Dec 10, 2016

Installing OpenStack on Multi-node in CentOS 7, Red Hat or Fedora Linux


This guide will walk you through the steps to install openstack on three different nodes in CentOS 7. As we have already covered single node installation in Red Hat, CentOS and Fedora linux in my previous article you might be interested in reading.






Controller Node:

Hostname :controller.example.com
IP Address :192.168.1.30
OS         :CentOS 7
DNS :192.168.1.11

Following OpenStack Components will installed on controller node :
  1. Keystone
  2. Glance
  3. swift
  4. Cinder
  5. Horizon
  6. Neutron
  7. Nova novncproxy
  8. Novnc
  9. Nova api
  10. Nova Scheduler
  11. Nova-conductor


Compute Node:

Hostname :compute.example.com
IP Address :192.168.1.31
OS :CentOS 7
DNS :192.168.1.11

    Following OpenStack Components will installed on compute node :
    1. Nova Compute
    2. Neutron – Openvswitch Agent


    Network Node:

    Hostname :network.example.com
    IP Address :192.168.1.32
    OS :CentOS 7
    DNS :192.168.1.11

      Following OpenStack Components will installed on network node :
      1. Neutron Server
      2. Neturon DHCP agent
      3. Neutron- Openswitch agent
      4. Neutron L3 agent


      STEP1 - Updating All Three Nodes.

      Execute the following command on all three nodes to update all installed packages.
      # yum -y update ; reboot


      STEP2 - Updating  /etc/hosts File

      Set the hostname on all the three nodes by executing the following command, if it is not set.
      # hostnamectl set-hostname controller
      # hostnamectl set-hostname compute
      # hostnamectl set-hostname network
      Update the /etc/hosts file as shown below, if you don’t have your local DNS configured.
      192.168.1.30 controller.example.com controller
      192.168.1.31 compute.example.com    compute
      192.168.1.32 network.example.com    network


      STEP3 - Disabling SELinux and Network Manager on All Three Nodes

      Execute the following command to disable SELinux on all three nodes one by one
      # setenforce 0
      Modify ‘SELINUX=disabled’ in the file ‘/etc/sysconfig/selinux‘ to disable it permanently
      Execute the following commands to disable Network Manager on all three nodes one by one
      # systemctl stop NetworkManager
      # systemctl disable NetworkManager
      # reboot


      STEP4 - Configuring Passwordless Authentication from Controller node to Compute and Network Node.

      Execute the Following commands from Controller node only.
      [root@controller ~]# ssh-keygen
      [root@controller ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.31
      [root@controller ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.32
      Lets verify passwordless settings by accessing compute and network node from controller node and it should not ask for password:
      [root@controller ~]# ssh compute 
      Last login: Sun Apr 3 00:03:44 2016 from controller.example.com
      [root@compute ~]# hostname
      compute.example.com
      [root@compute ~]#
      
      [root@controller ~]# ssh network
      Last login: Sun Apr 3 00:04:20 2016 from controller.example.com
      [root@network ~]# hostname
      network.example.com
      [root@network ~]#


      STEP5 - Enable RDO Repository and installing packstack

      Execute the following command to enable RDO repository and install packstack on controller node only.
      [root@controller ~]# yum install -y https://www.rdoproject.org/repos/rdo-release.rpm
      [root@controller ~]# yum install -y openstack-packstack


      STEP6 - Generate and Customize Answer File

      Execute the following command to generate answer file.
      [root@controller ~]# packstack --gen-answer-file=/root/answer.txt
      [root@controller ~]#
      Edit the answer file and provide the ip address of controller, compute and network node. Also provide the passwords of different services and disable the components like Demo version and Ceilometer as shown below.
      [root@controller ~]# vi /root/answer.txt
      ........................................
      CONFIG_CONTROLLER_HOST=192.168.1.30
      CONFIG_COMPUTE_HOSTS=192.168.1.31
      CONFIG_NETWORK_HOSTS=192.168.1.32
      CONFIG_PROVISION_DEMO=n
      CONFIG_CEILOMETER_INSTALL=n
      CONFIG_HORIZON_SSL=y
      CONFIG_NTP_SERVERS=
      CONFIG_KEYSTONE_ADMIN_PW=
      ..........................................
      Note : If you don't have NTP server in your environment then you can leave NTP parameter as it is, but it is recommended practice to use ntp server for time synchronization and you understand its importance.


      STEP7 - Installing OpenStack

      Now start the openstack installation by executing the packstack command on Controller node.
      [root@controller ~]# packstack --answer-file=/root/answer.txt
      Once the installation is successfully completed, you'll get the following information

      During the installation, a new interface ‘br-ex‘ has been created in the network node. You can see it by executing the ifconfig -a command as shown below. 

      Now Add network interface (enp0s3 or eth0 or may be any other name on your node ) to the Open vSwitch ‘br-ex’ bridge as a port and assign the ip address of ‘ enp0s3’ to ‘ br-ex’ as shown below
      [root@network ~]# cd /etc/sysconfig/network-scripts/
      [root@network network-scripts]# cp ifcfg-enp0s3 ifcfg-br-ex
      [root@network network-scripts]# vi ifcfg-enp0s3
      DEVICE=enp0s3
      HWADDR=08:00:27:37:4C:EF
      TYPE=OVSPort
      DEVICETYPE=ovs
      OVS_BRIDGE=br-ex
      ONBOOT=yes
      
      [root@network network-scripts]# vi ifcfg-br-ex
      DEVICE=br-ex
      DEVICETYPE=ovs
      TYPE=OVSBridge
      BOOTPROTO=static
      IPADDR=192.168.1.32
      NETMASK=255.255.255.0
      GATEWAY=192.168.1.1
      DNS1=192.168.1.11
      ONBOOT=yes
      Restart the Network service by executing the following command.
      [root@network network-scripts]# systemctl restart network
      [root@network network-scripts]#
      Now verify your network settings on network node by executing the ifconfig command



      STEP8 - Accessing Openstack Web-interface Dashboard.

      Open up your favorite browser and access the following url and login with use ‘admin’ and password that you specified in the answer.txt file
      https://192.168.1.30/dashboard

      Yes.....your openstack has been successfully installed









      Note : In case you are getting ‘Error: Unable to retrieve volume limit information’ in the dashboard, this can be fixed by adding the following in the cinder.conf file on the controller node.
      [root@controller ~]# vi /etc/cinder/cinder.conf
      ....................................
      [keystone_authtoken]
      auth_uri = http://:5000
      auth_url = http://:35357
      auth_plugin = password
      project_domain_id = default 
      user_domain_id = default 
      project_name = services 
      username = cinder 
      password =  {Search CONFIG_CINDER_KS_PW in answer file}
      .....................................
      Restart the Cinder Service.
      [root@controller ~]# systemctl restart  openstack-cinder-api.service
      [root@controller ~]# systemctl restart  openstack-cinder-backup.service
      [root@controller ~]# systemctl restart  openstack-cinder-scheduler.service
      [root@controller ~]# systemctl restart  openstack-cinder-volume.service
      Since we are now able to login in the OpenStack dashboard, so it is safe to say that installation part is successfully completed. Now we need to launch an instance, and for that we will perform the following steps.
      • Create Project and Users
      • Assign Users to the Project.
      • Create image and flavors
      • Define Internal and external network
      • Create Router
      • Create Security Rules for Virtual Machine or instance.

      STEP9 - Create a Project and add a member to the Project

      Login to the dashboard using Admin credentials and navigate to Identity Tab > Projects and Click on Create Project.

      Click on “Create Project”
      To create Users , Go to Identify Tab > Users > Click on ‘Create User’
      Provide the information according to your environment.

      Create a flavor and image :

      To create a flavor login in dashboard using admin credentials , navigate to Admin Tab > Flavors > Click on create Flavor.


      Specify the Flavor Name (fedora.small) , VCPU , Root Disk , Ephemeral Disk & Swap disk.


      To Create Image , Go to Admin Tab > Images > Click on Create Image.
      Specify the Image Name , Description, Image Soure ( in my case i am using Image File as i have already downloaded the Fedora 23 Cloud Image ) , Format QCOW2


      Create Network and Router for Project Innovation.

      To create Network and router for Innovation project sign out of admin user and login with the new user you have created in dashboard.
      Go to the Network Tab > Click on Networks > then Click on Create Network
      Specify the Network Name as Internal


      Click on Next..
      Specify the Subnet name (sub-internal) and Network Address (10.10.0.0/24)


      Click on Next.


      VMs will be getting internal ip from DHCP Server because we enabled DHCP option for internal network.
      Now Create External Network . Click on “Create Network” again , Specify Network Name as “external

      Click on Next.
      Specify subnet Name as “sub-external” and Network Address as “192.168.1.0/24

      Click on Next
      Uncheck  “Enable DHCP” option and Specify the ip address pool for external network.


      Click on Create.
      Now time to create a Router.
      Go To Network Tab > Routers > Click on ‘+ Create Router’


      Now Mark External network as “External” , this task can be completed only from admin user , so logout from the normal user and login as admin.
      Go to Admin Tab > Networks > Click on Edit Network for “External”


      Click on Save Changes
      Now Logout from admin user and login as normal user your have created earlier
      Go to Network Tab > Routers > for Router1 click on “Set Gateway”






      Click on “Set Gateway” , this will add a interface on router and will assign the first ip of external subnet (192.168.1.0/24).
      Add internal interface to router as well , Click on the “router1″ and select on “interfaces” and then click on “Add interface”


      Click on Add interface.
      Network Part is completed. Now we can view Network Topology from “Network Topology” Tab


      Now Create a key pair that will be used for accessing the VM and define the Security firewall rules.
      For creating a key pair
      Navigate to ‘Access & Security’  Tab > Click on Key Pairs > then click on ‘Create Key Pair


      It will create a Key pair with name “myssh-keys.pem
      Add a new Security Group with name ‘fedora-rules’ from Access & Security Tab. Allow 22 and ICMP from Internet ( 0.0.0.0 ).

      Once the Security Group ‘fedora-rules’ created , click on Manage Rules and allow 22 & ICMP ping.


      Click on Add , Similarly add a rule for ICMP.


      STEP10 - Launching an instance.

      Navigate to Compute Tab > Click on Instances > then click on ‘Launch Instance’


      Specify the Instance Name , Flavor that we created in above steps and ‘Boot from image’ from Instance Boot Source option and Select Image Name ‘fedora-image’.
      Click on ‘Access & Security’ and Select the Security Group ‘fedora-rules’ & Key Pair ”myssh-keys


      Now Select Networking and add ‘Internal’ Network and the Click on Launch 


      Once the VM is launched , Associate a floating ip so that we can access the VM.


      Click on ‘Associate Floating IP


      Click on Allocate IP.


      Click on Associate


      Now try to access the VM with floating IP ( 192.168.1.20) using keys.



      As you can see above that we are able to access the VM using keys. Our task of launching a VM from Dashboard is Completed Now.
      I hope this guide was helpful to install openstack on multi-node in your environment.




      2 comments:

      1. Hi there,

        Thanks for the post. During installation I found the following issue. Since you set "CONFIG_HORIZON_SSL=y" you need to generate following set of certs and keys:

        CONFIG_SSL_CACERT_FILE=/etc/pki/tls/certs/selfcert.crt
        CONFIG_SSL_CACERT_KEY_FILE=/etc/pki/tls/private/selfkey.key
        CONFIG_VNC_SSL_CERT=/etc/pki/tls/certs/ssl_vnc.crt
        CONFIG_VNC_SSL_KEY=/etc/pki/tls/private/ssl_vnc.key
        CONFIG_HORIZON_SSL_CERT=/etc/pki/tls/certs/ssl_dashboard.crt
        CONFIG_HORIZON_SSL_KEY=/etc/pki/tls/private/ssl_dashboard.key
        CONFIG_HORIZON_SSL_CACERT=/etc/pki/tls/certs/selfcert.crt

        Keys and certs can be generated with following command:
        openssl req -x509 -sha256 -newkey rsa:2048 -keyout /etc/pki/tls/private/selfkey.key -out /etc/pki/tls/certs/selfcert.crt -days 365 -nodes

        ReplyDelete

       
      TECHNOCRACY © 2012-2017