Professional Documents
Culture Documents
As we wanted to have a dedicated node for network, we are using nodes(!ontroller, !ompute and "etwork) and each node has Ubuntu #$.%&.% 'inimum ()stem !onfiguration for each node is & core processor and * +, -A' and $ ".! . .n our environment we have used below configuration / Controller Compute Networking 0rocesser 1 0rocesser 1 0rocesser 1 & core & core $ core 'emor) 1 & 'emor) 1 * 'emor) 1 & +, +, +, 2isk 1 %% 2isk 1 2isk 1 +, %%+, %%+, ,elow are few ke)words which we will be using inside this document Controller Node: "ode responsible for most of the service related openstack and can be defined as nerve center. All re3uests are routed thru this one. Compute Node: -esponsible for managing virtual machine. H)pervisor is running on this node Network Node: This node is responsible for all network related service like dhcp,routing,bridging etc. Nova : !ompute service which provisions and manages virtual machines on
demand
Neutron : "etworking service which is responsible for network connectivity Glance: 0rovides a registr) of virtual machine images. !ompute uses it to provision instances Keystone: .dentit) service responsible for authentication and authori4ation Cinder:0rovides persistent block storage Horizon:2ashboard or a +U. for users to interact with all services related to openstack ,elow list shows services running on each node / Controller Compute Networking ')(3l 2, nova/ "eutron services 5 compute (dhcp,l ,metadata) -abbit'6(6ueuing) neutron/ plugin/ openvswitch/ agent
7e)stone(Authenticatio n +lance(.mage) nova/api,nova/ cert,nova/ consoleauth,nova/ scheduler,nova/ conductor,nova/ novncpro8) !inder(,lock (torage) 2ashboard(Hori4on) "eutron/server "eutron openvswitch plugin
Installing Controller
This (ection e8plains about installation of various service9component on !ontroller node. :or this we assume )ou have a freshl) installed Ubuntu/ #$.%&. machine with $ ".! and a spare disk or at least one unused partition.
-estart network service to reflect necessar) changes < service networking restart
Changing hostname
<hostname controller 'ake it permanent b) adding it in 9etc9hostname < vim 9etc9hostname
Configuring NTP
< apt/get install ntp
DpasswordFI !-;AT; 2ATA,A(; cinderI +-A"T AGG 0-.J.G;+;( O" cinder.K TO DcinderFLMlocalhostF .2;"T.:.;2 ,N DpasswordFI +-A"T AGG 0-.J.G;+;( O" cinder.K TO DcinderFLMOF .2;"T.:.;2 ,N DpasswordFI !-;AT; 2ATA,A(; glanceI +-A"T AGG 0-.J.G;+;( O" glance.K TO DglanceFLMlocalhostF .2;"T.:.;2 ,N DpasswordFI +-A"T AGG 0-.J.G;+;( O" glance.K TO DglanceFLMOF .2;"T.:.;2 ,N DpasswordFI !-;AT; 2ATA,A(; neutronI +-A"T AGG 0-.J.G;+;( O" neutron.K TO DneutronFLMlocalhostF .2;"T.:.;2 ,N DpasswordFI +-A"T AGG 0-.J.G;+;( O" neutron.K TO DneutronFLMOF .2;"T.:.;2 ,N DpasswordFI !-;AT; 2ATA,A(; ke)stoneI +-A"T AGG 0-.J.G;+;( O" ke)stone.K TO Dke)stoneFLMlocalhostF .2;"T.:.;2 ,N DpasswordFI +-A"T AGG 0-.J.G;+;( O" ke)stone.K TO Dke)stoneFLMOF .2;"T.:.;2 ,N DpasswordFI :GU(H 0-.J.G;+;(I ;O:
if C D ED #lt 4 FB then field=-@G @NH EAAelse field=-G @@ E I EAAfi e.ho J data- K a%: #HLC GtFMGGKC GtFML J!$rint field&done & # +enants ADMIN_+'NAN+= @:eystone tenant#.reate NnaOe=adOin K >re$ - id - K >et_field 2A S'R(I)'_+'NAN+= @:eystone tenant#.reate N naOe= S'R(I)'_+'NAN+_NAM' K >re$ - id - K >et_field 2A # 9sers ADMIN_9S'R= @:eystone ?ser#.reate NnaOe=adOin N $ass=- ADMIN_PASSWORD- NeOail=adOinPdoOain3.oO K >re$ - id - K >et_field 2A NO(A_9S'R= @:eystone ?ser#.reate NnaOe=nova N $ass=- S'R(I)'_PASSWORD- Ntenant#id S'R(I)'_+'NAN+ N eOail=novaPdoOain3.oO K >re$ - id - K >et_field 2A =8AN)'_9S'R= @:eystone ?ser#.reate NnaOe=>lan.e N $ass=- S'R(I)'_PASSWORD- Ntenant#id S'R(I)'_+'NAN+ N eOail=>lan.ePdoOain3.oO K >re$ - id - K >et_field 2A 79AN+9M_9S'R= @:eystone ?ser#.reate NnaOe=ne?tron N $ass=- S'R(I)'_PASSWORD- Ntenant#id S'R(I)'_+'NAN+ N eOail=ne?tronPdoOain3.oO K >re$ - id - K >et_field 2A )IND'R_9S'R= @:eystone ?ser#.reate NnaOe=.inder N $ass=- S'R(I)'_PASSWORD- Ntenant#id S'R(I)'_+'NAN+ N eOail=.inderPdoOain3.oO K >re$ - id - K >et_field 2A # Roles ADMIN_RO8'= @:eystone role#.reate NnaOe=adOin K >re$ - id - K >et_field 2A M'M;'R_RO8'= @:eystone role#.reate NnaOe=MeOber K >re$ - id - K >et_field 2A # Add Roles to 9sers in +enants :eystone ?ser#role#add N?ser#id ADMIN_9S'R Nrole#id ADMIN_RO8' N tenant#id ADMIN_+'NAN+ :eystone ?ser#role#add Ntenant#id S'R(I)'_+'NAN+ N?ser#id
NO(A_9S'R Nrole#id ADMIN_RO8' :eystone ?ser#role#add Ntenant#id S'R(I)'_+'NAN+ N?ser#id =8AN)'_9S'R Nrole#id ADMIN_RO8' :eystone ?ser#role#add Ntenant#id S'R(I)'_+'NAN+ N?ser#id 79AN+9M_9S'R Nrole#id ADMIN_RO8' :eystone ?ser#role#add Ntenant#id S'R(I)'_+'NAN+ N?ser#id )IND'R_9S'R Nrole#id ADMIN_RO8' # )reate servi.es )OMP9+'_S'R(I)'= @:eystone servi.e#.reate NnaOe nova Nty$e .oO$?te Ndes.ri$tion QO$enSta.: )oO$?te Servi.eL K >re$ - id - K >et_field 2A (O89M'_S'R(I)'= @:eystone servi.e#.reate NnaOe .inder Nty$e vol?Oe Ndes.ri$tion QO$enSta.: (ol?Oe Servi.eL K >re$ - id - K >et_field 2A IMA='_S'R(I)'= @:eystone servi.e#.reate NnaOe >lan.e Nty$e iOa>e N des.ri$tion QO$enSta.: IOa>e Servi.eL K >re$ - id - K >et_field 2A ID'N+I+6_S'R(I)'= @:eystone servi.e#.reate NnaOe :eystone Nty$e identity Ndes.ri$tion QO$enSta.: IdentityL K >re$ - id - K >et_field 2A ')2_S'R(I)'= @:eystone servi.e#.reate NnaOe e.2 Nty$e e.2 N des.ri$tion QO$enSta.: ')2 servi.eL K >re$ - id - K >et_field 2A N'+WOR,_S'R(I)'= @:eystone servi.e#.reate NnaOe ne?tron Nty$e net%or: Ndes.ri$tion QO$enSta.: Net%or:in> servi.eL K >re$ - id - K >et_field 2A # )reate end$oints :eystone end$oint#.reate Nre>ion ,'6S+ON'_R'=ION Nservi.e#id )OMP9+'_S'R(I)' N$?bli.?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"R11S/v2/ @tenant_idAsL NadOin?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"R11S/v2/ @tenant_idAsL Ninternal?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"R11S/v2/ @tenant_idAsL :eystone end$oint#.reate Nre>ion ,'6S+ON'_R'=ION Nservi.e#id (O89M'_S'R(I)' N$?bli.?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"R11T/vE/ @tenant_idAsL NadOin?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"R11T/vE/ @tenant_idAsL Ninternal?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"R11T/vE/ @tenant_idAsL :eystone end$oint#.reate Nre>ion ,'6S+ON'_R'=ION Nservi.e#id IMA='_S'R(I)' N$?bli.?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"U2U2V N adOin?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"U2U2V Ninternal?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"U2U2 :eystone end$oint#.reate Nre>ion ,'6S+ON'_R'=ION Nservi.e#id ID'N+I+6_S'R(I)' N$?bli.?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"0444/v234V N adOin?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"/0/01/v234V Ninternal?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"0444/v234V
:eystone end$oint#.reate Nre>ion ,'6S+ON'_R'=ION Nservi.e#id ')2_S'R(I)' N$?bli.?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"R11//servi.es/)lo?dL NadOin?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"R11//servi.es/AdOinL Ninternal?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"R11//servi.es/)lo?dL :eystone end$oint#.reate Nre>ion ,'6S+ON'_R'=ION Nservi.e#id N'+WOR,_S'R(I)' N$?bli.?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"UTUT/L N adOin?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"UTUT/L Ninternal?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"UTUT/L -un the script <chmod W8 populate.sh <.9 populate.sh Note : If you will get any error in script t e Clic! ere populate to download To list the users in ke)stone 5 < ke)stone user/list WXXXXXXXXXXX/WXXXWXXXWXXXXXX1W Y id Y name Y enabled Y email Y WXXXXXXXXXXX/WXXXWXXXWXXXXXX1W Y b$E%>b$$ a#&&$&daaEf f>$%$=>#=bE Y admin Y True Y adminLdomain.com Y Y ?d&&cfdcdca?&?b$>=debbEab#>* c%# Y cinder Y True Y cinderLdomain.com Y Y =$##&==EE*&a&a%?>$&eEea>acd>#d* Y glance Y True Y glanceLdomain.com Y Y dec%#&ed>$fE&>#e>?=$% &#*f#b# EE Y neutron Y True Y neutronLdomain.com Y Y E#>>E%*?b?E&&$*#>?a# #b=%aE%*?a% Y nova Y True Y novaLdomain.com Y WXXXXXXXXXXX/WXXXWXXXWXXXXXX1W
< glance/manage dbAs)nc Adding credentials in all configuration files ;dit 9etc9glance9glance/api.conf and 9etc9glance9glance/registr).conf and add below lines under ke)stoneAauthtoken section Pke)stoneAauthtokenQ authAhost B controller authAport B = =E authAprotocol B http adminAtenantAname B service adminAuser B glance adminApassword B password Add below lines under Pfilter5authtokenQ section of 9etc9glance9glance/api/ paste.ini Pfilter5authtokenQ paste.filterAfactor)Bke)stoneclient.middleware.authAtoken5filterAfactor) authAhostBcontroller adminAuserBglance adminAtenantAnameBservice adminApasswordBpassword -estart the glance service with its new settings. < service glance/registr) restart < service glance/api restart
< cinder/manage db s)nc Adding credentials in all configuration files Add the credentials as in 9etc9cinder9api/paste.ini under filter5authtoken section Pfilter5authtokenQ paste.filterAfactor)Bke)stoneclient.middleware.authAtoken5filterAfactor) authAhostBcontroller authAport B = =E authAprotocol B http adminAtenantAnameBservice adminAuserBcinder adminApasswordBpassword -estart the cinder service with its new settings. < service cinder/scheduler restart < service cinder/api restart
'odif) below parameters under default section in 9etc9nova9 nova.conf under default section P2;:AUGTQ [ authAstrateg)Bke)stone m)AipB#%.#%.#%.#% rpcAbackend B nova.rpc.implAkombu rabbitAhost B controller <networking networkAapiAclassBnova.network.neutronv$.api.A0. neutronAurlBhttp599controller5>?>? neutronAauthAstrateg)Bke)stone neutronAadminAtenantAnameBservice neutronAadminAusernameBneutron neutronAadminApasswordBpassword neutronAadminAauthAurlBhttp599controller5 = =E9v$.% libvirtAvifAdriverBnova.virt.libvirt.vif.GibvirtH)bridOJ(,ridge2river linu8netAinterfaceAdriverBnova.network.linu8Anet.Ginu8OJ(.nterface2river firewallAdriverBnova.virt.firewall."oop:irewall2river securit)AgroupAapiBneutron < 'etadata neutronAmetadataApro8)AsharedAsecretBpassword serviceAneutronAmetadataApro8)Btrue metadataAlisten B #%.#%.#%.#% metadataAlistenAport B *EE= < !inder volumeAapiAclassBnova.volume.cinder.A0. < +lance glanceAapiAserversB#%.#%.#%.#%5>$>$ imageAserviceBnova.image.glance.+lance.mage(ervice < novnc novncpro8)AportB?%*% novncAenabledBtrue novncpro8)AbaseAurlBhttp599#>$.#?*.#.#%5?%*%9vncAauto.html vncserverApro8)clientAaddressB#%.#%.#%.## ncserverAlistenB#%.#%.#%.#% 0rovide the database detail in database section of nova config file PdatabaseQ connection B m)s3l599nova5passwordLcontroller9nova
controlAe8change B neutron defaultAnotificationAlevel B .":O Pke)stoneAauthtokenQ authAhost B controller authAport B = =E authAprotocol B http adminAtenantAname B service adminAuser B neutron adminApassword B password signingAdir B \stateApath9ke)stone/signing Add below lines in 9etc9neutron9api/paste.ini under Pfilter5authtokenQ section adminAtenantAname B service adminAuser B neutron adminApassword B password
Configuring +pen&s'itch
;dit 9etc9neutron9plugins9openvswitch9ovsAneutronAplugin.ini as mentioned below POJ(Q tenantAnetworkAt)pe B gre tunnelAidAranges B #5#%%% enableAtunneling B True localAip B #%.#%.#%.#% Psecurit)groupQ firewallAdriver B neutron.agent.linu8.iptablesAfirewall.OJ(H)brid.ptables:irewall2river PdatabaseQ connection B m)s3l599neutron5passwordLcontroller9neutron -estart "eutron and openvswitch service 9etc9init.d9neutron/server restart 9etc9init.d9neutron/plugin/openvswitch/agent restart
Changing hostname
<hostname network 'ake the changes the permanentl) b) adding below line in 9etc9hostname network
Configuring NTP
< apt/get install ntp
adminAtenantAnameBservice adminApasswordBpassword
Configure networ!ing plug$in* Creating %ridge for %oth e-ternal and internal traffic
0lease login using internal .0 #%.#%.#%.> thru controller and make below changes Add the br/int integration bridge, which connects to the J's, and the br/e8 e8ternal bridge, which connects to the outside < ovs/vsctl add/br br/int < ovs/vsctl add/br br/e8 Add a port (connection) from the ;]T;-"AGA."T;-:A!; interface to br/e8 interface5 < ovs/vsctl add/port br/e8 eth#
Configuring bridge
!onfigure the eth# without an .0 address and in promiscuous mode and assign the old .0 of eth# to newl) created br/e8 interface !hange the eth# entr) in 9etc9network9interfaces, as follows5 auto eth# iface eth# inet manual up ip address add %9% dev \.:A!; up ip link set \.:A!; up down ip link set \.:A!; down Add br/e8 to 9etc9network9interfaces, as follows5 auto br/e8 iface br/e8 inet static address #>$.#?*.#.> netmask $==.$==.$==.% gatewa) #>$.#?*.#.# dns/nameservers *.*.*.* -emove the .0 address from eth# add it to br/e8, as follows5 < ip addr del #>$.#?*.#.>9$& dev eth# < ip addr add #>$.#?*.#.>9$& dev br/e8 -estart networking, as follows5 < service networking restart
Configure l. agent
;dit 9etc9neutron9l Aagent.ini and add below lines interfaceAdriver B neutron.agent.linu8.interface.OJ(.nterface2river
Changing hostname
<hostname network 'aking the changes the permanentl) b) adding below line in 9etc9hostname network
Configuring NTP
< apt/get install ntp
firewallAdriverBnova.virt.firewall."oop:irewall2river securit)AgroupAapiBneutron < !ompute computeAdriverBlibvirt.Gibvirt2river connectionAt)peBlibvirt < !inder volumeAapiAclassBnova.volume.cinder.A0. < novnc vncAenabledBtrue novncpro8)AbaseAurlBhttp599#>$.#?*.#.#%5?%*%9vncAauto.html novncpro8)AportB?%*% vncserverApro8)clientAaddressB#%.#%.#%.## vncserverAlistenB#%.#%.#%.#% PdatabaseQ connection B m)s3l599nova5passwordLcontroller9nova
Configuring &S'itch
;dit 9etc9neutron9plugins9openvswitch9ovsAneutronAplugin.ini file PovsQ
tenantAnetworkAt)pe B gre tunnelAidAranges B #5#%%% enableAtunneling B True integrationAbridge B br/int tunnelAbridge B br/tun localAip B #%.#%.#%.## Psecurit)groupQ firewallAdriver B neutron.agent.linu8.iptablesAfirewall.OJ(H)brid.ptables:irewall2river Add below line in 9etc9neutron9neutron.conf rabbitAhost B controller neutron.openstack.common.rpc.implAkombu -estart openvswitch service < service openvswitch/switch restart