OpenStack: Difference between revisions

From Network Security Wiki
Content added Content deleted
Line 159: Line 159:
> nova service-list
> nova service-list

<pre style="width: 1400px; overflow-x: scroll;">
<pre style="width: 1500px; overflow-x: scroll;">
+--------------------------------------+------------------+------------------+----------+---------+-------+----------------------------+-------------- ---+-------------+
+--------------------------------------+------------------+------------------+----------+---------+-------+----------------------------+-------------- ---+-------------+
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled

Revision as of 19:31, 20 September 2018


  • Services:
Nova      =>   Compute         =>   EC2
Neutron   =>   Network         =>   VPC
Swift     =>   Storage         =>   S3
Glance    =>   Image Services  => 
RabbitMQ  =>   Message Queue




            Mgmt    PG-747
          ens160    ens192    No IP address, Promiscuous mode

Initial Steps


100 GB HDD
2 Virtual NICs

Interface Config(ens192):

  • Do not change the HWADDR and UUID keys
  • Do not assign IP address
  • If the OS VM is deployed on top of a vCenter cloud, change the value of Promiscous Mode, MAC address Changes and Forged Transmists to Accept on the PG used for the Provider Network Mapping interface of the VM
nano /etc/sysconfig/network-scripts/ifcfg-ens192

Remove unneeded services:

systemctl stop postfix firewalld NetworkManager
systemctl disable postfix firewalld NetworkManager
systemctl mask NetworkManager
yum remove postfix NetworkManager NetworkManager-libnm

Completely disable Selinux policy

setenforce 0
vi /etc/selinux/config

Set hostname

hostnamectl set-hostname cloud.centos.lan

Install NTP

yum install ntpdate

Install MariaDB:

yum install mariadb-server
systemctl start mariadb.service

Do not set the password for root user, else set it to blank again:

mysqladmin -u root -p<present-password> password

Preparing OpenStack Queens Installation

OpenStack will be deployed with the help of PackStack package provided by rdo repository (RPM Distribution of OpenStack):

yum install 

Setup the OpenStack repository:

yum install -y centos-release-openstack-queens
yum update -y

Packstack facilitates the deployment on multiple nodes for different components of OpenStack via SSH connections and Puppet modules:

yum install  openstack-packstack

Generate an answer file to deploy a standalone installation of Openstack (single node):

packstack --gen-answer-file='date +"%d.%m.%y"'.conf

Edit the generated answer configuration file with a text editor:

vi 03.09.18.conf
CONFIG_KEYSTONE_ADMIN_PW=your_password          # For Admin user
CONFIG_HEAT_INSTALL=y                           # Install OpenStack Orchestration (HEAT)
CONFIG_HORIZON_SSL=y                            # Access OpenStack dashboard via HTTP with SSL enabled
CONFIG_MARIADB_PW=mypassword1234                # The root password for MySQL server
CONFIG_NAGIOS_INSTALL=n                         # Disable Nagios

Enable Root SSH login by uncomment below line:

vi /etc/ssh/sshd_config
PermitRootLogin yes
systemctl restart sshd

Start Installation using Packstack Answer File

Using above Answer file:

packstack --answer-file 13.04.16.conf

Default setup without Answer file:

packstack --allinone

Credentials can be found (if you haven’t set it in the answers.txt file) in below file:

cat keystonerc_admin


source keystonerc_admin 
openstack user list
openstack project list 
openstack service list
openstack catalog list
neutron router-port-list adminrouter
neutron router-port-list --column id --column status --column fixed_ips adminrouter
neutron port-show 43c9ff00-07ce-4069-a734-4e6d5e795e6a


RabbitMQ Troubleshooting

Check if RabbitMQ is running or not:

rabbitmqctl status
rabbitmqctl environment

Check if any crash file exists here:

cd /var/lib/rabbitmq/

Restart the RabbitMQ service on the first controller node:

service rabbitmq-server stop
service rabbitmq-server start

If the service refuses to stop, then run the pkill command to stop the service, then restart the service:

pkill -KILL -u rabbitmq
service rabbitmq-server start

Verify RabbitMQ processes are running:

ps -ef | grep rabbitmq
rabbitmqctl list_queues
rabbitmqctl list_queues 2>&1 | grep -i error

If there are errors, run the cluster_status command to make sure there are no partitions:

rabbitmqctl cluster_status

Instance not creating

Check Nova API logs:

cat /var/log/nova/nova-api.log
cat /var/log/nova/nova-conductor.log

Check Nova Services

> nova service-list
 +--------------------------------------+------------------+------------------+----------+---------+-------+----------------------------+-------------- ---+-------------+
 | Id                                   | Binary           | Host             | Zone     | Status  | State | Updated_at                 | Disabled 
 Reason | Forced down |
 +--------------------------------------+------------------+------------------+----------+---------+-------+----------------------------+-------------- ---+-------------+
 | 4cd953d4-3f77-4c63-9c91-ec61023cd8de | nova-conductor   | cloud.centos.lan | internal | enabled | up    | 2018-09-20T13:57:43.000000 | -               
 | False       |
 | dd640ca4-cc3e-4aac-af2f-47f9a79aa7fc | nova-scheduler   | cloud.centos.lan | internal | enabled | up    | 2018-09-20T13:57:42.000000 | -               
 | False       |
 | ec1b8ae1-ac8d-42c4-b78d-b08337e7c190 | nova-consoleauth | cloud.centos.lan | internal | enabled | up    | 2018-09-20T13:57:44.000000 | -               
 | False       |
 | cecd523e-eaa0-44cc-a43a-c8986be62d5c | nova-compute     | cloud.centos.lan | nova     | enabled | up    | 2018-09-20T13:57:37.000000 | -               
 | False       |
 +--------------------------------------+------------------+------------------+----------+---------+-------+----------------------------+-------------- ---+-------------+

Check Service

nova list

Nova Show Instance

nova show 20193e58-2c5b-44c6-a98f-a44e2001934f

Compute Service List

> openstack compute service list
| ID | Binary           | Host             | Zone     | Status  | State | Updated At                 |
|  3 | nova-conductor   | cloud.centos.lan | internal | enabled | up    | 2018-09-20T13:55:03.000000 |
|  4 | nova-scheduler   | cloud.centos.lan | internal | enabled | up    | 2018-09-20T13:55:02.000000 |
|  5 | nova-consoleauth | cloud.centos.lan | internal | enabled | up    | 2018-09-20T13:55:04.000000 |
|  6 | nova-compute     | cloud.centos.lan | nova     | enabled | up    | 2018-09-20T13:55:07.000000 |

Aodh Exception

Check Aodh Logs:

cat /var/log/aodh/evaluator.log

If you see "Table 'aodh.alarm' doesn't exist" error try to initialize aodh database:



{{#widget:DISQUS |id=networkm |uniqid=OpenStack |url= }}