Saturday, December 10, 2016

My Own Cloud - Learning DevStack

Setting up DevStack on an old Dell Latitude D820 (yep, old but this is just for learning).

Most of the instructions I got from http://docs.openstack.org/developer/devstack/Introduction to OpenStack Neutron, and openstack demo and then modified to fit my needs.

1) Install Ubuntu - Downloaded Ubuntu 16.04.1
    ubuntu-16.04.1-server-i386.iso from http://releases.ubuntu.com/16.04

    2) Used my Zalman ZM-VE300 HDD/Virtual ODD drive to boot the Dell and run the install.
    If you aren't familiar with this enclosure/tool, check it out at http://www.zalman.com/contents/products/view.html?no=212
    It lets you drop ISOs on the hard drive you enclose in it, and then boot devices from them. It's like having a case full of bootable DVDs in one small device.
    3) I pretty much used all the defaults for the ubuntu install except added the OpenSSH server.

    4)  I had some video issues that may just be failing hardware, but I ended up modifying the grub menu so that it used the BIOS video and not the drivers until I could install the correct nVidia driver.
    I rebooted and at the grub menu with "ubuntu" selected, I hit the 'e' key.
    In the config that appears, I found the line that starts with "linux" and added to the end of the line "nomodeset xforcevesa
    5) Add Stack User - These commands create a non-root user with sudo enabled to run Devstack.
    $ adduser stack
    $ echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
    $ su stack
    6) Download DevStack - The devstack repo contains a script that installs OpenStack and templates for configuration files
    $ cd ~$ git clone https://git.openstack.org/openstack-dev/devstack$ cd devstack
    7) Create a local.conf - Create a local.conf file with 4 passwords preset at the root of the devstack git repo. Also add some Neutron networking info and a fix for a VNC bug.

    [[local|localrc]]
    HOST_IP=10.41.0.12
    SERVICE_HOST=10.41.0.12
    MYSQL_HOST=10.41.0.12
    RABBIT_HOST=10.41.0.12
    GLANCE_HOSTPORT=10.41.0.12:9292
    ADMIN_PASSWORD=secret
    DATABASE_PASSWORD=$ADMIN_PASSWORD
    RABBIT_PASSWORD=$ADMIN_PASSWORD
    SERVICE_PASSWORD=    $ADMIN_PASSWORD
    NOVNC_BRANCH=v0.6.0

    ## Neutron options
    Q_USE_SECGROUP=True
    FLOATING_RANGE="10.41.0.0/24"
    IPV4_ADDRS_SAFE_TO_USE="10.0.0.0/22"
    Q_FLOATING_ALLOCATION_POOL=start=10.41.0.250,end=10.41.0.254
    PUBLIC_NETWORK_GATEWAY="10.41.0.1"
    PUBLIC_INTERFACE=enp9s0


    ## Open vSwitch provider networking configuration
    Q_USE_PROVIDERNET_FOR_PUBLIC=True
    OVS_PHYSICAL_BRIDGE=br-ex
    PUBLIC_BRIDGE=br-ex
    OVS_BRIDGE_MAPPINGS=public:br-ex

    8) Start the install - run the script and it pretty much does everything. Took about 30 min or so on this old Dell.
    $ ./stack.sh
    9) Login - At this point, the Horizon web interface should now be available at http://10.41.0.12 and looks like this:

     User Name: admin     Password: secret

    10) Change Password - Login as admin and in the menu on the left expand 
    Settings -> Change Password.  Set the password to something better than secret.

    11) Add images - The basic install does contain a Cirros image, but it is 64 bit and my old dell is 32 bit.

    a) Download the image from http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-i386-disk.img. (qcow2 format works well for Devstack)
    b) Log into Horizon as admin. You can do it from other accounts, but if you get "TypeError: Cannot read property 'data' of undefined" it is because your account doesn't have admin rights.
    c) Expand Admin -> System -> Images click Create Image.
    d) Give it a name and browse to the downloaded file location. Set the format to "QCOW2 - QEMU Emulator".  Leave Visibility as Public and Protected as No.  I didn't set any additional settings.
    e) Click Create Image.


    12) Create a User and Key Pair
    a) In Horizon, expand Identity -> Users -> Create User
    - Give it username, email, password and select a primary project
    b) Expand Identity -> Projects -> manage members of the primary project for the new user
    -Add the user and give it roles. (at least member)
    c) Log out and log in as the new user
    d) Expand Project -> Computer -> Access & Security and click the key pairs tab.
    - Click Create Key Pair and give the pair a name. It will download it to the machine you are running the browser from and can be used to ssh into systems it will be used on.

    13) Create virtual networks - (like vlans - logical slice to separate broadcast domains)
    a) Expand Project -> Network -> Networks and click Create Network
    b) Name it, leave Admin State UP and Create Subnet checked. Click Next.
    c) Name the subnet and enter the Network Address as a CIDR address ex: 192.168.1.0/24
    d) Leave the gateway blank but do not check disable gateway (It will become the .1) Click Next.
    e) Check enable DHCP  and leave the rest blank. Click Create.

    14) Create Neutron Router
    a) Expand Project -> Network -> Networks -> Routers and click Create Router.
    b) Name it, leave Admin State UP and do not select an External Network yet. Click Create Router.
    c) Click on the new router, the Interfaces tab and then Add Interface. In the drop down, select the desired network and click Submit. Do this for each network.
    d) Expand Project -> Network -> Networks and verify the "public" network is the external network the devstack box is on (ex. 10.41.0.0/24 for home network)
    e) Set up source routing (NAT for outgoing traffic)
    1. On routers page, click Add Gateway to the router and choose the public network.

    15) Create a Security Group
    Security groups are sets of IP filter rules that are applied to the network settings for the VM. After the security group is created, you can add rules to the security group.  They are like ACLs.

    a) Expand Project -> Compute -> Access & Security and click the Security Group tab. 
    b) Click Create Security Group
    1. Give it a name and description
    2. To the right of the new group, click Manage Rules
    3. Click Add Rule and create rules as necessary with protocol, ports, and IPs. 
    Example allow incoming SSH traffic from home network:
    •  Custom TCP Rule | Ingress | Port | 22 | CIDR | 10.41.0.0/24

    16) Deploy an instance (VM)
    a) Expand Project -> Compute -> Instances
    1. Click Launch Instance and give it a name. Click Next.
    2. Choose Image as the Boot Source. At the bottom under Available, find the name of the 32 bit Cirros image you created in step 11 and click the up arrow to the right of it. Click Next.
    3. Click the up arrow to the right of m1.tiny and Click Next.
    4. Click the up arrow to the right of the network you want the instance to live on and Click Next.
    5. Leave Network Ports the same and click Next.
    6. Click the up arrow to the right of the Security Group you created and click Next.
    7. If you created more than one key pair, click the up arrow to the right of the one you want to use. Click Next.
    8. Click Next through the rest of the screens and then click Launch Instance.
    9. Click Launch and wait for it to spawn.
    10. It should get an IP address for the internal subnet selected.


    17) Set up Floating IPs for each instance that needs access from outside in. (one-to-one IP pairing internal-external)
    a) Expand Project -> Compute -> Instances and from the dropdown menu to the right of the instance, choose Associate Floating IP.
    b) Click the plus [+] and it will grab from the pool of public IPs (designated in the local.conf)
    c) Click Allocate IP and then Associate. This should now show both IPs in the instance list.

    18) Test Connectivity and SSH - You should now be able to use the key you download when creating the key pairs and ssh into the machines you used it on.
    Posted by at No comments:
    Subscribe to: Posts (Atom)