
address 192.168.100.51
netmask 255.255.255.0
gateway 192.168.100.1
dns-nameservers 8.8.8.8
#Not internet connected(used for OpenStack management)
auto eth0
iface eth0 inet static
address 10.10.100.51
netmask 255.255.255.0
•Restart the networking service:
service networking restart
2.3. MySQL & RabbitMQ
•Install MySQL:
![Page 49: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/49.jpg)
apt-get install -y mysql-server python-mysqldb
•Configure mysql to accept all incoming requests:
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
service mysql restart
•Install RabbitMQ:
apt-get install -y rabbitmq-server
•Install NTP service:
apt-get install -y ntp
2.5. Others
•Install other services:
apt-get install -y vlan bridge-utils
•Enable IP_Forwarding:
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
# To save you from rebooting, perform the following
sysctl net.ipv4.ip_forward=1
![Page 50: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/50.jpg)
3. Keystone
•Start by the keystone packages:
apt-get install -y keystone
•Verify your keystone is running:
service keystone status
•Create a new MySQL database for keystone:
mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL ON keystone.* TO 'keystoneUser'@'%' IDENTIFIED BY 'keystonePass';
quit;
•Adapt the connection attribute in the /etc/keystone/keystone.conf to the new database:
connection = mysql://keystoneUser:[email protected]/keystone
•Restart the identity service then synchronize the database:
service keystone restart
keystone-manage db_sync
•Fill up the keystone database using the two scripts available in the Scripts folder of this git repository:
![Page 51: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/51.jpg)
#Modify the HOST_IP and HOST_IP_EXT variables before executing the scripts
wget https://raw.github.com/mseknibilel/OpenStack-Grizzly-Install-
Guide/OVS_SingleNode/KeystoneScripts/keystone_basic.sh
wget https://raw.github.com/mseknibilel/OpenStack-Grizzly-Install-
Guide/OVS_SingleNode/KeystoneScripts/keystone_endpoints_basic.sh
chmod +x keystone_basic.sh
chmod +x keystone_endpoints_basic.sh
./keystone_basic.sh
./keystone_endpoints_basic.sh
•Create a simple credential file and load it so you won't be bothered later:
nano creds
#Paste the following:
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin_pass
![Page 52: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/52.jpg)
export OS_AUTH_URL="http://192.168.100.51:5000/v2.0/"
# Load it:
source creds
•To test Keystone, we use a simple CLI command:
keystone user-list
4. Glance
•We Move now to Glance installation:
apt-get install -y glance
•Verify your glance services are running:
service glance-api status
service glance-registry status
•Create a new MySQL database for Glance:
mysql -u root -p
CREATE DATABASE glance;
GRANT ALL ON glance.* TO 'glanceUser'@'%' IDENTIFIED BY 'glancePass';
![Page 53: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/53.jpg)
quit;
•Update /etc/glance/glance-api-paste.ini with:
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
delay_auth_decision = true
auth_host = 10.10.100.51
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = service_pass
•Update the /etc/glance/glance-registry-paste.ini with:
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 10.10.100.51
auth_port = 35357
auth_protocol = http
![Page 54: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/54.jpg)
admin_tenant_name = service
admin_user = glance
admin_password = service_pass
•Update /etc/glance/glance-api.conf with:
sql_connection = mysql://glanceUser:[email protected]/glance
•And:
[paste_deploy]
flavor = keystone
•Update the /etc/glance/glance-registry.conf with:
sql_connection = mysql://glanceUser:[email protected]/glance
•And:
[paste_deploy]
flavor = keystone
•Restart the glance-api and glance-registry services:
service glance-api restart; service glance-registry restart
•Synchronize the glance database:
![Page 55: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/55.jpg)
glance-manage db_sync
•Restart the services again to take into account the new modifications:
service glance-registry restart; service glance-api restart
•To test Glance, upload the cirros cloud image directly from the internet:
glance image-create --name myFirstImage --is-public true --container-format bare --disk-format
qcow2 --location https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
•Now list the image to see what you have just uploaded:
glance image-list
5. Quantum
5.1. OpenVSwitch
•Install the openVSwitch:
apt-get install -y openvswitch-switch openvswitch-datapath-dkms
•Create the bridges:
#br-int will be used for VM integration
ovs-vsctl add-br br-int
![Page 56: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/56.jpg)
#br-ex is used to make to access the internet (not covered in this guide)
ovs-vsctl add-br br-ex
5.1.1. OpenVSwitch (Part2, Optional)
•This will guide you to setting up the br-ex interface. Edit the eth1 in /etc/network/interfaces to become like this:
# VM internet Access
auto eth1
iface eth1 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc of
down ifconfig $IFACE down
•Add the eth1 to the br-ex:
#Internet connectivity will be lost after this step but this won't afect OpenStack's work
ovs-vsctl add-port br-ex eth1
•Optional, If you want to get internet connection back, you can assign the eth1's IP address to the br-ex in the /etc/network/interfaces file:
auto br-ex
![Page 57: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/57.jpg)
iface br-ex inet static
address 192.168.100.51
netmask 255.255.255.0
gateway 192.168.100.1
dns-nameservers 8.8.8.8
•Note to VirtualBox users, you will likely be using host-only adapters for the private networking. You need to provide a route out of the host-only network to contact the outside world; egress is not supported by host-only adapters. This can be done by routing traffic from br-ex to an additional NAT'edadapter that you can add. Run these commands (where NAT'ed adapter is eth2):
iptables --table nat --append POSTROUTING --out-interface eth2 -j MASQUERADE
iptables --append FORWARD --in-interface br-ex -j ACCEPT
To create the quantum external network you should then follow the multinode guide's section 5 on this.Note: when creating the external network, be sure to set the gateway IP to 192.168.100.51
5.2. Quantum-*
•Install the Quantum components:
apt-get install -y quantum-server quantum-plugin-openvswitch quantum-plugin-openvswitch-agent
dnsmasq quantum-dhcp-agent quantum-l3-agent
•Create a database:
mysql -u root -p
![Page 58: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/58.jpg)
CREATE DATABASE quantum;
GRANT ALL ON quantum.* TO 'quantumUser'@'%' IDENTIFIED BY 'quantumPass';
quit;
•Verify all Quantum components are running:
cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i status; done
•Edit /etc/quantum/api-paste.ini
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 10.10.100.51
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
•Edit the OVS plugin configuration file /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini with::
#Under the database section
[DATABASE]
![Page 59: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/59.jpg)
sql_connection = mysql://quantumUser:[email protected]/quantum
#Under the OVS section
[OVS]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = 10.10.100.51
enable_tunneling = True
#Firewall driver for realizing quantum security group function
[SECURITYGROUP]
firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
•Update /etc/quantum/metadata_agent.ini:
# The Quantum user information for accessing the Quantum API.
auth_url = http://10.10.100.51:35357/v2.0
auth_region = RegionOne
![Page 60: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/60.jpg)
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
# IP address used by Nova metadata server
nova_metadata_ip = 127.0.0.1
# TCP Port used by Nova metadata server
nova_metadata_port = 8775
metadata_proxy_shared_secret = helloOpenStack
•Edit your /etc/quantum/quantum.conf:
[keystone_authtoken]
auth_host = 10.10.100.51
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
![Page 61: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/61.jpg)
admin_password = service_pass
signing_dir = /var/lib/quantum/keystone-signing
•Restart all quantum services:
cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i restart; done
service dnsmasq restart
6. Nova
6.1 KVM
•make sure that your hardware enables virtualization:
apt-get install cpu-checker
kvm-ok
•Normally you would get a good response. Now, move to install kvm and configure it:
apt-get install -y kvm libvirt-bin pm-utils
•Edit the cgroup_device_acl array in the /etc/libvirt/qemu.conf file to:
cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
![Page 62: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/62.jpg)
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc", "/dev/hpet","/dev/net/tun"
]
•Delete default virtual bridge
virsh net-destroy default
virsh net-undefine default
•Enable live migration by updating /etc/libvirt/libvirtd.conf file:
listen_tls = 0
listen_tcp = 1
auth_tcp = "none"
•Edit libvirtd_opts variable in /etc/init/libvirt-bin.conf file:
env libvirtd_opts="-d -l"
•Edit /etc/default/libvirt-bin file
libvirtd_opts="-d -l"
•Restart the libvirt service and dbus to load the new values:
service dbus restart && service libvirt-bin restart
![Page 63: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/63.jpg)
6.2 Nova-*
•Start by installing nova components:
apt-get install -y nova-api nova-cert novnc nova-consoleauth nova-scheduler nova-novncproxy nova-
doc nova-conductor nova-compute-kvm
•Check the status of all nova-services:
cd /etc/init.d/; for i in $( ls nova-* ); do service $i status; cd; done
•Prepare a Mysql database for Nova:
mysql -u root -p
CREATE DATABASE nova;
GRANT ALL ON nova.* TO 'novaUser'@'%' IDENTIFIED BY 'novaPass';
quit;
•Now modify authtoken section in the /etc/nova/api-paste.ini file to this:
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 10.10.100.51
auth_port = 35357
auth_protocol = http
![Page 64: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/64.jpg)
admin_tenant_name = service
admin_user = nova
admin_password = service_pass
signing_dirname = /tmp/keystone-signing-nova
# Workaround for https://bugs.launchpad.net/nova/+bug/1154809
auth_version = v2.0
•Modify the /etc/nova/nova.conf like this:
[DEFAULT]
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/run/lock/nova
verbose=True
api_paste_config=/etc/nova/api-paste.ini
compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler
rabbit_host=10.10.100.51
nova_url=http://10.10.100.51:8774/v1.1/
sql_connection=mysql://novaUser:[email protected]/nova
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
![Page 65: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/65.jpg)
# Auth
use_deprecated_auth=false
auth_strategy=keystone
# Imaging service
glance_api_servers=10.10.100.51:9292
image_service=nova.image.glance.GlanceImageService
# Vnc configuration
novnc_enabled=true
novncproxy_base_url=http://192.168.100.51:6080/vnc_auto.html
novncproxy_port=6080
vncserver_proxyclient_address=10.10.100.51
vncserver_listen=0.0.0.0
# Network settings
network_api_class=nova.network.quantumv2.api.API
![Page 66: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/66.jpg)
quantum_url=http://10.10.100.51:9696
quantum_auth_strategy=keystone
quantum_admin_tenant_name=service
quantum_admin_username=quantum
quantum_admin_password=service_pass
quantum_admin_auth_url=http://10.10.100.51:35357/v2.0
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
#If you want Quantum + Nova Security groups
firewall_driver=nova.virt.firewall.NoopFirewallDriver
security_group_api=quantum
#If you want Nova Security groups only, comment the two lines above and uncomment line -1-.
#-1-firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
#Metadata
service_quantum_metadata_proxy = True
quantum_metadata_proxy_shared_secret = helloOpenStack
metadata_host = 10.10.100.51
![Page 67: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/67.jpg)
metadata_listen = 127.0.0.1
metadata_listen_port = 8775
# Compute #
compute_driver=libvirt.LibvirtDriver
# Cinder #
volume_api_class=nova.volume.cinder.API
osapi_volume_listen_port=5900
•Edit the /etc/nova/nova-compute.conf:
[DEFAULT]
libvirt_type=kvm
libvirt_ovs_bridge=br-int
libvirt_vif_type=ethernet
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
libvirt_use_virtio_for_bridges=True
•Synchronize your database:
![Page 68: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/68.jpg)
nova-manage db sync
•Restart nova-* services:
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
•Check for the smiling faces on nova-* services to confirm your installation:
nova-manage service list
7. Cinder
•Install the required packages:
apt-get install -y cinder-api cinder-scheduler cinder-volume iscsitarget open-iscsi iscsitarget-dkms
•Configure the iscsi services:
sed -i 's/false/true/g' /etc/default/iscsitarget
•Restart the services:
service iscsitarget start
service open-iscsi start
•Prepare a Mysql database for Cinder:
mysql -u root -p
![Page 69: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/69.jpg)
CREATE DATABASE cinder;
GRANT ALL ON cinder.* TO 'cinderUser'@'%' IDENTIFIED BY 'cinderPass';
quit;
•Configure /etc/cinder/api-paste.ini like the following:
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
service_protocol = http
service_host = 192.168.100.51
service_port = 5000
auth_host = 10.10.100.51
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = cinder
admin_password = service_pass
•Edit the /etc/cinder/cinder.conf to:
[DEFAULT]
![Page 70: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/70.jpg)
rootwrap_config=/etc/cinder/rootwrap.conf
sql_connection = mysql://cinderUser:[email protected]/cinder
api_paste_config = /etc/cinder/api-paste.ini
iscsi_helper=ietadm
volume_name_template = volume-%s
volume_group = cinder-volumes
verbose = True
auth_strategy = keystone
#osapi_volume_listen_port=5900
•Then, synchronize your database:
cinder-manage db sync
•Finally, don't forget to create a volumegroup and name it cinder-volumes:
dd if=/dev/zero of=cinder-volumes bs=1 count=0 seek=2G
losetup /dev/loop2 cinder-volumes
fdisk /dev/loop2
#Type in the followings:
n
![Page 71: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/71.jpg)
p
1
ENTER
ENTER
t
8e
w
•Proceed to create the physical volume then the volume group:
pvcreate /dev/loop2
vgcreate cinder-volumes /dev/loop2
Note: Beware that this volume group gets lost after a system reboot. (Click Here to know how to load itafter a reboot)
•Restart the cinder services:
cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i restart; done
•Verify if cinder services are running:
cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i status; done
![Page 72: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/72.jpg)
8. Horizon
•To install horizon, proceed like this
apt-get -y install openstack-dashboard memcached
•If you don't like the OpenStack ubuntu theme, you can remove the package to disable it:
dpkg --purge openstack-dashboard-ubuntu-theme
•Reload Apache and memcached:
service apache2 restart; service memcached restart
You can now access your OpenStack 192.168.100.51/horizon with credentials admin:admin_pass.
9. Your first VM
To start your first VM, we first need to create a new tenant, user and internal network.
•Create a new tenant
keystone tenant-create --name project_one
•Create a new user and assign the member role to it in the new tenant (keystone role-list to get the appropriate id):
keystone user-create --name=user_one --pass=user_one --tenant-id $put_id_of_project_one
![Page 73: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/73.jpg)
keystone user-role-add --tenant-id $put_id_of_project_one --user-id $put_id_of_user_one --role-id
$put_id_of_member_role
•Create a new network for the tenant:
quantum net-create --tenant-id $put_id_of_project_one net_proj_one
•Create a new subnet inside the new tenant network:
quantum subnet-create --tenant-id $put_id_of_project_one net_proj_one 50.50.1.0/24
•Create a router for the new tenant:
quantum router-create --tenant-id $put_id_of_project_one router_proj_one
•Add the router to the running l3 agent (If it's not automatically added):
quantum agent-list (to get the l3 agent ID)
quantum l3-agent-router-add $l3_agent_ID router_proj_one
•Add the router to the subnet:
quantum router-interface-add $put_router_proj_one_id_here $put_subnet_id_here
•Restart all quantum services:
cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i restart; done
That's it ! Log on to your dashboard, create your secure key and modify your security groups then create your first VM.
![Page 74: OpenStack Grizzly Install Guide](https://reader034.fdocuments.us/reader034/viewer/2022042610/5695cfee1a28ab9b02902a47/html5/thumbnails/74.jpg)