OpenStack Kilo Lab Installation and Configuration Guide

rdo

Overview

In this article we will focus on installing and configuring OpenStack Kilo using RDO and the packstack installer. RDO is a community platform around Red Hat’s OpenStack Platform. It allows you to test the latest OpenStack capabilities on a stable platform such as Red Hat Enterprise Linux (RHEL) or CentOS. This guide will take you through installing the OpenStack Kilo release, configuring networking, security groups, flavors, images and are other OpenStack related services. The outcome is a working OpenStack environment based on the Kilo release that you can use as a baseline for testing your applications with OpenStack capabilities. A big thanks to Red Hatter, Goetz Rieger who contributed some of this content.

Install and Configure OpenStack Kilo

  • Install RHEL or CentOS 7.1.
  • Ensure name resolution is working
#vi /etc/hosts
192.168.122.80 osp7.lab.com osp7
  • Ensure the hostname is set statically.
#hostnamectl set-hostname osp7.lab.com
  • Disable network manager.
#systemctl disable NetworkManager.service
  • Disable firewalld to make configuration easier.
 #systemctl disable firewalld.service
  • For RHEL systems register with subscription manager.
 #subscription-manager register
 #subscription-manager subscribe --auto
 #subscription-manager repos --disable=*
 #subscription-manager repos --enable=rhel-7-server-rpms
 #subscription-manager repos --enable=rhel-7-server-openstack-7.0-rpms
  • Install yum-utils and update the system.
 #yum install -y yum-utils
 #yum update -y
 #reboot
  • Install packstack packages.
 #yum install -y openstack-packstack
  • Create packstack answers file for customizing the installer.
 #packstack --gen-answer-file /root/answers.txt
  • Update the packstack answers file.
#vi /root/answers.txt
 CONFIG_KEYSTONE_ADMIN_PW=redhat
 CONFIG_HORIZON_SSL=y
 CONFIG_PROVISION_DEMO=n
 CONFIG_HEAT_INSTALL=y
 CONFIG_HEAT_CLOUDWATCH_INSTALL=y
 CONFIG_HEAT_CFN_INSTALL=y
 CONFIG_SAHARA_INSTALL=y
 CONFIG_TROVE_INSTALL=y
 CONFIG_CEILOMETER_INSTALL=y
 CONFIG_LBAAS_INSTALL=y
  • Install OpenStack using packstack from RDO.
#packstack --answer-file /root/answers.txt
. /root/keystonerc_admin
  • Check status of openstack services.
#openstack-status
  • Backup the ifcfg-etho script.
#cp /etc/sysconfig/network-scripts/ifcfg-eth0 /root/
  • Configure external bridge for floating ip networks.
#vi /etc/sysconfig/network-scripts/ifcfg-eth0
 DEVICE=eth0
 ONBOOT=yes
 TYPE=OVSPort
 DEVICETYPE=ovs
 OVS_BRIDGE=br-ex
#vi /etc/sysconfig/network-scripts/ifcfg-br-ex
 DEVICE=br-ex
 BOOTPROTO=static
 ONBOOT=yes
 TYPE=OVSBridge
 DEVICETYPE=ovs
 USERCTL=yes
 PEERDNS=yes
 IPV6INIT=no
 IPADDR=<www.xxx.yyy.zzz>
 NETMASK=255.255.255.0
 GATEWAY=<GW IP>
 DNS1=<DNS IP>
  • Add the eht0 physical interface to the br-ex bridge in openVswitch for floating IP networks.
#ovs-vsctl add-port br-ex eth0 ; systemctl restart network.service
  • Create private network.
#neutron net-create private
#neutron subnet-create private 10.10.1.0/24 --name private_subnet --allocation-pool start=10.10.1.100,end=10.10.1.200
  • Create public network. Note: these steps assume the physical network connected to eth0 is 192.168.122.0/24.
#neutron net-create public --router:external
#neutron subnet-create public 192.168.122.0/24 --name public_subnet --allocation-pool start=192.168.122.100,end=192.168.122.200 --disable-dhcp --gateway 192.168.122.1
  • Add a new router and configure router interfaces.
#neutron router-create router1 --ha False
#neutron router-gateway-set router1 public
#neutron router-interface-add router1 private_subnet
  • Upload a glance image. In this case we will use a Cirros image because it is small and thus good for testing OpenStack.
#glance image-create --name "Cirros 0.3.4" --disk-format qcow2 --container-format bare --is-public True --copy http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
  • Create a new m1.nano flavor for running Cirros image.
#nova flavor-create m1.nano 42 64 0 1
  • Create security group and allow all TCP ports.
#nova secgroup-create all "Allow all tcp ports"
#nova secgroup-add-rule all TCP 1 65535 0.0.0.0/0
  • Create security group for base access
#nova secgroup-create base "Allow Base Access"
#nova secgroup-add-rule base TCP 22 22 0.0.0.0/0
#nova secgroup-add-rule base TCP 80 80 0.0.0.0/0
#nova secgroup-add-rule base ICMP -1 -1 0.0.0.0/0
  • Create a private ssh key for connecting to instances remotely.
#nova keypair-add admin
  • Create admin.pem file and add private key from output of keypair-add command.
#vi /root/admin.pem
#chmod 400 /root/admin.pem
  • List the network IDs.
# neutron net-list
 +--------------------------------------+---------+-------------------------------------------------------+
 | id | name | subnets |
 +--------------------------------------+---------+-------------------------------------------------------+
 | d4f3ed19-8be4-4d56-9f95-cfbac9fdf670 | private | 92d82f53-6e0b-4eef-b8b9-cae32cf40457 10.10.1.0/24     |
 | 37c024d6-8108-468c-bc25-1748db7f5e8f | public  | 22f2e901-186f-4041-ad93-f7b5ccc30a81 192.168.122.0/24 |
  • Start an instance and make sure to replace network id from above command.
#nova boot --flavor m1.nano --image "Cirros 0.3.4" --nic net-id=92d82f53-6e0b-4eef-b8b9-cae32cf40457 --key-name admin --security-groups all mycirros
  • Create a floating IP and assign it to the mycirros instance.
#nova floating-ip-create
#nova floating-ip-associate mycirros <FLOATING IP>
  • Connect to mycirros instance using the private ssh key stored in the admin.pem file.
#ssh -i admin.pem cirros@192.168.122.233

Summary

This article was intended as a hands on guide for standing up an OpenStack Kilo lab using RDO. As mentioned RDO is a stable community platform built around Red Hat’s OpenStack Platform. It provides the ability to test the latest OpenStack features against either an enterprise platform (RHEL) or community platform (CentOS). Hopefully you found the information in this article useful. If you have anything to add or feedback, feel free to leave your comments.

Happy OpenStacking!

(c) 2015 Keith Tenzer

9 thoughts on “OpenStack Kilo Lab Installation and Configuration Guide

    • Packstack and triple0/director have two completely different purposes. The goal of this article was setting up OpenStack Kilo for lab or test environment mainly for learning OpenStack. In this case I would recommend Packstack because the goal is to get an environment up and running as quickly and easily as possible. The goal is also a simple all-in-one environment that would run say on a VM on a laptop with 4-8GB RAM. If I were to do anything serious with OpenStack, build a real environment then management, HA and other enterprise features are critical. I would certainly recommend RHEL OSP and triple0/director not packstack for real environments. I would say both have their purpose though. Do you agree?

      Like

    • By design VMs should use tenant network which is your SDN. If you want to use physical network for VMs you have two options 1) use nova networking instead of neutron 2) configure each hypervisor with physical connection to network and create physical tenant network using those interfaces.

      What are the reasons for doing this?

      Regards,

      Keith

      Like

    • No you cant do a HA controller setup with packstack it isnt intended for production use. Red Hat at least uses pacemaker and gallera to build an active/active control plan in HA config. OSP Director based on tripleO can achieve this as well as ols installer with OSP 6. Since OSP-d is based on triplerO upstream there is a new RDO installer called rdomanager. With this you could do HA using CentOS or RHEL. I havent tried it though. Here is more info: https://www.rdoproject.org/rdo-manager/

      If you get something working let me know?

      Keith

      Like

  1. Thanks for great tutorial! I followed all the networking setup. but I’m getting router_gateway interface status = Down, instead of “Build” from network topology. I’ve launched an instance and was able to assign floating IP, my sec group is wide open, I can ping the openstack host from that instance (and vice versa) but cannot ping any other nodes on the same subnet as the openstack host. Any ideas?

    Like

    • Router gateway interface down is normal, you can ignore that.

      If you can ping instance from OpenStack control host then your problem me be mac spoofing. If you are running OpenStack as VM on RHEV or VMware vCenter by default they dont allow mac spoofing so hypervisor will drop packets. What is your setup?

      To rule out floating-ip issue with mac spoofing I would configure provider network. Details on how to do that are here: https://keithtenzer.com/2016/07/18/openstack-networking-101-for-non-network-engineers/

      In this setup instances dont get floating-ip they get ip on real network so floating-ips arent needed.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s