OpenStack Victoria Deployment Guide
OpenStack
OpenStack is an open source cloud computing infrastructure software project developed by the community. It provides an operating platform or tool set for deploying the cloud, offering scalable and flexible cloud computing for organizations.
As an open source cloud computing management platform, OpenStack consists of several major components, such as Nova, Cinder, Neutron, Glance, Keystone, and Horizon. OpenStack supports almost all cloud environments. The project aims to provide a cloud computing management platform that is easy-to-use, scalable, unified, and standardized. OpenStack provides an infrastructure as a service (IaaS) solution that combines complementary services, each of which provides an API for integration.
The official Yum source of openEuler 21.03 supports the Openstack Victoria version. You can configure the official Yum source and then deploy OpenStack by following the instructions of this document.
Preparing the Environment
Installing the SQL Database
Run the following command to install the software package:
# yum install mariadb mariadb-server python-PyMySQL
Run the following command to create and edit the
/etc/my.cnf.d/openstack.cnf
file:vim /etc/my.cnf.d/openstack.cnf
Copy the following content to the file (set bind-address to the management IP address of the controller node):
[mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8
Run the following command to start the database service and enable it to automatically start upon system boot:
# systemctl enable mariadb.service # systemctl start mariadb.service
Installing RabbitMQ
Run the following command to install the software package:
#yum install rabbitmq-server
Start the RabbitMQ service and enable it to automatically start upon system boot.
#systemctl enable rabbitmq-server.service #systemctl start rabbitmq-server.service
Add an OpenStack user.
#rabbitmqctl add_user openstack RABBIT_PASS
Replace RABBIT_PASS with the password of the OpenStack user.
Run the following command to set the permission of the openstack user so that the user can perform configuration, write, and read operations:
#rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Installing Memcached
Run the following command to install the target software package:
#yum install memcached python3-memcached
Run the following command to edit the
/etc/sysconfig/memcached
file:#vim /etc/sysconfig/memcached OPTIONS="-l 127.0.0.1,::1,controller"
Change the value of OPTIONS to the actual management IP address of the controller node.
Run the following command to start the Memcached service and enable it to automatically start upon system boot:
# systemctl enable memcached.service # systemctl start memcached.service
Installing OpenStack
Installing Keystone
Log in to the database as the root user. Create the keystone database, and grant permissions to the user.
# mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit
Replace KEYSTONE_DBPASS with the password of the keystone database.
Run the following command to install the software package:
#yum install openstack-keystone httpd mod_wsgi
Edit the
/etc/keystone/keystone.conf
file to configure the keystone database. In the [database] section, configure the database entry. In the [token] section, configure the token provider.# vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet
Replace KEYSTONE_DBPASS with the password of the keystone database.
Run the following command to synchronize the database.
su -s /bin/sh -c "keystone-manage db_sync" keystone
Run the following command to initialize the Fernet keystore:
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone # keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
Run the following commands to enable the identity service:
# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ --bootstrap-admin-url http://controller:5000/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne
Replace ADMIN_PASS with the password of the admin user.
Edit the
/etc/httpd/conf/httpd.conf
file and configure the Apache HTTP server.#vim /etc/httpd/conf/httpd.conf
Enable ServerName to reference the controller node:
ServerName controller
If ServerName does not exist, create it.
Run the following command to create a link for the
/usr/share/keystone/wsgi-keystone.conf
file:#ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ #vim /etc/httpd/conf.d/wsgi-keystone.conf
…
TraceEnable off
LoadModule wsgi_module /usr/lib64/httpd/modules/mod_wsgi_python3.so
…
After the installation is complete, run the following command to start the Apache HTTP service:
# systemctl enable httpd.service # systemctl start httpd.service
Run the following command to set environment variables:
$ export OS_USERNAME=admin $ export OS_PASSWORD=ADMIN_PASS $ export OS_PROJECT_NAME=admin $ export OS_USER_DOMAIN_NAME=Default $ export OS_PROJECT_DOMAIN_NAME=Default $ export OS_AUTH_URL=http://controller:5000/v3 $ export OS_IDENTITY_API_VERSION=3
Replace ADMIN_PASS with the password set in the keystone-manage bootstrap command.
Run the following commands to create the domain, project, user, and role:
Create a domain named example.
$ openstack domain create --description "An Example Domain" example
Note: The domain default has been created in keystone-manage bootstrap.
Create a project named service.
$ openstack project create --domain default --description "Service Project" service
Create a non-admin project named myproject, a user named myuser, and a role named myrole. Add the myrole role to myproject and myuser.
$ openstack project create --domain default --description "Demo Project" myproject $ openstack user create --domain default --password-prompt myuser $ openstack role create myrole $ openstack role add --project myproject --user myuser myrole
Perform the verification.
Cancel the temporary environment variables OS_AUTH_URL and OS_PASSWORD.
$ unset OS_AUTH_URL OS_PASSWORD
Request a token for the admin user:
$ openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name admin --os-username admin token issue
Request a token for the myuser user:
$ openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name myproject --os-username myuser token issue
Create the environment script for the OpenStack client.
Create environment variable scripts for the admin and demo users.
# vim admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 #
# vim demo-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=myproject export OS_USERNAME=myuser export OS_PASSWORD=DEMO_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
Replace ADMIN_PASS with the password of the admin user.
Replace DEMO_PASS with the password of the myuser user.
Run the following script to load environment variables:
$ . admin-openrc
Installing Glance
Create a database, service credentials, and API endpoints.
Create a database.
Log in to the database as the root user. Create the glance database, and grant permissions to the database.
$ mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit
Replace GLANCE_DBPASS with the password of the glance database.
$ . admin-openrc
Run the following commands to create the glance service credential, create the glance user, and add the admin role to the glance user:
$ openstack user create --domain default --password-prompt glance $ openstack role add --project service --user glance admin $ openstack service create --name glance --description "OpenStack Image" image
Create API endpoints for the image service.
$ openstack endpoint create --region RegionOne image public http://controller:9292 $ openstack endpoint create --region RegionOne image internal http://controller:9292 $ openstack endpoint create --region RegionOne image admin http://controller:9292
Perform the installation and configuration.
Install the software package:
#yum install openstack-glance openstack-glance-api
Configure Glance:
Edit the /etc/glance/glance-api.conf file:
In the [database] section, configure the database entry.
In the [keystone_authtoken] and [paste_deploy] sections, configure the identity authentication service entry.
In the [glance_store] section, configure the local file system storage and the location where image files are stored.
# vim /etc/glance/glance-api.conf [database] # ... connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] # ... flavor = keystone [glance_store] # ... stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/
In the preceding command, replace GLANCE_DBPASS with the password of the glance database, and replace GLANCE_PASS with the password of the glance user.
Synchronize the database:
su -s /bin/sh -c "glance-manage db_sync" glance
Run the following command to start the image service:
# systemctl enable openstack-glance-api.service # systemctl start openstack-glance-api.service
Perform the verification.
Download the image.
$ . admin-openrc $ wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
Upload the image to the image service.
$ glance image-create --name "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility=public
Confirm the image upload and verify the attributes.
$ glance image-list
Installing Placement
Create a database, service credentials, and API endpoints.
Create a database.
Access the database as the root user. Create the placement database, and grant permissions.
$ mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit
Replace PLACEMENT_DBPASS with the password of the placement database.
$ . admin-openrc
Run the following commands to create the placement service credentials, create the placement user, and add the admin role to the placement user:
Create the Placement API Service.
$ openstack user create --domain default --password-prompt placement $ openstack role add --project service --user placement admin $ openstack service create --name placement --description "Placement API" placement
Create API endpoints of the Placement service.
$ openstack endpoint create --region RegionOne placement public http://controller:8778 $ openstack endpoint create --region RegionOne placement internal http://controller:8778 $ openstack endpoint create --region RegionOne placement admin http://controller:8778
Perform the installation and configuration.
Install the software package:
yum install openstack-placement-api
Configure Placement:
Edit the /etc/placement/placement.conf file:
In the [placement_database] section, configure the database entry.
In [api] and [keystone_authtoken] sections, configure the identity authentication service entry.
# vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS
Replace PLACEMENT_DBPASS with the password of the placement database, and replace PLACEMENT_PASS with the password of the placement user.
Note: Configure the permission.
# vim /etc/httpd/conf.d/00-placement-api.conf <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory>
Synchronize the database:
#su -s /bin/sh -c "placement-manage db sync" placement
Start the httpd service.
#systemctl restart httpd
Perform the verification.
Run the following command to check the status:
$ . admin-openrc $ placement-status upgrade check
Run the following command to install osc-placement and list the available resource types and features:
$ yum install python3-osc-placement $ openstack --os-placement-api-version 1.2 resource class list --sort-column name $ openstack --os-placement-api-version 1.6 trait list --sort-column name
Installing Nova
Create a database, service credentials, and API endpoints.
Create a database.
Access the database as the root user. Create the nova, nova_api, and nova_cell0 databases and grant permissions.
$ mysql -u root -p MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit
Replace NOVA_DBPASS with the password of the nova database.
Run the following commands to create Nova service credentials, create a nova user, and add the admin role to the nova user:
$ . admin-openrc $ openstack user create --domain default --password-prompt nova $ openstack role add --project service --user nova admin $ openstack service create --name nova --description "OpenStack Compute" compute
Create API endpoints for the computing service.
$ openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
Perform the installation and configuration.
Install the software package:
# yum install openstack-nova-api openstack-nova-conductor \ openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-compute
Configure Nova:
Edit the /etc/nova/nova.conf file.
In the [default] section, enable the computing and metadata APIs, configure the RabbitMQ message queue entry, and set my_ip.
In the [api_database] and [database] sections, configure the database entry.
In the [api] and [keystone_authtoken] sections, configure the identity service entry.
In the [vnc] section, enable and configure the entry for the remote console.
In the [glance] section, configure the API address for the image service.
In the [oslo_concurrency] section, configure the lock path.
In the [placement] section, configure the entry of the Placement service.
# vim /etc/nova/nova.conf [DEFAULT] # ... enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.11 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances/ log_dir = /var/log/nova [api_database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova [api] # ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true # ... server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html [glance] # ... api_servers = http://controller:9292 [oslo_concurrency] # ... lock_path = /var/lib/nova/tmp [placement] # ... region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS
Replace RABBIT_PASS with the password of the openstack user in RabbitMQ.
Set my_ip to the management IP address of the controller node.
Replace NOVA_DBPASS with the password of the nova database.
Replace NOVA_PASS with the password of the nova user.
Replace PLACEMENT_PASS with the password of the placement user.
Replace NEUTRON_PASS with the password of the neutron user.
Run the following command to synchronize the nova-api database:
su -s /bin/sh -c "nova-manage api_db sync" nova
Run the following command to register the cell0 database:
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
Create the cell1 cell:
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
Synchronize the nova database:
su -s /bin/sh -c "nova-manage db sync" nova
Verify whether cell0 and cell1 are correctly registered:
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
Check whether VM hardware acceleration (x86 architecture) is supported:
$ egrep -c '(vmx|svm)' /proc/cpuinfo
If the returned value is 0, hardware acceleration is not supported. You need to configure libvirt to use QEMU instead of KVM.
# vim /etc/nova/nova.conf [libvirt] # ... virt_type = qemu
If the returned value is 1 or a larger value, hardware acceleration is supported, and no extra configuration is required.
Start the computing service and its dependencies, and enable the service to start automatically upon system boot.
# systemctl enable \ openstack-nova-api.service \ openstack-nova-scheduler.service \ openstack-nova-conductor.service \ openstack-nova-novncproxy.service # systemctl start \ openstack-nova-api.service \ openstack-nova-scheduler.service \ openstack-nova-conductor.service \ openstack-nova-novncproxy.service
# systemctl enable libvirtd.service openstack-nova-compute.service # systemctl start libvirtd.service openstack-nova-compute.service
Add the compute nodes to the cell database:
Check whether the compute node exists:
$ . admin-openrc $ openstack compute service list --service nova-compute
Register a compute node:
#su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Perform the verification.
$ . admin-openrc
List service components to verify that each process is successfully started and registered.
$ openstack compute service list
List the API endpoints in the identity service and verify the connection to the identity service.
$ openstack catalog list
List the images in the image service and verify the connections:
$ openstack image list
Check whether the cells and placement APIs are running properly and whether other prerequisites are met.
#nova-status upgrade check
Installing Neutron
Create a database, service credentials, and API endpoints.
Create a database.
Access the database as the root user, create the neutron database, and grant permissions.
$ mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit
Replace NEUTRON_DBPASS with the password of the neutron database.
$ . admin-openrc
Run the following commands to create the neutron service credential, create the neutron user, and add the admin role to the neutron user:
Create the neutron service credential.
$ openstack user create --domain default --password-prompt neutron $ openstack role add --project service --user neutron admin $ openstack service create --name neutron --description "OpenStack Networking" network
Create API endpoints of the network services.
$ openstack endpoint create --region RegionOne network public http://controller:9696 $ openstack endpoint create --region RegionOne network internal http://controller:9696 $ openstack endpoint create --region RegionOne network admin http://controller:9696
Install and configure the self-service network.
Install the software package:
# yum install openstack-neutron openstack-neutron-ml2 \ openstack-neutron-linuxbridge ebtables ipset
Configure Neutron:
Edit the /etc/neutron/neutron.conf file:
In the [database] section, configure the database entry.
In the [default] section, enable the ML2 and router plug-ins. Allow IP address overlapping, and configure the RabbitMQ message queue entry.
In the [default] and [keystone] sections, configure the identity authentication service entry.
In the [default] and [nova] sections, enable the network to notify the change of the computing network topology.
In the [oslo_concurrency] section, configure the lock path.
# vim /etc/neutron/neutron.conf [database] # ... connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] # ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS [nova] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp
Replace NEUTRON_DBPASS with the password of the neutron database.
Replace RABBIT_PASS with the password of the openstack user in RabbitMQ.
Replace NEUTRON_PASS with the password of the neutron user.
Replace NOVA_PASS with the password of the nova user.
Configure the ML2 plug-in.
Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file.
In the [ml2] section, enable the flat, VLAN, and VXLAN networks, enable the bridge and layer-2 population mechanism, and enable the port security extension driver.
In the [ml2_type_flat] section, configure the flat network as the provider virtual network.
In the [ml2_type_vxlan] section, configure the VXLAN network identifier range.
In the [securitygroup] section, set ipset.
# vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] # ... type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] # ... flat_networks = provider [ml2_type_vxlan] # ... vni_ranges = 1:1000 [securitygroup] # ... enable_ipset = true
Configure the Linux bridge agent:
Edit the /etc/neutron/plugins/ml2/linuxbridge_agent.ini file:
In the [linux_bridge] section, map the provider virtual network to the physical network API.
In the [vxlan] section, enable the VXLAN network. Configure the IP address of the physical network API that processes the coverage network, and enable layer-2 population.
In the [securitygroup] section, enable the security group and configure the linux bridge iptables firewall driver.
# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
Replace PROVIDER_INTERFACE_NAME with the physical network API.
Replace OVERLAY_INTERFACE_IP_ADDRESS with the management IP address of the controller node.
Configure the Layer 3 proxy.
Edit the /etc/neutron/l3_agent.ini file:
In the [default] section, set the API driver to linuxbridge.
# vim /etc/neutron/l3_agent.ini [DEFAULT] # ... interface_driver = linuxbridge
Configures the DHCP agent:
Edit the /etc/neutron/dhcp_agent.ini file.
In the [default] section, configure the linuxbridge interface driver and Dnsmasq DHCP driver. Enable the isolated metadata.
# vim /etc/neutron/dhcp_agent.ini [DEFAULT] # ... interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true
Configure the metadata proxy.
Edit the /etc/neutron/metadata_agent.ini file.
In the [default], configure the metadata host and shared secret.
# vim /etc/neutron/metadata_agent.ini [DEFAULT] # ... nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET
Replace METADATA_SECRET with a proper metadata agent secret.
Configure the computing service.
Edit the /etc/nova/nova.conf file.
In the [neutron] section, configure access parameters, enable the metadata proxy, and configure secret.
# vim /etc/nova/nova.conf [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET
Replace NEUTRON_PASS with the password of the neutron user.
Replace METADATA_SECRET with a proper metadata agent secret.
Complete the installation.
Add a link:
#ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
Synchronize the database:
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
Run the following command to restart the computing API service:
#systemctl restart openstack-nova-api.service
Start the network service and enable the service to start automatically upon system boot.
# systemctl enable neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service # systemctl start neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service # systemctl enable neutron-l3-agent.service # systemctl start neutron-l3-agent.service
Perform the verification.
Run the following command to list the neutron agents:
$ openstack network agent list
Installing Cinder
Create a database, service credentials, and API endpoints.
Create a database.
Access the database as the root user. Create the cinder database, and grant permissions.
$ mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit
Replace CINDER_DBPASS with the password for the cinder database.
$ . admin-openrc
Create Cinder service credentials:
Create the cinder user.
Add the admin role to the cinder user.
Create the cinderv2 and cinderv3 services.
$ openstack user create --domain default --password-prompt cinder $ openstack role add --project service --user cinder admin $ openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2 $ openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
Create API endpoints for the block storage service.
$ openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%s $ openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%s $ openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%s $ openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%s $ openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%s $ openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%s
Install and configure the controller node.
Install the software package:
#yum install openstack-cinder
Configure Cinder:
Edit the /etc/cinder/cinder.conf file.
In the [database] section, configure the database entry.
In the [DEFAULT] section, configure the RabbitMQ message queue entry and my_ip.
In the [DEFAULT] and [keystone_authtoken] sections, configure the identity authentication service entry.
In the [oslo_concurrency] section, configure the lock path.
# vim /etc/cinder/cinder.conf [database] # ... connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [DEFAULT] # ... transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] # ... lock_path = /var/lib/cinder/tmp
Replace CINDER_DBPASS with the password of the cinder database.
Replace RABBIT_PASS with the password of the openstack user in RabbitMQ.
Set my_ip to the management IP address of the controller node.
Replace CINDER_PASS with the password of the cinder user.
Synchronize the database:
su -s /bin/sh -c "cinder-manage db sync" cinder
Configure the block storage for the compute nodes.
Edit the /etc/nova/nova.conf file.
# vim /etc/nova/nova.conf [cinder] os_region_name = RegionOne
Complete the installation.
Restart the computing API service.
systemctl restart openstack-nova-api.service
Start the block storage service.
# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service # systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
Install and configure the storage node.
Install the software package:
yum install lvm2 device-mapper-persistent-data targetcli python-keystone
Start the service:
# systemctl enable lvm2-lvmetad.service # systemctl start lvm2-lvmetad.service
Create the LVM physical volume /dev/sdb.
pvcreate /dev/sdb
Create the LVM volume group cinder-volumes.
vgcreate cinder-volumes /dev/sdb
Edit the /etc/lvm/lvm.conf file.
In the devices section, add filtering to allow the /dev/sdb device to reject other devices.
devices {
…
filter = [ “a/sdb/”, “r/.*/”]
Edit the /etc/cinder/cinder.conf file.
In the [lvm] section, configure the LVM backend using the LVM driver, cinder-volumes volume group, iSCSI protocol, and appropriate iSCSI services.
In the [DEFAULT] section, enable the LVM backend and configure the location of the API of the image service.
[lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [DEFAULT] # ... enabled_backends = lvm glance_api_servers = http://controller:9292
Complete the installation.
# systemctl enable openstack-cinder-volume.service target.service # systemctl start openstack-cinder-volume.service target.service
Install and configure the backup service.
Edit the /etc/cinder/cinder.conf file.
In the [DEFAULT] section, configure the backup options.
[DEFAULT] # ... backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL
Replace SWIFT_URL with the URL of the object storage service. The URL can be found through the object storage API endpoint.
$ openstack catalog show object-store
Complete the installation.
# systemctl enable openstack-cinder-backup.service # systemctl start openstack-cinder-backup.service
Perform the verification.
List service components and verify that each step is successful.
$ . admin-openrc $ openstack volume service list
Note: Currently, the Swift component is not supported. If possible, you can configure the interconnection with Ceph.
Installing Horizon
Install the software package:
yum install openstack-horizon
Modify the
/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py
file.Modify the variables.
ALLOWED_HOSTS = ['*', ]OPENSTACK_HOST = "controller"OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
Add variables.
OPENSTACK_API_VERSIONS = { "identity": 3, "image": 2, "volume": 3,}WEBROOT = "/dashboard/"COMPRESS_OFFLINE = TrueOPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"OPENSTACK_KEYSTONE_DEFAULT_ROLE = "admin"LOGIN_URL = '/dashboard/auth/login/'LOGOUT_URL = '/dashboard/auth/logout/'
Run the following command in the /usr/share/openstack-dashboard directory:
./manage.py compress
Restart the httpd service.
systemctl restart httpd
Open a browser and enter http://<host_ip> in the address box to log in to Horizon.