769 lines
52 KiB
XML
769 lines
52 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
||
<chapter xmlns="http://docbook.org/ns/docbook"
|
||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
||
xml:id="ch_installing-openstack-compute">
|
||
<title>Installing OpenStack Compute</title>
|
||
<para>The OpenStack system has several key projects that are separate installations but can
|
||
work together depending on your cloud needs: OpenStack Compute, OpenStack Object Storage,
|
||
and OpenStack Image Service. You can install any of these projects separately and then
|
||
configure them either as standalone or connected entities.</para>
|
||
<section xml:id="compute-system-requirements">
|
||
<title>System Requirements</title>
|
||
<para><emphasis role="bold">Hardware</emphasis>: OpenStack components are intended to
|
||
run on standard hardware. Recommended hardware configurations for a minimum production
|
||
deployment are as follows for the cloud controller nodes and compute nodes.</para>
|
||
<table rules="all">
|
||
<caption>Hardware Recommendations </caption>
|
||
<col width="20%"/>
|
||
<col width="23%"/>
|
||
<col width="57%"/>
|
||
|
||
<thead>
|
||
<tr>
|
||
<td>Server</td>
|
||
<td>Recommended Hardware</td>
|
||
<td>Notes</td>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td>Cloud Controller node (runs network, volume, API, scheduler and image
|
||
services) </td>
|
||
<td>
|
||
<para>Processor: 64-bit x86</para>
|
||
<para>Memory: 12 GB RAM </para>
|
||
<para>Disk space: 30 GB (SATA or SAS or SSD) </para>
|
||
<para>Volume storage: two disks with 2 TB (SATA) for volumes attached to the
|
||
compute nodes </para>
|
||
<para>Network: one 1 GB Network Interface Card (NIC)</para>
|
||
</td>
|
||
<td>
|
||
<para>Two NICS are recommended but not required. A quad core server with 12
|
||
GB RAM would be more than sufficient for a cloud controller node.</para>
|
||
<para>32-bit processors will work for the cloud controller node. </para>
|
||
</td>
|
||
</tr>
|
||
<tr>
|
||
<td>Compute nodes (runs virtual instances)</td>
|
||
<td>
|
||
<para>Processor: 64-bit x86</para>
|
||
<para>Memory: 32 GB RAM</para>
|
||
<para>Disk space: 30 GB (SATA)</para>
|
||
<para>Network: two 1 GB NICs</para>
|
||
</td>
|
||
<td>
|
||
<para>Note that you cannot run 64-bit VM instances on a 32-bit compute node.
|
||
A 64-bit compute node can run either 32- or 64-bit VMs, however.</para>
|
||
<para>With 2 GB RAM you can run one m1.small instance on a node or three
|
||
m1.tiny instances without memory swapping, so 2 GB RAM would be a
|
||
minimum for a test-environment compute node. As an example, Rackspace
|
||
Cloud Builders use 96 GB RAM for compute nodes in OpenStack
|
||
deployments.</para>
|
||
<para>Specifically for virtualization on certain hypervisors on the node or
|
||
nodes running nova-compute, you need a x86 machine with an AMD processor
|
||
with SVM extensions (also called AMD-V) or an Intel processor with VT
|
||
(virtualization technology) extensions. </para>
|
||
<para>For Xen-based hypervisors, the Xen wiki contains a list of compatible
|
||
processors on the <link
|
||
xlink:href="http://wiki.xensource.com/xenwiki/HVM_Compatible_Processors"
|
||
>HVM Compatible Processors</link> page. For XenServer-compatible
|
||
Intel processors, refer to the <link
|
||
xlink:href="http://ark.intel.com/VTList.aspx">Intel® Virtualization
|
||
Technology List</link>. </para>
|
||
<para>For LXC, the VT extensions are not required.</para>
|
||
</td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
<para><emphasis role="bold">Operating System</emphasis>: OpenStack currently has packages
|
||
for the following distributions: Ubuntu, RHEL, SUSE, Debian, and Fedora. These packages
|
||
are maintained by community members, refer to <link
|
||
xlink:href="http://wiki.openstack.org/Packaging"
|
||
>http://wiki.openstack.org/Packaging</link> for additional links. </para>
|
||
<para><emphasis role="bold">Networking</emphasis>: 1000 Mbps are suggested. For
|
||
OpenStack Compute, networking is configured on multi-node installations between the
|
||
physical machines on a single subnet. For networking between virtual machine instances,
|
||
three network options are available: flat, DHCP, and VLAN. Two NICs (Network Interface
|
||
Cards) are recommended on the server running nova-network. </para>
|
||
<para><emphasis role="bold">Database</emphasis>: For OpenStack Compute, you need access
|
||
to either a PostgreSQL or MySQL database, or you can install it as part of the OpenStack
|
||
Compute installation process.</para>
|
||
<para><emphasis role="bold">Permissions</emphasis>: You can install OpenStack Compute
|
||
either as root or as a user with sudo permissions if you configure the sudoers file to
|
||
enable all the permissions. </para>
|
||
<para><emphasis role="bold">Network Time Protocol</emphasis>: You must install a time synchronization program such as NTP to keep your cloud
|
||
controller and compute nodes talking to the same time server to avoid problems scheduling VM launches on compute nodes.</para>
|
||
</section><section xml:id="example-installation-architecture">
|
||
<title>Example Installation Architectures</title>
|
||
<para>OpenStack Compute uses a shared-nothing, messaging-based architecture. While very
|
||
flexible, the fact that you can install each nova- service on an independent server
|
||
means there are many possible methods for installing OpenStack Compute. The only
|
||
co-dependency between possible multi-node installations is that the Dashboard must be
|
||
installed nova-api server. Here are the types of installation architectures:</para>
|
||
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para xmlns="http://docbook.org/ns/docbook">Single node: Only one server
|
||
runs all nova- services and also drives all the virtual instances. Use this
|
||
configuration only for trying out OpenStack Compute, or for development
|
||
purposes.</para></listitem>
|
||
<listitem><para>Two nodes: A cloud controller node runs the nova- services except for nova-compute, and a
|
||
compute node runs nova-compute. A client computer is likely needed to bundle
|
||
images and interfacing to the servers, but a client is not required. Use this
|
||
configuration for proof of concepts or development environments. </para></listitem>
|
||
<listitem><para xmlns="http://docbook.org/ns/docbook">Multiple nodes: You can add more compute nodes to the
|
||
two node installation by simply installing nova-compute on an additional server
|
||
and copying a nova.conf file to the added node. This would result in a multiple
|
||
node installation. You can also add a volume controller and a network controller
|
||
as additional nodes in a more complex multiple node installation. A minimum of
|
||
4 nodes is best for running multiple virtual instances that require a lot of
|
||
processing power.</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
|
||
<para>This is an illustration of one possible multiple server installation of OpenStack
|
||
Compute; virtual server networking in the cluster may vary.</para>
|
||
|
||
<para><inlinemediaobject>
|
||
<imageobject>
|
||
<imagedata scale="80" fileref="../figures/NOVA_install_arch.png"/></imageobject>
|
||
|
||
</inlinemediaobject></para>
|
||
<para>An alternative architecture would be to add more messaging servers if you notice a lot
|
||
of back up in the messaging queue causing performance problems. In that case you would
|
||
add an additional RabbitMQ server in addition to or instead of scaling up the database
|
||
server. Your installation can run any nova- service on any server as long as the
|
||
nova.conf is configured to point to the RabbitMQ server and the server can send messages
|
||
to the server.</para>
|
||
<para>Multiple installation architectures are possible, here is another example
|
||
illustration. </para>
|
||
<para><inlinemediaobject>
|
||
<imageobject>
|
||
<imagedata scale="40" fileref="../figures/NOVA_compute_nodes.png"/></imageobject>
|
||
|
||
</inlinemediaobject></para>
|
||
</section>
|
||
|
||
<section xml:id="service-architecture"><title>Service Architecture</title>
|
||
<para>Because Compute has multiple services and many configurations are possible, here is a diagram showing the overall service architecture and communication systems between the services.</para>
|
||
<para><inlinemediaobject>
|
||
<imageobject>
|
||
<imagedata scale="80" fileref="../figures/NOVA_ARCH.png"/></imageobject>
|
||
|
||
</inlinemediaobject></para></section>
|
||
<section xml:id="installing-openstack-compute-on-ubuntu">
|
||
<title>Installing OpenStack Compute on Ubuntu </title>
|
||
<para>How you go about installing OpenStack Compute depends on your goals for the
|
||
installation. You can use an ISO image, you can use a scripted installation, and you can
|
||
manually install with a step-by-step installation.</para>
|
||
|
||
|
||
<section xml:id="iso-ubuntu-installation">
|
||
<title>ISO Distribution Installation</title>
|
||
<para>You can download and use an ISO image that is based on a Ubuntu Linux Server 10.04
|
||
LTS distribution containing only the components needed to run OpenStack Compute. See
|
||
<link xlink:href="http://sourceforge.net/projects/stackops/files/"
|
||
>http://sourceforge.net/projects/stackops/files/</link> for download files and
|
||
information, license information, and a README file. For documentation on the
|
||
StackOps distro, see <link xlink:href="http://docs.stackops.org">http://docs.stackops.org</link>. For free support, go to
|
||
<link xlink:href="http://getsatisfaction.com/stackops">http://getsatisfaction.com/stackops</link>.</para></section>
|
||
<section xml:id="scripted-ubuntu-installation">
|
||
<title>Scripted Installation</title>
|
||
<para>You can download a script for a standalone install for proof-of-concept, learning, or for development purposes for Ubuntu 11.04 at <link
|
||
xlink:href="http://devstack.org"
|
||
>https://devstack.org</link>.</para>
|
||
|
||
<orderedlist>
|
||
<listitem><para>Install Ubuntu 11.04 (Natty):</para> <para>In order to correctly install all the dependencies, we assume a specific version of Ubuntu to
|
||
make it as easy as possible. OpenStack works on other flavors of Linux (and
|
||
some folks even run it on Windows!) We recommend using a minimal install of
|
||
Ubuntu server in a VM if this is your first time.</para></listitem>
|
||
|
||
|
||
|
||
<listitem><para>Download DevStack:</para>
|
||
<literallayout class="monospaced">git clone git://github.com/cloudbuilders/devstack.git</literallayout>
|
||
<para>The devstack repo contains a script that installs OpenStack Compute, the Image
|
||
Service and the Identity Service and offers templates for configuration
|
||
files plus data scripts. </para></listitem>
|
||
|
||
|
||
|
||
<listitem><para>Start the install:</para><literallayout class="monospaced">cd devstack; ./stack.sh</literallayout><para>It takes a few minutes, we recommend <link xlink:href="http://devstack.org/stack.sh.html"
|
||
>reading the well-documented script</link> while it is building to learn
|
||
more about what is going on. </para>
|
||
</listitem>
|
||
|
||
</orderedlist>
|
||
</section>
|
||
<section xml:id="manual-ubuntu-installation">
|
||
<title>Manual Installation</title>
|
||
<para>The manual installation involves installing from packages on Ubuntu 10.10 or 11.04
|
||
as a user with root permission. Depending on your environment, you may need to
|
||
prefix these commands with sudo.</para>
|
||
<para>This installation process walks through installing a cloud controller node and a
|
||
compute node. The cloud controller node contains all the nova- services including
|
||
the API server and the database server. The compute node needs to run only the
|
||
nova-compute service. You only need one nova-network service running in a multi-node
|
||
install. You cannot install nova-objectstore on a different machine from
|
||
nova-compute (production-style deployments will use a Glance server for virtual
|
||
images).</para>
|
||
<section xml:id="installing-the-cloud-controller">
|
||
<title>Installing the Cloud Controller</title>
|
||
<para>First, set up pre-requisites to use the Nova PPA (Personal Packages Archive)
|
||
provided through https://launchpad.net/. The ‘python-software-properties’
|
||
package is a pre-requisite for setting up the nova package repository. You can
|
||
also use the trunk package built daily by adding the ppa:nova-core/trunk
|
||
repository, but trunk changes rapidly and may not run any given day.</para>
|
||
<literallayout class="monospaced">sudo apt-get install python-software-properties</literallayout>
|
||
<literallayout class="monospaced">sudo add-apt-repository ppa:openstack-release/2011.3</literallayout>
|
||
<para>Run update.</para>
|
||
<literallayout class="monospaced">sudo apt-get update</literallayout>
|
||
<para>Install the messaging queue server, RabbitMQ.</para>
|
||
<literallayout class="monospaced">sudo apt-get install -y rabbitmq-server</literallayout>
|
||
<para>Now, install the Python dependencies. </para>
|
||
<literallayout class="monospaced">sudo apt-get install -y python-greenlet python-mysqldb </literallayout>
|
||
<note><para>You can use either MySQL or PostgreSQL.</para></note>
|
||
<para>Install the required nova- packages, and dependencies are automatically
|
||
installed.</para>
|
||
<literallayout class="monospaced">
|
||
sudo apt-get install nova-volume nova-vncproxy nova-api nova-ajax-console-proxy
|
||
sudo apt-get install nova-doc nova-scheduler nova-objectstore
|
||
sudo apt-get install nova-network nova-compute
|
||
sudo apt-get install glance
|
||
</literallayout>
|
||
<para>Install the supplemental tools such as euca2ools and unzip.</para>
|
||
<literallayout class="monospaced">sudo apt-get install -y euca2ools unzip</literallayout>
|
||
<para> Next set up the database, either MySQL or PostgreSQL.</para>
|
||
|
||
<section xml:id="setting-up-sql-database-mysql">
|
||
<title>Setting up the SQL Database (MySQL) on the Cloud Controller</title>
|
||
<para>You must use a SQLAlchemy-compatible database, such as MySQL or
|
||
PostgreSQL. This example shows MySQL. </para>
|
||
<para>First you can set environments with a "pre-seed" line to bypass all
|
||
the installation prompts, running this as root: </para>
|
||
<para>
|
||
<literallayout class="monospaced">bash
|
||
MYSQL_PASS=nova
|
||
NOVA_PASS=notnova
|
||
cat <<MYSQL_PRESEED | debconf-set-selections
|
||
mysql-server-5.1 mysql-server/root_password password $MYSQL_PASS
|
||
mysql-server-5.1 mysql-server/root_password_again password $MYSQL_PASS
|
||
mysql-server-5.1 mysql-server/start_on_boot boolean true
|
||
MYSQL_PRESEED</literallayout>
|
||
</para>
|
||
<para>Next, install MySQL with: <code>sudo apt-get install -y
|
||
mysql-server</code>
|
||
</para>
|
||
<para>Edit /etc/mysql/my.cnf to change ‘bind-address’ from localhost
|
||
(127.0.0.1) to any (0.0.0.0) and restart the mysql service: </para>
|
||
<para>
|
||
<literallayout class="monospaced">sudo sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
|
||
sudo service mysql restart</literallayout></para>
|
||
<para>To configure the MySQL database, create the nova database: </para>
|
||
<literallayout class="monospaced">sudo mysql -uroot -p$MYSQL_PASS -e 'CREATE DATABASE nova;'</literallayout>
|
||
|
||
<para>Update the DB to give user ‘nova’@’%’ full control of the nova
|
||
database:</para>
|
||
<para>
|
||
<literallayout class="monospaced">sudo mysql -uroot -p$MYSQL_PASS -e "GRANT ALL PRIVILEGES ON *.* TO
|
||
'nova'@'%' WITH GRANT OPTION;"</literallayout>
|
||
</para>
|
||
<para>Set MySQL password for 'nova'@'%':</para>
|
||
<para>
|
||
<literallayout class="monospaced">sudo mysql -uroot -p$MYSQL_PASS -e "SET PASSWORD FOR 'nova'@'%' =
|
||
PASSWORD('$NOVA_PASS');"</literallayout>
|
||
</para>
|
||
</section>
|
||
<section xml:id="setting-up-sql-database-postgresql"><title>Setting Up PostgreSQL as the Database on the Cloud Controller</title>
|
||
|
||
<para>OpenStack can use PostgreSQL as an alternative database. This is a matter of substituting the MySQL steps with PostgreSQL equivalents, as outlined here.</para>
|
||
|
||
<para>First, install PostgreSQL on the controller node.</para>
|
||
<literallayout class="monospaced">$ apt-fast install postgresql postgresql-server-dev-8.4 python-dev python-psycopg2</literallayout>
|
||
|
||
<para>Edit /etc/postgresql/8.4/main/postgresql.conf and change the listen_address to listen to all appropriate addesses, PostgreSQL listen only to localhost by default. For example:</para>
|
||
<para>To listen on a specific IP address:</para>
|
||
<literallayout class="monospaced"># - Connection Settings -
|
||
listen_address = '10.1.1.200,192.168.100.2'</literallayout>
|
||
<para>To listen on all addresses:</para>
|
||
<literallayout class="monospaced"># - Connection Settings -
|
||
listen_address = '*'</literallayout>
|
||
|
||
<para>Add appropriate addresses and networks to /etc/postgresql/8.4/main/pg_hba.conf to allow remote access to PostgreSQL, this should include all servers hosting OpenStack (but not neccessarily those hosted by Openstack). As an example, append the following lines:</para>
|
||
<literallayout class="monospaced">host all all 192.168.0.0/16
|
||
host all all 10.1.0.0/16
|
||
</literallayout>
|
||
<para>Change the default PostgreSQL user's password:</para>
|
||
<literallayout class="monospaced">$ sudo -u postgres psql template1
|
||
template1=#\password
|
||
Enter Password:
|
||
Enter again:
|
||
template1=#\q</literallayout>
|
||
|
||
<para>Restart PostgreSQL:</para>
|
||
<literallayout class="monospaced">$ service postgresql restart</literallayout>
|
||
|
||
<para>Create nova databases:</para>
|
||
<literallayout class="monospaced">$ sudo -u postgres createdb nova
|
||
$ sudo -u postgres createdb glance</literallayout>
|
||
|
||
<para>Create nova database user which will be used for all OpenStack services, note the adduser and createuser steps will prompt for the user's password ($PG_PASS):</para>
|
||
<literallayout class="monospaced">$ adduser nova
|
||
$ sudo -u postgres createuser -PSDR nova
|
||
$ sudo -u postgres psql template1
|
||
template1=#GRANT ALL PRIVILEGES ON DATABASE nova TO nova
|
||
template1=#GRANT ALL PRIVILEGES ON DATABASE glance TO nova
|
||
template1=#\q</literallayout>
|
||
|
||
<para>For the Cactus version of Nova, the following fix is required for the PostgreSQL database schema. You don't need to do this for Diablo:</para>
|
||
<literallayout class="monospaced">$ sudo -u postgres psql template1
|
||
template1=#alter table instances alter instance_type_id type integer using cast(instance_type_id as integer);
|
||
template1=#\q</literallayout>
|
||
<para>For Nova components that require access to this database the required configuration in /etc/nova/nova.conf should be (replace $PG_PASS with password):</para>
|
||
|
||
<literallayout class="monospaced">--sql_connection=postgresql://nova:$PG_PASS@control.example.com/nova</literallayout>
|
||
<para>At this stage the databases are empty and contain no content. These will be initialised when you do the nova-manage db sync command. </para>
|
||
</section></section>
|
||
<section xml:id="installing-the-compute-node">
|
||
<title>Installing the Compute Node</title>
|
||
<para>There are many different ways to perform a multinode install of Compute. In
|
||
this case, you can install all the nova- packages and dependencies as you did
|
||
for the Cloud Controller node, or just install nova-network and nova-compute.
|
||
Your installation can run any nova- services anywhere, so long as the service
|
||
can access nova.conf so it knows where the rabbitmq server is installed.</para>
|
||
<para>The Compute Node is where you configure the Compute network, the networking
|
||
between your instances. There are three options: flat, flatDHCP, and VLAN. Read
|
||
more about specific configurations in the <xref linkend="ch_networking">Networking chapter</xref>. </para>
|
||
<para>Because you may need to query the database from the Compute node and learn
|
||
more information about instances, euca2ools and mysql-client packages should be
|
||
installed on any additional Compute nodes.</para>
|
||
</section>
|
||
<section xml:id="restart-nova-services">
|
||
<title>Restart All Relevant Services on the Compute Node</title>
|
||
<para>On both nodes, restart all six services in total, just to cover the entire
|
||
spectrum: </para>
|
||
<para>
|
||
<literallayout class="monospaced">restart libvirt-bin; restart nova-network; restart nova-compute;
|
||
restart nova-api; restart nova-objectstore; restart nova-scheduler</literallayout>
|
||
</para>
|
||
<para>All nova services are now installed, the rest of your steps involve specific configuration steps. Please refer to <xref linkend="configuring-openstack-compute-basics">Configuring Compute</xref> for additional information. </para>
|
||
</section>
|
||
</section>
|
||
</section>
|
||
<section xml:id="installing-openstack-compute-on-rhel6">
|
||
<title>Installing OpenStack Compute on Red Hat Enterprise Linux 6 </title>
|
||
<para>This section documents a multi-node installation using RHEL 6. RPM repos for the Bexar
|
||
release, the Cactus release, milestone releases of Diablo, and also per-commit trunk
|
||
builds for OpenStack Nova are available at <link
|
||
xlink:href="http://yum.griddynamics.net">http://yum.griddynamics.net</link>. The
|
||
final release of Diablo is available at <link
|
||
xlink:href="http://yum.griddynamics.net/yum/diablo/"
|
||
>http://yum.griddynamics.net/yum/diablo/</link>, but is not yet tested completely
|
||
(as of Oct 4, 2011). Check this page for updates: <link
|
||
xlink:href="http://wiki.openstack.org/NovaInstall/RHEL6Notes"
|
||
>http://wiki.openstack.org/NovaInstall/RHEL6Notes</link>.</para>
|
||
|
||
<para>Known considerations for RHEL version 6 installations: </para>
|
||
|
||
<itemizedlist><listitem>
|
||
<para>iSCSI LUN not supported due to tgtadm versus ietadm differences</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>GuestFS is used for files injection</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>Files injection works with libvirt</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>Static network configuration can detect OS type for RHEL and Ubuntu</para>
|
||
</listitem>
|
||
<listitem><para>Only KVM hypervisor has been tested with this installation</para></listitem></itemizedlist>
|
||
<para>To install Nova on RHEL v.6 you need access to two repositories, one available on the
|
||
yum.griddynamics.net website and the RHEL DVD image connected as repo. </para>
|
||
|
||
<para>First, install RHEL 6.0, preferrably with a minimal set of packages.</para>
|
||
<para>Disable SELinux in /etc/sysconfig/selinux and then reboot. </para>
|
||
<para>Connect the RHEL 3. 6.0 x86_64 DVD as a repository in YUM. </para>
|
||
|
||
<literallayout class="monospaced">sudo mount /dev/cdrom /mnt/cdrom
|
||
cat /etc/yum.repos.d/rhel.repo
|
||
[rhel]
|
||
name=RHEL 6.0
|
||
baseurl=file:///mnt/cdrom/Server
|
||
enabled=1
|
||
gpgcheck=0</literallayout>
|
||
<para>Download and install repo config and key.</para>
|
||
<literallayout class="monospaced">wget http://yum.griddynamics.net/yum/diablo/openstack-repo-2011.3-0.3.noarch.rpm
|
||
sudo rpm -i openstack-repo-2011.1-3.noarch.rpm</literallayout>
|
||
<para>Install the libvirt package (these instructions are tested only on KVM). </para>
|
||
<literallayout class="monospaced">sudo yum install libvirt
|
||
sudo chkconfig libvirtd on
|
||
sudo service libvirtd start</literallayout>
|
||
<para>Repeat the basic installation steps to put the pre-requisites on all cloud controller and compute nodes. Nova has many different possible configurations. You can install Nova services on separate servers as needed but these are the basic pre-reqs.</para>
|
||
<para>These are the basic packages to install for a cloud controller node:</para>
|
||
<literallayout class="monospaced">sudo yum install euca2ools openstack-nova-node-full</literallayout>
|
||
<para>These are the basic packages to install compute nodes. Repeat for each compute node (the node that runs the VMs) that you want to install.</para>
|
||
<literallayout class="monospaced">sudo yum install openstack-nova-compute </literallayout>
|
||
<para>On the cloud controller node, create a MySQL database named nova. </para>
|
||
<literallayout class="monospaced">sudo service mysqld start
|
||
sudo chkconfig mysqld on
|
||
sudo service rabbitmq-server start
|
||
sudo chkconfig rabbitmq-server on
|
||
mysqladmin -uroot password nova</literallayout>
|
||
<para>You can use this script to create the database. </para>
|
||
<literallayout class="monospaced">#!/bin/bash
|
||
|
||
DB_NAME=nova
|
||
DB_USER=nova
|
||
DB_PASS=nova
|
||
PWD=nova
|
||
|
||
CC_HOST="A.B.C.D" # IPv4 address
|
||
HOSTS='node1 node2 node3' # compute nodes list
|
||
|
||
mysqladmin -uroot -p$PWD -f drop nova
|
||
mysqladmin -uroot -p$PWD create nova
|
||
|
||
for h in $HOSTS localhost; do
|
||
echo "GRANT ALL PRIVILEGES ON $DB_NAME.* TO '$DB_USER'@'$h' IDENTIFIED BY '$DB_PASS';" | mysql -uroot -p$DB_PASS mysql
|
||
done
|
||
echo "GRANT ALL PRIVILEGES ON $DB_NAME.* TO $DB_USER IDENTIFIED BY '$DB_PASS';" | mysql -uroot -p$DB_PASS mysql
|
||
echo "GRANT ALL PRIVILEGES ON $DB_NAME.* TO root IDENTIFIED BY '$DB_PASS';" | mysql -uroot -p$DB_PASS mysql </literallayout>
|
||
<para>Now, ensure the database version matches the version of nova that you are installing:</para>
|
||
<literallayout class="monospaced">nova-manage db sync</literallayout>
|
||
<para>For iptables configuration, update your firewall configuration to allow incoming
|
||
requests on ports 5672 (RabbitMQ), 3306 (MySQL DB), 9292 (Glance), 6080 (noVNC web
|
||
console), API (8773, 8774) and DHCP traffic from instances. For non-production
|
||
environments the easiest way to fix any firewall problems is removing final REJECT in
|
||
INPUT chain of filter table. </para>
|
||
<literallayout class="monospaced">$ sudo iptables -I INPUT 1 -p tcp --dport 5672 -j ACCEPT
|
||
$ sudo iptables -I INPUT 1 -p tcp --dport 3306 -j ACCEPT
|
||
$ sudo iptables -I INPUT 1 -p tcp --dport 9292 -j ACCEPT
|
||
$ sudo iptables -I INPUT 1 -p tcp --dport 6080 -j ACCEPT
|
||
$ sudo iptables -I INPUT 1 -p tcp --dport 8773 -j ACCEPT
|
||
$ sudo iptables -I INPUT 1 -p tcp --dport 8774 -j ACCEPT
|
||
$ sudo iptables -I INPUT 1 -p udp --dport 67 -j ACCEPT</literallayout>
|
||
|
||
<para>On every node when you have nova-compute running ensure that unencrypted VNC access is allowed only from Cloud Controller node:</para>
|
||
|
||
<literallayout class="monospaced">$ sudo iptables -I INPUT 1 -p tcp -s <CLOUD_CONTROLLER_IP_ADDRESS> --dport 5900:6400 -j ACCEPT
|
||
</literallayout><para>On each node, set up the configuration file in /etc/nova/nova.conf.</para>
|
||
<para>Start the Nova services after configuring and you then are running an OpenStack
|
||
cloud!</para>
|
||
<literallayout class="monospaced">$ for n in api compute network objectstore scheduler vncproxy; do sudo service openstack-nova-$n start; done
|
||
$ sudo service openstack-glance-api start
|
||
$ sudo service openstack-glance-registry start
|
||
$ for n in node1 node2 node3; do ssh $n sudo service openstack-nova-compute start; done</literallayout>
|
||
</section>
|
||
<section xml:id="configuring-openstack-compute-basics">
|
||
<title>Post-Installation Configuration for OpenStack Compute</title>
|
||
<para>Configuring your Compute installation involves nova-manage commands plus editing the
|
||
nova.conf file to ensure the correct flags are set. This section contains the basics for
|
||
a simple multi-node installation, but Compute can be configured many ways. You can find
|
||
networking options and hypervisor options described in separate chapters, and you will
|
||
read about additional configuration information in a separate chapter as well.</para>
|
||
<section xml:id="setting-flags-in-nova-conf-file">
|
||
<title>Setting Flags in the nova.conf File</title>
|
||
<para>The configuration file nova.conf is installed in /etc/nova by default. You only
|
||
need to do these steps when installing manually, the scripted installation above
|
||
does this configuration during the installation. A default set of options are
|
||
already configured in nova.conf when you install manually. The defaults are as
|
||
follows:</para>
|
||
<literallayout class="monospaced">--daemonize=1
|
||
--dhcpbridge_flagfile=/etc/nova/nova.conf
|
||
--dhcpbridge=/bin/nova-dhcpbridge
|
||
--logdir=/var/log/nova
|
||
--state_path=/var/lib/nova </literallayout>
|
||
<para>Starting with the default file, you must define the following required items in
|
||
/etc/nova/nova.conf. The flag variables are described below. You can place
|
||
comments in the nova.conf file by entering a new line with a # sign at the beginning of the line. To see a listing of all possible flag settings, see
|
||
the output of running /bin/nova-api --help.</para>
|
||
<table rules="all">
|
||
<caption>Description of nova.conf flags (not comprehensive)</caption>
|
||
<thead>
|
||
<tr>
|
||
<td>Flag</td>
|
||
<td>Description</td>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td>--sql_connection</td>
|
||
<td>SQL Alchemy connect string (reference); Location of OpenStack Compute
|
||
SQL database</td>
|
||
</tr>
|
||
<tr>
|
||
<td>--s3_host</td>
|
||
<td>IP address; Location where OpenStack Compute is hosting the objectstore
|
||
service, which will contain the virtual machine images and buckets</td>
|
||
</tr>
|
||
<tr>
|
||
<td>--rabbit_host</td>
|
||
<td>IP address; Location of RabbitMQ server</td>
|
||
</tr>
|
||
|
||
<tr>
|
||
<td>--verbose</td>
|
||
<td>Set to 1 to turn on; Optional but helpful during initial setup</td>
|
||
</tr>
|
||
|
||
<tr>
|
||
<td>--network_manager</td>
|
||
<td>
|
||
<para>Configures how your controller will communicate with additional
|
||
OpenStack Compute nodes and virtual machines. Options: </para>
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para>nova.network.manager.FlatManager</para>
|
||
<para>Simple, non-VLAN networking</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>nova.network.manager.FlatDHCPManager</para>
|
||
<para>Flat networking with DHCP</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>nova.network.manager.VlanManager</para>
|
||
<para>VLAN networking with DHCP; This is the Default if no
|
||
network manager is defined here in nova.conf. </para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
</td>
|
||
</tr>
|
||
<tr>
|
||
<td>--fixed_range</td>
|
||
<td>IP address/range; Network prefix for the IP network that all the
|
||
projects for future VM guests reside on. Example: 192.168.0.0/12</td>
|
||
</tr>
|
||
<tr>
|
||
<td>--ec2_host</td>
|
||
<td>IP address; Indicates where the nova-api service is installed.</td>
|
||
</tr>
|
||
<tr>
|
||
<td>--osapi_host</td>
|
||
<td>IP address; Indicates where the nova-api service is installed.</td>
|
||
</tr>
|
||
<tr>
|
||
<td>--network_size</td>
|
||
<td>Number value; Number of addresses in each private subnet.</td>
|
||
</tr>
|
||
<tr>
|
||
<td>--glance_api_servers </td>
|
||
<td>IP and port; Address for Image Service.</td>
|
||
</tr>
|
||
<tr>
|
||
<td>--use_deprecated_auth </td>
|
||
<td>If this flag is present, the Cactus method of authentication is used with the novarc file containing credentials.</td>
|
||
</tr>
|
||
|
||
</tbody>
|
||
</table>
|
||
<para>Here is a simple example nova.conf file for a small private cloud, with all the
|
||
cloud controller services, database server, and messaging server on the same
|
||
server.</para>
|
||
<literallayout class="monospaced">--dhcpbridge_flagfile=/etc/nova/nova.conf
|
||
--dhcpbridge=/bin/nova-dhcpbridge
|
||
--logdir=/var/log/nova
|
||
--state_path=/var/lib/nova
|
||
--verbose
|
||
--use_deprecated_auth
|
||
--ec2_host=http://184.106.239.134
|
||
--osapi_host=http://184.106.239.134
|
||
--s3_host=184.106.239.134
|
||
--rabbit_host=184.106.239.134
|
||
--fixed_range=192.168.0.0/16
|
||
--network_size=8
|
||
--glance_api_servers=184.106.239.134:9292
|
||
--routing_source_ip=184.106.239.134
|
||
--sql_connection=mysql://nova:notnova@184.106.239.134/nova </literallayout>
|
||
<para>Create a “nova” group, so you can set permissions on the configuration file: </para>
|
||
<literallayout class="monospaced">sudo addgroup nova</literallayout>
|
||
<para>The nova.config file should have its owner set to root:nova, and mode set to 0640,
|
||
since the file contains your MySQL server’s username and password. You also want to
|
||
ensure that the nova user belongs to the nova group.</para>
|
||
<literallayout class="monospaced">sudo usermod -g nova nova
|
||
chown -R root:nova /etc/nova
|
||
chmod 640 /etc/nova/nova.conf</literallayout>
|
||
</section><section xml:id="setting-up-openstack-compute-environment-on-the-compute-node">
|
||
<title>Setting Up OpenStack Compute Environment on the Compute Node</title>
|
||
<para>These are the commands you run to ensure the database schema is current, and
|
||
then set up a user and project, if you are using built-in auth with the
|
||
--use_deprecated_auth flag rather than the Identity Service: </para>
|
||
<para>
|
||
<literallayout class="monospaced">nova-manage db sync
|
||
nova-manage user admin <user_name>
|
||
nova-manage project create <project_name> <user_name>
|
||
nova-manage network create <network-label> <project-network> <number-of-networks-in-project> <addresses-in-each-network></literallayout></para>
|
||
<para>Here is an example of what this looks like with real values entered: </para>
|
||
<literallayout class="monospaced">nova-manage db sync
|
||
nova-manage user admin dub
|
||
nova-manage project create dubproject dub
|
||
ova-manage network create novanet 192.168.0.0/24 1 256 </literallayout>
|
||
<para>For this example, the number of IPs is /24 since that falls inside the /16
|
||
range that was set in ‘fixed-range’ in nova.conf. Currently, there can only be
|
||
one network, and this set up would use the max IPs available in a /24. You can
|
||
choose values that let you use any valid amount that you would like. </para>
|
||
<para>The nova-manage service assumes that the first IP address is your network
|
||
(like 192.168.0.0), that the 2nd IP is your gateway (192.168.0.1), and that the
|
||
broadcast is the very last IP in the range you defined (192.168.0.255). If this is
|
||
not the case you will need to manually edit the sql db ‘networks’ table.o. </para>
|
||
<para>When you run the <code>nova-manage network create</code> command, entries are made
|
||
in the ‘networks’ and ‘fixed_ips’ table. However, one of the networks listed in the
|
||
‘networks’ table needs to be marked as bridge in order for the code to know that a
|
||
bridge exists. The network in the Nova networks table is marked as bridged
|
||
automatically for Flat Manager.</para>
|
||
</section>
|
||
<section xml:id="creating-certifications">
|
||
<title>Creating Credentials</title>
|
||
<para>Generate the credentials as a zip file. These are the certs you will use to
|
||
launch instances, bundle images, and all the other assorted API functions. </para>
|
||
<para>
|
||
<literallayout class="monospaced">mkdir –p /root/creds
|
||
/usr/bin/python /usr/bin/nova-manage project zipfile $NOVA_PROJECT $NOVA_PROJECT_USER /root/creds/novacreds.zip</literallayout>
|
||
</para>
|
||
<para>If you are using one of the Flat modes for networking, you may see a Warning
|
||
message "No vpn data for project <project_name>" which you can safely
|
||
ignore.</para>
|
||
<para>Unzip them in your home directory, and add them to your environment. </para>
|
||
<literallayout class="monospaced">unzip /root/creds/novacreds.zip -d /root/creds/
|
||
cat /root/creds/novarc >> ~/.bashrc
|
||
source ~/.bashrc </literallayout>
|
||
<para>
|
||
If you already have Nova credentials present in your environment, you can use a script included with Glance the Image Service, tools/nova_to_os_env.sh, to create Glance-style credentials. This script adds OS_AUTH credentials to the environment which are used by the Image Service to enable private images when the Identity Service is configured as the authentication system for Compute and the Image Service.</para>
|
||
</section>
|
||
<section xml:id="enabling-access-to-vms-on-the-compute-node">
|
||
<title>Enabling Access to VMs on the Compute Node</title>
|
||
<para>One of the most commonly missed configuration areas is not allowing the proper
|
||
access to VMs. Use the ‘euca-authorize’ command to enable access. Below, you
|
||
will find the commands to allow ‘ping’ and ‘ssh’ to your VMs: </para>
|
||
<literallayout class="monospaced">euca-authorize -P icmp -t -1:-1 default
|
||
euca-authorize -P tcp -p 22 default</literallayout>
|
||
<para>Another
|
||
common issue is you cannot ping or SSH your instances after issuing the
|
||
‘euca-authorize’ commands. Something to look at is the amount of ‘dnsmasq’
|
||
processes that are running. If you have a running instance, check to see that
|
||
TWO ‘dnsmasq’ processes are running. If not, perform the following:</para>
|
||
<literallayout class="monospaced">killall dnsmasq
|
||
service nova-network restart</literallayout>
|
||
</section>
|
||
<section xml:id="configuring-multiple-compute-nodes">
|
||
<title>Configuring Multiple Compute Nodes</title><para>If your goal is to split your VM load across more than one server, you can connect an
|
||
additional nova-compute node to a cloud controller node. This configuring can be
|
||
reproduced on multiple compute servers to start building a true multi-node OpenStack
|
||
Compute cluster. </para><para>To build out and scale the Compute platform, you spread out services amongst many servers.
|
||
While there are additional ways to accomplish the build-out, this section describes
|
||
adding compute nodes, and the service we are scaling out is called
|
||
'nova-compute.'</para>
|
||
<para>For a multi-node install you only make changes to nova.conf and copy it to
|
||
additional compute nodes. Ensure each nova.conf file points to the correct IP
|
||
addresses for the respective services. Customize the nova.conf example below to
|
||
match your environment. The CC_ADDR is the Cloud Controller IP Address. </para>
|
||
<literallayout class="monospaced">
|
||
--dhcpbridge_flagfile=/etc/nova/nova.conf
|
||
--dhcpbridge=/usr/bin/nova-dhcpbridge
|
||
--flat_network_bridge=br100
|
||
--logdir=/var/log/nova
|
||
--state_path=/var/lib/nova
|
||
--verbose
|
||
--sql_connection=mysql://root:nova@CC_ADDR/nova
|
||
--s3_host=CC_ADDR
|
||
--rabbit_host=CC_ADDR
|
||
--ec2_api=CC_ADDR
|
||
--ec2_url=http://CC_ADDR:8773/services/Cloud
|
||
--network_manager=nova.network.manager.FlatManager
|
||
--fixed_range= network/CIDR
|
||
--network_size=number of addresses</literallayout><para>By default, Nova sets the bridge device based on the setting in --flat_network_bridge. Now you
|
||
can edit /etc/network/interfaces with the following template, updated with your IP
|
||
information. </para>
|
||
|
||
|
||
<literallayout class="monospaced">
|
||
# The loopback network interface
|
||
auto lo
|
||
iface lo inet loopback
|
||
|
||
# The primary network interface
|
||
auto br100
|
||
iface br100 inet static
|
||
bridge_ports eth0
|
||
bridge_stp off
|
||
bridge_maxwait 0
|
||
bridge_fd 0
|
||
address xxx.xxx.xxx.xxx
|
||
netmask xxx.xxx.xxx.xxx
|
||
network xxx.xxx.xxx.xxx
|
||
broadcast xxx.xxx.xxx.xxx
|
||
gateway xxx.xxx.xxx.xxx
|
||
# dns-* options are implemented by the resolvconf package, if installed
|
||
dns-nameservers xxx.xxx.xxx.xxx</literallayout>
|
||
|
||
<para>Restart networking:</para>
|
||
|
||
<literallayout class="monospaced">/etc/init.d/networking restart</literallayout>
|
||
<para>With nova.conf updated and networking set, configuration is nearly complete.
|
||
First, bounce the relevant services to take the latest updates:</para>
|
||
|
||
<literallayout class="monospaced">restart libvirt-bin; service nova-compute restart</literallayout>
|
||
<para>To avoid issues with KVM and permissions with Nova, run the following commands to ensure we have VM's that are running optimally:</para>
|
||
|
||
<literallayout class="monospaced">chgrp kvm /dev/kvm
|
||
chmod g+rwx /dev/kvm</literallayout>
|
||
<para>If you want to use the 10.04 Ubuntu Enterprise Cloud images that are readily available at http://uec-images.ubuntu.com/releases/10.04/release/, you may run into delays with booting. Any server that does not have nova-api running on it needs this iptables entry so that UEC images can get metadata info. On compute nodes, configure the iptables with this next step:</para>
|
||
|
||
<literallayout class="monospaced"> # iptables -t nat -A PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination $NOVA_API_IP:8773</literallayout>
|
||
|
||
<para>Lastly, confirm that your compute node is talking to your cloud controller. From the cloud controller, run this database query:</para>
|
||
<literallayout class="monospaced">mysql -u$MYSQL_USER -p$MYSQL_PASS nova -e 'select * from services;'</literallayout>
|
||
<para>In return, you should see something similar to this:</para>
|
||
|
||
<literallayout class="monospaced"> +---------------------+---------------------+------------+---------+----+----------+----------------+-----------+--------------+----------+-------------------+
|
||
| created_at | updated_at | deleted_at | deleted | id | host | binary | topic | report_count | disabled | availability_zone |
|
||
+---------------------+---------------------+------------+---------+----+----------+----------------+-----------+--------------+----------+-------------------+
|
||
| 2011-01-28 22:52:46 | 2011-02-03 06:55:48 | NULL | 0 | 1 | osdemo02 | nova-network | network | 46064 | 0 | nova |
|
||
| 2011-01-28 22:52:48 | 2011-02-03 06:55:57 | NULL | 0 | 2 | osdemo02 | nova-compute | compute | 46056 | 0 | nova |
|
||
| 2011-01-28 22:52:52 | 2011-02-03 06:55:50 | NULL | 0 | 3 | osdemo02 | nova-scheduler | scheduler | 46065 | 0 | nova |
|
||
| 2011-01-29 23:49:29 | 2011-02-03 06:54:26 | NULL | 0 | 4 | osdemo01 | nova-compute | compute | 37050 | 0 | nova |
|
||
| 2011-01-30 23:42:24 | 2011-02-03 06:55:44 | NULL | 0 | 9 | osdemo04 | nova-compute | compute | 28484 | 0 | nova |
|
||
| 2011-01-30 21:27:28 | 2011-02-03 06:54:23 | NULL | 0 | 8 | osdemo05 | nova-compute | compute | 29284 | 0 | nova |
|
||
+---------------------+---------------------+------------+---------+----+----------+----------------+-----------+--------------+----------+-------------------+</literallayout>
|
||
|
||
<para>You can see that 'osdemo0{1,2,4,5} are all running 'nova-compute.' When you start spinning up instances, they will allocate on any node that is running nova-compute from this list.</para>
|
||
|
||
</section>
|
||
<section xml:id="determining-version-of-compute">
|
||
|
||
<title>Determining the Version of Compute</title>
|
||
<para>You can find the version of the installation by using the nova-manage
|
||
command:</para>
|
||
<literallayout class="monospaced">nova-manage version list</literallayout>
|
||
</section>
|
||
<section xml:id="migrating-from-cactus-to-diablo"><title>Migrating from Cactus to Diablo</title>
|
||
<para>If you have an installation already installed and running, to migrate to Diablo
|
||
you must update the installation first, then your database, then perhaps your images
|
||
if you were already running images in the nova-objectstore. You can also export your
|
||
users for importing into the OpenStack Identity Service (Keystone). </para>
|
||
<para>Here are the overall steps for upgrading the Image Service.</para>
|
||
<para>Download and install the Diablo Glance packages.</para>
|
||
<para>Migrate the registry database schema by running:</para>
|
||
<literallayout class="monospaced"> glance-manage db_sync </literallayout>
|
||
<para>Update configuration files, including the glance-api.conf and glance-registry.conf configuration files by using the examples in the examples/paste directory for the Diablo release.</para>
|
||
<para>Here are the overall steps for upgrading Compute. </para>
|
||
<para>If your installation already pointed to ppa:nova-core/release, the release
|
||
package has been updated from Cactus to Diablo so you can simply run: </para>
|
||
<literallayout class="monospaced">apt-get update
|
||
apt-get upgrade</literallayout>
|
||
<para>Next, update the database schema. </para><literallayout class="monospaced">nova-manage db sync</literallayout>
|
||
<para>Restart all the nova- services. </para>
|
||
<para>A separate command is available to migrate users from the deprecated auth system
|
||
to the Identity Service. </para>
|
||
<literallayout class="monospaced">nova-manage shell export textfilename.txt</literallayout>
|
||
<para>Within the Keystone project there is a keystone-import script that you can run to
|
||
import these users.</para>
|
||
<para>Make sure that you can launch images. You can convert images that were previously stored in the nova object store using this command: </para>
|
||
<literallayout class="monospaced">nova-manage image convert /var/lib/nova/images</literallayout>
|
||
|
||
</section>
|
||
</section>
|
||
</chapter>
|