What is OpenStack and why should I need it?
In short terms: OpenStack is a collection of software, made to control resources (e.g. CPU, Harddisks, RAM, etc.) on many hosts efficiently. In other words: it’s a cloud management/orchestration system.
I use it to provision VMs.
Do you need it?
That depends.
If you are planning to go cloud native and develop all your software with solely DevOps principles in Mind (e.g. lean and agile) and to be fully stateless and REST-ified, the you might just jump to Kubernetes.
If you think another management Layer underneath it, so that you can manage (e.g.) several Kubernetes-Clusters on (e.g.) VMs and separate VMs (with a good developed Service catalogue and self service functions, etc.), wont hurt, you could give it a try.
Also be aware that this adds another level of complexity to your infrastructure (and I mean it…).
What’s this about?
In this post I’ll cover what I’ve learned about OpenStack during the installation.
This is not a HowTo per se.
An excellent HowTo (the one I worked with) can be found on the OpenStack Site:
https://docs.openstack.org/newton/install-guide-debian/
These notes are meant to be used with the above HowTo and to generally learn about the OpenStack.
Also, it pretty much compiles the more relevant (for me, at least at the moment) parts of the setup, so one gets to a working installation more quickly.
Pre-requisites
- one will need at least two nodes (controller and worker) for a working setup
- I recommend at least four (redundant master and workers)
- the setup of block-/objectstorage nodes is not covered here
Installation (the Basics)
These are the most basic packages needed, categorized by node type.
| Category | Item | Host | Note |
| Basic | 2 NIC (Mgmt./Traffic) | all | 1 Interface should be reserved exclusively for the communication/synchronization of the hosts. The other is used for “normal” traffic. |
| Basic | Chrony | all | Install chrony on all hosts and make sure ntp sync works and all hosts have the same time. |
| Basic | Python-openstackclient | all | openstackclient is needed on every host (read here how to install it: https://docs.openstack.org/newton/install-guide-debian/environment-packages.html) |
| Basic | mariadb | Master | the master needs a database, I use mariadb but you may also use postgres. |
| Basic | Rabbitmq-server | Master | a message broker is needed others may be used as well. Note your username and password. https://docs.openstack.org/newton/install-guide-debian/environment-messaging.html |
| Basic | Memcached | Master | memcached is needed on the master to store auth tokens. https://docs.openstack.org/newton/install-guide-debian/environment-memcached.html |
Installation (ID-Service)
Now that the basic packages are installed, the Installation and Configuration of OpenStacks Services may begin. As mentioned above, OS consists of several modular Services of which some are mandatory and others optional.
The ID-Service is mandatory, runs on the master and is needed to authenticate and authorize (Tool-)users, it also manages the service catalogue (more on this later).
It’s Name ist keystone.
The relvant part of OpenStacks documentation is:
https://docs.openstack.org/newton/install-guide-debian/keystone-install.html
| ID-Service | Mysql-Config | Master | CREATE DB keystone, GRANT |
| ID-Service | keystone | Master | install the keystone packages (keystone itself consists of several components). |
| ID-Service | keystone Conf | Master | configure the DB and the fernet token provider The fernet tokens are bearer tokens used for authentication (more info: https://docs.openstack.org/keystone/pike/admin/identity-fernet-token-faq.html) |
| ID-Service | conf apache enable wsgi-site | Master | configure apache + enable mod-wsgi In my case the correct module was not installed automatically so you might need to “apt-get install libapache2-mod-wsgi”. Also there wer problems related to python3 on the system (I’m writing this from my notes) so if it does not work out of the box you might want to check python versions and dependencies. |
| ID-Service | exports (nochmal anschauen!) | Master | Login Config add a new user for this or just do it as root. |
| ID-Service | create configs and shell aliases for admin and user access | Master | for now I’ve just added several echo “export FOO=” to /etc/admin_openrc_cmd and /etc/demo_openrc_cmd. also some aliases: alias demo-openrc=’eval $(/etc/demo_openrc_cmd)’ |
Installation (Image Service)
Next is the Image Service (named glance) it enables our users (self service) to discover, register and retrieve virtual machine images.
https://docs.openstack.org/newton/install-guide-debian/glance-install.html
| Imageservice | configure a file backend | Master | In productive Environments this should be on a separate Storage, for testing purposes it is sufficient to use a separate filesystem/directory. Citation: “Storage repository for image files Various repository types are supported including normal file systems (or any filesystem mounted on the glance-api controller node), Object Storage, RADOS block devices, VMware datastore, and HTTP. Note that some repositories will only support read-only usage.” |
| Imageservice | DB erstellen | Master | glance db user: username, pw:password |
| Imageservice | create user endpoints | Master | define groups and users that may use (parts of) the image service. |
| Imageservice | install glance | Master | glance from jessie-backports + configs + glance-services, glance-api (restart) |
| Imageservice | upload image (debian) | Master | I just used some debian image in qcow2 format. |
Installation (Compute Service)
The compute service is the core of this IaaS Setup and interacts with the identity- and image service for auth and deployments, as well as dashboards, it also manages the Hypervisor on nodes, etc..
The Name is: Nova.
https://docs.openstack.org/newton/install-guide-debian/nova-controller-install.html
https://docs.openstack.org/newton/install-guide-debian/common/get-started-compute.html
| Computeservice | DB-Config | Master | create Nova and nova_api db, user config, etc. |
| Computeservice | install Nova Service | Master | nova-api nova-conductor nova-consoleauth nova-consoleproxy nova-scheduler |
| Computeservice | make dbs known in Novaconfig | Master | /etc/nova/nova.conf (mysql config) |
| Computeservice | RabbitMQ | Master | configure rabbitMQ, read the docs: https://docs.openstack.org/newton/install-guide-debian/nova-controller-install.html |
| Computeservice | Compute-DB | Master | execute the scripts to initialize the compute db. |
| Computeservice | restart Nova Services | Master | restart |
| Computeservice | install nova-compute | ComputeNode | Install nova-compute services (provides hypervisor, etc.) |
| Computeservice | configure Nova-Compute (VNC, etc.) | ComputeNode | https://docs.openstack.org/newton/install-guide-debian/nova-compute-install.html |
| Computeservice | firewalling | ComputeNode | 5672 out |
| Computeservice | firewalling | Master | 5672 in |
Installation (Networking Service)
At last, for now, the networking service must be installed and configured.
Here one has to make a decision, even for the test-setup.
There are two modes: provider and SelfService.
Provider leaves it up to you to configure the networks for services/VMs and selfService is what the name says.
Read more on the concepts:
https://docs.openstack.org/newton/install-guide-debian/neutron-concepts.html
Also, check the installation guide:
https://docs.openstack.org/newton/install-guide-debian/neutron-controller-install.html
| Networkservice | create DB | Master | DB-Name: neutron, User: neutron, pw: password |
| Networkservice | create openstack user: (Team/Your)user | Master | use the script created above and create the user. |
| Networkservice | add openstack admin role to the neutron User | Master | use the script, follow the howTo. |
| Networkservice | create neutron Service | Master | use the script, follow the howTo. |
| Networkservice | create Network (Provider) | Master | As stated above: 2 possibilities, Provider and SS. For testing admin is probably the best as one will need an appropriate infrastructure to make sense of user defined routing/ips and the like. |
| Networkservice | Neutron Pakete installieren | Master | follow the howTo |
| Networkservice | configure Networking Serve | Master | (Server contains. DB, Message Queue, Auth, topology change, plug-ins, etc.) /etc/neutron/neutron.conf (keystone, Auth, ml2 plugin, rabbitmq) |
| Networkservice | configure MLayer2 Plugin | Master | /etc/neutron/plugins/ml2/ml2_conf.ini |
| Networkservice | configure linuxbridge agent | Master | /etc/neutron/plugins/ml2/linuxbridge_agent.ini IT’s recommended to configure the firewall driver. make sure to either integrate or disable an already firewall. |
| Networkservice | configure dhcp agent | Master | /etc/neutron/dhcp_agent.ini |
| Networkservice | configure metadata agent | Master | /etc/neutron/metadata_agent.ini metadata_secret=mysecret |
| Networkservice | configure Compute Service konfen to use the Networking Service | Master | /etc/nova/nova.conf |
| Networkservice | initalize DB | Master | Neutron-db-manage (just follow the howto) |
| Networkservice | install the Compute Nodes | ComputeNode | (just follow the howto) |
Conclusion
Installation is possible (though problematic because of python2/3 dependencies on some packages (openstack is written mostly in python).
Also the documentation is quite excellent.
I fear updating it though, because it very much depends on versioned APIs, I guess at least a second cluster should be build – one for testing, one for production – if testing is stable enough, clusters should be switched and the old production cluster should become the new testing cluster and so on.