Keith Tenzer

Keith Tenzer

Solutions Architect at Temporal

OpenStack 11 (Ocata) Lab Installation and Configuration Guide

11 minute read

rdo

Overview

In this article we will focus on installing and configuring OpenStack Ocata using RDO and the packstack installer. RDO is a community platform around Red Hat’s OpenStack Platform. It allows you to test the latest OpenStack capabilities on a stable platform such as Red Hat Enterprise Linux (RHEL) or CentOS. This guide will take you through installing the OpenStack Liberty release, configuring networking, security groups, flavors, images and are other OpenStack related services. The outcome is a working OpenStack environment based on the Ocata release that you can use as a baseline for testing your applications with OpenStack capabilities.

Install and Configure OpenStack Ocata

In this configuration we will go with one controller and two compute nodes.

[All Nodes]

  • Install RHEL or CentOS 7.3 or 7.4.
  • Ensure name resolution is working.
# vi /etc/hosts
192.168.122.40 ospctr.lab ospctr
192.168.122.41 ospcmp1.lab ospcmp1
192.168.122.42 ospcmp2.lab ospcpmp2
  • Set hostname.

We will have three nodes: ospctrl.lab (controller), ospcmp1.lab (compute) and ospcmp2.lab (compute).

# hostnamectl set-hostname ospctr.lab

Note: set hostname for other nodes (ospcmp1.lab and ospcmp2.lab)

  • Disable firewalld since this is for a lab environment.
# systemctl disable firewalld
# systemctl stop firewalld
  • Disable NetworkManager, it is still not recommended for Liberty (at least RDO).
# systemctl stop NetworkManager
# systemctl disable NetworkManager
  • For RHEL systems register with subscription manager.
# subscription-manager register
# subscription-manager list --available
# subscription-manager attach --pool=<pool id>
# subscription-manager repos --disable=*
# subscription-manager repos --enable=rhel-7-server-rpms
# subscription-manager repos --enable=rhel-7-server-rh-common-rpms
# subscription-manager repos --enable=rhel-7-server-extras-rpms
# subscription-manager repos --enable=rhel-7-server-openstack-11-rpms
# subscription-manager repos --enable=rhel-7-server-openstack-11-devtools-rpms
  • Install yum-utils and update the system.
# yum install -y yum-utils
# yum update -y
  • Reboot.
# systemctl reboot

[Controller]

  • Install packstack packages.
# yum install -y openstack-packstack

You can install packstack by providing command-line options or using the answers file.

INSTALL USING ANSWERS FILE

  • Create packstack answers file for customizing the installer.
# packstack --gen-answer-file /root/answers.txt
  • Update the packstack answers file and enable other OpenStack services. Note: as of the writing of this guide SSL is not working in combination with Horizon so don’t enable SSL.
# vi /root/answers.txt
CONFIG_NTP_SERVERS=0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org
CONFIG_CONTROLLER_HOST=192.168.0.40 
CONFIG_COMPUTE_HOSTS=192.168.0.41,192.168.0.42
CONFIG_NETWORK_HOSTS=192.168.0.40
CONFIG_STORAGE_HOST=192.168.0.40
CONFIG_KEYSTONE_ADMIN_PW=redhat
CONFIG_PROVISION_DEMO=n
CONFIG_HEAT_INSTALL=y
CONFIG_HEAT_CFN_INSTALL=y
CONFIG_HEAT_CLOUDWATCH_INSTALL=y
CONFIG_CEILOMETER_INSTALL=y
 CONFIG_LBAAS_INSTALL=y
  • Install OpenStack Liberty using packstack.
# packstack --answer-file /root/answers.txt
  • Source the keystone admin profile.
# . /root/keystonerc_admin
  • Backup the ifcfg-etho script.
# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /root/
  • Configure external bridge for floating ip networks.
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
# vi /etc/sysconfig/network-scripts/ifcfg-br-ex
DEVICE=br-ex
BOOTPROTO=static
ONBOOT=yes
TYPE=OVSBridge
DEVICETYPE=ovs
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
IPADDR=
NETMASK=255.255.255.0
GATEWAY=
DNS1=
  • Add the eht0 physical interface to the br-ex bridge in openVswitch for floating IP networks.
# ovs-vsctl add-port br-ex eth0 ; systemctl restart network.service

CONFIGURE OPENSTACK

  • Create private network.
# neutron net-create private
# neutron subnet-create private --name private_subnet --allocation-pool start=10.10.1.100,end=10.10.1.200 10.10.1.0/24
  • Create public network. Note: these steps assume the physical network connected to eth0 is 192.168.122.0/24.
# neutron net-create public --provider:network_type flat --provider:physical_network extnet --router:external
# neutron subnet-create public --name public_subnet --allocation-pool start=192.168.0.100,end=192.168.0.200 --disable-dhcp --gateway 192.168.0.1 192.168.0.0/24
  • Add a new router and configure router interfaces.
# neutron router-create router1 --ha False
# neutron router-gateway-set router1 public
# neutron router-interface-add router1 private_subnet
  • Check to ensure network connectivity is working in router network namespace by pinging the external gateway.
# ip netns show
qrouter-88dde0ef-22a2-44b1-baa9-304273653bb1
qdhcp-f1582f71-b531-43af-99c1-299b603232fc
# ip netns exec qrouter-88dde0ef-22a2-44b1-baa9-304273653bb1 ping 192.168.0.1
  • Upload a glance image. In this case we will use a Cirros image because it is small and thus good for testing OpenStack.
# yum install -y wget
# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
# glance image-create --name "Cirros 0.3.4" --disk-format qcow2 --container-format bare --visibility public --file /root/cirros-0.3.4-x86_64-disk.img
  • Create a new m1.nano flavor for running Cirros image.
# nova flavor-create m1.nano 42 64 0 1
  • Create security group and allow all TCP ports.
# openstack security group create all --description "Allow all ports"
# openstack security group rule create --protocol TCP --dst-port 1:65535 --remote-ip 0.0.0.0/0 all
# openstack security group rule create --protocol ICMP --remote-ip 0.0.0.0/0 all
  • Create security group for base access
# openstack security group create base --description "Allow base ports"
# openstack security group rule create --protocol TCP --dst-port 22 --remote-ip 0.0.0.0/0 base
# openstack security group rule create --protocol TCP --dst-port 80 --remote-ip 0.0.0.0/0 base
# openstack security group rule create --protocol ICMP --remote-ip 0.0.0.0/0 base
  • Create a private ssh key for connecting to instances remotely.
# nova keypair-add admin
  • Create admin.pem file and add private key from output of keypair-add command.
# vi /root/admin.pem
# chmod 400 /root/admin.pem
  • List the network IDs.
# neutron net-list
 +--------------------------------------+---------+-------------------------------------------------------+
 | id | name | subnets |
 +--------------------------------------+---------+-------------------------------------------------------+
 | d4f3ed19-8be4-4d56-9f95-cfbac9fdf670 | private | 92d82f53-6e0b-4eef-b8b9-cae32cf40457 10.10.1.0/24     |
 | 37c024d6-8108-468c-bc25-1748db7f5e8f | public  | 22f2e901-186f-4041-ad93-f7b5ccc30a81 192.168.122.0/24 |
  • Start an instance and make sure to replace network id from above command.
# nova boot --flavor m1.nano --image "Cirros 0.3.4" --nic net-id=92d82f53-6e0b-4eef-b8b9-cae32cf40457 --key-name admin --security-groups all mycirros
# nova list
+--------------------------------------+----------+--------+------------+-------------+---------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+----------+--------+------------+-------------+---------------------+
| 18450c0f-3410-4b8a-a35e-2964242f33cb | mycirros | ACTIVE | - | Running | private=10.10.1.108 |
+--------------------------------------+----------+--------+------------+-------------+---------------------+
  • Create a floating IP and assign it to the mycirros instance.
# nova floating-ip-create
+--------------------------------------+---------------+-----------+----------+--------+
| Id | IP | Server Id | Fixed IP | Pool |
+--------------------------------------+---------------+-----------+----------+--------+
| 4b71690d-d881-4f32-9587-89c814617c74 | 192.168.0.106 | - | - | public |
+--------------------------------------+---------------+-----------+----------+--------+
# nova floating-ip-associate mycirros 192.168.0.106
  • Check the OpenStack router network namespace and you should also see floating ip
#ip netns exec qrouter-88dde0ef-22a2-44b1-baa9-304273653bb1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host 
 valid_lft forever preferred_lft forever
15: qg-7b3b000a-6f: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
 link/ether fa:16:3e:3c:e0:49 brd ff:ff:ff:ff:ff:ff
 inet 192.168.0.101/24 brd 192.168.122.255 scope global qg-7b3b000a-6f
 valid_lft forever preferred_lft forever
 inet 192.168.0.106/32 brd 192.168.122.100 scope global qg-7b3b000a-6f
 valid_lft forever preferred_lft forever
 inet6 fe80::f816:3eff:fe3c:e049/64 scope link 
 valid_lft forever preferred_lft forever
16: qr-4fe396dd-2d: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN qlen 1000
 link/ether fa:16:3e:97:1b:e6 brd ff:ff:ff:ff:ff:ff
 inet 10.10.1.1/24 brd 10.10.1.255 scope global qr-4fe396dd-2d
 valid_lft forever preferred_lft forever
 inet6 fe80::f816:3eff:fe97:1be6/64 scope link 
 valid_lft forever preferred_lft forever
  • Connect to mycirros instance using the private ssh key stored in the admin.pem file. Note: The first floating IP in the range 192.168.122.201.
# ssh -i admin.pem cirros@192.168.0.106
$ ping google.com
PING google.com (172.217.21.14): 56 data bytes
64 bytes from 172.217.21.14: seq=0 ttl=54 time=37.692 ms
64 bytes from 172.217.21.14: seq=1 ttl=54 time=27.758 ms
64 bytes from 172.217.21.14: seq=2 ttl=54 time=25.640 ms

Nova Nested Virtualization

Most OpenStack lab or test environments will install OpenStack on a hypervisor platform inside virtual machines. I would strongly recommend KVM. If you are running OpenStack on KVM (Nova nested virtualization) make sure to follow these tips and tricks to get the best performance.

Summary

This article was intended as a hands on guide for standing up an OpenStack Ocata lab environment using RDO. As mentioned RDO is a stable community platform built around Red Hat’s OpenStack Platform. It provides the ability to test the latest OpenStack features against either an enterprise platform (RHEL) or community platform (CentOS). Hopefully you found the information in this article useful. If you have anything to add or feedback, feel free to leave your comments.

Happy OpenStacking!

(c) 2017 Keith Tenzer

You may also enjoy

Mutating Temporal Workflows with Update

9 minute read

Overview Temporal has just released a brand new primitive into it’s programming model called Update! As of the writing of this article, Update is in private...

Temporal Worker Versioning

8 minute read

Overview In this article we will cover the new feature, Worker Versioning. First, as of the writing of this article, Worker Versioning is in private beta an...

Temporal Cloud Certificate Rotation

8 minute read

Overview In this article we will look at how to rotate certificates in Temporal cloud. There are two possible certificate rotation scenarios. Scenario 1:...

Temporal Fundamentals Part I: Basics

11 minute read

Overview This is a five part series focused on Temporal fundamentals. It represents, in my words, what I have learned along the way and what I would’ve like...