50aa59cfff
Based on testing the setup Add a note that NetworkManager should not be used Remove setence about asking for password since we pass the password on the command line. Change-Id: I73bde10c7df96d1502021f989da624586bb94a3f
384 lines
19 KiB
XML
384 lines
19 KiB
XML
<chapter xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
version="5.0"
|
|
xml:id="ch_basics">
|
|
<title>Basic Operating System Configuration</title>
|
|
|
|
<para>This guide starts by creating two nodes: a controller node to host most
|
|
services, and a compute node to run virtual machine instances. Later
|
|
chapters create additional nodes to run more services. OpenStack offers a
|
|
lot of flexibility in how and where you run each service, so this is not the
|
|
only possible configuration. However, you do need to configure certain
|
|
aspects of the operating system on each node.</para>
|
|
|
|
<para>This chapter details a sample configuration for both the controller
|
|
node and any additional nodes. It's possible to configure the operating
|
|
system in other ways, but the remainder of this guide assumes you have a
|
|
configuration compatible with the one shown here.</para>
|
|
|
|
<para>All of the commands throughout this guide assume you have administrative
|
|
privileges. Either run the commands as the root user, or prefix them with
|
|
the <command>sudo</command> command.</para>
|
|
|
|
<section xml:id="basics-networking">
|
|
<title>Networking</title>
|
|
|
|
<para>For a production deployment of OpenStack, most nodes should have two
|
|
network interface cards: one for external network traffic, and one to
|
|
communicate only with other OpenStack nodes. For simple test cases, you
|
|
can use machines with only a single network interface card.</para>
|
|
|
|
<para>This section sets up networking on two networks with static IP
|
|
addresses and manually manages a list of hostnames on each machine. If you
|
|
manage a large network, you probably already have systems in place to
|
|
manage this. If so, you may skip this section, but note that the rest of this
|
|
guide assumes that each node can reach the other nodes on the internal
|
|
network using hostnames like <literal>controller</literal> and
|
|
<literal>compute1</literal>.</para>
|
|
<para os="fedora">Start by disabling the <literal>NetworkManager</literal> service and
|
|
enabling the <literal>network</literal> service. The
|
|
<literal>network</literal> service is more suitable for the static
|
|
network configuration done in this guide.</para>
|
|
|
|
<screen os="fedora"><prompt>#</prompt> <userinput>service NetworkManager stop</userinput>
|
|
<prompt>#</prompt> <userinput>service network start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig NetworkManager off</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig network on</userinput></screen>
|
|
|
|
<note os="fedora">
|
|
<para>Since Fedora 19, <literal>firewalld</literal> replaced
|
|
<literal>iptables</literal> as the default firewall system. You can configure
|
|
<literal>firewalld</literal> successfully, but this guide
|
|
currently recommends and demonstrates the use of <literal>iptables</literal>.
|
|
For Fedora 19 systems, run the following commands to disable
|
|
<literal>firewalld</literal> and enable <literal>iptables</literal>.</para>
|
|
<screen><prompt>#</prompt> <userinput>service firewalld stop</userinput>
|
|
<prompt>#</prompt> <userinput>service iptables start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig firewalld off</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig iptables on</userinput></screen>
|
|
</note>
|
|
|
|
<para os="opensuse">When you setup your system, use the
|
|
traditional network scripts and do not use the
|
|
<literal>NetworkManager</literal>. You can change the settings also after
|
|
installation with the YaST network module:</para>
|
|
<screen os="opensuse"><prompt>#</prompt> <userinput>yast2 network</userinput></screen>
|
|
|
|
<para>Next, create the configuration for both <literal>eth0</literal>
|
|
and <literal>eth1</literal>. This guide uses
|
|
<literal>192.168.0.x</literal> address for the internal network and
|
|
<literal>10.0.0.x</literal> addresses for the external network. Make
|
|
sure that the corresponding network devices are connected to the correct
|
|
network.</para>
|
|
|
|
<para>In this guide, the controller node uses the IP addresses
|
|
<literal>192.168.0.10</literal> and <literal>10.0.0.10</literal>. When
|
|
creating the compute node, use <literal>192.168.0.11</literal> and
|
|
<literal>10.0.0.11</literal> instead. Additional nodes added in later
|
|
chapters will follow this pattern.</para>
|
|
<figure xml:id="basic-architecture-networking">
|
|
<title>Basic Architecture</title>
|
|
<mediaobject>
|
|
<imageobject>
|
|
<imagedata contentwidth="6in" fileref="figures/basic-architecture-networking.svg"/>
|
|
</imageobject>
|
|
</mediaobject>
|
|
</figure>
|
|
|
|
<example os="fedora">
|
|
<title><filename>/etc/sysconfig/network-scripts/ifcfg-eth0</filename></title>
|
|
<programlisting language="ini"># Internal Network
|
|
DEVICE=eth0
|
|
TYPE=Ethernet
|
|
BOOTPROTO=static
|
|
IPADDR=192.168.0.10
|
|
NETMASK=255.255.255.0
|
|
DEFROUTE=yes
|
|
ONBOOT=yes</programlisting>
|
|
</example>
|
|
|
|
<example os="fedora">
|
|
<title><filename>/etc/sysconfig/network-scripts/ifcfg-eth1</filename></title>
|
|
<programlisting language="ini"># External Network
|
|
DEVICE=eth1
|
|
TYPE=Ethernet
|
|
BOOTPROTO=static
|
|
IPADDR=10.0.0.10
|
|
NETMASK=255.255.255.0
|
|
DEFROUTE=yes
|
|
ONBOOT=yes</programlisting>
|
|
</example>
|
|
|
|
<para os="opensuse">
|
|
To set up the two network interfaces, start the YaST
|
|
network module, as follows:
|
|
<screen><prompt>#</prompt> <userinput>yast2 network</userinput></screen>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Use the following parameters to set up the first ethernet card
|
|
<emphasis role="bold">eth0</emphasis> for the internal network:
|
|
<programlisting>
|
|
Statically assigned IP Address
|
|
IP Address: 192.168.0.10
|
|
Subnet Mask: 255.255.255.0
|
|
</programlisting>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Use the following parameters to set up the second ethernet card
|
|
<emphasis role="bold">eth1</emphasis> for the external network:
|
|
<programlisting>
|
|
Statically assigned IP Address
|
|
IP Address: 10.0.0.10
|
|
Subnet Mask: 255.255.255.0
|
|
</programlisting>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Setup a default route on the external network.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
|
|
<example os="ubuntu">
|
|
<title><filename>/etc/network/interfaces</filename></title>
|
|
<programlisting language="ini"># Internal Network
|
|
auto eth0
|
|
iface eth0 inet static
|
|
address 192.168.0.10
|
|
netmask 255.255.255.0
|
|
|
|
# External Network
|
|
auto eth1
|
|
iface eth1 inet static
|
|
address 10.0.0.10
|
|
netmask 255.255.255.0
|
|
</programlisting>
|
|
</example>
|
|
|
|
<para>Once you've configured the network, restart the daemon for changes to take effect:</para>
|
|
|
|
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>service networking restart</userinput></screen>
|
|
<screen os="fedora;rhel;centos"><prompt>#</prompt> <userinput>service network restart</userinput></screen>
|
|
<screen os="opensuse"><prompt>#</prompt> <userinput>systemctl restart network.service</userinput></screen>
|
|
|
|
<para>Set the hostname of each machine. Name the controller node
|
|
<literal>controller</literal> and the first compute node
|
|
<literal>compute1</literal>. These are the hostnames used in the
|
|
examples throughout this guide.</para>
|
|
<para os="ubuntu;debian;fedora;rhel;centos">Use the <command>hostname</command>
|
|
command to set the hostname:
|
|
<screen><prompt>#</prompt> <userinput>hostname controller</userinput></screen>
|
|
</para>
|
|
<para os="opensuse">Use <command>yast network</command> to set the hostname with YaST.
|
|
</para>
|
|
<para os="rhel;fedora;centos">To have the hostname change persist when the system
|
|
reboots, you need to specify it in the proper configuration file. In Red
|
|
Het Enterprise Linux, Centos, and older versions of Fedora, you set this
|
|
in the file <filename>/etc/sysconfig/network</filename>. Change the line
|
|
starting with <literal>HOSTNAME=</literal>.</para>
|
|
|
|
<programlisting language="ini" os="rhel;fedora;centos">HOSTNAME=controller</programlisting>
|
|
|
|
<para os="rhel;fedora;centos">As of Fedora 18, Fedora now uses the file
|
|
<filename>/etc/hostname</filename>. This file contains a single line
|
|
with just the hostname.</para>
|
|
|
|
<para os="ubuntu;debian">To have this hostname set when the system
|
|
reboots, you need to specify it in the file
|
|
<filename>/etc/hostname</filename>. This file contains a single line
|
|
with just the hostname.</para>
|
|
|
|
<para>Finally, ensure that each node can reach the other nodes using
|
|
hostnames. In this guide, we will manually edit the
|
|
<filename>/etc/hosts</filename> file on each system. For large-scale
|
|
deployments, you should use DNS or a configuration management system like
|
|
Puppet.</para>
|
|
|
|
<programlisting>127.0.0.1 localhost
|
|
192.168.0.10 controller
|
|
192.168.0.11 compute1</programlisting>
|
|
|
|
</section>
|
|
|
|
<section xml:id="basics-ntp">
|
|
<title>Network Time Protocol (NTP)</title>
|
|
|
|
<para>To keep all the services in sync across multiple machines, you need to
|
|
install NTP. In this guide, we will configure the controller node to be
|
|
the reference server, and configure all additional nodes to set their time
|
|
from the controller node.</para>
|
|
|
|
<para>Install the <literal>ntp</literal> package on each system running
|
|
OpenStack services.</para>
|
|
|
|
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install ntp</userinput></screen>
|
|
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install ntp</userinput></screen>
|
|
<screen os="opensuse"><prompt>#</prompt> <userinput>zypper install ntp</userinput></screen>
|
|
|
|
<para os="rhel;fedora;centos;opensuse">Set up the NTP server on your
|
|
controller node so that it receives data by modifying the <filename>ntp.conf</filename>
|
|
file and restarting the service.</para>
|
|
|
|
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>service ntpd start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig ntpd on</userinput></screen>
|
|
<screen os="opensuse"><prompt>#</prompt> <userinput>systemctl start ntp.service</userinput>
|
|
<prompt>#</prompt> <userinput>systemctl enable ntp.service</userinput></screen>
|
|
|
|
<para>Set up all additional nodes to synchronize their time from the
|
|
controller node. The simplest way to do this is to add a daily cron job.
|
|
Add a file at <filename>/etc/cron.daily/ntpdate</filename> that contains
|
|
the following:</para>
|
|
|
|
<programlisting language="bash">ntpdate <replaceable>controller</replaceable>
|
|
hwclock -w</programlisting>
|
|
|
|
<para>Make sure to mark this file as executable.</para>
|
|
|
|
<screen><prompt>#</prompt> <userinput>chmod a+x /etc/cron.daily/ntpdate</userinput></screen>
|
|
|
|
</section>
|
|
|
|
<section xml:id="basics-database">
|
|
<title>MySQL Database</title>
|
|
|
|
<para>Most OpenStack services require a database to store information. In
|
|
this guide, we use a MySQL database running on the controller node. The
|
|
controller node needs to have the MySQL database installed. Any additional
|
|
nodes that access MySQL need to have the MySQL client software
|
|
installed:</para>
|
|
<itemizedlist>
|
|
<listitem><para>On the controller node, install the MySQL client, the MySQL database,
|
|
and the MySQL Python library.</para>
|
|
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install python-mysqldb mysql-server</userinput></screen>
|
|
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install mysql mysql-server MySQL-python</userinput></screen>
|
|
<screen os="opensuse"><prompt>#</prompt> <userinput>zypper install mysql-community-server-client mysql-community-server python-mysql</userinput></screen></listitem>
|
|
<listitem><para>On any nodes besides the controller node, just install the MySQL
|
|
client and the MySQL Python library. This is all you need to do on any
|
|
system not hosting the MySQL database.</para>
|
|
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install python-mysqldb</userinput></screen>
|
|
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install mysql MySQL-python</userinput></screen>
|
|
<screen os="opensuse"><prompt>#</prompt> <userinput>zypper install mysql-community-server-client python-mysql</userinput></screen></listitem>
|
|
</itemizedlist>
|
|
<note os="ubuntu;debian"><para>When you install the server package, you will
|
|
be asked to enter a root password for the database. Be sure to choose
|
|
a strong password and remember it - it will be needed later.</para></note>
|
|
|
|
<para os="rhel;centos;fedora;opensuse">Start the MySQL database server and set it to start automatically when
|
|
the system boots.</para>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>service mysqld start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig mysqld on</userinput></screen>
|
|
<screen os="opensuse"><prompt>#</prompt> <userinput>systemctl enable mysql.service</userinput>
|
|
<prompt>#</prompt> <userinput>systemctl start mysql.service</userinput></screen>
|
|
|
|
<para os="rhel;centos;fedora;opensuse">Finally, it's a good idea to set a root password for your MySQL
|
|
database. The OpenStack programs that set up databases and tables will
|
|
prompt you for this password if it's set.</para>
|
|
|
|
<screen os="rhel;centos;fedora;opensuse"><prompt>#</prompt> <userinput>mysqladmin password <replaceable>newPassword</replaceable></userinput></screen>
|
|
</section>
|
|
<section xml:id="basics-queue">
|
|
<title>Messaging Server</title>
|
|
<para>Install the messaging queue server. Typically this is <phrase
|
|
os="ubuntu;opensuse">RabbitMQ</phrase><phrase os="centos;rhel;fedora"
|
|
>Qpid</phrase> but <phrase os="ubuntu;opensuse">Qpid</phrase><phrase
|
|
os="centos;rhel;fedora">RabbitMQ</phrase> and ZeroMQ (0MQ) are also
|
|
available.</para>
|
|
|
|
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install rabbitmq-server</userinput></screen>
|
|
<screen os="opensuse"><prompt>#</prompt> <userinput>zypper install rabbitmq-server</userinput></screen>
|
|
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>yum install qpid-cpp-server memcached</userinput></screen>
|
|
|
|
<!-- FIXME ubuntu: configure and start/enable rabbitmq? -->
|
|
|
|
<para os="fedora;centos;rhel">Disable Qpid authentication by setting the
|
|
value of the <literal>auth</literal> configuration key to
|
|
<literal>no</literal> in the <filename>/etc/qpidd.conf</filename>
|
|
file.</para>
|
|
|
|
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>echo "auth=no" >> /etc/qpidd.conf</userinput></screen>
|
|
|
|
<para os="fedora;centos;rhel">Start Qpid and set it to start automatically
|
|
when the system boots.</para>
|
|
|
|
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>service qpidd start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig qpidd on</userinput></screen>
|
|
|
|
<para os="opensuse">Start the messaging service and set it to start automatically when the system boots:
|
|
</para>
|
|
<screen os="opensuse"><prompt>#</prompt> <userinput>systemctl start rabbitmq-server.service</userinput>
|
|
<prompt>#</prompt> <userinput>systemctl enable rabbitmq-server.service</userinput></screen>
|
|
|
|
</section>
|
|
<section xml:id="basics-packages">
|
|
<title>OpenStack Packages</title>
|
|
|
|
<para>
|
|
Distribution releases and OpenStack releases are often independent of
|
|
each other and thus you might need to add some extra steps to access
|
|
the latest OpenStack release after installation of the machine before
|
|
installation of any OpenStack packages.
|
|
</para>
|
|
|
|
<para os="fedora;centos;rhel">This guide uses the OpenStack packages from
|
|
the RDO repository. These packages work on Red Hat Enterprise Linux 6 and
|
|
compatible versions of CentOS, as well as Fedora 19. Enable the RDO repository
|
|
by downloading and installing the <literal>rdo-release-havana</literal>
|
|
package.</para>
|
|
|
|
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>yum install http://repos.fedorapeople.org/repos/openstack/openstack-havana/rdo-release-havana-6.noarch.rpm</userinput></screen>
|
|
<para os="fedora;centos;rhel">The EPEL package includes gpg keys for package signing and repository information.Install
|
|
the latest 'epel-release' package (see <link
|
|
xlink:href="http://download.fedoraproject.org/pub/epel/6/i386/repoview/epel-release.html"
|
|
>http://download.fedoraproject.org/pub/epel/6/x86_64/repoview/epel-release.html</link>). For
|
|
example:</para>
|
|
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm</userinput></screen>
|
|
|
|
<para os="fedora;centos;rhel">The <literal>openstack-utils</literal> package
|
|
contains utility programs that make installation and configuration easier.
|
|
These programs will be used throughout this guide. Install
|
|
<literal>openstack-utils</literal>. This will also verify that you can
|
|
access the RDO repository.</para>
|
|
|
|
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>yum install openstack-utils</userinput></screen>
|
|
|
|
<para os="opensuse">Use the Open Build Service repositories for Havana based on your openSUSE version, for example if you run
|
|
openSUSE 12.3 use:
|
|
</para>
|
|
<screen os="opensuse"><prompt>#</prompt> <userinput>zypper ar -f obs://Cloud:OpenStack:Havana/openSUSE_12.3 Havana</userinput></screen>
|
|
<para os="opensuse">For openSUSE 13.1, nothing needs to be done since OpenStack Havana packages are part of the distribution itself.
|
|
</para>
|
|
|
|
<procedure xml:id="ubuntu-cloud-archive" os="ubuntu">
|
|
<title>To use the Ubuntu Cloud Archive for Havana</title>
|
|
<para>The <link xlink:href="https://wiki.ubuntu.com/ServerTeam/CloudArchive">Ubuntu Cloud Archive</link>
|
|
is a special repository that allows you to install newer releases of OpenStack on
|
|
the stable supported version of Ubuntu.</para>
|
|
<step>
|
|
<para>Install the keyring:
|
|
<screen><prompt>#</prompt> <userinput>apt-get install ubuntu-cloud-keyring</userinput></screen>
|
|
</para>
|
|
</step>
|
|
<step>
|
|
<para>
|
|
Edit <filename>/etc/apt/sources.list.d/cloud-archive.list</filename>:
|
|
<programlisting>deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/havana main</programlisting>
|
|
</para>
|
|
</step>
|
|
<step>
|
|
<para>
|
|
Upgrade the system (and reboot if you need):
|
|
<screen><prompt>#</prompt> <userinput>apt-get update && apt-get dist-upgrade</userinput></screen>
|
|
</para>
|
|
</step>
|
|
</procedure>
|
|
<para>Congratulations, now you are ready to start installing OpenStack services!</para>
|
|
</section>
|
|
|
|
</chapter>
|