Installing Openstack on Solaris – Quick Notes

Note: The below process is based on the Solaris first openstack implementation, a much more up-to-date document and procedure is available Solaris 11.3 – openstack install / juno 2014.2 – part1 on this blog.
To install the openstack packages on the controller, follow the below

pkg install mysql-56 mysql-56/client rabbitmq keystone library/python-2/python-mysql-27 library/python-2/sqlalchemy-27 glance glanceclient nova novaclient horizon memcached neutron evs rad-evs-controller pkg:/system/storage/iscsi/iscsi-target cinder swift swiftclient pkg://solaris/network/telnet pkg://solaris/web/server/apache-22/module/apache-wsgi-34 pkg://solaris/web/server/apache-24/module/apache-wsgi-27 ironic pkg:/install/installadm

To configure mysql

zfs create -o mountpoint=/mysql rpool/mysql
mkdir /mysql/logs
mkdir /mysql/innodb
cp /etc/mysql/5.6/my.cnf /mysql/
cd /etc/mysql/5.6/; mv my.cnf my.cnf.orig; ln -s /mysql/my.cnf
chown -R mysql:mysql /mysql

Configure my.cnf
Note: Make sure to force utf8 in the my.cnf

Below is the my.cnf for MySQL 5.6

# For advice on all settings please see
# http://dev.mysql.com/doc/refman/5.6/en/server-configuration-defaults.html

[mysqld]
default-storage-engine = InnoDB
collation-server = utf8_unicode_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8

# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M

# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin

# These are commonly set, remove the # and set as required.
basedir = /usr/mysql/5.6
datadir = /mysql/innodb
port = 3306
# server_id = .....
socket = /tmp/mysql.sock

# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
join_buffer_size = 128M
sort_buffer_size = 2M
read_rnd_buffer_size = 2M 

### Copied from a 5.5 config
innodb_data_home_dir = /mysql/innodb
innodb_data_file_path = ibdata1:10M:autoextend
innodb_log_group_home_dir = /mysql/innodb
# You can set .._buffer_pool_size up to 50 – 80 %
# of RAM but beware of setting memory usage too high
innodb_buffer_pool_size = 16M
#innodb_additional_mem_pool_size = 2M
# Set .._log_file_size to 25 % of buffer pool size
innodb_log_file_size = 5M
innodb_log_buffer_size = 8M
innodb_flush_log_at_trx_commit = 1
innodb_lock_wait_timeout = 50

sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES 

[client]
default-character-set=utf8

[mysql]
default-character-set=utf8

Below is the my.cnf for MySQL 5.5

[client]
default-character-set=utf8

[mysql]
default-character-set=utf8
[mysqld]
default-storage-engine = InnoDB
collation-server = utf8_unicode_ci
init-connect='SET NAMES utf8'
character-set-server = utf8

Uncomment the following if you are using InnoDB tables

innodb_data_home_dir = /mysql/innodb
innodb_data_file_path = ibdata1:10M:autoextend
innodb_log_group_home_dir = /mysql/innodb
# You can set .._buffer_pool_size up to 50 - 80 %
# of RAM but beware of setting memory usage too high
innodb_buffer_pool_size = 16M
innodb_additional_mem_pool_size = 2M
# Set .._log_file_size to 25 % of buffer pool size
innodb_log_file_size = 5M
innodb_log_buffer_size = 8M
innodb_flush_log_at_trx_commit = 1
innodb_lock_wait_timeout = 50

To verify utf8 on db

mysql> show create database mysql;

Configure passwords and access
For MySQL 5.6
1) Simply start /usr/mysql/5.6/bin/mysqld_safe &
2) Then run /usr/mysql/5.6/bin/mysql_secure_installation and set password
3) pkill mysqld
4) start mysql with svcadm and connect to DB
5) set grand access as like below

/usr/mysql/5.6/bin/mysql_install_db --user=mysql --datadir=/mysql/innodb --basedir=/usr/mysql/5.6

Then run

export PATH=$PATH:/usr/mysql/5.6/bin

/usr/mysql/5.6/bin/mysqld --defaults-file=/mysql/my.cnf --basedir=/usr/mysql/5.6 --datadir=/mysql/innodb --user=mysql --pid-file=/mysql/mysql.pid &

/usr/mysql/5.6/bin/mysql_secure_installation

Enter current password for root (enter for none):

Set root password? [Y/n] y

Remove anonymous users? [Y/n] y

Disallow root login remotely? [Y/n] n

Remove test database and access to it? [Y/n] y

Reload privilege tables now? [Y/n] y

Now lets configure passwords.

mysql -u root -p
use mysql
grant all on *.* to 'root'@'os1' identified by 'password';
grant all on *.* to 'root'@'localhost' identified by 'password';
grant all privileges on *.* to 'root'@'localhost' identified by 'password' with grant option;
grant all on *.* to 'root'@'localhost' identified by 'password';
grant all on *.* to 'root'@'os2' identified by 'password';
update user set grant_priv='Y' where user='root' and host='localhost';
update user set grant_priv='Y' where user='root' and host='127.0.0.1';
update user set grant_priv='Y' where user='root' and host='os1';
update user set grant_priv='Y' where user='root' and host='os2';
commit;
exit

mysql -u root -p Note: (just hit enter no password)

use mysq;
UPDATE user SET Password=PASSWORD('password') where USER='root';
FLUSH PRIVILEGES;
exit

Configure SMF with MySQL settings

svccfg -s svc:/application/database/mysql:version_56 setprop mysql/cnf=/mysql/my.cnf
svccfg -s svc:/application/database/mysql:version_56 setprop mysql/data=/mysql/innodb
svcadm refresh mysql:version_56

Note: Might not be needed

/usr/mysql/5.6/bin/mysqld --defaults-file=/mysql/my.cnf --basedir=/usr/mysql/5.6 --datadir=/mysql --user=mysql --pid-file=/mysql/mysql.pid --skip-grant-tables &

UPDATE user SET Password=PASSWORD('password') where USER='root';
FLUSH PRIVILEGES;

exit mysqld with ^D

Now enable it with with SMF

svcadm enable mysql

Rabbitmq Configuration

Create rabbitmq files in /etc/rabbitmq

rabbitmq-env.conf

NODENAME=os1
NODE_IP_ADDRESS=10.10.3.121
CONFIG_FILE=/etc/rabbitmq/rabbitmq

rabbitmq.config

[{rabbit,
[{cluster_nodes, {['rabbit@os1'], disc}}]}].

Next set permissions

chown -R rabbitmq:bin /etc/rabbitmq

# Enable the SMF for rabbitmq
svcadm enable rabbitmq

Next add an rabbitmq admin

rabbitmqctl set_policy HA '^(?!amq.).*' '{"ha-mode": "all"}'

su - rabbitmq -c "rabbitmqctl cluster_status"

You have to add/update a rabbitmq admin user, guest user is dissallowed.

rabbitmqctl add_user admin password

rabbitmqctl set_permissions admin ".*" ".*" ".*"

Next add the new user password to /etc/nova/nova.conf

Configure keystone

/etc/keystone/keystone.conf

Create MySql DB entrys

create database keystone;

mysql>create database keystone; 
Query OK, 1 row affected (0.00 sec) 
mysql>grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'password'; 
Query OK, 0 rows affected (0.00 sec) 
mysql>grant all privileges on keystone.* to 'keystone'@'%' identified by 'password'; 
Query OK, 0 rows affected (0.00 sec) 
mysql>FLUSH PRIVILEGES; 
Query OK, 0 rows affected (0.00 sec) 

Update the keytab with users passwords for nova, cinder, etc…

cp /usr/demo/openstack/keystone/sample_data.sh /usr/demo/openstack/keystone/sample_data.sh-org

Add a line on top with comment password

SERVICE_PASSWORD=password

# Replace
ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
# With
ADMIN_PASSWORD=${ADMIN_PASSWORD:-password}

Change localhost to public name (os1) – replace with real hostname

replace DEMO_TENANT with devtech101
replace

export OS_AUTH_URL=http://os1:5000/v2.0 
export OS_PASSWORD=”${ADMIN_PASSWORD}” 
export OS_TENANT_NAME=service 
export OS_USERNAME=admin

Now run.

su - keystone
/usr/bin/keystone-manage db_sync

Note: make sure /etc/hosts has the loca lhost ip address added

svcadm enable keystone

su - keystone
/usr/bin/keystone-manage pki_setup

Modify /usr/demo/openstack/keystone/sample_data.sh

create .profile with this entrys

export SERVICE_ENDPOINT=http://os1:35357/v2.0
export SERVICE_TOKEN=9d77f9bad250d97c365e (openssl rand -hex 10)

Now run /usr/demo/openstack/keystone/sample_data.sh
For glance controller

Create MySql db entrys

glance-api.conf
glance-cache.conf
glance-registry.conf
glance-api-paste.ini # This file was not needed in the latest updates
glance-registry-paste.conf # This file was not needed in the latest updates
glance-scrubber.conf

su - glance

glance-manage db_sync

svcadm enable glance-db
svcadm enable glance-api
svcadm enable glance-registry
svcadm enable glance-scrubber

export OS_USERNAME=glance
export OS_PASSWORD=password
export OS_TENANT_NAME=service
export OS_AUTH_URL=http://10.10.3.121:5000/v2.0/

mysql> create database nova; Query OK, 1 row affected (0.00 sec)
mysql> grant all privileges on nova.* to ‘nova’@’localhost’ identified by ‘password’; Query OK, 0 rows affected (0.01 sec)
mysql> grant all privileges on nova.* to ‘nova’@’%’ identified by ‘password’; Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on nova.* to ‘nova’@’os1’ identified by ‘password’; Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec)

/etc/nova/nova.conf
/etc/nova/api-paste.conf

export OS_USERNAME=nova
export OS_PASSWORD=password
export OS_TENANT_NAME=service
export OS_AUTH_URL=http://10.10.3.121:5000/v2.0/

su - nova
nova-manage db sync

svcadm enable nova-conductor
svcadm restart rad:local
svcadm enable nova-scheduler
svcadm enable nova-cert
svcadm enable nova-objectstore
svcadm enable nova-api-osapi-compute
svcadm enable nova-api-ec2

cd /etc/openstack_dashboard
openssl req -new -x509 -nodes -out horizon.crt -keyout horizon.key
Generating a 1024 bit RSA private key
..........++++++
....................++++++
writing new private key to 'horizon.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:US
State or Province Name (full name) []:New-York
Locality Name (eg, city) []:NY
Organization Name (eg, company) []:Devtech101
Organizational Unit Name (eg, section) []:IS
Common Name (e.g. server FQDN or YOUR name) []:os1.domain.com
Email Address []:admin@devtech101.com

chown webservd:webservd /etc/openstack_dashboard/horizon.*

cd /etc/apache2/2.4/ ; cp samples-conf.d/openstack-dashboard-tls.conf conf.d/
cp /etc/openstack_dashboard/local_settings.py /etc/openstack_dashboard/local_settings.py-orig

OPENSTACK_HOST = 10.10.3.121

Enable memechache in this file by uncomment
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}

svcadm enable svc:/application/database/memcached:default

svcadm enable svc:/network/http:apache24

mysql> create database neutron; Query OK, 1 row affected (0.00 sec)
mysql> grant all privileges on neutron.* to ‘neutron’@’os1’ identified by ‘password’; 
Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on neutron.* to ‘neutron’@’localhost’ identified by ‘password’; Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on neutron.* to ‘neutron’@’%’ identified by ‘password’; 
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES; 
Query OK, 0 rows affected (0.01 sec)

/etc/neutron/neutron.conf
/etc/neutron/plugins/evs/evs_plugin.ini

export OS_USERNAME=neutron
export OS_PASSWORD=password
export OS_TENANT_NAME=service
export OS_AUTH_URL=http://10.10.3.121:5000/v2.0/

su - evsuser -c "ssh-keygen -N '' -f /var/user/evsuser/.ssh/id_rsa -t rsa"
su - neutron -c "ssh-keygen -N '' -f /var/lib/neutron/.ssh/id_rsa -t rsa"
ssh-keygen -N '' -f /root/.ssh/id_rsa -t rsa

cat /var/user/evsuser/.ssh/id_rsa.pub /var/lib/neutron/.ssh/id_rsa.pub /root/.ssh/id_rsa.pub >> /var/user/evsuser/.ssh/authorized_keys

su - evsuser -c "ssh evsuser@localhost true"
su - neutron -c "ssh evsuser@localhost true"
ssh evsuser@localhost true

evsadm set-prop -p controller=ssh://evsuser@localhost
evsadm set-controlprop -p l2-type=vlan
evsadm set-controlprop -p uplink-port=aggr1
evsadm set-controlprop -p vlan-range=2000-3900

svcadm enable neutron-server

su - neutron
neutron net-list

/etc/cinder/cinder.conf

mysql> create database cinder; Query OK, 1 row affected (0.00 sec)
mysql> grant all privileges on cinder.* to ‘cinder’@’os1’ identified by ‘password’; 
Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on cinder.* to ‘cinder’@’localhost’ identified by ‘password’; Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on cinder.* to ‘cinder’@’%’ identified by ‘password’; 
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES; 
Query OK, 0 rows affected (0.00 sec)

su - cinder
cinder-manage db sync

svcadm enable cinder-db
svcadm enable cinder-scheduler cinder-backup cinder-api
svcadm enable -r cinder-volume:default

svcadm enable -rs iscsi/target

memcached_servers=127.0.0.1:11211

pkg install mysql-56/client nova novaclient neutron evs cinder pkg:/system/storage/iscsi/iscsi-target

su - evsuser -c "ssh-keygen -N '' -f /var/user/evsuser/.ssh/id_rsa -t rsa"
su - neutron -c "ssh-keygen -N '' -f /var/lib/neutron/.ssh/id_rsa -t rsa"
ssh-keygen -N '' -f /root/.ssh/id_rsa -t rsa

evsadm set-prop -p controller=ssh://evsuser@localhost
evsadm set-prop -p controller=ssh://evsuser@localhost
ssh evsuser@os1 true