19844
Comment:
|
1047
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
= HOWTO: Openstack on Debian GNU/Linux unstable (sid) = | #language en |
Line 3: | Line 3: |
This howto aims to provide guidelines to install & set up a multi-node Openstack-Compute (aka Nova) environment. | = Installing OpenStack with OCI (OpenStack Cluster Installer) = |
Line 5: | Line 5: |
This environment will include : | The Debian way to install OpenStack using an installer directly in Debian may be found here: |
Line 7: | Line 7: |
* one “proxy” node (host name '''<proxy.host>''') with the following services : * nova-api * nova-scheduler * glance * keystone * mysql * rabbitmq * memcached * one or more pure “compute” (host name '''<computeNN.host>''') nodes with the following services : * nova-compute * nova-network * nova-api (with only the metadata api enabled) |
https://salsa.debian.org/openstack-team/debian/openstack-cluster-installer |
Line 20: | Line 9: |
== CONVENTIONS == | Otherwise, you may read the old howto below... |
Line 22: | Line 11: |
In formatted blocks : * command lines starting with a '''#''' must be ran as root. * values between '''<''' and '''>''' must be replaced by your values. |
= Old stuff: OpenStack Howtos index = |
Line 26: | Line 13: |
== PREREQUISITES == | All these howtos have been tested under Wheezy, with some backports from Experimental. |
Line 28: | Line 15: |
Things to prepare beforehand : | * Installing !OpenStack 2012.1 (Essex) which is shipped with Wheezy: [[OpenStackHowto/Essex]] |
Line 30: | Line 17: |
* Machines : * They should have two network interfaces to ensure security. If only one interface is used the private part is more exposed to attacks coming from the public part. * a _public_ one to communicate with the outside world * a _private_ one for the guests VLans * Network : * public network * private network. If the machines are not on a LAN, [[L2-openvpn|create one with OpenVPN]]. * fixed ip range for guests * number of networks for guests * network size for guests * public “floating” IPs (optional) * echo 1 > /proc/sys/net/ipv4/ip_forward * echo "nbd max_part=65" >> /etc/modules # to enable key-file, network & metadata injection into instances images * Distribution : * Debian GNU/Linux squeeze * Add wheezy and sid in the /etc/apt/sources.list * apt-get update |
* !OpenStack 2012.2 (Folsom) (also applies for Grizzly): [[OpenStackHowto/Folsom]] |
Line 48: | Line 19: |
* !OpenStack Networking with Quantum: [[OpenStackHowto/Quantum]] | |
Line 49: | Line 21: |
== IMPORTANT == | * Installing !OpenStack with Puppet Howto: OpenStackPuppetHowto |
Line 51: | Line 23: |
This HOWTO is valid for the Openstack Nova packages labelled 2012.1~e2, currently available in Debian GNU/Linux unstable sid and might need some adjustments with later versions. | * Installing !OpenStack with Razor howto: OpenStackRazorHowto |
Line 53: | Line 25: |
== Technical Choices == | * Running !OpenStack with Ceph as storage back-end: OpenStackCephHowto * Upgrade from Grizzly to Havana [[OpenStackHowto/Upgrades]] |
Line 55: | Line 29: |
We will be using : * "Multi-host VLan networking mode":http://docs.openstack.org/diablo/openstack-compute/admin/content/networking-options.html * Keystone for authentication * KVM as hypervisor * MySql as database backend == Installation == === proxy node: === ==== Hostname ==== In the following replace '''<proxy.host>''' with the actual hostname of the machine chosen to be the proxy node. ==== Packages installation ==== Install dependencies: {{{# apt-get install -y mysql-server rabbitmq-server memcached}}} Note : do not set the MySQL password or add the -p option to all mysql related commands below. In '''/etc/mysql/my.cnf''' modify the '''bind-address''' value to read : {{{bind-address = 0.0.0.0}}} (or better, instead of '''0.0.0.0''', the IP address of a private interface on which other compute nodes can join the proxy.) And restart the mysql server : {{{# /etc/init.d/mysql restart}}} Create two MySql databases and associated users : {{{ # mysqladmin create nova # mysql -e "grant all on nova.* to '<nova_user>' identified by '<nova_secret>'" # mysqladmin flush-privileges }}} Now install Openstack packages : {{{# apt-get install -y nova-api nova-scheduler glance keystone}}} ==== Configuration ==== ===== Keystone ===== Answer the debconf questions and chose the defaults. Add a project (tenant) and an admin user : {{{ # keystone-manage tenant add admin # keystone-manage user add admin <admin_password> # keystone-manage role grant Admin admin admin # keystone-manage role grant Admin admin # keystone-manage role grant KeystoneAdmin admin # keystone-manage role grant KeystoneServiceAdmin admin }}} Add services : {{{ # keystone-manage service add nova compute "Nova Compute Service" # keystone-manage service add ec2 ec2 "EC2 Compatibility Layer" # keystone-manage service add glance image "Glance Image Service" # keystone-manage service add keystone identity "Keystone Identity Service" }}} Endpoint templates for the region : {{{ # keystone-manage endpointTemplates add RegionOne nova http://<proxy.host>:8774/v1.1/%tenant_id% http://<proxy.host>:8774/v1.1/%tenant_id% http://<proxy.host>:8774/v1.1/%tenant_id% 1 1 # keystone-manage endpointTemplates add RegionOne ec2 http://<proxy.host>:8773/services/Cloud http://<proxy.host>:8773/services/Admin http://<proxy.host>:8773/services/Cloud 1 1 # keystone-manage endpointTemplates add RegionOne glance http://<proxy.host>:9292/v1/%tenant_id% http://<proxy.host>:9292/v1/%tenant_id% http://<proxy.host>:9292/v1/%tenant_id% 1 1 # keystone-manage endpointTemplates add RegionOne keystone http://<proxy.host>:5000/v2.0 http://<proxy.host>:35357/v2.0 http://<proxy.host>:5000/v2.0 1 1 }}} And finally, a service token with a «far far away» expiration date (used by other services to talk to keystone) and the credentials for the admin account : {{{ # keystone-manage token add <service_token> admin admin 2047-12-31T13:37 # keystone-manage credentials add admin EC2 'admin' '<admin_password>' admin }}} *NOTE* The '''<service_token>''' value will be pasted into nova and glance configs later. ===== Glance ===== In the file '''/etc/glance/glance-api-paste.conf''' : * Section '''pipeline:glance-api''' : * comment the line : {{{pipeline = versionnegotiation context apiv1app}}} * and uncomment : {{{pipeline = versionnegotiation authtoken auth-context apiv1app}}} * Section '''filter:authtoken''': * Update the following host definitions to use '''<proxy.host>''' : * '''service_host''' * '''auth_host''' * '''auth_uri''' * Paste the previously generated service token in '''admin_token''' * {{{admin_token = <service_token>}}} In the file '''/etc/glance/glance-registry-paste.conf''' : * Section '''pipeline:glance-registry''' : * comment the line : {{{pipeline = context registryapp}}} * and uncomment : {{{pipeline = authtoken auth-context registryapp}}} * Section '''filter.authtoken''': * Update the following host definitions to use '''<proxy.host>''' : * '''service_host''' * '''auth_host''' * '''auth_uri''' * Paste the previously generated service token in '''admin_token''' * {{{admin_token = <service_token>}}} Restart glance : {{{ # /etc/init.d/glance-api restart # /etc/init.d/glance-registry restart }}} ===== Nova ===== In the file '''/etc/nova/api-paste.ini''' : * In sections '''pipeline:ec2cloud''' and '''pipeline:ec2admin''' : * Replace "'''ec2noauth'''" with "'''authtoken keystonecontext'''" * In section '''pipeline:openstack_api_v2''': * Replace "'''noauth'''" with "'''authtoken keystonecontext'''" * Add the following sections and replace '''<proxy.host>''' and '''<service_token>''' : {{{ [filter:keystonecontext] paste.filter_factory = keystone.middleware.nova_keystone_context:NovaKeystoneContext.factory [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http service_host = <proxy.host> service_port = 5000 auth_host = <proxy.host> auth_port = 35357 auth_protocol = http auth_uri = http://<proxy.host>:5000/ admin_token = <service_token> }}} In the file '''/etc/nova/nova.conf''' : * Add these configuration options : {{{ ## Network config # A nova-network on each compute node --multi_host # VLan manger --network_manager=nova.network.manager.VlanManager --vlan_interface=<the private interface eg. eth1> # Tenants networks, e.g. prepare 100 networks, each one a /24, starting from 10.1.0.0 --num_networks=<100> --network_size=<256> --fixed_range=<10.1.0.0/16> # My ip --my-ip=<the current machine ip address> --public_interface=<the public interface eg. eth0> # Dmz & metadata things --dmz_cidr=169.254.169.254/32 --ec2_dmz_host=169.254.169.254 --metadata_host=169.254.169.254 ## More general things # Sure, daemonize --daemonize=1 # The database connection string --sql_connection=mysql://<nova_user>:<nova_secret>'''<proxy.host>/nova # The RabbitMQ host --rabbit_host=<proxy.host> ## Glance --image_service=nova.image.glance.GlanceImageService --glance_api_servers=<proxy.host>:9292 # if you want --use-syslog ## API --osapi_host=<proxy.host> --ec2_host=<proxy.host> # Load some extensions --osapi_extension=nova.api.openstack.v2.contrib.standard_extensions --osapi_extension=extensions.admin.Admin # Allow access to some “admin-only” api features --allow_admin_api }}} Restart nova services : {{{ # /etc/init.d/nova-api restart # /etc/init.d/nova-scheduler restart }}} Now bootstrap nova : {{{ # nova-manage db sync # nova-manage network create private --fixed_range_v4=<10.1.0.0/16> --network_size=<256> --num_networks=<100> # nova-manage floating create <192.168.0.224/28> }}} Note: the values chosen for --fixed_range_v4=<10.1.0.0/16> --network_size=<256> --num_networks=<100> must match the values for the corresponding options set in the nova.conf file above You should be able to see that '''nova-scheduler''' is running (OK state is ''':-)''' KO is '''XXX''') : {{{ # nova-manage service list Binary Host Zone Status State Updated_At nova-scheduler openstack04 nova enabled :-) 2012-01-13 17:29:48 }}} === compute nodes: === ==== Packages installation ==== Now install Openstack packages : {{{# apt-get install -y nova-compute nova-api nova-network python-keystone}}} Apply "this patch":https://github.com/openstack/nova/commit/6ce042cafbf410a213c5d7937b93784e8f0a1655 to file '''/usr/share/pyshared/nova/api/metadata/handler.py''' if not already done. ==== Configuration ==== ===== Nova ===== The file '''/etc/nova/api-paste.ini''' can be copied verbatim from the proxy host. The file '''/etc/nova/nova.conf''' can be copied from the proxy host and modified as follows: * The IP of the machine {{{--my-ip=<the current machine ip address>}}} * Only load the metadata api on compute-only nodes {{{--enabled_apis=metadata}}} Restart services : {{{ # /etc/init.d/nova-api restart # /etc/init.d/nova-network restart # /etc/init.d/nova-compute restart }}} On the proxy, check that all seems to be running : {{{ # nova-manage service list Binary Host Zone Status State Updated_At nova-scheduler <proxy.host> nova enabled :-) 2012-01-16 12:29:53 nova-compute compute.host nova enabled :-) 2012-01-16 12:29:52 nova-network compute.host nova enabled :-) 2012-01-16 12:29:49 }}} It should be working \o/ == Using it == To use the nova cli, you will need to export some environment variables : {{{ # export NOVA_USERNAME=admin # export NOVA_API_KEY=<admin_password> # export NOVA_PROJECT_ID=admin # export NOVA_URL=http://<proxy.host>:5000/v2.0/ # export NOVA_VERSION=1.1 }}} You can now use the '''nova''' command line interface : {{{ nova list +----+------+--------+----------+ | ID | Name | Status | Networks | +----+------+--------+----------+ +----+------+--------+----------+ # nova image-list +----+------+--------+--------+ | ID | Name | Status | Server | +----+------+--------+--------+ +----+------+--------+--------+ # nova flavor-list +----+-----------+-----------+------+----------+-------+-------------+ | ID | Name | Memory_MB | Swap | Local_GB | VCPUs | RXTX_Factor | +----+-----------+-----------+------+----------+-------+-------------+ | 1 | m1.tiny | 512 | | 0 | 1 | 1.0 | | 2 | m1.small | 2048 | | 20 | 1 | 1.0 | | 3 | m1.medium | 4096 | | 40 | 2 | 1.0 | | 4 | m1.large | 8192 | | 80 | 4 | 1.0 | | 5 | m1.xlarge | 16384 | | 160 | 8 | 1.0 | +----+-----------+-----------+------+----------+-------+-------------+ # nova keypair-list +------+-------------+ | Name | Fingerprint | +------+-------------+ +------+-------------+ }}} There is no instance, no image and some flavors. First we need to get an image and upload it to glance : {{{ # wget http://uec-images.ubuntu.com/releases/11.10/release/ubuntu-11.10-server-cloudimg-amd64-disk1.img [...] # glance --auth_token=<service_token> add name="Ubuntu 11.10 clouding amd64" < ubuntu-11.10-server-cloudimg-amd64-disk1.img Added new image with ID: 78651eea-02f6-4750-945a-4524a77f7da9 # nova image-list +--------------------------------------+-----------------------------+--------+--------+ | ID | Name | Status | Server | +--------------------------------------+-----------------------------+--------+--------+ | 78651eea-02f6-4750-945a-4524a77f7da9 | Ubuntu 11.10 clouding amd64 | ACTIVE | | +--------------------------------------+-----------------------------+--------+--------+ }}} To later connect to the instance via ssh, we will need to upload a ssh public-key : {{{ # nova keypair-add --pub_key <your_public_key_file.pub> <key_name> # nova keypair-list +--------+-------------------------------------------------+ | Name | Fingerprint | +--------+-------------------------------------------------+ | my_key | 79:40:46:87:74:3a:0e:01:f4:59:00:1b:3a:94:71:72 | +--------+-------------------------------------------------+ }}} We can now boot an image with this image : {{{ # nova boot --flavor 1 --image 78651eea-02f6-4750-945a-4524a77f7da9 --key_name my_key my_first_instance +------------------------+--------------------------------------+ | Property | Value | +------------------------+--------------------------------------+ | OS-EXT-STS:power_state | 0 | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | RAX-DCF:diskConfig | MANUAL | | accessIPv4 | | | accessIPv6 | | | adminPass | HMs5tLK3bPCG | | config_drive | | | created | 2012-01-16T14:14:20Z | | flavor | m1.tiny | | hostId | | | id | 677750ea-0dd4-43c3-8ae0-ef54cb29915f | | image | Ubuntu 11.10 clouding amd64 | | key_name | pubkey | | metadata | {} | | name | my_first_instance | | progress | None | | status | BUILD | | tenant_id | 1 | | updated | 2012-01-16T14:14:20Z | | user_id | 1 | +------------------------+--------------------------------------+ }}} And after few seconds : {{{ # nova show my_first_instance +------------------------+----------------------------------------------------------+ | Property | Value | +------------------------+----------------------------------------------------------+ | OS-EXT-STS:power_state | 1 | | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | active | | RAX-DCF:diskConfig | MANUAL | | accessIPv4 | | | accessIPv6 | | | config_drive | | | created | 2012-01-16T14:14:20Z | | flavor | m1.tiny | | hostId | 9750641c8c79637e01b342193cfa1efd5961c300b7865dc4a5658bdd | | id | 677750ea-0dd4-43c3-8ae0-ef54cb29915f | | image | Ubuntu 11.10 clouding amd64 | | key_name | pubkey | | metadata | {} | | name | my_first_instance | | private_0 network | 10.1.0.3 | | progress | None | | status | ACTIVE | | tenant_id | 1 | | updated | 2012-01-16T14:14:37Z | | user_id | 1 | +------------------------+----------------------------------------------------------+ }}} To see the instance console, we can go on our compute node and look at the file '''/var/lib/nova/instances/instance-00000001/console.log''' (if this is the first intance you created, else change '''00000001''' to the last available in the folder). We can activate ssh access, create a floating ip, attach it to our instance and ssh into it (with user '''ubuntu''' for UEC images): {{{ # nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 # nova floating-ip-create +--------------+-------------+----------+ | Ip | Instance Id | Fixed Ip | +--------------+-------------+----------+ | 172.24.4.224 | None | None | +--------------+-------------+----------+ # nova add-floating-ip my_first_instance 172.24.4.224 # ssh -i my_key ubuntu@172.24.4.224 The authenticity of host '172.24.4.224 (172.24.4.224)' can't be established. RSA key fingerprint is 55:bf:2e:7f:60:ef:ea:72:b4:af:2a:33:6b:2d:8c:62. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.24.4.224' (RSA) to the list of known hosts. Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-14-virtual x86_64) * Documentation: https://help.ubuntu.com/ System information as of Mon Jan 16 14:58:15 UTC 2012 System load: 0.59 Processes: 59 Usage of /: 32.6% of 1.96GB Users logged in: 0 Memory usage: 6% IP address for eth0: 10.1.0.5 Swap usage: 0% Graph this data and manage this system at https://landscape.canonical.com/ Get cloud support with Ubuntu Advantage Cloud Guest http://www.ubuntu.com/business/services/cloud The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. /usr/bin/xauth: file /home/ubuntu/.Xauthority does not exist To run a command as administrator (user 'root'), use 'sudo <command>'. See "man sudo_root" for details. ubuntu@my-first-instance:~$ }}} Et voilà ! |
* Installing a Fuel master node (experimental) [[OpenStackHowto/InstallFuel]] |
Installing OpenStack with OCI (OpenStack Cluster Installer)
The Debian way to install OpenStack using an installer directly in Debian may be found here:
https://salsa.debian.org/openstack-team/debian/openstack-cluster-installer
Otherwise, you may read the old howto below...
Old stuff: OpenStack Howtos index
All these howtos have been tested under Wheezy, with some backports from Experimental.
Installing OpenStack 2012.1 (Essex) which is shipped with Wheezy: OpenStackHowto/Essex
OpenStack 2012.2 (Folsom) (also applies for Grizzly): OpenStackHowto/Folsom
OpenStack Networking with Quantum: OpenStackHowto/Quantum
Installing OpenStack with Puppet Howto: OpenStackPuppetHowto
Installing OpenStack with Razor howto: OpenStackRazorHowto
Running OpenStack with Ceph as storage back-end: OpenStackCephHowto
Upgrade from Grizzly to Havana OpenStackHowto/Upgrades
Installing a Fuel master node (experimental) OpenStackHowto/InstallFuel