-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathopenstack-setup.txt
144 lines (114 loc) · 6.3 KB
/
openstack-setup.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
# INFO: This file is an informal dump of actions needed to setup openstack
# as required by Baadal.
# TODO: Rewrite this file in more readable and self-explainatory manner.
Install refering to the official openstack installation guide for ubuntu 14.04
Kilo (located at
http://docs.openstack.org/kilo/install-guide/install/apt/content/index.html)
While creating flavor give the id of the flavor as
xCPU-yM-zG, where x is the number of CPUs, y is the RAM in MB and D is disk in GB.
For example for a flavor with 2 CPUs, 1GB RAM and 160 disk flavor id would be:
2CPU-1024M-160G.
This is done to make the id of the flavor convey information about the flavor
as opposed to automatically generated UUID which conveys no information at all.
For networing, use neutron networking (not nova-networking)
Follow the guide for rest of the process, till network creation.
edit /etc/neutron/dhcp_agent.ini file in the neutron node to contain the
following value
dhcp_domain = iitd.ac.in
Create a router by following the guide. (Do not change the name of the external
network, keep it 'ext-net')
Create internal network using the below command
$ neutron net-create --tenant-id $tenant NETWORK_NAME --provider:network_type \\
gre --provider:segmentation_id SEGMENTATION_ID
create subnet in each network using the below command
$ neutron subnet-create --tenant-id $tenant --name SUBNET_NAME NETWORK_NAME CIDR
set gateways for each subnet by issuing the below command
$ neutron subnet-update SUBNET_ID --dns-nameservers list=true 10.208.20.2 10.208.20.19 10.10.1.2
Attach the created subnet to the previuosly created router
$ neutron router-interface-add ROUTER_NAME SUBNET_NAME
Create one security group each for all internal networks with the same name as of the networks.
Create rules to allow all traffic between VMs for each security group.
$ neutron security-group-rule-create --direction egress --ethertype IPv4 --remote-group-id vlan2 vlan2
Create other security groups and respective rules as required.
For example, to open web access from VMs, create group golbal_http, write appropriate rules and
add this security group to all machines from which you want to enable web access.
#Attach instances in each internal network to their respective security groups.
--Optional--
To create floating IP use
$ neutron floatingip-create ext-net
To associate it with a privte IP, first find the port id corresponding to the particular Private IP
$ neutron port-list
Then associate the floating IP using
$ neutron floatingip-associate FLOATING_IP_ID PORT_ID
Enable ping and ssh through floating IP
$ neutron security-group-rule-create --protocol icmp --direction ingress --remote-ip-prefix 0.0.0.0/0 SECURITY_GROUP_NAME
$ neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 --direction ingress --remote-ip-prefix 0.0.0.0/0 SECURITY_GROUP_NAME
Enable SPICE Console
Enable migrations
Enable Instance Resizing.
Setup LDAP Server
Install and configure openldap server
- Modify the ldapshema, add attributes cn, userPassword, email (and any other if required) to account class
- set base dn = dc=baadal,dc=iitd,dc=ernet,dc=in
- create two organizationalUnits
ou=Groups,dc=baadal,dc=iitd,dc=ernet,dc=in
ou=People,dc=baadal,dc=iitd,dc=ernet,dc=in
- Inside ou=Groups, create entry with objectClass groupOfNames with dn cn=enabled_users,ou=Groups,dc=baadal,dc=iitd,dc=ernet,dc=in
Configure keystone to use LDAP for identity
- set appropriate values for basedn, and objectclasses
- set enabled user emulation to true
- set cn=enabled_users,ou=Groups,dc=baadal,dc=iitd,dc=ernet,dc=in
- add entry of each enabled user in group enabled_users
To implement custom access control
- configure /etc/nova/policy.json file to allow all users to list, start,
get_vnc_console, shutdown VM owned by any user
Set unlimited quotas for all services and theirs resources including
cinder
nova
neutron
glance etc.
The following metadata needs to be attached to each image
1 os_name,
2 os_version,
3 os_arch,
4 disk_size,
5 os_edition, (desktop/server)
Use the glance image-update command to attach metadata
Client Packages:
- The following versions of client packages are verified to work together
python-barbicanclient (3.0.2)
python-cinderclient (1.1.1)
python-glanceclient (1.2.0)
python-keystoneclient (2.1.2)
python-neutronclient (2.3.11)
python-novaclient (2.22.0)
python-openstackclient (1.0.3)
python-swiftclient (2.3.1)
keystone (2015.1.2)
keystoneauth1 (2.2.0)
keystonemiddleware (1.5.0)
python-openstackclient (1.0.3)
---------------------------------------------------------------------------------------------
Following configuration of VM has been used for setting up openstack on VM (using VirtualBox):
First, create two host-only-networks (one for management and one for instance tunnel) in VirtualBox Preferences
Then create virtual machines as follows.
Network Node
1 GB RAM, 8GB HDD, 1VCPU
4 NICs
first interface connected to NAT for Internet Access during installation (may be removed after installation)
second interface connected to host-only-network-1 (management network) with static IP address
third interface connected to host-only-network-2 (instance tunnel network) with static IP address (allow promiscous mode)
fourth interface bridged to physical NIC of the host (which is connected to external network),
with no IP address, (follow the installation guide to configure this), to provide access to external network for
instances (Internet, IITD LAN), allow promiscous mode
Controller Node
2GB RAM, 8GB HDD, 2VPUs
2 NICs
first interface connected to NAT for Internet Access during installation (may be removed after installation)
second interface connected to host-only-network-1 (management network) with static IP address
Compute Nodes
3GB RAM, 8GBHDD, 3VCPUs
3 NICs
first interface connected to NAT for Internet Access during installation (may be removed after installation)
second interface connected to host-only-network-1 (management network) with static IP address
third interface connected to host-only-network-2 (instance tunnel network) with static IP address (allow promiscous mode)