OpenStack on CentOS 7.0 (manual install)

This is a very very basic overview of all of the steps (and there are a lot of them) to deploy OpenStack controllers on a single node, purely for testing purposes..

Update:¬†Turns out that a lot of this can be automated.. but i’m leaving this up as it took so long ūüôĀ

Hopefully you’ll end up with something looking like this:

 

CentOS 7.0 Base Install

  • Minimal Install
  • Reboot, and power off in VMware

Clone and be left with a controller and compute node

  • Boot controller to console and apply basic settings
  • nmtui and apply network configuration
  • nmtui-hostname and apply hostname configuration
  • ensure nodes can communicate
  • Install ntp yum install ntp
  • systemctl enable ntpd
  • systemctl start ntpd

OpenStack pre-configuration

  • Originaly based upon havana -> http://docs.openstack.org/havana/install-guide/install/yum/content/basics-packages.html
  • Now based upon Juno -> http://docs.openstack.org/juno/install-guide/install/yum/content/ch_basic_environment.html
  • rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
  • rpm -ivh https://repos.fedorapeople.org/repos/openstack/openstack-juno/rdo-release-juno-1.noarch.rpm
  • yum upgrade
  • Drink Tea
  • When completed reboot

Install Database and Messaging queues

  • yum install openstack-selinux
  • Drink more tea
  • Install the Database
  • yum install mariadb mariadb-server MySQL-python
  • Add the following to /etc/my.cnf.d/server.cnf

[mysqld]
bind-address = <IP OF CONTROLLER NODE>
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8

  • Then start the database and enable it
  • systemctl enable mariadb.service
  • systemctl start mariadb.service
  • Ensure the db is listening on the external IP of the controller with ss -at | grep mysql
  • mysql_secure_installation and change root password
  • yum install rabbitmq-server
  • systemctl enable rabbitmq-server.service
  • systemctl start¬†rabbitmq-server.service
  • Change guest password for rabbit
  • rabbitmqctl change_password guest¬†<NEW PASSWORD>

KEYSTONE Install (Identity server)

  • mysql -u root -p
    • CREATE DATABASE keystone;
    • GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'password';
    • GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'password';
  • Install the keystone packages
  • yum install openstack-keystone python-keystoneclient
  • Make the following changes to¬†/etc/keystone/keystone.conf

[DEFAULT]
admin_token = ADMIN_TOKEN
[database]
connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
provider = keystone.token.providers.uuid.Provider
driver = keystone.token.persistence.backends.sql.Token
[revoke]
driver = keystone.contrib.revoke.backends.sql.Revoke
[DEFAULT]
verbose = True

  • Create certificates/keys and set appropriate permissions
  • keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
  • chown -R keystone:keystone /var/log/keystone
  • chown -R keystone:keystone /etc/keystone/ssl
  • chmod -R o-rwx /etc/keystone/ssl
  • su -s /bin/sh -c "keystone-manage db_sync" keystone
  • Enable the service
  • systemctl enable openstack-keystone.service
  • systemctl start¬†openstack-keystone.service
  • Create the Tenants, users and roles
  • export OS_SERVICE_TOKEN=<TOKEN ID>
  • export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0
  • Create Administrative tenant, user and role
  • keystone tenant-create --name admin --description "Admin Tenant"
  • keystone user-create --name admin --pass ADMIN_PASS --email EMAIL_ADDRESS
  • keystone role-create --name admin
  • keystone user-role-add --user admin --tenant admin --role admin
  • Create a test, user and role
  • keystone tenant-create --name demo --description "Demo Tenant"
  • keystone user-create --name demo --tenant demo --pass DEMO_PASS --email EMAIL_ADDRESS
  • A service tenant is also required
  • keystone tenant-create --name service --description "Service Tenant"
  • API endpoints require being created
  • keystone service-create --name keystone --type identity ¬†--description "OpenStack Identity"
  • keystone endpoint-create --service-id $(keystone service-list | awk '/ identity / {print $2}') --publicurl http://controller:5000/v2.0 --internalurl http://controller:5000/v2.0 --adminurl http://controller:35357/v2.0 --region regionOne

GLANCE INSTALL

  • mysql -u root -p
    • CREATE DATABASE glance;
    • GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'password';
    • GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'password';
  • Ensure that environment variables are set and create users, add to tenant and create the service
  • keystone user-create --name glance --pass¬†<PASSWORD>
  • keystone user-role-add --user glance --tenant service --role admin
  • Create API Endpoint
  • keystone service-create --name glance --type image ¬† --description "OpenStack Image Service"
  • keystone endpoint-create ¬† --service-id $(keystone service-list | awk '/ image / {print $2}') ¬† --publicurl http://controller:9292 ¬† --internalurl http://controller:9292 ¬† --adminurl http://controller:9292 ¬† --region regionOne
  • Install Glance Packages
  • yum install openstack-glance python-glanceclient
  • Make the following changes to¬†/etc/glance/glance-api.conf

[database]
connection = mysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = glance
admin_password = GLANCE_PASS
[paste_deploy]
flavor = keystone
[glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[DEFAULT]
notification_driver = noop
verbose = True

  • Make the following changes to¬†/etc/glance/glance-registry.conf

[database]
connection = mysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = glance
admin_password = GLANCE_PASS
[paste_deploy]
flavor = keystone
[DEFAULT]
notification_driver = noop
verbose = True

  • su -s /bin/sh -c "glance-manage db_sync" glance
  • Enable the service
  • systemctl enable openstack-glance-api.service openstack-glance-registry.service
  • systemctl start¬†openstack-glance-api.service openstack-glance-registry.service
  • Check logs to ensure service has started correctly /var/log/glance/api.log

Compute Controller node

  • mysql -u root -p
    • CREATE DATABASE nova;
    • GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'password';
    • GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'password';
  • Ensure that environment variables are set and create users, add to tenant and create the service
  • keystone user-create --name nova¬†--pass¬†<PASSWORD>
  • keystone user-role-add --user nova¬†--tenant service --role admin
  • Create API Endpoint
  • keystone service-create --name nova¬†--type compute --description "OpenStack Compute"
  • keystone endpoint-create ¬† --service-id $(keystone service-list | awk '/ Compute / {print $2}') ¬† --publicurl http://controller:8774/v2/%\(tenant_id\)s ¬† --internalurl http://controller:8774/v2/%\(tenant_id\)s ¬† --adminurl http://controller:8774/v2/%\(tenant_id\)s ¬† --region regionOne
  • Install Nova¬†packages
  • yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient
  • Make the following changes to¬†/etc/nova/nova.conf

[database]
connection = mysql://nova:NOVA_DBPASS@controller/nova
[DEFAULT]
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = RABBIT_PASS
auth_strategy = keystone
my_ip =
vncserver_listen =
vncserver_proxyclient_address =
verbose = True
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = nova
admin_password = nova_password
[glance]
host = controller

  • Populate the database
  • su -s /bin/sh -c "nova-manage db sync" nova
  • Enable and start the services
  • systemctl enable openstack-nova-api.service openstack-nova-cert.service ¬† openstack-nova-consoleauth.service openstack-nova-scheduler.service ¬† openstack-nova-conductor.service openstack-nova-novncproxy.service
  • systemctl start¬†openstack-nova-api.service openstack-nova-cert.service ¬† openstack-nova-consoleauth.service openstack-nova-scheduler.service ¬† openstack-nova-conductor.service openstack-nova-novncproxy.service

Neutron Install

  • mysql -u root -p
    • CREATE DATABASE neutron;
    • GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'password';
    • GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'password';
  • Ensure that environment variables are set and create users, add to tenant and create the service
  • keystone user-create --name neutron¬†--pass¬†<PASSWORD>
  • keystone user-role-add --user neutron¬†--tenant service --role admin
  • Create API Endpoint
  • keystone service-create --name neutron¬†--type network ¬† --description "OpenStack Networking"
  • keystone endpoint-create ¬† --service-id $(keystone service-list | awk '/ Networking / {print $2}') ¬† --publicurl http://controller:9696 ¬† --adminurl http://controller:9696 ¬† --internalurl http://controller:9696 ¬† --region regionOne
  • Install Neutron Packages
  • yum install openstack-neutron openstack-neutron-ml2 python-neutronclient which
  • Must be time for another brew!!!
  • Obtain the service tenant identifier as it’s required for an entry in the configuration file¬†keystone tenant-get service | grep id
  • Make the following change to¬†/etc/neutron/neutron.conf

[DEFAULT]
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = RABBIT_PASS
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
nova_admin_auth_url = http://controller:35357/v2.0
nova_region_name = regionOne
nova_admin_username = nova
nova_admin_tenant_id = SERVICE_TENANT_ID
nova_admin_password = NOVA_PASS
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = neutron
admin_password = NEUTRON_PASS
[database]
connection = mysql://neutron:NEUTRON_DBPASS@controller/neutron

  • Configuring the Modular Layer 2 (ML2) plug-in
  • Make the following changes to /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,gre
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

  • Configuring the compute to use Neutron
  • Make the following changes to /etc/nova/nova.conf

[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[neutron]
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = NEUTRON_PASS

  • Finalize all changes
  • Create relevant symlink if it doesn’t exist ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
  • Populate the database
  • su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron
  • Restart Compute Services
  • systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service
  • Enable and start the services
  • systemctl enable neutron-server.service
  • systemctl start¬†neutron-server.service
  • Test with neutron ext-list

Install the Dashboard

  • yum install openstack-dashboard httpd mod_wsgi memcached python-memcached
  • Make the following changes to¬†/etc/openstack-dashboard/local_settings

OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}
TIME_ZONE = "GMT"

  • Configure SELinux to allow the web server
  • setsebool -P httpd_can_network_connect on
  • Ensure permissions are correct (current bug)
  • chown -R apache:apache /usr/share/openstack-dashboard/static
  • Enable and start the services
  • systemctl enable httpd.service memcached.service
  • systemctl start¬†httpd.service memcached.service
  • Ensure Firewall services won’t block access (CentOS 7)
  • firewall-cmd --zone=public --add-service=http --permanent
  • firewall-cmd --zone=dmz --add-service=http --permanent
  • firewall-cmd --reload

 

You should now have dashboard access to your OpenStack installation

3 thoughts on “OpenStack on CentOS 7.0 (manual install)”

  1. hello all i do the same thin
    i have a problem with firewalls between network node and compute node i use openstack juno centos with neutron when i start firewall i can’t access and ping my instance(floting-ip) but i can ping it and connect to it on ssh when the firewall was stop help plz

    nb:port 9696 alredy opennig in all nodes(compute controller and netwok node)

  2. Ah, this was a single node installation, so you’ll more than likely need to look at firewalld configuration if you’re on CentOS 7 or modify your iptables on anything older than that.. Good Luck ūüôā

Leave a Reply

Your email address will not be published. Required fields are marked *