Installation of Openstack three Node Cluster on CentOS 7 Part One

Posted on 282 views


So what is Openstack? OpenStack is a set of opensource software tools for building and managing cloud computing platforms for public and private clouds. We shall attempt to build a three-node openstack cluster as we experiment on the tools and check out the power, ingenuity, and innovation it wields. There are several guides on our site about openstack liberty and you can find them here. This exercise shall be split into parts as we proceed. We shall begin with the controller node and we hope it shall be a wonderful experience as you have already had before.

“Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, ambition inspired, and success achieved.”
– Hellen Keller

Server 1

Controller Node:
MariaDB, RabbitMQ, Memcached, httpd, Keystone, Glance, Nova API, Horizon

Centos 7 with the following Network Features:

[[email protected] ~]# ip  link show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0:  mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 52:54:00:15:00:d5 brd ff:ff:ff:ff:ff:ff

Preparation of the server

i. Install ntp

Install and configure network time protocol (ntp) for time synchronization and vim for editing files.

[[email protected] ~]#  yum -y install ntp
Loaded plugins: fastestmirror
Determining fastest mirrors
epel/x86_64/metalink                                                                      |  59 kB  00:00:00     
 * base:
 * epel:
 * extras:

You can install vim or any other text editor that you happen to be a fan of e.g Nano, Emacs etc.

 [[email protected] ~]# yum install vim

Configure ntp

[[email protected] ~]# vim /etc/ntp.conf

# Use public servers from the project.
# Please consider joining the pool (
#server iburst
#server iburst
#server iburst
#server iburst


Restart ntp service.

[[email protected] ~]# systemctl start ntpd

Set service to start at boot.

[[email protected] ~]# systemctl enable ntpd
Created symlink from /etc/systemd/system/ to /usr/lib/systemd/system/ntpd.service.

Ntp is a protocol and requires us to allow its services via the firewall. We can use firewalld to allow it as below:

[[email protected] ~]# firewall-cmd --add-service=ntp --permanent
[[email protected] ~]# firewall-cmd --reload

Let us now proceed and add OpenStack Queens repository to our controller node to be able to retrieve its packages.

sudo yum -y install centos-release-openstack-queens

Edit the repo file and ensure all are enabled with “enabled = 1” values as shown with the following examples.

sudo vim /etc/yum.repos.d/CentOS-OpenStack-queens.repo

It should look similar to below.

name=CentOS-7 - OpenStack queens

Next step is the installation of MariaDB 10.1 and make basic settings on it. Let us get going:

sudo yum --enablerepo=centos-openstack-queens install mariadb-server -y

Configure Database server by editing the /etc/my.cnf file.

# Disabling symbolic-links is recommended to prevent assorted security risks
### Within this [mysqld] section add the line below ###

Start and enable mariadb service.

sudo systemctl enable --now mariadb

Secure MariaDB installation.

# mysql_secure_installation

Finally, allow mysql on firewall and reload it to apply the changes. Do not forget to reload.

sudo firewall-cmd --add-service=mysql --permanent
sudo firewall-cmd --reload

After your database is up and running, let us go on with installation of packages. Let us install RabbitMQ and Memcahed and add openstack user to rabbitmq.

sudo yum --enablerepo=epel -y install rabbitmq-server memcached

Start and enable rabbitmq and memcached.

sudo systemctl enable --now rabbitmq-server memcached

Add openstack user. You can use any password for “password”

[[email protected] ~]# rabbitmqctl add_user openstack password
 Creating user "openstack" …
 [[email protected] ~]# rabbitmqctl set_permissions openstack "." "." ".*" 
 Setting permissions for user "openstack" in vhost "/" …

Add the following ports to firewall

[[email protected] ~]# firewall-cmd --add-port=11211/tcp,5672/tcp --permanent
 [[email protected] ~]# firewall-cmd --reload

We believe RabbitMQ and MySQL were successfully installed. If it is so, let us proceed with the installation of Identity service known as Keystone.

Keystone will require the use of a database to keep its records, therefore, we shall add a user and database for the same in the next step before installing the identity service. Keystone is an OpenStack service that provides API client authentication, service discovery, and distributed multi-tenant authorization by implementing OpenStack’s Identity API.

It requires a database and hence let us create one for it before installing it.

[[email protected] ~]# mysql -u root -p
## Enter the root password you set earlier
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

No entry for terminal type "xterm-termite";
using dumb terminal settings.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

## Create database for keystone
MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on keystone.* to keystone@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit;

Let us now install Keystone:

sudo yum --enablerepo=centos-openstack-queens,epel -y install openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi

Keystone configuration. Open the keystone configuration file and make the following changes

sudo vim vim /etc/keystone/keystone.conf

Set like below.

# oslo_cache.memcache_pool backends only). (list value)
memcache_servers =

# Under database look and edit the connection details as below with your machine details
connection = mysql+pymysql://keystone:[email protected]/keystone

# Under token add the provider line as shown below and you are good to go
provider = fernet

After that, issue the below commands to sync database, initialize keys and to define the host.

[[email protected] ~]#  su -s /bin/bash keystone -c "keystone-manage db_sync"
[[email protected] ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone 
[[email protected] ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[[email protected] ~]# export controller=

Bootstrap the keystone service as below and add the port 5000 in firewall.

[[email protected] ~]# keystone-manage bootstrap --bootstrap-password password --bootstrap-admin-url http://$controller:5000/v3/ --bootstrap-internal-url http://$controller:5000/v3/ --bootstrap-public-url http://$controller:5000/v3/ --bootstrap-region-id RegionOne

[[email protected] ~]# firewall-cmd --add-port=5000/tcp --permanent
[[email protected] ~]# firewall-cmd --reload

Create a soft link for the keystone configuration in httpd configuration and start httpd service.

 [[email protected] ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[[email protected] ~]# systemctl start httpd

In case httpd does not start and you receive an error similar to the one below, please check your selinux status

[[email protected] ~]# sestatus

If it is enabled, you have two choices; To either disable it or configure it. I permanently disabled it personally like below.

Start httpd and check its status

[[email protected] ~]# systemctl enable httpd
[[email protected] ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2018-08-09 11:17:51 EAT; 10min ago
     Docs: man:httpd(8)

We hope everything is going on well so far. The next step is to add Keystone projects. Projects are organizational units in the cloud to which you can assign users. Projects are also known as projects or accounts.

Users can be members of one or more projects. Roles define which actions users can perform. You assign roles to user-project pairs.(, 2018)

To create projects, we have to create environment variables first as below

[[email protected] ~]# vi ~/keystonerc


export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password ##Set the password that you used when creating the keystone bootstrap.
export OS_AUTH_URL=
export PS1='[\u@\h \W(keystone)]\$ '

Congrats guys. After that improve the security of the file by limiting read and write access and then source the file.

[[email protected] ~]# chmod 600 ~/keystonerc
[[email protected] ~]# source ~/keystonerc   
[[email protected] ~(keystone)] # Your terminal should change as this.
[[email protected] ~(keystone)]#  echo "source ~/keystonerc " >> ~/.bash_profile

Create the first project, you can describe it with any name you like.

[[email protected] ~]# openstack project create --domain default --description "First Project" service 
| Field       | Value                            |
| description | First Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 76d124ff821e4db5ad792a113b54724e |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
| tags        | []                               |

You can check the user list, role list, etc..

[[email protected] ~(keystone)]# openstack user list
| ID                               | Name  |
| 1f53dd25b3ee44218b36dd821c1d7dd9 | admin |
[[email protected] ~(keystone)]# openstack role list
| ID                               | Name  |
| 3a4ac06a15c64d73bb160de04174efb6 | admin |

I believe the session has been a good time as we take a brief break. The next part involves the addition of Glance image service to the controller node. Please stay tuned and thank you for indulging.

Next: Installation of Three node OpenStack Queens Cluster – Part Two


Gravatar Image
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.