First install MySQL and openstack
1
pkg install mysql-56 pkg:/database/mysql-56/client openstack service/network/openvswitch
MySQL configuration
1 |
pkg install mysql-56 pkg:/database/mysql-56/client openstack service/network/openvswitch |
MySQL configuration
1 2 3 4 5 6 |
zfs create -o mountpoint=/mysql rpool/mysql mkdir /mysql/logs mkdir /mysql/innodb cp /etc/mysql/5.6/my.cnf /mysql/ cd /etc/mysql/5.6/; mv my.cnf my.cnf.orig; ln -s /mysql/my.cnf chown -R mysql:mysql /mysql |
sample my.cnf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
# For advice on how to change settings please see # http://dev.mysql.com/doc/refman/5.6/en/server-configuration-defaults.html [mysqld] default-storage-engine = InnoDB collation-server = utf8_unicode_ci init-connect = 'SET NAMES utf8' character-set-server = utf8 # Remove leading # and set to the amount of RAM for the most important data # cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%. # innodb_buffer_pool_size = 128M # Remove leading # to turn on a very important data integrity option: logging # changes to the binary log between backups. # log_bin # These are commonly set, remove the # and set as required. basedir = /usr/mysql/5.6 datadir = /mysql/innodb port = 3306 # server_id = ..... socket = /tmp/mysql.sock # Remove leading # to set options mainly useful for reporting servers. # The server defaults are faster for transactions and fast SELECTs. # Adjust sizes as needed, experiment to find the optimal values. join_buffer_size = 128M sort_buffer_size = 2M read_rnd_buffer_size = 2M ### Copied from a 5.5 config innodb_data_home_dir = /mysql/innodb innodb_data_file_path = ibdata1:10M:autoextend innodb_log_group_home_dir = /mysql/innodb # You can set .._buffer_pool_size up to 50 – 80 % # of RAM but beware of setting memory usage too high innodb_buffer_pool_size = 16M #innodb_additional_mem_pool_size = 2M # Set .._log_file_size to 25 % of buffer pool size innodb_log_file_size = 5M innodb_log_buffer_size = 8M innodb_flush_log_at_trx_commit = 1 innodb_lock_wait_timeout = 50 sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES [client] default-character-set=utf8 [mysql] default-character-set=utf8 |
Now lets create a MySQL DB
1 2 |
export PATH=$PATH:/usr/mysql/5.6/bin /usr/mysql/5.6/bin/mysql_install_db --defaults-file=/mysql/my.cnf --user=mysql --datadir=/mysql/innodb --basedir=/usr/mysql/5.6 --pid-file=/mysql/mysql.pid |
Now start mysql
1 |
/usr/mysql/5.6/bin/mysqld --defaults-file=/mysql/my.cnf --basedir=/usr/mysql/5.6 --datadir=/mysql/innodb --user=mysql --pid-file=/mysql/mysql.pid & |
Update root password
1 |
mysqladmin -u root password [press enter] |
Secure MySQL
1 2 3 4 5 6 7 |
/usr/mysql/5.6/bin/mysql_secure_installation Enter current password for root (enter for none): Set root password? [Y/n] n Remove anonymous users? [Y/n] y Disallow root login remotely? [Y/n] n Remove test database and access to it? [Y/n] y Reload privilege tables now? [Y/n] y |
Configure SMF
1 2 3 |
svccfg -s svc:/application/database/mysql:version_56 setprop mysql/cnf=/mysql/my.cnf svccfg -s svc:/application/database/mysql:version_56 setprop mysql/data=/mysql/innodb svcadm refresh mysql:version_56 |
Stop the MySQL instance running from before and start with SMF
1 2 |
kill %1 svcadm enable mysql |
Create MySQL tables by running the below
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
: #controller-short-name="oscntrl1" #controller-IP="10.10.2.216" #controller-fqdn="oscntrl1.domain.com" #storage-short-name="oscntrl1" #storage-IP="10.10.2.216" #storage-fqdn="oscntrl1.domain.com" #service-password="password" # ----------------------------------------- # mysql -u root -p<<EOF # DROP DATABASE if exists nova; CREATE DATABASE nova DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'oscntrl1' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'10.10.2.216' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'oscntrl1.domain.com' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'password'; # # DROP DATABASE if exists cinder; CREATE DATABASE cinder DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'oscntrl1' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'10.10.2.216' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'oscntrl1.domain.com' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'oscntrl1' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'10.10.2.216' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'oscntrl1.domain.com' IDENTIFIED BY 'password'; # # DROP DATABASE if exists glance; CREATE DATABASE glance DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'oscntrl1' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'10.10.2.216' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'oscntrl1.domain.com' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'password'; # # DROP DATABASE if exists keystone; CREATE DATABASE keystone DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'oscntrl1' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'10.10.2.216' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'oscntrl1.domain.com' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'password'; # # DROP DATABASE if exists neutron; CREATE DATABASE neutron DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'oscntrl1' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'10.10.2.216' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'oscntrl1.domain.com' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'password'; # # DROP DATABASE if exists heat; CREATE DATABASE heat DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'oscntrl1' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'10.10.2.216' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'oscntrl1.domain.com' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'password'; FLUSH PRIVILEGES; EOF |
Configure rabbitmq
/etc/rabbitmq/rabbitmq.config
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
Change from % FHC read buffer has been disabled by default in later versions of %RabbitMQ. [ {rabbit, [ {fhc_read_buffering, false} ]} ]. to % FHC read buffer has been disabled by default in later versions of %RabbitMQ. [ {rabbit, [ {fhc_read_buffering, false}, {loopback_users, []} ]} ]. |
Now enable the service
1 2 |
svcadm enable rabbitmq svcadm restart rad:local |
Add rabbitmq user
1 2 |
rabbitmqctl add_user admin password rabbitmqctl set_permissions admin ".*" ".*" ".*" |
Configure keystone sample_data
1
cp /usr/demo/openstack/keystone/sample_data.sh /usr/demo/openstack/keystone/sample_data.sh-org
1 |
cp /usr/demo/openstack/keystone/sample_data.sh /usr/demo/openstack/keystone/sample_data.sh-org |
Modify /usr/demo/openstack/keystone/sample_data.sh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
# Note: Add a set-x for debugging # From ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete} # To ADMIN_PASSWORD=${ADMIN_PASSWORD:-password} # From GLANCE_PASSWORD=${GLANCE_PASSWORD:-${SERVICE_PASSWORD:-glance}} # Note: All the services [..] # To GLANCE_PASSWORD=${GLANCE_PASSWORD:-${SERVICE_PASSWORD:-gl # From localhost # To oscntrl1 # From openstack project create demo # To openstack project create devtech101 # From openstack user create admin --project devtech101 # to openstack user create admin --project demo # From --project devtech101 # To --project demo |
Modify keystone config
First create a rnadom key
1 2 |
openssl rand -hex 10 9d77f9bad250d97c365e |
Now update the keystone.conf with the random key
Note: Replace admin_token ADMIN with random key
1 2 3 4 |
/etc/keystone/keystone.conf admin_token 9d77f9bad250d97c365e rabbit_host=oscntrl1 connection=mysql://keystone:password@oscntrl1/keystone |
Add to root & keystone profile
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
As root echo " export CONTROLLER_PUBLIC_ADDRESS=10.10.2.216 export CONTROLLER_ADMIN_ADDRESS=10.10.2.216 export CONTROLLER_INTERNAL_ADDRESS=10.10.2.216 export SERVICE_TOKEN=9d77f9bad250d97c365e export SERVICE_PASSWORD=password" >>.bash_profile su - keystone echo " export CONTROLLER_PUBLIC_ADDRESS=10.10.2.216 export CONTROLLER_ADMIN_ADDRESS=10.10.2.216 export CONTROLLER_INTERNAL_ADDRESS=10.10.2.216 export SERVICE_TOKEN=9d77f9bad250d97c365e export SERVICE_PASSWORD=password" >>.profile |
Note: Make sure to re-source .bashrc to get the above variables set
Populate the keystone db entry’s
Check here for modified sample data
Now enable the keystone service
1 |
svcadm enable keystone |
1 |
/usr/demo/openstack/keystone/sample_data.sh |
Configuring glance
Modify the below files
/etc/glance/glance-api.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
[DEFAULT] registry_host = 10.10.2.216 auth_strategy = noauth [database] connection=mysql://glance:password@localhost/glance [keystone_authtoken] auth_uri = http://10.10.3.121:5000/v2.0/ identity_uri = http://10.10.3.121:35357/ admin_tenant_name = service admin_user = glance admin_password = password rabbit_host = 10.10.3.121 rabbit_userid = admin rabbit_password = password |
/etc/glance/glance-cache.conf
1 2 3 4 5 |
[DEFAULT] auth_url = http://10.10.3.1211:5000/v2.0/ admin_tenant_name = service admin_user = glance admin_password = password |
/etc/glance/glance-registry.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
[DEFAULT] bind_host = 10.10.2.216 [database] connection = mysql://glance:password@localhost/glance [keystone_authtoken] auth_uri = http://10.10.2.216:5000/v2.0/ identity_uri = http://10.10.2.216:35357/ admin_tenant_name = service admin_user = glance admin_password = password rabbit_host = 10.10.2.216 rabbit_userid = admin rabbit_password = password |
/etc/glance/glance-scrubber.conf
1 2 3 4 5 6 7 8 9 10 11 |
[DEFAULT] registry_host = 10.10.2.216 auth_url = http://10.10.2.216:5000/v2.0/ identity_uri = http://10.10.2.216:35357/ admin_tenant_name = service admin_user = glance admin_password = password [glance_store] filesystem_store_datadir = /var/lib/glance/images/ [database] connection=mysql://glance:password@localhost/glance |
Now enable all services
1 |
svcadm enable -rs glance-api glance-db glance-registry glance-scrubber |
Configuring Nova
/etc/nova/nova.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
[DEFAULT] rabbit_host=10.10.2.216 rabbit_userid=admin rabbit_password=password my_ip=10.10.2.216 host=oscntrl1 firewall_driver=nova.virt.firewall.NoopFirewallDriver [database] connection=mysql://nova:password@localhost/nova [glance] host=10.10.2.216 [keystone_authtoken] auth_uri=http://10.10.2.216:5000/v2.0/ identity_uri=http://10.10.2.216:35357/ admin_user=nova admin_password=password admin_tenant_name=service [neutron] url=http://10.10.2.216:9696 admin_username=neutron admin_password=password admin_tenant_id=service admin_auth_url=http://10.10.2.216:5000/v2.0 |
/etc/nova/api-paste.ini
1 2 3 4 5 6 7 |
[filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory admin_user = nova admin_password = password admin_tenant_name = service auth_uri = http://10.10.2.216:5000/v2.0/ identity_uri = http://10.10.2.216:35357 |
Enable the Nova SMF services.
1 2 |
svcadm enable -rs nova-conductor svcadm enable -rs nova-api-osapi-compute nova-cert nova-scheduler |
Create .profile for nova
1 2 3 4 |
export OS_USERNAME=nova export OS_PASSWORD=password export OS_TENANT_NAME=service export OS_AUTH_URL=http://10.10.3.121:5000/v2.0/ |
Configuring Horizon
Create a certifcate
export DASHBOARD=/etc/openstack_dashboard
cd ${DASHBOARD}
openssl req -new -x509 -nodes
-out horizon.crt -keyout horizon.key
Generating a 1024 bit RSA private key
..++++++
.++++++
writing new private key to ‘horizon.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) []:US
State or Province Name (full name) []:New-York
Locality Name (eg, city) []:NY
Organization Name (eg, company) []:Devtech101
Organizational Unit Name (eg, section) []:IS
Common Name (e.g. server FQDN or YOUR name) []:os1.domain.com
Email Address []:admin@devtech101.com
chmod 0644 ${DASHBOARD}/*
chown webservd:webservd ${DASHBOARD}/*
Create Apache config file
1 2 3 4 5 6 |
sed -e "/SSLCertificateFile/s:/path.*:${DASHBOARD}/horizon.crt:" -e "/SSLCACertificateFile/d" -e "/SSLCertificateKeyFile/s:/path.*:${DASHBOARD}/horizon.key:" < /etc/apache2/2.4/samples-conf.d/openstack-dashboard-tls.conf > /etc/apache2/2.4/conf.d/openstack-dashboard-tls.conf |
Modify the file with you host/domian name /etc/apache2/2.4/conf.d/openstack-dashboard-tls.conf
1 2 |
RedirectPermanent /horizon https://controller-fqdn/horizon ServerName controller-fqdn |
In solaris 12, If Analytics is running on the node, redirect the Web BUI service and restart it
1 2 3 4 5 |
svccfg -s webui/server:default svc:/system/webui/server:default> setprop conf/redirect_from_https = false svc:/system/webui/server:default> refresh svc:/system/webui/server:default> ^D svcadm restart webui/server |
Enable the horizon service
1 |
svcadm enable apache24 |
Configure cinder
/etc/cinder/cinder.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 |
[DEFAULT] rabbit_host=10.10.2.216 rabbit_userid=admin rabbit_password=password my_ip=10.10.2.216 [database] connection=mysql://cinder:password@localhost/cinder [keystone_authtoken] auth_uri=http://10.10.2.216:5000/v2.0/ identity_uri=http://10.10.2.216:35357/ admin_user=cinder admin_password=password admin_tenant_name=service |
If iSCSI targets are configured, enable the corresponding SMF services
1 |
svcadm enable iscsi/target stmf |
Enable the Cinder SMF services
1 2 |
svcadm enable -rs cinder-db svcadm enable -rs cinder-api cinder-scheduler |
How to Configure the ZFS Storage Appliance iSCSI Cinder
Driver
ZFS ISCSI driver how to for juno build
Configure Neutron
/etc/neutron/neutron.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
[DEFAULT] core_plugin = ml2 service_plugins = router bind_host = 10.10.2.216 rabbit_host=10.10.2.216 rabbit_userid=admin rabbit_password=password host= oscntrl1 [agent] root_helper = [keystone_authtoken] auth_uri = http://10.10.2.216:5000/v2.0/ identity_uri = http://10.10.2.216:35357/ admin_tenant_name = service admin_user = neutron admin_password = password [database] connection = mysql://neutron:password@localhost/neutron [nova] auth_plugin = [oslo_concurrency] lock_path = $state_path/lock [oslo_messaging_rabbit] rabbit_host=10.10.2.216 rabbit_userid=admin rabbit_password=password |
/etc/neutron/l3_agent.ini
1 2 3 4 5 6 7 8 9 |
[DEFAULT] interface_driver = neutron.agent.solaris.interface.OVSInterfaceDriver external_network_bridgeSet if not using a pure flat network. ovs_integration_bridge = bridge admin_tenant_name = service admin_user = neutron admin_password = password auth_url = http://10.10.2.216:5000/v2.0/ auth_region = RegionOne |
/etc/neutron/plugins/ml2/ml2_conf.ini
1 2 3 4 5 6 7 8 9 10 11 |
[ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vlan mechanism_drivers = openvswitch [ml2_type_vlan] network_vlan_ranges = physnet1:2000:2000,extnet:1:1 [securitygroup] enable_security_group = False enable_ipset = False |
Enable neutron server
1 |
svcadm enable neutron-server |
/etc/neutron/dhcp_agent.ini
1 2 3 4 5 6 7 8 9 10 |
[DEFAULT] interface_driver = neutron.agent.solaris.interface.OVSInterfaceDriver dhcp_driver = neutron.agent.solaris.dhcp.Dnsmasq use_namespaces = False ovs_integration_bridge = br_int0 admin_user = neutron admin_password = password admin_tenant_name = service auth_url = http://10.10.2.216:5000/v2.0/ auth_region = RegionOne |
Enable DHCP agent
1 |
svcadm enable neutron-dhcp-agent |
Leave a Reply