So what is Openstack? OpenStack is a set of opensource software tools for building and managing cloud computing platforms for public and private clouds. We shall attempt to build a three-node openstack cluster as we experiment on the tools and check out the power, ingenuity, and innovation it wields. There are several guides on our site about openstack liberty and you can find them here. This exercise shall be split into parts as we proceed. We shall begin with the controller node and we hope it shall be a wonderful experience as you have already had before.
“Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, ambition inspired, and success achieved.”
– Hellen Keller
MariaDB, RabbitMQ, Memcached, httpd, Keystone, Glance, Nova API, Horizon
Centos 7 with the following Network Features:
[[email protected] ~]# ip link show 1: lo:
mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 52:54:00:15:00:d5 brd ff:ff:ff:ff:ff:ff
Preparation of the server
i. Install ntp
Install and configure network time protocol (ntp) for time synchronization and vim for editing files.
[[email protected] ~]# yum -y install ntp Loaded plugins: fastestmirror Determining fastest mirrors epel/x86_64/metalink | 59 kB 00:00:00 * base: repos-jnb.psychz.net * epel: fedora.cu.be * extras: repos-jnb.psychz.net
You can install vim or any other text editor that you happen to be a fan of e.g Nano, Emacs etc.
[[email protected] ~]# yum install vim
[[email protected] ~]# vim /etc/ntp.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst server 0.africa.pool.ntp.org server 1.africa.pool.ntp.org server 2.africa.pool.ntp.org server 3.africa.pool.ntp.org
Restart ntp service.
[[email protected] ~]# systemctl start ntpd
Set service to start at boot.
[[email protected] ~]# systemctl enable ntpd Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
Ntp is a protocol and requires us to allow its services via the firewall. We can use firewalld to allow it as below:
[[email protected] ~]# firewall-cmd --add-service=ntp --permanent success
[[email protected] ~]# firewall-cmd --reload success
Let us now proceed and add OpenStack Queens repository to our controller node to be able to retrieve its packages.
sudo yum -y install centos-release-openstack-queens
Edit the repo file and ensure all are enabled with “enabled = 1” values as shown with the following examples.
sudo vim /etc/yum.repos.d/CentOS-OpenStack-queens.repo
It should look similar to below.
[centos-openstack-queens] name=CentOS-7 - OpenStack queens baseurl=http://mirror.centos.org/centos/7/cloud/$basearch/openstack-queens/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud exclude=sip,PyQt4
Next step is the installation of MariaDB 10.1 and make basic settings on it. Let us get going:
sudo yum --enablerepo=centos-openstack-queens install mariadb-server -y
Configure Database server by editing the
[mysqld] # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 ### Within this [mysqld] section add the line below ### character-set-server=utf8
Start and enable mariadb service.
sudo systemctl enable --now mariadb
Secure MariaDB installation.
Finally, allow mysql on firewall and reload it to apply the changes. Do not forget to reload.
sudo firewall-cmd --add-service=mysql --permanent sudo firewall-cmd --reload
After your database is up and running, let us go on with installation of packages. Let us install RabbitMQ and Memcahed and add openstack user to rabbitmq.
sudo yum --enablerepo=epel -y install rabbitmq-server memcached
Start and enable rabbitmq and memcached.
sudo systemctl enable --now rabbitmq-server memcached
Add openstack user. You can use any password for “password”
[[email protected] ~]# rabbitmqctl add_user openstack password Creating user "openstack" … …done. [[email protected] ~]# rabbitmqctl set_permissions openstack "." "." ".*" Setting permissions for user "openstack" in vhost "/" …
Add the following ports to firewall
[[email protected] ~]# firewall-cmd --add-port=11211/tcp,5672/tcp --permanent success [[email protected] ~]# firewall-cmd --reload success
We believe RabbitMQ and MySQL were successfully installed. If it is so, let us proceed with the installation of Identity service known as Keystone.
Keystone will require the use of a database to keep its records, therefore, we shall add a user and database for the same in the next step before installing the identity service. Keystone is an OpenStack service that provides API client authentication, service discovery, and distributed multi-tenant authorization by implementing OpenStack’s Identity API.
It requires a database and hence let us create one for it before installing it.
[[email protected] ~]# mysql -u root -p ## Enter the root password you set earlier Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 2 Server version: 10.1.20-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. No entry for terminal type "xterm-termite"; using dumb terminal settings. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. ## Create database for keystone MariaDB [(none)]> create database keystone; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all privileges on keystone.* to [email protected]'localhost' identified by 'password'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all privileges on keystone.* to [email protected]'%' identified by 'password'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> exit; Bye
Let us now install Keystone:
sudo yum --enablerepo=centos-openstack-queens,epel -y install openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi
Keystone configuration. Open the keystone configuration file and make the following changes
sudo vim vim /etc/keystone/keystone.conf
Set like below.
# oslo_cache.memcache_pool backends only). (list value) memcache_servers = 192.168.122.130:11211 # Under database look and edit the connection details as below with your machine details [database] connection = mysql+pymysql://keystone:[email protected]/keystone # Under token add the provider line as shown below and you are good to go provider = fernet
After that, issue the below commands to sync database, initialize keys and to define the host.
[[email protected] ~]# su -s /bin/bash keystone -c "keystone-manage db_sync" [[email protected] ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone [[email protected] ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone [[email protected] ~]# export controller=192.168.122.130
Bootstrap the keystone service as below and add the port 5000 in firewall.
[[email protected] ~]# keystone-manage bootstrap --bootstrap-password password --bootstrap-admin-url http://$controller:5000/v3/ --bootstrap-internal-url http://$controller:5000/v3/ --bootstrap-public-url http://$controller:5000/v3/ --bootstrap-region-id RegionOne [[email protected] ~]# firewall-cmd --add-port=5000/tcp --permanent success [[email protected] ~]# firewall-cmd --reload success
Create a soft link for the keystone configuration in httpd configuration and start httpd service.
[[email protected] ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ [[email protected] ~]# systemctl start httpd
In case httpd does not start and you receive an error similar to the one below, please check your selinux status
[[email protected] ~]# sestatus
If it is enabled, you have two choices; To either disable it or configure it. I permanently disabled it personally like below.
Start httpd and check its status
[[email protected] ~]# systemctl enable httpd [[email protected] ~]# systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2018-08-09 11:17:51 EAT; 10min ago Docs: man:httpd(8) man:apachectl(8)
We hope everything is going on well so far. The next step is to add Keystone projects. Projects are organizational units in the cloud to which you can assign users. Projects are also known as projects or accounts.
Users can be members of one or more projects. Roles define which actions users can perform. You assign roles to user-project pairs.(OPenstack.org, 2018)
To create projects, we have to create environment variables first as below
[[email protected] ~]# vi ~/keystonerc
export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=password ##Set the password that you used when creating the keystone bootstrap. export OS_AUTH_URL=http://192.168.122.130:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 export PS1='[\[email protected]\h \W(keystone)]\$ '
Congrats guys. After that improve the security of the file by limiting read and write access and then source the file.
[[email protected] ~]# chmod 600 ~/keystonerc [[email protected] ~]# source ~/keystonerc [[email protected] ~(keystone)] # Your terminal should change as this. [[email protected] ~(keystone)]# echo "source ~/keystonerc " >> ~/.bash_profile
Create the first project, you can describe it with any name you like.
[[email protected] ~]# openstack project create --domain default --description "First Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | First Project | | domain_id | default | | enabled | True | | id | 76d124ff821e4db5ad792a113b54724e | | is_domain | False | | name | service | | parent_id | default | | tags |  | +-------------+----------------------------------+
You can check the user list, role list, etc..
[[email protected] ~(keystone)]# openstack user list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 1f53dd25b3ee44218b36dd821c1d7dd9 | admin | +----------------------------------+-------+ [[email protected] ~(keystone)]# openstack role list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 3a4ac06a15c64d73bb160de04174efb6 | admin | +----------------------------------+-------+
I believe the session has been a good time as we take a brief break. The next part involves the addition of Glance image service to the controller node. Please stay tuned and thank you for indulging.