Book Image

Production Ready OpenStack - Recipes for Successful Environments

By : Arthur Berezin
Book Image

Production Ready OpenStack - Recipes for Successful Environments

By: Arthur Berezin

Overview of this book

OpenStack is the most popular open source cloud platform used by organizations building internal private clouds and by public cloud providers. OpenStack is designed in a fully distributed architecture to provide Infrastructure as a Service, allowing us to maintain a massively scalable cloud infrastructure. OpenStack is developed by a vibrant community of open source developers who come from the largest software companies in the world. The book provides a comprehensive and practical guide to the multiple uses cases and configurations that OpenStack supports. This book simplifies the learning process by guiding you through how to install OpenStack in a single controller configuration. The book goes deeper into deploying OpenStack in a highly available configuration. You'll then configure Keystone Identity Services using LDAP, Active Directory, or the MySQL identity provider and configure a caching layer and SSL. After that, you will configure storage back-end providers for Glance and Cinder, which will include Ceph, NFS, Swift, and local storage. Then you will configure the Neutron networking service with provider network VLANs, and tenant network VXLAN and GRE. Also, you will configure Nova's Hypervisor with KVM, and QEMU emulation, and you will configure Nova's scheduler filters and weights. Finally, you will configure Horizon to use Apache HTTPD and SSL, and you will customize the dashboard's appearance.

Related Content you might be interested in

Current Title:

Small book image
Production Ready OpenStack - Recipes for Successful Environments
Arthur Berezin
Oct, 2015 | 210 pages
No titles found
Table of Contents (16 chapters)
Production Ready OpenStack - Recipes for Successful Environments
Production Ready OpenStack - Recipes for Successful Environments
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introduction to OpenStack and its Deployment Using Packages
Introduction to OpenStack and its Deployment Using Packages
Introduction
Configuring hosts prerequisites
Installing MariaDB database
Installing RabbitMQ
Installing Keystone – Identity service
Generating and configuring tokens PKIs
Installing Glance – images service
Installing Nova – Compute service
Installing Neutron – networking service
Configuring Neutron network node
Configuring compute node for Neutron
Installing Horizon – web user interface dashboard
2
Deploying OpenStack Using Staypuft OpenStack Installer
Deploying OpenStack Using Staypuft OpenStack Installer
Introduction
Setting up the environment
Installing Staypuft packages
Discovering hosts for provisioning
Creating a new OpenStack deployment
Configuring a network
Allocating hosts to roles
Configuring host networking
Deploying OpenStack
3
Deploying Highly Available OpenStack
Deploying Highly Available OpenStack
Introduction
Installing Pacemaker
Installing HAProxy
Configuring Galera cluster for MariaDB
Installing RabbitMQ with mirrored queues
Configuring highly available OpenStack services
4
Keystone Identity Service
Keystone Identity Service
Introduction
Configuring Keystone with the MariaDB backend
Generating and configuring tokens PKIs
Configuring Keystone with Microsoft Active Directory and LDAP
Configuring Keystone caching with Memcached
Securing Keystone with SSL
5
Glance Image Service
Glance Image Service
Introduction
Configuring Glance with the local file backend
Configuring Glance with the NFS backend
Configuring Glance with the Swift backend
Configuring Glance with the Ceph backend
Configuring Glance image caching
Configuring the Glance image size limit and storage quota
6
Cinder Block Storage Service
Cinder Block Storage Service
Introduction
Configuring Cinder with the logical volume management backend driver
Configuring Cinder with the Ceph RADOS block device backend driver
Configuring Cinder with the Network File System (NFS) backend driver
Configuring Cinder with the Ceph RBD backup driver
Configuring Cinder with multiple backends
Configuring Cinder scheduler filters and weighers
7
Neutron Networking Service
Neutron Networking Service
Introduction
Configuring Neutron VLAN provider network with ML2 and LinuxBridge
Configuring Neutron VXLAN and GRE tenant networks using Open vSwitch
Configuring the L3 agent with Open vSwitch
Configuring the DHCP service agent
Configuring LoadBalancer as a service
Configuring Firewall as a Service
8
Nova-Compute Service
Nova-Compute Service
Introduction
Configuring Nova Hypervisors
Configuring Nova-compute with KVM Hypervisor
Configuring Nova-compute with a QEMU Hypervisor emulation
Configuring Nova scheduler filters
Configuring Nova host aggregates
Configuring Nova host aggregates filters
Configuring Nova scheduler weights
9
Horizon Dashboard Service
Horizon Dashboard Service
Introduction
Securing Horizon with Secure Socket Layer
Configuring Horizon caching with memcached
Customizing Horizon dashboard appearance
Index
Index

Installing Glance – images service

Glance images service provides services that allow us to store and retrieve operating system disk images to launch instances from. In our example, environment Glance service is installed on the controller node. Glance service consists of two services: Glance API, which is responsible for all API interactions, and glance-registry, which manages image database registry. Each has a configuration file under /etc/glance/.

Getting ready

Before configuring Glance, we need to create a database for it and grant the needed database credentials. We need to create user account for Glance in the Keystone user registry for Glance to be able to authenticate against Keystone. Finally, we will need to open appropriate firewall ports.

Create database

Use MySQL command with root a account to create the Glance database:

[root@controller ~(keystone_admin)]# mysql -u root -p

  1. Create Glance database:

    MariaDB [(none)]> CREATE DATABASE glance_db;

  2. Create Glance database user account and grant access permissions, where my_glance_db_password is your password:

    MariaDB [(none)]> GRANT ALL ON glance_db.* TO 
'glance_db_user'@'%' IDENTIFIED BY 'my_glance_db_password';
MariaDB [(none)]> GRANT ALL ON glance.* TO 'glance_db'@'localhost' IDENTIFIED BY 'my_glance_db_password';

  3. Flush all changes:

    MariaDB [(none)]> FLUSH PRIVILEGES;

  4. At this point, we can quit the MariaDB client:

    MariaDB [(none)]> quit

  5. Create Glance tables:

    [root@controller glance(keystone_admin)]# glance-manage db_sync

Create Glance service credentials and endpoint in Keystone

Gain Keystone admin privileges to create Glance service account in Keystone:

[root@controller ~]# source keystonerc_admin

  1. Create a Keystone user account for Glance:

    [root@controller ~(keystone_admin)]# keystone user-create --name glance --pass glance_password

  2. Add an admin role to the glance user and services tenants:

    [root@controller ~(keystone_admin)]# keystone user-role-add --user glance --role admin --tenant services

  3. Create a glance service:

    [root@controller ~(keystone_admin)]# keystone service-create --name glance --type image --description "Glance Image Service"

  4. Create an endpoint for glance service:

    [root@controller ~(keystone_admin)]# keystone endpoint-create --service glance --publicurl "http://10.10.0.1:9292" --adminurl "http://10.10.0.1:9292" --internalurl "http://10.10.0.1:9292"

Open service firewall ports

  1. Set Glance to use port 9292, edit /etc/glance/glance-api.conf with following lines:

    bind_host = 10.10.0.1
bind_port = 9292

  2. Add a firewall rule:

    [root@controller ~(keystone_admin)]# firewall-cmd --permanent --add-port=9292/tcp

Install service packages

Install Glance service packages using yum command:

[root@controller ~]# yum install -y openstack-glance

Service configuration

At this point, all prerequisites for Glance should be ready and we can go ahead and configure Glance. We need to set its database connection, configure Glance to use RabbitMQ, and configure Glances authentication strategy to use Keystone.

How to do it...

Follow these steps to configure Glance image service:

Configure database connection

  1. Set the connection string for glance-api:

    [root@controller ~(keystone_admin)]# openstack-config --set /etc/glance/glance-api.conf    DEFAULT sql_connection mysql://glance_db_user:[email protected]/glance_db

  2. Set connection string for glance-registry:

    [root@el7-icehouse-controller ~(keystone_admin)]# openstack-config --set /etc/glance/glance-registry.conf DEFAULT sql_connection mysql://glance_db_user:[email protected]/glance_db

  3. Configure the message broker using openstack-config command:

    # openstack-config --set /etc/glance/glance-api.conf DEFAULT \rpc_backend rabbit
# openstack-config --set /etc/glance/glance-api.conf DEFAULT \rabbit_host 10.10.0.1
# openstack-config --set /etc/glance/glance-api.conf DEFAULT \rabbit_userid guest
# openstack-config --set /etc/glance/glance-api.conf DEFAULT \rabbit_password guest_password

Configure Glance service

  1. Configure Glance to use Keystone as an authentication method:

    [root@controller ~(keystone_admin)]# openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
[root@controller ~(keystone_admin)]# openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken auth_host 10.10.0.1
[root@controller ~(keystone_admin)]# openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken auth_port 35357
[root@controller ~(keystone_admin)]# openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken auth_protocol http
[root@controller ~(keystone_admin)]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name services
[root@controller ~(keystone_admin)]# openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken admin_user glance
[root@controller ~(keystone_admin)]# openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken admin_password glance_password

  2. Now configure glance-registry to use Keystone for authentication:

    [root@controller ~(keystone_admin)]# openstack-config --set /etc/glance/glance-registry.conf   paste_deploy flavor keystone
[root@controller ~(keystone_admin)]# openstack-config --set /etc/glance/glance-registry.conf   keystone_authtoken auth_host 192.168.200.258
[root@controller ~(keystone_admin)]# openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken auth_port 35357   
[root@controller ~(keystone_admin)]# openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken auth_protocol http
[root@controller ~(keystone_admin)]# openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken admin_tenant_name services
[root@controller ~(keystone_admin)]# openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken admin_user glance
[root@controller ~(keystone_admin)]# openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken admin_password password

    Note

    By default, Glance will store images as files in a local directory /var/lib/glance/images/, so this configuration is not needed at this point.

  3. Start and enable the service:

    [root@controller ~]# systemctl start openstack-glance-api
[root@controller ~]# systemctl start openstack-glance-registry

There's more…

If the installation and configuration was successful, we can upload our fist image to Glance registry. CirrOS Linux image is a good candidate as it is extremely small in size and functional enough to test most OpenStack's functionalities.

Verify successful installation

If glance was successfully installed and configured, we may upload our fist image.

  1. First, download a CirrOS image to the controller node:

    [root@controller glance(keystone_admin)]# wget  http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
Then, upload the image to Glance registry using glance image-create command:
[root@controller glance(keystone_admin)]# glance image-create--name="cirros-0.3.2-x86_64" --disk-format=qcow2 --container-format=bare --is-public=true -–file cirros-0.3.2-x86_64-disk.img

  2. List all glance images using glance image-list command:

    [root@controller glance(keystone_admin)]# glance image-list
If the upload of the image was successful, the Cirros image will appear in the list.
Previous Section
End of Section 8
Next Section