Tag Archives: cloud computing

A Step by Step Guide to Deploy CloudFoundry on AWS

1. Configure Below on AWS

  • VPC ( Virtual Private Cloud )
  • IAM USER
  • Elastic IP
  • Key Pair
  • Security Group
  • Route 53

a. VPC –  Configuring VPC

Select Launch VPC Wizard

sys

Click on Select to continue

Enter IPv4 details and click on create VPC

VPC Created Successfully

b. IAM USER

Go to IAM under Services

Click on AddUser

Enter Username and Select on Next:Permissions

Select Administrator Access  under policies and click on Review

Click on Create User

User Create Successfully and download the CSV file

c. Elastic IP

Select Elastic IP’s from EC2 Dashboard

Select Allocate new address

Select Allocate Address

IP Created successfully

d.Key Pair

Select Key Pairs from EC2 Dashboard

Click on Create Key Pair

Enter the name and click on Create

Key Pair  Gets created and .pem file is downloaded automatically

e.Security Group

Select Security Groups from EC2 Dashboard

Select Create Security Group

Enter the details and click Create

Bosh Group is Created as shown below

Select bosh security group, Edit inbound rules and add as shown below

f. Route 53

Select Route53  from Services

Click on Hosted Zones

Click on Create Hosted Zone

Enter the domain details and click on create

nbos.co dns entry is created

Add *.nbos.co address record and save Record

 

2. Create an Instance to Deploy Bosh Director

a. Create  EC2 Instance

Select Launch Instance from EC2 Dashboard

b. Select Amazon Linux

c. Select t2.micro and click Next

d. Select Network and subnet as shown below and proceed to Configure security Group

e. Select bosh security group and click on Review and Launch

f. Click on Launch to Launch the instance

g. Wait till instance is launched and showed running

3. Configure bosh cli and deploy bosh director

a. Login to the EC2 instance

b. Verify the bosh version

c. Install the following packages

d. make directory bosh

e. clone bosh Director Template

Update cloud-config.yml file in bosh-deployment/aws

f. Deploy Bosh Director using create-env

Wait till it completes

g. Connect to the bosh director

4. Deploy Cloud Foundry

a. clone cf-deployment

b. upload stemcell to director

c. update  the cf-deployment.yml under cf-deployment with content below

d. Deploy the cloud foundry

Wait till the deployment completes

e. Update the  Elastic IP to the router instance created by cf-deployment which is mapped to *.nbos.co in DNS

5. Login to cf

a. Set the cf target

b. Retrieve the admin password from  cf-deployment/deployment-vars.yml generated while deploying cf-deployment

c. Verify cf API

 

Installing OpenStack on ubutnu

* Preparing Ubuntu

* After you install Ubuntu 12.04 Server 64bit, Go in sudo mode and don’t leave it until the end of this guide

  sudo -i 

* Add Havana repositories to source list

   apt-get install ubuntu-cloud-keyring python-software-properties software-properties-common python-keyring
   echo deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-proposed/havana main >> /etc/apt/sources.list.d/havana.list
   apt-get install python-software-properties
   add-apt-repository cloud-archive:havana

* Update your system

   apt-get -y update && apt-get -y upgrade 

**Note:** Reboot your system in case if you have a kernel upgrade

Configure Network

* Only one NIC should have an internet access, the other is for most Openstack-related operations and configurations

   #For Exposing OpenStack API over the internet
   auto eth0
   iface eth0 inet static
   address 10.9.8.116
   netmask 255.255.255.0
   gateway 10.9.8.249
   dns-nameservers 10.9.8.253

   #Not internet connected(used for OpenStack management)
   auto eth1
   iface eth1 inet static
   address 192.168.1.251
   netmask 255.255.255.0

* Restart the networking service

   service networking restart

Install all the required packages at once or Also can be done individually during installation

   apt-get install -y mysql-server python-mysqldb rabbitmq-server ntp vlan bridge-utils keystone glance openvswitch-controller openvswitch-switch openvswitch-datapath-dkms neutron-server neutron-plugin-openvswitch neutron-plugin-openvswitch-agent dnsmasq neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent kvm libvirt-bin pm-utils nova-api nova-cert novnc nova-consoleauth nova-scheduler nova-novncproxy nova-doc nova-conductor nova-compute-kvm cinder-api cinder-scheduler cinder-volume openstack-dashboard memcached iscsitarget iscsitarget-dkms

Install and configure MySQL & RabbitMQ

* Install MySQL

   apt-get install -y mysql-server python-mysqldb

* Configure mysql to accept all incoming requests

   sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
   service mysql restart

* Install RabbitMQ

   apt-get install -y rabbitmq-server 

* Install NTP service

   apt-get install -y ntp

* configure Mysql Database

**Note:** Use ‘%’ to get the database access from all the network.

   mysql -u root -p <your_mysql_root_password>
   
   ## For Keystone database 
   CREATE DATABASE keystone;
   GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON keystone.* TO 'keystone'@'10.9.8.116' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON keystone.* TO 'keystone'@'192.168.1.251' IDENTIFIED BY 'openstacktest';
   FLUSH PRIVILEGES;
   quit;
   (test database access and show databases with user keystone)

   ## For Glance database 
   mysql -u root -p your_mysql_root_password
   CREATE DATABASE glance;
   GRANT ALL ON glance.* TO 'glance'@'%' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON glance.* TO 'glance'@'10.9.8.116' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON glance.* TO 'glance'@'192.168.1.251' IDENTIFIED BY 'openstacktest';
   FLUSH PRIVILEGES;
   quit;
   (test database access and show databases with user glance)

   # For Neutron database
   mysql -u root -p your_mysql_root_password
   CREATE DATABASE neutron;
   GRANT ALL ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON neutron.* TO 'neutron'@'10.9.8.116' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON neutron.* TO 'neutron'@'192.168.1.251' IDENTIFIED BY 'openstacktest';
   FLUSH PRIVILEGES;
   quit;
   (test database access and show databases with user neutron)

   # For Nova database
   mysql -u root -p your_mysql_root_password
   CREATE DATABASE nova;
   GRANT ALL ON nova.* TO 'nova'@'%' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON nova.* TO 'nova'@'10.9.8.116' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON nova.* TO 'nova'@'192.168.1.251' IDENTIFIED BY 'openstacktest';
   FLUSH PRIVILEGES;
   quit;
   (test database access and show databases with user nova)

   # Cinder
   mysql -u root -p your_mysql_root_password
   CREATE DATABASE cinder;
   GRANT ALL ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON cinder.* TO 'cinder'@'10.9.8.116' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON cinder.* TO 'cinder'@'192.168.1.251' IDENTIFIED BY 'openstacktest';
   FLUSH PRIVILEGES;
   quit;
   (test database access and show databases with user cinder)

* Install other services

   apt-get install -y vlan bridge-utils

* Enable IP_Forwarding

   sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf

# To save you from rebooting, perform the following
   sysctl net.ipv4.ip_forward=1

Install and configure Keystone

* Install keystone packages

   apt-get install -y keystone

* Verify your keystone is running

   service keystone status

* Modify the connection attribute in the /etc/keystone/keystone.conf to the new database

# Add the below line to “vi /etc/keystone/keystone.conf”

   connection = mysql://keystone:openstacktest@10.9.8.116/keystone

* Remove Keystone SQLite database

   rm /var/lib/keystone/keystone.db

* Restart the identity service then synchronize the database

   service keystone restart
   keystone-manage db_sync

* Create the basic data and endpoint script with the below

# vi keystone_basic.sh

#!/bin/sh

HOST_IP=10.9.8.116
ADMIN_PASSWORD=${ADMIN_PASSWORD:-openstacktest}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-openstacktest}
export SERVICE_TOKEN=&quot;ADMIN&quot;
export SERVICE_ENDPOINT=&quot;http://${HOST_IP}:35357/v2.0&quot;
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}

get_id () {
    echo <code>$@ | awk '/ id / { print $4 }'</code>
}

# Tenants
ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)


# Users
ADMIN_USER=$(get_id keystone user-create --name=admin --pass=&quot;$ADMIN_PASSWORD&quot; --email=admin@nbostech.com)


# Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)

# Add Roles to Users in Tenants
keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT
keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONEADMIN_ROLE --tenant-id $ADMIN_TENANT
keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONESERVICE_ROLE --tenant-id $ADMIN_TENANT

# The Member role is used by Horizon and Swift
MEMBER_ROLE=$(get_id keystone role-create --name=Member)

# Configure service users/roles
NOVA_USER=$(get_id keystone user-create --name=nova --pass=&quot;$SERVICE_PASSWORD&quot; --tenant-id $SERVICE_TENANT --email=admin@nbostech.com)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE

GLANCE_USER=$(get_id keystone user-create --name=glance --pass=&quot;$SERVICE_PASSWORD&quot; --tenant-id $SERVICE_TENANT --email=admin@nbostech.com)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE

NEUTRON_USER=$(get_id keystone user-create --name=neutron --pass=&quot;$SERVICE_PASSWORD&quot; --tenant-id $SERVICE_TENANT --email=admin@nbostech.com)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NEUTRON_USER --role-id $ADMIN_ROLE

CINDER_USER=$(get_id keystone user-create --name=cinder --pass=&quot;$SERVICE_PASSWORD&quot; --tenant-id $SERVICE_TENANT --email=admin@nbostech.com)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE

# vi keystone_endpoints_basic.sh

#!/bin/sh


# Host address
HOST_IP=192.168.1.251
EXT_HOST_IP=10.9.8.116

# MySQL definitions
MYSQL_USER=keystone
MYSQL_DATABASE=keystone
MYSQL_HOST=$HOST_IP
MYSQL_PASSWORD=openstacktest

# Keystone definitions
KEYSTONE_REGION=RegionOne
export SERVICE_TOKEN=ADMIN
export SERVICE_ENDPOINT=&quot;http://${HOST_IP}:35357/v2.0&quot;

while getopts &quot;u:D:p:m:K:R:E:T:vh&quot; opt; do
  case $opt in
    u)
      MYSQL_USER=$OPTARG
      ;;
    D)
      MYSQL_DATABASE=$OPTARG
      ;;
    p)
      MYSQL_PASSWORD=$OPTARG
      ;;
    m)
      MYSQL_HOST=$OPTARG
      ;;
    K)
      MASTER=$OPTARG
      ;;
    R)
      KEYSTONE_REGION=$OPTARG
      ;;
    E)
      export SERVICE_ENDPOINT=$OPTARG
      ;;
    T)
      export SERVICE_TOKEN=$OPTARG
      ;;
    v)
      set -x
      ;;
    h)
      cat &lt;&lt;EOF
Usage: $0 [-m mysql_hostname] [-u mysql_username] [-D mysql_database] [-p mysql_password]
       [-K keystone_master ] [ -R keystone_region ] [ -E keystone_endpoint_url ] 
       [ -T keystone_token ]
          
Add -v for verbose mode, -h to display this message.
EOF
      exit 0
      ;;
    \?)
      echo &quot;Unknown option -$OPTARG&quot; &gt;&amp;2
      exit 1
      ;;
    🙂
      echo &quot;Option -$OPTARG requires an argument&quot; &gt;&amp;2
      exit 1
      ;;
  esac
done  

if [ -z &quot;$KEYSTONE_REGION&quot; ]; then
  echo &quot;Keystone region not set. Please set with -R option or set KEYSTONE_REGION variable.&quot; &gt;&amp;2
  missing_args=&quot;true&quot;
fi

if [ -z &quot;$SERVICE_TOKEN&quot; ]; then
  echo &quot;Keystone service token not set. Please set with -T option or set SERVICE_TOKEN variable.&quot; &gt;&amp;2
  missing_args=&quot;true&quot;
fi

if [ -z &quot;$SERVICE_ENDPOINT&quot; ]; then
  echo &quot;Keystone service endpoint not set. Please set with -E option or set SERVICE_ENDPOINT variable.&quot; &gt;&amp;2
  missing_args=&quot;true&quot;
fi

if [ -z &quot;$MYSQL_PASSWORD&quot; ]; then
  echo &quot;MySQL password not set. Please set with -p option or set MYSQL_PASSWORD variable.&quot; &gt;&amp;2
  missing_args=&quot;true&quot;
fi

if [ -n &quot;$missing_args&quot; ]; then
  exit 1
fi
 
keystone service-create --name nova --type compute --description 'OpenStack Compute Service'
keystone service-create --name cinder --type volume --description 'OpenStack Volume Service'
keystone service-create --name glance --type image --description 'OpenStack Image Service'
keystone service-create --name keystone --type identity --description 'OpenStack Identity'
keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service'
keystone service-create --name neutron --type network --description 'OpenStack Networking service'

create_endpoint () {
  case $1 in
    compute)
    keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'&quot;$EXT_HOST_IP&quot;':8774/v2/$(tenant_id)s' --adminurl 'http://'&quot;$HOST_IP&quot;':8774/v2/$(tenant_id)s' --internalurl 'http://'&quot;$HOST_IP&quot;':8774/v2/$(tenant_id)s'
    ;;
    volume)
    keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'&quot;$EXT_HOST_IP&quot;':8776/v1/$(tenant_id)s' --adminurl 'http://'&quot;$HOST_IP&quot;':8776/v1/$(tenant_id)s' --internalurl 'http://'&quot;$HOST_IP&quot;':8776/v1/$(tenant_id)s'
    ;;
    image)
    keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'&quot;$EXT_HOST_IP&quot;':9292/v2' --adminurl 'http://'&quot;$HOST_IP&quot;':9292/v2' --internalurl 'http://'&quot;$HOST_IP&quot;':9292/v2'
    ;;
    identity)
    keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'&quot;$EXT_HOST_IP&quot;':5000/v2.0' --adminurl 'http://'&quot;$HOST_IP&quot;':35357/v2.0' --internalurl 'http://'&quot;$HOST_IP&quot;':5000/v2.0'
    ;;
    ec2)
    keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'&quot;$EXT_HOST_IP&quot;':8773/services/Cloud' --adminurl 'http://'&quot;$HOST_IP&quot;':8773/services/Admin' --internalurl 'http://'&quot;$HOST_IP&quot;':8773/services/Cloud'
    ;;
    network)
    keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'&quot;$EXT_HOST_IP&quot;':9696/' --adminurl 'http://'&quot;$HOST_IP&quot;':9696/' --internalurl 'http://'&quot;$HOST_IP&quot;':9696/'
    ;;
  esac
}

for i in compute volume image object-store identity ec2 network; do
  id=<code>mysql -h &quot;$MYSQL_HOST&quot; -u &quot;$MYSQL_USER&quot; -p&quot;$MYSQL_PASSWORD&quot; &quot;$MYSQL_DATABASE&quot; -ss -e &quot;SELECT id FROM service WHERE type='&quot;$i&quot;';&quot;</code> || exit 1
  create_endpoint $i $id
done

# run both the files

sh keystone_basic.sh
sh keystone_endpoints_basic.sh

* Create a simple credential file and load it

# vi keystone_source

   #Paste the following:
   export OS_TENANT_NAME=admin
   export OS_USERNAME=admin
   export OS_PASSWORD=openstacktest
   export OS_AUTH_URL="http://10.9.8.116:5000/v2.0/"

# Load it:

  
 source keystone_source

* To test Keystone, Run the below command

   keystone user-list

Install and Configure Glance

* Install and verify glance

   apt-get install -y glance
   service glance-api status
   service glance-registry status

* Update glance-api-paste.ini and glance-registry-paste.ini with connection details

# vi /etc/glance/glance-api-paste.ini

   [filter:authtoken]
   paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
   auth_host = 10.9.8.116
   auth_port = 35357
   auth_protocol = http
   admin_tenant_name = service
   admin_user = glance
   admin_password = openstacktest

# vi /etc/glance/glance-registry-paste.ini

   [filter:authtoken]
   paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
   auth_host = 10.9.8.116
   auth_port = 35357
   auth_protocol = http
   admin_tenant_name = service
   admin_user = glance
   admin_password = openstacktest

* Update glance-api.conf and glance-registry.conf with the below details

# vi /etc/glance/glance-api.conf

   [DEFAULT]
   sql_connection = mysql://glance:openstacktest@10.9.8.116/glance

   [keystone_authtoken]
   auth_host = 10.9.8.116
   auth_port = 35357
   auth_protocol = http
   admin_tenant_name = service
   admin_user = glance
   admin_password = openstacktest

   [paste_deploy]
   flavor = keystone

# vi /etc/glance/glance-registry.conf

   [DEFAULT]
   sql_connection = mysql://glance:openstacktest@10.9.8.116/glance

   [keystone_authtoken]
   auth_host = 10.9.8.116
   auth_port = 35357
   auth_protocol = http
   admin_tenant_name = service
   admin_user = glance
   admin_password = openstacktest

   [paste_deploy]
   flavor = keystone

* Remove Glance’s SQLite database

   rm /var/lib/glance/glance.sqlite   

* Restart the glance-api and glance-registry services

   service glance-api restart; service glance-registry restart

* Synchronize the glance database

   glance-manage db_sync

* Restart the services again to get the changes updated

   service glance-registry restart; service glance-api restart

* To test Glance, upload the cirros cloud image and Ubuntu cloud image

   glance image-create --name myFirstImage --is-public true --container-format bare --disk-format qcow2 --location https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img

   wget http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img

   glance add name="Ubuntu 12.04 cloudimg amd64" is_public=true container_format=ovf disk_format=qcow2 < ./precise-server-cloudimg-amd64-disk1.img

* run the below command to list the VM images list

   glance image-list

Install and Configure Neutron

* Install the openVSwitch

   apt-get install -y openvswitch-controller openvswitch-switch openvswitch-datapath-dkms
   service openvswitch-switch restart

* Run the below commands to create the bridges
**Note:** br-int will be used for VM integration
**br-ex:** is used to make VMs to access the internet

   	
   ovs-vsctl add-br br-int
   ovs-vsctl add-br br-ex

* modify eth0 in vi /etc/network/interfaces like below

   # VM internet Access 
   auto eth0 
   iface eth0 inet manual 
   up ifconfig $IFACE 0.0.0.0 up 
   up ip link set $IFACE promisc on 
   down ip link set $IFACE promisc off 
   down ifconfig $IFACE down 

   auto br-ex
   iface br-ex inet static
   address 10.9.8.166
   netmask 255.255.255.0
   gateway 10.9.8.249
   dns-nameservers 10.9.8.253

* Add the eth0 to the br-ex

   
   ovs-vsctl add-port br-ex eth0

* Rebooot the machine

   reboot
   sudo -i
   source keystone_source (to get your environnment variables back)

**Note to VirtualBox users, you will likely be using host-only adapters for the private networking. You need to provide a route out of the host-only network to contact the outside world; egress is not supported by host-only adapters. This can be done by routing traffic from br-ex to an additional NAT’ed adapter’s. Run these commands (where NAT’ed adapter is eth2)::

   iptables --table nat --append POSTROUTING --out-interface eth2 -j MASQUERADE
   iptables --append FORWARD --in-interface br-ex -j ACCEPT

* Install the Neutron components

   apt-get install -y neutron-server neutron-plugin-openvswitch neutron-plugin-openvswitch-agent dnsmasq neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent

* Verify all Neutron components are running

   cd /etc/init.d/; for i in $( ls neutron-* ); do sudo service $i status; cd; done

# vi /etc/neutron/api-paste.ini and update the below


   [filter:authtoken]
   paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
   auth_host = 10.9.8.116
   auth_port = 35357
   auth_protocol = http
   admin_tenant_name = service
   admin_user = neutron
   admin_password = openstacktest

# vi /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini and update the below


   #Under the database section
   [DATABASE]
   sql_connection=mysql://neutron:openstacktest@10.9.8.116/neutron

   #Under the OVS section
   [OVS]
   tenant_network_type = gre
   enable_tunneling = True
   tunnel_id_ranges = 1:1000
   integration_bridge = br-int
   tunnel_bridge = br-tun
   local_ip = 10.9.8.116

   #Firewall driver for realizing neutron security group function
   [SECURITYGROUP]
   firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

# vi /etc/neutron/metadata_agent.ini and update the below

   # The Neutron user information for accessing the Neutron API.
   auth_url = http://10.9.8.116:35357/v2.0
   auth_region = RegionOne
   admin_tenant_name = service
   admin_user = neutron
   admin_password = openstacktest

   # IP address used by Nova metadata server
   nova_metadata_ip = 10.9.8.116
   

   # TCP Port used by Nova metadata server
   nova_metadata_port = 8775

   metadata_proxy_shared_secret = helloOpenStack

# vi /etc/neutron/neutron.conf and update the below

   #RabbitMQ IP
   rabbit_host = 10.9.8.116

   [keystone_authtoken]
   auth_host = 10.9.8.116
   auth_port = 35357
   auth_protocol = http
   admin_tenant_name = service
   admin_user = neutron
   admin_password = openstacktest
   signing_dir = /var/lib/neutron/keystone-signing
   
   [DATABASE]
   connection = mysql://neutron:openstacktest@10.9.8.116/neutron

# vi /etc/neutron/l3_agent.ini and update the below

   [DEFAULT]
   interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
   use_namespaces = True
   external_network_bridge = br-ex
   signing_dir = /var/cache/neutron
   admin_tenant_name = service
   admin_user = neutron
   admin_password = openstacktest
   auth_url = http://10.9.8.116:35357/v2.0
   l3_agent_manager = neutron.agent.l3_agent.L3NATAgentWithStateReport
   root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
   interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

# vi /etc/neutron/dhcp_agent.ini and update the below

   [DEFAULT]
   interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
   dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
   use_namespaces = True
   signing_dir = /var/cache/neutron
   admin_tenant_name = service
   admin_user = neutron
   admin_password = openstacktest
   auth_url = http://10.9.8.116:35357/v2.0
   dhcp_agent_manager = neutron.agent.dhcp_agent.DhcpAgentWithStateReport
   root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
   state_path = /var/lib/neutron

* Remove Neutron’s SQLite database

   rm /var/lib/neutron/neutron.sqlite

* Restart all neutron services and check status


   cd /etc/init.d/; for i in $( ls neutron-* ); do sudo service $i restart; cd /root/; done
   service dnsmasq restart
   
   cd /etc/init.d/; for i in $( ls neutron-* ); do sudo service $i status; cd /root/; done
   service dnsmasq status

* Check Neutron agents by running below command

   neutron agent-list

**Note:** ‘you should get smiling faces :-)’

Install and Configure Nova

* make sure that your hardware enables virtualization

   apt-get install -y cpu-checker
   kvm-ok

# output should be like below if not try modprobe kvm_intel && kvm-ok

INFO: /dev/kvm exists
KVM acceleration can be used

* Install KVM

   apt-get install -y kvm libvirt-bin pm-utils

# vi /etc/libvirt/qemu.conf and update cgroup_device_acl like below

   cgroup_device_acl = [
   "/dev/null", "/dev/full", "/dev/zero",
   "/dev/random", "/dev/urandom",
   "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
   "/dev/rtc", "/dev/hpet","/dev/net/tun"
   ]

* Delete default virtual bridge

   virsh net-destroy default
   virsh net-undefine default

# vi /etc/libvirt/libvirtd.conf file and update with the below

   listen_tls = 0
   listen_tcp = 1
   auth_tcp = "none"

# vi /etc/init/libvirt-bin.conf file and update with the below

   env libvirtd_opts="-d -l"

# vi /etc/default/libvirt-bin file and update with the below

   libvirtd_opts="-d -l"

* Restart the libvirt service and dbus

   service dbus restart && service libvirt-bin restart
   
   service dbus status && service libvirt-bin status

* Install Nova components


   apt-get install -y nova-api nova-cert novnc nova-consoleauth nova-scheduler nova-novncproxy nova-doc nova-conductor nova-compute-kvm

   # check status 
   cd /etc/init.d/; for i in $( ls nova-* ); do service $i status; cd; done

# vi /etc/nova/api-paste.ini file and update with the below


   [filter:authtoken]
   paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
   auth_host = 10.9.8.116
   auth_port = 35357
   auth_protocol = http
   admin_tenant_name = service
   admin_user = nova
   admin_password = openstacktest
   signing_dirname = /tmp/keystone-signing-nova
   # Workaround for https://bugs.launchpad.net/nova/+bug/1154809
   auth_version = v2.0

#vi /etc/nova/nova.conf like below


   [DEFAULT]
   logdir=/var/log/nova
   state_path=/var/lib/nova
   lock_path=/run/lock/nova
   verbose=True
   api_paste_config=/etc/nova/api-paste.ini
   compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler
   rabbit_host=10.9.8.116
   nova_url=http://10.9.8.116:8774/v1.1/
   sql_connection=mysql://nova:openstacktest@10.9.8.116/nova
   root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf

   # Auth
   use_deprecated_auth=false
   auth_strategy=keystone

   # Imaging service
   glance_api_servers=10.9.8.116:9292
   image_service=nova.image.glance.GlanceImageService

   # Vnc configuration
   novnc_enabled=true
   novncproxy_base_url=http://192.168.1.251:6080/vnc_auto.html
   novncproxy_port=6080
   vncserver_proxyclient_address=10.9.8.116
   vncserver_listen=0.0.0.0

   # Network settings
   network_api_class=nova.network.neutronv2.api.API
   neutron_url=http://10.9.8.116:9696
   neutron_auth_strategy=keystone
   neutron_admin_tenant_name=service
   neutron_admin_username=neutron
   neutron_admin_password=openstacktest
   neutron_admin_auth_url=http://10.9.8.116:35357/v2.0
   libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
   linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
   #If you want Neutron + Nova Security groups
   #firewall_driver=nova.virt.firewall.NoopFirewallDriver
   #security_group_api=neutron
   #If you want Nova Security groups only, comment the two lines above and uncomment line -1-.
   #-1-firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
   
   #Metadata
   service_neutron_metadata_proxy = True
   neutron_metadata_proxy_shared_secret = helloOpenStack
   metadata_host = 10.9.8.116
   metadata_listen = 0.0.0.0
   metadata_listen_port = 8775
   
   # Compute #
   compute_driver=libvirt.LibvirtDriver
   
   # Cinder #
   volume_api_class=nova.volume.cinder.API
   osapi_volume_listen_port=5900
   cinder_catalog_info=volume:cinder:internalURL

# vi /etc/nova/nova-compute.conf and update with the below

   [DEFAULT]
   libvirt_type=kvm
   libvirt_ovs_bridge=br-int
   libvirt_vif_type=ethernet
   libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
   libvirt_use_virtio_for_bridges=True

* Restart Nova services

   cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; cd /root/;done
   cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i status; cd /root/;done

**Note:** No Issues if nova cert is down: still the db has to be built up

* Remove Nova’s SQLite database

   rm /var/lib/nova/nova.sqlite

* Synchronize your database

   nova-manage db sync

* Restart nova-* services

   cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; cd /root/;done

   cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i status; cd /root/;done

Check nova service list

* Hopefully you should enjoy smiling faces on nova-* services to confirm your installation::

   nova-manage service list

**Note:* we should see smiling faces on nova-* services to confirm the installation

Install and Configure Cinder

* Install the required packages

   apt-get install -y cinder-api cinder-scheduler cinder-volume iscsitarget open-iscsi iscsitarget-dkms

* Configure the iscsi services

   sed -i 's/false/true/g' /etc/default/iscsitarget

* Start the services

   
   service iscsitarget start
   service open-iscsi start

# vi /etc/cinder/api-paste.ini and update with the below

   [filter:authtoken]
   paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
   service_protocol = http
   service_host = 192.168.1.251
   service_port = 5000
   auth_host = 10.9.8.116
   auth_port = 35357
   auth_protocol = http
   admin_tenant_name = service
   admin_user = cinder
   admin_password = openstacktest

# vi /etc/cinder/cinder.conf and modify as below

   [DEFAULT]
   rootwrap_config=/etc/cinder/rootwrap.conf
   sql_connection = mysql://cinder:openstacktest@10.9.8.116/cinder
   api_paste_config = /etc/cinder/api-paste.ini
   iscsi_helper=ietadm
   volume_name_template = volume-%s
   volume_group = cinder-volumes
   verbose = True
   auth_strategy = keystone
   #osapi_volume_listen_port=5900

* Remove Cinder’s SQLite database and synchronize

   rm /var/lib/cinder/cinder.sqlite
   cinder-manage db sync

* Create a volumegroup and name it cinder-volumes

   dd if=/dev/zero of=cinder-volumes bs=1 count=0 seek=50G
   losetup /dev/loop2 cinder-volumes
   fdisk /dev/loop2
   #Type in the followings:
   n ( New)
   p ( Primary ) 
   1 ( partition number )
   ENTER
   ENTER
   t
   8e ( Linux LVM) 
   w ( write quit )

* Create the physical volume and volume group

   pvcreate /dev/loop2
   vgcreate cinder-volumes /dev/loop2

* Restart and verify cinder services

   cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i restart; cd /root/; done
   cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i status; cd /root/; done

Install and Configure Horizon

* Install horizon

   apt-get -y install openstack-dashboard memcached

* Reload Apache and memcached

   service apache2 restart; service memcached restart

You can now access OpenStack url at http://192.168.1.251/horizon with credentials **admin:openstacktest**.