KVM | LINUX DIGEST

Tag Archive: KVM

Installing and Configuring OpenStack Havana in Ubuntu 13.10

Filed under: CLOUD, LINUX, LINUX SERVER, UBUNTU, VIRTUALIZATION — 2 Comments

March 29, 2014

Main Components of OpenStack

Service Code Name Description

Identity Service Keystone User Management

Compute Service Nova Virtual Machine Management

Image Service Glance Manages Virtual image like kernel image or disk image

Dashboard Horizon Provides GUI console via Web browser

Object Storage Swift Provides Cloud Storage

Block Storage Cinder Storage Management for Virtual Machine

Network Service Neutron Virtual Networking Management

Orchestration Service Heat Provides Orchestration function for Virtual Machine

Metering Service Ceilometer Provides the function of Usage measurement for accounting

I builded the controller node and computing node in the same machine. before installing cloud packages, we need to install prerequisites packages.

Installing NTP Server:
To synchronize services across multiple machines, you must install NTP.

#apt-get install ntp

#vi /etc/ntp.conf
#server 0.ubuntu.pool.ntp.org
#server 1.ubuntu.pool.ntp.org
#server 2.ubuntu.pool.ntp.org
#server 3.ubuntu.pool.ntp.org
#server ntp.ubuntu.com
# change servers for synchronization
server ntp1.jst.mfeed.ad.jp
server ntp2.jst.mfeed.ad.jp
server ntp3.jst.mfeed.ad.jp
# add the network range you allow to receive requests
restrict 192.168.31.0 mask 255.255.255.0 nomodify notrap

#/etc/init.d/ntp restart
#ntpq -p

On additional nodes, it is advised that you configure the other nodes to synchronize their time from the main controller server rather than from outside of your LAN.

Install Virtualization Platform:
Note: (If you are using compute node with separate computer install this KVM in it)
It’s Virtualization with KVM ( Kernel-based Virtual Machine ) + QEMU. This requires that the CPU on your computer has a function Intel VT or AMD-V.

Installing KVM:
#apt-get install kvm qemu-kvm libvirt-bin virtinst bridge-utils

Enable vhost-net.

#modprobe vhost_net

To see vhost use this command

#lsmod | grep vhost

#echo vhost_net >> /etc/modules

Edit your network configuration as below

#vi /etc/network/interfaces

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual
iface br0 inet static
address 192.168.31.1
network 10.0.0.0
netmask 255.255.255.0
broadcast 10.0.0.255
gateway 192.168.31.10
dns-nameservers 192.168.31.1
bridge_ports eth0
bridge_stp off
auto br0

#ifdown eth0 && ifup br0 && ifup eth0

#ifconfig

Install Apache2:

In addition to do it, it’s also neccessary to configure router so that TCP and UDP packets to 80 and 443 can pass through.
#apt-get install apache2
Configure Apache2 to use CGI in any directory

#vi /etc/apache2/conf.d/security

ServerTokens Prod

ServerSignature Off

#vi /etc/apache2/mods-enabled/dir.conf
# add file name that it can access only with directory’s name

DirectoryIndex index.html index.cgi

#vi /etc/apache2/mods-enabled/mime.conf

# uncomment and add extensions for CGI

AddHandler cgi-script .cgi .pl

#vi /etc/apache2/sites-available/default

# change to webmaster’s email

ServerAdmin webmaster@server.world
# change ( remove “Indexes” )

Options FollowSymLinks ExecCGI
# line 11: change

AllowOverride All

#ln -s /usr/bin/perl /usr/local/bin/perl
#service apache2 restart

Access to “http://(your server’s hostname or IP address)/” with web browser. It’s OK if following page is shown.

Install the repository of Openstack Havana and RabbitMQ, Memcached like follows.

#apt-get install python-software-properties

#add-apt-repository cloud-archive:havana

Note: ( If above command show error in Ubuntu 13.10 add the repository of havana manually by editing the sourcelist )

#vi /etc/apt/source.list

deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/havana main

#apt-get update

Installing Messaging Server:
#apt-get install rabbitmq-server
The rabbitmq-server package configures the RabbitMQ service to start automatically and creates a guest user with a default guest password.

#rabbitmqctl change_password guest sam

Installing Mysql Server:

OpenStack services require a database to store information.

#apt-get install mysql-server

You must delete the anonymous users that are created when the database is first started. To do this, use the mysql_secure_installation command.This command presents a number of options for you to secure your database installation.
Respond yes to all prompts unless you have a good reason to do otherwise.
#mysql_secure_installation

#vi /etc/mysql/my.cnf

#bind-address = 127.0.0.1

# /etc/init.d/mysql restart

#echo ‘net.ipv4.ip_forward=1’ >> /etc/sysctl.conf

#sysctl -p

Install Keystone:

The Identity Service uses a database to store information. Specify the location of the database in the configuration file. we use a MySQL database on the controller node with the username keystone. Replace KEYSTONE_DBPASS with a suitable password for the database user.

Install the OpenStack Identity Service:
#apt-get install keystone python-mysqldb

Define an authorization token to use as a shared secret between the Identity Service and other OpenStack services.
Edit /etc/keystone/keystone.conf and change the [DEFAULT] section, replacing admintoken
The Identity Service uses a database to store information. Specify the location of the database in the configuration file with the username keystone. Replace KEYSTONE_DBPASS with a suitable password for the database user.
By default, the Ubuntu packages create an SQLite database. Delete the keystone.db file created in the /var/lib/keystone/ directory so that it does not get used by
mistake.

Create the database tables for the Identity Service:

Use the password that you set previously to log in as root. Create a keystone database user:
#mysql -u root -p

mysql> create database keystone character set utf8;
Query OK, 1 row affected (0.00 sec)
mysql> grant all privileges on keystone.* to keystone@’%’ identified by ‘sam’;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit

Configure Keystone:

#vi /etc/keystone/keystone.conf

admin_token = admintoken

bind_host = 0.0.0.0

public_port = 5000

admin_port = 35357

compute_port = 8774

connection = mysql://keystone:sam@192.168.31.1/keystone

token_format = PKI

certfile = /etc/keystone/pki/certs/signing_cert.pem
keyfile = /etc/keystone/pki/private/signing_key.pem
ca_certs = /etc/keystone/pki/certs/cacert.pem
ca_key = /etc/keystone/pki/private/cakey.pem
key_size = 2048
valid_days = 3650
cert_subject = /C=IN/ST=TAMILNADU/L=TAMIL/O=sathish/CN=www.sathish.com

Create a PKI certificate and key file for http://www.sathish.com

#keystone-manage pki_setup –keystone-user keystone –keystone-group keystone

#keystone-manage db_sync

#service keystone restart

After you install the Identity Service, set up users, tenants, and roles to authenticate against.

Load environment variables first.
Set value for “SERVICE_TOKEN” from the value “admin_token” in keystone.conf.

#export SERVICE_TOKEN=admintoken
#export SERVICE_ENDPOINT=http://192.168.31.1:35357/v2.0/

Add Tenants

First, create a tenant for an administrative user and a tenant for other OpenStack services to use.
Add admin tenant

#keystone tenant-create –name admin –description “Admin Tenant” –enabled true

Add service tenant

#keystone tenant-create –name service –description “Service Tenant” –enabled true

confirm settings

#keystone tenant-list

Add Roles

Create a role for administrative tasks called admin. Any roles you create should map to roles specified in the policy.json files of the various OpenStack services. The default policy files use the admin role to allow access to most services.

Add admin role

#keystone role-create –name admin
Add Member role

#keystone role-create –name Member

confirm settings

#keystone role-list

Add Users

create an administrative user called admin. Choose a password for admin user.

Add admin user (set in admin tenant)

#keystone user-create –tenant admin –name admin –pass sam –enabled true

Finally, you have to add roles to users. Users always log in with a tenant, and roles are assigned to users within tenants. Add the admin role to the admin user when logging in with the admin tenant.
Add admin user in admin role

#keystone user-role-add –user admin –tenant admin –role admin

Add glance user (set in service tenant)

Create a glance user that the Image Service can use to authenticate with the Identity Service. Choose a password and specify an email address for the glance user. Use the service tenant and give the user the admin role.

#keystone user-create –tenant service –name glance –pass sam –enabled true

Add glance user in admin role

#keystone user-role-add –user glance –tenant service –role admin

Add nova user (set in service tenant)

#keystone user-create –tenant service –name nova –pass sam –enabled true

Add nova user in admin role

#keystone user-role-add –user nova –tenant service –role admin

confirm settings

#keystone user-list

Add entries for services
Register the Service with the Identity Service so that other OpenStack services can locate it. Register the service and create the endpoint:

Add for keystone

#keystone service-create –name=keystone –type=identity –description=”Keystone Identity Service”

Add for glance

#keystone service-create –name=glance –type=image –description=”Glance Image Service”

Add for nova

#keystone service-create –name=nova –type=compute –description=”Nova Compute Service”

confirm settings

# keystone service-list

Add Endpoints
Define my host

#export my_host=192.168.31.1
Add endpoint for keystone

#keystone endpoint-create –region RegionOne –service keystone –publicurl “http://$my_host:\$(public_port)s/v2.0” –internalurl “http://$my_host:\$(public_port)s/v2.0” –adminurl “http://$my_host:\$(admin_port)s/v2.0”

Add endpoint for glance

#keystone endpoint-create –region RegionOne –service glance –publicurl “http://$my_host:9292/v1” –internalurl “http://$my_host:9292/v1” –adminurl “http://$my_host:9292/v1”

Add endpoint for nova

#keystone endpoint-create –region RegionOne –service nova –publicurl “http://$my_host:\$(compute_port)s/v1.1/\$(tenant_id)s” –internalurl “http://$my_host:\$(compute_port)s/v1.1/\$(tenant_id)s” –adminurl “http://$my_host:\$(compute_port)s/v1.1/\$(tenant_id)s”

confirm settings

#keystone endpoint-list

Install and Configure OpenStack Image Service (Glance).
Install Glance
#apt-get install glance

Add a User and DB for Glance to MySQL.

#mysql -u root -p

mysql> create database glance character set utf8;
Query OK, 1 row affected (0.00 sec)
mysql> grant all privileges on glance.* to glance@’%’ identified by ‘sam’;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit

Configure Glance:

#vi /etc/glance/glance-registry.conf

sql_connection = mysql://glance:sam@192.168.31.1/glance

[keystone_authtoken]
auth_host = 192.168.31.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = sam
flavor = keystone

#vi /etc/glance/glance-api.conf

sql_connection = mysql://glance:sam@192.168.31.1/glance

[keystone_authtoken]
auth_host = 192.168.31.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = sam

flavor = keystone

#glance-manage db_sync

#for service in api registry; do
>service glance-$service restart
>done

Install and Configure OpenStack Compute Service (Nova).

Install Nova:

#apt-get install nova-api nova-cert nova-conductor nova-consoleauth nova-objectstore nova-scheduler nova-network nova-compute-kvm python-novaclient

Add a User and DB for Nova to MySQL.

#mysql -u root -p

mysql> create database nova character set utf8;
Query OK, 1 row affected (0.00 sec)
mysql> grant all privileges on nova.* to nova@’%’ identified by ‘sam’;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit

Configure Nova:

# vi /etc/nova/nova.conf

# add at the last

# uncomment if not need IPv6

use_ipv6=false
auth_strategy=keystone
rootwrap_config=/etc/nova/rootwrap.conf

sql_connection=mysql://nova:sam@192.168.31.1/nova
osapi_compute_listen=”0.0.0.0″
osapi_compute_listen_port=8774
scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
# Glance server’s hostname or IP
glance_host=192.168.31.1
glance_port=9292
glance_protocol=http
rpc_backend = nova.openstack.common.rpc.impl_kombu
notification_driver=nova.openstack.common.notifier.rpc_notifier

# RabbitMQ server’s hostname or IP
rabbit_host = 192.168.31.1

# RabbitMQ server’s ID for auth
rabbit_userid = guest

# RabbitMQ server’s password of the ID above
rabbit_password = sam

libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtGenericVIFDriver
linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
network_api_class=nova.network.api.API
security_group_api=nova
network_manager=nova.network.manager.FlatDHCPManager
# specify nic for public
public_interface=eth0

# specify any name you like for bridge
flat_network_bridge=br100

# specify nic for flat DHCP bridge
flat_interface=eth0

#vi /etc/nova/api-paste.ini

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 192.168.31.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = sam

#nova-manage db sync

#for service in api conductor network scheduler objectstore cert consoleauth compute; do
>service nova-$service restart
>done

confirm status

#nova-manage service list

Add Virtual Machine images in Glance.
Load environment variables first.

#unset SERVICE_TOKEN
#unset SERVICE_ENDPOINT

#vi ~/keystonerc

export OS_USERNAME=admin
export OS_PASSWORD=adminpassword
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://192.168.31.1:35357/v2.0/
export PS1=’\u@\h \W(keystone)\$ ‘

#chmod 600 ~/keystonerc
#source ~/keystonerc
#echo “source ~/keystonerc ” >> ~/.bash_profile

confirm status

#glance image-list

For example, Create a Virtual Machine image of Ubuntu 13.10 for adding.

create a directory for disk image

#mkdir -p /var/kvm/images

create a disk image

#qemu-img create -f qcow2 /var/kvm/images/ubuntu1310.img 10G

Installing image

#virt-install -n Ubuntu1310 -r 2048 –disk path=/var/kvm/images/ubuntu1310.img,format=qcow2 –vcpus=2 –os-type linux –os-variant=ubuntusaucy –nographics –location=’http://jp.archive.ubuntu.com/ubuntu/dists/saucy/main/installer-amd64/’ –extra-args=’console=tty0 console=ttyS0,115200n8 serial’

After installation, change settings in virtual machine like follows and shutdown it.

Install openssh-server.
Remove /etc/udev/rules.d/70-persistent-net.rules if it exists

Add the virtual image to Glance.

#glance image-create –name=”Ubuntu13.10″ –is-public=true –disk-format=qcow2 –container-format=bare < /var/kvm/images/ubuntu1310.img

Confirm image

#glance image-list

Create and Start Virtual Machine Instance.
Create a network which instances use in OpenStack internal system.

#nova-manage network create –label network01 –dns1 192.168.31.1 –fixed_range_v4=192.168.32.0/24

#nova-manage network list

Change default security rules to access to instances with SSH.

permit SSH

#nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

permit ICMP

#nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0

#nova secgroup-list-rules default

Specify flavor (memory or disk) and create an instance and boot it.

default flavor list

#nova flavor-list

confirm virtual image

#nova image-list

create and boot an instance

#nova boot –flavor 2 –image Ubuntu13.10 –security_group default Ubuntu_Saucy

confirm status

#nova list

after few minutes later, the Status turns “ACTIVE” like follows

#nova list

It’s OK if answer replys like follows

#ping 10.1.0.2

#ssh root@192.168.32.2

If you’d like to stop an instance, it’s possible to shutdown in instance with shutdown command off course, but it’s also possible to control with nova command like follows.

#nova list

#nova stop Ubuntu_Saucy

#nova list

It’s possible to access to Virtual machine Instance to set Floating IP address.

Change Nova’s setting first to assign Floating IP address automatically.

#vi /etc/nova/nova.conf

auto_assign_floating_ip=True

#service nova-network restart

Set Floating IP address. For exmaple, assign 192.168.31.248/29 for Floating IP addresses in internal network 192.168.31.0/24.

#nova-manage floating create –ip_range=192.168.31.248/29

#nova-manage floating list

Create a new instance and boot it, then Floating IP is assgined automatically like follows. In the example below, The “192.168.31.249” is just the Floating IP.

create and boot Instance

#nova boot –flavor 2 –image Ubuntu13.10 –security_group default Ubuntu13.10_NEW

#nova list

The Instances created before setting Floating IP, Floating IP does not assigned automatically, so it necessarry to set it manually like follows.

#nova list

Assign “192.168.31.250” to “Ubuntu_Saucy”

#nova add-floating-ip Ubuntu_Saucy 192.168.31.250

#nova list

Configure OpenStack Dashboard Service (Horizon).

It’s possible to controle OpenStack on Web GUI to set Dashboard.

Install Horizon

#apt-get install openstack-dashboard nova-novncproxy

Configure nova.conf to get virtual machines’ console on Dashboard.

#vi /etc/nova/nova.conf

novncproxy_host=0.0.0.0
novncproxy_port=6080
novncproxy_base_url=http://192.168.31.1:6080/vnc_auto.html
vncserver_listen=192.168.31.1
vncserver_proxyclient_address=192.168.31.1
vnc_enabled=true

#vi /etc/openstack-dashboard/local_settings

OPENSTACK_HOST = “192.168.31.1”

#service nova-novncproxy restart
#service nova-compute restart
#service apache2 restart

Access to the URL below with web browser.

http://(your server’s hostname or IP address)/horizon/

It’s OK from server’s local or remore Client PC because default settings of httpd is just “allow from all”.
After accessing, following screen is displayed, then login with the admin user which you added in Keystone.

If it’s OK to login normally, following screen is displayed. You can control Openstack on this Dashboard.

To access an instance, Click “Instances” on the left menu. Then, instances’ list is shown on the right, next Click the name of instance you’d like to access.

The description of instance is shown, next, Click “Console” tab.

The console of instance is shown. You can operate a n instance on here.

Install and Configure OpenStack Block Storage (Cinder).

Install Cinder

#apt-get install cinder-api cinder-scheduler cinder-volume

Add a user and so on for Cinder in Keystone

Add cinder user (in service tenant)

#keystone user-create –tenant service –name cinder –pass sam –enabled true

Add cinder user in admin role

#keystone user-role-add –user cinder –tenant service –role admin

Add service entry for cinder

#keystone service-create –name=cinder –type=volume –description=”Cinder Service”

Define own host

#export my_host=192.168.31.1

Add endpoint for cinder

#keystone endpoint-create –region RegionOne –service cinder –publicurl “http://$my_host:8776/v1/\$(tenant_id)s” –internalurl “http://$my_host:8776/v1/\$(tenant_id)s” –adminurl “http://$my_host:8776/v1/\$(tenant_id)s”

Add a user and DB for Cinder in MySQL

# mysql -u root -p

mysql> create database cinder character set utf8;
Query OK, 1 row affected (0.00 sec)
mysql> grant all privileges on cinder.* to cinder@’%’ identified by ‘sam’;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit