Introduction
So what is Openstack? OpenStack is a set of opensource software tools for building and managing cloud computing platforms for public and private clouds. We shall attempt to build a three-node openstack cluster as we experiment on the tools and check out the power, ingenuity, and innovation it wields. There are several guides on our site about openstack liberty and you can find them here. This exercise shall be split into parts as we proceed. We shall begin with the controller node and we hope it shall be a wonderful experience as you have already had before.
“Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, ambition inspired, and success achieved.”
– Hellen Keller
Server 1
Controller Node:
MariaDB, RabbitMQ, Memcached, httpd, Keystone, Glance, Nova API, Horizon
Centos 7 with the following Network Features:
[root@controller ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 52:54:00:15:00:d5 brd ff:ff:ff:ff:ff:ff
Preparation of the server
i. Install ntp
Install and configure network time protocol (ntp) for time synchronization and vim for editing files.
[root@controller ~]# yum -y install ntp
Loaded plugins: fastestmirror
Determining fastest mirrors
epel/x86_64/metalink | 59 kB 00:00:00
* base: repos-jnb.psychz.net
* epel: fedora.cu.be
* extras: repos-jnb.psychz.net
You can install vim or any other text editor that you happen to be a fan of e.g Nano, Emacs etc.
[root@controller ~]# yum install vim
Configure ntp
[root@controller ~]# vim /etc/ntp.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 0.africa.pool.ntp.org
server 1.africa.pool.ntp.org
server 2.africa.pool.ntp.org
server 3.africa.pool.ntp.org
Restart ntp service.
[root@controller ~]# systemctl start ntpd
Set service to start at boot.
[root@controller ~]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
Ntp is a protocol and requires us to allow its services via the firewall. We can use firewalld to allow it as below:
[root@controller ~]# firewall-cmd --add-service=ntp --permanent
success
[root@controller ~]# firewall-cmd --reload
success
Let us now proceed and add OpenStack Queens repository to our controller node to be able to retrieve its packages.
sudo yum -y install centos-release-openstack-queens
Edit the repo file and ensure all are enabled with “enabled = 1” values as shown with the following examples.
sudo vim /etc/yum.repos.d/CentOS-OpenStack-queens.repo
It should look similar to below.
[centos-openstack-queens]
name=CentOS-7 - OpenStack queens
baseurl=http://mirror.centos.org/centos/7/cloud/$basearch/openstack-queens/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud
exclude=sip,PyQt4
Next step is the installation of MariaDB 10.1 and make basic settings on it. Let us get going:
sudo yum --enablerepo=centos-openstack-queens install mariadb-server -y
Configure Database server by editing the /etc/my.cnf
file.
[mysqld]
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
### Within this [mysqld] section add the line below ###
character-set-server=utf8
Start and enable mariadb service.
sudo systemctl enable --now mariadb
Secure MariaDB installation.
# mysql_secure_installation
Finally, allow mysql on firewall and reload it to apply the changes. Do not forget to reload.
sudo firewall-cmd --add-service=mysql --permanent
sudo firewall-cmd --reload
After your database is up and running, let us go on with installation of packages. Let us install RabbitMQ and Memcahed and add openstack user to rabbitmq.
sudo yum --enablerepo=epel -y install rabbitmq-server memcached
Start and enable rabbitmq and memcached.
sudo systemctl enable --now rabbitmq-server memcached
Add openstack user. You can use any password for “password”
[root@controller ~]# rabbitmqctl add_user openstack password
Creating user "openstack" …
…done.
[root@controller ~]# rabbitmqctl set_permissions openstack "." "." ".*"
Setting permissions for user "openstack" in vhost "/" …
Add the following ports to firewall
[root@controller ~]# firewall-cmd --add-port={11211/tcp,5672/tcp} --permanent
success
[root@controller ~]# firewall-cmd --reload
success
We believe RabbitMQ and MySQL were successfully installed. If it is so, let us proceed with the installation of Identity service known as Keystone.
Keystone will require the use of a database to keep its records, therefore, we shall add a user and database for the same in the next step before installing the identity service. Keystone is an OpenStack service that provides API client authentication, service discovery, and distributed multi-tenant authorization by implementing OpenStack’s Identity API.
It requires a database and hence let us create one for it before installing it.
[root@controller ~]# mysql -u root -p
## Enter the root password you set earlier
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
No entry for terminal type "xterm-termite";
using dumb terminal settings.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
## Create database for keystone
MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on keystone.* to keystone@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit;
Bye
Let us now install Keystone:
sudo yum --enablerepo=centos-openstack-queens,epel -y install openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi
Keystone configuration. Open the keystone configuration file and make the following changes
sudo vim vim /etc/keystone/keystone.conf
Set like below.
# oslo_cache.memcache_pool backends only). (list value)
memcache_servers = 192.168.122.130:11211
# Under database look and edit the connection details as below with your machine details
[database]
connection = mysql+pymysql://keystone:[email protected]/keystone
# Under token add the provider line as shown below and you are good to go
provider = fernet
After that, issue the below commands to sync database, initialize keys and to define the host.
[root@controller ~]# su -s /bin/bash keystone -c "keystone-manage db_sync"
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# export controller=192.168.122.130
Bootstrap the keystone service as below and add the port 5000 in firewall.
[root@controller ~]# keystone-manage bootstrap --bootstrap-password password --bootstrap-admin-url http://$controller:5000/v3/ --bootstrap-internal-url http://$controller:5000/v3/ --bootstrap-public-url http://$controller:5000/v3/ --bootstrap-region-id RegionOne
[root@controller ~]# firewall-cmd --add-port=5000/tcp --permanent
success
[root@controller ~]# firewall-cmd --reload
success
Create a soft link for the keystone configuration in httpd configuration and start httpd service.
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@controller ~]# systemctl start httpd
In case httpd does not start and you receive an error similar to the one below, please check your selinux status
[root@controller ~]# sestatus
If it is enabled, you have two choices; To either disable it or configure it. I permanently disabled it personally like below.
Start httpd and check its status
[root@controller ~]# systemctl enable httpd
[root@controller ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2018-08-09 11:17:51 EAT; 10min ago
Docs: man:httpd(8)
man:apachectl(8)
We hope everything is going on well so far. The next step is to add Keystone projects. Projects are organizational units in the cloud to which you can assign users. Projects are also known as projects or accounts.
Users can be members of one or more projects. Roles define which actions users can perform. You assign roles to user-project pairs.(OPenstack.org, 2018)
To create projects, we have to create environment variables first as below
[root@controller ~]# vi ~/keystonerc
Add
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password ##Set the password that you used when creating the keystone bootstrap.
export OS_AUTH_URL=http://192.168.122.130:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[\u@\h \W(keystone)]\$ '
Congrats guys. After that improve the security of the file by limiting read and write access and then source the file.
[root@controller ~]# chmod 600 ~/keystonerc
[root@controller ~]# source ~/keystonerc
[root@controller ~(keystone)] # Your terminal should change as this.
[root@controller ~(keystone)]# echo "source ~/keystonerc " >> ~/.bash_profile
Create the first project, you can describe it with any name you like.
[root@controller ~]# openstack project create --domain default --description "First Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | First Project |
| domain_id | default |
| enabled | True |
| id | 76d124ff821e4db5ad792a113b54724e |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
You can check the user list, role list, etc..
[root@controller ~(keystone)]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 1f53dd25b3ee44218b36dd821c1d7dd9 | admin |
+----------------------------------+-------+
[root@controller ~(keystone)]# openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 3a4ac06a15c64d73bb160de04174efb6 | admin |
+----------------------------------+-------+
I believe the session has been a good time as we take a brief break. The next part involves the addition of Glance image service to the controller node. Please stay tuned and thank you for indulging.
Next: Installation of Three node OpenStack Queens Cluster – Part Two