Cloud in Action: Install OpenStack Ocata from scratch

?

薛國鋒???? xueguofeng2011@gmail.com


OpenStack can control and manage large pools of compute, storage, and networking resources throughout a datacenter, througha dashboard or via the OpenStack API, and work with popular enterprises and open source technologies making it ideal for heterogeneous infrastructure. Exercising OpenStack can greatly grow our knowledge and skills on IT/DC and Cloud. Today we are going to install OpenStack from scratch and get some hands-on experiences with some of its key services.?Below is the physical and logical network design :


48a1ef828cf45820b5fd41ea6da00df1.png

The simplest architecture is deployed here for us to have a fast and overall understanding for OpenStack:

-?????????Adopt Ubuntu Desktop (ubuntu-16.04.3-desktop-amd64.iso) for easy configuration:

https://www.ubuntu.com/download/desktop

-?????????Adopt OpenStack Ocata release and Canonical’s Ubuntu Cloud archive repository for Ubuntu 16.04 (LTS):?https://docs.openstack.org/ocata/install-guide-ubuntu/InstallGuide.pdf

-?????????Adopt ‘Nested Virtualization’ to build a minimum OpenStack system and launch instances on top of VMs: 1 controller node(VM) and 2 compute nodes(VM) without block and object storage nodes; networking agents reside on the controller node instead of one or more dedicated network nodes; adopt the Networking Option 1 to provide a DHCP service for launched instances, and bridge VMs and virtual networks to physical networks which actually provide layer-3 routing services; LBaaS and FWassS arenot supported in this option.

-?????????The controller node runs the Identity service, Image service, management portions of Compute, management portion of Networking, various Networking agents, and the Dashboard. It also includes supporting services such as an SQL database, message queue, and NTP.

-?????????The compute node runs the hypervisor portion of Compute that operates instances. By default, Compute uses the KVM hypervisor. The compute node also runs a Networking service agent that connects instances to virtual networks and provides firewalling services to instances via security groups. 2 compute nodes are deployed in this test.

-?????????Two VMnets are created:VMnet1(192.168.100.0/24, No DHCP and IP GW by VMware Workstation) simulates the physical network connecting the lanuched VMs with DC_GW(192.168.100.111/24,10.0.0.111/24),?also linked to VMnet8(10.0.0.0/24, IP GW:10.0.0.2, DHCP: 10.0.0.128~ 10.0.0.254) which serves as both the management network and Internet. The IP addr of DNS is 10.0.1.1.?


1 Configure GNS3 for DC GW

2 Basic configuration

3 NTP – Chrony

4 OpenStack packages

5 SQL database - MariaDB

6 Message queue – RabbitMQ

7 Memcached

8 Identity service –Keystone

9 Image service – Glance

10 Compute service – Nova

11 Networking service –Neutron

12 Dashboard - Horizon

13 Lanuch instances

Main blockers


?

1 Configure GNS3 for DC GW

aa87653c0124fabe028b889b42516bee.png


2 Basic configuration?

Basic configuration

controller

compute1

compute2

/ Create VMs

user/pw: gset/ipcc2014

c:\xgf\OpenStack\controller

?

8.192 GB MEM

4 Processors? ?with Virtualize Intel VT-x/EPT

30GB HD

Network Adapter(eth0): NAT

Network Adapter2(eth1):Host-only

user/pw: gset/ipcc2014

c:\xgf\OpenStack\compute1

?

4.096 GB MEM

2 Processors? ?with Virtualize Intel VT-x/EPT

20GB HD

Network Adapter(eth0): NAT

Network Adapter2(eth1):Host-only

user/pw: gset/ipcc2014

c:\xgf\OpenStack\compute2

?

4.096 GB MEM

2 Processors? ?with Virtualize Intel VT-x/EPT

20GB HD

Network Adapter(eth0): NAT

Network Adapter2(eth1):Host-only

System settings/brightness&lock – ?uncheck ‘Lock’

CTRL+ALT+T / Terminal / Edit / Profile ?Preferences / Terminal Size: 80 x 40

?

/ Upgrade Ubuntu Software

sudo apt-get update

sudo apt-get upgrade

sudo apt-get dist-upgrade

?

/ Install VMware Tools

sudo mkdir ?/mnt/cdrom

Reinstall VMware Tools by VMware Workstation

sudo mount /dev/cdrom /mnt/cdrom

cd /mnt/cdrom

sudo cp VMwareTools-10.1.6-5214329.tar.gz ?/opt

cd /opt

sudo tar -xvzf ?VMwareTools-10.1.6-5214329.tar.gz

cd vmware-tools-distrib

sudo ./vmware-install.pl

?

/ Change interace names to eth0, eth1, eth2….

sudo gedit /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="quiet ?splash"

GRUB_CMDLINE_LINUX="net.ifnames=0 ?biosdevname=0"

?

sudo ?update-grub

sudo? grub-mkconfig -o /boot/grub/grub.cfg

?

/ Configure name resolution

sudo gedit /etc/hosts

127.0.0.1?????? localhost

10.0.0.11?????? controller

10.0.0.31?????? compute1

10.0.0.32?????? compute2

/ Configure interfaces, IP Addr and DNS

sudo gedit /etc/network/interfaces

auto lo

iface lo inet loopback

auto eth0

iface eth0 inet static

address 10.0.0.11

netmask 255.255.255.0

gateway 10.0.0.2

dns-nameserver 10.0.1.1

auto eth1

iface eth1 inet manual???????

sudo gedit /etc/network/interfaces

auto lo

iface lo inet loopback

auto eth0

iface eth0 inet static

address 10.0.0.31

netmask 255.255.255.0

gateway 10.0.0.2

dns-nameserver 10.0.1.1

auto eth1

iface eth1 inet manual

sudo gedit /etc/network/interfaces

auto lo

iface lo inet loopback

auto eth0

iface eth0 inet static

address 10.0.0.32

netmask 255.255.255.0

gateway 10.0.0.2

dns-nameserver 10.0.1.1

auto eth1

iface eth1 inet manual

/ Configure hostnames

sudo gedit /etc/hostname

?controller

?compute1

?compute2

/ Install ?openssh & git

sudo apt-get install openssh-server

sudo apt-get install openssh-client

sudo apt-get install sysv-rc-conf

sudo sysv-rc-conf ssh on

sudo sysv-rc-conf --list | grep ssh

netstat -ta | grep ssh

?

sudo apt-get install git-core


3 NTP – Chrony

Network Time Protocl – NTP

controller

compute1

compute2

?

/ Install Chrony to synchronize services ?among nodes

sudo apt-get install chrony

?

sudo gedit /etc/chrony/chrony.conf

allow 10.0.0.0./24?? // ?put at the first line

?

?

?

sudo service chrony restart

sudo apt-get install chrony

?

sudo gedit /etc/chrony/chrony.conf

server controller iburst // put at the first line

# pool 2.debian.pool.ntp.org offline iburst // comment out

?

sudo service chrony restart

sudo apt-get install chrony

?

sudo gedit /etc/chrony/chrony.conf

server controller iburst // put at the first line

# pool 2.debian.pool.ntp.org offline iburst // comment out

?

sudo service chrony restart

/ Verify operation

51061139dc8581095f7d5937fe7e5658.png


4 OpenStack packages

OpenStack packages

controller

compute1

compute2

/ For all nodes: controller, compute and ?block storage….

sudo apt-get install ?software-properties-common

sudo add-apt-repository cloud-archive:ocata

sudo apt-get update

sudo apt-get dist-upgrade

sudo apt-get install python-openstackclient


5 SQL database - MariaDB

SQL database

controller

compute1

compute2

/ Install and Run MySQL

sudo apt-get install mariadb-server python-pymysql

?

sudo gedit /etc/mysql/mariadb.conf.d/99-openstack.cnf

[mysqld]

bind-address = 10.0.0.11

default-storage-engine = innodb

innodb_file_per_table = on

max_connections = 4096

collation-server = utf8_general_ci

character-set-server = utf8

?

sudo service mysql restart

sudo mysqladmin -u root password ipcc2014? // for database root user

sudo mysql_secure_installation

netstat -tnlp | grep 3306

?

/ Set password for Linux root user

sudo passwd? ?// set ‘ipcc2014’

su root?? ?// enter the root mode

#mysql? ?// the root user no longer uses a password for local access to MySQL ?server

MariaDB [(none)]>

show databases;

use mysql;

show tables;




6 Message queue – RabbitMQ

Message queue

Controller

compute1

compute2

/ Install RabbitMQ

sudo apt-get install rabbitmq-server

sudo rabbitmqctl add_user openstack ipcc2014

sudo rabbitmqctl set_permissions openstack ?".*" ".*" ".*"




7 Memcached

Memcached

Controller

compute1

compute2

/ Install Memcached

sudo apt-get install memcached ?python-memcache

?

sudo gedit /etc/memcached.conf

-l 10.0.0.11

?

sudo service memcached restart




8 Identity service –Keystone

Identity service

controller

compute1

compute2

/ Create a database?

su root?? ?// enter the root mode

#mysql

MariaDB [(none)]>

CREATE DATABASE keystone;

GRANT ALL PRIVILEGES ON keystone.* TO ?'keystone'@'localhost'? IDENTIFIED BY ?'ipcc2014';

GRANT ALL PRIVILEGES ON keystone.* TO ?'keystone'@'%'? IDENTIFIED BY ?'ipcc2014';

?

/ Install Keystone

sudo apt-get install keystone

?

sudo gedit /etc/keystone/keystone.conf

[database]

connection = ?mysql+pymysql://keystone:ipcc2014@controller/keystone

?

[token]

provider = fernet

?

sudo su -s /bin/sh -c "keystone-manage ?db_sync" keystone

sudo keystone-manage fernet_setup ?--keystone-user keystone --keystone-group keystone

sudo keystone-manage credential_setup ?--keystone-user keystone --keystone-group keystone

sudo keystone-manage bootstrap ?--bootstrap-password ipcc2014 ?--bootstrap-admin-url http://controller:35357/v3/ --bootstrap-internal-url ?http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ ?--bootstrap-region-id RegionOne

?

sudo gedit /etc/apache2/apache2.conf

ServerName controller? // ?put in the first line

?

sudo service apache2 restart

sudo rm -f /var/lib/keystone/keystone.db

?

export OS_USERNAME=admin

export OS_PASSWORD=ipcc2014

export OS_PROJECT_NAME=admin

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_DOMAIN_NAME=Default

export OS_AUTH_URL=http://controller:35357/v3

export OS_IDENTITY_API_VERSION=3

?

openstack project create --domain default ?--description "Service Project" service

openstack project create --domain default ?--description "Demo Project" demo

openstack user create --domain default ?--password-prompt demo? // ipcc2014

openstack role create user

openstack role add --project demo --user ?demo user



/ Verify ?operation

sudo gedit /etc/keystone/keystone-paste.ini

// remove ‘admin_token_auth’ from the

[pipeline:public_api], [pipeline:admin_api], ?and [pipeline:api_v3] sections.

?

unset OS_AUTH_URL OS_PASSWORD

?

openstack --os-auth-url ?http://controller:35357/v3 --os-project-domain-name default ?--os-user-domain-name default --os-project-name admin --os-username admin ?token issue

openstack --os-auth-url ?http://controller:5000/v3 --os-project-domain-name default ?--os-user-domain-name default --os-project-name demo --os-username demo token ?issue

?

gedit admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=ipcc2014

export OS_AUTH_URL=http://controller:35357/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

?

gedit demo-openrc

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=demo

export OS_USERNAME=demo

export OS_PASSWORD=ipcc2014

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

?

. admin-openrc

openstack token issue

. demo-openrc

openstack token issue

?

?

?

?

?

?

?

?

?

?

?



?

?

?

?

// copy ‘admin-openrc’

?

?

?

?

?

?

?

?

// copy ‘demo-openrc’

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?



?

?

?

?

// copy ‘admin-openrc’

?

?

?

?

?

?

?

?

// copy ‘demo-openrc’

?

?

593ab1741ff289599ccb4fdd887bb420.png


9 Image service – Glance

Image service

Controller

compute1

compute2

/ Create a database?

su root?? ?// enter the root mode

#mysql

MariaDB [(none)]>

CREATE DATABASE glance;

GRANT ALL PRIVILEGES ON glance.* TO ?'glance'@'localhost'? IDENTIFIED BY ?'ipcc2014';

GRANT ALL PRIVILEGES ON glance.* TO ?'glance'@'%'? IDENTIFIED BY 'ipcc2014';

?

. admin-openrc

openstack user create --domain default ?--password-prompt glance

openstack role add --project service --user ?glance admin

openstack service create --name glance ?--description "OpenStack Image" p_w_picpath

?

openstack endpoint create --region RegionOne ?p_w_picpath public http://controller:9292

openstack endpoint create --region RegionOne ?p_w_picpath internal http://controller:9292

openstack endpoint create --region RegionOne ?p_w_picpath admin http://controller:9292

?

/ Install Glance

sudo apt-get install glance

?

sudo gedit /etc/glance/glance-api.conf

[database]

connection = mysql+pymysql://glance:ipcc2014@controller/glance

?

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = glance

password = ipcc2014

?

[paste_deploy]

flavor = keystone

?

[glance_store]

stores = file,http

default_store = file

filesystem_store_datadir = /var/lib/glance/p_w_picpaths/

?

sudo gedit /etc/glance/glance-registry.conf

[database]

connection = mysql+pymysql://glance:ipcc2014@controller/glance

?

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = glance

password = ipcc2014

?

?[paste_deploy]

flavor = keystone

?

sudo su -s /bin/sh -c "glance-manage ?db_sync" glance

sudo service glance-registry restart

sudo service glance-api restart

?

/ Verify ?operation

/ Download the source p_w_picpath – ‘cirros’

wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img

?

/ Upload to p_w_picpath service using the QCOW2 ?disk format

. admin-openrc

openstack p_w_picpath create ?"cirros_0_3_5" --file cirros-0.3.5-x86_64-disk.img --disk-format ?qcow2 --container-format bare --public

openstack p_w_picpath list



706ffe53dcc28d3c1a39dfe25bbd0d8f.png


10 Compute service – Nova

Compute service

Controller

compute1

compute2

/ Create a database?

su root?? ?// enter the root mode

#mysql

MariaDB [(none)]>

CREATE DATABASE nova_api;

CREATE DATABASE nova;

CREATE DATABASE nova_cell0;

?

GRANT ALL PRIVILEGES ON nova_api.* TO ?'nova'@'localhost' IDENTIFIED BY 'ipcc2014';

GRANT ALL PRIVILEGES ON nova_api.* TO ?'nova'@'%' IDENTIFIED BY 'ipcc2014';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' ?IDENTIFIED BY 'ipcc2014';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' ?IDENTIFIED BY 'ipcc2014';

GRANT ALL PRIVILEGES ON nova_cell0.* TO ?'nova'@'localhost' IDENTIFIED BY 'ipcc2014';

GRANT ALL PRIVILEGES ON nova_cell0.* TO ?'nova'@'%' IDENTIFIED BY 'ipcc2014';

?

. admin-openrc

?

openstack user create --domain default ?--password-prompt nova

openstack role add --project service --user ?nova admin

openstack service create --name nova ?--description "OpenStack Compute" compute

?

openstack endpoint create --region RegionOne ?compute public http://controller:8774/v2.1

openstack endpoint create --region RegionOne ?compute internal http://controller:8774/v2.1

openstack endpoint create --region RegionOne ?compute admin http://controller:8774/v2.1

?

openstack user create --domain default ?--password-prompt placement

openstack role add --project service --user ?placement admin

openstack service create --name placement ?--description "Placement API" placement

?

openstack endpoint create --region RegionOne ?placement public http://controller:8778

openstack endpoint create --region RegionOne ?placement internal http://controller:8778

openstack endpoint create --region RegionOne ?placement admin http://controller:8778

?

/ Install Nova

sudo apt-get install nova-api nova-conductor ?nova-consoleauth nova-novncproxy nova-scheduler nova-placement-api

?

sudo gedit /etc/nova/nova.conf

[api_database]

connection = mysql+pymysql://nova:ipcc2014@controller/nova_api

# connection=sqlite:var/lib/nova/nova.sqlite // comment out

?

[database]

connection = mysql+pymysql://nova:ipcc2014@controller/nova

?

?

[DEFAULT]

transport_url = rabbit://openstack:ipcc2014@controller

my_ip = 10.0.0.11

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

#log_dir=/var/log/nova // ?comment out

?

[api]

auth_strategy = keystone

?

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = ipcc2014

?

[vnc]

enabled = true

vncserver_listen = $my_ip

vncserver_proxyclient_address = $my_ip

?

?

?

[glance]

api_servers = http://controller:9292

?

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

# lock_path=/var/lock/nova // comment out

?

[placement]

os_region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://controller:35357/v3

username = placement

password = ipcc2014

# os_region_name = openstack // comment out

?

?

sudo su -s /bin/sh -c "nova-manage ?api_db sync" nova

sudo su -s /bin/sh -c "nova-manage ?cell_v2 map_cell0" nova

sudo su -s /bin/sh -c "nova-manage ?cell_v2 create_cell --name=cell1 --verbose" nova

sudo su -s /bin/sh -c "nova-manage db ?sync" nova

sudo nova-manage cell_v2 list_cells

?

sudo service nova-api restart

sudo service nova-consoleauth restart

sudo service nova-scheduler restart

sudo service nova-conductor restart

sudo service nova-novncproxy restart

?

sudo ufw disable // open port 5672 for MQ ?server

sudo ufw status

?

?

sudo su -s /bin/sh -c "nova-manage ?cell_v2 discover_hosts --verbose" nova

?

?

?

sudo su -s /bin/sh -c "nova-manage ?cell_v2 discover_hosts --verbose" nova

?

?

?

egrep -c '(vmx|svm)' /proc/cpuinfo

2

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

/ Install Nova

sudo apt-get install nova-compute

?

?

?

sudo gedit /etc/nova/nova.conf

?

?

?

?

?

?

?

?

?

?

?

?

[DEFAULT]

transport_url = rabbit://openstack:ipcc2014@controller

my_ip = 10.0.0.31

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

#log_dir=/var/log/nova // ?comment out

?

[api]

auth_strategy = keystone

?

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = ipcc2014

?

[vnc]

enabled = True

vncserver_listen = 0.0.0.0

vncserver_proxyclient_address = $my_ip

novncproxy_base_url = http://controller:6080/vnc_auto.html

?

[glance]

api_servers = http://controller:9292

?

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

# lock_path=/var/lock/nova // comment out

?

[placement]

os_region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://controller:35357/v3

username = placement

password = ipcc2014

# os_region_name = openstack // comment out

?

[libvirt]

hw_machine_type = ?"x86_64=pc-i440fx-xenial,i686=pc-i440fx-xenial"

?

?

?

?

?

?

?

?

?

?

?

?

?

?

sudo service nova-compute restart

cat /var/log/nova/nova-compute.log

?

?

?

egrep -c '(vmx|svm)' /proc/cpuinfo

2

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

/ Install Nova

sudo apt-get install nova-compute

?

?

?

sudo gedit /etc/nova/nova.conf

?

?

?

?

?

?

?

?

?

?

?

?

[DEFAULT]

transport_url = rabbit://openstack:ipcc2014@controller

my_ip = 10.0.0.32

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

#log_dir=/var/log/nova // ?comment out

?

[api]

auth_strategy = keystone

?

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = ipcc2014

?

[vnc]

enabled = True

vncserver_listen = 0.0.0.0

vncserver_proxyclient_address = $my_ip

novncproxy_base_url = http://controller:6080/vnc_auto.html

?

[glance]

api_servers = http://controller:9292

?

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

# lock_path=/var/lock/nova // comment out

?

[placement]

os_region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://controller:35357/v3

username = placement

password = ipcc2014

# os_region_name = openstack // comment out

?

[libvirt]

hw_machine_type = ?"x86_64=pc-i440fx-xenial,i686=pc-i440fx-xenial"

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

sudo service nova-compute restart

cat /var/log/nova/nova-compute.log

?

/ Verify ?operation

. admin-openrc

openstack hypervisor list

openstack compute service list

openstack catalog list

sudo nova-status upgrade check

8c1c4079ce30c12f852d4182dbe346b3.png


11 Networking service –Neutron

Networking service

controller

compute1

compute2

/ Create a database?

su root?? ?// enter the root mode

#mysql

MariaDB [(none)]>

CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON neutron.* TO ?'neutron'@'localhost'IDENTIFIED BY 'ipcc2014';

GRANT ALL PRIVILEGES ON neutron.* TO ?'neutron'@'%'IDENTIFIED BY 'ipcc2014';

?

. admin-openrc

?

openstack user create --domain default ?--password-prompt neutron

openstack role add --project service --user ?neutron admin

openstack service create --name neutron ?--description "OpenStack Networking" network

?

openstack endpoint create --region RegionOne ?network public http://controller:9696

openstack endpoint create --region RegionOne ?network internal http://controller:9696

openstack endpoint create --region RegionOne ?network admin http://controller:9696

?

/ Install Neutorn

sudo apt-get install neutron-server ?neutron-plugin-ml2 neutron-linuxbridge-agent neutron-dhcp-agent ?neutron-metadata-agent

?

sudo gedit /etc/neutron/neutron.conf

[database]

connection = mysql+pymysql://neutron:ipcc2014@controller/neutron

# connection = sqlite:var/lib/neutron/neutron.sqlite // comment ?out

?

[DEFAULT]

core_plugin = ml2

service_plugins =

transport_url = rabbit://openstack:ipcc2014@controller

auth_strategy = keystone

notify_nova_on_port_status_changes = true

notify_nova_on_port_data_changes = true

?

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = ipcc2014

?

[nova]

auth_url = http://controller:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = nova

password = ipcc2014

?

sudo gedit /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]

type_drivers = flat,vlan

tenant_network_types =

mechanism_drivers = linuxbridge

extension_drivers = port_security

?

[ml2_type_flat]

flat_networks = provider

?

[securitygroup]

enable_ipset = true

?

sudo gedit /etc/neutron/plugins/ml2/linuxbridge_agent.ini

?

[linux_bridge]

physical_interface_mappings = provider:eth1

?

?

[vxlan]

enable_vxlan = false

?

[securitygroup]

enable_security_group = true

firewall_driver = ?neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

?

sudo gedit /etc/neutron/dhcp_agent.ini

[DEFAULT]

interface_driver = linuxbridge

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = true

?

sudo gedit /etc/neutron/metadata_agent.ini

[DEFAULT]

nova_metadata_ip = controller

metadata_proxy_shared_secret = ipcc2014

?

sudo gedit /etc/nova/nova.conf

[neutron]

url = http://controller:9696

auth_url = http://controller:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = ipcc2014

service_metadata_proxy = true

metadata_proxy_shared_secret = ipcc2014

?

sudo su -s /bin/sh -c ?"neutron-db-manage --config-file /etc/neutron/neutron.conf \

--config-file ?/etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

?

sudo service nova-api restart

?

sudo service neutron-server restart

sudo service neutron-linuxbridge-agent ?restart

sudo service neutron-dhcp-agent restart

sudo service neutron-metadata-agent restart

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

/ Install Neutorn

sudo apt-get install ?neutron-linuxbridge-agent

?

?

sudo gedit /etc/neutron/neutron.conf

[database]

?

?

?

# connection = sqlite:var/lib/neutron/neutron.sqlite // ?comment out

?

[DEFAULT]

transport_url = rabbit://openstack:ipcc2014@controller

auth_strategy = keystone

?

?

?

?

?

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = ipcc2014

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

sudo gedit /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]

physical_interface_mappings = provider:eth1

?

?

[vxlan]

enable_vxlan = false

?

[securitygroup]

enable_security_group = true

firewall_driver = ?neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

?

?

?

?

?

?

?

?

?

?

?

?

sudo gedit /etc/nova/nova.conf

[neutron]

url = http://controller:9696

auth_url = http://controller:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = ipcc2014

?

?

?

?

?

?

?

?

?

?

?

sudo service nova-compute restart

sudo service neutron-linuxbridge-agent restart

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

/ Install Neutorn

sudo apt-get install ?neutron-linuxbridge-agent

?

?

sudo gedit /etc/neutron/neutron.conf

[database]

?

?

?

# connection = sqlite:var/lib/neutron/neutron.sqlite // ?comment out

?

[DEFAULT]

transport_url = rabbit://openstack:ipcc2014@controller

auth_strategy = keystone

?

?

?

?

?

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = ipcc2014

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

sudo gedit /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]

physical_interface_mappings = provider:eth1

?

[vxlan]

enable_vxlan = false

?

[securitygroup]

enable_security_group = true

firewall_driver = ?neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

?

?

?

?

?

?

?

?

?

?

?

?

sudo gedit /etc/nova/nova.conf

[neutron]

url = http://controller:9696

auth_url = http://controller:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = ipcc2014

?

?

?

?

?

?

?

?

?

?

?

sudo service nova-compute restart

sudo service neutron-linuxbridge-agent ?restart

/ Verify ?operation

. admin-openrc

openstack extension list –network

openstack network agent list

24d1a5f86d3fadc42c9a58d311f00b01.png


12 Dashboard - Horizon

Dashboard

Controller

compute1

compute2

/ Install Horizon

sudo apt-get install openstack-dashboard

?

sudo gedit /etc/openstack-dashboard/local_settings.py

#OPENSTACK_HOST = "127.0.0.1" // comment out

OPENSTACK_HOST = "controller"

?

ALLOWED_HOSTS = ['*', ]? ?// at the beginning, not Ubuntu Settings

?

SESSION_ENGINE = 'django.contrib.sessions.backends.cache' // the ?memcached session

CACHES = {

??????????? 'default': {

??????????????????????? 'BACKEND': ?'django.core.cache.backends.memcached.MemcachedCache',

??????????????????????? 'LOCATION': 'controller:11211',

??????????????????????? }

??????????? }

?

#OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % ?OPENSTACK_HOST // comment out

OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % ?OPENSTACK_HOST

?

#OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False? // comment out

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

?

OPENSTACK_API_VERSIONS = {

"identity": 3,

"p_w_picpath": 2,

"volume": 2,

}

?

#OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'? // ?comment out

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"

?

#OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"? // ?comment out

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

?

OPENSTACK_NEUTRON_NETWORK = {

#??? 'enable_router': ?True,

#??? 'enable_quotas': ?True,

#??? 'enable_ipv6': True,

#??? ?'enable_distributed_router': False,

#??? 'enable_ha_router': ?False,

#??? 'enable_lb': True,

#??? 'enable_firewall': ?True,

#??? 'enable_***': True,

#??? ?'enable_fip_topology_check': True,? ?// comment out

'enable_router': False,

'enable_quotas': False,

'enable_ipv6': False,

'enable_distributed_router': False,

'enable_ha_router': False,

'enable_lb': False,

'enable_firewall': False,

'enable_***': False,

'enable_fip_topology_check': False,

?

TIME_ZONE = "UTC"

?

sudo chown www-data:www-data ?/var/lib/openstack-dashboard/secret_key

?

sudo gedit ?/etc/apache2/conf-available/openstack-dashboard.conf

WSGIApplicationGroup %{GLOBAL}

?

sudo service apache2 reload

?

/ Verify ?operation

http://controller/horizon

default/admin/ipcc2014

default/demo/ipcc2014




?13 Lanuch instances

?

Lanuch an instance

controller

compute1

compute2

/ Create the provider network

. admin-openrc??????????????????????????????????????????????????????????????????????????

openstack network create --share --external ?--provider-physical-network provider --provider-network-type flat provider

?

/ Create a subnet on the provider network

openstack subnet create --network provider ?--allocation-pool start=192.168.100.200,end=192.168.100.220 --dns-nameserver 10.0.1.1 --gateway 192.168.100.111 --subnet-range 192.168.100.0/24 provider

?

/ Create m1.nano flavor

openstack flavor create --id 0 --vcpus 1 ?--ram 64 --disk 1 m1.nano

?

/ Add rules for the default security group

openstack ?security group rule create --proto icmp default????????

openstack security group rule create --proto ?tcp --dst-port 22 default



/ Verify ?operation

. admin-openrc

openstack ?flavor list

openstack p_w_picpath ?list

openstack ?network list

openstack ?security group list

openstack ?server list



463243757d7d636ef073f3b288c5909b.png


0a38b32ada1a2f2e83fa3b69e173bb93.png

6cfbab9e4e023c80602b9bf0092c2647.png


Main blockers

?

Following the install guide carefully, I have still been confronted with several heavy blockers during theinstallation:

?

1) The dashboard gives an “internal server error” .

cat ?/var/log/apache2/error.log : [Sun Oct 2214:42:41.315045 2017] [wsgi:error] [pid 5472:tid 140055544346368] [remote10.0.0.11:36929] IOError: [Errno 13] Permission denied:'/var/lib/openstack-dashboard/secret_key'.

Solved it in Controller Node by:sudo chown www-data:www-data /var/lib/openstack-dashboard/secret_key

https://bugs.launchpad.net/openstack-manuals/+bug/1683594

https://stackoverflow.com/questions/42632130/cant-launch-openstack-horizon-dashboard-ioerror-errno-13-permission-denied

?

2) No response from the dashboard.

Solved it in Controller Node by: sudo gedit /etc/apache2/conf-available/openstack-dashboard.conf

WSGIApplicationGroup%{GLOBAL}

https://ask.openstack.org/en/question/91352/openstack-mitaka-can-not-access-dashboard/

?

3) VMs don’t boot and are stuck at "Booting fromHarddisk GRUB" in the console VNC.

Solved it in Compute Nodes by:sudo gedit /etc/nova/nova.conf

[libvirt]

hw_machine_type= "x86_64=pc-i440fx-xenial,i686=pc-i440fx-xenial"

https://ask.openstack.org/en/question/103598/libvirt-vm-does-not-boot-in-ocata-libvirtxml-missing-wrong-owner-for-consolelog/

https://ask.openstack.org/en/question/107212/ocata-vnc-shows-cirros-instance-stuck-at-grub/

?

In addtion, please be extremely careful with the configuration files of Nova and Neutron; any minor negligence would make the system fail to work and it is very hard and time-consuming to find the reasons.