OpenStack Installation

OpenStack Installation Guide
(A step-by-step installation guide for OpenStack Essex on Ubuntu 12.04 an open source cloud operating system)
Prepared by ViSolve Cloud Team
June 2012
Contact
ViSolve, Inc. 4010, Moorpark Avenue, #205 San Jose, California 95117 (408) 666 4320 cloud@visolve.com www.visolve.com
Software Development / Support Lab: # 1, Rukmani Nagar, Ramanathapuram, Coimbatore - 641 045, TN. INDIA.
OpenStack Open Source Cloud Installation Document
Document Revision History

Version Version 1.0 Date 20 June 2012 Prepared By ViSolve Cloud Team Reviewed By ViSolve Engineering Team
Copyright 2012 ViSolve Inc. All rights reserved.
Page 2 of 29
Table of Contents
1 Introduction.................................................................................................................................................................. 5 2 OpenStack Open Source Cloud ................................................................................................................................... 5 2.1 OpenStack Overview ............................................................................................................................................... 5 2.2 Why OpenStack? .................................................................................................................................................... 5 2.3 OpenStack Components .......................................................................................................................................... 5 2.3.1 OpenStack Compute Infrastructure (Nova) .................................................................................................... 5 2.3.1.1 Components of OpenStack Compute ............................................................................................. 6 2.3.2 OpenStack Imaging Service (Glance) ............................................................................................................. 6 2.3.3 OpenStack Identity Service (Keystone)........................................................................................................... 7 2.3.3.1 Components of Identity Service ..................................................................................................... 7 2.3.4 OpenStack Administrative Web-Interface (Horizon)....................................................................................... 7 2.3.5 OpenStack Storage Infrastructure (Swift) ...................................................................................................... 7 2.3.5.1 Components of Swift ..................................................................................................................... 8 2.4 OpenStack Architecture .......................................................................................................................................... 8 3 OpenStack Installation .................................................................................................................................................. 8 3.1 OS Installation ........................................................................................................................................................ 8 3.2 Network Configuration ........................................................................................................................................... 9 3.3 Database Installation.............................................................................................................................................. 9 3.3.1 Creating Databases .....................................................................................................................................10 3.4 Keystone Installation .............................................................................................................................................11 3.4.1 Installing and Configuring Keystone .............................................................................................................11 3.4.2 Creating Tenants .........................................................................................................................................11 3.4.3 Creating Users .............................................................................................................................................11 3.4.4 Creating Roles .............................................................................................................................................12 3.4.5 Listing Tenants, Users and Roles ..................................................................................................................12 3.4.6 Adding Roles to Users in Tenants .................................................................................................................12 3.4.7 Creating Services .........................................................................................................................................13 3.4.8 Creating Endpoints ......................................................................................................................................14 3.4.9 Testing Keystone .........................................................................................................................................14 3.5 Glance Installation .................................................................................................................................................15 3.5.1 Glance Configuration ...................................................................................................................................15 3.5.2 Testing Glance.............................................................................................................................................16 3.6 Nova Installation ...................................................................................................................................................16 3.6.1 Nova Configuration .....................................................................................................................................16 3.6.2 Testing Nova ...............................................................................................................................................19 3.7 Dashboard Installation...........................................................................................................................................20 3.8 Uploading Linux Image ..........................................................................................................................................20 4 Icinga Open Source Monitoring .................................................................................................................................20 4.1 Configuring Icinga Server .......................................................................................................................................21 4.1.1 Pre-requisites ..............................................................................................................................................21 4.1.2 Required Packages ......................................................................................................................................21 4.1.3 Icinga Installation and Configuration ...........................................................................................................21 4.1.4 Installing Nagios plug-in for monitoring .......................................................................................................24 4.1.5 Installation of NRPE (Nagios Remote Plug-in Executor).................................................................................24 4.2 Configuring the Virtual Machines for Monitoring ...................................................................................................25 4.2.1 Installation of Nagios Plug-in for monitoring ................................................................................................25 4.2.2 Installation of NRPE (Nagios Remote Plug-in Executor).................................................................................25 4.3 Configuring Virtual Machines on Icinga Server .......................................................................................................26
Copyright 2012 ViSolve Inc. All rights reserved. Page 3 of 29
4.4 Icinga Web Interface..............................................................................................................................................28 5 Conclusion ...................................................................................................................................................................29
Page 4 of 29
1 Introduction
Cloud has enabled efficient use of computing, storage and network resources, and has reduced total cost of ownership drastically. Open Source cloud solutions have driven down the cost much further. It has given opportunity to deliver functionally improved IT services to business and respond faster to market needs. Corporate around the world are migrating their business to open source cloud, the leading one being industry standard OpenStack an open source cloud operating system. This document is an effort to provide step-by-step instructions to install OpenStack to enable organizations deploy and manage their cloud. Also covered in detail are the installation steps of Icinga an open source cloud monitoring tool to monitor cloud data center.
2 OpenStack Open Source Cloud

2.1 OpenStack Overview
OpenStack is an open source cloud operating system that automatically manages computing, storage and networking resources at scale. Strongly supported by diverse and active developer community across the world, it is customizable, highly flexible and based on industry open standards. Most important, it is interoperable across data centers and even different service providers. OpenStack has enabled acceleration of cloud technologies, end vendor lock-in and drive community established-industry standards.
2.2 Why OpenStack?

Open Source Customizable as per business demands Industry Proven Flexible and Manageable No vendor lock-in Compatible with other clouds Hypervisor Neutral - Runs on variety of hypervisors
2.3 OpenStack Components

2.3.1 OpenStack Compute Infrastructure (Nova)
Nova is the Computing Fabric controller for the OpenStack Cloud. All activities needed to support the life cycle of instances within the OpenStack cloud are handled by Nova. This makes nova a Management Platform that manages compute resources, networking, authorization, and scalability needs of the OpenStack Cloud. Nova does not provide any virtualization management capabilities by itself. Instead it uses libvirt API to interact with supported hypervisors (KVM, Xen, XenServer/XCP, UML, VMware and Hyper-V).
Page 5 of 29
2.3.1.1 2.3.1.1.1
Components of OpenStack Compute API Server (nova-api)
The API server provides an interface for the outside world to interact with the cloud infrastructure. API server is the only component that the outside world uses to manage the infrastructure. The management is done through web services calls using EC2 API. The API Server then, in turn, communicates with the relevant components of the cloud infrastructure through the Message Queue. As an alternative to EC2 API, OpenStack also provides a native API called "OpenStack API". 2.3.1.1.2 Message Queue (Rabbit MQ Server)
OpenStack communicates among them in an asynchronous manner using the message queue via AMQP (Advanced Message Queue Protocol). 2.3.1.1.3 Compute Worker (nova-compute)
Compute workers deal with instance management life cycle. They receive the requests for instance life cycle management via the Message Queue and carry out operations. 2.3.1.1.4 Network Controller (nova-network)
The Network Controller deals with the network configuration of host machines. It does operations like allocating IP addresses, configuring VLANs for projects, implementing security groups and configuring networks for compute nodes. 2.3.1.1.5 Volume Worker (nova-volume)
Volume workers are used for management of LVM-based instance volumes. Volume Workers perform volume related functions such as creation, deletion, attaching a volume to an instance, and detaching a volume from an instance. Volumes provide a way of providing persistent storage for the instances, as the root partition is non-persistent and any changes made to it are lost when an instance is terminated. When a volume is detached from an instance or when an instance, to which the volume is attached, is terminated, it retains the data that was stored on it. This data can be accessed by reattaching the volume to the same instance or by attaching it to other instances. 2.3.1.1.6 Scheduler (nova-scheduler)
The scheduler maps the nova-API calls to the appropriate OpenStack components. It runs as a daemon named nova-schedule and picks up a compute server from a pool of available resources depending on the scheduling algorithm in place.
2.3.2 OpenStack Imaging Service (Glance)

OpenStack Imaging Service is a lookup and retrieval system for virtual machine images. It catalogs and manages massive libraries of server images. The components of Glance are glance-control and glance-registry.
Page 6 of 29
2.3.3 OpenStack Identity Service (Keystone)

Keystone provides identity and access policy services for all components in the OpenStack family. It provides authentication and authorization for all components of OpenStack. Authentication verifies that a request actually comes from who it says it does. Authorization is verifying whether the authentication user has access to the services he/she is requesting for. Keystone provides two ways of authentication. One is username/password based and the other is the token based. 2.3.3.1 2.3.3.1.1 Components of Identity Service Endpoints
Every OpenStack service (Nova, Swift, Glance) runs on a dedicated port and on a dedicated URL (host), we call them endpoints. 2.3.3.1.2 Regions
A region defines a dedicated physical location inside a data centre. In a typical cloud setup, most if not all services are distributed across data centers/servers which are also called regions. 2.3.3.1.3 User
A keystone authenticated user. 2.3.3.1.4 Services
Each component that is being connected to or being administered via keystone can be called a service. For example, we can call Glance a keystone service. 2.3.3.1.5 Role
In order to maintain restrictions as to what a particular user can do inside cloud infrastructure it is important to have a role associated. 2.3.3.1.6 Tenant
A tenant is a project with all the service endpoint and a role associated to user who is member of that particular tenant.
2.3.4 OpenStack Administrative Web-Interface (Horizon)

Horizon the web based dashboard can be used to manage /administer OpenStack services. It can be used to manage instances and images, create keypairs, attach volumes to instances etc. Apart from this, dashboard even gives the user access to instance console and can connect to an instance through VNC.
2.3.5 OpenStack Storage Infrastructure (Swift)

Swift provides a distributed, eventually consistent virtual object store for OpenStack. It is analogous to Amazon Web Services - Simple Storage Service (S3). Swift is capable of storing billions of objects distributed across nodes. Swift has built-in redundancy and failover management and is capable of archiving and media streaming.
Page 7 of 29
2.3.5.1
Components of Swift Swift Account Swift Container Swift Object Swift Proxy The RING
2.4 OpenStack Architecture
3 OpenStack Installation
3.1 OS Installation
Install 64 bit version of Ubuntu server 12.04 keeping the following configurations in mind. 1. During Installation select only openssh-server in the packages menu. 2. To run nova-volume on this server, you must have a dedicated partition. So, ensure you choose manual partitioning scheme while installing Ubuntu Server and create a dedicated partition with adequate space for this purpose. Also ensure that the partition type is set as Linux LVM. 3. Update the machine using the following commands.
a. # apt-get update b. # apt-get upgrade
4. Install bridge-utils:
a. # apt-get install bridge-utils
Page 8 of 29
3.2 Network Configuration

1. Edit the /etc/network/interfaces file so as to looks like this:
# The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address <server IP> netmask <netmask IP> gateway <gateway IP> # Bridge network auto br100 iface br100 inet static address 10.0.0.1 netmask <netmask IP> bridge_ports eth1 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp off
2. Restart the network now

# /etc/init.d/networking restart
3.3 Database Installation

You can use MySQL, PostgreSQL or SQLite for Nova and Glance. Depending upon your choice of database, you will need to install the necessary packages and configure the database server. In this installation we have used MySQL database. 1. Install mysql-server and python-mysqldb package
# apt-get install mysql-server python-mysqldb
2. Create the root password for mysql. The password used in this guide is "openstack" 3. Change the binding address from 127.0.0.1 to 0.0.0.0 in /etc/mysql/my.cnf. It should be identical to this:
bind-address = 0.0.0.0
4. Restart MySQL server to ensure that it starts listening on all interfaces.

# restart mysql
Page 9 of 29
3.3.1 Creating Databases

Follow the steps below to create MySQL databases to be used with nova, glance and keystone. 1. Create a database named nova.
# mysql -uroot -popenstack -e 'CREATE DATABASE nova;'
2. Create a user named novauser.

# mysql -uroot -popenstack -e 'CREATE USER novauser;'
3. Grant all privileges for novauser on the database "nova".

# mysql -uroot -popenstack -e "GRANT ALL PRIVILEGES ON nova.* TO 'novauser'@'%';"
4. Create a password for the user "novauser".

# mysql -uroot -popenstack -e "SET PASSWORD FOR 'novauser'@'%' = PASSWORD('novapasswd');"
5. Create a database named glance.

# mysql -uroot -popenstack -e 'CREATE DATABASE glance;'
6. Create a user named glanceuser.

# mysql -uroot -popenstack -e 'CREATE USER glanceuser;'
7. Grant all privileges for glanceuser on the database "glance".

# mysql -uroot -popenstack -e "GRANT ALL PRIVILEGES ON glance.* TO 'glanceuser'@'%';"
8. Create a password for the user "glanceuser".

# mysql -uroot -popenstack -e "SET PASSWORD FOR 'glanceuser'@'%' = PASSWORD('glancepasswd');"
9. Create a database named keystone.

# mysql -uroot -popenstack -e 'CREATE DATABASE keystone;'
10. Create a user named keystoneuser.

# mysql -uroot -popenstack -e 'CREATE USER keystoneuser;'
11. Grant all privileges for keystoneuser on the database "keystone".

# mysql -uroot -popenstack -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystoneuser'@'%';"
12. Create a password for the user "keystoneuser".

# mysql -uroot -popenstack -e "SET PASSWORD FOR 'keystoneuser'@'%' = PASSWORD('keystonepasswd');"
Page 10 of 29
3.4 Keystone Installation

Keystone is the identity service used by OpenStack. Install Keystone using the following command.
3.4.1 Installing and Configuring Keystone

1. Install the following packages.
# apt-get install keystone python-keystone python-keystoneclient
2. Open /etc/keystone/keystone.conf and change the admin_token = ADMIN line so that it looks like the following:
admin_token = admin
3. Since MySQL database is used to store keystone configuration, replace the following line in /etc/keystone/keystone.conf
connection = sqlite:////var/lib/keystone/keystone.db
with
connection = mysql://keystoneuser:keystonepasswd@<server IP>/keystone
4. Restart Keystone
# service keystone restart
5. Run the following command to synchronize the database

# keystone-manage db_sync
6. Export environment variables which are required while working with OpenStack.
# export SERVICE_ENDPOINT="http://localhost:35357/v2.0" # export SERVICE_TOKEN=admin
7. You can also add these variables to ~/.bashrc, so that you need not have to export them every time.
3.4.2 Creating Tenants

Create the tenants by executing the following commands. In this case, we are creating two tenants - admin and service.
# keystone tenant-create --name admin # keystone tenant-create --name service
3.4.3 Creating Users

Create the users by executing the following commands. In this case, we are creating four users - admin, nova, glance and swift.
# keystone user-create --name admin --pass admin # keystone user-create --name nova --pass nova # keystone user-create --name glance --pass glance
Page 11 of 29
3.4.4 Creating Roles

Create the roles by executing the following commands. In this case, we are creating two roles - admin and Member.
# keystone role-create --name admin # keystone role-create --name Member
3.4.5 Listing Tenants, Users and Roles

The tenants, users and roles that have been created above can be listed by following commands: 1. List Tenants
# keystone tenant-list +----------------------------------+---------+---------+ | id | name | enabled | +----------------------------------+---------+---------+ | 07ae5d275cec4a69bbce19c4eb8ae05b | service | True | | ed9bfa97d17744e7b53d2ded12aaadb0 | admin | True | +----------------------------------+---------+---------+
2. List Roles
# keystone role-list +----------------------------------+--------+ | id | name | +----------------------------------+--------+ | a5119d9a0ca44a5e8e13253119aa13ba | admin | | d09ba199438548538712da783c2ded5b | Member | +----------------------------------+--------+
3. List Users
# keystone user-list +----------------------------------+---------+-------+--------+ | id | enabled | email | name | +----------------------------------+---------+-------+--------+ | 5cbdf67853584b699be0e09943d194ba | True | None | glance | | 9318eb193d2f4a2c9a9169fc532dcac7 | True | None | admin | | b16b2b99cf4d4cb6916611455de8585b | True | None | nova | +----------------------------------+---------+-------+--------+
Note: The values of the 'id' column would be required later when we associate a role to a user in a particular tenant.
3.4.6 Adding Roles to Users in Tenants

Now we add roles to the users that have been created. A role to a specific user in a specific tenant can be assigned with the following command: Syntax:
keystone user-role-add --user $USER_ID --role $ROLE_ID --tenant_id $TENANT_ID
Page 12 of 29
Note: The required 'id' can be obtained from the commands - keystone user-list, keystone tenant list, keystone role-list. 1. Add a role of 'admin' to the user 'admin' of the tenant 'admin'.
# keystone user-role-add --user b3de3aeec2544f0f90b9cbfe8b8b7acd --role 2bbe305ad531434991d4281aaaebb700 --tenant_id 7f95ae9617cd496888bc412efdceabfd
2. Add a role of 'admin' to the users 'nova' and 'glance' of the tenant 'service'.
# keystone user-role-add --user ce8cd56ca8824f5d845ba6ed015e9494 --role 2bbe305ad531434991d4281aaaebb700 --tenant_id c7970080576646c6959ee35970cf3199 # keystone user-role-add --user 518b51ea133c4facadae42c328d6b77b --role 2bbe305ad531434991d4281aaaebb700 --tenant_id c7970080576646c6959ee35970cf3199
3. The 'Member' role is used by Horizon. So add the 'Member' role accordingly.
# keystone user-role-add --user b3de3aeec2544f0f90b9cbfe8b8b7acd --role d983800dd6d54ee3a1b1eb9f2ae3291f --tenant_id 7f95ae9617cd496888bc412efdceabfd
Note: Replace the id appropriately as listed by keystone user-list, keystone role-list, and keystone tenant-list.
3.4.7 Creating Services

1. Now that all your starter tenants, users, and roles have been created, lets move on to endpoints. Add all the services you want to have the Keystone service connected with: Syntax:
# keystone service-create --name service_name --type service_type --description 'Description of the service'
2. Some of the services that we create are nova-compute, nova-volume, glance, swift, keystone and ec2.
# keystone service-create --name nova --type compute --description 'OpenStack Compute Service' # keystone service-create --name volume --type volume --description 'OpenStack Volume Service' # keystone service-create --name glance --type image --description 'OpenStack Image Service' # keystone service-create --name keystone --type identity --description 'OpenStack Identity Service' # keystone service-create --name ec2 --type ec2 --description 'EC2 Service'
3. Each of the services that have been created above will be identified with a unique id which can be obtained from the following command:
# keystone service-list +----------------------------------+----------+--------------+----------------------------+ | id | name | type | description | +----------------------------------+----------+--------------+----------------------------+ | 040910d0ebbb4b60a30b470dfe729370 | volume | volume | OpenStack Volume Service | | 1bbe94159fb14f09925f075abb046b2d | ec2 | ec2 | EC2 Service |
OpenStack Open Source Cloud Installation Document | 2ac838cec5974afabc6aab8d537dcdb6 | glance | image | OpenStack Image Service | | 6d6603460f1c4d6b9874b3d313ba71f4 | nova | compute | OpenStack Compute Service | | 97f17ae143184d8597f4d34746c3c58c | keystone | identity | OpenStack Identity Service | +----------------------------------+----------+--------------+----------------------------+
Note: The 'id' will be used in defining the endpoint for that service.
3.4.8 Creating Endpoints

1. Create endpoints for each of the services that have been created above. Syntax:
keystone endpoint-create --region region_name --service_id service_id -publicurl public_url --adminurl admin_url --internalurl internal_url
2. For creating an endpoint for nova-compute, execute the following command:

# keystone endpoint-create --region myregion --service_id 1e93ee6c70f8468c88a5cb1b106753f3 --publicurl 'http://<server IP>:8774/v2/$(tenant_id)s' --adminurl 'http://<server IP>:8774/v2/$(tenant_id)s' --internalurl 'http://<server IP>:8774/v2/$(tenant_id)s'
3. For creating an endpoint for nova-volume, execute the following command:

# keystone endpoint-create --region myregion --service_id f38f4564ff7b4e43a52b2f5c1b75e5fa --publicurl 'http://<server IP>:8776/v1/$(tenant_id)s' --adminurl 'http://<server IP>:8776/v1/$(tenant_id)s' -internalurl 'http://<server IP>:8776/v1/$(tenant_id)s'
4. For creating an endpoint for glance, execute the following command:

# keystone endpoint-create --region myregion --service_id fbafab6edcab467bb734380ce6be3561 --publicurl 'http://<server IP>:9292/v1' --adminurl 'http://<server IP>:9292/v1' --internalurl 'http://<server IP>:9292/v1'
5. For creating an endpoint for keystone, execute the following command:

# keystone endpoint-create --region myregion --service_id 7d4ec192dfa1456996f0f4c47415c7a7 --publicurl http://<server IP>:5000/v2.0 --adminurl http://<server IP>:35357/v2.0 --internalurl http://<server IP>:5000/v2.0
6. For creating an endpoint for ec2, execute the following command:

# keystone endpoint-create --region myregion --service_id 28fd92ffe3824004996a3e04e059d875 --publicurl http://<server IP>:8773/services/Cloud -adminurl http://<server IP>:8773/services/Admin --internalurl http:// <server IP>:8773/services/Cloud
3.4.9 Testing Keystone

Now that keystone has been configured, test it to make sure you did not make any mistakes. The easiest way to ensure Keystone is configured correctly is to use the curl command.
Page 14 of 29
OpenStack Open Source Cloud Installation Document # curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials":{"username": "adminUser", "password": "secretword"}}}' -H "Content-type:application/json" http://<server IP>:35357/v2.0/tokens | python -m json.tool
If your tests have passed, and you are getting the token returned as you expected, you are officially on your way to having an OpenStack cloud!
3.5 Glance Installation

1. Install glance using the following command:
# apt-get install glance glance-api glance-client glance-common glance-registry python-glance
3.5.1 Glance Configuration

Glance uses SQLite by default. MySQL and PostgreSQL can also be configured to work with Glance. 1. Open /etc/glance/glance-api-paste.ini and at the end of the file, edit the following lines:
admin_tenant_name = %SERVICE_TENANT_NAME% admin_user = %SERVICE_USER% admin_password = %SERVICE_PASSWORD%
2. These values have to be modified as per the configurations made earlier. The admin_tenant_name will be 'service', admin_user will be 'glance' and admin_password is 'glance'. After editing, the lines should be as follows:
admin_tenant_name = service admin_user = glance admin_password = glance
3. Now open /etc/glance/glance-registry-paste.ini and make similar changes at the end of the file.
admin_tenant_name = service admin_user = glance admin_password = glance
4. Open the file /etc/glance/glance-registry.conf and edit the line which contains the option "sql_connection =" to this:
sql_connection = mysql://glanceuser:glancepasswd@<server IP>/glance
5. In order to tell glance to use keystone for authentication, add the following lines at the end of the file.
[paste_deploy] flavor = keystone
6. Open /etc/glance/glance-api.conf and add the following lines at the end of the document.
[paste_deploy] flavor = keystone
7. Create glance schema in the MySQL database.

# glance-manage version_control 0 # glance-manage db_sync
8. Restart glance-api and glance-registry after making the above changes.

OpenStack Open Source Cloud Installation Document # restart glance-api # restart glance-registry
9. Export the following environment variables.

# # # # # # export export export export export export SERVICE_TOKEN=admin OS_TENANT_NAME=admin OS_USERNAME=admin OS_PASSWORD=admin OS_AUTH_URL="http://localhost:5000/v2.0/" SERVICE_ENDPOINT=http://localhost:35357/v2.0
10. Alternatively, you can add these variables to ~/.bashrc.
3.5.2 Testing Glance

To test if glance is set up correctly execute the following command.
# glance index
The above command will not return any output. With Glance configured properly and using keystone as the authentication mechanism, now we can upload images to glance.
3.6 Nova Installation

Install Nova packages using the following commands.
# apt-get install nova-api nova-cert nova-compute nova-compute-kvm nova-doc nova-network nova-objectstore nova-scheduler nova-volume rabbitmq-server novnc nova-consoleauth
3.6.1 Nova Configuration

1. Edit the /etc/nova/nova.conf file to look like this.
--auth_strategy=keystone --bvirt_type=kvm --dhcpbridge_flagfile=/etc/nova/nova.conf --dhcpbridge=/usr/bin/nova-dhcpbridge --logdir=/var/log/nova --state_path=/var/lib/nova --lock_path=/var/lock/nova --force_dhcp_release --iscsi_helper=tgtadm --libvirt_use_virtio_for_bridges --connection_type=libvirt --root_helper=sudo nova-rootwrap --verbose --s3_host=<server IP> --ec2_host=<server IP> --rabbit_host=<server IP> --cc_host=<server IP>
Page 16 of 29
OpenStack Open Source Cloud Installation Document --nova_url=http://<server IP>:8774/v1.1/ --routing_source_ip=<server IP> --glance_api_servers=<server IP>:9292 --image_service=nova.image.glance.GlanceImageService --sql_connection=mysql://novauser:novapasswd@<server IP>/nova --ec2_url=http://<server IP>:8773/services/Cloud --keystone_ec2_url=http://<server IP>:5000/v2.0/ec2tokens --api_paste_config=/etc/nova/api-paste.ini # vnc specific configuration --novnc_enabled=true --novncproxy_base_url=http://<server IP>:6080/vnc_auto.html --vncserver_proxyclient_address=<server IP> --vncserver_listen=<server IP> # network specific settings --network_manager=nova.network.manager.FlatDHCPManager --public_interface=eth0 --flat_interface=eth0 --flat_network_bridge=br100 --fixed_range=192.168.4.xx/27 --floating_range=172.16.1.xx/24 --network_size=32 --flat_network_dhcp_start=192.168.4.xx --flat_injected=False --force_dhcp_release --iscsi_helper=tgtadm
2. Create nova-volume using the following steps a. List the partitions available
# fdisk -l
b. Create a new partition /dev/sda3

# fdisk /dev/sda Command (m for help): m Command (m for help): n Partition type: p e primary (3 primary, 0 extended, 1 free) extended
Select (default e): p Selected partition 4
Page 17 of 29
OpenStack Open Source Cloud Installation Document First sector (325793792-976773167, default 325793792): Using default value 325793792 Last sector, +sectors or +size{K,M,G} (325793792-976773167, default 976773167): +100G Command (m for help): t Partition number (1-4): 3 Hex code (type L to list codes): L Hex code (type L to list codes): 8e Changed system type of partition 4 to 8e (Linux LVM) Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. WARNING: Re-reading the partition table failed with error 16: Device or resource busy. The kernel still uses the old table. The new table will be used at the next reboot or after you run partprobe(8) or kpartx(8) Syncing disks.
c. Check if the partition is created

# partprobe /dev/sda # fdisk l
d. Now create a Physical Volume

# pvcreate /dev/sda3 Physical volume "/dev/sda3" successfully created # pvdisplay
e. Create a Volume Group named nova-volumes.

# vgcreate nova-volumes /dev/sda3
3. Change the ownership of the /etc/nova folder and permissions for /etc/nova/nova.conf
# chown -R nova:nova /etc/nova # chmod 644 /etc/nova/nova.conf
4. Open /etc/nova/api-paste.ini and at the end of the file, edit the following lines:
admin_tenant_name = %SERVICE_TENANT_NAME% admin_user = %SERVICE_USER% admin_password = %SERVICE_PASSWORD%
Page 18 of 29
These values have to be modified conforming to configurations made earlier. The admin_tenant_name will be 'service', admin_user will be 'nova' and admin_password is 'nova'. After editing, the lines should be as follows:
admin_tenant_name = service admin_user = nova admin_password = nova
5. Create nova schema in the MySQL database.

# nova-manage db sync
6. Provide a range of IPs to be associated to the instances

# nova-manage network create private --fixed_range_v4=192.168.4.xx/27 -num_networks=1 --bridge=br100 --bridge_interface=eth1 --network_size=32
7. Export the following environment variables.

# export OS_TENANT_NAME=admin # export OS_USERNAME=admin # export OS_PASSWORD=admin # export OS_AUTH_URL=http://localhost:5000/v2.0/
8. Restart nova services

# restart libvirt-bin; restart nova-network; restart novacompute; restart nova-api; restart nova-objectstore; restart nova-scheduler; restart nova-volume; restart novaconsoleauth;
3.6.2 Testing Nova

1. Run the following nova-manage command to see that all your Nova services are running and are in an enabled and :-) state.
# nova-manage service list Binary Host nova-compute ubuntu nova-cert ubuntu nova-volume ubuntu nova-network ubuntu nova-scheduler ubuntu nova-consoleauth ubuntu Zone nova nova nova nova nova nova Status enabled enabled enabled enabled enabled enabled State :-) :-) :-) :-) :-) :-) Updated_At 2012-06-22 06:09:00 2012-06-22 06:09:01 2012-06-22 06:08:55 2012-06-22 06:09:01 2012-06-22 06:08:52 2012-06-22 06:09:01
2. If all your services are in an enabled state, and everything is running, you are ready to issue your first command to your cloud. 3. The following three nova commands will give you clear feedback if your cloud is responding to your API calls.
# nova list +----+------+--------+----------+ | ID | Name | Status | Networks | +----+------+--------+----------+ +----+------+--------+----------+
OpenStack Open Source Cloud Installation Document # nova image-list +----+--------------------------------------+--------+ | ID | Name | Status | +----+--------------------------------------+--------+ +----+--------------------------------------+--------+ # nova flavor-list +----+-----------+-----------+------+----------+-------+------------+----------+ | ID | Name | Memory_MB | Swap | Local_GB | VCPUs | RXTX_Quota | RXTX_Cap | +----+-----------+-----------+------+----------+-------+------------+----------+ | 1 | m1.tiny | 512 | 0 | 0 | 1 | 0 | 0 | | 2 | m1.small | 2048 | 0 | 20 | 1 | 0 | 0 | | 3 | m1.medium | 4096 | 0 | 40 | 2 | 0 | 0 | | 4 | m1.large | 8192 | 0 | 80 | 4 | 0 | 0 | | 5 | m1.xlarge | 16384 | 0 | 160 | 8 | 0 | 0 | +----+-----------+-----------+------+----------+-------+------------+----------+
3.7 Dashboard Installation

1. Install OpenStack Dashboard by executing the following command:
# apt-get install openstack-dashboard
2. Restart apache with the following command.

# service apache2 restart
3. Open a browser and enter IP address of the OpenStack server. You should see the OpenStack login prompt. Login with username admin and password admin.
3.8 Uploading Linux Image

1. Upload a Linux image using the following command.
# glance add name="<Image name>" is_public=true container_format=ovf disk_format=qcow2 < <filename>.img
2. Verify if the image has been uploaded by issuing the following command.
# glance index [OR] # nova image-list
4 Icinga Open Source Monitoring

Icinga is an open source enterprise monitoring system. Icinga allows monitoring any network and its resource including HTTP, Ping, SMTP, POP3 etc. Also monitors host resources such as CPU load, Disk Usage, Swap Usage etc. Server components such as Printers, Switches and Routers can also be monitored. It notifies the administrators of errors and recoveries and generates performance data for reporting. We are integrating Icinga with OpenStack to monitor the Virtual machines that are running in the OpenStack Cloud.
Page 20 of 29
4.1 Configuring Icinga Server

To install Icinga Server on OpenStack Ubuntu machine, login as root user and perform the following steps. All the installation and Configuration steps mentioned in Section 4.1 must be executed on the Icinga Server Machine.
4.1.1 Pre-requisites
Before you proceed with installing and configuring Icinga, make sure to install the following packages on the machine in which Icinga Server will be configured.
# # # # apt-get apt-get apt-get apt-get install install install install apache2 build-essential libgd2-xpm-dev libjpeg62 libjpeg62-dev libpng12 libpng12-dev snmp libsnmp5-dev openssl libssl-dev
Note: Sometimes the names of packages change between different releases of the same distribution. So, if you get a message that one of the package cannot be found, please use the search option of your package manager to get the new name.
4.1.2 Required Packages

Xampp from Linux: http://sourceforge.net/projects/xampp/files/XAMPP%20Linux/1.7.7/xampp-linux1.7.7.tar.gz/download Icinga core: http://sourceforge.net/projects/icinga/files/icinga/1.6.1/icinga-1.6.1.tar.gz/download NRPE: http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz Nagios Plug-in: http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plug-ins1.4.15.tar.gz
4.1.3 Icinga Installation and Configuration

1. Download Xampp (Apache Distribution) for Linux
# wget http://sourceforge.net/projects/xampp/files/XAMPP%20Linux/1.7.7/xampp-linux1.7.7.tar.gz/download
2. Extract the Xampp package

# tar -zxvf xampp-linux-1.7.3.tar.gz # mv lampp/ /opt/
3. Download Icinga package

# wget http://sourceforge.net/projects/icinga/files/icinga/1.6.1/icinga1.6.1.tar.gz/download
4. Extract the Icinga package

# tar -zxvf icinga-1.2.1.tar.gz # cd icinga-1.2.1
Page 21 of 29
5. Run the Icinga configuration script and compile the Icinga source code
# ./configure --prefix=/opt/icinga --with-icinga-user=daemon --with-icingagroup=daemon --with-httpd-conf=/opt/lampp/etc # make all
Note: Make sure there are no errors while compiling. In case there are errors, install the required packages and recompile. 6. Install binaries, init script, sample configuration files and set permission on external command directories.
# # # # # make make make make make install install-init install-config install-commandmode install-webconf
7. Now configure Apache with Icinga

# cd /opt/lampp/etc/ # vim httpd.conf
Add the below line in httpd.conf file.

Include etc/icinga.conf
8. Create an Admin account for logging into the Icinga Web Interface.
# cd /opt/lampp/bin/ # ./htpasswd -c /opt/icinga/etc/htpasswd.users icingaadmin New password: Re-type new password: Adding password for user icingaadmin
Note: If you need to change the login details later, use the same command. 9. Start Apache
# cd /opt/lampp/ # ./lampp start apache
XAMPP: Starting Apache with SSL (and PHP5)... 10. Check if Apache is working by issuing the appropriate URL on the browser. http://<ServerIP>
Page 22 of 29
11. Now we need to start Icinga but before that we need to check whether Icinga has been compiled properly and the entire configurations are set.
# cd /opt/icinga/
12. Before configuring Icinga we will start and check if we get the page.
# /opt/icinga/bin/icinga -v /opt/icinga/etc/icinga.cfg
If things are OK and there are no serious problems, the below message will be displayed.
Total Warnings: 0 Total Errors: 0
13. Now if there are no errors, start Icinga

# /opt/icinga/bin/icinga -d /opt/icinga/etc/icinga.cfg # ps -ef | grep icinga
The following will be displayed, if the Icinga process has started.

daemon 9959 root 1 0 02:11 ? 00:00:00 /opt/icinga/bin/icinga -d /opt/icinga/etc/icinga.cfg 9965 5111 0 02:11 pts/2 00:00:00 grep --color=auto icinga
14. Set the appropriate permission for the Icinga directories mentioned below.
# # # # # chmod chmod chmod chmod chmod 777 777 777 777 777 /opt/ /opt/icinga/ /opt/icinga/var/ /opt/icinga/var/rw/ /opt/icinga/var/rw/icinga.cmd
Page 23 of 29
15. You should now be able to access the Icinga Web Interface at the URL below. You will be prompted for the username (icingaadmin) and password specified earlier. http://<serverIP>/icinga
4.1.4 Installing Nagios plug-in for monitoring

If you want to monitor your Icinga Server Machine (OpenStack Machine), then perform the steps in Section 4.1.4 and 4.1.5 on the Icinga Server Machine. 1. Download the Nagios plug-in
# wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plug-ins1.4.15.tar.gz
2. Create a Nagios user and extract the Nagios plug-in source code tarball.
# useradd nagios # tar -zxvf nagios-plug-ins-1.4.15.tar.gz # cd nagios-plug-ins-1.4.15
3. Compile and install the plug-ins by changing the installation directory to /opt/icinga/
# ./configure --prefix=/opt/icinga/ --with-nagios-user=daemon --with-nagiosgroup=daemon # make # make install
4.1.5 Installation of NRPE (Nagios Remote Plug-in Executor)

1. Download the NRPE plug-in
# wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz
2. Extract the NRPE package.

# tar -zxvf nrpe-2.12.tar.gz # cd nrpe-2.12
Page 24 of 29
3. Run the configuration script and compile the NRPE plug-in

# ./configure --prefix=/opt/icinga/ --with-nagios-user=daemon --with-nagiosgroup=daemon --enable-command-args # make all # make install-plug-in
4.2 Configuring the Virtual Machines for Monitoring

All the installation and Configuration steps mentioned in Section 4.2 must be executed on the virtual machine (Instances) that needs to be monitored.
4.2.1 Installation of Nagios Plug-in for monitoring

1. Install the gcc packages on all the Linux/Unix machines that need to be monitored.
# yum install gcc*
2. Download Nagios plug-in # wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plug-ins-1.4.15.tar.gz 3. Extract the Nagios plug-in source code tar ball.
# tar -zxvf nagios-plug-ins-1.4.15.tar.gz # cd nagios-plug-ins-1.4.15
4. Compile and install the plug-ins by changing the installation directory to /opt/icinga/
# ./configure --prefix=/opt/icinga/ --with-nagios-user=daemon --with-nagiosgroup=daemon # make # make install # chown -R daemon:daemon /opt/icinga/
4.2.2 Installation of NRPE (Nagios Remote Plug-in Executor)

1. Download the NRPE plug-in # wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz 2. Extract the NRPE package.
# tar -zxvf nrpe-2.12.tar.gz # cd nrpe-2.12
3. Run the configuration script and compile the NRPE plug-in

# ./configure --prefix=/opt/icinga/ --with-nagios-user=daemon --with-nagiosgroup=daemon --enable-command-args # make all # make install-daemon # make install-daemon-config # yum install xinetd # make install-xinetd
Page 25 of 29
4. Configure the NRPE as a xinetd service.

# vim /etc/xinetd.d/nrpe
Edit by adding the Icinga server IP in only_from:

servicenrpe { flags socket_type port wait user group server server_args log_on_failure disable only_from }
= REUSE = stream = 5666 = no = nagios = nagios = /opt/icinga/bin/nrpe = -c /opt/icinga/etc/nrpe.cfg --inetd += USERID = no = 127.0.0.1,<ServerIP>
5. Check if the following private service commands are defined in the nrpe.cfg file.
command[check_users]=/opt/icinga/libexec/check_users -w 5 -c 10 command[check_load]=/opt/icinga/libexec/check_load -w 15,10,5 -c 30,25,20 command[check_disk]=/opt/icinga/libexec/check_disk -w 20% -c 10% -p /dev/sda1 command[check_zombie_procs]=/opt/icinga/libexec/check_procs -w 5 -c 10 -s Z command[check_total_procs]=/opt/icinga/libexec/check_procs -w 150 -c 200 command[check_swap]=/opt/icinga/libexec/check_swap -w 20% -c 10% command[check_memory]=/opt/icinga/libexec/check_mem.pl -u -w 80 -c 90
Note: Any plug-ins that is used in the command lines must reside on the machine that this daemon is running on! The examples below assume that you have plug-ins installed in a /usr/local/nagios/libexec directory. Also note that you will have to modify the definitions below to match the argument format the plug-ins expect. 6. Run NRPE as a service by adding the following line.
# vim /etc/services nrpe 5666/tcp
7. Restart the xinetd service and check whether NRPE has started
# /etc/init.d/xinetd restart # netstat -a |grep nrpe
4.3 Configuring Virtual Machines on Icinga Server

Configure Icinga Server to monitor the Linux/Unix machines using the steps below. All the steps in Section 4.3 must be performed on Icinga Server. 1. Create a configuration file for each of the monitoring machines using the steps below.
# cd /opt/icinga/etc/objects/ # vim /opt/icinga/etc/objects/<monitormachine>.cfg
Example: machine1.cfg
Add the following lines in the machine1.cfg file.

# Define a host for the local machine define host{ use linux-server host_name machine1 alias machine1 address xxx.xx.xx.xx }
#IP address of machine1
# Define a service to "ping" the local machine define service{ use local-service host_name machine1 service_description PING check_command check_ping!100.0,20%!500.0,60% } # Define a service to check the disk space of the root partition define service{ use local-service host_name machine1 service_description Root Partition check_command check_nrpe!check_disk } # Define a service to check the number of currently logged in define service{ use local-service host_name machine1 service_description Current Users check_command check_local_users!20!50 } # Define a service to check the number of currently running procs define service{ use local-service host_name machine1 service_description Total Processes check_command check_nrpe!check_total_procs } # Define a service to check the load on the local machine. define service{ use local-service host_name machine1 service_description Current Load check_command check_local_load!5.0,4.0,3.0!10.0,6.0,4.0 } # Define a service to check the swap usage define service{ use local-service host_name machine1 service_description Swap Usage check_command check_nrpe!check_swap } # Define a service to check SSH on the local machine define service{ use local-service host_name machine1 service_description SSH check_command check_ssh notifications_enabled 0 } # Define a service to check HTTP define service{
Page 27 of 29
OpenStack Open Source Cloud Installation Document use host_name service_description check_command notifications_enabled } local-service machine1 HHTP check_http 0
Note: Refer localhost.cfg file present in the same location. 1. Add the following lines in the command.cfg file present in the same location.
# check_nrpe definition define command{ command_name check_nrpe command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ }
2. Add the configuration file path of the monitoring machines in the icinga.cfg configuration file.
# vim icinga.cfg cfg_file=/opt/icinga/etc/objects/machine1.cfg
3. Restart Icinga for the configuration changes to take effect. Kill the existing Icinga process
# killall icinga [OR] kill -9 PID
Run the below command to verify if the Icinga configurations specified are correct.
# /opt/icinga/bin/icinga -v /opt/icinga/etc/icinga.cfg
If there are no errors displayed in the verification step, start Icinga using the below command.
# /opt/icinga/bin/icinga -d /opt/icinga/etc/icinga.cfg # ps -ef|grep icinga
4.4 Icinga Web Interface

Use Icinga Web Interface to monitor your remote machines. You will be prompted for the username (icingaadmin) and password specified earlier. URL: http://<serverIP>/icinga
Page 28 of 29
5 Conclusion
The detailed installation instructions given in this document would have helped you to install and deploy OpenStack to deploy and manage cloud. The installation and integration of open source Icinga with OpenStack will help you monitor critical cloud data center to ensure service availability and business continuity. ViSolve provides cloud deployment, customization, management and monitoring as a service. As part of the service, ViSolve can provide you commercial support for installation and deployment of OpenStack and Icinga. For several years ViSolve has been helping SMEs and Fortune 100s to deploy cloud as part of their corporate strategy.
About ViSolve
ViSolve is a leading contributor to Open Source. For over a decade, ViSolve has been advocating and promoting open source technology as the solution for future IT needs. ViSolve has worked on several mission-critical projects for world-wide enterprise customers and has been providing service and support with a focus on leading-edge open source technologies. ViSolve for years has been deploying, managing and monitoring clouds using open source OpenStack and Xen Cloud Platform (XCP), and also proprietary solutions like VMware vCloud and HP Cloud Service Automation (CSA). Our partnership with leading system vendors and global distributors in provisioning cloud infrastructure has helped us intimately familiarize the internals of open source and proprietary cloud solutions. We understand the challenges, complexity and intricacies of live implementations, and best practices to be followed for a successful deployment. Deploy and manage cloud for free at our demo environment at http://cloud.visolve.com. Feel free to send us your feedbacks to cloud@visolve.com For more information:Visit: www.visolve.com Write to: cloud@visolve.com Call: (408) 666 4320
Page 29 of 29

OpenStack Installation

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

OpenStack Installation

Загружено:

Авторское право:

Доступные форматы

OpenStack Installation Guide

Prepared by ViSolve Cloud Team

OpenStack Open Source Cloud Installation Document

Document Revision History

Copyright 2012 ViSolve Inc. All rights reserved.

OpenStack Open Source Cloud Installation Document

OpenStack Open Source Cloud Installation Document

Copyright 2012 ViSolve Inc. All rights reserved.

OpenStack Open Source Cloud Installation Document

2 OpenStack Open Source Cloud

2.2 Why OpenStack?

2.3 OpenStack Components

Copyright 2012 ViSolve Inc. All rights reserved.

OpenStack Open Source Cloud Installation Document

Components of OpenStack Compute API Server (nova-api)

2.3.2 OpenStack Imaging Service (Glance)

Copyright 2012 ViSolve Inc. All rights reserved.

OpenStack Open Source Cloud Installation Document

2.3.3 OpenStack Identity Service (Keystone)

A keystone authenticated user. 2.3.3.1.4 Services

2.3.4 OpenStack Administrative Web-Interface (Horizon)

2.3.5 OpenStack Storage Infrastructure (Swift)

Copyright 2012 ViSolve Inc. All rights reserved.

OpenStack Open Source Cloud Installation Document

2.4 OpenStack Architecture

Copyright 2012 ViSolve Inc. All rights reserved.

OpenStack Open Source Cloud Installation Document

3.2 Network Configuration

2. Restart the network now

3.3 Database Installation

4. Restart MySQL server to ensure that it starts listening on all interfaces.

Copyright 2012 ViSolve Inc. All rights reserved.

OpenStack Open Source Cloud Installation Document

3.3.1 Creating Databases

2. Create a user named novauser.

3. Grant all privileges for novauser on the database "nova".

4. Create a password for the user "novauser".

5. Create a database named glance.

6. Create a user named glanceuser.

7. Grant all privileges for glanceuser on the database "glance".

8. Create a password for the user "glanceuser".

9. Create a database named keystone.

10. Create a user named keystoneuser.

11. Grant all privileges for keystoneuser on the database "keystone".

12. Create a password for the user "keystoneuser".

Copyright 2012 ViSolve Inc. All rights reserved.

OpenStack Open Source Cloud Installation Document

3.4 Keystone Installation

3.4.1 Installing and Configuring Keystone

5. Run the following command to synchronize the database

3.4.2 Creating Tenants

3.4.3 Creating Users

Copyright 2012 ViSolve Inc. All rights reserved.

OpenStack Open Source Cloud Installation Document

3.4.4 Creating Roles

3.4.5 Listing Tenants, Users and Roles

3.4.6 Adding Roles to Users in Tenants

Copyright 2012 ViSolve Inc. All rights reserved.

OpenStack Open Source Cloud Installation Document

3.4.7 Creating Services

3.4.8 Creating Endpoints

2. For creating an endpoint for nova-compute, execute the following command:

3. For creating an endpoint for nova-volume, execute the following command: