Skip to main content

Install OpenStack from Source

Installing OpenStack has always been challenging. Due to the complexity and varity of design choices involved in setting up OpenStack, automated installers are rare. For those who need a small but realistic setup, to be used either for development or learning, a manual installation using the desired distribution's packages has been the typical solution. Distribution packages simplify the process, however they come with compromises.
First, packages are only updated monthly, so the wait for patches is slow. Additionally so far the QA process for the various distributions is a little spotty, so the if a package is broken when the update occurs is may be a month until the problem is fixed. Secondly applying a much needed patch from source may break a package installation or have the patch overwritten when a package update occurs.
For those testing or developing OpenStack, using a package based install would be impossible, since the packagers place files in difference locations and make it impossible to push source files to the OpenStack github based repos. For this most developer use devstack as their install vehicle. Devstack is a great tool to get a simple OpenStack environment running but It can be cranky and difficult to get multi-machine OpenStack environments running.
The choice is to install OpenStack from source. For most folks, source installs are undesirable and messy, but since OpenStack is completely written in python, source installs eliminate the temperamental and slow compilation step. Additionally since each service also has its own python requirements file, the python installer uses pip to install any python dependencies. This greatly simplifies the installation process and results in an install that can be used for either development or production. It is worth noting that some newer OpenStack installer projects such as stackforge's os-ansible-deployment have moved to source installs. Currently it is located at this stackforge GitHub repository. The ansible installer is now part of the OpenStack big tent efforts and shortly will be located at a repository within the openstack organization.
This discussion demonstrates how to install OpenStack from source onto three machines using Ubuntu 14.04 LTS as the base OS. The three nodes consist of compute, network and controller nodes, using separate control and data planes, an access/API network and one external network connection. Each node needs at least 3 NIC cards (the network node needs 4). Users are able to create simple legacy routers and an external provider router. The following diagram gives a physical representation of the final OpenStack system.
OpenStack Diagram
This install uses KVM, running through libvirt, for virtualization, but it can be easily modified to use QEMU for those who have hardware that doesn't fully support virtualization. The compute nodes needs to be tested to verify that the CPU(s) can support KVM by running:
egrep -c '(vmx|svm)' /proc/cpuinfo
The output should be 1 or higher to be able to use KVM for virtualization. An output of 0 means you have to use QEMU for virtualization.
The basic source install process for each node is straightforward and similar for each service that runs on a node. To install an OpenStack service we need to complete the following for each:
  1. For proper security each service will run as a separate non-root user
    1. create users for each service
    2. create home directories for the service and other needed directories, i.e. log, lib, and etc.
    3. set proper ownership of the directories and files
  2. Clone the OpenStack service's repository
    1. copy any provided sample configuration files to the etc directory
    2. edit the configuration files setting any needed parameters
    3. install the service using the provided python install script
  3. Configure the service and create upstart scripts to start/stop the service
  4. Lastly start the service.
Let's get started installing keystone on the controller node.
Begin by updating all three of your nodes. On all nodes run:
apt-get update; apt-get dist-upgrade -y;reboot
Set some initial shell variables which are used in the installation to simplify the install process. MY_IP and MY_PRIVATE_IP should be the IP for the NIC card on the controller to which the the management plane is assigned. Again perform this on all three nodes.
cat >> .bashrc << EOF
MY_IP=10.0.1.4
MY_PRIVATE_IP=10.0.1.4
MY_PUBLIC_IP=10.0.0.4
EOF

source .bashrc
Install RabbitMQ and set rabbit to only listen on the control plane interface:
apt-get install -y rabbitmq-server

cat >> /etc/rabbitmq/rabbitmq-env.conf <<EOF
RABBITMQ_NODE_IP_ADDRESS=$MY_PRIVATE_IP
EOF
chmod 644 /etc/rabbitmq/rabbitmq-env.conf

service rabbitmq-server restart
Install mysql and set it to listen on the control plane interface (set the mysql root password to mysql for this example. Use a more complex password in production.):
apt-get install -y mysql-server

sed -i "s/127.0.0.1/$MY_PRIVATE_IP\nskip-name-resolve\ncharacter-set-server = utf8\ncollation-server = utf8_general_ci\ninit-connect = 'SET NAMES utf8'/g" /etc/mysql/my.cnf

restart mysql
Use mysql_secure_installation to remove the anonymous user:
mysql_secure_installation
Create the database for keystone and set access permissions for the keystone user:
mysql  -u root -pmysql -e "create database keystone;"
mysql  -u root -pmysql -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"
mysql  -u root -pmysql -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"
Install additional needed apt dependencies and needed pip packages:
apt-get install -y python-dev libmysqlclient-dev libffi-dev libssl-dev
pip install python-glanceclient python-keystoneclient python-openstackclient
pip install repoze.lru pbr mysql-python
Create the various users and directories needed for the OpenStack services. The following script creates these for each of the services on the controller node and should be run using bash (not sh): (a similar script is available for the network and compute nodes with fewer services)
for SERVICE in keystone glance neutron nova cinder
do
useradd --home-dir "/var/lib/$SERVICE" \
    --create-home \
    --system \
    --shell /bin/false \
    $SERVICE

#Create essential dirs

mkdir -p /var/log/$SERVICE
mkdir -p /etc/$SERVICE

#Set ownership of the dirs

chown -R $SERVICE:$SERVICE /var/log/$SERVICE
chown -R $SERVICE:$SERVICE /var/lib/$SERVICE
chown $SERVICE:$SERVICE /etc/$SERVICE

#Some neutron only dirs

if [ "$SERVICE" == 'neutron' ]
  then
    mkdir -p /etc/neutron/plugins/ml2
    mkdir -p /etc/neutron/rootwrap.d
    chown -R neutron:neutron /etc/neutron/plugins
fi
done
Clone the keystone github repo move into the newly created keystone directory and use the python install process to install keystone: ( this can be changed to point to any release by changing the kilo in the next line, or to install from trunk by removing the -b stable/kilo)
git clone https://github.com/openstack/keystone.git -b stable/kilo
cp -R keystone/etc/* /etc/keystone/
cd keystone
python setup.py install
EOF
Copy the sample keystone conf file provided by the keystone project and set the database and token info within the file: Note: For a production system, set a more complex token than what is used in this example.
mv  /etc/keystone/keystone.conf.sample /etc/keystone/keystone.conf
sed -i "s|database]|database]\nconnection = mysql://keystone:keystone@$MY_IP/keystone|g" /etc/keystone/keystone.conf
sed -i 's/#admin_token = ADMIN/admin_token = SuperSecreteKeystoneToken/g' /etc/keystone/keystone.conf
cd ~
Use the keystone tools to create the tables within the keystone database:
keystone-manage db_sync
Set keystone for proper log rotation:
cat >> /etc/logrotate.d/keystone << EOF
/var/log/keystone/*.log {
    daily
    missingok
    rotate 7
    compress
    notifempty
    nocreate
}
EOF
OpenStack does not provide any start up scripts for the services. The script needed depends on the distribution and whether an upstart or a systemd script is needed. For Ubuntu 14.04, an upstart script is needed. The following is an upstart script that starts the keystone service (this is a slightly modified version from the Ubuntu package install):
Keystone Upstart script
cat > /etc/init/keystone.conf << EOF
description "Keystone API server"
author "Soren Hansen <soren@linux2go.dk>"

start on runlevel [2345]
stop on runlevel [!2345]

respawn

exec start-stop-daemon --start --chuid keystone --chdir /var/lib/keystone --name keystone --exec /usr/local/bin/keystone-all -- --config-file=/etc/keystone/keystone.conf  --log-file=/var/log/keystone/keystone.log
EOF

start keystone
Verify that keystone started:
ps aux|grep keystone
If for some reason keystone doesn't start, the following can be used to try to start keystone for troubleshooting: (only run this if the previous step doesn't show a keystone process running)
sudo -u keystone /usr/local/bin/keystone-all --config-file=/etc/keystone/keystone.conf  --log-file=/var/log/keystone/keystone.log
Create the credentials files used by the openstack commands to authenticate to keystone:
cat >> openrc_admin << EOF
export OS_SERVICE_TOKEN=SuperSecreteKeystoneToken
export OS_SERVICE_ENDPOINT=http://$MY_IP:35357/v2.0
EOF

cat >> openrc << EOF
export OS_USERNAME=admin
export OS_PASSWORD=secrete
export OS_TENANT_NAME=demo
export OS_AUTH_URL=http://$MY_IP:35357/v2.0
export OS_REGION_NAME=RegionOne
EOF
Set up the keystone's PKI infrastructure:
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
Load the shell variables needed to access keystone and verify that it is responding:
source openrc_admin
keystone tenant-list
Initialize some shell variables used by the sample_data script that populates keystone with its initial data:
export CONTROLLER_PUBLIC_ADDRESS=$MY_IP
export CONTROLLER_ADMIN_ADDRESS=$MY_IP
export CONTROLLER_INTERNAL_ADDRESS=$MY_IP
Use the supplied sample data script to populate keystone with initial service information and endpoints:
./keystone/tools/sample_data.sh
Verify that there is valid data in keystone:
keystone tenant-list
keystone user-list
keystone service-list
keystone endpoint-list
Congratulations, keystone should now be installed and running. In the next article of this series, we will install glance and neutron on the controller node.

Comments

Post a Comment

Popular posts from this blog

What Why How SDN..???????

What is SDN?   If you follow any number of news feeds or vendor accounts on Twitter, you've no doubt noticed the term "software-defined networking" or SDN popping up more and more lately. Depending on whom you believe, SDN is either the most important industry revolution since Ethernet or merely the latest marketing buzzword (the truth, of course, probably falls somewhere in between). Few people from either camp, however, take the time to explain what SDN actually means. This is chiefly because the term is so new and different parties have been stretching it to encompass varying definitions which serve their own agendas. The phrase "software-defined networking" only became popular over roughly the past eighteen months or so. So what the hell is it? Before we can appreciate the concept of SDN, we must first examine how current networks function. Each of the many processes of a router or switch can be assigned to one of three conceptual planes of operatio...
1 comment
Read more

NETWORKING BASICS

This article is referred from windowsnetworking.com In this article series, I will start with the absolute basics, and work toward building a functional network. In this article I will begin by discussing some of the various networking components and what they do. If you would like to read the other parts in this article series please go to: Networking Basics: Part 2 - Routers Networking Basics: Part 3 - DNS Servers Networking Basics: Part 4 - Workstations and Servers Networking Basics: Part 5 - Domain Controllers Networking Basics: Part 6 - Windows Domain Networking Basics: Part 7 - Introduction to FSMO Roles Networking Basics: Part 8 - FSMO Roles continued Networking Basics: Part 9 – Active Directory Information Networking Basics: Part 10 - Distinguished Names Networking Basics, Part 11: The Active Directory Users and Computers Console Networking Basics: Part 12 - User Account Management Networking Basics: Part 13 - Creating ...
1 comment
Read more

How to install and setup Docker on RHEL 7/CentOS 7

H ow do I install and setup Docker container on an RHEL 7 (Red Hat Enterprise Linux) server? How can I setup Docker on a CentOS 7? How to install and use Docker CE on a CentOS Linux 7 server? Docker is free and open-source software. It automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Typically you develop software on your laptop/desktop. You can build a container with your app, and it can test run on your computer. It will scale in cloud, VM, VPS, bare-metal and more. There are two versions of docker. The first one bundled with RHEL/CentOS 7 distro and can be installed with the yum. The second version distributed by the Docker project called docker-ce (community free version) and can be installed by the official Docker project repo. The third version distributed by the Docker project called docker-ee (Enterprise paid version) and can be installed by the official Docker project repo.  This page shows...
1 comment
Read more