OpenStack

Installation of Open Stack ( Newton edition ) on VirtualBox running CentOS-7 on Mac OS (Sierra)


Overview


In this article we are going to cover -

  • Brief Overview of Openstack
  • Security Setup
  • Host Network Setup
  • Network Time Protocol (NTP) Setup
  • Installation of OpenStack
  • MariaDB SQL database Setup
  • RabbitMQ message queue Setup
  • Identity (keystone) service install and configure
  • Create a domain, projects, users, and roles
  • Image (glance) service install and configure
  • Compute (nova) service install and configure on Controller node
  • Compute (nova) service install and configure on Compute node
  • Networking (neutron) service install and setup
  • Configure the Networking Option 2: Self-service networks
  • Dashboard install and configure
  • Final step: Launch the instance on our Opentsack setup

Newton Openstack installation on CentOS-7 image inside the VirtualBox. This installation needs at least two nodes (hosts) to launch a base Openstack. After successful installation we are able to launch the instance inside the Openstack.


Prerequisites


  • Oracle VirtualBox/VMWare with multicore processor and atleast 8GB RAM in base machine.
  • Two CentOS installed machine, One for Compute node and one for Controller node.
  • Proper networking access within virtual machine and outside world.
  • Two network adapter must be attached to both virtual machine (Host-only and NAT network).


1) Brief Overview of Openstack and setting up the Environment - the controller node and one compute node.


The OpenStack project is an open source cloud computing platform that supports all types of cloud environments. The project aims for simple implementation, massive scalability, and a rich set of features. Cloud computing experts from around the world contribute to the project.


OpenStack software controls large pools of compute, storage, and networking resources throughout a datacenter, managed through a dashboard or via the OpenStack API. OpenStack provides an Infrastructure-as-a-Service (IaaS) solution through a variety of complementary services. Each service offers an Application Programming Interface (API) that facilitates this integration.


I am using the Mac for installation and have the VirtualBox installed.

  1. Before start to setup the environment, we must have the administrative privileges to configure each node. Either run the commands as the root user or configure the sudo utility.
  2. For the Newton openstack setup we must have the two virtual machine ready with at-least below requirement:
    Controller Node: 1 processor, 4 GB memory, and 5 GB storage
    Compute Node: 1 processor, 2 GB memory, and 10 GB storage


2) Security Setup


In order to install the complete setup we are using the list of service which require the password. So please make sure the below password fixed before proceeding.

Note:  In the complete setup we are using the above password. Example, for Nova service setup we are using the NOVA_PASS in commands so, In my setup I am using the NOVA_PASS as "nova123"



3) Host Network Setup


In this step we define the network on both the Node. So we are using the below static ip's for our setup.

Management on 192.168.20.13/24 with gateway 192.168.20.1

This network requires a gateway to provide Internet access to all nodes for administrative purposes such as package installation, security updates, DNS, and NTP.


Provider on 10.20.0.13/24 with gateway 10.20.0.1

This network requires a gateway to provide Internet access to instances in your OpenStack environment.


1. Setup on Controller node

Configure network interfaces

  • IP address: 192.168.20.13
  • Network mask: 255.255.255.0 (or /24)
  • Default gateway: 192.168.20.1

Configure name resolution

  • 192.168.20.13 controller
  • 192.168.20.14 compute



2. Setup on Compute node

Configure network interfaces

  • IP address: 192.168.20.14
  • Network mask: 255.255.255.0 (or /24)
  • Default gateway: 192.168.20.1

Configure name resolution

  • 192.168.20.13 controller
  • 192.168.20.14 compute



3. Verify connectivity

On controller node

From the controller node, test access to the Internet:

ping -c 4 google.com

From the controller node, test access to the management interface on the compute node:

ping -c 4 compute

On compute node

From the compute node, test access to the Internet:

ping -c 4 google.com

From the compute node, test access to the management interface on the compute node:

ping -c 4 controller



4) Network Time Protocol (NTP) Setup


On Controller node

1. Install the packages:

# yum install chrony


2. Edit the /etc/chrony.conf file and add, change, or remove these keys as necessary for your environment:

server NTP_SERVER iburst


3. To enable other nodes to connect to the chrony daemon on the controller node, add this key to the /etc/chrony.conf file:

allow 10.20.0.0/24
allow 192.168.20.0/24


4. Start the NTP service and configure it to start when the system boots:

# systemctl enable chronyd.service


# systemctl start chronyd.service

# yum install chrony


On Compute node

1. Install the packages:

# yum install chrony


2. Edit the /etc/chrony.conf file and add, change, or remove these keys as necessary for your environment:

server controller iburst


3. Start the NTP service and configure it to start when the system boots:

# systemctl enable chronyd.service


# systemctl start chronyd.service


Verify NTP synchronization


Run the below command on the controller node to verify operation:




Run the below command on the compute node to verify operation:





5) Enable the OpenStack repository and Installation of OpenStack packages


On Controller node

# yum install centos-release-openstack-newton

 

# yum upgrade

 

# yum install python-openstackclient

 

# yum install openstack-selinux



6) MariaDB SQL database Setup


On Controller node


We are installing the MariaDB here as a root user. If you don't want to install the MariaDB then install the other DB like MySql.


1. Install the packages:

# yum install mariadb mariadb-server python2-PyMySQL


2. Create and edit the /etc/my.cnf.d/openstack.cnf file and complete the following actions:

[mysqld]

bind-address = 192.168.20.13

 

default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

 


3. Start the database service and configure it to start when the system boots:

# systemctl enable mariadb.service


# systemctl start mariadb.service


4. Secure the database service by running the mysql_secure_installation script. In particular, choose a suitable password for the database root account.

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

# mysql_secure_installation



7) RabbitMQ message queue Setup


On Controller node


RabbitMQ setup


1. Install the package:

# yum install rabbitmq-server


2. Start the message queue service and configure it to start when the system boots:

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

# systemctl enable rabbitmq-server.service


# systemctl start rabbitmq-server.service


3. Add the openstack user:

# rabbitmqctl add_user openstack RABBIT_PASS


–> Replace RABBIT_PASS with a suitable password, in my case it's (rabbitmq123)


4. Permit configuration, write, and read access for the openstack user:

# rabbitmqctl set_permissions openstack ".*" ".*" ".*"


Memcached setup


1. Install the packages:

# yum install memcached python-memcached


2. Start the Memcached service and configure it to start when the system boots:

# systemctl enable memcached.service


# systemctl start memcached.service



8) Identity (keystone) service install and configure


On Controller node


1. Use the database access client to connect to the database server as the root user:

$ mysql -u root -p


2. Create the keystone database:

mysql> CREATE DATABASE keystone;


3. Grant proper access to the keystone database:

mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';


mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';


–> Replace KEYSTONE_DBPASS with a suitable password, in my case it's (keystone123) and exit the database access client.


4. Run the following command to install the packages:

# yum install openstack-keystone httpd mod_wsgi


5. Edit the /etc/keystone/keystone.conf file and complete the following actions:


[database]

connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone


–> Replace KEYSTONE_DBPASS with the password you chose for the database.


[token]

provider = fernet


6. Populate the Identity service database:

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

# su -s /bin/sh -c "keystone-manage db_sync" keystone


7. Initialize Fernet key repositories:

# keystone-manage fernet_setup –keystone-user keystone –keystone-group keystone


# keystone-manage credential_setup –keystone-user keystone –keystone-group keystone


8. Bootstrap the Identity service:

# keystone-manage bootstrap –bootstrap-password ADMIN_PASS –bootstrap-admin-url http://controller:35357/v3/ –bootstrap-internal-url http://controller:35357/v3/ –bootstrap-public-url http://controller:5000/v3/ –bootstrap-region-id RegionOne

 
 
 
 


–> Replace ADMIN_PASS with a suitable password for an administrative user, in my case it's (admin123).


9. Configure the Apache HTTP server


Edit the /etc/httpd/conf/httpd.conf file and configure the ServerName option to reference the controller node:

ServerName controller


10. Create a link to the /usr/share/keystone/wsgi-keystone.conf file: 

 
 

# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/


11. Start the Apache HTTP service and configure it to start when the system boots:

 
 
 
 

# systemctl enable httpd.service


# systemctl start httpd.service


12. Configure the administrative account

 
 
 
 

$ export OS_USERNAME=admin
$ export OS_PASSWORD=ADMIN_PASS
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://controller:35357/v3
$ export OS_IDENTITY_API_VERSION=3


–> Replace ADMIN_PASS with the password used in the keystone-manage bootstrap command from the section called Install and configure.



9) Create a domain, projects, users, and roles


The authentication service uses a combination of domains, projects, users, and roles.


1. Create the service project: 

 
 
 
 

$ openstack project create –domain default –description "Service Project" service


2. Create the demo project:

 
 
 
 

$ openstack project create –domain default –description "Demo Project" demo


3. Create the demo user:

 
 
 
 

$ openstack user create –domain default –password-prompt demo


4. Create the user role:

 
 
 
 

$ openstack role create user


5. Add the user role to the demo project and user:

 
 
 
 

$ openstack role add –project demo –user demo user


Verify operation of the Identity service before installing other services.


1. For security reasons, disable the temporary authentication token mechanism:


Edit the /etc/keystone/keystone-paste.ini file and remove admin_token_auth from the [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] sections.


2. Unset the temporary OS_AUTH_URL and OS_PASSWORD environment variable:

 
 
 
 
 
 
 
 
 
 

$ unset OS_AUTH_URL OS_PASSWORD


3. As the admin user, request an authentication token:

 
 
 
 
 
 
 
 
 
 

$ openstack –os-auth-url http://controller:35357/v3 –os-project-domain-name Default –os-user-domain-name Default –os-project-name admin –os-username admin token issue


4. As the demo user, request an authentication token:

 
 
 
 
 
 
 
 
 
 

$ openstack –os-auth-url http://controller:5000/v3 –os-project-domain-name Default –os-user-domain-name Default –os-project-name demo –os-username demo token issue


Create OpenStack client environment scripts


1. Creating the scripts

Create client environment scripts for the admin and demo projects and users.


Edit the admin-openrc file and add the following content:

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2


–> Replace ADMIN_PASS with the password you chose for the admin user in the Identity service, in my case it's (admin123).


Edit the demo-openrc file and add the following content:

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2


–> Replace DEMO_PASS with the password you chose for the demo user in the Identity service, in my case it's (demo123).


2. Using the scripts


1. To run clients as a specific project and user, you can simply load the associated client environment script prior to running them.

 
 
 
 
 
 
 
 
 
 

$ . admin-openrc


2. Request an authentication token:

$ openstack token issue



10) Image (glance) service install and configure


Before you install and configure the Image service, you must create a database, service credentials, and API endpoints.


1. Use the database access client to connect to the database server as the root user:

$ mysql -u root -p


2. Create the glance database:

mysql> CREATE DATABASE glance;


3. Grant proper access to the glance database:

mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';


mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';


–> Replace GLANCE_DBPASS with a suitable password, in my case it's (glance123) and exit the database access client.


4. Source the admin credentials to gain access to admin-only CLI commands:

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

$ . admin-openrc


5. Create the glance user:

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

$ openstack user create –domain default –password-prompt glance


6. Add the admin role to the glance user and service project:

 
 
 
 
 
 
 
 

$ openstack role add –project service –user glance admin


7. Create the glance service entity:

 
 
 
 
 
 
 
 

$ openstack service create –name glance –description "OpenStack Image" image


8. Create the Image service API endpoints:

 
 
 
 
 
 
 
 

$ openstack endpoint create –region RegionOne image public http://controller:9292

 

$ openstack endpoint create –region RegionOne image internal http://controller:9292

 

$ openstack endpoint create –region RegionOne image admin http://controller:9292

 


9. Install the packages:

 
 
 
 
 
 
 
 

# yum install openstack-glance


10. Edit the /etc/glance/glance-api.conf file and complete the following actions:


[database]

connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance


–> Replace GLANCE_DBPASS with the password you chose for the Image service database.


[keystone_authtoken]

auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS


[paste_deploy]

flavor = keystone


–> Replace GLANCE_PASS with the password you chose for the glance user in the Identity service.


[glance_store]

stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/


11. Edit the /etc/glance/glance-registry.conf file and complete the following actions:


In the [database] section, configure database access:

[database]

connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance


–> Replace GLANCE_DBPASS with the password you chose for the Image service database.


[keystone_authtoken]

auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS


[paste_deploy]

flavor = keystone


–> Replace GLANCE_PASS with the password you chose for the glance user in the Identity service.


12. Populate the Image service database:

 
 
 
 
 
 
 
 
 
 
 
 

# su -s /bin/sh -c "glance-manage db_sync" glance


13. Start the Image services and configure them to start when the system boots:

# systemctl enable openstack-glance-api.service openstack-glance-registry.service


# systemctl start openstack-glance-api.service openstack-glance-registry.service


14. Source the admin credentials to gain access to admin-only CLI commands:

$ . admin-openrc


15. Now download the cirros source image:

$ sudo yum -y update wget

 

$ wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

 

$ wget https://stable.release.core-os.net/amd64-usr/current/coreos_production_openstack_image.img.bz2

 

$ bunzip2 coreos_production_openstack_image.img.bz2

 

$ wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2

 


16. Upload the image to the Image service using the QCOW2 disk format, bare container format, and public visibility so all projects can access it:

$ openstack image create “cirros” –file cirros-0.3.4-x86_64-disk.img –disk-format qcow2 –container-format bare –public

 

$ openstack image create “cloudCoreOS” –file coreos_production_openstack_image.img –disk-format qcow2 –container-format bare –public

 

$ openstack image create “CentOS-7” –file CentOS-7-x86_64-GenericCloud.qcow2 –disk-format qcow2 –container-format bare –public


17. Confirm upload of the image and validate attributes:

$ openstack image list




11) Compute (nova) service install and configure on Controller node

Before you install and configure the Compute service, you must create databases, service credentials, and API endpoints.


1. Use the database access client to connect to the database server as the root user: 

$ mysql -u root -p


2. Create the nova_api and nova databases:

mysql> CREATE DATABASE nova_api;


mysql> CREATE DATABASE nova;

 
 

3. Grant proper access to the database:

mysql> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';


mysql> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';


mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';


mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';

 
 

–>  Replace NOVA_DBPASS with a suitable password, in my case it's (nova123) and exit the database access client.


4. Source the admin credentials to gain access to admin-only CLI commands:

$ . admin-openrc


5. Create the nova user:

 
 

$ openstack user create –domain default –password-prompt nova


6. Add the admin role to the nova user:

$ openstack role add –project service –user nova admin


7. Create the nova service entity:

 
 

$ openstack service create –name nova –description "OpenStack Compute" compute



8. Create the Compute service API endpoints:

 
 

$ openstack endpoint create –region RegionOne compute public http://controller:8774/v2.1/%(tenant_id)s

 

$ openstack endpoint create –region RegionOne compute internal http://controller:8774/v2.1/%(tenant_id)s

 

$ openstack endpoint create –region RegionOne compute admin http://controller:8774/v2.1/%(tenant_id)s

 


9. Install the packages:

 
 
 
 

# yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler


10. Edit the /etc/nova/nova.conf file and complete the following actions:


[DEFAULT]

enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
my_ip = 192.168.20.13
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver


–> Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ, in my case it's (rabbitmq123).


[api_database]

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api


[database]

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova


–> Replace NOVA_DBPASS with the password you chose for the Compute databases, , in my case it's (nova123).


[keystone_authtoken]

auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS


–> Replace NOVA_PASS with the password you chose for the nova user in the Identity service.


In the [vnc] section, configure the VNC proxy to use the management interface IP address of the controller node:


[vnc]

vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip


In the [glance] section, configure the location of the Image service API:


[glance]

api_servers = http://controller:9292


In the [oslo_concurrency] section, configure the lock path:


[oslo_concurrency]

lock_path = /var/lib/nova/tmp


11. Populate the Compute databases:

 
 
 
 
 
 

# su -s /bin/sh -c "nova-manage api_db sync" nova


# su -s /bin/sh -c "nova-manage db sync" nova


12. Start the Compute services and configure them to start when the system boots:

 
 
 
 
 
 

# systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

 

# systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

 



12) Compute (nova) service install and configure on Compute node


1. Install the packages:

 
 
 
 

# yum install openstack-nova-compute


2. Edit the /etc/nova/nova.conf file and complete the following actions:


[DEFAULT]

enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
my_ip = 192.168.20.14
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver


–> Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ, in my case it's (rabbitmq123).


[keystone_authtoken]

auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS


–> Replace NOVA_PASS with the password you chose for the nova user in the Identity service, in my case it's (nova123).


In the [vnc] section, enable and configure remote console access:


[vnc]

enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html


In the [glance] section, configure the location of the Image service API:


[glance]

api_servers = http://controller:9292


In the [oslo_concurrency] section, configure the lock path:


[oslo_concurrency]

lock_path = /var/lib/nova/tmp


3. Determine whether your compute node supports hardware acceleration for virtual machines:

 
 
 
 
 
 
 
 
 
 

$ egrep -c '(vmx|svm)' /proc/cpuinfo


–> If this command returns a value of one or greater, your compute node supports hardware acceleration which typically requires no additional configuration.

–> If this command returns a value of zero, your compute node does not support hardware acceleration and you must configure libvirt to use QEMU instead of KVM.


Edit the [libvirt] section in the /etc/nova/nova.conf file as follows:


[libvirt]

virt_type = qemu


4. Start the Compute service including its dependencies and configure them to start automatically when the system boots:

 
 
 
 
 
 
 
 
 
 

# systemctl enable libvirtd.service openstack-nova-compute.service


# systemctl start libvirtd.service openstack-nova-compute.service


5. Verify operation of the Compute service.


–> Perform below commands on the controller node.

Source the admin credentials to gain access to admin-only CLI commands:

 
 
 
 
 
 
 
 
 
 

$ . admin-openrc


List service components to verify successful launch and registration of each process:

 
 
 
 
 
 
 
 
 
 
 
 

$ openstack compute service list