Clientcrontab格式

Junodocs.
openstack.
orguno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014junoiiOpenStackInstallationGuideforRedHatEnterpriseLinux7,CentOS7,andFedora20juno(2014-11-18)Copyright2012-2014OpenStackFoundationAllrightsreserved.
TheOpenStacksystemconsistsofseveralkeyprojectsthatyouinstallseparatelybutthatworktogetherdependingonyourcloudneeds.
TheseprojectsincludeCompute,IdentityService,Networking,ImageSer-vice,BlockStorage,ObjectStorage,Telemetry,Orchestration,andDatabase.
Youcaninstallanyoftheseprojectsseparatelyandconfigurethemstand-aloneorasconnectedentities.
ThisguideshowsyouhowtoinstallOpenStackbyusingpackagesavailablethroughFedora20aswellasonRedHatEnterpriseLinux7anditsderivativesthroughtheEPELrepository.
Explanationsofconfigurationoptionsandsampleconfigu-rationfilesareincluded.
LicensedundertheApacheLicense,Version2.
0(the"License");youmaynotusethisfileexceptincompliancewiththeLicense.
YoumayobtainacopyoftheLicenseathttp://www.
apache.
org/licenses/LICENSE-2.
0Unlessrequiredbyapplicablelaworagreedtoinwriting,softwaredistributedundertheLicenseisdistributedonan"ASIS"BASIS,WITHOUTWARRANTIESORCONDITIONSOFANYKIND,eitherexpressorimplied.
SeetheLicenseforthespecificlanguagegoverningpermissionsandlimitationsundertheLicense.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014junoiiiTableofContentsPrefaceviiConventionsviiDocumentchangehistoryvii1.
Architecture1Overview1Conceptualarchitecture2Examplearchitectures32.
Basicenvironment6Beforeyoubegin6Security7Networking8NetworkTimeProtocol(NTP)18OpenStackpackages20Database21Messagingserver223.
AddtheIdentityservice24OpenStackIdentityconcepts24Installandconfigure26Createtenants,users,androles28CreatetheserviceentityandAPIendpoint31Verifyoperation32CreateOpenStackclientenvironmentscripts344.
AddtheImageService36OpenStackImageService36Installandconfigure37Verifyoperation405.
AddtheComputeservice43OpenStackCompute43Installandconfigurecontrollernode46Installandconfigureacomputenode49Verifyoperation516.
Addanetworkingcomponent53OpenStackNetworking(neutron)53Legacynetworking(nova-network)76Nextsteps787.
Addthedashboard79Systemrequirements79Installandconfigure80Verifyoperation81Nextsteps818.
AddtheBlockStorageservice82OpenStackBlockStorage82Installandconfigurecontrollernode83Installandconfigureastoragenode86Verifyoperation90Nextsteps919.
AddObjectStorage92OpenStackObjectStorage92uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014junoivSystemrequirements93Examplearchitecture93Installandconfigurethecontrollernode94Installandconfigurethestoragenodes97Createinitialrings101Finalizeinstallation104Verifyoperation106Nextsteps10610.
AddtheOrchestrationmodule107Orchestrationmoduleconcepts107InstallandconfigureOrchestration107Verifyoperation111Nextsteps11211.
AddtheTelemetrymodule113Telemetrymodule113Installandconfigurecontrollernode114InstalltheComputeagentforTelemetry117ConfiguretheImageServiceforTelemetry118AddtheBlockStorageserviceagentforTelemetry119ConfiguretheObjectStorageserviceforTelemetry119VerifytheTelemetryinstallation120Nextsteps12112.
AddtheDatabaseservice122Databaseserviceoverview122InstalltheDatabaseservice123VerifytheDatabaseserviceinstallation12613.
AddtheDataprocessingservice127Dataprocessingservice127InstalltheDataprocessingservice128VerifytheDataprocessingserviceinstallation12914.
Launchaninstance130LaunchaninstancewithOpenStackNetworking(neutron)130Launchaninstancewithlegacynetworking(nova-network)138A.
ReserveduserIDs145B.
Communitysupport146Documentation146ask.
openstack.
org147OpenStackmailinglists147TheOpenStackwiki148TheLaunchpadBugsarea148TheOpenStackIRCchannel149Documentationfeedback149OpenStackdistributionpackages149Glossary150uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014junovListofFigures1.
1.
Conceptualarchitecture21.
2.
Three-nodearchitecturewithOpenStackNetworking(neutron)41.
3.
Two-nodearchitecturewithlegacynetworking(nova-network)52.
1.
Three-nodearchitecturewithOpenStackNetworking(neutron)92.
2.
Two-nodearchitecturewithlegacynetworking(nova-network)156.
1.
Initialnetworks71uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014junoviListofTables1.
1.
OpenStackservices12.
1.
Passwords89.
1.
Hardwarerecommendations93A.
1.
ReserveduserIDs145uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014junoviiPrefaceConventionsTheOpenStackdocumentationusesseveraltypesettingconventions.
NoticesNoticestaketheseforms:NoteAhandytiporreminder.
ImportantSomethingyoumustbeawareofbeforeproceeding.
WarningCriticalinformationabouttheriskofdatalossorsecurityissues.
Commandprompts$promptAnyuser,includingtherootuser,canruncommandsthatareprefixedwiththe$prompt.
#promptTherootusermustruncommandsthatareprefixedwiththe#prompt.
Youcanalsoprefixthesecommandswiththesudocommand,ifavailable,torunthem.
DocumentchangehistoryThisversionoftheguidereplacesandobsoletesallearlierversions.
Thefollowingtabledescribesthemostrecentchanges:RevisionDateSummaryofChangesOctober15,2014FortheJunorelease,thisguidecontainstheseupdates:Replaceopenstack-configcommandswithgeneralconfigurationfileediting.
Standardizeonasinglemessagequeuesystem(Rab-bitMQ).
ReferencegenericSQLdatabase,enablingMySQLorMariaDBwhereappropriate.
Replaceauth_portandauth_protocolwithidentity_uri,andauth_hostwithauth_uri.
Multi-pleeditsforconsistency.
IthasbeenupdatedforJunoandnewdistributionversions.
June3,2014StartdocumentationforJuno.
April16,2014UpdateforIcehouse,reworkNetworkingsetuptouseML2asplugin,addnewchapterforDatabaseServicesetup,improvedbasicconfiguration.
October25,2013AddedinitialDebiansupport.
October17,2013Havanarelease.
October16,2013AddsupportforSUSELinuxEnterprise.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014junoviiiRevisionDateSummaryofChangesOctober8,2013CompletereorganizationforHavana.
September9,2013BuildalsoforopenSUSE.
August1,2013FixestoObjectStorageverificationsteps.
Fixbug1207347.
July25,2013Addscreationofcinderuserandadditiontotheservicetenant.
Fixbug1205057.
May8,2013Updatedthebooktitleforconsistency.
May2,2013Updatedcoverandfixedsmallerrorsinappendix.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno11.
ArchitectureTableofContentsOverview1Conceptualarchitecture2Examplearchitectures3OverviewTheOpenStackprojectisanopensourcecloudcomputingplatformthatsupportsalltypesofcloudenvironments.
Theprojectaimsforsimpleimplementation,massivescalability,andarichsetoffeatures.
Cloudcomputingexpertsfromaroundtheworldcontributetotheproject.
OpenStackprovidesanInfrastructure-as-a-Service(IaaS)solutionthroughavarietyofcom-plementalservices.
Eachserviceoffersanapplicationprogramminginterface(API)thatfa-cilitatesthisintegration.
ThefollowingtableprovidesalistofOpenStackservices:Table1.
1.
OpenStackservicesServiceProjectnameDescriptionDashboardHorizonProvidesaweb-basedself-serviceportaltointeractwithunderlyingOpenStackservices,suchaslaunchinganinstance,assigningIPad-dressesandconfiguringaccesscontrols.
ComputeNovaManagesthelifecycleofcomputeinstancesinanOpenStackenviron-ment.
Responsibilitiesincludespawning,schedulinganddecommis-sioningofvirtualmachinesondemand.
NetworkingNeutronEnablesNetwork-Connectivity-as-a-ServiceforotherOpenStackser-vices,suchasOpenStackCompute.
ProvidesanAPIforuserstodefinenetworksandtheattachmentsintothem.
Hasapluggablearchitec-turethatsupportsmanypopularnetworkingvendorsandtechnolo-gies.
StorageObjectStor-ageSwiftStoresandretrievesarbitraryunstructureddataobjectsviaaRESTful,HTTPbasedAPI.
Itishighlyfaulttolerantwithitsdatareplicationandscaleoutarchitecture.
Itsimplementationisnotlikeafileserverwithmountabledirectories.
BlockStorageCinderProvidespersistentblockstoragetorunninginstances.
Itspluggabledriverarchitecturefacilitatesthecreationandmanagementofblockstoragedevices.
SharedservicesIdentityser-viceKeystoneProvidesanauthenticationandauthorizationserviceforotherOpen-Stackservices.
ProvidesacatalogofendpointsforallOpenStackser-vices.
ImageServiceGlanceStoresandretrievesvirtualmachinediskimages.
OpenStackComputemakesuseofthisduringinstanceprovisioning.
TelemetryCeilometerMonitorsandmeterstheOpenStackcloudforbilling,benchmarking,scalability,andstatisticalpurposes.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno2ServiceProjectnameDescriptionHigher-levelservicesOrchestrationHeatOrchestratesmultiplecompositecloudapplicationsbyusingeitherthenativeHOTtemplateformatortheAWSCloudFormationtemplateformat,throughbothanOpenStack-nativeRESTAPIandaCloudFor-mation-compatibleQueryAPI.
DatabaseSer-viceTroveProvidesscalableandreliableCloudDatabase-as-a-Servicefunctionali-tyforbothrelationalandnon-relationaldatabaseengines.
Thisguidedescribeshowtodeploytheseservicesinafunctionaltestenvironmentand,byexample,teachesyouhowtobuildaproductionenvironment.
ConceptualarchitectureLaunchingavirtualmachineorinstanceinvolvesmanyinteractionsamongseveralservices.
ThefollowingdiagramprovidestheconceptualarchitectureofatypicalOpenStackenviron-ment.
Figure1.
1.
Conceptualarchitectureuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno3ExamplearchitecturesOpenStackishighlyconfigurabletomeetdifferentneedswithvariouscompute,network-ing,andstorageoptions.
ThisguideenablesyoutochooseyourownOpenStackadventureusingacombinationofbasicandoptionalservices.
Thisguideusesthefollowingexamplearchitectures:Three-nodearchitecturewithOpenStackNetworking(neutron).
SeeFigure1.
2,"Three-nodearchitecturewithOpenStackNetworking(neutron)"[4].
ThebasiccontrollernoderunstheIdentityservice,ImageService,managementpor-tionsofComputeandNetworking,Networkingplug-in,andthedashboard.
Italsoin-cludessupportingservicessuchasadatabase,messagebroker,andNetworkTimePro-tocol(NTP).
Optionally,thecontrollernodealsorunsportionsofBlockStorage,ObjectStorage,DatabaseService,Orchestration,andTelemetry.
Thesecomponentsprovideadditionalfeaturesforyourenvironment.
ThenetworknoderunstheNetworkingplug-in,layer-2agent,andseverallayer-3agentsthatprovisionandoperatetenantnetworks.
Layer-2servicesincludeprovision-ingofvirtualnetworksandtunnels.
Layer-3servicesincluderouting,NAT,andDHCP.
Thisnodealsohandlesexternal(Internet)connectivityfortenantvirtualmachinesorinstances.
ThecomputenoderunsthehypervisorportionofCompute,whichoperatestenantvir-tualmachinesorinstances.
BydefaultComputeusesKVMasthehypervisor.
Thecom-putenodealsorunstheNetworkingplug-inandlayer-2agentwhichoperatetenantnetworksandimplementsecuritygroups.
Youcanrunmorethanonecomputenode.
Optionally,thecomputenodealsorunstheTelemetryagent.
Thiscomponentprovidesadditionalfeaturesforyourenvironment.
TheoptionalstoragenodecontainsthedisksthattheBlockStorageserviceusestoservevolumes.
Youcanrunmorethanonestoragenode.
Optionally,thestoragenodealsorunstheTelemetryagent.
Thiscomponentprovidesadditionalfeaturesforyourenvironment.
NoteWhenyouimplementthisarchitecture,skipthesectioncalled"Legacynet-working(nova-network)"[76]inChapter6,"Addanetworkingcompo-nent"[53].
Touseoptionalservices,youmightneedtoinstalladditionalnodes,asdescribedinsubsequentchapters.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno4Figure1.
2.
Three-nodearchitecturewithOpenStackNetworking(neutron)Two-nodearchitecturewithlegacynetworking(nova-network).
SeeFigure1.
3,"Two-nodearchitecturewithlegacynetworking(nova-network)"[5].
ThebasiccontrollernoderunstheIdentityservice,ImageService,managementportionofCompute,andthedashboardnecessarytolaunchasimpleinstance.
Italsoincludessupportingservicessuchasadatabase,messagebroker,andNTP.
Optionally,thecontrollernodealsorunsportionsofBlockStorage,ObjectStorage,DatabaseService,Orchestration,andTelemetry.
Thesecomponentsprovideadditionalfeaturesforyourenvironment.
ThebasiccomputenoderunsthehypervisorportionofCompute,whichoperatestenantvirtualmachinesorinstances.
Bydefault,ComputeusesKVMasthehypervi-sor.
Computealsoprovisionsandoperatestenantnetworksandimplementssecuritygroups.
Youcanrunmorethanonecomputenode.
Optionally,thecomputenodealsorunstheTelemetryagent.
Thiscomponentprovidesadditionalfeaturesforyourenvironment.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno5NoteWhenyouimplementthisarchitecture,skipthesectioncalled"OpenStackNetworking(neutron)"[53]inChapter6,"Addanetworkingcompo-nent"[53].
Touseoptionalservices,youmightneedtoinstalladditionalnodes,asdescribedinsubsequentchapters.
Figure1.
3.
Two-nodearchitecturewithlegacynetworking(nova-network)uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno62.
BasicenvironmentTableofContentsBeforeyoubegin6Security7Networking8NetworkTimeProtocol(NTP)18OpenStackpackages20Database21Messagingserver22NoteThetrunkversionofthisguidefocusesonthefutureJunoreleaseandwillnotworkforthecurrentIcehouserelease.
IfyouwanttoinstallIcehouse,youmustusetheIcehouseversionofthisguideinstead.
Thischapterexplainshowtoconfigureeachnodeintheexamplearchitecturesincludingthetwo-nodearchitecturewithlegacynetworkingandthree-nodearchitecturewithOpen-StackNetworking(neutron).
NoteAlthoughmostenvironmentsincludeOpenStackIdentity,ImageService,Com-pute,atleastonenetworkingservice,andthedashboard,OpenStackObjectStoragecanoperateindependentlyofmostotherservices.
IfyourusecaseonlyinvolvesObjectStorage,youcanskiptoChapter9,"AddObjectStor-age"[92].
However,thedashboardwillnotrunwithoutatleastOpenStackImageServiceandCompute.
NoteYoumustuseanaccountwithadministrativeprivilegestoconfigureeachnode.
Eitherrunthecommandsastherootuserorconfigurethesudoutility.
NoteThesystemctlenablecallonopenSUSEoutputsawarningmessagewhentheserviceusesSysVInitscriptsinsteadofnativesystemdfiles.
Thiswarningcanbeignored.
BeforeyoubeginForafunctionalenvironment,OpenStackdoesn'trequireasignificantamountofresources.
Werecommendthatyourenvironmentmeetsorexceedsthefollowingminimumrequire-mentswhichcansupportseveralminimalCirrOSinstances:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno7ControllerNode:1processor,2GBmemory,and5GBstorageNetworkNode:1processor,512MBmemory,and5GBstorageComputeNode:1processor,2GBmemory,and10GBstorageTominimizeclutterandprovidemoreresourcesforOpenStack,werecommendaminimalinstallationofyourLinuxdistribution.
Also,westronglyrecommendthatyouinstalla64-bitversionofyourdistributiononatleastthecomputenode.
Ifyouinstalla32-bitversionofyourdistributiononthecomputenode,attemptingtostartaninstanceusinga64-bitim-agewillfail.
NoteAsinglediskpartitiononeachnodeworksformostbasicinstallations.
Howev-er,youshouldconsiderLogicalVolumeManager(LVM)forinstallationswithop-tionalservicessuchasBlockStorage.
Manyusersbuildtheirtestenvironmentsonvirtualmachines(VMs).
TheprimarybenefitsofVMsincludethefollowing:Onephysicalservercansupportmultiplenodes,eachwithalmostanynumberofnet-workinterfaces.
Abilitytotakeperiodic"snapshots"throughouttheinstallationprocessand"rollback"toaworkingconfigurationintheeventofaproblem.
However,VMswillreduceperformanceofyourinstances,particularlyifyourhypervisorand/orprocessorlackssupportforhardwareaccelerationofnestedVMs.
NoteIfyouchoosetoinstallonVMs,makesureyourhypervisorpermitspromiscuousmodeontheexternalnetwork.
Formoreinformationaboutsystemrequirements,seetheOpenStackOperationsGuide.
SecurityOpenStackservicessupportvarioussecuritymethodsincludingpassword,policy,anden-cryption.
Additionally,supportingservicesincludingthedatabaseserverandmessagebro-kersupportatleastpasswordsecurity.
Toeasetheinstallationprocess,thisguideonlycoverspasswordsecuritywhereapplicable.
Youcancreatesecurepasswordsmanually,generatethemusingatoolsuchaspwgen,orbyrunningthefollowingcommand:$opensslrand-hex10ForOpenStackservices,thisguideusesSERVICE_PASStoreferenceserviceaccountpass-wordsandSERVICE_DBPASStoreferencedatabasepasswords.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno8Thefollowingtableprovidesalistofservicesthatrequirepasswordsandtheirassociatedreferencesintheguide:Table2.
1.
PasswordsPasswordnameDescriptionDatabasepassword(novariableused)RootpasswordforthedatabaseRABBIT_PASSPasswordofuserguestofRabbitMQKEYSTONE_DBPASSDatabasepasswordofIdentityserviceDEMO_PASSPasswordofuserdemoADMIN_PASSPasswordofuseradminGLANCE_DBPASSDatabasepasswordforImageServiceGLANCE_PASSPasswordofImageServiceuserglanceNOVA_DBPASSDatabasepasswordforComputeserviceNOVA_PASSPasswordofComputeserviceusernovaDASH_DBPASSDatabasepasswordforthedashboardCINDER_DBPASSDatabasepasswordfortheBlockStorageserviceCINDER_PASSPasswordofBlockStorageserviceusercinderNEUTRON_DBPASSDatabasepasswordfortheNetworkingserviceNEUTRON_PASSPasswordofNetworkingserviceuserneutronHEAT_DBPASSDatabasepasswordfortheOrchestrationserviceHEAT_PASSPasswordofOrchestrationserviceuserheatCEILOMETER_DBPASSDatabasepasswordfortheTelemetryserviceCEILOMETER_PASSPasswordofTelemetryserviceuserceilometerTROVE_DBPASSDatabasepasswordofDatabaseserviceTROVE_PASSPasswordofDatabaseServiceusertroveOpenStackandsupportingservicesrequireadministrativeprivilegesduringinstallationandoperation.
Insomecases,servicesperformmodificationstothehostthatcaninterferewithdeploymentautomationtoolssuchasAnsible,Chef,andPuppet.
Forexample,someOpen-Stackservicesaddarootwrappertosudothatcaninterferewithsecuritypolicies.
SeetheCloudAdministratorGuideformoreinformation.
Also,theNetworkingserviceassumesde-faultvaluesforkernelnetworkparametersandmodifiesfirewallrules.
Toavoidmostissuesduringyourinitialinstallation,werecommendusingastockdeploymentofasupporteddis-tributiononyourhosts.
However,ifyouchoosetoautomatedeploymentofyourhosts,re-viewtheconfigurationandpoliciesappliedtothembeforeproceedingfurther.
NetworkingAfterinstallingtheoperatingsystemoneachnodeforthearchitecturethatyouchoosetodeploy,youmustconfigurethenetworkinterfaces.
Werecommendthatyoudisableanyautomatednetworkmanagementtoolsandmanuallyedittheappropriateconfigurationfilesforyourdistribution.
Formoreinformationonhowtoconfigurenetworkingonyourdistribution,seethedocumentation.
RHELandCentOSenablearestrictivefirewallbydefault.
Duringtheinstallationprocess,certainstepswillfailunlessyoualterordisablethefirewall.
Formoreinformationaboutse-curingyourenvironment,refertotheOpenStackSecurityGuide.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno9ProceedtonetworkconfigurationfortheexampleOpenStackNetworking(neutron)orlegacynetworking(nova-network)architecture.
OpenStackNetworking(neutron)TheexamplearchitecturewithOpenStackNetworking(neutron)requiresonecontrollernode,onenetworknode,andatleastonecomputenode.
Thecontrollernodecontainsonenetworkinterfaceonthemanagementnetwork.
Thenetworknodecontainsonenet-workinterfaceonthemanagementnetwork,oneontheinstancetunnelsnetwork,andoneontheexternalnetwork.
Thecomputenodecontainsonenetworkinterfaceonthemanagementnetworkandoneontheinstancetunnelsnetwork.
NoteNetworkinterfacenamesvarybydistribution.
Traditionally,interfacesuse"eth"followedbyasequentialnumber.
Tocoverallvariations,thisguidesimplyreferstothefirstinterfaceastheinterfacewiththelowestnumber,thesecondinter-faceastheinterfacewiththemiddlenumber,andthethirdinterfaceasthein-terfacewiththehighestnumber.
Figure2.
1.
Three-nodearchitecturewithOpenStackNetworking(neutron)Unlessyouintendtousetheexactconfigurationprovidedinthisexamplearchitecture,youmustmodifythenetworksinthisproceduretomatchyourenvironment.
Also,eachnodeuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno10mustresolvetheothernodesbynameinadditiontoIPaddress.
Forexample,thecon-trollernamemustresolveto10.
0.
0.
11,theIPaddressofthemanagementinterfaceonthecontrollernode.
WarningReconfiguringnetworkinterfaceswillinterruptnetworkconnectivity.
Werec-ommendusingalocalterminalsessionfortheseprocedures.
ControllernodeToconfigurenetworking:1.
Configurethefirstinterfaceasthemanagementinterface:IPaddress:10.
0.
0.
11Networkmask:255.
255.
255.
0(or/24)Defaultgateway:10.
0.
0.
12.
Rebootthesystemtoactivatethechanges.
Toconfigurenameresolution:1.
Setthehostnameofthenodetocontroller.
2.
Editthe/etc/hostsfiletocontainthefollowing:#controller10.
0.
0.
11controller#network10.
0.
0.
21network#compute110.
0.
0.
31compute1NetworknodeToconfigurenetworking:1.
Configurethefirstinterfaceasthemanagementinterface:IPaddress:10.
0.
0.
21Networkmask:255.
255.
255.
0(or/24)Defaultgateway:10.
0.
0.
12.
Configurethesecondinterfaceastheinstancetunnelsinterface:IPaddress:10.
0.
1.
21uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno11Networkmask:255.
255.
255.
0(or/24)3.
TheexternalinterfaceusesaspecialconfigurationwithoutanIPaddressassignedtoit.
Configurethethirdinterfaceastheexternalinterface:ReplaceINTERFACE_NAMEwiththeactualinterfacename.
Forexample,eth2orens256.
Editthe/etc/sysconfig/network-scripts/ifcfg-INTERFACE_NAMEfiletocontainthefollowing:DonotchangetheHWADDRandUUIDkeys.
DEVICE=INTERFACE_NAMETYPE=EthernetONBOOT="yes"BOOTPROTO="none"4.
Rebootthesystemtoactivatethechanges.
Toconfigurenameresolution:1.
Setthehostnameofthenodetonetwork.
2.
Editthe/etc/hostsfiletocontainthefollowing:#network10.
0.
0.
21network#controller10.
0.
0.
11controller#compute110.
0.
0.
31compute1ComputenodeToconfigurenetworking:1.
Configurethefirstinterfaceasthemanagementinterface:IPaddress:10.
0.
0.
31Networkmask:255.
255.
255.
0(or/24)Defaultgateway:10.
0.
0.
1NoteAdditionalcomputenodesshoulduse10.
0.
0.
32,10.
0.
0.
33,andsoon.
2.
Configurethesecondinterfaceastheinstancetunnelsinterface:IPaddress:10.
0.
1.
31Networkmask:255.
255.
255.
0(or/24)uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno12NoteAdditionalcomputenodesshoulduse10.
0.
1.
32,10.
0.
1.
33,andsoon.
3.
Rebootthesystemtoactivatethechanges.
Toconfigurenameresolution:1.
Setthehostnameofthenodetocompute1.
2.
Editthe/etc/hostsfiletocontainthefollowing:#compute110.
0.
0.
31compute1#controller10.
0.
0.
11controller#network10.
0.
0.
21networkVerifyconnectivityWerecommendthatyouverifynetworkconnectivitytotheInternetandamongthenodesbeforeproceedingfurther.
1.
Fromthecontrollernode,pingasiteontheInternet:#ping-c4openstack.
orgPINGopenstack.
org(174.
143.
194.
225)56(84)bytesofdata.
64bytesfrom174.
143.
194.
225:icmp_seq=1ttl=54time=18.
3ms64bytesfrom174.
143.
194.
225:icmp_seq=2ttl=54time=17.
5ms64bytesfrom174.
143.
194.
225:icmp_seq=3ttl=54time=17.
5ms64bytesfrom174.
143.
194.
225:icmp_seq=4ttl=54time=17.
4ms---openstack.
orgpingstatistics---4packetstransmitted,4received,0%packetloss,time3022msrttmin/avg/max/mdev=17.
489/17.
715/18.
346/0.
364ms2.
Fromthecontrollernode,pingthemanagementinterfaceonthenetworknode:#ping-c4networkPINGnetwork(10.
0.
0.
21)56(84)bytesofdata.
64bytesfromnetwork(10.
0.
0.
21):icmp_seq=1ttl=64time=0.
263ms64bytesfromnetwork(10.
0.
0.
21):icmp_seq=2ttl=64time=0.
202ms64bytesfromnetwork(10.
0.
0.
21):icmp_seq=3ttl=64time=0.
203ms64bytesfromnetwork(10.
0.
0.
21):icmp_seq=4ttl=64time=0.
202ms---networkpingstatistics---4packetstransmitted,4received,0%packetloss,time3000msrttmin/avg/max/mdev=0.
202/0.
217/0.
263/0.
030ms3.
Fromthecontrollernode,pingthemanagementinterfaceonthecomputenode:#ping-c4compute1PINGcompute1(10.
0.
0.
31)56(84)bytesofdata.
64bytesfromcompute1(10.
0.
0.
31):icmp_seq=1ttl=64time=0.
263ms64bytesfromcompute1(10.
0.
0.
31):icmp_seq=2ttl=64time=0.
202msuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno1364bytesfromcompute1(10.
0.
0.
31):icmp_seq=3ttl=64time=0.
203ms64bytesfromcompute1(10.
0.
0.
31):icmp_seq=4ttl=64time=0.
202ms---networkpingstatistics---4packetstransmitted,4received,0%packetloss,time3000msrttmin/avg/max/mdev=0.
202/0.
217/0.
263/0.
030ms4.
Fromthenetworknode,pingasiteontheInternet:#ping-c4openstack.
orgPINGopenstack.
org(174.
143.
194.
225)56(84)bytesofdata.
64bytesfrom174.
143.
194.
225:icmp_seq=1ttl=54time=18.
3ms64bytesfrom174.
143.
194.
225:icmp_seq=2ttl=54time=17.
5ms64bytesfrom174.
143.
194.
225:icmp_seq=3ttl=54time=17.
5ms64bytesfrom174.
143.
194.
225:icmp_seq=4ttl=54time=17.
4ms---openstack.
orgpingstatistics---4packetstransmitted,4received,0%packetloss,time3022msrttmin/avg/max/mdev=17.
489/17.
715/18.
346/0.
364ms5.
Fromthenetworknode,pingthemanagementinterfaceonthecontrollernode:#ping-c4controllerPINGcontroller(10.
0.
0.
11)56(84)bytesofdata.
64bytesfromcontroller(10.
0.
0.
11):icmp_seq=1ttl=64time=0.
263ms64bytesfromcontroller(10.
0.
0.
11):icmp_seq=2ttl=64time=0.
202ms64bytesfromcontroller(10.
0.
0.
11):icmp_seq=3ttl=64time=0.
203ms64bytesfromcontroller(10.
0.
0.
11):icmp_seq=4ttl=64time=0.
202ms---controllerpingstatistics---4packetstransmitted,4received,0%packetloss,time3000msrttmin/avg/max/mdev=0.
202/0.
217/0.
263/0.
030ms6.
Fromthenetworknode,pingtheinstancetunnelsinterfaceonthecomputenode:#ping-c410.
0.
1.
31PING10.
0.
1.
31(10.
0.
1.
31)56(84)bytesofdata.
64bytesfrom10.
0.
1.
31(10.
0.
1.
31):icmp_seq=1ttl=64time=0.
263ms64bytesfrom10.
0.
1.
31(10.
0.
1.
31):icmp_seq=2ttl=64time=0.
202ms64bytesfrom10.
0.
1.
31(10.
0.
1.
31):icmp_seq=3ttl=64time=0.
203ms64bytesfrom10.
0.
1.
31(10.
0.
1.
31):icmp_seq=4ttl=64time=0.
202ms---10.
0.
1.
31pingstatistics---4packetstransmitted,4received,0%packetloss,time3000msrttmin/avg/max/mdev=0.
202/0.
217/0.
263/0.
030ms7.
Fromthecomputenode,pingasiteontheInternet:#ping-c4openstack.
orgPINGopenstack.
org(174.
143.
194.
225)56(84)bytesofdata.
64bytesfrom174.
143.
194.
225:icmp_seq=1ttl=54time=18.
3ms64bytesfrom174.
143.
194.
225:icmp_seq=2ttl=54time=17.
5ms64bytesfrom174.
143.
194.
225:icmp_seq=3ttl=54time=17.
5ms64bytesfrom174.
143.
194.
225:icmp_seq=4ttl=54time=17.
4ms---openstack.
orgpingstatistics---4packetstransmitted,4received,0%packetloss,time3022msrttmin/avg/max/mdev=17.
489/17.
715/18.
346/0.
364ms8.
Fromthecomputenode,pingthemanagementinterfaceonthecontrollernode:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno14#ping-c4controllerPINGcontroller(10.
0.
0.
11)56(84)bytesofdata.
64bytesfromcontroller(10.
0.
0.
11):icmp_seq=1ttl=64time=0.
263ms64bytesfromcontroller(10.
0.
0.
11):icmp_seq=2ttl=64time=0.
202ms64bytesfromcontroller(10.
0.
0.
11):icmp_seq=3ttl=64time=0.
203ms64bytesfromcontroller(10.
0.
0.
11):icmp_seq=4ttl=64time=0.
202ms---controllerpingstatistics---4packetstransmitted,4received,0%packetloss,time3000msrttmin/avg/max/mdev=0.
202/0.
217/0.
263/0.
030ms9.
Fromthecomputenode,pingtheinstancetunnelsinterfaceonthenetworknode:#ping-c410.
0.
1.
21PING10.
0.
1.
21(10.
0.
1.
21)56(84)bytesofdata.
64bytesfrom10.
0.
1.
21(10.
0.
1.
21):icmp_seq=1ttl=64time=0.
263ms64bytesfrom10.
0.
1.
21(10.
0.
1.
21):icmp_seq=2ttl=64time=0.
202ms64bytesfrom10.
0.
1.
21(10.
0.
1.
21):icmp_seq=3ttl=64time=0.
203ms64bytesfrom10.
0.
1.
21(10.
0.
1.
21):icmp_seq=4ttl=64time=0.
202ms---10.
0.
1.
21pingstatistics---4packetstransmitted,4received,0%packetloss,time3000msrttmin/avg/max/mdev=0.
202/0.
217/0.
263/0.
030msLegacynetworking(nova-network)Theexamplearchitecturewithlegacynetworking(nova-network)requiresacontrollernodeandatleastonecomputenode.
Thecontrollernodecontainsonenetworkinterfaceonthemanagementnetwork.
Thecomputenodecontainsonenetworkinterfaceonthemanagementnetworkandoneontheexternalnetwork.
NoteNetworkinterfacenamesvarybydistribution.
Traditionally,interfacesuse"eth"followedbyasequentialnumber.
Tocoverallvariations,thisguidesimplyreferstothefirstinterfaceastheinterfacewiththelowestnumberandthesecondin-terfaceastheinterfacewiththehighestnumber.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno15Figure2.
2.
Two-nodearchitecturewithlegacynetworking(nova-network)Unlessyouintendtousetheexactconfigurationprovidedinthisexamplearchitecture,youmustmodifythenetworksinthisproceduretomatchyourenvironment.
Also,eachnodemustresolvetheothernodesbynameinadditiontoIPaddress.
Forexample,thecon-trollernamemustresolveto10.
0.
0.
11,theIPaddressofthemanagementinterfaceonthecontrollernode.
WarningReconfiguringnetworkinterfaceswillinterruptnetworkconnectivity.
Werec-ommendusingalocalterminalsessionfortheseprocedures.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno16ControllernodeToconfigurenetworking:1.
Configurethefirstinterfaceasthemanagementinterface:IPaddress:10.
0.
0.
11Networkmask:255.
255.
255.
0(or/24)Defaultgateway:10.
0.
0.
12.
Rebootthesystemtoactivatethechanges.
Toconfigurenameresolution:1.
Setthehostnameofthenodetocontroller.
2.
Editthe/etc/hostsfiletocontainthefollowing:#controller10.
0.
0.
11controller#compute110.
0.
0.
31compute1ComputenodeToconfigurenetworking:1.
Configurethefirstinterfaceasthemanagementinterface:IPaddress:10.
0.
0.
31Networkmask:255.
255.
255.
0(or/24)Defaultgateway:10.
0.
0.
1NoteAdditionalcomputenodesshoulduse10.
0.
0.
32,10.
0.
0.
33,andsoon.
2.
TheexternalinterfaceusesaspecialconfigurationwithoutanIPaddressassignedtoit.
Configurethesecondinterfaceastheexternalinterface:ReplaceINTERFACE_NAMEwiththeactualinterfacename.
Forexample,eth1orens224.
Editthe/etc/sysconfig/network-scripts/ifcfg-INTERFACE_NAMEfiletocontainthefollowing:DonotchangetheHWADDRandUUIDkeys.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno17DEVICE=INTERFACE_NAMETYPE=EthernetONBOOT="yes"BOOTPROTO="none"3.
Rebootthesystemtoactivatethechanges.
Toconfigurenameresolution:1.
Setthehostnameofthenodetocompute1.
2.
Editthe/etc/hostsfiletocontainthefollowing:#compute110.
0.
0.
31compute1#controller10.
0.
0.
11controllerVerifyconnectivityWerecommendthatyouverifynetworkconnectivitytotheInternetandamongthenodesbeforeproceedingfurther.
1.
Fromthecontrollernode,pingasiteontheInternet:#ping-c4openstack.
orgPINGopenstack.
org(174.
143.
194.
225)56(84)bytesofdata.
64bytesfrom174.
143.
194.
225:icmp_seq=1ttl=54time=18.
3ms64bytesfrom174.
143.
194.
225:icmp_seq=2ttl=54time=17.
5ms64bytesfrom174.
143.
194.
225:icmp_seq=3ttl=54time=17.
5ms64bytesfrom174.
143.
194.
225:icmp_seq=4ttl=54time=17.
4ms---openstack.
orgpingstatistics---4packetstransmitted,4received,0%packetloss,time3022msrttmin/avg/max/mdev=17.
489/17.
715/18.
346/0.
364ms2.
Fromthecontrollernode,pingthemanagementinterfaceonthecomputenode:#ping-c4compute1PINGcompute1(10.
0.
0.
31)56(84)bytesofdata.
64bytesfromcompute1(10.
0.
0.
31):icmp_seq=1ttl=64time=0.
263ms64bytesfromcompute1(10.
0.
0.
31):icmp_seq=2ttl=64time=0.
202ms64bytesfromcompute1(10.
0.
0.
31):icmp_seq=3ttl=64time=0.
203ms64bytesfromcompute1(10.
0.
0.
31):icmp_seq=4ttl=64time=0.
202ms---compute1pingstatistics---4packetstransmitted,4received,0%packetloss,time3000msrttmin/avg/max/mdev=0.
202/0.
217/0.
263/0.
030ms3.
Fromthecomputenode,pingasiteontheInternet:#ping-c4openstack.
orgPINGopenstack.
org(174.
143.
194.
225)56(84)bytesofdata.
64bytesfrom174.
143.
194.
225:icmp_seq=1ttl=54time=18.
3ms64bytesfrom174.
143.
194.
225:icmp_seq=2ttl=54time=17.
5ms64bytesfrom174.
143.
194.
225:icmp_seq=3ttl=54time=17.
5ms64bytesfrom174.
143.
194.
225:icmp_seq=4ttl=54time=17.
4msuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno18---openstack.
orgpingstatistics---4packetstransmitted,4received,0%packetloss,time3022msrttmin/avg/max/mdev=17.
489/17.
715/18.
346/0.
364ms4.
Fromthecomputenode,pingthemanagementinterfaceonthecontrollernode:#ping-c4controllerPINGcontroller(10.
0.
0.
11)56(84)bytesofdata.
64bytesfromcontroller(10.
0.
0.
11):icmp_seq=1ttl=64time=0.
263ms64bytesfromcontroller(10.
0.
0.
11):icmp_seq=2ttl=64time=0.
202ms64bytesfromcontroller(10.
0.
0.
11):icmp_seq=3ttl=64time=0.
203ms64bytesfromcontroller(10.
0.
0.
11):icmp_seq=4ttl=64time=0.
202ms---controllerpingstatistics---4packetstransmitted,4received,0%packetloss,time3000msrttmin/avg/max/mdev=0.
202/0.
217/0.
263/0.
030msNetworkTimeProtocol(NTP)YoumustinstallNTPtoproperlysynchronizeservicesamongnodes.
Werecommendthatyouconfigurethecontrollernodetoreferencemoreaccurate(lowerstratum)serversandothernodestoreferencethecontrollernode.
ControllernodeToinstalltheNTPservice#yuminstallntpToconfiguretheNTPserviceBydefault,thecontrollernodesynchronizesthetimeviaapoolofpublicservers.
Howev-er,youcanoptionallyeditthe/etc/ntp.
conffiletoconfigurealternativeserverssuchasthoseprovidedbyyourorganization.
1.
Editthe/etc/ntp.
conffileandadd,change,orremovethefollowingkeysasneces-saryforyourenvironment:serverNTP_SERVERiburstrestrict-4defaultkodnotrapnomodifyrestrict-6defaultkodnotrapnomodifyReplaceNTP_SERVERwiththehostnameorIPaddressofasuitablemoreaccurate(lowerstratum)NTPserver.
Theconfigurationsupportsmultipleserverkeys.
NoteFortherestrictkeys,youessentiallyremovethenopeerandnoqueryoptions.
2.
StarttheNTPserviceandconfigureittostartwhenthesystemboots:#systemctlenablentpd.
serviceuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno19#systemctlstartntpd.
serviceOthernodesToinstalltheNTPservice#yuminstallntpToconfiguretheNTPserviceConfigurethenetworkandcomputenodestoreferencethecontrollernode.
1.
Editthe/etc/ntp.
conffile:Commentoutorremoveallbutoneserverkeyandchangeittoreferencethecon-trollernode.
servercontrolleriburst2.
StarttheNTPserviceandconfigureittostartwhenthesystemboots:#systemctlenablentpd.
service#systemctlstartntpd.
serviceVerifyoperationWerecommendthatyouverifyNTPsynchronizationbeforeproceedingfurther.
Somenodes,particularlythosethatreferencethecontrollernode,cantakeseveralminutestosynchronize.
1.
Runthiscommandonthecontrollernode:#ntpq-cpeersremoterefidsttwhenpollreachdelayoffsetjitter====*ntp-server1192.
0.
2.
112u16910243771.
901-0.
6115.
483+ntp-server2192.
0.
2.
122u88710243770.
922-0.
2462.
864ContentsintheremotecolumnshouldindicatethehostnameorIPaddressofoneormoreNTPservers.
NoteContentsintherefidcolumntypicallyreferenceIPaddressesofupstreamservers.
2.
Runthiscommandonthecontrollernode:#ntpq-cassocindassidstatusconfreachauthconditionlast_eventcnt120487961ayesyesnonesys.
peersys_peer1uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno20220488941ayesyesnonecandidatesys_peer1Contentsintheconditioncolumnshouldindicatesys.
peerforatleastoneserver.
3.
Runthiscommandonallothernodes:#ntpq-cpeersremoterefidsttwhenpollreachdelayoffsetjitter====*controller192.
0.
2.
213u4764370.
308-0.
2510.
079Contentsintheremotecolumnshouldindicatethehostnameofthecontrollernode.
NoteContentsintherefidcolumntypicallyreferenceIPaddressesofupstreamservers.
4.
Runthiscommandonallothernodes:#ntpq-cassocindassidstatusconfreachauthconditionlast_eventcnt121181963ayesyesnonesys.
peersys_peer3Contentsintheconditioncolumnshouldindicatesys.
peer.
OpenStackpackagesDistributionsreleaseOpenStackpackagesaspartofthedistributionorusingothermeth-odsbecauseofdifferingreleaseschedules.
Performtheseproceduresonallnodes.
NoteDisableorremoveanyautomaticupdateservicesbecausetheycanimpactyourOpenStackenvironment.
Toconfigureprerequisites1.
Installtheyum-plugin-prioritiespackagetoenableassignmentofrelativeprioritieswithinrepositories:#yuminstallyum-plugin-priorities2.
Installtheepel-releasepackagetoenabletheEPELrepository:#yuminstallhttp://dl.
fedoraproject.
org/pub/epel/7/x86_64/e/epel-release-7-2.
noarch.
rpmNoteFedoradoesnotrequirethispackage.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno21ToenabletheOpenStackrepositoryInstalltherdo-release-junopackagetoenabletheRDOrepository:#yuminstallhttp://rdo.
fedorapeople.
org/openstack-juno/rdo-release-juno.
rpmTofinalizeinstallation1.
Upgradethepackagesonyoursystem:#yumupgradeNoteIftheupgradeprocessincludesanewkernel,rebootyoursystemtoacti-vateit.
2.
RHELandCentOSenableSELinuxbydefault.
Installtheopenstack-selinuxpackagetoautomaticallymanagesecuritypoliciesforOpenStackservices:#yuminstallopenstack-selinuxNoteFedoradoesnotrequirethispackage.
NoteTheinstallationprocessforthispackagecantakeawhile.
DatabaseMostOpenStackservicesuseanSQLdatabasetostoreinformation.
Thedatabasetypicallyrunsonthecontrollernode.
TheproceduresinthisguideuseMariaDBorMySQLdepend-ingonthedistribution.
OpenStackservicesalsosupportotherSQLdatabasesincludingPost-greSQL.
Toinstallandconfigurethedatabaseserver1.
Installthepackages:NoteThePythonMySQLlibraryiscompatiblewithMariaDB.
#yuminstallmariadbmariadb-serverMySQL-python2.
Editthe/etc/my.
cnffileandcompletethefollowingactions:a.
Inthe[mysqld]section,setthebind-addresskeytothemanagementIPad-dressofthecontrollernodetoenableaccessbyothernodesviathemanagementnetwork:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno22[mysqld].
.
.
bind-address=10.
0.
0.
11b.
Inthe[mysqld]section,setthefollowingkeystoenableusefuloptionsandtheUTF-8characterset:[mysqld].
.
.
default-storage-engine=innodbinnodb_file_per_tablecollation-server=utf8_general_ciinit-connect='SETNAMESutf8'character-set-server=utf8Tofinalizeinstallation1.
Startthedatabaseserviceandconfigureittostartwhenthesystemboots:#systemctlenablemariadb.
service#systemctlstartmariadb.
service2.
Securethedatabaseserviceincludingchoosingasuitablepasswordfortherootac-count:#mysql_secure_installationMessagingserverOpenStackusesamessagebrokertocoordinateoperationsandstatusinformationamongservices.
Themessagebrokerservicetypicallyrunsonthecontrollernode.
OpenStacksup-portsseveralmessagebrokersincludingRabbitMQ,Qpid,andZeroMQ.
However,mostdis-tributionsthatpackageOpenStacksupportaparticularmessagebroker.
ThisguidecoverstheRabbitMQmessagebrokerwhichissupportedbyeachdistribution.
Ifyouprefertoim-plementadifferentmessagebroker,consultthedocumentationassociatedwithit.
RabbitMQQpidZeroMQToinstalltheRabbitMQmessagebrokerservice#yuminstallrabbitmq-serverToconfigurethemessagebrokerservice1.
Startthemessagebrokerserviceandconfigureittostartwhenthesystemboots:#systemctlenablerabbitmq-server.
service#systemctlstartrabbitmq-server.
service2.
Themessagebrokercreatesadefaultaccountthatusesguestfortheusernameandpassword.
Tosimplifyinstallationofyourtestenvironment,werecommendthatyouusethisaccount,butchangethepasswordforit.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno23Runthefollowingcommand:ReplaceRABBIT_PASSwithasuitablepassword.
#rabbitmqctlchange_passwordguestRABBIT_PASSChangingpasswordforuser"guest".
.
.
.
.
.
done.
Youmustconfiguretherabbit_passwordkeyintheconfigurationfileforeachOpenStackservicethatusesthemessagebroker.
NoteForproductionenvironments,youshouldcreateauniqueaccountwithsuitablepassword.
Formoreinformationonsecuringthemessagebroker,seethedocumentation.
Ifyoudecidetocreateauniqueaccountwithsuitablepasswordforyourtestenvironment,youmustconfiguretherabbit_useridandrabbit_passwordkeysintheconfigurationfileofeachOpenStackser-vicethatusesthemessagebroker.
Congratulations,nowyouarereadytoinstallOpenStackservices!
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno243.
AddtheIdentityserviceTableofContentsOpenStackIdentityconcepts24Installandconfigure26Createtenants,users,androles28CreatetheserviceentityandAPIendpoint31Verifyoperation32CreateOpenStackclientenvironmentscripts34OpenStackIdentityconceptsTheOpenStackIdentityServiceperformsthefollowingfunctions:Trackingusersandtheirpermissions.
ProvidingacatalogofavailableserviceswiththeirAPIendpoints.
WheninstallingOpenStackIdentityservice,youmustregistereachserviceinyourOpen-Stackinstallation.
IdentityservicecanthentrackwhichOpenStackservicesareinstalled,andwheretheyarelocatedonthenetwork.
TounderstandOpenStackIdentity,youmustunderstandthefollowingconcepts:UserDigitalrepresentationofaperson,system,orservicewhousesOpenStackcloudservices.
TheIdentityservicevalidatesthatincom-ingrequestsaremadebytheuserwhoclaimstobemakingthecall.
Usershavealoginandmaybeassignedtokenstoaccessresources.
Userscanbedirectlyassignedtoaparticulartenantandbehaveasiftheyarecontainedinthattenant.
CredentialsDatathatconfirmstheuser'sidentity.
Forexample:usernameandpassword,usernameandAPIkey,oranauthenticationtokenpro-videdbytheIdentityService.
AuthenticationTheprocessofconfirmingtheidentityofauser.
OpenStackIdentityconfirmsanincomingrequestbyvalidatingasetofcredentialssup-pliedbytheuser.
Thesecredentialsareinitiallyausernameandpassword,orausernameandAPIkey.
Whenusercredentialsarevalidated,OpenStackIdentityissuesanauthenticationtokenwhichtheuserprovidesinsubsequentrequests.
TokenAnalpha-numericstringoftextusedtoaccessOpenStackAPIsandresources.
Atokenmayberevokedatanytimeandisvalidforafi-niteduration.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno25WhileOpenStackIdentitysupportstoken-basedauthenticationinthisrelease,theintentionistosupportadditionalprotocolsinthefu-ture.
Itsmainpurposeistobeanintegrationservice,andnotaspiretobeafull-fledgedidentitystoreandmanagementsolution.
TenantAcontainerusedtogrouporisolateresources.
Tenantsalsogrouporisolateidentityobjects.
Dependingontheserviceoperator,aten-antmaymaptoacustomer,account,organization,orproject.
ServiceAnOpenStackservice,suchasCompute(nova),ObjectStorage(swift),orImageService(glance).
Itprovidesoneormoreendpointsinwhichuserscanaccessresourcesandperformoperations.
EndpointAnetwork-accessibleaddresswhereyouaccessaservice,usuallyaURLaddress.
Ifyouareusinganextensionfortemplates,anend-pointtemplatecanbecreated,whichrepresentsthetemplatesofalltheconsumableservicesthatareavailableacrosstheregions.
RoleApersonalitywithadefinedsetofuserrightsandprivilegestoper-formaspecificsetofoperations.
IntheIdentityservice,atokenthatisissuedtoauserincludesthelistofroles.
Servicesthatarebeingcalledbythatuserdeterminehowtheyinterpretthesetofrolesauserhasandtowhichopera-tionsorresourceseachrolegrantsaccess.
KeystoneClientAcommandlineinterfacefortheOpenStackIdentityAPI.
Forexam-ple,userscanrunthekeystoneservice-createandkeystoneend-point-createcommandstoregisterservicesintheirOpenStackinstal-lations.
ThefollowingdiagramshowstheOpenStackIdentityprocessflow:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno26InstallandconfigureThissectiondescribeshowtoinstallandconfiguretheOpenStackIdentityserviceonthecontrollernode.
ToconfigureprerequisitesBeforeyouconfiguretheOpenStackIdentityservice,youmustcreateadatabaseandanadministrationtoken.
1.
Tocreatethedatabase,completethesesteps:a.
Usethedatabaseaccessclienttoconnecttothedatabaseserverastherootuser:$mysql-uroot-pb.
Createthekeystonedatabase:CREATEDATABASEkeystone;c.
Grantproperaccesstothekeystonedatabase:GRANTALLPRIVILEGESONkeystone.
*TO'keystone'@'localhost'\IDENTIFIEDBY'KEYSTONE_DBPASS';GRANTALLPRIVILEGESONkeystone.
*TO'keystone'@'%'\IDENTIFIEDBY'KEYSTONE_DBPASS';ReplaceKEYSTONE_DBPASSwithasuitablepassword.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno27d.
Exitthedatabaseaccessclient.
2.
Generatearandomvaluetouseastheadministrationtokenduringinitialconfigura-tion:#opensslrand-hex10Toinstallandconfigurethecomponents1.
Runthefollowingcommandtoinstallthepackages:#yuminstallopenstack-keystonepython-keystoneclient2.
Editthe/etc/keystone/keystone.
conffileandcompletethefollowingactions:a.
Inthe[DEFAULT]section,definethevalueoftheinitialadministrationtoken:[DEFAULT].
.
.
admin_token=ADMIN_TOKENReplaceADMIN_TOKENwiththerandomvaluethatyougeneratedinapreviousstep.
b.
Inthe[database]section,configuredatabaseaccess:[database].
.
.
connection=mysql://keystone:KEYSTONE_DBPASS@controller/keystoneReplaceKEYSTONE_DBPASSwiththepasswordyouchoseforthedatabase.
c.
Inthe[token]section,configuretheUUIDtokenproviderandSQLdriver:[token].
.
.
provider=keystone.
token.
providers.
uuid.
Providerdriver=keystone.
token.
persistence.
backends.
sql.
Tokend.
(Optional)Toassistwithtroubleshooting,enableverboselogginginthe[DE-FAULT]section:[DEFAULT].
.
.
verbose=True3.
Creategenericcertificatesandkeysandrestrictaccesstotheassociatedfiles:#keystone-managepki_setup--keystone-userkeystone--keystone-groupkeystone#chown-Rkeystone:keystone/var/log/keystone#chown-Rkeystone:keystone/etc/keystone/ssl#chmod-Ro-rwx/etc/keystone/ssl4.
PopulatetheIdentityservicedatabase:#su-s/bin/sh-c"keystone-managedb_sync"keystoneuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno28Tofinalizeinstallation1.
StarttheIdentityserviceandconfigureittostartwhenthesystemboots:#systemctlenableopenstack-keystone.
service#systemctlstartopenstack-keystone.
service2.
Bydefault,theIdentityservicestoresexpiredtokensinthedatabaseindefinitely.
Theaccumulationofexpiredtokensconsiderablyincreasesthedatabasesizeandmightde-gradeserviceperformance,particularlyinenvironmentswithlimitedresources.
Werecommendthatyouusecrontoconfigureaperiodictaskthatpurgesexpiredto-kenshourly:#(crontab-l-ukeystone2>&1|grep-qtoken_flush)||\echo'@hourly/usr/bin/keystone-managetoken_flush>/var/log/keystone/keystone-tokenflush.
log2>&1'\>>/var/spool/cron/keystoneCreatetenants,users,androlesAfteryouinstalltheIdentityservice,createtenants(projects),users,androlesforyouren-vironment.
Youmustusethetemporaryadministrationtokenthatyoucreatedinthesec-tioncalled"Installandconfigure"[26]andmanuallyconfigurethelocation(endpoint)oftheIdentityservicebeforeyourunkeystonecommands.
Youcanpassthevalueoftheadministrationtokentothekeystonecommandwiththe--os-tokenoptionorsetthetemporaryOS_SERVICE_TOKENenvironmentvariable.
Sim-ilarly,youcanpassthelocationoftheIdentityservicetothekeystonecommandwiththe--os-endpointoptionorsetthetemporaryOS_SERVICE_ENDPOINTenvironmentvari-able.
Thisguideusesenvironmentvariablestoreducecommandlength.
Formoreinformation,seetheOperationsGuide-ManagingProjectandUsers.
Toconfigureprerequisites1.
Configuretheadministrationtoken:$exportOS_SERVICE_TOKEN=ADMIN_TOKENReplaceADMIN_TOKENwiththeadministrationtokenthatyougeneratedinthesec-tioncalled"Installandconfigure"[26].
Forexample:$exportOS_SERVICE_TOKEN=294a4c8a8a475f9b98362.
Configuretheendpoint:$exportOS_SERVICE_ENDPOINT=http://controller:35357/v2.
0Tocreatetenants,users,androles1.
Createanadministrativetenant,user,androleforadministrativeoperationsinyourenvironment:a.
Createtheadmintenant:$keystonetenant-create--nameadmin--description"AdminTenant"uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno29|Property|Value||description|AdminTenant||enabled|True||id|6f4c1e4cbfef4d5a8a1345882fbca110||name|admin|NoteBecauseOpenStackgeneratesIDsdynamically,youwillseedifferentvaluesfromthisexamplecommandoutput.
b.
Createtheadminuser:$keystoneuser-create--nameadmin--passADMIN_PASS--emailEMAIL_ADDRESS|Property|Value||email|admin@example.
com||enabled|True||id|ea8c352d253443118041c9c8b8416040||name|admin||username|admin|ReplaceADMIN_PASSwithasuitablepasswordandEMAIL_ADDRESSwithasuit-ablee-mailaddress.
c.
Createtheadminrole:$keystonerole-create--nameadmin|Property|Value||id|bff3a6083b714fa29c9344bf8930d199||name|admin|d.
Addtheadmintenantandusertotheadminrole:$keystoneuser-role-add--tenantadmin--useradmin--roleadminNoteThiscommandprovidesnooutput.
e.
Bydefault,thedashboardlimitsaccesstouserswiththe_member_role.
Createthe_member_role:$keystonerole-create--name_member_|Property|Value||id|0f198e94ffce416cbcbe344e1843eac8|uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno30|name|_member_|f.
Addtheadmintenantandusertothe_member_role:$keystoneuser-role-add--tenantadmin--useradmin--role_member_NoteThiscommandprovidesnooutput.
NoteAnyrolesthatyoucreatemustmaptorolesspecifiedinthepolicy.
jsonfileincludedwitheachOpenStackservice.
Thedefaultpolicyformostser-vicesgrantsadministrativeaccesstotheadminrole.
Formoreinformation,seetheOperationsGuide-ManagingProjectsandUsers.
2.
Createademotenantanduserfortypicaloperationsinyourenvironment:a.
Createthedemotenant:$keystonetenant-create--namedemo--description"DemoTenant"|Property|Value||description|DemoTenant||enabled|True||id|4aa51bb942be4dd0ac0555d7591f80a6||name|demo|NoteDonotrepeatthisstepwhencreatingadditionalusersforthistenant.
b.
Createthedemouser:$keystoneuser-create--namedemo--passDEMO_PASS--emailEMAIL_ADDRESS|Property|Value||email|demo@example.
com||enabled|True||id|7004dfa0dda84d63aef81cf7f100af01||name|demo||username|demo|ReplaceDEMO_PASSwithasuitablepasswordandEMAIL_ADDRESSwithasuit-ablee-mailaddress.
c.
Addthedemotenantandusertothe_member_role:$keystoneuser-role-add--tenantdemo--userdemo--role_member_uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno31NoteThiscommandprovidesnooutput.
NoteYoucanrepeatthisproceduretocreateadditionaltenantsandusers.
3.
OpenStackservicesalsorequireatenant,user,androletointeractwithotherservices.
Youwillcreateauserintheservicetenantforeachservicethatyouinstall.
Createtheservicetenant:$keystonetenant-create--nameservice--description"ServiceTenant"|Property|Value||description|ServiceTenant||enabled|True||id|6b69202e1bf846a4ae50d65bc4789122||name|service|CreatetheserviceentityandAPIendpointAfteryoucreatetenants,users,androles,youmustcreatetheserviceentityandAPIend-pointfortheIdentityservice.
ToconfigureprerequisitesSettheOS_SERVICE_TOKENandOS_SERVICE_ENDPOINTenvironmentvariables,asdescribedinthesectioncalled"Createtenants,users,androles"[28].
TocreatetheserviceentityandAPIendpoint1.
TheIdentityservicemanagesacatalogofservicesinyourOpenStackenvironment.
Ser-vicesusethiscatalogtolocateotherservicesinyourenvironment.
CreatetheserviceentityfortheIdentityservice:$keystoneservice-create--namekeystone--typeidentity\--description"OpenStackIdentity"|Property|Value||description|OpenStackIdentity||enabled|True||id|15c11a23667e427e91bc31335b45f4bd||name|keystone||type|identity|uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno32NoteBecauseOpenStackgeneratesIDsdynamically,youwillseedifferentvaluesfromthisexamplecommandoutput.
2.
TheIdentityservicemanagesacatalogofAPIendpointsassociatedwiththeservicesinyourOpenStackenvironment.
Servicesusethiscatalogtodeterminehowtocommuni-catewithotherservicesinyourenvironment.
OpenStackprovidesthreeAPIendpointvariationsforeachservice:admin,internal,andpublic.
Inaproductionenvironment,thevariantsmightresideonseparatenet-worksthatservicedifferenttypesofusersforsecurityreasons.
Also,OpenStacksup-portsmultipleregionsforscalability.
Forsimplicity,thisconfigurationusesthemanage-mentnetworkforallendpointvariationsandtheregionOneregion.
CreatetheAPIendpointfortheIdentityservice:$keystoneendpoint-create\--service-id$(keystoneservice-list|awk'/identity/{print$2}')\--publicurlhttp://controller:5000/v2.
0\--internalurlhttp://controller:5000/v2.
0\--adminurlhttp://controller:35357/v2.
0\--regionregionOne|Property|Value||adminurl|http://controller:35357/v2.
0||id|11f9c625a3b94a3f8e66bf4e5de2679f||internalurl|http://controller:5000/v2.
0||publicurl|http://controller:5000/v2.
0||region|regionOne||service_id|15c11a23667e427e91bc31335b45f4bd|NoteThiscommandreferencestheIDoftheservicethatyoucreatedinthepre-viousstep.
NoteEachservicethatyouaddtoyourOpenStackenvironmentrequiresaddingin-formationsuchasAPIendpointstotheIdentityservice.
Thesectionsofthisguidethatcoverserviceinstallationincludestepstoaddtheappropriateinfor-mationtotheIdentityservice.
VerifyoperationThissectiondescribeshowtoverifyoperationoftheIdentityservice.
1.
UnsetthetemporaryOS_SERVICE_TOKENandOS_SERVICE_ENDPOINTenviron-mentvariables:$unsetOS_SERVICE_TOKENOS_SERVICE_ENDPOINTuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno332.
Astheadmintenantanduser,requestanauthenticationtoken:$keystone--os-tenant-nameadmin--os-usernameadmin--os-passwordADMIN_PASS\--os-auth-urlhttp://controller:35357/v2.
0token-getReplaceADMIN_PASSwiththepasswordyouchosefortheadminuserintheIdenti-tyservice.
Youmightneedtousesinglequotes(')aroundyourpasswordifitincludesspecialcharacters.
Lengthyoutputthatincludesatokenvalueverifiesoperationfortheadmintenantanduser.
3.
Astheadmintenantanduser,listtenantstoverifythattheadmintenantandusercanexecuteadmin-onlyCLIcommandsandthattheIdentityservicecontainstheten-antsthatyoucreatedinthesectioncalled"Createtenants,users,androles"[28]:$keystone--os-tenant-nameadmin--os-usernameadmin--os-passwordADMIN_PASS\--os-auth-urlhttp://controller:35357/v2.
0tenant-list|id|name|enabled||6f4c1e4cbfef4d5a8a1345882fbca110|admin|True||4aa51bb942be4dd0ac0555d7591f80a6|demo|True||6b69202e1bf846a4ae50d65bc4789122|service|True|NoteBecauseOpenStackgeneratesIDsdynamically,youwillseedifferentvaluesfromthisexamplecommandoutput.
4.
Astheadmintenantanduser,listuserstoverifythattheIdentityservicecontainstheusersthatyoucreatedinthesectioncalled"Createtenants,users,androles"[28]:$keystone--os-tenant-nameadmin--os-usernameadmin--os-passwordADMIN_PASS\--os-auth-urlhttp://controller:35357/v2.
0user-list|id|name|enabled|email||ea8c352d253443118041c9c8b8416040|admin|True|admin@example.
com||7004dfa0dda84d63aef81cf7f100af01|demo|True|demo@example.
com|5.
Astheadmintenantanduser,listrolestoverifythattheIdentityservicecontainstherolethatyoucreatedinthesectioncalled"Createtenants,users,androles"[28]:$keystone--os-tenant-nameadmin--os-usernameadmin--os-passwordADMIN_PASS\--os-auth-urlhttp://controller:35357/v2.
0role-listuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno34|id|name||9fe2ff9ee4384b1894a90878d3e92bab|_member_||bff3a6083b714fa29c9344bf8930d199|admin|6.
Asthedemotenantanduser,requestanauthenticationtoken:$keystone--os-tenant-namedemo--os-usernamedemo--os-passwordDEMO_PASS\--os-auth-urlhttp://controller:35357/v2.
0token-get|Property|Value||expires|2014-10-10T12:51:33Z||id|1b87ceae9e08411ba4a16e4dada04802||tenant_id|4aa51bb942be4dd0ac0555d7591f80a6||user_id|7004dfa0dda84d63aef81cf7f100af01|ReplaceDEMO_PASSwiththepasswordyouchoseforthedemouserintheIdentityservice.
7.
Asthedemotenantanduser,attempttolistuserstoverifythatyoucannotexecuteadmin-onlyCLIcommands:$keystone--os-tenant-namedemo--os-usernamedemo--os-passwordDEMO_PASS\--os-auth-urlhttp://controller:35357/v2.
0user-listYouarenotauthorizedtoperformtherequestedaction,admin_required.
(HTTP403)NoteEachOpenStackservicereferencesapolicy.
jsonfiletodeterminetheoperationsavailabletoaparticulartenant,user,orrole.
Formoreinforma-tion,seetheOperationsGuide-ManagingProjectsandUsers.
CreateOpenStackclientenvironmentscriptsTheprevioussectionusedacombinationofenvironmentvariablesandcommandoptionstointeractwiththeIdentityserviceviathekeystoneclient.
Toincreaseefficiencyofclientoperations,OpenStacksupportssimpleclientenvironmentscriptsalsoknownasOpenRCfiles.
Thesescriptstypicallycontaincommonoptionsforallclients,butalsosupportuniqueoptions.
Formoreinformation,seetheOpenStackUserGuide.
TocreatethescriptsCreateclientenvironmentscriptsfortheadminanddemotenantsandusers.
Futurepor-tionsofthisguidereferencethesescriptstoloadappropriatecredentialsforclientopera-tions.
1.
Edittheadmin-openrc.
shfileandaddthefollowingcontent:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno35exportOS_TENANT_NAME=adminexportOS_USERNAME=adminexportOS_PASSWORD=ADMIN_PASSexportOS_AUTH_URL=http://controller:35357/v2.
0ReplaceADMIN_PASSwiththepasswordyouchosefortheadminuserintheIdentityservice.
2.
Editthedemo-openrc.
shfileandaddthefollowingcontent:exportOS_TENANT_NAME=demoexportOS_USERNAME=demoexportOS_PASSWORD=DEMO_PASSexportOS_AUTH_URL=http://controller:5000/v2.
0ReplaceDEMO_PASSwiththepasswordyouchoseforthedemouserintheIdentityservice.
ToloadclientenvironmentscriptsTorunclientsasacertaintenantanduser,youcansimplyloadtheassociatedclienten-vironmentscriptpriortorunningthem.
Forexample,toloadthelocationoftheIdenti-tyserviceandadmintenantandusercredentials:$sourceadmin-openrc.
shuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno364.
AddtheImageServiceTableofContentsOpenStackImageService36Installandconfigure37Verifyoperation40TheOpenStackImageService(glance)enablesuserstodiscover,register,andretrievevir-tualmachineimages.
ItoffersaRESTAPIthatenablesyoutoqueryvirtualmachineim-agemetadataandretrieveanactualimage.
YoucanstorevirtualmachineimagesmadeavailablethroughtheImageServiceinavarietyoflocations,fromsimplefilesystemstoob-ject-storagesystemslikeOpenStackObjectStorage.
ImportantForsimplicity,thisguidedescribesconfiguringtheImageServicetousethefilebackend,whichuploadsandstoresinadirectoryonthecontrollernodehostingtheImageService.
Bydefault,thisdirectoryis/var/lib/glance/images/.
Beforeyouproceed,ensurethatthecontrollernodehasatleastseveralgiga-bytesofspaceavailableinthisdirectory.
Forinformationonrequirementsforotherbackends,seeConfigurationRefer-ence.
OpenStackImageServiceTheOpenStackImageServiceiscentraltoInfrastructure-as-a-Service(IaaS)asshowninFig-ure1.
1,"Conceptualarchitecture"[2].
ItacceptsAPIrequestsfordiskorserverimages,andimagemetadatafromendusersorOpenStackComputecomponents.
Italsosupportsthestorageofdiskorserverimagesonvariousrepositorytypes,includingOpenStackObjectStorage.
AnumberofperiodicprocessesrunontheOpenStackImageServicetosupportcaching.
Replicationservicesensureconsistencyandavailabilitythroughthecluster.
Otherperiodicprocessesincludeauditors,updaters,andreapers.
TheOpenStackImageServiceincludesthefollowingcomponents:glance-apiAcceptsImageAPIcallsforimagediscovery,retrieval,andstorage.
glance-registryStores,processes,andretrievesmetadataaboutimages.
Metadataincludesitemssuchassizeandtype.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno37SecuritynoteTheregistryisaprivateinternalservicemeantforusebyOpenStackImageService.
Donotdiscloseittousers.
DatabaseStoresimagemetadataandyoucanchooseyourdatabasedependingonyourpreference.
Mostdeploy-mentsuseMySQLorSQLite.
StoragerepositoryforimagefilesVariousrepositorytypesaresupportedincludingnor-malfilesystems,ObjectStorage,RADOSblockdevices,HTTP,andAmazonS3.
Notethatsomerepositorieswillonlysupportread-onlyusage.
InstallandconfigureThissectiondescribeshowtoinstallandconfiguretheImageService,code-namedglance,onthecontrollernode.
Forsimplicity,thisconfigurationstoresimagesonthelocalfilesys-tem.
NoteThissectionassumesproperinstallation,configuration,andoperationoftheIdentityserviceasdescribedinthesectioncalled"Installandconfigure"[26]andthesectioncalled"Verifyoperation"[32].
ToconfigureprerequisitesBeforeyouinstallandconfiguretheImageService,youmustcreateadatabaseandIdentityservicecredentialsincludingendpoints.
1.
Tocreatethedatabase,completethesesteps:a.
Usethedatabaseaccessclienttoconnecttothedatabaseserverastherootuser:$mysql-uroot-pb.
Createtheglancedatabase:CREATEDATABASEglance;c.
Grantproperaccesstotheglancedatabase:GRANTALLPRIVILEGESONglance.
*TO'glance'@'localhost'\IDENTIFIEDBY'GLANCE_DBPASS';GRANTALLPRIVILEGESONglance.
*TO'glance'@'%'\IDENTIFIEDBY'GLANCE_DBPASS';ReplaceGLANCE_DBPASSwithasuitablepassword.
d.
Exitthedatabaseaccessclient.
2.
Sourcetheadmincredentialstogainaccesstoadmin-onlyCLIcommands:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno38$sourceadmin-openrc.
sh3.
TocreatetheIdentityservicecredentials,completethesesteps:a.
Createtheglanceuser:$keystoneuser-create--nameglance--passGLANCE_PASS|Property|Value||email|||enabled|True||id|f89cca5865dc42b18e2421fa5f5cce66||name|glance||username|glance|ReplaceGLANCE_PASSwithasuitablepassword.
b.
Linktheglanceusertotheservicetenantandadminrole:$keystoneuser-role-add--userglance--tenantservice--roleadminNoteThiscommandprovidesnooutput.
c.
Createtheglanceservice:$keystoneservice-create--nameglance--typeimage\--description"OpenStackImageService"|Property|Value||description|OpenStackImageService||enabled|True||id|23f409c4e79f4c9e9d23d809c50fbacf||name|glance||type|image|4.
CreatetheIdentityserviceendpoints:$keystoneendpoint-create\--service-id$(keystoneservice-list|awk'/image/{print$2}')\--publicurlhttp://controller:9292\--internalurlhttp://controller:9292\--adminurlhttp://controller:9292\--regionregionOne|Property|Value||adminurl|http://controller:9292||id|a2ee818c69cb475199a1ca108332eb35||internalurl|http://controller:9292||publicurl|http://controller:9292||region|regionOne||service_id|23f409c4e79f4c9e9d23d809c50fbacf|uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno39ToinstallandconfiguretheImageServicecomponents1.
Installthepackages:#yuminstallopenstack-glancepython-glanceclient2.
Editthe/etc/glance/glance-api.
conffileandcompletethefollowingactions:a.
Inthe[database]section,configuredatabaseaccess:[database].
.
.
connection=mysql://glance:GLANCE_DBPASS@controller/glanceReplaceGLANCE_DBPASSwiththepasswordyouchosefortheImageServicedatabase.
b.
Inthe[keystone_authtoken]and[paste_deploy]sections,configureIdentityserviceaccess:[keystone_authtoken].
.
.
auth_uri=http://controller:5000/v2.
0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=glanceadmin_password=GLANCE_PASS[paste_deploy].
.
.
flavor=keystoneReplaceGLANCE_PASSwiththepasswordyouchosefortheglanceuserintheIdentityservice.
NoteCommentoutanyauth_host,auth_port,andauth_protocoloptionsbecausetheidentity_urioptionreplacesthem.
c.
Inthe[glance_store]section,configurethelocalfilesystemstoreandloca-tionofimagefiles:[glance_store].
.
.
default_store=filefilesystem_store_datadir=/var/lib/glance/images/d.
(Optional)Toassistwithtroubleshooting,enableverboselogginginthe[DE-FAULT]section:[DEFAULT].
.
.
verbose=True3.
Editthe/etc/glance/glance-registry.
conffileandcompletethefollowingactions:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno40a.
Inthe[database]section,configuredatabaseaccess:[database].
.
.
connection=mysql://glance:GLANCE_DBPASS@controller/glanceReplaceGLANCE_DBPASSwiththepasswordyouchosefortheImageServicedatabase.
b.
Inthe[keystone_authtoken]and[paste_deploy]sections,configureIdentityserviceaccess:[keystone_authtoken].
.
.
auth_uri=http://controller:5000/v2.
0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=glanceadmin_password=GLANCE_PASS[paste_deploy].
.
.
flavor=keystoneReplaceGLANCE_PASSwiththepasswordyouchosefortheglanceuserintheIdentityservice.
NoteCommentoutanyauth_host,auth_port,andauth_protocoloptionsbecausetheidentity_urioptionreplacesthem.
c.
(Optional)Toassistwithtroubleshooting,enableverboselogginginthe[DE-FAULT]section:[DEFAULT].
.
.
verbose=True4.
PopulatetheImageServicedatabase:#su-s/bin/sh-c"glance-managedb_sync"glanceTofinalizeinstallationStarttheImageServiceservicesandconfigurethemtostartwhenthesystemboots:#systemctlenableopenstack-glance-api.
serviceopenstack-glance-registry.
service#systemctlstartopenstack-glance-api.
serviceopenstack-glance-registry.
serviceVerifyoperationThissectiondescribeshowtoverifyoperationoftheImageServiceusingCirrOS,asmallLin-uximagethathelpsyoutestyourOpenStackdeployment.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno41Formoreinformationabouthowtodownloadandbuildimages,seeOpenStackVirtualMa-chineImageGuide.
Forinformationabouthowtomanageimages,seetheOpenStackUserGuide.
1.
Createandchangeintoatemporarylocaldirectory:$mkdir/tmp/images$cd/tmp/images2.
Downloadtheimagetothetemporarylocaldirectory:$wgethttp://cdn.
download.
cirros-cloud.
net/0.
3.
3/cirros-0.
3.
3-x86_64-disk.
img3.
Sourcetheadmincredentialstogainaccesstoadmin-onlyCLIcommands:$sourceadmin-openrc.
sh4.
UploadtheimagetotheImageService:$glanceimage-create--name"cirros-0.
3.
3-x86_64"--filecirros-0.
3.
3-x86_64-disk.
img\--disk-formatqcow2--container-formatbare--is-publicTrue--progress100%|Property|Value||checksum|133eae9fb1c98f45894a4e60d8736619||container_format|bare||created_at|2014-10-10T13:14:42||deleted|False||deleted_at|None||disk_format|qcow2||id|acafc7c0-40aa-4026-9673-b879898e1fc2||is_public|True||min_disk|0||min_ram|0||name|cirros-0.
3.
3-x86_64||owner|ea8c352d253443118041c9c8b8416040||protected|False||size|13200896||status|active||updated_at|2014-10-10T13:14:43||virtual_size|None|Forinformationabouttheparametersfortheglanceimage-createcommand,seeIm-ageServicecommand-lineclientintheOpenStackCommand-LineInterfaceReference.
Forinformationaboutdiskandcontainerformatsforimages,seeDiskandcontainerformatsforimagesintheOpenStackVirtualMachineImageGuide.
NoteBecausethereturnedimageIDisgenerateddynamically,yourdeploymentgeneratesadifferentIDthantheoneshowninthisexample.
5.
Confirmuploadoftheimageandvalidateattributes:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno42$glanceimage-list|ID|Name|DiskFormat|ContainerFormat|Size|Status||acafc7c0-40aa-4026-9673-b879898e1fc2|cirros-0.
3.
3-x86_64|qcow2|bare|13200896|active|6.
Removethetemporarylocaldirectory:$rm-r/tmp/imagesuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno435.
AddtheComputeserviceTableofContentsOpenStackCompute43Installandconfigurecontrollernode46Installandconfigureacomputenode49Verifyoperation51OpenStackComputeUseOpenStackComputetohostandmanagecloudcomputingsystems.
OpenStackCom-puteisamajorpartofanInfrastructure-as-a-Service(IaaS)system.
ThemainmodulesareimplementedinPython.
OpenStackComputeinteractswithOpenStackIdentityforauthentication,OpenStackIm-ageServicefordiskandserverimages,andOpenStackdashboardfortheuserandadmin-istrativeinterface.
Imageaccessislimitedbyprojects,andbyusers;quotasarelimitedperproject(thenumberofinstances,forexample).
OpenStackComputecanscalehorizontallyonstandardhardware,anddownloadimagestolaunchinstances.
OpenStackComputeconsistsofthefollowingareasandtheircomponents:APInova-apiserviceAcceptsandrespondstoendusercomputeAPIcalls.
TheservicesupportstheOpenStackComputeAPI,theAmazonEC2API,andaspecialAdminAPIforprivilegeduserstoperformadministrativeactions.
Itenforcessomepoliciesandinitiatesmostorchestrationactivities,suchasrunninganinstance.
nova-api-metadataserviceAcceptsmetadatarequestsfrominstances.
Theno-va-api-metadataserviceisgenerallyusedwhenyouruninmulti-hostmodewithnova-networkinstalla-tions.
Fordetails,seeMetadataserviceintheOpenStackCloudAdministratorGuide.
OnDebiansystems,itisincludedinthenova-apipack-age,andcanbeselectedthroughdebconf.
Computecorenova-computeserviceAworkerdaemonthatcreatesandterminatesvirtualmachineinstancesthroughhypervisorAPIs.
Forexam-ple:XenAPIforXenServer/XCPuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno44libvirtforKVMorQEMUVMwareAPIforVMwareProcessingisfairlycomplex.
Basically,thedaemonac-ceptsactionsfromthequeueandperformsaseriesofsystemcommandssuchaslaunchingaKVMinstanceandupdatingitsstateinthedatabase.
nova-schedulerserviceTakesavirtualmachineinstancerequestfromthequeueanddeterminesonwhichcomputeserverhostitruns.
nova-conductormoduleMediatesinteractionsbetweenthenova-computeser-viceandthedatabase.
Iteliminatesdirectaccessestotheclouddatabasemadebythenova-computeser-vice.
Thenova-conductormodulescaleshorizontal-ly.
However,donotdeployitonnodeswheretheno-va-computeserviceruns.
Formoreinformation,seeAnewNovaservice:nova-conductor.
NetworkingforVMsnova-networkworkerdae-monSimilartothenova-computeservice,acceptsnetwork-ingtasksfromthequeueandmanipulatesthenetwork.
PerformstaskssuchassettingupbridginginterfacesorchangingIPtablesrules.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno45Consoleinterfacenova-consoleauthdaemonAuthorizestokensforusersthatconsoleproxiespro-vide.
Seenova-novncproxyandnova-xvpn-vcproxy.
Thisservicemustberunningforconsoleprox-iestowork.
Youcanrunproxiesofeithertypeagainstasinglenova-consoleauthserviceinaclusterconfigu-ration.
Forinformation,seeAboutnova-consoleauth.
nova-novncproxydaemonProvidesaproxyforaccessingrunninginstancesthroughaVNCconnection.
Supportsbrowser-basednovncclients.
nova-spicehtml5proxydae-monProvidesaproxyforaccessingrunninginstancesthroughaSPICEconnection.
Supportsbrowser-basedHTML5client.
nova-xvpnvncproxydaemonProvidesaproxyforaccessingrunninginstancesthroughaVNCconnection.
SupportsanOpenStack-spe-cificJavaclient.
nova-certdaemonx509certificates.
Imagemanagement(EC2scenario)nova-objectstoredaemonAnS3interfaceforregisteringimageswiththeOpen-StackImageService.
Usedprimarilyforinstallationsthatmustsupporteuca2ools.
Theeuca2oolstoolstalktonova-objectstoreinS3language,andnova-ob-jectstoretranslatesS3requestsintoImageServicerequests.
euca2oolsclientAsetofcommand-lineinterpretercommandsforman-agingcloudresources.
AlthoughitisnotanOpenStackmodule,youcanconfigurenova-apitosupportthisEC2interface.
Formoreinformation,seetheEucalyptus3.
4Documentation.
Command-lineclientsandotherinterfacesnovaclientEnablesuserstosubmitcommandsasatenantadministratororenduser.
OthercomponentsThequeueAcentralhubforpassingmessagesbetweendaemons.
Usuallyimple-mentedwithRabbitMQ,butcanbeimplementedwithanAMQPmes-sagequeue,suchasApacheQpidorZeroMQ.
SQLdatabaseStoresmostbuild-timeandrun-timestatesforacloudinfrastructure,in-cluding:AvailableinstancetypesInstancesinuseuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno46AvailablenetworksProjectsTheoretically,OpenStackComputecansupportanydatabasethatSQL-Alchemysupports.
CommondatabasesareSQLite3fortestanddevelop-mentwork,MySQL,andPostgreSQL.
InstallandconfigurecontrollernodeThissectiondescribeshowtoinstallandconfiguretheComputeservice,code-namednova,onthecontrollernode.
ToconfigureprerequisitesBeforeyouinstallandconfigureCompute,youmustcreateadatabaseandIdentityservicecredentialsincludingendpoints.
1.
Tocreatethedatabase,completethesesteps:a.
Usethedatabaseaccessclienttoconnecttothedatabaseserverastherootuser:$mysql-uroot-pb.
Createthenovadatabase:CREATEDATABASEnova;c.
Grantproperaccesstothenovadatabase:GRANTALLPRIVILEGESONnova.
*TO'nova'@'localhost'\IDENTIFIEDBY'NOVA_DBPASS';GRANTALLPRIVILEGESONnova.
*TO'nova'@'%'\IDENTIFIEDBY'NOVA_DBPASS';ReplaceNOVA_DBPASSwithasuitablepassword.
d.
Exitthedatabaseaccessclient.
2.
Sourcetheadmincredentialstogainaccesstoadmin-onlyCLIcommands:$sourceadmin-openrc.
sh3.
TocreatetheIdentityservicecredentials,completethesesteps:a.
Createthenovauser:$keystoneuser-create--namenova--passNOVA_PASS|Property|Value||email|||enabled|True||id|387dd4f7e46d4f72965ee99c76ae748c||name|nova||username|nova|uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno47ReplaceNOVA_PASSwithasuitablepassword.
b.
Linkthenovausertotheservicetenantandadminrole:$keystoneuser-role-add--usernova--tenantservice--roleadminNoteThiscommandprovidesnooutput.
c.
Createthenovaservice:$keystoneservice-create--namenova--typecompute\--description"OpenStackCompute"|Property|Value||description|OpenStackCompute||enabled|True||id|6c7854f52ce84db795557ebc0373f6b9||name|nova||type|compute|4.
CreatetheComputeserviceendpoints:$keystoneendpoint-create\--service-id$(keystoneservice-list|awk'/compute/{print$2}')\--publicurlhttp://controller:8774/v2/%\(tenant_id\)s\--internalurlhttp://controller:8774/v2/%\(tenant_id\)s\--adminurlhttp://controller:8774/v2/%\(tenant_id\)s\--regionregionOne|Property|Value||adminurl|http://controller:8774/v2/%(tenant_id)s||id|c397438bd82c41198ec1a9d85cb7cc74||internalurl|http://controller:8774/v2/%(tenant_id)s||publicurl|http://controller:8774/v2/%(tenant_id)s||region|regionOne||service_id|6c7854f52ce84db795557ebc0373f6b9|ToinstallandconfigureComputecontrollercomponents1.
Installthepackages:#yuminstallopenstack-nova-apiopenstack-nova-certopenstack-nova-conductor\openstack-nova-consoleopenstack-nova-novncproxyopenstack-nova-scheduler\python-novaclient2.
Editthe/etc/nova/nova.
conffileandcompletethefollowingactions:a.
Inthe[database]section,configuredatabaseaccess:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno48[database].
.
.
connection=mysql://nova:NOVA_DBPASS@controller/novaReplaceNOVA_DBPASSwiththepasswordyouchosefortheComputedatabase.
b.
Inthe[DEFAULT]section,configureRabbitMQmessagebrokeraccess:[DEFAULT].
.
.
rpc_backend=rabbitrabbit_host=controllerrabbit_password=RABBIT_PASSReplaceRABBIT_PASSwiththepasswordyouchosefortheguestaccountinRabbitMQ.
c.
Inthe[DEFAULT]and[keystone_authtoken]sections,configureIdentityserviceaccess:[DEFAULT].
.
.
auth_strategy=keystone[keystone_authtoken].
.
.
auth_uri=http://controller:5000/v2.
0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=novaadmin_password=NOVA_PASSReplaceNOVA_PASSwiththepasswordyouchoseforthenovauserintheIdenti-tyservice.
NoteCommentoutanyauth_host,auth_port,andauth_protocoloptionsbecausetheidentity_urioptionreplacesthem.
d.
Inthe[DEFAULT]section,configurethemy_ipoptiontousethemanagementinterfaceIPaddressofthecontrollernode:[DEFAULT].
.
.
my_ip=10.
0.
0.
11e.
Inthe[DEFAULT]section,configuretheVNCproxytousethemanagementin-terfaceIPaddressofthecontrollernode:[DEFAULT].
.
.
vncserver_listen=10.
0.
0.
11vncserver_proxyclient_address=10.
0.
0.
11f.
Inthe[glance]section,configurethelocationoftheImageService:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno49[glance].
.
.
host=controllerg.
(Optional)Toassistwithtroubleshooting,enableverboselogginginthe[DE-FAULT]section:[DEFAULT].
.
.
verbose=True3.
PopulatetheComputedatabase:#su-s/bin/sh-c"nova-managedbsync"novaTofinalizeinstallationStarttheComputeservicesandconfigurethemtostartwhenthesystemboots:#systemctlenableopenstack-nova-api.
serviceopenstack-nova-cert.
service\openstack-nova-consoleauth.
serviceopenstack-nova-scheduler.
service\openstack-nova-conductor.
serviceopenstack-nova-novncproxy.
service#systemctlstartopenstack-nova-api.
serviceopenstack-nova-cert.
service\openstack-nova-consoleauth.
serviceopenstack-nova-scheduler.
service\openstack-nova-conductor.
serviceopenstack-nova-novncproxy.
serviceInstallandconfigureacomputenodeThissectiondescribeshowtoinstallandconfiguretheComputeserviceonacomputenode.
TheservicesupportsseveralhypervisorstodeployinstancesorVMs.
Forsimplicity,thisconfigurationusestheQEMUhypervisorwiththeKVMextensiononcomputenodesthatsupporthardwareaccelerationforvirtualmachines.
Onlegacyhardware,thisconfig-urationusesthegenericQEMUhypervisor.
Youcanfollowtheseinstructionswithminormodificationstohorizontallyscaleyourenvironmentwithadditionalcomputenodes.
ToinstallandconfiguretheComputehypervisorcomponents1.
Installthepackages:#yuminstallopenstack-nova-computesysfsutils2.
Editthe/etc/nova/nova.
conffileandcompletethefollowingactions:a.
Inthe[DEFAULT]section,configureRabbitMQmessagebrokeraccess:[DEFAULT].
.
.
rpc_backend=rabbitrabbit_host=controllerrabbit_password=RABBIT_PASSReplaceRABBIT_PASSwiththepasswordyouchosefortheguestaccountinRabbitMQ.
b.
Inthe[DEFAULT]and[keystone_authtoken]sections,configureIdentityserviceaccess:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno50[DEFAULT].
.
.
auth_strategy=keystone[keystone_authtoken].
.
.
auth_uri=http://controller:5000/v2.
0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=novaadmin_password=NOVA_PASSReplaceNOVA_PASSwiththepasswordyouchoseforthenovauserintheIdenti-tyservice.
NoteCommentoutanyauth_host,auth_port,andauth_protocoloptionsbecausetheidentity_urioptionreplacesthem.
c.
Inthe[DEFAULT]section,configurethemy_ipoption:[DEFAULT].
.
.
my_ip=MANAGEMENT_INTERFACE_IP_ADDRESSReplaceMANAGEMENT_INTERFACE_IP_ADDRESSwiththeIPaddressofthemanagementnetworkinterfaceonyourcomputenode,typically10.
0.
0.
31forthefirstnodeintheexamplearchitecture.
d.
Inthe[DEFAULT]section,enableandconfigureremoteconsoleaccess:[DEFAULT].
.
.
vnc_enabled=Truevncserver_listen=0.
0.
0.
0vncserver_proxyclient_address=MANAGEMENT_INTERFACE_IP_ADDRESSnovncproxy_base_url=http://controller:6080/vnc_auto.
htmlTheservercomponentlistensonallIPaddressesandtheproxycomponentonlylis-tensonthemanagementinterfaceIPaddressofthecomputenode.
ThebaseURLindicatesthelocationwhereyoucanuseawebbrowsertoaccessremoteconsolesofinstancesonthiscomputenode.
ReplaceMANAGEMENT_INTERFACE_IP_ADDRESSwiththeIPaddressofthemanagementnetworkinterfaceonyourcomputenode,typically10.
0.
0.
31forthefirstnodeintheexamplearchitecture.
NoteIfthewebbrowsertoaccessremoteconsolesresidesonahostthatcannotresolvethecontrollerhostname,youmustreplacecon-trollerwiththemanagementinterfaceIPaddressofthecontrollernode.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno51e.
Inthe[glance]section,configurethelocationoftheImageService:[glance].
.
.
host=controllerf.
(Optional)Toassistwithtroubleshooting,enableverboselogginginthe[DE-FAULT]section:[DEFAULT].
.
.
verbose=TrueTofinalizeinstallation1.
Determinewhetheryourcomputenodesupportshardwareaccelerationforvirtualma-chines:$egrep-c'(vmx|svm)'/proc/cpuinfoIfthiscommandreturnsavalueofoneorgreater,yourcomputenodesupportshard-wareaccelerationwhichtypicallyrequiresnoadditionalconfiguration.
Ifthiscommandreturnsavalueofzero,yourcomputenodedoesnotsupporthard-wareaccelerationandyoumustconfigurelibvirttouseQEMUinsteadofKVM.
Editthe[libvirt]sectioninthe/etc/nova/nova.
conffileasfollows:[libvirt].
.
.
virt_type=qemu2.
StarttheComputeserviceincludingitsdependenciesandconfigurethemtostartauto-maticallywhenthesystemboots:#systemctlenablelibvirtd.
serviceopenstack-nova-compute.
service#systemctlstartlibvirtd.
service#systemctlstartopenstack-nova-compute.
serviceVerifyoperationThissectiondescribeshowtoverifyoperationoftheComputeservice.
NotePerformthesecommandsonthecontrollernode.
1.
Sourcetheadmincredentialstogainaccesstoadmin-onlyCLIcommands:$sourceadmin-openrc.
sh2.
Listservicecomponentstoverifysuccessfullaunchofeachprocess:$novaservice-listuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno52|Id|Binary|Host|Zone|Status|State|Updated_at|DisabledReason||1|nova-conductor|controller|internal|enabled|up|2014-09-16T23:54:02.
000000|-||2|nova-consoleauth|controller|internal|enabled|up|2014-09-16T23:54:04.
000000|-||3|nova-scheduler|controller|internal|enabled|up|2014-09-16T23:54:07.
000000|-||4|nova-cert|controller|internal|enabled|up|2014-09-16T23:54:00.
000000|-||5|nova-compute|compute1|nova|enabled|up|2014-09-16T23:54:06.
000000|-|NoteThisoutputshouldindicatefourcomponentsenabledonthecontrollernodeonecomponentenabledonthecomputenode.
3.
ListimagesintheImageServicecatalogtoverifyconnectivitywiththeIdentityserviceandImageService:$novaimage-list|ID|Name|Status|Server||acafc7c0-40aa-4026-9673-b879898e1fc2|cirros-0.
3.
3-x86_64|ACTIVE||uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno536.
AddanetworkingcomponentTableofContentsOpenStackNetworking(neutron)53Legacynetworking(nova-network)76Nextsteps78ThischapterexplainshowtoinstallandconfigureeitherOpenStackNetworking(neutron)orthelegacynova-networknetworkingservice.
Thenova-networkserviceenablesyoutodeployonenetworktypeperinstanceandissuitableforbasicnetworkfunctionality.
OpenStackNetworkingenablesyoutodeploymultiplenetworktypesperinstanceandin-cludesplug-insforavarietyofproductsthatsupportvirtualnetworking.
Formoreinformation,seetheNetworkingchapteroftheOpenStackCloudAdministratorGuide.
OpenStackNetworking(neutron)NetworkingconceptsOpenStackNetworking(neutron)managesallnetworkingfacetsfortheVirtualNetwork-ingInfrastructure(VNI)andtheaccesslayeraspectsofthePhysicalNetworkingInfrastruc-ture(PNI)inyourOpenStackenvironment.
OpenStackNetworkingenablestenantstocre-ateadvancedvirtualnetworktopologiesincludingservicessuchasfirewalls,loadbalancers,andvirtualprivatenetworks(VPNs).
Networkingprovidesthenetworks,subnets,androutersobjectabstractions.
Eachabstrac-tionhasfunctionalitythatmimicsitsphysicalcounterpart:networkscontainsubnets,androutersroutetrafficbetweendifferentsubnetandnetworks.
Eachrouterhasonegatewaythatconnectstoanetwork,andmanyinterfacesconnectedtosubnets.
Subnetscanaccessmachinesonothersubnetsconnectedtothesamerouter.
AnygivenNetworkingsetuphasatleastoneexternalnetwork.
Unliketheothernetworks,theexternalnetworkisnotmerelyavirtuallydefinednetwork.
Instead,itrepresentsaviewintoasliceofthephysical,externalnetworkaccessibleoutsidetheOpenStackinstallation.
IPaddressesontheexternalnetworkareaccessiblebyanybodyphysicallyontheoutsidenetwork.
Becausetheexternalnetworkmerelyrepresentsaviewintotheoutsidenetwork,DHCPisdisabledonthisnetwork.
Inadditiontoexternalnetworks,anyNetworkingsetuphasoneormoreinternalnet-works.
Thesesoftware-definednetworksconnectdirectlytotheVMs.
OnlytheVMsonanygiveninternalnetwork,orthoseonsubnetsconnectedthroughinterfacestoasimilarrouter,canaccessVMsconnectedtothatnetworkdirectly.
FortheoutsidenetworktoaccessVMs,andviceversa,routersbetweenthenetworksareneeded.
Eachrouterhasonegatewaythatisconnectedtoanetworkandmanyinterfacesthatareconnectedtosubnets.
Likeaphysicalrouter,subnetscanaccessmachinesonoth-uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno54ersubnetsthatareconnectedtothesamerouter,andmachinescanaccesstheoutsidenet-workthroughthegatewayfortherouter.
Additionally,youcanallocateIPaddressesonexternalnetworkstoportsontheinter-nalnetwork.
Wheneversomethingisconnectedtoasubnet,thatconnectioniscalledaport.
YoucanassociateexternalnetworkIPaddresseswithportstoVMs.
Thisway,entitiesontheoutsidenetworkcanaccessVMs.
Networkingalsosupportssecuritygroups.
Securitygroupsenableadministratorstodefinefirewallrulesingroups.
AVMcanbelongtooneormoresecuritygroups,andNetworkingappliestherulesinthosesecuritygroupstoblockorunblockports,portranges,ortraffictypesforthatVM.
Eachplug-inthatNetworkinguseshasitsownconcepts.
WhilenotvitaltooperatingtheVNIandOpenStackenvironment,understandingtheseconceptscanhelpyousetupNet-working.
AllNetworkinginstallationsuseacoreplug-inandasecuritygroupplug-in(orjusttheNo-Opsecuritygroupplug-in).
Additionally,Firewall-as-a-Service(FWaaS)andLoad-Bal-ancer-as-a-Service(LBaaS)plug-insareavailable.
InstallandconfigurecontrollernodeToconfigureprerequisitesBeforeyouconfigureOpenStackNetworking(neutron),youmustcreateadatabaseandIdentityservicecredentialsincludingendpoints.
1.
Tocreatethedatabase,completethesesteps:a.
Usethedatabaseaccessclienttoconnecttothedatabaseserverastherootuser:$mysql-uroot-pb.
Createtheneutrondatabase:CREATEDATABASEneutron;c.
Grantproperaccesstotheneutrondatabase:GRANTALLPRIVILEGESONneutron.
*TO'neutron'@'localhost'\IDENTIFIEDBY'NEUTRON_DBPASS';GRANTALLPRIVILEGESONneutron.
*TO'neutron'@'%'\IDENTIFIEDBY'NEUTRON_DBPASS';ReplaceNEUTRON_DBPASSwithasuitablepassword.
d.
Exitthedatabaseaccessclient.
2.
Sourcetheadmincredentialstogainaccesstoadmin-onlyCLIcommands:$sourceadmin-openrc.
sh3.
TocreatetheIdentityservicecredentials,completethesesteps:a.
Createtheneutronuser:$keystoneuser-create--nameneutron--passNEUTRON_PASSuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno55|Property|Value||email|||enabled|True||id|7fd67878dcd04d0393469ef825a7e005||name|neutron||username|neutron|ReplaceNEUTRON_PASSwithasuitablepassword.
b.
Linktheneutronusertotheservicetenantandadminrole:$keystoneuser-role-add--userneutron--tenantservice--roleadminNoteThiscommandprovidesnooutput.
c.
Createtheneutronservice:$keystoneservice-create--nameneutron--typenetwork\--description"OpenStackNetworking"|Property|Value||description|OpenStackNetworking||enabled|True||id|6369ddaf99a447f3a0d41dac5e342161||name|neutron||type|network|d.
CreatetheIdentityserviceendpoints:$keystoneendpoint-create\--service-id$(keystoneservice-list|awk'/network/{print$2}')\--publicurlhttp://controller:9696\--adminurlhttp://controller:9696\--internalurlhttp://controller:9696\--regionregionOne|Property|Value||adminurl|http://controller:9696||id|fa18b41938a94bf6b35e2c152063ee21||internalurl|http://controller:9696||publicurl|http://controller:9696||region|regionOne||service_id|6369ddaf99a447f3a0d41dac5e342161|ToinstalltheNetworkingcomponents#yuminstallopenstack-neutronopenstack-neutron-ml2python-neutronclientwhichuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno56ToconfiguretheNetworkingservercomponentTheNetworkingservercomponentconfigurationincludesthedatabase,authenticationmechanism,messagebroker,topologychangenotifications,andplug-in.
Editthe/etc/neutron/neutron.
conffileandcompletethefollowingactions:a.
Inthe[database]section,configuredatabaseaccess:[database].
.
.
connection=mysql://neutron:NEUTRON_DBPASS@controller/neutronReplaceNEUTRON_DBPASSwiththepasswordyouchoseforthedatabase.
b.
Inthe[DEFAULT]section,configureRabbitMQmessagebrokeraccess:[DEFAULT].
.
.
rpc_backend=rabbitrabbit_host=controllerrabbit_password=RABBIT_PASSReplaceRABBIT_PASSwiththepasswordyouchosefortheguestaccountinRabbitMQ.
c.
Inthe[DEFAULT]and[keystone_authtoken]sections,configureIdentityserviceaccess:[DEFAULT].
.
.
auth_strategy=keystone[keystone_authtoken].
.
.
auth_uri=http://controller:5000/v2.
0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=neutronadmin_password=NEUTRON_PASSReplaceNEUTRON_PASSwiththepasswordyouchoseortheneutronuserintheIdentityservice.
NoteCommentoutanyauth_host,auth_port,andauth_protocoloptionsbecausetheidentity_urioptionreplacesthem.
d.
Inthe[DEFAULT]section,enabletheModularLayer2(ML2)plug-in,routerser-vice,andoverlappingIPaddresses:[DEFAULT].
.
.
core_plugin=ml2service_plugins=routerallow_overlapping_ips=Trueuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno57e.
Inthe[DEFAULT]section,configureNetworkingtonotifyComputeofnetworktopologychanges:[DEFAULT].
.
.
notify_nova_on_port_status_changes=Truenotify_nova_on_port_data_changes=Truenova_url=http://controller:8774/v2nova_admin_auth_url=http://controller:35357/v2.
0nova_region_name=regionOnenova_admin_username=novanova_admin_tenant_id=SERVICE_TENANT_IDnova_admin_password=NOVA_PASSReplaceSERVICE_TENANT_IDwiththeservicetenantidentifier(id)intheIdentityserviceandNOVA_PASSwiththepasswordyouchoseforthenovauserintheIdentityservice.
NoteToobtaintheservicetenantidentifier(id):$sourceadmin-openrc.
sh$keystonetenant-getservice|Property|Value||description|ServiceTenant||enabled|True||id|f727b5ec2ceb4d71bad86dfc414449bf||name|service|f.
(Optional)Toassistwithtroubleshooting,enableverboselogginginthe[DE-FAULT]section:[DEFAULT].
.
.
verbose=TrueToconfiguretheModularLayer2(ML2)plug-inTheML2plug-inusestheOpenvSwitch(OVS)mechanism(agent)tobuildthevirtualnet-workingframeworkforinstances.
However,thecontrollernodedoesnotneedtheOVScomponentsbecauseitdoesnothandleinstancenetworktraffic.
Editthe/etc/neutron/plugins/ml2/ml2_conf.
inifileandcompletethefol-lowingactions:a.
Inthe[ml2]section,enabletheflatandgenericroutingencapsulation(GRE)net-worktypedrivers,GREtenantnetworks,andtheOVSmechanismdriver:[ml2].
.
.
type_drivers=flat,gretenant_network_types=gremechanism_drivers=openvswitchuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno58WarningOnceyouconfiguretheML2plug-in,beawarethatdisablinganet-worktypedriverandre-enablingitlatercanleadtodatabaseinconsis-tency.
b.
Inthe[ml2_type_gre]section,configurethetunnelidentifier(id)range:[ml2_type_gre].
.
.
tunnel_id_ranges=1:1000c.
Inthe[securitygroup]section,enablesecuritygroups,enableipset,andcon-figuretheOVSiptablesfirewalldriver:[securitygroup].
.
.
enable_security_group=Trueenable_ipset=Truefirewall_driver=neutron.
agent.
linux.
iptables_firewall.
OVSHybridIptablesFirewallDriverToconfigureComputetouseNetworkingBydefault,distributionpackagesconfigureComputetouselegacynetworking.
YoumustreconfigureComputetomanagenetworksthroughNetworking.
Editthe/etc/nova/nova.
conffileandcompletethefollowingactions:a.
Inthe[DEFAULT]section,configuretheAPIsanddrivers:[DEFAULT].
.
.
network_api_class=nova.
network.
neutronv2.
api.
APIsecurity_group_api=neutronlinuxnet_interface_driver=nova.
network.
linux_net.
LinuxOVSInterfaceDriverfirewall_driver=nova.
virt.
firewall.
NoopFirewallDriverNoteBydefault,Computeusesaninternalfirewallser-vice.
SinceNetworkingincludesafirewallservice,youmustdisabletheComputefirewallservicebyusingthenova.
virt.
firewall.
NoopFirewallDriverfirewalldriver.
b.
Inthe[neutron]section,configureaccessparameters:[neutron].
.
.
url=http://controller:9696auth_strategy=keystoneadmin_auth_url=http://controller:35357/v2.
0admin_tenant_name=serviceadmin_username=neutronadmin_password=NEUTRON_PASSuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno59ReplaceNEUTRON_PASSwiththepasswordyouchosefortheneutronuserintheIdentityservice.
Tofinalizeinstallation1.
TheNetworkingserviceinitializationscriptsexpectasymboliclink/etc/neu-tron/plugin.
inipointingtotheML2plug-inconfigurationfile,/etc/neu-tron/plugins/ml2/ml2_conf.
ini.
Ifthissymboliclinkdoesnotexist,createitus-ingthefollowingcommand:#ln-s/etc/neutron/plugins/ml2/ml2_conf.
ini/etc/neutron/plugin.
ini2.
Populatethedatabase:#su-s/bin/sh-c"neutron-db-manage--config-file/etc/neutron/neutron.
conf\--config-file/etc/neutron/plugins/ml2/ml2_conf.
iniupgradejuno"neutronNoteDatabasepopulationoccurslaterforNetworkingbecausethescriptre-quirescompleteserverandplug-inconfigurationfiles.
3.
RestarttheComputeservices:#systemctlrestartopenstack-nova-api.
serviceopenstack-nova-scheduler.
service\openstack-nova-conductor.
service4.
StarttheNetworkingserviceandconfigureittostartwhenthesystemboots:#systemctlenableneutron-server.
service#systemctlstartneutron-server.
serviceVerifyoperationNotePerformthesecommandsonthecontrollernode.
1.
Sourcetheadmincredentialstogainaccesstoadmin-onlyCLIcommands:$sourceadmin-openrc.
sh2.
Listloadedextensionstoverifysuccessfullaunchoftheneutron-serverprocess:$neutronext-list|alias|name||security-group|security-group||l3_agent_scheduler|L3AgentScheduler||ext-gw-mode|NeutronL3Configurableexternalgatewaymode||binding|PortBinding||provider|ProviderNetwork||agent|agent|uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno60|quotas|Quotamanagementsupport||dhcp_agent_scheduler|DHCPAgentScheduler||l3-ha|HARouterextension||multi-provider|MultiProviderNetwork||external-net|Neutronexternalnetwork||router|NeutronL3Router||allowed-address-pairs|AllowedAddressPairs||extraroute|NeutronExtraRoute||extra_dhcp_opt|NeutronExtraDHCPopts||dvr|DistributedVirtualRouter|InstallandconfigurenetworknodeThenetworknodeprimarilyhandlesinternalandexternalroutingandDHCPservicesforvir-tualnetworks.
ToconfigureprerequisitesBeforeyouinstallandconfigureOpenStackNetworking,youmustconfigurecertainkernelnetworkingparameters.
1.
Editthe/etc/sysctl.
conffiletocontainthefollowingparameters:net.
ipv4.
ip_forward=1net.
ipv4.
conf.
all.
rp_filter=0net.
ipv4.
conf.
default.
rp_filter=02.
Implementthechanges:#sysctl-pToinstalltheNetworkingcomponents#yuminstallopenstack-neutronopenstack-neutron-ml2openstack-neutron-openvswitchToconfiguretheNetworkingcommoncomponentsTheNetworkingcommoncomponentconfigurationincludestheauthenticationmecha-nism,messagebroker,andplug-in.
Editthe/etc/neutron/neutron.
conffileandcompletethefollowingactions:a.
Inthe[database]section,commentoutanyconnectionoptionsbecausenet-worknodesdonotdirectlyaccessthedatabase.
b.
Inthe[DEFAULT]section,configureRabbitMQmessagebrokeraccess:[DEFAULT].
.
.
rpc_backend=rabbitrabbit_host=controllerrabbit_password=RABBIT_PASSReplaceRABBIT_PASSwiththepasswordyouchosefortheguestaccountinRabbitMQ.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno61c.
Inthe[DEFAULT]and[keystone_authtoken]sections,configureIdentityserviceaccess:[DEFAULT].
.
.
auth_strategy=keystone[keystone_authtoken].
.
.
auth_uri=http://controller:5000/v2.
0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=neutronadmin_password=NEUTRON_PASSReplaceNEUTRON_PASSwiththepasswordyouchoseortheneutronuserintheIdentityservice.
NoteCommentoutanyauth_host,auth_port,andauth_protocoloptionsbecausetheidentity_urioptionreplacesthem.
d.
Inthe[DEFAULT]section,enabletheModularLayer2(ML2)plug-in,routerser-vice,andoverlappingIPaddresses:[DEFAULT].
.
.
core_plugin=ml2service_plugins=routerallow_overlapping_ips=Truee.
(Optional)Toassistwithtroubleshooting,enableverboselogginginthe[DE-FAULT]section:[DEFAULT].
.
.
verbose=TrueToconfiguretheModularLayer2(ML2)plug-inTheML2plug-inusestheOpenvSwitch(OVS)mechanism(agent)tobuildthevirtualnet-workingframeworkforinstances.
Editthe/etc/neutron/plugins/ml2/ml2_conf.
inifileandcompletethefol-lowingactions:a.
Inthe[ml2]section,enabletheflatandgenericroutingencapsulation(GRE)net-worktypedrivers,GREtenantnetworks,andtheOVSmechanismdriver:[ml2].
.
.
type_drivers=flat,gretenant_network_types=gremechanism_drivers=openvswitchuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno62b.
Inthe[ml2_type_flat]section,configuretheexternalnetwork:[ml2_type_flat].
.
.
flat_networks=externalc.
Inthe[ml2_type_gre]section,configurethetunnelidentifier(id)range:[ml2_type_gre].
.
.
tunnel_id_ranges=1:1000d.
Inthe[securitygroup]section,enablesecuritygroups,enableipset,andcon-figuretheOVSiptablesfirewalldriver:[securitygroup].
.
.
enable_security_group=Trueenable_ipset=Truefirewall_driver=neutron.
agent.
linux.
iptables_firewall.
OVSHybridIptablesFirewallDrivere.
Inthe[ovs]section,configuretheOpenvSwitch(OVS)agent:[ovs].
.
.
local_ip=INSTANCE_TUNNELS_INTERFACE_IP_ADDRESStunnel_type=greenable_tunneling=Truebridge_mappings=external:br-exReplaceINSTANCE_TUNNELS_INTERFACE_IP_ADDRESSwiththeIPaddressoftheinstancetunnelsnetworkinterfaceonyournetworknode.
ToconfiguretheLayer-3(L3)agentTheLayer-3(L3)agentprovidesroutingservicesforvirtualnetworks.
Editthe/etc/neutron/l3_agent.
inifileandcompletethefollowingactions:a.
Inthe[DEFAULT]section,configurethedriver,enablenetworknamespaces,andconfiguretheexternalnetworkbridge:[DEFAULT].
.
.
interface_driver=neutron.
agent.
linux.
interface.
OVSInterfaceDriveruse_namespaces=Trueexternal_network_bridge=br-exb.
(Optional)Toassistwithtroubleshooting,enableverboselogginginthe[DE-FAULT]section:[DEFAULT].
.
.
verbose=Trueuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno63ToconfiguretheDHCPagentTheDHCPagentprovidesDHCPservicesforvirtualnetworks.
1.
Editthe/etc/neutron/dhcp_agent.
inifileandcompletethefollowingactions:a.
Inthe[DEFAULT]section,configurethedriversandenablenamespaces:[DEFAULT].
.
.
interface_driver=neutron.
agent.
linux.
interface.
OVSInterfaceDriverdhcp_driver=neutron.
agent.
linux.
dhcp.
Dnsmasquse_namespaces=Trueb.
(Optional)Toassistwithtroubleshooting,enableverboselogginginthe[DE-FAULT]section:[DEFAULT].
.
.
verbose=True2.
(Optional)TunnelingprotocolssuchasGREincludeadditionalpacketheadersthatincreaseover-headanddecreasespaceavailableforthepayloadoruserdata.
Withoutknowledgeofthevirtualnetworkinfrastructure,instancesattempttosendpacketsusingthedefaultEthernetmaximumtransmissionunit(MTU)of1500bytes.
Internetprotocol(IP)net-workscontainthepathMTUdiscovery(PMTUD)mechanismtodetectend-to-endMTUandadjustpacketsizeaccordingly.
However,someoperatingsystemsandnetworksblockorotherwiselacksupportforPMTUDcausingperformancedegradationorcon-nectivityfailure.
Ideally,youcanpreventtheseproblemsbyenablingjumboframesonthephysicalnet-workthatcontainsyourtenantvirtualnetworks.
JumboframessupportMTUsuptoapproximately9000byteswhichnegatestheimpactofGREoverheadonvirtualnet-works.
However,manynetworkdeviceslacksupportforjumboframesandOpenStackadministratorsoftenlackcontrolovernetworkinfrastructure.
Giventhelattercompli-cations,youcanalsopreventMTUproblemsbyreducingtheinstanceMTUtoaccountforGREoverhead.
DeterminingtheproperMTUvalueoftentakesexperimentation,but1454bytesworksinmostenvironments.
YoucanconfiguretheDHCPserverthatassignsIPaddressestoyourinstancestoalsoadjusttheMTU.
NoteSomecloudimagesignoretheDHCPMTUoptioninwhichcaseyoushouldconfigureitusingmetadata,script,orothersuitablemethod.
a.
Editthe/etc/neutron/dhcp_agent.
inifileandcompletethefollowingac-tion:Inthe[DEFAULT]section,enablethednsmasqconfigurationfile:[DEFAULT].
.
.
dnsmasq_config_file=/etc/neutron/dnsmasq-neutron.
confuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno64b.
Createandeditthe/etc/neutron/dnsmasq-neutron.
conffileandcom-pletethefollowingaction:EnabletheDHCPMTUoption(26)andconfigureitto1454bytes:dhcp-option-force=26,1454c.
Killanyexistingdnsmasqprocesses:#pkilldnsmasqToconfigurethemetadataagentThemetadataagentprovidesconfigurationinformationsuchascredentialstoinstances.
1.
Editthe/etc/neutron/metadata_agent.
inifileandcompletethefollowingac-tions:a.
Inthe[DEFAULT]section,configureaccessparameters:[DEFAULT].
.
.
auth_url=http://controller:5000/v2.
0auth_region=regionOneadmin_tenant_name=serviceadmin_user=neutronadmin_password=NEUTRON_PASSReplaceNEUTRON_PASSwiththepasswordyouchosefortheneutronuserintheIdentityservice.
b.
Inthe[DEFAULT]section,configurethemetadatahost:[DEFAULT].
.
.
nova_metadata_ip=controllerc.
Inthe[DEFAULT]section,configurethemetadataproxysharedsecret:[DEFAULT].
.
.
metadata_proxy_shared_secret=METADATA_SECRETReplaceMETADATA_SECRETwithasuitablesecretforthemetadataproxy.
d.
(Optional)Toassistwithtroubleshooting,enableverboselogginginthe[DE-FAULT]section:[DEFAULT].
.
.
verbose=True2.
Onthecontrollernode,editthe/etc/nova/nova.
conffileandcompletethefol-lowingaction:Inthe[neutron]section,enablethemetadataproxyandconfigurethesecret:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno65[neutron].
.
.
service_metadata_proxy=Truemetadata_proxy_shared_secret=METADATA_SECRETReplaceMETADATA_SECRETwiththesecretyouchoseforthemetadataproxy.
3.
Onthecontrollernode,restarttheComputeAPIservice:#systemctlrestartopenstack-nova-api.
serviceToconfiguretheOpenvSwitch(OVS)serviceTheOVSserviceprovidestheunderlyingvirtualnetworkingframeworkforinstances.
Theintegrationbridgebr-inthandlesinternalinstancenetworktrafficwithinOVS.
Theexter-nalbridgebr-exhandlesexternalinstancenetworktrafficwithinOVS.
Theexternalbridgerequiresaportonthephysicalexternalnetworkinterfacetoprovideinstanceswithexter-nalnetworkaccess.
Inessence,thisportconnectsthevirtualandphysicalexternalnetworksinyourenvironment.
1.
StarttheOVSserviceandconfigureittostartwhenthesystemboots:#systemctlenableopenvswitch.
service#systemctlstartopenvswitch.
service2.
Addtheexternalbridge:#ovs-vsctladd-brbr-ex3.
Addaporttotheexternalbridgethatconnectstothephysicalexternalnetworkinter-face:ReplaceINTERFACE_NAMEwiththeactualinterfacename.
Forexample,eth2orens256.
#ovs-vsctladd-portbr-exINTERFACE_NAMENoteDependingonyournetworkinterfacedriver,youmayneedtodisablegenericreceiveoffload(GRO)toachievesuitablethroughputbetweenyourinstancesandtheexternalnetwork.
TotemporarilydisableGROontheexternalnetworkinterfacewhiletestingyourenvironment:#ethtool-KINTERFACE_NAMEgrooffTofinalizetheinstallation1.
TheNetworkingserviceinitializationscriptsexpectasymboliclink/etc/neu-tron/plugin.
inipointingtotheML2plug-inconfigurationfile,/etc/neu-tron/plugins/ml2/ml2_conf.
ini.
Ifthissymboliclinkdoesnotexist,createitus-ingthefollowingcommand:#ln-s/etc/neutron/plugins/ml2/ml2_conf.
ini/etc/neutron/plugin.
iniuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno66Duetoapackagingbug,theOpenvSwitchagentinitializationscriptexplicitlylooksfortheOpenvSwitchplug-inconfigurationfileratherthanasymboliclink/etc/neu-tron/plugin.
inipointingtotheML2plug-inconfigurationfile.
Runthefollowingcommandstoresolvethisissue:#cp/usr/lib/systemd/system/neutron-openvswitch-agent.
service\/usr/lib/systemd/system/neutron-openvswitch-agent.
service.
orig#sed-i's,plugins/openvswitch/ovs_neutron_plugin.
ini,plugin.
ini,g'\/usr/lib/systemd/system/neutron-openvswitch-agent.
service2.
StarttheNetworkingservicesandconfigurethemtostartwhenthesystemboots:#systemctlenableneutron-openvswitch-agent.
serviceneutron-l3-agent.
service\neutron-dhcp-agent.
serviceneutron-metadata-agent.
service\neutron-ovs-cleanup.
service#systemctlstartneutron-openvswitch-agent.
serviceneutron-l3-agent.
service\neutron-dhcp-agent.
serviceneutron-metadata-agent.
serviceNoteDonotexplictlystarttheneutron-ovs-cleanupservice.
VerifyoperationNotePerformthesecommandsonthecontrollernode.
1.
Sourcetheadmincredentialstogainaccesstoadmin-onlyCLIcommands:$sourceadmin-openrc.
sh2.
Listagentstoverifysuccessfullaunchoftheneutronagents:$neutronagent-list|id|agent_type|host|alive|admin_state_up|binary||30275801-e17a-41e4-8f53-9db63544f689|Metadataagent|network|:-)|True|neutron-metadata-agent||4bd8c50e-7bad-4f3b-955d-67658a491a15|OpenvSwitchagent|network|:-)|True|neutron-openvswitch-agent||756e5bba-b70f-4715-b80e-e37f59803d20|L3agent|network|:-)|True|neutron-l3-agent||9c45473c-6d6d-4f94-8df1-ebd0b6838d5f|DHCPagent|network|:-)|True|neutron-dhcp-agent|InstallandconfigurecomputenodeThecomputenodehandlesconnectivityandsecuritygroupsforinstances.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno67ToconfigureprerequisitesBeforeyouinstallandconfigureOpenStackNetworking,youmustconfigurecertainkernelnetworkingparameters.
1.
Editthe/etc/sysctl.
conffiletocontainthefollowingparameters:net.
ipv4.
conf.
all.
rp_filter=0net.
ipv4.
conf.
default.
rp_filter=02.
Implementthechanges:#sysctl-pToinstalltheNetworkingcomponents#yuminstallopenstack-neutron-ml2openstack-neutron-openvswitchToconfiguretheNetworkingcommoncomponentsTheNetworkingcommoncomponentconfigurationincludestheauthenticationmecha-nism,messagebroker,andplug-in.
Editthe/etc/neutron/neutron.
conffileandcompletethefollowingactions:a.
Inthe[database]section,commentoutanyconnectionoptionsbecausecomputenodesdonotdirectlyaccessthedatabase.
b.
Inthe[DEFAULT]section,configureRabbitMQmessagebrokeraccess:[DEFAULT].
.
.
rpc_backend=rabbitrabbit_host=controllerrabbit_password=RABBIT_PASSReplaceRABBIT_PASSwiththepasswordyouchosefortheguestaccountinRabbitMQ.
c.
Inthe[DEFAULT]and[keystone_authtoken]sections,configureIdentityserviceaccess:[DEFAULT].
.
.
auth_strategy=keystone[keystone_authtoken].
.
.
auth_uri=http://controller:5000/v2.
0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=neutronadmin_password=NEUTRON_PASSReplaceNEUTRON_PASSwiththepasswordyouchoseortheneutronuserintheIdentityservice.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno68NoteCommentoutanyauth_host,auth_port,andauth_protocoloptionsbecausetheidentity_urioptionreplacesthem.
d.
Inthe[DEFAULT]section,enabletheModularLayer2(ML2)plug-in,routerser-vice,andoverlappingIPaddresses:[DEFAULT].
.
.
core_plugin=ml2service_plugins=routerallow_overlapping_ips=Truee.
(Optional)Toassistwithtroubleshooting,enableverboselogginginthe[DE-FAULT]section:[DEFAULT].
.
.
verbose=TrueToconfiguretheModularLayer2(ML2)plug-inTheML2plug-inusestheOpenvSwitch(OVS)mechanism(agent)tobuildthevirtualnet-workingframeworkforinstances.
Editthe/etc/neutron/plugins/ml2/ml2_conf.
inifileandcompletethefol-lowingactions:a.
Inthe[ml2]section,enabletheflatandgenericroutingencapsulation(GRE)net-worktypedrivers,GREtenantnetworks,andtheOVSmechanismdriver:[ml2].
.
.
type_drivers=flat,gretenant_network_types=gremechanism_drivers=openvswitchb.
Inthe[ml2_type_gre]section,configurethetunnelidentifier(id)range:[ml2_type_gre].
.
.
tunnel_id_ranges=1:1000c.
Inthe[securitygroup]section,enablesecuritygroups,enableipset,andcon-figuretheOVSiptablesfirewalldriver:[securitygroup].
.
.
enable_security_group=Trueenable_ipset=Truefirewall_driver=neutron.
agent.
linux.
iptables_firewall.
OVSHybridIptablesFirewallDriverd.
Inthe[ovs]section,configuretheOpenvSwitch(OVS)agent:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno69[ovs].
.
.
local_ip=INSTANCE_TUNNELS_INTERFACE_IP_ADDRESStunnel_type=greenable_tunneling=TrueReplaceINSTANCE_TUNNELS_INTERFACE_IP_ADDRESSwiththeIPaddressoftheinstancetunnelsnetworkinterfaceonyourcomputenode.
ToconfiguretheOpenvSwitch(OVS)serviceTheOVSserviceprovidestheunderlyingvirtualnetworkingframeworkforinstances.
StarttheOVSserviceandconfigureittostartwhenthesystemboots:#systemctlenableopenvswitch.
service#systemctlstartopenvswitch.
serviceToconfigureComputetouseNetworkingBydefault,distributionpackagesconfigureComputetouselegacynetworking.
YoumustreconfigureComputetomanagenetworksthroughNetworking.
Editthe/etc/nova/nova.
conffileandcompletethefollowingactions:a.
Inthe[DEFAULT]section,configuretheAPIsanddrivers:[DEFAULT].
.
.
network_api_class=nova.
network.
neutronv2.
api.
APIsecurity_group_api=neutronlinuxnet_interface_driver=nova.
network.
linux_net.
LinuxOVSInterfaceDriverfirewall_driver=nova.
virt.
firewall.
NoopFirewallDriverNoteBydefault,Computeusesaninternalfirewallser-vice.
SinceNetworkingincludesafirewallservice,youmustdisabletheComputefirewallservicebyusingthenova.
virt.
firewall.
NoopFirewallDriverfirewalldriver.
b.
Inthe[neutron]section,configureaccessparameters:[neutron].
.
.
url=http://controller:9696auth_strategy=keystoneadmin_auth_url=http://controller:35357/v2.
0admin_tenant_name=serviceadmin_username=neutronadmin_password=NEUTRON_PASSReplaceNEUTRON_PASSwiththepasswordyouchosefortheneutronuserintheIdentityservice.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno70Tofinalizetheinstallation1.
TheNetworkingserviceinitializationscriptsexpectasymboliclink/etc/neu-tron/plugin.
inipointingtotheML2plug-inconfigurationfile,/etc/neu-tron/plugins/ml2/ml2_conf.
ini.
Ifthissymboliclinkdoesnotexist,createitus-ingthefollowingcommand:#ln-s/etc/neutron/plugins/ml2/ml2_conf.
ini/etc/neutron/plugin.
iniDuetoapackagingbug,theOpenvSwitchagentinitializationscriptexplicitlylooksfortheOpenvSwitchplug-inconfigurationfileratherthanasymboliclink/etc/neu-tron/plugin.
inipointingtotheML2plug-inconfigurationfile.
Runthefollowingcommandstoresolvethisissue:#cp/usr/lib/systemd/system/neutron-openvswitch-agent.
service\/usr/lib/systemd/system/neutron-openvswitch-agent.
service.
orig#sed-i's,plugins/openvswitch/ovs_neutron_plugin.
ini,plugin.
ini,g'\/usr/lib/systemd/system/neutron-openvswitch-agent.
service2.
RestarttheComputeservice:#systemctlrestartopenstack-nova-compute.
service3.
StarttheOpenvSwitch(OVS)agentandconfigureittostartwhenthesystemboots:#systemctlenableneutron-openvswitch-agent.
service#systemctlstartneutron-openvswitch-agent.
serviceVerifyoperationNotePerformthesecommandsonthecontrollernode.
1.
Sourcetheadmincredentialstogainaccesstoadmin-onlyCLIcommands:$sourceadmin-openrc.
sh2.
Listagentstoverifysuccessfullaunchoftheneutronagents:$neutronagent-list|id|agent_type|host|alive|admin_state_up|binary|.
.
.
|a5a49051-05eb-4b4f-bfc7-d36235fe9131|OpenvSwitchagent|compute1|:-)|True|neutron-openvswitch-agent|CreateinitialnetworksBeforelaunchingyourfirstinstance,youmustcreatethenecessaryvirtualnetworkinfras-tructuretowhichtheinstancewillconnect,includingtheexternalnetworkandtenantnet-uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno71work.
SeeFigure6.
1,"Initialnetworks"[71].
Aftercreatingthisinfrastructure,werec-ommendthatyouverifyconnectivityandresolveanyissuesbeforeproceedingfurther.
Figure6.
1.
InitialnetworksExternalnetworkTheexternalnetworktypicallyprovidesInternetaccessforyourinstances.
Bydefault,thisnetworkonlyallowsInternetaccessfrominstancesusingNetworkAddressTranslation(NAT).
YoucanenableInternetaccesstoindividualinstancesusingafloatingIPaddressandsuitablesecuritygrouprules.
Theadmintenantownsthisnetworkbecauseitprovidesex-ternalnetworkaccessformultipletenants.
Youmustalsoenablesharingtoallowaccessbythosetenants.
NotePerformthesecommandsonthecontrollernode.
Tocreatetheexternalnetwork1.
Sourcetheadmincredentialstogainaccesstoadmin-onlyCLIcommands:$sourceadmin-openrc.
shuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno722.
Createthenetwork:$neutronnet-createext-net--shared--router:externalTrue\--provider:physical_networkexternal--provider:network_typeflatCreatedanewnetwork:|Field|Value||admin_state_up|True||id|893aebb9-1c1e-48be-8908-6b947f3237b3||name|ext-net||provider:network_type|flat||provider:physical_network|external||provider:segmentation_id|||router:external|True||shared|True||status|ACTIVE||subnets|||tenant_id|54cd044c64d5408b83f843d63624e0d8|Likeaphysicalnetwork,avirtualnetworkrequiresasubnetassignedtoit.
Theexternalnet-worksharesthesamesubnetandgatewayassociatedwiththephysicalnetworkconnectedtotheexternalinterfaceonthenetworknode.
YoushouldspecifyanexclusivesliceofthissubnetforrouterandfloatingIPaddressestopreventinterferencewithotherdevicesontheexternalnetwork.
TocreateasubnetontheexternalnetworkCreatethesubnet:$neutronsubnet-createext-net--nameext-subnet\--allocation-poolstart=FLOATING_IP_START,end=FLOATING_IP_END\--disable-dhcp--gatewayEXTERNAL_NETWORK_GATEWAYEXTERNAL_NETWORK_CIDRReplaceFLOATING_IP_STARTandFLOATING_IP_ENDwiththefirstandlastIPaddressesoftherangethatyouwanttoallocateforfloatingIPaddresses.
ReplaceEXTERNAL_NETWORK_CIDRwiththesubnetassociatedwiththephysicalnetwork.
Re-placeEXTERNAL_NETWORK_GATEWAYwiththegatewayassociatedwiththephysicalnetwork,typicallythe".
1"IPaddress.
YoushoulddisableDHCPonthissubnetbecauseinstancesdonotconnectdirectlytotheexternalnetworkandfloatingIPaddressesre-quiremanualassignment.
Forexample,using203.
0.
113.
0/24withfloatingIPaddressrange203.
0.
113.
101to203.
0.
113.
200:$neutronsubnet-createext-net--nameext-subnet\--allocation-poolstart=203.
0.
113.
101,end=203.
0.
113.
200\--disable-dhcp--gateway203.
0.
113.
1203.
0.
113.
0/24Createdanewsubnet:|Field|Value||allocation_pools|{"start":"203.
0.
113.
101","end":"203.
0.
113.
200"}|uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno73|cidr|203.
0.
113.
0/24||dns_nameservers|||enable_dhcp|False||gateway_ip|203.
0.
113.
1||host_routes|||id|9159f0dc-2b63-41cf-bd7a-289309da1391||ip_version|4||ipv6_address_mode|||ipv6_ra_mode|||name|ext-subnet||network_id|893aebb9-1c1e-48be-8908-6b947f3237b3||tenant_id|54cd044c64d5408b83f843d63624e0d8|TenantnetworkThetenantnetworkprovidesinternalnetworkaccessforinstances.
Thearchitectureiso-latesthistypeofnetworkfromothertenants.
Thedemotenantownsthisnetworkbecauseitonlyprovidesnetworkaccessforinstanceswithinit.
NotePerformthesecommandsonthecontrollernode.
Tocreatethetenantnetwork1.
Sourcethedemocredentialstogainaccesstouser-onlyCLIcommands:$sourcedemo-openrc.
sh2.
Createthenetwork:$neutronnet-createdemo-netCreatedanewnetwork:|Field|Value||admin_state_up|True||id|ac108952-6096-4243-adf4-bb6615b3de28||name|demo-net||router:external|False||shared|False||status|ACTIVE||subnets|||tenant_id|cdef0071a0194d19ac6bb63802dc9bae|uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno74Liketheexternalnetwork,yourtenantnetworkalsorequiresasubnetattachedtoit.
Youcanspecifyanyvalidsubnetbecausethearchitectureisolatestenantnetworks.
Bydefault,thissubnetwilluseDHCPsoyourinstancescanobtainIPaddresses.
TocreateasubnetonthetenantnetworkCreatethesubnet:$neutronsubnet-createdemo-net--namedemo-subnet\--gatewayTENANT_NETWORK_GATEWAYTENANT_NETWORK_CIDRReplaceTENANT_NETWORK_CIDRwiththesubnetyouwanttoassociatewiththeten-antnetworkandTENANT_NETWORK_GATEWAYwiththegatewayyouwanttoasso-ciatewithit,typicallythe".
1"IPaddress.
Exampleusing192.
168.
1.
0/24:$neutronsubnet-createdemo-net--namedemo-subnet\--gateway192.
168.
1.
1192.
168.
1.
0/24Createdanewsubnet:|Field|Value||allocation_pools|{"start":"192.
168.
1.
2","end":"192.
168.
1.
254"}||cidr|192.
168.
1.
0/24||dns_nameservers|||enable_dhcp|True||gateway_ip|192.
168.
1.
1||host_routes|||id|69d38773-794a-4e49-b887-6de6734e792d||ip_version|4||ipv6_address_mode|||ipv6_ra_mode|||name|demo-subnet||network_id|ac108952-6096-4243-adf4-bb6615b3de28||tenant_id|cdef0071a0194d19ac6bb63802dc9bae|Avirtualrouterpassesnetworktrafficbetweentwoormorevirtualnetworks.
Eachrouterrequiresoneormoreinterfacesand/orgatewaysthatprovideaccesstospecificnetworks.
Inthiscase,youwillcreatearouterandattachyourtenantandexternalnetworkstoit.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno75Tocreatearouteronthetenantnetworkandattachtheexternalandtenantnetworkstoit1.
Createtherouter:$neutronrouter-createdemo-routerCreatedanewrouter:|Field|Value||admin_state_up|True||external_gateway_info|||id|635660ae-a254-4feb-8993-295aa9ec6418||name|demo-router||routes|||status|ACTIVE||tenant_id|cdef0071a0194d19ac6bb63802dc9bae|2.
Attachtheroutertothedemotenantsubnet:$neutronrouter-interface-adddemo-routerdemo-subnetAddedinterfaceb1a894fd-aee8-475c-9262-4342afdc1b58torouterdemo-router.
3.
Attachtheroutertotheexternalnetworkbysettingitasthegateway:$neutronrouter-gateway-setdemo-routerext-netSetgatewayforrouterdemo-routerVerifyconnectivityWerecommendthatyouverifynetworkconnectivityandresolveanyissuesbeforepro-ceedingfurther.
Followingtheexternalnetworksubnetexampleusing203.
0.
113.
0/24,thetenantroutergatewayshouldoccupythelowestIPaddressinthefloatingIPaddressrange,203.
0.
113.
101.
Ifyouconfiguredyourexternalphysicalnetworkandvirtualnet-workscorrectly,youshouldbeabletopingthisIPaddressfromanyhostonyourexternalphysicalnetwork.
NoteIfyouarebuildingyourOpenStacknodesasvirtualmachines,youmustconfig-urethehypervisortopermitpromiscuousmodeontheexternalnetwork.
ToverifynetworkconnectivityPingthetenantroutergateway:$ping-c4203.
0.
113.
101PING203.
0.
113.
101(203.
0.
113.
101)56(84)bytesofdata.
64bytesfrom203.
0.
113.
101:icmp_req=1ttl=64time=0.
619ms64bytesfrom203.
0.
113.
101:icmp_req=2ttl=64time=0.
189ms64bytesfrom203.
0.
113.
101:icmp_req=3ttl=64time=0.
165ms64bytesfrom203.
0.
113.
101:icmp_req=4ttl=64time=0.
216ms---203.
0.
113.
101pingstatistics---4packetstransmitted,4received,0%packetloss,time2999msuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno76rttmin/avg/max/mdev=0.
165/0.
297/0.
619/0.
187msLegacynetworking(nova-network)ConfigurecontrollernodeLegacynetworkingprimarilyinvolvescomputenodes.
However,youmustconfigurethecontrollernodetouselegacynetworking.
Toconfigurelegacynetworking1.
Editthe/etc/nova/nova.
conffileandcompletethefollowingactions:Inthe[DEFAULT]section,configurethenetworkandsecuritygroupAPIs:[DEFAULT].
.
.
network_api_class=nova.
network.
api.
APIsecurity_group_api=nova2.
RestarttheComputeservices:#systemctlrestartopenstack-nova-api.
serviceopenstack-nova-scheduler.
service\openstack-nova-conductor.
serviceConfigurecomputenodeThissectioncoversdeploymentofasimpleflatnetworkthatprovidesIPaddressestoyourinstancesviaDHCP.
Ifyourenvironmentincludesmultiplecomputenodes,themulti-hostfeatureprovidesredundancybyspreadingnetworkfunctionsacrosscomputenodes.
Toinstalllegacynetworkingcomponents#yuminstallopenstack-nova-networkopenstack-nova-apiToconfigurelegacynetworking1.
Editthe/etc/nova/nova.
conffileandcompletethefollowingactions:Inthe[DEFAULT]section,configurethenetworkparameters:[DEFAULT].
.
.
network_api_class=nova.
network.
api.
APIsecurity_group_api=novafirewall_driver=nova.
virt.
libvirt.
firewall.
IptablesFirewallDrivernetwork_manager=nova.
network.
manager.
FlatDHCPManagernetwork_size=254allow_same_net_traffic=Falsemulti_host=Truesend_arp_for_ha=Trueshare_dhcp_address=Trueforce_dhcp_release=Trueflat_network_bridge=br100uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno77flat_interface=INTERFACE_NAMEpublic_interface=INTERFACE_NAMEReplaceINTERFACE_NAMEwiththeactualinterfacenamefortheexternalnet-work.
Forexample,eth1orens224.
2.
Starttheservicesandconfigurethemtostartwhenthesystemboots:#systemctlenableopenstack-nova-network.
serviceopenstack-nova-metadata-api.
service#systemctlstartopenstack-nova-network.
serviceopenstack-nova-metadata-api.
serviceCreateinitialnetworkBeforelaunchingyourfirstinstance,youmustcreatethenecessaryvirtualnetworkinfras-tructuretowhichtheinstancewillconnect.
ThisnetworktypicallyprovidesInternetaccessfrominstances.
YoucanenableInternetaccesstoindividualinstancesusingafloatingIPaddressandsuitablesecuritygrouprules.
Theadmintenantownsthisnetworkbecauseitprovidesexternalnetworkaccessformultipletenants.
Thisnetworksharesthesamesubnetassociatedwiththephysicalnetworkconnectedtotheexternalinterfaceonthecomputenode.
Youshouldspecifyanexclusivesliceofthissubnettopreventinterferencewithotherdevicesontheexternalnetwork.
NotePerformthesecommandsonthecontrollernode.
Tocreatethenetwork1.
Sourcetheadmintenantcredentials:$sourceadmin-openrc.
sh2.
Createthenetwork:ReplaceNETWORK_CIDRwiththesubnetassociatedwiththephysicalnetwork.
$novanetwork-createdemo-net--bridgebr100--multi-hostT\--fixed-range-v4NETWORK_CIDRForexample,usinganexclusivesliceof203.
0.
113.
0/24withIPaddressrange203.
0.
113.
24to203.
0.
113.
32:$novanetwork-createdemo-net--bridgebr100--multi-hostT\--fixed-range-v4203.
0.
113.
24/29NoteThiscommandprovidesnooutput.
3.
Verifycreationofthenetwork:$novanet-listuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno78|ID|Label|CIDR||84b34a65-a762-44d6-8b5e-3b461a53f513|demo-net|203.
0.
113.
24/29|NextstepsYourOpenStackenvironmentnowincludesthecorecomponentsnecessarytolaunchaba-sicinstance.
YoucanlaunchaninstanceoraddmoreOpenStackservicestoyourenviron-ment.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno797.
AddthedashboardTableofContentsSystemrequirements79Installandconfigure80Verifyoperation81Nextsteps81TheOpenStackdashboard,alsoknownasHorizon,isaWebinterfacethatenablescloudadministratorsanduserstomanagevariousOpenStackresourcesandservices.
Thedashboardenablesweb-basedinteractionswiththeOpenStackComputecloudcon-trollerthroughtheOpenStackAPIs.
Horizonenablesyoutocustomizethebrandofthedashboard.
Horizonprovidesasetofcoreclassesandreusabletemplatesandtools.
ThisexampledeploymentusesanApachewebserver.
SystemrequirementsBeforeyouinstalltheOpenStackdashboard,youmustmeetthefollowingsystemrequire-ments:OpenStackComputeinstallation.
EnabletheIdentityServiceforuserandprojectman-agement.
NotetheURLsoftheIdentityServiceandComputeendpoints.
IdentityServiceuserwithsudoprivileges.
BecauseApachedoesnotservecontentfromarootuser,usersmustrunthedashboardasanIdentityServiceuserwithsudoprivileges.
Python2.
6or2.
7.
ThePythonversionmustsupportDjango.
ThePythonversionshouldrunonanysystem,includingMacOSX.
Installationprerequisitesmightdifferbyplat-form.
Then,installandconfigurethedashboardonanodethatcancontacttheIdentityService.
Provideuserswiththefollowinginformationsothattheycanaccessthedashboardthroughawebbrowserontheirlocalmachine:ThepublicIPaddressfromwhichtheycanaccessthedashboardTheusernameandpasswordwithwhichtheycanaccessthedashboardYourwebbrowser,andthatofyourusers,mustsupportHTML5andhavecookiesandJavaScriptenabled.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno80NoteTousetheVNCclientwiththedashboard,thebrowsermustsupportHTML5CanvasandHTML5WebSockets.
FordetailsaboutbrowsersthatsupportnoVNC,seehttps://github.
com/kana-ka/noVNC/blob/master/README.
md,andhttps://github.
com/kanaka/noVNC/wiki/Browser-support,respectively.
InstallandconfigureThissectiondescribeshowtoinstallandconfigurethedashboardonthecontrollernode.
Beforeyouproceed,verifythatyoursystemmeetstherequirementsinthesectioncalled"Systemrequirements"[79].
Also,thedashboardreliesonfunctionalcoreservicesin-cludingIdentity,ImageService,Compute,andeitherNetworking(neutron)orlegacynet-working(nova-network).
Environmentswithstand-aloneservicessuchasObjectStoragecannotusethedashboard.
Formoreinformation,seethedeveloperdocumentation.
ToinstallthedashboardcomponentsInstallthepackages:#yuminstallopenstack-dashboardhttpdmod_wsgimemcachedpython-memcachedToconfigurethedashboardEditthe/etc/openstack-dashboard/local_settingsfileandcompletethefollowingactions:a.
ConfigurethedashboardtouseOpenStackservicesonthecontrollernode:OPENSTACK_HOST="controller"b.
Allowallhoststoaccessthedashboard:ALLOWED_HOSTS=['*']c.
Configurethememcachedsessionstorageservice:CACHES={'default':{'BACKEND':'django.
core.
cache.
backends.
memcached.
MemcachedCache','LOCATION':'127.
0.
0.
1:11211',}}NoteCommentoutanyothersessionstorageconfiguration.
d.
Optionally,configurethetimezone:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno81TIME_ZONE="TIME_ZONE"ReplaceTIME_ZONEwithanappropriatetimezoneidentifier.
Formoreinforma-tion,seethelistoftimezones.
Tofinalizeinstallation1.
OnRHELandCentOS,configureSELinuxtopermitthewebservertoconnecttoOpen-Stackservices:#setsebool-Phttpd_can_network_connecton2.
Duetoapackagingbug,thedashboardCSSfailstoloadproperly.
Runthefollowingcommandtoresolvethisissue:#chown-Rapache:apache/usr/share/openstack-dashboard/staticFormoreinformation,seethebugreport.
3.
Startthewebserverandsessionstorageserviceandconfigurethemtostartwhenthesystemboots:#systemctlenablehttpd.
servicememcached.
service#systemctlstarthttpd.
servicememcached.
serviceVerifyoperationThissectiondescribeshowtoverifyoperationofthedashboard.
1.
Accessthedashboardusingawebbrowser:http://controller/dashboard.
2.
Authenticateusingadminordemousercredentials.
NextstepsYourOpenStackenvironmentnowincludesthedashboard.
Youcanlaunchaninstanceoraddmoreservicestoyourenvironmentinthefollowingchapters.
Afteryouinstallandconfigurethedashboard,youcancompletethefollowingtasks:Customizeyourdashboard.
SeesectionCustomizethedashboardintheOpenStackCloudAdministratorGuideforinformationonsettingupcolors,logos,andsitetitles.
Setupsessionstorage.
SeesectionSetupsessionstorageforthedashboardintheOpen-StackCloudAdministratorGuideforinformationonusersessiondata.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno828.
AddtheBlockStorageserviceTableofContentsOpenStackBlockStorage82Installandconfigurecontrollernode83Installandconfigureastoragenode86Verifyoperation90Nextsteps91TheOpenStackBlockStorageserviceprovidesblockstoragedevicestoinstancesusingvar-iousbackends.
TheBlockStorageAPIandschedulerservicesrunonthecontrollernodeandthevolumeservicerunsononeormorestoragenodes.
StoragenodesprovidevolumestoinstancesusinglocalblockstoragedevicesorSAN/NASbackendswiththeappropriatedrivers.
Formoreinformation,seetheConfigurationReference.
NoteThischapteromitsthebackupmanagerbecauseitdependsontheObjectStor-ageservice.
OpenStackBlockStorageTheOpenStackBlockStorageservice(cinder)addspersistentstoragetoavirtualmachine.
BlockStorageprovidesaninfrastructureformanagingvolumes,andinteractswithOpen-StackComputetoprovidevolumesforinstances.
Theservicealsoenablesmanagementofvolumesnapshots,andvolumetypes.
TheBlockStorageserviceconsistsofthefollowingcomponents:cinder-apiAcceptsAPIrequests,androutesthemtothecin-der-volumeforaction.
cinder-volumeInteractsdirectlywiththeBlockStorageservice,andprocessessuchasthecinder-scheduler.
Italsoin-teractswiththeseprocessesthroughamessagequeue.
Thecinder-volumeservicerespondstoreadandwriterequestssenttotheBlockStorageservicetomaintainstate.
Itcaninteractwithavarietyofstorageprovidersthroughadriverarchitecture.
cinder-schedulerdaemonSelectstheoptimalstorageprovidernodeonwhichtocreatethevolume.
Asimilarcomponenttotheno-va-scheduler.
MessagingqueueRoutesinformationbetweentheBlockStorageprocess-es.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno83InstallandconfigurecontrollernodeThissectiondescribeshowtoinstallandconfiguretheBlockStorageservice,code-namedcinder,onthecontrollernode.
Thisservicerequiresatleastoneadditionalstoragenodethatprovidesvolumestoinstances.
ToconfigureprerequisitesBeforeyouinstallandconfiguretheBlockStorageservice,youmustcreateadatabaseandIdentityservicecredentialsincludingendpoints.
1.
Tocreatethedatabase,completethesesteps:a.
Usethedatabaseaccessclienttoconnecttothedatabaseserverastherootuser:$mysql-uroot-pb.
Createthecinderdatabase:CREATEDATABASEcinder;c.
Grantproperaccesstothecinderdatabase:GRANTALLPRIVILEGESONcinder.
*TO'cinder'@'localhost'\IDENTIFIEDBY'CINDER_DBPASS';GRANTALLPRIVILEGESONcinder.
*TO'cinder'@'%'\IDENTIFIEDBY'CINDER_DBPASS';ReplaceCINDER_DBPASSwithasuitablepassword.
d.
Exitthedatabaseaccessclient.
2.
Sourcetheadmincredentialstogainaccesstoadmin-onlyCLIcommands:$sourceadmin-openrc.
sh3.
TocreatetheIdentityservicecredentials,completethesesteps:a.
Createacinderuser:$keystoneuser-create--namecinder--passCINDER_PASS|Property|Value||email|||enabled|True||id|881ab2de4f7941e79504a759a83308be||name|cinder||username|cinder|ReplaceCINDER_PASSwithasuitablepassword.
b.
Linkthecinderusertotheservicetenantandadminrole:$keystoneuser-role-add--usercinder--tenantservice--roleadminuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno84NoteThiscommandprovidesnooutput.
c.
Createthecinderservices:$keystoneservice-create--namecinder--typevolume\--description"OpenStackBlockStorage"|Property|Value||description|OpenStackBlockStorage||enabled|True||id|1e494c3e22a24baaafcaf777d4d467eb||name|cinder||type|volume|$keystoneservice-create--namecinderv2--typevolumev2\--description"OpenStackBlockStorage"|Property|Value||description|OpenStackBlockStorage||enabled|True||id|16e038e449c94b40868277f1d801edb5||name|cinderv2||type|volumev2|NoteTheBlockStorageservicerequirestwodifferentservicestosupportAPIversions1and2.
d.
CreatetheBlockStorageserviceendpoints:$keystoneendpoint-create\--service-id$(keystoneservice-list|awk'/volume/{print$2}')\--publicurlhttp://controller:8776/v1/%\(tenant_id\)s\--internalurlhttp://controller:8776/v1/%\(tenant_id\)s\--adminurlhttp://controller:8776/v1/%\(tenant_id\)s\--regionregionOne|Property|Value||adminurl|http://controller:8776/v1/%(tenant_id)s||id|d1b7291a2d794e26963b322c7f2a55a4||internalurl|http://controller:8776/v1/%(tenant_id)s||publicurl|http://controller:8776/v1/%(tenant_id)s||region|regionOne||service_id|1e494c3e22a24baaafcaf777d4d467eb|$keystoneendpoint-create\--service-id$(keystoneservice-list|awk'/volumev2/{print$2}')\--publicurlhttp://controller:8776/v2/%\(tenant_id\)s\uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno85--internalurlhttp://controller:8776/v2/%\(tenant_id\)s\--adminurlhttp://controller:8776/v2/%\(tenant_id\)s\--regionregionOne|Property|Value||adminurl|http://controller:8776/v2/%(tenant_id)s||id|097b4a6fc8ba44b4b10d4822d2d9e076||internalurl|http://controller:8776/v2/%(tenant_id)s||publicurl|http://controller:8776/v2/%(tenant_id)s||region|regionOne||service_id|16e038e449c94b40868277f1d801edb5|NoteTheBlockStorageservicerequirestwodifferentendpointstosupportAPIversions1and2.
ToinstallandconfigureBlockStoragecontrollercomponents1.
Installthepackages:#yuminstallopenstack-cinderpython-cinderclientpython-oslo-db2.
Editthe/etc/cinder/cinder.
conffileandcompletethefollowingactions:a.
Inthe[database]section,configuredatabaseaccess:[database].
.
.
connection=mysql://cinder:CINDER_DBPASS@controller/cinderReplaceCINDER_DBPASSwiththepasswordyouchosefortheBlockStoragedatabase.
b.
Inthe[DEFAULT]section,configureRabbitMQmessagebrokeraccess:[DEFAULT].
.
.
rpc_backend=rabbitrabbit_host=controllerrabbit_password=RABBIT_PASSReplaceRABBIT_PASSwiththepasswordyouchosefortheguestaccountinRabbitMQ.
c.
Inthe[DEFAULT]and[keystone_authtoken]sections,configureIdentityserviceaccess:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno86[DEFAULT].
.
.
auth_strategy=keystone[keystone_authtoken].
.
.
auth_uri=http://controller:5000/v2.
0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=cinderadmin_password=CINDER_PASSReplaceCINDER_PASSwiththepasswordyouchoseforthecinderuserintheIdentityservice.
NoteCommentoutanyauth_host,auth_port,andauth_protocoloptionsbecausetheidentity_urioptionreplacesthem.
d.
Inthe[DEFAULT]section,configurethemy_ipoptiontousethemanagementinterfaceIPaddressofthecontrollernode:[DEFAULT].
.
.
my_ip=10.
0.
0.
11e.
(Optional)Toassistwithtroubleshooting,enableverboselogginginthe[DE-FAULT]section:[DEFAULT].
.
.
verbose=True3.
PopulatetheBlockStoragedatabase:#su-s/bin/sh-c"cinder-managedbsync"cinderTofinalizeinstallationStarttheBlockStorageservicesandconfigurethemtostartwhenthesystemboots:#systemctlenableopenstack-cinder-api.
serviceopenstack-cinder-scheduler.
service#systemctlstartopenstack-cinder-api.
serviceopenstack-cinder-scheduler.
serviceInstallandconfigureastoragenodeThissectiondescribeshowtoinstallandconfigurestoragenodesfortheBlockStorageservice.
Forsimplicity,thisconfigurationreferencesonestoragenodewithanemptylocalblockstoragedevice/dev/sdbthatcontainsasuitablepartitiontablewithonepartition/dev/sdb1occupyingtheentiredevice.
Theserviceprovisionslogicalvolumesonthisde-viceusingtheLVMdriverandprovidesthemtoinstancesviaiSCSItransport.
Youcanfollowtheseinstructionswithminormodificationstohorizontallyscaleyourenvironmentwithad-ditionalstoragenodes.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno87ToconfigureprerequisitesYoumustconfigurethestoragenodebeforeyouinstallandconfigurethevolumeserviceonit.
Similartothecontrollernode,thestoragenodecontainsonenetworkinterfaceonthemanagementnetwork.
Thestoragenodealsoneedsanemptyblockstoragedeviceofsuitablesizeforyourenvironment.
Formoreinformation,seeChapter2,"Basicenviron-ment"[6].
1.
Configurethemanagementinterface:IPaddress:10.
0.
0.
41Networkmask:255.
255.
255.
0(or/24)Defaultgateway:10.
0.
0.
12.
Setthehostnameofthenodetoblock1.
3.
Copythecontentsofthe/etc/hostsfilefromthecontrollernodetothestoragenodeandaddthefollowingtoit:#block110.
0.
0.
41block1Alsoaddthiscontenttothe/etc/hostsfileonallothernodesinyourenvironment.
4.
InstallandconfigureNTPusingtheinstructionsinthesectioncalled"Othernodes"[19].
5.
InstalltheLVMpackages:#yuminstalllvm2NoteSomedistributionsincludeLVMbydefault.
6.
StarttheLVMmetadataserviceandconfigureittostartwhenthesystemboots:#systemctlenablelvm2-lvmetad.
service#systemctlstartlvm2-lvmetad.
service7.
CreatetheLVMphysicalvolume/dev/sdb1:#pvcreate/dev/sdb1Physicalvolume"/dev/sdb1"successfullycreatedNoteIfyoursystemusesadifferentdevicename,adjustthesestepsaccordingly.
8.
CreatetheLVMvolumegroupcinder-volumes:#vgcreatecinder-volumes/dev/sdb1Volumegroup"cinder-volumes"successfullycreatedTheBlockStorageservicecreateslogicalvolumesinthisvolumegroup.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno889.
OnlyinstancescanaccessBlockStoragevolumes.
However,theunderlyingoperat-ingsystemmanagesthedevicesassociatedwiththevolumes.
Bydefault,theLVMvol-umescanningtoolscansthe/devdirectoryforblockstoragedevicesthatcontainvol-umes.
IftenantsuseLVMontheirvolumes,thescanningtooldetectsthesevolumesandattemptstocachethemwhichcancauseavarietyofproblemswithboththeun-derlyingoperatingsystemandtenantvolumes.
YoumustreconfigureLVMtoscanon-lythedevicesthatcontainthecinder-volumevolumegroup.
Editthe/etc/lvm/lvm.
conffileandcompletethefollowingactions:Inthedevicessection,addafilterthatacceptsthe/dev/sdbdeviceandrejectsallotherdevices:devices{.
.
.
filter=["a/sdb/","r/.
*/"]Eachiteminthefilterarraybeginswithaforacceptorrforrejectandincludesaregularexpressionforthedevicename.
Thearraymustendwithr/.
*/torejectanyremainingdevices.
Youcanusethevgs-vvvvcommandtotestfilters.
WarningIfyourstoragenodesuseLVMontheoperatingsystemdisk,youmustalsoaddtheassociateddevicetothefilter.
Forexample,ifthe/dev/sdadevicecontainstheoperatingsystem:filter=["a/sda","a/sdb/","r/.
*/"]Similarly,ifyourcomputenodesuseLVMontheoperatingsystemdisk,youmustalsomodifythefilterinthe/etc/lvm/lvm.
conffileonthosenodestoincludeonlytheoperatingsystemdisk.
Forexam-ple,ifthe/dev/sdadevicecontainstheoperatingsystem:filter=["a/sda","r/.
*/"]InstallandconfigureBlockStoragevolumecomponents1.
Installthepackages:#yuminstallopenstack-cindertargetclipython-oslo-dbMySQL-python2.
Editthe/etc/cinder/cinder.
conffileandcompletethefollowingactions:a.
Inthe[database]section,configuredatabaseaccess:[database].
.
.
connection=mysql://cinder:CINDER_DBPASS@controller/cinderReplaceCINDER_DBPASSwiththepasswordyouchosefortheBlockStoragedatabase.
b.
Inthe[DEFAULT]section,configureRabbitMQmessagebrokeraccess:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno89[DEFAULT].
.
.
rpc_backend=rabbitrabbit_host=controllerrabbit_password=RABBIT_PASSReplaceRABBIT_PASSwiththepasswordyouchosefortheguestaccountinRabbitMQ.
c.
Inthe[DEFAULT]and[keystone_authtoken]sections,configureIdentityserviceaccess:[DEFAULT].
.
.
auth_strategy=keystone[keystone_authtoken].
.
.
auth_uri=http://controller:5000/v2.
0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=cinderadmin_password=CINDER_PASSReplaceCINDER_PASSwiththepasswordyouchoseforthecinderuserintheIdentityservice.
NoteCommentoutanyauth_host,auth_port,andauth_protocoloptionsbecausetheidentity_urioptionreplacesthem.
d.
Inthe[DEFAULT]section,configurethemy_ipoption:[DEFAULT].
.
.
my_ip=MANAGEMENT_INTERFACE_IP_ADDRESSReplaceMANAGEMENT_INTERFACE_IP_ADDRESSwiththeIPaddressofthemanagementnetworkinterfaceonyourstoragenode,typically10.
0.
0.
41forthefirstnodeintheexamplearchitecture.
e.
Inthe[DEFAULT]section,configurethelocationoftheImageService:[DEFAULT].
.
.
glance_host=controllerf.
Inthe[DEFAULT]section,configureBlockStoragetousethelioadmiSCSIser-vice:[DEFAULT].
.
.
iscsi_helper=lioadmuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno90g.
(Optional)Toassistwithtroubleshooting,enableverboselogginginthe[DE-FAULT]section:[DEFAULT].
.
.
verbose=TrueTofinalizeinstallationStarttheBlockStoragevolumeserviceincludingitsdependenciesandconfigurethemtostartwhenthesystemboots:#systemctlenableopenstack-cinder-volume.
servicetarget.
service#systemctlstartopenstack-cinder-volume.
servicetarget.
serviceVerifyoperationThissectiondescribeshowtoverifyoperationoftheBlockStorageservicebycreatingavol-ume.
Formoreinformationabouthowtomanagevolumes,seetheOpenStackUserGuide.
NotePerformthesecommandsonthecontrollernode.
1.
Sourcetheadmincredentialstogainaccesstoadmin-onlyCLIcommands:$sourceadmin-openrc.
sh2.
Listservicecomponentstoverifysuccessfullaunchofeachprocess:$cinderservice-list|Binary|Host|Zone|Status|State|Updated_at|DisabledReason||cinder-scheduler|controller|nova|enabled|up|2014-10-18T01:30:54.
000000|None||cinder-volume|block1|nova|enabled|up|2014-10-18T01:30:57.
000000|None|3.
Sourcethedemotenantcredentialstoperformthefollowingstepsasanon-adminis-trativetenant:$sourcedemo-openrc.
sh4.
Createa1GBvolume:$cindercreate--display-namedemo-volume11|Property|Value|uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno91|attachments|[]||availability_zone|nova||bootable|false||created_at|2014-10-14T23:11:50.
870239||display_description|None||display_name|demo-volume1||encrypted|False||id|158bea89-07db-4ac2-8115-66c0d6a4bb48||metadata|{}||size|1||snapshot_id|None||source_volid|None||status|creating||volume_type|None|5.
Verifycreationandavailabilityofthevolume:$cinderlist|ID|Status|DisplayName|Size|VolumeType|Bootable|Attachedto||158bea89-07db-4ac2-8115-66c0d6a4bb48|available|demo-volume1|1|None|false||Ifthestatusdoesnotindicateavailable,checkthelogsinthe/var/log/cinderdirectoryonthecontrollerandvolumenodesformoreinformation.
NoteThelaunchaninstancechapterincludesinstructionsforattachingthisvol-umetoaninstance.
NextstepsYourOpenStackenvironmentnowincludesBlockStorage.
Youcanlaunchaninstanceoraddmoreservicestoyourenvironmentinthefollowingchapters.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno929.
AddObjectStorageTableofContentsOpenStackObjectStorage92Systemrequirements93Examplearchitecture93Installandconfigurethecontrollernode94Installandconfigurethestoragenodes97Createinitialrings101Finalizeinstallation104Verifyoperation106Nextsteps106TheOpenStackObjectStorageservicesworktogethertoprovideobjectstorageandre-trievalthroughaRESTAPI.
Forthisexamplearchitecture,youmusthavealreadyinstalledtheIdentityService,alsoknownasKeystone.
OpenStackObjectStorageTheOpenStackObjectStorageisamulti-tenantobjectstoragesystem.
ItishighlyscalableandcanmanagelargeamountsofunstructureddataatlowcostthroughaRESTfulHTTPAPI.
Itincludesthefollowingcomponents:Proxyservers(swift-proxy-server)AcceptsOpenStackObjectStorageAPIandrawHTTPrequeststouploadfiles,modifymetadata,andcreatecontainers.
Italsoservesfileorcontainerlistingstowebbrowsers.
Toimproveperformance,theproxyservercanuseanoptionalcachethatisusuallydeployedwithmemcache.
Accountservers(swift-ac-count-server)ManagesaccountsdefinedwithObjectStorage.
Containerservers(swift-container-server)Managesthemappingofcontainersorfolders,withinObjectStorage.
Objectservers(swift-ob-ject-server)Managesactualobjects,suchasfiles,onthestoragenodes.
VariousperiodicprocessesPerformshousekeepingtasksonthelargedatastore.
Thereplicationservicesensureconsistencyandavailabil-itythroughthecluster.
Otherperiodicprocessesincludeauditors,updaters,andreapers.
WSGImiddlewareHandlesauthenticationandisusuallyOpenStackIdenti-ty.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno93SystemrequirementsHardware:OpenStackObjectStorageisdesignedtorunoncommodityhardware.
NoteWhenyouinstallonlytheObjectStorageandIdentityService,youcannotusethedashboardunlessyoualsoinstallComputeandtheImageService.
Table9.
1.
HardwarerecommendationsServerRecommendedHardwareNotesObjectStorageobjectserversProcessor:dualquadcoreMemory:8or12GBRAMDiskspace:optimizedforcostperGBNetwork:one1GBNet-workInterfaceCard(NIC)Theamountofdiskspacedependsonhowmuchyoucanfitintotherackefficiently.
YouwanttooptimizetheseforbestcostperGBwhilestillgettingindustry-standardfailurerates.
AtRackspace,ourstorageserversarecurrentlyrunningfairlygeneric4Userverswith242TSATAdrivesand8coresofprocessingpower.
RAIDonthestoragedrivesisnotrequiredandnotrecommended.
Swift'sdiskusagepatternistheworstcasepossibleforRAID,andperfor-mancedegradesveryquicklyusingRAID5or6.
Asanexample,RackspacerunsCloudFilesstorageserverswith242TSATAdrivesand8coresofprocessingpower.
Mostservicessup-porteitheraworkerorconcurrencyvalueinthesettings.
Thisal-lowstheservicestomakeeffectiveuseofthecoresavailable.
ObjectStoragecon-tainer/accountserversProcessor:dualquadcoreMemory:8or12GBRAMNetwork:one1GBNet-workInterfaceCard(NIC)OptimizedforIOPSduetotrackingwithSQLitedatabases.
ObjectStorageproxyserverProcessor:dualquadcoreNetwork:one1GBNet-workInterfaceCard(NIC)Highernetworkthroughputoffersbetterperformanceforsupport-ingmanyAPIrequests.
OptimizeyourproxyserversforbestCPUperformance.
TheProxyServicesaremoreCPUandnetworkI/Ointensive.
Ifyouareusing10GBnetworkingtotheproxy,orareterminatingSSLtrafficattheproxy,greaterCPUpowerisrequired.
Operatingsystem:OpenStackObjectStoragecurrentlyrunsonUbuntu,RHEL,CentOS,Fe-dora,openSUSE,orSLES.
Networking:1Gbpsor10Gbpsissuggestedinternally.
ForOpenStackObjectStorage,anexternalnetworkshouldconnecttheoutsideworldtotheproxyservers,andthestoragenetworkisintendedtobeisolatedonaprivatenetworkormultipleprivatenetworks.
Database:ForOpenStackObjectStorage,aSQLitedatabaseispartoftheOpenStackOb-jectStoragecontainerandaccountmanagementprocess.
Permissions:YoucaninstallOpenStackObjectStorageeitherasrootorasauserwithsudopermissionsifyouconfigurethesudoersfiletoenableallthepermissions.
ExamplearchitectureInaproductionenvironment,theObjectStorageservicerequiresatleasttwoproxynodesandfivestoragenodes.
Forsimplicity,thisguideusesaminimalarchitecturewiththeproxyuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno94servicerunningontheexistingOpenStackcontrollernodeandtwostoragenodes.
Howev-er,theseconceptsstillapply.
Node:AhostmachinethatrunsoneormoreOpenStackObjectStorageservices.
Proxynode:Runsproxyservices.
Storagenode:Runsaccount,container,andobjectservices.
ContainstheSQLitedatabas-es.
Ring:AsetofmappingsbetweenOpenStackObjectStoragedatatophysicaldevices.
Replica:Acopyofanobject.
Bydefault,threecopiesaremaintainedinthecluster.
Zone(optional):Alogicallyseparatesectionofthecluster,relatedtoindependentfailurecharacteristics.
Region(optional):Alogicallyseparatesectionofthecluster,representingdistinctphys-icallocationssuchascitiesorcountries.
Similartozones,butrepresentingphysicalloca-tionsofportionsoftheclusterratherthanlogicalsegments.
Toincreasereliabilityandperformance,youcanaddadditionalproxyservers.
Thefollowingdiagramshowsonepossiblearchitectureforaminimalproductionenviron-ment:InstallandconfigurethecontrollernodeThissectiondescribeshowtoinstallandconfiguretheproxyservicethathandlesrequestsfortheaccount,container,andobjectservicesoperatingonthestoragenodes.
Forsimplici-ty,thisguideinstallsandconfigurestheproxyserviceonthecontrollernode.
However,youuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno95canruntheproxyserviceonanynodewithnetworkconnectivitytothestoragenodes.
Ad-ditionally,youcaninstallandconfiguretheproxyserviceonmultiplenodestoincreaseper-formanceandredundancy.
Formoreinformation,seetheDeploymentGuide.
ToconfigureprerequisitesTheproxyservicereliesonanauthenticationandauthorizationmechanismsuchastheIdentityservice.
However,unlikeotherservices,italsooffersaninternalmechanismthatal-lowsittooperatewithoutanyotherOpenStackservices.
However,forsimplicity,thisguidereferencestheIdentityserviceinChapter3,"AddtheIdentityservice"[24].
Beforeyoucon-figuretheObjectStorageservice,youmustcreateIdentityservicecredentialsincludingend-points.
NoteTheObjectStorageservicedoesnotuseaSQLdatabaseonthecontrollernode.
1.
TocreatetheIdentityservicecredentials,completethesesteps:a.
Createaswiftuser:$keystoneuser-create--nameswift--passSWIFT_PASS|Property|Value||email|||enabled|True||id|d535e5cbd2b74ac7bfb97db9cced3ed6||name|swift||username|swift|ReplaceSWIFT_PASSwithasuitablepassword.
b.
Linktheswiftusertotheservicetenantandadminrole:$keystoneuser-role-add--userswift--tenantservice--roleadminNoteThiscommandprovidesnooutput.
c.
Createtheswiftservice:$keystoneservice-create--nameswift--typeobject-store\--description"OpenStackObjectStorage"|Property|Value||description|OpenStackObjectStorage||enabled|True||id|75ef509da2c340499d454ae96a2c5c34||name|swift||type|object-store|2.
CreatetheIdentityserviceendpoints:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno96$keystoneendpoint-create\--service-id$(keystoneservice-list|awk'/object-store/{print$2}')\--publicurl'http://controller:8080/v1/AUTH_%(tenant_id)s'\--internalurl'http://controller:8080/v1/AUTH_%(tenant_id)s'\--adminurlhttp://controller:8080\--regionregionOne|Property|Value||adminurl|http://controller:8080/||id|af534fb8b7ff40a6acf725437c586ebe||internalurl|http://controller:8080/v1/AUTH_%(tenant_id)s||publicurl|http://controller:8080/v1/AUTH_%(tenant_id)s||region|regionOne||service_id|75ef509da2c340499d454ae96a2c5c34|Toinstallandconfigurethecontrollernodecomponents1.
Installthepackages:NoteCompleteOpenStackenvironmentsalreadyincludesomeofthesepack-ages.
#yuminstallopenstack-swift-proxypython-swiftclientpython-keystone-auth-tokenmemcached2.
ObtaintheproxyserviceconfigurationfilefromtheObjectStoragesourcerepository:#curl-o/etc/swift/proxy-server.
conf\https://raw.
githubusercontent.
com/openstack/swift/stable/juno/etc/proxy-server.
conf-sample3.
Editthe/etc/swift/proxy-server.
conffileandcompletethefollowingactions:a.
Inthe[DEFAULT]section,configurethebindport,user,andconfigurationdirec-tory:[DEFAULT].
.
.
bind_port=8080user=swiftswift_dir=/etc/swiftb.
Inthe[pipeline:main]section,enabletheappropriatemodules:[pipeline:main]pipeline=authtokencachehealthcheckkeystoneauthproxy-loggingproxy-serverNoteFormoreinformationonothermodulesthatenableadditionalfea-tures,seetheDeploymentGuide.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno97c.
Inthe[app:proxy-server]section,enableaccountmanagement:[app:proxy-server].
.
.
allow_account_management=trueaccount_autocreate=trued.
Inthe[filter:keystoneauth]section,configuretheoperatorroles:[filter:keystoneauth]use=egg:swift#keystoneauth.
.
.
operator_roles=admin,_member_NoteYoumightneedtouncommentthissection.
e.
Inthe[filter:authtoken]section,configureIdentityserviceaccess:[filter:authtoken]paste.
filter_factory=keystonemiddleware.
auth_token:filter_factory.
.
.
auth_uri=http://controller:5000/v2.
0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=swiftadmin_password=SWIFT_PASSdelay_auth_decision=trueReplaceSWIFT_PASSwiththepasswordyouchosefortheswiftuserintheIdentityservice.
NoteYoumightneedtouncommentthissection.
NoteCommentoutanyauth_host,auth_port,andauth_protocoloptionsbecausetheidentity_urioptionreplacesthem.
f.
Inthe[filter:cache]section,configurethememcachedlocation:[filter:cache].
.
.
memcache_servers=127.
0.
0.
1:11211InstallandconfigurethestoragenodesThissectiondescribeshowtoinstallandconfigurestoragenodesthatoperatetheaccount,container,andobjectservices.
Forsimplicity,thisconfigurationreferencestwostoragenodes,eachcontainingtwoemptylocalblockstoragedevices.
Eachofthedevices,/dev/sdband/dev/sdc,mustcontainasuitablepartitiontablewithonepartitionoccupyingtheentiredevice.
AlthoughtheObjectStorageservicesupportsanyfilesystemwithextend-uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno98edattributes(xattr),testingandbenchmarkingindicatethebestperformanceandreliabili-tyonXFS.
Formoreinformationonhorizontallyscalingyourenvironment,seetheDeploy-mentGuide.
ToconfigureprerequisitesYoumustconfigureeachstoragenodebeforeyouinstallandconfiguretheObjectStorageserviceonit.
Similartothecontrollernode,eachstoragenodecontainsonenetworkinter-faceonthemanagementnetwork.
Optionally,eachstoragenodecancontainasecondnet-workinterfaceonaseparatenetworkforreplication.
Formoreinformation,seeChapter2,"Basicenvironment"[6].
1.
Configureuniqueitemsonthefirststoragenode:a.
Configurethemanagementinterface:IPaddress:10.
0.
0.
51Networkmask:255.
255.
255.
0(or/24)Defaultgateway:10.
0.
0.
1b.
Setthehostnameofthenodetoobject1.
2.
Configureuniqueitemsonthesecondstoragenode:a.
Configurethemanagementinterface:IPaddress:10.
0.
0.
52Networkmask:255.
255.
255.
0(or/24)Defaultgateway:10.
0.
0.
1b.
Setthehostnameofthenodetoobject2.
3.
Configureshareditemsonbothstoragenodes:a.
Copythecontentsofthe/etc/hostsfilefromthecontrollernodeandaddthefollowingtoit:#object110.
0.
0.
51object1#object210.
0.
0.
52object2Alsoaddthiscontenttothe/etc/hostsfileonallothernodesinyourenviron-ment.
b.
InstallandconfigureNTPusingtheinstructionsinthesectioncalled"Othernodes"[19].
c.
Installthesupportingutilitypackages:#yuminstallxfsprogsrsyncuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno99d.
Formatthe/dev/sdb1and/dev/sdc1partitionsasXFS:#mkfs.
xfs/dev/sdb1#mkfs.
xfs/dev/sdc1e.
Createthemountpointdirectorystructure:#mkdir-p/srv/node/sdb1#mkdir-p/srv/node/sdc1f.
Editthe/etc/fstabfileandaddthefollowingtoit:/dev/sdb1/srv/node/sdb1xfsnoatime,nodiratime,nobarrier,logbufs=802/dev/sdc1/srv/node/sdc1xfsnoatime,nodiratime,nobarrier,logbufs=802g.
Mountthedevices:#mount/srv/node/sdb1#mount/srv/node/sdc14.
Editthe/etc/rsyncd.
conffileandaddthefollowingtoit:uid=swiftgid=swiftlogfile=/var/log/rsyncd.
logpidfile=/var/run/rsyncd.
pidaddress=MANAGEMENT_INTERFACE_IP_ADDRESS[account]maxconnections=2path=/srv/node/readonly=falselockfile=/var/lock/account.
lock[container]maxconnections=2path=/srv/node/readonly=falselockfile=/var/lock/container.
lock[object]maxconnections=2path=/srv/node/readonly=falselockfile=/var/lock/object.
lockReplaceMANAGEMENT_INTERFACE_IP_ADDRESSwiththeIPaddressofthemanage-mentnetworkonthestoragenode.
NoteThersyncservicerequiresnoauthentication,soconsiderrunningitonaprivatenetwork.
5.
Startthersyncdserviceandconfigureittostartwhenthesystemboots:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno100#systemctlenablersyncd.
service#systemctlstartrsyncd.
serviceInstallandconfigurestoragenodecomponentsNotePerformthesestepsoneachstoragenode.
1.
Installthepackages:#yuminstallopenstack-swift-accountopenstack-swift-container\openstack-swift-object2.
Obtaintheaccounting,container,andobjectserviceconfigurationfilesfromtheOb-jectStoragesourcerepository:#curl-o/etc/swift/account-server.
conf\https://raw.
githubusercontent.
com/openstack/swift/stable/juno/etc/account-server.
conf-sample#curl-o/etc/swift/container-server.
conf\https://raw.
githubusercontent.
com/openstack/swift/stable/juno/etc/container-server.
conf-sample#curl-o/etc/swift/object-server.
conf\https://raw.
githubusercontent.
com/openstack/swift/stable/juno/etc/object-server.
conf-sample3.
Editthe/etc/swift/account-server.
conf,/etc/swift/contain-er-server.
conf,and/etc/swift/object-server.
conffilesandcompletethefollowingactions:a.
Inthe[DEFAULT]section,configurethebindIPaddress,bindport,user,configu-rationdirectory,andmountpointdirectory:[DEFAULT].
.
.
bind_ip=MANAGEMENT_INTERFACE_IP_ADDRESSbind_port=6002user=swiftswift_dir=/etc/swiftdevices=/srv/nodeReplaceMANAGEMENT_INTERFACE_IP_ADDRESSwiththeIPaddressofthemanagementnetworkonthestoragenode.
b.
Inthe[pipeline:main]section,enabletheappropriatemodules:[pipeline:main]pipeline=healthcheckreconaccount-serverNoteFormoreinformationonothermodulesthatenableadditionalfea-tures,seetheDeploymentGuide.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno101c.
Inthe[filter:recon]section,configuretherecon(metrics)cachedirectory:[filter:recon].
.
.
recon_cache_path=/var/cache/swift4.
Ensureproperownershipofthemountpointdirectorystructure:#chown-Rswift:swift/srv/node5.
Createtherecondirectoryandensureproperownershipofit:#mkdir-p/var/cache/swift#chown-Rswift:swift/var/cache/swiftCreateinitialringsBeforestartingtheObjectStorageservices,youmustcreatetheinitialaccount,contain-er,andobjectrings.
Theringbuildercreatesconfigurationfilesthateachnodeusestode-termineanddeploythestoragearchitecture.
Forsimplicity,thisguideusesoneregionandzonewith2^10(1024)maximumpartitions,3replicasofeachobject,and1hourminimumtimebetweenmovingapartitionmorethanonce.
ForObjectStorage,apartitionindicatesadirectoryonastoragedeviceratherthanaconventionalpartitiontable.
Formoreinfor-mation,seetheDeploymentGuide.
AccountringTheaccountserverusestheaccountringtomaintainlistsofcontainers.
TocreatetheringNotePerformthesestepsonthecontrollernode.
1.
Changetothe/etc/swiftdirectory.
2.
Createthebaseaccount.
builderfile:#swift-ring-builderaccount.
buildercreate10313.
Addeachstoragenodetothering:#swift-ring-builderaccount.
builder\addr1z1-STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS:6002/DEVICE_NAMEDEVICE_WEIGHTReplaceSTORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESSwiththeIPad-dressofthemanagementnetworkonthestoragenode.
ReplaceDEVICE_NAMEwithastoragedevicenameonthesamestoragenode.
Forexample,usingthefirststoragenodeinthesectioncalled"Installandconfigurethestoragenodes"[97]withthe/dev/sdb1storagedeviceandweightof100:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno102#swift-ring-builderaccount.
builderaddr1z1-10.
0.
0.
51:6002/sdb1100Repeatthiscommandforeachstoragedeviceoneachstoragenode.
Theexamplear-chitecturerequiresfourvariationsofthiscommand.
4.
Verifytheringcontents:#swift-ring-builderaccount.
builderaccount.
builder,buildversion41024partitions,3.
000000replicas,1regions,1zones,4devices,0.
00balanceTheminimumnumberofhoursbeforeapartitioncanbereassignedis1Devices:idregionzoneipaddressportreplicationipreplicationportnameweightpartitionsbalancemeta01110.
0.
0.
51600210.
0.
0.
516002sdb1100.
007680.
0011110.
0.
0.
51600210.
0.
0.
516002sdc1100.
007680.
0021110.
0.
0.
52600210.
0.
0.
526002sdb1100.
007680.
0031110.
0.
0.
52600210.
0.
0.
526002sdc1100.
007680.
005.
Rebalancethering:#swift-ring-builderaccount.
builderrebalanceNoteThisprocesscantakeawhile.
ContainerringThecontainerserverusesthecontainerringtomaintainlistsofobjects.
However,itdoesnottrackobjectlocations.
TocreatetheringNotePerformthesestepsonthecontrollernode.
1.
Changetothe/etc/swiftdirectory.
2.
Createthebasecontainer.
builderfile:#swift-ring-buildercontainer.
buildercreate10313.
Addeachstoragenodetothering:#swift-ring-buildercontainer.
builder\addr1z1-STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS:6001/DEVICE_NAMEDEVICE_WEIGHTReplaceSTORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESSwiththeIPad-dressofthemanagementnetworkonthestoragenode.
ReplaceDEVICE_NAMEwithuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno103astoragedevicenameonthesamestoragenode.
Forexample,usingthefirststoragenodeinthesectioncalled"Installandconfigurethestoragenodes"[97]withthe/dev/sdb1storagedeviceandweightof100:#swift-ring-buildercontainer.
builderaddr1z1-10.
0.
0.
51:6001/sdb1100Repeatthiscommandforeachstoragedeviceoneachstoragenode.
Theexamplear-chitecturerequiresfourvariationsofthiscommand.
4.
Verifytheringcontents:#swift-ring-buildercontainer.
buildercontainer.
builder,buildversion41024partitions,3.
000000replicas,1regions,1zones,4devices,0.
00balanceTheminimumnumberofhoursbeforeapartitioncanbereassignedis1Devices:idregionzoneipaddressportreplicationipreplicationportnameweightpartitionsbalancemeta01110.
0.
0.
51600110.
0.
0.
516001sdb1100.
007680.
0011110.
0.
0.
51600110.
0.
0.
516001sdc1100.
007680.
0021110.
0.
0.
52600110.
0.
0.
526001sdb1100.
007680.
0031110.
0.
0.
52600110.
0.
0.
526001sdc1100.
007680.
005.
Rebalancethering:#swift-ring-buildercontainer.
builderrebalanceNoteThisprocesscantakeawhile.
ObjectringTheobjectserverusestheobjectringtomaintainlistsofobjectlocationsonlocaldevices.
TocreatetheringNotePerformthesestepsonthecontrollernode.
1.
Changetothe/etc/swiftdirectory.
2.
Createthebaseobject.
builderfile:#swift-ring-builderobject.
buildercreate10313.
Addeachstoragenodetothering:#swift-ring-builderobject.
builder\addr1z1-STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS:6000/DEVICE_NAMEDEVICE_WEIGHTuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno104ReplaceSTORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESSwiththeIPad-dressofthemanagementnetworkonthestoragenode.
ReplaceDEVICE_NAMEwithastoragedevicenameonthesamestoragenode.
Forexample,usingthefirststoragenodeinthesectioncalled"Installandconfigurethestoragenodes"[97]withthe/dev/sdb1storagedeviceandweightof100:#swift-ring-builderobject.
builderaddr1z1-10.
0.
0.
51:6000/sdb1100Repeatthiscommandforeachstoragedeviceoneachstoragenode.
Theexamplear-chitecturerequiresfourvariationsofthiscommand.
4.
Verifytheringcontents:#swift-ring-builderobject.
builderobject.
builder,buildversion41024partitions,3.
000000replicas,1regions,1zones,4devices,0.
00balanceTheminimumnumberofhoursbeforeapartitioncanbereassignedis1Devices:idregionzoneipaddressportreplicationipreplicationportnameweightpartitionsbalancemeta01110.
0.
0.
51600010.
0.
0.
516000sdb1100.
007680.
0011110.
0.
0.
51600010.
0.
0.
516000sdc1100.
007680.
0021110.
0.
0.
52600010.
0.
0.
526000sdb1100.
007680.
0031110.
0.
0.
52600010.
0.
0.
526000sdc1100.
007680.
005.
Rebalancethering:#swift-ring-builderobject.
builderrebalanceNoteThisprocesscantakeawhile.
DistributeringconfigurationfilesCopytheaccount.
ring.
gz,container.
ring.
gz,andobject.
ring.
gzfilestothe/etc/swiftdirectoryoneachstoragenodeandanyadditionalnodesrunningtheproxyservice.
FinalizeinstallationConfigurehashesanddefaultstoragepolicy1.
Obtainthe/etc/swift/swift.
conffilefromtheObjectStoragesourcereposito-ry:#curl-o/etc/swift/swift.
conf\https://raw.
githubusercontent.
com/openstack/swift/stable/juno/etc/swift.
conf-sample2.
Editthe/etc/swift/swift.
conffileandcompletethefollowingactions:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno105a.
Inthe[swift-hash]section,configurethehashpathprefixandsuffixforyourenvironment.
[swift-hash].
.
.
swift_hash_path_suffix=HASH_PATH_PREFIXswift_hash_path_prefix=HASH_PATH_SUFFIXReplaceHASH_PATH_PREFIXandHASH_PATH_SUFFIXwithuniquevalues.
WarningKeepthesevaluessecretanddonotchangeorlosethem.
b.
Inthe[storage-policy:0]section,configurethedefaultstoragepolicy:[storage-policy:0].
.
.
name=Policy-0default=yes3.
Copytheswift.
conffiletothe/etc/swiftdirectoryoneachstoragenodeandanyadditionalnodesrunningtheproxyservice.
4.
Onallnodes,ensureproperownershipoftheconfigurationdirectory:#chown-Rswift:swift/etc/swift5.
Onthecontrollernodeandanyothernodesrunningtheproxyservice,starttheObjectStorageproxyserviceincludingitsdependenciesandconfigurethemtostartwhenthesystemboots:#systemctlenableopenstack-swift-proxy.
servicememcached.
service#systemctlstartopenstack-swift-proxy.
servicememcached.
service6.
Onthestoragenodes,starttheObjectStorageservicesandconfigurethemtostartwhenthesystemboots:#systemctlenableopenstack-swift-account.
serviceopenstack-swift-account-auditor.
service\openstack-swift-account-reaper.
serviceopenstack-swift-account-replicator.
service#systemctlstartopenstack-swift-account.
serviceopenstack-swift-account-auditor.
service\openstack-swift-account-reaper.
serviceopenstack-swift-account-replicator.
service#systemctlenableopenstack-swift-container.
serviceopenstack-swift-container-auditor.
service\openstack-swift-container-replicator.
serviceopenstack-swift-container-updater.
service#systemctlstartopenstack-swift-container.
serviceopenstack-swift-container-auditor.
service\openstack-swift-container-replicator.
serviceopenstack-swift-container-updater.
service#systemctlenableopenstack-swift-object.
serviceopenstack-swift-object-auditor.
service\openstack-swift-object-replicator.
serviceopenstack-swift-object-updater.
serviceuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno106#systemctlstartopenstack-swift-object.
serviceopenstack-swift-object-auditor.
service\openstack-swift-object-replicator.
serviceopenstack-swift-object-updater.
serviceVerifyoperationThissectiondescribeshowtoverifyoperationoftheObjectStorageservice.
NotePerformthesestepsonthecontrollernode.
1.
Sourcethedemotenantcredentials:$sourcedemo-openrc.
sh2.
Showtheservicestatus:$swiftstatAccount:AUTH_11b9758b7049476d9b48f7a91ea11493Containers:0Objects:0Bytes:0Content-Type:text/plain;charset=utf-8X-Timestamp:1381434243.
83760X-Trans-Id:txdcdd594565214fb4a2d33-0052570383X-Put-Timestamp:1381434243.
837603.
Uploadatestfile:$swiftuploaddemo-container1FILEReplaceFILEwiththenameofalocalfiletouploadtothedemo-container1con-tainer.
4.
Listcontainers:$swiftlistdemo-container15.
Downloadatestfile:$swiftdownloaddemo-container1FILEReplaceFILEwiththenameofthefileuploadedtothedemo-container1contain-er.
NextstepsYourOpenStackenvironmentnowincludesObjectStorage.
Youcanlaunchaninstanceoraddmoreservicestoyourenvironmentinthefollowingchapters.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno10710.
AddtheOrchestrationmoduleTableofContentsOrchestrationmoduleconcepts107InstallandconfigureOrchestration107Verifyoperation111Nextsteps112TheOrchestrationmodule(heat)usesaheatorchestrationtemplate(HOT)tocreateandmanagecloudresources.
OrchestrationmoduleconceptsTheOrchestrationmoduleprovidesatemplate-basedorchestrationfordescribingacloudapplication,byrunningOpenStackAPIcallstogeneraterunningcloudapplications.
ThesoftwareintegratesothercorecomponentsofOpenStackintoaone-filetemplatesystem.
ThetemplatesallowyoutocreatemostOpenStackresourcetypes,suchasinstances,float-ingIPs,volumes,securitygroupsandusers.
Italsoprovidesadvancedfunctionality,suchasinstancehighavailability,instanceauto-scaling,andnestedstacks.
ThisenablesOpenStackcoreprojectstoreceivealargeruserbase.
TheserviceenablesdeployerstointegratewiththeOrchestrationmoduledirectlyorthroughcustomplug-ins.
TheOrchestrationmoduleconsistsofthefollowingcomponents:heatcommand-lineclientACLIthatcommunicateswiththeheat-apitorunAWSCloudFormationAPIs.
EnddeveloperscandirectlyusetheOrchestrationRESTAPI.
heat-apicomponentAnOpenStack-nativeRESTAPIthatprocessesAPIre-questsbysendingthemtotheheat-engineoverRemoteProcedureCall(RPC).
heat-api-cfncomponentAnAWSQueryAPIthatiscompatiblewithAWSCloud-Formation.
ItprocessesAPIrequestsbysendingthemtotheheat-engineoverRPC.
heat-engineOrchestratesthelaunchingoftemplatesandprovideseventsbacktotheAPIconsumer.
InstallandconfigureOrchestrationThissectiondescribeshowtoinstallandconfiguretheOrchestrationmodule,code-namedheat,onthecontrollernode.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno108ToconfigureprerequisitesBeforeyouinstallandconfigureOrchestration,youmustcreateadatabaseandIdentityservicecredentialsincludingendpoints.
1.
Tocreatethedatabase,completethesesteps:a.
Usethedatabaseaccessclienttoconnecttothedatabaseserverastherootuser:$mysql-uroot-pb.
Createtheheatdatabase:CREATEDATABASEheat;c.
Grantproperaccesstotheheatdatabase:GRANTALLPRIVILEGESONheat.
*TO'heat'@'localhost'\IDENTIFIEDBY'HEAT_DBPASS';GRANTALLPRIVILEGESONheat.
*TO'heat'@'%'\IDENTIFIEDBY'HEAT_DBPASS';ReplaceHEAT_DBPASSwithasuitablepassword.
d.
Exitthedatabaseaccessclient.
2.
Sourcetheadmincredentialstogainaccesstoadmin-onlyCLIcommands:$sourceadmin-openrc.
sh3.
TocreatetheIdentityservicecredentials,completethesesteps:a.
Createtheheatuser:$keystoneuser-create--nameheat--passHEAT_PASS|Property|Value||email|||enabled|True||id|7fd67878dcd04d0393469ef825a7e005||name|heat||username|heat|ReplaceHEAT_PASSwithasuitablepassword.
b.
Linktheheatusertotheservicetenantandadminrole:$keystoneuser-role-add--userheat--tenantservice--roleadminNoteThiscommandprovidesnooutput.
c.
Createtheheat_stack_userandheat_stack_ownerroles:$keystonerole-create--nameheat_stack_user$keystonerole-create--nameheat_stack_owneruno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno109Bydefault,userscreatedbyOrchestrationusetheheat_stack_userrole.
d.
Createtheheatandheat-cfnservices:$keystoneservice-create--nameheat--typeorchestration\--description"Orchestration"|Property|Value||description|Orchestration||enabled|True||id|031112165cad4c2bb23e84603957de29||name|heat||type|orchestration|$keystoneservice-create--nameheat-cfn--typecloudformation\--description"Orchestration"|Property|Value||description|Orchestration||enabled|True||id|297740d74c0a446bbff867acdccb33fa||name|heat-cfn||type|cloudformation|e.
CreatetheIdentityserviceendpoints:$keystoneendpoint-create\--service-id$(keystoneservice-list|awk'/orchestration/{print$2}')\--publicurlhttp://controller:8004/v1/%\(tenant_id\)s\--internalurlhttp://controller:8004/v1/%\(tenant_id\)s\--adminurlhttp://controller:8004/v1/%\(tenant_id\)s\--regionregionOne|Property|Value||adminurl|http://controller:8004/v1/%(tenant_id)s||id|f41225f665694b95a46448e8676b0dc2||internalurl|http://controller:8004/v1/%(tenant_id)s||publicurl|http://controller:8004/v1/%(tenant_id)s||region|regionOne||service_id|031112165cad4c2bb23e84603957de29|$keystoneendpoint-create\--service-id$(keystoneservice-list|awk'/cloudformation/{print$2}')\--publicurlhttp://controller:8000/v1\--internalurlhttp://controller:8000/v1\--adminurlhttp://controller:8000/v1\--regionregionOne|Property|Value||adminurl|http://controller:8000/v1||id|f41225f665694b95a46448e8676b0dc2||internalurl|http://controller:8000/v1|uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno110|publicurl|http://controller:8000/v1||region|regionOne||service_id|297740d74c0a446bbff867acdccb33fa|ToinstallandconfiguretheOrchestrationcomponents1.
Runthefollowingcommandstoinstallthepackages:#yuminstallopenstack-heat-apiopenstack-heat-api-cfnopenstack-heat-engine\python-heatclient2.
Editthe/etc/heat/heat.
conffileandcompletethefollowingactions:a.
Inthe[database]section,configuredatabaseaccess:[database].
.
.
connection=mysql://heat:HEAT_DBPASS@controller/heatReplaceHEAT_DBPASSwiththepasswordyouchosefortheOrchestrationdatabase.
b.
Inthe[DEFAULT]section,configureRabbitMQmessagebrokeraccess:[DEFAULT].
.
.
rpc_backend=rabbitrabbit_host=controllerrabbit_password=RABBIT_PASSReplaceRABBIT_PASSwiththepasswordyouchosefortheguestaccountinRabbitMQ.
c.
Inthe[keystone_authtoken]and[ec2authtoken]sections,configureIdentityserviceaccess:[keystone_authtoken].
.
.
auth_uri=http://controller:5000/v2.
0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=heatadmin_password=HEAT_PASS[ec2authtoken].
.
.
auth_uri=http://controller:5000/v2.
0ReplaceHEAT_PASSwiththepasswordyouchosefortheheatuserintheIdenti-tyservice.
NoteCommentoutanyauth_host,auth_port,andauth_protocoloptionsbecausetheidentity_urioptionreplacesthem.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno111d.
Inthe[DEFAULT]section,configurethemetadataandwaitconditionURLs:[DEFAULT].
.
.
heat_metadata_server_url=http://controller:8000heat_waitcondition_server_url=http://controller:8000/v1/waitconditione.
(Optional)Toassistwithtroubleshooting,enableverboselogginginthe[DE-FAULT]section:[DEFAULT].
.
.
verbose=True3.
PopulatetheOrchestrationdatabase:#su-s/bin/sh-c"heat-managedb_sync"heatTofinalizeinstallationStarttheOrchestrationservicesandconfigurethemtostartwhenthesystemboots:#systemctlenableopenstack-heat-api.
serviceopenstack-heat-api-cfn.
service\openstack-heat-engine.
service#systemctlstartopenstack-heat-api.
serviceopenstack-heat-api-cfn.
service\openstack-heat-engine.
serviceVerifyoperationThissectiondescribeshowtoverifyoperationoftheOrchestrationmodule(heat).
1.
Sourcethedemotenantcredentials:$sourcedemo-openrc.
sh2.
TheOrchestrationmoduleusestemplatestodescribestacks.
Tolearnaboutthetem-platelanguage,seetheTemplateGuideintheHeatdeveloperdocumentation.
Createatesttemplateinthetest-stack.
ymlfilewiththefollowingcontent:heat_template_version:2013-05-23description:TestTemplateparameters:ImageID:type:stringdescription:ImageusetobootaserverNetID:type:stringdescription:NetworkIDfortheserverresources:server1:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno112type:OS::Nova::Serverproperties:name:"Testserver"image:{get_param:ImageID}flavor:"m1.
tiny"networks:-network:{get_param:NetID}outputs:server1_private_ip:description:IPaddressoftheserverintheprivatenetworkvalue:{get_attr:[server1,first_address]}3.
Usetheheatstack-createcommandtocreateastackfromthetemplate:$NET_ID=$(novanet-list|awk'/demo-net/{print$2}')$heatstack-create-ftest-stack.
yml\-P"ImageID=cirros-0.
3.
3-x86_64;NetID=$NET_ID"testStack|id|stack_name|stack_status|creation_time||477d96b4-d547-4069-938d-32ee990834af|testStack|CREATE_IN_PROGRESS|2014-04-06T15:11:01Z|4.
Usetheheatstack-listcommandtoverifysuccessfulcreationofthestack:$heatstack-list|id|stack_name|stack_status|creation_time||477d96b4-d547-4069-938d-32ee990834af|testStack|CREATE_COMPLETE|2014-04-06T15:11:01Z|NextstepsYourOpenStackenvironmentnowincludesOrchestration.
Youcanlaunchaninstanceoraddmoreservicestoyourenvironmentinthefollowingchapters.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno11311.
AddtheTelemetrymoduleTableofContentsTelemetrymodule113Installandconfigurecontrollernode114InstalltheComputeagentforTelemetry117ConfiguretheImageServiceforTelemetry118AddtheBlockStorageserviceagentforTelemetry119ConfiguretheObjectStorageserviceforTelemetry119VerifytheTelemetryinstallation120Nextsteps121TelemetryprovidesaframeworkformonitoringandmeteringtheOpenStackcloud.
Itisal-soknownastheceilometerproject.
TelemetrymoduleTheTelemetrymoduleperformsthefollowingfunctions:EfficientlycollectsthemeteringdataabouttheCPUandnetworkcosts.
Collectsdatabymonitoringnotificationssentfromservicesorbypollingtheinfrastruc-ture.
Configuresthetypeofcollecteddatatomeetvariousoperatingrequirements.
ItaccessesandinsertsthemeteringdatathroughtheRESTAPI.
Expandstheframeworktocollectcustomusagedatabyadditionalplug-ins.
Producessignedmeteringmessagesthatcannotberepudiated.
TheTelemetrymoduleconsistsofthefollowingcomponents:Acomputeagent(ceilome-ter-agent-compute)Runsoneachcomputenodeandpollsforresourceuti-lizationstatistics.
Theremaybeothertypesofagentsinthefuture,butfornowourfocusiscreatingthecom-puteagent.
Acentralagent(ceilome-ter-agent-central)Runsonacentralmanagementservertopollforre-sourceutilizationstatisticsforresourcesnottiedtoin-stancesorcomputenodes.
Acollector(ceilometer-col-lector)Runsoncentralmanagementserver(s)tomonitorthemessagequeues(fornotificationsandformeteringda-tacomingfromtheagent).
Notificationmessagesareprocessedandturnedintometeringmessages,whicharesenttothemessagebususingtheappropriatetopic.
Telemetrymessagesarewrittentothedatastorewith-outmodification.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno114Analarmnotifier(ceilome-ter-alarm-notifier)Runsononeormorecentralmanagementserverstoal-lowalarmstobesetbasedonthethresholdevaluationforacollectionofsamples.
AdatastoreAdatabasecapableofhandlingconcurrentwrites(fromoneormorecollectorinstances)andreads(fromtheAPIserver).
AnAPIserver(ceilome-ter-api)Runsononeormorecentralmanagementserverstoprovidedataaccessfromthedatastore.
TheseservicescommunicatebyusingtheOpenStackmessagingbus.
OnlythecollectorandAPIserverhaveaccesstothedatastore.
InstallandconfigurecontrollernodeThissectiondescribeshowtoinstallandconfiguretheTelemetrymodule,code-namedceilometer,onthecontrollernode.
TheTelemetrymoduleusesseparateagentstocollectmeasurementsfromeachOpenStackserviceinyourenvironment.
ToconfigureprerequisitesBeforeyouinstallandconfigureTelemetry,youmustinstallMongoDB,createaMongoDBdatabase,andcreateIdentityservicecredentialsincludingendpoints.
1.
InstalltheMongoDBpackage:#yuminstallmongodb-servermongodb2.
Editthe/etc/mongodb.
conffileandcompletethefollowingactions:a.
Configurethebind_ipkeytousethemanagementinterfaceIPaddressofthecontrollernode.
bind_ip=10.
0.
0.
11b.
Bydefault,MongoDBcreatesseveral1GBjournalfilesinthe/var/lib/mon-godb/journaldirectory.
Ifyouwanttoreducethesizeofeachjournalfileto128MBandlimittotaljournalspaceconsumptionto512MB,assertthesmall-fileskey:smallfiles=trueYoucanalsodisablejournaling.
Formoreinformation,seetheMongoDBmanual.
c.
StarttheMongoDBservicesandconfigurethemtostartwhenthesystemboots:#servicemongodstart#chkconfigmongodon3.
Createtheceilometerdatabase:#mongo--hostcontroller--eval'db=db.
getSiblingDB("ceilometer");db.
addUser({user:"ceilometer",pwd:"CEILOMETER_DBPASS",roles:["readWrite","dbAdmin"]})'uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno115ReplaceCEILOMETER_DBPASSwithasuitablepassword.
4.
Sourcetheadmincredentialstogainaccesstoadmin-onlyCLIcommands:$sourceadmin-openrc.
sh5.
TocreatetheIdentityservicecredentials:a.
Createtheceilometeruser:$keystoneuser-create--nameceilometer--passCEILOMETER_PASSReplaceCEILOMETER_PASSwithasuitablepassword.
b.
Linktheceilometerusertotheservicetenantandadminrole:$keystoneuser-role-add--userceilometer--tenantservice--roleadminc.
Createtheceilometerservice:$keystoneservice-create--nameceilometer--typemetering\--description"Telemetry"d.
CreatetheIdentityserviceendpoints:$keystoneendpoint-create\--service-id$(keystoneservice-list|awk'/metering/{print$2}')\--publicurlhttp://controller:8777\--internalurlhttp://controller:8777\--adminurlhttp://controller:8777\--regionregionOneToinstallandconfiguretheTelemetrymodulecomponents1.
Installthepackages:#yuminstallopenstack-ceilometer-apiopenstack-ceilometer-collector\openstack-ceilometer-notificationopenstack-ceilometer-centralopenstack-ceilometer-alarm\python-ceilometerclient2.
Generatearandomvaluetouseasthemeteringsecret:#opensslrand-hex103.
Editthe/etc/ceilometer/ceilometer.
conffileandcompletethefollowingac-tions:a.
Inthe[database]section,configuredatabaseaccess:[database].
.
.
connection=mongodb://ceilometer:CEILOMETER_DBPASS@controller:27017/ceilometerReplaceCEILOMETER_DBPASSwiththepasswordyouchosefortheTelemetrymoduledatabase.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno116b.
Inthe[DEFAULT]section,configureRabbitMQmessagebrokeraccess:[DEFAULT].
.
.
rpc_backend=rabbitrabbit_host=controllerrabbit_password=RABBIT_PASSReplaceRABBIT_PASSwiththepasswordyouchosefortheguestaccountinRabbitMQ.
c.
Inthe[DEFAULT]and[keystone_authtoken]sections,configureIdentityserviceaccess:[DEFAULT].
.
.
auth_strategy=keystone[keystone_authtoken].
.
.
auth_uri=http://controller:5000/v2.
0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=ceilometeradmin_password=CEILOMETER_PASSReplaceCEILOMETER_PASSwiththepasswordyouchosefortheceliometeruserintheIdentityservice.
NoteCommentoutanyauth_host,auth_port,andauth_protocoloptionsbecausetheidentity_urioptionreplacesthem.
d.
Inthe[service_credentials]section,configureservicecredentials:[service_credentials].
.
.
os_auth_url=http://controller:5000/v2.
0os_username=ceilometeros_tenant_name=serviceos_password=CEILOMETER_PASSReplaceCEILOMETER_PASSwiththepasswordyouchosefortheceilometeruserintheIdentityservice.
e.
Inthe[publisher]section,configurethemeteringsecret:[publisher].
.
.
metering_secret=METERING_SECRETReplaceMETERING_SECRETwiththerandomvaluethatyougeneratedinapre-viousstep.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno117TofinalizeinstallationStarttheTelemetryservicesandconfigurethemtostartwhenthesystemboots:#systemctlenableopenstack-ceilometer-api.
serviceopenstack-ceilometer-notification.
service\openstack-ceilometer-central.
serviceopenstack-ceilometer-collector.
service\openstack-ceilometer-alarm-evaluator.
serviceopenstack-ceilometer-alarm-notifier.
service#systemctlstartopenstack-ceilometer-api.
serviceopenstack-ceilometer-notification.
service\openstack-ceilometer-central.
serviceopenstack-ceilometer-collector.
service\openstack-ceilometer-alarm-evaluator.
serviceopenstack-ceilometer-alarm-notifier.
serviceInstalltheComputeagentforTelemetryTelemetryiscomposedofanAPIservice,acollectorandarangeofdisparateagents.
Thissectionexplainshowtoinstallandconfiguretheagentthatrunsonthecomputenode.
Toconfigureprerequisites1.
Installthepackage:#yuminstallopenstack-ceilometer-computepython-ceilometerclientpython-pecan2.
Editthe/etc/nova/nova.
conffileandaddthefollowinglinestothe[DEFAULT]section:[DEFAULT].
.
.
instance_usage_audit=Trueinstance_usage_audit_period=hournotify_on_state_change=vm_and_task_statenotification_driver=nova.
openstack.
common.
notifier.
rpc_notifiernotification_driver=ceilometer.
compute.
nova_notifier3.
RestarttheComputeservice:#systemctlrestartopenstack-nova-compute.
serviceToconfiguretheComputeagentforTelemetryEditthe/etc/ceilometer/ceilometer.
conffileandcompletethefollowingactions:1.
Inthe[publisher]section,setthesecretkeyforTelemetryservicenodes:[publisher]#Secretvalueforsigningmeteringmessages(stringvalue)metering_secret=CEILOMETER_TOKENReplaceCEILOMETER_TOKENwiththeceilometertokenthatyoucreatedpreviously.
2.
Inthe[DEFAULT]section,configureRabbitMQbrokeraccess:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno118[DEFAULT]rabbit_host=controllerrabbit_password=RABBIT_PASSReplaceRABBIT_PASSwiththepasswordyouchosefortheguestaccountinRabbit-MQ.
3.
Inthe[keystone_authtoken]section,configureIdentityserviceaccess:[keystone_authtoken]auth_uri=http://controller:5000/v2.
0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=ceilometeradmin_password=CEILOMETER_PASSReplaceCEILOMETER_PASSwiththepasswordyouchosefortheTelemetrymoduledatabase.
NoteCommentouttheauth_host,auth_port,andauth_protocolkeys,sincetheyarereplacedbytheidentity_uriandauth_urikeys.
4.
Inthe[service_credentials]section,configureservicecredentials:[service_credentials]os_auth_url=http://controller:5000/v2.
0os_username=ceilometeros_tenant_name=serviceos_password=CEILOMETER_PASSos_endpoint_type=internalURLReplaceCEILOMETER_PASSwiththepasswordyouchosefortheceilometeruserintheIdentityservice.
TofinishinstallationStarttheserviceandconfigureittostartwhenthesystemboots:#systemctlenableopenstack-ceilometer-compute.
service#systemctlstartopenstack-ceilometer-compute.
serviceConfiguretheImageServiceforTelemetry1.
Toretrieveimagesamples,youmustconfiguretheImageServicetosendnotificationstothebus.
Edit/etc/glance/glance-api.
confandmodifythe[DEFAULT]section:notification_driver=messagingrpc_backend=rabbitrabbit_host=controllerrabbit_password=RABBIT_PASS2.
RestarttheImageServiceswiththeirnewsettings:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno119#systemctlrestartopenstack-glance-api.
serviceopenstack-glance-registry.
serviceAddtheBlockStorageserviceagentforTelemetry1.
Toretrievevolumesamples,youmustconfiguretheBlockStorageservicetosendnoti-ficationstothebus.
Edit/etc/cinder/cinder.
confandaddinthe[DEFAULT]sectiononthecon-trollerandvolumenodes:control_exchange=cindernotification_driver=cinder.
openstack.
common.
notifier.
rpc_notifier2.
RestarttheBlockStorageserviceswiththeirnewsettings.
Onthecontrollernode:#systemctlrestartopenstack-cinder-api.
serviceopenstack-cinder-scheduler.
serviceOnthestoragenode:#systemctlrestartopenstack-cinder-volume.
service3.
IfyouwanttocollectOpenStackBlockStoragenotificationondemand,youcanusecinder-volume-usage-auditfromOpenStackBlockStorage.
Formoreinformation,BlockStorageauditscriptsetuptogetnotifications.
ConfiguretheObjectStorageserviceforTeleme-try1.
Installthepython-ceilometerclientpackageonyourObjectStorageproxyserver:#yuminstallpython-ceilometerclient2.
Toretrieveobjectstorestatistics,theTelemetryserviceneedsaccesstoObjectStor-agewiththeResellerAdminrole.
Givethisroletoyouros_usernameuserfortheos_tenant_nametenant:$keystonerole-create--nameResellerAdmin|Property|Value||id|462fa46c13fd4798a95a3bfbe27b5e54||name|ResellerAdmin|$keystoneuser-role-add--tenantservice--userceilometer\--role462fa46c13fd4798a95a3bfbe27b5e543.
YoumustalsoaddtheTelemetrymiddlewaretoObjectStoragetohandleincomingandoutgoingtraffic.
Addtheselinestothe/etc/swift/proxy-server.
conffile:uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno120[filter:ceilometer]use=egg:ceilometer#swift4.
Addceilometertothepipelineparameterofthatsamefile:[pipeline:main]pipeline=healthcheckcacheauthtokenkeystoneauthceilometerproxy-server5.
AddthesystemuserswifttothesystemgroupceilometertogiveObjectStorageaccesstotheceilometer.
conffile.
#usermod-a-Gceilometerswift6.
AddResellerAdmintotheoperator_rolesparameterofthatsamefile:operator_roles=Member,admin,swiftoperator,_member_,ResellerAdmin7.
Restarttheservicewithitsnewsettings:#systemctlrestartopenstack-swift-proxy.
serviceVerifytheTelemetryinstallationTotesttheTelemetryinstallation,downloadanimagefromtheImageService,andusetheceilometercommandtodisplayusagestatistics.
1.
Usetheceilometermeter-listcommandtotesttheaccesstoTelemetry:$ceilometermeter-list|Name|Type|Unit|ResourceID|UserID|ProjectID||image|gauge|image|acafc7c0-40aa-4026-9673-b879898e1fc2|None|efa984b0a914450e9a47788ad330699d||image.
size|gauge|B|acafc7c0-40aa-4026-9673-b879898e1fc2|None|efa984b0a914450e9a47788ad330699d|2.
DownloadanimagefromtheImageService:$glanceimage-download"cirros-0.
3.
3-x86_64">cirros.
img3.
Calltheceilometermeter-listcommandagaintovalidatethatthedownloadhasbeendetectedandstoredbytheTelemetry:$ceilometermeter-list|Name|Type|Unit|ResourceID|UserID|ProjectID|uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno121|image|gauge|image|acafc7c0-40aa-4026-9673-b879898e1fc2|None|efa984b0a914450e9a47788ad330699d||image.
download|delta|B|acafc7c0-40aa-4026-9673-b879898e1fc2|None|efa984b0a914450e9a47788ad330699d||image.
serve|delta|B|acafc7c0-40aa-4026-9673-b879898e1fc2|None|efa984b0a914450e9a47788ad330699d||image.
size|gauge|B|acafc7c0-40aa-4026-9673-b879898e1fc2|None|efa984b0a914450e9a47788ad330699d|4.
Youcannowgetusagestatisticsforthevariousmeters:$ceilometerstatistics-mimage.
download-p60|Period|PeriodStart|PeriodEnd|Count|Min|Max|Sum|Avg|Duration|DurationStart|DurationEnd||60|2013-11-18T18:08:50|2013-11-18T18:09:50|1|13167616.
0|13167616.
0|13167616.
0|13167616.
0|0.
0|2013-11-18T18:09:05.
334000|2013-11-18T18:09:05.
334000|NextstepsYourOpenStackenvironmentnowincludesTelemetry.
Youcanlaunchaninstanceoraddmoreservicestoyourenvironmentinthepreviouschapters.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno12212.
AddtheDatabaseserviceTableofContentsDatabaseserviceoverview122InstalltheDatabaseservice123VerifytheDatabaseserviceinstallation126UsetheDatabasemoduletocreateclouddatabaseresources.
Theintegratedprojectnameistrove.
WarningThischapterisaworkinprogress.
Itmaycontainincorrectinformation,andwillbeupdatedfrequently.
DatabaseserviceoverviewTheDatabaseserviceprovidesscalableandreliablecloudprovisioningfunctionalityforbothrelationalandnon-relationaldatabaseengines.
Userscanquicklyandeasilyusedatabasefeatureswithouttheburdenofhandlingcomplexadministrativetasks.
Cloudusersanddatabaseadministratorscanprovisionandmanagemultipledatabaseinstancesasneeded.
TheDatabaseserviceprovidesresourceisolationathighperformancelevels,andautomatescomplexadministrativetaskssuchasdeployment,configuration,patching,backups,re-stores,andmonitoring.
Processflowexample.
Thisexampleisahigh-levelprocessflowforusingDatabaseser-vices:1.
TheOpenStackAdministratorconfiguresthebasicinfrastructureusingthefollowingsteps:a.
InstalltheDatabaseservice.
b.
Createanimageforeachtypeofdatabase.
Forexample,oneforMySQLandoneforMongoDB.
c.
Usethetrove-managecommandtoimportimagesandofferthemtotenants.
2.
TheOpenStackenduserdeploystheDatabaseserviceusingthefollowingsteps:a.
CreateaDatabaseserviceinstanceusingthetrovecreatecommand.
b.
UsethetrovelistcommandtogettheIDoftheinstance,followedbythetroveshowcommandtogettheIPaddressofit.
c.
AccesstheDatabaseserviceinstanceusingtypicaldatabaseaccesscommands.
Forexample,withMySQL:$mysql-umyuser-p-hTROVE_IP_ADDRESSmydbuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno123TheDatabaseserviceincludesthefollowingcomponents:python-troveclientcom-mand-lineclientACLIthatcommunicateswiththetrove-apicompo-nent.
trove-apicomponentProvidesanOpenStack-nativeRESTfulAPIthatsupportsJSONtoprovisionandmanageTroveinstances.
trove-conductorserviceRunsonthehost,andreceivesmessagesfromguestin-stancesthatwanttoupdateinformationonthehost.
trove-taskmanagerserviceInstrumentsthecomplexsystemflowsthatsupportpro-visioninginstances,managingthelifecycleofinstances,andperformingoperationsoninstances.
trove-guestagentserviceRunswithintheguestinstance.
Managesandperformsoperationsonthedatabaseitself.
InstalltheDatabaseserviceThisprocedureinstallstheDatabasemoduleonthecontrollernode.
Prerequisites.
ThischapterassumesthatyoualreadyhaveaworkingOpenStackenviron-mentwithatleastthefollowingcomponentsinstalled:Compute,ImageService,Identity.
Ifyouwanttodobackupandrestore,youalsoneedObjectStorage.
Ifyouwanttoprovisiondatastoresonblock-storagevolumes,youalsoneedBlockStor-age.
ToinstalltheDatabasemoduleonthecontroller:1.
Installrequiredpackages:#yuminstallopenstack-trovepython-troveclient2.
PrepareOpenStack:a.
Sourcetheadmin-openrc.
shfile.
$source~/admin-openrc.
shb.
CreateatroveuserthatComputeusestoauthenticatewiththeIdentityservice.
Usetheservicetenantandgivetheusertheadminrole:$keystoneuser-create--nametrove--passTROVE_PASS$keystoneuser-role-add--usertrove--tenantservice--roleadminReplaceTROVE_PASSwithasuitablepassword.
3.
Editthefollowingconfigurationfiles,takingthebelowactionsforeachfile:trove.
conftrove-taskmanager.
conftrove-conductor.
confuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno124a.
Editthe[DEFAULT]sectionofeachfileandsetappropriatevaluesfortheOpen-StackserviceURLs,loggingandmessagingconfiguration,andSQLconnections:[DEFAULT]log_dir=/var/log/trovetrove_auth_url=http://controller:5000/v2.
0nova_compute_url=http://controller:8774/v2cinder_url=http://controller:8776/v1swift_url=http://controller:8080/v1/AUTH_sql_connection=mysql://trove:TROVE_DBPASS@controller/trovenotifier_queue_hostname=controllerb.
ConfiguretheDatabasemoduletousetheRabbitMQmessagebrokerbysettingthefollowingoptionsinthe[DEFAULT]configurationgroupofeachfile:[DEFAULT].
.
.
rpc_backend=rabbitrabbit_host=controllerrabbit_password=RABBIT_PASS4.
Editthe[filter:authtoken]sectionoftheapi-paste.
inifilesoitmatchesthelistingshownbelow:[filter:authtoken]auth_uri=http://controller:5000/v2.
0identity_uri=http://controller:35357admin_user=troveadmin_password=ADMIN_PASSadmin_tenant_name=servicesigning_dir=/var/cache/trove5.
Editthetrove.
conffilesoitincludesappropriatevaluesforthedefaultdatastoreandnetworklabelregexasshownbelow:[DEFAULT]default_datastore=mysql.
.
.
.
#ConfigoptionforshowingtheIPaddressthatnovadolesoutadd_addresses=Truenetwork_label_regex=^NETWORK_LABEL$.
.
.
.
6.
Editthetrove-taskmanager.
conffilesoitincludestherequiredsettingstocon-necttotheOpenStackComputeserviceasshownbelow:[DEFAULT].
.
.
.
#Configurationoptionsfortalkingtonovaviathenovaclient.
#Theseoptionsareforanadminuserinyourkeystoneconfig.
#Itproxy'sthetokenreceivedfromtheusertosendtonovaviathisadminuserscreds,#basicallyactingliketheclientviathatproxytoken.
nova_proxy_admin_user=adminnova_proxy_admin_pass=ADMIN_PASSnova_proxy_admin_tenant_name=servicetaskmanager_manager=trove.
taskmanager.
manager.
Manager.
.
.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno1257.
Preparethetroveadmindatabase:$mysql-uroot-pmysql>CREATEDATABASEtrove;mysql>GRANTALLPRIVILEGESONtrove.
*TOtrove@'localhost'\IDENTIFIEDBY'TROVE_DBPASS';mysql>GRANTALLPRIVILEGESONtrove.
*TOtrove@'%'\IDENTIFIEDBY'TROVE_DBPASS';8.
PreparetheDatabaseservice:a.
Initializethedatabase:#su-s/bin/sh-c"trove-managedb_sync"troveb.
Createadatastore.
Youneedtocreateaseparatedatastoreforeachtypeofdatabaseyouwanttouse,forexample,MySQL,MongoDB,Cassandra.
Thisexam-pleshowsyouhowtocreateadatastoreforaMySQLdatabase:#su-s/bin/sh-c"trove-managedatastore_updatemysql''"trove9.
Createatroveimage.
Createanimageforthetypeofdatabaseyouwanttouse,forexample,MySQL,Mon-goDB,Cassandra.
Thisimagemusthavethetroveguestagentinstalled,anditmusthavethetrove-guestagent.
conffileconfiguredtoconnecttoyourOpenStackenvironment.
Tocorrectlyconfigurethetrove-guestagent.
conffile,followthesestepsontheguestinstanceyouareusingtobuildyourimage:Addthefollowinglinestotrove-guestagent.
conf:rabbit_host=controllerrabbit_password=RABBIT_PASSnova_proxy_admin_user=adminnova_proxy_admin_pass=ADMIN_PASSnova_proxy_admin_tenant_name=servicetrove_auth_url=http://controller:35357/v2.
010.
Updatethedatastoretousethenewimage,usingthetrove-managecommand.
ThisexampleshowsyouhowtocreateaMySQL5.
5datastore:#trove-manage--config-file/etc/trove/trove.
confdatastore_version_update\mysqlmysql-5.
5mysqlglance_image_IDmysql-server-5.
5111.
YoumustregistertheDatabasemodulewiththeIdentityservicesothatotherOpen-Stackservicescanlocateit.
Registertheserviceandspecifytheendpoint:$keystoneservice-create--nametrove--typedatabase\--description"OpenStackDatabaseService"$keystoneendpoint-create\--service-id$(keystoneservice-list|awk'/trove/{print$2}')\--publicurlhttp://controller:8779/v1.
0/%\(tenant_id\)s\--internalurlhttp://controller:8779/v1.
0/%\(tenant_id\)s\--adminurlhttp://controller:8779/v1.
0/%\(tenant_id\)s\--regionregionOneuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno12612.
StarttheDatabaseservicesandconfigurethemtostartwhenthesystemboots:#systemctlenableopenstack-trove-api.
serviceopenstack-trove-taskmanager.
service\openstack-trove-conductor.
service#systemctlstartopenstack-trove-api.
serviceopenstack-trove-taskmanager.
service\openstack-trove-conductor.
serviceVerifytheDatabaseserviceinstallationToverifythattheDatabaseserviceisinstalledandconfiguredcorrectly,tryexecutingaTrovecommand:1.
Sourcethedemo-openrc.
shfile.
$source~/demo-openrc.
sh2.
RetrievetheTroveinstanceslist:$trovelistYoushouldseeoutputsimilartothis:|id|name|datastore|datastore_version|status|flavor_id|size|3.
Assumingyouhavecreatedanimageforthetypeofdatabaseyouwant,andhaveupdatedthedatastoretousethatimage,youcannowcreateaTroveinstance(database).
Todothis,usethetrovecreatecommand.
ThisexampleshowsyouhowtocreateaMySQL5.
5database:$trovecreatename2--size=2--databasesDBNAME\--usersUSER:PASSWORD--datastore_versionmysql-5.
5\--datastoremysqluno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno12713.
AddtheDataprocessingserviceTableofContentsDataprocessingservice127InstalltheDataprocessingservice128VerifytheDataprocessingserviceinstallation129TheDataprocessingservice(sahara)enablesuserstoprovideascalabledataprocessingstackandassociatedmanagementinterfaces.
Thisincludesprovisionandoperationofdataprocessingclustersaswellasschedulingandoperationofdataprocessingjobs.
WarningThischapterisaworkinprogress.
Itmaycontainincorrectinformation,andwillbeupdatedfrequently.
DataprocessingserviceTheDataprocessingserviceforOpenStack(sahara)aimstoprovideuserswithsimplemeanstoprovisiondataprocessing(Hadoop,Spark)clustersbyspecifyingseveralparame-terslikeHadoopversion,clustertopology,nodeshardwaredetailsandafewmore.
Afteruserfillsinalltheparameters,theDataprocessingservicedeploystheclusterinafewmin-utes.
Alsosaharaprovidesmeanstoscalealreadyprovisionedclustersbyadding/removingworkernodesondemand.
Thesolutionaddressesthefollowingusecases:FastprovisioningofHadoopclustersonOpenStackfordevelopmentandQA.
UtilizationofunusedcomputepowerfromgeneralpurposeOpenStackIaaScloud.
Analytics-as-a-Serviceforad-hocorburstyanalyticworkloads.
Keyfeaturesare:DesignedasanOpenStackcomponent.
ManagedthroughRESTAPIwithUIavailableaspartofOpenStackdashboard.
SupportfordifferentHadoopdistributions:PluggablesystemofHadoopinstallationengines.
Integrationwithvendorspecificmanagementtools,suchasApacheAmbariorCloud-eraManagementConsole.
PredefinedtemplatesofHadoopconfigurationswithabilitytomodifyparameters.
User-friendlyUIforad-hocanalyticsqueriesbasedonHiveorPig.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno128InstalltheDataprocessingserviceThisprocedureinstallstheDataprocessingservice(sahara)onthecontrollernode.
ToinstalltheDataprocessingserviceonthecontroller:1.
Installrequiredpackages:#yuminstallopenstack-saharapython-saharaclient2.
Edit/etc/sahara/sahara.
confconfigurationfilea.
First,editconnectionparameterinthe[database]section.
TheURLprovid-edhereshouldpointtoanemptydatabase.
Forinstance,connectionstringforMySQLdatabasewillbe:connection=mysql://sahara:SAHARA_DBPASS@controller/saharab.
Switchtothe[keystone_authtoken]section.
Theauth_uriparametershouldpointtothepublicIdentityAPIendpoint.
identity_urishouldpointtotheadminIdentityAPIendpoint.
Forexample:auth_uri=http://controller:5000/v2.
0identity_uri=http://controller:35357c.
Nextspecifyadmin_user,admin_passwordandadmin_tenant_name.
Theseparametersmustspecifyakeystoneuserwhichhastheadminroleinthegiventenant.
Thesecredentialsallowsaharatoauthenticateandauthorizeitsusers.
d.
Switchtothe[DEFAULT]section.
Proceedtothenetworkingparameters.
IfyouareusingNeutronfornetworking,thensetuse_neutron=true.
Otherwiseifyouareusingnova-networksetthegivenparametertofalse.
e.
Thatshouldbeenoughforthefirstrun.
Ifyouwanttoincreaselogginglevelfortroubleshooting,therearetwoparametersintheconfig:verboseanddebug.
Iftheformerissettotrue,saharawillstarttowritelogsofINFOlevelandabove.
Ifdebugissettotrue,saharawillwriteallthelogs,includingtheDEBUGones.
3.
IfyouusetheDataprocessingservicewithMySQLdatabase,thenforstoringbigjobbinariesinsaharainternaldatabaseyoumustconfiguresizeofmaxallowedpacket.
Editmy.
cnffileandchangeparameter:[mysqld]max_allowed_packet=256MandrestartMySQLserver.
4.
Createdatabaseschema:#sahara-db-manage--config-file/etc/sahara/sahara.
confupgradehead5.
YoumustregistertheDataprocessingservicewiththeIdentityservicesothatotherOpenStackservicescanlocateit.
Registertheserviceandspecifytheendpoint:$keystoneservice-create--namesahara--typedata_processing\--description"Dataprocessingservice"uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno129$keystoneendpoint-create\--service-id$(keystoneservice-list|awk'/sahara/{print$2}')\--publicurlhttp://controller:8386/v1.
1/%\(tenant_id\)s\--internalurlhttp://controller:8386/v1.
1/%\(tenant_id\)s\--adminurlhttp://controller:8386/v1.
1/%\(tenant_id\)s\--regionregionOne6.
Startthesaharaservice:#systemctlstartopenstack-sahara-all7.
(Optional)EnabletheDataprocessingservicetostartonboot#systemctlenableopenstack-sahara-allVerifytheDataprocessingserviceinstallationToverifythattheDataprocessingservice(sahara)isinstalledandconfiguredcorrectly,tryrequestingclusterslistusingsaharaclient.
1.
Sourcethedemotenantcredentials:$sourcedemo-openrc.
sh2.
Retrievesaharaclusterslist:$saharacluster-listYoushouldseeoutputsimilartothis:|name|id|status|node_count|uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno13014.
LaunchaninstanceTableofContentsLaunchaninstancewithOpenStackNetworking(neutron)130Launchaninstancewithlegacynetworking(nova-network)138AninstanceisaVMthatOpenStackprovisionsonacomputenode.
ThisguideshowsyouhowtolaunchaminimalinstanceusingtheCirrOSimagethatyouaddedtoyourenviron-mentintheChapter4,"AddtheImageService"[36]chapter.
Inthesesteps,youusethecommand-lineinterface(CLI)onyourcontrollernodeoranysystemwiththeappropriateOpenStackclientlibraries.
Tousethedashboard,seetheOpenStackUserGuide.
LaunchaninstanceusingOpenStackNetworking(neutron)orlegacynetworking(no-va-network).
Formoreinformation,seetheOpenStackUserGuide.
NoteThesestepsreferenceexamplecomponentscreatedinpreviouschapters.
YoumustadjustcertainvaluessuchasIPaddressestomatchyourenvironment.
LaunchaninstancewithOpenStackNetworking(neutron)TogenerateakeypairMostcloudimagessupportpublickeyauthenticationratherthanconventionalusername/passwordauthentication.
Beforelaunchinganinstance,youmustgenerateapublic/privatekeypairusingssh-keygenandaddthepublickeytoyourOpenStackenvironment.
1.
Sourcethedemotenantcredentials:$sourcedemo-openrc.
sh2.
Generateakeypair:$ssh-keygen3.
AddthepublickeytoyourOpenStackenvironment:$novakeypair-add--pub-key~/.
ssh/id_rsa.
pubdemo-keyNoteThiscommandprovidesnooutput.
4.
Verifyadditionofthepublickey:$novakeypair-list|Name|Fingerprint|uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno131|demo-key|6c:74:ec:3a:08:05:4e:9e:21:22:a6:dd:b2:62:b8:28|TolaunchaninstanceTolaunchaninstance,youmustatleastspecifytheflavor,imagename,network,securitygroup,key,andinstancename.
1.
Aflavorspecifiesavirtualresourceallocationprofilewhichincludesprocessor,memo-ry,andstorage.
Listavailableflavors:$novaflavor-list|ID|Name|Memory_MB|Disk|Ephemeral|Swap|VCPUs|RXTX_Factor|Is_Public||1|m1.
tiny|512|1|0||1|1.
0|True||2|m1.
small|2048|20|0||1|1.
0|True||3|m1.
medium|4096|40|0||2|1.
0|True||4|m1.
large|8192|80|0||4|1.
0|True||5|m1.
xlarge|16384|160|0||8|1.
0|True|Yourfirstinstanceusesthem1.
tinyflavor.
NoteYoucanalsoreferenceaflavorbyID.
2.
Listavailableimages:$novaimage-list|ID|Name|Status|Server||acafc7c0-40aa-4026-9673-b879898e1fc2|cirros-0.
3.
3-x86_64|ACTIVE||Yourfirstinstanceusesthecirros-0.
3.
3-x86_64image.
3.
Listavailablenetworks:$neutronnet-listuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno132|id|name|subnets||3c612b5a-d1db-498a-babb-a4c50e344cb1|demo-net|20bcd3fd-5785-41fe-ac42-55ff884e3180192.
168.
1.
0/24||9bce64a3-a963-4c05-bfcd-161f708042d1|ext-net|b54a8d85-b434-4e85-a8aa-74873841a90d203.
0.
113.
0/24|Yourfirstinstanceusesthedemo-nettenantnetwork.
However,youmustreferencethisnetworkusingtheIDinsteadofthename.
4.
Listavailablesecuritygroups:$novasecgroup-list|Id|Name|Description||ad8d4ea5-3cad-4f7d-b164-ada67ec59473|default|default|Yourfirstinstanceusesthedefaultsecuritygroup.
Bydefault,thissecuritygroupim-plementsafirewallthatblocksremoteaccesstoinstances.
Ifyouwouldliketopermitremoteaccesstoyourinstance,launchitandthenconfigureremoteaccess.
5.
Launchtheinstance:ReplaceDEMO_NET_IDwiththeIDofthedemo-nettenantnetwork.
$novaboot--flavorm1.
tiny--imagecirros-0.
3.
3-x86_64--nicnet-id=DEMO_NET_ID\--security-groupdefault--key-namedemo-keydemo-instance1|Property|Value||OS-DCF:diskConfig|MANUAL||OS-EXT-AZ:availability_zone|nova||OS-EXT-STS:power_state|0||OS-EXT-STS:task_state|scheduling||OS-EXT-STS:vm_state|building||OS-SRV-USG:launched_at|-||OS-SRV-USG:terminated_at|-||accessIPv4||uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno133|accessIPv6|||adminPass|vFW7Bp8PQGNo||config_drive|||created|2014-04-09T19:24:27Z||flavor|m1.
tiny(1)||hostId|||id|05682b91-81a1-464c-8f40-8b3da7ee92c5||image|cirros-0.
3.
3-x86_64(acafc7c0-40aa-4026-9673-b879898e1fc2)||key_name|demo-key||metadata|{}||name|demo-instance1||os-extended-volumes:volumes_attached|[]||progress|0||security_groups|default||status|BUILD||tenant_id|7cf50047f8df4824bc76c2fdf66d11ec||updated|2014-04-09T19:24:27Z||user_id|0e47686e72114d7182f7569d70c519c9|6.
Checkthestatusofyourinstance:$novalist|ID|Name|Status|TaskState|PowerState|Networks||05682b91-81a1-464c-8f40-8b3da7ee92c5|demo-instance1|ACTIVE|-|Running|demo-net=192.
168.
1.
3|ThestatuschangesfromBUILDtoACTIVEwhenyourinstancefinishesthebuildpro-cess.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno134ToaccessyourinstanceusingavirtualconsoleObtainaVirtualNetworkComputing(VNC)sessionURLforyourinstanceandaccessitfromawebbrowser:$novaget-vnc-consoledemo-instance1novnc+-------+|Type|Url|+-------+|novnc|http://controller:6080/vnc_auto.
htmltoken=2f6dd985-f906-4bfc-b566-e87ce656375b|+-------+NoteIfyourwebbrowserrunsonahostthatcannotresolvethecontrollerhostname,youcanreplacecontrollerwiththeIPaddressoftheman-agementinterfaceonyourcontrollernode.
TheCirrOSimageincludesconventionalusername/passwordauthenticationandpro-videsthesecredentialsattheloginprompt.
AfterloggingintoCirrOS,werecommendthatyouverifynetworkconnectivityusingping.
Verifythedemo-nettenantnetworkgateway:$ping-c4192.
168.
1.
1PING192.
168.
1.
1(192.
168.
1.
1)56(84)bytesofdata.
64bytesfrom192.
168.
1.
1:icmp_req=1ttl=64time=0.
357ms64bytesfrom192.
168.
1.
1:icmp_req=2ttl=64time=0.
473ms64bytesfrom192.
168.
1.
1:icmp_req=3ttl=64time=0.
504ms64bytesfrom192.
168.
1.
1:icmp_req=4ttl=64time=0.
470ms---192.
168.
1.
1pingstatistics---4packetstransmitted,4received,0%packetloss,time2998msrttmin/avg/max/mdev=0.
357/0.
451/0.
504/0.
055msVerifytheext-netexternalnetwork:$ping-c4openstack.
orgPINGopenstack.
org(174.
143.
194.
225)56(84)bytesofdata.
64bytesfrom174.
143.
194.
225:icmp_req=1ttl=53time=17.
4ms64bytesfrom174.
143.
194.
225:icmp_req=2ttl=53time=17.
5ms64bytesfrom174.
143.
194.
225:icmp_req=3ttl=53time=17.
7ms64bytesfrom174.
143.
194.
225:icmp_req=4ttl=53time=17.
5ms---openstack.
orgpingstatistics---4packetstransmitted,4received,0%packetloss,time3003msrttmin/avg/max/mdev=17.
431/17.
575/17.
734/0.
143msuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno135Toaccessyourinstanceremotely1.
Addrulestothedefaultsecuritygroup:a.
PermitICMP(ping):$novasecgroup-add-ruledefaulticmp-1-10.
0.
0.
0/0|IPProtocol|FromPort|ToPort|IPRange|SourceGroup||icmp|-1|-1|0.
0.
0.
0/0||b.
Permitsecureshell(SSH)access:$novasecgroup-add-ruledefaulttcp22220.
0.
0.
0/0|IPProtocol|FromPort|ToPort|IPRange|SourceGroup||tcp|22|22|0.
0.
0.
0/0||2.
CreateafloatingIPaddressontheext-netexternalnetwork:$neutronfloatingip-createext-netCreatedanewfloatingip:|Field|Value||fixed_ip_address|||floating_ip_address|203.
0.
113.
102||floating_network_id|9bce64a3-a963-4c05-bfcd-161f708042d1||id|05e36754-e7f3-46bb-9eaa-3521623b3722||port_id|||router_id|||status|DOWN||tenant_id|7cf50047f8df4824bc76c2fdf66d11ec|3.
AssociatethefloatingIPaddresswithyourinstance:$novafloating-ip-associatedemo-instance1203.
0.
113.
102NoteThiscommandprovidesnooutput.
4.
CheckthestatusofyourfloatingIPaddress:$novalist|ID|Name|Status|TaskState|PowerState|Networks||05682b91-81a1-464c-8f40-8b3da7ee92c5|demo-instance1|ACTIVE|-|Running|demo-net=192.
168.
1.
3,203.
0.
113.
102|uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno1365.
Verifynetworkconnectivityusingpingfromthecontrollernodeoranyhostontheex-ternalnetwork:$ping-c4203.
0.
113.
102PING203.
0.
113.
102(203.
0.
113.
112)56(84)bytesofdata.
64bytesfrom203.
0.
113.
102:icmp_req=1ttl=63time=3.
18ms64bytesfrom203.
0.
113.
102:icmp_req=2ttl=63time=0.
981ms64bytesfrom203.
0.
113.
102:icmp_req=3ttl=63time=1.
06ms64bytesfrom203.
0.
113.
102:icmp_req=4ttl=63time=0.
929ms---203.
0.
113.
102pingstatistics---4packetstransmitted,4received,0%packetloss,time3002msrttmin/avg/max/mdev=0.
929/1.
539/3.
183/0.
951ms6.
AccessyourinstanceusingSSHfromthecontrollernodeoranyhostontheexternalnetwork:$sshcirros@203.
0.
113.
102Theauthenticityofhost'203.
0.
113.
102(203.
0.
113.
102)'can'tbeestablished.
RSAkeyfingerprintised:05:e9:e7:52:a0:ff:83:68:94:c7:d1:f2:f8:e2:e9.
Areyousureyouwanttocontinueconnecting(yes/no)yesWarning:Permanentlyadded'203.
0.
113.
102'(RSA)tothelistofknownhosts.
$NoteIfyourhostdoesnotcontainthepublic/privatekeypaircreatedinanearli-erstep,SSHpromptsforthedefaultpasswordassociatedwiththecirrosuser.
ToattachaBlockStoragevolumetoyourinstanceIfyourenvironmentincludestheBlockStorageservice,youcanattachavolumetothein-stance.
1.
Sourcethedemotenantcredentials:$sourcedemo-openrc.
sh2.
Listvolumes:$novavolume-list|ID|Status|DisplayName|Size|VolumeType|Attachedto||158bea89-07db-4ac2-8115-66c0d6a4bb48|available|demo-volume1|1|None||3.
Attachthedemo-volume1volumetothedemo-instance1instance:$novavolume-attachdemo-instance1158bea89-07db-4ac2-8115-66c0d6a4bb48uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno137|Property|Value||device|/dev/vdb||id|158bea89-07db-4ac2-8115-66c0d6a4bb48||serverId|05682b91-81a1-464c-8f40-8b3da7ee92c5||volumeId|158bea89-07db-4ac2-8115-66c0d6a4bb48|NoteYoumustreferencevolumesusingtheIDsinsteadofnames.
4.
Listvolumes:$novavolume-list|ID|Status|DisplayName|Size|VolumeType|Attachedto||158bea89-07db-4ac2-8115-66c0d6a4bb48|in-use|demo-volume1|1|None|05682b91-81a1-464c-8f40-8b3da7ee92c5|Thedemo-volume1volumestatusshouldindicatein-usebytheIDofthede-mo-instance1instance.
5.
AccessyourinstanceusingSSHfromthecontrollernodeoranyhostontheexternalnetworkandusethefdiskcommandtoverifypresenceofthevolumeasthe/dev/vdbblockstoragedevice:$sshcirros@203.
0.
113.
102$sudofdisk-lDisk/dev/vda:1073MB,1073741824bytes255heads,63sectors/track,130cylinders,total2097152sectorsUnits=sectorsof1*512=512bytesSectorsize(logical/physical):512bytes/512bytesI/Osize(minimum/optimal):512bytes/512bytesDiskidentifier:0x00000000DeviceBootStartEndBlocksIdSystem/dev/vda1*1606520884491036192+83LinuxDisk/dev/vdb:1073MB,1073741824bytes16heads,63sectors/track,2080cylinders,total2097152sectorsUnits=sectorsof1*512=512bytesSectorsize(logical/physical):512bytes/512bytesI/Osize(minimum/optimal):512bytes/512bytesDiskidentifier:0x00000000Disk/dev/vdbdoesn'tcontainavalidpartitiontableNoteYoumustcreateapartitiontableandfilesystemtousethevolume.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno138Ifyourinstancedoesnotlaunchorseemtoworkasyouexpect,seetheOpenStackOpera-tionsGuideformoreinformationoruseoneofthemanyotheroptionstoseekassistance.
Wewantyourenvironmenttowork!
Launchaninstancewithlegacynetworking(no-va-network)TogenerateakeypairMostcloudimagessupportpublickeyauthenticationratherthanconventionalusername/passwordauthentication.
Beforelaunchinganinstance,youmustgenerateapublic/privatekeypairusingssh-keygenandaddthepublickeytoyourOpenStackenvironment.
1.
Sourcethedemotenantcredentials:$sourcedemo-openrc.
sh2.
Generateakeypair:$ssh-keygen3.
AddthepublickeytoyourOpenStackenvironment:$novakeypair-add--pub-key~/.
ssh/id_rsa.
pubdemo-keyNoteThiscommandprovidesnooutput.
4.
Verifyadditionofthepublickey:$novakeypair-list|Name|Fingerprint||demo-key|6c:74:ec:3a:08:05:4e:9e:21:22:a6:dd:b2:62:b8:28|TolaunchaninstanceTolaunchaninstance,youmustatleastspecifytheflavor,imagename,network,securitygroup,key,andinstancename.
1.
Aflavorspecifiesavirtualresourceallocationprofilewhichincludesprocessor,memo-ry,andstorage.
Listavailableflavors:$novaflavor-list|ID|Name|Memory_MB|Disk|Ephemeral|Swap|VCPUs|RXTX_Factor|Is_Public|uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno139|1|m1.
tiny|512|1|0||1|1.
0|True||2|m1.
small|2048|20|0||1|1.
0|True||3|m1.
medium|4096|40|0||2|1.
0|True||4|m1.
large|8192|80|0||4|1.
0|True||5|m1.
xlarge|16384|160|0||8|1.
0|True|Yourfirstinstanceusesthem1.
tinyflavor.
NoteYoucanalsoreferenceaflavorbyID.
2.
Listavailableimages:$novaimage-list|ID|Name|Status|Server||acafc7c0-40aa-4026-9673-b879898e1fc2|cirros-0.
3.
3-x86_64|ACTIVE||Yourfirstinstanceusesthecirros-0.
3.
3-x86_64image.
3.
Listavailablenetworks:NoteYoumustsourcetheadmintenantcredentialsforthisstepandthensourcethedemotenantcredentialsfortheremainingsteps.
$sourceadmin-openrc.
sh$novanet-list|ID|Label|CIDR||7f849be3-4494-495a-95a1-0f99ccb884c4|demo-net|203.
0.
113.
24/29|Yourfirstinstanceusesthedemo-nettenantnetwork.
However,youmustreferencethisnetworkusingtheIDinsteadofthename.
4.
Listavailablesecuritygroups:$novasecgroup-listuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno140|Id|Name|Description||ad8d4ea5-3cad-4f7d-b164-ada67ec59473|default|default|Yourfirstinstanceusesthedefaultsecuritygroup.
Bydefault,thissecuritygroupim-plementsafirewallthatblocksremoteaccesstoinstances.
Ifyouwouldliketopermitremoteaccesstoyourinstance,launchitandthenconfigureremoteaccess.
5.
Launchtheinstance:ReplaceDEMO_NET_IDwiththeIDofthedemo-nettenantnetwork.
$novaboot--flavorm1.
tiny--imagecirros-0.
3.
3-x86_64--nicnet-id=DEMO_NET_ID\--security-groupdefault--key-namedemo-keydemo-instance1|Property|Value||OS-DCF:diskConfig|MANUAL||OS-EXT-AZ:availability_zone|nova||OS-EXT-STS:power_state|0||OS-EXT-STS:task_state|scheduling||OS-EXT-STS:vm_state|building||OS-SRV-USG:launched_at|-||OS-SRV-USG:terminated_at|-||accessIPv4|||accessIPv6|||adminPass|ThZqrg7ach78||config_drive|||created|2014-04-10T00:09:16Z||flavor|m1.
tiny(1)||hostId|||id|45ea195c-c469-43eb-83db-1a663bbad2fc||image|cirros-0.
3.
3-x86_64(acafc7c0-40aa-4026-9673-b879898e1fc2)||key_name|demo-key||metadata|{}||name|demo-instance1|uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno141|os-extended-volumes:volumes_attached|[]||progress|0||security_groups|default||status|BUILD||tenant_id|93849608fe3d462ca9fa0e5dbfd4d040||updated|2014-04-10T00:09:16Z||user_id|8397567baf4746cca7a1e608677c3b23|6.
Checkthestatusofyourinstance:$novalist|ID|Name|Status|TaskState|PowerState|Networks||45ea195c-c469-43eb-83db-1a663bbad2fc|demo-instance1|ACTIVE|-|Running|demo-net=203.
0.
113.
26|ThestatuschangesfromBUILDtoACTIVEwhenyourinstancefinishesthebuildpro-cess.
ToaccessyourinstanceusingavirtualconsoleObtainaVirtualNetworkComputing(VNC)sessionURLforyourinstanceandaccessitfromawebbrowser:$novaget-vnc-consoledemo-instance1novnc+-------+|Type|Url|+-------+|novnc|http://controller:6080/vnc_auto.
htmltoken=2f6dd985-f906-4bfc-b566-e87ce656375b|+-------+NoteIfyourwebbrowserrunsonahostthatcannotresolvethecontrollerhostname,youcanreplacecontrollerwiththeIPaddressoftheman-agementinterfaceonyourcontrollernode.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno142TheCirrOSimageincludesconventionalusername/passwordauthenticationandpro-videsthesecredentialsattheloginprompt.
AfterloggingintoCirrOS,werecommendthatyouverifynetworkconnectivityusingping.
Verifythedemo-netnetwork:$ping-c4openstack.
orgPINGopenstack.
org(174.
143.
194.
225)56(84)bytesofdata.
64bytesfrom174.
143.
194.
225:icmp_req=1ttl=53time=17.
4ms64bytesfrom174.
143.
194.
225:icmp_req=2ttl=53time=17.
5ms64bytesfrom174.
143.
194.
225:icmp_req=3ttl=53time=17.
7ms64bytesfrom174.
143.
194.
225:icmp_req=4ttl=53time=17.
5ms---openstack.
orgpingstatistics---4packetstransmitted,4received,0%packetloss,time3003msrttmin/avg/max/mdev=17.
431/17.
575/17.
734/0.
143msToaccessyourinstanceremotely1.
Addrulestothedefaultsecuritygroup:a.
PermitICMP(ping):$novasecgroup-add-ruledefaulticmp-1-10.
0.
0.
0/0|IPProtocol|FromPort|ToPort|IPRange|SourceGroup||icmp|-1|-1|0.
0.
0.
0/0||b.
Permitsecureshell(SSH)access:$novasecgroup-add-ruledefaulttcp22220.
0.
0.
0/0|IPProtocol|FromPort|ToPort|IPRange|SourceGroup||tcp|22|22|0.
0.
0.
0/0||2.
Verifynetworkconnectivityusingpingfromthecontrollernodeoranyhostontheex-ternalnetwork:$ping-c4203.
0.
113.
26PING203.
0.
113.
26(203.
0.
113.
26)56(84)bytesofdata.
64bytesfrom203.
0.
113.
26:icmp_req=1ttl=63time=3.
18ms64bytesfrom203.
0.
113.
26:icmp_req=2ttl=63time=0.
981ms64bytesfrom203.
0.
113.
26:icmp_req=3ttl=63time=1.
06ms64bytesfrom203.
0.
113.
26:icmp_req=4ttl=63time=0.
929ms---203.
0.
113.
26pingstatistics---4packetstransmitted,4received,0%packetloss,time3002msrttmin/avg/max/mdev=0.
929/1.
539/3.
183/0.
951ms3.
AccessyourinstanceusingSSHfromthecontrollernodeoranyhostontheexternalnetwork:$sshcirros@203.
0.
113.
26uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno143Theauthenticityofhost'203.
0.
113.
26(203.
0.
113.
26)'can'tbeestablished.
RSAkeyfingerprintised:05:e9:e7:52:a0:ff:83:68:94:c7:d1:f2:f8:e2:e9.
Areyousureyouwanttocontinueconnecting(yes/no)yesWarning:Permanentlyadded'203.
0.
113.
26'(RSA)tothelistofknownhosts.
$NoteIfyourhostdoesnotcontainthepublic/privatekeypaircreatedinanearli-erstep,SSHpromptsforthedefaultpasswordassociatedwiththecirrosuser.
ToattachaBlockStoragevolumetoyourinstanceIfyourenvironmentincludestheBlockStorageservice,youcanattachavolumetothein-stance.
1.
Sourcethedemotenantcredentials:$sourcedemo-openrc.
sh2.
Listvolumes:$novavolume-list|ID|Status|DisplayName|Size|VolumeType|Attachedto||158bea89-07db-4ac2-8115-66c0d6a4bb48|available|demo-volume1|1|None||3.
Attachthedemo-volume1volumetothedemo-instance1instance:$novavolume-attachdemo-instance1158bea89-07db-4ac2-8115-66c0d6a4bb48|Property|Value||device|/dev/vdb||id|158bea89-07db-4ac2-8115-66c0d6a4bb48||serverId|45ea195c-c469-43eb-83db-1a663bbad2fc||volumeId|158bea89-07db-4ac2-8115-66c0d6a4bb48|NoteYoumustreferencevolumesusingtheIDsinsteadofnames.
4.
Listvolumes:$novavolume-listuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno144|ID|Status|DisplayName|Size|VolumeType|Attachedto||158bea89-07db-4ac2-8115-66c0d6a4bb48|in-use|demo-volume1|1|None|45ea195c-c469-43eb-83db-1a663bbad2fc|Thedemo-volume1volumestatusshouldindicatein-usebytheIDofthede-mo-instance1instance.
5.
AccessyourinstanceusingSSHfromthecontrollernodeoranyhostontheexternalnetworkandusethefdiskcommandtoverifypresenceofthevolumeasthe/dev/vdbblockstoragedevice:$sshcirros@203.
0.
113.
102$sudofdisk-lDisk/dev/vda:1073MB,1073741824bytes255heads,63sectors/track,130cylinders,total2097152sectorsUnits=sectorsof1*512=512bytesSectorsize(logical/physical):512bytes/512bytesI/Osize(minimum/optimal):512bytes/512bytesDiskidentifier:0x00000000DeviceBootStartEndBlocksIdSystem/dev/vda1*1606520884491036192+83LinuxDisk/dev/vdb:1073MB,1073741824bytes16heads,63sectors/track,2080cylinders,total2097152sectorsUnits=sectorsof1*512=512bytesSectorsize(logical/physical):512bytes/512bytesI/Osize(minimum/optimal):512bytes/512bytesDiskidentifier:0x00000000Disk/dev/vdbdoesn'tcontainavalidpartitiontableNoteYoumustcreateapartitiontableandfilesystemtousethevolume.
Ifyourinstancedoesnotlaunchorseemtoworkasyouexpect,seetheOpenStackOpera-tionsGuideformoreinformationoruseoneofthemanyotheroptionstoseekassistance.
Wewantyourenvironmenttowork!
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno145AppendixA.
ReserveduserIDsOpenStackreservescertainuserIDstorunspecificservicesandownspecificfiles.
TheseuserIDsaresetupaccordingtothedistributionpackages.
Thefollowingtablegivesanoverview.
TableA.
1.
ReserveduserIDsNameDescriptionIDceilometerOpenStackCeilometerDaemons166cinderOpenStackCinderDaemons165glanceOpenStackGlanceDaemons161heatOpenStackHeatDaemons187keystoneOpenStackKeystoneDaemons163neutronOpenStackNeutronDaemons164novaOpenStackNovaDaemons162swiftOpenStackSwiftDaemons160troveOpenStackTroveDaemonsAssignedduringpackageinstallationEachuserbelongstoausergroupwiththesamenameastheuser.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno146AppendixB.
CommunitysupportTableofContentsDocumentation146ask.
openstack.
org147OpenStackmailinglists147TheOpenStackwiki148TheLaunchpadBugsarea148TheOpenStackIRCchannel149Documentationfeedback149OpenStackdistributionpackages149ThefollowingresourcesareavailabletohelpyourunanduseOpenStack.
TheOpenStackcommunityconstantlyimprovesandaddstothemainfeaturesofOpenStack,butifyouhaveanyquestions,donothesitatetoask.
UsethefollowingresourcestogetOpenStacksupport,andtroubleshootyourinstallations.
DocumentationFortheavailableOpenStackdocumentation,seedocs.
openstack.
org.
Toprovidefeedbackondocumentation,joinandusethemailinglistatOpenStackDocumentationMailingList,orreportabug.
ThefollowingbooksexplainhowtoinstallanOpenStackcloudanditsassociatedcompo-nents:InstallationGuideforDebian7InstallationGuideforopenSUSE13.
1andSUSELinuxEnterpriseServer11SP3InstallationGuideforRedHatEnterpriseLinux7,CentOS7,andFedora20InstallationGuideforUbuntu14.
04ThefollowingbooksexplainhowtoconfigureandrunanOpenStackcloud:ArchitectureDesignGuideCloudAdministratorGuideConfigurationReferenceOperationsGuideHighAvailabilityGuideSecurityGuideuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno147VirtualMachineImageGuideThefollowingbooksexplainhowtousetheOpenStackdashboardandcommand-lineclients:APIQuickStartEndUserGuideAdminUserGuideCommand-LineInterfaceReferenceThefollowingdocumentationprovidesreferenceandguidanceinformationfortheOpen-StackAPIs:OpenStackAPICompleteReference(HTML)APICompleteReference(PDF)OpenStackBlockStorageServiceAPIv2ReferenceOpenStackComputeAPIv2andExtensionsReferenceOpenStackIdentityServiceAPIv2.
0ReferenceOpenStackImageServiceAPIv2ReferenceOpenStackNetworkingAPIv2.
0ReferenceOpenStackObjectStorageAPIv1ReferenceTheTrainingGuidesoffersoftwaretrainingforcloudadministrationandmanagement.
ask.
openstack.
orgDuringthesetuportestingofOpenStack,youmighthavequestionsabouthowaspe-cifictaskiscompletedorbeinasituationwhereafeaturedoesnotworkcorrectly.
Usetheask.
openstack.
orgsitetoaskquestionsandgetanswers.
Whenyouvisitthehttp://ask.
openstack.
orgsite,scantherecentlyaskedquestionstoseewhetheryourquestionhasalreadybeenanswered.
Ifnot,askanewquestion.
Besuretogiveaclear,concisesummaryinthetitleandprovideasmuchdetailaspossibleinthedescription.
Pasteinyourcommandoutputorstacktraces,linkstoscreenshots,andanyotherinformationwhichmightbeuse-ful.
OpenStackmailinglistsAgreatwaytogetanswersandinsightsistopostyourquestionorproblematicscenariototheOpenStackmailinglist.
Youcanlearnfromandhelpotherswhomighthavesimi-larissues.
Tosubscribeorviewthearchives,gotohttp://lists.
openstack.
org/cgi-bin/mail-man/listinfo/openstack.
Youmightbeinterestedintheothermailinglistsforspecificprojectsordevelopment,whichyoucanfindonthewiki.
Adescriptionofallmailinglistsisavailableathttp://wiki.
openstack.
org/MailingLists.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno148TheOpenStackwikiTheOpenStackwikicontainsabroadrangeoftopicsbutsomeoftheinformationcanbedifficulttofindorisafewpagesdeep.
Fortunately,thewikisearchfeatureenablesyoutosearchbytitleorcontent.
Ifyousearchforspecificinformation,suchasaboutnetworkingornova,youcanfindalargeamountofrelevantmaterial.
Moreisbeingaddedallthetime,sobesuretocheckbackoften.
Youcanfindthesearchboxintheupper-rightcornerofanyOpenStackwikipage.
TheLaunchpadBugsareaTheOpenStackcommunityvaluesyoursetupandtestingeffortsandwantsyourfeedback.
Tologabug,youmustsignupforaLaunchpadaccountathttps://launchpad.
net/+login.
YoucanviewexistingbugsandreportbugsintheLaunchpadBugsarea.
Usethesearchfeaturetodeterminewhetherthebughasalreadybeenreportedoralreadybeenfixed.
Ifitstillseemslikeyourbugisunreported,filloutabugreport.
Sometips:Giveaclear,concisesummary.
Provideasmuchdetailaspossibleinthedescription.
Pasteinyourcommandoutputorstacktraces,linkstoscreenshots,andanyotherinformationwhichmightbeuseful.
Besuretoincludethesoftwareandpackageversionsthatyouareusing,especiallyifyouareusingadevelopmentbranch,suchas,"Junorelease"vsgitcommitbc79c3ecc55929bac585d04a03475b72e06a3208.
Anydeployment-specificinformationishelpful,suchaswhetheryouareusingUbuntu14.
04orareperformingamulti-nodeinstallation.
ThefollowingLaunchpadBugsareasareavailable:Bugs:OpenStackBlockStorage(cinder)Bugs:OpenStackCompute(nova)Bugs:OpenStackDashboard(horizon)Bugs:OpenStackIdentity(keystone)Bugs:OpenStackImageService(glance)Bugs:OpenStackNetworking(neutron)Bugs:OpenStackObjectStorage(swift)Bugs:BareMetal(ironic)Bugs:DataProcessingService(sahara)Bugs:DatabaseService(trove)uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno149Bugs:Orchestration(heat)Bugs:Telemetry(ceilometer)Bugs:QueueService(marconi)Bugs:OpenStackAPIDocumentation(developer.
openstack.
org)Bugs:OpenStackDocumentation(docs.
openstack.
org)TheOpenStackIRCchannelTheOpenStackcommunitylivesinthe#openstackIRCchannelontheFreenodenetwork.
Youcanhangout,askquestions,orgetimmediatefeedbackforurgentandpressingissues.
ToinstallanIRCclientoruseabrowser-basedclient,gotohttp://webchat.
freenode.
net/.
YoucanalsouseColloquy(MacOSX,http://colloquy.
info/),mIRC(Windows,http://www.
mirc.
com/),orXChat(Linux).
WhenyouareintheIRCchannelandwanttosharecodeorcommandoutput,thegenerallyacceptedmethodistouseaPasteBin.
TheOpen-Stackprojecthasoneathttp://paste.
openstack.
org.
JustpasteyourlongeramountsoftextorlogsinthewebformandyougetaURLthatyoucanpasteintothechannel.
TheOpen-StackIRCchannelis#openstackonirc.
freenode.
net.
YoucanfindalistofallOpen-StackIRCchannelsathttps://wiki.
openstack.
org/wiki/IRC.
DocumentationfeedbackToprovidefeedbackondocumentation,joinandusethemailinglistatOpenStackDocumentationMailingList,orreportabug.
OpenStackdistributionpackagesThefollowingLinuxdistributionsprovidecommunity-supportedpackagesforOpenStack:Debian:http://wiki.
debian.
org/OpenStackCentOS,Fedora,andRedHatEnterpriseLinux:http://openstack.
redhat.
com/openSUSEandSUSELinuxEnterpriseServer:http://en.
opensuse.
org/Portal:OpenStackUbuntu:https://wiki.
ubuntu.
com/ServerTeam/CloudArchiveuno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno150GlossaryAPIApplicationprogramminginterface.
APIendpointThedaemon,worker,orservicethataclientcommunicateswithtoaccessanAPI.
APIendpointscanprovideanynumberofservices,suchasauthentication,salesdata,performancemetrics,Com-puteVMcommands,censusdata,andsoon.
BlockStorageTheOpenStackcoreprojectthatenablesmanagementofvolumes,volumesnapshots,andvolumetypes.
TheprojectnameofBlockStorageiscinder.
CirrOSAminimalLinuxdistributiondesignedforuseasatestimageoncloudssuchasOpenStack.
cloudcontrollernodeAnodethatrunsnetwork,volume,API,scheduler,andimageservices.
Eachservicemaybebro-kenoutintoseparatenodesforscalabilityoravailability.
ComputeTheOpenStackcoreprojectthatprovidescomputeservices.
TheprojectnameofComputeserviceisnova.
computenodeAnodethatrunsthenova-computedaemonthatmanagesVMinstancesthatprovideawiderangeofservices,suchaswebapplicationsandanalytics.
controllernodeAlternativetermforacloudcontrollernode.
DatabaseServiceAnintegratedprojectthatprovidescalableandreliableCloudDatabase-as-a-Servicefunctionalityforbothrelationalandnon-relationaldatabaseengines.
TheprojectnameofDatabaseServiceistrove.
DHCPDynamicHostConfigurationProtocol.
Anetworkprotocolthatconfiguresdevicesthatarecon-nectedtoanetworksothattheycancommunicateonthatnetworkbyusingtheInternetProto-col(IP).
Theprotocolisimplementedinaclient-servermodelwhereDHCPclientsrequestconfigu-rationdata,suchasanIPaddress,adefaultroute,andoneormoreDNSserveraddressesfromaDHCPserver.
DHCPagentOpenStackNetworkingagentthatprovidesDHCPservicesforvirtualnetworks.
dnsmasqDaemonthatprovidesDNS,DHCP,BOOTP,andTFTPservicesforvirtualnetworks.
extendedattributes(xattr)Filesystemoptionthatenablesstorageofadditionalinformationbeyondowner,group,permis-sions,modificationtime,andsoon.
TheunderlyingObjectStoragefilesystemmustsupportex-tendedattributes.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno151externalnetworkAnetworksegmenttypicallyusedforinstanceInternetaccess.
firewallUsedtorestrictcommunicationsbetweenhostsand/ornodes,implementedinComputeusingipt-ables,arptables,ip6tables,andetables.
flatnetworkVirtualnetworktypethatusesneitherVLANsnortunnelstosegregatetenanttraffic.
Eachflatnetworktypicallyrequiresaseparateunderlyingphysicalinterfacedefinedbybridgemappings.
However,aflatnetworkcancontainmultiplesubnets.
floatingIPaddressAnIPaddressthataprojectcanassociatewithaVMsothattheinstancehasthesamepublicIPaddresseachtimethatitboots.
YoucreateapooloffloatingIPaddressesandassignthemtoin-stancesastheyarelaunchedtomaintainaconsistentIPaddressformaintainingDNSassignment.
gatewayAnIPaddress,typicallyassignedtoarouter,thatpassesnetworktrafficbetweendifferentnet-works.
genericreceiveoffload(GRO)FeatureofcertainnetworkinterfacedriversthatcombinesmanysmallerreceivedpacketsintoalargepacketbeforedeliverytothekernelIPstack.
genericroutingencapsulation(GRE)Protocolthatencapsulatesawidevarietyofnetworklayerprotocolsinsidevirtualpoint-to-pointlinks.
hypervisorSoftwarethatarbitratesandcontrolsVMaccesstotheactualunderlyinghardware.
IaaSInfrastructure-as-a-Service.
IaaSisaprovisioningmodelinwhichanorganizationoutsourcesphys-icalcomponentsofadatacenter,suchasstorage,hardware,servers,andnetworkingcompo-nents.
Aserviceproviderownstheequipmentandisresponsibleforhousing,operatingandmain-tainingit.
Theclienttypicallypaysonaper-usebasis.
IaaSisamodelforprovidingcloudservices.
ICMPInternetControlMessageProtocol,usedbynetworkdevicesforcontrolmessages.
Forexample,pingusesICMPtotestconnectivity.
IdentityServiceTheOpenStackcoreprojectthatprovidesacentraldirectoryofusersmappedtotheOpenStackservicestheycanaccess.
ItalsoregistersendpointsforOpenStackservices.
Itactsasacommonau-thenticationsystem.
TheprojectnameoftheIdentityServiceiskeystone.
ImageServiceAnOpenStackcoreprojectthatprovidesdiscovery,registration,anddeliveryservicesfordiskandserverimages.
TheprojectnameoftheImageServiceisglance.
instanceArunningVM,oraVMinaknownstatesuchassuspended,thatcanbeusedlikeahardwareserver.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno152instancetunnelsnetworkAnetworksegmentusedforinstancetraffictunnelsbetweencomputenodesandthenetworknode.
interfaceAphysicalorvirtualdevicethatprovidesconnectivitytoanotherdeviceormedium.
Internetprotocol(IP)Principalcommunicationsprotocolintheinternetprotocolsuiteforrelayingdatagramsacrossnetworkboundaries.
ipsetExtensiontoiptablesthatallowscreationoffirewallrulesthatmatchentire"sets"ofIPaddressessimultaneously.
Thesesetsresideinindexeddatastructurestoincreaseefficiency,particularlyonsystemswithalargequantityofrules.
iptablesUsedalongwitharptablesandebtables,iptablescreatefirewallsinCompute.
iptablesaretheta-blesprovidedbytheLinuxkernelfirewall(implementedasdifferentNetfiltermodules)andthechainsandrulesitstores.
Differentkernelmodulesandprogramsarecurrentlyusedfordifferentprotocols:iptablesappliestoIPv4,ip6tablestoIPv6,arptablestoARP,andebtablestoEthernetframes.
Requiresrootprivilegetomanipulate.
iSCSITheSCSIdiskprotocoltunneledwithinEthernet,supportedbyCompute,ObjectStorage,andIm-ageService.
jumboframeFeatureinmodernEthernetnetworksthatsupportsframesuptoapproximately9000bytes.
kernel-basedVM(KVM)AnOpenStack-supportedhypervisor.
KVMisafullvirtualizationsolutionforLinuxonx86hard-warecontainingvirtualizationextensions(IntelVTorAMD-V),ARM,IBMPower,andIBMzSeries.
Itconsistsofaloadablekernelmodule,thatprovidesthecorevirtualizationinfrastructureandaprocessorspecificmodule.
Layer-3(L3)agentOpenStackNetworkingagentthatprovideslayer-3(routing)servicesforvirtualnetworks.
loadbalancerAloadbalancerisalogicaldevicethatbelongstoacloudaccount.
Itisusedtodistributework-loadsbetweenmultipleback-endsystemsorservices,basedonthecriteriadefinedaspartofitsconfiguration.
LogicalVolumeManager(LVM)Providesamethodofallocatingspaceonmass-storagedevicesthatismoreflexiblethanconven-tionalpartitioningschemes.
managementnetworkAnetworksegmentusedforadministration,notaccessibletothepublicInternet.
maximumtransmissionunit(MTU)Maximumframeorpacketsizeforaparticularnetworkmedium.
Typically1500bytesforEthernetnetworks.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno153messagebrokerThesoftwarepackageusedtoprovideAMQPmessagingcapabilitieswithinCompute.
DefaultpackageisRabbitMQ.
MetadataagentOpenStackNetworkingagentthatprovidesmetadataservicesforinstances.
multi-hostHigh-availabilitymodeforlegacy(nova)networking.
EachcomputenodehandlesNATandDHCPandactsasagatewayforalloftheVMsonit.
Anetworkingfailureononecomputenodedoesn'taffectVMsonothercomputenodes.
networknamespaceLinuxkernelfeaturethatprovidesindependentvirtualnetworkinginstancesonasinglehostwithseparateroutingtablesandinterfaces.
Similartovirtualroutingandforwarding(VRF)servicesonphysicalnetworkequipment.
NetworkAddressTranslation(NAT)TheprocessofmodifyingIPaddressinformationwhileintransit.
SupportedbyComputeandNet-working.
NetworkTimeProtocol(NTP)Amethodofkeepingaclockforahostornodecorrectthroughcommunicationswithatrusted,accuratetimesource.
NetworkingAcoreOpenStackprojectthatprovidesanetworkconnectivityabstractionlayertoOpenStackCompute.
TheprojectnameofNetworkingisneutron.
ObjectStorageTheOpenStackcoreprojectthatprovideseventuallyconsistentandredundantstorageandre-trievaloffixeddigitalcontent.
TheprojectnameofOpenStackObjectStorageisswift.
OpenvSwitchOpenvSwitchisaproductionquality,multilayervirtualswitchlicensedundertheopensourceApache2.
0license.
Itisdesignedtoenablemassivenetworkautomationthroughprogrammaticextension,whilestillsupportingstandardmanagementinterfacesandprotocols(forexampleNet-Flow,sFlow,SPAN,RSPAN,CLI,LACP,802.
1ag).
OpenvSwitch(OVS)agentProvidesaninterfacetotheunderlyingOpenvSwitchservicefortheNetworkingplug-in.
OpenStackOpenStackisacloudoperatingsystemthatcontrolslargepoolsofcompute,storage,andnet-workingresourcesthroughoutadatacenter,allmanagedthroughadashboardthatgivesadmin-istratorscontrolwhileempoweringtheiruserstoprovisionresourcesthroughawebinterface.
OpenStackisanopensourceprojectlicensedundertheApacheLicense2.
0.
OrchestrationAnintegratedprojectthatorchestratesmultiplecloudapplicationsforOpenStack.
TheprojectnameofOrchestrationisheat.
pathMTUdiscovery(PMTUD)MechanisminIPnetworkstodetectend-to-endMTUandadjustpacketsizeaccordingly.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno154plug-inSoftwarecomponentprovidingtheactualimplementationforNetworkingAPIs,orforComputeAPIs,dependingonthecontext.
promiscuousmodeCausesthenetworkinterfacetopassalltrafficitreceivestothehostratherthanpassingonlytheframesaddressedtoit.
publickeyauthenticationAuthenticationmethodthatuseskeysratherthanpasswords.
QuickEMUlator(QEMU)QEMUisagenericandopensourcemachineemulatorandvirtualizer.
OneofthehypervisorssupportedbyOpenStack,generallyusedfordevelopmentpurposes.
RESTfulAkindofwebserviceAPIthatusesREST,orRepresentationalStateTransfer.
RESTisthestyleofarchitectureforhypermediasystemsthatisusedfortheWorldWideWeb.
roleApersonalitythatauserassumestoperformaspecificsetofoperations.
Aroleincludesasetofrightsandprivileges.
Auserassumingthatroleinheritsthoserightsandprivileges.
routerAphysicalorvirtualnetworkdevicethatpassesnetworktrafficbetweendifferentnetworks.
securitygroupAsetofnetworktrafficfilteringrulesthatareappliedtoaComputeinstance.
SELinuxLinuxkernelsecuritymodulethatprovidesthemechanismforsupportingaccesscontrolpolicies.
serviceAnOpenStackservice,suchasCompute,ObjectStorage,orImageService.
Providesoneormoreendpointsthroughwhichuserscanaccessresourcesandperformoperations.
subnetLogicalsubdivisionofanIPnetwork.
TelemetryAnintegratedprojectthatprovidesmeteringandmeasuringfacilitiesforOpenStack.
TheprojectnameofTelemetryisceilometer.
tenantAgroupofusers;usedtoisolateaccesstoComputeresources.
Analternativetermforaproject.
troveOpenStackprojectthatprovidesdatabaseservicestoapplications.
userInIdentityService,eachuserisassociatedwithoneormoretenants,andinComputecanbeasso-ciatedwithroles,projects,orboth.
uno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-Juno-OpenStackInstallationGuideforRedHatEnterpriseLinux,CentOS,andFedoraNovember18,2014juno155virtualmachine(VM)Anoperatingsysteminstancethatrunsontopofahypervisor.
MultipleVMscanrunatthesametimeonthesamephysicalhost.
virtualnetworkingAgenerictermforvirtualizationofnetworkfunctionssuchasswitching,routing,loadbalancing,andsecurityusingacombinationofVMsandoverlaysonphysicalnetworkinfrastructure.
VirtualNetworkComputing(VNC)OpensourceGUIandCLItoolsusedforremoteconsoleaccesstoVMs.
SupportedbyCompute.
virtualprivatenetwork(VPN)ProvidedbyComputeintheformofcloudpipes,specializedinstancesthatareusedtocreateVPNsonaper-projectbasis.
XFSHigh-performance64-bitfilesystemcreatedbySiliconGraphics.
ExcelsinparallelI/Ooperationsanddataconsistency.