-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCH2_Controller_Icehouse.txt
211 lines (179 loc) · 10 KB
/
CH2_Controller_Icehouse.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
# Title: CH2_Controller_Icehouse.txt
# Purpose:
# Modified installation for Icehouse on CentOS 6.6.
# It is meant to replace the documented installation process in Chapter 2 for controller nodes only.
# NOTE: Do not run commands that are commented out.
## Configure the repos
rpm -ivh https://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-4.noarch.rpm
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# Install crudini
yum -y install crudini openstack-utils
# Set the hostname
sed -i "/HOSTNAME/c\HOSTNAME=controller.learningneutron.com" /etc/sysconfig/network
# Add DNS entries
echo 10.254.254.100 controller.learningneutron.com controller >> /etc/hosts
echo 10.254.254.101 compute01.learningneutron.com compute01 >> /etc/hosts
# Disable SELinux
sed -i "/SELINUX=enforcing/c\SELINUX=disabled" /etc/selinux/config
# Remove iptables
iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
service iptables save
# Install NTP
yum -y install ntp
service ntpd start
chkconfig ntpd on
# Upgrade and reboot
yum -y upgrade
reboot
# Install MySQL Server
yum -y install mysql mysql-server MySQL-python
crudini --set /etc/my.cnf mysqld bind-address 10.254.254.100
service mysqld start
chkconfig mysqld on
# Configure MySQL Server
/usr/bin/mysql_secure_installation
# Install Qpid
yum -y install qpid-cpp-server memcached
sed -i "/^auth/s/auth=yes/auth=no/" /etc/qpidd.conf
service qpidd start
chkconfig qpidd on
# Install Keystone
yum -y install openstack-keystone python-keystoneclient
crudini --set /etc/keystone/keystone.conf sql connection mysql://keystone:keystone@controller/keystone
openstack-db --init --service keystone --password keystone
ADMIN_TOKEN=$(openssl rand -hex 10)
crudini --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone.log
crudini --set /etc/keystone/keystone.conf token provider keystone.token.providers.pki.Provider
service openstack-keystone start
chkconfig openstack-keystone on
# Configure Keystone
export OS_SERVICE_TOKEN=$ADMIN_TOKEN
export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0
keystone tenant-create --name=admin --description="Admin Tenant"
keystone tenant-create --name=service --description="Service Tenant"
keystone user-create --name=admin --pass=secrete [email protected]
keystone role-create --name=admin
keystone user-role-add --user=admin --tenant=admin --role=admin
keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
keystone endpoint-create \
--service-id=`keystone service-get keystone | awk '/ id / { print $4 }'` \
--publicurl=http://controller:5000/v2.0 \
--internalurl=http://controller:5000/v2.0 \
--adminurl=http://controller:35357/v2.0
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
keystone --os-username=admin --os-password=secrete --os-auth-url=http://controller:35357/v2.0 token-get
keystone --os-username=admin --os-password=secrete --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 token-get
# Configure environment vars
mkdir ~/credentials
cat >> ~/credentials/admin <<EOF
export OS_USERNAME=admin
export OS_PASSWORD=secrete
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://controller:35357/v2.0
EOF
source ~/credentials/admin
keystone token-get
keystone user-list
# Install Glance
yum -y install openstack-glance
openstack-db --init --service glance --password glance
crudini --set /etc/glance/glance-api.conf DEFAULT sql_connection mysql://glance:glance@controller/glance
crudini --set /etc/glance/glance-registry.conf DEFAULT sql_connection mysql://glance:glance@controller/glance
keystone user-create --name=glance --pass=glance [email protected]
keystone user-role-add --user=glance --tenant=service --role=admin
crudini --set /etc/glance/glance-api.conf keystone_authtoken auth_host controller
crudini --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
crudini --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
crudini --set /etc/glance/glance-api.conf keystone_authtoken admin_password glance
crudini --set /etc/glance/glance-registry.conf keystone_authtoken auth_host controller
crudini --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
crudini --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
crudini --set /etc/glance/glance-registry.conf keystone_authtoken admin_password glance
cp /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini
cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini
crudini --set /etc/glance/glance-api-paste.ini filter:authtoken auth_host controller
crudini --set /etc/glance/glance-api-paste.ini filter:authtoken admin_user glance
crudini --set /etc/glance/glance-api-paste.ini filter:authtoken admin_tenant_name service
crudini --set /etc/glance/glance-api-paste.ini filter:authtoken admin_password glance
crudini --set /etc/glance/glance-api-paste.ini filter:authtoken flavor keystone
crudini --set /etc/glance/glance-registry-paste.ini filter:authtoken auth_host controller
crudini --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_user glance
crudini --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_tenant_name service
crudini --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_password glance
crudini --set /etc/glance/glance-registry-paste.ini filter:authtoken flavor keystone
service openstack-glance-api start
service openstack-glance-registry start
chkconfig openstack-glance-api on
chkconfig openstack-glance-registry on
keystone service-create --name=glance --type=image --description="Glance Image Service"
keystone endpoint-create \
--service-id=`keystone service-get glance | awk '/ id / { print $4 }'` \
--publicurl=http://controller:9292 \
--internalurl=http://controller:9292 \
--adminurl=http://controller:9292
# Verify glance
mkdir /var/tmp/images ; cd /var/tmp/images/
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
glance image-create --name=CirrOS-0.3.4 --disk-format=qcow2 --container-format=bare --is-public=true --file /var/tmp/images/cirros-0.3.4-x86_64-disk.img
glance image-create --name=Ubuntu-14.04 --disk-format=qcow2 --container-format=bare --is-public=true --location http://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img
glance image-create --name=CentOS-6 --disk-format=qcow2 --container-format=bare --is-public=true --location http://cloud.centos.org/centos/6/images/CentOS-6-x86_64-GenericCloud.qcow2
# INSTALL NOVA CONTROLLER SERVICES
yum -y install openstack-nova python-novaclient
openstack-db --init --service nova --password nova
crudini --set /etc/nova/nova.conf database connection mysql://nova:nova@controller/nova
crudini --set /etc/nova/nova.conf DEFAULT rpc_backend nova.openstack.common.rpc.impl_qpid
crudini --set /etc/nova/nova.conf DEFAULT qpid_hostname controller
crudini --set /etc/nova/nova.conf DEFAULT my_ip 10.254.254.100
crudini --set /etc/nova/nova.conf DEFAULT vncserver_listen 10.254.254.100
crudini --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 10.254.254.100
keystone user-create --name=nova --pass=nova [email protected]
keystone user-role-add --user=nova --tenant=service --role=admin
crudini --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
crudini --set /etc/nova/nova.conf keystone_authtoken auth_host controller
crudini --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
crudini --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
crudini --set /etc/nova/nova.conf keystone_authtoken admin_user nova
crudini --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
crudini --set /etc/nova/nova.conf keystone_authtoken admin_password nova
crudini --set /etc/nova/api-paste.ini filter:authtoken auth_host controller
crudini --set /etc/nova/api-paste.ini filter:authtoken auth_port 35357
crudini --set /etc/nova/api-paste.ini filter:authtoken auth_protocol http
crudini --set /etc/nova/api-paste.ini filter:authtoken auth_uri http://controller:5000/v2.0
crudini --set /etc/nova/api-paste.ini filter:authtoken admin_tenant_name service
crudini --set /etc/nova/api-paste.ini filter:authtoken admin_user nova
crudini --set /etc/nova/api-paste.ini filter:authtoken admin_password nova
crudini --set /etc/nova/nova.conf DEFAULT api_paste_config /etc/nova/api-paste.ini
# Fixes a bug introduced in Icehouse
crudini --set /etc/nova/nova.conf DEFAULT vif_plugging_is_fatal false
crudini --set /etc/nova/nova.conf DEFAULT vif_plugging_timeout 0
keystone service-create --name=nova --type=compute --description="Nova Compute service"
keystone endpoint-create \
--service-id=`keystone service-get nova | awk '/ id / { print $4 }'` \
--publicurl=http://controller:8774/v2/%\(tenant_id\)s \
--internalurl=http://controller:8774/v2/%\(tenant_id\)s \
--adminurl=http://controller:8774/v2/%\(tenant_id\)s
service openstack-nova-api start
service openstack-nova-cert start
service openstack-nova-consoleauth start
service openstack-nova-scheduler start
service openstack-nova-conductor start
service openstack-nova-novncproxy start
service openstack-nova-console start
chkconfig openstack-nova-api on
chkconfig openstack-nova-cert on
chkconfig openstack-nova-consoleauth on
chkconfig openstack-nova-scheduler on
chkconfig openstack-nova-conductor on
chkconfig openstack-nova-novncproxy on
chkconfig openstack-nova-console on
# Install Horizon
yum -y install mod_wsgi openstack-dashboard
sed -i 's/ALLOWED_HOSTS/#ALLOWED_HOSTS/' /etc/openstack-dashboard/local_settings
sed -i "/OPENSTACK_HOST/c\OPENSTACK_HOST = \"controller\"" /etc/openstack-dashboard/local_settings
sed -i -e "\$aOPENSTACK_KEYSTONE_URL = \"http://controller:5000/v2.0\"" /etc/openstack-dashboard/local_settings
sed -i 's/Listen 80/Listen 10.254.254.100:80/' /etc/httpd/conf/httpd.conf
service httpd start
chkconfig httpd on