Skip to content

Instantly share code, notes, and snippets.

@sdorsett

sdorsett/01_prepare_system_for_openstack_install.md

Last active June 19, 2018 17:51
Show Gist options
  • Save sdorsett/137af77cf52ea67f8fd3c69e56f0def0 to your computer and use it in GitHub Desktop.
Save sdorsett/137af77cf52ea67f8fd3c69e56f0def0 to your computer and use it in GitHub Desktop.
Download ZIP
OpenStack Installation Tutorial for Ubuntu notes
Raw
01_prepare_system_for_openstack_install.md

Notes were generated from the following install guide: https://docs.openstack.org/newton/install-guide-ubuntu/environment-packages.html

Generate a password and save it somewhere:

openssl rand -hex 10

Get latest to prepare the system for Openstack installation:

sudo apt-get update
sudo apt install software-properties-common
sudo add-apt-repository cloud-archive:newton

Update the server:

sudo apt update && sudo apt dist-upgrade
sudo reboot

Reconnect to the server

Installation of the Openstack Client and of the database:

sudo apt install python-openstackclient
sudo apt install mariadb-server python-pymysql

sudo vim /etc/mysql/mariadb.conf.d/99-openstack.cnf

Put the text bellow in this file :

[mysqld]
bind-address = 127.0.0.1
 
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

Restart Mysql with the new configuration:

sudo service mysql restart

Initialize the database:

sudo mysql_secure_installation

Follow the instructions bellow :

“Enter current password for root (enter for none):” 
Leave empty
 
“Set root password? [Y/n] y”
Say yes and copy your password
 
“Remove anonymous users? [Y/n] n”
Say no
 
“Disallow root login remotely? [Y/n] n”
Say no
 
“Remove test database and access to it? [Y/n] n”
Say no
 
“Reload privilege tables now? [Y/n] y”
Say yes

Installation of Rabbit queue server:

sudo apt install rabbitmq-server
sudo rabbitmqctl add_user openstack ***YOUR PASSWORD HERE***
sudo rabbitmqctl set_permissions openstack ".*" ".*" ".*"

Installation of memecache, It's used to cache requests of Keystone

sudo apt install memcached python-memcache
sudo service memcached restart
Raw
02_install_keystone.md

Setup of the Keystone Database:

sudo mysql -u root -p

Enter your password as requested

Put your password on the commands bellow before you copy them into the Database:

CREATE DATABASE keystone;
 
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
  IDENTIFIED BY '***YOUR PASSWORD HERE***';
 
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
  IDENTIFIED BY '***YOUR PASSWORD HERE***';

Install Keystone :

sudo apt install keystone

Setup of keystone :

sudo vim /etc/keystone/keystone.conf

Search for [database] :

Replace connection with: connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@127.0.0.1/keystone

Search in [token] for “provider =“ :

Replace provider with : provider = fernet

Initialize the keystone database:

sudo /bin/sh -c "keystone-manage db_sync" keystone

Keep going with this :

sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
sudo keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

Bootstrap of Keystone to allow communications :

sudo keystone-manage bootstrap --bootstrap-password ***YOUR PASSWORD HERE*** \
  --bootstrap-admin-url http://127.0.0.1:35357/v3/ \
  --bootstrap-internal-url http://127.0.0.1:35357/v3/ \
  --bootstrap-public-url http://127.0.0.1:5000/v3/ \
  --bootstrap-region-id RegionOne

Remove useless DB file created by the installer:

sudo rm -f /var/lib/keystone/keystone.db

Set the the login, password to authenticate with Keystone :

export OS_USERNAME=admin
export OS_PASSWORD=***YOUR PASSWORD HERE***
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://127.0.0.1:35357/v3
export OS_IDENTITY_API_VERSION=3

Create a domain, projects, users, and roles

openstack project create --domain default \
   --description "Service Project" service
   
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | eb8dbd3a6d1040288d3bb4c3d7275c8b |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
+-------------+----------------------------------+


openstack project create --domain default \
   --description "Demo Project" demo
   
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 4bcf45bbcd894dd58b196cee3090636a |
| is_domain   | False                            |
| name        | demo                             |
| parent_id   | default                          |
+-------------+----------------------------------+


openstack user create --domain default \
   --password-prompt demo
   
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 5960dcaf********452a8 |
| name                | demo                             |
| password_expires_at | None                             |
+---------------------+----------------------------------+

openstack role create user

+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 1bb78c2b5ae54449b7689450905d1fd6 |
| name      | user                             |
+-----------+----------------------------------+


openstack role add --project demo --user demo user

For security reasons, disable the temporary authentication token mechanism: Edit the /etc/keystone/keystone-paste.ini file and remove admin_token_auth from the [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] sections.

sudo vim /etc/keystone/keystone-paste.ini
unset OS_AUTH_URL OS_PASSWORD

update /etc/hosts to set controller to resolve to localhost:

ubuntu@stan:~$ sudo vi /etc/hosts
ubuntu@stan:~$ grep controller /etc/hosts
127.0.0.1	localhost controller
ubuntu@stan:~$
ubuntu@stan:~$ ping -c 1 controller
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.039 ms
--- localhost ping statistics ---
1 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.039/0.042/0.045/0.003 ms

As the admin user, request an authentication token:

openstack --os-auth-url http://controller:35357/v3 \
   --os-project-domain-name Default --os-user-domain-name Default \
   --os-project-name admin --os-username admin token issue
   
Password:

+------------+---------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                       |
+------------+---------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2018-06-18 17:19:01+00:00                                                                                                                   |
| id         | gAAAAABbJ9t1***************mZ1BMLz3WnRIBU-                                                          |
|            | 5hbmUdVFu9Z7oG7pu12q0r71t8Kqp_JZizxhWDPquprVn4bw0Ln8CmoCcFUGW-9i3tgDLH0LsTshlO2AXQAjSCY69O8Ef_Zvjdf-g                                       |
| project_id | 6145c4d92a724fd7ad9fdbe74ac35b44                                                                                                            |
| user_id    | 6d1fdc********049b22                                                                                                            |
+------------+---------------------------------------------------------------------------------------------------------------------------------------------+

As the demo user, request an authentication token:

openstack --os-auth-url http://controller:5000/v3 \
   --os-project-domain-name Default --os-user-domain-name Default \
   --os-project-name demo --os-username demo token issue
   
Password:

+------------+---------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                       |
+------------+---------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2018-06-18 17:19:47+00:00                                                                                                                   |
| id         | gAAAAABbJ9ujjDbzk***************HQEexmkLzK3f6AA69ixO-oXryyrDz3au0zm4CbFJXlRUIea0o4dy-         |
|            | OhSFFY_OskF-b4vjK1mEpHZQkkDF-uyKfYuxtGgv2YgwvY4t3ovc                                                                                        |
| project_id | 4bcf45bbcd894dd58b196cee3090636a                                                                                                            |
| user_id    | 5960dca********d452a8                                                                                                            |
+------------+---------------------------------------------------------------------------------------------------------------------------------------------+

Create OpenStack client environment scripts

ubuntu@stan:~$ cat admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=********
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
ubuntu@stan:~$

ubuntu@stan:~$ cat demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=********
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
ubuntu@stan:~$

ubuntu@stan:~$ . admin-openrc
ubuntu@stan:~$ openstack token issue
+------------+---------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                       |
+------------+---------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2018-06-18 17:30:17+00:00                                                                                                                   |
| id         | gAAAAABbJ94ZF4BpBeIF5794Fqp1uYrJn53B********0o4dSyHQonpyRIkz--5Rb2-on3P6zPbVd5k-mImD7o-                |
|            | TAW9TKwjkV2OGi0cVFmBBFuUCrZMPmAd6pp0SRHXiY3tcVmTOYR6TS9xbOs                                                                                 |
| project_id | 6145c4d92a724fd7ad9fdbe74ac35b44                                                                                                            |
| user_id    | 6d1fdcc********049b22                                                                                                            |
+------------+---------------------------------------------------------------------------------------------------------------------------------------------+
ubuntu@stan:~$

ubuntu@stan:~$ . demo-openrc
ubuntu@stan:~$ openstack token issue
+------------+---------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                       |
+------------+---------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2018-06-18 17:30:56+00:00                                                                                                                   |
| id         | gAAAAABbJ95A-_Ihe3-Fkv4ynPh********VOFpI1kXvky20bJNeSaWl-Qrhaa3DCsxUfPNaKEf7vZXrFnLvXVGOVM2w9Q3-6_X6oHX9MLxM1J7 |
|            | -p3z2GUl4KcofF4Rmx3b-xfwhISp4Zd8ajUfBbUCekpw                                                                                                |
| project_id | 4bcf45bbcd894dd58b196cee3090636a                                                                                                            |
| user_id    | 5960dcafd********7d452a8                                                                                                            |
+------------+---------------------------------------------------------------------------------------------------------------------------------------------+
ubuntu@stan:~$
Raw
03_install_glance.md

To create the database, complete these steps:

ubuntu@stan:~$ sudo mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 50
Server version: 10.0.34-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
    IDENTIFIED BY '**************';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
    IDENTIFIED BY '**************';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> \q
Bye
ubuntu@stan:~$

Source the admin credentials to gain access to admin-only CLI commands:

ubuntu@stan:~$ . admin-openrc

To create the service credentials, complete these steps:

openstack user create --domain default --password-prompt glance

User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 937d2b35*****************c8f4131 |
| name                | glance                           |
| password_expires_at | None                             |
+---------------------+----------------------------------+

openstack role add --project service --user glance admin
openstack service create --name glance \
   --description "OpenStack Image" image
   
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | d54131c0******************779ee5 |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+

openstack endpoint create --region RegionOne \
   image public http://localhost:9292
   
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 210598e********************adae8 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | d54131**********************9ee5 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

openstack endpoint create --region RegionOne \
   image internal http://localhost:9292
   
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 0761e2*******************40e9582 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | d54131**********************9ee5 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

openstack endpoint create --region RegionOne \
   image admin http://localhost:9292
   
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 69034a*********************a23e8 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | d5413********************9779ee5 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

Install and configure components

Install the packages:

sudo apt install glance

Edit the /etc/glance/glance-api.conf file and complete the following actions:

sudo vim /etc/glance/glance-api.conf

In the [database] section, configure database access:

[database]
...
connection = mysql+pymysql://glance:GLANCE_DBPASS@localhost/glance

Replace GLANCE_DBPASS with the password you chose for the Image service database.

In the [keystone_authtoken] and [paste_deploy] sections, configure Identity service access:

[keystone_authtoken]
...
auth_uri = http://localhost:5000
auth_url = http://localhost:35357
memcached_servers = localhost:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS

[paste_deploy]
...
flavor = keystone

Replace GLANCE_PASS with the password you chose for the glance user in the Identity service.

Note

Comment out or remove any other options in the [keystone_authtoken] section.

In the [glance_store] section, configure the local file system store and location of image files:

[glance_store]
...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

Edit the /etc/glance/glance-registry.conf file and complete the following actions:

sudo vim /etc/glance/glance-registry.conf

In the [database] section, configure database access:

[database]
...
connection = mysql+pymysql://glance:GLANCE_DBPASS@localhost/glance

Replace GLANCE_DBPASS with the password you chose for the Image service database.

In the [keystone_authtoken] and [paste_deploy] sections, configure Identity service access:

[keystone_authtoken]
...
auth_uri = http://localhost:5000
auth_url = http://localhost:35357
memcached_servers = localhost:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS

[paste_deploy]
...
flavor = keystone

Replace GLANCE_PASS with the password you chose for the glance user in the Identity service.

Note Comment out or remove any other options in the [keystone_authtoken] section.

Populate the Image service database:

sudo su -s /bin/sh -c "glance-manage db_sync" glance

Restart the Image services:

sudo service glance-registry restart
sudo service glance-api restart
Raw
04_install_nova.md

To create the databases, complete these steps:

ubuntu@stan:~$ sudo mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 59
Server version: 10.0.34-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
   IDENTIFIED BY '***************';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
   IDENTIFIED BY ''***************';';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
   IDENTIFIED BY ''***************';';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
   IDENTIFIED BY ''***************';';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> \q
Bye
ubuntu@stan:~$

Source the admin credentials to gain access to admin-only CLI commands:

. admin-openrc

To create the service credentials, complete these steps:

openstack user create --domain default \
   --password-prompt nova
   
User Password:
Repeat User Password:

+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 960f8749*****************2a7f517 |
| name                | nova                             |
| password_expires_at | None                             |
+---------------------+----------------------------------+

Add the admin role to the nova user:

openstack role add --project service --user nova admin

openstack service create --name nova \
   --description "OpenStack Compute" compute
   
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute                |
| enabled     | True                             |
| id          | 4f104***********************048f |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+

Create the Compute service API endpoints:

openstack endpoint create --region RegionOne \
   compute public http://localhost:8774/v2.1/%\(tenant_id\)s
   
+--------------+------------------------------------------+
| Field        | Value                                    |
+--------------+------------------------------------------+
| enabled      | True                                     |
| id           | 66c11**********************c9671         |
| interface    | public                                   |
| region       | RegionOne                                |
| region_id    | RegionOne                                |
| service_id   | 4f104b********************47048f         |
| service_name | nova                                     |
| service_type | compute                                  |
| url          | http://localhost:8774/v2.1/%(tenant_id)s |
+--------------+------------------------------------------+

openstack endpoint create --region RegionOne \
   compute internal http://localhost:8774/v2.1/%\(tenant_id\)s
   
+--------------+------------------------------------------+
| Field        | Value                                    |
+--------------+------------------------------------------+
| enabled      | True                                     |
| id           | 6ed9ce*********************18a6b         |
| interface    | internal                                 |
| region       | RegionOne                                |
| region_id    | RegionOne                                |
| service_id   | 4f104b*********************7048f         |
| service_name | nova                                     |
| service_type | compute                                  |
| url          | http://localhost:8774/v2.1/%(tenant_id)s |
+--------------+------------------------------------------+

openstack endpoint create --region RegionOne \
   compute admin http://localhost:8774/v2.1/%\(tenant_id\)s
   
+--------------+------------------------------------------+
| Field        | Value                                    |
+--------------+------------------------------------------+
| enabled      | True                                     |
| id           | 21f30692********************9d3e         |
| interface    | admin                                    |
| region       | RegionOne                                |
| region_id    | RegionOne                                |
| service_id   | 4f104b********************47048f         |
| service_name | nova                                     |
| service_type | compute                                  |
| url          | http://localhost:8774/v2.1/%(tenant_id)s |
+--------------+------------------------------------------+

Install and configure components

Install the packages:

sudo apt install nova-api nova-conductor nova-consoleauth \
  nova-novncproxy nova-scheduler
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment