First install MySQL and openstack
pkg install mysql-56 pkg:/database/mysql-56/client openstack service/network/openvswitch
MySQL configuration
zfs create -o mountpoint=/mysql rpool/mysql
mkdir /mysql/logs
mkdir /mysql/innodb
cp /etc/mysql/5.6/my.cnf /mysql/
cd /etc/mysql/5.6/; mv my.cnf my.cnf.orig; ln -s /mysql/my.cnf
chown -R mysql:mysql /mysql
pkg install mysql-56 pkg:/database/mysql-56/client openstack service/network/openvswitch
MySQL configuration
zfs create -o mountpoint=/mysql rpool/mysql mkdir /mysql/logs mkdir /mysql/innodb cp /etc/mysql/5.6/my.cnf /mysql/ cd /etc/mysql/5.6/; mv my.cnf my.cnf.orig; ln -s /mysql/my.cnf chown -R mysql:mysql /mysql
sample my.cnf
# For advice on how to change settings please see # http://dev.mysql.com/doc/refman/5.6/en/server-configuration-defaults.html [mysqld] default-storage-engine = InnoDB collation-server = utf8_unicode_ci init-connect = 'SET NAMES utf8' character-set-server = utf8 # Remove leading # and set to the amount of RAM for the most important data # cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%. # innodb_buffer_pool_size = 128M # Remove leading # to turn on a very important data integrity option: logging # changes to the binary log between backups. # log_bin # These are commonly set, remove the # and set as required. basedir = /usr/mysql/5.6 datadir = /mysql/innodb port = 3306 # server_id = ..... socket = /tmp/mysql.sock # Remove leading # to set options mainly useful for reporting servers. # The server defaults are faster for transactions and fast SELECTs. # Adjust sizes as needed, experiment to find the optimal values. join_buffer_size = 128M sort_buffer_size = 2M read_rnd_buffer_size = 2M ### Copied from a 5.5 config innodb_data_home_dir = /mysql/innodb innodb_data_file_path = ibdata1:10M:autoextend innodb_log_group_home_dir = /mysql/innodb # You can set .._buffer_pool_size up to 50 – 80 % # of RAM but beware of setting memory usage too high innodb_buffer_pool_size = 16M #innodb_additional_mem_pool_size = 2M # Set .._log_file_size to 25 % of buffer pool size innodb_log_file_size = 5M innodb_log_buffer_size = 8M innodb_flush_log_at_trx_commit = 1 innodb_lock_wait_timeout = 50 sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES [client] default-character-set=utf8 [mysql] default-character-set=utf8
Now lets create a MySQL DB
export PATH=$PATH:/usr/mysql/5.6/bin /usr/mysql/5.6/bin/mysql_install_db --defaults-file=/mysql/my.cnf --user=mysql --datadir=/mysql/innodb --basedir=/usr/mysql/5.6 --pid-file=/mysql/mysql.pid
Now start mysql
/usr/mysql/5.6/bin/mysqld --defaults-file=/mysql/my.cnf --basedir=/usr/mysql/5.6 --datadir=/mysql/innodb --user=mysql --pid-file=/mysql/mysql.pid &
Update root password
mysqladmin -u root password [press enter]
Secure MySQL
/usr/mysql/5.6/bin/mysql_secure_installation Enter current password for root (enter for none): Set root password? [Y/n] n Remove anonymous users? [Y/n] y Disallow root login remotely? [Y/n] n Remove test database and access to it? [Y/n] y Reload privilege tables now? [Y/n] y
Configure SMF
svccfg -s svc:/application/database/mysql:version_56 setprop mysql/cnf=/mysql/my.cnf svccfg -s svc:/application/database/mysql:version_56 setprop mysql/data=/mysql/innodb svcadm refresh mysql:version_56
Stop the MySQL instance running from before and start with SMF
kill %1 svcadm enable mysql
Create MySQL tables by running the below
: #controller-short-name="oscntrl1" #controller-IP="10.10.2.216" #controller-fqdn="oscntrl1.domain.com" #storage-short-name="oscntrl1" #storage-IP="10.10.2.216" #storage-fqdn="oscntrl1.domain.com" #service-password="password" # ----------------------------------------- # mysql -u root -p<Configure rabbitmq
/etc/rabbitmq/rabbitmq.config
Change from % FHC read buffer has been disabled by default in later versions of %RabbitMQ. [ {rabbit, [ {fhc_read_buffering, false} ]} ]. to % FHC read buffer has been disabled by default in later versions of %RabbitMQ. [ {rabbit, [ {fhc_read_buffering, false}, {loopback_users, []} ]} ].Now enable the service
svcadm enable rabbitmq svcadm restart rad:localAdd rabbitmq user
rabbitmqctl add_user admin password rabbitmqctl set_permissions admin ".*" ".*" ".*"Configure keystone sample_data
cp /usr/demo/openstack/keystone/sample_data.sh /usr/demo/openstack/keystone/sample_data.sh-orgModify /usr/demo/openstack/keystone/sample_data.sh
# Note: Add a set-x for debugging # From ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete} # To ADMIN_PASSWORD=${ADMIN_PASSWORD:-password} # From GLANCE_PASSWORD=${GLANCE_PASSWORD:-${SERVICE_PASSWORD:-glance}} # Note: All the services [..] # To GLANCE_PASSWORD=${GLANCE_PASSWORD:-${SERVICE_PASSWORD:-gl # From localhost # To oscntrl1 # From openstack project create demo # To openstack project create devtech101 # From openstack user create admin --project devtech101 # to openstack user create admin --project demo # From --project devtech101 # To --project demoModify keystone config
First create a rnadom key
openssl rand -hex 10 9d77f9bad250d97c365eNow update the keystone.conf with the random key
Note: Replace admin_token ADMIN with random key/etc/keystone/keystone.conf admin_token 9d77f9bad250d97c365e rabbit_host=oscntrl1 connection=mysql://keystone:password@oscntrl1/keystoneAdd to root & keystone profile
As root echo " export CONTROLLER_PUBLIC_ADDRESS=10.10.2.216 export CONTROLLER_ADMIN_ADDRESS=10.10.2.216 export CONTROLLER_INTERNAL_ADDRESS=10.10.2.216 export SERVICE_TOKEN=9d77f9bad250d97c365e export SERVICE_PASSWORD=password" >>.bash_profile su - keystone echo " export CONTROLLER_PUBLIC_ADDRESS=10.10.2.216 export CONTROLLER_ADMIN_ADDRESS=10.10.2.216 export CONTROLLER_INTERNAL_ADDRESS=10.10.2.216 export SERVICE_TOKEN=9d77f9bad250d97c365e export SERVICE_PASSWORD=password" >>.profileNote: Make sure to re-source .bashrc to get the above variables set
Populate the keystone db entry's
Check here for modified sample data
Now enable the keystone service
svcadm enable keystone/usr/demo/openstack/keystone/sample_data.shConfiguring glance
Modify the below files
/etc/glance/glance-api.conf
[DEFAULT] registry_host = 10.10.2.216 auth_strategy = noauth [database] connection=mysql://glance:password@localhost/glance [keystone_authtoken] auth_uri = http://10.10.3.121:5000/v2.0/ identity_uri = http://10.10.3.121:35357/ admin_tenant_name = service admin_user = glance admin_password = password rabbit_host = 10.10.3.121 rabbit_userid = admin rabbit_password = password/etc/glance/glance-cache.conf
[DEFAULT] auth_url = http://10.10.3.1211:5000/v2.0/ admin_tenant_name = service admin_user = glance admin_password = password/etc/glance/glance-registry.conf
[DEFAULT] bind_host = 10.10.2.216 [database] connection = mysql://glance:password@localhost/glance [keystone_authtoken] auth_uri = http://10.10.2.216:5000/v2.0/ identity_uri = http://10.10.2.216:35357/ admin_tenant_name = service admin_user = glance admin_password = password rabbit_host = 10.10.2.216 rabbit_userid = admin rabbit_password = password/etc/glance/glance-scrubber.conf
[DEFAULT] registry_host = 10.10.2.216 auth_url = http://10.10.2.216:5000/v2.0/ identity_uri = http://10.10.2.216:35357/ admin_tenant_name = service admin_user = glance admin_password = password [glance_store] filesystem_store_datadir = /var/lib/glance/images/ [database] connection=mysql://glance:password@localhost/glanceNow enable all services
svcadm enable -rs glance-api glance-db glance-registry glance-scrubberConfiguring Nova
/etc/nova/nova.conf[DEFAULT] rabbit_host=10.10.2.216 rabbit_userid=admin rabbit_password=password my_ip=10.10.2.216 host=oscntrl1 firewall_driver=nova.virt.firewall.NoopFirewallDriver [database] connection=mysql://nova:password@localhost/nova [glance] host=10.10.2.216 [keystone_authtoken] auth_uri=http://10.10.2.216:5000/v2.0/ identity_uri=http://10.10.2.216:35357/ admin_user=nova admin_password=password admin_tenant_name=service [neutron] url=http://10.10.2.216:9696 admin_username=neutron admin_password=password admin_tenant_id=service admin_auth_url=http://10.10.2.216:5000/v2.0/etc/nova/api-paste.ini
[filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory admin_user = nova admin_password = password admin_tenant_name = service auth_uri = http://10.10.2.216:5000/v2.0/ identity_uri = http://10.10.2.216:35357Enable the Nova SMF services.
svcadm enable -rs nova-conductor svcadm enable -rs nova-api-osapi-compute nova-cert nova-schedulerCreate .profile for nova
export OS_USERNAME=nova export OS_PASSWORD=password export OS_TENANT_NAME=service export OS_AUTH_URL=http://10.10.3.121:5000/v2.0/Configuring Horizon
Create a certifcate
export DASHBOARD=/etc/openstack_dashboard
cd ${DASHBOARD}
openssl req -new -x509 -nodes
-out horizon.crt -keyout horizon.key
Generating a 1024 bit RSA private key
..++++++
.++++++
writing new private key to 'horizon.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:US
State or Province Name (full name) []:New-York
Locality Name (eg, city) []:NY
Organization Name (eg, company) []:Devtech101
Organizational Unit Name (eg, section) []:IS
Common Name (e.g. server FQDN or YOUR name) []:os1.domain.com
Email Address []:admin@devtech101.comchmod 0644 ${DASHBOARD}/*
chown webservd:webservd ${DASHBOARD}/*Create Apache config file
sed -e "/SSLCertificateFile/s:/path.*:${DASHBOARD}/horizon.crt:" -e "/SSLCACertificateFile/d" -e "/SSLCertificateKeyFile/s:/path.*:${DASHBOARD}/horizon.key:" < /etc/apache2/2.4/samples-conf.d/openstack-dashboard-tls.conf > /etc/apache2/2.4/conf.d/openstack-dashboard-tls.confModify the file with you host/domian name /etc/apache2/2.4/conf.d/openstack-dashboard-tls.conf
RedirectPermanent /horizon https://controller-fqdn/horizon ServerName controller-fqdnIn solaris 12, If Analytics is running on the node, redirect the Web BUI service and restart it
svccfg -s webui/server:default svc:/system/webui/server:default> setprop conf/redirect_from_https = false svc:/system/webui/server:default> refresh svc:/system/webui/server:default> ^D svcadm restart webui/serverEnable the horizon service
svcadm enable apache24Configure cinder
/etc/cinder/cinder.conf
[DEFAULT] rabbit_host=10.10.2.216 rabbit_userid=admin rabbit_password=password my_ip=10.10.2.216 [database] connection=mysql://cinder:password@localhost/cinder [keystone_authtoken] auth_uri=http://10.10.2.216:5000/v2.0/ identity_uri=http://10.10.2.216:35357/ admin_user=cinder admin_password=password admin_tenant_name=serviceIf iSCSI targets are configured, enable the corresponding SMF services
svcadm enable iscsi/target stmfEnable the Cinder SMF services
svcadm enable -rs cinder-db svcadm enable -rs cinder-api cinder-schedulerHow to Configure the ZFS Storage Appliance iSCSI Cinder
Driver
ZFS ISCSI driver how to for juno buildConfigure Neutron
/etc/neutron/neutron.conf[DEFAULT] core_plugin = ml2 service_plugins = router bind_host = 10.10.2.216 rabbit_host=10.10.2.216 rabbit_userid=admin rabbit_password=password host= oscntrl1 [agent] root_helper = [keystone_authtoken] auth_uri = http://10.10.2.216:5000/v2.0/ identity_uri = http://10.10.2.216:35357/ admin_tenant_name = service admin_user = neutron admin_password = password [database] connection = mysql://neutron:password@localhost/neutron [nova] auth_plugin = [oslo_concurrency] lock_path = $state_path/lock [oslo_messaging_rabbit] rabbit_host=10.10.2.216 rabbit_userid=admin rabbit_password=password/etc/neutron/l3_agent.ini
[DEFAULT] interface_driver = neutron.agent.solaris.interface.OVSInterfaceDriver external_network_bridgeSet if not using a pure flat network. ovs_integration_bridge = bridge admin_tenant_name = service admin_user = neutron admin_password = password auth_url = http://10.10.2.216:5000/v2.0/ auth_region = RegionOne/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vlan mechanism_drivers = openvswitch [ml2_type_vlan] network_vlan_ranges = physnet1:2000:2000,extnet:1:1 [securitygroup] enable_security_group = False enable_ipset = FalseEnable neutron server
svcadm enable neutron-server/etc/neutron/dhcp_agent.ini
[DEFAULT] interface_driver = neutron.agent.solaris.interface.OVSInterfaceDriver dhcp_driver = neutron.agent.solaris.dhcp.Dnsmasq use_namespaces = False ovs_integration_bridge = br_int0 admin_user = neutron admin_password = password admin_tenant_name = service auth_url = http://10.10.2.216:5000/v2.0/ auth_region = RegionOneEnable DHCP agent
svcadm enable neutron-dhcp-agent