Professional Documents
Culture Documents
Planed setup
Below are environment minimum :
Server Role Disk(GB) RAM (GB) CPU *OS External Switch Internal Switch
ICO Server, Jazz and Cost 150 8 4 RHEL 7.5 x64 192.168.202.21 10.0.0.20
Openstack Controller 150 8 4 RHEL 7.5 x64 192.168.202.22 10.0.0.30
Openstack Network Node 100 8 4 RHEL 7.5 x64 192.168.202.23 10.0.0.40
Openstack Compute Node 100 16 8 RHEL 7.5 x64 192.168.202.24 10.0.0.50
Openstack Storage Node 100 4 4 RHEL 7.5 x64 192.168.202.25 10.0.0.60
- Selinux disabled
- Disable NetworkManager
- Disable Firewalld
Redhat subscription register
Ref = https://access.redhat.com/solutions/253273
# subscription-manager register
# subscription-manager list --available
# subscription-manager attach --auto
# subscription-manager repos --disable=*
# subscription-manager repos --enable=rhel-7-server-rpms
# subscription-manager repos --enable=rhel-7-server-optional-rpms
# subscription-manager repos --enable=rhel-7-server-extras-rpms
# subscription-manager repos --enable=rhel-7-server-openstack-13*
# yum install -y yum-plugin-priorities yum-utils
# yum-config-manager --setopt=”rhel-7-server-openstack-13-rpms.priority=1” --enable rhel-7-server-openstack-13-rpms
Installation OpenStack Quuens
Pre-Requisite server Controller, Networknode, Compute & Storage Node
Install chrony
# yum -y install chrony
# vi /etc/chrony.conf
line 3: change servers for synchronization
server NTP_SERVER_CONTROLLER iburst
# line 25: add the network range you allow to receive requests
allow 10.0.0.0/24
# systemctl start chronyd
# systemctl enable chronyd
Install Service
Configure Services
MariaDB Configuration.
Create and edit the /etc/my.cnf.d/openstack.cnf file (backup existing configuration files in /etc/my.cnf.d/ if needed) and complete
the following actions:
Create a [mysqld] section, and set the bind-address key to the management IP address of the controller node to enable access by
other nodes via the management network. Set additional keys to enable useful options and the UTF-8 character set:
[mysqld]
# systemctl start mariadb.service
# systemctl enable mariadb.service
# mysql_secure_installation
create_database.sql
Then run : mysql -u root -p < create_database.sql
Configure RabbitMQ, Memcached.
# systemctl start rabbitmq-server memcached
# systemctl enable rabbitmq-server memcached
Configure Keystone
# vi /etc/keystone/keystone.conf
# line 606: uncomment and specify Memcache server
memcache_servers = controller:11211
# line 738: add ( MariaDB connection info )
connection = mysql+pymysql://keystone:password@controller/keystone
[token]
# line 2879: add
provider = fernet
# su -s /bin/bash keystone -c "keystone-manage db_sync"
# initialize keys
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
# define own host (controller host)
# echo 'export controller=192.168.202.22' >>~/.bash_profile
# source .bash_profile
# echo $controller
# bootstrap keystone (replace any password you like for "adminpassword" section)
# keystone-manage bootstrap --bootstrap-password adminpassword \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
# systemctl start httpd
# systemctl enable httpd
# vi ~/keystonerc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=adminpassword
export OS_AUTH_URL=http://controller:5000/v3
export OS_REGION_NAME=RegionOne
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[\u@\h \W(keystone)]\$'
# openstack user create --domain default --project service --password servicepassword glance
# openstack role add --project service --user glance admin
# openstack service create --name glance --description "OpenStack Image service" image
# openstack endpoint create --region RegionOne image public http://controller:9292
# openstack endpoint create --region RegionOne image internal http://controller:9292
# openstack endpoint create --region RegionOne image admin http://controller:9292
# openstack user create --domain default --project service --password servicepassword nova
# openstack role add --project service --user nova admin
# openstack user create --domain default --project service --password servicepassword placement
# openstack role add --project service --user placement admin
# openstack service create --name nova --description "OpenStack Compute service" compute
# openstack service create --name placement --description "OpenStack Compute Placement service" placement
# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s
# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s
# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s
# openstack endpoint create --region RegionOne placement public http://controller:8778
# openstack endpoint create --region RegionOne placement internal http://controller:8778
# openstack endpoint create --region RegionOne placement admin http://controller:8778
# openstack user create --domain default --project service --password servicepassword neutron
# openstack role add --project service --user neutron admin
# openstack service create --name neutron --description "OpenStack Networking service" network
# openstack endpoint create --region RegionOne network public http://controller:9696
# openstack endpoint create --region RegionOne network internal http://controller:9696
# openstack endpoint create --region RegionOne network admin http://controller:9696
# openstack user create --domain default --project service --password servicepassword cinder
# openstack role add --project service --user cinder admin
# openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
# openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
# openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(tenant_id\)s
# openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(tenant_id\)s
# openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
# openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(tenant_id\)s
# openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(tenant_id\)s
# openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(tenant_id\)s
#openstack user create --domain default --project service --password servicepassword swift
#openstack role add --project service --user swift admin
#openstack service create --name swift --description "OpenStack Object Storage" object-store
# echo 'export swift_proxy=192.168.202.9' >>~/.bash_profile
# source .bash_profile
# echo $swift_proxy
# openstack endpoint create --region RegionOne object-store public http://swift_proxy:8080/v1/AUTH_%\(tenant_id\)s
# openstack endpoint create --region RegionOne object-store internal http://swift_proxy:8080/v1/AUTH_%\(tenant_id\)s
# openstack endpoint create --region RegionOne object-store admin http://swift_proxy:8080/v1
# openstack user create --domain default --project service --password servicepassword heat
# openstack role add --project service --user heat admin
# openstack role create heat_stack_owner
# openstack role create heat_stack_user
# openstack role add --project admin --user admin heat_stack_owner
# openstack service create --name heat --description "Openstack Orchestration" orchestration
# openstack service create --name heat-cfn --description "Openstack Orchestration" cloudformation
# echo 'export heat_api=192.168.202.23' >>~/.bash_profile
# source .bash_profile
# echo $heat_api
# openstack endpoint create --region RegionOne orchestration public http://heat_api:8004/v1/%\(tenant_id\)s
# openstack endpoint create --region RegionOne orchestration internal http://heat_api:8004/v1/%\(tenant_id\)s
# openstack endpoint create --region RegionOne orchestration admin http://heat_api:8004/v1/%\(tenant_id\)s
# openstack endpoint create --region RegionOne cloudformation public http://heat_api:8000/v1
# openstack endpoint create --region RegionOne cloudformation internal http://heat_api:8000/v1
# openstack endpoint create --region RegionOne cloudformation admin http://heat_api:8000/v1
# openstack domain create --description "Stack projects and users" heat
# openstack user create --domain heat --password servicepassword heat_domain_admin
# openstack role add --domain heat --user heat_domain_admin admin
# openstack user create --domain default --project service --password servicepassword barbican
# openstack role add --project service --user barbican admin
# openstack service create --name barbican --description "OpenStack Key Manager" key-manager
# openstack endpoint create --region RegionOne key-manager public http://controller:9311
# openstack endpoint create --region RegionOne key-manager internal http://controller:9311
# openstack endpoint create --region RegionOne key-manager admin http://controller:9311
# openstack user create --domain default --project service --password servicepassword gnocchi
# openstack role add --project service --user gnocchi admin
# openstack service create --name gnocchi --description "Metric Service" metric
# openstack endpoint create --region RegionOne metric public http://controller:8041
# openstack endpoint create --region RegionOne metric internal http://controller:8041
# openstack endpoint create --region RegionOne metric admin http://controller:8041
# openstack user create --domain default --project service --password servicepassword ceilometer
# openstack role add --project service --user ceilometer admin
# openstack service create --name ceilometer --description "OpenStack Telemetry Service" metering
# openstack user create --domain default --project service --password servicepassword aodh
# openstack role add --project service --user aodh admin
# openstack service create --name aodh --description "Telemetry Alarming" alarming
# openstack endpoint create --region RegionOne alarming public http://controller:8042
# openstack endpoint create --region RegionOne alarming internal http://controller:8042
# openstack endpoint create --region RegionOne alarming admin http://controller:8042
Configure Glance :
# mv /etc/glance/glance-api.conf /etc/glance/glance-api.conf.org
# vi /etc/glance/glance-api.conf
[DEFAULT]
bind_host = 0.0.0.0
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[database]
# MariaDB connection info
connection = mysql+pymysql://glance:password@controller/glance
[paste_deploy]
flavor = keystone
[DEFAULT]
bind_host = 0.0.0.0
[database]
# MariaDB connection info
connection = mysql+pymysql://glance:password@controller/glance
[paste_deploy]
flavor = keystone
[DEFAULT]
# define own IP
my_ip = 192.168.202.22
state_path = /var/lib/nova
enabled_apis = osapi_compute,metadata
log_dir = /var/log/nova
# RabbitMQ connection info
transport_url = rabbit://openstack:password@controller
[api]
auth_strategy = keystone
[oslo_concurrency]
lock_path = $state_path/tmp
[database]
connection = mysql+pymysql://nova:password@controller/nova
[placement]
auth_url = http://controller:5000
os_region_name = RegionOne
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = placement
password = servicepassword
[placement_database]
connection = mysql+pymysql://nova:password@controller/nova_placement
[wsgi]
api_paste_config = /etc/nova/api-paste.ini
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
dhcp_agent_notification = True
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
# RabbitMQ connection info
transport_url = rabbit://openstack:password@controller
[oslo_concurrency]
lock_path = $state_path/tmp
(keystone)]# vi /etc/neutron/metadata_agent.ini
# line 22: uncomment and specify Nova API server
nova_metadata_host = controller
# line 34: uncomment and specify any secret key you like
metadata_proxy_shared_secret = metadata_secret
# line 260: uncomment and specify Memcache server
memcache_servers = controller:11211
(keystone)]# vi /etc/neutron/plugins/ml2/ml2_conf.ini
# line 129: add ( it's OK with no value for "tenant_network_types" (set later if need) )
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
mechanism_drivers = openvswitch,l2population,linuxbridge
extension_drivers = port_security
(keystone)]# vi /etc/nova/nova.conf
# add follows into [DEFAULT] section
use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
vif_plugging_is_fatal = True
vif_plugging_timeout = 300
(keystone)]# vi /etc/openstack-dashboard/local_settings
# line 38: add Dashboard Host
OPENSTACK_API_VERSIONS = {
# "data-processing": 1.1,
"identity": 3,
"volume": 2,
"compute": 2,
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
# line 97: uncomment
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
# line 167,168: change and add Memcache server
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
},
}
(keystone)]# vi /etc/httpd/conf.d/openstack-dashboard.conf
# near line 4: add
WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard
WSGISocketPrefix run/wsgi
WSGIApplicationGroup %{GLOBAL}
[DEFAULT]
deferred_auth_method = trusts
trusts_delegated_roles = heat_stack_owner
# Heat installed server
heat_metadata_server_url = http://controller:8000
heat_waitcondition_server_url = http://controller:8000/v1/waitcondition
heat_watch_server_url = http://controller:8003
heat_stack_user_role = heat_stack_user
# Heat domain name
stack_user_domain_name = heat
# Heat domain admin name
stack_domain_admin = heat_domain_admin
# Heat domain admin's password
stack_domain_admin_password = servicepassword
# RabbitMQ connection info
transport_url = rabbit://openstack:password@controller
[heat_api]
bind_host = 0.0.0.0
bind_port = 8004
[heat_api_cfn]
bind_host = 0.0.0.0
bind_port = 8000
[trustee]
auth_plugin = password
auth_url = http://controller:5000
username = heat
password = servicepassword
user_domain_name = default
- LibVirt
- NovaCompute
- OpenVswitch
- L2 Agent
- CeiloMeter Compute
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
# sysctl -p
# virsh net-list
# virsh net-destroy default
# virsh net-autostart --network default --disable
# mv /etc/nova/nova.conf /etc/nova/nova.conf.org
# vi /etc/nova/nova.conf
[DEFAULT]
# define own IP address
my_ip = 192.168.202.24
state_path = /var/lib/nova
enabled_apis = osapi_compute,metadata
log_dir = /var/log/nova
# RabbitMQ connection info
transport_url = rabbit://openstack:password@controller
[api]
auth_strategy = keystone
# enable VNC
[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[oslo_concurrency]
lock_path = $state_path/tmp
[wsgi]
api_paste_config = /etc/nova/api-paste.ini
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = True
# RabbitMQ connection info
transport_url = rabbit://openstack:password@controller
[oslo_concurrency]
lock_path = $state_path/lock
# line 129: add ( it's OK with no value for "tenant_network_types" (set later if need) )
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
mechanism_drivers = openvswitch,l2population,linuxbridge
extension_drivers = port_security
use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
vif_plugging_is_fatal = True
vif_plugging_timeout = 300
Edit sysctl :
# vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
# sysctl -p
# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.org
# vi /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = True
# RabbitMQ connection info
transport_url = rabbit://openstack:password@controller
# Keystone auth info
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = servicepassword
[oslo_concurrency]
lock_path = $state_path/lock
[DEFAULT]
# define own IP address
my_ip = 192.168.202.6
log_dir = /var/log/cinder
state_path = /var/lib/cinder
auth_strategy = keystone
# RabbitMQ connection info
transport_url = rabbit://openstack:password@controller
[oslo_concurrency]
lock_path = $state_path/tmp
# show status
root~(keystone)# openstack volume service list
[DEFAULT]
# define own IP address
my_ip = 192.168.202.9
log_dir = /var/log/cinder
state_path = /var/lib/cinder
auth_strategy = keystone
# RabbitMQ connection info
transport_url = rabbit://openstack:password@controller
# Glance connection info
glance_api_servers = http://controller:9292
[oslo_concurrency]
lock_path = $state_path/tmp