Since OpenStack Queens has been released, we verify from installation to initial use.
Using PackStack, which can easily build OpenStack environment, build a practical OpenStack verification environment with a little customization.
OpenStack version: Queens (Version: 13.0.0)
* Since it is a verification environment, issues remain in security, availability, extensibility, multi tenant etc.
PackStack installation environment problem
I tried Installing OpenStack with PackStack and felt the following issues as a problem.
- Cinder's default capacity is only 20 GB
- The default capacity of Swift is only 2 GB
All of them are storage problems, as soon as the number of instances and objects increases, the capacity becomes insufficient and it becomes useless.
- Testing environment
- CentOS7 setup
- OpenStack installation
- OpenStack installation
- Initial setup of OpenStack
- Start up the CirrOS instance
- Allow SSH login by key pair
- Conclusion - Build practical standalone OpenStack verification environment with PackStack
Testing environment
Physical Server
The server you are using is selected here Dell PowerEdge T110 Ⅱ
en-designetwork.hatenablog.com
CPU: Intel Xeon E3-1220v2 (not support Hyper Threading)
RAM: 24 GB
DISK: 3 TB
Virtual Server
Hyper visor: ESXi 6.5 standalone
Guest OS: CentOS 7 (1708) Minimal
CPU: 4 v CPU (hardware virtualization ON)
RAM: 16 GB
DISK: 32 GB (OS), 128 GB (Cinder), 128 GB (Swift)
DISK mounts multiple for OS, Cinder, Swift respectively.
CentOS7 setup
Detailed omitted. Partitions etc are OK automatically.
Create Storage Space
Set DISK for storage used by OpenStack.
Usage is as follows
/dev/sdb: Cinder
/dev/sdc: Swift
Create a DISK partition.
[root@openstack1 ~]# fdisk /dev/sdb
Command (m for help): n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p
Partition number (1-4, default 1): 1
First sector (2048-268435455, default 2048): 2048
Last sector, +sectors or +size{K,M,G} (2048-268435455, default 268435455): 268435455
Partition 1 of type Linux and of size 128 GiB is set
Command (m for help): t
Hex code (type L to list all codes): 8e
Command (m for help): p
Device Boot Start End Blocks Id System
/dev/sdb1 2048 268435455 134216704 8e Linux LVM
Command (m for help): w
The partition table has been altered!
[root@openstack1 ~]# fdisk /dev/sdc
Command (m for help): n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p
Partition number (1-4, default 1):
First sector (2048-268435455, default 2048): 2048
Last sector, +sectors or +size{K,M,G} (2048-268435455, default 268435455): 268435455
Partition 1 of type Linux and of size 128 GiB is set
Command (m for help): t
Hex code (type L to list all codes): 8e
Command (m for help): p
Device Boot Start End Blocks Id System
/dev/sdc1 2048 268435455 134216704 8e Linux LVM
Command (m for help): w
The partition table has been altered!
[root@openstack1 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 32G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 31G 0 part
├─centos-root 253:0 0 27.8G 0 lvm /
└─centos-swap 253:1 0 3.2G 0 lvm [SWAP]
sdb 8:16 0 128G 0 disk
└─sdb1 8:17 0 128G 0 part
sdc 8:32 0 128G 0 disk
└─sdc1 8:33 0 128G 0 part
sr0 11:0 1 1024M 0 rom
Create PV, VG, LV, FileSystem.
[root@openstack1 ~]# pvcreate /dev/sdb1
Physical volume "/dev/sdb1" successfully created.
[root@openstack1 ~]# pvcreate /dev/sdc1
Physical volume "/dev/sdc1" successfully created.
[root@openstack1 ~]# vgcreate cinder-volumes /dev/sdb1
Volume group "cinder-volumes" successfully created
[root@openstack1 ~]# vgcreate swift-volumes /dev/sdc1
Volume group "swift-volumes" successfully created
[root@openstack1 ~]# lvcreate -n swift-lvs -l 100%FREE swift-volumes
Logical volume "swift-lvs" created.
[root@openstack1 ~]# vgs
VG #PV #LV #SN Attr VSize VFree
centos 1 2 0 wz--n- <31.00g 4.00m
cinder-volumes 1 0 0 wz--n- <128.00g <128.00g
swift-volumes 1 1 0 wz--n- <128.00g <128.00g
[root@openstack1 ~]# lvs
LV VG Attr LSize Pool
root centos -wi-ao---- 27.79g
swap centos -wi-a----- <3.20g
swift-lvs swift-volumes -wi-ao---- <128.00g
[root@openstack1 ~]# mkfs.ext4 /dev/swift-volumes/swift-lvs
mke2fs 1.42.9 (28-Dec-2013)
Discarding device blocks: done
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
8388608 inodes, 33553408 blocks
1677670 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2181038080
1024 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872
Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
[root@openstack1 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 32G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 31G 0 part
├─centos-root 253:0 0 27.8G 0 lvm /
└─centos-swap 253:1 0 3.2G 0 lvm [SWAP]
sdb 8:16 0 128G 0 disk
└─sdb1 8:17 0 128G 0 part
sdc 8:32 0 128G 0 disk
└─sdc1 8:33 0 128G 0 part
└─swift--volumes-swift--lvs 253:2 0 128G 0 lvm
sr0 11:0 1 1024M 0 rom
[root@openstack1 ~]# df -hT
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/centos-root xfs 28G 1.2G 27G 5% /
devtmpfs devtmpfs 7.8G 0 7.8G 0% /dev
tmpfs tmpfs 7.8G 0 7.8G 0% /dev/shm
tmpfs tmpfs 7.8G 8.6M 7.8G 1% /run
tmpfs tmpfs 7.8G 0 7.8G 0% /sys/fs/cgroup
/dev/sda1 xfs 1014M 171M 844M 17% /boot
tmpfs tmpfs 1.6G 0 1.6G 0% /run/user/0
(append) DISK recognition bug
Local Disk Usage seen with Horizon etc. is 27GB of centos-root in this configuration and can not use the full capacity of cinder-volume...
As a provisional countermeasure, if you create a large root and show the capacity big, you can avoid it. (This action is required separately)
NIC information confirmation
Since it is necessary for OpenStack installation, acquire NIC information. In this case, information of ens192 is required.
[root@openstack1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:0c:29:39:e7:cf brd ff:ff:ff:ff:ff:ff
inet 192.168.1.201/24 brd 192.168.1.255 scope global ens192
valid_lft forever preferred_lft forever
inet6 fe80::a952:db6b:fd90:a906/64 scope link
valid_lft forever preferred_lft forever
OpenStack installation
Install OpenStack using PackStack. Basically refer to here for installation method.
https://www.rdoproject.org/install/packstack/
Language setting
LANG=en_US.utf-8 LC_ALL=en_US.utf-8
CentOS Updates packages
# yum update -y
Network Settings
# systemctl disable firewalld # systemctl stop firewalld # systemctl disable NetworkManager # systemctl stop NetworkManager # systemctl enable network # systemctl start network
# setenforce 0 # vi /etc/selinux/config SELINUX=permissive
PackStack installation - answer-file generation
# yum install -y python-setuptools # yum install -y centos-release-openstack-queens # yum update -y # yum install -y openstack-packstack # packstack --gen-answer-file=answers.cfg
Error occurred without python-setuptools
On March 8, 2018 the following error occurred.
# packstack --gen-answer-file=answers.cfg
ERROR:root:Failed to load plugin from file ssl_001.py
ERROR:root:Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/packstack/installer/run_setup.py", line 923, in loadPlugins
moduleobj = __import__(moduleToLoad)
File "/usr/lib/python2.7/site-packages/packstack/plugins/ssl_001.py", line 20, in <module>
from OpenSSL import crypto
File "/usr/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import rand, crypto, SSL
File "/usr/lib/python2.7/site-packages/OpenSSL/crypto.py", line 13, in <module>
from cryptography.hazmat.primitives.asymmetric import dsa, rsa
File "/usr/lib64/python2.7/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py", line 14, in <module>
from cryptography.hazmat.backends.interfaces import RSABackend
File "/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/__init__.py", line 7, in <module>
import pkg_resources
ImportError: No module named pkg_resources
ERROR:root:Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/packstack/installer/run_setup.py", line 988, in main
loadPlugins()
File "/usr/lib/python2.7/site-packages/packstack/installer/run_setup.py", line 931, in loadPlugins
raise Exception("Failed to load plugin from file %s" % item)
Exception: Failed to load plugin from file ssl_001.py
ERROR : Failed to load plugin from file ssl_001.py
As you can see.
1526064 – python-cryptography should depend on python-setuptools
# yum install -y python-setuptools
Then fix the issue.
Edit answer-file
Edit the generated answer-file as follows.
# diff ./answers.cfg_default ./answers.cfg < CONFIG_CINDER_VOLUMES_SIZE=20G --- > CONFIG_CINDER_VOLUMES_SIZE=120G < CONFIG_NEUTRON_OVS_BRIDGE_IFACES= --- > CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-ex:ens192 < CONFIG_SWIFT_STORAGES= --- > CONFIG_SWIFT_STORAGES=/dev/swift-volumes/swift-lvs < CONFIG_SWIFT_STORAGE_SIZE=2G --- > CONFIG_SWIFT_STORAGE_SIZE=120G < CONFIG_PROVISION_DEMO=y --- > CONFIG_PROVISION_DEMO=n
CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-ex:<checked interface by ip a>
CONFIG_SWIFT_STORAGES=<Created LV>
As for cinder, if you set the VG name as cinder-volumes, it is unnecessary to set the individual here.
Although it is a little old information, the following RedHat information is helpful for editing content.
RedHat - APPENDIX A. ANSWER FILE CONFIGURATION KEYS
OpenStack installation
Install OpenStack with answer file. Various installations run with puppet. It took about 30 minutes in my environment.
# packstack --answer-file=./answers.cfg
It is recommended to run from the console as session disconnection may occur. Restart after completing.
# reboot
Initial setup of OpenStack
Accessing http://<IP or FQDN> OpenStack dashboard will be displayed.
The credential (authentication information) is generated in the server root.
# cat ~/keystonerc_admin
unset OS_SERVICE_TOKEN
export OS_USERNAME=admin
export OS_PASSWORD='PASSWORD'
export OS_AUTH_URL=http://192.168.1.201:5000/v3
export PS1='[\u@\h \W(keystone_admin)]\$ '
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
Generate key pair
Access to the VM deployed on OpenStack requires SSH secret key. Generate a key pair and save it locally.
Creating network
In this case, bridge the host CentOS and connect directly to the external network. The setting is as follows. (Setting Prompt omitted)
First, create a network.
External network: true,network type: flat, physical network: extnet.
Create a subnet in it. Also enable DHCP.
Add ICMP & SSH to security group
Add ALL ICMP and SSH to security group default at 0.0.0.0/0 .
Download and register images
Download OS image. I will use CirrOS for the OpenStack minimal test.
イメージの入手 — Virtual Machine Image Guide ドキュメント
You can download it directly from here. (v0.4.0)
http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
Register the downloaded image from Project > Compute > Images.
Start up the CirrOS instance
Launch an instance of the registered CirrOS image.
Images > cirros > Launch
It is possible to start with the flavor of m1.tiny. The network, the security group, and the key pair are specified in the above.
Check the log of the created instance. It is OK if it is output like the following.
=== system information === Platform: RDO OpenStack Compute Container: none Arch: x86_64 CPU(s): 1 @ 3092.836 MHz Cores/Sockets/Threads: 1/1/1 Virt-type: AMD-V RAM Size: 488MB Disks: NAME MAJ:MIN SIZE LABEL MOUNTPOINT vda 253:0 1073741824 vda1 253:1 1064287744 cirros-rootfs / vda15 253:15 8388608 === sshd host keys === -----BEGIN SSH HOST KEY KEYS----- ssh-rsa AAAAB3...Tb root@cirros ssh-dss AAAAB3...== root@cirros -----END SSH HOST KEY KEYS----- === network info === if-info: lo,up,127.0.0.1,8,, if-info: eth0,up,192.168.1.217,24,fe80::f816:3eff:fe5d:26c4/64, ip-route:default via 192.168.1.5 dev eth0 ip-route:192.168.1.0/24 dev eth0 src 192.168.1.217 ip-route6:fe80::/64 dev eth0 metric 256 ip-route6:unreachable default dev lo metric -1 error -101 ip-route6:ff00::/8 dev eth0 metric 256 ip-route6:unreachable default dev lo metric -1 error -101 === datasource: None None === === cirros: current=0.4.0 uptime=260.09 === ____ ____ ____ / __/ __ ____ ____ / __ \/ __/ / /__ / // __// __// /_/ /\ \ \___//_//_/ /_/ \____/___/ http://cirros-cloud.net login as 'cirros' user. default password: 'gocubsgo'. use 'sudo' for root. cirros login:
SSH access to CirrOS
SSH access to the IP address displayed in the instance information (in the above log). Password is diplayed in the log.
$ ssh cirros@192.168.1.217 cirros@192.168.1.217's password: gocubsgo $ pwd /home/cirros $ uname -a Linux cirros 4.4.0-28-generic #47-Ubuntu SMP Fri Jun 24 10:09:13 UTC 2016 x86_64 GNU/Linux
You can SSH access to CirrOS and login.
Allow SSH login by key pair
You can not log in with the SSH key pair you registered as above. (I could not do it in my environment)
Login with SSH public key is enabled with additional setting.
Create internal network & router
Make the state of cirros-03 in the figure below. (SSH key pair is not registered in cirros-01, 02)
The setting outline is as follows.
Create an internal network. I decided it to bosh-internal because I wanted to build a BOSH verification environment, but anything is fine.
Also create a subnet. Allocate a shared address (100.64.x.x) for internal use.
Create routers and connect to each network.
Create Floating IP.
In this environment, you specify the internal network, start the instance, assign the IP address with Associate Floating IP.
SSH connection with using SSH secret key
It successfully registered with the instance with the key pair, and it becomes possible to use SSH login without password with the secret key.
# ssh -i <key> cirros@192.168.1.212
The authenticity of host '192.168.1.212 (192.168.1.212)' can't be established.
ECDSA key fingerprint is SHA256:xxx.
ECDSA key fingerprint is MD5:xxx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.212' (ECDSA) to the list of known hosts.
$ uname -a
Linux cirros-03 4.4.0-28-generic #47-Ubuntu SMP Fri Jun 24 10:09:13 UTC 2016 x86_64 GNU/Linux
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast qlen 1000
link/ether fa:16:3e:cb:11:e0 brd ff:ff:ff:ff:ff:ff
inet 100.64.0.19/24 brd 100.64.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fecb:11e0/64 scope link
valid_lft forever preferred_lft forever
Conclusion - Build practical standalone OpenStack verification environment with PackStack
I built a practical OpenStack standalone verification environment with PackStack that can easily construct OpenStack environment.
- Cinder's default capacity is only 20 GB
- The default capacity of Swift is only 2 GB
We solved the problem related to storage such as that we were able to construct an environment that can be used for verification.
