1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
|
#!/bin/bash
export my_controller=10.0.0.10
export my_network=10.10.10.9
export my_compute=10.10.10.11
export my_kvmhost=10.0.0.1
apt-get install -y ubuntu-cloud-keyring
echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main" >> /etc/apt/sources.list.d/cloud-archive.list
apt-get update
echo "net.ipv4.conf.all.rp_filter = 0" >> /etc/sysctl.conf
echo "net.ipv4.conf.default.rp_filter = 0" >> /etc/sysctl.conf
sysctl -p
service networking restart
cat <<MYSQL_PRESEED | sudo debconf-set-selections
mysql-server-5.5 mysql-server/root_password password ubuntu
mysql-server-5.5 mysql-server/root_password_again password ubuntu
mysql-server-5.5 mysql-server/start_on_boot boolean true
MYSQL_PRESEED
apt-get -y install ntp python-mysqldb mysql-server
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
service mysql restart
mysql -uroot -pubuntu <<EOF
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'password';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
IDENTIFIED BY 'password';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'password';
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'password';
CREATE DATABASE quantum;
GRANT ALL PRIVILEGES ON quantum.* TO 'quantum'@'localhost' \
IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON quantum.* TO 'quantum'@'10.10.10.9' \
IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON quantum.* TO 'quantum'@'10.10.10.11' \
IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
EOF
apt-get install -y rabbitmq-server
rabbitmqctl change_password guest password
apt-get install -y keystone python-keystone python-keystoneclient
sed -i 's/^.*admin_token = ADMIN/admin_token = password/' /etc/keystone/keystone.conf
sed -i 's/^.*debug = False/debug = True/' /etc/keystone/keystone.conf
sed -i 's/^.*verbose = False/verbose = True/' /etc/keystone/keystone.conf
sed -i 's/connection = sqlite.*/connection = mysql:\/\/keystone:password\@localhost\/keystone/' /etc/keystone/keystone.conf
service keystone restart
keystone-manage db_sync
cat << EOF > ~/openrc
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_AUTH_URL="http://localhost:5000/v2.0/"
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
export SERVICE_TOKEN=password
EOF
source ~/openrc
echo "source ~/openrc" >> ~/.bashrc
# Modify these variables as needed
ADMIN_PASSWORD=${ADMIN_PASSWORD:-password}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
DEMO_PASSWORD=${DEMO_PASSWORD:-$ADMIN_PASSWORD}
export OS_SERVICE_TOKEN="password"
export OS_SERVICE_ENDPOINT="http://localhost:35357/v2.0"
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
#
MYSQL_USER=keystone
MYSQL_DATABASE=keystone
MYSQL_HOST=localhost
MYSQL_PASSWORD=password
#
KEYSTONE_REGION=RegionOne
KEYSTONE_HOST=$my_controller
# Shortcut function to get a newly generated ID
function get_field() {
while read data; do
if [ "$1" -lt 0 ]; then
field="(\$(NF$1))"
else
field="\$$(($1 + 1))"
fi
echo "$data" | awk -F'[ \t]*\\|[ \t]*' "{print $field}"
done
}
# Tenants
ADMIN_TENANT=$(keystone tenant-create --name=admin | grep " id " | get_field 2)
DEMO_TENANT=$(keystone tenant-create --name=demo | grep " id " | get_field 2)
SERVICE_TENANT=$(keystone tenant-create --name=$SERVICE_TENANT_NAME | grep " id " | get_field 2)
# Users
ADMIN_USER=$(keystone user-create --name=admin --pass="$ADMIN_PASSWORD" --email=admin@domain.com | grep " id " | get_field 2)
DEMO_USER=$(keystone user-create --name=demo --pass="$DEMO_PASSWORD" --email=demo@domain.com --tenant-id=$DEMO_TENANT | grep " id " | get_field 2)
NOVA_USER=$(keystone user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=nova@domain.com | grep " id " | get_field 2)
GLANCE_USER=$(keystone user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=glance@domain.com | grep " id " | get_field 2)
QUANTUM_USER=$(keystone user-create --name=quantum --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=quantum@domain.com | grep " id " | get_field 2)
CINDER_USER=$(keystone user-create --name=cinder --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=cinder@domain.com | grep " id " | get_field 2)
# Roles
ADMIN_ROLE=$(keystone role-create --name=admin | grep " id " | get_field 2)
MEMBER_ROLE=$(keystone role-create --name=Member | grep " id " | get_field 2)
# Add Roles to Users in Tenants
keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $QUANTUM_USER --role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $DEMO_TENANT --user-id $DEMO_USER --role-id $MEMBER_ROLE
# Create services
COMPUTE_SERVICE=$(keystone service-create --name nova --type compute --description 'OpenStack Compute Service' | grep " id " | get_field 2)
VOLUME_SERVICE=$(keystone service-create --name cinder --type volume --description 'OpenStack Volume Service' | grep " id " | get_field 2)
IMAGE_SERVICE=$(keystone service-create --name glance --type image --description 'OpenStack Image Service' | grep " id " | get_field 2)
IDENTITY_SERVICE=$(keystone service-create --name keystone --type identity --description 'OpenStack Identity' | grep " id " | get_field 2)
EC2_SERVICE=$(keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service' | grep " id " | get_field 2)
NETWORK_SERVICE=$(keystone service-create --name quantum --type network --description 'OpenStack Networking service' | grep " id " | get_field 2)
# Create endpoints
keystone endpoint-create --region $KEYSTONE_REGION --service-id $COMPUTE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s'
keystone endpoint-create --region $KEYSTONE_REGION --service-id $VOLUME_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s'
keystone endpoint-create --region $KEYSTONE_REGION --service-id $IMAGE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':9292/v2' --adminurl 'http://'"$KEYSTONE_HOST"':9292/v2' --internalurl 'http://'"$KEYSTONE_HOST"':9292/v2'
keystone endpoint-create --region $KEYSTONE_REGION --service-id $IDENTITY_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':5000/v2.0' --adminurl 'http://'"$KEYSTONE_HOST"':35357/v2.0' --internalurl 'http://'"$KEYSTONE_HOST"':5000/v2.0'
keystone endpoint-create --region $KEYSTONE_REGION --service-id $EC2_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8773/services/Cloud' --adminurl 'http://'"$KEYSTONE_HOST"':8773/services/Admin' --internalurl 'http://'"$KEYSTONE_HOST"':8773/services/Cloud'
keystone endpoint-create --region $KEYSTONE_REGION --service-id $NETWORK_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':9696/' --adminurl 'http://'"$KEYSTONE_HOST"':9696/' --internalurl 'http://'"$KEYSTONE_HOST"':9696/'
apt-get install -y glance glance-api glance-registry python-glanceclient glance-common
for I in glance-api.conf glance-registry.conf;do
sed -i 's/connection = sqlite.*/connection = mysql:\/\/glance:password\@localhost\/glance/' /etc/glance/$I
sed -i 's/%SERVICE_TENANT_NAME%/service/' /etc/glance/$I
sed -i 's/%SERVICE_USER%/glance/' /etc/glance/$I
sed -i 's/%SERVICE_PASSWORD%/password/' /etc/glance/$I
done
service glance-api restart && service glance-registry restart
glance-manage db_sync
echo "Copying cloud image from the web, this will take a while..."
wget http://${my_kvmhost}/ubuntu-12.04-server-cloudimg-amd64-disk1.img
glance image-create --is-public true --disk-format qcow2 --container-format bare --name "Ubuntu" < ubuntu-12.04-server-cloudimg-amd64-disk1.img
apt-get install -y nova-api nova-cert nova-common nova-scheduler python-nova python-novaclient nova-consoleauth novnc nova-novncproxy nova-conductor
sed -i 's/%SERVICE_TENANT_NAME%/service/' /etc/nova/api-paste.ini
sed -i 's/%SERVICE_USER%/nova/' /etc/nova/api-paste.ini
sed -i 's/%SERVICE_PASSWORD%/password/' /etc/nova/api-paste.ini
cat << EOF >> /etc/nova/nova.conf
[DEFAULT]
sql_connection=mysql://nova:password@localhost/nova
rabbit_password=password
auth_strategy=keystone
# Networking
network_api_class=nova.network.quantumv2.api.API
quantum_url=http://${my_controller}:9696
quantum_auth_strategy=keystone
quantum_admin_tenant_name=service
quantum_admin_username=quantum
quantum_admin_password=password
quantum_admin_auth_url=http://${my_controller}:35357/v2.0
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
# Security Groups
firewall_driver=nova.virt.firewall.NoopFirewallDriver
security_group_api=quantum
# Metadata
quantum_metadata_proxy_shared_secret=password
service_quantum_metadata_proxy=true
metadata_listen = 10.10.10.10
metadata_listen_port = 8775
# Cinder
volume_api_class=nova.volume.cinder.API
# Glance
glance_api_servers=${my_controller}:9292
image_service=nova.image.glance.GlanceImageService
# novnc
novnc_enable=true
novncproxy_port=6080
novncproxy_host=10.0.0.10
vncserver_listen=0.0.0.0
EOF
nova-manage db sync
service nova-api restart
service nova-cert restart
service nova-consoleauth restart
service nova-scheduler restart
service nova-novncproxy restart
apt-get install -y cinder-api cinder-scheduler cinder-volume iscsitarget open-iscsi iscsitarget-dkms python-cinderclient linux-headers-`uname -r`
sed -i 's/false/true/g' /etc/default/iscsitarget
service iscsitarget start
service open-iscsi start
cat << EOF >> /etc/cinder/cinder.conf
sql_connection = mysql://cinder:password@localhost/cinder
rabbit_password = password
EOF
sed -i 's/%SERVICE_TENANT_NAME%/service/' /etc/cinder/api-paste.ini
sed -i 's/%SERVICE_USER%/cinder/' /etc/cinder/api-paste.ini
sed -i 's/%SERVICE_PASSWORD%/password/' /etc/cinder/api-paste.ini
pvcreate /dev/sda
vgcreate cinder-volumes /dev/sda
cinder-manage db sync
service cinder-api restart
service cinder-scheduler restart
service cinder-volume restart
apt-get install -y quantum-server
sed -i 's/^.*rabbit_password = guest/rabbit_password = password/' /etc/quantum/quantum.conf
cat << EOF >> /etc/quantum/quantum.conf
[keystone_authtoken]
admin_tenant_name = service
admin_user = quantum
admin_password = password
EOF
sed -i 's/connection = sqlite.*/connection = mysql:\/\/quantum:password\@localhost\/quantum/' /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini
sed -i 's/^.*Example: tenant_network_type = gre*/tenant_network_type = gre/' /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini
sed -i 's/^.*Example: tunnel_id_ranges = 1:1000*/tunnel_id_ranges = 1:1000/' /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini
sed -i 's/^.*Default: enable_tunneling = False*/enable_tunneling = True/' /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini
sed -i 's/^.*Default: local_ip =*/local_ip = 10.10.10.10/' /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini
sed -i 's/^.*firewall_driver =.*/firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver/' /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini
ln -s /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini /etc/quantum/plugin.ini
service quantum-server restart
apt-get install -y openstack-dashboard memcached python-memcache
|