Talk:Getting started with OpenStack Nova

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(Add info about nova volume service)
(Empty it, moved all the data to https://fedoraproject.org/wiki/Getting_started_with_OpenStack_on_Fedora_17)
Line 1: Line 1:
Updates for Fedora 17 / OpenStack >= Essex-4
 
  
== Configuring keystone for authentication ==
 
 
Keystone is the openstack identity service, providing a central place to
 
set up openstack users, groups, and accounts that can be shared across all
 
other services. This deprecates the old style user accounts manually set
 
up with nova-manage.
 
 
Setting up keystone is required for using the Openstack dashboard.
 
 
=== Initial setup ===
 
 
* install Keystone
 
$> sudo yum install --enablerepo=updates-testing openstack-keystone python-keystoneclient
 
 
Should get installed:
 
python-keystoneclient >= 2012.1-0.5.e4
 
openstack-keystone >= 2012.1-0.9.e4
 
 
* configure Keystone database
 
$> sudo openstack-keystone-db-setup
 
Please enter the password for the 'root' MySQL user:
 
Verified connectivity to MySQL.
 
Creating 'keystone' database.
 
Asking openstack-keystone to sync the databse.
 
Complete!
 
 
* change default administrative token in keystone.conf
 
$> ADMIN_TOKEN=$(openssl rand -hex 10)
 
$> sudo openstack-config-set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
 
 
* start and enable Keystone service
 
$> sudo systemctl start openstack-keystone.service
 
$> sudo systemctl enable openstack-keystone.service
 
 
* create sample Tenants, Users and Roles
 
$> sudo ADMIN_PASSWORD=verybadpass openstack-keystone-sample-data
 
 
* test Keystone CLI is working
 
export OS_USERNAME=admin
 
export OS_PASSWORD=verybadpass
 
export OS_TENANT_NAME=admin
 
export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/
 
keystone user-list
 
+----------------------------------+---------+-------------------+-------+
 
|                id                | enabled |      email      |  name |
 
+----------------------------------+---------+-------------------+-------+
 
| 05742d10109540d2892d17ec312a6cd9 | True    | admin@example.com | admin |
 
| 25fe47659d6a4255a663e6add1979d6c | True    | admin@example.com | demo  |
 
+----------------------------------+---------+-------------------+-------+
 
 
* add the nova-volume service, which is used by horizon
 
 
$> keystone service-create --name="nova-volume" --type=volume --description="Nova Volume Service"
 
$> cat << EOF | sudo tee -a /etc/keystone/default_catalog.templates                                                     
 
catalog.RegionOne.volume.publicURL = http://localhost:8776/v1/$(tenant_id)s
 
catalog.RegionOne.volume.adminURL = http://localhost:8776/v1/$(tenant_id)s
 
catalog.RegionOne.volume.internalURL = http://localhost:8776/v1/$(tenant_id)s
 
catalog.RegionOne.volume.name = 'Volume Service'
 
EOF
 
$> sudo systemctl restart openstack-keystone
 
 
=== Configure nova to use keystone ===
 
 
* Change nova configuration to use keystone:
 
$> sudo sed -i -e 's/# \(pipeline = .*\keystonecontext\)/\1/g' /etc/nova/api-paste.ini
 
$> sudo openstack-config-set /etc/nova/api-paste.ini filter:authtoken admin_token $ADMIN_TOKEN
 
$> sudo systemctl restart openstack-nova-api.service
 
 
* Verify that nova can talk with keystone (required variable exports from keystone section)
 
 
$> nova --version 1.1 flavor-list
 
+----+-----------+-----------+------+----------+-------+-------------+
 
| ID |    Name  | Memory_MB | Swap | Local_GB | VCPUs | RXTX_Factor |
 
+----+-----------+-----------+------+----------+-------+-------------+
 
| 1  | m1.tiny  | 512      |      | 0        | 1    | 1.0        |
 
| 2  | m1.small  | 2048      |      | 10      | 1    | 1.0        |
 
| 3  | m1.medium | 4096      |      | 10      | 2    | 1.0        |
 
| 4  | m1.large  | 8192      |      | 10      | 4    | 1.0        |
 
| 5  | m1.xlarge | 16384    |      | 10      | 8    | 1.0        |
 
+----+-----------+-----------+------+----------+-------+-------------+
 
 
 
=== Configure glance to use keystone ===
 
 
* Tell keystone about the glance service
 
$> cat << EOF | sudo tee -a /etc/keystone/default_catalog.templates                                                     
 
catalog.RegionOne.image.publicURL = http://localhost:9292/v1
 
catalog.RegionOne.image.adminURL = http://localhost:9292/v1
 
catalog.RegionOne.image.internalURL = http://localhost:9292/v1
 
catalog.RegionOne.image.name = 'Image Service'
 
EOF
 
$> sudo systemctl restart openstack-keystone
 
 
* Change glance configuration to use keystone:
 
$> echo -e "\nw[paste_deploy]\nflavor = keystone" | sudo tee -a /etc/glance/glance-api.conf
 
$> echo -e "\nw[paste_deploy]\nflavor = keystone" | sudo tee -a /etc/glance/glance-registry.conf
 
$> sudo openstack-config-set /etc/glance/glance-api-paste.ini filter:authtoken admin_token $ADMIN_TOKEN
 
$> sudo openstack-config-set /etc/glance/glance-registry-paste.ini filter:authtoken admin_token $ADMIN_TOKEN
 
$> sudo systemctl restart openstack-glance-api.service
 
$> sudo systemctl restart openstack-registry-api.service
 
 
* Verify that glance can talk with keystone (required variable exports from keystone section)
 
 
$> glance index
 
 
 
== Configuring the OpenStack Dashboard ==
 
 
The OpenStack dashboard is the official web user interface for OpenStack. It should mostly work out of the box, as long as keystone has been configured properly.
 
 
* Install the dashboard
 
$> sudo yum install openstack-dashboard
 
 
* Make sure httpd is running
 
$> sudo systemctl restart httpd
 
$> sudo systemctl enable httpd
 
 
The dashboard should then be accessed with a web browser at http://localhost . Account and password should be
 
what you configured for the keystone setup.
 

Revision as of 01:38, 5 March 2012