CSS Corp Open Source Services

Controller

leave a comment »

Installation of the components

Install all the components of the controller

sudo apt-get install nova-api nova-scheduler nova-cert nova-consoleauth nova-network mysql-server rabbitmq-server ntp openstack-dashboard pyhton-mysqldb nova-doc keystone python-keystone python-keystoneclient

Configuration of the components

Network Configuration

Edit the /etc/network/interfaces file so that it looks like this

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 10.0.0.11
network 10.0.0.0
gateway 10.0.0.1
broadcast 10.0.0.255
netmask 255.0.0.0

auto eth1
iface eth1 inet static
address 192.168.3.1
network 192.168.3.0
broadcast 192.168.3.255
netmask 255.255.255.0

Restart the network

sudo /etc/init.d/networking restart

NTP configuration

Open the file /etc/ntp.conf and add the following lines to make sure that the time on the server stays in sync with an external server. If the Internet connectivity is down, the NTP server uses its own hardware clock as the fallback.


server ntp.ubuntu.com
server 127.127.1.0
fudge 127.127.1.0 stratum 10

Restart NTP server


/etc/init.d/ntp restart

Mysql Configuration

Edit the following lines in /etc/mysql/my.cnf

bind-address            = 0.0.0.0

Restart the MySQL service

restart mysql

Run the following commands to create databases named nova, glance, keystone, to create users to access these databases.

sudo mysql -uroot -psecret -e 'CREATE DATABASE nova;'
sudo mysql -uroot -psecret -e 'CREATE USER novadbadmin;'
sudo mysql -uroot -psecret -e "GRANT ALL PRIVILEGES ON nova.* TO 'novadbadmin'@'%';"
sudo mysql -uroot -psecret -e "SET PASSWORD FOR 'novadbadmin'@'%' = PASSWORD('novasecret');"
sudo mysql -uroot -psecret -e 'CREATE DATABASE glance;'
sudo mysql -uroot -psecret -e 'CREATE USER glancedbadmin;'
sudo mysql -uroot -psecret -e "GRANT ALL PRIVILEGES ON glance.* TO 'glancedbadmin'@'%';"
sudo mysql -uroot -psecret -e "SET PASSWORD FOR 'glancedbadmin'@'%' = PASSWORD('glancesecret');"
sudo mysql -uroot -psecret -e 'CREATE DATABASE keystone;'
sudo mysql -uroot -psecret -e 'CREATE USER keystonedbadmin;'
sudo mysql -uroot -psecret -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystonedbadmin'@'%';"
sudo mysql -uroot -psecret -e "SET PASSWORD FOR 'keystonedbadmin'@'%' = PASSWORD('keystonesecret');"

Nova Configuration

Edit the /etc/nova/nova.conf so it looks like this


--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/run/lock/nova
--allow_admin_api=true
--use_deprecated_auth=false
--auth_strategy=keystone
--scheduler_driver=nova.scheduler.simple.SimpleScheduler
--s3_host=10.0.0.11
--ec2_host=10.0.0.11
--rabbit_host=10.0.0.11
--cc_host=10.0.0.11
--nova_url=http://10.0.0.11:8774/v1.1/
--routing_source_ip=10.0.0.11
--glance_api_servers=10.0.0.14:9292
--image_service=nova.image.glance.GlanceImageService
--iscsi_ip_prefix=192.168.4
--sql_connection=mysql://novadbadmin:novasecret@10.0.0.11/nova
--ec2_url=http://10.0.0.11:8773/services/Cloud
--keystone_ec2_url=http://10.0.0.11:5000/v2.0/ec2tokens
--api_paste_config=/etc/nova/api-paste.ini
--libvirt_type=kvm
--libvirt_use_virtio_for_bridges=true
--start_guests_on_host_boot=true
--resume_guests_state_on_host_boot=true
# vnc specific configuration
# network specific settings
--network_manager=nova.network.manager.FlatDHCPManager
--public_interface=eth0
--flat_interface=eth1
--flat_network_bridge=br100
--fixed_range=192.168.4.1/27
--floating_range=10.0.0.240/29
#--auto_assign_floating_ip=true
--network_size=32
--flat_network_dhcp_start=192.168.4.33
--flat_injected=False
--force_dhcp_release
--iscsi_helper=tgtadm
--connection_type=libvirt
--root_helper=sudo nova-rootwrap
--verbose

Restart all nova services

sudo restart nova-api; sudo restart nova-scheduler; sudo restart nova-api; sudo restart nova-cert; sudo restart nova-consoleauth; sudo restart nova-network

Run command to sync the Database

sudo nova-manage db sync

Keystone Configuration

Edit the file /etc/keystone/keystone.conf and edit the lines so that it looks like this

admin_token = secret
connection = mysql://keystonedbadmin:keystonesecret@10.0.0.11/keystone

Restart keystone service

/etc/init.d/keystone restart

Run the command

keystone-manage db_sync

Run the following to use keystone commands

export SERVICE_TOKEN=secret
export OS_AUTH_URL=http://localhost:5000/v2.0
export OS_TENANT_NAME=openstack
export OS_USERNAME=adminUser
export OS_PASSWORD=<password>
export SERVICE_ENDPOINT=http://localhost:35357/v2.0

Create a default tenant named ‘openstack’

keystone tenant-create --name openstack --description 'Default Tenant' --enabled true

Create a user ‘adminUser’ under tenant ‘openstack’

keystone user-create --tenant_id <ID of default tenant> --name adminUser --pass <new_password> --enabled true

Create a role named ‘admin’

keystone role-create --name admin

Create a role named ‘memberRole’

keystone role-create --name memberRole

Add the user adminUser under default tenant to role admin

keystone user-role-add --user <ID of adminUser> --tenant_id <ID of default tenant> --role <ID of admin role>

Create a Service tenant named ‘service’

keystone tenant-create --name service --description 'Service Tenant' --enabled true

Create ‘glance’ user under ‘service’ tenant

keystone user-create --tenant_id <ID of service tenant> --name glance --pass glance --enabled true

Grant ‘admin’ role to ‘glance’ user under ‘service’ tenant

keystone user-role-add --user <ID of glance user>--tenant_id <ID of service tenant> --role <ID of admin role>

Create ‘nova’ user under ‘service’ tenant

keystone user-create --tenant_id <ID of service tenant> --name nova --pass nova --enabled true

Grant ‘admin’ role to ‘nova’ user under ‘service’ tenant

keystone user-role-add --user <ID of nova user> --tenant_id <ID of service tenant> --role <ID of admin role>

Create ‘ec2’ user under ‘service’ tenant

keystone user-create --tenant_id <ID of service tenant> --name ec2 --pass ec2 --enabled true

Grant ‘admin’ role to ‘ec2’ user under ‘service’ tenant

keystone user-role-add --user <ID of ec2 user> --tenant_id <ID of service tenant> --role <ID of admin role>

Create ‘swift’ user under ‘service’ tenant

keystone user-create --tenant_id <ID of service tenant> --name swift --pass swift --enabled true

Grant ‘admin’ role to ‘swift’ user under ‘service’ tenant

keystone user-role-add --user <ID of swift user> --tenant_id <ID of service tenant> --role <ID of admin role>

Create ‘keystone’ service with a description

keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
keystone endpoint-create --region nova --service_id=<ID of keystone service> --publicurl=http://10.0.0.11:5000/v2.0 --internalurl=http://10.0.0.11:5000/v2.0 --adminurl=http://10.0.0.11:35357/v2.0

Create ‘nova’ service with a description

keystone service-create --name=nova --type=compute --description="Nova Compute Service"
keystone endpoint-create --region nova --service_id=<ID of nova service> --publicurl='http://10.0.0.12:8774/v2/%(tenant_id)s' --internalurl='http://10.0.0.12:8774/v2/%(tenant_id)s' --adminurl='http://10.0.0.12:8774/v2/%(tenant_id)s'

Create ‘volume’ service with a description

keystone service-create --name=volume --type=volume --description="Volume Service"
keystone endpoint-create --region nova --service_id=<ID of volume service> --publicurl='http://10.0.0.13:8776/v1/%(tenant_id)s' --internalurl='http://10.0.0.13:8776/v1/%(tenant_id)s' --adminurl='http://10.0.0.13:8776/v1/%(tenant_id)s'

Create ‘glance’ service with a description

keystone service-create --name=glance --type=image --description="Glance Image Service"
keystone endpoint-create --region nova --service_id=<ID of glance service> --publicurl=http://10.0.0.14:9292/v1 --internalurl=http://10.0.0.14:9292/v1 --adminurl=http://10.0.0.14:9292/v1

Create ‘ec2’ service with a description

keystone service-create --name=ec2 --type=ec2 --description="EC2 Compatibility Layer"
keystone endpoint-create --region nova --service_id<ID of ec2 service> --publicurl=http://10.0.0.11:8773/services/Cloud --internalurl=http://10.0.0.11:8773/services/Cloud --adminurl=http://10.0.0.11:8773/services/Admin

Create ‘swift’ service with a description

keystone service-create --name=swift --type=object-store --description="Object Storage Service"
keystone endpoint-create --region nova --service_id=<ID of swift service> --publicurl 'http://10.0.0.14:8080/v1/AUTH_%(tenant_id)s' --adminurl 'http://10.0.0.14:8080/' --internalurl 'http://10.0.0.14:8080/v1/AUTH_%(tenant_id)s'
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: