-
Notifications
You must be signed in to change notification settings - Fork 259
/
ch_basics.xml
437 lines (382 loc) · 22.3 KB
/
ch_basics.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
version="5.0"
xml:id="ch_basics">
<title>Basic Operating System Configuration</title>
<para>This guide starts by creating two nodes: a controller node to host most
services, and a compute node to run virtual machine instances. Later
chapters create additional nodes to run more services. OpenStack offers a
lot of flexibility in how and where you run each service, so this is not the
only possible configuration. However, you do need to configure certain
aspects of the operating system on each node.</para>
<para>This chapter details a sample configuration for both the controller
node and any additional nodes. It's possible to configure the operating
system in other ways, but the remainder of this guide assumes you have a
configuration compatible with the one shown here.</para>
<para>All of the commands throughout this guide assume you have administrative
privileges. Either run the commands as the root user, or prefix them with
the <command>sudo</command> command.</para>
<section xml:id="basics-networking">
<title>Networking</title>
<para>For a production deployment of OpenStack, most nodes should have two
network interface cards: one for external network traffic, and one to
communicate only with other OpenStack nodes. For simple test cases, you
can use machines with only a single network interface card.</para>
<para>This section sets up networking on two networks with static
IP addresses and manually manages a list of host names on each
machine. If you manage a large network, you probably already
have systems in place to manage this. If so, you may skip this
section, but note that the rest of this guide assumes that each
node can reach the other nodes on the internal network using
host names like <literal>controller</literal> and
<literal>compute1</literal>.</para>
<!-- these fedora only paragraphs are confirmed not needed in centos -->
<para os="fedora">Start by disabling the <literal>NetworkManager</literal> service and
enabling the <literal>network</literal> service. The
<literal>network</literal> service is more suitable for the static
network configuration done in this guide.</para>
<screen os="fedora"><prompt>#</prompt> <userinput>service NetworkManager stop</userinput>
<prompt>#</prompt> <userinput>service network start</userinput>
<prompt>#</prompt> <userinput>chkconfig NetworkManager off</userinput>
<prompt>#</prompt> <userinput>chkconfig network on</userinput></screen>
<note os="fedora">
<para>Since Fedora 19, <literal>firewalld</literal> replaced
<literal>iptables</literal> as the default firewall system. You can configure
<literal>firewalld</literal> successfully, but this guide
currently recommends and demonstrates the use of <literal>iptables</literal>.
For Fedora 19 systems, run the following commands to disable
<literal>firewalld</literal> and enable <literal>iptables</literal>.</para>
<screen><prompt>#</prompt> <userinput>service firewalld stop</userinput>
<prompt>#</prompt> <userinput>service iptables start</userinput>
<prompt>#</prompt> <userinput>chkconfig firewalld off</userinput>
<prompt>#</prompt> <userinput>chkconfig iptables on</userinput></screen>
</note>
<para os="opensuse">When you setup your system, use the
traditional network scripts and do not use the
<literal>NetworkManager</literal>. You can change the settings also after
installation with the YaST network module:</para>
<screen os="opensuse"><prompt>#</prompt> <userinput>yast2 network</userinput></screen>
<para>Next, create the configuration for both <literal>eth0</literal>
and <literal>eth1</literal>. This guide uses
<literal>192.168.0.x</literal> address for the internal network and
<literal>10.0.0.x</literal> addresses for the external network. Make
sure that the corresponding network devices are connected to the correct
network.</para>
<para>In this guide, the controller node uses the IP addresses
<literal>192.168.0.10</literal> and <literal>10.0.0.10</literal>. When
creating the compute node, use <literal>192.168.0.11</literal> and
<literal>10.0.0.11</literal> instead. Additional nodes added in later
chapters will follow this pattern.</para>
<figure xml:id="basic-architecture-networking">
<title>Basic Architecture</title>
<mediaobject>
<imageobject>
<imagedata contentwidth="6in" fileref="figures/basic-architecture-networking.svg"/>
</imageobject>
</mediaobject>
</figure>
<example os="fedora">
<title><filename>/etc/sysconfig/network-scripts/ifcfg-eth0</filename></title>
<programlisting language="ini"># Internal Network
DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=static
IPADDR=192.168.0.10
NETMASK=255.255.255.0
DEFROUTE=yes
ONBOOT=yes</programlisting>
</example>
<example os="fedora">
<title><filename>/etc/sysconfig/network-scripts/ifcfg-eth1</filename></title>
<programlisting language="ini"># External Network
DEVICE=eth1
TYPE=Ethernet
BOOTPROTO=static
IPADDR=10.0.0.10
NETMASK=255.255.255.0
DEFROUTE=yes
ONBOOT=yes</programlisting>
</example>
<para os="opensuse;sles">
To set up the two network interfaces, start the YaST
network module, as follows:
<screen><prompt>#</prompt> <userinput>yast2 network</userinput></screen>
<itemizedlist>
<listitem>
<para>Use the following parameters to set up the first ethernet card
<emphasis role="bold">eth0</emphasis> for the internal network:
<programlisting>
Statically assigned IP Address
IP Address: 192.168.0.10
Subnet Mask: 255.255.255.0
</programlisting>
</para>
</listitem>
<listitem>
<para>Use the following parameters to set up the second ethernet card
<emphasis role="bold">eth1</emphasis> for the external network:
<programlisting>
Statically assigned IP Address
IP Address: 10.0.0.10
Subnet Mask: 255.255.255.0
</programlisting>
</para>
</listitem>
<listitem>
<para>Setup a default route on the external network.
</para>
</listitem>
</itemizedlist></para>
<example os="ubuntu">
<title><filename>/etc/network/interfaces</filename></title>
<programlisting language="ini"># Internal Network
auto eth0
iface eth0 inet static
address 192.168.0.10
netmask 255.255.255.0
# External Network
auto eth1
iface eth1 inet static
address 10.0.0.10
netmask 255.255.255.0
</programlisting>
</example>
<para>Once you've configured the network, restart the daemon for changes to take effect:</para>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>service networking restart</userinput></screen>
<screen os="fedora;rhel;centos;opensuse;sles"><prompt>#</prompt> <userinput>service network restart</userinput></screen>
<para>Set the host name of each machine. Name the controller node
<literal>controller</literal> and the first compute node
<literal>compute1</literal>. These are the host names used in
the examples throughout this guide.</para>
<para os="ubuntu;debian;fedora;rhel;centos">Use the
<command>hostname</command> command to set the host name:
<screen><prompt>#</prompt> <userinput>hostname controller</userinput></screen></para>
<para os="opensuse;sles">Use <command>yast network</command> to set the
host name with YaST.</para>
<para os="rhel;fedora;centos">To have the host name change persist
when the system reboots, you need to specify it in the proper
configuration file. In Red Hat Enterprise Linux, CentOS, and
older versions of Fedora, you set this in the file
<filename>/etc/sysconfig/network</filename>. Change the line
starting with <literal>HOSTNAME=</literal>.</para>
<programlisting language="ini" os="rhel;fedora;centos">HOSTNAME=controller</programlisting>
<para os="rhel;fedora;centos">As of Fedora 18, Fedora now uses the
file <filename>/etc/hostname</filename>. This file contains a
single line with just the host name.</para>
<para os="ubuntu;debian">To have this host name set when the
system reboots, you need to specify it in the file
<filename>/etc/hostname</filename>. This file contains a
single line with just the host name.</para>
<para>Finally, ensure that each node can reach the other nodes
using host names. In this guide, we will manually edit the
<filename>/etc/hosts</filename> file on each system. For
large-scale deployments, you should use DNS or a configuration
management system like Puppet.</para>
<programlisting>127.0.0.1 localhost
192.168.0.10 controller
192.168.0.11 compute1</programlisting>
</section>
<section xml:id="basics-ntp">
<title>Network Time Protocol (NTP)</title>
<para>To keep all the services in sync across multiple machines, you need to
install NTP. In this guide, we will configure the controller node to be
the reference server, and configure all additional nodes to set their time
from the controller node.</para>
<para>Install the <literal>ntp</literal> package on each system running
OpenStack services.</para>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install ntp</userinput></screen>
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install ntp</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install ntp</userinput></screen>
<para os="rhel;fedora;centos;opensuse;sles">Set up the NTP server on your
controller node so that it receives data by modifying the <filename>ntp.conf</filename>
file and restarting the service.</para>
<screen os="rhel;fedora;centos;opensuse;sles"><prompt>#</prompt> <userinput>service ntpd start</userinput>
<prompt>#</prompt> <userinput>chkconfig ntpd on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service ntp start</userinput>
<prompt>#</prompt> <userinput>chkconfig ntp on</userinput></screen>
<para>Set up all additional nodes to synchronize their time from the
controller node. The simplest way to do this is to add a daily cron job.
Add a file at <filename>/etc/cron.daily/ntpdate</filename> that contains
the following:</para>
<programlisting language="bash">ntpdate <replaceable>controller</replaceable>
hwclock -w</programlisting>
<para>Make sure to mark this file as executable.</para>
<screen><prompt>#</prompt> <userinput>chmod a+x /etc/cron.daily/ntpdate</userinput></screen>
</section>
<section xml:id="basics-database">
<title>MySQL Database</title>
<para os="ubuntu;debian;rhel;fedora;centos">Most OpenStack services
require a database to store information. In
this guide, we use a MySQL database running on the controller node. The
controller node needs to have the MySQL database installed. Any additional
nodes that access MySQL need to have the MySQL client software
installed:</para>
<para os="opensuse;sles">Most OpenStack services require a database to store
information. In this guide, we use a MySQL on SUSE Linux
Enterprise Server and compatible database on openSUSE running on
the controller node. This compatible database for openSUSE is MariaDB. The
controller node needs to have the MariaDB database
installed. Any additional nodesf that access the MariaDB
database need to have the MariaDB client software
installed:</para>
<itemizedlist>
<listitem>
<para><phrase os="sles;opensuse">For SUSE Linux Enterprise Server: </phrase>
On the controller node,
install the MySQL client, the MySQL database,
and the MySQL Python library.</para>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install mysql-client mysql python-mysql</userinput></screen>
<para os="opensuse;sles">For openSUSE: On the controller node, install
the MariaDB client, the MariaDB database, and the MySQL Python
library.</para>
<screen os="opensuse"><prompt>#</prompt> <userinput>zypper install mariadb-client mariadb python-mysql</userinput></screen>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install python-mysqldb mysql-server</userinput></screen>
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install mysql mysql-server MySQL-python</userinput></screen>
<note os="ubuntu;debian"><para>When you install the server package, you will
be asked to enter a root password for the database. Be sure to choose
a strong password and remember it - it will be needed later.</para></note>
<para>Edit <filename
os="ubuntu;debian;rhel;fedora;centos">/etc/mysql/my.cnf</filename><filename
os="opensuse;sles">/etc/my.cnf</filename> and set the
<literal>bind-address</literal> to the internal IP address of the
controller, to allow access from outside the controller
node.</para>
<programlisting language="ini">
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 192.168.0.10
</programlisting>
</listitem>
<listitem><para>On any nodes besides the controller node, just install the
<phrase os="ubuntu;debian;rhel;fedora;centos">MySQL</phrase>
<phrase os="opensuse;sles">MariaDB (on openSUSE)</phrase>
client and the MySQL Python library. This is all you need to do on any
system not hosting the MySQL database.</para>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install python-mysqldb</userinput></screen>
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install mysql MySQL-python</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install mariadb-client python-mysql</userinput></screen>
<para os="opensuse;sles">For SUSE Linux Enterprise, install MySQL:</para>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install mysql-client python-mysql</userinput></screen>
</listitem>
</itemizedlist>
<para os="rhel;centos;fedora;opensuse;sles">Start the
<phrase os="rhel;fedora;centos">MySQL</phrase>
<phrase os="opensuse;sles">MariaDB or MySQL</phrase>
database server and set it to start automatically when
the system boots.</para>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>service mysqld start</userinput>
<prompt>#</prompt> <userinput>chkconfig mysqld on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service mysql start</userinput>
<prompt>#</prompt> <userinput>chkconfig mysql on</userinput></screen>
<para os="rhel;centos;fedora;opensuse;sles">Finally, you should set a root password for your
<phrase os="rhel;fedora;centos">MySQL</phrase>
<phrase os="opensuse;sles">MariaDB or MySQL</phrase>
database. The OpenStack programs that set up databases and tables will
prompt you for this password if it's set. You also need to delete the
anonymous users that are created when the database is first started.
Otherwise, you will get database connection problems when following
the instructions in this guide. You can do both of these with the
<command>mysql_secure_installation</command> command.</para>
<para os="ubuntu;debian;opensuse;sles">You need to delete the anonymous users
that are created when the database is first started. Otherwise, you
will get database connection problems when following the instructions
in this guide. You can do this with the
<command>mysql_secure_installation</command> command.</para>
<screen><prompt>#</prompt> <userinput>mysql_secure_installation</userinput></screen>
<para><phrase os="rhel;centos;fedora;opensuse;sles">If you have not already
set a root database password, press enter when first prompted for the
password.</phrase> This command will present a number of options for
you to secure your database installation. Answer yes to all of them
unless you have a good reason to do otherwise.</para>
</section>
<section xml:id="basics-queue">
<title>Messaging Server</title>
<para>On the controller node, install the messaging queue server. Typically this is <phrase
os="ubuntu;opensuse;sles">RabbitMQ</phrase><phrase os="centos;rhel;fedora"
>Qpid</phrase> but <phrase os="ubuntu;opensuse;sles">Qpid</phrase><phrase
os="centos;rhel;fedora">RabbitMQ</phrase> and ZeroMQ (0MQ) are also
available.</para>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install rabbitmq-server</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install rabbitmq-server</userinput></screen>
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>yum install qpid-cpp-server memcached</userinput></screen>
<note os="ubuntu;debian">
<para>The <package>rabbitmq-server</package> package configures
the RabbitMQ service to start automatically and creates a
<literal>guest</literal> user with a default
<literal>guest</literal> password. The RabbitMQ examples in
this guide use the <literal>guest</literal> account.</para>
</note>
<para os="fedora;centos;rhel">Disable Qpid authentication by editing <filename>/etc/qpidd.conf</filename> file and
changing the <literal>auth</literal> option to <literal>no</literal>.</para>
<screen os="fedora;centos;rhel"> <userinput>auth=no</userinput></screen>
<para os="fedora;centos;rhel">Start Qpid and set it to start automatically
when the system boots.</para>
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>service qpidd start</userinput>
<prompt>#</prompt> <userinput>chkconfig qpidd on</userinput></screen>
<para os="opensuse;sles">Start the messaging service and set it to start automatically when the system boots:</para>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service rabbitmq-server start</userinput>
<prompt>#</prompt> <userinput>chkconfig rabbitmq-server on</userinput></screen>
</section>
<section xml:id="basics-packages">
<title>OpenStack Packages</title>
<para>Distribution releases and OpenStack releases are often independent of
each other and thus you might need to add some extra steps to access
the latest OpenStack release after installation of the machine before
installation of any OpenStack packages.</para>
<para os="fedora;centos;rhel">This guide uses the OpenStack packages from
the RDO repository. These packages work on Red Hat Enterprise Linux 6 and
compatible versions of CentOS, as well as Fedora 19. Enable the RDO repository
by downloading and installing the <literal>rdo-release-havana</literal>
package.</para>
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>yum install http://repos.fedorapeople.org/repos/openstack/openstack-havana/rdo-release-havana-6.noarch.rpm</userinput></screen>
<para os="fedora;centos;rhel">The EPEL package includes GPG keys
for package signing and repository information. This should only
be installed on Red Hat Enterprise Linux and CentOS, not Fedora.
Install the latest <systemitem>epel-release</systemitem> package
(see <link
xlink:href="http://download.fedoraproject.org/pub/epel/6/i386/repoview/epel-release.html"
>http://download.fedoraproject.org/pub/epel/6/x86_64/repoview/epel-release.html</link>).
For example:</para>
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm</userinput></screen>
<para os="fedora;centos;rhel">The <literal>openstack-utils</literal> package
contains utility programs that make installation and configuration easier.
These programs will be used throughout this guide. Install
<literal>openstack-utils</literal>. This will also verify that you can
access the RDO repository.</para>
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>yum install openstack-utils</userinput></screen>
<para os="opensuse;sles">Use the Open Build Service repositories
for Havana based on your openSUSE or SUSE Linux Enterprise Server
version, for example if you run openSUSE 12.3 use:</para>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper ar -f obs://Cloud:OpenStack:Havana/openSUSE_12.3 Havana</userinput></screen>
<para os="opensuse;sles">
If you use SUSE Linux Enterprise Server 11 SP3, use:
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper ar -f obs://Cloud:OpenStack:Havana/SLE_11_SP3 Havana</userinput></screen>
</para>
<para os="opensuse;sles">For openSUSE 13.1, nothing needs to be
done since OpenStack Havana packages are part of the distribution
itself.
</para>
<procedure xml:id="ubuntu-cloud-archive" os="ubuntu">
<title>To use the Ubuntu Cloud Archive for Havana</title>
<para>The <link xlink:href="https://wiki.ubuntu.com/ServerTeam/CloudArchive">Ubuntu Cloud Archive</link>
is a special repository that allows you to install newer releases of OpenStack on
the stable supported version of Ubuntu.</para>
<step>
<para>Install the keyring:
<screen><prompt>#</prompt> <userinput>apt-get install ubuntu-cloud-keyring</userinput> </screen></para>
</step>
<step>
<para>Create a new repository sources file
<filename>/etc/apt/sources.list.d/cloud-archive.list</filename>
containing:
<programlisting>deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/havana main</programlisting></para>
</step>
<step>
<para>Upgrade the system (and reboot if you need):
<screen><prompt>#</prompt> <userinput>apt-get update && apt-get dist-upgrade</userinput> </screen></para>
</step>
</procedure>
<para>Congratulations, now you are ready to start installing OpenStack services!</para>
</section>
</chapter>