Setting up OpenStack Juno with 1 controller and compute node

Here is a helpful script which just setup 1 OpenStack Juno controller and 1 compute node in an easy way:

File: controller-node-setup

#!/bin/bash

#get the configuration info
source config

#install ntp
yum -y install ntp
systemctl enable ntpd.service
systemctl start ntpd.service

#openstack repos
yum -y install yum-plugin-priorities
yum -y install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm
yum -y install http://rdo.fedorapeople.org/openstack-juno/rdo-release-juno.rpm
yum -y upgrade
#yum -y install openstack-selinux

#loosen things up
systemctl stop firewalld.service
systemctl disable firewalld.service
sed -i ‘s/enforcing/disabled/g’ /etc/selinux/config
echo 0 > /sys/fs/selinux/enforce

#install database server
yum -y install mariadb mariadb-server MySQL-python

#edit /etc/my.cnf
sed -i.bak “10i\\
bind-address = $CONTROLLER_IP\n\
default-storage-engine = innodb\n\
innodb_file_per_table\n\
collation-server = utf8_general_ci\n\
init-connect = ‘SET NAMES utf8’\n\
character-set-server = utf8\n\
” /etc/my.cnf

#start database server
systemctl enable mariadb.service
systemctl start mariadb.service

echo ‘now run through the mysql_secure_installation’
mysql_secure_installation

#create databases
echo ‘Enter the new MySQL root password’
mysql -u root -p <&1 | grep -q token_flush) || \
echo ‘@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1’ \
>> /var/spool/cron/keystone

#create users and tenants
export OS_SERVICE_TOKEN=$ADMIN_TOKEN
export OS_SERVICE_ENDPOINT=http://$CONTROLLER_IP:35357/v2.0
keystone tenant-create –name admin –description “Admin Tenant”
keystone user-create –name admin –pass $ADMIN_PWD
keystone role-create –name admin
keystone user-role-add –tenant admin –user admin –role admin
keystone role-create –name _member_
keystone user-role-add –tenant admin –user admin –role _member_
keystone tenant-create –name demo –description “Demo Tenant”
keystone user-create –name demo –pass password
keystone user-role-add –tenant demo –user demo –role _member_
keystone tenant-create –name service –description “Service Tenant”
keystone service-create –name keystone –type identity \
–description “OpenStack Identity”
keystone endpoint-create \
–service-id $(keystone service-list | awk ‘/ identity / {print $2}’) \
–publicurl http://$CONTROLLER_IP:5000/v2.0 \
–internalurl http://$CONTROLLER_IP:5000/v2.0 \
–adminurl http://$CONTROLLER_IP:35357/v2.0 \
–region regionOne
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT

#create credentials file
echo “export OS_TENANT_NAME=admin” > creds
echo “export OS_USERNAME=admin” >> creds
echo “export OS_PASSWORD=$ADMIN_PWD” >> creds
echo “export OS_AUTH_URL=http://$CONTROLLER_IP:35357/v2.0” >> creds
source creds

#create keystone entries for glance
keystone user-create –name glance –pass $SERVICE_PWD
keystone user-role-add –user glance –tenant service –role admin
keystone service-create –name glance –type image \
–description “OpenStack Image Service”
keystone endpoint-create \
–service-id $(keystone service-list | awk ‘/ image / {print $2}’) \
–publicurl http://$CONTROLLER_IP:9292 \
–internalurl http://$CONTROLLER_IP:9292 \
–adminurl http://$CONTROLLER_IP:9292 \
–region regionOne

#install glance
yum -y install openstack-glance python-glanceclient

#edit /etc/glance/glance-api.conf
sed -i.bak “/\[database\]/a \
connection = mysql://glance:$SERVICE_PWD@$CONTROLLER_IP/glance” /etc/glance/glance-api.conf

sed -i “/\[keystone_authtoken\]/a \
auth_uri = http://$CONTROLLER_IP:5000/v2.0\n\
identity_uri = http://$CONTROLLER_IP:35357\n\
admin_tenant_name = service\n\
admin_user = glance\n\
admin_password = $SERVICE_PWD” /etc/glance/glance-api.conf

sed -i “/\[paste_deploy\]/a \
flavor = keystone” /etc/glance/glance-api.conf

sed -i “/\[glance_store\]/a \
default_store = file\n\
filesystem_store_datadir = /var/lib/glance/images/” /etc/glance/glance-api.conf

#edit /etc/glance/glance-registry.conf
sed -i.bak “/\[database\]/a \
connection = mysql://glance:$SERVICE_PWD@$CONTROLLER_IP/glance” /etc/glance/glance-registry.conf

sed -i “/\[keystone_authtoken\]/a \
auth_uri = http://$CONTROLLER_IP:5000/v2.0\n\
identity_uri = http://$CONTROLLER_IP:35357\n\
admin_tenant_name = service\n\
admin_user = glance\n\
admin_password = $SERVICE_PWD” /etc/glance/glance-registry.conf

sed -i “/\[paste_deploy\]/a \
flavor = keystone” /etc/glance/glance-registry.conf

#start glance
su -s /bin/sh -c “glance-manage db_sync” glance
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service

#upload the cirros image to glance
yum -y install wget
wget http://cdn.download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img
glance image-create –name “cirros-0.3.3-x86_64” –file cirros-0.3.3-x86_64-disk.img \
–disk-format qcow2 –container-format bare –is-public True –progress

#create the keystone entries for nova
keystone user-create –name nova –pass $SERVICE_PWD
keystone user-role-add –user nova –tenant service –role admin
keystone service-create –name nova –type compute \
–description “OpenStack Compute”
keystone endpoint-create \
–service-id $(keystone service-list | awk ‘/ compute / {print $2}’) \
–publicurl http://$CONTROLLER_IP:8774/v2/%\(tenant_id\)s \
–internalurl http://$CONTROLLER_IP:8774/v2/%\(tenant_id\)s \
–adminurl http://$CONTROLLER_IP:8774/v2/%\(tenant_id\)s \
–region regionOne

#install the nova controller components
yum -y install openstack-nova-api openstack-nova-cert openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler \
python-novaclient

#edit /etc/nova/nova.conf
sed -i.bak “/\[database\]/a \
connection = mysql://nova:$SERVICE_PWD@$CONTROLLER_IP/nova” /etc/nova/nova.conf

sed -i “/\[DEFAULT\]/a \
rpc_backend = rabbit\n\
rabbit_host = $CONTROLLER_IP\n\
auth_strategy = keystone\n\
my_ip = $CONTROLLER_IP\n\
vncserver_listen = $CONTROLLER_IP\n\
vncserver_proxyclient_address = $CONTROLLER_IP\n\
network_api_class = nova.network.api.API\n\
security_group_api = nova” /etc/nova/nova.conf

sed -i “/\[keystone_authtoken\]/i \
[database]\nconnection = mysql://nova:Service123@$CONTROLLER_IP/nova” /etc/nova/nova.conf

sed -i “/\[keystone_authtoken\]/a \
auth_uri = http://$CONTROLLER_IP:5000/v2.0\n\
identity_uri = http://$CONTROLLER_IP:35357\n\
admin_tenant_name = service\n\
admin_user = nova\n\
admin_password = $SERVICE_PWD” /etc/nova/nova.conf

sed -i “/\[glance\]/a host = $CONTROLLER_IP” /etc/nova/nova.conf

#start nova
su -s /bin/sh -c “nova-manage db sync” nova

systemctl enable openstack-nova-api.service openstack-nova-cert.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-cert.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service

#install dashboard
yum -y install openstack-dashboard httpd mod_wsgi memcached python-memcached

#edit /etc/openstack-dashboard/local_settings
sed -i.bak “s/ALLOWED_HOSTS = \[‘horizon.example.com’, ‘localhost’\]/ALLOWED_HOSTS = [‘*’]/” /etc/openstack-dashboard/local_settings
sed -i ‘s/OPENSTACK_HOST = “127.0.0.1”/OPENSTACK_HOST = “‘”$CONTROLLER_IP”‘”/’ /etc/openstack-dashboard/local_settings

#start dashboard
setsebool -P httpd_can_network_connect on
chown -R apache:apache /usr/share/openstack-dashboard/static
systemctl enable httpd.service memcached.service
systemctl start httpd.service memcached.service

#create keystone entries for cinder
keystone user-create –name cinder –pass $SERVICE_PWD
keystone user-role-add –user cinder –tenant service –role admin
keystone service-create –name cinder –type volume \
–description “OpenStack Block Storage”
keystone service-create –name cinderv2 –type volumev2 \
–description “OpenStack Block Storage”
keystone endpoint-create \
–service-id $(keystone service-list | awk ‘/ volume / {print $2}’) \
–publicurl http://$CONTROLLER_IP:8776/v1/%\(tenant_id\)s \
–internalurl http://$CONTROLLER_IP:8776/v1/%\(tenant_id\)s \
–adminurl http://$CONTROLLER_IP:8776/v1/%\(tenant_id\)s \
–region regionOne
keystone endpoint-create \
–service-id $(keystone service-list | awk ‘/ volumev2 / {print $2}’) \
–publicurl http://$CONTROLLER_IP:8776/v2/%\(tenant_id\)s \
–internalurl http://$CONTROLLER_IP:8776/v2/%\(tenant_id\)s \
–adminurl http://$CONTROLLER_IP:8776/v2/%\(tenant_id\)s \
–region regionOne

#install cinder controller
yum -y install openstack-cinder python-cinderclient python-oslo-db

#edit /etc/cinder/cinder.conf
sed -i.bak “/\[database\]/a connection = mysql://cinder:$SERVICE_PWD@$CONTROLLER_IP/cinder” /etc/cinder/cinder.conf

sed -i “/\[DEFAULT\]/a \
rpc_backend = rabbit\n\
rabbit_host = $CONTROLLER_IP\n\
auth_strategy = keystone\n\
my_ip = $CONTROLLER_IP” /etc/cinder/cinder.conf

sed -i “/\[keystone_authtoken\]/a \
auth_uri = http://$CONTROLLER_IP:5000/v2.0\n\
identity_uri = http://$CONTROLLER_IP:35357\n\
admin_tenant_name = service\n\
admin_user = cinder\n\
admin_password = $SERVICE_PWD” /etc/cinder/cinder.conf

#start cinder controller
su -s /bin/sh -c “cinder-manage db sync” cinder
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service

Below is the script which setup the compute node.

#!/bin/bash
export http_proxy=http://moxy.us.dell.com:3128
export https_proxy=http://moxy.us.dell.com:3128
export ftp_proxy=http://moxy.us.dell.com:3128
source config

#install ntp
yum -y install ntp
systemctl enable ntpd.service
systemctl start ntpd.service

#openstack repos
yum -y install yum-plugin-priorities
yum -y install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm
yum -y install http://rdo.fedorapeople.org/openstack-juno/rdo-release-juno.rpm
yum -y upgrade
#yum -y install openstack-selinux

#loosen things up
systemctl stop firewalld.service
systemctl disable firewalld.service
sed -i ‘s/enforcing/disabled/g’ /etc/selinux/config
echo 0 > /sys/fs/selinux/enforce

#get name of 2nd NIC
for i in $(ls /sys/class/net); do
if [ “$(cat /sys/class/net/$i/ifindex)” == ‘3’ ]; then
NIC=$i
MY_MAC=$(cat /sys/class/net/$i/address)
echo “$i ($MY_MAC)”
fi
done

#nova compute
yum -y install openstack-nova-compute sysfsutils libvirt-daemon-config-nwfilter

sed -i.bak “/\[DEFAULT\]/a \
rpc_backend = rabbit\n\
rabbit_host = $CONTROLLER_IP\n\
auth_strategy = keystone\n\
my_ip = $THISHOST_IP\n\
vnc_enabled = True\n\
vncserver_listen = 0.0.0.0\n\
vncserver_proxyclient_address = $THISHOST_IP\n\
novncproxy_base_url = http://$CONTROLLER_IP:6080/vnc_auto.html” /etc/nova/nova.conf

sed -i “/\[keystone_authtoken\]/a \
auth_uri = http://$CONTROLLER_IP:5000/v2.0\n\
identity_uri = http://$CONTROLLER_IP:35357\n\
admin_tenant_name = service\n\
admin_user = nova\n\
admin_password = $SERVICE_PWD” /etc/nova/nova.conf

sed -i “/\[glance\]/a host = $CONTROLLER_IP” /etc/nova/nova.conf

#if compute node is virtual – change virt_type to qemu
if [ $(egrep -c ‘(vmx|svm)’ /proc/cpuinfo) == “0” ]; then
sed -i ‘/\[libvirt\]/a virt_type = qemu’ /etc/nova/nova.conf
fi

systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service
systemctl start openstack-nova-compute.service

yum -y install openstack-nova-network openstack-nova-api

sed -i “/\[DEFAULT\]/a \
network_api_class = nova.network.api.API\n\
security_group_api = nova\n\
firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver\n\
network_manager = nova.network.manager.FlatDHCPManager\n\
network_size = 254\n\
allow_same_net_traffic = True\n\
multi_host = True\n\
send_arp_for_ha = True\n\
share_dhcp_address = True\n\
force_dhcp_release = True\n\
flat_network_bridge = br100\n\
flat_interface = $NIC\n\
public_interface = $NIC” /etc/nova/nova.conf

systemctl enable openstack-nova-network.service openstack-nova-metadata-api.service
systemctl start openstack-nova-network.service openstack-nova-metadata-api.service

#cinder storage node
pvcreate /dev/sdb
vgcreate cinder-volumes /dev/sdb

yum -y install openstack-cinder targetcli python-oslo-db MySQL-python

sed -i.bak “/\[database\]/a connection = mysql://cinder:$SERVICE_PWD@$CONTROLLER_IP/cinder” /etc/cinder/cinder.conf
sed -i ‘0,/\[DEFAULT\]/s//\[DEFAULT\]\
rpc_backend = rabbit\
rabbit_host = ‘”$CONTROLLER_IP”‘\
auth_strategy = keystone\
my_ip = ‘”$THISHOST_IP”‘\
iscsi_helper = lioadm/’ /etc/cinder/cinder.conf
sed -i “/\[keystone_authtoken\]/a \
auth_uri = http://$CONTROLLER_IP:5000/v2.0\n\
identity_uri = http://$CONTROLLER_IP:35357\n\
admin_tenant_name = service\n\
admin_user = cinder\n\
admin_password = $SERVICE_PWD” /etc/cinder/cinder.conf

systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service

echo ‘export OS_TENANT_NAME=admin’ > creds
echo ‘export OS_USERNAME=admin’ >> creds
echo ‘export OS_PASSWORD='”$ADMIN_PWD” >> creds
echo ‘export OS_AUTH_URL=http://'”$CONTROLLER_IP”‘:35357/v2.0’ >> creds
source creds