One Node Setup
Introduction
The OpenStack setup on one node is demonstrated using devstack in this post.
The Openstack project is hugely popular, gaining more and more ground with developers. It is also pretty damn complicated to set up.
Fortunately, the good folks as Openstack have set up an ‘all-in-one’ configuration allowing you to install all of the Openstack components on one machine using a fairly straightforward script. This project is called Devstack, and you can read more about is here.
The thing to remember is that devstack is really a developer environment, letting Openstack developers quickly check new code on their machine. It is also useful for a quick demo. It is not a production Openstack environement, nor is it means to be one.
Still, setting up devstack on a network machine and using it as a disposable Openstack environment is an appealing concept. For testing alone, this could be really useful.
The general idea was to have a fully functional Openstack Havana, with Neutron networking, up and running on one dedicated hardware box and available on the local network.
CLIs
[stack@localhost devstack]$ cat adminrc
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=user123
export OS_AUTH_URL=http://192.168.0.163:35357/v2.0
[stack@localhost devstack]$ source adminrc
[stack@localhost devstack]$ neutron net-list
+--------------------------------------+-------------+-----------------------------------------------------+
| id | name | subnets |
+--------------------------------------+-------------+-----------------------------------------------------+
| 447f5748-cae6-4323-82ae-efc6ecbedd8e | out-net | e8ee8606-551b-4806-9221-2722bdb668bb 192.168.0.0/24 |
| 4f737b2e-14ff-45d8-bb80-3ce2b1cdeb1e | public | 78937db1-216f-4641-bcd3-51115beec741 172.24.4.0/24 |
| 708d22c3-38d0-474b-a6c0-f78e7c3210d2 | new_private | 1c87f1c9-7d44-4e60-872d-558d83771190 16.0.0.0/24 |
+--------------------------------------+-------------+-----------------------------------------------------+
[stack@localhost devstack]$
[stack@localhost devstack]$ neutron router-list
+--------------------------------------+------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| id | name | external_gateway_info | distributed | ha |
+--------------------------------------+------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| 9fd7e58d-99f0-483d-9f8e-7d3f7049c94b | out_router | {"network_id": "447f5748-cae6-4323-82ae-efc6ecbedd8e", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "e8ee8606-551b-4806-9221-2722bdb668bb", "ip_address": "192.168.0.52"}]} | False | False |
+--------------------------------------+------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
[stack@localhost devstack]$
[stack@localhost devstack]$ ip netns
qrouter-8c8824db-88d6-4ffc-b73e-e48d44878f12
qdhcp-708d22c3-38d0-474b-a6c0-f78e7c3210d2
qrouter-73ec1bfa-4e86-4e14-9d4d-4f861c62c709
qdhcp-0e73da7a-5133-403c-9e80-e38e7da87a5d
qrouter-b602213d-5b25-4c01-b146-2cbcec9dfdc1
qdhcp-996fad63-266d-43c0-acc5-d849c868a6be
Here Router-ID 9fd7e58d-99f0-483d-9f8e-7d3f7049c94b is not present in netns list.
This means router has not come up successfully.
Installation
1. Start with an CentOS\Ubuntu box
Create a CetOS box with high RAM and Disk. This demo is using 16GB RAM and 50 GB disk.
Note: This is hack and needs to be fixed by opening OpenStack ports
Disable FIrewall
systemctl stop firewalld
systemctl disable firewalld
Disable SElinux
setenforce 0
getenforce
2. Setup your Openstack user
Run the following commands on the machine
sudo bash
# Make current user sudo passwordless
sudo echo "user ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers
adduser stack
passwd stack
Password : user123
sudo echo "stack ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers
exit
3. Switch to stack user
su stack
cd /home/stack
4. Install git
sudo yum install git -y
5. Download the devstack project
git clone https://github.com/openstack-dev/devstack.git
cd devstack
6. Get a dedicated IP range in your network
For devstack VMs to work correctly on your network, you will need a range of IPs they can use. This may require you to actually go talk to your system administrator. Annoying, I know.
Let's reserve 192.168.0.210-192.168.0.240
7. Setup your localrc file
The localrc config is now moved to samples/local.conf in devstack directory with localrc section.
But we will still use the old format to override the local.conf
The localrc file is a configuration file that the devstack script uses. If one does not exit, devstack will use fairly reasonable defaults. That said, you should definitely create your own localrc file if you want to get the most use of your devstack. It also makes it easy ro re-install devstack later on. Don’t forget to make a backup of this file.
Here is the a sample localrc file:
vi /home/stack/devstack/localrc
SERVICE_TOKEN=user123
SERVICE_PASSWORD=user123
ADMIN_PASSWORD=user123
LOGFILE=/home/stack/stack.sh.log
disable_service n-net
enable_service q-svc
enable_service q-agt
enable_service q-dhcp
enable_service q-l3
enable_service q-meta
enable_service neutron
# Optional, to enable tempest configuration as part of devstack
enable_service tempest
DATABASE_PASSWORD=user123
RABBIT_PASSWORD=user123
Some things to note about this localrc file:
Not exactly secure passwords – remember, this is not a production set up. You should not be making this environment available on the internet.
The FLAT_INTERFACE value indicates the network interface card that devstack will use for network access. I am assuming ens32 here, but your environment may be a little different. Run ‘ifconfig’ on the CentOSmachine to verify. e.g. FLAT_INTERFACE=eth0
Neutron is enabled and the older nova-network service is disabled.
8. Switch to Kilo branch
$ git checkout stable/kilo
Branch stable/kilo set up to track remote branch stable/kilo from origin.
Switched to a new branch 'stable/kilo'
9. Setup the network environment
sudo bash
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/ens32/proxy_arp
iptables -t nat -A POSTROUTING -o ens32 -j MASQUERADE
exit
These command will make sure that network traffic will be correctly routed in and out of the devstack VMs.
The ip_forward and proxy_arp changes will be reset when the machice reboots. You can make these changes permanent by editing /etc/sysctl.conf and adding the following lines:
sudo vi /etc/sysctl.conf and adding the following lines:
net.ipv4.conf.ens32.proxy_arp = 1
net.ipv4.ip_forward = 1
The deployment has two interfaces.
ens32 is kept for openstack
ens34 is kept for management of node using ssh
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.163 netmask 255.255.255.0 broadcast 192.168.0.255
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.169 netmask 255.255.255.0 broadcast 192.168.0.255
10. Set environment variable
export HOST_IP=192.168.0.163
export GIT_BASE=https://git.openstack.org
11. Run the devstack script
./stack.sh
Asked to assign password for internal component - Gave 'user123'
Installation completes
This is your host ip: 192.168.0.163
2015-09-14 13:10:39.030 | Skip setting lvm filters for non Ubuntu systems
Horizon is now available at http://192.168.0.163
Keystone is serving at http://192.168.0.163:5000/
The default users are: admin and demo
The password: user123
12. Assign IP to br-ex
sudo ovs-vsctl show
sudo ovs-vsctl add-port br-ex ens32
ifconfig ens32 0.0.0.0
ifconfig br-ex 192.168.0.163
13. Add gateway
sudo route add default gw 192.168.0.254
Configuration
1. Access Dashboard
http://192.168.0.163
2. Create External Network
[stack@localhost devstack]$ neutron net-create out-net --router:external --provider:physical_network external --provider:network_type flat
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 21244547-5d3f-4566-8456-e0d52ad77f8b |
| mtu | 0 |
| name | out-net |
| provider:network_type | flat |
| provider:physical_network | external |
| provider:segmentation_id | |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 9e8ed8d6295849a2816e68a738f27031 |
+---------------------------+--------------------------------------+
3. Check dashboard, the new network out-net is listed
4. Add subnet to network out-net
5. Add subnet named out. Click Next.
6. Add Allocation Pools to be used for floating IP from out-net
Disable DHCP.
Add DNS Name Servers. This is used for DNS resolution.
7. Click Create
8. The subnet got listed for out-net
9. Use Create Network. Add Private network.
10. Give private network subnet and name
11. Enable DHCP. Leave blank. Create.
12. Go to Routers tab. No router present.
Create Router
13. Choose external network as out-net which was created above.
14. The new router is listed
Click at open_router
15. The below router screen will be displayed
Click Add Interface
16. Add interface details for private subnet
17. New interface for private network is added.
The interface for out network is already present.
18. Go to Access & Security tab
Click at Create Key Pair
19. Give key pair name
20. Go to Instances Tab
Launch Instance
21. Go to Access & Security tab and choose openkey kair pair
22. Go to Details tab and add details of Instance to be created
23. Click Launch VM
24. Add private network for VM
25. Validate from Instances that new VM is getting spawned
26. Move to Right of Window and Associate Floating IP to VM
27. Click at Allocate IP. Choose out-net i.e. external network
28. Click Allocate
29. The VM now shows two IPs
30. Goto Access & Security and Security Groups
This is to allow ICMP and SSH to VM
Click Manage Rules
31. This is the Manage Rules window.
Click Add Rule
32. Add ALL ICMP as Ingress rule
33. Add SSH as rule
34. Thats it
VM instance is created with floating IP and access to it via Security Rules for ICMP and SSH is set.
Check the state of router and and its ports from router tab
It should be accessible without password using key-pair and ping should work. If not please Debug ...
This is typical error in router as Status of Interfaces is down. Such error needs googling