Havana Installation Guide

8/12/2019 Havana Installation Guide

1/21

Introduction

This document is for installation of Openstack(Havana) on Ubuntu. As we

wanted to have a dedicated node for network, we are using

nodes(!ontroller, !ompute and "etwork) and each node has Ubuntu

#$.%&.%

'inimum stem !onfiguration for each node is & core processor and * +

-A' and $ "! . n our environment we have used below configuration /

Controller Compute Networking0rocesser 1

& core

'emor 1 &

+

2isk 1 %%

+

0rocesser 1

& core

'emor 1 *

+

2isk 1

%%+

0rocesser 1

$ core

'emor 1 &

+

2isk 1

%%+elow are few kewords which we will be using inside this document

Controller Node:"ode responsible for most of the service related

openstack and can be defined as nerve center. All re3uests are routed thru

this one.

Compute Node: -esponsible for managing virtual machine. Hpervisor is

running on this node

Network Node: This node is responsible for all network related service like

dhcp,routing,bridging etc.

Nova :!ompute service which provisions and manages virtual machines on

demand

Neutron :"etworking service which is responsible for network connectivity

Glance: 0rovides a registr of virtual machine images. !ompute uses it to

provision instances

Keystone: dentit service responsible for authentication and authori4ation

Cinder:0rovides persistent block storage

Horizon:2ashboard or a +U for users to interact with all services related to

openstack

elow list shows services running on each node /

Controller Compute Networking

'3l 2 nova/

compute

"eutron services 5

(dhcp,l,metadata)-abbit'6(6ueuing) neutron/

plugin/

openvswitch/agent


2/21

7estone(Authenticatio

n+lance(mage)nova/api,nova/

cert,nova/

consoleauth,nova/

scheduler,nova/

conductor,nova/

novncpro8!inder(lock torage)2ashboard(Hori4on)"eutron/server"eutron openvswitch

plugin

Installing ControllerThis ection e8plains about installation of various service9component on

!ontroller node. :or this we assume ou have a freshl installed Ubuntu/

#$.%&. machine with $ "! and a spare disk or at least one unused

partition.

Basic Configuration

Configuring NIC;dit network config files for internal and e8ternal network

$.#?*.#.#%

netmask $==.$==.$==.%

gatewa #>$.#?*.#.#

dns/nameservers *.*.*.*


3/21

-estart network service to reflect necessar changes

< service networking restart

Adding Host Entry< vim 9etc9hosts

#%.#%.#%.> network#%.#%.#%.#% controller

#%.#%.#%.## compute

Changing hostname


4/21

DpasswordFI

!-;AT; 2ATAA; cinderI

+-A"T AGG 0-JG;+; O" cinder.K TO DcinderFLMlocalhostF 2;"T:;2

N DpasswordFI

+-A"T AGG 0-JG;+; O" cinder.K TO DcinderFLMF 2;"T:;2 N

DpasswordFI

!-;AT; 2ATAA; glanceI

+-A"T AGG 0-JG;+; O" glance.K TO DglanceFLMlocalhostF 2;"T:;2

N DpasswordFI

+-A"T AGG 0-JG;+; O" glance.K TO DglanceFLMF 2;"T:;2 N

DpasswordFI

!-;AT; 2ATAA; neutronI

+-A"T AGG 0-JG;+; O" neutron.K TO DneutronFLMlocalhostF

2;"T:;2 N DpasswordFI

+-A"T AGG 0-JG;+; O" neutron.K TO DneutronFLMF 2;"T:;2 N

DpasswordFI

!-;AT; 2ATAA; kestoneI

+-A"T AGG 0-JG;+; O" kestone.K TO DkestoneFLMlocalhostF

2;"T:;2 N DpasswordFI

+-A"T AGG 0-JG;+; O" kestone.K TO DkestoneFLMF 2;"T:;2

N DpasswordFI

:GUH 0-JG;+;I

;O:

Configuring Identity(Keystone) Service

Install "eystone related Pac"ages< apt/get install kestone pthon/kestone pthon/kestoneclient

Ma"ing necessary changes in #eystone config$ file;dit 9etc9kestone9kestone.conf and add below line

P2;:AUGTQ

admintoken B password

Ps3lQ

connection B ms3l599kestone5passwordLcontroller9kestone

Create necessary ta%les for "eystone< kestone/manage dbsnc

-estart 7estone service< service kestone restart


5/21

Setting "eystone details as en&ironment &aria%le!reate a file openrc and specif all re3uired env. Jariables

< vim openrc

e8port OU;-"A';Badmin

e8port O0ARO-2Bpassworde8port OT;"A"T"A';Badmin

e8port OAUTHU-GBhttp599controller5==E9v$.%

ource the credentials into our environment5

< source S9openrc

!onfigure the ash shell to load these credentials upon each login5

< echo source S9openrcC S9.bashrc

Populate #eystone 'ith initial data

Re need to provide some initial data as below in kestone0roVects5 admin and services

-oles5 admin, 'ember

Users5 admin, nova, glance, 3uantum, and cinder

ervices5 compute, volume, image, identit, ec$, and network

:or this we have a created a bash shell script for the same. !ontent of the

script is /

#!/bin/bash

# Modify these variables as needed

ADMIN_PASSWORD=ADMIN_PASSWORD"$ass%ord&

S'R(I)'_PASSWORD=S'R(I)'_PASSWORD"

ADMIN_PASSWORD&

e*$ort OS_S'R(I)'_+O,'N=-$ass%ord-

e*$ort OS_S'R(I)'_'NDPOIN+=-htt$"//.ontroller"001/v2345

S'R(I)'_+'NAN+_NAM'=S'R(I)'_+'NAN+_NAM'"servi.e&

#

M6S78_9S'R=:eystone

M6S78_DA+A;AS'=:eystone

M6S78_


6/21

if C E lt 4 FB then

field=-@G@NHE-

else

field=-G@@E E-

fi e.ho Jdata- K a%: HLC GtFGGKC GtFL J$rint field&-

done

&

# +enants

ADMIN_+'NAN+=@:eystone tenant.reate nae=adin K >re$ - id - K

>et_field 2

S'R(I)'_+'NAN+=@:eystone tenant.reate

nae=S'R(I)'_+'NAN+_NAM' K >re$ - id - K >et_field 2# 9sers

ADMIN_9S'R=@:eystone ?ser.reate nae=adin

$ass=-ADMIN_PASSWORD- eail=adindoain3.o K >re$ - id - K

>et_field 2

NO(A_9S'R=@:eystone ?ser.reate nae=nova

$ass=-S'R(I)'_PASSWORD- tenantid S'R(I)'_+'NAN+

eail=novadoain3.o K >re$ - id - K >et_field 2

8AN)'_9S'R=@:eystone ?ser.reate nae=>lan.e $ass=-S'R(I)'_PASSWORD- tenantid S'R(I)'_+'NAN+

eail=>lan.edoain3.o K >re$ - id - K >et_field 2

79AN+9M_9S'R=@:eystone ?ser.reate nae=ne?tron


eail=ne?trondoain3.o K >re$ - id - K >et_field 2

)IND'R_9S'R=@:eystone ?ser.reate nae=.inder


eail=.inderdoain3.o K >re$ - id - K >et_field 2# Roles

ADMIN_RO8'=@:eystone role.reate nae=adin K >re$ - id - K >et_field

2

M'M;'R_RO8'=@:eystone role.reate nae=Meber K >re$ - id - K

>et_field 2

# Add Roles to 9sers in +enants

:eystone ?serroleadd ?serid ADMIN_9S'R roleid ADMIN_RO8'

tenantid ADMIN_+'NAN+:eystone ?serroleadd tenantid S'R(I)'_+'NAN+ ?serid


7/21

NO(A_9S'R roleid ADMIN_RO8'

:eystone ?serroleadd tenantid S'R(I)'_+'NAN+ ?serid

8AN)'_9S'R roleid ADMIN_RO8'


79AN+9M_9S'R roleid ADMIN_RO8'


)IND'R_9S'R roleid ADMIN_RO8'

# )reate servi.es

)OMP9+'_S'R(I)'=@:eystone servi.e.reate nae nova ty$e

.o$?te des.ri$tion QO$enSta.: )o$?te Servi.eL K >re$ - id - K >et_field

2

(O89M'_S'R(I)'=@:eystone servi.e.reate nae .inder ty$e vol?e

des.ri$tion QO$enSta.: (ol?e Servi.eL K >re$ - id - K >et_field 2

IMA'_S'R(I)'=@:eystone servi.e.reate nae >lan.e ty$e ia>e

des.ri$tion QO$enSta.: Ia>e Servi.eL K >re$ - id - K >et_field 2

ID'N+I+6_S'R(I)'=@:eystone servi.e.reate nae :eystone ty$e

identity des.ri$tion QO$enSta.: IdentityL K >re$ - id - K >et_field 2

')2_S'R(I)'=@:eystone servi.e.reate nae e.2 ty$e e.2

des.ri$tion QO$enSta.: ')2 servi.eL K >re$ - id - K >et_field 2

N'+WOR,_S'R(I)'=@:eystone servi.e.reate nae ne?tron ty$e

net%or: des.ri$tion QO$enSta.: Net%or:in> servi.eL K >re$ - id - K >et_field

2

# )reate end$oints

:eystone end$oint.reate re>ion ,'6S+ON'_R'ION servi.eid

)OMP9+'_S'R(I)' $?bli.?rl Qhtt$"//L-,'6S+ON'_


8/21

:eystone end$oint.reate re>ion ,'6S+ON'_R'ION servi.eid

')2_S'R(I)' $?bli.?rl

Qhtt$"//L-,'6S+ON'_


9/21

< glance/manage dbsnc

Adding credentials in all configuration files

;dit 9etc9glance9glance/api.conf and 9etc9glance9glance/registr.conf and add

below lines under kestoneauthtoken section

PkestoneauthtokenQ

authhost B controller

authport B ==E

authprotocol B http

admintenantname B service

adminuser B glance

adminpassword B password

Add below lines under Pfilter5authtokenQ section of 9etc9glance9glance/api/

paste.ini Pfilter5authtokenQ

paste.filterfactorBkestoneclient.middleware.authtoken5filterfactor

authhostBcontroller

adminuserBglance

admintenantnameBservice

adminpasswordBpassword

-estart the glance service with its new settings.

< service glance/registr restart

< service glance/api restart

Create a sample image2ownload a sample image

< curl /O http599cdn.download.cirros/cloud.net9%..#9cirros/%..#/8*??&/

disk.img

!reate an image

< glance i"age$create %na"e&'CirrS *+*,- %dis!$for"at&qcow. %container$

for"at&bare %is$public&true / cirros$*+*,$012324$dis!*i"g

!heck the newl created image< glance image/list

Installing Cinder(bloc! storage) service

Install the appropriate pac"ages< apt/get install cinder/api cinder/scheduler cinder/volume lvm$

Configure the !loc" Storage Ser&ice;dit 9etc9cinder9cinder.conf and change the PdatabaseQ section.

connection B ms3l599cinder5passwordLcontroller9cinder

Create the required ta%les in !
http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.imghttp://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.imghttp://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.imghttp://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img


10/21

< cinder/manage db snc

Adding credentials in all configuration files

Add the credentials as in 9etc9cinder9api/paste.ini under filter5authtoken

section

Pfilter5authtokenQ


authhostBcontroller

authport B ==E

authprotocol B http


adminuserBcinder


-estart the cinder service with its new settings.

< service cinder/scheduler restart

< service cinder/api restart

Configure cinder ser&ice to use the (a%%itM);dit 9etc9cinder9cinder.conf file and set the following configuration kes under

2;:AUGT section

rpcbackend B cinder.openstack.common.rpc.implkombu

rabbithost B controller

rabbitport B =?E$

Configure required Physical and Logical VolumeAs mentioned earlier, we assume a spare disk 9dev9sdb is available and can

be used for this purpose.

< pvcreate 9dev9sdb

< vgcreate cinder/volumes 9dev9sdb

-estart the cinder service with its new settings.

< service cinder/volume restart

< service tgt restart

Installing te Nova Controller Services

Installing all pac"ages related to No&a< apt/get install nova/novncpro8 novnc nova/api nova/aVa8/console/pro8

nova/cert Z

nova/conductor nova/consoleauth nova/doc nova/scheduler pthon/

novaclientMa"ing necessary changes in no&a config file


11/21

'odif below parameters under default section in 9etc9nova9 nova.conf under

default section

P2;:AUGTQ

[

authstrategBkestone

mipB#%.#%.#%.#%

rpcbackend B nova.rpc.implkombu


?>?

neutronauthstrategBkestone

neutronadmintenantnameBservice

neutronadminusernameBneutron

neutronadminpasswordBpassword

neutronadminauthurlBhttp599controller5==E9v$.%

libvirtvifdriverBnova.virt.libvirt.vif.GibvirtHbridOJridge2river

linu8netinterfacedriverBnova.network.linu8net.Ginu8OJnterface2river

firewalldriverBnova.virt.firewall."oop:irewall2river

securitgroupapiBneutron

< 'etadata

neutronmetadatapro8sharedsecretBpassword

serviceneutronmetadatapro8Btrue

metadatalisten B #%.#%.#%.#%

metadatalistenport B *EE=

< !inder

volumeapiclassBnova.volume.cinder.A0

< +lance

glanceapiserversB#%.#%.#%.#%5>$>$imageserviceBnova.image.glance.+lancemageervice

< novnc

novncpro8portB?%*%

novncenabledBtrue

novncpro8baseurlBhttp599#>$.#?*.#.#%5?%*%9vncauto.html

vncserverpro8clientaddressB#%.#%.#%.##

ncserverlistenB#%.#%.#%.#%

0rovide the database detail in database section of nova config filePdatabaseQ

connection B ms3l599nova5passwordLcontroller9nova


12/21

Create the required ta%les for the no&a ser&ice$< nova/manage db snc

Pro&iding controller details in no&a api fileAdd the credentials in 9etc9nova9api/paste.ini

Pfilter5authtokenQpaste.filterfactorBkestoneclient.middleware.authtoken5filterfactor

authhostBcontroller

authport B ==E

authprotocol B http


adminuserBnova


(estart all ser&ice related to No&a< service nova/api restart

< service nova/cert restart

< service nova/consoleauth restart

< service nova/scheduler restart

< service nova/conductor restart

< service nova/novncpro8 restart

or,

< cd 9etc9init.d9Ifor i in \(ls nova/K)Ido service \i restartIdone

*erify the no&a configuration< nova image/list


13/21

controle8change B neutron

defaultnotificationlevel B ":O

PkestoneauthtokenQ

authhost B controller

authport B ==E

authprotocol B http


adminuser B neutron


signingdir B \statepath9kestone/signing

Add below lines in 9etc9neutron9api/paste.ini under Pfilter5authtokenQ section


adminuser B neutron


Configuring +pen&s'itch;dit 9etc9neutron9plugins9openvswitch9ovsneutronplugin.ini as mentioned

below

POJQ

tenantnetworktpe B gre

tunnelidranges B #5#%%%

enabletunneling B Truelocalip B #%.#%.#%.#%

PsecuritgroupQ

firewalldriver B

neutron.agent.linu8.iptablesfirewall.OJHbridptables:irewall2river

PdatabaseQ

connection B ms3l599neutron5passwordLcontroller9neutron

-estart "eutron and openvswitch service

9etc9init.d9neutron/server restart9etc9init.d9neutron/plugin/openvswitch/agent restart

Create an net'or" %ridge for internal communication< ovs/vsctl add/br br/int

Installing 5asboard(6ori7on)

Install pac"ages related to dash%oard< apt/get install memcached libapache$/mod/wsgi openstack/dashboard

(emo&e openstac",dash%oard,u%untu,theme pac"age< apt/get remove 1purge openstack/dashboard/ubuntu/theme


14/21


15/21


16/21



Configure networ!ing plug$in*

Creating %ridge for %oth e-ternal and internal traffic

0lease login using internal 0 #%.#%.#%.> thru controller and make belowchanges

Add the br/int integration bridge, which connects to the J's, and the br/e8

e8ternal bridge, which connects to the outside

< ovs/vsctl add/br br/int

< ovs/vsctl add/br br/e8

Add a port (connection) from the ;]T;-"AG"T;-:A!; interface to br/e8

interface5

< ovs/vsctl add/port br/e8 eth#

Configuring bridge!onfigure the eth# without an 0 address and in promiscuous mode and

assign the old 0 of eth# to newl created br/e8 interface

!hange the eth# entr in 9etc9network9interfaces, as follows5

auto eth#

iface eth# inet manual

up ip address add %9% dev \:A!;

up ip link set \:A!; up

down ip link set \:A!; down

Add br/e8 to 9etc9network9interfaces, as follows5

auto br/e8

iface br/e8 inet static

address #>$.#?*.#.>

netmask $==.$==.$==.%

gatewa #>$.#?*.#.#


-emove the 0 address from eth# add it to br/e8, as follows5

< ip addr del #>$.#?*.#.>9$& dev eth#

< ip addr add #>$.#?*.#.>9$& dev br/e8

-estart networking, as follows5


Configure l. agent

;dit 9etc9neutron9lagent.ini and add below linesinterfacedriver B neutron.agent.linu8.interface.OJnterface2river


17/21


18/21

(estart the required ser&ice9etc9init.d9neutron/plugin/openvswitch/agent restart

9etc9init.d9neutron/metadata/agent restart

9etc9init.d9neutron/l/agent restart

9etc9init.d9neutron/dhcp/agent restart

Installing Co"pute Node

Basic Configuration

Configuring NIC;dit network config files for internal and e8ternal network

$.#?*.#.##

netmask $==.$==.$==.%

gatewa #>$.#?*.#.#


-estart network service to reflect necessar changes


Upgrade the system

< apt/get update @@ apt/get dist/upgradeAdding Host Entry< vim 9etc9hosts

#%.#%.#%.> network

#%.#%.#%.#% controller

#%.#%.#%.## compute

Changing hostname


19/21

Configuring NTP< apt/get install ntp

Install the appropriate pac"ages< apt/get install pthon/ms3ldb pthon/software/properties

< add/apt/repositor cloud/archive5havana< apt/get install nova/compute/kvm pthon/novaclient pthon/guestfs

elect NesC when asked to create a supermin appliance during install.

< chmod %?&& 9boot9vmlinu4K

(emo&e the S)0ite ata%ase created %y the pac"ages< rm 9var9lib9nova9nova.s3lite

Configuring Co"pute Node

Ma"ing necessary changes in no&a configuration;dit 9etc9nova9nova.conf and add to the P2;:AUGTQ section.

P2;:AUGTQ

8

authstrategBkestone

ec$hostBcontroller

ec$urlBhttp599controller5*EE9services9!loud

rpcbackend B nova.rpc.implkombu


rabbitport B =?E$

rabbitpasswordBguest

mipB#%.#%.#%.##

$

imageserviceBnova.image.glance.+lancemageervice

?>?

neutronauthstrategBkestone

neutronadmintenantnameBservice

neutronadminusernameBneutron

neutronadminpasswordBpassword

neutronadminauthurlBhttp599controller5==E9v$.%


20/21

firewalldriverBnova.virt.firewall."oop:irewall2river

securitgroupapiBneutron

< !ompute

computedriverBlibvirt.Gibvirt2river

connectiontpeBlibvirt

< !inder

volumeapiclassBnova.volume.cinder.A0

< novnc

vncenabledBtrue

novncpro8baseurlBhttp599#>$.#?*.#.#%5?%*%9vncauto.html

novncpro8portB?%*%

vncserverpro8clientaddressB#%.#%.#%.##

vncserverlistenB#%.#%.#%.#%

PdatabaseQ

connection B ms3l599nova5passwordLcontroller9nova

Pro&iding controller authentication detail!op the file 9etc9nova9api/paste.ini from the controller node, or edit the file

to add the credentials in the Pfilter5authtokenQ section

Pfilter5authtokenQ


authhostBcontrollerauthport B ==E

authprotocol B http

adminuserBnova



-estart the !ompute service.

< service nova/compute restart

Configuring Networ! serviceInstalling all pac"ages related to &S'itch< apt/get install neutron/plugin/openvswitch/agent openvswitch/switch

openvswitch/datapath/dkms

Create a %ridge for internal communication< ovs/vsctl add/br br/int

Configuring &S'itch

;dit 9etc9neutron9plugins9openvswitch9ovsneutronplugin.ini file

PovsQ


21/21

tenantnetworktpe B gre

tunnelidranges B #5#%%%

enabletunneling B True

integrationbridge B br/int

tunnelbridge B br/tun

localip B #%.#%.#%.##

PsecuritgroupQ

firewalldriver B

neutron.agent.linu8.iptablesfirewall.OJHbridptables:irewall2river

Add below line in 9etc9neutron9neutron.conf


neutron.openstack.common.rpc.implkombu

-estart openvswitch service

< service openvswitch/switch restart

Havana Installation Guide

Documents

Transcript of Havana Installation Guide