Having recently finished building my new home lab I wanted to put the second server to good use by installing OpenStack (the first is running VMware ESXi 5.0 with Windows 7, Windows 8, Windows 8 Server and Ubuntu 12.04 LTS virtual machines). I figured many of you would benefit from a detailed walkthrough so here it is (without warranty, liability, support, etc).
The two black boxes on the left are HP Proliant MicroServer N36L’s with modest AMD Athlon(tm) II Neo 1.3GHz dual-core processors and 8GB RAM and the one on the right is an iomega ix4-200d NAS box providing 8TB of networked storage (including over iSCSI for ESXi should I run low on direct attached storage). There’s a 5 port gigabit switch stringing it all together and a 500Mbps CPL device connecting it back up the house. You should be able to set all this up inside 2 grand. Before you try to work out where I live, the safe is empty as I don’t trust electronic locks.
Download Ubuntu Server (12.04 LTS or the latest long term support release) and write it to a USB key — if you’re a Mac OS X only shop then you’ll want to follow these instructions. Boot your server with the USB key inserted and it should drop you straight into the installer (if not you might need to tell the BIOS to boot from USB by pressing the appropriate key, usually F2 or F10, at the appropriate time). Most of the defaults are OK but you’ll probably want to select the “OpenSSH Server” option in tasksel unless you want to do everything from the console, but be sure to tighten up the default configuration if you care about security. Unless you like mundane admin tasks then you might want to enable automatic updates too. Even so let’s ensure any updates since release have been applied:
sudo apt-get update
sudo apt-get -u upgrade
sudo apt-get install git
Now grab the latest version of DevStack from GitHub:
git clone git://github.com/openstack-dev/devstack.git
And run the script:
cd devstack/; ./stack.sh
The first thing it will do is ask you for passwords for MySQL, Rabbit, a SERVICE_TOKEN and SERVICE_PASSWORD and finally a password for Horizon & Keystone. I used the (excellent) 1Password to generate passwords like “sEdvEuHNNeA7mYJ8Cjou” (the script doesn’t like special characters) and stored them in a secure note.
The script will then go and download dozens of dependencies, which are conveniently packaged by Ubuntu and/or the upstream Debian distribution, run setup.py for a few python packages, clone some repositories, etc. While you wait you may as well go read the script to understand what’s going on. At this point the script failed because /opt/stack/nova didn’t exist. I filed bug 995078 but the script succeeded when I ran it for a second time — looks like it may have been a glitch with GitHub.
You should end up with something like this:
Horizon is now available at http://10.0.1.10/ Keystone is serving at http://10.0.1.10:5000/v2.0/ Examples on using novaclient command line is in exercise.sh The default users are: admin and demo The password: qqG6YTChVLzEHfTDzm8k This is your host ip: 10.0.1.10 stack.sh completed in 431 seconds.
If you browse to that address you’ll be able to log in to the console:
That will drop you into the Admin section of the OpenStack Desktop (Horizon) where you can get an overview and administer instances, services, flavours, images, projects, users and quotas. You can also download OpenStack and EC2 credentials from the “Settings” pages.
Switch over to the “Project” tab and “Create Keypair” under “Access & Security” (so you can access any instances you create):
The key pair will be created and downloaded as a .pem file (e.g. admin.pem).
Now select “Images & Snapshots” under “Manage Compute” you’ll be able to launch the cirros-0.3.0-x86_64-uec image which is included for testing. Simply click “Launch” under “Actions”:
Give it a name like “Test”, select the key pair you created above and click “Launch Instance”:
You’ll see a few tasks executed and your instance should be up and running (Status: Active) in a few seconds:
Now what? First, try to ping the running instance from within the SSH session on the server (you won’t be able to ping it from your workstation):
$ ping 10.0.0.2 PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_req=1 ttl=64 time=0.734 ms 64 bytes from 10.0.0.2: icmp_req=2 ttl=64 time=0.585 ms 64 bytes from 10.0.0.2: icmp_req=3 ttl=64 time=0.588 ms
Next let’s copy some EC2 credentials over to our user account on the server so we can use the command line euca-* tools. Go to “Settings” in the top right and then the “EC2 Credentials” tab. Now “Download EC2 Credentials”, which come in the form of a ZIP archive containing an X.509 certificate (cert.pem) and key (pk.pem) pair as well as a CA certificate (cacert.pem) and an rc script (ec2rc.sh) to set various environment variables which tell the command line tools where to find these files:
While you’re at it you may as well grab your OpenStack Credentials which come in the form of an rc script (openrc.sh) only. It too sets environment variables which can be seen by tools running under that shell.
Let’s copy them (and the key pair from above) over from our workstation to the server:
scp b34166e97765499b9a75f59eaff48b98-x509.zip openrc.sh admin.pem [email protected]:~
Stash the EC2 credentials in ~/.euca:
mkdir ~/.euca; chmod 0700 ~/.euca; cd ~/.euca
cp ~/b34166e97765499b9a75f59eaff48b98-x509.zip ~/.euca; unzip *.zip
Finally let’s source the rc scripts:
You’ll see the openrc.sh script asks you for a password. Given this is a dev/test environment and we’ve used a complex password, let’s modify the script and hard code the password by commenting out the last 3 lines and adding a new one to export OS_PASSWORD:
# With Keystone you pass the keystone password. #echo "Please enter your OpenStack Password: " #read -s OS_PASSWORD_INPUT #export OS_PASSWORD=$OS_PASSWORD_INPUT export OS_PASSWORD=qqG6YTChVLzEHfTDzm8k
You probably don’t want anyone seeing your password or key pair so let’s lock down those files:
chmod 0600 ~/openrc.sh ~/admin.pem
Just make sure the environment variables are set correctly:
echo $EC2_USER_ID 42 echo $OS_USERNAME admin
Finally we should be able to use the EC2 command line tools:
euca-describe-instances RESERVATION r-8wvdh1c7 b34166e97765499b9a75f59eaff48b98 default INSTANCE i-00000001 ami-00000001 test test running None (b34166e97765499b9a75f59eaff48b98, ubuntu) 0 m1.tiny 2012-05-05T13:59:47.000Z nova aki-00000002 ari-00000003 monitoring-disabled 10.0.0.2 10.0.0.2 instance-store
As well as the openstack command:
openstack list server +--------------------------------------+------+--------+------------------+ | ID | Name | Status | Networks | +--------------------------------------+------+--------+------------------+ | 44a43355-7f95-4621-be61-d34fe53e50a8 | Test | ACTIVE | private=10.0.0.2 | +--------------------------------------+------+--------+------------------+
You should be able to ssh to the running instance using the IP address and key pair from above:
ssh -i admin.pem -l cirros 10.0.0.2 $ uname -a Linux cirros 3.0.0-12-virtual #20-Ubuntu SMP Fri Oct 7 18:19:02 UTC 2011 x86_64 GNU/Linux
That’s all for today — I hope you find the process as straightforward as I did and if you do follow these instructions then please leave a comment below (especially if you have any tips or solutions to problems you run into along the way).